diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[SQLiteProfilerStorage] Escape special chars in URLs and IPs

Browse Source
This commit is contained in:
Victor Berchet 2011-01-06 18:50:52 +01:00 committed by Fabien Potencier
parent e975a09003
commit 9770944a1d
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/Symfony/Component/HttpKernel/Profiler/SQLiteProfilerStorage.php
View File

@ -40,21 +40,23 @@ class SQLiteProfilerStorage implements ProfilerStorageInterface
*/
public function find($ip, $url, $limit)
{
$db = $this->initDb();
$criteria = array();
$args = array();
if ($ip = preg_replace('/[^\d\.]/', '', $ip)) {
$criteria[] = " ip LIKE '%".$ip."%'";
$criteria[] = 'ip LIKE :ip';
$args[':ip'] = '%'.$ip.'%';
}
if ($url) {
$criteria[] = " url LIKE '%".$db->escapeString($url)."%'";
$criteria[] = 'url LIKE :url ESCAPE "\"';
$args[':url'] = '%'.addcslashes($url, '%_').'%';
}
$criteria = $criteria ? 'WHERE '.implode(' AND ', $criteria) : '';
$tokens = $this->fetch($db, 'SELECT token, ip, url, time FROM data '.$criteria.' ORDER BY time DESC LIMIT '.((integer) $limit));
$db = $this->initDb();
$tokens = $this->fetch($db, 'SELECT token, ip, url, time FROM data '.$criteria.' ORDER BY time DESC LIMIT '.((integer) $limit), $args);
$this->close($db);
return $tokens;