Memcached_DataObject::pkeyGet() accepts null values

2011-07-11 12:40:28 -04:00 · 2011-07-11 12:40:28 -04:00 · 5c963cb3b7
commit 5c963cb3b7
parent 641749453d
1 changed files with 7 additions and 1 deletions
--- a/classes/Memcached_DataObject.php
+++ b/classes/Memcached_DataObject.php
@ -78,7 +78,13 @@ class Memcached_DataObject extends Safe_DataObject
                return false;
            }
            foreach ($kv as $k => $v) {
-                $i->$k = $v;
+            	if (is_null($v)) {
+            		// XXX: possible SQL injection...? Don't 
+            		// pass keys from the browser, eh.
+            		$i->whereAdd("$k is null");
+            	} else {
+                	$i->$k = $v;
+            	}
            }
            if ($i->find(true)) {
                $i->encache();