$this->addOption( 'LIMIT', $params['limit'] + 1 );
$this->addTimestampWhereRange( 'ipb_timestamp', $params['dir'], $params['start'], $params['end'] );
+
+ $db = $this->getDB();
+
if ( isset( $params['ids'] ) ) {
$this->addWhereFld( 'ipb_id', $params['ids'] );
}
}
$prefix = substr( $lower, 0, 4 );
- $db = $this->getDB();
+ # Fairly hard to make a malicious SQL statement out of hex characters,
+ # but it is good practice to add quotes
+ $lower = $db->addQuotes( $lower );
+ $upper = $db->addQuotes( $upper );
+
$this->addWhere( array(
'ipb_range_start' . $db->buildLike( $prefix, $db->anyString() ),
- "ipb_range_start <= '$lower'",
- "ipb_range_end >= '$upper'",
+ 'ipb_range_start <= ' . $lower,
+ 'ipb_range_end >= ' . $upper,
'ipb_auto' => 0
) );
}
}
public function getHelpUrls() {
- return 'http://www.mediawiki.org/wiki/API:Blocks';
+ return 'https://www.mediawiki.org/wiki/API:Blocks';
}
public function getVersion() {