From: Daniel Friesen <dantman@users.mediawiki.org>
Date: Thu, 8 May 2008 11:03:03 +0000 (+0000)
Subject: SMW also sends horrid statements containing DISTINCT and AS which suffer the same... 
X-Git-Tag: 1.31.0-rc.0~47823
X-Git-Url: http://git.cyclocoop.org/%22.htmlspecialchars%28%24url_syndic%29.%22?a=commitdiff_plain;h=57607dbd2350a46523b0f60a83fecd8376c0d343;p=lhc%2Fweb%2Fwiklou.git

SMW also sends horrid statements containing DISTINCT and AS which suffer the same issue as the ugly API queries. Guess we have to secure against this use to.
---

diff --git a/includes/Database.php b/includes/Database.php
index f2bb4ba569..b702038018 100644
--- a/includes/Database.php
+++ b/includes/Database.php
@@ -1380,7 +1380,7 @@ class Database {
 		# Note that we use a whitespace test rather than a \b test to avoid
 		# any remote case where a word like on may be inside of a table name
 		# surrounded by symbols which may be considered word breaks.
-		if( preg_match( '/(^|\s)(JOIN|ON)(\s|$)/i', $name ) !== 0 ) return $name;
+		if( preg_match( '/(^|\s)(DISTINCT|JOIN|ON|AS)(\s|$)/i', $name ) !== 0 ) return $name;
 		
 		# Split database and table into proper variables.
 		# We reverse the explode so that database.table and table both output