From 6dba668f4dcccd395289b219ec1f4378d76a134a Mon Sep 17 00:00:00 2001
From: umherirrender <umherirrender_de.wp@web.de>
Date: Sat, 29 Oct 2016 20:50:57 +0200
Subject: [PATCH] Use Database::addQuotes in Special:WantedPages/UnwatchedPages

Database::addQuotes uses the correct quotes/apos, hopefully together
with numeric values

Change-Id: Ia3aba8cabf3ae877f56185e5724dca204a19f73a
---
 includes/specials/SpecialUnwatchedpages.php | 3 ++-
 includes/specials/SpecialWantedpages.php    | 9 +++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/includes/specials/SpecialUnwatchedpages.php b/includes/specials/SpecialUnwatchedpages.php
index df57744b3a..a4e96ae025 100644
--- a/includes/specials/SpecialUnwatchedpages.php
+++ b/includes/specials/SpecialUnwatchedpages.php
@@ -44,6 +44,7 @@ class UnwatchedpagesPage extends QueryPage {
 	}
 
 	public function getQueryInfo() {
+		$dbr = wfGetDB( DB_REPLICA );
 		return [
 			'tables' => [ 'page', 'watchlist' ],
 			'fields' => [
@@ -54,7 +55,7 @@ class UnwatchedpagesPage extends QueryPage {
 			'conds' => [
 				'wl_title IS NULL',
 				'page_is_redirect' => 0,
-				"page_namespace != '" . NS_MEDIAWIKI . "'"
+				'page_namespace != ' . $dbr->addQuotes( NS_MEDIAWIKI ),
 			],
 			'join_conds' => [ 'watchlist' => [
 				'LEFT JOIN', [ 'wl_title = page_title',
diff --git a/includes/specials/SpecialWantedpages.php b/includes/specials/SpecialWantedpages.php
index 76b721c542..c37ecbd17a 100644
--- a/includes/specials/SpecialWantedpages.php
+++ b/includes/specials/SpecialWantedpages.php
@@ -49,6 +49,7 @@ class WantedPagesPage extends WantedQueryPage {
 	}
 
 	function getQueryInfo() {
+		$dbr = wfGetDB( DB_REPLICA );
 		$count = $this->getConfig()->get( 'WantedPagesThreshold' ) - 1;
 		$query = [
 			'tables' => [
@@ -63,13 +64,13 @@ class WantedPagesPage extends WantedQueryPage {
 			],
 			'conds' => [
 				'pg1.page_namespace IS NULL',
-				"pl_namespace NOT IN ( '" . NS_USER . "', '" . NS_USER_TALK . "' )",
-				"pg2.page_namespace != '" . NS_MEDIAWIKI . "'"
+				'pl_namespace NOT IN (' . $dbr->makeList( [ NS_USER, NS_USER_TALK ] ) . ')',
+				'pg2.page_namespace != ' . $dbr->addQuotes( NS_MEDIAWIKI ),
 			],
 			'options' => [
 				'HAVING' => [
-					"COUNT(*) > $count",
-					"COUNT(*) > SUM(pg2.page_is_redirect)"
+					'COUNT(*) > ' . $dbr->addQuotes( $count ),
+					'COUNT(*) > SUM(pg2.page_is_redirect)'
 				],
 				'GROUP BY' => [ 'pl_namespace', 'pl_title' ]
 			],
-- 
2.20.1