From: Umherirrender <umherirrender_de.wp@web.de>
Date: Wed, 22 Feb 2017 17:55:56 +0000 (+0100)
Subject: Use Database::addQuotes instead of hard coded apostrophs
X-Git-Tag: 1.31.0-rc.0~3981^2
X-Git-Url: http://git.cyclocoop.org/?a=commitdiff_plain;h=4d16c2ad564be42ef05cb950bb081843bf8bc37c;p=lhc%2Fweb%2Fwiklou.git

Use Database::addQuotes instead of hard coded apostrophs

Change-Id: I1404d68d7e2b7fde8f9a76c747bc2be0936f7bef
---

diff --git a/includes/EditPage.php b/includes/EditPage.php
index 34062c0621..da1dfbd08f 100644
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -2483,11 +2483,13 @@ class EditPage {
 		}
 		# Give a notice if the user is editing a deleted/moved page...
 		if ( !$this->mTitle->exists() ) {
+			$dbr = wfGetDB( DB_REPLICA );
+
 			LogEventsList::showLogExtract( $wgOut, [ 'delete', 'move' ], $this->mTitle,
 				'',
 				[
 					'lim' => 10,
-					'conds' => [ "log_action != 'revision'" ],
+					'conds' => [ 'log_action != ' . $dbr->addQuotes( 'revision' ) ],
 					'showIfEmpty' => false,
 					'msgKey' => [ 'recreate-moveddeleted-warn' ]
 				]
diff --git a/includes/WatchedItemQueryService.php b/includes/WatchedItemQueryService.php
index c80e4a5319..4ff57c6b3d 100644
--- a/includes/WatchedItemQueryService.php
+++ b/includes/WatchedItemQueryService.php
@@ -401,7 +401,7 @@ class WatchedItemQueryService {
 		if ( !isset( $options['start'] ) && !isset( $options['end'] ) ) {
 			if ( $db->getType() === 'mysql' ) {
 				// This is an index optimization for mysql
-				$conds[] = "rc_timestamp > ''";
+				$conds[] = 'rc_timestamp > ' . $db->addQuotes( '' );
 			}
 		}
 
diff --git a/includes/actions/HistoryAction.php b/includes/actions/HistoryAction.php
index e8aec1cf6e..b381edcaec 100644
--- a/includes/actions/HistoryAction.php
+++ b/includes/actions/HistoryAction.php
@@ -146,6 +146,9 @@ class HistoryAction extends FormlessAction {
 				$out->setStatusCode( 404 );
 			}
 			$out->addWikiMsg( 'nohistory' );
+
+			$dbr = wfGetDB( DB_REPLICA );
+
 			# show deletion/move log if there is an entry
 			LogEventsList::showLogExtract(
 				$out,
@@ -153,7 +156,7 @@ class HistoryAction extends FormlessAction {
 				$this->getTitle(),
 				'',
 				[ 'lim' => 10,
-					'conds' => [ "log_action != 'revision'" ],
+					'conds' => [ 'log_action != ' . $dbr->addQuotes( 'revision' ) ],
 					'showIfEmpty' => false,
 					'msgKey' => [ 'moveddeleted-notice' ]
 				]
diff --git a/includes/logging/LogEventsList.php b/includes/logging/LogEventsList.php
index 6665336aa7..43829109cb 100644
--- a/includes/logging/LogEventsList.php
+++ b/includes/logging/LogEventsList.php
@@ -544,7 +544,8 @@ class LogEventsList extends ContextSource {
 	 * @param string $user The user who made the log entries
 	 * @param array $param Associative Array with the following additional options:
 	 * - lim Integer Limit of items to show, default is 50
-	 * - conds Array Extra conditions for the query (e.g. "log_action != 'revision'")
+	 * - conds Array Extra conditions for the query
+	 *   (e.g. 'log_action != ' . $dbr->addQuotes( 'revision' ))
 	 * - showIfEmpty boolean Set to false if you don't want any output in case the loglist is empty
 	 *   if set to true (default), "No matching items in log" is displayed if loglist is empty
 	 * - msgKey Array If you want a nice box with a message, set this to the key of the message.
diff --git a/includes/page/Article.php b/includes/page/Article.php
index 34ff63c8bc..2787c1bca9 100644
--- a/includes/page/Article.php
+++ b/includes/page/Article.php
@@ -1171,7 +1171,10 @@ class Article implements Page {
 		$loggedIn = $this->getContext()->getUser()->isLoggedIn();
 		if ( $loggedIn || $cache->get( $key ) ) {
 			$logTypes = [ 'delete', 'move' ];
-			$conds = [ "log_action != 'revision'" ];
+
+			$dbr = wfGetDB( DB_REPLICA );
+
+			$conds = [ 'log_action != ' . $dbr->addQuotes( 'revision' ) ];
 			// Give extensions a chance to hide their (unrelated) log entries
 			Hooks::run( 'Article::MissingArticleConditions', [ &$conds, $logTypes ] );
 			LogEventsList::showLogExtract(
diff --git a/includes/page/ImagePage.php b/includes/page/ImagePage.php
index c75cfdd26d..53d7e55409 100644
--- a/includes/page/ImagePage.php
+++ b/includes/page/ImagePage.php
@@ -585,6 +585,8 @@ EOT
 		} else {
 			# Image does not exist
 			if ( !$this->getId() ) {
+				$dbr = wfGetDB( DB_REPLICA );
+
 				# No article exists either
 				# Show deletion log to be consistent with normal articles
 				LogEventsList::showLogExtract(
@@ -593,7 +595,7 @@ EOT
 					$this->getTitle()->getPrefixedText(),
 					'',
 					[ 'lim' => 10,
-						'conds' => [ "log_action != 'revision'" ],
+						'conds' => [ 'log_action != ' . $dbr->addQuotes( 'revision' ) ],
 						'showIfEmpty' => false,
 						'msgKey' => [ 'moveddeleted-notice' ]
 					]
diff --git a/includes/specials/SpecialUpload.php b/includes/specials/SpecialUpload.php
index c5a1f27073..f4a4818b32 100644
--- a/includes/specials/SpecialUpload.php
+++ b/includes/specials/SpecialUpload.php
@@ -281,10 +281,12 @@ class SpecialUpload extends SpecialPage {
 		$desiredTitleObj = Title::makeTitleSafe( NS_FILE, $this->mDesiredDestName );
 		$delNotice = ''; // empty by default
 		if ( $desiredTitleObj instanceof Title && !$desiredTitleObj->exists() ) {
+			$dbr = wfGetDB( DB_REPLICA );
+
 			LogEventsList::showLogExtract( $delNotice, [ 'delete', 'move' ],
 				$desiredTitleObj,
 				'', [ 'lim' => 10,
-					'conds' => [ "log_action != 'revision'" ],
+					'conds' => [ 'log_action != ' . $dbr->addQuotes( 'revision' ) ],
 					'showIfEmpty' => false,
 					'msgKey' => [ 'upload-recreate-warning' ] ]
 			);