* fix bug for WooYun-2015-137380.

2015-11-03 08:25:03 +08:00
parent 9bfcc069ab
commit fa09186c68
6 changed files with 31 additions and 9 deletions
--- a/lib/dao/dao.class.php
+++ b/lib/dao/dao.class.php
@@ -4,7 +4,7 @@
 *
 * The author disclaims copyright to this source code.  In place of
 * a legal notice, here is a blessing:
- * 
+ *
 *  May you do good and not evil.
 *  May you find forgiveness for yourself and forgive others.
 *  May you share freely, never taking more than you give.
@@ -12,7 +12,7 @@

 /**
 * DAO, data access object.
- * 
+ *
 * @package framework
 */
 class dao
@@ -392,7 +392,8 @@ class dao
    /**
     * Set the data to update or insert.
     * 
-     * @param  object $data         the data object or array
+     * @param  object $data        the data object or array
+     * @param  object $skipFields  the fields to skip.
     * @access public
     * @return object the dao object self.
     */
@@ -1227,6 +1228,7 @@ class sql
     * Join the data items by key = value.
     * 
     * @param  object $data 
+     * @param  string $skipFields   the fields to skip.
     * @access public
     * @return object the sql object.
     */
@@ -1236,14 +1238,14 @@ class sql
        if($skipFields) $skipFields = ',' . str_replace(' ', '', $skipFields) . ',';

        foreach($data as $field => $value)
-        {    
+        {
            if(!preg_match('|^\w+$|', $field)) 
-            {    
+            {
                unset($data->$field);
                continue;
-            }    
+            }
            if(strpos($skipFields, ",$field,") !== false) continue;
-            $this->sql .= "`$field` = " . $this->quote($value) . ','; 
+            $this->sql .= "`$field` = " . $this->quote($value) . ',';
        }

        $this->data = $data;
@@ -1260,6 +1262,7 @@ class sql
     */
    public function markLeft($count = 1)
    {
+        if($this->inCondition and !$this->conditionIsTrue) return $this;
        $this->sql .= str_repeat('(', $count);
        return $this;
    }
@@ -1273,6 +1276,7 @@ class sql
     */
    public function markRight($count = 1)
    {
+        if($this->inCondition and !$this->conditionIsTrue) return $this;
        $this->sql .= str_repeat(')', $count);
        return $this;
    }
--- a/module/bug/model.php
+++ b/module/bug/model.php
@@ -796,6 +796,7 @@ class bugModel extends model
     */
    public function getUserBugs($account, $type = 'assignedTo', $orderBy = 'id_desc', $limit = 0, $pager = null)
    {
+        if(!$this->loadModel('common')->checkField(TABLE_BUG, $type)) return array();
        $bugs = $this->dao->select('*')->from(TABLE_BUG)
            ->where('deleted')->eq(0)
            ->beginIF($type != 'all')->andWhere("$type")->eq($account)->fi()
--- a/module/common/model.php
+++ b/module/common/model.php
@@ -795,4 +795,19 @@ class commonModel extends model
        $sort = strpos($firstOrder, '_') === false ? '_asc' : strstr($firstOrder, '_');
        return strpos($orderBy, $append) === false ? $orderBy . ',' . $append . $sort : $orderBy;
    }
+
+    public function checkField($table, $field)
+    {
+        $fields   = $this->dao->query("DESC $table")->fetchAll();
+        $hasField = false;
+        foreach($fields as $fieldObj)
+        {
+            if($field == $fieldObj->Field)
+            {
+                $hasField = true;
+                break;
+            }
+        }
+        return $hasField;
+    }
 }
--- a/module/story/model.php
+++ b/module/story/model.php
@@ -1112,6 +1112,7 @@ class storyModel extends model
     */
    public function getByField($productID, $branch, $fieldName, $fieldValue, $orderBy, $pager, $operator = 'equal')
    {
+        if(!$this->loadModel('common')->checkField(TABLE_STORY, $type)) return array();
        $stories = $this->dao->select('*')->from(TABLE_STORY)
            ->where('product')->in($productID)
            ->andWhere('deleted')->eq(0)
--- a/module/task/model.php
+++ b/module/task/model.php
@@ -854,6 +854,7 @@ class taskModel extends model
     */
    public function getUserTasks($account, $type = 'assignedTo', $limit = 0, $pager = null, $orderBy="id_desc")
    {
+        if(!$this->loadModel('common')->checkField(TABLE_TASK, $type)) return array();
        $tasks = $this->dao->select('t1.*, t2.id as projectID, t2.name as projectName, t3.id as storyID, t3.title as storyTitle, t3.status AS storyStatus, t3.version AS latestStoryVersion')
            ->from(TABLE_TASK)->alias('t1')
            ->leftjoin(TABLE_PROJECT)->alias('t2')
--- a/module/todo/model.php
+++ b/module/todo/model.php
@@ -299,8 +299,8 @@ class todoModel extends model

        $stmt = $this->dao->select('*')->from(TABLE_TODO)
            ->where('account')->eq($account)
-            ->andWhere("date >= '$begin'")
-            ->andWhere("date <= '$end'")
+            ->andWhere('date')->ge($begin)
+            ->andWhere('date')->le($end)
            ->beginIF($status != 'all' and $status != 'undone')->andWhere('status')->in($status)->fi()
            ->beginIF($status == 'undone')->andWhere('status')->ne('done')->fi()
            ->orderBy($orderBy)