From fa09186c686d6c9ec407f82850000be9fc3e7cc1 Mon Sep 17 00:00:00 2001 From: wangyidong Date: Tue, 3 Nov 2015 08:25:03 +0800 Subject: [PATCH] * fix bug for WooYun-2015-137380. --- lib/dao/dao.class.php | 18 +++++++++++------- module/bug/model.php | 1 + module/common/model.php | 15 +++++++++++++++ module/story/model.php | 1 + module/task/model.php | 1 + module/todo/model.php | 4 ++-- 6 files changed, 31 insertions(+), 9 deletions(-) diff --git a/lib/dao/dao.class.php b/lib/dao/dao.class.php index 8332c4347c..de9ec2c0ec 100755 --- a/lib/dao/dao.class.php +++ b/lib/dao/dao.class.php @@ -4,7 +4,7 @@ * * The author disclaims copyright to this source code. In place of * a legal notice, here is a blessing: - * + * * May you do good and not evil. * May you find forgiveness for yourself and forgive others. * May you share freely, never taking more than you give. @@ -12,7 +12,7 @@ /** * DAO, data access object. - * + * * @package framework */ class dao @@ -392,7 +392,8 @@ class dao /** * Set the data to update or insert. * - * @param object $data the data object or array + * @param object $data the data object or array + * @param object $skipFields the fields to skip. * @access public * @return object the dao object self. */ @@ -1227,6 +1228,7 @@ class sql * Join the data items by key = value. * * @param object $data + * @param string $skipFields the fields to skip. * @access public * @return object the sql object. */ @@ -1236,14 +1238,14 @@ class sql if($skipFields) $skipFields = ',' . str_replace(' ', '', $skipFields) . ','; foreach($data as $field => $value) - { + { if(!preg_match('|^\w+$|', $field)) - { + { unset($data->$field); continue; - } + } if(strpos($skipFields, ",$field,") !== false) continue; - $this->sql .= "`$field` = " . $this->quote($value) . ','; + $this->sql .= "`$field` = " . $this->quote($value) . ','; } $this->data = $data; @@ -1260,6 +1262,7 @@ class sql */ public function markLeft($count = 1) { + if($this->inCondition and !$this->conditionIsTrue) return $this; $this->sql .= str_repeat('(', $count); return $this; } @@ -1273,6 +1276,7 @@ class sql */ public function markRight($count = 1) { + if($this->inCondition and !$this->conditionIsTrue) return $this; $this->sql .= str_repeat(')', $count); return $this; } diff --git a/module/bug/model.php b/module/bug/model.php index 8e72b71a8d..81631785d8 100644 --- a/module/bug/model.php +++ b/module/bug/model.php @@ -796,6 +796,7 @@ class bugModel extends model */ public function getUserBugs($account, $type = 'assignedTo', $orderBy = 'id_desc', $limit = 0, $pager = null) { + if(!$this->loadModel('common')->checkField(TABLE_BUG, $type)) return array(); $bugs = $this->dao->select('*')->from(TABLE_BUG) ->where('deleted')->eq(0) ->beginIF($type != 'all')->andWhere("$type")->eq($account)->fi() diff --git a/module/common/model.php b/module/common/model.php index 089ff16418..8115a98cfb 100644 --- a/module/common/model.php +++ b/module/common/model.php @@ -795,4 +795,19 @@ class commonModel extends model $sort = strpos($firstOrder, '_') === false ? '_asc' : strstr($firstOrder, '_'); return strpos($orderBy, $append) === false ? $orderBy . ',' . $append . $sort : $orderBy; } + + public function checkField($table, $field) + { + $fields = $this->dao->query("DESC $table")->fetchAll(); + $hasField = false; + foreach($fields as $fieldObj) + { + if($field == $fieldObj->Field) + { + $hasField = true; + break; + } + } + return $hasField; + } } diff --git a/module/story/model.php b/module/story/model.php index ad8c1ba8ac..1eecce879c 100644 --- a/module/story/model.php +++ b/module/story/model.php @@ -1112,6 +1112,7 @@ class storyModel extends model */ public function getByField($productID, $branch, $fieldName, $fieldValue, $orderBy, $pager, $operator = 'equal') { + if(!$this->loadModel('common')->checkField(TABLE_STORY, $type)) return array(); $stories = $this->dao->select('*')->from(TABLE_STORY) ->where('product')->in($productID) ->andWhere('deleted')->eq(0) diff --git a/module/task/model.php b/module/task/model.php index 10b22fe85b..37a2f73336 100644 --- a/module/task/model.php +++ b/module/task/model.php @@ -854,6 +854,7 @@ class taskModel extends model */ public function getUserTasks($account, $type = 'assignedTo', $limit = 0, $pager = null, $orderBy="id_desc") { + if(!$this->loadModel('common')->checkField(TABLE_TASK, $type)) return array(); $tasks = $this->dao->select('t1.*, t2.id as projectID, t2.name as projectName, t3.id as storyID, t3.title as storyTitle, t3.status AS storyStatus, t3.version AS latestStoryVersion') ->from(TABLE_TASK)->alias('t1') ->leftjoin(TABLE_PROJECT)->alias('t2') diff --git a/module/todo/model.php b/module/todo/model.php index 93184748d0..4643002231 100644 --- a/module/todo/model.php +++ b/module/todo/model.php @@ -299,8 +299,8 @@ class todoModel extends model $stmt = $this->dao->select('*')->from(TABLE_TODO) ->where('account')->eq($account) - ->andWhere("date >= '$begin'") - ->andWhere("date <= '$end'") + ->andWhere('date')->ge($begin) + ->andWhere('date')->le($end) ->beginIF($status != 'all' and $status != 'undone')->andWhere('status')->in($status)->fi() ->beginIF($status == 'undone')->andWhere('status')->ne('done')->fi() ->orderBy($orderBy)