Ticket #5656: mythweb-5656-escape_regex_special_characters_in_filenames.patch
File mythweb-5656-escape_regex_special_characters_in_filenames.patch, 2.6 KB (added by , 16 years ago) |
---|
-
mythweb/classes/Database/mysqlicompat.php
88 88 } 89 89 90 90 /** 91 * Changes the regexp-special square brackets used for character class/range 92 * operations to the "match any single character" operator, '.'. This function 93 * does not do database-special character escapes. 94 * 95 * @param string $string string to escape 96 * 97 * @return string escaped string 98 /**/ 99 function escape_regex($string) { 100 // Null? 101 if (is_null($string)) 102 return 'NULL'; 103 // Just a string 104 $escaped_string = str_replace('[', '.', $string); 105 return str_replace(']', '.', $escaped_string); 106 } 107 108 /** 91 109 * Returns an un-executed Database_Query_mysqlicompat object 92 110 * 93 111 * @param string $query The query string -
mythweb/classes/Database/mysql.php
81 81 } 82 82 83 83 /** 84 * Changes the regexp-special square brackets used for character class/range 85 * operations to the "match any single character" operator, '.'. This function 86 * does not do database-special character escapes. 87 * 88 * @param string $string string to escape 89 * 90 * @return string escaped string 91 /**/ 92 function escape_regex($string) { 93 // Null? 94 if (is_null($string)) 95 return 'NULL'; 96 // Just a string 97 $escaped_string = str_replace('[', '.', $string); 98 return str_replace(']', '.', $escaped_string); 99 } 100 101 /** 84 102 * Returns an un-executed Database_Query_mysql object 85 103 * 86 104 * @param string $query The query string -
mythweb/modules/video/handler.php
226 227 if (isset($_SESSION['video']['path'])) { 227 228 $escaped_path = str_replace('(', '\\(',$_SESSION['video']['path']); 228 229 $escaped_path = str_replace(')', '\\)',$_SESSION['video']['path']); 229 $where .= ' AND videometadata.filename RLIKE '.$db->escape($ escaped_path.'[/]*[^/]*$');230 $where .= ' AND videometadata.filename RLIKE '.$db->escape($db->escape_regex($escaped_path).'[/]*[^/]*$'); 230 231 } 231 232 // Deal with the parental locks 232 233 if (isset($_REQUEST['VideoAdminPassword']))