fix #289
修正由于转义引号导致的在sqlite下查询失败错误 修正由于部分主机没有安装mb插件导致无法输出markdown文本的错误 fix #288 给expression增加参数$escape来控制是否转义语句
This commit is contained in:
祁宁
@@ -74,6 +74,9 @@ foreach ($lists as $file) {
|
||||
}
|
||||
}
|
||||
|
||||
$source = str_replace(array('mb_strtoupper', 'mb_strlen'),
|
||||
array('Typecho_Common::strToUpper', 'Typecho_Common::strLen'), $source);
|
||||
|
||||
$tokens = token_get_all($source);
|
||||
$source = '';
|
||||
|
||||
|
||||
@@ -63,7 +63,7 @@ class CommonMark_DocParser
|
||||
|
||||
foreach ($parts as $part) {
|
||||
// Calculate number of spaces; insert them followed by the non-tab contents
|
||||
$amount = 4 - mb_strlen($line, 'UTF-8') % 4;
|
||||
$amount = 4 - Typecho_Common::strLen($line, 'UTF-8') % 4;
|
||||
$line .= str_repeat(' ', $amount) . $part;
|
||||
}
|
||||
|
||||
|
||||
@@ -87,6 +87,6 @@ class CommonMark_Reference_Reference
|
||||
// leading/trailing whitespace
|
||||
$string = preg_replace('/\s+/', '', trim($string));
|
||||
|
||||
return mb_strtoupper($string, 'UTF-8');
|
||||
return Typecho_Common::strToUpper($string, 'UTF-8');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -35,7 +35,7 @@ class HtmlRendererExtra extends CommonMark_HtmlRenderer
|
||||
* @license GNU General Public License 2.0
|
||||
*/
|
||||
class Markdown
|
||||
{
|
||||
{
|
||||
/**
|
||||
* convert
|
||||
*
|
||||
|
||||
@@ -48,6 +48,17 @@ class Typecho_Common
|
||||
*/
|
||||
public static $exceptionHandle;
|
||||
|
||||
/**
|
||||
* 将字符串变成大写的回调函数
|
||||
*
|
||||
* @param array $matches
|
||||
* @access public
|
||||
* @return string
|
||||
*/
|
||||
public static function __strToUpper($matches)
|
||||
{
|
||||
return strtoupper($matches[0]);
|
||||
}
|
||||
|
||||
/**
|
||||
* 将url中的非法xss去掉时的数组回调过滤函数
|
||||
@@ -226,6 +237,7 @@ class Typecho_Common
|
||||
@ob_end_clean();
|
||||
|
||||
if (defined('__TYPECHO_DEBUG__')) {
|
||||
echo '<h1>' . $exception->getMessage() . '</h1>';
|
||||
echo nl2br($exception->__toString());
|
||||
} else {
|
||||
if (404 == $exception->getCode() && !empty(self::$exceptionHandle)) {
|
||||
@@ -740,6 +752,23 @@ EOF;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取大写字符串
|
||||
*
|
||||
* @param string $str
|
||||
* @access public
|
||||
* @return string
|
||||
*/
|
||||
public static function strToUpper($str)
|
||||
{
|
||||
if (__TYPECHO_MB_SUPPORTED__) {
|
||||
return mb_strtoupper($str, self::$charset);
|
||||
} else {
|
||||
return 'UTF-8' == strtoupper(self::$charset)
|
||||
? preg_replace_callback("/[a-z]+/u", array('Typecho_Common', '__strToUpper'), $str) : strtoupper($str);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 检查是否为合法的编码数据
|
||||
*
|
||||
|
||||
@@ -111,26 +111,9 @@ class Typecho_Db_Query
|
||||
$split = '';
|
||||
$quotes = 0;
|
||||
|
||||
// fix issue #288
|
||||
$inStr = false;
|
||||
|
||||
for ($i = 0; $i < $length; $i ++) {
|
||||
$cha = $str[$i];
|
||||
|
||||
if (false !== strpos("'\"", $cha)) {
|
||||
$inStr = !$inStr;
|
||||
|
||||
if (!$inStr) {
|
||||
$result .= $cha;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
if ($inStr) {
|
||||
$result .= $cha;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ctype_alnum($cha) || false !== strpos('_*', $cha)) {
|
||||
if (!$lastIsAlnum) {
|
||||
if ($quotes > 0 && !ctype_digit($word) && '.' != $split
|
||||
@@ -374,11 +357,12 @@ class Typecho_Db_Query
|
||||
*
|
||||
* @param string $key 栏目名称
|
||||
* @param mixed $value 指定的值
|
||||
* @param bool $escape 是否转义
|
||||
* @return Typecho_Db_Query
|
||||
*/
|
||||
public function expression($key, $value)
|
||||
public function expression($key, $value, $escape = true)
|
||||
{
|
||||
$this->_sqlPreBuild['rows'][$this->filterColumn($key)] = $this->filterColumn($value);
|
||||
$this->_sqlPreBuild['rows'][$this->filterColumn($key)] = $escape ? $this->filterColumn($value) : $value;
|
||||
return $this;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user