fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-09 12:02:24 +09:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'security/rve-2025-1'

Browse source
This commit is contained in:
Kijin Sung 2025-02-18 11:23:19 +09:00
commit 5f5cd81f1b
3 changed files with 44 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
common/framework/parsers/dbquery/Query.php
View file

@ -619,7 +619,7 @@ class Query extends VariableBase
// Get the name of the column or expression to order by. // Get the name of the column or expression to order by.
$column_name = ''; $column_name = '';
list($column_name, $is_expression) = $orderby->getValue($this->_args); list($column_name, $is_expression, $is_default_value) = $orderby->getValue($this->_args);
if (!$column_name) if (!$column_name)
{ {
continue; continue;
@ -628,6 +628,10 @@ class Query extends VariableBase
{ {
$column_name = self::quoteName($column_name); $column_name = self::quoteName($column_name);
} }
elseif (!$is_default_value)
{
continue;
}
// Get the ordering (ASC or DESC). // Get the ordering (ASC or DESC).
if (preg_match('/^(ASC|DESC)$/i', $orderby->order_var ?: '', $matches)) if (preg_match('/^(ASC|DESC)$/i', $orderby->order_var ?: '', $matches))

14
tests/_data/dbquery/sortIndexTest.xml Normal file
View file

@ -0,0 +1,14 @@
<query id="sortIndexTest" action="select">
<tables>
<table name="documents" />
</tables>
<columns>
<column name="*" />
</columns>
<conditions>
<condition operation="equal" column="status" default="PUBLIC" />
</conditions>
<navigation>
<index var="sort_index" default="RAND()" order="order_type" order-default="DESC" />
</navigation>
</query>

25
tests/unit/framework/parsers/DBQueryParserTest.php
View file

@ -598,4 +598,29 @@ class DBQueryParserTest extends \Codeception\Test\Unit
$this->assertEquals('SELECT `module_srl` FROM `rx_documents` AS `documents` ORDER BY `list_order` DESC LIMIT 40, 20', $sql); $this->assertEquals('SELECT `module_srl` FROM `rx_documents` AS `documents` ORDER BY `list_order` DESC LIMIT 40, 20', $sql);
$this->assertTrue($query->requires_pagination); $this->assertTrue($query->requires_pagination);
} }
public function testSortIndex()
{
$query = Rhymix\Framework\Parsers\DBQueryParser::loadXML(\RX_BASEDIR . 'tests/_data/dbquery/sortIndexTest.xml');
$sql = $query->getQueryString('rx_', array());
$this->assertEquals('SELECT * FROM `rx_documents` AS `documents` WHERE `status` = ? ORDER BY RAND() DESC', $sql);
$sql = $query->getQueryString('rx_', array(
'sort_index' => 'list_order',
'order_type' => 'asc',
));
$this->assertEquals('SELECT * FROM `rx_documents` AS `documents` WHERE `status` = ? ORDER BY `list_order` ASC', $sql);
$sql = $query->getQueryString('rx_', array(
'sort_index' => 'voted_count + blamed_count',
'order_type' => 'desc',
));
$this->assertEquals('SELECT * FROM `rx_documents` AS `documents` WHERE `status` = ?', $sql);
$sql = $query->getQueryString('rx_', array(
'sort_index' => 'RAND()',
));
$this->assertEquals('SELECT * FROM `rx_documents` AS `documents` WHERE `status` = ?', $sql);
}
} }