rooty/OwncloudBookmarksOfficial
1
0
Fork 0
mirror of https://github.com/owncloud/bookmarks.git synced 2025-02-21 18:54:32 +01:00
Code Issues Releases Activity

Validate $sqlSortColumn

Browse Source
This commit is contained in:
Brice Maron 2013-04-23 21:59:52 +02:00 committed by Lukas Reschke
parent 76b871463d
commit 582c3ed245
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/bookmarks.php
View File

@ -36,7 +36,11 @@ class OC_Bookmarks_Bookmarks{
public static function findBookmarks($offset, $sqlSortColumn, $filter, $filterTagOnly) {
//OCP\Util::writeLog('bookmarks', 'findBookmarks ' .$offset. ' '.$sqlSortColumn.' '. $filter.' '. $filterTagOnly ,OCP\Util::DEBUG);
$CONFIG_DBTYPE = OCP\Config::getSystemValue( 'dbtype', 'sqlite' );
if(!in_array($sqlSortColumn, array('id', 'url', 'title', 'user_id', 'description', 'public', 'added', 'lastmodified','clickcount',))) {
$sqlSortColumn = 'bookmarks_sorting_recent';
}
$params=array(OCP\USER::getUser());
if( $CONFIG_DBTYPE == 'sqlite' or $CONFIG_DBTYPE == 'sqlite3' ) {
@ -131,17 +135,17 @@ class OC_Bookmarks_Bookmarks{
$query = OCP\DB::prepare("
DELETE FROM `*PREFIX*bookmarks`
WHERE `id` = $id
WHERE `id` = ?
");
$result = $query->execute();
$result = $query->execute(array($id));
$query = OCP\DB::prepare("
DELETE FROM `*PREFIX*bookmarks_tags`
WHERE `bookmark_id` = $id
WHERE `bookmark_id` = ?
");
$result = $query->execute();
$result = $query->execute(array($id));
return true;
}
}