Merging fixes and enhancements into trunk

Revision: [1843] Added param $allowed to Sanitize::paranoid() this array will allow passing characters that you do not want removed in the string. Modified Sanitize::paranoid() to check an array. Modified Model::findNeighbours() setting param $conditions to null by default. Added fix for Ticket #294 Added fix to scripts/acl.php changed DboSource::fields() to use the count() one time instead of using it in the for loop also git-svn-id: https://svn.cakephp.org/repo/trunk/cake@1844 3807eeeb-6ff5-0310-8944-8be069107fe0
2025-01-18 18:46:17 +00:00 · 2006-01-20 09:37:15 +00:00 · 2006-01-20 09:37:15 +00:00 · 48c9bb3bbd
commit 48c9bb3bbd
parent 73830ec0dc
6 changed files with 64 additions and 33 deletions
--- a/VERSION.txt
+++ b/VERSION.txt
@ -6,4 +6,4 @@
 // +---------------------------------------------------------------------------------------------------+ //
 ///////////////////////////////////////////////////////////////////////////////////////////////////////////

-0.10.7.1842 RC 2
+0.10.7.1844 RC 2
--- a/cake/libs/model/datasources/dbo_source.php
+++ b/cake/libs/model/datasources/dbo_source.php
@ -902,9 +902,10 @@ class DboSource extends DataSource
            }
        }

-        if (count($fields) >= 1 && $fields[0] != '*')
+        $count = count($fields);
+        if ($count > 1 && $fields[0] != '*')
        {
-            for ($i = 0; $i < count($fields); $i++)
+            for ($i = 0; $i < $count; $i++)
            {
                $fields[$i] = $this->name($alias).'.'.$this->name($fields[$i]);
            }
--- a/cake/libs/model/model_php4.php
+++ b/cake/libs/model/model_php4.php
@ -959,7 +959,7 @@ class Model extends Object
 */
    function hasAny ($conditions = null)
    {
-        return ($this->findCount($conditions) !== false);
+        return ($this->findCount($conditions) != false);
    }

 /**
@ -1120,10 +1120,14 @@ class Model extends Object
 * @param unknown_type $value
 * @return array Array with keys "prev" and "next" that holds the id's
 */
-    function findNeighbours ($conditions, $field, $value)
+    function findNeighbours ($conditions = null, $field, $value)
    {
-        @list($prev) = Model::findAll($conditions . ' AND ' . $field . ' < ' . $this->db->value($value), $field, $field . ' DESC', 1);
-        @list($next) = Model::findAll($conditions . ' AND ' . $field . ' > ' . $this->db->value($value), $field, $field . ' ASC', 1);
+        if(!is_null($conditions))
+        {
+            $conditions = $conditions.' AND ';
+        }
+        @list($prev) = Model::findAll($conditions. $field . ' < ' . $this->db->value($value), $field, $field . ' DESC', 1);
+        @list($next) = Model::findAll($conditions. $field . ' > ' . $this->db->value($value), $field, $field . ' ASC', 1);

        if (!isset($prev))
        {
--- a/cake/libs/model/model_php5.php
+++ b/cake/libs/model/model_php5.php
@ -953,7 +953,7 @@ class Model extends Object
 */
    function hasAny ($conditions = null)
    {
-        return ($this->findCount($conditions) !== false);
+        return ($this->findCount($conditions) != false);
    }

 /**
@ -1114,10 +1114,14 @@ class Model extends Object
 * @param unknown_type $value
 * @return array Array with keys "prev" and "next" that holds the id's
 */
-    function findNeighbours ($conditions, $field, $value)
+    function findNeighbours ($conditions = null, $field, $value)
    {
-        @list($prev) = Model::findAll($conditions . ' AND ' . $field . ' < ' . $this->db->value($value), $field, $field . ' DESC', 1);
-        @list($next) = Model::findAll($conditions . ' AND ' . $field . ' > ' . $this->db->value($value), $field, $field . ' ASC', 1);
+        if(!is_null($conditions))
+        {
+            $conditions = $conditions.' AND ';
+        }
+        @list($prev) = Model::findAll($conditions. $field . ' < ' . $this->db->value($value), $field, $field . ' DESC', 1);
+        @list($next) = Model::findAll($conditions. $field . ' > ' . $this->db->value($value), $field, $field . ' ASC', 1);

        if (!isset($prev))
        {
--- a/cake/libs/sanitize.php
+++ b/cake/libs/sanitize.php
@ -3,20 +3,20 @@

 /**
 * Washes strings from unwanted noise.
- * 
+ *
 * Helpful methods to make unsafe strings usable.
 *
 * PHP versions 4 and 5
 *
 * CakePHP :  Rapid Development Framework <http://www.cakephp.org/>
- * Copyright (c) 2006, Cake Software Foundation, Inc. 
+ * Copyright (c) 2006, Cake Software Foundation, Inc.
 *                     1785 E. Sahara Avenue, Suite 490-204
 *                     Las Vegas, Nevada 89104
- * 
+ *
 * Licensed under The MIT License
 * Redistributions of files must retain the above copyright notice.
 *
- * @filesource 
+ * @filesource
 * @copyright    Copyright (c) 2006, Cake Software Foundation, Inc.
 * @link         http://www.cakefoundation.org/projects/info/cakephp CakePHP Project
 * @package      cake
@ -48,9 +48,30 @@ class Sanitize
 * @param string $string
 * @return string
 */
-    function paranoid($string)
+    function paranoid($string, $allowed = array())
    {
-        return preg_replace( "/[^a-zA-Z0-9]/", "", $string );
+        $allow = null;
+
+        if(!empty($allowed))
+        {
+            foreach ($allowed as $value)
+            {
+                $allow .= "\\$value";
+            }
+        }
+
+        if(is_array($string))
+        {
+           foreach ($string as $key => $clean)
+           {
+              $cleaned[$key] = preg_replace( "/[^{$allow}a-zA-Z0-9]/", "", $clean);
+           }
+        }
+        else
+        {
+            $cleaned = preg_replace( "/[^{$allow}a-zA-Z0-9]/", "", $string );
+        }
+        return $cleaned;
    }

 /**
@ -65,10 +86,10 @@ class Sanitize
      {
         $string = addslashes($string);
      }
-      
+
      return $string;
   }
-    
+
 /**
 * Returns given string safe for display as HTML. Renders entities and converts newlines to <br/>.
 *
@ -91,14 +112,14 @@ class Sanitize

      return $string;
   }
-    
+
 /**
 * Recursively sanitizes given array of data for safe input.
 *
 * @param mixed $toClean
 * @return mixed
 */
-   function cleanArray(&$toClean) 
+   function cleanArray(&$toClean)
   {
      return $this->cleanArrayR($toClean);
   }
@ -110,38 +131,38 @@ class Sanitize
 * @return array
 * @see cleanArray
 */
-   function cleanArrayR(&$toClean) 
+   function cleanArrayR(&$toClean)
   {
-      if (is_array($toClean)) 
+      if (is_array($toClean))
      {
         while(list($k, $v) = each($toClean))
         {
-            if ( is_array($toClean[$k]) ) 
+            if ( is_array($toClean[$k]) )
            {
               $this->cleanArray($toClean[$k]);
-            } 
-            else 
+            }
+            else
            {
               $toClean[$k] = $this->cleanValue($v);
            }
         }
      }
-      else 
+      else
      {
         return null;
      }
   }
-    
+
 /**
 * Do we really need to sanitize array keys? If so, we can use this code...

   function cleanKey($key)
   {
-      if ($key == "") 
+      if ($key == "")
      {
         return "";
      }
-      
+
      //URL decode and convert chars to HTML entities
      $key = htmlspecialchars(urldecode($key));
      //Remove ..
@ -150,18 +171,18 @@ class Sanitize
      $key = preg_replace( "/\_\_(.+?)\_\_/", "", $key );
      //Trim word chars, '.', '-', '_'
      $key = preg_replace( "/^([\w\.\-\_]+)$/", "$1", $key );
-      
+
      return $key;
   }
 */
-    
+
 /**
 * Method used by cleanArray() to sanitize array nodes.
 *
 * @param string $val
 * @return string
 */
-   function cleanValue($val) 
+   function cleanValue($val)
   {
      if ($val == "")
      {
--- a/cake/scripts/acl.php
+++ b/cake/scripts/acl.php
@ -62,6 +62,7 @@ uses ('security');
 uses ('model'.DS.'connection_manager');
 uses ('model'.DS.'datasources'.DS.'dbo_source');
 uses ('model'.DS.'model');
+require_once(CAKE.'app_model.php');
 uses ('controller'.DS.'components'.DS.'acl');
 uses ('controller'.DS.'components'.DS.'dbacl'.DS.'models'.DS.'aclnode');
 uses ('controller'.DS.'components'.DS.'dbacl'.DS.'models'.DS.'aco');