HomePhorge
Diffusion Phorge 9dc114d1159a

Make formatOrderClause() safer
9dc114d1159a
Actions

Description

Make formatOrderClause() safer

Summary:
Ref T7803. Instead of trusting subqueries to provide safe values, escape them explicitly.

(We'll probably have a few cases somewhere where this doesn't work, but can make them the exception rather than the rule.)

Test Plan: Issued all "order" queries in Diffusion.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7803

Differential Revision: https://secure.phabricator.com/D12351

Details

Provenance
epriestleyAuthored on Apr 11 2015, 9:06 AM
themackabuPushed on Mar 25 2025, 8:07 PM
Parents
rPe5ff344d0d72: Conpherence - us JX.Scrollbar in main conpherence view
Branches
Unknown
Tags
Unknown

Event Timeline

Changes (2)

PathSize
src/
applications/
repository/
query/
infrastructure/
query/
policy/

rP9dc114d1159a

View Options

src/applications/repository/query/PhabricatorRepositoryQuery.php

Loading...
View Options

src/infrastructure/query/policy/PhabricatorCursorPagedPolicyAwareQuery.php

Loading...