diff --git a/classes/Cache.php b/classes/Cache.php index 6b34634e0..1ef15f347 100755 --- a/classes/Cache.php +++ b/classes/Cache.php @@ -27,7 +27,7 @@ abstract class CacheCore { - + /** @var Cache */ protected static $_instance; protected $_keysCached; protected $_tablesCached = array(); @@ -43,6 +43,10 @@ abstract class CacheCore 'guest', 'pagenotfound', 'page_viewed'); + + /** + * @return Cache + */ public static function getInstance() { if(!isset(self::$_instance)) diff --git a/classes/Connection.php b/classes/Connection.php index e8855d153..342cffc96 100644 --- a/classes/Connection.php +++ b/classes/Connection.php @@ -114,7 +114,7 @@ class ConnectionCore extends ObjectModel FROM `'._DB_PREFIX_.'connections` WHERE `id_guest` = '.(int)($cookie->id_guest).' AND DATE_ADD(`date_add`, INTERVAL 30 MINUTE) > \''.pSQL(date('Y-m-d H:i:00')).'\' - AND id_shop = '.Shop::sqlRestriction().' + '.Shop::sqlRestriction(true).' ORDER BY `date_add` DESC'; $result = Db::getInstance()->getRow($sql); if (!$result['id_guest'] AND (int)($cookie->id_guest)) diff --git a/classes/Db.php b/classes/Db.php index 6b3681adc..0c0c9a6a4 100644 --- a/classes/Db.php +++ b/classes/Db.php @@ -251,11 +251,19 @@ abstract class DbCore abstract public function getVersion(); /** - * Alias of Db::getInstance()->ExecuteS - * - * @acces string query The query to execute - * @return array Array of line returned by MySQL - */ + * Protect string against SQL injections + * + * @param string $str + * @return string + */ + abstract public function escape($str); + + /** + * Alias of Db::getInstance()->ExecuteS + * + * @acces string query The query to execute + * @return array Array of line returned by MySQL + */ static public function s($query, $use_cache = 1) { return Db::getInstance()->ExecuteS($query, true, $use_cache); @@ -313,7 +321,7 @@ function pSQL($string, $htmlOK = false) if (!is_numeric($string)) { $link = Db::getInstance()->getRessource(); - $string = _PS_MYSQL_REAL_ESCAPE_STRING_ ? mysql_real_escape_string($string, $link) : addslashes($string); + $string = _PS_MYSQL_REAL_ESCAPE_STRING_ ? Db::getInstance()->escape($string, $link) : addslashes($string); if (!$htmlOK) $string = strip_tags(nl2br2($string)); } diff --git a/classes/MySQL.php b/classes/MySQL.php index a1608d2c3..2b68d6bc4 100644 --- a/classes/MySQL.php +++ b/classes/MySQL.php @@ -46,7 +46,8 @@ class MySQLCore extends Db } /* do not remove, useful for some modules */ - public function set_db($db_name) { + public function set_db($db_name) + { return mysql_select_db($db_name, $this->_link); } @@ -86,24 +87,9 @@ class MySQLCore extends Db public function getValue($query, $use_cache = 1) { - $query .= ' LIMIT 1'; - $this->_result = false; - $this->_lastQuery = $query; - if ($use_cache AND _PS_CACHE_ENABLED_) - if ($result = Cache::getInstance()->get(md5($query))) - { - $this->_lastCached = true; - return $result; - } - if ($this->_link AND $this->_result = mysql_query($query, $this->_link) AND is_array($tmpArray = mysql_fetch_assoc($this->_result))) - { - $this->_lastCached = false; - $result = array_shift($tmpArray); - if($use_cache AND _PS_CACHE_ENABLED_) - Cache::getInstance()->setQuery($query, $result); - return $result; - } - return false; + if (!$result = $this->getRow($query, $use_cache)) + return false; + return array_shift($result); } public function Execute($query, $use_cache = 1) @@ -268,6 +254,14 @@ class MySQLCore extends Db { return mysql_get_server_info(); } + + /** + * @see DbCore::escape() + */ + public function escape($str) + { + return mysql_real_escape_string($str, $this->_link); + } static public function tryToConnect($server, $user, $pwd, $db) {