]> gitweb.fluxo.info Git - lorea/elgg.git/commitdiff
projects / lorea / elgg.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c5da5e4)
should fix #1364 and added relevant unit test cases for this bug (yeah for unit tests)
authorcash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Fri, 13 Nov 2009 02:32:46 +0000 (02:32 +0000)
committercash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>
Fri, 13 Nov 2009 02:32:46 +0000 (02:32 +0000)
git-svn-id: http://code.elgg.org/elgg/trunk@3676 36083f99-b078-4883-b0ff-0f9b5a30f544

engine/lib/api.php patch | blob | history
engine/tests/services/api.php patch | blob | history

diff --git a/engine/lib/api.php b/engine/lib/api.php
index 46b3e0e40386975e07c515db575754211a74a680..bed7a51291b5ca7957d5c3c6164c85cbb45433af 100644 (file)
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -634,7 +634,7 @@ function serialise_parameters($method, $parameters) {
                                
                                break;
                        case 'string': 
-                               $serialised_parameters .= ",'" .  (string)mysql_real_escape_string(trim($parameters[$key])) . "'"; 
+                               $serialised_parameters .= ",'" . addcslashes(trim($parameters[$key]), "'") . "'";
                                break;
                        case 'float': 
                                $serialised_parameters .= "," . (float)trim($parameters[$key]); 
diff --git a/engine/tests/services/api.php b/engine/tests/services/api.php
index 28a7a64bc9c5a5d9a3ca78f1a1acfca770d2efac..57aaa08d5ed103474a99c9ccd6ce2fabdc0dc8c9 100644 (file)
--- a/engine/tests/services/api.php
+++ b/engine/tests/services/api.php
@@ -81,10 +81,10 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest {
                $parameters = array('param1' => array('type' => 'int', 'required' => true), \r
                                                        'param2' => array('type' => 'bool', 'required' => true),\r
                                                        'param3' => array('type' => 'string', 'required' => false), );\r
+               $method['description'] = '';\r
                $method['function'] = 'foo';\r
                $method['parameters'] = $parameters;\r
                $method['call_method'] = 'GET'; \r
-               $method['description'] = '';\r
                $method['require_api_auth'] = false;\r
                $method['require_user_auth'] = false;\r
 \r
@@ -224,6 +224,18 @@ class ElggCoreServicesApiTest extends ElggCoreUnitTest {
                $s = serialise_parameters('test', $parameters);\r
                $this->assertIdentical($s, ",'testing'");\r
 \r
+               // test string with " in it\r
+               $this->registerFunction(false, false, array('param1' => array('type' => 'string')));\r
+               $parameters = array('param1' => 'test"ing');\r
+               $s = serialise_parameters('test', $parameters);\r
+               $this->assertIdentical($s, ',\'test"ing\'');\r
+               \r
+               // test string with ' in it\r
+               $this->registerFunction(false, false, array('param1' => array('type' => 'string')));\r
+               $parameters = array('param1' => 'test\'ing');\r
+               $s = serialise_parameters('test', $parameters);\r
+               $this->assertIdentical($s, ",'test\'ing'");\r
+               \r
                // float\r
                $this->registerFunction(false, false, array('param1' => array('type' => 'float')));\r
                $parameters = array('param1' => 2.5);\r
Social Networking Engine