Use Database::addQuotes instead of hard coded apostrophs

Change-Id: I1404d68d7e2b7fde8f9a76c747bc2be0936f7bef

diff --git a/includes/EditPage.php b/includes/EditPage.php
index 34062c0..da1dfbd 100644 (file)
--- a/includes/EditPage.php
+++ b/includes/EditPage.php
@@ -2483,11 +2483,13 @@ class EditPage {
                }
                # Give a notice if the user is editing a deleted/moved page...
                if ( !$this->mTitle->exists() ) {
+                       $dbr = wfGetDB( DB_REPLICA );
+
                        LogEventsList::showLogExtract( $wgOut, [ 'delete', 'move' ], $this->mTitle,
                                '',
                                [
                                        'lim' => 10,
-                                       'conds' => [ "log_action != 'revision'" ],
+                                       'conds' => [ 'log_action != ' . $dbr->addQuotes( 'revision' ) ],
                                        'showIfEmpty' => false,
                                        'msgKey' => [ 'recreate-moveddeleted-warn' ]
                                ]

diff --git a/includes/WatchedItemQueryService.php b/includes/WatchedItemQueryService.php
index c80e4a5..4ff57c6 100644 (file)
--- a/includes/WatchedItemQueryService.php
+++ b/includes/WatchedItemQueryService.php
@@ -401,7 +401,7 @@ class WatchedItemQueryService {
                if ( !isset( $options['start'] ) && !isset( $options['end'] ) ) {
                        if ( $db->getType() === 'mysql' ) {
                                // This is an index optimization for mysql
-                               $conds[] = "rc_timestamp > ''";
+                               $conds[] = 'rc_timestamp > ' . $db->addQuotes( '' );
                        }
                }
 

diff --git a/includes/actions/HistoryAction.php b/includes/actions/HistoryAction.php
index e8aec1c..b381edc 100644 (file)
--- a/includes/actions/HistoryAction.php
+++ b/includes/actions/HistoryAction.php
@@ -146,6 +146,9 @@ class HistoryAction extends FormlessAction {
                                $out->setStatusCode( 404 );
                        }
                        $out->addWikiMsg( 'nohistory' );
+
+                       $dbr = wfGetDB( DB_REPLICA );
+
                        # show deletion/move log if there is an entry
                        LogEventsList::showLogExtract(
                                $out,
@@ -153,7 +156,7 @@ class HistoryAction extends FormlessAction {
                                $this->getTitle(),
                                '',
                                [ 'lim' => 10,
-                                       'conds' => [ "log_action != 'revision'" ],
+                                       'conds' => [ 'log_action != ' . $dbr->addQuotes( 'revision' ) ],
                                        'showIfEmpty' => false,
                                        'msgKey' => [ 'moveddeleted-notice' ]
                                ]

diff --git a/includes/logging/LogEventsList.php b/includes/logging/LogEventsList.php
index 6665336..4382910 100644 (file)
--- a/includes/logging/LogEventsList.php
+++ b/includes/logging/LogEventsList.php
@@ -544,7 +544,8 @@ class LogEventsList extends ContextSource {
         * @param string $user The user who made the log entries
         * @param array $param Associative Array with the following additional options:
         * - lim Integer Limit of items to show, default is 50
-        * - conds Array Extra conditions for the query (e.g. "log_action != 'revision'")
+        * - conds Array Extra conditions for the query
+        *   (e.g. 'log_action != ' . $dbr->addQuotes( 'revision' ))
         * - showIfEmpty boolean Set to false if you don't want any output in case the loglist is empty
         *   if set to true (default), "No matching items in log" is displayed if loglist is empty
         * - msgKey Array If you want a nice box with a message, set this to the key of the message.

diff --git a/includes/page/Article.php b/includes/page/Article.php
index 34ff63c..2787c1b 100644 (file)
--- a/includes/page/Article.php
+++ b/includes/page/Article.php
@@ -1171,7 +1171,10 @@ class Article implements Page {
                $loggedIn = $this->getContext()->getUser()->isLoggedIn();
                if ( $loggedIn || $cache->get( $key ) ) {
                        $logTypes = [ 'delete', 'move' ];
-                       $conds = [ "log_action != 'revision'" ];
+
+                       $dbr = wfGetDB( DB_REPLICA );
+
+                       $conds = [ 'log_action != ' . $dbr->addQuotes( 'revision' ) ];
                        // Give extensions a chance to hide their (unrelated) log entries
                        Hooks::run( 'Article::MissingArticleConditions', [ &$conds, $logTypes ] );
                        LogEventsList::showLogExtract(

diff --git a/includes/page/ImagePage.php b/includes/page/ImagePage.php
index c75cfdd..53d7e55 100644 (file)
--- a/includes/page/ImagePage.php
+++ b/includes/page/ImagePage.php
@@ -585,6 +585,8 @@ EOT
                } else {
                        # Image does not exist
                        if ( !$this->getId() ) {
+                               $dbr = wfGetDB( DB_REPLICA );
+
                                # No article exists either
                                # Show deletion log to be consistent with normal articles
                                LogEventsList::showLogExtract(
@@ -593,7 +595,7 @@ EOT
                                        $this->getTitle()->getPrefixedText(),
                                        '',
                                        [ 'lim' => 10,
-                                               'conds' => [ "log_action != 'revision'" ],
+                                               'conds' => [ 'log_action != ' . $dbr->addQuotes( 'revision' ) ],
                                                'showIfEmpty' => false,
                                                'msgKey' => [ 'moveddeleted-notice' ]
                                        ]

diff --git a/includes/specials/SpecialUpload.php b/includes/specials/SpecialUpload.php
index c5a1f27..f4a4818 100644 (file)
--- a/includes/specials/SpecialUpload.php
+++ b/includes/specials/SpecialUpload.php
@@ -281,10 +281,12 @@ class SpecialUpload extends SpecialPage {
                $desiredTitleObj = Title::makeTitleSafe( NS_FILE, $this->mDesiredDestName );
                $delNotice = ''; // empty by default
                if ( $desiredTitleObj instanceof Title && !$desiredTitleObj->exists() ) {
+                       $dbr = wfGetDB( DB_REPLICA );
+
                        LogEventsList::showLogExtract( $delNotice, [ 'delete', 'move' ],
                                $desiredTitleObj,
                                '', [ 'lim' => 10,
-                                       'conds' => [ "log_action != 'revision'" ],
+                                       'conds' => [ 'log_action != ' . $dbr->addQuotes( 'revision' ) ],
                                        'showIfEmpty' => false,
                                        'msgKey' => [ 'upload-recreate-warning' ] ]
                        );