Differential D12351

Make formatOrderClause() safer
ClosedPublic
Actions

Authored by epriestley on Apr 11 2015, 4:08 PM.

Details

Reviewers

btrahan

Maniphest Tasks

T7803: Implement a composite query which unifies cursor paging across subqueries

Commits

Restricted Diffusion Commit
rP9dc114d1159a: Make formatOrderClause() safer

Summary

Ref T7803. Instead of trusting subqueries to provide safe values, escape them explicitly.

(We'll probably have a few cases somewhere where this doesn't work, but can make them the exception rather than the rule.)

Test Plan

Issued all "order" queries in Diffusion.

Diff Detail

Repository

rP Phabricator

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 29671.Apr 11 2015, 4:08 PM

epriestley retitled this revision from to Make formatOrderClause() safer.

epriestley updated this object.

epriestley edited the test plan for this revision. (Show Details)

epriestley added a reviewer: btrahan.

epriestley added a task: T7803: Implement a composite query which unifies cursor paging across subqueries.

Herald added a subscriber: epriestley. · View Herald TranscriptApr 11 2015, 4:08 PM

btrahan accepted this revision.Apr 13 2015, 5:00 PM

btrahan edited edge metadata.

This revision is now accepted and ready to land.Apr 13 2015, 5:00 PM

Closed by commit rP9dc114d1159a: Make formatOrderClause() safer (authored by epriestley, committed by epriestley). · Explain WhyApr 13 2015, 7:00 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

applications/

repository/

query/

PhabricatorRepositoryQuery.php

15 lines

infrastructure/

query/

policy/

PhabricatorCursorPagedPolicyAwareQuery.php

15 lines

Diff 29752

View Options

src/applications/repository/query/PhabricatorRepositoryQuery.php