The SQL query building is very scary
// build the SQL query $dbr = wfGetDB( DB_SLAVE ); $sPageTable = $dbr->tableName( 'page' ); $sRevTable = $dbr->tableName( 'revision' ); $categorylinks = $dbr->tableName( 'categorylinks' ); $sSqlSelectFrom = "SELECT page_namespace, page_title," . " r.rev_user_text, r.rev_timestamp"; $arg = " FROM $sPageTable INNER JOIN $sRevTable" . " AS r ON page_latest = r.rev_id"; if ( $bCountMode ) { $sSqlSelectFrom = "SELECT COUNT(*) AS num_rows FROM $sPageTable"; } elseif ( ( $this->bAddAuthor || $this->bAddCreationDate || ( $sOrder == 'first_time' ) ) && ( ( !$this->restrictNamespace ) || ( $iNamespace >= 0 && !in_array( $iNamespace, $this->restrictNamespace ) ) ) ) { $sSqlSelectFrom .= ", o.rev_user_text AS first_user, o.rev_timestamp AS" . " first_time" . $arg . " INNER JOIN $sRevTable AS o" . " ON o.rev_id =( SELECT MIN(q.rev_id) FROM $sRevTable" . " AS q WHERE q.rev_page = page_id )"; } else { if ( $sOrder == 'first_time' ) { $sOrder = 'page_id'; } $sSqlSelectFrom .= $arg; } $sSqlWhere = ' WHERE 1=1'; if ( $iNamespace >= 0 ) { $sSqlWhere = ' WHERE page_namespace=' . $iNamespace; } if ( $sPrefix !== '' ) { // Escape SQL special characters $sPrefix = strtr( $sPrefix, array( '\\' => '\\\\\\\\', ' ' => '\\_', '_' => '\\_', '%' => '\\%', '\'' => '\\\'' ) ); $sSqlWhere .= " AND page_title LIKE BINARY '" . $sPrefix . "%'"; } switch( $this->get( 'redirects' ) ) { case 'only': $sSqlWhere .= ' AND page_is_redirect = 1'; case 'include': break; case 'exclude': default: $sSqlWhere .= ' AND page_is_redirect = 0'; break; } $n = 1; for ( $i = 0; $i < $cats; $i++ ) { $sSqlSelectFrom .= " INNER JOIN $categorylinks AS" . " c{$n} ON page_id = c{$n}.cl_from AND c{$n}.cl_to=" . $dbr->addQuotes( $aCategories[$i]->getDBkey() ); $n++; } for ( $i = 0; $i < $nocats; $i++ ) { $sSqlSelectFrom .= " LEFT OUTER JOIN $categorylinks AS" . " c{$n} ON page_id = c{$n}.cl_from AND c{$n}.cl_to=" . $dbr->addQuotes( $aExcludeCategories[$i]->getDBkey() ); $sSqlWhere .= " AND c{$n}.cl_to IS NULL"; $n++; } if ( !$bCountMode ) { $sSqlWhere .= " ORDER BY $sOrder "; if ( $this->get( 'order' ) == 'ascending' ) { $sSqlWhere .= 'ASC'; } else { $sSqlWhere .= 'DESC'; } } $sSqlWhere .= " LIMIT $start, $count";
Version: unspecified
Severity: normal