Skip to content
Snippets Groups Projects
Commit ba817c0e authored by Carsten Rose's avatar Carsten Rose
Browse files

Implemented new escape class 'mysql' (realEscapeString). 

Implemented defaultEscapeType. configurable via config.qfq.ini (global) and per Form.
Implemented max GET parameter lenght. Default: 50. BTW: in phpunit test there have been a parameter 'file' which exceeds the limit of 32.

Config.qfq: Skip empty variable names - happens in phpunit tests. Read new `systemEscapeTypeDefault`.
Constants.php: renamed  TOKEN_LDAP_ESCAPE_* to TOKEN_ESCAPE_LDAP_*. Add TOKEN_ESCAPE_MYSQL, TOKEN_ESCAPE_NONE
Database.php: Set charset to real_escape_string() functions properly. Proxy for mysqli::real_escape_string()
Evaluate.php: Respect global escapeTypeDefault. Implement
formEditor.sql: add column `escapeTypeDefault`. Add FormElement 'escapeTypeDefault'.
parent cb2784bd
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 175 additions and 66 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment