[pLog-svn] r6858 - plog/branches/lifetype-1.2/class/config
jondaley at devel.lifetype.net
jondaley at devel.lifetype.net
Sat Apr 11 15:16:51 EDT 2009
Author: jondaley
Date: 2009-04-11 15:16:51 -0400 (Sat, 11 Apr 2009)
New Revision: 6858
Modified:
plog/branches/lifetype-1.2/class/config/configdbstorage.class.php
Log:
TODO comment about how we trusted PHP (a non-typed language) to tell us types of the variables and therefore removed all type information from our database. Fortunately, that was a good thing, as otherwise, we'd have a SQL injection issue in every config screen. But, we should still fix it
Modified: plog/branches/lifetype-1.2/class/config/configdbstorage.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/config/configdbstorage.class.php 2009-04-11 19:12:55 UTC (rev 6857)
+++ plog/branches/lifetype-1.2/class/config/configdbstorage.class.php 2009-04-11 19:16:51 UTC (rev 6858)
@@ -240,6 +240,13 @@
case TYPE_INTEGER:
case TYPE_BOOLEAN:
case TYPE_FLOAT:
+ // TODO: Note, this is a little broken. We ask PHP for the type of
+ // the variable, so it always returns a string, so this code isn't used.
+ // Probably the _getType function should be rewritten to use the values
+ // from the database instead, rather than rewriting the types that are
+ // stored in the database. We should fix this in the 2.0 wizard, since
+ // all int/bool/floats have been stored in the database as a string.
+ // All that is required is to change the value_type column, the data is fine.
$query = "UPDATE ".$this->_dbPrefix."config SET config_value =
'$value', value_type = $type WHERE config_key = '$key'";
break;
More information about the pLog-svn
mailing list