From aa5a29833febb3654f3b73c48fb1386abb5d26db Mon Sep 17 00:00:00 2001 From: wangbiao Date: Wed, 4 Feb 2026 16:57:36 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8Dgetviewcount()?= =?UTF-8?q?=E6=96=B9=E6=B3=95SQL=E6=B3=A8=E5=85=A5=E6=BC=8F=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/base/lib/db/tools.php | 41 +++++++++++++++++++++++++++------------ 1 file changed, 29 insertions(+), 12 deletions(-) diff --git a/app/base/lib/db/tools.php b/app/base/lib/db/tools.php index d0f3f133..5bf08ca7 100644 --- a/app/base/lib/db/tools.php +++ b/app/base/lib/db/tools.php @@ -125,28 +125,45 @@ class base_db_tools{ } static function filter2sql($filter){ + $db = kernel::database(); $where = array('1'); - if($filter){ - foreach($filter as $k=>$v){ - if(is_array($v)){ + + // format filter to array + if ($filter) { + foreach ($filter as $k => $v) { + // Column name hardening: only allow simple identifiers + $k = (string)$k; + if ($k === '' || !preg_match('/^[a-zA-Z0-9_]+$/', $k)) { + continue; + } + $col = '`' . $k . '`'; + + if (is_array($v)) { $ac = array(); - foreach($v as $m){ - if($m!=='_ANY_' && $m!=='' && $m!='_ALL_'){ - $ac[] = $k.'=\''.$m.'\''; - }else{ + foreach ($v as $m) { + if ($m !== '_ANY_' && $m !== '' && $m != '_ALL_') { + if ($m === null) { + $m = ''; + } + $ac[] = $col . ' = ' . $db->quote($m); + } else { $ac = array(); break; } } - if(count($ac)>0){ - $where[] = '('.implode(' or ', $ac).')'; + if (count($ac) > 0) { + $where[] = '(' . implode(' or ', $ac) . ')'; } - }else{ - $where[] = '`'.$k.'` = "'.str_replace('"','\\"',$v).'"'; + } else { + if ($v === null) { + $v = ''; + } + $where[] = $col . ' = ' . $db->quote($v); } } } - return implode(' AND ',$where); + + return implode(' AND ', $where); } /**