From 2c8db9250487d2e18e2ce406fee916ff27d8340b Mon Sep 17 00:00:00 2001 From: Eric Espie Date: Tue, 27 Jun 2023 15:23:28 +0200 Subject: [PATCH] =?UTF-8?q?N=C2=B06442=20-=20Error=20in=20Database=20integ?= =?UTF-8?q?rity=20due=20to=20"translate=20placeholder=20in=20notification"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../combodo-db-tools/db_analyzer.class.inc.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/datamodels/2.x/combodo-db-tools/db_analyzer.class.inc.php b/datamodels/2.x/combodo-db-tools/db_analyzer.class.inc.php index 849899f8b..9f545adc3 100644 --- a/datamodels/2.x/combodo-db-tools/db_analyzer.class.inc.php +++ b/datamodels/2.x/combodo-db-tools/db_analyzer.class.inc.php @@ -462,6 +462,11 @@ class DatabaseAnalyzer $aCols = $oAttDef->GetSQLExpressions(); // Workaround a PHP bug: sometimes issuing a Notice if invoking current(somefunc()) $sMyAttributeField = current($aCols); // get the first column for the moment $sFilter = "FROM `$sTable` WHERE `$sTable`.`$sMyAttributeField` NOT IN ($sExpectedValues)"; + if ($oAttDef->IsNullAllowed()) { + $sSearchType = $oAttDef->GetSearchType(); + $sCondition = $this->NotEmptyToSql("`$sTable`.`$sMyAttributeField`", $sSearchType); + $sFilter .= " AND $sCondition"; + } $sDelete = "DELETE `$sTable`"; $sSelect = "SELECT DISTINCT `$sTable`.`$sKeyField` AS id, `$sTable`.`$sMyAttributeField` AS value"; $sSelWrongRecs = "$sSelect $sFilter"; @@ -492,6 +497,19 @@ class DatabaseAnalyzer } } + private function NotEmptyToSql($sRef, $sSearchType) + { + switch ($sSearchType) { + case AttributeDefinition::SEARCH_WIDGET_TYPE_NUMERIC: + case AttributeDefinition::SEARCH_WIDGET_TYPE_EXTERNAL_FIELD: + case AttributeDefinition::SEARCH_WIDGET_TYPE_DATE: + case AttributeDefinition::SEARCH_WIDGET_TYPE_DATE_TIME: + return "ISNULL({$sRef}) = 0"; + } + + return "({$sRef} != '')"; + } + /** * Check user accounts without profile *