diff --git a/fields/field.memberactivation.php b/fields/field.memberactivation.php index 5bdb610..67c7e76 100644 --- a/fields/field.memberactivation.php +++ b/fields/field.memberactivation.php @@ -482,6 +482,7 @@ public function buildDSRetrievalSQL($data, &$joins, &$where, $andOperation=false // Filter has + in it. if($andOperation) { foreach($data as $key => $bit){ + $bit = Symphony::Database()->cleanValue($bit); $joins .= " LEFT JOIN `tbl_entries_data_$field_id` AS `t$field_id$key` ON (`e`.`id` = `t$field_id$key`.entry_id) "; $where .= " AND `t$field_id$key`.activated = '$bit' "; } @@ -492,7 +493,7 @@ public function buildDSRetrievalSQL($data, &$joins, &$where, $andOperation=false if(!is_array($data)) { $data = array($data); } - + $data = array_map(array(Symphony::Database(), 'cleanValue'), $data); $joins .= " LEFT JOIN `tbl_entries_data_$field_id` AS `t$field_id` ON (`e`.`id` = `t$field_id`.entry_id) "; $where .= " AND `t$field_id`.activated IN ('".implode("', '", $data)."') "; } diff --git a/fields/field.memberemail.php b/fields/field.memberemail.php index 14988cc..768c01b 100644 --- a/fields/field.memberemail.php +++ b/fields/field.memberemail.php @@ -240,6 +240,7 @@ public function buildDSRetrievalSQL($data, &$joins, &$where, $andOperation=false // Filter has + in it. else if($andOperation) { foreach($data as $key => $bit){ + $bit = Symphony::Database()->cleanValue($bit); $joins .= " LEFT JOIN `tbl_entries_data_$field_id` AS `t$field_id$key` ON (`e`.`id` = `t$field_id$key`.entry_id) "; $where .= " AND ( `t$field_id$key`.value = '$bit' @@ -253,7 +254,7 @@ public function buildDSRetrievalSQL($data, &$joins, &$where, $andOperation=false if(!is_array($data)) { $data = array($data); } - + $data = array_map(array(Symphony::Database(), 'cleanValue'), $data); $joins .= " LEFT JOIN `tbl_entries_data_$field_id` AS `t$field_id` ON (`e`.`id` = `t$field_id`.entry_id) "; $where .= " AND ( `t$field_id`.value IN ('".implode("', '", $data)."') diff --git a/fields/field.memberpassword.php b/fields/field.memberpassword.php index c753c5d..0104f6f 100644 --- a/fields/field.memberpassword.php +++ b/fields/field.memberpassword.php @@ -631,6 +631,7 @@ public function buildDSRetrievalSQL($data, &$joins, &$where, $andOperation=false foreach($data as $key => $value) { $this->_key++; $value = $this->encodePassword($value); + $value = Symphony::Database()->cleanValue($value); $joins .= " LEFT JOIN `tbl_entries_data_$field_id` AS `t$field_id$key` ON (`e`.`id` = `t$field_id$key`.entry_id) "; $where .= " AND `t$field_id$key`.password = '$value' "; } @@ -648,6 +649,7 @@ public function buildDSRetrievalSQL($data, &$joins, &$where, $andOperation=false $value = $this->encodePassword($value); } + $data = array_map(array(Symphony::Database(), 'cleanValue'), $data); $data = implode("', '", $data); $joins .= " LEFT JOIN `tbl_entries_data_$field_id` AS `t$field_id` ON (`e`.`id` = `t$field_id`.entry_id) "; $where .= " AND `t$field_id`.password IN ('{$data}') "; diff --git a/fields/field.memberrole.php b/fields/field.memberrole.php index 25a003d..b9528c8 100644 --- a/fields/field.memberrole.php +++ b/fields/field.memberrole.php @@ -362,6 +362,7 @@ public function buildDSRetrievalSQL($data, &$joins, &$where, $andOperation = fal if($andOperation) { foreach($data as $key => $bit){ + $bit = Symphony::Database()->cleanValue($bit); $joins .= " LEFT JOIN `tbl_entries_data_$field_id` AS `t$field_id$key` ON (`e`.`id` = `t$field_id$key`.entry_id) "; $joins .= " LEFT JOIN `tbl_members_roles` AS `tg$field_id$key` ON (`t$field_id$key`.`role_id` = `tg$field_id$key`.id) "; $where .= " AND (`t$field_id$key`.role_id = '$bit' OR (`tg$field_id$key`.name = '$bit' OR `tg$field_id$key`.handle = '$bit')) "; @@ -369,6 +370,7 @@ public function buildDSRetrievalSQL($data, &$joins, &$where, $andOperation = fal } else { $data = !is_array($data) ? array($data) : $data; + $data = array_map(array(Symphony::Database(), 'cleanValue'), $data); $value = implode("', '", $data); $joins .= " LEFT JOIN `tbl_entries_data_$field_id` AS `t$field_id` ON (`e`.`id` = `t$field_id`.entry_id) "; diff --git a/lib/class.identity.php b/lib/class.identity.php index 1fb36d2..f2bef7b 100644 --- a/lib/class.identity.php +++ b/lib/class.identity.php @@ -134,6 +134,7 @@ public function buildDSRetrievalSQL($data, &$joins, &$where, $andOperation=false // Filter has + in it. else if($andOperation) { foreach($data as $key => $bit){ + $bit = Symphony::Database()->cleanValue($bit); $joins .= " LEFT JOIN `tbl_entries_data_$field_id` AS `t$field_id$key` ON (`e`.`id` = `t$field_id$key`.entry_id) "; $where .= " AND ( `t$field_id$key`.value = '$bit' @@ -148,7 +149,7 @@ public function buildDSRetrievalSQL($data, &$joins, &$where, $andOperation=false if(!is_array($data)) { $data = array($data); } - + $data = array_map(array(Symphony::Database(), 'cleanValue'), $data); $joins .= " LEFT JOIN `tbl_entries_data_$field_id` AS `t$field_id` ON (`e`.`id` = `t$field_id`.entry_id) "; $where .= " AND ( `t$field_id`.value IN ('".implode("', '", $data)."')