From d6e99db40dc88de1782099b30941075ebc8dfa97 Mon Sep 17 00:00:00 2001 From: Christian Weiske Date: Fri, 25 Mar 2011 08:00:32 +0100 Subject: do not generate invalid SQL when called with a not-so valid array --- src/SemanticScuttle/Service/Bookmark2Tag.php | 6 ++++-- tests/Bookmark2TagTest.php | 17 +++++++++++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/src/SemanticScuttle/Service/Bookmark2Tag.php b/src/SemanticScuttle/Service/Bookmark2Tag.php index 1dc0ffe..a10cb61 100644 --- a/src/SemanticScuttle/Service/Bookmark2Tag.php +++ b/src/SemanticScuttle/Service/Bookmark2Tag.php @@ -571,8 +571,10 @@ class SemanticScuttle_Service_Bookmark2Tag extends SemanticScuttle_DbService } else if (is_array($user)) { $query .= ' (1 = 0'; //tricks foreach ($user as $u) { - $query .= ' OR B.uId = ' . $this->db->sql_escape($u) - . ' AND B.bId = T.bId'; + if (is_numeric($u)) { + $query .= ' OR B.uId = ' . $this->db->sql_escape($u) + . ' AND B.bId = T.bId'; + } } $query .= ' )' . $privacy; } else { diff --git a/tests/Bookmark2TagTest.php b/tests/Bookmark2TagTest.php index ffd83c3..fff4222 100644 --- a/tests/Bookmark2TagTest.php +++ b/tests/Bookmark2TagTest.php @@ -426,6 +426,23 @@ class Bookmark2TagTest extends TestBase + /** + * This may happen when the method is called with a problematic user array. + * In that case we may not generate invalid SQL or so. + * + * @covers SemanticScuttle_Service_Bookmark2Tag::getPopularTags + */ + public function testGetPopularTagsUserArrayWithNull() + { + $user1 = $this->addUser(); + $this->addTagBookmark($user1, array('one')); + + $arTags = $this->b2ts->getPopularTags(array(null)); + $this->assertEquals(0, count($arTags)); + } + + + /** * @covers SemanticScuttle_Service_Bookmark2Tag::getPopularTags */ -- cgit v1.2.3-54-g00ecf