[mythtv-commits] Ticket #13638: mythweb notice/warning/deprecated patches
MythTV
noreply at mythtv.org
Tue Jun 23 05:35:39 UTC 2020
#13638: mythweb notice/warning/deprecated patches
----------------------------------+---------------------------------
Reporter: jpasher-lazor | Owner: Stuart Auchterlonie
Type: Patch - Bug Fix | Status: new
Priority: minor | Milestone: needs_triage
Component: Plugin - MythWeb | Version: Master Head
Severity: medium | Keywords:
Ticket locked: 0 |
----------------------------------+---------------------------------
Attached is the first round of patches I first referenced on the forums
(https://forum.mythtv.org/viewtopic.php?f=2&t=3865). The intention is to
clear up all of the PHP notices/warnings to make compatibility changes for
future PHP versions easier to find. Right now, mythweb runs with an
error_reporting() level that hides some potential flaws, along with things
that may change from notices/deprecation warnings to errors in future PHP
versions. I've only done patches for the default theme to give people an
idea of what these changes entail. Obviously with this many changes,
maintaining backwards compatibility with the supported -fixes branches can
be a bit tricky, so I wanted to gauge expectations on these changes.
I've also attached a few patches for the PHP bindings under the mythtv
branch itself.
A notice about the "odd" looking patch in
{{{modules/music/mp3act_functions.php}}} where I removed the $db->escape()
wrapper. That method automatically adds quotes to the result, which means
that when {{{$pl['playlist_songs']}}} has more than one ID in its comma
separated list, it becomes something like "... IN ('1234,4567')", which is
wrong. Since I don't see an escape() function that doesn't add the single
quotes and the column should only contain numbers or commas, we simply
strip anything else to avoid SQL injection.
--
Ticket URL: <https://code.mythtv.org/trac/ticket/13638>
MythTV <http://www.mythtv.org>
MythTV Media Center
More information about the mythtv-commits
mailing list