we have method there
function dsql($instance=null,$select_mode=true,$entity_code=null)
if one wants to use $model->dsql() and then perform non-select
operation (e.g. do_delete()), false should be set as first param, as else tables are appended with table aliases and thus create illegal sql query.
$dq = $model->dsql(null, false);
now, if you previously in the model initialisation had used
and then if you have a method, which is performing cleanup in following
way:
$dq->do_delete(); //assuming, that setMasterField is there
then you will have delete operation performed WITHOUT master field conditions.
if $select_mode is set to false, then conditions to dsql are not
applied. thus do_delete would clean up all records in the db :)
this is what happened in the test environment in gradpool. so not big
deal, but just be informed that setMasterField is dangerous!!!
potential solution:
1) add new method
function applyMasterConditions($dq){
if ($this->init_where){
foreach ($this->init_where as $k => $v){
$dq->where($k, $v);
}
}
return $dq;
}
2) if you are using $model->dsql(null, false), then either inside function new_dsql() automate execution of applyMasterConditions, or add to manual to execute this manually. Obviously, if we have "Secure by default", this should happen automatically.
addons/mvc/lib/Model/Table.php
we have method there function dsql($instance=null,$select_mode=true,$entity_code=null)
if one wants to use $model->dsql() and then perform non-select operation (e.g. do_delete()), false should be set as first param, as else tables are appended with table aliases and thus create illegal sql query.
$dq = $model->dsql(null, false);
now, if you previously in the model initialisation had used
$this->setMasterField($field, $value) //e.g. "user", "1"
and then if you have a method, which is performing cleanup in following way:
$dq->do_delete(); //assuming, that setMasterField is there
then you will have delete operation performed WITHOUT master field conditions.
if $select_mode is set to false, then conditions to dsql are not applied. thus do_delete would clean up all records in the db :)
this is what happened in the test environment in gradpool. so not big deal, but just be informed that setMasterField is dangerous!!!
potential solution: 1) add new method function applyMasterConditions($dq){ if ($this->init_where){ foreach ($this->init_where as $k => $v){ $dq->where($k, $v); } } return $dq; } 2) if you are using $model->dsql(null, false), then either inside function new_dsql() automate execution of applyMasterConditions, or add to manual to execute this manually. Obviously, if we have "Secure by default", this should happen automatically.