From 8e9cb6de23928b590912c71c3713ecfa17608d7c Mon Sep 17 00:00:00 2001
From: Sam Wilson <sam@samwilson.id.au>
Date: Thu, 30 Aug 2018 13:33:05 +0800
Subject: [PATCH] Quote 'rank' field name in SQL

Add backticks to reserved word 'rank' in SQL queries.

Bug: GH #919
---
 admin/cat_list.php          |  4 ++--
 admin/element_set_ranks.php |  4 ++--
 admin/include/functions.php | 10 +++++-----
 admin/site_update.php       |  2 +-
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/admin/cat_list.php b/admin/cat_list.php
index 04cf5ebb5..ab0f7d54d 100644
--- a/admin/cat_list.php
+++ b/admin/cat_list.php
@@ -295,7 +295,7 @@ $template->assign(array(
 $categories = array();
 
 $query = '
-SELECT id, name, permalink, dir, rank, status
+SELECT id, name, permalink, dir, `rank`, status
   FROM '.CATEGORIES_TABLE;
 if (!isset($_GET['parent_id']))
 {
@@ -308,7 +308,7 @@ else
   WHERE id_uppercat = '.$_GET['parent_id'];
 }
 $query.= '
-  ORDER BY rank ASC
+  ORDER BY `rank` ASC
 ;';
 $categories = hash_from_query($query, 'id');
 
diff --git a/admin/element_set_ranks.php b/admin/element_set_ranks.php
index afac2deaf..70914c56f 100644
--- a/admin/element_set_ranks.php
+++ b/admin/element_set_ranks.php
@@ -143,11 +143,11 @@ SELECT
     representative_ext,
     width, height, rotation,
     name,
-    rank
+    `rank`
   FROM '.IMAGES_TABLE.'
     JOIN '.IMAGE_CATEGORY_TABLE.' ON image_id = id
   WHERE category_id = '.$page['category_id'].'
-  ORDER BY rank
+  ORDER BY `rank`
 ;';
 $result = pwg_query($query);
 if (pwg_db_num_rows($result) > 0)
diff --git a/admin/include/functions.php b/admin/include/functions.php
index c586cb26e..9c077b505 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -674,9 +674,9 @@ function save_categories_order($categories)
 function update_global_rank()
 {
   $query = '
-SELECT id, id_uppercat, uppercats, rank, global_rank
+SELECT id, id_uppercat, uppercats, `rank`, global_rank
   FROM '.CATEGORIES_TABLE.'
-  ORDER BY id_uppercat,rank,name';
+  ORDER BY id_uppercat, `rank`, name';
 
   global $cat_map; // used in preg_replace callback
   $cat_map = array();
@@ -1442,7 +1442,7 @@ function create_virtual_category($category_name, $parent_id=null, $options=array
   {
     //what is the current higher rank for this parent?
     $query = '
-SELECT MAX(rank) AS max_rank
+SELECT MAX(`rank`) AS max_rank
   FROM '. CATEGORIES_TABLE .'
   WHERE id_uppercat '.(empty($parent_id) ? 'IS NULL' : '= '.$parent_id).' 
 ;';
@@ -1919,9 +1919,9 @@ SELECT
   $query = '
 SELECT
     category_id,
-    MAX(rank) AS max_rank
+    MAX(`rank`) AS max_rank
   FROM '.IMAGE_CATEGORY_TABLE.'
-  WHERE rank IS NOT NULL
+  WHERE `rank` IS NOT NULL
     AND category_id IN ('.implode(',', $categories).')
   GROUP BY category_id
 ;';
diff --git a/admin/site_update.php b/admin/site_update.php
index 9a6d6ca91..b51b4c962 100644
--- a/admin/site_update.php
+++ b/admin/site_update.php
@@ -178,7 +178,7 @@ SELECT id
 
   // let's see if some categories already have some sub-categories...
   $query = '
-SELECT id_uppercat, MAX(rank)+1 AS next_rank
+SELECT id_uppercat, MAX(`rank`)+1 AS next_rank
   FROM '.CATEGORIES_TABLE.'
   GROUP BY id_uppercat';
   $result = pwg_query($query);