Drive/roundcubemail-plugins-kolab
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use consistent column/table quoting in sql queries

Browse source
This commit is contained in:
Aleksander Machniak 2014-09-15 12:23:46 +02:00
parent 086e2b2e1f
commit 788635b287
5 changed files with 79 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
plugins/calendar/drivers/kolab/kolab_driver.php
View file

@ -1081,14 +1081,12 @@ class kolab_driver extends calendar_driver
// get alarm information stored in local database
if (!empty($candidates)) {
$alarm_ids = array_map(array($this->rc->db, 'quote'), array_keys($candidates));
$result = $this->rc->db->query(sprintf(
"SELECT * FROM " . $this->rc->db->table_name('kolab_alarms') . "
WHERE alarm_id IN (%s) AND user_id=?",
join(',', $alarm_ids),
$this->rc->db->now()
),
$this->rc->user->ID
);
$result = $this->rc->db->query("SELECT *"
. " FROM " . $this->rc->db->table_name('kolab_alarms', true)
. " WHERE `alarm_id` IN (" . join(',', $alarm_ids) . ")"
. " AND `user_id` = ?",
$this->rc->user->ID
);
while ($result && ($e = $this->rc->db->fetch_assoc($result))) {
$dbdata[$e['alarm_id']] = $e;
@ -1117,27 +1115,26 @@ class kolab_driver extends calendar_driver
*/
public function dismiss_alarm($alarm_id, $snooze = 0)
{
$alarms_table = $this->rc->db->table_name('kolab_alarms', true);
// delete old alarm entry
$this->rc->db->query(
"DELETE FROM " . $this->rc->db->table_name('kolab_alarms') . "
WHERE alarm_id=? AND user_id=?",
$alarm_id,
$this->rc->user->ID
$this->rc->db->query("DELETE FROM $alarms_table"
. " WHERE `alarm_id` = ? AND `user_id` = ?",
$alarm_id,
$this->rc->user->ID
);
// set new notifyat time or unset if not snoozed
$notifyat = $snooze > 0 ? date('Y-m-d H:i:s', time() + $snooze) : null;
$query = $this->rc->db->query(
"INSERT INTO " . $this->rc->db->table_name('kolab_alarms') . "
(alarm_id, user_id, dismissed, notifyat)
VALUES(?, ?, ?, ?)",
$query = $this->rc->db->query("INSERT INTO $alarms_table"
. " (`alarm_id`, `user_id`, `dismissed`, `notifyat`)"
. " VALUES (?, ?, ?, ?)",
$alarm_id,
$this->rc->user->ID,
$snooze > 0 ? 0 : 1,
$notifyat
);
return $this->rc->db->affected_rows($query);
}
@ -1792,7 +1789,8 @@ class kolab_driver extends calendar_driver
{
$db = $this->rc->get_dbh();
foreach (array('kolab_alarms', 'itipinvitations') as $table) {
$db->query("DELETE FROM " . $this->rc->db->table_name($table) . " WHERE user_id=?", $args['user']->ID);
$db->query("DELETE FROM " . $this->rc->db->table_name($table, true)
. " WHERE `user_id` = ?", $args['user']->ID);
}
}
}

16
plugins/calendar/lib/calendar_itip.php
View file

@ -35,7 +35,7 @@ class calendar_itip extends libcalendaring_itip
{
parent::__construct($plugin, $domain);
$this->db_itipinvitations = $this->rc->db->table_name('itipinvitations');
$this->db_itipinvitations = $this->rc->db->table_name('itipinvitations', true);
}
/**
@ -61,7 +61,7 @@ class calendar_itip extends libcalendaring_itip
public function get_invitation($token)
{
if ($parts = $this->decode_token($token)) {
$result = $this->rc->db->query("SELECT * FROM $this->db_itipinvitations WHERE token=?", $parts['base']);
$result = $this->rc->db->query("SELECT * FROM $this->db_itipinvitations WHERE `token` = ?", $parts['base']);
if ($result && ($rec = $this->rc->db->fetch_assoc($result))) {
$rec['event'] = unserialize($rec['event']);
$rec['attendee'] = $parts['attendee'];
@ -113,8 +113,8 @@ class calendar_itip extends libcalendaring_itip
// update record in DB
$query = $this->rc->db->query(
"UPDATE $this->db_itipinvitations
SET event=?
WHERE token=?",
SET `event` = ?
WHERE `token` = ?",
self::serialize_event($invitation['event']),
$invitation['token']
);
@ -150,11 +150,11 @@ class calendar_itip extends libcalendaring_itip
return $token;
// delete old entry
$this->rc->db->query("DELETE FROM $this->db_itipinvitations WHERE token=?", $base);
$this->rc->db->query("DELETE FROM $this->db_itipinvitations WHERE `token` = ?", $base);
$query = $this->rc->db->query(
"INSERT INTO $this->db_itipinvitations
(token, event_uid, user_id, event, expires)
(`token`, `event_uid`, `user_id`, `event`, `expires`)
VALUES(?, ?, ?, ?, ?)",
$base,
$event['uid'],
@ -181,8 +181,8 @@ class calendar_itip extends libcalendaring_itip
// flag invitation record as cancelled
$this->rc->db->query(
"UPDATE $this->db_itipinvitations
SET cancelled=1
WHERE event_uid=? AND user_id=?",
SET `cancelled` = 1
WHERE `event_uid` = ? AND `user_id` = ?",
$event['uid'],
$this->rc->user->ID
);

4
plugins/libkolab/lib/kolab_storage.php
View file

@ -1562,8 +1562,6 @@ class kolab_storage
{
$db = rcmail::get_instance()->get_dbh();
$prefix = 'imap://' . urlencode($args['username']) . '@' . $args['host'] . '/%';
$db->query("DELETE FROM " . $db->table_name('kolab_folders') . " WHERE resource LIKE ?", $prefix);
$db->query("DELETE FROM " . $db->table_name('kolab_folders', true) . " WHERE `resource` LIKE ?", $prefix);
}
}

71
plugins/libkolab/lib/kolab_storage_cache.php
View file

@ -96,8 +96,8 @@ class kolab_storage_cache
*/
public function select_by_id($folder_id)
{
$folders_table = $this->db->table_name('kolab_folders');
$sql_arr = $this->db->fetch_assoc($this->db->query("SELECT * FROM $folders_table WHERE folder_id=?", $folder_id));
$folders_table = $this->db->table_name('kolab_folders', true);
$sql_arr = $this->db->fetch_assoc($this->db->query("SELECT * FROM $folders_table WHERE `folder_id` = ?", $folder_id));
if ($sql_arr) {
$this->metadata = $sql_arr;
$this->folder_id = $sql_arr['folder_id'];
@ -188,7 +188,7 @@ class kolab_storage_cache
// read cache index
$sql_result = $this->db->query(
"SELECT msguid, uid FROM $this->cache_table WHERE folder_id=?",
"SELECT `msguid`, `uid` FROM `{$this->cache_table}` WHERE `folder_id` = ?",
$this->folder_id
);
@ -211,7 +211,7 @@ class kolab_storage_cache
if (!empty($del_index)) {
$quoted_ids = join(',', array_map(array($this->db, 'quote'), $del_index));
$this->db->query(
"DELETE FROM $this->cache_table WHERE folder_id=? AND msguid IN ($quoted_ids)",
"DELETE FROM `{$this->cache_table}` WHERE `folder_id` = ? AND `msguid` IN ($quoted_ids)",
$this->folder_id
);
}
@ -252,8 +252,8 @@ class kolab_storage_cache
$this->_read_folder_data();
$sql_result = $this->db->query(
"SELECT * FROM $this->cache_table ".
"WHERE folder_id=? AND msguid=?",
"SELECT * FROM `{$this->cache_table}` ".
"WHERE `folder_id` = ? AND `msguid` = ?",
$this->folder_id,
$msguid
);
@ -298,7 +298,7 @@ class kolab_storage_cache
// remove old entry
if ($this->ready) {
$this->_read_folder_data();
$this->db->query("DELETE FROM $this->cache_table WHERE folder_id=? AND msguid=?",
$this->db->query("DELETE FROM `{$this->cache_table}` WHERE `folder_id` = ? AND `msguid` = ?",
$this->folder_id, $msguid);
}
@ -345,13 +345,13 @@ class kolab_storage_cache
$cols[$idx] = "$col = ?";
}
$query = "UPDATE $this->cache_table SET " . implode(', ', $cols)
. " WHERE folder_id = ? AND msguid = ?";
$query = "UPDATE `{$this->cache_table}` SET " . implode(', ', $cols)
. " WHERE `folder_id` = ? AND `msguid` = ?";
$args[] = $this->folder_id;
$args[] = $olduid;
}
else {
$query = "INSERT INTO $this->cache_table (created, " . implode(', ', $cols)
$query = "INSERT INTO `{$this->cache_table}` (`created`, " . implode(', ', $cols)
. ") VALUES (" . $this->db->now() . str_repeat(', ?', count($cols)) . ")";
}
@ -388,8 +388,8 @@ class kolab_storage_cache
$this->_read_folder_data();
$this->db->query(
"UPDATE $this->cache_table SET folder_id=?, msguid=? ".
"WHERE folder_id=? AND msguid=?",
"UPDATE `{$this->cache_table}` SET `folder_id` = ?, `msguid` = ? ".
"WHERE `folder_id` = ? AND `msguid` = ?",
$target->cache->get_folder_id(),
$new_msguid,
$this->folder_id,
@ -421,7 +421,7 @@ class kolab_storage_cache
$this->_read_folder_data();
$result = $this->db->query(
"DELETE FROM $this->cache_table WHERE folder_id=?",
"DELETE FROM `{$this->cache_table}` WHERE `folder_id` = ?",
$this->folder_id
);
@ -443,8 +443,8 @@ class kolab_storage_cache
// resolve new message UID in target folder
$this->db->query(
"UPDATE $this->folders_table SET resource=? ".
"WHERE resource=?",
"UPDATE `{$this->folders_table}` SET `resource` = ? ".
"WHERE `resource` = ?",
$target->get_resource_uri(),
$this->resource_uri
);
@ -468,8 +468,8 @@ class kolab_storage_cache
// fetch full object data on one query if a small result set is expected
$fetchall = !$uids && ($this->limit ? $this->limit[0] : $this->count($query)) < 500;
$sql_query = "SELECT " . ($fetchall ? '*' : 'msguid AS _msguid, uid') . " FROM $this->cache_table ".
"WHERE folder_id=? " . $this->_sql_where($query);
$sql_query = "SELECT " . ($fetchall ? '*' : '`msguid` AS _msguid, `uid`') . " FROM `{$this->cache_table}` ".
"WHERE `folder_id` = ? " . $this->_sql_where($query);
if (!empty($this->order_by)) {
$sql_query .= ' ORDER BY ' . $this->order_by;
}
@ -551,8 +551,8 @@ class kolab_storage_cache
$this->_read_folder_data();
$sql_result = $this->db->query(
"SELECT COUNT(*) AS numrows FROM $this->cache_table ".
"WHERE folder_id=? " . $this->_sql_where($query),
"SELECT COUNT(*) AS numrows FROM `{$this->cache_table}` ".
"WHERE `folder_id` = ?" . $this->_sql_where($query),
$this->folder_id
);
@ -807,12 +807,18 @@ class kolab_storage_cache
}
if ($buffer && (!$msguid || (strlen($buffer) + strlen($line) > $this->max_sql_packet()))) {
$extra_cols = $this->extra_cols ? ', ' . join(', ', $this->extra_cols) : '';
$extra_cols = '';
if ($this->extra_cols) {
$extra_cols = array_map(function($n) { return "`{$n}`"; }, $this->extra_cols);
$extra_cols = ', ' . join(', ', $extra_cols);
}
$result = $this->db->query(
"INSERT INTO $this->cache_table ".
" (folder_id, msguid, uid, created, changed, data, xml, tags, words $extra_cols)".
"INSERT INTO `{$this->cache_table}` ".
" (`folder_id`, `msguid`, `uid`, `created`, `changed`, `data`, `xml`, `tags`, `words` $extra_cols)".
" VALUES $buffer"
);
if (!$this->db->affected_rows($result)) {
rcube::raise_error(array(
'code' => 900, 'type' => 'php',
@ -849,13 +855,20 @@ class kolab_storage_cache
if (!empty($this->folder_id) || !$this->ready)
return;
$sql_arr = $this->db->fetch_assoc($this->db->query("SELECT folder_id, synclock, ctag FROM $this->folders_table WHERE resource=?", $this->resource_uri));
$sql_arr = $this->db->fetch_assoc($this->db->query(
"SELECT `folder_id`, `synclock`, `ctag`"
. " FROM `{$this->folders_table}` WHERE `resource` = ?",
$this->resource_uri
));
if ($sql_arr) {
$this->metadata = $sql_arr;
$this->folder_id = $sql_arr['folder_id'];
}
else {
$this->db->query("INSERT INTO $this->folders_table (resource, type) VALUES (?, ?)", $this->resource_uri, $this->folder->type);
$this->db->query("INSERT INTO `{$this->folders_table}` (`resource`, `type`)"
. " VALUES (?, ?)", $this->resource_uri, $this->folder->type);
$this->folder_id = $this->db->insert_id('kolab_folders');
$this->metadata = array();
}
@ -870,7 +883,7 @@ class kolab_storage_cache
return;
$this->_read_folder_data();
$sql_query = "SELECT synclock, ctag FROM $this->folders_table WHERE folder_id=?";
$sql_query = "SELECT `synclock`, `ctag` FROM `{$this->folders_table}` WHERE `folder_id` = ?";
// abort if database is not set-up
if ($this->db->is_error()) {
@ -887,7 +900,7 @@ class kolab_storage_cache
}
// set lock
$this->db->query("UPDATE $this->folders_table SET synclock = ? WHERE folder_id = ?", time(), $this->folder_id);
$this->db->query("UPDATE `{$this->folders_table}` SET `synclock` = ? WHERE `folder_id` = ?", time(), $this->folder_id);
}
/**
@ -899,7 +912,7 @@ class kolab_storage_cache
return;
$this->db->query(
"UPDATE $this->folders_table SET synclock = 0, ctag = ? WHERE folder_id = ?",
"UPDATE `{$this->folders_table}` SET `synclock` = 0, `ctag` = ? WHERE `folder_id` = ?",
$this->metadata['ctag'],
$this->folder_id
);
@ -921,8 +934,8 @@ class kolab_storage_cache
$this->_read_folder_data();
$sql_result = $this->db->query(
"SELECT msguid FROM $this->cache_table ".
"WHERE folder_id=? AND uid=? ORDER BY msguid DESC",
"SELECT `msguid` FROM `{$this->cache_table}` ".
"WHERE `folder_id` = ? AND `uid` = ? ORDER BY `msguid` DESC",
$this->folder_id,
$uid
);

24
plugins/tasklist/drivers/kolab/tasklist_kolab_driver.php
View file

@ -711,12 +711,10 @@ class tasklist_kolab_driver extends tasklist_driver
// get alarm information stored in local database
if (!empty($candidates)) {
$alarm_ids = array_map(array($this->rc->db, 'quote'), array_keys($candidates));
$result = $this->rc->db->query(sprintf(
"SELECT * FROM " . $this->rc->db->table_name('kolab_alarms') . "
WHERE alarm_id IN (%s) AND user_id=?",
join(',', $alarm_ids),
$this->rc->db->now()
),
$result = $this->rc->db->query("SELECT *"
. " FROM " . $this->rc->db->table_name('kolab_alarms', true)
. " WHERE `alarm_id` IN (" . join(',', $alarm_ids) . ")"
. " AND `user_id` = ?",
$this->rc->user->ID
);
@ -751,8 +749,8 @@ class tasklist_kolab_driver extends tasklist_driver
{
// delete old alarm entry
$this->rc->db->query(
"DELETE FROM " . $this->rc->db->table_name('kolab_alarms') . "
WHERE alarm_id=? AND user_id=?",
"DELETE FROM " . $this->rc->db->table_name('kolab_alarms', true) . "
WHERE `alarm_id` = ? AND `user_id` = ?",
$id,
$this->rc->user->ID
);
@ -761,9 +759,9 @@ class tasklist_kolab_driver extends tasklist_driver
$notifyat = $snooze > 0 ? date('Y-m-d H:i:s', time() + $snooze) : null;
$query = $this->rc->db->query(
"INSERT INTO " . $this->rc->db->table_name('kolab_alarms') . "
(alarm_id, user_id, dismissed, notifyat)
VALUES(?, ?, ?, ?)",
"INSERT INTO " . $this->rc->db->table_name('kolab_alarms', true) . "
(`alarm_id`, `user_id`, `dismissed`, `notifyat`)
VALUES (?, ?, ?, ?)",
$id,
$this->rc->user->ID,
$snooze > 0 ? 0 : 1,
@ -782,8 +780,8 @@ class tasklist_kolab_driver extends tasklist_driver
{
// delete alarm entry
$this->rc->db->query(
"DELETE FROM " . $this->rc->db->table_name('kolab_alarms') . "
WHERE alarm_id=? AND user_id=?",
"DELETE FROM " . $this->rc->db->table_name('kolab_alarms', true) . "
WHERE `alarm_id` = ? AND `user_id` = ?",
$id,
$this->rc->user->ID
);