Drive/roundcubemail-plugins-kolab
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use consistent column/table quoting in sql queries

Browse source
This commit is contained in:
Aleksander Machniak 2014-09-15 12:23:46 +02:00
parent 086e2b2e1f
commit 788635b287
5 changed files with 79 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
plugins/calendar/drivers/kolab/kolab_driver.php
View file

@ -1081,14 +1081,12 @@ class kolab_driver extends calendar_driver
// get alarm information stored in local database // get alarm information stored in local database
if (!empty($candidates)) { if (!empty($candidates)) {
$alarm_ids = array_map(array($this->rc->db, 'quote'), array_keys($candidates)); $alarm_ids = array_map(array($this->rc->db, 'quote'), array_keys($candidates));
$result = $this->rc->db->query(sprintf( $result = $this->rc->db->query("SELECT *"
"SELECT * FROM " . $this->rc->db->table_name('kolab_alarms') . " . " FROM " . $this->rc->db->table_name('kolab_alarms', true)
WHERE alarm_id IN (%s) AND user_id=?", . " WHERE `alarm_id` IN (" . join(',', $alarm_ids) . ")"
join(',', $alarm_ids), . " AND `user_id` = ?",
$this->rc->db->now() $this->rc->user->ID
), );
$this->rc->user->ID
);
while ($result && ($e = $this->rc->db->fetch_assoc($result))) { while ($result && ($e = $this->rc->db->fetch_assoc($result))) {
$dbdata[$e['alarm_id']] = $e; $dbdata[$e['alarm_id']] = $e;
@ -1117,27 +1115,26 @@ class kolab_driver extends calendar_driver
*/ */
public function dismiss_alarm($alarm_id, $snooze = 0) public function dismiss_alarm($alarm_id, $snooze = 0)
{ {
$alarms_table = $this->rc->db->table_name('kolab_alarms', true);
// delete old alarm entry // delete old alarm entry
$this->rc->db->query( $this->rc->db->query("DELETE FROM $alarms_table"
"DELETE FROM " . $this->rc->db->table_name('kolab_alarms') . " . " WHERE `alarm_id` = ? AND `user_id` = ?",
WHERE alarm_id=? AND user_id=?", $alarm_id,
$alarm_id, $this->rc->user->ID
$this->rc->user->ID
); );
// set new notifyat time or unset if not snoozed // set new notifyat time or unset if not snoozed
$notifyat = $snooze > 0 ? date('Y-m-d H:i:s', time() + $snooze) : null; $notifyat = $snooze > 0 ? date('Y-m-d H:i:s', time() + $snooze) : null;
$query = $this->rc->db->query( $query = $this->rc->db->query("INSERT INTO $alarms_table"
"INSERT INTO " . $this->rc->db->table_name('kolab_alarms') . " . " (`alarm_id`, `user_id`, `dismissed`, `notifyat`)"
(alarm_id, user_id, dismissed, notifyat) . " VALUES (?, ?, ?, ?)",
VALUES(?, ?, ?, ?)",
$alarm_id, $alarm_id,
$this->rc->user->ID, $this->rc->user->ID,
$snooze > 0 ? 0 : 1, $snooze > 0 ? 0 : 1,
$notifyat $notifyat
); );
return $this->rc->db->affected_rows($query); return $this->rc->db->affected_rows($query);
} }
@ -1792,7 +1789,8 @@ class kolab_driver extends calendar_driver
{ {
$db = $this->rc->get_dbh(); $db = $this->rc->get_dbh();
foreach (array('kolab_alarms', 'itipinvitations') as $table) { foreach (array('kolab_alarms', 'itipinvitations') as $table) {
$db->query("DELETE FROM " . $this->rc->db->table_name($table) . " WHERE user_id=?", $args['user']->ID); $db->query("DELETE FROM " . $this->rc->db->table_name($table, true)
. " WHERE `user_id` = ?", $args['user']->ID);
} }
} }
} }

16
plugins/calendar/lib/calendar_itip.php
View file

@ -35,7 +35,7 @@ class calendar_itip extends libcalendaring_itip
{ {
parent::__construct($plugin, $domain); parent::__construct($plugin, $domain);
$this->db_itipinvitations = $this->rc->db->table_name('itipinvitations'); $this->db_itipinvitations = $this->rc->db->table_name('itipinvitations', true);
} }
/** /**
@ -61,7 +61,7 @@ class calendar_itip extends libcalendaring_itip
public function get_invitation($token) public function get_invitation($token)
{ {
if ($parts = $this->decode_token($token)) { if ($parts = $this->decode_token($token)) {
$result = $this->rc->db->query("SELECT * FROM $this->db_itipinvitations WHERE token=?", $parts['base']); $result = $this->rc->db->query("SELECT * FROM $this->db_itipinvitations WHERE `token` = ?", $parts['base']);
if ($result && ($rec = $this->rc->db->fetch_assoc($result))) { if ($result && ($rec = $this->rc->db->fetch_assoc($result))) {
$rec['event'] = unserialize($rec['event']); $rec['event'] = unserialize($rec['event']);
$rec['attendee'] = $parts['attendee']; $rec['attendee'] = $parts['attendee'];
@ -113,8 +113,8 @@ class calendar_itip extends libcalendaring_itip
// update record in DB // update record in DB
$query = $this->rc->db->query( $query = $this->rc->db->query(
"UPDATE $this->db_itipinvitations "UPDATE $this->db_itipinvitations
SET event=? SET `event` = ?
WHERE token=?", WHERE `token` = ?",
self::serialize_event($invitation['event']), self::serialize_event($invitation['event']),
$invitation['token'] $invitation['token']
); );
@ -150,11 +150,11 @@ class calendar_itip extends libcalendaring_itip
return $token; return $token;
// delete old entry // delete old entry
$this->rc->db->query("DELETE FROM $this->db_itipinvitations WHERE token=?", $base); $this->rc->db->query("DELETE FROM $this->db_itipinvitations WHERE `token` = ?", $base);
$query = $this->rc->db->query( $query = $this->rc->db->query(
"INSERT INTO $this->db_itipinvitations "INSERT INTO $this->db_itipinvitations
(token, event_uid, user_id, event, expires) (`token`, `event_uid`, `user_id`, `event`, `expires`)
VALUES(?, ?, ?, ?, ?)", VALUES(?, ?, ?, ?, ?)",
$base, $base,
$event['uid'], $event['uid'],
@ -181,8 +181,8 @@ class calendar_itip extends libcalendaring_itip
// flag invitation record as cancelled // flag invitation record as cancelled
$this->rc->db->query( $this->rc->db->query(
"UPDATE $this->db_itipinvitations "UPDATE $this->db_itipinvitations
SET cancelled=1 SET `cancelled` = 1
WHERE event_uid=? AND user_id=?", WHERE `event_uid` = ? AND `user_id` = ?",
$event['uid'], $event['uid'],
$this->rc->user->ID $this->rc->user->ID
); );

4
plugins/libkolab/lib/kolab_storage.php
View file

@ -1562,8 +1562,6 @@ class kolab_storage
{ {
$db = rcmail::get_instance()->get_dbh(); $db = rcmail::get_instance()->get_dbh();
$prefix = 'imap://' . urlencode($args['username']) . '@' . $args['host'] . '/%'; $prefix = 'imap://' . urlencode($args['username']) . '@' . $args['host'] . '/%';
$db->query("DELETE FROM " . $db->table_name('kolab_folders') . " WHERE resource LIKE ?", $prefix); $db->query("DELETE FROM " . $db->table_name('kolab_folders', true) . " WHERE `resource` LIKE ?", $prefix);
} }
} }

71
plugins/libkolab/lib/kolab_storage_cache.php
View file

@ -96,8 +96,8 @@ class kolab_storage_cache
*/ */
public function select_by_id($folder_id) public function select_by_id($folder_id)
{ {
$folders_table = $this->db->table_name('kolab_folders'); $folders_table = $this->db->table_name('kolab_folders', true);
$sql_arr = $this->db->fetch_assoc($this->db->query("SELECT * FROM $folders_table WHERE folder_id=?", $folder_id)); $sql_arr = $this->db->fetch_assoc($this->db->query("SELECT * FROM $folders_table WHERE `folder_id` = ?", $folder_id));
if ($sql_arr) { if ($sql_arr) {
$this->metadata = $sql_arr; $this->metadata = $sql_arr;
$this->folder_id = $sql_arr['folder_id']; $this->folder_id = $sql_arr['folder_id'];
@ -188,7 +188,7 @@ class kolab_storage_cache
// read cache index // read cache index
$sql_result = $this->db->query( $sql_result = $this->db->query(
"SELECT msguid, uid FROM $this->cache_table WHERE folder_id=?", "SELECT `msguid`, `uid` FROM `{$this->cache_table}` WHERE `folder_id` = ?",
$this->folder_id $this->folder_id
); );
@ -211,7 +211,7 @@ class kolab_storage_cache
if (!empty($del_index)) { if (!empty($del_index)) {
$quoted_ids = join(',', array_map(array($this->db, 'quote'), $del_index)); $quoted_ids = join(',', array_map(array($this->db, 'quote'), $del_index));
$this->db->query( $this->db->query(
"DELETE FROM $this->cache_table WHERE folder_id=? AND msguid IN ($quoted_ids)", "DELETE FROM `{$this->cache_table}` WHERE `folder_id` = ? AND `msguid` IN ($quoted_ids)",
$this->folder_id $this->folder_id
); );
} }
@ -252,8 +252,8 @@ class kolab_storage_cache
$this->_read_folder_data(); $this->_read_folder_data();
$sql_result = $this->db->query( $sql_result = $this->db->query(
"SELECT * FROM $this->cache_table ". "SELECT * FROM `{$this->cache_table}` ".
"WHERE folder_id=? AND msguid=?", "WHERE `folder_id` = ? AND `msguid` = ?",
$this->folder_id, $this->folder_id,
$msguid $msguid
); );
@ -298,7 +298,7 @@ class kolab_storage_cache
// remove old entry // remove old entry
if ($this->ready) { if ($this->ready) {
$this->_read_folder_data(); $this->_read_folder_data();
$this->db->query("DELETE FROM $this->cache_table WHERE folder_id=? AND msguid=?", $this->db->query("DELETE FROM `{$this->cache_table}` WHERE `folder_id` = ? AND `msguid` = ?",
$this->folder_id, $msguid); $this->folder_id, $msguid);
} }
@ -345,13 +345,13 @@ class kolab_storage_cache
$cols[$idx] = "$col = ?"; $cols[$idx] = "$col = ?";
} }
$query = "UPDATE $this->cache_table SET " . implode(', ', $cols) $query = "UPDATE `{$this->cache_table}` SET " . implode(', ', $cols)
. " WHERE folder_id = ? AND msguid = ?"; . " WHERE `folder_id` = ? AND `msguid` = ?";
$args[] = $this->folder_id; $args[] = $this->folder_id;
$args[] = $olduid; $args[] = $olduid;
} }
else { else {
$query = "INSERT INTO $this->cache_table (created, " . implode(', ', $cols) $query = "INSERT INTO `{$this->cache_table}` (`created`, " . implode(', ', $cols)
. ") VALUES (" . $this->db->now() . str_repeat(', ?', count($cols)) . ")"; . ") VALUES (" . $this->db->now() . str_repeat(', ?', count($cols)) . ")";
} }
@ -388,8 +388,8 @@ class kolab_storage_cache
$this->_read_folder_data(); $this->_read_folder_data();
$this->db->query( $this->db->query(
"UPDATE $this->cache_table SET folder_id=?, msguid=? ". "UPDATE `{$this->cache_table}` SET `folder_id` = ?, `msguid` = ? ".
"WHERE folder_id=? AND msguid=?", "WHERE `folder_id` = ? AND `msguid` = ?",
$target->cache->get_folder_id(), $target->cache->get_folder_id(),
$new_msguid, $new_msguid,
$this->folder_id, $this->folder_id,
@ -421,7 +421,7 @@ class kolab_storage_cache
$this->_read_folder_data(); $this->_read_folder_data();
$result = $this->db->query( $result = $this->db->query(
"DELETE FROM $this->cache_table WHERE folder_id=?", "DELETE FROM `{$this->cache_table}` WHERE `folder_id` = ?",
$this->folder_id $this->folder_id
); );
@ -443,8 +443,8 @@ class kolab_storage_cache
// resolve new message UID in target folder // resolve new message UID in target folder
$this->db->query( $this->db->query(
"UPDATE $this->folders_table SET resource=? ". "UPDATE `{$this->folders_table}` SET `resource` = ? ".
"WHERE resource=?", "WHERE `resource` = ?",
$target->get_resource_uri(), $target->get_resource_uri(),
$this->resource_uri $this->resource_uri
); );
@ -468,8 +468,8 @@ class kolab_storage_cache
// fetch full object data on one query if a small result set is expected // fetch full object data on one query if a small result set is expected
$fetchall = !$uids && ($this->limit ? $this->limit[0] : $this->count($query)) < 500; $fetchall = !$uids && ($this->limit ? $this->limit[0] : $this->count($query)) < 500;
$sql_query = "SELECT " . ($fetchall ? '*' : 'msguid AS _msguid, uid') . " FROM $this->cache_table ". $sql_query = "SELECT " . ($fetchall ? '*' : '`msguid` AS _msguid, `uid`') . " FROM `{$this->cache_table}` ".
"WHERE folder_id=? " . $this->_sql_where($query); "WHERE `folder_id` = ? " . $this->_sql_where($query);
if (!empty($this->order_by)) { if (!empty($this->order_by)) {
$sql_query .= ' ORDER BY ' . $this->order_by; $sql_query .= ' ORDER BY ' . $this->order_by;
} }
@ -551,8 +551,8 @@ class kolab_storage_cache
$this->_read_folder_data(); $this->_read_folder_data();
$sql_result = $this->db->query( $sql_result = $this->db->query(
"SELECT COUNT(*) AS numrows FROM $this->cache_table ". "SELECT COUNT(*) AS numrows FROM `{$this->cache_table}` ".
"WHERE folder_id=? " . $this->_sql_where($query), "WHERE `folder_id` = ?" . $this->_sql_where($query),
$this->folder_id $this->folder_id
); );
@ -807,12 +807,18 @@ class kolab_storage_cache
} }
if ($buffer && (!$msguid || (strlen($buffer) + strlen($line) > $this->max_sql_packet()))) { if ($buffer && (!$msguid || (strlen($buffer) + strlen($line) > $this->max_sql_packet()))) {
$extra_cols = $this->extra_cols ? ', ' . join(', ', $this->extra_cols) : ''; $extra_cols = '';
if ($this->extra_cols) {
$extra_cols = array_map(function($n) { return "`{$n}`"; }, $this->extra_cols);
$extra_cols = ', ' . join(', ', $extra_cols);
}
$result = $this->db->query( $result = $this->db->query(
"INSERT INTO $this->cache_table ". "INSERT INTO `{$this->cache_table}` ".
" (folder_id, msguid, uid, created, changed, data, xml, tags, words $extra_cols)". " (`folder_id`, `msguid`, `uid`, `created`, `changed`, `data`, `xml`, `tags`, `words` $extra_cols)".
" VALUES $buffer" " VALUES $buffer"
); );
if (!$this->db->affected_rows($result)) { if (!$this->db->affected_rows($result)) {
rcube::raise_error(array( rcube::raise_error(array(
'code' => 900, 'type' => 'php', 'code' => 900, 'type' => 'php',
@ -849,13 +855,20 @@ class kolab_storage_cache
if (!empty($this->folder_id) || !$this->ready) if (!empty($this->folder_id) || !$this->ready)
return; return;
$sql_arr = $this->db->fetch_assoc($this->db->query("SELECT folder_id, synclock, ctag FROM $this->folders_table WHERE resource=?", $this->resource_uri)); $sql_arr = $this->db->fetch_assoc($this->db->query(
"SELECT `folder_id`, `synclock`, `ctag`"
. " FROM `{$this->folders_table}` WHERE `resource` = ?",
$this->resource_uri
));
if ($sql_arr) { if ($sql_arr) {
$this->metadata = $sql_arr; $this->metadata = $sql_arr;
$this->folder_id = $sql_arr['folder_id']; $this->folder_id = $sql_arr['folder_id'];
} }
else { else {
$this->db->query("INSERT INTO $this->folders_table (resource, type) VALUES (?, ?)", $this->resource_uri, $this->folder->type); $this->db->query("INSERT INTO `{$this->folders_table}` (`resource`, `type`)"
. " VALUES (?, ?)", $this->resource_uri, $this->folder->type);
$this->folder_id = $this->db->insert_id('kolab_folders'); $this->folder_id = $this->db->insert_id('kolab_folders');
$this->metadata = array(); $this->metadata = array();
} }
@ -870,7 +883,7 @@ class kolab_storage_cache
return; return;
$this->_read_folder_data(); $this->_read_folder_data();
$sql_query = "SELECT synclock, ctag FROM $this->folders_table WHERE folder_id=?"; $sql_query = "SELECT `synclock`, `ctag` FROM `{$this->folders_table}` WHERE `folder_id` = ?";
// abort if database is not set-up // abort if database is not set-up
if ($this->db->is_error()) { if ($this->db->is_error()) {
@ -887,7 +900,7 @@ class kolab_storage_cache
} }
// set lock // set lock
$this->db->query("UPDATE $this->folders_table SET synclock = ? WHERE folder_id = ?", time(), $this->folder_id); $this->db->query("UPDATE `{$this->folders_table}` SET `synclock` = ? WHERE `folder_id` = ?", time(), $this->folder_id);
} }
/** /**
@ -899,7 +912,7 @@ class kolab_storage_cache
return; return;
$this->db->query( $this->db->query(
"UPDATE $this->folders_table SET synclock = 0, ctag = ? WHERE folder_id = ?", "UPDATE `{$this->folders_table}` SET `synclock` = 0, `ctag` = ? WHERE `folder_id` = ?",
$this->metadata['ctag'], $this->metadata['ctag'],
$this->folder_id $this->folder_id
); );
@ -921,8 +934,8 @@ class kolab_storage_cache
$this->_read_folder_data(); $this->_read_folder_data();
$sql_result = $this->db->query( $sql_result = $this->db->query(
"SELECT msguid FROM $this->cache_table ". "SELECT `msguid` FROM `{$this->cache_table}` ".
"WHERE folder_id=? AND uid=? ORDER BY msguid DESC", "WHERE `folder_id` = ? AND `uid` = ? ORDER BY `msguid` DESC",
$this->folder_id, $this->folder_id,
$uid $uid
); );

24
plugins/tasklist/drivers/kolab/tasklist_kolab_driver.php
View file

@ -711,12 +711,10 @@ class tasklist_kolab_driver extends tasklist_driver
// get alarm information stored in local database // get alarm information stored in local database
if (!empty($candidates)) { if (!empty($candidates)) {
$alarm_ids = array_map(array($this->rc->db, 'quote'), array_keys($candidates)); $alarm_ids = array_map(array($this->rc->db, 'quote'), array_keys($candidates));
$result = $this->rc->db->query(sprintf( $result = $this->rc->db->query("SELECT *"
"SELECT * FROM " . $this->rc->db->table_name('kolab_alarms') . " . " FROM " . $this->rc->db->table_name('kolab_alarms', true)
WHERE alarm_id IN (%s) AND user_id=?", . " WHERE `alarm_id` IN (" . join(',', $alarm_ids) . ")"
join(',', $alarm_ids), . " AND `user_id` = ?",
$this->rc->db->now()
),
$this->rc->user->ID $this->rc->user->ID
); );
@ -751,8 +749,8 @@ class tasklist_kolab_driver extends tasklist_driver
{ {
// delete old alarm entry // delete old alarm entry
$this->rc->db->query( $this->rc->db->query(
"DELETE FROM " . $this->rc->db->table_name('kolab_alarms') . " "DELETE FROM " . $this->rc->db->table_name('kolab_alarms', true) . "
WHERE alarm_id=? AND user_id=?", WHERE `alarm_id` = ? AND `user_id` = ?",
$id, $id,
$this->rc->user->ID $this->rc->user->ID
); );
@ -761,9 +759,9 @@ class tasklist_kolab_driver extends tasklist_driver
$notifyat = $snooze > 0 ? date('Y-m-d H:i:s', time() + $snooze) : null; $notifyat = $snooze > 0 ? date('Y-m-d H:i:s', time() + $snooze) : null;
$query = $this->rc->db->query( $query = $this->rc->db->query(
"INSERT INTO " . $this->rc->db->table_name('kolab_alarms') . " "INSERT INTO " . $this->rc->db->table_name('kolab_alarms', true) . "
(alarm_id, user_id, dismissed, notifyat) (`alarm_id`, `user_id`, `dismissed`, `notifyat`)
VALUES(?, ?, ?, ?)", VALUES (?, ?, ?, ?)",
$id, $id,
$this->rc->user->ID, $this->rc->user->ID,
$snooze > 0 ? 0 : 1, $snooze > 0 ? 0 : 1,
@ -782,8 +780,8 @@ class tasklist_kolab_driver extends tasklist_driver
{ {
// delete alarm entry // delete alarm entry
$this->rc->db->query( $this->rc->db->query(
"DELETE FROM " . $this->rc->db->table_name('kolab_alarms') . " "DELETE FROM " . $this->rc->db->table_name('kolab_alarms', true) . "
WHERE alarm_id=? AND user_id=?", WHERE `alarm_id` = ? AND `user_id` = ?",
$id, $id,
$this->rc->user->ID $this->rc->user->ID
); );