Drive/roundcubemail-plugins-kolab
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Correctly quote procted column names such as 'start' and 'end' (#1675)

Browse source
This commit is contained in:
Thomas Bruederli 2013-03-06 15:25:45 +01:00
parent e6c0f222d9
commit a3fedfa134
1 changed files with 12 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
plugins/calendar/drivers/database/database_driver.php
View file

@ -240,8 +240,10 @@ class database_driver extends calendar_driver
$event = $this->_save_preprocess($event); $event = $this->_save_preprocess($event);
$query = $this->rc->db->query(sprintf( $query = $this->rc->db->query(sprintf(
"INSERT INTO " . $this->db_events . " "INSERT INTO " . $this->db_events . "
(calendar_id, created, changed, uid, start, end, all_day, recurrence, title, description, location, categories, free_busy, priority, sensitivity, attendees, alarms, notifyat) (calendar_id, created, changed, uid, %s, %s, all_day, recurrence, title, description, location, categories, free_busy, priority, sensitivity, attendees, alarms, notifyat)
VALUES (?, %s, %s, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", VALUES (?, %s, %s, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
$this->rc->db->quote_identifier('start'),
$this->rc->db->quote_identifier('end'),
$this->rc->db->now(), $this->rc->db->now(),
$this->rc->db->now() $this->rc->db->now()
), ),
@ -341,9 +343,10 @@ class database_driver extends calendar_driver
$sqlresult = $this->rc->db->query(sprintf( $sqlresult = $this->rc->db->query(sprintf(
"SELECT event_id FROM " . $this->db_events . " "SELECT event_id FROM " . $this->db_events . "
WHERE calendar_id IN (%s) WHERE calendar_id IN (%s)
AND start >= ? AND %s >= ?
AND recurrence_id=?", AND recurrence_id=?",
$this->calendar_ids $this->calendar_ids,
$this->rc->db->quote_identifier('start')
), ),
$fromdate->format(self::DB_DATE_FORMAT), $fromdate->format(self::DB_DATE_FORMAT),
$master['id']); $master['id']);
@ -538,9 +541,11 @@ class database_driver extends calendar_driver
$notify_at = $this->_get_notification(array('alarms' => $event['alarms'], 'start' => $next_start, 'end' => $next_end)); $notify_at = $this->_get_notification(array('alarms' => $event['alarms'], 'start' => $next_start, 'end' => $next_end));
$query = $this->rc->db->query(sprintf( $query = $this->rc->db->query(sprintf(
"INSERT INTO " . $this->db_events . " "INSERT INTO " . $this->db_events . "
(calendar_id, recurrence_id, created, changed, uid, start, end, all_day, recurrence, title, description, location, categories, free_busy, priority, sensitivity, alarms, notifyat) (calendar_id, recurrence_id, created, changed, uid, %s, %s, all_day, recurrence, title, description, location, categories, free_busy, priority, sensitivity, alarms, notifyat)
SELECT calendar_id, ?, %s, %s, uid, ?, ?, all_day, recurrence, title, description, location, categories, free_busy, priority, sensitivity, alarms, ? SELECT calendar_id, ?, %s, %s, uid, ?, ?, all_day, recurrence, title, description, location, categories, free_busy, priority, sensitivity, alarms, ?
FROM " . $this->db_events . " WHERE event_id=? AND calendar_id IN (" . $this->calendar_ids . ")", FROM " . $this->db_events . " WHERE event_id=? AND calendar_id IN (" . $this->calendar_ids . ")",
$this->rc->db->quote_identifier('start'),
$this->rc->db->quote_identifier('end'),
$this->rc->db->now(), $this->rc->db->now(),
$this->rc->db->now() $this->rc->db->now()
), ),
@ -636,7 +641,7 @@ class database_driver extends calendar_driver
$query = $this->rc->db->query( $query = $this->rc->db->query(
"DELETE FROM " . $this->db_events . " "DELETE FROM " . $this->db_events . "
WHERE calendar_id IN (" . $this->calendar_ids . ") WHERE calendar_id IN (" . $this->calendar_ids . ")
AND start >= ? AND " . $this->rc->db->quote_identifier('start') . " >= ?
AND recurrence_id=?", AND recurrence_id=?",
$fromdate->format(self::DB_DATE_FORMAT), $fromdate->format(self::DB_DATE_FORMAT),
$master['id'] $master['id']
@ -836,9 +841,10 @@ class database_driver extends calendar_driver
$result = $this->rc->db->query(sprintf( $result = $this->rc->db->query(sprintf(
"SELECT * FROM " . $this->db_events . " "SELECT * FROM " . $this->db_events . "
WHERE calendar_id IN (%s) WHERE calendar_id IN (%s)
AND notifyat <= %s AND end > %s", AND notifyat <= %s AND %s > %s",
join(',', $calendar_ids), join(',', $calendar_ids),
$this->rc->db->fromunixtime($time), $this->rc->db->fromunixtime($time),
$this->rc->db->quote_identifier('end'),
$this->rc->db->fromunixtime($time) $this->rc->db->fromunixtime($time)
)); ));