Menu
▾
▴
[phpBT-dev] CVS: phpbt/inc functions.php,1.50,1.51
|
From: Benjamin C. <bc...@us...> - 2005-05-28 17:53:48
|
Update of /cvsroot/phpbt/phpbt/inc In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv31733/inc Modified Files: functions.php Log Message: Added a bunch of db quoting of parameters. Added a bug deletion function, by popular demand Index: functions.php =================================================================== RCS file: /cvsroot/phpbt/phpbt/inc/functions.php,v retrieving revision 1.50 retrieving revision 1.51 diff -u -r1.50 -r1.51 --- functions.php 25 May 2005 18:07:43 -0000 1.50 +++ functions.php 28 May 2005 17:53:37 -0000 1.51 @@ -88,14 +88,14 @@ 'resolution' => $querystart.$querymid, 'project' => $perm->have_perm('Admin') ? $querystart." where ". - ($selected ? "(active > 0 or project_id in ($selected))" : 'active > 0'). + ($selected ? "(active > 0 or project_id in (".$db->quote($selected)."))" : 'active > 0'). " order by {$box}_name" - : $querystart." where project_id not in ($restricted_projects)". + : $querystart." where project_id not in (".$db->quote($restricted_projects).")". " and ". - ($selected ? " (active > 0 or project_id in ($selected))" : 'active > 0'). + ($selected ? " (active > 0 or project_id in (".$db->quote($selected)."))" : 'active > 0'). " order by {$box}_name", - 'component' => $querystart." where project_id = $project and active = 1 order by {$box}_name", - 'version' => $querystart." where project_id = $project and active = 1 order by {$box}_id desc", + 'component' => $querystart." where project_id = ".$db->quote($project)." and active = 1 order by {$box}_name", + 'version' => $querystart." where project_id = ".$db->quote($project)." and active = 1 order by {$box}_id desc", 'database' => $querystart.$querymid ); } @@ -194,7 +194,7 @@ } break; case 'bug_cc': - $rs = $db->query(sprintf($QUERY['functions-bug-cc'], $selected)); + $rs = $db->query(sprintf($QUERY['functions-bug-cc'], $db->quote($selected))); while (list($uid, $user) = $rs->fetchRow(DB_FETCHMODE_ORDERED)) { $text .= "<option value=\"$uid\">".maskemail($user).'</option>'; } @@ -307,7 +307,7 @@ switch($var) { case 'assigned_to' : - return maskemail($db->getOne("select login from ".TBL_AUTH_USER." where user_id = $val")); + return maskemail($db->getOne("select login from ".TBL_AUTH_USER." where user_id = ".$db->quote($val))); break; } } @@ -326,7 +326,7 @@ $page = 0; } else { if ($perm->check_auth('group', 'Users')) - $selrange = $db->getOne('select def_results from '.TBL_USER_PREF.' where user_id = '.$u); + $selrange = $db->getOne('select def_results from '.TBL_USER_PREF.' where user_id = '.$db->quote($u)); $llimit = ($page-1)*$selrange; } if ($nr) $npages = ceil($nr/$selrange); @@ -452,7 +452,7 @@ $rs = $db->query("select project_id, project_name from ".TBL_PROJECT." where active = 1 order by project_name"); } else { $rs = $db->query(sprintf($QUERY['functions-project-js'], - @join(',', $_SESSION['group_ids']))); + $db->quote(@join(',', $_SESSION['group_ids'])))); } while (list($pid, $pname) = $rs->fetchRow(DB_FETCHMODE_ORDERED)) { $pname = addslashes($pname); @@ -462,7 +462,7 @@ $js2 = "closedversions['$pname'] = new Array(". ((!isset($no_all) or !$no_all) ? "new Array('','All')," : "new Array(0, 'Choose One'),"); - $rs2 = $db->query("select version_name, version_id from ".TBL_VERSION." where project_id = $pid and active = 1"); + $rs2 = $db->query("select version_name, version_id from ".TBL_VERSION." where project_id = ".$db->quote($pid)." and active = 1"); while (list($version,$vid) = $rs2->fetchRow(DB_FETCHMODE_ORDERED)) { $version = addslashes($version); $js .= "new Array($vid,'$version'),"; @@ -477,7 +477,7 @@ // Component array $js .= "components['$pname'] = new Array("; $js .= (!isset($no_all) || !$no_all) ? "new Array('','All')," : ''; - $rs2 = $db->query("select component_name, component_id from ".TBL_COMPONENT." where project_id = $pid and active = 1"); + $rs2 = $db->query("select component_name, component_id from ".TBL_COMPONENT." where project_id = ".$db->quote($pid)." and active = 1"); while (list($comp,$cid) = $rs2->fetchRow(DB_FETCHMODE_ORDERED)) { $comp = addslashes($comp); $js .= "new Array($cid,'$comp'),"; @@ -644,7 +644,7 @@ function is_closed($status_id) { global $db; - if ($db->getOne('SELECT status_id FROM '.TBL_STATUS.' WHERE bug_open = 0 AND status_id = '.$status_id)) { + if ($db->getOne('SELECT status_id FROM '.TBL_STATUS.' WHERE bug_open = 0 AND status_id = '.$db->quote($status_id))) { return true; } else { return false; @@ -660,4 +660,38 @@ return $id; } +// Delete a bug and all associated records from the database +function delete_bug($bug_id) { + global $db; + + // Attachments + $attary = $db->getAll("select file_name, project_id". + " from ".TBL_ATTACHMENT." a, ".TBL_BUG." b". + " where a.bug_id = b.bug_id and b.bug_id = ".$db->quote($bug_id)); + foreach ($attary as $att) { + unlink(join('/', array(ATTACHMENT_PATH, + $att['project_id'], "$bug_id-{$att['file_name']}"))); + } + $db->query("delete from ".TBL_ATTACHMENT." where bug_id = ".$db->quote($bug_id)); + + // CCs + $db->query("delete from ".TBL_BUG_CC." where bug_id = ".$db->quote($bug_id)); + + // Comments + $db->query("delete from ".TBL_COMMENT." where bug_id = ".$db->quote($bug_id)); + + // Dependencies + $db->query("delete from ".TBL_BUG_DEPENDENCY. + " where bug_id = ".$db->quote($bug_id)." or depends_on = ".$db->quote($bug_id)); + + // Groups + $db->query("delete from ".TBL_GROUP." where bug_id = ".$db->quote($bug_id)); + + // Histories + $db->query("delete from ".TBL_BUG_HISTORY." where bug_id = ".$db->quote($bug_id)); + + // Votes + $db->query("delete from ".TBL_BUG_VOTE." where bug_id = ".$db->quote($bug_id)); +} + ?> |
