From: Reini U. <ru...@us...> - 2004-11-10 15:29:31
|
Update of /cvsroot/phpwiki/phpwiki/lib/WikiDB/backend In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv11695/WikiDB/backend Modified Files: ADODB.php PearDB.php PearDB_mysql.php PearDB_oci8.php PearDB_pgsql.php Log Message: * requires newer Pear_DB (as the internal one): quote() uses now escapeSimple for strings * ACCESS_LOG_SQL: fix cause request not yet initialized * WikiDB: moved SQL specific methods upwards * new Pear_DB quoting: same as ADODB and as newer Pear_DB. fixes all around: WikiGroup, WikiUserNew SQL methods, SQL logging Index: ADODB.php =================================================================== RCS file: /cvsroot/phpwiki/phpwiki/lib/WikiDB/backend/ADODB.php,v retrieving revision 1.48 retrieving revision 1.49 diff -u -2 -b -p -d -r1.48 -r1.49 --- ADODB.php 9 Nov 2004 17:11:16 -0000 1.48 +++ ADODB.php 10 Nov 2004 15:29:21 -0000 1.49 @@ -655,7 +655,8 @@ extends WikiDB_backend $where = " AND hits > 0"; } - if ($sortby != '-hits') - $orderby = " ORDER BY " . $this->sortby($sortby, 'db'); - else + if ($sortby != '-hits') { + if ($order = $this->sortby($sortby, 'db')) $orderby = " ORDER BY " . $order; + else $orderby = ""; + } else $orderby = " ORDER BY hits $order"; $limit = $limit ? $limit : -1; @@ -1179,4 +1180,11 @@ extends WikiDB_backend_ADODB_generic_ite // $Log$ +// Revision 1.49 2004/11/10 15:29:21 rurban +// * requires newer Pear_DB (as the internal one): quote() uses now escapeSimple for strings +// * ACCESS_LOG_SQL: fix cause request not yet initialized +// * WikiDB: moved SQL specific methods upwards +// * new Pear_DB quoting: same as ADODB and as newer Pear_DB. +// fixes all around: WikiGroup, WikiUserNew SQL methods, SQL logging +// // Revision 1.48 2004/11/09 17:11:16 rurban // * revert to the wikidb ref passing. there's no memory abuse there. Index: PearDB.php =================================================================== RCS file: /cvsroot/phpwiki/phpwiki/lib/WikiDB/backend/PearDB.php,v retrieving revision 1.65 retrieving revision 1.66 diff -u -2 -b -p -d -r1.65 -r1.66 --- PearDB.php 9 Nov 2004 17:11:17 -0000 1.65 +++ PearDB.php 10 Nov 2004 15:29:21 -0000 1.66 @@ -97,5 +97,5 @@ extends WikiDB_backend . " WHERE $nonempty_tbl.id=$page_tbl.id" . " AND pagename='%s'", - $dbh->quoteString($pagename))); + $dbh->escapeSimple($pagename))); } @@ -127,5 +127,5 @@ extends WikiDB_backend $result = $dbh->getRow(sprintf("SELECT %s FROM $page_tbl WHERE pagename='%s'", $this->page_tbl_fields.",pagedata", - $dbh->quoteString($pagename)), + $dbh->escapeSimple($pagename)), DB_FETCHMODE_ASSOC); if (!$result) @@ -156,5 +156,5 @@ extends WikiDB_backend // hit count, who cares? $dbh->query(sprintf("UPDATE $page_tbl SET hits=%d WHERE pagename='%s'", - $newdata['hits'], $dbh->quoteString($pagename))); + $newdata['hits'], $dbh->escapeSimple($pagename))); return; } @@ -181,11 +181,11 @@ extends WikiDB_backend /* Portability issue -- not all DBMS supports huge strings * so we need to 'bind' instead of building a SQL statment. - * Note that we do not need to quoteString when we bind + * Note that we do not need to escapeSimple when we bind $dbh->query(sprintf("UPDATE $page_tbl" . " SET hits=%d, pagedata='%s'" . " WHERE pagename='%s'", $hits, - $dbh->quoteString($this->_serialize($data)), - $dbh->quoteString($pagename))); + $dbh->escapeSimple($this->_serialize($data)), + $dbh->escapeSimple($pagename))); */ $sth = $dbh->query("UPDATE $page_tbl" @@ -201,5 +201,5 @@ extends WikiDB_backend global $request; $cache =& $request->_dbi->_cache->_id_cache; - if ($cache[$pagename]) return $cache[$pagename]; + if (isset($cache[$pagename])) return $cache[$pagename]; $dbh = &$this->_dbh; @@ -207,5 +207,5 @@ extends WikiDB_backend $query = sprintf("SELECT id FROM $page_tbl WHERE pagename='%s'", - $dbh->quoteString($pagename)); + $dbh->escapeSimple($pagename)); if (!$create_if_missing) @@ -220,5 +220,5 @@ extends WikiDB_backend . " (id,pagename,hits)" . " VALUES (%d,'%s',0)", - $id, $dbh->quoteString($pagename))); + $id, $dbh->escapeSimple($pagename))); $this->unlock(array($page_tbl)); } @@ -234,5 +234,5 @@ extends WikiDB_backend . " WHERE $page_tbl.id=$recent_tbl.id" . " AND pagename='%s'", - $dbh->quoteString($pagename))); + $dbh->escapeSimple($pagename))); } @@ -251,5 +251,5 @@ extends WikiDB_backend . " LIMIT 1", */ - $dbh->quoteString($pagename), + $dbh->escapeSimple($pagename), $version)); } @@ -287,5 +287,5 @@ extends WikiDB_backend . " AND pagename='%s'" . " AND version=%d", - $dbh->quoteString($pagename), $version), + $dbh->escapeSimple($pagename), $version), DB_FETCHMODE_ASSOC); @@ -353,6 +353,6 @@ extends WikiDB_backend . " VALUES(%d,%d,%d,%d,'%s','%s')", $id, $version, $mtime, $minor_edit, - $dbh->quoteString($content), - $dbh->quoteString($this->_serialize($data)))); + $dbh->quoteSmart($content), + $dbh->quoteSmart($this->_serialize($data)))); */ // generic slow PearDB bind eh quoting. @@ -461,5 +461,5 @@ extends WikiDB_backend list($have,$want) = array('linker', 'linkee'); - $qpagename = $dbh->quoteString($pagename); + $qpagename = $dbh->escapeSimple($pagename); $result = $dbh->query("SELECT $want.id as id, $want.pagename as pagename, $want.hits as hits" // Looks like 'AS' in column alias is a MySQL thing, Oracle does not like it @@ -564,5 +564,5 @@ extends WikiDB_backend function _sql_match_clause($word) { $word = preg_replace('/(?=[%_\\\\])/', "\\", $word); - $word = $this->_dbh->quoteString($word); + $word = $this->_dbh->escapeSimple($word); //$page_tbl = $this->_table_names['page_tbl']; //Note: Mysql 4.1.0 has a bug which fails with binary fields. @@ -574,5 +574,5 @@ extends WikiDB_backend function _fullsearch_sql_match_clause($word) { $word = preg_replace('/(?=[%_\\\\])/', "\\", $word); - $word = $this->_dbh->quoteString($word); + $word = $this->_dbh->escapeSimple($word); //$page_tbl = $this->_table_names['page_tbl']; //Mysql 4.1.1 has a bug which fails here if word is lowercased. @@ -709,9 +709,8 @@ extends WikiDB_backend //this page does not exist (already verified before), but exists in the page table. //so we delete this page. - $dbh->query(sprintf("DELETE FROM $page_tbl WHERE id=$id", - $dbh->quoteString($to))); + $dbh->query("DELETE FROM $page_tbl WHERE id=$id"); } $dbh->query(sprintf("UPDATE $page_tbl SET pagename='%s' WHERE id=$id", - $dbh->quoteString($to))); + $dbh->escapeSimple($to))); } $this->unlock(); @@ -960,5 +959,5 @@ class WikiDB_backend_PearDB_generic_iter extends WikiDB_backend_iterator { - function WikiDB_backend_PearDB_generic_iter($backend, $query_result) { + function WikiDB_backend_PearDB_generic_iter($backend, $query_result, $field_list = NULL) { if (DB::isError($query_result)) { // This shouldn't happen, I thought. @@ -1027,4 +1026,11 @@ extends WikiDB_backend_PearDB_generic_it // $Log$ +// Revision 1.66 2004/11/10 15:29:21 rurban +// * requires newer Pear_DB (as the internal one): quote() uses now escapeSimple for strings +// * ACCESS_LOG_SQL: fix cause request not yet initialized +// * WikiDB: moved SQL specific methods upwards +// * new Pear_DB quoting: same as ADODB and as newer Pear_DB. +// fixes all around: WikiGroup, WikiUserNew SQL methods, SQL logging +// // Revision 1.65 2004/11/09 17:11:17 rurban // * revert to the wikidb ref passing. there's no memory abuse there. Index: PearDB_mysql.php =================================================================== RCS file: /cvsroot/phpwiki/phpwiki/lib/WikiDB/backend/PearDB_mysql.php,v retrieving revision 1.9 retrieving revision 1.10 diff -u -2 -b -p -d -r1.9 -r1.10 --- PearDB_mysql.php 9 Nov 2004 17:11:17 -0000 1.9 +++ PearDB_mysql.php 10 Nov 2004 15:29:21 -0000 1.10 @@ -71,6 +71,6 @@ extends WikiDB_backend_PearDB . " VALUES(%d,%d,%d,%d,'%s','%s')", $id, $version, $mtime, $minor_edit, - $dbh->quoteString($content), - $dbh->quoteString($this->_serialize($data)) + $dbh->escapeSimple($content), + $dbh->escapeSimple($this->_serialize($data)) )); // real binding (prepare,execute) only since mysqli + PHP5 Index: PearDB_oci8.php =================================================================== RCS file: /cvsroot/phpwiki/phpwiki/lib/WikiDB/backend/PearDB_oci8.php,v retrieving revision 1.2 retrieving revision 1.3 diff -u -2 -b -p -d -r1.2 -r1.3 --- PearDB_oci8.php 8 Jul 2004 15:35:17 -0000 1.2 +++ PearDB_oci8.php 10 Nov 2004 15:29:21 -0000 1.3 @@ -79,5 +79,5 @@ extends WikiDB_backend_PearDB function _sql_match_clause($word) { $word = preg_replace('/(?=[%_\\\\])/', "\\", $word); - $word = $this->_dbh->quoteString($word); + $word = $this->_dbh->escapeSimple($word); return "LOWER(pagename) LIKE '%$word%'"; } @@ -89,5 +89,5 @@ extends WikiDB_backend_PearDB function _fullsearch_sql_match_clause($word) { $word = preg_replace('/(?=[%_\\\\])/', "\\", $word); - $word = $this->_dbh->quoteString($word); + $word = $this->_dbh->escapeSimple($word); return "LOWER(pagename) LIKE '%$word%' " . "OR DBMS_LOB.INSTR(content, '$word') > 0"; Index: PearDB_pgsql.php =================================================================== RCS file: /cvsroot/phpwiki/phpwiki/lib/WikiDB/backend/PearDB_pgsql.php,v retrieving revision 1.10 retrieving revision 1.11 diff -u -2 -b -p -d -r1.10 -r1.11 --- PearDB_pgsql.php 8 Jul 2004 15:35:17 -0000 1.10 +++ PearDB_pgsql.php 10 Nov 2004 15:29:21 -0000 1.11 @@ -72,5 +72,5 @@ extends WikiDB_backend_PearDB function _sql_match_clause($word) { $word = preg_replace('/(?=[%_\\\\])/', "\\", $word); - $word = $this->_dbh->quoteString($word); + $word = $this->_dbh->escapeSimple($word); return "pagename ILIKE '%$word%'"; } @@ -79,5 +79,5 @@ extends WikiDB_backend_PearDB function _fullsearch_sql_match_clause($word) { $word = preg_replace('/(?=[%_\\\\])/', "\\", $word); - $word = $this->_dbh->quoteString($word); + $word = $this->_dbh->escapeSimple($word); return "pagename ILIKE '%$word%' OR content ILIKE '%$word%'"; } |