- changed code to use new method of passing values to datalogUpdate and datalogInsert

Author: Marius Cramer

interface/lib/classes/aps_crawler.inc.php

@@ -357,7 +357,7 @@ public function startCrawler()
 										if(file_exists($old_folder)) $this->removeDirectory($old_folder);
 
 										$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = ? AND CONCAT(version, '-', CAST(`release` AS CHAR)) = ?", $app_name, $ex_ver);
-										$app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_OUTDATED, 'id', $tmp['id']);
+										$app->db->datalogUpdate('aps_packages', array("package_status" => PACKAGE_OUTDATED), 'id', $tmp['id']);
 										unset($tmp);
 									}
 
@@ -537,7 +537,7 @@ public function parseFolderToDB()
 			$diff = array_diff($existing_packages, $pkg_list);
 			foreach($diff as $todelete) {
 				$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = ?", $todelete);
-				$app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_ERROR_NOMETA, 'id', $tmp['id']);
+				$app->db->datalogUpdate('aps_packages', array("package_status" => PACKAGE_ERROR_NOMETA), 'id', $tmp['id']);
 				unset($tmp);
 			}
 
@@ -569,11 +569,15 @@ public function parseFolderToDB()
 
 				// Insert only if data is complete
 				if($pkg != '' && $pkg_name != '' && $pkg_category != '' && $pkg_version != '' && $pkg_release != '' && $pkg_url){
-					$insert_data = "(`path`, `name`, `category`, `version`, `release`, `package_url`, `package_status`) VALUES
-                    ('".$app->db->quote($pkg)."', '".$app->db->quote($pkg_name)."',
-                    '".$app->db->quote($pkg_category)."', '".$app->db->quote($pkg_version)."',
-                    ".$app->db->quote($pkg_release).", '".$app->db->quote($pkg_url)."', ".PACKAGE_ENABLED.");";
-
+					$insert_data = array(
+						"path" => $pkg,
+						"name" => $pkg_name,
+						"category" => $pkg_category,
+						"version" => $pkg_version,
+						"release" => $pkg_release,
+						"package_url" => $pkg_url,
+						"package_status" => PACKAGE_ENABLED
+					);
 					$app->db->datalogInsert('aps_packages', $insert_data, 'id');
 				} else {
 					if(file_exists($this->interface_pkg_dir.'/'.$pkg)) $this->removeDirectory($this->interface_pkg_dir.'/'.$pkg);

interface/lib/classes/aps_guicontroller.inc.php

@@ -356,12 +356,12 @@ public function createPackageInstance($settings, $packageid)
 		//* Set PHP mode to php-fcgi and enable suexec in website on apache servers / set PHP mode to PHP-FPM on nginx servers
 		if($web_config['server_type'] == 'apache') {
 			if(($websrv['php'] != 'fast-cgi' || $websrv['suexec'] != 'y') && $websrv['php'] != 'php-fpm') {
-				$app->db->datalogUpdate('web_domain', "php = 'fast-cgi', suexec = 'y'", 'domain_id', $websrv['domain_id']);
+				$app->db->datalogUpdate('web_domain', array("php" => 'fast-cgi', "suexec" => 'y'), 'domain_id', $websrv['domain_id']);
 			}
 		} else {
 			// nginx
 			if($websrv['php'] != 'php-fpm' && $websrv['php'] != 'fast-cgi') {
-				$app->db->datalogUpdate('web_domain', "php = 'php-fpm'", 'domain_id', $websrv['domain_id']);
+				$app->db->datalogUpdate('web_domain', array("php" => 'php-fpm'), 'domain_id', $websrv['domain_id']);
 			}
 		}
 
@@ -378,19 +378,34 @@ public function createPackageInstance($settings, $packageid)
 		}
 
 		//* Insert new package instance
-		$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `customer_id`, `package_id`, `instance_status`) VALUES (".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->db->quote($websrv['sys_perm_group'])."', '', ".$app->db->quote($webserver_id).",".$app->db->quote($customerid).", ".$app->db->quote($packageid).", ".INSTANCE_PENDING.")";
+		$insert_data = array(
+			"sys_userid" => $websrv['sys_userid'],
+			"sys_groupid" => $websrv['sys_groupid'],
+			"sys_perm_user" => 'riud',
+			"sys_perm_group" => $websrv['sys_perm_group'],
+			"sys_perm_other" => '',
+			"server_id" => $webserver_id,
+			"customer_id" => $customerid,
+			"package_id" => $packageid,
+			"instance_status" => INSTANCE_PENDING
+		);
 		$InstanceID = $app->db->datalogInsert('aps_instances', $insert_data, 'id');
 
 		//* Insert all package settings
 		if(is_array($settings)) {
 			foreach($settings as $key => $value) {
-				$insert_data = "(server_id, instance_id, name, value) VALUES (".$app->db->quote($webserver_id).",".$app->db->quote($InstanceID).", '".$app->db->quote($key)."', '".$app->db->quote($value)."')";
+				$insert_data = array(
+					"server_id" => $webserver_id,
+					"instance_id" => $InstanceID,
+					"name" => $key,
+					"value" => $value
+				);
 				$app->db->datalogInsert('aps_instances_settings', $insert_data, 'id');
 			}
 		}
 
 		//* Set package status to install afetr we inserted the settings
-		$app->db->datalogUpdate('aps_instances', "instance_status = ".INSTANCE_INSTALL, 'id', $InstanceID);
+		$app->db->datalogUpdate('aps_instances', array("instance_status" => INSTANCE_INSTALL), 'id', $InstanceID);
 	}
 
 	/**
@@ -413,7 +428,7 @@ public function deleteInstance($instanceid, $keepdatabase = false)
 			if($tmp['cnt'] < 1) $app->db->datalogDelete('web_database_user', 'database_user_id', $database_user);
 		}
 
-		$app->db->datalogUpdate('aps_instances', "instance_status = ".INSTANCE_REMOVE, 'id', $instanceid);
+		$app->db->datalogUpdate('aps_instances', array("instance_status" => INSTANCE_REMOVE), 'id', $instanceid);
 
 	}
 

interface/lib/classes/db_mysql.inc.php

@@ -137,13 +137,17 @@ public function _build_query_string($sQuery = '') {
 				} else {
 					if(is_int($sValue) || is_float($sValue)) {
 						$sTxt = $sValue;
-					} elseif(is_string($sValue) && (strcmp($sValue, '#NULL#') == 0)) {
+					} elseif(is_null($sValue) || (is_string($sValue) && (strcmp($sValue, '#NULL#') == 0))) {
 						$sTxt = 'NULL';
 					} elseif(is_array($sValue)) {
-						$sTxt = '';
-						foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
-						$sTxt = '(' . substr($sTxt, 1) . ')';
-						if($sTxt == '()') $sTxt = '(0)';
+						if(isset($sValue['SQL'])) {
+							$sTxt = $sValue['SQL'];
+						} else {
+							$sTxt = '';
+							foreach($sValue as $sVal) $sTxt .= ',\'' . $this->escape($sVal) . '\'';
+							$sTxt = '(' . substr($sTxt, 1) . ')';
+							if($sTxt == '()') $sTxt = '(0)';
+						}
 					} else {
 						$sTxt = '\'' . $this->escape($sValue) . '\'';
 					}
@@ -578,7 +582,6 @@ public function datalogSave($db_table, $action, $primary_field, $primary_id, $re
 		if(!preg_match('/^[a-zA-Z0-9\-\_\.]{1,64}$/',$db_table)) $app->error('Invalid table name '.$db_table);
 		if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$primary_field)) $app->error('Invalid primary field '.$primary_field.' in table '.$db_table);
 
-		$primary_field = $this->quote($primary_field);
 		$primary_id = intval($primary_id);
 
 		if($force_update == true) {
@@ -643,6 +646,7 @@ public function datalogInsert($tablename, $insert_data, $index_field) {
 			/* TODO: deprecate this method! */
 			$insert_data_str = $insert_data;
 			$this->query("INSERT INTO ?? $insert_data_str", $tablename);
+			$app->log("deprecated use of passing values to datalogInsert() - table " . $tablename, 1);
 		}
 
 		$old_rec = array();
@@ -679,6 +683,7 @@ public function datalogUpdate($tablename, $update_data, $index_field, $index_val
 			/* TODO: deprecate this method! */
 			$update_data_str = $update_data;
 			$this->query("UPDATE ?? SET $update_data_str WHERE ?? = ?", $tablename, $index_field, $index_value);
+			$app->log("deprecated use of passing values to datalogUpdate() - table " . $tablename, 1);
 		}
 
 		$new_rec = $this->queryOneRecord("SELECT * FROM ?? WHERE ?? = ?", $tablename, $index_field, $index_value);

interface/lib/classes/remote.d/dns.inc.php

@@ -95,11 +95,11 @@ public function dns_templatezone_add($session_id, $client_id, $template_id, $dom
 					if($section == 'dns_records') {
 						$parts = explode('|', $row);
 						$dns_rr[] = array(
-							'name' => $app->db->quote($parts[1]),
-							'type' => $app->db->quote($parts[0]),
-							'data' => $app->db->quote($parts[2]),
-							'aux'  => $app->db->quote($parts[3]),
-							'ttl'  => $app->db->quote($parts[4])
+							'name' => $parts[1],
+							'type' => $parts[0],
+							'data' => $parts[2],
+							'aux'  => $parts[3],
+							'ttl'  => $parts[4]
 						);
 					}
 				}
@@ -121,26 +121,58 @@ public function dns_templatezone_add($session_id, $client_id, $template_id, $dom
 			$sys_userid = $tmp['userid'];
 			$sys_groupid = $tmp['default_group'];
 			unset($tmp);
-			$origin = $app->db->quote($vars['origin']);
-			$ns = $app->db->quote($vars['ns']);
-			$mbox = $app->db->quote(str_replace('@', '.', $vars['mbox']));
-			$refresh = $app->db->quote($vars['refresh']);
-			$retry = $app->db->quote($vars['retry']);
-			$expire = $app->db->quote($vars['expire']);
-			$minimum = $app->db->quote($vars['minimum']);
-			$ttl = $app->db->quote($vars['ttl']);
-			$xfer = $app->db->quote($vars['xfer']);
-			$also_notify = $app->db->quote($vars['also_notify']);
-			$update_acl = $app->db->quote($vars['update_acl']);
+			$origin = $vars['origin'];
+			$ns = $vars['ns'];
+			$mbox = str_replace('@', '.', $vars['mbox']);
+			$refresh = $vars['refresh'];
+			$retry = $vars['retry'];
+			$expire = $vars['expire'];
+			$minimum = $vars['minimum'];
+			$ttl = $vars['ttl'];
+			$xfer = $vars['xfer'];
+			$also_notify = $vars['also_notify'];
+			$update_acl = $vars['update_acl'];
 			$serial = $app->validate_dns->increase_serial(0);
-			$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `origin`, `ns`, `mbox`, `serial`, `refresh`, `retry`, `expire`, `minimum`, `ttl`, `active`, `xfer`, `also_notify`, `update_acl`) VALUES
-			('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$origin', '$ns', '$mbox', '$serial', '$refresh', '$retry', '$expire', '$minimum', '$ttl', 'Y', '$xfer', '$also_notify', '$update_acl')";
+			$insert_data = array(
+				"sys_userid" => $sys_userid,
+				"sys_groupid" => $sys_groupid,
+				"sys_perm_user" => 'riud',
+				"sys_perm_group" => 'riud',
+				"sys_perm_other" => '',
+				"server_id" => $server_id,
+				"origin" => $origin,
+				"ns" => $ns,
+				"mbox" => $mbox,
+				"serial" => $serial,
+				"refresh" => $refresh,
+				"retry" => $retry,
+				"expire" => $expire,
+				"minimum" => $minimum,
+				"ttl" => $ttl,
+				"active" => 'Y',
+				"xfer" => $xfer,
+				"also_notify" => $also_notify,
+				"update_acl" => $update_acl
+			);
 			$dns_soa_id = $app->db->datalogInsert('dns_soa', $insert_data, 'id');
 			// Insert the dns_rr records
 			if(is_array($dns_rr) && $dns_soa_id > 0) {
 				foreach($dns_rr as $rr) {
-					$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `zone`, `name`, `type`, `data`, `aux`, `ttl`, `active`) VALUES
-					('$sys_userid', '$sys_groupid', 'riud', 'riud', '', '$server_id', '$dns_soa_id', '$rr[name]', '$rr[type]', '$rr[data]', '$rr[aux]', '$rr[ttl]', 'Y')";
+					$insert_data = array(
+						"sys_userid" => $sys_userid,
+						"sys_groupid" => $sys_groupid,
+						"sys_perm_user" => 'riud',
+						"sys_perm_group" => 'riud',
+						"sys_perm_other" => '',
+						"server_id" => $server_id,
+						"zone" => $dns_soa_id,
+						"name" => $rr['name'],
+						"type" => $rr['type'],
+						"data" => $rr['data'],
+						"aux" => $rr['aux'],
+						"ttl" => $rr['ttl'],
+						"active" => 'Y'
+					);
 					$dns_rr_id = $app->db->datalogInsert('dns_rr', $insert_data, 'id');
 				}
 			}

interface/lib/classes/remote.d/sites.inc.php

@@ -266,12 +266,12 @@ public function sites_database_user_delete($session_id, $primary_id)
 
 		$records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_user_id = ?", $primary_id);
 		foreach($records as $rec) {
-			$app->db->datalogUpdate('web_database', 'database_user_id=NULL', 'database_id', $rec['database_id']);
+			$app->db->datalogUpdate('web_database', array('database_user_id' => null), 'database_id', $rec['database_id']);
 
 		}
 		$records = $app->db->queryAllRecords("SELECT database_id FROM web_database WHERE database_ro_user_id = ?", $primary_id);
 		foreach($records as $rec) {
-			$app->db->datalogUpdate('web_database', 'database_ro_user_id=NULL', 'database_id', $rec['database_id']);
+			$app->db->datalogUpdate('web_database', array('database_ro_user_id' => null), 'database_id', $rec['database_id']);
 		}
 
 		return $affected_rows;

interface/lib/classes/remoting_lib.inc.php

@@ -238,22 +238,23 @@ function getDataRecord($primary_id) {
 			$sql_offset = 0;
 			$sql_limit = 0;
 			$sql_where = '';
+			$params = array($this->formDef['db_table']);
 			foreach($primary_id as $key => $val) {
-				$key = $app->db->quote($key);
-				$val = $app->db->quote($val);
 				if($key == '#OFFSET#') $sql_offset = $app->functions->intval($val);
 				elseif($key == '#LIMIT#') $sql_limit = $app->functions->intval($val);
 				elseif(stristr($val, '%')) {
-					$sql_where .= "$key like '$val' AND ";
+					$sql_where .= "? like ? AND ";
 				} else {
-					$sql_where .= "$key = '$val' AND ";
+					$sql_where .= "? = ? AND ";
 				}
+				$params[] = $key;
+				$params[] = $val;
 			}
 			$sql_where = substr($sql_where, 0, -5);
 			if($sql_where == '') $sql_where = '1';
 			$sql = "SELECT * FROM ?? WHERE ".$sql_where. " AND " . $this->getAuthSQL('r', $this->formDef['db_table']);
 			if($sql_offset >= 0 && $sql_limit > 0) $sql .= ' LIMIT ' . $sql_offset . ',' . $sql_limit;
-			return $app->db->queryAllRecords($sql, $this->formDef['db_table']);
+			return $app->db->queryAllRecords($sql, true, $params);
 		} else {
 			$this->errorMessage = 'The ID must be either an integer or an array.';
 			return array();

interface/lib/classes/tform_base.inc.php

@@ -1108,6 +1108,7 @@ function validateField($field_name, $field_value, $validators) {
 	 * @param primary_id
 	 * @return record
 	 */
+	 /* TODO: check for double quoting */
 	protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $sql_ext_where = '', $api = false) {
 
 		global $app;

interface/lib/plugins/mail_mail_domain_plugin.inc.php

@@ -73,36 +73,35 @@ function mail_mail_domain_edit($event_name, $page_form) {
 					$mail_parts = explode("@", $rec['email']);
 					$maildir = str_replace("[domain]", $page_form->dataRecord['domain'], $mail_config["maildir_path"]);
 					$maildir = str_replace("[localpart]", $mail_parts[0], $maildir);
-					$maildir = $app->db->quote($maildir);
-					$email = $app->db->quote($mail_parts[0].'@'.$page_form->dataRecord['domain']);
-					$app->db->datalogUpdate('mail_user', "maildir = '$maildir', email = '$email', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailuser_id', $rec['mailuser_id']);
+					$email = $mail_parts[0].'@'.$page_form->dataRecord['domain'];
+					$app->db->datalogUpdate('mail_user', array("maildir" => $maildir, "email" => $email, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailuser_id', $rec['mailuser_id']);
 				}
 			}
 
 			//* Update the aliases
 			$forwardings = $app->db->queryAllRecords("SELECT * FROM mail_forwarding WHERE source LIKE ? OR destination LIKE ?", "%@" . $page_form->oldDataRecord['domain'], "%@" . $page_form->oldDataRecord['domain']);
 			if(is_array($forwardings)) {
 				foreach($forwardings as $rec) {
-					$destination = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']));
-					$source = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['source']));
-					$app->db->datalogUpdate('mail_forwarding', "source = '$source', destination = '$destination', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'forwarding_id', $rec['forwarding_id']);
+					$destination = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']);
+					$source = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['source']);
+					$app->db->datalogUpdate('mail_forwarding', array("source" => $source, "destination" => $destination, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'forwarding_id', $rec['forwarding_id']);
 				}
 			}
 
 			//* Update the mailinglist
 			$mailing_lists = $app->db->queryAllRecords("SELECT mailinglist_id FROM mail_mailinglist WHERE domain = ?", $page_form->oldDataRecord['domain']);
 			if(is_array($mailing_lists)) {
 				foreach($mailing_lists as $rec) {
-					$app->db->datalogUpdate('mail_mailinglist', "sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailinglist_id', $rec['mailinglist_id']);
+					$app->db->datalogUpdate('mail_mailinglist', array("sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailinglist_id', $rec['mailinglist_id']);
 				}
 			}
 
 			//* Update the mailget records
 			$mail_gets = $app->db->queryAllRecords("SELECT mailget_id, destination FROM mail_get WHERE destination LIKE ?", "%@" . $page_form->oldDataRecord['domain']);
 			if(is_array($mail_gets)) {
 				foreach($mail_gets as $rec) {
-					$destination = $app->db->quote(str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']));
-					$app->db->datalogUpdate('mail_get', "destination = '$destination', sys_userid = $client_user_id, sys_groupid = '$sys_groupid'", 'mailget_id', $rec['mailget_id']);
+					$destination = str_replace($page_form->oldDataRecord['domain'], $page_form->dataRecord['domain'], $rec['destination']);
+					$app->db->datalogUpdate('mail_get', array("destination" => $destination, "sys_userid" => $client_user_id, "sys_groupid" => $sys_groupid), 'mailget_id', $rec['mailget_id']);
 				}
 			}