Skip to content

Commit cc7a827

Browse files
author
Marius Cramer
committed
- rewrite of sql queries to new form
1 parent 3f916cc commit cc7a827

210 files changed

Lines changed: 1222 additions & 3337 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

helper_scripts/recreate_webalizer_stats.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,8 @@
55
//######################################################################################################
66

77

8-
$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ".$conf["server_id"];
9-
$records = $app->db->queryAllRecords($sql);
8+
$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ?";
9+
$records = $app->db->queryAllRecords($sql, $conf["server_id"]);
1010
foreach($records as $rec) {
1111
$domain = escapeshellcmd($rec["domain"]);
1212
$logdir = escapeshellcmd($rec["document_root"].'/log');

install/apps/metronome_libs/mod_auth_external/db_auth.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717

1818
// check for existing user
1919
$dbmail = $db->real_escape_string($arg_email);
20-
$result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
20+
$result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
2121
result_false($result->num_rows != 1);
2222

2323
$user = $result->fetch_object();

install/apps/metronome_libs/mod_auth_external/db_isuser.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@
1515

1616
// check for existing user
1717
$dbmail = $db->real_escape_string($arg_email);
18-
$result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
18+
$result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
1919
result_false($result->num_rows != 1);
2020
result_true();
2121

install/dist/lib/gentoo.lib.php

Lines changed: 4 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -229,7 +229,7 @@ public function configure_dovecot()
229229

230230
// check if virtual_transport must be changed
231231
if ($this->is_update) {
232-
$tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
232+
$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"].".server", $conf['server_id']);
233233
$ini_array = ini_to_array(stripslashes($tmp['config']));
234234
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
235235

@@ -421,13 +421,13 @@ public function configure_powerdns()
421421
global $conf;
422422

423423
//* Create the database
424-
if(!$this->db->query('CREATE DATABASE IF NOT EXISTS '.$conf['powerdns']['database'].' DEFAULT CHARACTER SET '.$conf['mysql']['charset'])) {
424+
if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['powerdns']['database'], $conf['mysql']['charset'])) {
425425
$this->error('Unable to create MySQL database: '.$conf['powerdns']['database'].'.');
426426
}
427427

428428
//* Create the ISPConfig database user in the local database
429-
$query = 'GRANT ALL ON `'.$conf['powerdns']['database'].'` . * TO \''.$conf['mysql']['ispconfig_user'].'\'@\'localhost\';';
430-
if(!$this->db->query($query)) {
429+
$query = 'GRANT ALL ON ??.* TO ?@?';
430+
if(!$this->db->query($query, $conf['powerdns']['database'], $conf['mysql']['ispconfig_user'], 'localhost')) {
431431
$this->error('Unable to create user for powerdns database Error: '.$this->db->errorMessage);
432432
}
433433

@@ -537,21 +537,6 @@ public function configure_apache()
537537

538538

539539
//* Copy the ISPConfig configuration include
540-
/*
541-
$content = $this->get_template_file('apache_ispconfig.conf', true);
542-
543-
$records = $this->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ".$conf["server_id"]." AND virtualhost = 'y'");
544-
if(is_array($records) && count($records) > 0)
545-
{
546-
foreach($records as $rec) {
547-
$content .= "NameVirtualHost ".$rec["ip_address"].":80\n";
548-
$content .= "NameVirtualHost ".$rec["ip_address"].":443\n";
549-
}
550-
}
551-
552-
$this->write_config_file($conf['apache']['vhost_conf_dir'].'/000-ispconfig.conf', $content);
553-
*/
554-
555540
$tpl = new tpl('apache_ispconfig.conf.master');
556541
$tpl->setVar('apache_version',getapacheversion());
557542

install/uninstall.php

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -60,14 +60,6 @@
6060

6161
echo "\n\n>> Uninstalling ISPConfig 3... \n\n";
6262

63-
// Delete the ISPConfig database
64-
// $app->db->query("DROP DATABASE '".$conf["db_database"]."'");
65-
// $app->db->query("DELETE FROM mysql.user WHERE User = 'ispconfig'");
66-
67-
// exec("/etc/init.d/mysql stop");
68-
// exec("rm -rf /var/lib/mysql/".$conf["db_database"]);
69-
// exec("/etc/init.d/mysql start");
70-
7163
$link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
7264
if (!$link) {
7365
echo "Unable to connect to the database'.mysql_error($link)";

interface/lib/app.inc.php

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -155,15 +155,15 @@ public function load($files) {
155155

156156
public function conf($plugin, $key, $value = null) {
157157
if(is_null($value)) {
158-
$tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");
158+
$tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
159159
if($tmpconf) return $tmpconf['value'];
160160
else return null;
161161
} else {
162162
if($value === false) {
163-
$this->db->query("DELETE FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");
163+
$this->db->query("DELETE FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
164164
return null;
165165
} else {
166-
$this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES ('" . $this->db->quote($plugin) . "', '" . $this->db->quote($key) . "', '" . $this->db->quote($value) . "')");
166+
$this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES (?, ?, ?)", $plugin, $key, $value);
167167
return $value;
168168
}
169169
}
@@ -179,8 +179,8 @@ public function log($msg, $priority = 0) {
179179
$server_id = 0;
180180
$priority = $this->functions->intval($priority);
181181
$tstamp = time();
182-
$msg = $this->db->quote('[INTERFACE]: '.$msg);
183-
$this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ($server_id,0,$priority,$tstamp,'$msg')");
182+
$msg = '[INTERFACE]: '.$msg;
183+
$this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg);
184184
/*
185185
if (is_writable($this->_conf['log_file'])) {
186186
if (!$fp = fopen ($this->_conf['log_file'], 'a')) {

interface/lib/classes/aps_crawler.inc.php

Lines changed: 4 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -356,14 +356,7 @@ public function startCrawler()
356356
$old_folder = $this->interface_pkg_dir.'/'.$app_name.'-'.$ex_ver.'.app.zip';
357357
if(file_exists($old_folder)) $this->removeDirectory($old_folder);
358358

359-
/*
360-
$app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_OUTDATED."' WHERE name = '".
361-
$app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '".
362-
$app->db->quote($ex_ver)."';");
363-
*/
364-
$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = '".
365-
$app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '".
366-
$app->db->quote($ex_ver)."';");
359+
$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = ? AND CONCAT(version, '-', CAST(`release` AS CHAR)) = ?", $app_name, $ex_ver);
367360
$app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_OUTDATED, 'id', $tmp['id']);
368361
unset($tmp);
369362
}
@@ -539,13 +532,11 @@ public function parseFolderToDB()
539532

540533
// Get registered packages and mark non-existant packages with an error code to omit the install
541534
$existing_packages = array();
542-
$path_query = $app->db->queryAllRecords('SELECT path AS Path FROM aps_packages;');
535+
$path_query = $app->db->queryAllRecords('SELECT path AS Path FROM aps_packages');
543536
foreach($path_query as $path) $existing_packages[] = $path['Path'];
544537
$diff = array_diff($existing_packages, $pkg_list);
545538
foreach($diff as $todelete) {
546-
/*$app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_ERROR_NOMETA."'
547-
WHERE path = '".$app->db->quote($todelete)."';");*/
548-
$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = '".$app->db->quote($todelete)."';");
539+
$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = ?", $todelete);
549540
$app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_ERROR_NOMETA, 'id', $tmp['id']);
550541
unset($tmp);
551542
}
@@ -576,13 +567,6 @@ public function parseFolderToDB()
576567
//$pkg_url = $this->app_download_url_list[$pkg];
577568
$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$pkg.'/PKG_URL');
578569

579-
/*
580-
$app->db->query("INSERT INTO `aps_packages`
581-
(`path`, `name`, `category`, `version`, `release`, `package_status`) VALUES
582-
('".$app->db->quote($pkg)."', '".$app->db->quote($pkg_name)."',
583-
'".$app->db->quote($pkg_category)."', '".$app->db->quote($pkg_version)."',
584-
".$app->db->quote($pkg_release).", ".PACKAGE_ENABLED.");");
585-
*/
586570
// Insert only if data is complete
587571
if($pkg != '' && $pkg_name != '' && $pkg_category != '' && $pkg_version != '' && $pkg_release != '' && $pkg_url){
588572
$insert_data = "(`path`, `name`, `category`, `version`, `release`, `package_url`, `package_status`) VALUES
@@ -619,7 +603,7 @@ public function fixURLs()
619603
// This method must be used in interface mode
620604
if(!$this->interface_mode) return false;
621605

622-
$incomplete_pkgs = $app->db->queryAllRecords("SELECT * FROM aps_packages WHERE package_url = ''");
606+
$incomplete_pkgs = $app->db->queryAllRecords("SELECT * FROM aps_packages WHERE package_url = ?", '');
623607
if(is_array($incomplete_pkgs) && !empty($incomplete_pkgs)){
624608
foreach($incomplete_pkgs as $incomplete_pkg){
625609
$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$incomplete_pkg['path'].'/PKG_URL');

0 commit comments

Comments
 (0)