extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2025-02-04 04:19:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

reworked the vfs_sql class to use the new db-functions, all quoting for the db is now done by them.This fixes some MaxDB problem, which should be a problem at least for postgres as well.

Browse Source
This commit is contained in:
Ralf Becker 2004-09-20 10:50:46 +00:00
parent 8816a6f15d
commit e08004b4bc
2 changed files with 245 additions and 372 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
phpgwapi/inc/class.vfs_shared.inc.php
View File

@ -526,12 +526,6 @@
* sanitize - Remove any possible security problems from a location * sanitize - Remove any possible security problems from a location
* string (i.e. remove leading '..') * string (i.e. remove leading '..')
* *
* clean_string - Clean location string. This function is used if
* any special characters need to be escaped or removed
* before accessing a database, network protocol, etc.
* The default is to escape characters before doing an SQL
* query.
*
* getabsolutepath - Translate a location string depending on the * getabsolutepath - Translate a location string depending on the
* relativity. This is the only function that is * relativity. This is the only function that is
* directly concerned with relativity. * directly concerned with relativity.
@ -619,28 +613,6 @@
return (ereg_replace ("^\.+", '', $p->fake_name)); return (ereg_replace ("^\.+", '', $p->fake_name));
} }
/*!
* @function clean_string
* @abstract Clean location string. This function is used if
* any special characters need to be escaped or removed
* before accessing a database, network protocol, etc.
* The default is to escape characters before doing an SQL
* query.
* @required string Location string to clean
* @result String. Cleaned version of 'string'.
*/
function clean_string ($data)
{
if (!is_array ($data))
{
$data = array ();
}
$string = $GLOBALS['phpgw']->db->db_addslashes ($data['string']);
return $string;
}
/*! /*!
* @function getabsolutepath * @function getabsolutepath
* @abstract Translate a location string depending on the * @abstract Translate a location string depending on the
@ -875,18 +847,6 @@
* real_leading_dirs * real_leading_dirs
* real_extra_path BROKEN * real_extra_path BROKEN
* real_name * real_name
* fake_full_path_clean
* fake_leading_dirs_clean
* fake_extra_path_clean BROKEN
* fake_name_clean
* real_full_path_clean
* real_leading_dirs_clean
* real_extra_path_clean BROKEN
* real_name_clean
* "clean" values are run through vfs->clean_string () and
* are safe for use in SQL queries that use key='value'
* They should be used ONLY for SQL queries, so are used
* mostly internally
* mask is either RELATIVE_NONE or RELATIVE_NONE|VFS_REAL, * mask is either RELATIVE_NONE or RELATIVE_NONE|VFS_REAL,
* and is used internally * and is used internally
* outside is boolean, True if 'relatives' contains VFS_REAL * outside is boolean, True if 'relatives' contains VFS_REAL
@ -1039,28 +999,6 @@
} }
} }
/*
We have to count it before because new keys will be added,
which would create an endless loop
*/
$count = count ($rarray);
reset ($rarray);
for ($i = 0; (list ($key, $value) = each ($rarray)) && $i != $count; $i++)
{
$rarray[$key . '_clean'] = $this->clean_string (array ('string' => $value));
}
if ($data['object'])
{
$robject = new path_class;
reset ($rarray);
while (list ($key, $value) = each ($rarray))
{
$robject->$key = $value;
}
}
/* /*
echo "<br>fake_full_path: $rarray[fake_full_path] echo "<br>fake_full_path: $rarray[fake_full_path]
<br>fake_leading_dirs: $rarray[fake_leading_dirs] <br>fake_leading_dirs: $rarray[fake_leading_dirs]
@ -1074,12 +1012,15 @@
if ($data['object']) if ($data['object'])
{ {
$robject = new path_class;
foreach($rarray as $key => $value)
{
$robject->$key = $value;
}
return ($robject); return ($robject);
} }
else return ($rarray);
{
return ($rarray);
}
} }
/*! /*!

544
phpgwapi/inc/class.vfs_sql.inc.php
View File

@ -3,10 +3,10 @@
* eGroupWare API - VFS * * eGroupWare API - VFS *
* This file written by Jason Wies (Zone) <zone@phpgroupware.org> * * This file written by Jason Wies (Zone) <zone@phpgroupware.org> *
* This class handles file/dir access for eGroupWare * * This class handles file/dir access for eGroupWare *
* Copyright (C) 2001 Jason Wies * * Copyright (C) 2001 Jason Wies *
* Database layer reworked 2005/09/20 by RalfBecker-AT-outdoor-training.de *
* -------------------------------------------------------------------------* * -------------------------------------------------------------------------*
* This library is part of the eGroupWare API * * This library is part of the eGroupWare API *
* http://www.egroupware.org/api *
* ------------------------------------------------------------------------ * * ------------------------------------------------------------------------ *
* This library is free software; you can redistribute it and/or modify it * * This library is free software; you can redistribute it and/or modify it *
* under the terms of the GNU Lesser General Public License as published by * * under the terms of the GNU Lesser General Public License as published by *
@ -40,7 +40,8 @@
var $working_lid; var $working_lid;
var $meta_types; var $meta_types;
var $now; var $now;
var $file_actions; var $file_actions; // true if the content is stored in the file-system, false if it's stored in the DB too
var $vfs_table = 'phpgw_vfs';
/*! /*!
@function vfs @function vfs
@ -51,7 +52,7 @@
$this->vfs_shared (); $this->vfs_shared ();
$this->basedir = $GLOBALS['phpgw_info']['server']['files_dir']; $this->basedir = $GLOBALS['phpgw_info']['server']['files_dir'];
$this->working_id = $GLOBALS['phpgw_info']['user']['account_id']; $this->working_id = $GLOBALS['phpgw_info']['user']['account_id'];
$this->working_lid = $GLOBALS['phpgw']->accounts->id2name($this->working_id); $this->working_lid = $GLOBALS['phpgw_info']['user']['account_lid'];
$this->now = date ('Y-m-d'); $this->now = date ('Y-m-d');
/* /*
@ -92,22 +93,34 @@
*/ */
$this->meta_types = array ('journal', 'journal-deleted'); $this->meta_types = array ('journal', 'journal-deleted');
$this->db = $GLOBALS['phpgw']->db;
$this->db->set_app('phpgwapi');
/* We store the linked directories in an array now, so we don't have to make the SQL call again */ /* We store the linked directories in an array now, so we don't have to make the SQL call again */
if ($GLOBALS['phpgw_info']['server']['db_type']=='mssql' switch ($this->db->Type)
|| $GLOBALS['phpgw_info']['server']['db_type']=='sybase')
{ {
$query = $GLOBALS['phpgw']->db->query ("SELECT directory, name, link_directory, link_name FROM phpgw_vfs WHERE CONVERT(varchar,link_directory) != '' AND CONVERT(varchar,link_name) != ''" . $this->extra_sql (array ('query_type' => VFS_SQL_SELECT)), __LINE__,__FILE__); case 'mssql':
} case 'sybase':
else $where = array(
{ "CONVERT(varchar,link_directory) != ''",
$query = $GLOBALS['phpgw']->db->query ("SELECT directory, name, link_directory, link_name FROM phpgw_vfs WHERE (link_directory IS NOT NULL or link_directory != '') AND (link_name IS NOT NULL or link_name != '')" . $this->extra_sql (array ('query_type' => VFS_SQL_SELECT)), __LINE__,__FILE__); "CONVERT(varchar,link_name) != ''",
);
break;
default:
$where = array(
"(link_directory IS NOT NULL OR link_directory != '')",
"(link_name IS NOT NULL or link_name != '')",
);
break;
} }
$where[] = $this->extra_sql(array('query_type' => VFS_SQL_SELECT));
$this->db->select($this->vfs_table,'directory,name,link_directory,link_name',$where,__LINE__,__FILE__);
$this->linked_dirs = array (); $this->linked_dirs = array ();
while ($GLOBALS['phpgw']->db->next_record ()) while ($this->db->next_record ())
{ {
$this->linked_dirs[] = $GLOBALS['phpgw']->db->Record; $this->linked_dirs[] = $this->db->Record;
} }
} }
@ -138,7 +151,7 @@
/*! /*!
@function extra_sql @function extra_sql
@abstract Return extra SQL code that should be appended to certain queries @abstract Return extra SQL code that should be appended (AND'ed) to certain queries
@param query_type The type of query to get extra SQL code for, in the form of a VFS_SQL define @param query_type The type of query to get extra SQL code for, in the form of a VFS_SQL define
@result Extra SQL code @result Extra SQL code
*/ */
@ -151,20 +164,9 @@
if ($data['query_type'] == VFS_SQL_SELECT || $data['query_type'] == VFS_SQL_DELETE || $data['query_type'] = VFS_SQL_UPDATE) if ($data['query_type'] == VFS_SQL_SELECT || $data['query_type'] == VFS_SQL_DELETE || $data['query_type'] = VFS_SQL_UPDATE)
{ {
$sql = ' AND (('; return "((mime_type != '".implode("' AND mime_type != '",$this->meta_types)."') OR mime_type IS NULL)";
foreach ($this->meta_types as $num => $type)
{
if ($num)
$sql .= ' AND ';
$sql .= "mime_type != '$type'";
}
$sql .= ') OR mime_type IS NULL)';
} }
return '';
return ($sql);
} }
/*! /*!
@ -236,10 +238,8 @@
); );
$file_array = $ls_array[0]; $file_array = $ls_array[0];
$sql = 'INSERT INTO phpgw_vfs ('; $to_write = array();
$sql2 .= ' VALUES ('; foreach ($file_array as $attribute => $value)
for ($i = 0; list ($attribute, $value) = each ($file_array); $i++)
{ {
if ($attribute == 'file_id' || $attribute == 'content') if ($attribute == 'file_id' || $attribute == 'content')
{ {
@ -256,7 +256,7 @@
$value = $this->now; $value = $this->now;
} }
if ($attribute == 'modified' && !$modified) if ($attribute == 'modified' && !$data['modified'])
{ {
unset ($value); unset ($value);
} }
@ -324,8 +324,8 @@
*/ */
if ($attribute == 'version' && $data['incversion']) if ($attribute == 'version' && $data['incversion'])
{ {
$version_parts = split ("\.", $value); $version_parts = explode ('.', $value);
$newnumofparts = $numofparts = count ($version_parts); $newnumofparts = count ($version_parts);
if ($version_parts[3] >= 9) if ($version_parts[3] >= 9)
{ {
@ -369,30 +369,17 @@
'string' => $p->fake_full_path, 'string' => $p->fake_full_path,
'relatives' => array ($p->mask), 'relatives' => array ($p->mask),
'attributes' => array( 'attributes' => array(
'version' => $newversion 'version' => $newversion
) )
) )
); );
} }
if (isset ($value)) if (isset ($value))
{ {
if ($i > 1) $to_write[$attribute] = $value;
{
$sql .= ', ';
$sql2 .= ', ';
}
$sql .= "$attribute";
$sql2 .= "'" . $this->clean_string (array ('string' => $value)) . "'";
} }
} }
$sql .= ')';
$sql2 .= ')';
$sql .= $sql2;
/* /*
These are some special situations where we need to flush the journal entries These are some special situations where we need to flush the journal entries
or move the 'journal' entries to 'journal-deleted'. Kind of hackish, but they or move the 'journal' entries to 'journal-deleted'. Kind of hackish, but they
@ -451,9 +438,11 @@
) )
); );
$query = $GLOBALS['phpgw']->db->query ("UPDATE phpgw_vfs SET mime_type='journal-deleted' WHERE directory='". $this->db->update($this->vfs_table,array('mime_type'=>'journal-deleted'),array(
$GLOBALS['phpgw']->db->db_addslashes($state_one_path_parts->fake_leading_dirs_clean)."' AND name='". 'directory' => $state_one_path_parts->fake_leading_dirs,
$GLOBALS['phpgw']->db->db_addslashes($state_one_path_parts->fake_name_clean)."' AND mime_type='journal'"); 'name' => $state_one_path_parts->fake_name,
'mime_type' => 'journal',
),__LINE__,__FILE__);
/* /*
We create the file in addition to logging the MOVED operation. This is an We create the file in addition to logging the MOVED operation. This is an
@ -468,7 +457,7 @@
} }
/* This is the SQL query we made for THIS request, remember that one? */ /* This is the SQL query we made for THIS request, remember that one? */
$query = $GLOBALS['phpgw']->db->query ($sql, __LINE__, __FILE__); $this->db->insert($this->vfs_table,$to_write,false, __LINE__, __FILE__);
/* /*
If we were to add an option of whether to keep journal entries for deleted files If we were to add an option of whether to keep journal entries for deleted files
@ -476,9 +465,13 @@
*/ */
if ($data['operation'] == VFS_OPERATION_DELETED) if ($data['operation'] == VFS_OPERATION_DELETED)
{ {
$query = $GLOBALS['phpgw']->db->query ("UPDATE phpgw_vfs SET mime_type='journal-deleted' WHERE directory='". $this->db->update($this->vfs_table,array(
$GLOBALS['phpgw']->db->db_addslashes($p->fake_leading_dirs_clean)."' AND name='". 'mime_type' => 'journal-deleted'
$GLOBALS['phpgw']->db->db_addslashes($p->fake_name_clean)."' AND mime_type='journal'"); ),array(
'directory' => $p->fake_leading_dirs,
'name' => $p->fake_name,
'mime_type' => 'journal',
),__LINE__,__FILE);
} }
return True; return True;
@ -518,34 +511,18 @@
) )
); );
$sql = "DELETE FROM phpgw_vfs WHERE directory='". $where = array(
$GLOBALS['phpgw']->db->db_addslashes($p->fake_leading_dirs_clean)."' AND name='". 'directory' => $p->fake_leading_dirs,
$GLOBALS['phpgw']->db->db_addslashes($p->fake_name_clean)."'"; 'name' => $p->fake_name,
);
if (!$data['deleteall']) if (!$data['deleteall'])
{ {
$sql .= " AND (mime_type != 'journal' AND comment != 'Created')"; $where[] = "(mime_type != 'journal' AND comment != 'Created')";
} }
$sql .= " AND (mime_type='journal-deleted'"; $where[] = "(mime_type='journal-deleted'".(!$data['deletedonly']?" OR mime_type='journal'":'').')';
if (!$data['deletedonly']) return !!$this->db->delete($this->vfs_table,$where, __LINE__, __FILE__);
{
$sql .= " OR mime_type='journal'";
}
$sql .= ")";
$query = $GLOBALS['phpgw']->db->query ($sql, __LINE__, __FILE__);
if ($query)
{
return True;
}
else
{
return False;
}
} }
/* /*
@ -580,28 +557,29 @@
return False; return False;
} }
$sql = "SELECT * FROM phpgw_vfs WHERE directory='". $where = array(
$GLOBALS['phpgw']->db->db_addslashes($p->fake_leading_dirs_clean)."' AND name='". 'directory' => $p->fake_leading_dirs,
$GLOBALS['phpgw']->db->db_addslashes($p->fake_name_clean)."'"; 'name' => $p->fake_name,
);
if ($data['type'] == 1) if ($data['type'] == 1)
{ {
$sql .= " AND mime_type='journal'"; $where[] = "mime_type='journal'";
} }
elseif ($data['type'] == 2) elseif ($data['type'] == 2)
{ {
$sql .= " AND mime_type='journal-deleted'"; $where[] = "mime_type='journal-deleted'";
} }
else else
{ {
$sql .= " AND (mime_type='journal' OR mime_type='journal-deleted')"; $where[] = "(mime_type='journal' OR mime_type='journal-deleted')";
} }
$query = $GLOBALS['phpgw']->db->query ($sql, __LINE__, __FILE__); $this->db->select($this->vfs_table,'*',$where, __LINE__, __FILE__);
while ($GLOBALS['phpgw']->db->next_record ()) while ($this->db->next_record ())
{ {
$rarray[] = $GLOBALS['phpgw']->db->Record; $rarray[] = $this->db->Record;
} }
return $rarray; return $rarray;
@ -696,12 +674,14 @@
We don't use ls () to get owner_id as we normally would, We don't use ls () to get owner_id as we normally would,
because ls () calls acl_check (), which would create an infinite loop because ls () calls acl_check (), which would create an infinite loop
*/ */
$query = $GLOBALS['phpgw']->db->query ("SELECT owner_id FROM phpgw_vfs WHERE directory='". $this->db->select($this->vfs_table,'owner_id',array(
$GLOBALS['phpgw']->db->db_addslashes($p2->fake_leading_dirs_clean)."' AND name='". 'directory' => $p2->fake_leading_dirs,
$GLOBALS['phpgw']->db->db_addslashes($p2->fake_name_clean)."'" . $this->extra_sql (array ('query_type' => VFS_SQL_SELECT)), __LINE__, __FILE__); 'name' => $p2->fake_name,
$GLOBALS['phpgw']->db->next_record (); $this->extra_sql(array ('query_type' => VFS_SQL_SELECT))
), __LINE__, __FILE__);
$this->db->next_record ();
$owner_id = $GLOBALS['phpgw']->db->Record['owner_id']; $owner_id = $this->db->Record['owner_id'];
} }
else else
{ {
@ -760,14 +740,8 @@
{ {
$conf = CreateObject('phpgwapi.config', 'phpgwapi'); $conf = CreateObject('phpgwapi.config', 'phpgwapi');
$conf->read_repository(); $conf->read_repository();
if ($conf->config_data['acl_default'] == 'grant')
{ return $conf->config_data['acl_default'] == 'grant';
return True;
}
else
{
return False;
}
} }
else else
{ {
@ -812,7 +786,7 @@
$conf->read_repository(); $conf->read_repository();
if ($this->file_actions || $p->outside) if ($this->file_actions || $p->outside)
{ {
if ($fp = fopen ($p->real_full_path, 'rb')) if (($fp = fopen ($p->real_full_path, 'rb')))
{ {
$contents = fread ($fp, filesize ($p->real_full_path)); $contents = fread ($fp, filesize ($p->real_full_path));
fclose ($fp); fclose ($fp);
@ -900,7 +874,7 @@
$conf->read_repository(); $conf->read_repository();
if ($this->file_actions) if ($this->file_actions)
{ {
if ($fp = fopen ($p->real_full_path, 'wb')) if (($fp = fopen ($p->real_full_path, 'wb')))
{ {
fwrite ($fp, $data['content']); fwrite ($fp, $data['content']);
fclose ($fp); fclose ($fp);
@ -1031,9 +1005,11 @@
return False; return False;
} }
$query = $GLOBALS['phpgw']->db->query ("INSERT INTO phpgw_vfs (owner_id, directory, name) VALUES ($this->working_id, '". $query = $this->db->insert($this->vfs_table,array(
$GLOBALS['phpgw']->db->db_addslashes($p->fake_leading_dirs_clean)."', '". 'owner_id' => $this->working_id,
$GLOBALS['phpgw']->db->db_addslashes($p->fake_name_clean)."')", __LINE__, __FILE__); 'directory' => $p->fake_leading_dirs,
'name' => $p->fake_name,
),false,__LINE__,__FILE__);
$this->set_attributes(array( $this->set_attributes(array(
'string' => $p->fake_full_path, 'string' => $p->fake_full_path,
@ -1061,14 +1037,7 @@
); );
} }
if ($rr || $vr || $query) return $rr || $vr || $query;
{
return True;
}
else
{
return False;
}
} }
/* /*
@ -1113,10 +1082,10 @@
return False; return False;
} }
if ($exists = $this->file_exists (array( if (($exists = $this->file_exists (array(
'string' => $t->fake_full_path, 'string' => $t->fake_full_path,
'relatives' => array ($t->mask) 'relatives' => array ($t->mask)
)) )))
) )
{ {
if (!$this->acl_check (array( if (!$this->acl_check (array(
@ -1202,12 +1171,18 @@
)) ))
) )
{ {
$query = $GLOBALS['phpgw']->db->query ("UPDATE phpgw_vfs SET owner_id='$this->working_id', directory='". /* RalfBecker 2004/09/19: for my undetstanding the query does nothing, as it only sets rows already containing these values !!!
$GLOBALS['phpgw']->db->db_addslashes($t->fake_leading_dirs_clean)."', name='". $query = $this->db->update($this->vfs_table,array(
$GLOBALS['phpgw']->db->db_addslashes($t->fake_name_clean)."' WHERE owner_id='$this->working_id' AND directory='". 'owner_id' => $this->working_id,
$GLOBALS['phpgw']->db->db_addslashes($t->fake_leading_dirs_clean)."' AND name='". 'directory' => $t->fake_leading_dirs,
$GLOBALS['phpgw']->db->db_addslashes($t->fake_name_clean)."'" . $this->extra_sql (VFS_SQL_UPDATE), __LINE__, __FILE__); 'name' => $t->fake_name,
),array(
'owner_id' => $this->working_id,
'directory' => $t->fake_leading_dirs,
'name' => $t->fake_name,
$this->extra_sql(VFS_SQL_UPDATE)
), __LINE__, __FILE__);
*/
$set_attributes_array = array ( $set_attributes_array = array (
'createdby_id' => $account_id, 'createdby_id' => $account_id,
'created' => $this->now, 'created' => $this->now,
@ -1478,17 +1453,24 @@
'relatives' => array ($t->mask) 'relatives' => array ($t->mask)
) )
); );
$query = $GLOBALS['phpgw']->db->query ("UPDATE phpgw_vfs SET size=$size WHERE directory='". $this->db->update($this->vfs_table,array('size'=>$size),array(
$GLOBALS['phpgw']->db->db_addslashes($t->fake_leading_dirs_clean)."' AND name='". 'directory' => $t->fake_leading_dirs,
$GLOBALS['phpgw']->db->db_addslashes($t->fake_name_clean)."'" . $this->extra_sql (array ('query_type' => VFS_SQL_UPDATE)), __LINE__, __FILE__); 'name' => $t->fake_name,
$this->extra_sql(array ('query_type' => VFS_SQL_UPDATE)),
), __LINE__, __FILE__);
} }
elseif (!$t->outside) elseif (!$t->outside)
{ {
$query = $GLOBALS['phpgw']->db->query ("UPDATE phpgw_vfs SET name='". /* RalfBecker 2004/09/19: for my undetstanding the query does nothing, as it only sets rows already containing these values !!!
$GLOBALS['phpgw']->db->db_addslashes($t->fake_name_clean)."', directory='". $this->db->update($this->vfs_table,array(
$GLOBALS['phpgw']->db->db_addslashes($t->fake_leading_dirs_clean)."' WHERE directory='". 'directory' => $t->fake_leading_dirs,
$GLOBALS['phpgw']->db->db_addslashes($f->fake_leading_dirs_clean)."' AND name='". 'name' => $t->fake_name,
$GLOBALS['phpgw']->db->db_addslashes($f->fake_name_clean)."'" . $this->extra_sql (array ('query_type' => VFS_SQL_UPDATE)), __LINE__, __FILE__); ),array(
'directory' => $t->fake_leading_dirs,
'name' => $t->fake_name,
$this->extra_sql(array ('query_type' => VFS_SQL_UPDATE)),
), __LINE__, __FILE__);
*/
} }
$this->set_attributes(array( $this->set_attributes(array(
@ -1509,7 +1491,7 @@
if ($this->file_actions) if ($this->file_actions)
{ {
$rr = rename ($f->real_full_path, $t->real_full_path); rename ($f->real_full_path, $t->real_full_path);
} }
/* /*
@ -1540,11 +1522,14 @@
foreach ($ls as $entry) foreach ($ls as $entry)
{ {
$newdir = ereg_replace ("^$f->fake_full_path", $t->fake_full_path, $entry['directory']); $newdir = ereg_replace ("^$f->fake_full_path", $t->fake_full_path, $entry['directory']);
$newdir_clean = $this->clean_string (array ('string' => $newdir));
$query = $GLOBALS['phpgw']->db->query ("UPDATE phpgw_vfs SET directory='". $this->db->update($this->vfs_table,array(
$GLOBALS['phpgw']->db->db_addslashes($newdir_clean)."' WHERE file_id='$entry[file_id]'" . 'directory' => $newdir
$this->extra_sql (array ('query_type' => VFS_SQL_UPDATE)), __LINE__, __FILE__); ),array(
'file_id' => $entry['file_id'],
$this->extra_sql(array ('query_type' => VFS_SQL_UPDATE))
), __LINE__, __FILE__);
$this->correct_attributes (array( $this->correct_attributes (array(
'string' => "$newdir/$entry[name]", 'string' => "$newdir/$entry[name]",
'relatives' => array ($t->mask) 'relatives' => array ($t->mask)
@ -1636,9 +1621,11 @@
) )
); );
$query = $GLOBALS['phpgw']->db->query ("DELETE FROM phpgw_vfs WHERE directory='". $query = $this->db->delete($this->vfs_table,array(
$GLOBALS['phpgw']->db->db_addslashes($p->fake_leading_dirs_clean)."' AND name='". 'directory' => $p->fake_leading_dirs,
$GLOBALS['phpgw']->db->db_addslashes($p->fake_name_clean)."'".$this->extra_sql (array ('query_type' => VFS_SQL_DELETE)), __LINE__, __FILE__); 'name' => $p->fake_name,
$this->extra_sql(array ('query_type' => VFS_SQL_DELETE))
), __LINE__, __FILE__);
if ($this->file_actions) if ($this->file_actions)
{ {
@ -1649,14 +1636,7 @@
$rr = True; $rr = True;
} }
if ($query || $rr) return $query || $rr;
{
return True;
}
else
{
return False;
}
} }
else else
{ {
@ -1731,10 +1711,11 @@
) )
); );
$query = $GLOBALS['phpgw']->db->query ("DELETE FROM phpgw_vfs WHERE directory='". $this->db->delete($this->vfs_table,array(
$GLOBALS['phpgw']->db->db_addslashes($p->fake_leading_dirs_clean)."' AND name='". 'directory' => $p->fake_leading_dirs,
$GLOBALS['phpgw']->db->db_addslashes($p->fake_name_clean)."'" . 'name' => $p->fake_name,
$this->extra_sql (array ('query_type' => VFS_SQL_DELETE)), __LINE__, __FILE__); $this->extra_sql(array ('query_type' => VFS_SQL_DELETE))
), __LINE__, __FILE__);
if ($this->file_actions) if ($this->file_actions)
{ {
@ -1782,7 +1763,7 @@
} }
/* We don't allow /'s in dir names, of course */ /* We don't allow /'s in dir names, of course */
if (ereg ("/", $p->fake_name)) if (strstr ($p->fake_name,'/'))
{ {
return False; return False;
} }
@ -1791,9 +1772,9 @@
if ($this->file_actions) if ($this->file_actions)
{ {
if (!@is_dir($p->real_leading_dirs_clean)) // eg. /home or /group does not exist if (!@is_dir($p->real_leading_dirs)) // eg. /home or /group does not exist
{ {
if (!@mkdir($p->real_leading_dirs_clean,0770)) // ==> create it if (!@mkdir($p->real_leading_dirs,0770)) // ==> create it
{ {
return False; return False;
} }
@ -1814,9 +1795,11 @@
)) ))
) )
{ {
$query = $GLOBALS['phpgw']->db->query ("INSERT INTO phpgw_vfs (owner_id, name, directory) VALUES ($this->working_id, '". $this->db->insert($this->vfs_table,array(
$GLOBALS['phpgw']->db->db_addslashes($p->fake_name_clean)."', '". 'owner_id' => $this->working_id,
$GLOBALS['phpgw']->db->db_addslashes($p->fake_leading_dirs_clean)."')", __LINE__, __FILE__); 'name' => $p->fake_name,
'directory' => $p->fake_leading_dirs,
),false,__LINE__,__FILE__);
$this->set_attributes(array( $this->set_attributes(array(
'string' => $p->fake_full_path, 'string' => $p->fake_full_path,
@ -1870,9 +1853,6 @@
$data = array_merge ($this->default_values ($data, $default_values), $data); $data = array_merge ($this->default_values ($data, $default_values), $data);
$account_id = $GLOBALS['phpgw_info']['user']['account_id'];
$currentapp = $GLOBALS['phpgw_info']['flags']['currentapp'];
$vp = $this->path_parts (array( $vp = $this->path_parts (array(
'string' => $data['vdir'], 'string' => $data['vdir'],
'relatives' => array ($data['relatives'][0]) 'relatives' => array ($data['relatives'][0])
@ -2000,10 +1980,7 @@
); );
$record = $ls_array[0]; $record = $ls_array[0];
$sql = 'UPDATE phpgw_vfs SET '; $to_write = array();
$change_attributes = 0;
foreach ($this->attributes as $attribute) foreach ($this->attributes as $attribute)
{ {
if (isset ($data['attributes'][$attribute])) if (isset ($data['attributes'][$attribute]))
@ -2016,52 +1993,31 @@
{ {
$edited_comment = 1; $edited_comment = 1;
} }
$to_write[$attribute] = $data['attributes'][$attribute];
if ($change_attributes > 0)
{
$sql .= ', ';
}
// RalfBecker 2004/07/24:
// this is only a hack to fix bug [ 991222 ] Error uploading file
// the whole class need to be reworked with the new db-functions
if (!isset($this->column_defs))
{
$table_defs = $GLOBALS['phpgw']->db->get_table_definitions('phpgwapi','phpgw_vfs');
$this->column_defs = $table_defs['fd'];
}
$sql .= $attribute.'=' .$GLOBALS['phpgw']->db->quote($data['attributes'][$attribute],$this->column_defs[$attribute]['type']);
$change_attributes++;
} }
} }
if (!$change_attributes) if (!count($to_write))
{ {
return True; // nothing to do return True; // nothing to do
} }
$sql .= ' WHERE file_id='.(int) $record['file_id']; if (!$this->db->update($this->vfs_table,$to_write,array(
$sql .= $this->extra_sql (array ('query_type' => VFS_SQL_UPDATE)); 'file_id' => $record['file_id'],
$query = $GLOBALS['phpgw']->db->query ($sql, __LINE__, __FILE__); $this->extra_sql(array ('query_type' => VFS_SQL_UPDATE)),
), __LINE__, __FILE__))
if ($query)
{
if ($edited_comment)
{
$this->add_journal (array(
'string' => $p->fake_full_path,
'relatives' => array ($p->mask),
'operation' => VFS_OPERATION_EDITED_COMMENT
)
);
}
return True;
}
else
{ {
return False; return False;
} }
if ($edited_comment)
{
$this->add_journal (array(
'string' => $p->fake_full_path,
'relatives' => array ($p->mask),
'operation' => VFS_OPERATION_EDITED_COMMENT
)
);
}
return True;
} }
/*! /*!
@ -2178,23 +2134,27 @@
We don't use ls () because it calls file_type () to determine if it has been We don't use ls () because it calls file_type () to determine if it has been
passed a directory passed a directory
*/ */
$db2 = $GLOBALS['phpgw']->db; $db2 = $this->db;
$db2->query ("SELECT mime_type FROM phpgw_vfs WHERE directory='". $db2->select($this->vfs_table,'mime_type',array(
$db2->db_addslashes($p->fake_leading_dirs_clean)."' AND name='". 'directory' => $p->fake_leading_dirs,
$db2->db_addslashes($p->fake_name_clean)."'" . $this->extra_sql (array ('query_type' => VFS_SQL_SELECT)), __LINE__, __FILE__); 'name' => $p->fake_name,
$this->extra_sql(array ('query_type' => VFS_SQL_SELECT))
), __LINE__, __FILE__);
$db2->next_record (); $db2->next_record ();
$mime_type = $db2->Record['mime_type']; $mime_type = $db2->Record['mime_type'];
if(!$mime_type) if(!$mime_type)
{ {
$mime_type = $this->get_ext_mime_type (array ('string' => $data['string'])); $mime_type = $this->get_ext_mime_type (array ('string' => $data['string']));
{ {
$db2->query ("UPDATE phpgw_vfs SET mime_type='$mime_type' WHERE directory='". $db2->update($this->vfs_table,array(
$db2->db_addslashes($p->fake_leading_dirs_clean)."' AND name='". 'mime_type' => $mime_type
$db2->db_addslashes($p->fake_name_clean)."'" . ),array(
$this->extra_sql (array ('query_type' => VFS_SQL_SELECT)), __LINE__, __FILE__); 'directory' => $p->fake_leading_dirs,
'name' => $p->fake_name,
$this->extra_sql(array ('query_type' => VFS_SQL_SELECT))
), __LINE__, __FILE__);
} }
} }
return $mime_type; return $mime_type;
} }
@ -2228,19 +2188,14 @@
return $rr; return $rr;
} }
$db2 = $GLOBALS['phpgw']->db; $db2 = $this->db;
$db2->query ("SELECT name FROM phpgw_vfs WHERE directory='". $db2->select($this->vfs_table,'name',array(
$GLOBALS['phpgw']->db->db_addslashes($p->fake_leading_dirs_clean)."' AND name='". 'directory' => $p->fake_leading_dirs,
$GLOBALS['phpgw']->db->db_addslashes($p->fake_name_clean)."'" . $this->extra_sql (array ('query_type' => VFS_SQL_SELECT)), __LINE__, __FILE__); 'name' => $p->fake_name,
$this->extra_sql(array ('query_type' => VFS_SQL_SELECT))
), __LINE__, __FILE__);
if ($db2->next_record ()) return $db2->next_record ();
{
return True;
}
else
{
return False;
}
} }
/* /*
@ -2312,12 +2267,13 @@
if ($data['checksubdirs']) if ($data['checksubdirs'])
{ {
$query = $GLOBALS['phpgw']->db->query ("SELECT size FROM phpgw_vfs WHERE directory='". $this->db->select($this->vfs_table,'size',array(
$GLOBALS['phpgw']->db->db_addslashes($p->fake_leading_dirs_clean)."' AND name='". 'directory' => $p->fake_leading_dirs,
$GLOBALS['phpgw']->db->db_addslashes($p->fake_name_clean)."'" . 'name' => $p->fake_name,
$this->extra_sql (array ('query_text' => VFS_SQL_SELECT))); $this->extra_sql(array ('query_type' => VFS_SQL_SELECT))
$GLOBALS['phpgw']->db->next_record (); ), __LINE__, __FILE__);
$size += $GLOBALS['phpgw']->db->Record[0]; $this->db->next_record ();
$size += $this->db->Record[0];
} }
return $size; return $size;
@ -2351,19 +2307,11 @@
) )
); );
if (!$this->acl_check (array( return $this->acl_check (array(
'string' => $p->fake_full_path, 'string' => $p->fake_full_path,
'relatives' => array ($p->mask), 'relatives' => array ($p->mask),
'operation' => PHPGW_ACL_ADD 'operation' => PHPGW_ACL_ADD
)) ));
)
{
return False;
}
else
{
return True;
}
} }
/* /*
@ -2373,6 +2321,7 @@
*/ */
function ls ($data) function ls ($data)
{ {
//echo "<p>vfs_sql::ls(".print_r($data,true).")</p>\n";
if (!is_array ($data)) if (!is_array ($data))
{ {
$data = array (); $data = array ();
@ -2388,6 +2337,7 @@
); );
$data = array_merge ($this->default_values ($data, $default_values), $data); $data = array_merge ($this->default_values ($data, $default_values), $data);
//echo "<p>vfs_sql::ls: data=".print_r($data,true)."</p>\n";
$p = $this->path_parts (array( $p = $this->path_parts (array(
'string' => $data['string'], 'string' => $data['string'],
@ -2395,44 +2345,31 @@
) )
); );
$dir = $p->fake_full_path; $dir = $p->fake_full_path;
//echo "<p>vfs_sql::ls: dir='$dir', p=".print_r($p,true)."</p>\n";
/* If they pass us a file or 'nofiles' is set, return the info for $dir only */ /* If they pass us a file or 'nofiles' is set, return the info for $dir only */
if (@$data['file_id'] if (@$data['file_id'] || ($this->file_type (array(
|| ((($type = $this->file_type (array(
'string' => $dir, 'string' => $dir,
'relatives' => array ($p->mask) 'relatives' => array ($p->mask)
)) != 'Directory')) )) != 'Directory' || $data['nofiles']) && !$p->outside)
|| ($data['nofiles'])) && !$p->outside
)
{ {
/* SELECT all, the, attributes */ /* SELECT all, the, attributes */
$sql = 'SELECT ';
foreach ($this->attributes as $num => $attribute)
{
if ($num)
{
$sql .= ', ';
}
$sql .= $attribute;
}
$sql .= " FROM phpgw_vfs WHERE ";
if (@$data['file_id']) if (@$data['file_id'])
{ {
$sql .= 'file_id='.(int)$data['file_id']; $where = array('file_id' => $data['file_id']);
} }
else else
{ {
$sql .= "directory='".$GLOBALS['phpgw']->db->db_addslashes($p->fake_leading_dirs_clean). $where = array(
"' AND name='".$GLOBALS['phpgw']->db->db_addslashes($p->fake_name_clean)."'". 'directory' => $p->fake_leading_dirs,
$this->extra_sql (array ('query_type' => VFS_SQL_SELECT)); 'name' => $p->fake_name,
$this->extra_sql(array ('query_type' => VFS_SQL_SELECT))
);
} }
$query = $GLOBALS['phpgw']->db->query ($sql, __LINE__, __FILE__); $this->db->select($this->vfs_table,$this->attributes,$where,__LINE__,__FILE__);
$GLOBALS['phpgw']->db->next_record (); $this->db->next_record ();
$record = $GLOBALS['phpgw']->db->Record; $record = $this->db->Record;
/* We return an array of one array to maintain the standard */ /* We return an array of one array to maintain the standard */
$rarray = array (); $rarray = array ();
@ -2440,17 +2377,20 @@
{ {
if ($attribute == 'mime_type' && !$record[$attribute]) if ($attribute == 'mime_type' && !$record[$attribute])
{ {
$db2 = $GLOBALS['phpgw']->db;
$record[$attribute] = $this->get_ext_mime_type (array( $record[$attribute] = $this->get_ext_mime_type (array(
'string' => $p->fake_name_clean 'string' => $p->fake_name
) )
); );
if($record[$attribute]) if($record[$attribute])
{ {
$db2->query ("UPDATE phpgw_vfs SET mime_type='".$record[$attribute]."' WHERE directory='". $this->db->update($this->vfs_table,array(
$GLOBALS['phpgw']->db->db_addslashes($p->fake_leading_dirs_clean)."' AND name='". 'mime_type' => $record[$attribute]
$GLOBALS['phpgw']->db->db_addslashes($p->fake_name_clean)."'" . $this->extra_sql (array ('query_type' => VFS_SQL_SELECT)), __LINE__, __FILE__); ),array(
'directory' => $p->fake_leading_dirs,
'name' => $p->fake_name,
$this->extra_sql(array ('query_type' => VFS_SQL_SELECT))
), __LINE__, __FILE__);
} }
} }
@ -2476,7 +2416,7 @@
) )
{ {
$dir_handle = opendir ($p->real_full_path); $dir_handle = opendir ($p->real_full_path);
while ($filename = readdir ($dir_handle)) while (($filename = readdir ($dir_handle)))
{ {
if ($filename == '.' || $filename == '..') if ($filename == '.' || $filename == '..')
{ {
@ -2503,36 +2443,22 @@
} }
/* $dir's not a file, is inside the virtual root, and they want to check subdirs */ /* $dir's not a file, is inside the virtual root, and they want to check subdirs */
/* SELECT all, the, attributes FROM phpgw_vfs WHERE file=$dir */ /* SELECT all, the, attributes FROM $this->vfs_table WHERE file=$dir */
$sql = 'SELECT '; $db2 = $this->db;
$where = array(
foreach($this->attributes as $num => $attribute) 'directory LIKE '.$this->db->quote($dir.'%'),
{ $this->extra_sql(array ('query_type' => VFS_SQL_SELECT)),
if ($num) );
{
$sql .= ", ";
}
$sql .= $attribute;
}
$dir_clean = $this->clean_string (array ('string' => $dir));
$sql .= " FROM phpgw_vfs WHERE directory LIKE '".$GLOBALS['phpgw']->db->db_addslashes($dir_clean)."%'";
$sql .= $this->extra_sql (array ('query_type' => VFS_SQL_SELECT));
if ($data['mime_type']) if ($data['mime_type'])
{ {
$sql .= " AND mime_type='".$data['mime_type']."'"; $where['mime_type'] = $data['mime_type'];
} }
$this->db->select($this->vfs_table,$this->attributes,$where, __LINE__, __FILE__,false,'ORDER BY '.$data['orderby']);
$sql .= ' ORDER BY '.$data['orderby'];
$query = $GLOBALS['phpgw']->db->query ($sql, __LINE__, __FILE__);
$rarray = array (); $rarray = array ();
for ($i = 0; $GLOBALS['phpgw']->db->next_record (); $i++) for ($i = 0; $this->db->next_record (); $i++)
{ {
$record = $GLOBALS['phpgw']->db->Record; $record = $this->db->Record;
/* Further checking on the directory. This makes sure /home/user/test won't match /home/user/test22 */ /* Further checking on the directory. This makes sure /home/user/test won't match /home/user/test22 */
if (@!ereg ("^$dir(/|$)", $record['directory'])) if (@!ereg ("^$dir(/|$)", $record['directory']))
@ -2550,17 +2476,20 @@
{ {
if ($attribute == 'mime_type' && !$record[$attribute]) if ($attribute == 'mime_type' && !$record[$attribute])
{ {
$db2 = $GLOBALS['phpgw']->db;
$record[$attribute] = $this->get_ext_mime_type (array( $record[$attribute] = $this->get_ext_mime_type (array(
'string' => $p->fake_name_clean 'string' => $p->fake_name
) )
); );
if($record[$attribute]) if($record[$attribute])
{ {
$db2->query ("UPDATE phpgw_vfs SET mime_type='".$record[$attribute]."' WHERE directory='". $db2->update($this->vfs_table,array(
$GLOBALS['phpgw']->db->db_addslashes($p->fake_leading_dirs_clean)."' AND name='". 'mime_type' => $record[$attribute]
$GLOBALS['phpgw']->db->db_addslashes($p->fake_name_clean)."'" . $this->extra_sql (array ('query_type' => VFS_SQL_SELECT)), __LINE__, __FILE__); ),array(
'directory' => $p->fake_leading_dirs,
'name' => $p->fake_name,
$this->extra_sql(array ('query_type' => VFS_SQL_SELECT))
), __LINE__, __FILE__);
} }
} }
@ -2599,7 +2528,7 @@
if (is_dir ($p->real_full_path)) if (is_dir ($p->real_full_path))
{ {
$dir_handle = opendir ($p->real_full_path); $dir_handle = opendir ($p->real_full_path);
while ($filename = readdir ($dir_handle)) while (($filename = readdir ($dir_handle)))
{ {
if ($filename == '.' || $filename == '..') if ($filename == '.' || $filename == '..')
{ {
@ -2627,7 +2556,7 @@
$rarray = array (); $rarray = array ();
} }
foreach($rarray as $num => $file_array) foreach($rarray as $file_array)
{ {
$p2 = $this->path_parts (array( $p2 = $this->path_parts (array(
'string' => $file_array['directory'] . '/' . $file_array['name'], 'string' => $file_array['directory'] . '/' . $file_array['name'],
@ -2705,10 +2634,13 @@
if($mime_type) if($mime_type)
{ {
$GLOBALS['phpgw']->db->query ("UPDATE phpgw_vfs SET mime_type='".$mime_type."' WHERE directory='". $this->db->update($this->vfs_table,array(
$GLOBALS['phpgw']->db->db_addslashes($p->fake_leading_dirs_clean)."' AND name='". 'mime_type' => $mime_type
$GLOBALS['phpgw']->db->db_addslashes($p->fake_name_clean)."'" . ),array(
$this->extra_sql (array ('query_type' => VFS_SQL_SELECT)), __LINE__, __FILE__); 'directory' => $p->fake_leading_dirs,
'name' => $p->fake_name,
$this->extra_sql(array ('query_type' => VFS_SQL_SELECT))
), __LINE__, __FILE__);
} }
} }
@ -2720,7 +2652,7 @@
'mime_type' => $mime_type 'mime_type' => $mime_type
); );
return ($rarray); return $rarray;
} }
} }
?> ?>