rooty/OwncloudBookmarksOfficial
1
0
Fork 0
mirror of https://github.com/owncloud/bookmarks.git synced 2025-03-21 12:29:14 +01:00
Code Issues Releases Activity

escape all identifiers with backticks

Browse Source
This commit is contained in:
jfd 2012-07-30 20:46:14 +02:00 committed by Jörn Friedrich Dreyer
parent e504d6bfc4
commit d907425609
5 changed files with 62 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
ajax/editBookmark.php
View File

@ -36,6 +36,8 @@ if( $CONFIG_DBTYPE == 'sqlite' or $CONFIG_DBTYPE == 'sqlite3' ){
$_ut = "strftime('%s','now')";
} elseif($CONFIG_DBTYPE == 'pgsql') {
$_ut = 'date_part(\'epoch\',now())::integer';
} elseif($CONFIG_DBTYPE == 'oci') {
$_ut = '(oracletime - to_date(\'19700101\',\'YYYYMMDD\')) * 86400';
} else {
$_ut = "UNIX_TIMESTAMP()";
}
@ -43,12 +45,13 @@ if( $CONFIG_DBTYPE == 'sqlite' or $CONFIG_DBTYPE == 'sqlite3' ){
$bookmark_id = (int)$_POST["id"];
$user_id = OCP\USER::getUser();
$query = OCP\DB::prepare("
UPDATE *PREFIX*bookmarks
SET url = ?, title =?, lastmodified = $_ut
WHERE id = ?
AND user_id = ?
");
//TODO check using CURRENT_TIMESTAMP? prepare already does magic when using now()
$query = OCP\DB::prepare('
UPDATE `*PREFIX*bookmarks`
SET `url` = ?, `title` = ?, `lastmodified` = '.$_ut.'
WHERE `id` = ?
AND `user_id` = ?
');
$params=array(
htmlspecialchars_decode($_POST["url"]),
@ -63,18 +66,22 @@ $result = $query->execute($params);
if ($result->numRows() == 0) exit();
# Remove old tags and insert new ones.
$query = OCP\DB::prepare("
DELETE FROM *PREFIX*bookmarks_tags
WHERE bookmark_id = $bookmark_id
");
$query = OCP\DB::prepare('
DELETE FROM `*PREFIX*bookmarks_tags`
WHERE `bookmark_id` = ?
');
$query->execute();
$params=array(
$bookmark_id
);
$query = OCP\DB::prepare("
INSERT INTO *PREFIX*bookmarks_tags
(bookmark_id, tag)
$query->execute($params);
$query = OCP\DB::prepare('
INSERT INTO `*PREFIX*bookmarks_tags`
(`bookmark_id`, `tag`)
VALUES (?, ?)
");
');
$tags = explode(' ', urldecode($_POST["tags"]));
foreach ($tags as $tag) {

12
ajax/recordClick.php
View File

@ -30,12 +30,12 @@ $RUNTIME_NOSETUPFS=true;
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('bookmarks');
$query = OCP\DB::prepare("
UPDATE *PREFIX*bookmarks
SET clickcount = clickcount + 1
WHERE user_id = ?
AND url LIKE ?
");
$query = OCP\DB::prepare('
UPDATE `*PREFIX*bookmarks`
SET `clickcount` = `clickcount` + 1
WHERE `user_id` = ?
AND `url` LIKE ?
');
$params=array(OCP\USER::getUser(), htmlspecialchars_decode($_POST["url"]));
$bookmarks = $query->execute($params);

8
appinfo/migrate.php
View File

@ -35,23 +35,23 @@ class OC_Migration_Provider_Bookmarks extends OC_Migration_Provider{
switch( $this->appinfo->version ){
default:
// All versions of the app have had the same db structure, so all can use the same import function
$query = $this->content->prepare( "SELECT * FROM bookmarks WHERE user_id LIKE ?" );
$query = $this->content->prepare( "SELECT * FROM `bookmarks` WHERE `user_id` LIKE ?" );
$results = $query->execute( array( $this->olduid ) );
$idmap = array();
while( $row = $results->fetchRow() ){
// Import each bookmark, saving its id into the map
$query = OCP\DB::prepare( "INSERT INTO *PREFIX*bookmarks(url, title, user_id, public, added, lastmodified) VALUES (?, ?, ?, ?, ?, ?)" );
$query = OCP\DB::prepare( "INSERT INTO `*PREFIX*bookmarks`(`url`, `title`, `user_id`, `public`, `added`, `lastmodified`) VALUES (?, ?, ?, ?, ?, ?)" );
$query->execute( array( $row['url'], $row['title'], $this->uid, $row['public'], $row['added'], $row['lastmodified'] ) );
// Map the id
$idmap[$row['id']] = OCP\DB::insertid();
}
// Now tags
foreach($idmap as $oldid => $newid){
$query = $this->content->prepare( "SELECT * FROM bookmarks_tags WHERE bookmark_id LIKE ?" );
$query = $this->content->prepare( "SELECT * FROM `bookmarks_tags` WHERE `bookmark_id` LIKE ?" );
$results = $query->execute( array( $oldid ) );
while( $row = $results->fetchRow() ){
// Import the tags for this bookmark, using the new bookmark id
$query = OCP\DB::prepare( "INSERT INTO *PREFIX*bookmarks_tags(bookmark_id, tag) VALUES (?, ?)" );
$query = OCP\DB::prepare( "INSERT INTO `*PREFIX*bookmarks_tags`(`bookmark_id`, `tag`) VALUES (?, ?)" );
$query->execute( array( $newid, $row['tag'] ) );
}
}

10
bookmarksHelper.php
View File

@ -83,8 +83,8 @@ function addBookmark($url, $title, $tags='') {
//FIXME: Detect when user adds a known URL
$query = OCP\DB::prepare("
INSERT INTO *PREFIX*bookmarks
(url, title, user_id, public, added, lastmodified)
INSERT INTO `*PREFIX*bookmarks`
(`url`, `title`, `user_id`, `public`, `added`, `lastmodified`)
VALUES (?, ?, ?, 0, $_ut, $_ut)
");
@ -109,8 +109,8 @@ function addBookmark($url, $title, $tags='') {
if($b_id !== false) {
$query = OCP\DB::prepare("
INSERT INTO *PREFIX*bookmarks_tags
(bookmark_id, tag)
INSERT INTO `*PREFIX*bookmarks_tags`
(`bookmark_id`, `tag`)
VALUES (?, ?)
");
@ -126,4 +126,4 @@ function addBookmark($url, $title, $tags='') {
return $b_id;
}
}
}

50
lib/bookmarks.php
View File

@ -71,14 +71,14 @@ class OC_Bookmarks_Bookmarks{
if($CONFIG_DBTYPE == 'pgsql' ){
$query = OCP\DB::prepare('
SELECT id, url, title, '.($filterTagOnly?'':'url || title ||').' array_to_string(array_agg(tag), \' \') as tags
FROM *PREFIX*bookmarks
LEFT JOIN *PREFIX*bookmarks_tags ON *PREFIX*bookmarks.id = *PREFIX*bookmarks_tags.bookmark_id
SELECT `id`, `url`, `title`, '.($filterTagOnly?'':'`url` || `title` ||').' array_to_string(array_agg(`tag`), \' \') as `tags`
FROM `*PREFIX*bookmarks`
LEFT JOIN `*PREFIX*bookmarks_tags` ON `*PREFIX*bookmarks`.`id` = `*PREFIX*bookmarks_tags`.`bookmark_id`
WHERE
*PREFIX*bookmarks.user_id = ?
GROUP BY id, url, title
`*PREFIX*bookmarks`.`user_id` = ?
GROUP BY `id`, `url`, `title`
'.$sqlFilterTag.'
ORDER BY *PREFIX*bookmarks.'.$sqlSortColumn.' DESC
ORDER BY `*PREFIX*bookmarks`.`'.$sqlSortColumn.'` DESC
LIMIT 10
OFFSET '. $offset);
} else {
@ -88,25 +88,25 @@ class OC_Bookmarks_Bookmarks{
$concatFunction = 'Concat(Concat( url, title), ';
$query = OCP\DB::prepare('
SELECT id, url, title, '
SELECT `id`, `url`, `title`, '
.($filterTagOnly?'':$concatFunction).
'CASE WHEN *PREFIX*bookmarks.id = *PREFIX*bookmarks_tags.bookmark_id
THEN GROUP_CONCAT( tag ' .$_gc_separator. ' )
'CASE WHEN `*PREFIX*bookmarks`.`id` = `*PREFIX*bookmarks_tags`.`bookmark_id`
THEN GROUP_CONCAT( `tag` ' .$_gc_separator. ' )
ELSE \' \'
END '
.($filterTagOnly?'':')').'
AS tags
FROM *PREFIX*bookmarks
LEFT JOIN *PREFIX*bookmarks_tags ON 1=1
WHERE (*PREFIX*bookmarks.id = *PREFIX*bookmarks_tags.bookmark_id
OR *PREFIX*bookmarks.id NOT IN (
SELECT *PREFIX*bookmarks_tags.bookmark_id FROM *PREFIX*bookmarks_tags
AS `tags`
FROM `*PREFIX*bookmarks`
LEFT JOIN `*PREFIX*bookmarks_tags` ON 1=1
WHERE (`*PREFIX*bookmarks`.`id` = `*PREFIX*bookmarks_tags`.`bookmark_id`
OR `*PREFIX*bookmarks`.`id` NOT IN (
SELECT `*PREFIX*bookmarks_tags`.`bookmark_id` FROM `*PREFIX*bookmarks_tags`
)
)
AND *PREFIX*bookmarks.user_id = ?
GROUP BY url
AND `*PREFIX*bookmarks`.`user_id` = ?
GROUP BY `url`
'.$sqlFilterTag.'
ORDER BY *PREFIX*bookmarks.'.$sqlSortColumn.' DESC
ORDER BY `*PREFIX*bookmarks`.`'.$sqlSortColumn.'` DESC
LIMIT '.$offset.', 10');
}
@ -119,9 +119,9 @@ class OC_Bookmarks_Bookmarks{
$user = OCP\USER::getUser();
$query = OCP\DB::prepare("
SELECT id FROM *PREFIX*bookmarks
WHERE id = ?
AND user_id = ?
SELECT `id` FROM `*PREFIX*bookmarks`
WHERE `id` = ?
AND `user_id` = ?
");
$result = $query->execute(array($id, $user));
@ -131,15 +131,15 @@ class OC_Bookmarks_Bookmarks{
}
$query = OCP\DB::prepare("
DELETE FROM *PREFIX*bookmarks
WHERE id = $id
DELETE FROM `*PREFIX*bookmarks`
WHERE `id` = $id
");
$result = $query->execute();
$query = OCP\DB::prepare("
DELETE FROM *PREFIX*bookmarks_tags
WHERE bookmark_id = $id
DELETE FROM `*PREFIX*bookmarks_tags`
WHERE `bookmark_id` = $id
");
$result = $query->execute();