mirror of
https://github.com/owncloudarchive/contacts.git
synced 2025-01-30 19:52:17 +01:00
escape all identifiers with backticks
This commit is contained in:
jfd
Jörn Friedrich Dreyer
parent
3b2c7c5981
commit
a57799bcec
@ -40,7 +40,7 @@ class OC_Migration_Provider_Contacts extends OC_Migration_Provider{
|
||||
$idmap = array();
|
||||
while( $row = $results->fetchRow() ){
|
||||
// Import each bookmark, saving its id into the map
|
||||
$query = OCP\DB::prepare( "INSERT INTO *PREFIX*contacts_addressbooks (`userid`, `displayname`, `uri`, `description`, `ctag`) VALUES (?, ?, ?, ?, ?)" );
|
||||
$query = OCP\DB::prepare( "INSERT INTO `*PREFIX*contacts_addressbooks` (`userid`, `displayname`, `uri`, `description`, `ctag`) VALUES (?, ?, ?, ?, ?)" );
|
||||
$query->execute( array( $this->uid, $row['displayname'], $row['uri'], $row['description'], $row['ctag'] ) );
|
||||
// Map the id
|
||||
$idmap[$row['id']] = OCP\DB::insertid();
|
||||
@ -51,7 +51,7 @@ class OC_Migration_Provider_Contacts extends OC_Migration_Provider{
|
||||
$results = $query->execute( array( $oldid ) );
|
||||
while( $row = $results->fetchRow() ){
|
||||
// Import the tags for this bookmark, using the new bookmark id
|
||||
$query = OCP\DB::prepare( "INSERT INTO *PREFIX*contacts_cards (`addressbookid`, `fullname`, `carddata`, `uri`, `lastmodified`) VALUES (?, ?, ?, ?, ?)" );
|
||||
$query = OCP\DB::prepare( "INSERT INTO `*PREFIX*contacts_cards` (`addressbookid`, `fullname`, `carddata`, `uri`, `lastmodified`) VALUES (?, ?, ?, ?, ?)" );
|
||||
$query->execute( array( $newid, $row['fullname'], $row['carddata'], $row['uri'], $row['lastmodified'] ) );
|
||||
}
|
||||
}
|
||||
|
||||
@ -44,7 +44,7 @@ class OC_Contacts_Addressbook{
|
||||
* @return array
|
||||
*/
|
||||
public static function all($uid){
|
||||
$stmt = OCP\DB::prepare( 'SELECT * FROM *PREFIX*contacts_addressbooks WHERE userid = ? ORDER BY displayname' );
|
||||
$stmt = OCP\DB::prepare( 'SELECT * FROM `*PREFIX*contacts_addressbooks` WHERE `userid` = ? ORDER BY `displayname`' );
|
||||
$result = $stmt->execute(array($uid));
|
||||
|
||||
$addressbooks = array();
|
||||
@ -72,7 +72,7 @@ class OC_Contacts_Addressbook{
|
||||
*/
|
||||
public static function find($id){
|
||||
try {
|
||||
$stmt = OCP\DB::prepare( 'SELECT * FROM *PREFIX*contacts_addressbooks WHERE id = ?' );
|
||||
$stmt = OCP\DB::prepare( 'SELECT * FROM `*PREFIX*contacts_addressbooks` WHERE `id` = ?' );
|
||||
$result = $stmt->execute(array($id));
|
||||
return $result->fetchRow();
|
||||
} catch(Exception $e) {
|
||||
@ -98,7 +98,7 @@ class OC_Contacts_Addressbook{
|
||||
|
||||
$uri = self::createURI($name, $uris );
|
||||
|
||||
$stmt = OCP\DB::prepare( 'INSERT INTO *PREFIX*contacts_addressbooks (userid,displayname,uri,description,ctag) VALUES(?,?,?,?,?)' );
|
||||
$stmt = OCP\DB::prepare( 'INSERT INTO `*PREFIX*contacts_addressbooks` (`userid`,`displayname`,`uri`,`description`,`ctag`) VALUES(?,?,?,?,?)' );
|
||||
$result = $stmt->execute(array($userid,$name,$uri,$description,1));
|
||||
|
||||
return OCP\DB::insertid('*PREFIX*contacts_addressbooks');
|
||||
@ -115,7 +115,7 @@ class OC_Contacts_Addressbook{
|
||||
public static function addFromDAVData($principaluri,$uri,$name,$description){
|
||||
$userid = self::extractUserID($principaluri);
|
||||
|
||||
$stmt = OCP\DB::prepare( 'INSERT INTO *PREFIX*contacts_addressbooks (userid,displayname,uri,description,ctag) VALUES(?,?,?,?,?)' );
|
||||
$stmt = OCP\DB::prepare( 'INSERT INTO `*PREFIX*contacts_addressbooks` (`userid`,`displayname`,`uri`,`description`,`ctag`) VALUES(?,?,?,?,?)' );
|
||||
$result = $stmt->execute(array($userid,$name,$uri,$description,1));
|
||||
|
||||
return OCP\DB::insertid('*PREFIX*contacts_addressbooks');
|
||||
@ -139,7 +139,7 @@ class OC_Contacts_Addressbook{
|
||||
$description = $addressbook['description'];
|
||||
}
|
||||
|
||||
$stmt = OCP\DB::prepare( 'UPDATE *PREFIX*contacts_addressbooks SET displayname=?,description=?, ctag=ctag+1 WHERE id=?' );
|
||||
$stmt = OCP\DB::prepare( 'UPDATE `*PREFIX*contacts_addressbooks` SET `displayname`=?,`description`=?, `ctag`=`ctag`+1 WHERE `id`=?' );
|
||||
$result = $stmt->execute(array($name,$description,$id));
|
||||
|
||||
return true;
|
||||
@ -208,7 +208,7 @@ class OC_Contacts_Addressbook{
|
||||
return $addressbooks;
|
||||
}
|
||||
$ids_sql = join(',', array_fill(0, count($active), '?'));
|
||||
$prep = 'SELECT * FROM *PREFIX*contacts_addressbooks WHERE id IN ('.$ids_sql.') ORDER BY displayname';
|
||||
$prep = 'SELECT * FROM `*PREFIX*contacts_addressbooks` WHERE `id` IN ('.$ids_sql.') ORDER BY `displayname`';
|
||||
try {
|
||||
$stmt = OCP\DB::prepare( $prep );
|
||||
$result = $stmt->execute($active);
|
||||
@ -275,7 +275,7 @@ class OC_Contacts_Addressbook{
|
||||
public static function delete($id){
|
||||
// FIXME: There's no error checking at all.
|
||||
self::setActive($id, false);
|
||||
$stmt = OCP\DB::prepare( 'DELETE FROM *PREFIX*contacts_addressbooks WHERE id = ?' );
|
||||
$stmt = OCP\DB::prepare( 'DELETE FROM `*PREFIX*contacts_addressbooks` WHERE `id` = ?' );
|
||||
$stmt->execute(array($id));
|
||||
|
||||
$cards = OC_Contacts_VCard::all($id);
|
||||
@ -292,7 +292,7 @@ class OC_Contacts_Addressbook{
|
||||
* @return boolean
|
||||
*/
|
||||
public static function touch($id){
|
||||
$stmt = OCP\DB::prepare( 'UPDATE *PREFIX*contacts_addressbooks SET ctag = ctag + 1 WHERE id = ?' );
|
||||
$stmt = OCP\DB::prepare( 'UPDATE `*PREFIX*contacts_addressbooks` SET `ctag` = `ctag` + 1 WHERE `id` = ?' );
|
||||
$stmt->execute(array($id));
|
||||
|
||||
return true;
|
||||
|
||||
@ -51,7 +51,7 @@ class OC_Contacts_VCard{
|
||||
$result = null;
|
||||
if(is_array($id) && count($id) > 1) {
|
||||
$id_sql = join(',', array_fill(0, count($id), '?'));
|
||||
$prep = 'SELECT * FROM *PREFIX*contacts_cards WHERE addressbookid IN ('.$id_sql.') ORDER BY fullname';
|
||||
$prep = 'SELECT * FROM `*PREFIX*contacts_cards` WHERE `addressbookid` IN ('.$id_sql.') ORDER BY `fullname`';
|
||||
try {
|
||||
$stmt = OCP\DB::prepare( $prep );
|
||||
$result = $stmt->execute($id);
|
||||
@ -68,7 +68,7 @@ class OC_Contacts_VCard{
|
||||
$id = $id[0];
|
||||
}
|
||||
try {
|
||||
$stmt = OCP\DB::prepare( 'SELECT * FROM *PREFIX*contacts_cards WHERE addressbookid = ? ORDER BY fullname' );
|
||||
$stmt = OCP\DB::prepare( 'SELECT * FROM `*PREFIX*contacts_cards` WHERE `addressbookid` = ? ORDER BY `fullname`' );
|
||||
$result = $stmt->execute(array($id));
|
||||
} catch(Exception $e) {
|
||||
OCP\Util::writeLog('contacts','OC_Contacts_VCard:all:, exception: '.$e->getMessage(),OCP\Util::ERROR);
|
||||
@ -94,7 +94,7 @@ class OC_Contacts_VCard{
|
||||
* @return associative array
|
||||
*/
|
||||
public static function find($id){
|
||||
$stmt = OCP\DB::prepare( 'SELECT * FROM *PREFIX*contacts_cards WHERE id = ?' );
|
||||
$stmt = OCP\DB::prepare( 'SELECT * FROM `*PREFIX*contacts_cards` WHERE `id` = ?' );
|
||||
$result = $stmt->execute(array($id));
|
||||
|
||||
return $result->fetchRow();
|
||||
@ -107,7 +107,7 @@ class OC_Contacts_VCard{
|
||||
* @return associative array
|
||||
*/
|
||||
public static function findWhereDAVDataIs($aid,$uri){
|
||||
$stmt = OCP\DB::prepare( 'SELECT * FROM *PREFIX*contacts_cards WHERE addressbookid = ? AND uri = ?' );
|
||||
$stmt = OCP\DB::prepare( 'SELECT * FROM `*PREFIX*contacts_cards` WHERE `addressbookid` = ? AND `uri` = ?' );
|
||||
$result = $stmt->execute(array($aid,$uri));
|
||||
|
||||
return $result->fetchRow();
|
||||
@ -156,7 +156,7 @@ class OC_Contacts_VCard{
|
||||
* @returns true if the UID has been changed.
|
||||
*/
|
||||
protected static function trueUID($aid, &$uid) {
|
||||
$stmt = OCP\DB::prepare( 'SELECT * FROM *PREFIX*contacts_cards WHERE addressbookid = ? AND uri = ?' );
|
||||
$stmt = OCP\DB::prepare( 'SELECT * FROM `*PREFIX*contacts_cards` WHERE `addressbookid` = ? AND `uri` = ?' );
|
||||
$uri = $uid.'.vcf';
|
||||
$result = $stmt->execute(array($aid,$uri));
|
||||
if($result->numRows() > 0){
|
||||
@ -297,7 +297,7 @@ class OC_Contacts_VCard{
|
||||
}
|
||||
|
||||
$data = $card->serialize();
|
||||
$stmt = OCP\DB::prepare( 'INSERT INTO *PREFIX*contacts_cards (addressbookid,fullname,carddata,uri,lastmodified) VALUES(?,?,?,?,?)' );
|
||||
$stmt = OCP\DB::prepare( 'INSERT INTO `*PREFIX*contacts_cards` (`addressbookid`,`fullname`,`carddata`,`uri`,`lastmodified`) VALUES(?,?,?,?,?)' );
|
||||
$result = $stmt->execute(array($aid,$fn,$data,$uri,time()));
|
||||
$newid = OCP\DB::insertid('*PREFIX*contacts_cards');
|
||||
|
||||
@ -323,7 +323,7 @@ class OC_Contacts_VCard{
|
||||
* @param array $objects An array of [id, carddata].
|
||||
*/
|
||||
public static function updateDataByID($objects){
|
||||
$stmt = OCP\DB::prepare( 'UPDATE *PREFIX*contacts_cards SET carddata = ?, lastmodified = ? WHERE id = ?' );
|
||||
$stmt = OCP\DB::prepare( 'UPDATE `*PREFIX*contacts_cards` SET `carddata` = ?, `lastmodified` = ? WHERE `id` = ?' );
|
||||
$now = new DateTime;
|
||||
foreach($objects as $object) {
|
||||
$vcard = OC_VObject::parse($object[1]);
|
||||
@ -365,7 +365,7 @@ class OC_Contacts_VCard{
|
||||
$card->setString('REV', $now->format(DateTime::W3C));
|
||||
|
||||
$data = $card->serialize();
|
||||
$stmt = OCP\DB::prepare( 'UPDATE *PREFIX*contacts_cards SET fullname = ?,carddata = ?, lastmodified = ? WHERE id = ?' );
|
||||
$stmt = OCP\DB::prepare( 'UPDATE `*PREFIX*contacts_cards` SET `fullname` = ?,`carddata` = ?, `lastmodified` = ? WHERE `id` = ?' );
|
||||
$result = $stmt->execute(array($fn,$data,time(),$id));
|
||||
|
||||
OC_Contacts_Addressbook::touch($oldcard['addressbookid']);
|
||||
@ -397,7 +397,7 @@ class OC_Contacts_VCard{
|
||||
*/
|
||||
public static function delete($id){
|
||||
// FIXME: Add error checking.
|
||||
$stmt = OCP\DB::prepare( 'DELETE FROM *PREFIX*contacts_cards WHERE id = ?' );
|
||||
$stmt = OCP\DB::prepare( 'DELETE FROM `*PREFIX*contacts_cards` WHERE `id` = ?' );
|
||||
$stmt->execute(array($id));
|
||||
|
||||
return true;
|
||||
@ -411,7 +411,7 @@ class OC_Contacts_VCard{
|
||||
*/
|
||||
public static function deleteFromDAVData($aid,$uri){
|
||||
// FIXME: Add error checking. Deleting a card gives an Kontact/Akonadi error.
|
||||
$stmt = OCP\DB::prepare( 'DELETE FROM *PREFIX*contacts_cards WHERE addressbookid = ? AND uri=?' );
|
||||
$stmt = OCP\DB::prepare( 'DELETE FROM `*PREFIX*contacts_cards` WHERE `addressbookid` = ? AND `uri`=?' );
|
||||
$stmt->execute(array($aid,$uri));
|
||||
OC_Contacts_Addressbook::touch($aid);
|
||||
|
||||
@ -546,7 +546,7 @@ class OC_Contacts_VCard{
|
||||
OC_Contacts_App::getAddressbook($aid); // check for user ownership.
|
||||
if(is_array($id)) {
|
||||
$id_sql = join(',', array_fill(0, count($id), '?'));
|
||||
$prep = 'UPDATE *PREFIX*contacts_cards SET addressbookid = ? WHERE id IN ('.$id_sql.')';
|
||||
$prep = 'UPDATE `*PREFIX*contacts_cards` SET `addressbookid` = ? WHERE `id` IN ('.$id_sql.')';
|
||||
try {
|
||||
$stmt = OCP\DB::prepare( $prep );
|
||||
//$aid = array($aid);
|
||||
@ -560,7 +560,7 @@ class OC_Contacts_VCard{
|
||||
}
|
||||
} else {
|
||||
try {
|
||||
$stmt = OCP\DB::prepare( 'UPDATE *PREFIX*contacts_cards SET addressbookid = ? WHERE id = ?' );
|
||||
$stmt = OCP\DB::prepare( 'UPDATE `*PREFIX*contacts_cards` SET `addressbookid` = ? WHERE `id` = ?' );
|
||||
$result = $stmt->execute(array($aid, $id));
|
||||
} catch(Exception $e) {
|
||||
OCP\Util::writeLog('contacts','OC_Contacts_VCard::moveToAddressBook:, exception: '.$e->getMessage(),OCP\Util::DEBUG);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user