Changeset 146
- Timestamp:
- Jun 5, 2006 1:14:51 AM (18 years ago)
- Location:
- trunk/lib
- Files:
-
- 16 edited
-
Auth_File.inc.php (modified) (1 diff)
-
Auth_SQL.inc.php (modified) (2 diffs)
-
AuthorizeNet.inc.php (modified) (1 diff)
-
CSS.inc.php (modified) (1 diff)
-
Cache.inc.php (modified) (1 diff)
-
DB.inc.php (modified) (1 diff)
-
DBSessionHandler.inc.php (modified) (1 diff)
-
Email.inc.php (modified) (1 diff)
-
ImageThumb.inc.php (modified) (1 diff)
-
Lock.inc.php (modified) (11 diffs)
-
PEdit.inc.php (modified) (1 diff)
-
PayPal.inc.php (modified) (1 diff)
-
Prefs.inc.php (modified) (9 diffs)
-
SpellCheck.inc.php (modified) (1 diff)
-
Upload.inc.php (modified) (1 diff)
-
Version.inc.php (modified) (13 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Auth_File.inc.php
r141 r146 102 102 return $this->_params[$param]; 103 103 } else { 104 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_ NOTICE, __FILE__, __LINE__);104 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 105 105 return null; 106 106 } -
trunk/lib/Auth_SQL.inc.php
r136 r146 135 135 136 136 // The minimal columns for a table compatable with the Auth_SQL class. 137 $db->query("CREATE TABLE IF NOT EXISTS " . $ this->getParam('db_table') . " (137 $db->query("CREATE TABLE IF NOT EXISTS " . $db->escapeString($this->getParam('db_table')) . " ( 138 138 " . $this->getParam('db_primary_key') . " smallint(11) NOT NULL auto_increment, 139 139 " . $this->getParam('db_username_column') . " varchar(255) NOT NULL default '', … … 242 242 return $this->_params[$param]; 243 243 } else { 244 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_ NOTICE, __FILE__, __LINE__);244 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 245 245 return null; 246 246 } -
trunk/lib/AuthorizeNet.inc.php
r136 r146 157 157 return $this->_params[$param]; 158 158 } else { 159 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_ NOTICE, __FILE__, __LINE__);159 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 160 160 return null; 161 161 } -
trunk/lib/CSS.inc.php
r136 r146 52 52 return $this->_params[$param]; 53 53 } else { 54 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_ NOTICE, __FILE__, __LINE__);54 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 55 55 return null; 56 56 } -
trunk/lib/Cache.inc.php
r137 r146 74 74 return $this->_params[$param]; 75 75 } else { 76 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_ NOTICE, __FILE__, __LINE__);76 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 77 77 return null; 78 78 } -
trunk/lib/DB.inc.php
r136 r146 101 101 return $this->_params[$param]; 102 102 } else { 103 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_ NOTICE, __FILE__, __LINE__);103 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 104 104 return null; 105 105 } -
trunk/lib/DBSessionHandler.inc.php
r136 r146 15 15 var $_params = array( 16 16 'db_table' => 'session_tbl', 17 'create_table' => true, // Automatically create table and verify columns. Better set to false after site launch. 17 18 // Automatically create table and verify columns. Better set to false after site launch. 19 'create_table' => true, 18 20 ); 19 21 -
trunk/lib/Email.inc.php
r136 r146 122 122 return $this->_params[$param]; 123 123 } else { 124 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_ NOTICE, __FILE__, __LINE__);124 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 125 125 return null; 126 126 } -
trunk/lib/ImageThumb.inc.php
r141 r146 135 135 return $this->_params[$param]; 136 136 } else { 137 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_ NOTICE, __FILE__, __LINE__);137 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 138 138 return null; 139 139 } -
trunk/lib/Lock.inc.php
r141 r146 17 17 'error_url' => '/lock.php', 18 18 'db_table' => 'lock_tbl', 19 'create_table' => true, // Automatically create table and verify columns. Better set to false after site launch. 19 20 // Automatically create table and verify columns. Better set to false after site launch. 21 'create_table' => true, 20 22 ); 21 23 … … 84 86 $app->logMsg(sprintf('Dropping and recreating table %s.', $this->getParam('db_table')), LOG_DEBUG, __FILE__, __LINE__); 85 87 } 86 $db->query("CREATE TABLE IF NOT EXISTS " . $ this->getParam('db_table') . " (88 $db->query("CREATE TABLE IF NOT EXISTS " . $db->escapeString($this->getParam('db_table')) . " ( 87 89 lock_id int NOT NULL auto_increment, 88 90 record_table varchar(255) NOT NULL default '', … … 141 143 return $this->_params[$param]; 142 144 } else { 143 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_ NOTICE, __FILE__, __LINE__);145 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 144 146 return null; 145 147 } … … 168 170 // Get lock data by lock_id. 169 171 $qid = $db->query(" 170 SELECT * FROM " . $ this->getParam('db_table') . "172 SELECT * FROM " . $db->escapeString($this->getParam('db_table')) . " 171 173 WHERE lock_id = '" . $db->escapeString($record_table_or_lock_id) . "' 172 174 "); … … 174 176 // Get lock data by record specs 175 177 $qid = $db->query(" 176 SELECT * FROM " . $ this->getParam('db_table') . "178 SELECT * FROM " . $db->escapeString($this->getParam('db_table')) . " 177 179 WHERE record_table = '" . $db->escapeString($record_table_or_lock_id) . "' 178 180 AND record_key = '" . $db->escapeString($record_key) . "' … … 214 216 215 217 if (isset($this->data['lock_id'])) { 216 $qid = $db->query("SELECT * FROM " . $ this->getParam('db_table') . " WHERE lock_id = '" . $db->escapeString($this->data['lock_id']) . "'");218 $qid = $db->query("SELECT * FROM " . $db->escapeString($this->getParam('db_table')) . " WHERE lock_id = '" . $db->escapeString($this->data['lock_id']) . "'"); 217 219 if ($lock = mysql_fetch_assoc($qid)) { 218 220 return ($lock['set_by_admin_id'] == $this->_auth->getVal('user_id')); … … 246 248 // Remove previous locks if exist. Is this better than using a REPLACE INTO? 247 249 $db->query(" 248 DELETE FROM " . $ this->getParam('db_table') . "250 DELETE FROM " . $db->escapeString($this->getParam('db_table')) . " 249 251 WHERE record_table = '" . $db->escapeString($record_table) . "' 250 252 AND record_key = '" . $db->escapeString($record_key) . "' … … 254 256 // Set new lock. 255 257 $db->query(" 256 INSERT INTO " . $ this->getParam('db_table') . " (258 INSERT INTO " . $db->escapeString($this->getParam('db_table')) . " ( 257 259 record_table, 258 260 record_key, … … 293 295 // Delete a specific lock. 294 296 $db->query(" 295 DELETE FROM " . $ this->getParam('db_table') . "297 DELETE FROM " . $db->escapeString($this->getParam('db_table')) . " 296 298 WHERE lock_id = '" . $db->escapeString($this->data['lock_id']) . "' 297 299 "); … … 315 317 if (isset($user_id)) { 316 318 // Delete specific user's locks. 317 $db->query("DELETE FROM " . $ this->getParam('db_table') . " WHERE set_by_admin_id = '" . $db->escapeString($user_id) . "'");319 $db->query("DELETE FROM " . $db->escapeString($this->getParam('db_table')) . " WHERE set_by_admin_id = '" . $db->escapeString($user_id) . "'"); 318 320 $app->logMsg(sprintf('Record locks owned by %s %s have been deleted', $this->_auth->getVal('auth_name'), $this->_auth->getUsername($user_id)), LOG_DEBUG, __FILE__, __LINE__); 319 321 } else { 320 322 // Delete ALL locks. 321 $db->query("DELETE FROM " . $ this->getParam('db_table') . "");323 $db->query("DELETE FROM " . $db->escapeString($this->getParam('db_table')) . ""); 322 324 $app->logMsg(sprintf('All record locks deleted by %s %s', $this->_auth->getVal('auth_name'), $this->_auth->getVal('username')), LOG_DEBUG, __FILE__, __LINE__); 323 325 } … … 338 340 // Delete all old locks. 339 341 $db->query(" 340 DELETE FROM " . $ this->getParam('db_table') . "342 DELETE FROM " . $db->escapeString($this->getParam('db_table')) . " 341 343 WHERE DATE_ADD(lock_datetime, INTERVAL '" . $this->getParam('auto_timeout') . "' SECOND) < NOW() 342 344 "); -
trunk/lib/PEdit.inc.php
r136 r146 125 125 return $this->_params[$param]; 126 126 } else { 127 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_ NOTICE, __FILE__, __LINE__);127 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 128 128 return null; 129 129 } -
trunk/lib/PayPal.inc.php
r136 r146 240 240 return $this->_params[$param]; 241 241 } else { 242 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_ NOTICE, __FILE__, __LINE__);242 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 243 243 return null; 244 244 } -
trunk/lib/Prefs.inc.php
r136 r146 4 4 * code by strangecode :: www.strangecode.com :: this document contains copyrighted information 5 5 * 6 * Prefs provides an API for saving arbitrary values in a user's session. 6 * Prefs provides an API for saving arbitrary values in a user's session. 7 * Session prefs can be stored into a database with the optional save() and load() methods. 7 8 * 8 9 * @author Quinn Comendant <quinn@strangecode.com> … … 14 15 var $_ns; 15 16 17 // Configuration of this object. 18 var $_params = array( 19 20 // Enable database storage. 21 'enable_db' => true, 22 23 // Name of database table to store prefs. 24 'db_table' => 'prefs_tbl', 25 26 // Automatically create table and verify columns. Better set to false after site launch. 27 'create_table' => true, 28 29 // The current user_id for which to load/save preferences. 30 'user_id' => null, 31 ); 32 16 33 /** 17 34 * Prefs constructor. … … 19 36 function Prefs($namespace='') 20 37 { 38 $app =& App::getInstance(); 39 21 40 $this->_ns = '_prefs_' . $namespace; 22 41 23 42 // Initialized the prefs array. 24 43 if (!isset($_SESSION[$this->_ns])) { 25 $_SESSION[$this->_ns] = array(); 44 $_SESSION[$this->_ns] = array('loaded' => false, 'data' => array()); 45 } 46 47 // Get create tables config from global context. 48 if (!is_null($app->getParam('db_create_tables'))) { 49 $this->setParam(array('create_table' => $app->getParam('db_create_tables'))); 50 } 51 } 52 53 /** 54 * Setup the database table for this class. 55 * 56 * @access public 57 * @author Quinn Comendant <quinn@strangecode.com> 58 * @since 04 Jun 2006 16:41:42 59 */ 60 function initDB($recreate_db=false) 61 { 62 $app =& App::getInstance(); 63 $db =& DB::getInstance(); 64 65 static $_db_tested = false; 66 67 if ($recreate_db || !$_db_tested && $this->getParam('create_table')) { 68 if ($recreate_db) { 69 $db->query("DROP TABLE IF EXISTS " . $this->getParam('db_table')); 70 $app->logMsg(sprintf('Dropping and recreating table %s.', $this->getParam('db_table')), LOG_DEBUG, __FILE__, __LINE__); 71 } 72 $db->query("CREATE TABLE IF NOT EXISTS " . $db->escapeString($this->getParam('db_table')) . " ( 73 user_id VARCHAR(32) NOT NULL DEFAULT '', 74 pref_namespace VARCHAR(32) NOT NULL DEFAULT '', 75 pref_key VARCHAR(64) NOT NULL DEFAULT '', 76 pref_value TEXT, 77 PRIMARY KEY (user_id, pref_namespace, pref_key) 78 )"); 79 80 if (!$db->columnExists($this->getParam('db_table'), array( 81 'user_id', 82 'pref_namespace', 83 'pref_key', 84 'pref_value', 85 ), false, false)) { 86 $app->logMsg(sprintf('Database table %s has invalid columns. Please update this table manually.', $this->getParam('db_table')), LOG_ALERT, __FILE__, __LINE__); 87 trigger_error(sprintf('Database table %s has invalid columns. Please update this table manually.', $this->getParam('db_table')), E_USER_ERROR); 88 } 89 } 90 $_db_tested = true; 91 } 92 93 /** 94 * Set the params of this object. 95 * 96 * @param array $params Array of param keys and values to set. 97 */ 98 function setParam($params=null) 99 { 100 if (isset($params) && is_array($params)) { 101 // Merge new parameters with old overriding only those passed. 102 $this->_params = array_merge($this->_params, $params); 103 } 104 } 105 106 /** 107 * Return the value of a parameter, if it exists. 108 * 109 * @access public 110 * @param string $param Which parameter to return. 111 * @return mixed Configured parameter value. 112 */ 113 function getParam($param) 114 { 115 $app =& App::getInstance(); 116 117 if (isset($this->_params[$param])) { 118 return $this->_params[$param]; 119 } else { 120 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 121 return null; 26 122 } 27 123 } … … 34 130 * @param string $val The new value for this preference. 35 131 */ 36 function setDefault ($key, $val)37 { 38 // Set it only if not set already.39 if (!isset($_SESSION[$this->_ns][$key])) {40 $_SESSION[$this->_ns][ $key] = $val;132 function setDefaults($defaults) 133 { 134 if (isset($defaults) && is_array($defaults)) { 135 // Apply defaults to the session, setting only non-existing values. 136 $_SESSION[$this->_ns]['data'] = array_merge($defaults, $_SESSION[$this->_ns]['data']); 41 137 } 42 138 } … … 50 146 function set($key, $val) 51 147 { 52 $_SESSION[$this->_ns][ $key] = $val;148 $_SESSION[$this->_ns]['data'][$key] = $val; 53 149 } 54 150 … … 62 158 function get($key) 63 159 { 64 return (isset($_SESSION[$this->_ns][ $key])) ? $_SESSION[$this->_ns][$key] : null;160 return (isset($_SESSION[$this->_ns]['data'][$key])) ? $_SESSION[$this->_ns]['data'][$key] : null; 65 161 } 66 162 … … 75 171 function exists($key) 76 172 { 77 return isset($_SESSION[$this->_ns][ $key]);173 return isset($_SESSION[$this->_ns]['data'][$key]); 78 174 } 79 175 … … 81 177 * Clear a set preference value. 82 178 * 83 * @param string $key The name of the preference to check.179 * @param string $key The name of the preference to delete. 84 180 */ 85 181 function delete($key) 86 182 { 87 if (isset($_SESSION[$this->_ns][$key])) { 88 unset($_SESSION[$this->_ns][$key]); 89 } 90 } 91 92 /** 93 * Perform cleanup operations. 183 unset($_SESSION[$this->_ns]['data'][$key]); 184 } 185 186 /** 187 * Empty the $_SESSION cache. 94 188 */ 95 189 function clear() … … 97 191 $_SESSION[$this->_ns] = array(); 98 192 } 193 194 /* 195 * Retreives all prefs from the database and stores them in the $_SESSION. 196 * 197 * @access public 198 * @return bool True if loading succeeded. 199 * @author Quinn Comendant <quinn@strangecode.com> 200 * @version 1.0 201 * @since 04 Jun 2006 16:56:53 202 */ 203 function load() 204 { 205 $app =& App::getInstance(); 206 $db =& DB::getInstance(); 207 208 // Skip this method if not using the db. 209 if (true !=== $this->getParam('enable_db')) { 210 return true; 211 } 212 213 // Prefs already loaded for this session. 214 if ($this->_isLoaded()) { 215 return true; 216 } 217 218 // User_id must not be empty. 219 if ('' == $this->getParam('user_id')) { 220 $app->logMsg(sprintf('Cannot save prefs because user_id not set.', null), LOG_ERR, __FILE__, __LINE__); 221 return false; 222 } 223 224 $this->initDB(); 225 226 // Retreive all prefs for this user and namespace. 227 $qid = $db->query(" 228 SELECT pref_key, pref_value 229 FROM " . $db->escapeString($this->getParam('db_table')) . " 230 WHERE user_id = '" . $db->escapeString($this->getParam('user_id')) . "' 231 AND pref_namespace = '" . $db->escapeString($this->_ns) . "' 232 LIMIT 10000 233 "); 234 while (list($key, $val) = mysql_fetch_row($qid)) { 235 $_SESSION[$this->_ns]['data'][$key] = $val; 236 } 237 238 // Data loaded only once per session. 239 $_SESSION[$this->_ns]['loaded'] = true; 240 241 return true; 242 } 243 244 /* 245 * Returns true if the prefs had been loaded from the database into the $_SESSION. 246 * 247 * @access private 248 * @return bool True if prefs are loaded. 249 * @author Quinn Comendant <quinn@strangecode.com> 250 * @version 1.0 251 * @since 04 Jun 2006 17:12:44 252 */ 253 function _isLoaded() 254 { 255 return isset($_SESSION[$this->_ns]['loaded']) && true === $_SESSION[$this->_ns]['loaded']; 256 } 257 258 /* 259 * Saves all prefs stored in the $_SESSION into the database. 260 * 261 * @access public 262 * @return bool True if prefs exist and were saved. 263 * @author Quinn Comendant <quinn@strangecode.com> 264 * @version 1.0 265 * @since 04 Jun 2006 17:19:56 266 */ 267 function save() 268 { 269 $app =& App::getInstance(); 270 $db =& DB::getInstance(); 271 272 // Skip this method if not using the db. 273 if (true !=== $this->getParam('enable_db')) { 274 return true; 275 } 276 277 // User_id must not be empty. 278 if ('' == $this->getParam('user_id')) { 279 $app->logMsg(sprintf('Cannot save prefs because user_id not set.', null), LOG_ERR, __FILE__, __LINE__); 280 return false; 281 } 282 283 $this->initDB(); 284 285 if (isset($_SESSION[$this->_ns]['data']) && is_array($_SESSION[$this->_ns]['data'])) { 286 // Delete old prefs from database. 287 $db->query(" 288 DELETE FROM " . $db->escapeString($this->getParam('db_table')) . " 289 WHERE user_id = '" . $db->escapeString($this->getParam('user_id')) . "' 290 AND pref_namespace = '" . $db->escapeString($this->_ns) . "' 291 "); 292 293 // Insert new prefs. 294 $insert_values = array(); 295 foreach ($_SESSION[$this->_ns]['data'] as $key => $val) { 296 $insert_values[] = sprintf("('%s', '%s', '%s', '%s')", DB::escapeString($this->getParam('user_id')), DB::escapeString($this->_ns), DB::escapeString($key), DB::escapeString($val)); 297 } 298 $db->query(" 299 INSERT LOW_PRIORITY INTO " . $db->escapeString($this->getParam('db_table')) . " 300 (user_id, pref_namespace, pref_key, pref_value) 301 VALUES " . join(', ', $insert_values) . " 302 "); 303 304 $app->logMsg(sprintf('Saved %s preferences to database.', sizeof($insert_values)), LOG_DEBUG, __FILE__, __LINE__); 305 return true; 306 } 307 308 return false; 309 } 99 310 } 100 311 -
trunk/lib/SpellCheck.inc.php
r136 r146 120 120 return $this->_params[$param]; 121 121 } else { 122 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_ NOTICE, __FILE__, __LINE__);122 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 123 123 return null; 124 124 } -
trunk/lib/Upload.inc.php
r142 r146 100 100 return $this->_params[$param]; 101 101 } else { 102 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_ NOTICE, __FILE__, __LINE__);102 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 103 103 return null; 104 104 } -
trunk/lib/Version.inc.php
r144 r146 25 25 'min_days' => 7, // Keep ALL versions within this many days, even if MORE than min_qty. 26 26 'db_table' => 'version_tbl', 27 'create_table' => true, // Automatically create table and verify columns. Better set to false after site launch. 27 28 // Automatically create table and verify columns. Better set to false after site launch. 29 'create_table' => true, 28 30 'db_schema_strict' => true, // If true, makes an exact comparison of saved vs. live table schemas. If false, just checks that the saved columns are available. 29 31 ); … … 90 92 $app->logMsg(sprintf('Dropping and recreating table %s.', $this->getParam('db_table')), LOG_DEBUG, __FILE__, __LINE__); 91 93 } 92 $db->query("CREATE TABLE IF NOT EXISTS " . $ this->getParam('db_table') . " (94 $db->query("CREATE TABLE IF NOT EXISTS " . $db->escapeString($this->getParam('db_table')) . " ( 93 95 version_id int NOT NULL auto_increment, 94 96 record_table varchar(255) NOT NULL default '', … … 151 153 return $this->_params[$param]; 152 154 } else { 153 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_ NOTICE, __FILE__, __LINE__);155 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 154 156 return null; 155 157 } … … 184 186 // Save as new version. 185 187 $db->query(" 186 INSERT INTO " . $ this->getParam('db_table') . " (188 INSERT INTO " . $db->escapeString($this->getParam('db_table')) . " ( 187 189 record_table, 188 190 record_key, … … 224 226 // Get version data. 225 227 $qid = $db->query(" 226 SELECT * FROM " . $ this->getParam('db_table') . "228 SELECT * FROM " . $db->escapeString($this->getParam('db_table')) . " 227 229 WHERE version_id = '" . $db->escapeString($version_id) . "' 228 230 "); … … 284 286 // Get total number of versions for this record. 285 287 $qid = $db->query(" 286 SELECT COUNT(*) FROM " . $ this->getParam('db_table') . "288 SELECT COUNT(*) FROM " . $db->escapeString($this->getParam('db_table')) . " 287 289 WHERE record_table = '" . $db->escapeString($record_table) . "' 288 290 AND record_key = '" . $db->escapeString($record_key) . "' … … 296 298 // First query for oldest records, selecting enough to bring total number down to min_qty. 297 299 $qid = $db->query(" 298 SELECT version_id FROM " . $ this->getParam('db_table') . "300 SELECT version_id FROM " . $db->escapeString($this->getParam('db_table')) . " 299 301 WHERE record_table = '" . $db->escapeString($record_table) . "' 300 302 AND record_key = '" . $db->escapeString($record_key) . "' … … 307 309 } 308 310 $db->query(" 309 DELETE FROM " . $ this->getParam('db_table') . "311 DELETE FROM " . $db->escapeString($this->getParam('db_table')) . " 310 312 WHERE version_id IN ('" . join("','", $old_versions) . "') 311 313 "); … … 313 315 // Delete versions older than min_days, while still keeping min_qty. 314 316 $qid = $db->query(" 315 SELECT version_id FROM " . $ this->getParam('db_table') . "317 SELECT version_id FROM " . $db->escapeString($this->getParam('db_table')) . " 316 318 WHERE record_table = '" . $db->escapeString($record_table) . "' 317 319 AND record_key = '" . $db->escapeString($record_key) . "' … … 326 328 if (sizeof($old_versions) > 0) { 327 329 $db->query(" 328 DELETE FROM " . $ this->getParam('db_table') . "330 DELETE FROM " . $db->escapeString($this->getParam('db_table')) . " 329 331 WHERE version_id IN ('" . join("','", $old_versions) . "') 330 332 "); … … 352 354 $qid = $db->query(" 353 355 SELECT version_id, saved_by_user_id, version_datetime, version_title 354 FROM " . $ this->getParam('db_table') . "356 FROM " . $db->escapeString($this->getParam('db_table')) . " 355 357 WHERE record_table = '" . $db->escapeString($record_table) . "' 356 358 AND record_key = '" . $db->escapeString($record_key) . "' … … 382 384 // Get version data. 383 385 $qid = $db->query(" 384 SELECT * FROM " . $ this->getParam('db_table') . "386 SELECT * FROM " . $db->escapeString($this->getParam('db_table')) . " 385 387 WHERE version_id = '" . $db->escapeString($version_id) . "' 386 388 "); … … 403 405 // Get version data. 404 406 $qid = $db->query(" 405 SELECT * FROM " . $ this->getParam('db_table') . "407 SELECT * FROM " . $db->escapeString($this->getParam('db_table')) . " 406 408 WHERE version_id = '" . $db->escapeString($version_id) . "' 407 409 ");
Note: See TracChangeset
for help on using the changeset viewer.
