Changeset 146 for trunk/lib/Lock.inc.php
- Timestamp:
- Jun 5, 2006 1:14:51 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/Lock.inc.php
r141 r146 17 17 'error_url' => '/lock.php', 18 18 'db_table' => 'lock_tbl', 19 'create_table' => true, // Automatically create table and verify columns. Better set to false after site launch. 19 20 // Automatically create table and verify columns. Better set to false after site launch. 21 'create_table' => true, 20 22 ); 21 23 … … 84 86 $app->logMsg(sprintf('Dropping and recreating table %s.', $this->getParam('db_table')), LOG_DEBUG, __FILE__, __LINE__); 85 87 } 86 $db->query("CREATE TABLE IF NOT EXISTS " . $ this->getParam('db_table') . " (88 $db->query("CREATE TABLE IF NOT EXISTS " . $db->escapeString($this->getParam('db_table')) . " ( 87 89 lock_id int NOT NULL auto_increment, 88 90 record_table varchar(255) NOT NULL default '', … … 141 143 return $this->_params[$param]; 142 144 } else { 143 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_ NOTICE, __FILE__, __LINE__);145 $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); 144 146 return null; 145 147 } … … 168 170 // Get lock data by lock_id. 169 171 $qid = $db->query(" 170 SELECT * FROM " . $ this->getParam('db_table') . "172 SELECT * FROM " . $db->escapeString($this->getParam('db_table')) . " 171 173 WHERE lock_id = '" . $db->escapeString($record_table_or_lock_id) . "' 172 174 "); … … 174 176 // Get lock data by record specs 175 177 $qid = $db->query(" 176 SELECT * FROM " . $ this->getParam('db_table') . "178 SELECT * FROM " . $db->escapeString($this->getParam('db_table')) . " 177 179 WHERE record_table = '" . $db->escapeString($record_table_or_lock_id) . "' 178 180 AND record_key = '" . $db->escapeString($record_key) . "' … … 214 216 215 217 if (isset($this->data['lock_id'])) { 216 $qid = $db->query("SELECT * FROM " . $ this->getParam('db_table') . " WHERE lock_id = '" . $db->escapeString($this->data['lock_id']) . "'");218 $qid = $db->query("SELECT * FROM " . $db->escapeString($this->getParam('db_table')) . " WHERE lock_id = '" . $db->escapeString($this->data['lock_id']) . "'"); 217 219 if ($lock = mysql_fetch_assoc($qid)) { 218 220 return ($lock['set_by_admin_id'] == $this->_auth->getVal('user_id')); … … 246 248 // Remove previous locks if exist. Is this better than using a REPLACE INTO? 247 249 $db->query(" 248 DELETE FROM " . $ this->getParam('db_table') . "250 DELETE FROM " . $db->escapeString($this->getParam('db_table')) . " 249 251 WHERE record_table = '" . $db->escapeString($record_table) . "' 250 252 AND record_key = '" . $db->escapeString($record_key) . "' … … 254 256 // Set new lock. 255 257 $db->query(" 256 INSERT INTO " . $ this->getParam('db_table') . " (258 INSERT INTO " . $db->escapeString($this->getParam('db_table')) . " ( 257 259 record_table, 258 260 record_key, … … 293 295 // Delete a specific lock. 294 296 $db->query(" 295 DELETE FROM " . $ this->getParam('db_table') . "297 DELETE FROM " . $db->escapeString($this->getParam('db_table')) . " 296 298 WHERE lock_id = '" . $db->escapeString($this->data['lock_id']) . "' 297 299 "); … … 315 317 if (isset($user_id)) { 316 318 // Delete specific user's locks. 317 $db->query("DELETE FROM " . $ this->getParam('db_table') . " WHERE set_by_admin_id = '" . $db->escapeString($user_id) . "'");319 $db->query("DELETE FROM " . $db->escapeString($this->getParam('db_table')) . " WHERE set_by_admin_id = '" . $db->escapeString($user_id) . "'"); 318 320 $app->logMsg(sprintf('Record locks owned by %s %s have been deleted', $this->_auth->getVal('auth_name'), $this->_auth->getUsername($user_id)), LOG_DEBUG, __FILE__, __LINE__); 319 321 } else { 320 322 // Delete ALL locks. 321 $db->query("DELETE FROM " . $ this->getParam('db_table') . "");323 $db->query("DELETE FROM " . $db->escapeString($this->getParam('db_table')) . ""); 322 324 $app->logMsg(sprintf('All record locks deleted by %s %s', $this->_auth->getVal('auth_name'), $this->_auth->getVal('username')), LOG_DEBUG, __FILE__, __LINE__); 323 325 } … … 338 340 // Delete all old locks. 339 341 $db->query(" 340 DELETE FROM " . $ this->getParam('db_table') . "342 DELETE FROM " . $db->escapeString($this->getParam('db_table')) . " 341 343 WHERE DATE_ADD(lock_datetime, INTERVAL '" . $this->getParam('auto_timeout') . "' SECOND) < NOW() 342 344 ");
Note: See TracChangeset
for help on using the changeset viewer.