Skip to content
GitLab
Commit cc7a8275 authored by Marius Cramer's avatar Marius Cramer
Browse files

- rewrite of sql queries to new form

parent 3f916ccb
Hide whitespace changes
Inline Side-by-side
helper_scripts/recreate_webalizer_stats.php
View file @ cc7a8275
......@@ -5,8 +5,8 @@
//######################################################################################################
$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ".$conf["server_id"];
$records = $app->db->queryAllRecords($sql);
$sql = "SELECT domain_id, domain, document_root FROM web_domain WHERE server_id = ?";
$records = $app->db->queryAllRecords($sql, $conf["server_id"]);
foreach($records as $rec) {
$domain = escapeshellcmd($rec["domain"]);
$logdir = escapeshellcmd($rec["document_root"].'/log');
......
install/apps/metronome_libs/mod_auth_external/db_auth.php
View file @ cc7a8275
......@@ -17,7 +17,7 @@ try{
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
$result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
$result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
result_false($result->num_rows != 1);
$user = $result->fetch_object();
......
install/apps/metronome_libs/mod_auth_external/db_isuser.php
View file @ cc7a8275
......@@ -15,7 +15,7 @@ try{
// check for existing user
$dbmail = $db->real_escape_string($arg_email);
$result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE '".$dbmail."' AND active='y' AND server_id='".$isp_server_id."'");
$result = $db->query("SELECT jid, password FROM xmpp_user WHERE jid LIKE ? AND active='y' AND server_id=?", $dbmail, $isp_server_id);
result_false($result->num_rows != 1);
result_true();
......
install/dist/lib/gentoo.lib.php
View file @ cc7a8275
......@@ -229,7 +229,7 @@ class installer extends installer_base
// check if virtual_transport must be changed
if ($this->is_update) {
$tmp = $this->db->queryOneRecord("SELECT * FROM ".$conf["mysql"]["database"].".server WHERE server_id = ".$conf['server_id']);
$tmp = $this->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"].".server", $conf['server_id']);
$ini_array = ini_to_array(stripslashes($tmp['config']));
// ini_array needs not to be checked, because already done in update.php -> updateDbAndIni()
......@@ -421,13 +421,13 @@ class installer extends installer_base
global $conf;
//* Create the database
if(!$this->db->query('CREATE DATABASE IF NOT EXISTS '.$conf['powerdns']['database'].' DEFAULT CHARACTER SET '.$conf['mysql']['charset'])) {
if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['powerdns']['database'], $conf['mysql']['charset'])) {
$this->error('Unable to create MySQL database: '.$conf['powerdns']['database'].'.');
}
//* Create the ISPConfig database user in the local database
$query = 'GRANT ALL ON `'.$conf['powerdns']['database'].'` . * TO \''.$conf['mysql']['ispconfig_user'].'\'@\'localhost\';';
if(!$this->db->query($query)) {
$query = 'GRANT ALL ON ??.* TO ?@?';
if(!$this->db->query($query, $conf['powerdns']['database'], $conf['mysql']['ispconfig_user'], 'localhost')) {
$this->error('Unable to create user for powerdns database Error: '.$this->db->errorMessage);
}
......@@ -537,21 +537,6 @@ class installer extends installer_base
//* Copy the ISPConfig configuration include
/*
$content = $this->get_template_file('apache_ispconfig.conf', true);
$records = $this->db->queryAllRecords("SELECT * FROM server_ip WHERE server_id = ".$conf["server_id"]." AND virtualhost = 'y'");
if(is_array($records) && count($records) > 0)
{
foreach($records as $rec) {
$content .= "NameVirtualHost ".$rec["ip_address"].":80\n";
$content .= "NameVirtualHost ".$rec["ip_address"].":443\n";
}
}
$this->write_config_file($conf['apache']['vhost_conf_dir'].'/000-ispconfig.conf', $content);
*/
$tpl = new tpl('apache_ispconfig.conf.master');
$tpl->setVar('apache_version',getapacheversion());
......
install/uninstall.php
View file @ cc7a8275
......@@ -60,14 +60,6 @@ if($do_uninstall == 'yes') {
echo "\n\n>> Uninstalling ISPConfig 3... \n\n";
// Delete the ISPConfig database
// $app->db->query("DROP DATABASE '".$conf["db_database"]."'");
// $app->db->query("DELETE FROM mysql.user WHERE User = 'ispconfig'");
// exec("/etc/init.d/mysql stop");
// exec("rm -rf /var/lib/mysql/".$conf["db_database"]);
// exec("/etc/init.d/mysql start");
$link = mysql_connect($clientdb_host, $clientdb_user, $clientdb_password);
if (!$link) {
echo "Unable to connect to the database'.mysql_error($link)";
......
interface/lib/app.inc.php
View file @ cc7a8275
......@@ -155,15 +155,15 @@ class app {
public function conf($plugin, $key, $value = null) {
if(is_null($value)) {
$tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");
$tmpconf = $this->db->queryOneRecord("SELECT `value` FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
if($tmpconf) return $tmpconf['value'];
else return null;
} else {
if($value === false) {
$this->db->query("DELETE FROM `sys_config` WHERE `group` = '" . $this->db->quote($plugin) . "' AND `name` = '" . $this->db->quote($key) . "'");
$this->db->query("DELETE FROM `sys_config` WHERE `group` = ? AND `name` = ?", $plugin, $key);
return null;
} else {
$this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES ('" . $this->db->quote($plugin) . "', '" . $this->db->quote($key) . "', '" . $this->db->quote($value) . "')");
$this->db->query("REPLACE INTO `sys_config` (`group`, `name`, `value`) VALUES (?, ?, ?)", $plugin, $key, $value);
return $value;
}
}
......@@ -179,8 +179,8 @@ class app {
$server_id = 0;
$priority = $this->functions->intval($priority);
$tstamp = time();
$msg = $this->db->quote('[INTERFACE]: '.$msg);
$this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ($server_id,0,$priority,$tstamp,'$msg')");
$msg = '[INTERFACE]: '.$msg;
$this->db->query("INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, ?, ?)", $server_id, $priority,$tstamp,$msg);
/*
if (is_writable($this->_conf['log_file'])) {
if (!$fp = fopen ($this->_conf['log_file'], 'a')) {
......
interface/lib/classes/aps_crawler.inc.php
View file @ cc7a8275
......@@ -356,14 +356,7 @@ class ApsCrawler extends ApsBase
$old_folder = $this->interface_pkg_dir.'/'.$app_name.'-'.$ex_ver.'.app.zip';
if(file_exists($old_folder)) $this->removeDirectory($old_folder);
/*
$app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_OUTDATED."' WHERE name = '".
$app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '".
$app->db->quote($ex_ver)."';");
*/
$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = '".
$app->db->quote($app_name)."' AND CONCAT(version, '-', CAST(`release` AS CHAR)) = '".
$app->db->quote($ex_ver)."';");
$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE name = ? AND CONCAT(version, '-', CAST(`release` AS CHAR)) = ?", $app_name, $ex_ver);
$app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_OUTDATED, 'id', $tmp['id']);
unset($tmp);
}
......@@ -539,13 +532,11 @@ class ApsCrawler extends ApsBase
// Get registered packages and mark non-existant packages with an error code to omit the install
$existing_packages = array();
$path_query = $app->db->queryAllRecords('SELECT path AS Path FROM aps_packages;');
$path_query = $app->db->queryAllRecords('SELECT path AS Path FROM aps_packages');
foreach($path_query as $path) $existing_packages[] = $path['Path'];
$diff = array_diff($existing_packages, $pkg_list);
foreach($diff as $todelete) {
/*$app->db->query("UPDATE aps_packages SET package_status = '".PACKAGE_ERROR_NOMETA."'
WHERE path = '".$app->db->quote($todelete)."';");*/
$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = '".$app->db->quote($todelete)."';");
$tmp = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE path = ?", $todelete);
$app->db->datalogUpdate('aps_packages', "package_status = ".PACKAGE_ERROR_NOMETA, 'id', $tmp['id']);
unset($tmp);
}
......@@ -576,13 +567,6 @@ class ApsCrawler extends ApsBase
//$pkg_url = $this->app_download_url_list[$pkg];
$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$pkg.'/PKG_URL');
/*
$app->db->query("INSERT INTO `aps_packages`
(`path`, `name`, `category`, `version`, `release`, `package_status`) VALUES
('".$app->db->quote($pkg)."', '".$app->db->quote($pkg_name)."',
'".$app->db->quote($pkg_category)."', '".$app->db->quote($pkg_version)."',
".$app->db->quote($pkg_release).", ".PACKAGE_ENABLED.");");
*/
// Insert only if data is complete
if($pkg != '' && $pkg_name != '' && $pkg_category != '' && $pkg_version != '' && $pkg_release != '' && $pkg_url){
$insert_data = "(`path`, `name`, `category`, `version`, `release`, `package_url`, `package_status`) VALUES
......@@ -619,7 +603,7 @@ class ApsCrawler extends ApsBase
// This method must be used in interface mode
if(!$this->interface_mode) return false;
$incomplete_pkgs = $app->db->queryAllRecords("SELECT * FROM aps_packages WHERE package_url = ''");
$incomplete_pkgs = $app->db->queryAllRecords("SELECT * FROM aps_packages WHERE package_url = ?", '');
if(is_array($incomplete_pkgs) && !empty($incomplete_pkgs)){
foreach($incomplete_pkgs as $incomplete_pkg){
$pkg_url = @file_get_contents($this->interface_pkg_dir.'/'.$incomplete_pkg['path'].'/PKG_URL');
......
interface/lib/classes/aps_guicontroller.inc.php
View file @ cc7a8275
......@@ -100,7 +100,7 @@ class ApsGUIController extends ApsBase
$customerdata = $app->db->queryOneRecord("SELECT client_id FROM sys_group, web_domain
WHERE web_domain.sys_groupid = sys_group.groupid
AND web_domain.domain = '".$app->db->quote($domain)."';");
AND web_domain.domain = ?", $domain);
if(!empty($customerdata)) $customerid = $customerdata['client_id'];
return $customerid;
......@@ -122,14 +122,14 @@ class ApsGUIController extends ApsBase
$websrv = $app->db->queryOneRecord("SELECT server_id FROM web_domain
WHERE domain = (SELECT value FROM aps_instances_settings
WHERE name = 'main_domain' AND instance_id = ".$app->db->quote($instanceid).");");
WHERE name = 'main_domain' AND instance_id = ?)", $instanceid);
// If $websrv is empty, an error has occured. Domain no longer existing? Settings table damaged?
// Anyhow, remove this instance record because it's not useful at all
if(empty($websrv))
{
$app->db->query("DELETE FROM aps_instances WHERE id = ".$app->db->quote($instanceid).";");
$app->db->query("DELETE FROM aps_instances_settings WHERE instance_id = ".$app->db->quote($instanceid).";");
$app->db->query("DELETE FROM aps_instances WHERE id = ?", $instanceid);
$app->db->query("DELETE FROM aps_instances_settings WHERE instance_id = ?", $instanceid);
}
else $webserver_id = $websrv['server_id'];
......@@ -154,9 +154,9 @@ class ApsGUIController extends ApsBase
$result = $app->db->queryOneRecord("SELECT id, name,
CONCAT(version, '-', CAST(`release` AS CHAR)) AS current_version
FROM aps_packages
WHERE name = (SELECT name FROM aps_packages WHERE id = ".$app->db->quote($id).")
WHERE name = (SELECT name FROM aps_packages WHERE id = ?)
AND package_status = 2
ORDER BY REPLACE(version, '.', '')+0 DESC, `release` DESC");
ORDER BY REPLACE(version, '.', '')+0 DESC, `release` DESC", $id);
if(!empty($result) && ($id != $result['id'])) return $result['id'];
......@@ -180,7 +180,7 @@ class ApsGUIController extends ApsBase
'package_status = '.PACKAGE_ENABLED.' AND' :
'(package_status = '.PACKAGE_ENABLED.' OR package_status = '.PACKAGE_LOCKED.') AND';
$result = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE ".$sql_ext." id = ".$app->db->quote($id).";");
$result = $app->db->queryOneRecord("SELECT id FROM aps_packages WHERE ".$sql_ext." id = ?", $id);
if(!$result) return false;
return true;
......@@ -203,9 +203,15 @@ class ApsGUIController extends ApsBase
if(preg_match('/^[0-9]+$/', $id) != 1) return false;
// Only filter if not admin
$sql_ext = (!$is_admin) ? 'customer_id = '.$app->db->quote($client_id).' AND' : '';
$result = $app->db->queryOneRecord('SELECT id FROM aps_instances WHERE '.$sql_ext.' id = '.$app->db->quote($id).';');
$params = array();
$sql_ext = '';
if(!$is_admin) {
$sql_ext = 'customer_id = ? AND ';
$params[] = $client_id;
}
$params[] = $id;
$result = $app->db->queryOneRecord('SELECT id FROM aps_instances WHERE '.$sql_ext.' id = ?', true, $params);
if(!$result) return false;
return true;
......@@ -226,7 +232,7 @@ class ApsGUIController extends ApsBase
unset($tmp);
// get information if the webserver is a db server, too
$web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id = ".$app->functions->intval($websrv['server_id']));
$web_server = $app->db->queryOneRecord("SELECT server_id,server_name,db_server FROM server WHERE server_id = ?", $websrv['server_id']);
if($web_server['db_server'] == 1) {
// create database on "localhost" (webserver)
$mysql_db_server_id = $app->functions->intval($websrv['server_id']);
......@@ -235,7 +241,7 @@ class ApsGUIController extends ApsBase
$mysql_db_remote_ips = '';
} else {
//* get the default database server of the client
$client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($websrv['sys_groupid']));
$client = $app->db->queryOneRecord("SELECT default_dbserver FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $websrv['sys_groupid']);
if(is_array($client) && $client['default_dbserver'] > 0 && $client['default_dbserver'] != $websrv['server_id']) {
$mysql_db_server_id = $app->functions->intval($client['default_dbserver']);
$dbserver_config = $web_config = $app->getconf->get_server_config($app->functions->intval($mysql_db_server_id), 'server');
......@@ -263,7 +269,7 @@ class ApsGUIController extends ApsBase
//* Find a free db name for the app
for($n = 1; $n <= 1000; $n++) {
$mysql_db_name = $app->db->quote(($dbname_prefix != '' ? $dbname_prefix.'aps'.$n : uniqid('aps')));
$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = '".$app->db->quote($mysql_db_name)."'");
$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = ?", $mysql_db_name);
if($tmp['number'] == 0) break;
}
$settings['main_database_name'] = $mysql_db_name;
......@@ -272,14 +278,14 @@ class ApsGUIController extends ApsBase
//* Find a free db username for the app
for($n = 1; $n <= 1000; $n++) {
$mysql_db_user = $app->db->quote(($dbuser_prefix != '' ? $dbuser_prefix.'aps'.$n : uniqid('aps')));
$tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = '".$app->db->quote($mysql_db_user)."'");
$tmp = $app->db->queryOneRecord("SELECT count(database_user_id) as number FROM web_database_user WHERE database_user = ?", $mysql_db_user);
if($tmp['number'] == 0) break;
}
$settings['main_database_login'] = $mysql_db_user;
}
//* Create the mysql database user if not existing
$tmp = $app->db->queryOneRecord("SELECT database_user_id FROM web_database_user WHERE database_user = '".$app->db->quote($settings['main_database_login'])."'");
$tmp = $app->db->queryOneRecord("SELECT database_user_id FROM web_database_user WHERE database_user = ?", $settings['main_database_login']);
if(!$tmp) {
$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `database_user`, `database_user_prefix`, `database_password`)
VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', 0, '".$settings['main_database_login']."', '".$app->db->quote($dbuser_prefix) . "', PASSWORD('".$settings['main_database_password']."'))";
......@@ -288,7 +294,7 @@ class ApsGUIController extends ApsBase
else $mysql_db_user_id = $tmp['database_user_id'];
//* Create the mysql database if not existing
$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = '".$app->db->quote($settings['main_database_name'])."'");
$tmp = $app->db->queryOneRecord("SELECT count(database_id) as number FROM web_database WHERE database_name = ?", $settings['main_database_name']);
if($tmp['number'] == 0) {
$insert_data = "(`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `server_id`, `parent_domain_id`, `type`, `database_name`, `database_name_prefix`, `database_user_id`, `database_ro_user_id`, `database_charset`, `remote_access`, `remote_ips`, `backup_copies`, `active`, `backup_interval`)
VALUES( ".$app->functions->intval($websrv['sys_userid']).", ".$app->functions->intval($websrv['sys_groupid']).", 'riud', '".$app->functions->intval($websrv['sys_perm_group'])."', '', $mysql_db_server_id, ".$app->functions->intval($websrv['domain_id']).", 'mysql', '".$settings['main_database_name']."', '" . $app->db->quote($dbname_prefix) . "', '$mysql_db_user_id', 0, '', '$mysql_db_remote_access', '$mysql_db_remote_ips', ".$app->functions->intval($websrv['backup_copies']).", 'y', '".$app->functions->intval($websrv['backup_interval'])."')";
......@@ -312,7 +318,7 @@ class ApsGUIController extends ApsBase
$app->uses('tools_sites');
$webserver_id = 0;
$websrv = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = '".$app->db->quote($settings['main_domain'])."';");
$websrv = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain = ?", $settings['main_domain']);
if(!empty($websrv)) $webserver_id = $websrv['server_id'];
$customerid = $this->getCustomerIDFromDomain($settings['main_domain']);
......@@ -336,7 +342,7 @@ class ApsGUIController extends ApsBase
//* Create the MySQL database for the application if necessary
$pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($packageid).';');
$pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = ?', $packageid);
$metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml';
$sxe = $this->readInMetaFile($metafile);
......@@ -371,24 +377,14 @@ class ApsGUIController extends ApsBase
public function deleteInstance($instanceid, $keepdatabase = false)
{
global $app;
/*
$app->db->query("UPDATE aps_instances SET instance_status = ".INSTANCE_REMOVE." WHERE id = ".$instanceid.";");
$webserver_id = $this->getInstanceDataForDatalog($instanceid);
if($webserver_id == '') return;
// Create a sys_datalog entry for deletion
$datalog = array('Instance_id' => $instanceid, 'server_id' => $webserver_id);
$app->db->datalogSave('aps', 'DELETE', 'id', $instanceid, array(), $datalog);
*/
if (!$keepdatabase) {
$sql = "SELECT web_database.database_id as database_id, web_database.database_user_id as `database_user_id` FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ".$instanceid." LIMIT 0,1";
$tmp = $app->db->queryOneRecord($sql);
$sql = "SELECT web_database.database_id as database_id, web_database.database_user_id as `database_user_id` FROM aps_instances_settings, web_database WHERE aps_instances_settings.value = web_database.database_name AND aps_instances_settings.name = 'main_database_name' AND aps_instances_settings.instance_id = ? LIMIT 0,1";
$tmp = $app->db->queryOneRecord($sql, $instanceid);
if($tmp['database_id'] > 0) $app->db->datalogDelete('web_database', 'database_id', $tmp['database_id']);
$database_user = $tmp['database_user_id'];
$tmp = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_database` WHERE `database_user_id` = '" . $app->functions->intval($database_user) . "' OR `database_ro_user_id` = '" . $app->functions->intval($database_user) . "'");
$tmp = $app->db->queryOneRecord("SELECT COUNT(*) as `cnt` FROM `web_database` WHERE `database_user_id` = ? OR `database_ro_user_id` = ?", $database_user, $database_user);
if($tmp['cnt'] < 1) $app->db->datalogDelete('web_database_user', 'database_user_id', $database_user);
}
......@@ -406,7 +402,7 @@ class ApsGUIController extends ApsBase
{
global $app;
$pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($id).';');
$pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = ?', $id);
// Load in meta file if existing and register its namespaces
$metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml';
......@@ -528,7 +524,7 @@ class ApsGUIController extends ApsBase
if(in_array($postinput['main_domain'], $domains))
{
$docroot = $app->db->queryOneRecord("SELECT document_root FROM web_domain
WHERE domain = '".$app->db->quote($postinput['main_domain'])."';");
WHERE domain = ?", $postinput['main_domain']);
$new_path = $docroot['document_root'];
if(substr($new_path, -1) != '/') $new_path .= '/';
$new_path .= $main_location;
......@@ -543,13 +539,13 @@ class ApsGUIController extends ApsBase
$instance_domains = $app->db->queryAllRecords("SELECT instance_id, s.value AS domain
FROM aps_instances AS i, aps_instances_settings AS s
WHERE i.id = s.instance_id AND s.name = 'main_domain'
AND i.customer_id = '".$app->db->quote($customerid)."';");
AND i.customer_id = ?", $customerid);
for($i = 0; $i < count($instance_domains); $i++)
{
$used_path = '';
$doc_root = $app->db->queryOneRecord("SELECT document_root FROM web_domain
WHERE domain = '".$app->db->quote($instance_domains[$i]['domain'])."';");
WHERE domain = ?", $instance_domains[$i]['domain']);
// Probably the domain settings were changed later, so make sure the doc_root
// is not empty for further validation
......@@ -560,7 +556,7 @@ class ApsGUIController extends ApsBase
$location_for_domain = $app->db->queryOneRecord("SELECT value
FROM aps_instances_settings WHERE name = 'main_location'
AND instance_id = '".$app->db->quote($instance_domains[$i]['instance_id'])."';");
AND instance_id = ?", $instance_domains[$i]['instance_id']);
// The location might be empty but the DB return must not be false!
if($location_for_domain) $used_path .= $location_for_domain['value'];
......@@ -693,7 +689,7 @@ class ApsGUIController extends ApsBase
{
global $app;
$pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = '.$app->db->quote($id).';');
$pkg = $app->db->queryOneRecord('SELECT * FROM aps_packages WHERE id = ?', $id);
// Load in meta file if existing and register its namespaces
$metafile = $this->interface_pkg_dir.'/'.$pkg['path'].'/APP-META.xml';
......
interface/lib/classes/auth.inc.php
View file @ cc7a8275
......@@ -57,7 +57,7 @@ class auth {
global $app, $conf;
$userid = $app->functions->intval($userid);
$client = $app->db->queryOneRecord("SELECT client.limit_client FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");
$client = $app->db->queryOneRecord("SELECT client.limit_client FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id", $userid);
if($client['limit_client'] != 0) {
return true;
} else {
......@@ -73,12 +73,12 @@ class auth {
$groupid = $app->functions->intval($groupid);
if($userid > 0 && $groupid > 0) {
$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $userid");
$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ?", $userid);
$groups = explode(',', $user['groups']);
if(!in_array($groupid, $groups)) $groups[] = $groupid;
$groups_string = implode(',', $groups);
$sql = "UPDATE sys_user SET groups = '$groups_string' WHERE userid = $userid";
$app->db->query($sql);
$sql = "UPDATE sys_user SET groups = ? WHERE userid = ?";
$app->db->query($sql, $groups_string, $userid);
return true;
} else {
return false;
......@@ -95,7 +95,7 @@ class auth {
// simple query cache
if($this->client_limits===null)
$this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");
$this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id", $userid);
// isn't client -> no limit
if(!$this->client_limits)
......@@ -114,13 +114,13 @@ class auth {
$groupid = $app->functions->intval($groupid);
if($userid > 0 && $groupid > 0) {
$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $userid");
$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = ", $userid);
$groups = explode(',', $user['groups']);
$key = array_search($groupid, $groups);
unset($groups[$key]);
$groups_string = implode(',', $groups);
$sql = "UPDATE sys_user SET groups = '$groups_string' WHERE userid = $userid";
$app->db->query($sql);
$sql = "UPDATE sys_user SET groups = ? WHERE userid = ?";
$app->db->query($sql, $groups_string, $userid);
return true;
} else {
return false;
......
interface/lib/classes/client_templates.inc.php
View file @ cc7a8275
......@@ -49,7 +49,7 @@ class client_templates {
if($old_style == true) {
// we have to take care of this in an other way
$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
if(is_array($in_db) && count($in_db) > 0) {
foreach($in_db as $item) {
if(array_key_exists($item['client_template_id'], $needed_types) == false) $needed_types[$item['client_template_id']] = 0;
......@@ -61,24 +61,24 @@ class client_templates {
if($count > 0) {
// add new template to client (includes those from old-style without assigned_template_id)
for($i = $count; $i > 0; $i--) {
$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($tpl_id) . ')');
$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)', $clientId, $tpl_id);
}
} elseif($count < 0) {
// remove old ones
for($i = $count; $i < 0; $i++) {
$app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ' . $app->functions->intval($clientId) . ' AND client_template_id = ' . $app->functions->intval($tpl_id) . ' LIMIT 1');
$app->db->query('DELETE FROM `client_template_assigned` WHERE client_id = ? AND client_template_id = ? LIMIT 1', $clientId, $tpl_id);
}
}
}
} else {
// we have to take care of this in an other way
$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
$in_db = $app->db->queryAllRecords('SELECT `assigned_template_id`, `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
if(is_array($in_db) && count($in_db) > 0) {
// check which templates were removed from this client
foreach($in_db as $item) {
if(in_array($item['assigned_template_id'], $used_assigned) == false) {
// delete this one
$app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ' . $app->functions->intval($item['assigned_template_id']));
$app->db->query('DELETE FROM `client_template_assigned` WHERE `assigned_template_id` = ?', $item['assigned_template_id']);
}
}
}
......@@ -86,7 +86,7 @@ class client_templates {
if(count($new_tpl) > 0) {
foreach($new_tpl as $item) {
// add new template to client (includes those from old-style without assigned_template_id)
$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (' . $app->functions->intval($clientId) . ', ' . $app->functions->intval($item) . ')');
$app->db->query('INSERT INTO `client_template_assigned` (`client_id`, `client_template_id`) VALUES (?, ?)', $clientId, $item);
}
}
}
......@@ -106,8 +106,8 @@ class client_templates {
/*
* Get the master-template for the client
*/
$sql = "SELECT template_master, template_additional,limit_client FROM client WHERE client_id = " . $app->functions->intval($clientId);
$record = $app->db->queryOneRecord($sql);
$sql = "SELECT template_master, template_additional,limit_client FROM client WHERE client_id = ?";
$record = $app->db->queryOneRecord($sql, $clientId);
$masterTemplateId = $record['template_master'];
$is_reseller = ($record['limit_client'] != 0)?true:false;
......@@ -115,15 +115,15 @@ class client_templates {
// we have to call the update_client_templates function
$templates = explode('/', $record['template_additional']);
$this->update_client_templates($clientId, $templates);
$app->db->query('UPDATE `client` SET `template_additional` = \'\' WHERE `client_id` = ' . $app->functions->intval($clientId));
$app->db->query('UPDATE `client` SET `template_additional` = \'\' WHERE `client_id` = ?', $clientId);
}
/*
* if the master-Template is custom there is NO changing
*/
if ($masterTemplateId > 0){
$sql = "SELECT * FROM client_template WHERE template_id = " . $app->functions->intval($masterTemplateId);
$limits = $app->db->queryOneRecord($sql);
$sql = "SELECT * FROM client_template WHERE template_id = ?";
$limits = $app->db->queryOneRecord($sql, $masterTemplateId);
} else {
// if there is no master template it makes NO SENSE adding sub templates.
// adding subtemplates are stored in client limits, so they would add up
......@@ -136,11 +136,11 @@ class client_templates {
* if != -1)
*/
$addTpl = explode('/', $additionalTemplateStr);
$addTpls = $app->db->queryAllRecords('SELECT `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ' . $app->functions->intval($clientId));
$addTpls = $app->db->queryAllRecords('SELECT `client_template_id` FROM `client_template_assigned` WHERE `client_id` = ?', $clientId);
foreach ($addTpls as $addTpl){
$item = $addTpl['client_template_id'];
$sql = "SELECT * FROM client_template WHERE template_id = " . $app->functions->intval($item);
$addLimits = $app->db->queryOneRecord($sql);
$sql = "SELECT * FROM client_template WHERE template_id = ?";
$addLimits = $app->db->queryOneRecord($sql, $item);
$app->log('Template processing subtemplate ' . $item . ' for client ' . $clientId, LOGLEVEL_DEBUG);
/* maybe the template is deleted in the meantime */
if (is_array($addLimits)){
......@@ -232,6 +232,7 @@ class client_templates {
* Write all back to the database
*/
$update = '';
$update_values = array();
if(!$is_reseller) unset($limits['limit_client']); // Only Resellers may have limit_client set in template to ensure that we do not convert a client to reseller accidently.
foreach($limits as $k => $v){
if (strpos($k, 'default') !== false and $v == 0) {
......@@ -239,13 +240,16 @@ class client_templates {
}
if ((strpos($k, 'limit') !== false or strpos($k, 'default') !== false or $k == 'ssh_chroot' or $k == 'web_php_options' or $k == 'force_suexec') && !is_array($v)){
if ($update != '') $update .= ', ';
$update .= '`' . $k . "`='" . $v . "'";
$update .= '?? = ?';
$update_values[] = $k;
$update_values[] = $v;
}
}
$update_values[] = $clientId;
$app->log('Template processed for client ' . $clientId . ', update string: ' . $update, LOGLEVEL_DEBUG);
if($update != '') {
$sql = 'UPDATE client SET ' . $update . " WHERE client_id = " . $app->functions->intval($clientId);
$app->db->query($sql);
$sql = 'UPDATE client SET ' . $update . " WHERE client_id = ?";
$app->db->query($sql, true, $update_values);
}
unset($form);
}
......