Make sure not to double-escape strings used in SQL. Fixed some formatting to comply with style guidelines.
This commit is contained in:
paul
parent
4cd4c8cbf5
commit
55fe551a4a
|
|
@ -6,9 +6,7 @@ define('MODIFY_LAST_MATCH', TRUE);
|
||||||
require_once "XML/Util.php";
|
require_once "XML/Util.php";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* MetaData class
|
* File storage support class.
|
||||||
*
|
|
||||||
* Campcaster file storage support class.<br>
|
|
||||||
* Store metadata tree in relational database.<br>
|
* Store metadata tree in relational database.<br>
|
||||||
*
|
*
|
||||||
* @author $Author$
|
* @author $Author$
|
||||||
|
|
@ -43,8 +41,7 @@ class MetaData {
|
||||||
$this->exists =
|
$this->exists =
|
||||||
$this->dbCheck($gunid) &&
|
$this->dbCheck($gunid) &&
|
||||||
is_file($this->fname) &&
|
is_file($this->fname) &&
|
||||||
is_readable($this->fname)
|
is_readable($this->fname);
|
||||||
;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -282,10 +279,10 @@ class MetaData {
|
||||||
return $r;
|
return $r;
|
||||||
}
|
}
|
||||||
if (!is_null($value)) {
|
if (!is_null($value)) {
|
||||||
$value = pg_escape_string($value);
|
$escapedValue = pg_escape_string($value);
|
||||||
$sql = "
|
$sql = "
|
||||||
UPDATE {$this->mdataTable}
|
UPDATE {$this->mdataTable}
|
||||||
SET object='$value', objns='_L'
|
SET object='$escapedValue', objns='_L'
|
||||||
WHERE id={$mid}
|
WHERE id={$mid}
|
||||||
";
|
";
|
||||||
$res = $this->dbc->query($sql);
|
$res = $this->dbc->query($sql);
|
||||||
|
|
@ -398,10 +395,10 @@ class MetaData {
|
||||||
switch (strtolower($atlang)) {
|
switch (strtolower($atlang)) {
|
||||||
case '':
|
case '':
|
||||||
$plain = array($all[$i]);
|
$plain = array($all[$i]);
|
||||||
break;
|
break;
|
||||||
case strtolower($lang):
|
case strtolower($lang):
|
||||||
$exact = array($all[$i]);
|
$exact = array($all[$i]);
|
||||||
break;
|
break;
|
||||||
case strtolower($deflang):
|
case strtolower($deflang):
|
||||||
$def = array($all[$i]);
|
$def = array($all[$i]);
|
||||||
break;
|
break;
|
||||||
|
|
@ -430,7 +427,7 @@ class MetaData {
|
||||||
* value to store, if NULL then delete record
|
* value to store, if NULL then delete record
|
||||||
* @param string $lang
|
* @param string $lang
|
||||||
* optional xml:lang value for select language version
|
* optional xml:lang value for select language version
|
||||||
* @param int mid
|
* @param int $mid
|
||||||
* metadata record id (OPTIONAL on unique elements)
|
* metadata record id (OPTIONAL on unique elements)
|
||||||
* @param string $container
|
* @param string $container
|
||||||
* container element name for insert
|
* container element name for insert
|
||||||
|
|
@ -440,7 +437,7 @@ class MetaData {
|
||||||
$container='metadata')
|
$container='metadata')
|
||||||
{
|
{
|
||||||
// resolve aktual element:
|
// resolve aktual element:
|
||||||
$rows = $this->getMetadataValue($category, $lang);
|
$rows = $this->getMetadataValue($category, $lang);
|
||||||
$aktual = NULL;
|
$aktual = NULL;
|
||||||
if (count($rows) > 1) {
|
if (count($rows) > 1) {
|
||||||
if (is_null($mid)) {
|
if (is_null($mid)) {
|
||||||
|
|
@ -467,10 +464,9 @@ class MetaData {
|
||||||
if (PEAR::isError($res)) {
|
if (PEAR::isError($res)) {
|
||||||
return $res;
|
return $res;
|
||||||
}
|
}
|
||||||
if (!is_null($lang) &&
|
if (!is_null($lang)
|
||||||
isset($aktual['attrs']['xml:lang']) &&
|
&& isset($aktual['attrs']['xml:lang'])
|
||||||
$aktual['attrs']['xml:lang']!=$lang
|
&& $aktual['attrs']['xml:lang'] != $lang) {
|
||||||
) {
|
|
||||||
$lg = $this->getMetadataEl('xml:lang', $aktual['mid']);
|
$lg = $this->getMetadataEl('xml:lang', $aktual['mid']);
|
||||||
if (PEAR::isError($lg)) {
|
if (PEAR::isError($lg)) {
|
||||||
return $lg;
|
return $lg;
|
||||||
|
|
@ -764,7 +760,7 @@ class MetaData {
|
||||||
$object_sql = is_null($object) ? "NULL" : "'".pg_escape_string($object)."'";
|
$object_sql = is_null($object) ? "NULL" : "'".pg_escape_string($object)."'";
|
||||||
$objns_sql = is_null($objns) ? "NULL" : "'".pg_escape_string($objns)."'";
|
$objns_sql = is_null($objns) ? "NULL" : "'".pg_escape_string($objns)."'";
|
||||||
$res = $this->dbc->query("UPDATE {$this->mdataTable}
|
$res = $this->dbc->query("UPDATE {$this->mdataTable}
|
||||||
SET objns = $objns_sql, object = $object_sql
|
SET objns = $objns_sql, object = $object_sql
|
||||||
WHERE gunid = x'{$this->gunid}'::bigint AND id='$mdid'
|
WHERE gunid = x'{$this->gunid}'::bigint AND id='$mdid'
|
||||||
");
|
");
|
||||||
if (PEAR::isError($res)) {
|
if (PEAR::isError($res)) {
|
||||||
|
|
@ -815,9 +811,9 @@ class MetaData {
|
||||||
}
|
}
|
||||||
$res = $this->dbc->query("
|
$res = $this->dbc->query("
|
||||||
INSERT INTO {$this->mdataTable}
|
INSERT INTO {$this->mdataTable}
|
||||||
(id , gunid , subjns , subject ,
|
(id , gunid, subjns, subject,
|
||||||
predns , predicate , predxml ,
|
predns, predicate, predxml,
|
||||||
objns , object
|
objns, object
|
||||||
)
|
)
|
||||||
VALUES
|
VALUES
|
||||||
($id, x'{$this->gunid}'::bigint, $subjns_sql, $subject_sql,
|
($id, x'{$this->gunid}'::bigint, $subjns_sql, $subject_sql,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue