From 14cfc2cdc9efc161323069ac73507a8287ded93a Mon Sep 17 00:00:00 2001
From: JT Smith <jt@plainblack.com>
Date: Mon, 9 Aug 2004 23:04:56 +0000
Subject: [PATCH] adding GUID stuff

---
 docs/upgrades/upgrade_6.1.1-6.2.0.sql | 126 ++++++++++++++++++++++++++
 lib/WebGUI.pm                         |   6 +-
 lib/WebGUI/Wobject.pm                 |  30 +++---
 3 files changed, 144 insertions(+), 18 deletions(-)

diff --git a/docs/upgrades/upgrade_6.1.1-6.2.0.sql b/docs/upgrades/upgrade_6.1.1-6.2.0.sql
index bbd30d8ea..86458fdfb 100644
--- a/docs/upgrades/upgrade_6.1.1-6.2.0.sql
+++ b/docs/upgrades/upgrade_6.1.1-6.2.0.sql
@@ -128,4 +128,130 @@ INSERT INTO template VALUES (10,'htmlArea Image Manager','<!DOCTYPE HTML PUBLIC
 INSERT INTO groups VALUES (13,'Export Managers','Users in this group can export pages to disk.',314496000,1000000000,NULL,997938000,997938000,14,-14,NULL,0,NULL,0,0,0,3600,NULL,1,1);
 
 INSERT INTO groupGroupings VALUES (3,13);
+alter table DataForm_entryData change wobjectId wobjectId char(22);
+alter table DataForm_entryData change DataForm_entryId DataForm_entryId char(22) not null;
+alter table DataForm_entryData change DataForm_fieldId DataForm_fieldId char(22) not null;
+alter table DataForm_field change wobjectId wobjectId char(22);
+alter table DataForm_field change DataForm_fieldId DataForm_fieldId char(22) not null;
+alter table DataForm_field change DataForm_tabId DataForm_tabId char(22) not null default 0;
+alter table HttpProxy change wobjectId wobjectId char(22) not null;
+alter table IndexedSearch change wobjectId wobjectId char(22) not null;
+alter table IndexedSearch_docInfo change pageId pageId char(22);
+alter table IndexedSearch_docInfo change wobjectId wobjectId char(22);
+alter table IndexedSearch_docInfo change page_groupIdView page_groupIdView char(22);
+alter table IndexedSearch_docInfo change wobject_groupIdView wobject_groupIdView char(22);
+alter table IndexedSearch_docInfo change wobject_special_groupIdView wobject_special_groupIdView char(22);
+alter table IndexedSearch_docInfo change languageId languageId varchar(35);
+alter table MessageBoard change wobjectId wobjectId char(22) not null;
+alter table MessageBoard_forums change wobjectId wobjectId char(22);
+alter table MessageBoard_forums change forumId forumId char(22);
+alter table Navigation change navigationId navigationId char(22) not null;
+alter table Navigation change templateId templateId char(22);
+alter table Poll change wobjectId wobjectId char(22) not null;
+alter table Poll change voteGroup voteGroup char(22);
+alter table Poll_answer change wobjectId wobjectId char(22);
+alter table Product change wobjectId wobjectId char(22) not null;
+alter table Product_accessory change wobjectId wobjectId char(22) not null;
+alter table Product_accessory change AccessoryWobjectId AccessoryWobjectId char(22) not null;
+alter table Product_benefit change wobjectId wobjectId char(22);
+alter table Product_benefit change Product_benefitId Product_benefitId char(22) not null;
+alter table Product_feature change wobjectId wobjectId char(22);
+alter table Product_feature change Product_featureId Product_featureId char(22) not null;
+alter table Product_related change wobjectId wobjectId char(22) not null;
+alter table Product_related change RelatedWobjectId RelatedWobjectId char(22) not null;
+alter table Product_specification change wobjectId wobjectId char(22);
+alter table Product_specification change Product_specificationId Product_specificationId char(22) not null;
+alter table SQLReport change wobjectId wobjectId char(22) not null;
+alter table SQLReport change databaseLinkId databaseLinkId char(22);
+alter table SiteMap change wobjectId wobjectId char(22) not null;
+alter table Survey change wobjectId wobjectId char(22) not null;
+alter table Survey change groupToTakeSurvey groupToTakeSurvey char(22);
+alter table Survey change groupToViewReports groupToViewReports char(22);
+alter table Survey change Survey_id Survey_id char(22);
+alter table Survey change responseTemplateId responseTemplateId char(22);
+alter table Survey change reportcardTemplateId reportcardTemplateId char(22);
+alter table Survey change overviewTemplateId overviewTemplateId char(22);
+alter table Survey_answer change Survey_id Survey_id char(22);
+alter table Survey_answer change Survey_questionId Survey_questionId char(22);
+alter table Survey_answer change Survey_answerId Survey_answerId char(22) not null;
+alter table Survey_answer change gotoQuestion gotoQuestion char(22);
+alter table Survey_question change Survey_id Survey_id char(22);
+alter table Survey_question change Survey_questionId Survey_questionId char(22) not null;
+alter table Survey_question change gotoQuestion gotoQuestion char(22);
+alter table Survey_questionResponse change Survey_id Survey_id char(22);
+alter table Survey_questionResponse change Survey_answerId Survey_answerId char(22) not null;
+alter table Survey_questionResponse change Survey_responseId Survey_responseId char(22) not null;
+alter table Survey_questionResponse change Survey_questionId Survey_questionId char(22) not null;
+alter table Survey_response change Survey_id Survey_id char(22);
+alter table Survey_response change Survey_responseId Survey_responseId char(22) not null;
+alter table SyndicatedContent change wobjectId wobjectId char(22) not null;
+alter table WSClient change wobjectId wobjectId char(22) not null;
+alter table WSClient drop column templateId;
+alter table WobjectProxy change wobjectId wobjectId char(22) not null;
+alter table WobjectProxy change proxiedWobjectId proxiedWobjectId char(22);
+alter table collateral change collateralId collateralId char(22) not null;
+alter table collateral change collateralFolderId collateralFolderId char(22);
+alter table collateralFolder change collateralFolderId collateralFolderId char(22) not null;
+alter table collateralFolder change parentId parentId char(22) not null;
+alter table databaseLink change databaseLinkId databaseLinkId char(22) not null;
+alter table forum change forumId forumId char(22) not null;
+alter table forum change groupToPost groupToPost char(22);
+alter table forum change groupToModerate groupToModerate char(22);
+alter table forum change lastPostId lastPostId char(22);
+alter table forum change forumTemplateId forumTemplateId char(22);
+alter table forum change threadTemplateId threadTemplateId char(22);
+alter table forum change postTemplateId postTemplateId char(22);
+alter table forum change postformTemplateId postformTemplateId char(22);
+alter table forum change notificationTemplateId notificationTemplateId char(22);
+alter table forum change searchTemplateId searchTemplateId char(22);
+alter table forum change groupToView groupToView char(22);
+alter table forum change masterForumId masterForumId char(22);
+alter table forumPost change forumPostId forumPostId char(22) not null;
+alter table forumPost change parentId parentId char(22);
+alter table forumPost change forumThreadId forumThreadId char(22);
+alter table forumPostAttachment change forumPostAttachmentId forumPostAttachmentId char(22) not null;
+alter table forumPostAttachment change forumPostId forumPostId char(22);
+alter table forumPostRating change forumPostId forumPostId char(22);
+alter table forumRead change forumPostId forumPostId char(22) not null;
+alter table forumRead change forumThreadId forumThreadId char(22);
+alter table forumSubscription change forumId forumId char(22) not null;
+alter table forumThread change forumThreadId forumThreadId char(22) not null;
+alter table forumThread change forumId forumId char(22);
+alter table forumThread change rootPostId rootPostId char(22);
+alter table forumThread change lastPostId lastPostId char(22);
+alter table forumThreadSubscription change forumThreadId forumThreadId char(22) not null;
+alter table groupGroupings change groupId groupId char(22) not null;
+alter table groupGroupings change inGroup inGroup char(22) not null;
+alter table groupings change groupId groupId char(22) not null;
+alter table groups change groupId groupId char(22) not null;
+alter table groups change databaseLinkId databaseLinkId char(22);
+alter table messageLog change messageLogId messageLogId char(22) not null;
+alter table metaData_properties change fieldId fieldId char(22) not null;
+alter table metaData_values change fieldId fieldId char(22) not null;
+alter table metaData_values change wobjectId wobjectId char(22) not null;
+alter table page change pageId pageId char(22) not null;
+alter table page change parentId parentId char(22);
+alter table page change templateId templateId char(22);
+alter table page change styleId styleId char(22);
+alter table page change groupIdView groupIdView char(22);
+alter table page change groupIdEdit groupIdEdit char(22);
+alter table page change bufferUserId bufferUserId char(22);
+alter table page change bufferPrevId bufferPrevId char(22);
+alter table page change printableStyleId printableStyleId char(22);
+alter table pageStatistics change pageId pageId char(22);
+alter table pageStatistics change wobjectId wobjectId char(22);
+alter table passiveProfileAOI change fieldId fieldId char(22) not null;
+alter table passiveProfileLog change passiveProfileLogId passiveProfileLogId char(22) not null;
+alter table passiveProfileLog change wobjectId wobjectId char(22);
+alter table replacements change replacementId replacementId char(22) not null;
+alter table template change templateId templateId char(22) not null;
+alter table theme change themeId themeId char(22) not null;
+alter table themeComponent change themeId themeId char(22);
+alter table userProfileCategory change profileCategoryId profileCategoryId char(22) not null;
+alter table userProfileField change profileCategoryId profileCategoryId char(22);
+alter table userSession change sessionId sessionId char(22) not null;
+alter table userSessionScratch change sessionId sessionId char(22) not null;
+alter table users change referringAffiliate referringAffiliate char(22) not null;
+
+
 
diff --git a/lib/WebGUI.pm b/lib/WebGUI.pm
index 7e4e9ab5c..923478b21 100644
--- a/lib/WebGUI.pm
+++ b/lib/WebGUI.pm
@@ -69,7 +69,7 @@ sub _processFunctions {
                         if ($session{form}{wid} eq "new") {
                                 $wobject = {wobjectId=>"new",namespace=>$session{form}{namespace},pageId=>$session{page}{pageId}};
                         } else {
-                                $wobject = WebGUI::SQL->quickHashRef("select * from wobject where wobjectId=".$session{form}{wid},WebGUI::SQL->getSlave);
+                                $wobject = WebGUI::SQL->quickHashRef("select * from wobject where wobjectId=".quote($session{form}{wid}),WebGUI::SQL->getSlave);
                                 if (${$wobject}{namespace} eq "") {
                                         WebGUI::ErrorHandler::warn("Wobject [$session{form}{wid}] appears to be missing or "
                                                 ."corrupt, but was requested "
@@ -82,8 +82,8 @@ sub _processFunctions {
                                         ($proxyWobjectId) = WebGUI::SQL->quickArray("select wobject.wobjectId from
                                                 wobject,WobjectProxy
                                                 where wobject.wobjectId=WobjectProxy.wobjectId
-                                                and wobject.pageId=".$session{page}{pageId}."
-                                                and WobjectProxy.proxiedWobjectId=".${$wobject}{wobjectId},WebGUI::SQL->getSlave);
+                                                and wobject.pageId=".quote($session{page}{pageId})."
+                                                and WobjectProxy.proxiedWobjectId=".quote(${$wobject}{wobjectId}),WebGUI::SQL->getSlave);
                                         ${$wobject}{_WobjectProxy} = $proxyWobjectId;
                                 }
                                 unless (${$wobject}{pageId} == $session{page}{pageId}
diff --git a/lib/WebGUI/Wobject.pm b/lib/WebGUI/Wobject.pm
index c719881ca..705d4a395 100644
--- a/lib/WebGUI/Wobject.pm
+++ b/lib/WebGUI/Wobject.pm
@@ -63,7 +63,7 @@ These methods are available from this class:
 #-------------------------------------------------------------------
 sub _reorderWobjects {
 	my ($sth, $i, $wid);
-	$sth = WebGUI::SQL->read("select wobjectId from wobject where pageId=$_[0] order by templatePosition,sequenceNumber");
+	$sth = WebGUI::SQL->read("select wobjectId from wobject where pageId=".quote($_[0])." order by templatePosition,sequenceNumber");
 	while (($wid) = $sth->array) {
 		$i++;
 		WebGUI::SQL->write("update wobject set sequenceNumber='$i' where wobjectId=".quote($wid));
@@ -75,7 +75,7 @@ sub _reorderWobjects {
 #-------------------------------------------------------------------
 sub _getNextSequenceNumber {
 	my ($sequenceNumber);
-	($sequenceNumber) = WebGUI::SQL->quickArray("select max(sequenceNumber) from wobject where pageId='$_[0]'");
+	($sequenceNumber) = WebGUI::SQL->quickArray("select max(sequenceNumber) from wobject where pageId=".quote($_[0]));
 	return ($sequenceNumber+1);
 }
 
@@ -239,7 +239,7 @@ sub duplicate {
 	%properties = %{$_[0]->get};
 	$properties{pageId} = $_[1] || 2;
 	$properties{sequenceNumber} = _getNextSequenceNumber($properties{pageId});
-	my $page = WebGUI::SQL->quickHashRef("select groupIdView,ownerId,groupIdEdit from page where pageId=".$properties{pageId});
+	my $page = WebGUI::SQL->quickHashRef("select groupIdView,ownerId,groupIdEdit from page where pageId=".quote($properties{pageId}));
 	$properties{ownerId} = $page->{ownerId};
         $properties{groupIdView} = $page->{groupIdView};
         $properties{groupIdEdit} = $page->{groupIdEdit};
@@ -576,7 +576,7 @@ sub moveCollateralUp {
 	unless (defined $setValue) {
 		$setValue = $_[0]->get($setName);
 	}
-        ($seq) = WebGUI::SQL->quickArray("select sequenceNumber from $_[1] where $_[2]=$_[3] and $setName=".quote($setValue));
+        ($seq) = WebGUI::SQL->quickArray("select sequenceNumber from $_[1] where $_[2]=".quote($_[3])." and $setName=".quote($setValue));
         ($id) = WebGUI::SQL->quickArray("select $_[2] from $_[1] where $setName=".quote($setValue)
 		." and sequenceNumber=$seq-1");
         if ($id ne "") {
@@ -797,7 +797,7 @@ sub new {
 	my %fullProperties;
 	my $extra;
 	unless ($properties->{wobjectId} eq "new") {
-		$extra = WebGUI::SQL->quickHashRef("select * from ".$properties->{namespace}." where wobjectId='".$properties->{wobjectId}."'",WebGUI::SQL->getSlave);
+		$extra = WebGUI::SQL->quickHashRef("select * from ".$properties->{namespace}." where wobjectId=".quote($properties->{wobjectId}),WebGUI::SQL->getSlave);
 	}
         tie %fullProperties, 'Tie::CPHash';
         %fullProperties = (%{$properties},%{$extra});
@@ -876,7 +876,7 @@ sub processTemplate {
 		);
 	if (defined $self->get("_WobjectProxy")) {
 		$vars{isShortcut} = 1;
-		my ($originalPageURL) = WebGUI::SQL->quickArray("select urlizedTitle from page where pageId=".$self->get("pageId"),WebGUI::SQL->getSlave);
+		my ($originalPageURL) = WebGUI::SQL->quickArray("select urlizedTitle from page where pageId=".quote($self->get("pageId")),WebGUI::SQL->getSlave);
 		$vars{originalURL} = WebGUI::URL::gateway($originalPageURL."#".$self->get("wobjectId"));
 	}
 	return WebGUI::Template::process($templateId,$namespace, \%vars);
@@ -894,14 +894,14 @@ NOTE: This method is meant to be extended by all sub-classes.
 
 sub purge {
 	if ($_[0]->get("forumId")) {
-		my ($inUseElsewhere) = WebGUI::SQL->quickArray("select count(*) from wobject where forumId=".$_[0]->get("forumId"));
+		my ($inUseElsewhere) = WebGUI::SQL->quickArray("select count(*) from wobject where forumId=".quote($_[0]->get("forumId")));
                 unless ($inUseElsewhere > 1) {
 			my $forum = WebGUI::Forum->new($_[0]->get("forumId"));
 			$forum->purge;
 		}
 	}
-	WebGUI::SQL->write("delete from ".$_[0]->get("namespace")." where wobjectId=".$_[0]->get("wobjectId"));
-        WebGUI::SQL->write("delete from wobject where wobjectId=".$_[0]->get("wobjectId"));
+	WebGUI::SQL->write("delete from ".$_[0]->get("namespace")." where wobjectId=".quote($_[0]->get("wobjectId")));
+        WebGUI::SQL->write("delete from wobject where wobjectId=".quote($_[0]->get("wobjectId")));
 	WebGUI::MetaData::metaDataDelete($_[0]->get("wobjectId"));
 	my $node = WebGUI::Node->new($_[0]->get("wobjectId"));
 	$node->delete;
@@ -1115,7 +1115,7 @@ sub setCollateral {
 				$sql .= $key."=".quote($properties->{$key});
 			}
 		}
-		$sql .= " where $keyName='".$properties->{$keyName}."'";
+		$sql .= " where $keyName='".quote($properties->{$keyName})."'";
 		WebGUI::ErrorHandler::audit("edited ".$table." ".$properties->{$keyName});
 	}
   	WebGUI::SQL->write($sql);
@@ -1596,8 +1596,8 @@ sub www_moveDown {
 	my ($wid, $thisSeq);
 	my $self = shift;
         if ($self->canEdit) {
-		($thisSeq) = WebGUI::SQL->quickArray("select sequenceNumber from wobject where wobjectId=".$self->get("wobjectId"));
-		($wid) = WebGUI::SQL->quickArray("select wobjectId from wobject where pageId=".$self->get("pageId")
+		($thisSeq) = WebGUI::SQL->quickArray("select sequenceNumber from wobject where wobjectId=".quote($self->get("wobjectId")));
+		($wid) = WebGUI::SQL->quickArray("select wobjectId from wobject where pageId=".quote($self->get("pageId"))
 			." and sequenceNumber=".($thisSeq+1));
 		if ($wid ne "") {
                 	WebGUI::SQL->write("update wobject set sequenceNumber=sequenceNumber+1 where wobjectId=".quote($self->get("wobjectId")));
@@ -1641,8 +1641,8 @@ sub www_moveUp {
 	my $self = shift;
         my ($wid, $thisSeq);
         if ($self->canEdit) {
-                ($thisSeq) = WebGUI::SQL->quickArray("select sequenceNumber from wobject where wobjectId=".$self->get("wobjectId"));
-                ($wid) = WebGUI::SQL->quickArray("select wobjectId from wobject where pageId=".$self->get("pageId")
+                ($thisSeq) = WebGUI::SQL->quickArray("select sequenceNumber from wobject where wobjectId=".quote($self->get("wobjectId")));
+                ($wid) = WebGUI::SQL->quickArray("select wobjectId from wobject where pageId=".quote($self->get("pageId"))
 			." and sequenceNumber=".($thisSeq-1));
                 if ($wid ne "") {
                         WebGUI::SQL->write("update wobject set sequenceNumber=sequenceNumber-1 where wobjectId=".quote($self->get("wobjectId")));
@@ -1667,7 +1667,7 @@ sub www_paste {
 	my $self = shift;
         my ($output, $nextSeq);
         if ($self->canEdit) {
-		($nextSeq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from wobject where pageId=$session{page}{pageId}");
+		($nextSeq) = WebGUI::SQL->quickArray("select max(sequenceNumber) from wobject where pageId=".quote($session{page}{pageId}));
 		$nextSeq += 1;
 		WebGUI::SQL->write("UPDATE wobject SET "
 					."pageId=". $session{page}{pageId} .", "