diff --git a/docs/upgrades/upgrade_6.1.1-6.2.0.sql b/docs/upgrades/upgrade_6.1.1-6.2.0.sql
index 3fe55fce0..46c39e299 100644
--- a/docs/upgrades/upgrade_6.1.1-6.2.0.sql
+++ b/docs/upgrades/upgrade_6.1.1-6.2.0.sql
@@ -252,9 +252,8 @@ alter table userProfileField change profileCategoryId profileCategoryId char(22)
alter table userSession change sessionId sessionId char(22) not null;
alter table userSessionScratch change sessionId sessionId char(22) not null;
alter table users change referringAffiliate referringAffiliate char(22) not null;
-
-delete from incrementer where incrementerId in ("databaseLinkId", "DataForm_entryId", "DataForm_fieldId", "DataForm_tabId", "EventsCalendar_eventId", "EventsCalendar_recurringId", "FileManager_fileId", "forumId", "forumPostId", "forumThreadId", "groupId", "languageId", "Product_benefitId", "Product_featureId", "Product_specificationId", "replacementId", "Survey_answerId", "Survey_id", "Survey_questionId", "Survey_responseId", "USS_id", "USS_submissionId", "wobjectId");
-
alter table page change lft nestedSetLeft int(11);
alter table page change rgt nestedSetRight int(11);
+alter table page change id id char(22);
+delete from incrementer where incrementerId in ("collateralId","pageId","databaseLinkId", "DataForm_entryId", "DataForm_fieldId", "DataForm_tabId", "EventsCalendar_eventId", "EventsCalendar_recurringId", "FileManager_fileId", "forumId", "forumPostId", "forumThreadId", "groupId", "languageId", "Product_benefitId", "Product_featureId", "Product_specificationId", "replacementId", "Survey_answerId", "Survey_id", "Survey_questionId", "Survey_responseId", "USS_id", "USS_submissionId", "wobjectId");
diff --git a/lib/WebGUI/Auth.pm b/lib/WebGUI/Auth.pm
index cec95022e..6455778c2 100644
--- a/lib/WebGUI/Auth.pm
+++ b/lib/WebGUI/Auth.pm
@@ -99,7 +99,8 @@ sub _isValidUsername {
#-------------------------------------------------------------------
sub _logLogin {
- WebGUI::SQL->write("insert into userLoginLog values ('$_[0]','$_[1]',".time().",".quote($session{env}{REMOTE_ADDR}).",".quote($session{env}{HTTP_USER_AGENT}).")");
+ WebGUI::SQL->write("insert into userLoginLog values (".quote($_[0]).",".quote($_[1]).",".time().","
+ .quote($session{env}{REMOTE_ADDR}).",".quote($session{env}{HTTP_USER_AGENT}).")");
}
#-------------------------------------------------------------------
@@ -686,8 +687,8 @@ sub saveParams {
my $self = shift;
my ($uid, $authMethod, $data) = @_;
foreach (keys %{$data}) {
- WebGUI::SQL->write("delete from authentication where userId=$uid and authMethod=".quote($authMethod)." and fieldName=".quote($_));
- WebGUI::SQL->write("insert into authentication (userId,authMethod,fieldData,fieldName) values ($uid,".quote($authMethod).",".quote($data->{$_}).",".quote($_).")");
+ WebGUI::SQL->write("delete from authentication where userId=".quote($uid)." and authMethod=".quote($authMethod)." and fieldName=".quote($_));
+ WebGUI::SQL->write("insert into authentication (userId,authMethod,fieldData,fieldName) values (".quote($uid).",".quote($authMethod).",".quote($data->{$_}).",".quote($_).")");
}
}
diff --git a/lib/WebGUI/Auth/LDAP.pm b/lib/WebGUI/Auth/LDAP.pm
index 301b95051..f534ccc7d 100644
--- a/lib/WebGUI/Auth/LDAP.pm
+++ b/lib/WebGUI/Auth/LDAP.pm
@@ -17,7 +17,6 @@ use WebGUI::HTMLForm;
use WebGUI::Form;
use WebGUI::Mail;
use WebGUI::Session;
-use WebGUI::SQL;
use WebGUI::Utility;
use WebGUI::Operation::Shared;
use URI;
diff --git a/lib/WebGUI/Macro/AdminBar.pm b/lib/WebGUI/Macro/AdminBar.pm
index 78e73878c..c895b375d 100644
--- a/lib/WebGUI/Macro/AdminBar.pm
+++ b/lib/WebGUI/Macro/AdminBar.pm
@@ -87,7 +87,7 @@ sub process {
$query = "select bufferDate,pageId,title from page where parentId=2 order by bufferDate";
} else {
$query = "select bufferDate,pageId,title from page where parentId=2 "
- ." and bufferUserId=$session{user}{userId} "
+ ." and bufferUserId=".quote($session{user}{userId})
." order by bufferDate";
}
$r = WebGUI::SQL->read($query);
@@ -105,7 +105,7 @@ sub process {
." order by bufferDate";
} else {
$query = "select bufferDate,wobjectId,title,namespace from wobject where pageId=2 "
- ." and bufferUserId=$session{user}{userId} "
+ ." and bufferUserId=".quote($session{user}{userId})
." order by bufferDate";
}
$r = WebGUI::SQL->read($query);
diff --git a/lib/WebGUI/Macro/H_homeLink.pm b/lib/WebGUI/Macro/H_homeLink.pm
index de0ca279a..ef8cb4620 100644
--- a/lib/WebGUI/Macro/H_homeLink.pm
+++ b/lib/WebGUI/Macro/H_homeLink.pm
@@ -23,7 +23,7 @@ sub process {
if ($session{setting}{defaultPage} == $session{page}{pageId}) {
$temp = $session{page}{urlizedTitle};
} else {
- ($temp) = WebGUI::SQL->quickArray("select urlizedTitle from page where pageId=$session{setting}{defaultPage}",WebGUI::SQL->getSlave);
+ ($temp) = WebGUI::SQL->quickArray("select urlizedTitle from page where pageId=".quote($session{setting}{defaultPage}),WebGUI::SQL->getSlave);
}
$temp = WebGUI::URL::gateway($temp);
if ($param[0] ne "linkonly") {
diff --git a/lib/WebGUI/Macro/LastModified.pm b/lib/WebGUI/Macro/LastModified.pm
index b406d5939..fd67909d6 100644
--- a/lib/WebGUI/Macro/LastModified.pm
+++ b/lib/WebGUI/Macro/LastModified.pm
@@ -24,7 +24,7 @@ sub process {
$format = '%z' if ($format eq "");
$output = "";
- ($time) = WebGUI::SQL->quickArray("SELECT max(lastEdited) FROM wobject where pageId=$session{page}{pageId}",WebGUI::SQL->getSlave);
+ ($time) = WebGUI::SQL->quickArray("SELECT max(lastEdited) FROM wobject where pageId=".quote($session{page}{pageId}),WebGUI::SQL->getSlave);
if ($time) {
$output = $label.epochToHuman($time,$format);
}
diff --git a/lib/WebGUI/Macro/RandomImage.pm b/lib/WebGUI/Macro/RandomImage.pm
index a2d67163a..157da6d3b 100644
--- a/lib/WebGUI/Macro/RandomImage.pm
+++ b/lib/WebGUI/Macro/RandomImage.pm
@@ -27,7 +27,7 @@ sub process {
$collateralFolderId = 0 unless ($collateralFolderId);
}
my @images = WebGUI::SQL->buildArray("select collateralId from collateral
- where collateralType='image' and collateralFolderId=".$collateralFolderId,WebGUI::SQL->getSlave);
+ where collateralType='image' and collateralFolderId=".quote($collateralFolderId),WebGUI::SQL->getSlave);
if (my $collateral = WebGUI::Collateral->new($images[rand($#images+1)])) {
return '
get("parameters").' />';
} else {
diff --git a/lib/WebGUI/Macro/RandomSnippet.pm b/lib/WebGUI/Macro/RandomSnippet.pm
index da38dc649..ac11b7248 100644
--- a/lib/WebGUI/Macro/RandomSnippet.pm
+++ b/lib/WebGUI/Macro/RandomSnippet.pm
@@ -27,7 +27,7 @@ sub process {
$collateralFolderId = 0 unless ($collateralFolderId);
}
my @snippets = WebGUI::SQL->buildArray("select collateralId from collateral
- where collateralType='snippet' and collateralFolderId=".$collateralFolderId,WebGUI::SQL->getSlave);
+ where collateralType='snippet' and collateralFolderId=".quote($collateralFolderId),WebGUI::SQL->getSlave);
if (my $collateral = WebGUI::Collateral->new($snippets[rand($#snippets+1)])) {
return $collateral->get("parameters");
} else {
diff --git a/lib/WebGUI/Macro/RootTitle.pm b/lib/WebGUI/Macro/RootTitle.pm
index 51b844877..bbb07baa6 100644
--- a/lib/WebGUI/Macro/RootTitle.pm
+++ b/lib/WebGUI/Macro/RootTitle.pm
@@ -21,7 +21,8 @@ use WebGUI::URL;
sub process {
my ($sth, %data, $output);
tie %data, 'Tie::CPHash';
- %data = WebGUI::SQL->quickHash("select pageId,parentId,title,urlizedTitle from page where pageId=".($_[0] || $session{page}{parentId}),WebGUI::SQL->getSlave);
+ my $pageid = $_[0] || $session{page}{parentId};
+ %data = WebGUI::SQL->quickHash("select pageId,parentId,title,urlizedTitle from page where pageId=".quote($pageId),WebGUI::SQL->getSlave);
if ($data{parentId} == 0) {
$output = $data{title} || $session{page}{title};
} else {
diff --git a/lib/WebGUI/Macro/r_printable.pm b/lib/WebGUI/Macro/r_printable.pm
index e5e8b174d..86e91ecc4 100644
--- a/lib/WebGUI/Macro/r_printable.pm
+++ b/lib/WebGUI/Macro/r_printable.pm
@@ -14,7 +14,6 @@ use strict;
use WebGUI::International;
use WebGUI::Macro;
use WebGUI::Session;
-use WebGUI::SQL;
use WebGUI::Template;
use WebGUI::URL;
use WebGUI::Utility;
diff --git a/lib/WebGUI/Operation/Clipboard.pm b/lib/WebGUI/Operation/Clipboard.pm
index e0eacd8d5..0a6124851 100644
--- a/lib/WebGUI/Operation/Clipboard.pm
+++ b/lib/WebGUI/Operation/Clipboard.pm
@@ -79,19 +79,19 @@ sub www_deleteClipboardItemConfirm {
if ( ($session{setting}{sharedClipboard} eq "1") || (WebGUI::Grouping::isInGroup(3)) ) {
WebGUI::SQL->write("update wobject set pageId=3, "
."bufferDate=".time().", "
- ."bufferUserId=".$session{user}{userId} .", "
+ ."bufferUserId=".quote($session{user}{userId}) .", "
."bufferPrevId=2 "
."where pageId=2 "
- ."and wobjectId=" . $session{form}{wid}
+ ."and wobjectId=" . quote($session{form}{wid})
);
} else {
WebGUI::SQL->write("update wobject set pageId=3, "
."bufferDate=".time().", "
- ."bufferUserId=".$session{user}{userId} .", "
+ ."bufferUserId=".quote($session{user}{userId}) .", "
."bufferPrevId=2 "
."where pageId=2 "
- ."and wobjectId=" . $session{form}{wid} ." "
- ."and bufferUserId=".$session{user}{userId}
+ ."and wobjectId=" . quote($session{form}{wid}) ." "
+ ."and bufferUserId=".quote($session{user}{userId})
);
}
WebGUI::ErrorHandler::audit("moved wobject ". $session{form}{wid} ." from clipboard to trash");
@@ -99,15 +99,15 @@ sub www_deleteClipboardItemConfirm {
if ( ($session{setting}{sharedClipboard} eq "1") || (WebGUI::Grouping::isInGroup(3)) ) {
WebGUI::SQL->write("update page set parentId=3, "
."bufferDate=".time().", "
- ."bufferUserId=".$session{user}{userId} .", "
+ ."bufferUserId=".quote($session{user}{userId}) .", "
."bufferPrevId=2 "
."where parentId=2 "
- ."and pageId=".$session{form}{pageId}
+ ."and pageId=".quote($session{form}{pageId})
);
} else {
WebGUI::SQL->write("update page set parentId=3, "
."bufferDate=".time().", "
- ."bufferUserId=".$session{user}{userId} .", "
+ ."bufferUserId=".quote($session{user}{userId}) .", "
."bufferPrevId=2 "
."where parentId=2 "
."and pageId=".$session{form}{pageId} ." "
@@ -154,28 +154,28 @@ sub www_emptyClipboardConfirm {
if ($allUsers eq "1") {
WebGUI::SQL->write("update page set parentId=3, "
."bufferDate=".time().", "
- ."bufferUserId=".$session{user}{userId} .", "
+ ."bufferUserId=".quote($session{user}{userId}) .", "
."bufferPrevId=2 "
."where parentId=2 ");
WebGUI::SQL->write("update wobject set pageId=3, "
."bufferDate=".time().", "
- ."bufferUserId=".$session{user}{userId} .", "
+ ."bufferUserId=".quote($session{user}{userId}) .", "
."bufferPrevId=2 "
."where pageId=2 ");
WebGUI::ErrorHandler::audit("emptied clipboard to trash");
} else {
WebGUI::SQL->write("update page set parentId=3, "
."bufferDate=".time().", "
- ."bufferUserId=".$session{user}{userId} .", "
+ ."bufferUserId=".quote($session{user}{userId}) .", "
."bufferPrevId=2 "
."where parentId=2 "
- ."and bufferUserId=".$session{user}{userId});
+ ."and bufferUserId=".quote($session{user}{userId}));
WebGUI::SQL->write("update wobject set pageId=3, "
."bufferDate=".time().", "
- ."bufferUserId=".$session{user}{userId} .", "
+ ."bufferUserId=".quote($session{user}{userId}) .", "
."bufferPrevId=2 "
."where pageId=2 "
- ."and bufferUserId=".$session{user}{userId});
+ ."and bufferUserId=".quote($session{user}{userId}));
WebGUI::ErrorHandler::audit("emptied user clipboard to trash");
}
WebGUI::Session::refreshPageInfo($session{page}{pageId});
@@ -209,7 +209,7 @@ sub www_manageClipboard {
} else {
$sth = WebGUI::SQL->read("select pageId,title,urlizedTitle,bufferUserId,bufferDate,bufferPrevId "
."from page where parentId=2 and bufferUserId="
- . $session{user}{userId} . " order by bufferDate");
+ . quote($session{user}{userId}) . " order by bufferDate");
}
while (@data = $sth->array) {
my ($pageId,$title,$urlizedTitle,$bufferUserId,$bufferDate,$bufferPrevId,$url,$htmlData);
@@ -220,7 +220,7 @@ sub www_manageClipboard {
$bufferUserId = $data[3];
if ($bufferUserId ne "") {
- my ($bufferUsername) = WebGUI::SQL->quickArray("select username from users where userId=".$bufferUserId);
+ my ($bufferUsername) = WebGUI::SQL->quickArray("select username from users where userId=".quote($bufferUserId));
$bufferUserId = ''
.$bufferUsername .'';
}
@@ -228,7 +228,7 @@ sub www_manageClipboard {
$bufferPrevId = $data[5];
if ($bufferPrevId ne "") {
($bufferPrevId,$url) = WebGUI::SQL->quickArray("select title,urlizedTitle "
- ."from page where pageId=".$bufferPrevId);
+ ."from page where pageId=".quote($bufferPrevId));
if ($url ne "") {
$bufferPrevId = '' .$bufferPrevId .'';
}
@@ -261,7 +261,7 @@ sub www_manageClipboard {
} else {
$sth = WebGUI::SQL->read("select wobjectId,namespace,title,bufferUserId,bufferDate,bufferPrevId "
. "from wobject where pageId=2 and bufferUserId="
- . $session{user}{userId} ." order by bufferDate");
+ . quote($session{user}{userId}) ." order by bufferDate");
}
while (@data = $sth->array) {
my ($wobjectId,$namespace,$title,$bufferUserId,$bufferDate,$bufferPrevId,$url,$htmlData);
@@ -274,7 +274,7 @@ sub www_manageClipboard {
$bufferPrevId = $data[5];
if ($bufferPrevId ne "") {
($bufferPrevId,$url) = WebGUI::SQL->quickArray("select title,urlizedTitle "
- ."from page where pageId=".$bufferPrevId);
+ ."from page where pageId=".quote($bufferPrevId));
if ($url ne "") {
$bufferPrevId = '' .$bufferPrevId .'';
}
@@ -283,7 +283,7 @@ sub www_manageClipboard {
$bufferUserId = $data[3];
if ($bufferUserId ne "") {
- my ($bufferUsername) = WebGUI::SQL->quickArray("select username from users where userId=".$bufferUserId);
+ my ($bufferUsername) = WebGUI::SQL->quickArray("select username from users where userId=".quote($bufferUserId));
$bufferUserId = ''
.$bufferUsername .'';
}
diff --git a/lib/WebGUI/Operation/Package.pm b/lib/WebGUI/Operation/Package.pm
index 9be81123c..81faea331 100644
--- a/lib/WebGUI/Operation/Package.pm
+++ b/lib/WebGUI/Operation/Package.pm
@@ -13,6 +13,7 @@ package WebGUI::Operation::Package;
use Exporter;
use strict qw(vars subs);
use WebGUI::Icon;
+use WebGUI::Id;
use WebGUI::Page;
use WebGUI::Privilege;
use WebGUI::Session;
@@ -26,7 +27,7 @@ our @EXPORT = qw(&www_deployPackage );
sub _duplicateWobjects {
my (%properties);
tie %properties, 'Tie::CPHash';
- my $sth = WebGUI::SQL->read("select * from wobject where pageId=$_[0] order by sequenceNumber");
+ my $sth = WebGUI::SQL->read("select * from wobject where pageId=".quote($_[0])." order by sequenceNumber");
while (my $wobject = $sth->hashRef) {
my $cmd = "WebGUI::Wobject::".${$wobject}{namespace};
my $load = "use ".$cmd;
@@ -43,12 +44,12 @@ sub _recursePageTree {
my ($a, %package, %newParent, $newPageId, $sequenceNumber, $urlizedTitle);
tie %newParent, 'Tie::CPHash';
tie %package, 'Tie::CPHash';
- %newParent = WebGUI::SQL->quickHash("select * from page where pageId=$_[1]");
+ %newParent = WebGUI::SQL->quickHash("select * from page where pageId=".quote($_[1]));
_duplicateWobjects($_[0],$_[1]);
- ($sequenceNumber) = WebGUI::SQL->quickArray("select max(sequenceNumber) from page where parentId=$_[1]");
- $a = WebGUI::SQL->read("select * from page where parentId=$_[0] order by sequenceNumber");
+ ($sequenceNumber) = WebGUI::SQL->quickArray("select max(sequenceNumber) from page where parentId=".quote($_[1]));
+ $a = WebGUI::SQL->read("select * from page where parentId=".quote($_[0])." order by sequenceNumber");
while (%package = $a->hash) {
- $newPageId = getNextId("pageId");
+ $newPageId = WebGUI::Id::generate();
$sequenceNumber++;
$urlizedTitle = WebGUI::Page::makeUnique($package{urlizedTitle});
WebGUI::SQL->write("insert into page (
@@ -82,7 +83,7 @@ sub _recursePageTree {
wobjectPrivileges
) values (
$newPageId,
- $_[1],
+ ".quote($_[1]).",
".quote($package{title}).",
$newParent{styleId},
$session{user}{userId},
@@ -107,7 +108,7 @@ sub _recursePageTree {
$package{newWindow},
$package{cacheTimeout},
$package{cacheTimeoutVisitor},
- $package{printableStyleId},
+ ".quote($package{printableStyleId}).",
$package{wobjectPrivileges}
)");
_recursePageTree($package{pageId},$newPageId);
diff --git a/lib/WebGUI/Operation/Page.pm b/lib/WebGUI/Operation/Page.pm
index a46565cde..8c841b2ff 100644
--- a/lib/WebGUI/Operation/Page.pm
+++ b/lib/WebGUI/Operation/Page.pm
@@ -215,7 +215,7 @@ sub _traversePageTree {
.moveRightIcon(sprintf('op=moveTreePageRight&pageId=%s',$currentPageId), $currentUrlizedTitle)
.editIcon('op=editPage', $currentUrlizedTitle)
.' '.$currentPage->get('title').'
';
- $wobjects = WebGUI::SQL->read("select * from wobject where pageId=$currentPageId");
+ $wobjects = WebGUI::SQL->read("select * from wobject where pageId=".quote($currentPageId));
while (%wobject = $wobjects->hash) {
$output .= $spacer x $options->{_depth} . $spacer
.wobjectIcon()
@@ -338,7 +338,7 @@ sub www_editPage {
if ($buildFromPage == 0) {
$buildFromPage = $session{setting}{defaultPage};
}
- %page = WebGUI::SQL->quickHash("select * from page where pageId=$buildFromPage");
+ %page = WebGUI::SQL->quickHash("select * from page where pageId=".quote($buildFromPage));
$page{templateId} = 1;
$page{pageId} = "new";
$page{title} = $page{menuTitle} = $page{urlizedTitle} = $page{synopsis} = '';
@@ -349,7 +349,7 @@ sub www_editPage {
$page{redirectURL} = "";
} else {
%page = %{$session{page}};
- ($childCount) = WebGUI::SQL->quickArray("select count(*) from page where parentId=$page{pageId}");
+ ($childCount) = WebGUI::SQL->quickArray("select count(*) from page where parentId=".quote($page{pageId}));
}
$page{endDate} = (addToDate(time(),10)) if ($page{endDate} < 0);
$output = helpIcon("page add/edit");
@@ -487,9 +487,9 @@ sub www_editPage {
if (WebGUI::Grouping::isInGroup(3)) {
my $contentManagers = WebGUI::Grouping::getUsersInGroup(4,1);
push (@$contentManagers, $session{user}{userId});
- $clause = "userId in (".join(",",@$contentManagers).")";
+ $clause = "userId in (".quoteAndJoin($contentManagers).")";
} else {
- $clause = "userId=$page{ownerId}";
+ $clause = "userId=".quote($page{ownerId});
}
my $users = WebGUI::SQL->buildHashRef("select userId,username from users where $clause order by username");
$f->getTab("privileges")->select(
@@ -598,7 +598,7 @@ sub www_editPageSave {
synopsis => $session{form}{synopsis}
});
unless ($session{form}{pageId} == 'new') {
- WebGUI::SQL->write("update wobject set templatePosition=1 where pageId=$session{form}{pageId}
+ WebGUI::SQL->write("update wobject set templatePosition=1 where pageId=".quote($session{form}{pageId})."
and templatePosition>".WebGUI::Page::countTemplatePositions($session{form}{templateId}));
}
_recursivelyChangeProperties($page) if ($session{form}{recursePrivs} || $session{form}{recurseStyle});
diff --git a/lib/WebGUI/Operation/Profile.pm b/lib/WebGUI/Operation/Profile.pm
index 1b3df18e7..0989bf9be 100644
--- a/lib/WebGUI/Operation/Profile.pm
+++ b/lib/WebGUI/Operation/Profile.pm
@@ -98,7 +98,7 @@ sub getRequiredProfileFields {
sub isDuplicateEmail {
my $email = shift;
- my ($otherEmail) = WebGUI::SQL->quickArray("select count(*) from userProfileData where fieldName='email' and fieldData = ".quote($email)." and userId <> ".$session{user}{userId});
+ my ($otherEmail) = WebGUI::SQL->quickArray("select count(*) from userProfileData where fieldName='email' and fieldData = ".quote($email)." and userId <> ".quote($session{user}{userId}));
return ($otherEmail > 0);
}
diff --git a/lib/WebGUI/Operation/Statistics.pm b/lib/WebGUI/Operation/Statistics.pm
index da2d6008e..34e63d729 100644
--- a/lib/WebGUI/Operation/Statistics.pm
+++ b/lib/WebGUI/Operation/Statistics.pm
@@ -174,25 +174,25 @@ sub www_viewStatistics {
$version = ''.$version.'';
}
$output .= '| '.$version.' |
';
- ($data) = WebGUI::SQL->quickArray("select count(*) from page where parentId>1000 and parentId<>3");
+ ($data) = WebGUI::SQL->quickArray("select count(*) from page where parentId<>3");
$output .= '| '.$data.' |
';
- ($data) = WebGUI::SQL->quickArray("select count(*) from page where parentId>1000 and parentId=0");
+ ($data) = WebGUI::SQL->quickArray("select count(*) from page where parentId=0");
$output .= '| '.$data.' |
';
($data) = WebGUI::SQL->quickArray("select count(*) from page where parentId=5");
$output .= '| '.$data.' |
';
- ($data) = WebGUI::SQL->quickArray("select count(*) from wobject where wobjectId > 0 and pageId<>3");
+ ($data) = WebGUI::SQL->quickArray("select count(*) from wobject where pageId<>3");
$output .= '| '.$data.' |
';
- ($data) = WebGUI::SQL->quickArray("select count(*) from template where templateId>1000 and namespace='style'");
+ ($data) = WebGUI::SQL->quickArray("select count(*) from template where namespace='style'");
$output .= '| '.$data.' |
';
- ($data) = WebGUI::SQL->quickArray("select count(*) from template where templateId>1000 and namespace<>'style'");
+ ($data) = WebGUI::SQL->quickArray("select count(*) from template where namespace<>'style'");
$output .= '| '.$data.' |
';
($data) = WebGUI::SQL->quickArray("select count(*) from collateral");
$output .= '| '.$data.' |
';
($data) = WebGUI::SQL->quickArray("select count(*) from userSession");
$output .= '| '.$data.' |
';
- ($data) = WebGUI::SQL->quickArray("select count(*) from users where userId>25");
+ ($data) = WebGUI::SQL->quickArray("select count(*) from users");
$output .= '| '.$data.' |
';
- ($data) = WebGUI::SQL->quickArray("select count(*) from groups where groupId>25");
+ ($data) = WebGUI::SQL->quickArray("select count(*) from groups");
$output .= '| '.$data.' |
';
$output .= '';
return _submenu($output);
diff --git a/lib/WebGUI/Operation/Trash.pm b/lib/WebGUI/Operation/Trash.pm
index 04d915b99..b9045e42c 100644
--- a/lib/WebGUI/Operation/Trash.pm
+++ b/lib/WebGUI/Operation/Trash.pm
@@ -37,10 +37,10 @@ sub _purgeUserTrash {
#WebGUI::ErrorHandler::audit("emptying user trash");
# Delete wobjects
- $b = WebGUI::SQL->read("select * from wobject where pageId=3 and bufferUserId=" . $userId);
+ $b = WebGUI::SQL->read("select * from wobject where pageId=3 and bufferUserId=" . quote($userId));
while ($base = $b->hashRef) {
$extended = WebGUI::SQL->quickHashRef("select * from ".$base->{namespace}."
- where wobjectId=".$base->{wobjectId});
+ where wobjectId=".quote($base->{wobjectId}));
%properties = (%{$base}, %{$extended});
$cmd = "WebGUI::Wobject::".$properties{namespace};
my $load = "use ".$cmd;
@@ -68,10 +68,10 @@ sub _purgeUserTrash {
sub _purgeWobject {
my (%properties, $base, $extended, $b, $wobjectId, $namespace, $w, $cmd);
tie %properties, 'Tie::CPHash';
- $b = WebGUI::SQL->read("select * from wobject where wobjectId=$_[0]");
+ $b = WebGUI::SQL->read("select * from wobject where wobjectId=".quote($_[0]));
while ($base = $b->hashRef) {
$extended = WebGUI::SQL->quickHashRef("select * from ".$base->{namespace}."
- where wobjectId=".$base->{wobjectId});
+ where wobjectId=".quote($base->{wobjectId}));
%properties = (%{$base}, %{$extended});
$cmd = "WebGUI::Wobject::".$properties{namespace};
my $load = "use ".$cmd;
@@ -87,10 +87,10 @@ sub _purgeWobject {
sub _purgeWobjects {
my (%properties, $base, $extended, $b, $wobjectId, $namespace, $w, $cmd);
tie %properties, 'Tie::CPHash';
- $b = WebGUI::SQL->read("select * from wobject where pageId=$_[0]");
+ $b = WebGUI::SQL->read("select * from wobject where pageId=".quote($_[0]));
while ($base = $b->hashRef) {
$extended = WebGUI::SQL->quickHashRef("select * from ".$base->{namespace}."
- where wobjectId=".$base->{wobjectId});
+ where wobjectId=".quote($base->{wobjectId}));
%properties = (%{$base}, %{$extended});
$cmd = "WebGUI::Wobject::".$properties{namespace};
my $load = "use ".$cmd;
@@ -105,11 +105,11 @@ sub _purgeWobjects {
#-------------------------------------------------------------------
sub _recursePageTree {
my ($a, $pageId);
- $a = WebGUI::SQL->read("select pageId from page where parentId=$_[0]");
+ $a = WebGUI::SQL->read("select pageId from page where parentId=".quote($_[0]));
while (($pageId) = $a->array) {
_recursePageTree($pageId);
_purgeWobjects($pageId);
- WebGUI::SQL->write("delete from page where pageId=$pageId");
+ WebGUI::SQL->write("delete from page where pageId=".quote($pageId));
}
$a->finish;
}
@@ -138,14 +138,14 @@ sub www_cutTrashItem {
if ($session{form}{wid} ne "") {
if ( ($session{setting}{sharedTrash} ne "1") && (!(WebGUI::Grouping::isInGroup(3)) ) ) {
my ($bufferUserId) = WebGUI::SQL->quickArray("select bufferUserId from wobject "
- ."where wobjectId=" .$session{form}{wid});
+ ."where wobjectId=" .quote($session{form}{wid}));
return WebGUI::Privilege::insufficient() unless ($bufferUserId eq $session{user}{userId});
}
WebGUI::SQL->write("update wobject set pageId=2, "
- ."bufferUserId=". $session{user}{userId} .", "
+ ."bufferUserId=". quote($session{user}{userId}) .", "
."bufferDate=". time() .", "
."bufferPrevId=3 "
- ."where wobjectId=" .$session{form}{wid});
+ ."where wobjectId=" .quote($session{form}{wid}));
WebGUI::ErrorHandler::audit("moved wobject ". $session{form}{wid} ." from trash to clipboard");
} elsif ($session{form}{pageId} ne "") {
my $page = WebGUI::Page->getPage($session{form}{pageId});
@@ -195,7 +195,7 @@ sub www_deleteTrashItemConfirm {
_purgeWobject($session{form}{wid});
} else {
my ($bufferUserId) = WebGUI::SQL->quickArray("select bufferUserId from wobject "
- ."where wobjectId=" .$session{form}{wid});
+ ."where wobjectId=" .quote($session{form}{wid}));
return WebGUI::Privilege::insufficient() unless ($bufferUserId eq $session{user}{userId});
_purgeWobject($session{form}{wid});
}
@@ -298,7 +298,7 @@ sub www_manageTrash {
} else {
$sth = WebGUI::SQL->read("select pageId,title,urlizedTitle,bufferUserId,bufferDate,bufferPrevId "
."from page where parentId=3 and bufferUserId="
- . $session{user}{userId} . " order by bufferDate");
+ . quote($session{user}{userId}) . " order by bufferDate");
}
while (@data = $sth->array) {
my ($pageId,$title,$urlizedTitle,$bufferUserId,$bufferDate,$bufferPrevId,$url,$htmlData);
@@ -309,7 +309,7 @@ sub www_manageTrash {
$bufferUserId = $data[3];
if ($bufferUserId ne "") {
- my ($bufferUsername) = WebGUI::SQL->quickArray("select username from users where userId=".$bufferUserId);
+ my ($bufferUsername) = WebGUI::SQL->quickArray("select username from users where userId=".quote($bufferUserId));
$bufferUserId = ''
.$bufferUsername .'';
}
@@ -317,7 +317,7 @@ sub www_manageTrash {
$bufferPrevId = $data[5];
if ($bufferPrevId ne "") {
($bufferPrevId,$url) = WebGUI::SQL->quickArray("select title,urlizedTitle "
- ."from page where pageId=".$bufferPrevId);
+ ."from page where pageId=".quote($bufferPrevId));
if ($url ne "") {
$bufferPrevId = '' .$bufferPrevId .'';
}
@@ -350,7 +350,7 @@ sub www_manageTrash {
} else {
$sth = WebGUI::SQL->read("select wobjectId,namespace,title,bufferUserId,bufferDate,bufferPrevId "
. "from wobject where pageId=3 and bufferUserId="
- . $session{user}{userId} ." order by bufferDate");
+ . quote($session{user}{userId}) ." order by bufferDate");
}
while (@data = $sth->array) {
my ($wobjectId,$namespace,$title,$bufferUserId,$bufferDate,$bufferPrevId,$url,$htmlData);
@@ -363,7 +363,7 @@ sub www_manageTrash {
$bufferPrevId = $data[5];
if ($bufferPrevId ne "") {
($bufferPrevId,$url) = WebGUI::SQL->quickArray("select title,urlizedTitle "
- ."from page where pageId=".$bufferPrevId);
+ ."from page where pageId=".quote($bufferPrevId));
if ($url ne "") {
$bufferPrevId = '' .$bufferPrevId .'';
}
@@ -372,7 +372,7 @@ sub www_manageTrash {
$bufferUserId = $data[3];
if ($bufferUserId ne "") {
- my ($bufferUsername) = WebGUI::SQL->quickArray("select username from users where userId=".$bufferUserId);
+ my ($bufferUsername) = WebGUI::SQL->quickArray("select username from users where userId=".quote($bufferUserId));
$bufferUserId = ''
.$bufferUsername .'';
}
diff --git a/lib/WebGUI/Operation/User.pm b/lib/WebGUI/Operation/User.pm
index f44a19e84..fe676658e 100644
--- a/lib/WebGUI/Operation/User.pm
+++ b/lib/WebGUI/Operation/User.pm
@@ -86,7 +86,7 @@ sub doUserSearch {
my $sql = "select users.userId, users.username, users.status, users.dateCreated, users.lastUpdated,
email.fieldData as email from users left join userProfileData email on users.userId=email.userId and email.fieldName='email'
where $selectedStatus and (users.username like ".$keyword." or email.fieldData like ".$keyword.")
- and users.userId not in (".join(",",@{$userFilter}).") order by users.username";
+ and users.userId not in (".quoteAndJoin($userFilter).") order by users.username";
if ($returnPaginator) {
my $p = WebGUI::Paginator->new(WebGUI::URL::page($op));
$p->setDataByQuery($sql);
@@ -272,7 +272,7 @@ sub www_deleteGrouping {
sub www_deleteUser {
my ($output);
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
- if ($session{form}{uid} < 26) {
+ if ($session{form}{uid} == 1 || $session{form}{uid} == 3) {
return WebGUI::Privilege::vitalComponent();
} else {
$output .= helpIcon("user delete");
@@ -290,7 +290,7 @@ sub www_deleteUser {
sub www_deleteUserConfirm {
return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3));
my ($u);
- if ($session{form}{uid} < 26) {
+ if ($session{form}{uid} == 1 || $session{form}{uid} == 3) {
return WebGUI::Privilege::vitalComponent();
} else {
$u = WebGUI::User->new($session{form}{uid});
@@ -504,7 +504,7 @@ sub www_editUserProfile {
$f = WebGUI::HTMLForm->new;
$f->hidden("op","editUserProfileSave");
$f->hidden("uid",$session{form}{uid});
- %user = WebGUI::SQL->buildHash("select fieldName,fieldData from userProfileData where userId=$session{form}{uid}");
+ %user = WebGUI::SQL->buildHash("select fieldName,fieldData from userProfileData where userId=".quote($session{form}{uid}));
$a = WebGUI::SQL->read("select * from userProfileField,userProfileCategory
where userProfileField.profileCategoryId=userProfileCategory.profileCategoryId
order by userProfileCategory.sequenceNumber,userProfileField.sequenceNumber");
diff --git a/lib/WebGUI/Page.pm b/lib/WebGUI/Page.pm
index 4d55a7417..617ed07a8 100644
--- a/lib/WebGUI/Page.pm
+++ b/lib/WebGUI/Page.pm
@@ -24,6 +24,7 @@ use WebGUI::Grouping;
use WebGUI::HTMLForm;
use WebGUI::HTTP;
use WebGUI::Icon;
+use WebGUI::Id;
use WebGUI::Macro;
use WebGUI::Session;
use WebGUI::SQL;
@@ -145,7 +146,7 @@ sub add {
my ($self, $page, $newPageId);
$self = shift;
- $newPageId = getNextId('pageId');
+ $newPageId = WebGUI::Id::generate();
$self->add_child_to_right(
id =>$self->get('pageId'),
pageId =>$newPageId,
@@ -154,7 +155,7 @@ sub add {
);
# Fixup the 'id' column that has the wrong value.
- WebGUI::SQL->write("update page set id=pageId where pageId=$newPageId");
+ WebGUI::SQL->write("update page set id=pageId where pageId=".quote($newPageId));
$self->recacheNavigation;
@@ -198,7 +199,7 @@ sub canEdit {
my (%page);
tie %page, 'Tie::CPHash';
if ($pageId ne $session{page}{pageId}) {
- %page = WebGUI::SQL->quickHash("select ownerId,groupIdEdit from page where pageId=$pageId");
+ %page = WebGUI::SQL->quickHash("select ownerId,groupIdEdit from page where pageId=".quote($pageId));
} else {
%page = %{$session{page}};
}
@@ -294,7 +295,7 @@ sub canView {
if ($pageId eq $session{page}{pageId}) {
%page = %{$session{page}};
} else {
- %page = WebGUI::SQL->quickHash("select ownerId,groupIdView,startDate,endDate from page where pageId=$pageId",WebGUI::SQL->getSlave);
+ %page = WebGUI::SQL->quickHash("select ownerId,groupIdView,startDate,endDate from page where pageId=".quote($pageId),WebGUI::SQL->getSlave);
}
if ($session{user}{userId} == $page{ownerId}) {
return 1;
@@ -501,7 +502,7 @@ sub generate {
.moveDownIcon('op=movePageDown')
.cutIcon('op=cutPage');
$var{'page.controls'} .= exportIcon('op=exportPage') if defined ($session{config}{exportPath});
- my $sth = WebGUI::SQL->read("select * from wobject where pageId=".$session{page}{pageId}." order by sequenceNumber, wobjectId",WebGUI::SQL->getSlave);
+ my $sth = WebGUI::SQL->read("select * from wobject where pageId=".quote($session{page}{pageId})." order by sequenceNumber, wobjectId",WebGUI::SQL->getSlave);
while (my $wobject = $sth->hashRef) {
my $wobjectToolbar = wobjectIcon()
.deleteIcon('func=delete&wid='.${$wobject}{wobjectId})
@@ -517,11 +518,11 @@ sub generate {
}
if (${$wobject}{namespace} eq "WobjectProxy") {
my $originalWobject = $wobject;
- my ($wobjectProxy) = WebGUI::SQL->quickHashRef("select * from WobjectProxy where wobjectId=".${$wobject}{wobjectId},WebGUI::SQL->getSlave);
+ my ($wobjectProxy) = WebGUI::SQL->quickHashRef("select * from WobjectProxy where wobjectId=".quote(${$wobject}{wobjectId}),WebGUI::SQL->getSlave);
if($wobjectProxy->{proxyByCriteria}) {
$wobjectProxy->{proxiedWobjectId} = WebGUI::MetaData::getWobjectByCriteria($wobjectProxy) || $wobjectProxy->{proxiedWobjectId};
}
- $wobject = WebGUI::SQL->quickHashRef("select * from wobject where wobject.wobjectId=".$wobjectProxy->{proxiedWobjectId},WebGUI::SQL->getSlave);
+ $wobject = WebGUI::SQL->quickHashRef("select * from wobject where wobject.wobjectId=".quote($wobjectProxy->{proxiedWobjectId}),WebGUI::SQL->getSlave);
if (${$wobject}{namespace} eq "") {
$wobject = $originalWobject;
} else {
@@ -583,7 +584,7 @@ sub generation {
from page as a,
page as b
where a.depth = b.depth and
- b.pageId = ".$self->get('pageId').
+ b.pageId = ".quote($self->get('pageId')).
" order by nestedSetLeft");
while (%row = $sth->hash) {
@@ -981,7 +982,7 @@ sub leaves_under {
page as b
where (a.nestedSetLeft between b.nestedSetLeft and b.nestedSetRight) and
(a.nestedSetRight = a.nestedSetLeft + 1)
- b.pageId = ".$self->get('pageId').
+ b.pageId = ".quote($self->get('pageId')).
" order by nestedSetLeft");
while (%row = $sth->hash) {
@@ -1016,7 +1017,7 @@ sub makeUnique {
my $pageId = $_[1] || "new";
my $where;
unless ($pageId eq "new") {
- $where .= " and pageId<>".$pageId;
+ $where .= " and pageId<>".quote($pageId);
}
my ($test) = WebGUI::SQL->quickArray("select urlizedTitle from page where urlizedTitle=".quote($url).$where);
if ($test) {
@@ -1110,7 +1111,7 @@ sub move{
WebGUI::SQL->write($sql);
# Set the parentId to the right node.
- WebGUI::SQL->write("update page set parentId=".$newMother->get('pageId')." where pageId=".$self->get('pageId'));
+ WebGUI::SQL->write("update page set parentId=".quote($newMother->get('pageId'))." where pageId=".quote($self->get('pageId')));
WebGUI::Page->recacheNavigation;
@@ -1282,7 +1283,7 @@ sub new {
no_locking => 1
);
unless (ref($properties)) {
- $properties = WebGUI::SQL->quickHashRef("select * from page where pageId=$_[1]");
+ $properties = WebGUI::SQL->quickHashRef("select * from page where pageId=".quote($_[1]));
}
return undef unless (defined $properties->{pageId});
@@ -1440,7 +1441,7 @@ sub self_and_sisters {
from page as a,
page as b
where a.parentId = b.parentId and
- b.pageId = ".$self->get('pageId').
+ b.pageId = ".quote($self->get('pageId')).
" order by nestedSetLeft");
while (%row = $sth->hash) {
push(@result, {(%row)});
@@ -1495,8 +1496,8 @@ sub sisters {
"select a.*
from page as a,
page as b
- where a.pageId !=".$self->get('pageId')." and
- a.parentId = b.parentId and b.pageId = ".$self->get('pageId').
+ where a.pageId !=".quote($self->get('pageId'))." and
+ a.parentId = b.parentId and b.pageId = ".quote($self->get('pageId')).
" order by nestedSetLeft");
while (%row = $sth->hash) {
push(@result, {(%row)});
@@ -1559,7 +1560,7 @@ sub setWithoutRecache {
$properties = $self->{_properties} unless ($properties);
if (scalar(keys(%{$properties}))) {
- WebGUI::SQL->write("update page set ".join(', ', map {"$_=".quote($properties->{$_})} keys %{$properties})." where pageId=".$self->get('pageId'));
+ WebGUI::SQL->write("update page set ".join(', ', map {"$_=".quote($properties->{$_})} keys %{$properties})." where pageId=".quote($self->get('pageId')));
}
return "";
diff --git a/lib/WebGUI/Session.pm b/lib/WebGUI/Session.pm
index d4c259fff..cb18e2a38 100644
--- a/lib/WebGUI/Session.pm
+++ b/lib/WebGUI/Session.pm
@@ -79,7 +79,7 @@ sub _setupPageInfo {
$pageName =~ s/\'//;
$pageName =~ s/\"//;
if ($pageName ne "") {
- ($pageId) = WebGUI::SQL->quickArray("select pageId from page where urlizedTitle='".$pageName."'");
+ ($pageId) = WebGUI::SQL->quickArray("select pageId from page where urlizedTitle=".quote($pageName));
if ($pageId eq "") {
$pageId = $session{setting}{notFoundPage};
if($ENV{"MOD_PERL"}) {
@@ -96,7 +96,7 @@ sub _setupPageInfo {
$pageId = $session{setting}{defaultPage};
}
}
- %page = WebGUI::SQL->quickHash("select * from page where pageId='".$pageId."'");
+ %page = WebGUI::SQL->quickHash("select * from page where pageId=".quote($pageId));
$session{page} = \%page;
}
@@ -105,7 +105,7 @@ sub _setupSessionVars {
my (%vars, $uid, $encryptedPassword);
tie %vars, 'Tie::CPHash';
if ($_[0] ne "") {
- %vars = WebGUI::SQL->quickHash("select * from userSession where sessionId='$_[0]'");
+ %vars = WebGUI::SQL->quickHash("select * from userSession where sessionId=".quote($_[0]));
if ($vars{expires} < _time() ) { #|| $vars{lastIP} ne $session{env}{REMOTE_ADDR}) { # had to remove for revolving ip proxies
%vars = ();
WebGUI::Session::end($_[0]);
@@ -127,17 +127,16 @@ sub _setupUserInfo {
my (%default, $key, %user, $uid, %profile, $value);
tie %user, 'Tie::CPHash';
$uid = $_[0] || 1;
- %user = WebGUI::SQL->quickHash("select * from users where userId='$uid'");
+ %user = WebGUI::SQL->quickHash("select * from users where userId=".quote($uid));
if ($user{userId} eq "") {
_setupUserInfo("1");
} else {
%profile = WebGUI::SQL->buildHash("select userProfileField.fieldName, userProfileData.fieldData
from userProfileData, userProfileField where userProfileData.fieldName=userProfileField.fieldName
- and userProfileData.userId='$user{userId}'");
+ and userProfileData.userId=".quote($user{userId}));
%user = (%user, %profile);
$user{language} = $session{page}{languageId} if ($user{userId} == 1 || $user{language} eq '');
- %default = WebGUI::SQL->buildHash("select fieldName, dataDefault from userProfileField
- where profileCategoryId=4");
+ %default = WebGUI::SQL->buildHash("select fieldName, dataDefault from userProfileField where profileCategoryId=4");
foreach $key (keys %default) {
if ($user{$key} eq "") {
$value = eval($default{$key});
@@ -212,7 +211,7 @@ The user for the session to become.
=cut
sub convertVisitorToUser {
- WebGUI::SQL->write("update userSession set userId=$_[1] where sessionId=".quote($_[0]));
+ WebGUI::SQL->write("update userSession set userId=".quote($_[1])." where sessionId=".quote($_[0]));
if ($session{setting}{passiveProfilingEnabled}) {
WebGUI::SQL->write("update passiveProfileLog set userId = ".quote($_[1])." where sessionId = ".quote($_[0]));
}
@@ -285,8 +284,8 @@ The session to end.
=cut
sub end {
- WebGUI::SQL->write("delete from userSession where sessionId='$_[0]'",$session{dbh});
- WebGUI::SQL->write("delete from userSessionScratch where sessionId='$_[0]'",$session{dbh});
+ WebGUI::SQL->write("delete from userSession where sessionId=".quote($_[0]),$session{dbh});
+ WebGUI::SQL->write("delete from userSessionScratch where sessionId=".quote($_[0]),$session{dbh});
if ($_[0] eq $session{var}{sessionId}) {
delete $session{user};
delete $session{isInGroup};
@@ -538,10 +537,10 @@ sub start {
$sessionId = $_[1] || _uniqueSessionId();
if (($session{setting}{proxiedClientAddress} eq "1") && ($ENV{HTTP_X_FORWARDED_FOR} ne "")) {
WebGUI::SQL->write("insert into userSession values ('$sessionId', ".
- (_time()+$session{setting}{sessionTimeout}).", "._time().", 0, '$ENV{HTTP_X_FORWARDED_FOR}', $_[0])");
+ (_time()+$session{setting}{sessionTimeout}).", "._time().", 0, '$ENV{HTTP_X_FORWARDED_FOR}', ".quote($_[0]).")");
} else {
WebGUI::SQL->write("insert into userSession values ('$sessionId', ".
- (_time()+$session{setting}{sessionTimeout}).", "._time().", 0, '$ENV{REMOTE_ADDR}', $_[0])");
+ (_time()+$session{setting}{sessionTimeout}).", "._time().", 0, '$ENV{REMOTE_ADDR}', ".quote($_[0]).")");
}
push @{$session{http}{cookie}}, $session{cgi}->cookie(
-name=>"wgSession",
diff --git a/lib/WebGUI/User.pm b/lib/WebGUI/User.pm
index 70ec0dd68..2166e168e 100644
--- a/lib/WebGUI/User.pm
+++ b/lib/WebGUI/User.pm
@@ -18,6 +18,7 @@ use strict;
use WebGUI::DateTime;
use WebGUI::Grouping;
use WebGUI::HTMLForm;
+use WebGUI::Id;
use WebGUI::International;
use WebGUI::Session;
use WebGUI::SQL;
@@ -59,8 +60,8 @@ These methods are available from this class:
#-------------------------------------------------------------------
sub _create {
my ($userId);
- $userId = getNextId("userId");
- WebGUI::SQL->write("insert into users (userId,dateCreated) values ($userId,".time().")");
+ $userId = WebGUI::Id::generate();
+ WebGUI::SQL->write("insert into users (userId,dateCreated) values (".quote($userId).",".time().")");
WebGUI::Grouping::addUsersToGroups([$userId],[2,7]);
return $userId;
}
@@ -112,7 +113,7 @@ sub authMethod {
if (defined $value) {
$class->{_user}{"authMethod"} = $value;
WebGUI::SQL->write("update users set authMethod=".quote($value).",
- lastUpdated=".time()." where userId=$class->{_userId}");
+ lastUpdated=".time()." where userId=".quote($class->{_userId}));
}
return $class->{_user}{"authMethod"};
}
@@ -139,14 +140,14 @@ Deletes this user.
sub delete {
my $class = shift;
- WebGUI::SQL->write("delete from users where userId=".$class->{_userId});
- WebGUI::SQL->write("delete from userProfileData where userId=".$class->{_userId});
+ WebGUI::SQL->write("delete from users where userId=".quote($class->{_userId}));
+ WebGUI::SQL->write("delete from userProfileData where userId=".quote($class->{_userId}));
WebGUI::Grouping::deleteUsersFromGroups([$class->{_userId}],WebGUI::Grouping::getGroupsForUser($class->{_userId}));
- WebGUI::SQL->write("delete from messageLog where userId=".$class->{_userId});
+ WebGUI::SQL->write("delete from messageLog where userId=".quote($class->{_userId}));
my $authMethod = WebGUI::Operation::Auth::getInstance($class->authMethod,$class->{_userId});
$authMethod->deleteParams($class->{_userId});
- my $sth = WebGUI::SQL->read("select sessionId from userSession where userId=$class->{_userId}");
+ my $sth = WebGUI::SQL->read("select sessionId from userSession where userId=".quote($class->{_userId}));
while (my ($sid) = $sth->array) {
WebGUI::Session::end($sid);
}
@@ -182,7 +183,7 @@ sub identifier {
if (defined $value) {
$class->{_user}{"identifier"} = $value;
WebGUI::SQL->write("update authentication set fieldData=".quote($value)."
- where userId=$class->{_userId} and authMethod='WebGUI' and fieldName='identifier'");
+ where userId=".quote($class->{_userId})." and authMethod='WebGUI' and fieldName='identifier'");
}
return $class->{_user}{"identifier"};
}
@@ -213,8 +214,8 @@ A description of why this user's karma was modified. For instance it could be "M
sub karma {
if (defined $_[1] && defined $_[2] && defined $_[3]) {
- WebGUI::SQL->write("update users set karma=karma+$_[1] where userId=".$_[0]->userId);
- WebGUI::SQL->write("insert into karmaLog values (".$_[0]->userId.",$_[1],".quote($_[2]).",".quote($_[3]).",".time().")");
+ WebGUI::SQL->write("update users set karma=karma+".quote($_[1])." where userId=".quote($_[0]->userId));
+ WebGUI::SQL->write("insert into karmaLog values (".quote($_[0]->userId).",$_[1],".quote($_[2]).",".quote($_[3]).",".time().")");
}
return $_[0]->{_user}{karma};
}
@@ -253,10 +254,10 @@ sub new {
$class = shift;
$userId = shift || 1;
$userId = _create() if ($userId eq "new");
- %user = WebGUI::SQL->quickHash("select * from users where userId='$userId'");
+ %user = WebGUI::SQL->quickHash("select * from users where userId=".quote($userId));
%profile = WebGUI::SQL->buildHash("select userProfileField.fieldName, userProfileData.fieldData
from userProfileField, userProfileData where userProfileField.fieldName=userProfileData.fieldName and
- userProfileData.userId='$user{userId}'");
+ userProfileData.userId=".quote($user{userId}));
%default = WebGUI::SQL->buildHash("select fieldName, dataDefault from userProfileField where profileCategoryId=4");
foreach $key (keys %default) {
if ($profile{$key} eq "") {
@@ -299,9 +300,9 @@ sub profileField {
$value = WebGUI::Macro::negate($value); # Len Kranendonk - 20030701: fixed security hole
if (defined $value) {
$class->{_profile}{$fieldName} = $value;
- WebGUI::SQL->write("delete from userProfileData where userId=$class->{_userId} and fieldName=".quote($fieldName));
- WebGUI::SQL->write("insert into userProfileData values ($class->{_userId}, ".quote($fieldName).", ".quote($value).")");
- WebGUI::SQL->write("update users set lastUpdated=".time()." where userId=".$class->{_userId});
+ WebGUI::SQL->write("delete from userProfileData where userId=".quote($class->{_userId})." and fieldName=".quote($fieldName));
+ WebGUI::SQL->write("insert into userProfileData values (".quote($class->{_userId}).", ".quote($fieldName).", ".quote($value).")");
+ WebGUI::SQL->write("update users set lastUpdated=".time()." where userId=".quote($class->{_userId}));
}
return $class->{_profile}{$fieldName};
}
@@ -328,8 +329,8 @@ sub referringAffiliate {
$value = shift;
if (defined $value) {
$class->{_user}{"referringAffiliate"} = $value;
- WebGUI::SQL->write("update users set referringAffiliate=".$value.",
- lastUpdated=".time()." where userId=$class->{_userId}");
+ WebGUI::SQL->write("update users set referringAffiliate=".quote($value).",
+ lastUpdated=".time()." where userId=".quote($class->{_userId}));
}
return $class->{_user}{"referringAffiliate"};
}
@@ -357,7 +358,7 @@ sub status {
if (defined $value) {
$class->{_user}{"status"} = $value;
WebGUI::SQL->write("update users set status=".quote($value).",
- lastUpdated=".time()." where userId=$class->{_userId}");
+ lastUpdated=".time()." where userId=".quote($class->{_userId}));
}
return $class->{_user}{"status"};
}
@@ -385,7 +386,7 @@ sub username {
if (defined $value) {
$class->{_user}{"username"} = $value;
WebGUI::SQL->write("update users set username=".quote($value).",
- lastUpdated=".time()." where userId=$class->{_userId}");
+ lastUpdated=".time()." where userId=".quote($class->{_userId}));
}
return $class->{_user}{"username"};
}