From 22994e8373048166b1b349732c0c745e53a82826 Mon Sep 17 00:00:00 2001 From: JT Smith Date: Thu, 12 Aug 2004 22:40:38 +0000 Subject: [PATCH] more guid stuff --- docs/upgrades/upgrade_6.1.1-6.2.0.sql | 5 ++-- lib/WebGUI/Auth.pm | 7 +++-- lib/WebGUI/Auth/LDAP.pm | 1 - lib/WebGUI/Macro/AdminBar.pm | 4 +-- lib/WebGUI/Macro/H_homeLink.pm | 2 +- lib/WebGUI/Macro/LastModified.pm | 2 +- lib/WebGUI/Macro/RandomImage.pm | 2 +- lib/WebGUI/Macro/RandomSnippet.pm | 2 +- lib/WebGUI/Macro/RootTitle.pm | 3 +- lib/WebGUI/Macro/r_printable.pm | 1 - lib/WebGUI/Operation/Clipboard.pm | 40 +++++++++++++-------------- lib/WebGUI/Operation/Package.pm | 15 +++++----- lib/WebGUI/Operation/Page.pm | 12 ++++---- lib/WebGUI/Operation/Profile.pm | 2 +- lib/WebGUI/Operation/Statistics.pm | 14 +++++----- lib/WebGUI/Operation/Trash.pm | 36 ++++++++++++------------ lib/WebGUI/Operation/User.pm | 8 +++--- lib/WebGUI/Page.pm | 33 +++++++++++----------- lib/WebGUI/Session.pm | 23 ++++++++------- lib/WebGUI/User.pm | 39 +++++++++++++------------- 20 files changed, 126 insertions(+), 125 deletions(-) diff --git a/docs/upgrades/upgrade_6.1.1-6.2.0.sql b/docs/upgrades/upgrade_6.1.1-6.2.0.sql index 3fe55fce0..46c39e299 100644 --- a/docs/upgrades/upgrade_6.1.1-6.2.0.sql +++ b/docs/upgrades/upgrade_6.1.1-6.2.0.sql @@ -252,9 +252,8 @@ alter table userProfileField change profileCategoryId profileCategoryId char(22) alter table userSession change sessionId sessionId char(22) not null; alter table userSessionScratch change sessionId sessionId char(22) not null; alter table users change referringAffiliate referringAffiliate char(22) not null; - -delete from incrementer where incrementerId in ("databaseLinkId", "DataForm_entryId", "DataForm_fieldId", "DataForm_tabId", "EventsCalendar_eventId", "EventsCalendar_recurringId", "FileManager_fileId", "forumId", "forumPostId", "forumThreadId", "groupId", "languageId", "Product_benefitId", "Product_featureId", "Product_specificationId", "replacementId", "Survey_answerId", "Survey_id", "Survey_questionId", "Survey_responseId", "USS_id", "USS_submissionId", "wobjectId"); - alter table page change lft nestedSetLeft int(11); alter table page change rgt nestedSetRight int(11); +alter table page change id id char(22); +delete from incrementer where incrementerId in ("collateralId","pageId","databaseLinkId", "DataForm_entryId", "DataForm_fieldId", "DataForm_tabId", "EventsCalendar_eventId", "EventsCalendar_recurringId", "FileManager_fileId", "forumId", "forumPostId", "forumThreadId", "groupId", "languageId", "Product_benefitId", "Product_featureId", "Product_specificationId", "replacementId", "Survey_answerId", "Survey_id", "Survey_questionId", "Survey_responseId", "USS_id", "USS_submissionId", "wobjectId"); diff --git a/lib/WebGUI/Auth.pm b/lib/WebGUI/Auth.pm index cec95022e..6455778c2 100644 --- a/lib/WebGUI/Auth.pm +++ b/lib/WebGUI/Auth.pm @@ -99,7 +99,8 @@ sub _isValidUsername { #------------------------------------------------------------------- sub _logLogin { - WebGUI::SQL->write("insert into userLoginLog values ('$_[0]','$_[1]',".time().",".quote($session{env}{REMOTE_ADDR}).",".quote($session{env}{HTTP_USER_AGENT}).")"); + WebGUI::SQL->write("insert into userLoginLog values (".quote($_[0]).",".quote($_[1]).",".time()."," + .quote($session{env}{REMOTE_ADDR}).",".quote($session{env}{HTTP_USER_AGENT}).")"); } #------------------------------------------------------------------- @@ -686,8 +687,8 @@ sub saveParams { my $self = shift; my ($uid, $authMethod, $data) = @_; foreach (keys %{$data}) { - WebGUI::SQL->write("delete from authentication where userId=$uid and authMethod=".quote($authMethod)." and fieldName=".quote($_)); - WebGUI::SQL->write("insert into authentication (userId,authMethod,fieldData,fieldName) values ($uid,".quote($authMethod).",".quote($data->{$_}).",".quote($_).")"); + WebGUI::SQL->write("delete from authentication where userId=".quote($uid)." and authMethod=".quote($authMethod)." and fieldName=".quote($_)); + WebGUI::SQL->write("insert into authentication (userId,authMethod,fieldData,fieldName) values (".quote($uid).",".quote($authMethod).",".quote($data->{$_}).",".quote($_).")"); } } diff --git a/lib/WebGUI/Auth/LDAP.pm b/lib/WebGUI/Auth/LDAP.pm index 301b95051..f534ccc7d 100644 --- a/lib/WebGUI/Auth/LDAP.pm +++ b/lib/WebGUI/Auth/LDAP.pm @@ -17,7 +17,6 @@ use WebGUI::HTMLForm; use WebGUI::Form; use WebGUI::Mail; use WebGUI::Session; -use WebGUI::SQL; use WebGUI::Utility; use WebGUI::Operation::Shared; use URI; diff --git a/lib/WebGUI/Macro/AdminBar.pm b/lib/WebGUI/Macro/AdminBar.pm index 78e73878c..c895b375d 100644 --- a/lib/WebGUI/Macro/AdminBar.pm +++ b/lib/WebGUI/Macro/AdminBar.pm @@ -87,7 +87,7 @@ sub process { $query = "select bufferDate,pageId,title from page where parentId=2 order by bufferDate"; } else { $query = "select bufferDate,pageId,title from page where parentId=2 " - ." and bufferUserId=$session{user}{userId} " + ." and bufferUserId=".quote($session{user}{userId}) ." order by bufferDate"; } $r = WebGUI::SQL->read($query); @@ -105,7 +105,7 @@ sub process { ." order by bufferDate"; } else { $query = "select bufferDate,wobjectId,title,namespace from wobject where pageId=2 " - ." and bufferUserId=$session{user}{userId} " + ." and bufferUserId=".quote($session{user}{userId}) ." order by bufferDate"; } $r = WebGUI::SQL->read($query); diff --git a/lib/WebGUI/Macro/H_homeLink.pm b/lib/WebGUI/Macro/H_homeLink.pm index de0ca279a..ef8cb4620 100644 --- a/lib/WebGUI/Macro/H_homeLink.pm +++ b/lib/WebGUI/Macro/H_homeLink.pm @@ -23,7 +23,7 @@ sub process { if ($session{setting}{defaultPage} == $session{page}{pageId}) { $temp = $session{page}{urlizedTitle}; } else { - ($temp) = WebGUI::SQL->quickArray("select urlizedTitle from page where pageId=$session{setting}{defaultPage}",WebGUI::SQL->getSlave); + ($temp) = WebGUI::SQL->quickArray("select urlizedTitle from page where pageId=".quote($session{setting}{defaultPage}),WebGUI::SQL->getSlave); } $temp = WebGUI::URL::gateway($temp); if ($param[0] ne "linkonly") { diff --git a/lib/WebGUI/Macro/LastModified.pm b/lib/WebGUI/Macro/LastModified.pm index b406d5939..fd67909d6 100644 --- a/lib/WebGUI/Macro/LastModified.pm +++ b/lib/WebGUI/Macro/LastModified.pm @@ -24,7 +24,7 @@ sub process { $format = '%z' if ($format eq ""); $output = ""; - ($time) = WebGUI::SQL->quickArray("SELECT max(lastEdited) FROM wobject where pageId=$session{page}{pageId}",WebGUI::SQL->getSlave); + ($time) = WebGUI::SQL->quickArray("SELECT max(lastEdited) FROM wobject where pageId=".quote($session{page}{pageId}),WebGUI::SQL->getSlave); if ($time) { $output = $label.epochToHuman($time,$format); } diff --git a/lib/WebGUI/Macro/RandomImage.pm b/lib/WebGUI/Macro/RandomImage.pm index a2d67163a..157da6d3b 100644 --- a/lib/WebGUI/Macro/RandomImage.pm +++ b/lib/WebGUI/Macro/RandomImage.pm @@ -27,7 +27,7 @@ sub process { $collateralFolderId = 0 unless ($collateralFolderId); } my @images = WebGUI::SQL->buildArray("select collateralId from collateral - where collateralType='image' and collateralFolderId=".$collateralFolderId,WebGUI::SQL->getSlave); + where collateralType='image' and collateralFolderId=".quote($collateralFolderId),WebGUI::SQL->getSlave); if (my $collateral = WebGUI::Collateral->new($images[rand($#images+1)])) { return 'get("parameters").' />'; } else { diff --git a/lib/WebGUI/Macro/RandomSnippet.pm b/lib/WebGUI/Macro/RandomSnippet.pm index da38dc649..ac11b7248 100644 --- a/lib/WebGUI/Macro/RandomSnippet.pm +++ b/lib/WebGUI/Macro/RandomSnippet.pm @@ -27,7 +27,7 @@ sub process { $collateralFolderId = 0 unless ($collateralFolderId); } my @snippets = WebGUI::SQL->buildArray("select collateralId from collateral - where collateralType='snippet' and collateralFolderId=".$collateralFolderId,WebGUI::SQL->getSlave); + where collateralType='snippet' and collateralFolderId=".quote($collateralFolderId),WebGUI::SQL->getSlave); if (my $collateral = WebGUI::Collateral->new($snippets[rand($#snippets+1)])) { return $collateral->get("parameters"); } else { diff --git a/lib/WebGUI/Macro/RootTitle.pm b/lib/WebGUI/Macro/RootTitle.pm index 51b844877..bbb07baa6 100644 --- a/lib/WebGUI/Macro/RootTitle.pm +++ b/lib/WebGUI/Macro/RootTitle.pm @@ -21,7 +21,8 @@ use WebGUI::URL; sub process { my ($sth, %data, $output); tie %data, 'Tie::CPHash'; - %data = WebGUI::SQL->quickHash("select pageId,parentId,title,urlizedTitle from page where pageId=".($_[0] || $session{page}{parentId}),WebGUI::SQL->getSlave); + my $pageid = $_[0] || $session{page}{parentId}; + %data = WebGUI::SQL->quickHash("select pageId,parentId,title,urlizedTitle from page where pageId=".quote($pageId),WebGUI::SQL->getSlave); if ($data{parentId} == 0) { $output = $data{title} || $session{page}{title}; } else { diff --git a/lib/WebGUI/Macro/r_printable.pm b/lib/WebGUI/Macro/r_printable.pm index e5e8b174d..86e91ecc4 100644 --- a/lib/WebGUI/Macro/r_printable.pm +++ b/lib/WebGUI/Macro/r_printable.pm @@ -14,7 +14,6 @@ use strict; use WebGUI::International; use WebGUI::Macro; use WebGUI::Session; -use WebGUI::SQL; use WebGUI::Template; use WebGUI::URL; use WebGUI::Utility; diff --git a/lib/WebGUI/Operation/Clipboard.pm b/lib/WebGUI/Operation/Clipboard.pm index e0eacd8d5..0a6124851 100644 --- a/lib/WebGUI/Operation/Clipboard.pm +++ b/lib/WebGUI/Operation/Clipboard.pm @@ -79,19 +79,19 @@ sub www_deleteClipboardItemConfirm { if ( ($session{setting}{sharedClipboard} eq "1") || (WebGUI::Grouping::isInGroup(3)) ) { WebGUI::SQL->write("update wobject set pageId=3, " ."bufferDate=".time().", " - ."bufferUserId=".$session{user}{userId} .", " + ."bufferUserId=".quote($session{user}{userId}) .", " ."bufferPrevId=2 " ."where pageId=2 " - ."and wobjectId=" . $session{form}{wid} + ."and wobjectId=" . quote($session{form}{wid}) ); } else { WebGUI::SQL->write("update wobject set pageId=3, " ."bufferDate=".time().", " - ."bufferUserId=".$session{user}{userId} .", " + ."bufferUserId=".quote($session{user}{userId}) .", " ."bufferPrevId=2 " ."where pageId=2 " - ."and wobjectId=" . $session{form}{wid} ." " - ."and bufferUserId=".$session{user}{userId} + ."and wobjectId=" . quote($session{form}{wid}) ." " + ."and bufferUserId=".quote($session{user}{userId}) ); } WebGUI::ErrorHandler::audit("moved wobject ". $session{form}{wid} ." from clipboard to trash"); @@ -99,15 +99,15 @@ sub www_deleteClipboardItemConfirm { if ( ($session{setting}{sharedClipboard} eq "1") || (WebGUI::Grouping::isInGroup(3)) ) { WebGUI::SQL->write("update page set parentId=3, " ."bufferDate=".time().", " - ."bufferUserId=".$session{user}{userId} .", " + ."bufferUserId=".quote($session{user}{userId}) .", " ."bufferPrevId=2 " ."where parentId=2 " - ."and pageId=".$session{form}{pageId} + ."and pageId=".quote($session{form}{pageId}) ); } else { WebGUI::SQL->write("update page set parentId=3, " ."bufferDate=".time().", " - ."bufferUserId=".$session{user}{userId} .", " + ."bufferUserId=".quote($session{user}{userId}) .", " ."bufferPrevId=2 " ."where parentId=2 " ."and pageId=".$session{form}{pageId} ." " @@ -154,28 +154,28 @@ sub www_emptyClipboardConfirm { if ($allUsers eq "1") { WebGUI::SQL->write("update page set parentId=3, " ."bufferDate=".time().", " - ."bufferUserId=".$session{user}{userId} .", " + ."bufferUserId=".quote($session{user}{userId}) .", " ."bufferPrevId=2 " ."where parentId=2 "); WebGUI::SQL->write("update wobject set pageId=3, " ."bufferDate=".time().", " - ."bufferUserId=".$session{user}{userId} .", " + ."bufferUserId=".quote($session{user}{userId}) .", " ."bufferPrevId=2 " ."where pageId=2 "); WebGUI::ErrorHandler::audit("emptied clipboard to trash"); } else { WebGUI::SQL->write("update page set parentId=3, " ."bufferDate=".time().", " - ."bufferUserId=".$session{user}{userId} .", " + ."bufferUserId=".quote($session{user}{userId}) .", " ."bufferPrevId=2 " ."where parentId=2 " - ."and bufferUserId=".$session{user}{userId}); + ."and bufferUserId=".quote($session{user}{userId})); WebGUI::SQL->write("update wobject set pageId=3, " ."bufferDate=".time().", " - ."bufferUserId=".$session{user}{userId} .", " + ."bufferUserId=".quote($session{user}{userId}) .", " ."bufferPrevId=2 " ."where pageId=2 " - ."and bufferUserId=".$session{user}{userId}); + ."and bufferUserId=".quote($session{user}{userId})); WebGUI::ErrorHandler::audit("emptied user clipboard to trash"); } WebGUI::Session::refreshPageInfo($session{page}{pageId}); @@ -209,7 +209,7 @@ sub www_manageClipboard { } else { $sth = WebGUI::SQL->read("select pageId,title,urlizedTitle,bufferUserId,bufferDate,bufferPrevId " ."from page where parentId=2 and bufferUserId=" - . $session{user}{userId} . " order by bufferDate"); + . quote($session{user}{userId}) . " order by bufferDate"); } while (@data = $sth->array) { my ($pageId,$title,$urlizedTitle,$bufferUserId,$bufferDate,$bufferPrevId,$url,$htmlData); @@ -220,7 +220,7 @@ sub www_manageClipboard { $bufferUserId = $data[3]; if ($bufferUserId ne "") { - my ($bufferUsername) = WebGUI::SQL->quickArray("select username from users where userId=".$bufferUserId); + my ($bufferUsername) = WebGUI::SQL->quickArray("select username from users where userId=".quote($bufferUserId)); $bufferUserId = '' .$bufferUsername .''; } @@ -228,7 +228,7 @@ sub www_manageClipboard { $bufferPrevId = $data[5]; if ($bufferPrevId ne "") { ($bufferPrevId,$url) = WebGUI::SQL->quickArray("select title,urlizedTitle " - ."from page where pageId=".$bufferPrevId); + ."from page where pageId=".quote($bufferPrevId)); if ($url ne "") { $bufferPrevId = '' .$bufferPrevId .''; } @@ -261,7 +261,7 @@ sub www_manageClipboard { } else { $sth = WebGUI::SQL->read("select wobjectId,namespace,title,bufferUserId,bufferDate,bufferPrevId " . "from wobject where pageId=2 and bufferUserId=" - . $session{user}{userId} ." order by bufferDate"); + . quote($session{user}{userId}) ." order by bufferDate"); } while (@data = $sth->array) { my ($wobjectId,$namespace,$title,$bufferUserId,$bufferDate,$bufferPrevId,$url,$htmlData); @@ -274,7 +274,7 @@ sub www_manageClipboard { $bufferPrevId = $data[5]; if ($bufferPrevId ne "") { ($bufferPrevId,$url) = WebGUI::SQL->quickArray("select title,urlizedTitle " - ."from page where pageId=".$bufferPrevId); + ."from page where pageId=".quote($bufferPrevId)); if ($url ne "") { $bufferPrevId = '' .$bufferPrevId .''; } @@ -283,7 +283,7 @@ sub www_manageClipboard { $bufferUserId = $data[3]; if ($bufferUserId ne "") { - my ($bufferUsername) = WebGUI::SQL->quickArray("select username from users where userId=".$bufferUserId); + my ($bufferUsername) = WebGUI::SQL->quickArray("select username from users where userId=".quote($bufferUserId)); $bufferUserId = '' .$bufferUsername .''; } diff --git a/lib/WebGUI/Operation/Package.pm b/lib/WebGUI/Operation/Package.pm index 9be81123c..81faea331 100644 --- a/lib/WebGUI/Operation/Package.pm +++ b/lib/WebGUI/Operation/Package.pm @@ -13,6 +13,7 @@ package WebGUI::Operation::Package; use Exporter; use strict qw(vars subs); use WebGUI::Icon; +use WebGUI::Id; use WebGUI::Page; use WebGUI::Privilege; use WebGUI::Session; @@ -26,7 +27,7 @@ our @EXPORT = qw(&www_deployPackage ); sub _duplicateWobjects { my (%properties); tie %properties, 'Tie::CPHash'; - my $sth = WebGUI::SQL->read("select * from wobject where pageId=$_[0] order by sequenceNumber"); + my $sth = WebGUI::SQL->read("select * from wobject where pageId=".quote($_[0])." order by sequenceNumber"); while (my $wobject = $sth->hashRef) { my $cmd = "WebGUI::Wobject::".${$wobject}{namespace}; my $load = "use ".$cmd; @@ -43,12 +44,12 @@ sub _recursePageTree { my ($a, %package, %newParent, $newPageId, $sequenceNumber, $urlizedTitle); tie %newParent, 'Tie::CPHash'; tie %package, 'Tie::CPHash'; - %newParent = WebGUI::SQL->quickHash("select * from page where pageId=$_[1]"); + %newParent = WebGUI::SQL->quickHash("select * from page where pageId=".quote($_[1])); _duplicateWobjects($_[0],$_[1]); - ($sequenceNumber) = WebGUI::SQL->quickArray("select max(sequenceNumber) from page where parentId=$_[1]"); - $a = WebGUI::SQL->read("select * from page where parentId=$_[0] order by sequenceNumber"); + ($sequenceNumber) = WebGUI::SQL->quickArray("select max(sequenceNumber) from page where parentId=".quote($_[1])); + $a = WebGUI::SQL->read("select * from page where parentId=".quote($_[0])." order by sequenceNumber"); while (%package = $a->hash) { - $newPageId = getNextId("pageId"); + $newPageId = WebGUI::Id::generate(); $sequenceNumber++; $urlizedTitle = WebGUI::Page::makeUnique($package{urlizedTitle}); WebGUI::SQL->write("insert into page ( @@ -82,7 +83,7 @@ sub _recursePageTree { wobjectPrivileges ) values ( $newPageId, - $_[1], + ".quote($_[1]).", ".quote($package{title}).", $newParent{styleId}, $session{user}{userId}, @@ -107,7 +108,7 @@ sub _recursePageTree { $package{newWindow}, $package{cacheTimeout}, $package{cacheTimeoutVisitor}, - $package{printableStyleId}, + ".quote($package{printableStyleId}).", $package{wobjectPrivileges} )"); _recursePageTree($package{pageId},$newPageId); diff --git a/lib/WebGUI/Operation/Page.pm b/lib/WebGUI/Operation/Page.pm index a46565cde..8c841b2ff 100644 --- a/lib/WebGUI/Operation/Page.pm +++ b/lib/WebGUI/Operation/Page.pm @@ -215,7 +215,7 @@ sub _traversePageTree { .moveRightIcon(sprintf('op=moveTreePageRight&pageId=%s',$currentPageId), $currentUrlizedTitle) .editIcon('op=editPage', $currentUrlizedTitle) .' '.$currentPage->get('title').'
'; - $wobjects = WebGUI::SQL->read("select * from wobject where pageId=$currentPageId"); + $wobjects = WebGUI::SQL->read("select * from wobject where pageId=".quote($currentPageId)); while (%wobject = $wobjects->hash) { $output .= $spacer x $options->{_depth} . $spacer .wobjectIcon() @@ -338,7 +338,7 @@ sub www_editPage { if ($buildFromPage == 0) { $buildFromPage = $session{setting}{defaultPage}; } - %page = WebGUI::SQL->quickHash("select * from page where pageId=$buildFromPage"); + %page = WebGUI::SQL->quickHash("select * from page where pageId=".quote($buildFromPage)); $page{templateId} = 1; $page{pageId} = "new"; $page{title} = $page{menuTitle} = $page{urlizedTitle} = $page{synopsis} = ''; @@ -349,7 +349,7 @@ sub www_editPage { $page{redirectURL} = ""; } else { %page = %{$session{page}}; - ($childCount) = WebGUI::SQL->quickArray("select count(*) from page where parentId=$page{pageId}"); + ($childCount) = WebGUI::SQL->quickArray("select count(*) from page where parentId=".quote($page{pageId})); } $page{endDate} = (addToDate(time(),10)) if ($page{endDate} < 0); $output = helpIcon("page add/edit"); @@ -487,9 +487,9 @@ sub www_editPage { if (WebGUI::Grouping::isInGroup(3)) { my $contentManagers = WebGUI::Grouping::getUsersInGroup(4,1); push (@$contentManagers, $session{user}{userId}); - $clause = "userId in (".join(",",@$contentManagers).")"; + $clause = "userId in (".quoteAndJoin($contentManagers).")"; } else { - $clause = "userId=$page{ownerId}"; + $clause = "userId=".quote($page{ownerId}); } my $users = WebGUI::SQL->buildHashRef("select userId,username from users where $clause order by username"); $f->getTab("privileges")->select( @@ -598,7 +598,7 @@ sub www_editPageSave { synopsis => $session{form}{synopsis} }); unless ($session{form}{pageId} == 'new') { - WebGUI::SQL->write("update wobject set templatePosition=1 where pageId=$session{form}{pageId} + WebGUI::SQL->write("update wobject set templatePosition=1 where pageId=".quote($session{form}{pageId})." and templatePosition>".WebGUI::Page::countTemplatePositions($session{form}{templateId})); } _recursivelyChangeProperties($page) if ($session{form}{recursePrivs} || $session{form}{recurseStyle}); diff --git a/lib/WebGUI/Operation/Profile.pm b/lib/WebGUI/Operation/Profile.pm index 1b3df18e7..0989bf9be 100644 --- a/lib/WebGUI/Operation/Profile.pm +++ b/lib/WebGUI/Operation/Profile.pm @@ -98,7 +98,7 @@ sub getRequiredProfileFields { sub isDuplicateEmail { my $email = shift; - my ($otherEmail) = WebGUI::SQL->quickArray("select count(*) from userProfileData where fieldName='email' and fieldData = ".quote($email)." and userId <> ".$session{user}{userId}); + my ($otherEmail) = WebGUI::SQL->quickArray("select count(*) from userProfileData where fieldName='email' and fieldData = ".quote($email)." and userId <> ".quote($session{user}{userId})); return ($otherEmail > 0); } diff --git a/lib/WebGUI/Operation/Statistics.pm b/lib/WebGUI/Operation/Statistics.pm index da2d6008e..34e63d729 100644 --- a/lib/WebGUI/Operation/Statistics.pm +++ b/lib/WebGUI/Operation/Statistics.pm @@ -174,25 +174,25 @@ sub www_viewStatistics { $version = ''.$version.''; } $output .= ''.WebGUI::International::get(349).':'.$version.''; - ($data) = WebGUI::SQL->quickArray("select count(*) from page where parentId>1000 and parentId<>3"); + ($data) = WebGUI::SQL->quickArray("select count(*) from page where parentId<>3"); $output .= ''.WebGUI::International::get(147).':'.$data.''; - ($data) = WebGUI::SQL->quickArray("select count(*) from page where parentId>1000 and parentId=0"); + ($data) = WebGUI::SQL->quickArray("select count(*) from page where parentId=0"); $output .= ''.WebGUI::International::get(795).':'.$data.''; ($data) = WebGUI::SQL->quickArray("select count(*) from page where parentId=5"); $output .= ''.WebGUI::International::get(794).':'.$data.''; - ($data) = WebGUI::SQL->quickArray("select count(*) from wobject where wobjectId > 0 and pageId<>3"); + ($data) = WebGUI::SQL->quickArray("select count(*) from wobject where pageId<>3"); $output .= ''.WebGUI::International::get(148).':'.$data.''; - ($data) = WebGUI::SQL->quickArray("select count(*) from template where templateId>1000 and namespace='style'"); + ($data) = WebGUI::SQL->quickArray("select count(*) from template where namespace='style'"); $output .= ''.WebGUI::International::get(427).':'.$data.''; - ($data) = WebGUI::SQL->quickArray("select count(*) from template where templateId>1000 and namespace<>'style'"); + ($data) = WebGUI::SQL->quickArray("select count(*) from template where namespace<>'style'"); $output .= ''.WebGUI::International::get(792).':'.$data.''; ($data) = WebGUI::SQL->quickArray("select count(*) from collateral"); $output .= ''.WebGUI::International::get(793).':'.$data.''; ($data) = WebGUI::SQL->quickArray("select count(*) from userSession"); $output .= ''.WebGUI::International::get(146).':'.$data.''; - ($data) = WebGUI::SQL->quickArray("select count(*) from users where userId>25"); + ($data) = WebGUI::SQL->quickArray("select count(*) from users"); $output .= ''.WebGUI::International::get(149).':'.$data.''; - ($data) = WebGUI::SQL->quickArray("select count(*) from groups where groupId>25"); + ($data) = WebGUI::SQL->quickArray("select count(*) from groups"); $output .= ''.WebGUI::International::get(89).':'.$data.''; $output .= ''; return _submenu($output); diff --git a/lib/WebGUI/Operation/Trash.pm b/lib/WebGUI/Operation/Trash.pm index 04d915b99..b9045e42c 100644 --- a/lib/WebGUI/Operation/Trash.pm +++ b/lib/WebGUI/Operation/Trash.pm @@ -37,10 +37,10 @@ sub _purgeUserTrash { #WebGUI::ErrorHandler::audit("emptying user trash"); # Delete wobjects - $b = WebGUI::SQL->read("select * from wobject where pageId=3 and bufferUserId=" . $userId); + $b = WebGUI::SQL->read("select * from wobject where pageId=3 and bufferUserId=" . quote($userId)); while ($base = $b->hashRef) { $extended = WebGUI::SQL->quickHashRef("select * from ".$base->{namespace}." - where wobjectId=".$base->{wobjectId}); + where wobjectId=".quote($base->{wobjectId})); %properties = (%{$base}, %{$extended}); $cmd = "WebGUI::Wobject::".$properties{namespace}; my $load = "use ".$cmd; @@ -68,10 +68,10 @@ sub _purgeUserTrash { sub _purgeWobject { my (%properties, $base, $extended, $b, $wobjectId, $namespace, $w, $cmd); tie %properties, 'Tie::CPHash'; - $b = WebGUI::SQL->read("select * from wobject where wobjectId=$_[0]"); + $b = WebGUI::SQL->read("select * from wobject where wobjectId=".quote($_[0])); while ($base = $b->hashRef) { $extended = WebGUI::SQL->quickHashRef("select * from ".$base->{namespace}." - where wobjectId=".$base->{wobjectId}); + where wobjectId=".quote($base->{wobjectId})); %properties = (%{$base}, %{$extended}); $cmd = "WebGUI::Wobject::".$properties{namespace}; my $load = "use ".$cmd; @@ -87,10 +87,10 @@ sub _purgeWobject { sub _purgeWobjects { my (%properties, $base, $extended, $b, $wobjectId, $namespace, $w, $cmd); tie %properties, 'Tie::CPHash'; - $b = WebGUI::SQL->read("select * from wobject where pageId=$_[0]"); + $b = WebGUI::SQL->read("select * from wobject where pageId=".quote($_[0])); while ($base = $b->hashRef) { $extended = WebGUI::SQL->quickHashRef("select * from ".$base->{namespace}." - where wobjectId=".$base->{wobjectId}); + where wobjectId=".quote($base->{wobjectId})); %properties = (%{$base}, %{$extended}); $cmd = "WebGUI::Wobject::".$properties{namespace}; my $load = "use ".$cmd; @@ -105,11 +105,11 @@ sub _purgeWobjects { #------------------------------------------------------------------- sub _recursePageTree { my ($a, $pageId); - $a = WebGUI::SQL->read("select pageId from page where parentId=$_[0]"); + $a = WebGUI::SQL->read("select pageId from page where parentId=".quote($_[0])); while (($pageId) = $a->array) { _recursePageTree($pageId); _purgeWobjects($pageId); - WebGUI::SQL->write("delete from page where pageId=$pageId"); + WebGUI::SQL->write("delete from page where pageId=".quote($pageId)); } $a->finish; } @@ -138,14 +138,14 @@ sub www_cutTrashItem { if ($session{form}{wid} ne "") { if ( ($session{setting}{sharedTrash} ne "1") && (!(WebGUI::Grouping::isInGroup(3)) ) ) { my ($bufferUserId) = WebGUI::SQL->quickArray("select bufferUserId from wobject " - ."where wobjectId=" .$session{form}{wid}); + ."where wobjectId=" .quote($session{form}{wid})); return WebGUI::Privilege::insufficient() unless ($bufferUserId eq $session{user}{userId}); } WebGUI::SQL->write("update wobject set pageId=2, " - ."bufferUserId=". $session{user}{userId} .", " + ."bufferUserId=". quote($session{user}{userId}) .", " ."bufferDate=". time() .", " ."bufferPrevId=3 " - ."where wobjectId=" .$session{form}{wid}); + ."where wobjectId=" .quote($session{form}{wid})); WebGUI::ErrorHandler::audit("moved wobject ". $session{form}{wid} ." from trash to clipboard"); } elsif ($session{form}{pageId} ne "") { my $page = WebGUI::Page->getPage($session{form}{pageId}); @@ -195,7 +195,7 @@ sub www_deleteTrashItemConfirm { _purgeWobject($session{form}{wid}); } else { my ($bufferUserId) = WebGUI::SQL->quickArray("select bufferUserId from wobject " - ."where wobjectId=" .$session{form}{wid}); + ."where wobjectId=" .quote($session{form}{wid})); return WebGUI::Privilege::insufficient() unless ($bufferUserId eq $session{user}{userId}); _purgeWobject($session{form}{wid}); } @@ -298,7 +298,7 @@ sub www_manageTrash { } else { $sth = WebGUI::SQL->read("select pageId,title,urlizedTitle,bufferUserId,bufferDate,bufferPrevId " ."from page where parentId=3 and bufferUserId=" - . $session{user}{userId} . " order by bufferDate"); + . quote($session{user}{userId}) . " order by bufferDate"); } while (@data = $sth->array) { my ($pageId,$title,$urlizedTitle,$bufferUserId,$bufferDate,$bufferPrevId,$url,$htmlData); @@ -309,7 +309,7 @@ sub www_manageTrash { $bufferUserId = $data[3]; if ($bufferUserId ne "") { - my ($bufferUsername) = WebGUI::SQL->quickArray("select username from users where userId=".$bufferUserId); + my ($bufferUsername) = WebGUI::SQL->quickArray("select username from users where userId=".quote($bufferUserId)); $bufferUserId = '' .$bufferUsername .''; } @@ -317,7 +317,7 @@ sub www_manageTrash { $bufferPrevId = $data[5]; if ($bufferPrevId ne "") { ($bufferPrevId,$url) = WebGUI::SQL->quickArray("select title,urlizedTitle " - ."from page where pageId=".$bufferPrevId); + ."from page where pageId=".quote($bufferPrevId)); if ($url ne "") { $bufferPrevId = '' .$bufferPrevId .''; } @@ -350,7 +350,7 @@ sub www_manageTrash { } else { $sth = WebGUI::SQL->read("select wobjectId,namespace,title,bufferUserId,bufferDate,bufferPrevId " . "from wobject where pageId=3 and bufferUserId=" - . $session{user}{userId} ." order by bufferDate"); + . quote($session{user}{userId}) ." order by bufferDate"); } while (@data = $sth->array) { my ($wobjectId,$namespace,$title,$bufferUserId,$bufferDate,$bufferPrevId,$url,$htmlData); @@ -363,7 +363,7 @@ sub www_manageTrash { $bufferPrevId = $data[5]; if ($bufferPrevId ne "") { ($bufferPrevId,$url) = WebGUI::SQL->quickArray("select title,urlizedTitle " - ."from page where pageId=".$bufferPrevId); + ."from page where pageId=".quote($bufferPrevId)); if ($url ne "") { $bufferPrevId = '' .$bufferPrevId .''; } @@ -372,7 +372,7 @@ sub www_manageTrash { $bufferUserId = $data[3]; if ($bufferUserId ne "") { - my ($bufferUsername) = WebGUI::SQL->quickArray("select username from users where userId=".$bufferUserId); + my ($bufferUsername) = WebGUI::SQL->quickArray("select username from users where userId=".quote($bufferUserId)); $bufferUserId = '' .$bufferUsername .''; } diff --git a/lib/WebGUI/Operation/User.pm b/lib/WebGUI/Operation/User.pm index f44a19e84..fe676658e 100644 --- a/lib/WebGUI/Operation/User.pm +++ b/lib/WebGUI/Operation/User.pm @@ -86,7 +86,7 @@ sub doUserSearch { my $sql = "select users.userId, users.username, users.status, users.dateCreated, users.lastUpdated, email.fieldData as email from users left join userProfileData email on users.userId=email.userId and email.fieldName='email' where $selectedStatus and (users.username like ".$keyword." or email.fieldData like ".$keyword.") - and users.userId not in (".join(",",@{$userFilter}).") order by users.username"; + and users.userId not in (".quoteAndJoin($userFilter).") order by users.username"; if ($returnPaginator) { my $p = WebGUI::Paginator->new(WebGUI::URL::page($op)); $p->setDataByQuery($sql); @@ -272,7 +272,7 @@ sub www_deleteGrouping { sub www_deleteUser { my ($output); return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3)); - if ($session{form}{uid} < 26) { + if ($session{form}{uid} == 1 || $session{form}{uid} == 3) { return WebGUI::Privilege::vitalComponent(); } else { $output .= helpIcon("user delete"); @@ -290,7 +290,7 @@ sub www_deleteUser { sub www_deleteUserConfirm { return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3)); my ($u); - if ($session{form}{uid} < 26) { + if ($session{form}{uid} == 1 || $session{form}{uid} == 3) { return WebGUI::Privilege::vitalComponent(); } else { $u = WebGUI::User->new($session{form}{uid}); @@ -504,7 +504,7 @@ sub www_editUserProfile { $f = WebGUI::HTMLForm->new; $f->hidden("op","editUserProfileSave"); $f->hidden("uid",$session{form}{uid}); - %user = WebGUI::SQL->buildHash("select fieldName,fieldData from userProfileData where userId=$session{form}{uid}"); + %user = WebGUI::SQL->buildHash("select fieldName,fieldData from userProfileData where userId=".quote($session{form}{uid})); $a = WebGUI::SQL->read("select * from userProfileField,userProfileCategory where userProfileField.profileCategoryId=userProfileCategory.profileCategoryId order by userProfileCategory.sequenceNumber,userProfileField.sequenceNumber"); diff --git a/lib/WebGUI/Page.pm b/lib/WebGUI/Page.pm index 4d55a7417..617ed07a8 100644 --- a/lib/WebGUI/Page.pm +++ b/lib/WebGUI/Page.pm @@ -24,6 +24,7 @@ use WebGUI::Grouping; use WebGUI::HTMLForm; use WebGUI::HTTP; use WebGUI::Icon; +use WebGUI::Id; use WebGUI::Macro; use WebGUI::Session; use WebGUI::SQL; @@ -145,7 +146,7 @@ sub add { my ($self, $page, $newPageId); $self = shift; - $newPageId = getNextId('pageId'); + $newPageId = WebGUI::Id::generate(); $self->add_child_to_right( id =>$self->get('pageId'), pageId =>$newPageId, @@ -154,7 +155,7 @@ sub add { ); # Fixup the 'id' column that has the wrong value. - WebGUI::SQL->write("update page set id=pageId where pageId=$newPageId"); + WebGUI::SQL->write("update page set id=pageId where pageId=".quote($newPageId)); $self->recacheNavigation; @@ -198,7 +199,7 @@ sub canEdit { my (%page); tie %page, 'Tie::CPHash'; if ($pageId ne $session{page}{pageId}) { - %page = WebGUI::SQL->quickHash("select ownerId,groupIdEdit from page where pageId=$pageId"); + %page = WebGUI::SQL->quickHash("select ownerId,groupIdEdit from page where pageId=".quote($pageId)); } else { %page = %{$session{page}}; } @@ -294,7 +295,7 @@ sub canView { if ($pageId eq $session{page}{pageId}) { %page = %{$session{page}}; } else { - %page = WebGUI::SQL->quickHash("select ownerId,groupIdView,startDate,endDate from page where pageId=$pageId",WebGUI::SQL->getSlave); + %page = WebGUI::SQL->quickHash("select ownerId,groupIdView,startDate,endDate from page where pageId=".quote($pageId),WebGUI::SQL->getSlave); } if ($session{user}{userId} == $page{ownerId}) { return 1; @@ -501,7 +502,7 @@ sub generate { .moveDownIcon('op=movePageDown') .cutIcon('op=cutPage'); $var{'page.controls'} .= exportIcon('op=exportPage') if defined ($session{config}{exportPath}); - my $sth = WebGUI::SQL->read("select * from wobject where pageId=".$session{page}{pageId}." order by sequenceNumber, wobjectId",WebGUI::SQL->getSlave); + my $sth = WebGUI::SQL->read("select * from wobject where pageId=".quote($session{page}{pageId})." order by sequenceNumber, wobjectId",WebGUI::SQL->getSlave); while (my $wobject = $sth->hashRef) { my $wobjectToolbar = wobjectIcon() .deleteIcon('func=delete&wid='.${$wobject}{wobjectId}) @@ -517,11 +518,11 @@ sub generate { } if (${$wobject}{namespace} eq "WobjectProxy") { my $originalWobject = $wobject; - my ($wobjectProxy) = WebGUI::SQL->quickHashRef("select * from WobjectProxy where wobjectId=".${$wobject}{wobjectId},WebGUI::SQL->getSlave); + my ($wobjectProxy) = WebGUI::SQL->quickHashRef("select * from WobjectProxy where wobjectId=".quote(${$wobject}{wobjectId}),WebGUI::SQL->getSlave); if($wobjectProxy->{proxyByCriteria}) { $wobjectProxy->{proxiedWobjectId} = WebGUI::MetaData::getWobjectByCriteria($wobjectProxy) || $wobjectProxy->{proxiedWobjectId}; } - $wobject = WebGUI::SQL->quickHashRef("select * from wobject where wobject.wobjectId=".$wobjectProxy->{proxiedWobjectId},WebGUI::SQL->getSlave); + $wobject = WebGUI::SQL->quickHashRef("select * from wobject where wobject.wobjectId=".quote($wobjectProxy->{proxiedWobjectId}),WebGUI::SQL->getSlave); if (${$wobject}{namespace} eq "") { $wobject = $originalWobject; } else { @@ -583,7 +584,7 @@ sub generation { from page as a, page as b where a.depth = b.depth and - b.pageId = ".$self->get('pageId'). + b.pageId = ".quote($self->get('pageId')). " order by nestedSetLeft"); while (%row = $sth->hash) { @@ -981,7 +982,7 @@ sub leaves_under { page as b where (a.nestedSetLeft between b.nestedSetLeft and b.nestedSetRight) and (a.nestedSetRight = a.nestedSetLeft + 1) - b.pageId = ".$self->get('pageId'). + b.pageId = ".quote($self->get('pageId')). " order by nestedSetLeft"); while (%row = $sth->hash) { @@ -1016,7 +1017,7 @@ sub makeUnique { my $pageId = $_[1] || "new"; my $where; unless ($pageId eq "new") { - $where .= " and pageId<>".$pageId; + $where .= " and pageId<>".quote($pageId); } my ($test) = WebGUI::SQL->quickArray("select urlizedTitle from page where urlizedTitle=".quote($url).$where); if ($test) { @@ -1110,7 +1111,7 @@ sub move{ WebGUI::SQL->write($sql); # Set the parentId to the right node. - WebGUI::SQL->write("update page set parentId=".$newMother->get('pageId')." where pageId=".$self->get('pageId')); + WebGUI::SQL->write("update page set parentId=".quote($newMother->get('pageId'))." where pageId=".quote($self->get('pageId'))); WebGUI::Page->recacheNavigation; @@ -1282,7 +1283,7 @@ sub new { no_locking => 1 ); unless (ref($properties)) { - $properties = WebGUI::SQL->quickHashRef("select * from page where pageId=$_[1]"); + $properties = WebGUI::SQL->quickHashRef("select * from page where pageId=".quote($_[1])); } return undef unless (defined $properties->{pageId}); @@ -1440,7 +1441,7 @@ sub self_and_sisters { from page as a, page as b where a.parentId = b.parentId and - b.pageId = ".$self->get('pageId'). + b.pageId = ".quote($self->get('pageId')). " order by nestedSetLeft"); while (%row = $sth->hash) { push(@result, {(%row)}); @@ -1495,8 +1496,8 @@ sub sisters { "select a.* from page as a, page as b - where a.pageId !=".$self->get('pageId')." and - a.parentId = b.parentId and b.pageId = ".$self->get('pageId'). + where a.pageId !=".quote($self->get('pageId'))." and + a.parentId = b.parentId and b.pageId = ".quote($self->get('pageId')). " order by nestedSetLeft"); while (%row = $sth->hash) { push(@result, {(%row)}); @@ -1559,7 +1560,7 @@ sub setWithoutRecache { $properties = $self->{_properties} unless ($properties); if (scalar(keys(%{$properties}))) { - WebGUI::SQL->write("update page set ".join(', ', map {"$_=".quote($properties->{$_})} keys %{$properties})." where pageId=".$self->get('pageId')); + WebGUI::SQL->write("update page set ".join(', ', map {"$_=".quote($properties->{$_})} keys %{$properties})." where pageId=".quote($self->get('pageId'))); } return ""; diff --git a/lib/WebGUI/Session.pm b/lib/WebGUI/Session.pm index d4c259fff..cb18e2a38 100644 --- a/lib/WebGUI/Session.pm +++ b/lib/WebGUI/Session.pm @@ -79,7 +79,7 @@ sub _setupPageInfo { $pageName =~ s/\'//; $pageName =~ s/\"//; if ($pageName ne "") { - ($pageId) = WebGUI::SQL->quickArray("select pageId from page where urlizedTitle='".$pageName."'"); + ($pageId) = WebGUI::SQL->quickArray("select pageId from page where urlizedTitle=".quote($pageName)); if ($pageId eq "") { $pageId = $session{setting}{notFoundPage}; if($ENV{"MOD_PERL"}) { @@ -96,7 +96,7 @@ sub _setupPageInfo { $pageId = $session{setting}{defaultPage}; } } - %page = WebGUI::SQL->quickHash("select * from page where pageId='".$pageId."'"); + %page = WebGUI::SQL->quickHash("select * from page where pageId=".quote($pageId)); $session{page} = \%page; } @@ -105,7 +105,7 @@ sub _setupSessionVars { my (%vars, $uid, $encryptedPassword); tie %vars, 'Tie::CPHash'; if ($_[0] ne "") { - %vars = WebGUI::SQL->quickHash("select * from userSession where sessionId='$_[0]'"); + %vars = WebGUI::SQL->quickHash("select * from userSession where sessionId=".quote($_[0])); if ($vars{expires} < _time() ) { #|| $vars{lastIP} ne $session{env}{REMOTE_ADDR}) { # had to remove for revolving ip proxies %vars = (); WebGUI::Session::end($_[0]); @@ -127,17 +127,16 @@ sub _setupUserInfo { my (%default, $key, %user, $uid, %profile, $value); tie %user, 'Tie::CPHash'; $uid = $_[0] || 1; - %user = WebGUI::SQL->quickHash("select * from users where userId='$uid'"); + %user = WebGUI::SQL->quickHash("select * from users where userId=".quote($uid)); if ($user{userId} eq "") { _setupUserInfo("1"); } else { %profile = WebGUI::SQL->buildHash("select userProfileField.fieldName, userProfileData.fieldData from userProfileData, userProfileField where userProfileData.fieldName=userProfileField.fieldName - and userProfileData.userId='$user{userId}'"); + and userProfileData.userId=".quote($user{userId})); %user = (%user, %profile); $user{language} = $session{page}{languageId} if ($user{userId} == 1 || $user{language} eq ''); - %default = WebGUI::SQL->buildHash("select fieldName, dataDefault from userProfileField - where profileCategoryId=4"); + %default = WebGUI::SQL->buildHash("select fieldName, dataDefault from userProfileField where profileCategoryId=4"); foreach $key (keys %default) { if ($user{$key} eq "") { $value = eval($default{$key}); @@ -212,7 +211,7 @@ The user for the session to become. =cut sub convertVisitorToUser { - WebGUI::SQL->write("update userSession set userId=$_[1] where sessionId=".quote($_[0])); + WebGUI::SQL->write("update userSession set userId=".quote($_[1])." where sessionId=".quote($_[0])); if ($session{setting}{passiveProfilingEnabled}) { WebGUI::SQL->write("update passiveProfileLog set userId = ".quote($_[1])." where sessionId = ".quote($_[0])); } @@ -285,8 +284,8 @@ The session to end. =cut sub end { - WebGUI::SQL->write("delete from userSession where sessionId='$_[0]'",$session{dbh}); - WebGUI::SQL->write("delete from userSessionScratch where sessionId='$_[0]'",$session{dbh}); + WebGUI::SQL->write("delete from userSession where sessionId=".quote($_[0]),$session{dbh}); + WebGUI::SQL->write("delete from userSessionScratch where sessionId=".quote($_[0]),$session{dbh}); if ($_[0] eq $session{var}{sessionId}) { delete $session{user}; delete $session{isInGroup}; @@ -538,10 +537,10 @@ sub start { $sessionId = $_[1] || _uniqueSessionId(); if (($session{setting}{proxiedClientAddress} eq "1") && ($ENV{HTTP_X_FORWARDED_FOR} ne "")) { WebGUI::SQL->write("insert into userSession values ('$sessionId', ". - (_time()+$session{setting}{sessionTimeout}).", "._time().", 0, '$ENV{HTTP_X_FORWARDED_FOR}', $_[0])"); + (_time()+$session{setting}{sessionTimeout}).", "._time().", 0, '$ENV{HTTP_X_FORWARDED_FOR}', ".quote($_[0]).")"); } else { WebGUI::SQL->write("insert into userSession values ('$sessionId', ". - (_time()+$session{setting}{sessionTimeout}).", "._time().", 0, '$ENV{REMOTE_ADDR}', $_[0])"); + (_time()+$session{setting}{sessionTimeout}).", "._time().", 0, '$ENV{REMOTE_ADDR}', ".quote($_[0]).")"); } push @{$session{http}{cookie}}, $session{cgi}->cookie( -name=>"wgSession", diff --git a/lib/WebGUI/User.pm b/lib/WebGUI/User.pm index 70ec0dd68..2166e168e 100644 --- a/lib/WebGUI/User.pm +++ b/lib/WebGUI/User.pm @@ -18,6 +18,7 @@ use strict; use WebGUI::DateTime; use WebGUI::Grouping; use WebGUI::HTMLForm; +use WebGUI::Id; use WebGUI::International; use WebGUI::Session; use WebGUI::SQL; @@ -59,8 +60,8 @@ These methods are available from this class: #------------------------------------------------------------------- sub _create { my ($userId); - $userId = getNextId("userId"); - WebGUI::SQL->write("insert into users (userId,dateCreated) values ($userId,".time().")"); + $userId = WebGUI::Id::generate(); + WebGUI::SQL->write("insert into users (userId,dateCreated) values (".quote($userId).",".time().")"); WebGUI::Grouping::addUsersToGroups([$userId],[2,7]); return $userId; } @@ -112,7 +113,7 @@ sub authMethod { if (defined $value) { $class->{_user}{"authMethod"} = $value; WebGUI::SQL->write("update users set authMethod=".quote($value).", - lastUpdated=".time()." where userId=$class->{_userId}"); + lastUpdated=".time()." where userId=".quote($class->{_userId})); } return $class->{_user}{"authMethod"}; } @@ -139,14 +140,14 @@ Deletes this user. sub delete { my $class = shift; - WebGUI::SQL->write("delete from users where userId=".$class->{_userId}); - WebGUI::SQL->write("delete from userProfileData where userId=".$class->{_userId}); + WebGUI::SQL->write("delete from users where userId=".quote($class->{_userId})); + WebGUI::SQL->write("delete from userProfileData where userId=".quote($class->{_userId})); WebGUI::Grouping::deleteUsersFromGroups([$class->{_userId}],WebGUI::Grouping::getGroupsForUser($class->{_userId})); - WebGUI::SQL->write("delete from messageLog where userId=".$class->{_userId}); + WebGUI::SQL->write("delete from messageLog where userId=".quote($class->{_userId})); my $authMethod = WebGUI::Operation::Auth::getInstance($class->authMethod,$class->{_userId}); $authMethod->deleteParams($class->{_userId}); - my $sth = WebGUI::SQL->read("select sessionId from userSession where userId=$class->{_userId}"); + my $sth = WebGUI::SQL->read("select sessionId from userSession where userId=".quote($class->{_userId})); while (my ($sid) = $sth->array) { WebGUI::Session::end($sid); } @@ -182,7 +183,7 @@ sub identifier { if (defined $value) { $class->{_user}{"identifier"} = $value; WebGUI::SQL->write("update authentication set fieldData=".quote($value)." - where userId=$class->{_userId} and authMethod='WebGUI' and fieldName='identifier'"); + where userId=".quote($class->{_userId})." and authMethod='WebGUI' and fieldName='identifier'"); } return $class->{_user}{"identifier"}; } @@ -213,8 +214,8 @@ A description of why this user's karma was modified. For instance it could be "M sub karma { if (defined $_[1] && defined $_[2] && defined $_[3]) { - WebGUI::SQL->write("update users set karma=karma+$_[1] where userId=".$_[0]->userId); - WebGUI::SQL->write("insert into karmaLog values (".$_[0]->userId.",$_[1],".quote($_[2]).",".quote($_[3]).",".time().")"); + WebGUI::SQL->write("update users set karma=karma+".quote($_[1])." where userId=".quote($_[0]->userId)); + WebGUI::SQL->write("insert into karmaLog values (".quote($_[0]->userId).",$_[1],".quote($_[2]).",".quote($_[3]).",".time().")"); } return $_[0]->{_user}{karma}; } @@ -253,10 +254,10 @@ sub new { $class = shift; $userId = shift || 1; $userId = _create() if ($userId eq "new"); - %user = WebGUI::SQL->quickHash("select * from users where userId='$userId'"); + %user = WebGUI::SQL->quickHash("select * from users where userId=".quote($userId)); %profile = WebGUI::SQL->buildHash("select userProfileField.fieldName, userProfileData.fieldData from userProfileField, userProfileData where userProfileField.fieldName=userProfileData.fieldName and - userProfileData.userId='$user{userId}'"); + userProfileData.userId=".quote($user{userId})); %default = WebGUI::SQL->buildHash("select fieldName, dataDefault from userProfileField where profileCategoryId=4"); foreach $key (keys %default) { if ($profile{$key} eq "") { @@ -299,9 +300,9 @@ sub profileField { $value = WebGUI::Macro::negate($value); # Len Kranendonk - 20030701: fixed security hole if (defined $value) { $class->{_profile}{$fieldName} = $value; - WebGUI::SQL->write("delete from userProfileData where userId=$class->{_userId} and fieldName=".quote($fieldName)); - WebGUI::SQL->write("insert into userProfileData values ($class->{_userId}, ".quote($fieldName).", ".quote($value).")"); - WebGUI::SQL->write("update users set lastUpdated=".time()." where userId=".$class->{_userId}); + WebGUI::SQL->write("delete from userProfileData where userId=".quote($class->{_userId})." and fieldName=".quote($fieldName)); + WebGUI::SQL->write("insert into userProfileData values (".quote($class->{_userId}).", ".quote($fieldName).", ".quote($value).")"); + WebGUI::SQL->write("update users set lastUpdated=".time()." where userId=".quote($class->{_userId})); } return $class->{_profile}{$fieldName}; } @@ -328,8 +329,8 @@ sub referringAffiliate { $value = shift; if (defined $value) { $class->{_user}{"referringAffiliate"} = $value; - WebGUI::SQL->write("update users set referringAffiliate=".$value.", - lastUpdated=".time()." where userId=$class->{_userId}"); + WebGUI::SQL->write("update users set referringAffiliate=".quote($value).", + lastUpdated=".time()." where userId=".quote($class->{_userId})); } return $class->{_user}{"referringAffiliate"}; } @@ -357,7 +358,7 @@ sub status { if (defined $value) { $class->{_user}{"status"} = $value; WebGUI::SQL->write("update users set status=".quote($value).", - lastUpdated=".time()." where userId=$class->{_userId}"); + lastUpdated=".time()." where userId=".quote($class->{_userId})); } return $class->{_user}{"status"}; } @@ -385,7 +386,7 @@ sub username { if (defined $value) { $class->{_user}{"username"} = $value; WebGUI::SQL->write("update users set username=".quote($value).", - lastUpdated=".time()." where userId=$class->{_userId}"); + lastUpdated=".time()." where userId=".quote($class->{_userId})); } return $class->{_user}{"username"}; }