From 78c3a63fc08bc120ffc3c6aa20ab889c3f4b0661 Mon Sep 17 00:00:00 2001 From: JT Smith Date: Wed, 11 Aug 2004 01:28:11 +0000 Subject: [PATCH] adding guid stuff --- lib/WebGUI/Forum.pm | 40 ++++++++++++++-------------- lib/WebGUI/Id.pm | 7 +++-- lib/WebGUI/Operation/Replacements.pm | 2 +- lib/WebGUI/SQL.pm | 5 ++-- lib/WebGUI/Wobject.pm | 2 +- lib/WebGUI/Wobject/USS.pm | 36 ++++++++++++------------- 6 files changed, 48 insertions(+), 44 deletions(-) diff --git a/lib/WebGUI/Forum.pm b/lib/WebGUI/Forum.pm index 035028128..379a94cd2 100644 --- a/lib/WebGUI/Forum.pm +++ b/lib/WebGUI/Forum.pm @@ -159,7 +159,7 @@ Deccrements this forum's reply counter. sub decrementReplies { my ($self) = @_; - WebGUI::SQL->write("update forum set replies=replies-1 where forumId=".$self->get("forumId")); + WebGUI::SQL->write("update forum set replies=replies-1 where forumId=".quote($self->get("forumId"))); } #------------------------------------------------------------------- @@ -172,7 +172,7 @@ Decrements this forum's thread counter. sub decrementThreads { my ($self) = @_; - WebGUI::SQL->write("update forum set threads=threads-1 where forumId=".$self->get("forumId")); + WebGUI::SQL->write("update forum set threads=threads-1 where forumId=".quote($self->get("forumId"))); } #------------------------------------------------------------------- @@ -267,7 +267,7 @@ The unique identifier of the post being added. sub incrementReplies { my ($self, $lastPostDate, $lastPostId) = @_; - WebGUI::SQL->write("update forum set replies=replies+1, lastPostId=$lastPostId, lastPostDate=$lastPostDate where forumId=".$self->get("forumId")); + WebGUI::SQL->write("update forum set replies=replies+1, lastPostId=$lastPostId, lastPostDate=$lastPostDate where forumId=".quote($self->get("forumId"))); } #------------------------------------------------------------------- @@ -292,7 +292,7 @@ The unique identifier of the post that was just added. sub incrementThreads { my ($self, $lastPostDate, $lastPostId) = @_; - WebGUI::SQL->write("update forum set threads=threads+1, lastPostId=$lastPostId, lastPostDate=$lastPostDate where forumId=".$self->get("forumId")); + WebGUI::SQL->write("update forum set threads=threads+1, lastPostId=$lastPostId, lastPostDate=$lastPostDate where forumId=".quote($self->get("forumId"))); } #------------------------------------------------------------------- @@ -305,7 +305,7 @@ Increments the views counter on this forum. sub incrementViews { my ($self) = @_; - WebGUI::SQL->write("update forum set views=views+1 where forumId=".$self->get("forumId")); + WebGUI::SQL->write("update forum set views=views+1 where forumId=".quote($self->get("forumId"))); } #------------------------------------------------------------------- @@ -327,7 +327,7 @@ The user to check for the subscription. Defaults to $session{user}{userId}. sub isSubscribed { my ($self, $userId) = @_; $userId = $session{user}{userId} unless ($userId); - my ($isSubscribed) = WebGUI::SQL->quickArray("select count(*) from forumSubscription where forumId=".$self->get("forumId")." and userId=$userId"); + my ($isSubscribed) = WebGUI::SQL->quickArray("select count(*) from forumSubscription where forumId=".quote($self->get("forumId"))." and userId=".quote($userId)); return $isSubscribed; } @@ -384,22 +384,22 @@ Destroys this forum and everything it contains. sub purge { my ($self) = @_; return unless ($self->get("forumId")); - my $a = WebGUI::SQL->read("select * from forumThread where forumId=".$self->get("forumId")); + my $a = WebGUI::SQL->read("select * from forumThread where forumId=".quote($self->get("forumId"))); while (my ($threadId) = $a->array) { - my $b = WebGUI::SQL->read("select * from forumPost where forumThreadId=".$threadId); + my $b = WebGUI::SQL->read("select * from forumPost where forumThreadId=".quote($threadId)); while (my ($postId) = $b->array) { - WebGUI::SQL->write("delete from forumPostAttachment where forumPostId=".$postId); - WebGUI::SQL->write("delete from forumPostRating where forumPostId=".$postId); + WebGUI::SQL->write("delete from forumPostAttachment where forumPostId=".quote($postId)); + WebGUI::SQL->write("delete from forumPostRating where forumPostId=".quote($postId)); } $b->finish; - WebGUI::SQL->write("delete from forumThreadSubscription where forumThreadId=".$threadId); - WebGUI::SQL->write("delete from forumRead where forumThreadId=".$threadId); - WebGUI::SQL->write("delete from forumPost where forumThreadId=".$threadId); + WebGUI::SQL->write("delete from forumThreadSubscription where forumThreadId=".quote($threadId)); + WebGUI::SQL->write("delete from forumRead where forumThreadId=".quote($threadId)); + WebGUI::SQL->write("delete from forumPost where forumThreadId=".quote($threadId)); } $a->finish; - WebGUI::SQL->write("delete from forumSubscription where forumId=".$self->get("forumId")); - WebGUI::SQL->write("delete from forumThread where forumId=".$self->get("forumId")); - WebGUI::SQL->write("delete from forum where forumId=".$self->get("forumId")); + WebGUI::SQL->write("delete from forumSubscription where forumId=".quote($self->get("forumId"))); + WebGUI::SQL->write("delete from forumThread where forumId=".quote($self->get("forumId"))); + WebGUI::SQL->write("delete from forum where forumId=".quote($self->get("forumId"))); } #------------------------------------------------------------------- @@ -412,9 +412,9 @@ Calculates the rating of this forum from its threads and stores the new value in sub recalculateRating { my ($self) = @_; - my ($count) = WebGUI::SQL->quickArray("select count(*) from forumThread where forumId=".$self->get("forumId")." and rating>0"); + my ($count) = WebGUI::SQL->quickArray("select count(*) from forumThread where forumId=".quote($self->get("forumId"))." and rating>0"); $count = $count || 1; - my ($sum) = WebGUI::SQL->quickArray("select sum(rating) from forumThread where forumId=".$self->get("forumId")." and rating>0"); + my ($sum) = WebGUI::SQL->quickArray("select sum(rating) from forumThread where forumId=".quote($self->get("forumId"))." and rating>0"); my $average = round($sum/$count); $self->set({rating=>$average}); } @@ -492,7 +492,7 @@ sub subscribe { my ($self, $userId) = @_; $userId = $session{user}{userId} unless ($userId); unless ($self->isSubscribed($userId)) { - WebGUI::SQL->write("insert into forumSubscription (forumId, userId) values (".$self->get("forumId").",$userId)"); + WebGUI::SQL->write("insert into forumSubscription (forumId, userId) values (".quote($self->get("forumId")).",".quote($userId).")"); } } @@ -516,7 +516,7 @@ sub unsubscribe { my ($self, $userId) = @_; $userId = $session{user}{userId} unless ($userId); if ($self->isSubscribed($userId)) { - WebGUI::SQL->write("delete from forumSubscription where forumId=".$self->get("forumId")." and userId=$userId"); + WebGUI::SQL->write("delete from forumSubscription where forumId=".quote($self->get("forumId"))." and userId=".quote($userId)); } } diff --git a/lib/WebGUI/Id.pm b/lib/WebGUI/Id.pm index de7b072cc..8ef732481 100644 --- a/lib/WebGUI/Id.pm +++ b/lib/WebGUI/Id.pm @@ -55,8 +55,11 @@ This function generates a global unique id. sub generate { my($s,$us)=gettimeofday(); - my($v)=sprintf("%06d%10d%06d%255s",$us,$s,$$,$session{config}{defaultSiteName}); - return Digest::MD5::md5_base64($v); + my($v)=sprintf("%06d%10d%06d%255s",$us,$s,$$,$WebGUI::Session::session{config}{defaultSiteName}); + my $id = Digest::MD5::md5_base64($v); + $id =~ s/\+/_/g; + $id =~ s/\//-/g; + return $id; } 1; diff --git a/lib/WebGUI/Operation/Replacements.pm b/lib/WebGUI/Operation/Replacements.pm index 31ae1fe93..5e91ab42e 100644 --- a/lib/WebGUI/Operation/Replacements.pm +++ b/lib/WebGUI/Operation/Replacements.pm @@ -38,7 +38,7 @@ sub _submenu { #------------------------------------------------------------------- sub www_deleteReplacement { return WebGUI::Privilege::adminOnly() unless (WebGUI::Grouping::isInGroup(3)); - WebGUI::SQL->write("delete from replacements where replacementId=$session{form}{replacementId}"); + WebGUI::SQL->write("delete from replacements where replacementId=".quote($session{form}{replacementId})); return www_listReplacements(); } diff --git a/lib/WebGUI/SQL.pm b/lib/WebGUI/SQL.pm index 76774777f..fb0e12dc4 100644 --- a/lib/WebGUI/SQL.pm +++ b/lib/WebGUI/SQL.pm @@ -19,6 +19,7 @@ use Exporter; use strict; use Tie::IxHash; use WebGUI::ErrorHandler; +use WebGUI::Id; use WebGUI::Session; use WebGUI::Utility; @@ -805,8 +806,8 @@ A database handler to use. Defaults to the WebGUI database handler. sub setRow { my ($self, $table, $keyColumn, $data, $dbh) = @_; if ($data->{$keyColumn} eq "new") { - $data->{$keyColumn} = getNextId($keyColumn); - WebGUI::SQL->write("insert into $table ($keyColumn) values ($data->{$keyColumn})", $dbh); + $data->{$keyColumn} = WebGUI::Id::generate(); + WebGUI::SQL->write("insert into $table ($keyColumn) values (".quote($data->{$keyColumn}).")", $dbh); } my (@pairs); foreach my $key (keys %{$data}) { diff --git a/lib/WebGUI/Wobject.pm b/lib/WebGUI/Wobject.pm index f51e16030..69811c1cb 100644 --- a/lib/WebGUI/Wobject.pm +++ b/lib/WebGUI/Wobject.pm @@ -1112,7 +1112,7 @@ sub setCollateral { $sql .= $key."=".quote($properties->{$key}); } } - $sql .= " where $keyName='".quote($properties->{$keyName})."'"; + $sql .= " where $keyName=".quote($properties->{$keyName}); WebGUI::ErrorHandler::audit("edited ".$table." ".$properties->{$keyName}); } WebGUI::SQL->write($sql); diff --git a/lib/WebGUI/Wobject/USS.pm b/lib/WebGUI/Wobject/USS.pm index 6c12f0c74..f2c131199 100644 --- a/lib/WebGUI/Wobject/USS.pm +++ b/lib/WebGUI/Wobject/USS.pm @@ -67,7 +67,7 @@ sub duplicate { tie %row, 'Tie::CPHash'; my $w = $_[0]->SUPER::duplicate($_[1],1); $w = WebGUI::Wobject::USS->new({wobjectId=>$w}); - my $sth = WebGUI::SQL->read("select * from USS_submission where USS_id=".$_[0]->get("USS_id")); + my $sth = WebGUI::SQL->read("select * from USS_submission where USS_id=".quote($_[0]->get("USS_id"))); while (%row = $sth->hash) { my $newSubmissionId = WebGUI::Id::generate(); my $file = WebGUI::Attachment->new($row{image},$_[0]->get("wobjectId"),$row{USS_submissionId}); @@ -209,16 +209,16 @@ sub new { #------------------------------------------------------------------- sub purge { - my $sth = WebGUI::SQL->read("select forumId from USS_submission where USS_id=".$_[0]->get("USS_id")); + my $sth = WebGUI::SQL->read("select forumId from USS_submission where USS_id=".quote($_[0]->get("USS_id"))); while (my ($forumId) = $sth->array) { - my ($inUseElsewhere) = WebGUI::SQL->quickArray("select count(*) from USS_submission where forumId=".$forumId); + my ($inUseElsewhere) = WebGUI::SQL->quickArray("select count(*) from USS_submission where forumId=".quote($forumId)); unless ($inUseElsewhere > 1) { my $forum = WebGUI::Forum->new($forumId); $forum->purge; } } $sth->finish; - WebGUI::SQL->write("delete from USS_submission where USS_id=".$_[0]->get("USS_id")); + WebGUI::SQL->write("delete from USS_submission where USS_id=".quote($_[0]->get("USS_id"))); $_[0]->SUPER::purge(); } @@ -238,7 +238,7 @@ sub www_approveSubmission { my (%submission); tie %submission, 'Tie::CPHash'; if (WebGUI::Grouping::isInGroup(4,$session{user}{userId}) || WebGUI::Grouping::isInGroup(3,$session{user}{userId})) { - %submission = WebGUI::SQL->quickHash("select * from USS_submission where USS_submissionId=$session{form}{sid}"); + %submission = WebGUI::SQL->quickHash("select * from USS_submission where USS_submissionId=".quote($session{form}{sid})); WebGUI::SQL->write("update USS_submission set status='Approved' where USS_submissionId=".quote($session{form}{sid})); WebGUI::MessageLog::addInternationalizedEntry($submission{userId},'',WebGUI::URL::page('func=viewSubmission&wid='. $session{form}{wid}.'&sid='.$session{form}{sid}),4,$_[0]->get("namespace")); @@ -251,7 +251,7 @@ sub www_approveSubmission { #------------------------------------------------------------------- sub www_deleteFile { - my ($owner) = WebGUI::SQL->quickArray("select userId from USS_submission where USS_submissionId=$session{form}{sid}"); + my ($owner) = WebGUI::SQL->quickArray("select userId from USS_submission where USS_submissionId=".quote($session{form}{sid})); if ($owner == $session{user}{userId} || WebGUI::Grouping::isInGroup($_[0]->get("groupToApprove"))) { $_[0]->setCollateral("USS_submission","USS_submissionId",{ $session{form}{file}=>'', @@ -265,7 +265,7 @@ sub www_deleteFile { #------------------------------------------------------------------- sub www_deleteSubmission { - my ($owner) = WebGUI::SQL->quickArray("select userId from USS_submission where USS_submissionId=$session{form}{sid}"); + my ($owner) = WebGUI::SQL->quickArray("select userId from USS_submission where USS_submissionId=".quote($session{form}{sid})); if ($owner == $session{user}{userId} || WebGUI::Grouping::isInGroup($_[0]->get("groupToApprove"))) { return $_[0]->confirm(WebGUI::International::get(17,$_[0]->get("namespace")), WebGUI::URL::page('func=deleteSubmissionConfirm&wid='.$session{form}{wid}.'&sid='.$session{form}{sid})); @@ -276,9 +276,9 @@ sub www_deleteSubmission { #------------------------------------------------------------------- sub www_deleteSubmissionConfirm { - my ($owner, $forumId) = WebGUI::SQL->quickArray("select userId,forumId from USS_submission where USS_submissionId=$session{form}{sid}"); + my ($owner, $forumId) = WebGUI::SQL->quickArray("select userId,forumId from USS_submission where USS_submissionId=".quote($session{form}{sid})); if ($owner == $session{user}{userId} || WebGUI::Grouping::isInGroup($_[0]->get("groupToApprove"))) { - my ($inUseElsewhere) = WebGUI::SQL->quickArray("select count(*) from USS_submission where forumId=".$forumId); + my ($inUseElsewhere) = WebGUI::SQL->quickArray("select count(*) from USS_submission where forumId=".quote($forumId)); unless ($inUseElsewhere > 1) { my $forum = WebGUI::Forum->new($forumId); $forum->purge; @@ -297,7 +297,7 @@ sub www_denySubmission { my (%submission); tie %submission, 'Tie::CPHash'; if (WebGUI::Grouping::isInGroup(4,$session{user}{userId}) || WebGUI::Grouping::isInGroup(3,$session{user}{userId})) { - %submission = WebGUI::SQL->quickHash("select * from USS_submission where USS_submissionId=$session{form}{sid}"); + %submission = WebGUI::SQL->quickHash("select * from USS_submission where USS_submissionId=".quote($session{form}{sid})); WebGUI::SQL->write("update USS_submission set status='Denied' where USS_submissionId=".quote($session{form}{sid})); WebGUI::MessageLog::addInternationalizedEntry($submission{userId},'',WebGUI::URL::page('func=viewSubmission&wid='. $session{form}{wid}.'&sid='.$session{form}{sid}),5,$_[0]->get("namespace")); @@ -665,7 +665,7 @@ sub www_view { if ($constraints ne "") { $constraints = "status='Approved' and ".$constraints; } else { - $constraints = "(status='Approved' or (userId=$session{user}{userId} and userId<>1))"; + $constraints = "(status='Approved' or (userId=".quote($session{user}{userId})." and userId<>1))"; } $var{canModerate} = WebGUI::Grouping::isInGroup($_[0]->get("groupToApprove"),$session{user}{userId}); $var{"title.label"} = WebGUI::International::get(99); @@ -677,7 +677,7 @@ sub www_view { $p = WebGUI::Paginator->new(WebGUI::URL::page('func=view&wid='.$_[0]->get("wobjectId")),$numResults); $p->setDataByQuery("select USS_submissionId, content, title, userId, status, image, dateSubmitted, dateUpdated, username, contentType, forumId, userDefined1, userDefined2, userDefined3, userDefined4, userDefined5 from USS_submission - where USS_id=".$_[0]->get("USS_Id")." and $constraints order by ".$_[0]->getValue("sortBy")." ".$_[0]->getValue("sortOrder")); + where USS_id=".quote($_[0]->get("USS_Id"))." and $constraints order by ".$_[0]->getValue("sortBy")." ".$_[0]->getValue("sortOrder")); $page = $p->getPageData; $i = 0; my $imageURL = ""; @@ -695,7 +695,7 @@ sub www_view { $imageURL = ""; } ($responses) = WebGUI::SQL->quickArray("select count(*) from forumPost left join forumThread on - forumThread.forumThreadId=forumPost.forumThreadId where forumThread.forumId=".$row->{forumId},WebGUI::SQL->getSlave); + forumThread.forumThreadId=forumPost.forumThreadId where forumThread.forumId=".quote($row->{forumId}),WebGUI::SQL->getSlave); my $quickurl = 'wid='.$_[0]->get("wobjectId").'&sid='.$page->[$i]->{USS_submissionId}.'&func='; my $controls = deleteIcon($quickurl.'deleteSubmission') .editIcon($quickurl.'editSubmission'); @@ -765,7 +765,7 @@ sub www_viewRSS { my $res = WebGUI::SQL->read ("select USS_submissionId, content, title, " . "dateSubmitted, username from USS_submission " . - "where USS_id = " .$session{dbh}->quote($_[0]->get("USS_id")) . " and status='Approved' " . + "where USS_id = " .quote($_[0]->get("USS_id")) . " and status='Approved' " . "order by ".$_[0]->getValue("sortBy")." ".$_[0]->getValue("sortOrder")." limit " . $numResults,WebGUI::SQL->getSlave); while (my $row = $res->{_sth}->fetchrow_arrayref()) { @@ -840,14 +840,14 @@ sub www_viewSubmission { $var{"post.url"} = WebGUI::URL::page('func=editSubmission&sid=new&wid='.$_[0]->get("wobjectId")); $var{"post.label"} = WebGUI::International::get(20,$_[0]->get("namespace")); @data = WebGUI::SQL->quickArray("select max(USS_submissionId) from USS_submission - where USS_id=".$_[0]->get("USS_id")." and USS_submissionId<$submission->{USS_submissionId} - and (userId=$submission->{userId} or status='Approved')",WebGUI::SQL->getSlave); + where USS_id=".quote($_[0]->get("USS_id"))." and USS_submissionId<".quote($submission->{USS_submissionId})." + and (userId=".quote($submission->{userId})." or status='Approved')",WebGUI::SQL->getSlave); $var{"previous.more"} = ($data[0] ne ""); $var{"previous.url"} = WebGUI::URL::page('func=viewSubmission&sid='.$data[0].'&wid='.$session{form}{wid}); $var{"previous.label"} = WebGUI::International::get(58,$_[0]->get("namespace")); @data = WebGUI::SQL->quickArray("select min(USS_submissionId) from USS_submission - where USS_id=$submission->{USS_id} and USS_submissionId>$submission->{USS_submissionId} - and (userId=$submission->{userId} or status='Approved')",WebGUI::SQL->getSlave); + where USS_id=".quote($submission->{USS_id})." and USS_submissionId>".quote($submission->{USS_submissionId})." + and (userId=".quote($submission->{userId})." or status='Approved')",WebGUI::SQL->getSlave); $var{"next.more"} = ($data[0] ne ""); $var{"next.url"} = WebGUI::URL::page('func=viewSubmission&sid='.$data[0].'&wid='.$session{form}{wid}); $var{"next.label"} = WebGUI::International::get(59,$_[0]->get("namespace"));