diff --git a/lib/WebGUI/Collateral.pm b/lib/WebGUI/Collateral.pm index 80200bc49..a678aa10f 100644 --- a/lib/WebGUI/Collateral.pm +++ b/lib/WebGUI/Collateral.pm @@ -16,6 +16,7 @@ package WebGUI::Collateral; use WebGUI::Attachment; use WebGUI::DateTime; +use WebGUI::Id; use WebGUI::Session; use WebGUI::SQL; use WebGUI::Utility; @@ -72,9 +73,9 @@ Delete's this collateral item. =cut sub delete { - if ($_[0]->{_properties}->{collateralId} > 0) { # blocks deletion of all collateral in the event that no valid collateral id exists + if ($_[0]->{_properties}->{collateralId}) { # blocks deletion of all collateral in the event that no valid collateral id exists $_[0]->deleteNode; - WebGUI::SQL->write("delete from collateral where collateralId=".$_[0]->get("collateralId")); + WebGUI::SQL->write("delete from collateral where collateralId=".quote($_[0]->get("collateralId"))); } } @@ -89,7 +90,7 @@ Deletes the file attached to this collateral item. sub deleteFile { $_[0]->SUPER::delete; - WebGUI::SQL->write("update collateral set filename='' where collateralId=".$_[0]->get("collateralId")); + WebGUI::SQL->write("update collateral set filename='' where collateralId=".quote($_[0]->get("collateralId"))); $_[0]->{_properties}{filename}=''; } @@ -161,7 +162,7 @@ sub new { my $properties; if ($collateralId eq "new") { $properties = { - collateralId=>getNextId("collateralId"), + collateralId=>WebGUI::Id::generate(), collateralFolderId=>0, collateralType=>"image", userId=>$session{user}{userId}, @@ -171,12 +172,12 @@ sub new { username=>$session{user}{username} }; WebGUI::SQL->write("insert into collateral (collateralId, collateralFolderId, collateraltype, userId, - dateUploaded, thumbnailSize, name, username) values ( ".$properties->{collateralId}.", - ".$properties->{collateralFolderId}.", ".quote($properties->{collateralType}).", - ".$properties->{userId}.", ".$properties->{dateUploaded}.", ".$properties->{thumbnailSize}.", + dateUploaded, thumbnailSize, name, username) values ( ".quote($properties->{collateralId}).", + ".quote($properties->{collateralFolderId}).", ".quote($properties->{collateralType}).", + ".quote($properties->{userId}).", ".$properties->{dateUploaded}.", ".$properties->{thumbnailSize}.", ".quote($properties->{name}).", ".quote($properties->{username}).")"); - } elsif ($collateralId > 0) { - $properties = WebGUI::SQL->quickHashRef("select * from collateral where collateralId=".$collateralId); + } else { + $properties = WebGUI::SQL->quickHashRef("select * from collateral where collateralId=".quote($collateralId)); } return $class->_new($properties); } @@ -209,7 +210,7 @@ sub multiDelete { $obj->deleteNode(); } - my $clause = "collateralId in (".join(',',@ids).")"; + my $clause = "collateralId in (".quoteAndJoin(\@ids).")"; WebGUI::SQL->write("delete from collateral where $clause"); } @@ -227,7 +228,7 @@ sub multiNew { my (@objs); - my $clause = "collateralId in (".join(',',@collateralIds).")"; + my $clause = "collateralId in (".quoteAndJoin(\@collateralIds).")"; my $sth = WebGUI::SQL->read("select * from collateral where $clause"); while (my $hash = $sth->hashRef()) { @@ -271,7 +272,7 @@ sub set { } } $sql .= " dateUploaded=".$self->{_properties}{dateUploaded}." - where collateralid=".$self->get("collateralId"); + where collateralid=".quote($self->get("collateralId")); WebGUI::SQL->write($sql); } @@ -282,7 +283,7 @@ sub save { my $filename = $_[0]->SUPER::save($_[1],$_[2],$_[3]); if ($filename) { WebGUI::SQL->write("update collateral set filename=".quote($filename) - ." where collateralId=".$_[0]->get("collateralId")); + ." where collateralId=".quote($_[0]->get("collateralId"))); $_[0]->{_properties}{filename} = $filename; } return $filename; @@ -294,7 +295,7 @@ sub saveFromFilesystem { my $filename = $_[0]->SUPER::saveFromFilesystem($_[1],$_[2],$_[3]); if ($filename) { WebGUI::SQL->write("update collateral set filename=".quote($filename) - ." where collateralId=".$_[0]->get("collateralId")); + ." where collateralId=".quote($_[0]->get("collateralId"))); $_[0]->{_properties}{filename} = $filename; } return $filename; diff --git a/lib/WebGUI/CollateralFolder.pm b/lib/WebGUI/CollateralFolder.pm index 5a9805db2..b2e8a9b55 100644 --- a/lib/WebGUI/CollateralFolder.pm +++ b/lib/WebGUI/CollateralFolder.pm @@ -75,7 +75,7 @@ sub recursiveDelete { # need the following line: # WebGUI::Collateral->multiDelete(collateralFolderId => \@ids); - my @collateralIds = WebGUI::SQL->buildArray("select collateralId from collateral where collateralFolderId in (".join(',',@ids).")"); + my @collateralIds = WebGUI::SQL->buildArray("select collateralId from collateral where collateralFolderId in (".quoteAndJoin(\@ids).")"); WebGUI::Collateral->multiDelete(@collateralIds); } diff --git a/lib/WebGUI/Forum/Post.pm b/lib/WebGUI/Forum/Post.pm index be29f0db8..dfe8c9f06 100644 --- a/lib/WebGUI/Forum/Post.pm +++ b/lib/WebGUI/Forum/Post.pm @@ -177,13 +177,13 @@ Returns an array reference containing a list of post objects that are direct dec sub getReplies { my ($self) = @_; my @replies = (); - my $query = "select forumPostId from forumPost where parentId=".$self->get("forumPostId")." and "; + my $query = "select forumPostId from forumPost where parentId=".quote($self->get("forumPostId"))." and "; if ($self->getThread->getForum->isModerator) { $query .= "(status='approved' or status='pending' or status='denied'"; } else { $query .= "(status='approved'"; } - $query .= " or userId=$session{user}{userId}) order by forumPostId"; + $query .= " or userId=".quote($session{user}{userId}).") order by forumPostId"; my $sth = WebGUI::SQL->read($query,WebGUI::SQL->getSlave); while (my @data = $sth->array) { push(@replies,WebGUI::Forum::Post->new($data[0])); @@ -234,8 +234,8 @@ sub hasRated { return 1 if ($userId != 1 && $userId == $self->get("userId")); # is poster $ipAddress = $session{env}{REMOTE_ADDR} unless ($ipAddress); my ($flag) = WebGUI::SQL->quickArray("select count(*) from forumPostRating where forumPostId=" - .$self->get("forumPostId")." and ((userId=$userId and userId<>1) or (userId=1 and - ipAddress='$ipAddress'))"); + .quote($self->get("forumPostId"))." and ((userId=".quote($userId)." and userId<>1) or (userId=1 and + ipAddress=".quote($ipAddress)."))"); return $flag; } @@ -249,7 +249,7 @@ Increments the views counter for this post. sub incrementViews { my ($self) = @_; - WebGUI::SQL->write("update forumPost set views=views+1 where forumPostId=".$self->get("forumPostId")); + WebGUI::SQL->write("update forumPost set views=views+1 where forumPostId=".quote($self->get("forumPostId"))); $self->getThread->incrementViews; } @@ -272,7 +272,7 @@ A unique id for a user that you want to check. Defaults to the current user. sub isMarkedRead { my ($self, $userId) = @_; $userId = $session{user}{userId} unless ($userId); - my ($isRead) = WebGUI::SQL->quickArray("select count(*) from forumRead where userId=$userId and forumPostId=".$self->get("forumPostId")); + my ($isRead) = WebGUI::SQL->quickArray("select count(*) from forumRead where userId=".quote($userId)." and forumPostId=".quote($self->get("forumPostId"))); return $isRead; } @@ -313,8 +313,8 @@ sub markRead { my ($self, $userId) = @_; $userId = $session{user}{userId} unless ($userId); unless ($self->isMarkedRead($userId)) { - WebGUI::SQL->write("insert into forumRead (userId, forumPostId, forumThreadId, lastRead) values ($userId, - ".$self->get("forumPostId").", ".$self->get("forumThreadId").", ".WebGUI::DateTime::time().")"); + WebGUI::SQL->write("insert into forumRead (userId, forumPostId, forumThreadId, lastRead) values (".quote($userId).", + ".quote($self->get("forumPostId")).", ".quote($self->get("forumThreadId")).", ".WebGUI::DateTime::time().")"); } $self->incrementViews; } @@ -374,7 +374,7 @@ sub rate { $userId = $session{user}{userId} unless ($userId); $ipAddress = $session{env}{REMOTE_ADDR} unless ($ipAddress); WebGUI::SQL->write("insert into forumPostRating (forumPostId,userId,ipAddress,dateOfRating,rating) values (" - .$self->get("forumPostId").", $userId, ".quote($ipAddress).", ".WebGUI::DateTime::time().", $rating)"); + .quote($self->get("forumPostId")).", ".quote($userId).", ".quote($ipAddress).", ".WebGUI::DateTime::time().", $rating)"); $self->recalculateRating; } @@ -388,9 +388,9 @@ Recalculates the average rating of the post from all the ratings and stores the sub recalculateRating { my ($self) = @_; - my ($count) = WebGUI::SQL->quickArray("select count(*) from forumPostRating where forumPostId=".$self->get("forumPostId")); + my ($count) = WebGUI::SQL->quickArray("select count(*) from forumPostRating where forumPostId=".quote($self->get("forumPostId"))); $count = $count || 1; - my ($sum) = WebGUI::SQL->quickArray("select sum(rating) from forumPostRating where forumPostId=".$self->get("forumPostId")); + my ($sum) = WebGUI::SQL->quickArray("select sum(rating) from forumPostRating where forumPostId=".quote($self->get("forumPostId"))); my $average = round($sum/$count); $self->set({rating=>$average}); $self->getThread->recalculateRating; @@ -472,7 +472,7 @@ sub setStatusDeleted { $self->getThread->decrementReplies; $self->getThread->setStatusDeleted if ($self->getThread->get("rootPostId") == $self->get("forumPostId")); my ($id, $date) = WebGUI::SQL->quickArray("select forumPostId,dateOfPost from forumPost where forumThreadId=" - .$self->get("forumThreadId")." and status='approved'"); + .quote($self->get("forumThreadId"))." and status='approved'"); $self->getThread->setLastPost($date,$id); } @@ -524,7 +524,7 @@ The unique id of the user marking unread. Defaults to the current user. sub unmarkRead { my ($self, $userId) = @_; $userId = $session{user}{userId} unless ($userId); - WebGUI::SQL->write("delete from forumRead where userId=$userId and forumPostId=".$self->get("forumPostId")); + WebGUI::SQL->write("delete from forumRead where userId=".quote($userId)." and forumPostId=".quote($self->get("forumPostId"))); } 1; diff --git a/lib/WebGUI/Forum/Thread.pm b/lib/WebGUI/Forum/Thread.pm index e8d61197d..8c2306d79 100644 --- a/lib/WebGUI/Forum/Thread.pm +++ b/lib/WebGUI/Forum/Thread.pm @@ -116,7 +116,7 @@ Decrements the replies counter for this thread. sub decrementReplies { my ($self) = @_; - WebGUI::SQL->write("update forumThread set replies=replies-1 where forumThreadId=".$self->get("forumThreadId")); + WebGUI::SQL->write("update forumThread set replies=replies-1 where forumThreadId=".quote($self->get("forumThreadId"))); $self->getForum->decrementReplies; } @@ -171,8 +171,8 @@ Returns a thread object for the next (newer) thread in the same forum. sub getNextThread { my ($self) = @_; unless (exists $self->{_next}) { - my ($nextId) = WebGUI::SQL->quickArray("select min(forumThreadId) from forumThread where forumId=".$self->get("forumId")." - and forumThreadId>".$self->get("forumThreadId"),WebGUI::SQL->getSlave); + my ($nextId) = WebGUI::SQL->quickArray("select min(lastPostDate) from forumThread where forumId=".quote($self->get("forumId"))." + and lastPostDate>".quote($self->get("lastPostDate")),WebGUI::SQL->getSlave); $self->{_next} = WebGUI::Forum::Thread->new($nextId); } return $self->{_next}; @@ -213,8 +213,8 @@ Returns a thread object for the previous (older) thread in the same forum. sub getPreviousThread { my ($self) = @_; unless (exists $self->{_previous}) { - my ($nextId) = WebGUI::SQL->quickArray("select max(forumThreadId) from forumThread where forumId=".$self->get("forumId")." - and forumThreadId<".$self->get("forumThreadId"),WebGUI::SQL->getSlave); + my ($nextId) = WebGUI::SQL->quickArray("select max(lastPostDate) from forumThread where forumId=".quote($self->get("forumId"))." + and lastPostDate<".quote($self->get("lastPostDate")),WebGUI::SQL->getSlave); $self->{_previous} = WebGUI::Forum::Thread->new($nextId); } return $self->{_previous}; @@ -255,8 +255,8 @@ The id of the reply that caused the replies counter to be incremented. sub incrementReplies { my ($self, $dateOfReply, $replyId) = @_; - WebGUI::SQL->write("update forumThread set replies=replies+1, lastPostId=$replyId, lastPostDate=$dateOfReply - where forumThreadId=".$self->get("forumThreadId")); + WebGUI::SQL->write("update forumThread set replies=replies+1, lastPostId=".quote($replyId).", lastPostDate=$dateOfReply + where forumThreadId=".quote($self->get("forumThreadId"))); $self->getForum->incrementReplies($dateOfReply,$replyId); } @@ -270,7 +270,7 @@ Increments the views counter for this thread. sub incrementViews { my ($self) = @_; - WebGUI::SQL->write("update forumThread set views=views+1 where forumThreadId=".$self->get("forumThreadId")); + WebGUI::SQL->write("update forumThread set views=views+1 where forumThreadId=".quote($self->get("forumThreadId"))); $self->getForum->incrementViews; } @@ -306,8 +306,8 @@ The unique id of the user to check. Defaults to the current user. sub isSubscribed { my ($self, $userId) = @_; $userId = $session{user}{userId} unless ($userId); - my ($isSubscribed) = WebGUI::SQL->quickArray("select count(*) from forumThreadSubscription where forumThreadId=".$self->get("forumThreadId") - ." and userId=$userId"); + my ($isSubscribed) = WebGUI::SQL->quickArray("select count(*) from forumThreadSubscription where forumThreadId=".quote($self->get("forumThreadId")) + ." and userId=".quote($userId)); return $isSubscribed; } @@ -360,9 +360,9 @@ Recalculates the average rating of this thread based upon all of the posts in th sub recalculateRating { my ($self) = @_; - my ($count) = WebGUI::SQL->quickArray("select count(*) from forumPost where forumThreadId=".$self->get("forumThreadId")." and rating>0"); + my ($count) = WebGUI::SQL->quickArray("select count(*) from forumPost where forumThreadId=".quote($self->get("forumThreadId"))." and rating>0"); $count = $count || 1; - my ($sum) = WebGUI::SQL->quickArray("select sum(rating) from forumPost where forumThreadId=".$self->get("forumThreadId")." and rating>0"); + my ($sum) = WebGUI::SQL->quickArray("select sum(rating) from forumPost where forumThreadId=".quote($self->get("forumThreadId"))." and rating>0"); my $average = round($sum/$count); $self->set({rating=>$average}); $self->getForum->recalculateRating; @@ -521,7 +521,7 @@ sub subscribe { my ($self, $userId) = @_; $userId = $session{user}{userId} unless ($userId); unless ($self->isSubscribed($userId)) { - WebGUI::SQL->write("insert into forumThreadSubscription (forumThreadId, userId) values (".$self->get("forumThreadId").",$userId)"); + WebGUI::SQL->write("insert into forumThreadSubscription (forumThreadId, userId) values (".quote($self->get("forumThreadId")).",".quote($userId).")"); } } @@ -571,7 +571,7 @@ sub unsubscribe { my ($self, $userId) = @_; $userId = $session{user}{userId} unless ($userId); if ($self->isSubscribed($userId)) { - WebGUI::SQL->write("delete from forumThreadSubscription where forumThreadId=".$self->get("forumThreadId")." and userId=$userId"); + WebGUI::SQL->write("delete from forumThreadSubscription where forumThreadId=".quote($self->get("forumThreadId"))." and userId=".quote($userId)); } } diff --git a/lib/WebGUI/Forum/UI.pm b/lib/WebGUI/Forum/UI.pm index a359f0a48..29abfb04a 100644 --- a/lib/WebGUI/Forum/UI.pm +++ b/lib/WebGUI/Forum/UI.pm @@ -26,6 +26,7 @@ use WebGUI::HTTP; use WebGUI::MessageLog; use WebGUI::Search; use WebGUI::Session; +use WebGUI::SQL; use WebGUI::Template; use WebGUI::User; @@ -1363,12 +1364,12 @@ A hash reference containing information passed from the calling object. sub notifySubscribers { my ($post, $thread, $forum, $caller) = @_; my %subscribers; - my $sth = WebGUI::SQL->read("select userId from forumThreadSubscription where forumThreadId=".$thread->get("forumThreadId")); + my $sth = WebGUI::SQL->read("select userId from forumThreadSubscription where forumThreadId=".quote($thread->get("forumThreadId"))); while (my ($userId) = $sth->array) { $subscribers{$userId} = $userId unless ($userId == $post->get("userId")); # make sure we don't send unnecessary messages } $sth->finish; - $sth = WebGUI::SQL->read("select userId from forumSubscription where forumId=".$forum->get("forumId")); + $sth = WebGUI::SQL->read("select userId from forumSubscription where forumId=".quote($forum->get("forumId"))); while (my ($userId) = $sth->array) { $subscribers{$userId} = $userId unless ($userId == $post->get("userId")); # make sure we don't send unnecessary messages } diff --git a/lib/WebGUI/Operation/Collateral.pm b/lib/WebGUI/Operation/Collateral.pm index 35ef0dd39..bbd8a9c5c 100644 --- a/lib/WebGUI/Operation/Collateral.pm +++ b/lib/WebGUI/Operation/Collateral.pm @@ -25,6 +25,7 @@ use WebGUI::DateTime; use WebGUI::Grouping; use WebGUI::HTMLForm; use WebGUI::Icon; +use WebGUI::Id; use WebGUI::International; use WebGUI::Operation::Shared; use WebGUI::Paginator; @@ -140,7 +141,7 @@ sub www_emptyCollateralFolder { sub www_emptyCollateralFolderConfirm { return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(3)); return WebGUI::Privilege::vitalComponent() unless ($session{scratch}{collateralFolderId} > 999); - my @collateralIds = WebGUI::SQL->buildArray("select collateralId from collateral where collateralFolderId=".$session{scratch}{collateralFolderId}); + my @collateralIds = WebGUI::SQL->buildArray("select collateralId from collateral where collateralFolderId=".quote($session{scratch}{collateralFolderId})); WebGUI::Collateral->multiDelete(@collateralIds); return www_listCollateral(); } @@ -309,7 +310,7 @@ sub www_editCollateralSave { $collateral->save("filename", $session{form}{thumbnailSize}); $session{form}{name} = "untitled" if ($session{form}{name} eq ""); while (($test) = WebGUI::SQL->quickArray("select name from collateral - where name=".quote($session{form}{name})." and collateralId<>".$collateral->get("collateralId"))) { + where name=".quote($session{form}{name})." and collateralId<>".quote($collateral->get("collateralId")))) { if ($session{form}{name} =~ /(.*)(\d+$)/) { $session{form}{name} = $1.($2+1); } elsif ($test ne "") { @@ -331,8 +332,8 @@ sub www_editCollateralFolder { $folder->{parentId} = $session{scratch}{collateralFolderId} || 0; } else { $folderId = $session{scratch}{collateralFolderId} || 0; - $folder = WebGUI::SQL->quickHashRef("select * from collateralFolder where collateralFolderId=$folderId"); - $constraint = "where collateralFolderId<>".$folder->{collateralFolderId}; + $folder = WebGUI::SQL->quickHashRef("select * from collateralFolder where collateralFolderId=".quote($folderId)); + $constraint = "where collateralFolderId<>".quote($folder->{collateralFolderId}); } $f = WebGUI::HTMLForm->new; $f->hidden("op","editCollateralFolderSave"); @@ -371,23 +372,23 @@ sub www_editCollateralFolder { sub www_editCollateralFolderSave { return WebGUI::Privilege::insufficient unless (WebGUI::Grouping::isInGroup(4)); if ($session{form}{fid} eq "new") { - $session{form}{fid} = getNextId("collateralFolderId"); + $session{form}{fid} = WebGUI::Id::generate(); WebGUI::Session::setScratch("collateralFolderId",$session{form}{fid}); - WebGUI::SQL->write("insert into collateralFolder (collateralFolderId) values ($session{form}{fid})"); + WebGUI::SQL->write("insert into collateralFolder (collateralFolderId) values (".quote($session{form}{fid}).")"); } my $folderId = $session{scratch}{collateralFolderId} || 0; $session{form}{name} = "untitled" if ($session{form}{name} eq ""); while (my ($test) = WebGUI::SQL->quickArray("select name from collateralFolder - where name=".quote($session{form}{name})." and collateralFolderId<>$folderId")) { + where name=".quote($session{form}{name})." and collateralFolderId<>".quote($folderId))) { if ($session{form}{name} =~ /(.*)(\d+$)/) { $session{form}{name} = $1.($2+1); } elsif ($test ne "") { $session{form}{name} .= "2"; } } - WebGUI::SQL->write("update collateralFolder set parentId=$session{form}{parentId}, name=".quote($session{form}{name}) + WebGUI::SQL->write("update collateralFolder set parentId=".quote($session{form}{parentId}).", name=".quote($session{form}{name}) .", description=".quote($session{form}{description}) - ." where collateralFolderId=$folderId"); + ." where collateralFolderId=".quote($folderId)); return www_listCollateral(); } @@ -449,15 +450,14 @@ sub www_listCollateral { .''.WebGUI::International::get(388).'' .WebGUI::International::get(784).''; if ($folderId) { - ($parent) = WebGUI::SQL->quickArray("select parentId from collateralFolder - where collateralFolderId=$folderId"); + ($parent) = WebGUI::SQL->quickArray("select parentId from collateralFolder where collateralFolderId=".quote($folderId)); $output .= '' .' '.WebGUI::International::get(542).''; } $sth = WebGUI::SQL->read("select collateralFolderId, name, description from collateralFolder - where parentId=$folderId and collateralFolderId<>0 order by name"); + where parentId=".quote($folderId)." and collateralFolderId<>0 order by name"); while ($data = $sth->hashRef) { $output .= 'quickArray("select parentId from collateralFolder where collateralFolderId=".quote($parent)); unshift(@parents, $parent); } # Build tree for opened parent folders foreach $parent (@parents) { my ($name, $description) = WebGUI::SQL->quickArray("select name, description from - collateralFolder where collateralFolderId=$parent"); - my ($itemsInFolder) = WebGUI::SQL->quickArray("select count(*) from collateral where collateralFolderId = $parent"); - my ($foldersInFolder)=WebGUI::SQL->quickArray("select count(*) from collateralFolder where parentId=$parent"); + collateralFolder where collateralFolderId=".quote($parent)); + my ($itemsInFolder) = WebGUI::SQL->quickArray("select count(*) from collateral where collateralFolderId = ".quote($parent)); + my ($foldersInFolder)=WebGUI::SQL->quickArray("select count(*) from collateralFolder where parentId=".quote($parent)); my $delete = "fid=$parent" unless ($itemsInFolder + $foldersInFolder); $output .= _htmlAreaCreateTree($name, $description, WebGUI::URL::page('op=htmlArealistCollateral&fid='.$parent), "opened.gif", @@ -544,10 +544,10 @@ sub www_htmlArealistCollateral { } # Extend tree with closed folders in current folder $sth = WebGUI::SQL->read("select collateralFolderId, name, description from collateralFolder - where parentId=$folderId and collateralFolderId<>0 order by name"); + where parentId=".quote($folderId)." and collateralFolderId<>0 order by name"); while ($data = $sth->hashRef) { my ($itemsInFolder) = WebGUI::SQL->quickArray("select count(*) from collateral where - collateralFolderId = ".$data->{collateralFolderId}); + collateralFolderId = ".quote($data->{collateralFolderId})); my $delete = 'fid='.$data->{collateralFolderId} unless $itemsInFolder; $output .= _htmlAreaCreateTree($data->{name}, $data->{description}, WebGUI::URL::page('op=htmlArealistCollateral&fid='.$data->{collateralFolderId}), @@ -555,7 +555,7 @@ sub www_htmlArealistCollateral { } # Extend tree with images in current folder $sth = WebGUI::SQL->read("select collateralId, name, filename from collateral where collateralType = 'image' ". - "and collateralFolderId = $folderId"); + "and collateralFolderId = ".quote($folderId)); while ($data = $sth->hashRef) { $data->{filename} =~ /\.([^\.]+)$/; # Get extension my $fileType = $1.'.gif'; @@ -621,7 +621,7 @@ sub www_htmlAreaUpload { $collateral->save("image", $session{form}{thumbnailSize}); $session{form}{name} = "untitled" if ($session{form}{name} eq ""); while (($test) = WebGUI::SQL->quickArray("select name from collateral - where name=".quote($session{form}{name})." and collateralId<>".$collateral->get("collateralId"))) { + where name=".quote($session{form}{name})." and collateralId<>".quote($collateral->get("collateralId")))) { if ($session{form}{name} =~ /(.*)(\d+$)/) { $session{form}{name} = $1.($2+1); } elsif ($test ne "") { @@ -642,9 +642,8 @@ sub www_htmlAreaDelete { $collateral->delete; } elsif($session{form}{fid} and not($session{form}{cid})) { return WebGUI::Privilege::vitalComponent() unless ($session{form}{fid} > 999); - my ($parent) = WebGUI::SQL->quickArray("select parentId from collateralFolder - where collateralFolderId=".$session{form}{fid}); - WebGUI::SQL->write("delete from collateralFolder where collateralFolderId=".$session{form}{fid}); + my ($parent) = WebGUI::SQL->quickArray("select parentId from collateralFolder where collateralFolderId=".quote($session{form}{fid})); + WebGUI::SQL->write("delete from collateralFolder where collateralFolderId=".quote($session{form}{fid})); $session{form}{fid}=$parent; } return www_htmlArealistCollateral(); @@ -654,23 +653,22 @@ sub www_htmlAreaDelete { sub www_htmlAreaCreateFolder { $session{page}{makePrintable}=1; $session{page}{printableStyleId}=10; return "Only Content Managers are allowed to use WebGUI Collateral" unless (WebGUI::Grouping::isInGroup(4)); - $session{form}{fid} = getNextId("collateralFolderId"); + $session{form}{fid} = WebGUI::Id::generate(); WebGUI::Session::setScratch("collateralFolderId",$session{form}{fid}); - WebGUI::SQL->write("insert into collateralFolder (collateralFolderId) values ($session{form}{fid})"); + WebGUI::SQL->write("insert into collateralFolder (collateralFolderId) values (".quote($session{form}{fid}).")"); my $folderId = $session{scratch}{collateralFolderId} || 0; $session{form}{name} = $session{form}{folder}; $session{form}{name} = "untitled" if ($session{form}{name} eq ""); while (my ($test) = WebGUI::SQL->quickArray("select name from collateralFolder - where name=".quote($session{form}{name})." and collateralFolderId<>$folderId")) { + where name=".quote($session{form}{name})." and collateralFolderId<>".quote($folderId))) { if ($session{form}{name} =~ /(.*)(\d+$)/) { $session{form}{name} = $1.($2+1); } elsif ($test ne "") { $session{form}{name} .= "2"; } } - WebGUI::SQL->write("update collateralFolder set parentId=$session{form}{path}, name=".quote($session{form}{name}) - .", description=".quote($session{form}{description}) - ." where collateralFolderId=$folderId"); + WebGUI::SQL->write("update collateralFolder set parentId=".quote($session{form}{path}).", name=".quote($session{form}{name}) + .", description=".quote($session{form}{description})." where collateralFolderId=".quote($folderId)); $session{form}{fid} = $session{form}{path}; return www_htmlArealistCollateral(); }