5 commits - lib/api lib/SQL.php
Aleksander Machniak
machniak at kolabsys.com
Wed Oct 3 12:58:49 CEST 2012
lib/SQL.php | 22 ++++++++++++++++++++--
lib/api/kolab_api_service_type.php | 34 ++++++++++++++++++++++++----------
2 files changed, 44 insertions(+), 12 deletions(-)
New commits:
commit f9b4e6bd5d625a5552b40bbb967c09035c9aea7c
Author: Aleksander Machniak <alec at alec.pl>
Date: Wed Oct 3 12:58:26 2012 +0200
Implemented type.effective_rights
diff --git a/lib/api/kolab_api_service_type.php b/lib/api/kolab_api_service_type.php
index 4524556..9255d1c 100644
--- a/lib/api/kolab_api_service_type.php
+++ b/lib/api/kolab_api_service_type.php
@@ -192,10 +192,25 @@ class kolab_api_service_type extends kolab_api_service
public function type_effective_rights($getdata, $postdata)
{
-// $auth = Auth::get_instance();
-// $effective_rights = $auth->list_rights(empty($getdata['user']) ? 'user' : $getdata['user']);
-// return $effective_rights;
- return array();
+ $effective_rights = array();
+ // @TODO: set rights according to user group or sth
+ if ($_SESSION['user']->get_userid() == 'cn=Directory Manager') {
+ $attr_acl = array('read', 'write', 'delete');
+ $effective_rights = array(
+ 'entryLevelRights' => array(
+ 'read', 'add', 'delete', 'write',
+ ),
+ 'attributeLevelRights' => array(
+ 'key' => $attr_acl,
+ 'name' => $attr_acl,
+ 'description' => $attr_acl,
+ 'used_for' => $attr_acl,
+ 'attributes' => $attr_acl,
+ ),
+ );
+ }
+
+ return $effective_rights;
}
/**
commit 78ebe8115f764fb80c21d6a4eb1548ecd19f2091
Author: Aleksander Machniak <alec at alec.pl>
Date: Wed Oct 3 12:27:33 2012 +0200
Fix query in type_edit()
diff --git a/lib/api/kolab_api_service_type.php b/lib/api/kolab_api_service_type.php
index 794de16..4524556 100644
--- a/lib/api/kolab_api_service_type.php
+++ b/lib/api/kolab_api_service_type.php
@@ -161,7 +161,6 @@ class kolab_api_service_type extends kolab_api_service
}
// @TODO: check privileges
-
$type = $postdata['type'];
$query = array(
'key' => $postdata['key'],
@@ -179,7 +178,7 @@ class kolab_api_service_type extends kolab_api_service
}
$result = $this->db->query("UPDATE {$type}_types SET "
- . implode(', ', $query) . " WHERE id = ?", array($postdata['id']));
+ . implode(', ', $query) . " WHERE id = " . intval($postdata['id']));
if (!$result) {
return false;
commit bf2c04c26ce94ab5b8bb6d2696057ec827d1b121
Author: Aleksander Machniak <alec at alec.pl>
Date: Wed Oct 3 12:17:30 2012 +0200
Fix DB column names escaping in SQL queries
diff --git a/lib/api/kolab_api_service_type.php b/lib/api/kolab_api_service_type.php
index 11d9387..794de16 100644
--- a/lib/api/kolab_api_service_type.php
+++ b/lib/api/kolab_api_service_type.php
@@ -92,11 +92,11 @@ class kolab_api_service_type extends kolab_api_service
$query['used_for'] = $postdata['used_for'] == 'hosted' ? 'hosted' : null;
}
- $query = array_map(array($this->db, 'escape'), $query);
+ $query = array_map(array($this->db, 'escape'), $query);
+ $columns = array_map(array($this->db, 'escape_identifier'), array_keys($query));
$this->db->query("INSERT INTO {$type}_types"
- . " (" . implode(',', array_keys($query)) . ")"
- . " VALUES (" . implode(',', $query) . ")");
+ . " (" . implode(', ', $columns) . ") VALUES (" . implode(', ', $query) . ")");
if (!($id = $this->db->last_insert_id())) {
return false;
@@ -175,7 +175,7 @@ class kolab_api_service_type extends kolab_api_service
}
foreach ($query as $idx => $value) {
- $query[$idx] = $idx . " = " . $this->db->escape($value);
+ $query[$idx] = $this->db->escape_identifier($idx) . " = " . $this->db->escape($value);
}
$result = $this->db->query("UPDATE {$type}_types SET "
commit 9bc91d0f2089a39bde28767add34d31ec8017226
Author: Aleksander Machniak <alec at alec.pl>
Date: Wed Oct 3 12:13:55 2012 +0200
Added escape_identifier() method
diff --git a/lib/SQL.php b/lib/SQL.php
index 2b885e7..3c41d8e 100644
--- a/lib/SQL.php
+++ b/lib/SQL.php
@@ -122,6 +122,18 @@ class SQL
return "'" . mysql_real_escape_string($str, $this->conn) . "'";
}
+ public function escape_identifier($str)
+ {
+ $name = array();
+
+ foreach (explode('.', $str) as $elem) {
+ $elem = str_replace('`', '', $elem);
+ $name[] = '`' . $elem . '`';
+ }
+
+ return implode($name, '.');
+ }
+
private function _connect()
{
if (!$this->conn && !$this->conn_tried) {
commit b393a225b20407256acd8c11269b4079534f0afa
Author: Aleksander Machniak <alec at alec.pl>
Date: Wed Oct 3 12:11:47 2012 +0200
Fix escape(), so it connects to DB if $this->conn isn't set
diff --git a/lib/SQL.php b/lib/SQL.php
index 129a090..2b885e7 100644
--- a/lib/SQL.php
+++ b/lib/SQL.php
@@ -30,8 +30,9 @@ class SQL
private $sql_uri = "mysql://username:password@hostname/database";
/* Placeholder for the existing MySQL connection */
- private $conn = FALSE;
+ private $conn = false;
+ private $conn_tried = false;
private $sql_stats = array(
'queries' => 0,
'query_time' => 0,
@@ -114,12 +115,16 @@ class SQL
return 'NULL';
}
+ if (!$this->conn) {
+ $this->_connect();
+ }
+
return "'" . mysql_real_escape_string($str, $this->conn) . "'";
}
private function _connect()
{
- if (!$this->conn) {
+ if (!$this->conn && !$this->conn_tried) {
Log::debug("SQL: Connecting to " . $this->sql_uri);
$_uri = parse_url($this->sql_uri);
@@ -127,6 +132,7 @@ class SQL
$this->_password = $_uri['pass'];
$this->_hostname = $_uri['host'];
$this->_database = str_replace('/','',$_uri['path']);
+ $this->conn_tried = true;
$this->conn = mysql_connect($this->_hostname, $this->_username, $this->_password);
mysql_select_db($this->_database, $this->conn);
More information about the commits
mailing list