From a1c8b968c4f38141f80ce909cd17b49503a9a23d Mon Sep 17 00:00:00 2001 From: reine Date: Sun, 6 May 2012 04:27:53 +0900 Subject: [PATCH] =?utf8?q?MARGE:master=E3=83=96=E3=83=A9=E3=83=B3=E3=83=81?= =?utf8?q?=E3=81=AE=E3=83=9E=E3=83=BC=E3=82=B8=EF=BC=88=E3=83=9E=E3=83=BC?= =?utf8?q?=E3=82=B8=E3=81=A7=E3=81=8D=E3=81=AA=E3=81=84=E5=88=86=E3=81=AB?= =?utf8?q?=E3=81=A4=E3=81=84=E3=81=A6=E3=80=81=E3=83=87=E3=83=BC=E3=82=BF?= =?utf8?q?=E3=83=99=E3=83=BC=E3=82=B9=E3=83=8F=E3=83=B3=E3=83=89=E3=83=A9?= =?utf8?q?=E3=83=BC=E3=82=92=E6=9B=B8=E3=81=8D=E6=8F=9B=E3=81=88=EF=BC=89?= =?utf8?q?=20=E3=82=A2=E3=82=A4=E3=83=86=E3=83=A0=E7=B7=A8=E9=9B=86?= =?utf8?q?=E7=94=BB=E9=9D=A2=E3=81=AE=E3=83=9C=E3=82=BF=E3=83=B3=E8=A1=A8?= =?utf8?q?=E7=A4=BA=E3=81=A8=E3=83=9C=E3=82=BF=E3=83=B3=E3=81=8C=E6=A9=9F?= =?utf8?q?=E8=83=BD=E3=81=97=E3=81=AA=E3=81=84=E5=95=8F=E9=A1=8C=E3=81=AB?= =?utf8?q?=E5=AF=BE=E5=BF=9C=20=E7=AE=A1=E7=90=86=E7=94=BB=E9=9D=A2?= =?utf8?q?=E3=82=B9=E3=82=AD=E3=83=B3=E3=83=95=E3=82=A9=E3=83=AB=E3=83=80?= =?utf8?q?=E3=82=92admin/default=E3=81=AB=E5=A4=89=E6=9B=B4=20=E3=83=96?= =?utf8?q?=E3=83=83=E3=82=AF=E3=83=9E=E3=83=BC=E3=82=AF=E3=83=AC=E3=83=83?= =?utf8?q?=E3=83=88=E7=94=BB=E9=9D=A2=E3=81=8C=E4=B8=80=E5=BF=9C=E8=A1=A8?= =?utf8?q?=E7=A4=BA=E3=81=95=E3=82=8C=E3=82=8B=E3=82=88=E3=81=86=E3=81=AB?= =?utf8?q?=E3=81=97=E3=81=9F?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- install/index.php | 207 +- install/install.sql | 3 +- nucleus/bookmarklet.php | 31 +- nucleus/convert/functions.inc.php | 134 +- nucleus/convert/wordpress.php | 244 +- nucleus/javascript/edit.js | 9 +- nucleus/libs/ACTIONLOG.php | 22 +- nucleus/libs/ACTIONS.php | 15 +- nucleus/libs/ADMIN.php | 424 +- nucleus/libs/AdminActions.php | 178 +- nucleus/libs/BAN.php | 52 +- nucleus/libs/BLOG.php | 187 +- nucleus/libs/BODYACTIONS.php | 50 +- nucleus/libs/BaseActions.php | 38 + nucleus/libs/COMMENT.php | 4 +- nucleus/libs/COMMENTACTIONS.php | 6 +- nucleus/libs/COMMENTS.php | 43 +- nucleus/libs/ITEM.php | 42 +- nucleus/libs/ITEMACTIONS.php | 111 +- nucleus/libs/KARMA.php | 19 +- nucleus/libs/MANAGER.php | 32 +- nucleus/libs/MEMBER.php | 169 +- nucleus/libs/PLUGIN.php | 126 +- nucleus/libs/SEARCH.php | 22 +- nucleus/libs/SKIN.php | 150 +- nucleus/libs/TEMPLATE.php | 64 +- nucleus/libs/backup.php | 36 +- nucleus/libs/globalfunctions.php | 774 +-- nucleus/libs/i18n.php | 206 +- nucleus/libs/showlist.php | 20 +- nucleus/libs/skinie.php | 16 +- nucleus/libs/sql/DB.php | 258 + nucleus/libs/sql/MYSQLPDO.php | 662 +++ nucleus/libs/sql/mysql.php | 454 -- nucleus/libs/sql/pdo.php | 675 --- nucleus/libs/sql/sql.php | 316 ++ nucleus/media.php | 4 +- nucleus/plugins/NP_SecurityEnforcer.php | 46 +- nucleus/plugins/securityenforcer/index.php | 8 +- nucleus/styles/addedit.css | 21 +- nucleus/styles/admin_original.css | 12 +- nucleus/upgrades/upgrade.functions.php | 33 +- nucleus/upgrades/upgrade0.96.php | 12 +- nucleus/upgrades/upgrade1.0.php | 10 +- nucleus/upgrades/upgrade1.1.php | 12 +- nucleus/upgrades/upgrade1.5.php | 37 +- nucleus/upgrades/upgrade2.0.php | 4 +- nucleus/upgrades/upgrade2.5.php | 20 +- nucleus/upgrades/upgrade3.3.php | 6 +- nucleus/upgrades/upgrade4.0.php | 6 +- nucleus/xmlrpc/api_blogger.inc.php | 4 +- nucleus/xmlrpc/api_metaweblog.inc.php | 14 +- nucleus/xmlrpc/api_mt.inc.php | 12 +- nucleus/xmlrpc/api_nucleus.inc.php | 18 +- nucleus/xmlrpc/server.php | 27 +- .../images/button-aligncenter.gif | Bin .../images/button-alignleft.gif | Bin .../images/button-alignright.gif | Bin .../images/button-bold.gif | Bin .../images/button-copy.gif | Bin .../images/button-cut.gif | Bin .../images/button-italic.gif | Bin .../images/button-left.gif | Bin .../images/button-link.gif | Bin .../images/button-media.gif | Bin .../images/button-paste.gif | Bin .../images/button-preview.gif | Bin .../images/button-right.gif | Bin .../{defaultadmin => bookmarklet}/images/globe.gif | Bin .../javascripts/admin.js | 118 +- .../javascripts/bookmarklet.js | 140 +- .../javascripts/compatibility.js | 66 +- .../javascripts/edit.js | 690 +-- .../javascripts/index.html | 20 +- .../javascripts/numbercheck.js | 72 +- .../javascripts/opennew.js | 122 +- .../javascripts/templateEdit.js | 130 +- .../javascripts/xmlhttprequest.js | 364 +- skins/admin/bookmarklet/skinbackup.xml | 12 +- .../styles/addedit.css | 85 +- .../styles/admin_contemporary.css | 774 +-- .../styles/admin_contemporary_jp.css | 916 ++-- .../styles/admin_original.css | 766 +-- .../styles/background.png | Bin .../styles/bookmarklet.css | 300 +- .../styles/bullet.gif | Bin .../styles/contemporary/background.png | Bin .../styles/contemporary_jp/background.png | Bin .../styles/contemporary_jp/bullet.gif | Bin .../styles/contemporary_jp/quickb-hover.jpg | Bin .../styles/contemporary_jp/quickb.jpg | Bin .../{defaultadmin => bookmarklet}/styles/logo.gif | Bin .../styles/manual.css | 302 +- .../styles/popups.css | 202 +- .../styles/quickb-hover.jpg | Bin .../styles/quickb.jpg | Bin skins/admin/default/images/button-aligncenter.gif | Bin 0 -> 85 bytes skins/admin/default/images/button-alignleft.gif | Bin 0 -> 68 bytes skins/admin/default/images/button-alignright.gif | Bin 0 -> 67 bytes skins/admin/default/images/button-bold.gif | Bin 0 -> 73 bytes skins/admin/default/images/button-copy.gif | Bin 0 -> 103 bytes skins/admin/default/images/button-cut.gif | Bin 0 -> 89 bytes skins/admin/default/images/button-italic.gif | Bin 0 -> 74 bytes skins/admin/default/images/button-left.gif | Bin 0 -> 91 bytes skins/admin/default/images/button-link.gif | Bin 0 -> 141 bytes skins/admin/default/images/button-media.gif | Bin 0 -> 132 bytes skins/admin/default/images/button-paste.gif | Bin 0 -> 127 bytes skins/admin/default/images/button-preview.gif | Bin 0 -> 90 bytes skins/admin/default/images/button-right.gif | Bin 0 -> 91 bytes skins/admin/default/images/globe.gif | Bin 0 -> 124 bytes skins/admin/default/javascripts/admin.js | 59 + skins/admin/default/javascripts/bookmarklet.js | 70 + skins/admin/default/javascripts/compatibility.js | 33 + skins/admin/default/javascripts/edit.js | 345 ++ skins/admin/default/javascripts/index.html | 11 + skins/admin/default/javascripts/numbercheck.js | 36 + skins/admin/default/javascripts/opennew.js | 62 + skins/admin/default/javascripts/templateEdit.js | 66 + skins/admin/default/javascripts/xmlhttprequest.js | 183 + .../admin/{defaultadmin => default}/skinbackup.xml | 5563 ++++++++++---------- skins/admin/default/styles/addedit.css | 46 + skins/admin/default/styles/admin_contemporary.css | 387 ++ .../admin/default/styles/admin_contemporary_jp.css | 458 ++ skins/admin/default/styles/admin_original.css | 383 ++ skins/admin/default/styles/background.png | Bin 0 -> 310 bytes skins/admin/default/styles/bookmarklet.css | 151 + skins/admin/default/styles/bullet.gif | Bin 0 -> 50 bytes .../default/styles/contemporary/background.png | Bin 0 -> 310 bytes .../default/styles/contemporary_jp/background.png | Bin 0 -> 310 bytes .../default/styles/contemporary_jp/bullet.gif | Bin 0 -> 50 bytes .../styles/contemporary_jp/quickb-hover.jpg | Bin 0 -> 493 bytes .../default/styles/contemporary_jp/quickb.jpg | Bin 0 -> 325 bytes skins/admin/default/styles/logo.gif | Bin 0 -> 4541 bytes skins/admin/default/styles/manual.css | 151 + skins/admin/default/styles/popups.css | 102 + skins/admin/default/styles/quickb-hover.jpg | Bin 0 -> 493 bytes skins/admin/default/styles/quickb.jpg | Bin 0 -> 325 bytes skins/default/show_benchmark.inc | 4 +- 138 files changed, 11129 insertions(+), 8165 deletions(-) create mode 100644 nucleus/libs/sql/DB.php create mode 100644 nucleus/libs/sql/MYSQLPDO.php delete mode 100644 nucleus/libs/sql/mysql.php delete mode 100644 nucleus/libs/sql/pdo.php create mode 100644 nucleus/libs/sql/sql.php rename skins/admin/{defaultadmin => bookmarklet}/images/button-aligncenter.gif (100%) rename skins/admin/{defaultadmin => bookmarklet}/images/button-alignleft.gif (100%) rename skins/admin/{defaultadmin => bookmarklet}/images/button-alignright.gif (100%) rename skins/admin/{defaultadmin => bookmarklet}/images/button-bold.gif (100%) rename skins/admin/{defaultadmin => bookmarklet}/images/button-copy.gif (100%) rename skins/admin/{defaultadmin => bookmarklet}/images/button-cut.gif (100%) rename skins/admin/{defaultadmin => bookmarklet}/images/button-italic.gif (100%) rename skins/admin/{defaultadmin => bookmarklet}/images/button-left.gif (100%) rename skins/admin/{defaultadmin => bookmarklet}/images/button-link.gif (100%) rename skins/admin/{defaultadmin => bookmarklet}/images/button-media.gif (100%) rename skins/admin/{defaultadmin => bookmarklet}/images/button-paste.gif (100%) rename skins/admin/{defaultadmin => bookmarklet}/images/button-preview.gif (100%) rename skins/admin/{defaultadmin => bookmarklet}/images/button-right.gif (100%) rename skins/admin/{defaultadmin => bookmarklet}/images/globe.gif (100%) rename skins/admin/{defaultadmin => bookmarklet}/javascripts/admin.js (96%) rename skins/admin/{defaultadmin => bookmarklet}/javascripts/bookmarklet.js (96%) rename skins/admin/{defaultadmin => bookmarklet}/javascripts/compatibility.js (97%) rename skins/admin/{defaultadmin => bookmarklet}/javascripts/edit.js (95%) rename skins/admin/{defaultadmin => bookmarklet}/javascripts/index.html (93%) rename skins/admin/{defaultadmin => bookmarklet}/javascripts/numbercheck.js (96%) rename skins/admin/{defaultadmin => bookmarklet}/javascripts/opennew.js (97%) rename skins/admin/{defaultadmin => bookmarklet}/javascripts/templateEdit.js (94%) rename skins/admin/{defaultadmin => bookmarklet}/javascripts/xmlhttprequest.js (96%) rename skins/admin/{defaultadmin => bookmarklet}/styles/addedit.css (77%) rename skins/admin/{defaultadmin => bookmarklet}/styles/admin_contemporary.css (94%) rename skins/admin/{defaultadmin => bookmarklet}/styles/admin_contemporary_jp.css (95%) rename skins/admin/{defaultadmin => bookmarklet}/styles/admin_original.css (94%) rename skins/admin/{defaultadmin => bookmarklet}/styles/background.png (100%) rename skins/admin/{defaultadmin => bookmarklet}/styles/bookmarklet.css (93%) rename skins/admin/{defaultadmin => bookmarklet}/styles/bullet.gif (100%) rename skins/admin/{defaultadmin => bookmarklet}/styles/contemporary/background.png (100%) rename skins/admin/{defaultadmin => bookmarklet}/styles/contemporary_jp/background.png (100%) rename skins/admin/{defaultadmin => bookmarklet}/styles/contemporary_jp/bullet.gif (100%) rename skins/admin/{defaultadmin => bookmarklet}/styles/contemporary_jp/quickb-hover.jpg (100%) rename skins/admin/{defaultadmin => bookmarklet}/styles/contemporary_jp/quickb.jpg (100%) rename skins/admin/{defaultadmin => bookmarklet}/styles/logo.gif (100%) rename skins/admin/{defaultadmin => bookmarklet}/styles/manual.css (92%) rename skins/admin/{defaultadmin => bookmarklet}/styles/popups.css (92%) rename skins/admin/{defaultadmin => bookmarklet}/styles/quickb-hover.jpg (100%) rename skins/admin/{defaultadmin => bookmarklet}/styles/quickb.jpg (100%) create mode 100644 skins/admin/default/images/button-aligncenter.gif create mode 100644 skins/admin/default/images/button-alignleft.gif create mode 100644 skins/admin/default/images/button-alignright.gif create mode 100644 skins/admin/default/images/button-bold.gif create mode 100644 skins/admin/default/images/button-copy.gif create mode 100644 skins/admin/default/images/button-cut.gif create mode 100644 skins/admin/default/images/button-italic.gif create mode 100644 skins/admin/default/images/button-left.gif create mode 100644 skins/admin/default/images/button-link.gif create mode 100644 skins/admin/default/images/button-media.gif create mode 100644 skins/admin/default/images/button-paste.gif create mode 100644 skins/admin/default/images/button-preview.gif create mode 100644 skins/admin/default/images/button-right.gif create mode 100644 skins/admin/default/images/globe.gif create mode 100644 skins/admin/default/javascripts/admin.js create mode 100644 skins/admin/default/javascripts/bookmarklet.js create mode 100644 skins/admin/default/javascripts/compatibility.js create mode 100644 skins/admin/default/javascripts/edit.js create mode 100644 skins/admin/default/javascripts/index.html create mode 100644 skins/admin/default/javascripts/numbercheck.js create mode 100644 skins/admin/default/javascripts/opennew.js create mode 100644 skins/admin/default/javascripts/templateEdit.js create mode 100644 skins/admin/default/javascripts/xmlhttprequest.js rename skins/admin/{defaultadmin => default}/skinbackup.xml (97%) create mode 100644 skins/admin/default/styles/addedit.css create mode 100644 skins/admin/default/styles/admin_contemporary.css create mode 100644 skins/admin/default/styles/admin_contemporary_jp.css create mode 100644 skins/admin/default/styles/admin_original.css create mode 100644 skins/admin/default/styles/background.png create mode 100644 skins/admin/default/styles/bookmarklet.css create mode 100644 skins/admin/default/styles/bullet.gif create mode 100644 skins/admin/default/styles/contemporary/background.png create mode 100644 skins/admin/default/styles/contemporary_jp/background.png create mode 100644 skins/admin/default/styles/contemporary_jp/bullet.gif create mode 100644 skins/admin/default/styles/contemporary_jp/quickb-hover.jpg create mode 100644 skins/admin/default/styles/contemporary_jp/quickb.jpg create mode 100644 skins/admin/default/styles/logo.gif create mode 100644 skins/admin/default/styles/manual.css create mode 100644 skins/admin/default/styles/popups.css create mode 100644 skins/admin/default/styles/quickb-hover.jpg create mode 100644 skins/admin/default/styles/quickb.jpg diff --git a/install/index.php b/install/index.php index 44ed150..7204bc6 100644 --- a/install/index.php +++ b/install/index.php @@ -44,7 +44,7 @@ if ( version_compare(PHP_VERSION, '5.3.0', '<') ) /* default installed plugins and skins */ $aConfPlugsToInstall = array('NP_SecurityEnforcer', 'NP_SkinFiles'); -$aConfSkinsToImport = array('atom', 'rss2.0', 'rsd', 'default', 'admin/defaultadmin'); +$aConfSkinsToImport = array('atom', 'rss2.0', 'rsd', 'default', 'admin/default', 'admin/bookmarklet'); // Check if some important files do_check_files(); @@ -56,14 +56,7 @@ if ( !i18n::init('UTF-8', './locales') ) exit('
Failed to initialize iconv or mbstring extension. Would you please contact the administrator of your PHP server?
'); } -// check if mysql support is installed; this check may not make sense, as is, in a version past 3.5x -if ( !function_exists('mysql_query') && !function_exists('mysqli_query') ) -{ - exit('
Your PHP version does not have support for MySQL :(
'); -} - // include core classes that are needed for login & plugin handling -include_once('../nucleus/libs/mysql.php'); // added for 3.5 sql_* wrapper global $MYSQL_HANDLER; @@ -71,8 +64,14 @@ global $MYSQL_HANDLER; if ( !isset($MYSQL_HANDLER) ) { $MYSQL_HANDLER = array('mysql', ''); + + // check if mysql support is installed; this check may not make sense, as is, in a version past 3.5x + if ( !function_exists('mysql_query') && !function_exists('mysqli_query') ) + { + exit('
Your PHP version does not have support for MySQL :(
'); + } } -include_once('../nucleus/libs/sql/' . $MYSQL_HANDLER[0] . '.php'); +include_once('../nucleus/libs/sql/sql.php'); session_start(); if ( count($_GET) == 0 && count($_POST) == 0 ) @@ -809,7 +808,7 @@ function show_install_complete_form() function do_install() { global $param; - global $MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD, $MYSQL_DATABASE, $MYSQL_PREFIX, $MYSQL_CONN; + global $MYSQL_HANDLER, $MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD, $MYSQL_DATABASE, $MYSQL_PREFIX, $MYSQL_CONN; global $DIR_NUCLEUS, $DIR_MEDIA, $DIR_SKINS, $DIR_PLUGINS, $DIR_LANG, $DIR_LIBS; $errors = array(); @@ -832,8 +831,8 @@ function do_install() /* * 2.open mySQL connection */ - $MYSQL_CONN = @sql_connect_args($MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD); - if ( $MYSQL_CONN == false ) + $MYSQL_CONN = @DB::setConnectionInfo($MYSQL_HANDLER[1], $MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD); + if ( $MYSQL_CONN == FALSE ) { $errors[] = _DBCONNECT_ERROR; return $errors; @@ -842,19 +841,20 @@ function do_install() /* * 3. try to create database if needed */ - if ( !sql_query("CREATE DATABASE IF NOT EXISTS {$MYSQL_DATABASE}") ) + if ( DB::execute("CREATE DATABASE IF NOT EXISTS {$MYSQL_DATABASE}") === FALSE ) { - $errors[] = _INST_ERROR1 . ': ' . sql_error(); + $errinfo = DB::getError(); + $errors[] = _INST_ERROR1 . ': ' . $errinfo[2]; } /* * 4. try to select database */ - if ( !sql_select_db($MYSQL_DATABASE) ) + $MYSQL_CONN = @DB::setConnectionInfo($MYSQL_HANDLER[1], $MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD, $MYSQL_DATABASE); + if ( !$MYSQL_CONN ) { $errors[] = _INST_ERROR2; } - sql_set_charset('utf8'); if ( count($errors) > 0 ) { @@ -889,8 +889,8 @@ function do_install() } // table exists check - $result = sql_query('SHOW TABLES'); - while ( $row = mysql_fetch_array($result, MYSQL_NUM) ) + $result = DB::getResult('SHOW TABLES'); + foreach ( $result as $row ) { if ( in_array($row[0], $prefixed_table_names) ) { @@ -919,9 +919,10 @@ function do_install() $query = str_replace($table_names, $prefixed_table_names, $query); } - if ( !sql_query($query) ) + if ( DB::execute($query) === FALSE ) { - $errors[] = _INST_ERROR4 . ' (' . $query . '): ' . sql_error(); + $errinfo = DB::getError(); + $errors[] = _INST_ERROR4 . ' (' . $query . '): ' . $errinfo[2]; } } } @@ -930,11 +931,18 @@ function do_install() * 6. put needed records */ /* push first post */ - $query = "INSERT INTO %s VALUES (1, '%s', '%s', '%s', 1, 1, '%s', 0, 0, 0, 1, 0, 1)"; - $query = sprintf($query, tableName('nucleus_item'), _1ST_POST_TITLE, _1ST_POST, _1ST_POST2, i18n::formatted_datetime('mysql', time())); - if ( !sql_query($query) ) + $query = "INSERT INTO %s VALUES (1, %s, %s, %s, 1, 1, %s, 0, 0, 0, 1, 0, 1)"; + $query = sprintf($query, + tableName('nucleus_item'), + DB::quoteValue(_1ST_POST_TITLE), + DB::quoteValue(_1ST_POST), + DB::quoteValue(_1ST_POST2), + DB::formatDateTime() + ); + if ( DB::execute($query) === FALSE ) { - $errors[] = _INST_ERROR4 . ' (' . $newpost . '): ' . sql_error(); + $errinfo = DB::getError(); + $errors[] = _INST_ERROR4 . ' (' . $newpost . '): ' . $errinfo[2]; } /* push configurations */ @@ -948,41 +956,49 @@ function do_install() array_merge($errors, updateConfig('SiteName', $param->blog_name)); array_merge($errors, updateConfig('Locale', i18n::get_current_locale())); - /* escape strings for SQL */ - $user_name = sql_real_escape_string($param->user_name); - $user_realname = sql_real_escape_string($param->user_realname); - $user_password = sql_real_escape_string(md5($param->user_password)); - $user_email = sql_real_escape_string($param->user_email); - $blog_name = sql_real_escape_string($param->blog_name); - $blog_shortname = sql_real_escape_string($param->blog_shortname); - $config_indexurl = sql_real_escape_string($param->IndexURL); - /* push super admin */ - $query = "UPDATE %s SET mname = '%s', mrealname = '%s', mpassword = '%s', memail = '%s', murl = '%s', madmin = 1, mcanlogin = 1 WHERE mnumber = 1"; - $query = sprintf($query, tableName('nucleus_member'), $user_name, $user_realname, $user_password, $user_email, $config_indexurl); - if ( !sql_query($query) ) + $query = "UPDATE %s SET mname = %s, mrealname = %s, mpassword = %s, memail = %s, murl = %s, madmin = 1, mcanlogin = 1 WHERE mnumber = 1"; + $query = sprintf($query, + tableName('nucleus_member'), + DB::quoteValue($param->user_name), + DB::quoteValue($param->user_realname), + DB::quoteValue(md5($param->user_password)), + DB::quoteValue($param->user_email), + DB::quoteValue($param->IndexURL) + ); + if ( DB::execute($query) === FALSE ) { - $errors[] = _INST_ERROR5 . ': ' . sql_error(); + $errinfo = DB::getError(); + $errors[] = _INST_ERROR5 . ': ' . $errinfo[2]; } /* push new weblog */ - $query = "UPDATE %s SET bname = '%s', bshortname = '%s', burl = '%s' WHERE bnumber = 1"; - $query = sprintf($query, tableName('nucleus_blog'), $blog_name, $blog_shortname, $config_indexurl); - if ( !sql_query($query) ) + $query = "UPDATE %s SET bname = %s, bshortname = %s, burl = %s WHERE bnumber = 1"; + $query = sprintf($query, + tableName('nucleus_blog'), + DB::quoteValue($param->blog_name), + DB::quoteValue($param->blog_shortname), + DB::quoteValue($param->IndexURL) + ); + if ( DB::execute($query) === FALSE ) { - $errors[] = _INST_ERROR6 . ': ' . sql_error(); + $errinfo = DB::getError(); + $errors[] = _INST_ERROR6 . ': ' . $errinfo[2]; } /* push default category */ - $query = "UPDATE %s SET cname = '%s', cdesc = '%s' WHERE catid = 1"; - $query = sprintf($query, tableName('nucleus_category'), _GENERALCAT_NAME, _GENERALCAT_DESC); - if ( !sql_query($query) ) + $query = "UPDATE %s SET cname = %s, cdesc = %s WHERE catid = 1"; + $query = sprintf($query, + tableName('nucleus_category'), + DB::quoteValue(_GENERALCAT_NAME), + DB::quoteValue(_GENERALCAT_DESC) + ); + if ( DB::execute($query) === FALSE ) { - $errors[] = _INST_ERROR6 . ': ' . sql_error(); + $errinfo = DB::getError(); + $errors[] = _INST_ERROR6 . ': ' . $errinfo[2]; } - sql_close(); - /* * 7. install default plugins and skins */ @@ -1006,24 +1022,28 @@ function do_install() { array_merge($errors, $aSkinErrors); } - $query = "SELECT MIN(sdnumber) as result FROM %s WHERE sdname='admin/default';"; - $query = sprintf($query, tableName('nucleus_skin_desc')); - $res = sql_query($query); - $obj = sql_fetch_object($res); - array_merge($errors, updateConfig('DefaultAdminSkin', $obj->result)); + + $query = "SELECT sdnumber FROM %s WHERE sdname='admin/default'"; + $query = sprintf($query, tableName('nucleus_skin_desc')); + $res = intval(DB::getValue($query)); + array_merge($errors, updateConfig('AdminSkin', $res)); + + $query = "SELECT sdnumber FROM %s WHERE sdname='admin/bookmarklet'"; + $query = sprintf($query, tableName('nucleus_skin_desc')); + $res = intval(DB::getValue($query)); + array_merge($errors, updateConfig('BookmarkletSkin', $res)); $query = "SELECT sdnumber FROM %s WHERE sdname='default'"; $query = sprintf($query, tableName('nucleus_skin_desc')); - $res = sql_query($query); - $obj = sql_fetch_assoc($res); - $defSkinID = (integer) $obj['sdnumber']; + $defSkinID = intval(DB::getValue($query)); $query = "UPDATE %s SET bdefskin=%d WHERE bnumber=1"; $query = sprintf($query, tableName('nucleus_blog'), $defSkinID); - sql_query($query); + DB::execute($query); + $query = "UPDATE %s SET value=%d WHERE name='BaseSkin'"; $query = sprintf($query, tableName('nucleus_config'), $defSkinID); - sql_query($query); + DB::execute($query); $aPlugErrors = installCustomPlugs(); if ( count($aPlugErrors) > 0 ) @@ -1121,28 +1141,26 @@ function canConfigFileWritable() */ function getMySqlVersion() { - global $minimum_mysql_version, $errors; + global $MYSQL_HANDLER, $minimum_mysql_version, $errors; // Turn on output buffer // Needed to repress the output of the sql function that are // not part of php (in this case the @ operator doesn't work) ob_start(); // note: this piece of code is taken from phpMyAdmin - $conn = sql_connect_args('localhost', '', ''); - $result = @sql_query('SELECT VERSION() AS version', $conn); + $conn = @DB::setConnectionInfo($MYSQL_HANDLER[1], 'localhost', '', ''); - if ( $result != FALSE && sql_num_rows($result) > 0 ) + if ( $conn ) { - $row = sql_fetch_array($result); - $match = preg_split('#\.#', $row['version']); + $row = DB::getAttribute(PDO::ATTR_SERVER_VERSION); + $match = preg_split('#\.#', $row); } else { - $result = @sql_query('SHOW VARIABLES LIKE \'version\'', $conn); + $row = @DB::getRow('SHOW VARIABLES LIKE \'version\''); - if ( $result != FALSE && @sql_num_rows($result) > 0 ) + if ( $row ) { - $row = sql_fetch_row($result); $match = preg_split('#\.#', $row[1]); } else @@ -1158,7 +1176,7 @@ function getMySqlVersion() } } - @sql_disconnect($conn); + @DB::disConnect(); //End and clean output buffer ob_end_clean(); @@ -1198,13 +1216,17 @@ function installCustomPlugs() return $aErrors; } - $res = sql_query('SELECT * FROM ' . tableName('nucleus_plugin')); - $numCurrent = sql_num_rows($res); + $query = sprintf('SELECT * FROM %s', tableName('nucleus_plugin')); + $res = DB::getResult($query); + $numCurrent = $res->rowCount(); foreach ( $aConfPlugsToInstall as $plugName ) { - $query = 'INSERT INTO ' . tableName('nucleus_plugin') . ' (porder, pfile) VALUES (' . (++$numCurrent) . ", '" . sql_real_escape_string($plugName) . "')"; - sql_query($query); + $query = sprintf('INSERT INTO %s (porder, pfile) VALUES (%d, %s)', + tableName('nucleus_plugin'), + (++$numCurrent), + DB::quoteValue($plugName)); + DB::execute($query); $manager->clearCachedInfo('installedPlugins'); $plugin =& $manager->getPlugin($plugName); @@ -1212,7 +1234,10 @@ function installCustomPlugs() if ( !$plugin ) { - sql_query('DELETE FROM ' . tableName('nucleus_plugin') . " WHERE pfile = '" . sql_real_escape_string($plugName) . "'"); + $query = sprintf('DELETE FROM %s WHERE pfile = %s', + tableName('nucleus_plugin'), + DB::quoteValue($plugName)); + DB::execute($query); $numCurrent--; array_push($aErrors, sprintf(_INST_ERROR9, $plugName)); continue; @@ -1220,20 +1245,25 @@ function installCustomPlugs() $plugin->install(); } - sql_query('DELETE FROM ' . tableName('nucleus_plugin_event')); - $res = sql_query('SELECT pid, pfile FROM ' . tableName('nucleus_plugin')); + $query = sprintf('DELETE FROM %s', tableName('nucleus_plugin_event')); + DB::execute($query); + $query = sprintf('SELECT pid, pfile FROM %s', tableName('nucleus_plugin')); + $res = DB::getResult($query); - while ( $o = sql_fetch_object($res) ) + foreach ( $res as $row ) { - $pid = $o->pid; - $plug =& $manager->getPlugin($o->pfile); + $plug =& $manager->getPlugin($row['pfile']); if ( $plug ) { $eventList = $plug->getEventList(); foreach ( $eventList as $eventName ) { - sql_query('INSERT INTO ' . tableName('nucleus_plugin_event') . ' (pid, event) VALUES (' . $pid . ", '" . $eventName . "')"); + $query = sprintf('INSERT INTO %s (pid, event) VALUES (%d, %s)', + tableName('nucleus_plugin_event'), + intval($row['pid']), + DB::quoteValue($eventName)); + DB::execute($query); } } } @@ -1319,7 +1349,6 @@ function do_check_files() '../nucleus/libs/MANAGER.php', '../nucleus/libs/MEDIA.php', '../nucleus/libs/MEMBER.php', - '../nucleus/libs/mysql.php', '../nucleus/libs/NOTIFICATION.php', '../nucleus/libs/PARSER.php', '../nucleus/libs/PLUGIN.php', @@ -1331,7 +1360,8 @@ function do_check_files() '../nucleus/libs/vars4.1.0.php', '../nucleus/libs/xmlrpc.inc.php', '../nucleus/libs/xmlrpcs.inc.php', - '../nucleus/libs/sql/mysql.php' + '../nucleus/libs/sql/DB.php', + '../nucleus/libs/sql/MYSQLPDO.php' ); $count = count($files); @@ -1359,15 +1389,14 @@ function do_check_files() function updateConfig($name, $value) { $errors = array(); - $name = sql_real_escape_string($name); - $value = trim(sql_real_escape_string($value)); - $query = "UPDATE %s SET value = '%s' WHERE name = '%s'"; - $query = sprintf($query, tableName('nucleus_config'), $value, $name); + $query = "UPDATE %s SET value = %s WHERE name = %s"; + $query = sprintf($query, tableName('nucleus_config'), DB::quoteValue(trim($value)), DB::quoteValue($name)); - if ( !sql_query($query) ) + if ( DB::execute($query) === FALSE ) { - $errors[] = _INST_ERROR4 . ': ' . sql_error(); + $errinfo = DB::getError(); + $errors[] = _INST_ERROR4 . ': ' . $errinfo[2]; } return $errors; } @@ -1490,6 +1519,8 @@ class ParamManager public function check_mysql_parameters() { + global $MYSQL_HANDLER; + $parameters = array('mysql_host', 'mysql_user', 'mysql_password', 'mysql_database', 'mysql_tablePrefix'); $this->read_parameter($parameters); @@ -1529,14 +1560,14 @@ class ParamManager if ( count($errors) == 0 ) { - $mysql_conn = @sql_connect_args($this->mysql_host, $this->mysql_user, $this->mysql_password); + $mysql_conn = @DB::setConnectionInfo($MYSQL_HANDLER[1], $this->mysql_host, $this->mysql_user, $this->mysql_password); if ( $mysql_conn == false ) { $errors[] = _DBCONNECT_ERROR; } else { - @sql_disconnect($mysql_conn); + @DB::disConnect(); } } diff --git a/install/install.sql b/install/install.sql index c12e5cd..0a6bb60 100644 --- a/install/install.sql +++ b/install/install.sql @@ -115,7 +115,8 @@ INSERT INTO nucleus_config VALUES ('DatabaseVersion', '350'); INSERT INTO nucleus_config VALUES ('DebugVars', '0'); INSERT INTO nucleus_config VALUES ('DefaultListSize', '10'); INSERT INTO nucleus_config VALUES ('AdminCSS', 'original'); -INSERT INTO nucleus_config VALUES ('DefaultAdminSkin', '0'); +INSERT INTO nucleus_config VALUES ('AdminSkin', '0'); +INSERT INTO nucleus_config VALUES ('BookmarkletSkin', '0'); CREATE TABLE nucleus_item ( inumber int(11) NOT NULL auto_increment, diff --git a/nucleus/bookmarklet.php b/nucleus/bookmarklet.php index 13d30d5..4b3f5c9 100644 --- a/nucleus/bookmarklet.php +++ b/nucleus/bookmarklet.php @@ -26,7 +26,7 @@ $CONF['UsingAdminArea'] = 1; include('../config.php'); // get skin object -$skinid = $CONF['DefaultBookmarkletSkin']; +$skinid = $CONF['BookmarkletSkin']; if ( !Skin::existsID($skinid) ) { echo _ERROR_SKIN; @@ -127,6 +127,8 @@ function bm_doAddItem($skin) bm_message($skin, _ITEM_ADDED, _ITEM_ADDED, $message,$extrahead); return; + + return; } function bm_doEditItem($skin) @@ -238,12 +240,13 @@ function bm_loginAndPassThrough($skin, $action='add') $skin->parse('showlogin'); $skin->parse('pagefoot'); + return; } function bm_doShowForm($skin) { - global $member; + global $manager, $member; $blogid = intRequestVar('blogid'); $log_text = trim(requestVar('logtext')); @@ -254,6 +257,10 @@ function bm_doShowForm($skin) { bm_doError(_ERROR_NOSUCHBLOG); } + else + { + $blog =& $manager->getBlog($blogid); + } if ( !$member->isTeamMember($blogid) ) { @@ -277,8 +284,9 @@ function bm_doShowForm($skin) $logje .= '' . Entity::hsc($log_linktitle) . ''; } - $item['body'] = $logje; - $item['title'] = Entity::hsc($log_linktitle); + $variables = array(); + $variables['body'] = $logje; + $variables['title'] = Entity::hsc($log_linktitle); /* TODO: $itemを渡す */ $skin->parse('pagehead'); @@ -304,15 +312,15 @@ function bm_doEditForm($skin) bm_doError(_ERROR_DISALLOWED); } - $item =& $manager->getItem($itemid, 1, 1); + $variables =& $manager->getItem($itemid, 1, 1); $blog =& $manager->getBlog(getBlogIDFromItemID($itemid) ); - $manager->notify('PrepareItemForEdit', array('item' => &$item) ); + $manager->notify('PrepareItemForEdit', array('item' => &$variables) ); if ( $blog->convertBreaks() ) { - $item['body'] = removeBreaks($item['body']); - $item['more'] = removeBreaks($item['more']); + $variables['body'] = removeBreaks($variables['body']); + $variables['more'] = removeBreaks($variables['more']); } /* TODO: $itemを渡す */ @@ -320,8 +328,7 @@ function bm_doEditForm($skin) $skin->parse('createitem'); $skin->parse('pagefoot'); - return; -} + return;} function bm_doError($skin, $msg) { @@ -336,13 +343,13 @@ function bm_message($skin, $title, $head, $msg, $extrahead = '') $skin->parse('adminerrorpage'); $skin->parse('pagefoot'); + return; } function bm_doContextMenuCode($width=600, $height=500) { - global $CONF; - + global $CONF; $blogid = (integer) intGetVar('blogid'); echo "\n"; - $extrahead .= '\n"; + $extrahead .= '\n"; self::pagehead($extrahead); self::$skin->parse('templateedit'); @@ -3070,18 +3066,15 @@ class Admin self::error(_ERROR_DUPTEMPLATENAME); } - $name = sql_real_escape_string($name); - $desc = sql_real_escape_string($desc); - // 1. Remove all template parts $query = "DELETE FROM %s WHERE tdesc=%d;"; $query = sprintf($query, sql_table('template'), (integer) $templateid); - sql_query($query); + DB::execute($query); // 2. Update description - $query = "UPDATE %s SET tdname='%s', tddesc='%s' WHERE tdnumber=%d;"; - $query = sprintf($query, sql_table('template_desc'), sql_real_escape_string($name), sql_real_escape_string($desc), (integer) $templateid); - sql_query($query); + $query = "UPDATE %s SET tdname=%s, tddesc=%s WHERE tdnumber=%d;"; + $query = sprintf($query, sql_table('template_desc'), DB::quoteValue($name), DB::quoteValue($desc), (integer) $templateid); + DB::execute($query); // 3. Add non-empty template parts self::addToTemplate($templateid, 'ITEM_HEADER', postVar('ITEM_HEADER')); @@ -3151,13 +3144,14 @@ class Admin return -1; } - $partname = sql_real_escape_string($partname); - $content = sql_real_escape_string($content); - - $query = "INSERT INTO %s (tdesc, tpartname, tcontent) VALUES (%d, '%s', '%s');"; - $query = sprintf($query, sql_table('template'), (integer) $id, $partname, $content); - sql_query($query) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error()); - return sql_insert_id(); + $query = "INSERT INTO %s (tdesc, tpartname, tcontent) VALUES (%d, %s, %s);"; + $query = sprintf($query, sql_table('template'), (integer) $id, DB::quoteValue($partname), DB::quoteValue($content)); + if ( DB::execute($query) === FALSE ) + { + $err = DB::getError(); + exit(_ADMIN_SQLDIE_QUERYERROR . $err[2]); + } + return DB::getInsertId(); } /** @@ -3199,10 +3193,10 @@ class Admin $manager->notify('PreDeleteTemplate', $data); // 1. delete description - sql_query('DELETE FROM ' . sql_table('template_desc') . ' WHERE tdnumber=' . $templateid); + DB::execute('DELETE FROM ' . sql_table('template_desc') . ' WHERE tdnumber=' . $templateid); // 2. delete parts - sql_query('DELETE FROM ' . sql_table('template') . ' WHERE tdesc=' . $templateid); + DB::execute('DELETE FROM ' . sql_table('template') . ' WHERE tdesc=' . $templateid); $data = array('templateid' => $templateid); @@ -3282,10 +3276,10 @@ class Admin $query = "SELECT tpartname, tcontent FROM %s WHERE tdesc=%d;"; $query = sprintf($query, sql_table('template'), (integer) $templateid); - $res = sql_query($query); - while ( $o = sql_fetch_object($res) ) + $res = DB::getResult($query); + foreach ( $res as $row) { - self::addToTemplate($newid, $o->tpartname, $o->tcontent); + self::addToTemplate($newid, $row['tpartname'], $row['tcontent']); } self::action_templateoverview(); @@ -3323,7 +3317,7 @@ class Admin } $member->isAdmin() or self::disallow(); $extrahead = "\n"; - $extrahead .= '' . "\n"; + $extrahead .= '' . "\n"; self::pagehead($extrahead); self::$skin->parse('admintemplateedit'); self::pagefoot(); @@ -3353,18 +3347,16 @@ class Admin { self::error(_ERROR_DUPTEMPLATENAME); } - $name = sql_real_escape_string($name); - $desc = sql_real_escape_string($desc); // 1. Remove all template parts $query = "DELETE FROM %s WHERE tdesc=%d;"; $query = sprintf($query, sql_table('template'), (integer) $templateid); - sql_query($query); + DB::execute($query); // 2. Update description - $query = "UPDATE %s SET tdname='%s', tddesc='%s' WHERE tdnumber=%d;"; - $query = sprintf($query, sql_table('template_desc'), sql_real_escape_string($name), sql_real_escape_string($desc), (integer) $templateid); - sql_query($query); + $query = "UPDATE %s SET tdname=%s, tddesc=%s WHERE tdnumber=%d;"; + $query = sprintf($query, sql_table('template_desc'), DB::quoteValue($name), DB::quoteValue($desc), (integer) $templateid); + DB::execute($query); // 3. Add non-empty template parts self::addToAdminTemplate($templateid, 'ADMINSKINTYPELIST_HEAD', postVar('ADMINSKINTYPELIST_HEAD')); @@ -3504,10 +3496,14 @@ class Admin return -1; } - $query = "INSERT INTO %s (tdesc, tpartname, tcontent ) VALUES (%d, '%s', '%s');"; - $query = sprintf($query, sql_table('template'), (integer) $id, sql_real_escape_string($partname), sql_real_escape_string($content)); - sql_query($query) or exit(_ADMIN_SQLDIE_QUERYERROR . sql_error()); - return sql_insert_id(); + $query = "INSERT INTO %s (tdesc, tpartname, tcontent ) VALUES (%d, %s, %s);"; + $query = sprintf($query, sql_table('template'), (integer) $id, DB::quoteValue($partname), DB::quoteValue($content)); + if ( DB::execute($query) === FALSE ) + { + $err = DB::getError(); + exit(_ADMIN_SQLDIE_QUERYERROR . $err[2]); + } + return DB::getInsertId(); } /** @@ -3547,12 +3543,12 @@ class Admin // 1. delete description $query = "DELETE FROM %s WHERE tdnumber=%s;"; $query = sprintf($query, sql_table('template_desc'), (integer) $templateid); - sql_query($query); + DB::execute($query); // 2. delete parts $query = "DELETE FROM %s WHERE tdesc=%d;"; $query = sprintf($query, sql_table('template'), (integer) $templateid); - sql_query($query); + DB::execute($query); $data = array('templateid' => $templateid); $manager->notify('PostDeleteAdminTemplate', $data); @@ -3629,10 +3625,10 @@ class Admin $query = "SELECT tpartname, tcontent FROM %s WHERE tdesc=%d;"; $query = sprintf($query, sql_table('template'), (integer) $templateid); - $res = sql_query($query); - while ( $o = sql_fetch_object($res) ) + $res = DB::getResult($query); + foreach ( $res as $row ) { - self::addToAdminTemplate($newid, $o->tpartname, $o->tcontent); + self::addToAdminTemplate($newid, $row['tpartname'], $row['tcontent']); } self::action_admintemplateoverview(); @@ -3829,10 +3825,10 @@ class Admin $query = "SELECT bname FROM %s WHERE bdefskin=%d"; $query = sprintf($query, sql_table('blog'), (integer) $skinid); - $r = sql_query($query); - if ( $o = sql_fetch_object($r) ) + $name = DB::getValue($query); + if ( $name ) { - self::error(_ERROR_SKINDEFDELETE . Entity::hsc($o->bname)); + self::error(_ERROR_SKINDEFDELETE . Entity::hsc($name)); } self::pagehead(); @@ -3865,10 +3861,10 @@ class Admin $query = "SELECT bname FROM %s WHERE bdefskin=%d;"; $query = sprintf($query, sql_table('blog'), (integer) $skinid); - $r = sql_query($query); - if ( $o = sql_fetch_object($r) ) - { - self::error(_ERROR_SKINDEFDELETE .$o->bname); + $name = DB::getValue($query); + if ( $name ) + { + self::error(_ERROR_SKINDEFDELETE . Entity::hsc($name)); } $data = array('skinid' => $skinid); @@ -3877,12 +3873,12 @@ class Admin // 1. delete description $query = "DELETE FROM %s WHERE sdnumber=%d;"; $query = sprintf($query, sql_table('skin_desc'), (integer) $skinid); - sql_query($query); + DB::execute($query); // 2. delete parts $query = "DELETE FROM %s WHERE sdesc=%d;"; $query = sprintf($query, sql_table('skin'), (integer) $skinid); - sql_query($query); + DB::execute($query); $data = array('skinid' => $skinid); $manager->notify('PostDeleteSkin', $data); @@ -3960,7 +3956,7 @@ class Admin // delete part $query = "DELETE FROM %s WHERE sdesc=%d AND stype='%s';"; $query = sprintf($query, sql_table('skin'), (integer) $skinid, (integer) $skintype); - sql_query($query); + DB::execute($query); $data = array( 'skinid' => $skinid, @@ -4015,8 +4011,8 @@ class Admin $query = "SELECT stype FROM %s WHERE sdesc=%d;"; $query = sprintf($query, sql_table('skin'), (integer) $skinid); - $res = sql_query($query); - while ( $row = sql_fetch_assoc($res) ) + $res = DB::getResult($query); + foreach ( $res as $row ) { self::skinclonetype($skin, $newid, $row['stype']); } @@ -4040,12 +4036,9 @@ class Admin if ( $content ) { - $content = sql_real_escape_string($content); - $type = sql_real_escape_string($type); - - $query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, '%s', '%s')"; - $query = sprintf($query, sql_table('skin'), (integer) $newid, $content, $type); - sql_query($query); + $query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, %s, %s)"; + $query = sprintf($query, sql_table('skin'), (integer) $newid, DB::quoteValue($content), DB::quoteValue($type)); + DB::execute($query); } return; } @@ -4246,7 +4239,7 @@ class Admin $skinid = intRequestVar('skinid'); // don't allow default skin to be deleted - if ( $skinid == $CONF['DefaultAdminSkin'] ) + if ( $skinid == $CONF['AdminSkin'] ) { self::error(_ERROR_DEFAULTSKIN); } @@ -4270,13 +4263,13 @@ class Admin // 1. delete description $query = "DELETE FROM %s WHERE sdnumber=%d;"; $query = sprintf($query, sql_table('skin_desc'), (integer) $skinid); - sql_query($query); + DB::execute($query); // 2. delete parts $query = "DELETE FROM %s WHERE sdesc=%d;"; $query = sprintf($query, sql_table('skin'), (integer) $skinid); - sql_query($query); + DB::execute($query); $manager->notify('PostDeleteAdminSkin', array('skinid' => (integer) $skinid)); self::action_adminskinoverview(); @@ -4338,7 +4331,7 @@ class Admin // delete part $query = 'DELETE FROM %s WHERE sdesc = %d AND stype ="%s"'; $query = sprintf($query, sql_table('skin'), (integer) $skinid, $skintype); - sql_query($query); + DB::execute($query); $data = array( 'skinid' => $skinid, @@ -4392,8 +4385,8 @@ class Admin $query = "SELECT stype FROM %s WHERE sdesc=%d;"; $query = sprintf($query, sql_table('skin'), (integer) $skinid); - $res = sql_query($query); - while ( $row = sql_fetch_assoc($res) ) + $res = DB::getResult($query); + foreach ( $res as $row ) { self::skinclonetype($skin, $newid, $row['stype']); } @@ -4415,12 +4408,9 @@ class Admin if ( $content ) { - $content = sql_real_escape_string($content); - $type = sql_real_escape_string($type); - - $query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, '%s', '%s')"; - $query = sprintf($query, sql_table('skin'), (integer) $newid, $content, $type); - sql_query($query); + $query = "INSERT INTO %s (sdesc, scontent, stype) VALUES (%d, %s, %s)"; + $query = sprintf($query, sql_table('skin'), (integer) $newid, DB::quoteValue($content), DB::quoteValue($type)); + DB::execute($query); } return; } @@ -4716,13 +4706,14 @@ class Admin */ static private function updateConfig($name, $val) { - $name = sql_real_escape_string($name); - $val = trim(sql_real_escape_string($val)); - - $query = "UPDATE %s SET value='%s' WHERE name='%s'"; - $query = sprintf($query, sql_table('config'), $val, $name); - sql_query($query) or die(_ADMIN_SQLDIE_QUERYERROR . sql_error()); - return sql_insert_id(); + $query = "UPDATE %s SET value=%s WHERE name=%s"; + $query = sprintf($query, sql_table('config'), DB::quoteValue($val), DB::quoteValue($name)); + if ( DB::execute($query) === FALSE ) + { + $err = DB::getError(); + die(_ADMIN_SQLDIE_QUERYERROR . $err[2]); + } + return DB::getInsertId(); } /** @@ -4796,7 +4787,7 @@ class Admin { if ( isset($extrahead) && !empty($extrahead) ) { - self::$extrahead = $extrahead; + self::$extrahead = $extrahead; } self::$skin->parse('pagehead'); } @@ -4815,7 +4806,7 @@ class Admin * TODO: obsoleted if ( !array_key_exists('AdminCSS', $CONF) ) { - sql_query("INSERT INTO " . sql_table('config') . " VALUES ('AdminCSS', 'original')"); + DB::execute("INSERT INTO " . sql_table('config') . " VALUES ('AdminCSS', 'original')"); $CONF['AdminCSS'] = 'original'; } */ @@ -4842,9 +4833,9 @@ class Admin echo "\n"; */ echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; + echo "\n"; + echo "\n"; + echo "\n"; echo "{$extrahead}\n"; echo "\n\n"; echo "\n"; @@ -5443,8 +5434,8 @@ class Admin } // get number of currently installed plugins - $res = sql_query('SELECT * FROM ' . sql_table('plugin')); - $numCurrent = sql_num_rows($res); + $res = DB::getResult('SELECT * FROM ' . sql_table('plugin')); + $numCurrent = $res->rowCount(); // plugin will be added as last one in the list $newOrder = $numCurrent + 1; @@ -5453,10 +5444,10 @@ class Admin $manager->notify('PreAddPlugin', $data); // do this before calling getPlugin (in case the plugin id is used there) - $query = "INSERT INTO %s (porder, pfile) VALUES (%d, '%s');"; - $query = sprintf($query, sql_table('plugin'), (integer) $newOrder, sql_real_escape_string($name)); - sql_query($query); - $iPid = sql_insert_id(); + $query = "INSERT INTO %s (porder, pfile) VALUES (%d, %s);"; + $query = sprintf($query, sql_table('plugin'), (integer) $newOrder, DB::quoteValue($name)); + DB::execute($query); + $iPid = DB::getInsertId(); $manager->clearCachedInfo('installedPlugins'); @@ -5469,7 +5460,7 @@ class Admin $query = "DELETE FROM %s WHERE pid=%d;"; $query = sprintf($query, sql_table('plugin'), (integer) $iPid); - sql_query($query); + DB::execute($query); $manager->clearCachedInfo('installedPlugins'); self::error(_ERROR_PLUGIN_LOAD); @@ -5498,8 +5489,8 @@ class Admin $pluginList = $plugin->getPluginDep(); foreach ( $pluginList as $pluginName ) { - $res = sql_query('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"'); - if (sql_num_rows($res) == 0) + $res = DB::getResult('SELECT * FROM '.sql_table('plugin') . ' WHERE pfile=' . DB::quoteValue($pluginName)); + if ($res->rowCount() == 0) { // uninstall plugin again... self::deleteOnePlugin($plugin->getID()); @@ -5533,22 +5524,22 @@ class Admin $member->isAdmin() or self::disallow(); // delete everything from plugin_events - sql_query('DELETE FROM '.sql_table('plugin_event')); + DB::execute('DELETE FROM '.sql_table('plugin_event')); // loop over all installed plugins - $res = sql_query('SELECT pid, pfile FROM '.sql_table('plugin')); - while ( $o = sql_fetch_object($res) ) + $res = DB::getResult('SELECT pid, pfile FROM '.sql_table('plugin')); + foreach ( $res as $row ) { - $pid = $o->pid; - $plug =& $manager->getPlugin($o->pfile); + $pid = $row['pid']; + $plug =& $manager->getPlugin($row['pfile']); if ( $plug ) { $eventList = $plug->getEventList(); foreach ( $eventList as $eventName ) { - $query = "INSERT INTO %s (pid, event) VALUES (%d, '%s')"; - $query = sprintf($query, sql_table('plugin_event'), (integer) $pid, sql_real_escape_string($eventName)); - sql_query($query); + $query = "INSERT INTO %s (pid, event) VALUES (%d, %s)"; + $query = sprintf($query, sql_table('plugin_event'), (integer) $pid, DB::quoteValue($eventName)); + DB::execute($query); } } } @@ -5626,13 +5617,13 @@ class Admin $query = "SELECT pfile as result FROM %s WHERE pid=%d;"; $query = sprintf($query, sql_table('plugin'), (integer) $pid); - $name = quickQuery($query); + $name = DB::getValue($query); // check dependency before delete - $res = sql_query('SELECT pfile FROM ' . sql_table('plugin')); - while ($o = sql_fetch_object($res)) + $res = DB::getResult('SELECT pfile FROM ' . sql_table('plugin')); + foreach ( $res as $row ) { - $plug =& $manager->getPlugin($o->pfile); + $plug =& $manager->getPlugin($row['pfile']); if ( $plug ) { $depList = $plug->getPluginDep(); @@ -5640,7 +5631,7 @@ class Admin { if ( $name == $depName ) { - return sprintf(_ERROR_DELREQPLUGIN, $o->pfile); + return sprintf(_ERROR_DELREQPLUGIN, $row['pfile']); } } } @@ -5660,31 +5651,30 @@ class Admin } // delete all subscriptions - sql_query('DELETE FROM ' . sql_table('plugin_event') . ' WHERE pid=' . $pid); + DB::execute('DELETE FROM ' . sql_table('plugin_event') . ' WHERE pid=' . $pid); // delete all options // get OIDs from plugin_option_desc - $res = sql_query('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid); + $res = DB::getResult('SELECT oid FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid); $aOIDs = array(); - while ($o = sql_fetch_object($res)) + foreach ( $res as $row ) { - array_push($aOIDs, $o->oid); + array_push($aOIDs, $row['oid']); } // delete from plugin_option and plugin_option_desc - sql_query('DELETE FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid); + DB::execute('DELETE FROM ' . sql_table('plugin_option_desc') . ' WHERE opid=' . $pid); if (count($aOIDs) > 0) { - sql_query('DELETE FROM ' . sql_table('plugin_option') . ' WHERE oid in (' . implode(',', $aOIDs) . ')'); + DB::execute('DELETE FROM ' . sql_table('plugin_option') . ' WHERE oid in (' . implode(',', $aOIDs) . ')'); } // update order numbers - $res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid); - $o = sql_fetch_object($res); - sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=(porder - 1) WHERE porder>' . $o->porder); + $res = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid); + DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=(porder - 1) WHERE porder>' . $res); // delete row - sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid); + DB::execute('DELETE FROM ' . sql_table('plugin') . ' WHERE pid=' . $pid); $manager->clearCachedInfo('installedPlugins'); $data = array('plugid' => $pid); @@ -5714,16 +5704,14 @@ class Admin } // 1. get old order number - $res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid); - $o = sql_fetch_object($res); - $oldOrder = $o->porder; + $oldOrder = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid); // 2. calculate new order number $newOrder = ($oldOrder > 1) ? ($oldOrder - 1) : 1; // 3. update plug numbers - sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder); - sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid); + DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder); + DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid); //self::action_pluginlist(); // To avoid showing ticket in the URL, redirect to pluginlist, instead. @@ -5751,19 +5739,17 @@ class Admin } // 1. get old order number - $res = sql_query('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid); - $o = sql_fetch_object($res); - $oldOrder = $o->porder; + $oldOrder = DB::getValue('SELECT porder FROM ' . sql_table('plugin') . ' WHERE pid=' . $plugid); - $res = sql_query('SELECT * FROM ' . sql_table('plugin')); - $maxOrder = sql_num_rows($res); + $res = DB::getResult('SELECT * FROM ' . sql_table('plugin')); + $maxOrder = $res->rowCount(); // 2. calculate new order number $newOrder = ($oldOrder < $maxOrder) ? ($oldOrder + 1) : $maxOrder; // 3. update plug numbers - sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder); - sql_query('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid); + DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $oldOrder . ' WHERE porder=' . $newOrder); + DB::execute('UPDATE ' . sql_table('plugin') . ' SET porder=' . $newOrder . ' WHERE pid=' . $plugid); //self::action_pluginlist(); // To avoid showing ticket in the URL, redirect to pluginlist, instead. @@ -5862,40 +5848,40 @@ class Admin $query = "SELECT oid, ovalue FROM %s WHERE ocontextid=%d;"; $query = sprintf($query, sql_table('plugin_option'), (integer) $contextid); - $res = sql_query($query); - while ( $object = sql_fetch_object($res) ) + $res = DB::getResult($query); + foreach ( $res as $row ) { - $aIdToValue[$object->oid] = $object->ovalue; + $aIdToValue[$row['oid']] = $row['ovalue']; } // get list of oids per pid - $query = "SELECT * FROM %s, %s WHERE opid=pid and ocontext= '%s' ORDER BY porder, oid ASC;"; - $query = sprintf($query, sql_table('plugin_option_desc'), sql_table('plugin'), sql_real_escape_string($context)); - $res = sql_query($query); + $query = "SELECT * FROM %s, %s WHERE opid=pid and ocontext= %s ORDER BY porder, oid ASC;"; + $query = sprintf($query, sql_table('plugin_option_desc'), sql_table('plugin'), DB::quoteValue($context)); + $res = DB::getResult($query); $aOptions = array(); - while ( $object = sql_fetch_object($res) ) + foreach ($res as $row ) { - if ( !in_array($object->oid, array_keys($aIdToValue)) ) + if ( !in_array($row['oid'], array_keys($aIdToValue)) ) { - $value = $object->odef; + $value = $row['odef']; } else { - $value = $aIdToValue[$object->oid]; + $value = $aIdToValue[$row['oid']]; } array_push( $aOptions, array( - 'pid' => $object->pid, - 'pfile' => $object->pfile, - 'oid' => $object->oid, + 'pid' => $row['pid'], + 'pfile' => $row['pfile'], + 'oid' => $row['oid'], 'value' => $value, - 'name' => $object->oname, - 'description' => $object->odesc, - 'type' => $object->otype, - 'typeinfo' => $object->oextra, + 'name' => $row['oname'], + 'description' => $row['odesc'], + 'type' => $row['otype'], + 'typeinfo' => $row['oextra'], 'contextid' => $contextid, 'extra' => '' ) @@ -5936,9 +5922,9 @@ class Admin */ static private function getAdminskinIDFromName($skinname) { - $query = "SELECT 'sdnumber' as result FROM %s WHERE sdname = '%s';"; - $query = sprintf($query, sql_table('skin_desc'), mysql_real_escape_string($skinname)); - $admnSknID = quickQuery($query); + $query = "SELECT 'sdnumber' as result FROM %s WHERE sdname = %s;"; + $query = sprintf($query, sql_table('skin_desc'), DB::quoteValue($skinname)); + $admnSknID = DB::getValue($query); return (integer) $adminSkinID; } @@ -5950,9 +5936,9 @@ class Admin */ static private function getAdminskinNameFromID($skinid) { - $query = "SELECT sdname as result FROM %s WHERE sdnumber = '%d';"; + $query = "SELECT sdname as result FROM %s WHERE sdnumber = %d;"; $query = sprintf($query, sql_table('skin_desc'), (integer) $skinid); - $admnSknID = quickQuery($query); + $admnSknID = DB::getValue($query); return (integer) $adminSkinID; } diff --git a/nucleus/libs/AdminActions.php b/nucleus/libs/AdminActions.php index 0e992cc..18863e9 100644 --- a/nucleus/libs/AdminActions.php +++ b/nucleus/libs/AdminActions.php @@ -1075,19 +1075,19 @@ class AdminActions extends BaseActions break; case 'setadmin': // always succeeds - sql_query("UPDATE {$setadminsql} {$selectedid};"); + DB::execute("UPDATE {$setadminsql} {$selectedid};"); $error = ''; break; case 'unsetadmin': // there should always remain at least one super-admin - $r = sql_query($unsetchksql); - if ( sql_num_rows($r) < 2 ) + $r = DB::getResult($unsetchksql); + if ( $r->rowCount() < 2 ) { $error = $unseterrmsg; } else { - sql_query("UPDATE {$setadminsql} {$selectedid};"); + DB::execute("UPDATE {$setadminsql} {$selectedid};"); } break; default: @@ -1249,15 +1249,15 @@ class AdminActions extends BaseActions case 'skin': $query = "SELECT * FROM %s WHERE sdname LIKE 'admin/%%';"; $query = sprintf($query, sql_table('skin_desc')); - $res = sql_query($query); + $res = DB::getResult($query); - while ( $skinObj = sql_fetch_object($res) ) + foreach ( $res as $row ) { $data = array( - 'typeid' => 'skin[' . $skinObj->sdnumber . ']', - 'expid' => 'skinexp' . $skinObj->sdnumber, - 'expname' => Entity::hsc($skinObj->sdname), - 'expdesc' => Entity::hsc($skinObj->sddesc), + 'typeid' => 'skin[' . $row['sdnumber'] . ']', + 'expid' => 'skinexp' . $row['sdnumber'], + 'expname' => Entity::hsc($row['sdname']), + 'expdesc' => Entity::hsc($row['sddesc']), ); echo Template::fill($template, $data); } @@ -1265,14 +1265,14 @@ class AdminActions extends BaseActions case 'template': $query = "SELECT * FROM %s WHERE tdname LIKE 'admin/%%';"; $query = sprintf($query, sql_table('template_desc')); - $res = sql_query($query); - while ( $templateObj = sql_fetch_object($res) ) + $res = DB::getResult($query); + foreach ( $res as $row ) { $data = array( - 'typeid' => 'template[' . $templateObj->tdnumber . ']', - 'expid' => 'templateexp' . $templateObj->tdnumber, - 'expname' => Entity::hsc($templateObj->tdname), - 'expdesc' => Entity::hsc($templateObj->tddesc), + 'typeid' => 'template[' . $row['tdnumber'] . ']', + 'expid' => 'templateexp' . $row['tdnumber'], + 'expname' => Entity::hsc($row['tdname']), + 'expdesc' => Entity::hsc($row['tddesc']), ); echo Template::fill($template, $data); } @@ -1314,7 +1314,7 @@ class AdminActions extends BaseActions $query = sprintf($query, sql_table('skin_desc')); $template['name'] = 'adminskin'; - $template['selected'] = $CONF['DefaultAdminSkin']; + $template['selected'] = $CONF['AdminSkin']; $template['tabindex'] = 110; Showlist($query, 'select', $template, ''); return; @@ -1340,8 +1340,8 @@ class AdminActions extends BaseActions $query = "SELECT stype FROM %s WHERE stype NOT IN (%s) AND sdesc=%d;"; $query = sprintf($query, sql_table('skin'), "'" . implode("', '", $nType) . "'", (integer) $skinid); - $res = sql_query($query); - if ( $res && sql_num_rows($res) > 0 ) + $res = DB::getResult($query); + if ( $res && $res->rowCount() > 0 ) { /* NOTE: set templates for HEAD/BODY/FOOT */ if ( !array_key_exists('ADMIN_SPECIALSKINLIST_HEAD', $templates) || empty($templates['ADMIN_SPECIALSKINLIST_HEAD']) ) @@ -1381,7 +1381,7 @@ class AdminActions extends BaseActions /* NOTE: do echo */ $data = array(); echo $template['head']; - while ( $row = sql_fetch_assoc($res) ) + foreach ( $res as $row ) { $data = array( 'tabindex' => $tabstart++, @@ -1736,38 +1736,38 @@ class AdminActions extends BaseActions // (only select those blogs that have the user on the team) $queryBlogs = "SELECT bnumber, bname FROM %s WHERE bnumber in (%s) ORDER BY bname;"; $queryBlogs = sprintf($queryBlogs, sql_table('blog'), implode(',', $aBlogIds)); - $blogs = sql_query($queryBlogs); + $blogs = DB::getResult($queryBlogs); if ( $mode == 'category' ) { - if ( sql_num_rows($blogs) > 1 ) + if ( $blogs->rowCount() > 1 ) { $multipleBlogs = 1; } - while ( $oBlog = sql_fetch_object($blogs) ) + foreach ( $blogs as $rBlog ) { if ( isset($multipleBlogs) && !empty($multipleBlogs) ) { - echo '\n"; + echo '\n"; } // show selection to create new category when allowed/wanted if ( $showNewCat ) { // check if allowed to do so - if ( $member->blogAdminRights($oBlog->bnumber) ) + if ( $member->blogAdminRights($rBlog['bnumber']) ) { - echo '\n"; + echo '\n"; } } // 2. for each category in that blog $catQuery = "SELECT cname, catid FROM %s WHERE cblog=%d ORDER BY cname ASC;"; - $catQuery = sprintf($catQuery, sql_table('category'), (integer) $oBlog->bnumber); - $categories = sql_query($catQuery); - while ( $oCat = sql_fetch_object($categories) ) + $catQuery = sprintf($catQuery, sql_table('category'), (integer) $rBlog['bnumber']); + $categories = DB::getResult($catQuery); + foreach ( $categories as $rCat ) { - if ( $oCat->catid == $selected ) + if ( $rCat['catid'] == $selected ) { $selectText = ' selected="selected" '; } @@ -1775,7 +1775,7 @@ class AdminActions extends BaseActions { $selectText = ''; } - echo '\n"; + echo '\n"; } if ( isset($multipleBlogs) && !empty($multipleBlogs) ) @@ -1787,16 +1787,16 @@ class AdminActions extends BaseActions else { // blog mode - while ( $oBlog = sql_fetch_object($blogs) ) + foreach ( $blogs as $rBlog ) { - echo '\n"; + echo '\n"; } else { - echo '\n"; + echo '\n"; } } } @@ -1901,11 +1901,11 @@ class AdminActions extends BaseActions . "FROM %s, %s " . "WHERE mnumber=tmember AND tblog=%d;"; $query = sprintf($query, sql_table('member'), sql_table('team'), (integer) $blogid); - $res = sql_query($query); + $res = DB::getResult($query); $memberNames = array(); - while ( $o = sql_fetch_object($res) ) + foreach ( $res as $row ) { - $memberNames[] = Entity::hsc($o->mname) . ' (' . Entity::hsc($o->mrealname). ')'; + $memberNames[] = Entity::hsc($row['mname']) . ' (' . Entity::hsc($row['mrealname']). ')'; } echo implode(',', $memberNames); } @@ -2043,16 +2043,15 @@ class AdminActions extends BaseActions $blogid = intRequestVar('blogid'); $query = "SELECT * FROM %s WHERE cblog = %d AND catid = %d;"; $query = sprintf($query, sql_table('category'), (integer) $blogid, (integer) $catid); - $res = sql_query($query); - $obj = sql_fetch_object($res); + $row = DB::getRow($query); if ( $type != 'name' ) { - echo Entity::hsc($obj->cdesc); + echo Entity::hsc($row['cdesc']); } else { - echo Entity::hsc($obj->cname); + echo Entity::hsc($row['cname']); } return; @@ -2182,7 +2181,7 @@ class AdminActions extends BaseActions $search = postVar('search'); if ( !empty($search) ) { - $query .= ' and cbody LIKE "%' . sql_real_escape_string($search) . '%"'; + $query .= ' and cbody LIKE ' . DB::quoteValue('%'.$search.'%'); } $query .= " ORDER BY ctime ASC LIMIT {$start},{$amount}"; @@ -2211,7 +2210,7 @@ class AdminActions extends BaseActions { $query = "INSERT INTO %s VALUES (DefaultListSize, 10);"; $query = sprintf($query, sql_table('config')); - sql_query($query); + DB::execute($query); $CONF['DefaultListSize'] = 10; } elseif ( intval($CONF['DefaultListSize']) < 1 ) @@ -2887,18 +2886,18 @@ class AdminActions extends BaseActions $query = "SELECT * FROM %s WHERE ocontext='global' AND opid=%d ORDER BY oid ASC;"; $query = sprintf($query, sql_table('plugin_option_desc'), (integer) $pid); - $resource = sql_query($query); - - while ( $o = sql_fetch_object($resource) ) - { - array_push($aOIDs, $o->oid); - $aOptions[$o->oid] = array( - 'oid' => $o->oid, - 'value' => $o->odef, - 'name' => $o->oname, - 'description' => $o->odesc, - 'type' => $o->otype, - 'typeinfo' => $o->oextra, + $resource = DB::getResult($query); + + foreach ( $resource as $row ) + { + array_push($aOIDs, $row['oid']); + $aOptions[$row['oid']] = array( + 'oid' => $row['oid'], + 'value' => $row['odef'], + 'name' => $row['oname'], + 'description' => $row['odesc'], + 'type' => $row['otype'], + 'typeinfo' => $row['oextra'], 'contextid' => 0 ); } @@ -2909,11 +2908,11 @@ class AdminActions extends BaseActions $query = 'SELECT oid, ovalue FROM %s WHERE oid in (%s)'; $query = sprintf($query, sql_table('plugin_option'), implode(',', $aOIDs)); - $result = sql_query($query); + $result = DB::getResult($query); - while ( $o = sql_fetch_object($result) ) + foreach ( $result as $row ) { - $aOptions[$o->oid]['value'] = $o->ovalue; + $aOptions[$row['oid']]['value'] = $row['ovalue']; } } @@ -3868,9 +3867,9 @@ class AdminActions extends BaseActions if ( !empty($search) ) { - $query .= ' AND ((ititle LIKE "%' . sql_real_escape_string($search) . '%") ' - . ' OR (ibody LIKE "%' . sql_real_escape_string($search) . '%") ' - . ' OR (imore LIKE "%' . sql_real_escape_string($search) . '%"))'; + $query .= ' AND ((ititle LIKE ' . DB::quoteValue('%'.$search.'%') . ') ' + . ' OR (ibody LIKE ' . DB::quoteValue('%'.$search.'%') . ') ' + . ' OR (imore LIKE ' . DB::quoteValue('%'.$search.'%') . '))'; } if ( postVar('start') ) @@ -4112,7 +4111,7 @@ class AdminActions extends BaseActions { $query = "SELECT icat as result FROM %s WHERE inumber=%d;"; $query = sprintf($query, sql_table('item'), intRequestVar('itemid')); - $catid = quickQuery(sprintf($query, intRequestVar('itemid'))); + $catid = DB::getValue(sprintf($query, intRequestVar('itemid'))); Admin::selectBlogCategory('catid', $catid, 10, 1); } break; @@ -4169,12 +4168,12 @@ class AdminActions extends BaseActions $query = "SELECT tmember FROM %s WHERE tblog=%d;"; $query = sprintf($query, sql_table('team'), (integer) $blogid); - $res = sql_query($query); + $res = DB::getResult($query); $tmem = array(); - while ( $tmember = sql_fetch_object($res) ) + foreach ( $res as $row ) { - $tmem[] = intval($tmember->tmember); + $tmem[] = intval($row['tmember']); } $query = "SELECT mname as text, mnumber as value FROM %s WHERE mnumber NOT IN (%s);"; @@ -4623,26 +4622,27 @@ class AdminActions extends BaseActions switch ( $type ) { case 'skin': - $res = sql_query('SELECT * FROM ' . sql_table('skin_desc')); - while ( $skinObj = sql_fetch_object($res) ) + $res = DB::getResult('SELECT * FROM ' . sql_table('skin_desc')); + foreach ( $res as $row ) { $data = array( - 'typeid' => 'skin[' . $skinObj->sdnumber . ']', - 'expid' => 'skinexp' . $skinObj->sdnumber, - 'expname' => Entity::hsc($skinObj->sdname), - 'expdesc' => Entity::hsc($skinObj->sddesc), + 'typeid' => 'skin[' . $row['sdnumber'] . ']', + 'expid' => 'skinexp' . $row['sdnumber'], + 'expname' => Entity::hsc($row['sdname']), + 'expdesc' => Entity::hsc($row['sddesc']) ); echo Template::fill($template, $data); } break; case 'template': - $res = sql_query('SELECT * FROM '.sql_table('template_desc'). " WHERE tdname NOT LIKE 'admin/%%';"); - while ($templateObj = sql_fetch_object($res)) { + $res = DB::getResult('SELECT * FROM '.sql_table('template_desc'). " WHERE tdname NOT LIKE 'admin/%%';"); + foreach ( $res as $row ) + { $data = array( - 'typeid' => 'template[' . $templateObj->tdnumber . ']', - 'expid' => 'templateexp' . $templateObj->tdnumber, - 'expname' => Entity::hsc($templateObj->tdname), - 'expdesc' => Entity::hsc($templateObj->tddesc), + 'typeid' => 'template[' . $row['tdnumber'] . ']', + 'expid' => 'templateexp' . $row['tdnumber'], + 'expname' => Entity::hsc($row['tdname']), + 'expdesc' => Entity::hsc($row['tddesc']) ); echo Template::fill($template, $data); } @@ -4735,8 +4735,8 @@ class AdminActions extends BaseActions $query = "SELECT stype FROM %s WHERE stype NOT IN ('%s') AND sdesc = %d;"; $query = sprintf($query, sql_table('skin'), implode("', '", $nType), $skinid); - $res = sql_query($query); - if ( $res && sql_num_rows($res) > 0 ) + $res = DB::getResult($query); + if ( $res && $res->rowCount() > 0 ) { $data = array(); if ( array_key_exists('SPECIALSKINLIST_HEAD', $templates) && !empty($templates['SPECIALSKINLIST_HEAD']) ) @@ -4760,7 +4760,7 @@ class AdminActions extends BaseActions } $tabstart = 75; - while ( $row = sql_fetch_assoc($res) ) + foreach ( $res as $row ) { $data = array( 'tabindex' => $tabstart++, @@ -4851,10 +4851,10 @@ class AdminActions extends BaseActions echo phpversion(); break; case 'sqlserverinfo': - echo sql_get_server_info(); + echo DB::getAttribute(PDO::ATTR_SERVER_VERSION); break; case 'sqlclientinfo': - echo sql_get_client_info(); + echo DB::getAttribute(PDO::ATTR_CLIENT_VERSION); break; case 'magicquotesgpc': echo ini_get('magic_quotes_gpc') ? 'On' : 'Off'; @@ -5022,7 +5022,7 @@ class AdminActions extends BaseActions { $query = 'SELECT COUNT(*) as result FROM ' . sql_table('blog'); - $total = quickQuery($query); + $total = DB::getValue($query); if ( $total > $amount ) { echo '

' . _OVERVIEW_SHOWALL . '

'; @@ -5712,11 +5712,11 @@ class AdminActions extends BaseActions if ( preg_match("#^NP_(.*)\.php$#", $file, $matches) ) { $name = $matches[1]; - $query = "SELECT * FROM %s WHERE pfile='%s';"; - $query = sprintf($query, sql_table('plugin'), sql_real_escape_string("{NP_{$name}")); - $res = sql_query($query); + $query = "SELECT * FROM %s WHERE pfile=%s;"; + $query = sprintf($query, sql_table('plugin'), DB::quoteValue("{NP_{$name}")); + $res = DB::getResult($query); - if ( sql_num_rows($res) == 0 ) + if ( $res->rowCount() == 0 ) { $candidates[] = $name; } diff --git a/nucleus/libs/BAN.php b/nucleus/libs/BAN.php index 177e83d..cd8f8cf 100644 --- a/nucleus/libs/BAN.php +++ b/nucleus/libs/BAN.php @@ -28,13 +28,16 @@ class Ban public function isBanned($blogid, $ip) { $blogid = intval($blogid); - $query = 'SELECT * FROM '.sql_table('ban').' WHERE blogid='.$blogid; - $res = sql_query($query); - while ($obj = sql_fetch_object($res)) { - $found = i18n::strpos ($ip, $obj->iprange); - if (!($found === false)) + $query = sprintf('SELECT * FROM %s WHERE blogid=%d', sql_table('ban'), intval($blogid)); + $res = DB::getResult($query); + foreach ( $res as $row ) + { + $found = i18n::strpos ($ip, $row['iprange']); + if ( $found !== false ) + { // found a match! - return new BanInfo($obj->iprange, $obj->reason); + return new BanInfo($row['iprange'], $row['reason']); + } } return 0; } @@ -53,8 +56,6 @@ class Ban { global $manager; - $blogid = intval($blogid); - $manager->notify( 'PreAddBan', array( @@ -64,9 +65,9 @@ class Ban ) ); - $query = "INSERT INTO %s (blogid, iprange, reason) VALUES (%d, '%s', '%s')"; - $query = sprintf($query, sql_table('ban'), $blogid, sql_real_escape_string($iprange), sql_real_escape_string($reason)); - $res = sql_query($query); + $query = 'INSERT INTO %s (blogid, iprange, reason) VALUES (%d, %s, %s)'; + $query = sprintf($query, sql_table('ban'), intval($blogid), DB::quoteValue($iprange), DB::quoteValue($reason)); + $res = DB::execute($query); $manager->notify( 'PostAddBan', @@ -76,7 +77,8 @@ class Ban 'reason' => $reason ) ); - return $res ? 1 : 0; + + return $res !== FALSE ? 1 : 0; } /** @@ -86,18 +88,28 @@ class Ban public function removeBan($blogid, $iprange) { global $manager; - $blogid = intval($blogid); - $manager->notify('PreDeleteBan', array('blogid' => $blogid, 'range' => $iprange)); - - $query = 'DELETE FROM '.sql_table('ban')." WHERE blogid=$blogid and iprange='" .sql_real_escape_string($iprange). "'"; - sql_query($query); + $manager->notify( + 'PreDeleteBan', + array( + 'blogid' => $blogid, + 'range' => $iprange + ) + ); - $result = (sql_affected_rows() > 0); + $query = 'DELETE FROM %s WHERE blogid=%d and iprange=%s'; + $query = sprintf($query, sql_table('ban'), intval($blogid), DB::quoteValue($iprange)); + $res = DB::execute($query); - $manager->notify('PostDeleteBan', array('blogid' => $blogid, 'range' => $iprange)); + $manager->notify( + 'PostDeleteBan', + array( + 'blogid' => $blogid, + 'range' => $iprange + ) + ); - return $result; + return $res !== FALSE ? 1 : 0; } } diff --git a/nucleus/libs/BLOG.php b/nucleus/libs/BLOG.php index 83f141d..fe8d956 100644 --- a/nucleus/libs/BLOG.php +++ b/nucleus/libs/BLOG.php @@ -98,8 +98,8 @@ class Blog $timestamp_start = mktime(0,0,0,$month,$day,$year); $timestamp_end = mktime(0,0,0,$month,$day+1,$year); } - $extra_query = " and i.itime>='%s' and i.itime<'%s'"; - $extra_query = sprintf($extra_query, i18n::formatted_datetime('mysql', $timestamp_start), i18n::formatted_datetime('mysql', $timestamp_end)); + $extra_query = " and i.itime>=%s and i.itime<%s"; + $extra_query = sprintf($extra_query, DB::formatDateTime($timestamp_start), DB::formatDateTime($timestamp_end)); $this->readLogAmount($templatename,0,$extra_query,'',1,1); return; @@ -195,13 +195,13 @@ class Blog $parser = new Parser($handler); // execute query - $items = sql_query($query); + $items = DB::getResult($query); // loop over all items $old_date = 0; - while ( $item = sql_fetch_object($items) ) + foreach ( $items as $item ) { - $item->timestamp = strtotime($item->itime); // string timestamp -> unix timestamp + $item['timestamp'] = strtotime($item['itime']); // string timestamp -> unix timestamp // action handler needs to know the item we're handling $handler->setCurrentItem($item); @@ -209,11 +209,11 @@ class Blog // add date header if needed if ( $dateheads ) { - $new_date = date('dFY',$item->timestamp); + $new_date = date('dFY', $item['timestamp']); if ( $new_date != $old_date ) { // unless this is the first time, write date footer - $timestamp = $item->timestamp; + $timestamp = $item['timestamp']; if ( $old_date != 0 ) { $oldTS = strtotime($old_date); @@ -257,7 +257,7 @@ class Blog $parser->parse($template['ITEM_FOOTER']); } - $numrows = sql_num_rows($items); + $numrows = $items->rowCount(); // add another date footer if there was at least one item if ( ($numrows > 0) && $dateheads ) @@ -267,7 +267,7 @@ class Blog $manager->notify('PostDateFoot',array('blog' => &$this, 'timestamp' => strtotime($old_date))); } - sql_free_result($items); + $items->closeCursor(); return $numrows; } @@ -339,14 +339,14 @@ class Blog $manager->notify('PreAddItem',array('title' => &$title, 'body' => &$body, 'more' => &$more, 'blog' => &$this, 'authorid' => &$authorid, 'timestamp' => &$timestamp, 'closed' => &$closed, 'draft' => &$draft, 'catid' => &$catid)); - $ititle = sql_real_escape_string($title); - $ibody = sql_real_escape_string($body); - $imore = sql_real_escape_string($more); + $ititle = DB::quoteValue($title); + $ibody = DB::quoteValue($body); + $imore = DB::quoteValue($more); - $query = "INSERT INTO %s (ITITLE, IBODY, IMORE, IBLOG, IAUTHOR, ITIME, ICLOSED, IDRAFT, ICAT, IPOSTED) VALUES ('%s', '%s', '%s', %d, %d, '%s', %s, %s, %s, %s)"; + $query = "INSERT INTO %s (ITITLE, IBODY, IMORE, IBLOG, IAUTHOR, ITIME, ICLOSED, IDRAFT, ICAT, IPOSTED) VALUES (%s, %s, %s, %d, %d, '%s', %s, %s, %s, %s)"; $query = sprintf($query, sql_table('item'), $ititle, $ibody, $imore, $blogid, $authorid, $timestamp, $closed, $draft, $catid, $posted); - sql_query($query); - $itemid = sql_insert_id(); + DB::execute($query); + $itemid = DB::getInsertId(); $manager->notify('PostAddItem',array('itemid' => $itemid)); @@ -427,11 +427,11 @@ class Blog $catName = _CREATED_NEW_CATEGORY_NAME; $i = 1; - $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cname='".$catName.$i."' and cblog=".$this->getID()); - while ( sql_num_rows($res) > 0 ) + $res = DB::getResult('SELECT * FROM '.sql_table('category')." WHERE cname='".$catName.$i."' and cblog=".$this->getID()); + while ( $res->rowCount() > 0 ) { $i++; - $res = sql_query('SELECT * FROM '.sql_table('category')." WHERE cname='".$catName.$i."' and cblog=".$this->getID()); + $res = DB::getResult('SELECT * FROM '.sql_table('category')." WHERE cname='".$catName.$i."' and cblog=".$this->getID()); } $catName = $catName . $i; @@ -446,10 +446,10 @@ class Blog ) ); - $query = "INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, '%s', '%s')"; - $query = sprintf($query, sql_table('category'), (integer) $this->getID(), sql_real_escape_string($catName), sql_real_escape_string($catDescription)); - sql_query($query); - $catid = sql_insert_id(); + $query = "INSERT INTO %s (cblog, cname, cdesc) VALUES (%d, %s, %s)"; + $query = sprintf($query, sql_table('category'), (integer) $this->getID(), DB::quoteValue($catName), DB::quoteValue($catDescription)); + DB::execute($query); + $catid = DB::getInsertId(); $manager->notify( 'PostAddCategory', @@ -576,7 +576,7 @@ class Blog . ' and i.idraft=0' . $selectblogs // don't show future items - . ' and i.itime<="' . i18n::formatted_datetime('mysql', $this->getCorrectTime()) . '"' + . ' and i.itime<=' . DB::formatDateTime($this->getCorrectTime()) . ' and '.$where; // take into account amount of months to search @@ -584,7 +584,7 @@ class Blog { $localtime = getdate($this->getCorrectTime()); $timestamp_start = mktime(0,0,0,$localtime['mon'] - $amountMonths,1,$localtime['year']); - $query .= ' and i.itime>"' . i18n::formatted_datetime('mysql', $timestamp_start) . '"'; + $query .= ' and i.itime>' . DB::formatDateTime($timestamp_start); } if ( $mode == '' ) @@ -631,7 +631,7 @@ class Blog // exclude drafts . ' and i.idraft=0' // don't show future items - . ' and i.itime<="' . i18n::formatted_datetime('mysql', $this->getCorrectTime()) . '"'; + . ' and i.itime<=' . DB::formatDateTime($this->getCorrectTime()); if ( $this->getSelectedCategory() ) { @@ -688,7 +688,7 @@ class Blog . ' FROM '.sql_table('item') . ' WHERE iblog=' . $this->getID() // don't show future items! - . ' AND itime <="' . i18n::formatted_datetime('mysql', $this->getCorrectTime()) . '"' + . ' AND itime <=' . DB::formatDateTime($this->getCorrectTime()) // don't show draft items . ' AND idraft=0'; @@ -714,23 +714,23 @@ class Blog $query .= ' LIMIT ' . intval($limit); } - $res = sql_query($query); - while ( $current = sql_fetch_object($res) ) + $res = DB::getResult($query); + foreach ( $res as $current ) { /* string time -> unix timestamp */ - $current->itime = strtotime($current->itime); + $current['itime'] = strtotime($current['itime']); if ( $mode == 'day' ) { - $archivedate = date('Y-m-d',$current->itime); - $archive['day'] = date('d',$current->itime); - $data['day'] = date('d',$current->itime); - $data['month'] = date('m',$current->itime); + $archivedate = date('Y-m-d',$current['itime']); + $archive['day'] = date('d',$current['itime']); + $data['day'] = date('d',$current['itime']); + $data['month'] = date('m',$current['itime']); $archive['month'] = $data['month']; } elseif ( $mode == 'year' ) { - $archivedate = date('Y',$current->itime); + $archivedate = date('Y',$current['itime']); $data['day'] = ''; $data['month'] = ''; $archive['day'] = ''; @@ -738,14 +738,14 @@ class Blog } else { - $archivedate = date('Y-m',$current->itime); - $data['month'] = date('m',$current->itime); + $archivedate = date('Y-m',$current['itime']); + $data['month'] = date('m',$current['itime']); $archive['month'] = $data['month']; $data['day'] = ''; $archive['day'] = ''; } - $data['year'] = date('Y',$current->itime); + $data['year'] = date('Y',$current['itime']); $archive['year'] = $data['year']; $data['archivelink'] = Link::create_archive_link($this->getID(),$archivedate,$linkparams); @@ -757,11 +757,11 @@ class Blog ); $temp = Template::fill($template['ARCHIVELIST_LISTITEM'],$data); - echo i18n::formatted_datetime($temp, $current->itime); + echo i18n::formatted_datetime($temp, $current['itime']); return; } - sql_free_result($res); + $res->closeCursor(); if ( !array_key_exists('ARCHIVELIST_FOOTER', $template) || !$template['ARCHIVELIST_FOOTER'] ) { @@ -844,9 +844,9 @@ class Blog $query = "SELECT catid, cdesc as catdesc, cname as catname FROM %s WHERE cblog=%d ORDER BY cname ASC;"; $query = sprintf($query, sql_table('category'), (integer) $this->getID()); - $res = sql_query($query); + $res = DB::getResult($query); - while ( $data = sql_fetch_assoc($res) ) + foreach ( $res as $data ) { $args = array( 'catid' => $data['catid'], @@ -903,7 +903,7 @@ class Blog } } - sql_free_result($res); + $res->closeCursor(); $args = array( 'blogid' => $this->getID(), @@ -985,9 +985,9 @@ class Blog ); $query = 'SELECT bnumber, bname, bshortname, bdesc, burl FROM '.sql_table('blog').' ORDER BY '.$orderby.' '.$direction; - $res = sql_query($query); + $res = DB::getResult($query); - while ( $data = sql_fetch_assoc($res) ) + foreach ( $res as $data ) { $list = array(); $list['bloglink'] = Link::create_blogid_link($data['bnumber']); @@ -1014,7 +1014,7 @@ class Blog echo Template::fill((isset($template['BLOGLIST_LISTITEM']) ? $template['BLOGLIST_LISTITEM'] : null), $list); } - sql_free_result($res); + $res->closeCursor(); echo Template::fill((isset($template['BLOGLIST_FOOTER']) ? $template['BLOGLIST_FOOTER'] : null), array( @@ -1032,13 +1032,13 @@ class Blog $query = 'SELECT *' . ' FROM '.sql_table('blog') . ' WHERE bnumber=' . $this->blogid; - $res = sql_query($query); + $res = DB::getResult($query); - $this->isValid = (sql_num_rows($res) > 0); + $this->isValid = ($res->rowCount() > 0); if (!$this->isValid) return; - $this->settings = sql_fetch_assoc($res); + $this->settings = $res->fetch(PDO::FETCH_ASSOC); } /** @@ -1052,25 +1052,25 @@ class Blog $offset = intval($offset); $query = 'UPDATE '.sql_table('blog') - . " SET bname='" . sql_real_escape_string($this->getName()) . "'," - . " bshortname='". sql_real_escape_string($this->getShortName()) . "'," - . " bcomments=". intval($this->commentsEnabled()) . "," - . " bmaxcomments=" . intval($this->getMaxComments()) . "," - . " btimeoffset=" . $offset . "," - . " bpublic=" . intval($this->isPublic()) . "," - . " breqemail=" . intval($this->emailRequired()) . "," - . " bconvertbreaks=" . intval($this->convertBreaks()) . "," - . " ballowpast=" . intval($this->allowPastPosting()) . "," - . " bnotify='" . sql_real_escape_string($this->getNotifyAddress()) . "'," - . " bnotifytype=" . intval($this->getNotifyType()) . "," - . " burl='" . sql_real_escape_string($this->getURL()) . "'," - . " bupdate='" . sql_real_escape_string($this->getUpdateFile()) . "'," - . " bdesc='" . sql_real_escape_string($this->getDescription()) . "'," - . " bdefcat=" . intval($this->getDefaultCategory()) . "," - . " bdefskin=" . intval($this->getDefaultSkin()) . "," - . " bincludesearch=" . intval($this->getSearchable()) - . " WHERE bnumber=" . intval($this->getID()); - sql_query($query); + . ' SET bname=' . DB::quoteValue($this->getName()) . ',' + . ' bshortname='. DB::quoteValue($this->getShortName()) . ',' + . ' bcomments='. intval($this->commentsEnabled()) . ',' + . ' bmaxcomments=' . intval($this->getMaxComments()) . ',' + . ' btimeoffset=' . $offset . ',' + . ' bpublic=' . intval($this->isPublic()) . ',' + . ' breqemail=' . intval($this->emailRequired()) . ',' + . ' bconvertbreaks=' . intval($this->convertBreaks()) . ',' + . ' ballowpast=' . intval($this->allowPastPosting()) . ',' + . ' bnotify=' . DB::quoteValue($this->getNotifyAddress()) . ',' + . ' bnotifytype=' . intval($this->getNotifyType()) . ',' + . ' burl=' . DB::quoteValue($this->getURL()) . ',' + . ' bupdate=' . DB::quoteValue($this->getUpdateFile()) . ',' + . ' bdesc=' . DB::quoteValue($this->getDescription()) . ',' + . ' bdefcat=' . intval($this->getDefaultCategory()) . ',' + . ' bdefskin=' . intval($this->getDefaultSkin()) . ',' + . ' bincludesearch=' . intval($this->getSearchable()) + . ' WHERE bnumber=' . intval($this->getID()); + DB::execute($query); } @@ -1094,8 +1094,8 @@ class Blog */ function isValidCategory($catid) { $query = 'SELECT * FROM '.sql_table('category').' WHERE cblog=' . $this->getID() . ' and catid=' . intval($catid); - $res = sql_query($query); - return (sql_num_rows($res) != 0); + $res = DB::getResult($query); + return ($res->rowCount() != 0); } /** @@ -1105,9 +1105,8 @@ class Blog * category id */ function getCategoryName($catid) { - $res = sql_query('SELECT cname FROM '.sql_table('category').' WHERE cblog='.$this->getID().' and catid=' . intval($catid)); - $o = sql_fetch_object($res); - return $o->cname; + $res = DB::getValue('SELECT cname FROM '.sql_table('category').' WHERE cblog='.$this->getID().' and catid=' . intval($catid)); + return $res; } /** @@ -1117,9 +1116,8 @@ class Blog * category id */ function getCategoryDesc($catid) { - $res = sql_query('SELECT cdesc FROM '.sql_table('category').' WHERE cblog='.$this->getID().' and catid=' . intval($catid)); - $o = sql_fetch_object($res); - return $o->cdesc; + $res = DB::getValue('SELECT cdesc FROM '.sql_table('category').' WHERE cblog='.$this->getID().' and catid=' . intval($catid)); + return $res; } /** @@ -1129,10 +1127,9 @@ class Blog * category name */ function getCategoryIdFromName($name) { - $res = sql_query('SELECT catid FROM '.sql_table('category').' WHERE cblog='.$this->getID().' and cname="' . sql_real_escape_string($name) . '"'); - if (sql_num_rows($res) > 0) { - $o = sql_fetch_object($res); - return $o->catid; + $res = DB::getValue('SELECT catid FROM '.sql_table('category').' WHERE cblog='.$this->getID().' and cname="' . DB::quoteValue($name) . '"'); + if ( $res ) { + return $res; } else { return $this->getDefaultCategory(); } @@ -1394,10 +1391,10 @@ class Blog ); // add to team - $query = "INSERT INTO %s (TMEMBER, TBLOG, TADMIN) VALUES (%d, %d, %d);"; - $query = sprintf($query, sql_table('team'), (integer) $memberid, (integer) $this->getID(), (integer) $admin); - sql_query($query); - + $query = "INSERT INTO %s (TMEMBER, TBLOG, TADMIN) VALUES (%d, %d, %d);"; + $query = sprintf($query, sql_table('team'), (integer) $memberid, (integer) $this->getID(), (integer) $admin); + DB::execute($query); + $manager->notify( 'PostAddTeamMember', array( @@ -1425,8 +1422,8 @@ class Blog * blog shortname */ function exists($name) { - $r = sql_query('select * FROM '.sql_table('blog').' WHERE bshortname="'.sql_real_escape_string($name).'"'); - return (sql_num_rows($r) != 0); + $r = DB::getResult('SELECT * FROM '.sql_table('blog').' WHERE bshortname='. DB::quoteValue($name)); + return ($r->rowCount() != 0); } /** @@ -1437,8 +1434,8 @@ class Blog * blog id */ function existsID($id) { - $r = sql_query('select * FROM '.sql_table('blog').' WHERE bnumber='.intval($id)); - return (sql_num_rows($r) != 0); + $r = DB::getResult('SELECT * FROM '.sql_table('blog').' WHERE bnumber='.intval($id)); + return ($r->rowCount() != 0); } /** @@ -1447,7 +1444,7 @@ class Blog function setFuturePost() { $query = 'UPDATE '.sql_table('blog') . " SET bfuturepost='1' WHERE bnumber=" . $this->getID(); - sql_query($query); + DB::execute($query); } /** @@ -1456,7 +1453,7 @@ class Blog function clearFuturePost() { $query = 'UPDATE '.sql_table('blog') . " SET bfuturepost='0' WHERE bnumber=" . $this->getID(); - sql_query($query); + DB::execute($query); } /** @@ -1467,9 +1464,9 @@ class Blog if ($this->settings['bfuturepost'] == 1) { $blogid = $this->getID(); - $result = sql_query("SELECT * FROM " . sql_table('item') + $result = DB::getResult("SELECT * FROM " . sql_table('item') . " WHERE iposted=0 AND iblog=" . $blogid . " AND itime 0) { + if ( $result->rowCount() > 0 ) { // This $pinged is allow a plugin to tell other hook to the event that a ping is sent already // Note that the plugins's calling order is subject to thri order in the plugin list $pinged = false; @@ -1481,12 +1478,12 @@ class Blog ); // clear all expired future posts - sql_query("UPDATE " . sql_table('item') . " SET iposted='1' WHERE iblog=" . $blogid . " AND itimegetCorrectTime()) . "'"; + $query .= ' and i.itime<=' . DB::formatDateTime($this->getCorrectTime()); } $query .= ' and i.inumber='.intval($value); diff --git a/nucleus/libs/BODYACTIONS.php b/nucleus/libs/BODYACTIONS.php index e9db97a..83cb68d 100644 --- a/nucleus/libs/BODYACTIONS.php +++ b/nucleus/libs/BODYACTIONS.php @@ -66,7 +66,7 @@ class BodyActions extends BaseActions { global $currentitemid; $this->currentItem =& $item; - $currentitemid = $this->currentItem->itemid; + $currentitemid = $this->currentItem['itemid']; return; } @@ -107,9 +107,9 @@ class BodyActions extends BaseActions array_shift($params); // add item reference (array_unshift didn't work) - $params = array_merge(array(&$this->currentItem),$params); + $params = array_merge(array(&$this->currentItem), $params); - call_user_func_array(array(&$plugin,'doItemVar'), $params); + call_user_func_array(array(&$plugin, 'doItemVar'), $params); return; } @@ -125,8 +125,8 @@ class BodyActions extends BaseActions { // image/popup calls have arguments separated by | $args = func_get_args(); - $args = preg_split('#\|#',implode($args,', ')); - echo call_user_func_array(array(&$this,'createImageCode'),$args); + $args = preg_split('#\|#', implode($args, ', ')); + echo call_user_func_array(array(&$this, 'createImageCode'), $args); } /** @@ -145,18 +145,18 @@ class BodyActions extends BaseActions // select private collection when no collection given if ( i18n::strpos($filename, '/') === FALSE ) { - $filename = $this->currentItem->authorid . '/' . $filename; + $filename = $this->currentItem['authorid'] . '/' . $filename; } $windowwidth = $width; $windowheight = $height; - $vars['link'] = Entity::hsc($CONF['MediaURL']. $filename); - $vars['text'] = Entity::hsc($text); - $vars['image'] = '' . $vars['text'] . ''; - $vars['width'] = $width; - $vars['height'] = $height; - $vars['media'] = '' . $vars['text'] . ''; + $vars['link'] = Entity::hsc($CONF['MediaURL']. $filename); + $vars['text'] = Entity::hsc($text); + $vars['image'] = '' . $vars['text'] . ''; + $vars['width'] = $width; + $vars['height'] = $height; + $vars['media'] = '' . $vars['text'] . ''; return Template::fill($this->template['IMAGE_CODE'], $vars); } @@ -173,8 +173,8 @@ class BodyActions extends BaseActions { // image/popup calls have arguments separated by | $args = func_get_args(); - $args = preg_split('#\|#', implode($args,', ')); - echo call_user_func_array(array(&$this,'createMediaCode'), $args); + $args = preg_split('#\|#', implode($args, ', ')); + echo call_user_func_array(array(&$this, 'createMediaCode'), $args); } /** @@ -192,7 +192,7 @@ class BodyActions extends BaseActions // select private collection when no collection given if ( i18n::strpos($filename, '/') === FALSE ) { - $filename = $this->currentItem->authorid . '/' . $filename; + $filename = $this->currentItem['authorid'] . '/' . $filename; } $vars['link'] = Entity::hsc($CONF['MediaURL'] . $filename); @@ -214,8 +214,8 @@ class BodyActions extends BaseActions { // image/popup calls have arguments separated by | $args = func_get_args(); - $args = preg_split('#\|#', implode($args,', ')); - echo call_user_func_array(array(&$this,'createPopupCode'), $args); + $args = preg_split('#\|#', implode($args, ', ')); + echo call_user_func_array(array(&$this, 'createPopupCode'), $args); } /** @@ -235,7 +235,7 @@ class BodyActions extends BaseActions // select private collection when no collection given if ( i18n::strpos($filename, '/') === FALSE ) { - $filename = $this->currentItem->authorid . '/' . $filename; + $filename = $this->currentItem['authorid'] . '/' . $filename; } $windowwidth = $width; @@ -280,7 +280,7 @@ class BodyActions extends BaseActions $condition = ($blog && ($blog->getSetting($name) == $value)); break; case 'itemblogsetting': - $b =& $manager->getBlog(getBlogIDFromItemID($this->currentItem->itemid)); + $b =& $manager->getBlog(getBlogIDFromItemID($this->currentItem['itemid'])); $condition = ($b && ($b->getSetting($name) == $value)); break; case 'loggedin': @@ -354,19 +354,19 @@ class BodyActions extends BaseActions { global $member, $manager; - $b =& $manager->getBlog(getBlogIDFromItemID($this->currentItem->itemid)); + $b =& $manager->getBlog(getBlogIDFromItemID($this->currentItem['itemid'])); // when no parameter is defined, just check if author is current visitor if ( ($key != 'isadmin' && $key != 'name') || ($key == 'name' && $value == '') ) { - return (intval($member->getID()) > 0 && intval($member->getID()) == intval($this->currentItem->authorid)); + return (intval($member->getID()) > 0 && intval($member->getID()) == intval($this->currentItem['authorid'])); } // check author name if ( $key == 'name' ) { $value = strtolower($value); - if ( $value == strtolower($this->currentItem->author) ) + if ( $value == strtolower($this->currentItem['author']) ) { return TRUE; } @@ -375,7 +375,7 @@ class BodyActions extends BaseActions // check if author is admin if ( ($key == 'isadmin') ) { - $aid = intval($this->currentItem->authorid); + $aid = intval($this->currentItem['authorid']); $blogid = intval($b->getID()); $amember =& $manager->getMember($aid); if ( $amember->isAdmin() ) @@ -400,7 +400,7 @@ class BodyActions extends BaseActions { global $catid, $manager; - $b =& $manager->getBlog(getBlogIDFromItemID($this->currentItem->itemid)); + $b =& $manager->getBlog(getBlogIDFromItemID($this->currentItem['itemid'])); // when no parameter is defined, just check if a category is selected if ( ($key != 'catname' && $key != 'catid') || ($value == '') ) @@ -408,7 +408,7 @@ class BodyActions extends BaseActions return $b->isValidCategory($catid); } - $icatid = $this->currentItem->catid; + $icatid = $this->currentItem['catid']; // check category name if ( $key == 'catname' ) diff --git a/nucleus/libs/BaseActions.php b/nucleus/libs/BaseActions.php index a949f82..7261ff3 100644 --- a/nucleus/libs/BaseActions.php +++ b/nucleus/libs/BaseActions.php @@ -54,6 +54,7 @@ class BaseActions /* NOTE: defined actions for this base class */ static private $defined_actions = array( + 'charset', 'else', 'elseif', 'elseifnot', @@ -61,6 +62,7 @@ class BaseActions 'if', 'ifnot', 'include', + 'locale', 'parsedinclude', 'phpinclude', 'set', @@ -112,6 +114,42 @@ class BaseActions } /** + * BaseActions::parse_charset() + * Parse charset to appropriate character set name registered to IANA + * + * @param void + * @return void + */ + public function parse_charset() + { + global $member; + + if ( i18n::get_forced_charset() !== '' ) + { + echo i18n::get_forced_charset(); + } + else + { + echo i18n::get_current_charset(); + } + + return; + } + + /** + * BaseActions::parse_locale() + * Parse locale to language-script-region according to RFC 4646 + * + * @param void + * @return void + */ + public function parse_locale() + { + echo preg_replace('#_#', '-', i18n::get_current_locale()); + return; + } + + /** * BaseActions::parse_include() * include file (no parsing of php) * diff --git a/nucleus/libs/COMMENT.php b/nucleus/libs/COMMENT.php index 71473fa..8af5d5f 100644 --- a/nucleus/libs/COMMENT.php +++ b/nucleus/libs/COMMENT.php @@ -45,9 +45,7 @@ class Comment . ' WHERE cnumber = %d;'; $query = sprintf($query, sql_table('comment'), sql_table('member'), (integer) $commentid); - $comments = sql_query($query); - - $aCommentInfo = sql_fetch_assoc($comments); + $aCommentInfo = DB::getRow($query); if ( $aCommentInfo ) { diff --git a/nucleus/libs/COMMENTACTIONS.php b/nucleus/libs/COMMENTACTIONS.php index b41870d..73bcd46 100644 --- a/nucleus/libs/COMMENTACTIONS.php +++ b/nucleus/libs/COMMENTACTIONS.php @@ -404,8 +404,8 @@ class CommentActions extends BaseActions { $data = array( 'itemid' => $this->commentsObj->itemid, - 'timestamp' => $this->commentsObj->itemActions->currentItem->timestamp, - 'title' => $this->commentsObj->itemActions->currentItem->title, + 'timestamp' => $this->commentsObj->itemActions->currentItem['timestamp'], + 'title' => $this->commentsObj->itemActions->currentItem['title'], 'extra' => $this->commentsObj->itemActions->linkparams ); @@ -682,7 +682,7 @@ class CommentActions extends BaseActions } /** - * ItemActions::checkCondition() + * CommentActions::checkCondition() * Checks conditions for if statements * * @param string $field type of <%if%> diff --git a/nucleus/libs/COMMENTS.php b/nucleus/libs/COMMENTS.php index 751ae33..851080d 100644 --- a/nucleus/libs/COMMENTS.php +++ b/nucleus/libs/COMMENTS.php @@ -84,8 +84,8 @@ class Comments . ' WHERE c.citem=' . $this->itemid . ' ORDER BY c.ctime'; - $comments = sql_query($query); - $this->commentcount = sql_num_rows($comments); + $comments = DB::getResult($query); + $this->commentcount = $comments->rowCount(); } // if no result was found @@ -103,7 +103,7 @@ class Comments $parser->parse($template['COMMENTS_HEADER']); - while ( $comment = sql_fetch_assoc($comments) ) { + foreach ( $comments as $comment ) { $comment['timestamp'] = strtotime($comment['ctime']); $handler->setCurrentComment($comment); $handler->setHighlight($highlight); @@ -114,7 +114,7 @@ class Comments $parser->parse($template['COMMENTS_FOOTER']); - sql_free_result($comments); + $comments->closeCursor(); return $this->commentcount; } @@ -126,10 +126,9 @@ class Comments $query = 'SELECT COUNT(*)' . ' FROM '.sql_table('comment').' as c' . ' WHERE c.citem='. $this->itemid; - $res = sql_query($query); - $arr = sql_fetch_row($res); + $res = DB::getValue($query); - return $arr[0]; + return $res; } /** @@ -323,12 +322,12 @@ class Comments $manager->notify('PreAddComment', array('comment' => &$comment, 'spamcheck' => &$spamcheck) ); - $name = sql_real_escape_string($comment['user']); - $url = sql_real_escape_string($comment['userid']); - $email = sql_real_escape_string($comment['email']); - $body = sql_real_escape_string($comment['body']); - $host = sql_real_escape_string($comment['host']); - $ip = sql_real_escape_string($comment['ip']); + $name = DB::quoteValue($comment['user']); + $url = DB::quoteValue($comment['userid']); + $email = DB::quoteValue($comment['email']); + $body = DB::quoteValue($comment['body']); + $host = DB::quoteValue($comment['host']); + $ip = DB::quoteValue($comment['ip']); $memberid = intval($comment['memberid']); $timestamp = date('Y-m-d H:i:s', $comment['timestamp']); $itemid = $this->itemid; @@ -336,12 +335,12 @@ class Comments $qSql = 'SELECT COUNT(*) AS result ' . 'FROM ' . sql_table('comment') . ' WHERE ' - . 'cmail = "' . $url . '"' - . ' AND cmember = "' . $memberid . '"' - . ' AND cbody = "' . $body . '"' - . ' AND citem = "' . $itemid . '"' - . ' AND cblog = "' . $blogid . '"'; - $result = (integer) quickQuery($qSql); + . 'cmail = ' . $url + . ' AND cmember = ' . $memberid + . ' AND cbody = ' . $body + . ' AND citem = ' . $itemid + . ' AND cblog = ' . $blogid; + $result = (integer) DB::getValue($qSql); if ( $result > 0 ) { @@ -349,12 +348,12 @@ class Comments } $query = 'INSERT INTO '.sql_table('comment').' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) ' - . "VALUES ('$name', '$url', '$email', $memberid, '$body', $itemid, '$timestamp', '$host', '$ip', '$blogid')"; + . "VALUES ($name, $url, $email, $memberid, $body, $itemid, '$timestamp', $host, $ip, '$blogid')"; - sql_query($query); + DB::execute($query); // post add comment - $commentid = sql_insert_id(); + $commentid = DB::getInsertId(); $manager->notify('PostAddComment', array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck) ); // succeeded ! diff --git a/nucleus/libs/ITEM.php b/nucleus/libs/ITEM.php index 4df0789..9de8eb4 100644 --- a/nucleus/libs/ITEM.php +++ b/nucleus/libs/ITEM.php @@ -98,15 +98,15 @@ class Item if ( !$allow_future ) { $blog =& $manager->getBlog(getBlogIDFromItemID($item_id)); - $query .= "AND i.itime <= '" . i18n::formatted_datetime('mysql', $blog->getCorrectTime()) ."'"; + $query .= 'AND i.itime <= ' . DB::formatDateTime($blog->getCorrectTime()); } $query .= ' LIMIT 1'; - $result = sql_query($query); + $result = DB::getResult($query); - if ( sql_num_rows($result) == 1 ) + if ( $result->rowCount() == 1 ) { - $aItemInfo = sql_fetch_assoc($result); + $aItemInfo = $result->fetch(PDO::FETCH_ASSOC); $aItemInfo['timestamp'] = strtotime($aItemInfo['itime']); return $aItemInfo; } @@ -165,7 +165,7 @@ class Item } // create new category if needed - if ( i18n::strpos($i_catid, 'newcat') ) + if ( i18n::strpos($i_catid, 'newcat') === 0 ) { // get blogid list($i_blogid) = sscanf($i_catid, "newcat-%d"); @@ -313,11 +313,11 @@ class Item // update item itself $query = 'UPDATE ' . sql_table('item') . ' SET' - . " ibody = '" . sql_real_escape_string($body) . "'," - . " ititle = '" . sql_real_escape_string($title) . "'," - . " imore = '" . sql_real_escape_string($more) . "'," - . " iclosed = " . intval($closed) . "," - . " icat = " . intval($catid); + . ' ibody = ' . DB::quoteValue($body) . ',' + . ' ititle = ' . DB::quoteValue($title) . ',' + . ' imore = ' . DB::quoteValue($more) . ',' + . ' iclosed = ' . intval($closed) . ',' + . ' icat = ' . intval($catid); // if we received an updated timestamp that is in the past, but past posting is not allowed, reject that date change (timestamp = 0 will make sure the current date is kept) if ( (!$blog->allowPastPosting()) && ($timestamp < $blog->getCorrectTime()) ) @@ -361,20 +361,20 @@ class Item { $query .= ', idraft = 1'; // set timestamp back to zero for a draft - $query .= ", itime = '" . i18n::formatted_datetime('mysql', $timestamp) ."'"; + $query .= ', itime = ' . DB::formatDateTime($timestamp); } // update timestamp when needed if ( $timestamp != 0 ) { - $query .= ", itime = '" . i18n::formatted_datetime('mysql', $timestamp) ."'"; + $query .= ', itime = ' . DB::formatDateTime($timestamp); } // make sure the correct item is updated $query .= ' WHERE inumber = ' . $itemid; // off we go! - sql_query($query); + DB::execute($query); $manager->notify('PostUpdateItem', array('itemid' => $itemid)); @@ -431,12 +431,12 @@ class Item // update item table $query = "UPDATE %s SET iblog=%d, icat=%d WHERE inumber=%d"; $query = sprintf($query, sql_table('item'), $new_blogid, $new_catid, $itemid); - sql_query($query); + DB::execute($query); // update comments $query = "UPDATE %s SET cblog=%d WHERE citem=%d"; $query = sprintf($query, sql_table('comment'), $new_blogid, $itemid); - sql_query($query); + DB::execute($query); $manager->notify( 'PostMoveItem', @@ -473,12 +473,12 @@ class Item // delete item $query = "DELETE FROM %s WHERE inumber=%d"; $query = sprintf($query, sql_table('item'), $itemid); - sql_query($query); + DB::execute($query); // delete the comments associated with the item $query = "DELETE FROM %s WHERE citem=%d"; $query = sprintf($query, sql_table('comment'), $itemid); - sql_query($query); + DB::execute($query); // delete all associated plugin options NucleusPlugin::delete_option_values('item', $itemid); @@ -514,14 +514,14 @@ class Item return 0; } $blog =& $manager->getBlog($blogid); - $query .= " and itime<='" . i18n::formatted_datetime('mysql', $blog->getCorrectTime()) ."'"; + $query .= ' and itime<=' . DB::formatDateTime($blog->getCorrectTime()); } if ( !$draft ) { $query .= ' and idraft=0'; } - $result = sql_query($query); - return ( sql_num_rows($result) != 0 ); + $result = DB::getResult($query); + return ( $result->rowCount() != 0 ); } /** @@ -576,7 +576,7 @@ class Item } // create new category if needed - if ( i18n::strpos($catid,'newcat') === 0 ) + if ( i18n::strpos($i_catid,'newcat') === 0 ) { // Set in default category $blog =& $manager->getBlog($i_blogid); diff --git a/nucleus/libs/ITEMACTIONS.php b/nucleus/libs/ITEMACTIONS.php index 81afd2c..333dd81 100644 --- a/nucleus/libs/ITEMACTIONS.php +++ b/nucleus/libs/ITEMACTIONS.php @@ -93,15 +93,15 @@ class ItemActions extends BaseActions 'plugin', 'query', 'relevance', - 'smartbody', - 'syndicate_description', - 'syndicate_title', - 'time', - 'title', - /* actions defined in BodyAction class */ + 'smartbody', + 'syndicate_description', + 'syndicate_title', + 'time', + 'title', + /* actions defined in BodyAction class */ 'image', - 'media', - 'popup', + 'media', + 'popup' ); /** @@ -112,6 +112,7 @@ class ItemActions extends BaseActions public function __construct(&$blog) { global $catid, $member; + // call constructor of superclass first parent::__construct(); @@ -162,7 +163,7 @@ class ItemActions extends BaseActions { global $currentitemid; $this->currentItem =& $item; - $currentitemid = $this->currentItem->itemid; + $currentitemid = $this->currentItem['itemid']; return; } @@ -223,7 +224,7 @@ class ItemActions extends BaseActions */ public function parse_body() { - $this->highlightAndParse($this->currentItem->body); + $this->highlightAndParse($this->currentItem['body']); return; } @@ -236,7 +237,7 @@ class ItemActions extends BaseActions */ public function parse_more() { - $this->highlightAndParse($this->currentItem->more); + $this->highlightAndParse($this->currentItem['more']); return; } @@ -249,7 +250,7 @@ class ItemActions extends BaseActions */ public function parse_itemid() { - echo $this->currentItem->itemid; + echo $this->currentItem['itemid']; return; } @@ -262,7 +263,7 @@ class ItemActions extends BaseActions */ public function parse_category() { - echo $this->currentItem->category; + echo $this->currentItem['category']; return; } @@ -275,7 +276,7 @@ class ItemActions extends BaseActions */ public function parse_categorylink() { - echo Link::create_link('category', array('catid' => $this->currentItem->catid, 'name' => $this->currentItem->category)); + echo Link::create_link('category', array('catid' => $this->currentItem['catid'], 'name' => $this->currentItem['category'])); return; } @@ -288,7 +289,7 @@ class ItemActions extends BaseActions */ public function parse_catid() { - echo $this->currentItem->catid; + echo $this->currentItem['catid']; return; } @@ -301,7 +302,7 @@ class ItemActions extends BaseActions */ public function parse_authorid() { - echo $this->currentItem->authorid; + echo $this->currentItem['authorid']; return; } @@ -315,8 +316,8 @@ class ItemActions extends BaseActions public function parse_authorlink() { $data = array( - 'memberid' => $this->currentItem->authorid, - 'name' => $this->currentItem->author, + 'memberid' => $this->currentItem['authorid'], + 'name' => $this->currentItem['author'], 'extra' => $this->linkparams ); @@ -347,9 +348,9 @@ class ItemActions extends BaseActions public function parse_itemlink() { $data = array( - 'itemid' => $this->currentItem->itemid, - 'title' => $this->currentItem->title, - 'timestamp' => $this->currentItem->timestamp, + 'itemid' => $this->currentItem['itemid'], + 'title' => $this->currentItem['title'], + 'timestamp' => $this->currentItem['timestamp'], 'extra' => $this->linkparams ); @@ -379,7 +380,7 @@ class ItemActions extends BaseActions */ public function parse_closed() { - echo $this->currentItem->closed; + echo $this->currentItem['closed']; return; } @@ -392,7 +393,7 @@ class ItemActions extends BaseActions */ public function parse_relevance() { - echo round($this->currentItem->score,2); + echo round($this->currentItem['score'], 2); return; } @@ -409,10 +410,6 @@ class ItemActions extends BaseActions { $itemtitle = $this->currentItem['title']; } - elseif ( is_object($this->currentItem) ) - { - $itemtitle = $this->currentItem->title; - } switch ( $format ) { case 'xml': @@ -443,7 +440,7 @@ class ItemActions extends BaseActions global $manager; // get karma object - $karma =& $manager->getKarma($this->currentItem->itemid); + $karma =& $manager->getKarma($this->currentItem['itemid']); switch ( $type ) { @@ -484,20 +481,20 @@ class ItemActions extends BaseActions switch ( $which ) { case 'realname': - echo $this->currentItem->authorname; + echo $this->currentItem['authorname']; break; case 'id': - echo $this->currentItem->authorid; + echo $this->currentItem['authorid']; break; case 'email': - echo $this->currentItem->authormail; + echo $this->currentItem['authormail']; break; case 'url': - echo $this->currentItem->authorurl; + echo $this->currentItem['authorurl']; break; case 'name': default: - echo $this->currentItem->author; + echo $this->currentItem['author']; } return; } @@ -511,13 +508,13 @@ class ItemActions extends BaseActions */ public function parse_smartbody() { - if ( !$this->currentItem->more ) + if ( !$this->currentItem['more'] ) { - $this->highlightAndParse($this->currentItem->body); + $this->highlightAndParse($this->currentItem['body']); } else { - $this->highlightAndParse($this->currentItem->more); + $this->highlightAndParse($this->currentItem['more']); } return; } @@ -528,7 +525,7 @@ class ItemActions extends BaseActions */ public function parse_morelink() { - if ( $this->currentItem->more ) + if ( $this->currentItem['more'] ) { $this->parser->parse($this->template['MORELINK']); } @@ -565,7 +562,7 @@ class ItemActions extends BaseActions $offset = $this->blog->getTimeOffset() * 3600; } - echo i18n::formatted_datetime($format, $this->currentItem->timestamp, $offset); + echo i18n::formatted_datetime($format, $this->currentItem['timestamp'], $offset); return; } @@ -592,7 +589,7 @@ class ItemActions extends BaseActions { $format = $this->template['FORMAT_TIME']; } - echo i18n::formatted_datetime($format, $this->currentItem->timestamp); + echo i18n::formatted_datetime($format, $this->currentItem['timestamp']); return; } @@ -604,7 +601,7 @@ class ItemActions extends BaseActions * @return string syndicated title */ public function parse_syndicate_title($maxLength = 100) { - $syndicated = strip_tags($this->currentItem->title); + $syndicated = strip_tags($this->currentItem['title']); echo Entity::hsc(Entity::shorten($syndicated,$maxLength,'...')); } @@ -618,7 +615,7 @@ class ItemActions extends BaseActions */ public function parse_syndicate_description($maxLength = 250, $addHighlight = 0) { - $syndicated = strip_tags($this->currentItem->body); + $syndicated = strip_tags($this->currentItem['body']); if ( $addHighlight ) { $tmp_highlight = Entity::hsc(Entity::shorten($syndicated,$maxLength,'...')); @@ -641,7 +638,7 @@ class ItemActions extends BaseActions public function parse_karmaposlink($text = '') { global $CONF; - $link = $CONF['ActionURL'] . '?action=votepositive&itemid=' . $this->currentItem->itemid; + $link = $CONF['ActionURL'] . '?action=votepositive&itemid=' . $this->currentItem['itemid']; if ( !$text ) { echo '' . $text . ''; @@ -664,7 +661,7 @@ class ItemActions extends BaseActions public function parse_karmaneglink($text = '') { global $CONF; - $link = $CONF['ActionURL'] . '?action=votenegative&itemid='.$this->currentItem->itemid; + $link = $CONF['ActionURL'] . '?action=votenegative&itemid='.$this->currentItem['itemid']; if ( !$text ) { @@ -687,7 +684,7 @@ class ItemActions extends BaseActions */ public function parse_new() { - if ( ($this->lastVisit != 0) && ($this->currentItem->timestamp > $this->lastVisit) ) + if ( ($this->lastVisit != 0) && ($this->currentItem['timestamp'] > $this->lastVisit) ) { echo $this->template['NEW']; } @@ -703,7 +700,7 @@ class ItemActions extends BaseActions */ public function parse_daylink() { - echo Link::create_archive_link($this->blog->getID(), i18n::formatted_datetime('%Y-%m-%d', $this->currentItem->timestamp), $this->linkparams); + echo Link::create_archive_link($this->blog->getID(), i18n::formatted_datetime('%Y-%m-%d', $this->currentItem['timestamp']), $this->linkparams); return; } @@ -724,9 +721,9 @@ class ItemActions extends BaseActions // add comments if ( $this->showComments && $this->blog->commentsEnabled() ) { - $comments = new Comments($this->currentItem->itemid); + $comments = new Comments($this->currentItem['itemid']); $comments->setItemActions($this); - $comments->showComments($this->template, $maxToShow, $this->currentItem->closed ? 0 : 1, $this->strHighlight); + $comments->showComments($this->template, $maxToShow, $this->currentItem['closed'] ? 0 : 1, $this->strHighlight); } return; } @@ -772,7 +769,7 @@ class ItemActions extends BaseActions public function parse_edit() { global $member, $CONF; - if ( $this->allowEditAll || ($member->isLoggedIn() && ($member->getID() == $this->currentItem->authorid)) ) + if ( $this->allowEditAll || ($member->isLoggedIn() && ($member->getID() == $this->currentItem['authorid'])) ) { $this->parser->parse($this->template['EDITLINK']); } @@ -786,7 +783,7 @@ class ItemActions extends BaseActions public function parse_editlink() { global $CONF; - echo $CONF['AdminURL'] . 'bookmarklet.php?action=edit&itemid=' . $this->currentItem->itemid; + echo $CONF['AdminURL'] . 'bookmarklet.php?action=edit&itemid=' . $this->currentItem['itemid']; return; } @@ -850,7 +847,7 @@ class ItemActions extends BaseActions $condition = ($blog && ($blog->getSetting($name) == $value)); break; case 'itemblogsetting': - $b =& $manager->getBlog(getBlogIDFromItemID($this->currentItem->itemid)); + $b =& $manager->getBlog(getBlogIDFromItemID($this->currentItem['itemid'])); $condition = ($b && ($b->getSetting($name) == $value)); break; case 'loggedin': @@ -923,19 +920,19 @@ class ItemActions extends BaseActions { global $member, $manager; - $b =& $manager->getBlog(getBlogIDFromItemID($this->currentItem->itemid)); + $b =& $manager->getBlog(getBlogIDFromItemID($this->currentItem['itemid'])); // when no parameter is defined, just check if author is current visitor if ( ($key != 'isadmin' && $key != 'name') || ($key == 'name' && $value == '') ) { - return (boolean) ((integer) $member->getID() > 0 && (integer) $member->getID() == (integer) $this->currentItem->authorid); + return (boolean) ((integer) $member->getID() > 0 && (integer) $member->getID() == (integer) $this->currentItem['authorid']); } // check author name if ( $key == 'name' ) { $value = strtolower($value); - if ( $value == strtolower($this->currentItem->author) ) + if ( $value == strtolower($this->currentItem['author']) ) { return TRUE; } @@ -944,7 +941,7 @@ class ItemActions extends BaseActions // check if author is admin if ( ($key == 'isadmin') ) { - $aid = intval($this->currentItem->authorid); + $aid = intval($this->currentItem['authorid']); $blogid = intval($b->getID()); $amember =& $manager->getMember($aid); if ( $amember->isAdmin() ) @@ -969,7 +966,7 @@ class ItemActions extends BaseActions { global $catid, $manager; - $b =& $manager->getBlog(getBlogIDFromItemID($this->currentItem->itemid)); + $b =& $manager->getBlog(getBlogIDFromItemID($this->currentItem['itemid'])); // when no parameter is defined, just check if a category is selected if ( ($key != 'catname' && $key != 'catid') || ($value == '') ) @@ -977,7 +974,7 @@ class ItemActions extends BaseActions return (boolean) $b->isValidCategory($catid); } - $icatid = $this->currentItem->catid; + $icatid = $this->currentItem['catid']; // check category name if ( $key == 'catname' ) @@ -1128,4 +1125,4 @@ class ItemActions extends BaseActions return (boolean) call_user_func_array(array(&$plugin, 'doIf'), $params); } -} +} \ No newline at end of file diff --git a/nucleus/libs/KARMA.php b/nucleus/libs/KARMA.php index 6b96c4a..1c7dcb4 100644 --- a/nucleus/libs/KARMA.php +++ b/nucleus/libs/KARMA.php @@ -86,31 +86,30 @@ class Karma // these methods shouldn't be called directly function readFromDatabase() { $query = 'SELECT ikarmapos, ikarmaneg FROM '.sql_table('item').' WHERE inumber=' . $this->itemid; - $res = sql_query($query); - $obj = sql_fetch_object($res); + $res = DB::getRow($query); - $this->karmapos = $obj->ikarmapos; - $this->karmaneg = $obj->ikarmaneg; + $this->karmapos = $res['ikarmapos']; + $this->karmaneg = $res['ikarmaneg']; $this->inforead = 1; } function writeToDatabase() { $query = 'UPDATE '.sql_table('item').' SET ikarmapos=' . $this->karmapos . ', ikarmaneg='.$this->karmaneg.' WHERE inumber=' . $this->itemid; - sql_query($query); + DB::execute($query); } // checks if a vote is still allowed for an IP function isVoteAllowed($ip) { - $query = 'SELECT * FROM '.sql_table('karma')." WHERE itemid=$this->itemid and ip='".sql_real_escape_string($ip)."'"; - $res = sql_query($query); - return (sql_num_rows($res) == 0); + $query = 'SELECT * FROM '.sql_table('karma')." WHERE itemid={$this->itemid} and ip=". DB::quoteValue($ip); + $res = DB::getResult($query); + return ($res->rowCount() == 0); } // save IP in database so no multiple votes are possible function saveIP() { - $query = 'INSERT INTO '.sql_table('karma').' (itemid, ip) VALUES ('.$this->itemid.",'".sql_real_escape_string(serverVar('REMOTE_ADDR'))."')"; - sql_query($query); + $query = 'INSERT INTO ' . sql_table('karma') .' (itemid, ip) VALUES (' . $this->itemid . ','. DB::quoteValue(serverVar('REMOTE_ADDR')) .')'; + DB::execute($query); } } diff --git a/nucleus/libs/MANAGER.php b/nucleus/libs/MANAGER.php index e8d1a49..e288043 100644 --- a/nucleus/libs/MANAGER.php +++ b/nucleus/libs/MANAGER.php @@ -154,7 +154,7 @@ class Manager */ public function existsCategory($id) { - return (quickQuery('SELECT COUNT(*) as result FROM '.sql_table('category').' WHERE catid='.intval($id)) > 0); + return (DB::getValue('SELECT COUNT(*) as result FROM '.sql_table('category').' WHERE catid='.intval($id)) > 0); } /** @@ -500,10 +500,10 @@ class Manager // 'installedPlugins' = array ($pid => $name) case 'installedPlugins': $this->cachedInfo['installedPlugins'] = array(); - $res = sql_query('SELECT pid, pfile FROM ' . sql_table('plugin')); - while ( $o = sql_fetch_object($res) ) + $res = DB::getResult('SELECT pid, pfile FROM ' . sql_table('plugin')); + foreach ( $res as $row ) { - $this->cachedInfo['installedPlugins'][$o->pid] = $o->pfile; + $this->cachedInfo['installedPlugins'][$row['pid']] = $row['pfile']; } break; } @@ -575,12 +575,12 @@ class Manager . " FROM %s as e, %s as p" . " WHERE e.pid=p.pid ORDER BY p.porder ASC"; $query = sprintf($query, sql_table('plugin_event'), sql_table('plugin')); - $res = sql_query($query); + $res = DB::getResult($query); - while ( $o = sql_fetch_object($res) ) + foreach ( $res as $row ) { - $pluginName = $o->pfile; - $eventName = $o->event; + $pluginName = $row['pfile']; + $eventName = $row['event']; $this->subscriptions[$eventName][] = $pluginName; } return; @@ -669,7 +669,11 @@ class Manager } // check if ticket is a valid one - $query = 'SELECT COUNT(*) as result FROM ' . sql_table('tickets') . ' WHERE member=' . intval($memberId). ' and ticket=\''.sql_real_escape_string($ticket).'\''; + $query = sprintf('SELECT COUNT(*) as result FROM %s WHERE member=%d and ticket=%s', + sql_table('tickets'), + intval($memberId), + DB::quoteValue($ticket) + ); /* * NOTE: @@ -678,7 +682,7 @@ class Manager * leaving the keys in the database is not a real problem, since they're member-specific and * only valid for a period of one hour] */ - if ( quickQuery($query) != 1 ) + if ( DB::getValue($query) != 1 ) { return FALSE; } @@ -699,7 +703,7 @@ class Manager $oldTime = time() - 60 * 60; $query = "DELETE FROM %s WHERE ctime < '%s';"; $query = sprintf($query, sql_table('tickets'), date('Y-m-d H:i:s',$oldTime)); - sql_query($query); + DB::execute($query); return; } @@ -736,10 +740,10 @@ class Manager // add in database as non-active $query = "INSERT INTO %s (ticket, member, ctime)" - . " VALUES ('%s', %d, '%s');"; - $query = sprintf($query, sql_table('tickets'), sql_real_escape_string($ticket), (integer) $memberId, date('Y-m-d H:i:s',time())); + . " VALUES (%s, %d, '%s');"; + $query = sprintf($query, sql_table('tickets'), DB::quoteValue($ticket), (integer) $memberId, date('Y-m-d H:i:s',time())); - if ( sql_query($query) ) + if ( DB::execute($query) !== FALSE ) { $ok = true; } diff --git a/nucleus/libs/MEMBER.php b/nucleus/libs/MEMBER.php index e545103..f909f3d 100644 --- a/nucleus/libs/MEMBER.php +++ b/nucleus/libs/MEMBER.php @@ -92,7 +92,7 @@ class Member */ public function readFromName($displayname) { - return $this->read("mname='".sql_real_escape_string($displayname)."'"); + return $this->read('mname='.DB::quoteValue($displayname)); } /** @@ -354,23 +354,22 @@ class Member // read info $query = 'SELECT * FROM '.sql_table('member') . ' WHERE ' . $where; - $res = sql_query($query); - $obj = sql_fetch_object($res); - - $this->setRealName($obj->mrealname); - $this->setEmail($obj->memail); - $this->password = $obj->mpassword; - $this->setCookieKey($obj->mcookiekey); - $this->setURL($obj->murl); - $this->setDisplayName($obj->mname); - $this->setAdmin($obj->madmin); - $this->id = $obj->mnumber; - $this->setCanLogin($obj->mcanlogin); - $this->setNotes($obj->mnotes); - $this->setLocale($obj->mlocale); - $this->setAutosave($obj->mautosave); - - return sql_num_rows($res); + $row = DB::getRow($query); + + $this->setRealName($row['mrealname']); + $this->setEmail($row['memail']); + $this->password = $row['mpassword']; + $this->setCookieKey($row['mcookiekey']); + $this->setURL($row['murl']); + $this->setDisplayName($row['mname']); + $this->setAdmin($row['madmin']); + $this->id = $row['mnumber']; + $this->setCanLogin($row['mcanlogin']); + $this->setNotes($row['mnotes']); + $this->setLocale($row['mlocale']); + $this->setAutosave($row['mautosave']); + + return $row ? TRUE : FALSE; } /** @@ -387,11 +386,11 @@ class Member $query = 'SELECT tadmin FROM '.sql_table('team').' WHERE' . ' tblog=' . intval($blogid) . ' and tmember='. $this->getID(); - $res = sql_query($query); - if ( sql_num_rows($res) == 0 ) - return 0; + $res = DB::getValue($query); + if ( $res ) + return ($res == 1); else - return ( sql_result($res,0,0) == 1 ); + return 0; } /** @@ -431,8 +430,8 @@ class Member $query = 'SELECT * FROM '.sql_table('team').' WHERE' . ' tblog=' . intval($blogid) . ' and tmember='. $this->getID(); - $res = sql_query($query); - return (sql_num_rows($res) != 0); + $res = DB::getResult($query); + return ($res->rowCount() != 0); } /** @@ -497,10 +496,9 @@ class Member $query = 'SELECT citem as itemid, iblog as blogid, cmember as cauthor, iauthor' . ' FROM '.sql_table('comment') .', '.sql_table('item').', '.sql_table('blog') . ' WHERE citem=inumber and iblog=bnumber and cnumber=' . intval($commentid); - $res = sql_query($query); - $obj = sql_fetch_object($res); + $res = DB::getRow($query); - return ($obj->cauthor == $this->getID()) or $this->isBlogAdmin($obj->blogid) or ($obj->iauthor == $this->getID()); + return ($res['cauthor'] == $this->getID()) or $this->isBlogAdmin($res['blogid']) or ($res['iauthor'] == $this->getID()); } /** @@ -519,9 +517,8 @@ class Member if ($this->isAdmin()) return 1; $query = 'SELECT iblog, iauthor FROM '.sql_table('item').' WHERE inumber=' . intval($itemid); - $res = sql_query($query); - $obj = sql_fetch_object($res); - return ($obj->iauthor == $this->getID()) or $this->isBlogAdmin($obj->iblog); + $res = DB::getRow($query); + return ($res['iauthor'] == $this->getID()) or $this->isBlogAdmin($res['iblog']); } /** @@ -534,8 +531,8 @@ class Member */ public function canBeDeleted() { - $res = sql_query('SELECT * FROM '.sql_table('item').' WHERE iauthor=' . $this->getID()); - return ( sql_num_rows($res) == 0 ); + $res = DB::getResult('SELECT * FROM '.sql_table('item').' WHERE iauthor=' . $this->getID()); + return ( $res->rowCount() == 0 ); } /** @@ -570,7 +567,7 @@ class Member if ( i18n::strpos($newcat, 'newcat') === 0 ) { // get blogid - list($blogid) = sscanf($newcat,'newcat-%d'); + list($blogid) = sscanf($newcat, 'newcat-%d'); return $this->blogAdminRights($blogid); } @@ -590,7 +587,7 @@ class Member } // not a valid category -> NOK - $validCat = quickQuery('SELECT COUNT(*) AS result FROM '.sql_table('category').' WHERE catid='.intval($newcat)); + $validCat = DB::getValue('SELECT COUNT(*) AS result FROM '.sql_table('category').' WHERE catid='.intval($newcat)); if ( !$validCat ) { return 0; @@ -734,12 +731,12 @@ class Member $query = 'SELECT tblog as blogid from '.sql_table('team').' where tadmin=1 and tmember=' . $this->getID(); } - $res = sql_query($query); - if ( sql_num_rows($res) > 0 ) + $res = DB::getResult($query); + if ( $res->rowCount() > 0 ) { - while ( $obj = sql_fetch_object($res) ) + foreach ( $res as $row ) { - array_push($blogs, $obj->blogid); + array_push($blogs, $row['blogid']); } } return $blogs; @@ -767,12 +764,12 @@ class Member $query = 'SELECT tblog as blogid from '.sql_table('team').' where tmember=' . $this->getID(); } - $res = sql_query($query); - if ( sql_num_rows($res) > 0 ) + $res = DB::getResult($query); + if ( $res->rowCount() > 0 ) { - while ( $obj = sql_fetch_object($res) ) + foreach ( $res as $row ) { - array_push($blogs, $obj->blogid); + array_push($blogs, $row['blogid']); } } return $blogs; @@ -812,19 +809,19 @@ class Member public function write() { $query = 'UPDATE '.sql_table('member') - . " SET mname='" . sql_real_escape_string($this->displayname) . "', " - . "mrealname='". sql_real_escape_string($this->realname) . "', " - . "mpassword='". sql_real_escape_string($this->password) . "', " - . "mcookiekey='". sql_real_escape_string($this->cookiekey) . "', " - . "murl='" . sql_real_escape_string($this->url) . "', " - . "memail='" . sql_real_escape_string($this->email) . "', " - . "madmin=" . intval($this->admin) . ", " - . "mnotes='" . sql_real_escape_string($this->notes) . "', " - . "mcanlogin=" . intval($this->canlogin) . ", " - . "mlocale='" . sql_real_escape_string($this->locale) . "', " - . "mautosave=" . intval($this->autosave) . " " - . "WHERE mnumber=" . intval($this->id); - sql_query($query); + . ' SET mname=' . DB::quoteValue($this->displayname) . ', ' + . 'mrealname='. DB::quoteValue($this->realname) . ', ' + . 'mpassword='. DB::quoteValue($this->password) . ', ' + . 'mcookiekey='. DB::quoteValue($this->cookiekey) . ', ' + . 'murl=' . DB::quoteValue($this->url) . ', ' + . 'memail=' . DB::quoteValue($this->email) . ', ' + . 'madmin=' . intval($this->admin) . ', ' + . 'mnotes=' . DB::quoteValue($this->notes) . ', ' + . 'mcanlogin=' . intval($this->canlogin) . ', ' + . 'mlocale=' . DB::quoteValue($this->locale) . ', ' + . 'mautosave=' . intval($this->autosave) . ' ' + . 'WHERE mnumber=' . intval($this->id); + DB::execute($query); return; } @@ -998,8 +995,8 @@ class Member */ public static function exists($name) { - $r = sql_query('select * FROM '.sql_table('member')." WHERE mname='".sql_real_escape_string($name)."'"); - return ( sql_num_rows($r) != 0 ); + $r = DB::getResult('SELECT * FROM ' . sql_table('member') . ' WHERE mname=' . DB::quoteValue($name)); + return ( $r->rowCount() != 0 ); } /** @@ -1013,8 +1010,8 @@ class Member */ public static function existsID($id) { - $r = sql_query('select * FROM '.sql_table('member')." WHERE mnumber='".intval($id)."'"); - return (sql_num_rows($r) != 0); + $r = DB::getResult('SELECT * FROM ' . sql_table('member') . ' WHERE mnumber=' . intval($id)); + return ( $r->rowCount() != 0 ); } /** @@ -1088,21 +1085,21 @@ class Member $url = 'http://' . $url; } - $name = sql_real_escape_string($name); - $realname = sql_real_escape_string($realname); + $name = DB::quoteValue($name); + $realname = DB::quoteValue($realname); /* NOTE: hashed password is automatically updated if the length is 32 bytes when logging in */ - $password = sql_real_escape_string(md5($password)); - $email = sql_real_escape_string($email); - $url = sql_real_escape_string($url); + $password = DB::quoteValue(md5($password)); + $email = DB::quoteValue($email); + $url = DB::quoteValue($url); $admin = (integer) $admin; $canlogin = (integer) $canlogin; - $notes = sql_real_escape_string($notes); + $notes = DB::quoteValue($notes); $query = "INSERT INTO %s" . " (MNAME,MREALNAME,MPASSWORD,MEMAIL,MURL, MADMIN, MCANLOGIN, MNOTES)" - . " VALUES ('%s','%s','%s','%s','%s',%d, %d, '%s')"; + . " VALUES (%s, %s, %s, %s, %s, %d, %d, %s)"; $query = sprintf($query, sql_table('member'), $name, $realname, $password, $email, $url, $admin, $canlogin, $notes); - sql_query($query); + DB::execute($query); ActionLog::add(INFO, _ACTIONLOG_NEWMEMBER . ' ' . $name); @@ -1120,14 +1117,14 @@ class Member */ public static function getActivationInfo($key) { - $query = 'SELECT * FROM ' . sql_table('activation') . ' WHERE vkey=\'' . sql_real_escape_string($key). '\''; - $res = sql_query($query); + $query = 'SELECT * FROM ' . sql_table('activation') . ' WHERE vkey=' . DB::quoteValue($key); + $res = DB::getResult($query); - if ( !$res || (sql_num_rows($res) == 0) ) + if ( !$res || ($res->rowCount() == 0) ) { return 0; } - return sql_fetch_object($res); + return $res->fetch(); } /** @@ -1149,7 +1146,7 @@ class Member // kill any existing entries for the current member (delete is ok) // (only one outstanding activation key can be present for a member) - sql_query('DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . intval($this->getID())); + DB::execute('DELETE FROM ' . sql_table('activation') . ' WHERE vmember=' . intval($this->getID())); // indicates if the member can log in while the link is active $canLoginWhileActive = false; @@ -1175,8 +1172,8 @@ class Member // attempt to add entry in database // add in database as non-active $query = 'INSERT INTO ' . sql_table('activation'). ' (vkey, vtime, vmember, vtype, vextra) '; - $query .= 'VALUES (\'' . sql_real_escape_string($key). '\', \'' . date('Y-m-d H:i:s',time()) . '\', \'' . intval($this->getID()). '\', \'' . sql_real_escape_string($type). '\', \'' . sql_real_escape_string($extra). '\')'; - if ( sql_query($query) ) + $query .= 'VALUES (' . DB::quoteValue($key). ', \'' . date('Y-m-d H:i:s',time()) . '\', ' . intval($this->getID()). ', ' . DB::quoteValue($type). ', ' . DB::quoteValue($extra). ')'; + if ( DB::execute($query) !== FALSE ) $ok = true; } @@ -1211,7 +1208,7 @@ class Member return false; } - switch ( $info->vtype ) + switch ( $info['vtype'] ) { case 'forgot': // nothing to do @@ -1219,17 +1216,17 @@ class Member case 'register': // set canlogin value global $CONF; - sql_query('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($CONF['NewMemberCanLogon']). ' WHERE mnumber=' . intval($info->vmember)); + DB::execute('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($CONF['NewMemberCanLogon']). ' WHERE mnumber=' . intval($info['vmember'])); break; case 'addresschange': // reset old 'canlogin' value - list($oldEmail, $oldCanLogin) = preg_split('#/#', $info->vextra); - sql_query('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($oldCanLogin). ' WHERE mnumber=' . intval($info->vmember)); + list($oldEmail, $oldCanLogin) = preg_split('#/#', $info['vextra']); + DB::execute('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($oldCanLogin). ' WHERE mnumber=' . intval($info['vmember'])); break; } // delete from activation table - sql_query('DELETE FROM ' . sql_table('activation') . ' WHERE vkey=\'' . sql_real_escape_string($key) . '\''); + DB::execute('DELETE FROM ' . sql_table('activation') . ' WHERE vkey=' . DB::quoteValue($key)); // success! return true; @@ -1257,22 +1254,22 @@ class Member $boundary = time() - (60 * 60 * 24 * $actdays); // 1. walk over all entries, and see if special actions need to be performed - $res = sql_query('SELECT * FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s',$boundary) . '\''); + $res = DB::getResult('SELECT * FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s',$boundary) . '\''); - while ( $o = sql_fetch_object($res) ) + foreach ( $res as $row ) { - switch ( $o->vtype ) + switch ( $row['vtype'] ) { case 'register': // delete all information about this site member. registration is undone because there was // no timely activation include_once($DIR_LIBS . 'ADMIN.php'); - Admin::deleteOneMember(intval($o->vmember)); + Admin::deleteOneMember(intval($row['vmember'])); break; case 'addresschange': // revert the e-mail address of the member back to old address - list($oldEmail, $oldCanLogin) = preg_split('#/#', $o->vextra); - sql_query('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($oldCanLogin). ', memail=\'' . sql_real_escape_string($oldEmail). '\' WHERE mnumber=' . intval($o->vmember)); + list($oldEmail, $oldCanLogin) = preg_split('#/#', $row['vextra']); + DB::execute('UPDATE ' . sql_table('member') . ' SET mcanlogin=' . intval($oldCanLogin). ', memail=' . DB::quoteValue($oldEmail). ' WHERE mnumber=' . intval($row['vmember'])); break; case 'forgot': // delete the activation link and ignore. member can request a new password using the @@ -1282,7 +1279,7 @@ class Member } // 2. delete activation entries for real - sql_query('DELETE FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s',$boundary) . '\''); + DB::execute('DELETE FROM ' . sql_table('activation') . ' WHERE vtime < \'' . date('Y-m-d H:i:s',$boundary) . '\''); return; } diff --git a/nucleus/libs/PLUGIN.php b/nucleus/libs/PLUGIN.php index 99586f3..3fb00e2 100644 --- a/nucleus/libs/PLUGIN.php +++ b/nucleus/libs/PLUGIN.php @@ -136,7 +136,7 @@ abstract class NucleusPlugin * Name of the feature. See plugin documentation for more info * 'SqlTablePrefix' -> if the plugin uses the sql_table() method to get table names * 'HelpPage' -> if the plugin provides a helppage - * 'SqlApi' -> if the plugin uses the complete sql_* api (must also require nucleuscms 3.5) + * 'SqlApi' -> if the plugin uses the complete sql_* or DB::* api (must also require nucleuscms 3.5) */ public function supportsFeature($feature) { @@ -263,10 +263,10 @@ abstract class NucleusPlugin $query = "SELECT d.oname as name, o.ovalue as value FROM %s o, %s d WHERE d.opid=%d AND d.oid=o.oid;"; $query = sprintf($query, sql_table('plugin_option'), sql_table('plugin_option_desc'), (integer) $this->plugid); - $result = sql_query($query); - while ( $row = sql_fetch_object($result) ) + $result = DB::getResult($query); + foreach ( $result as $row ) { - $this->plugin_options[strtolower($row->name)] = $row->value; + $this->plugin_options[strtolower($row['name'])] = $row['value']; } } if ( isset($this->plugin_options[strtolower($name)]) ) @@ -462,11 +462,9 @@ abstract class NucleusPlugin // retrieve the data and return $query = "SELECT otype, oextra FROM %s WHERE oid = %d;"; $query = sprintf($query, sql_table('plugin_option_desc'), $oid); - $result = sql_query($query); + $row = DB::getRow($query); - $o = sql_fetch_array($result); - - if ( ($this->optionCanBeNumeric($o['otype'])) && ($o['oextra'] == 'number' ) ) + if ( ($this->optionCanBeNumeric($row['otype'])) && ($row['oextra'] == 'number' ) ) { $orderby = 'CAST(ovalue AS SIGNED)'; } @@ -476,12 +474,12 @@ abstract class NucleusPlugin } $query = "SELECT ovalue value, ocontextid id FROM %s WHERE oid = %d ORDER BY %s %s LIMIT 0,%d;"; $query = sprintf($query, sql_table('plugin_option'), $oid, $orderby, $sort, (integer) $amount); - $result = sql_query($query); + $result = DB::getResult($query); // create the array $i = 0; $top = array(); - while( $row = sql_fetch_array($result) ) + foreach( $result as $row ) { $top[$i++] = $row; } @@ -501,14 +499,14 @@ abstract class NucleusPlugin $query = 'INSERT INTO ' . sql_table('plugin_option_desc') .' (opid, oname, ocontext, odesc, otype, odef, oextra)' .' VALUES ('.intval($this->plugid) - .', \''.sql_real_escape_string($name).'\'' - .', \''.sql_real_escape_string($context).'\'' - .', \''.sql_real_escape_string($desc).'\'' - .', \''.sql_real_escape_string($type).'\'' - .', \''.sql_real_escape_string($defValue).'\'' - .', \''.sql_real_escape_string($typeExtras).'\');'; - sql_query($query); - $oid = sql_insert_id(); + .', '.DB::quoteValue($name) + .', '.DB::quoteValue($context) + .', '.DB::quoteValue($desc) + .', '.DB::quoteValue($type) + .', '.DB::quoteValue($defValue) + .', '.DB::quoteValue($typeExtras).')'; + DB::execute($query); + $oid = DB::getInsertId(); $key = $context . '_' . $name; $this->option_info[$key] = array('oid' => $oid, 'default' => $defValue); @@ -532,12 +530,12 @@ abstract class NucleusPlugin // delete all things from plugin_option $query = "DELETE FROM %s WHERE oid=%d;"; $query = sprintf($query, sql_table('plugin_option'), (integer) $oid); - sql_query($query); + DB::execute($query); // delete entry from plugin_option_desc $query = "DELETE FROM %s WHERE oid=%d;"; $query = sprintf($query, sql_table('plugin_option_desc'), $oid); - sql_query($query); + DB::execute($query); // clear from cache unset($this->option_info["{$context}_{$name}"]); @@ -599,11 +597,11 @@ abstract class NucleusPlugin // update plugin_option $query = "DELETE FROM %s WHERE oid=%d and ocontextid=%d;"; $query = sprintf($query, sql_table('plugin_option'), (integer) $oid, (integer) $contextid); - sql_query($query); + DB::execute($query); - $query = "INSERT INTO %s (ovalue, oid, ocontextid) VALUES ('%s', %d, %d);"; - $query = sprintf($query, sql_table('plugin_option'), sql_real_escape_string($value), $oid, $contextid); - sql_query($query); + $query = "INSERT INTO %s (ovalue, oid, ocontextid) VALUES (%s, %d, %d);"; + $query = sprintf($query, sql_table('plugin_option'), DB::quoteValue($value), $oid, $contextid); + DB::execute($query); // update cache $this->option_values["{$oid}_{$contextid}"] = $value; @@ -640,20 +638,20 @@ abstract class NucleusPlugin // get from DB $query = "SELECT ovalue FROM %s WHERE oid=%d and ocontextid=%d;"; $query = sprintf($query, sql_table('plugin_option'), (integer) $oid, (integer) $contextid); - $result = sql_query($query); + $result = DB::getResult($query); - if ( !$result || (sql_num_rows($result) == 0) ) + if ( !$result || ($result->rowCount() == 0) ) { // fill DB with default value $this->option_values[$key] = $this->get_default_value($context, $name); - $query = "INSERT INTO %s (oid, ocontextid, ovalue) VALUES (%d, %d, '%s');"; - $query = sprintf($query, sql_table('plugin_option'), (integer) $oid, (integer) $contextid, sql_real_escape_string($this->option_values[$key])); - sql_query($query); + $query = "INSERT INTO %s (oid, ocontextid, ovalue) VALUES (%d, %d, %s);"; + $query = sprintf($query, sql_table('plugin_option'), (integer) $oid, (integer) $contextid, DB::quoteValue($defVal)); + DB::execute($query); } else { - $o = sql_fetch_object($result); - $this->option_values[$key] = $o->ovalue; + $row = $result->fetch(); + $this->option_values[$key] = $row['ovalue']; } return $this->option_values[$key]; @@ -692,21 +690,21 @@ abstract class NucleusPlugin break; } - $result = sql_query($query); + $result = DB::getResult($query); if ( $result ) { - while ( $o = sql_fetch_object($r) ) + foreach ( $result as $row ) { - $options[$o->contextid] = $default_value; + $options[$row['contextid']] = $default_value; } } $query = "SELECT ocontextid, ovalue FROM %s WHERE oid=%d;"; $query = sprintf($query, sql_table('plugin_option'), $oid); - $result = sql_query($query); - while ( $o = sql_fetch_object($result) ) + $result = DB::getResult($query); + foreach ( $result as $row ) { - $options[$o->ocontextid] = $o->ovalue; + $options[$row['ocontextid']] = $row['ovalue']; } return $options; @@ -737,13 +735,13 @@ abstract class NucleusPlugin $this->option_info = array(); $query = "SELECT oid, oname, ocontext, odef FROM %s WHERE opid=%d;"; $query = sprintf($query, sql_table('plugin_option_desc'), $this->plugid); - $result = sql_query($query); - while ( $o = sql_fetch_object($result) ) + $result = DB::getResult($query); + foreach ( $result as $row ) { - $k = $o->ocontext . '_' . $o->oname; - $this->option_info[$k] = array('oid' => $o->oid, 'default' => $o->odef); + $k = $row['ocontext'] . '_' . $row['oname']; + $this->option_info[$k] = array('oid' => $row['oid'], 'default' => $row['odef']); } - sql_free_result($result); + $result->closeCursor(); return $this->option_info[$key]['oid']; } @@ -774,21 +772,21 @@ abstract class NucleusPlugin // delete all associated plugin options $aOIDs = array(); // find ids - $query = "SELECT oid FROM %s WHERE ocontext='%s';"; - $query = sprintf($query, sql_table('plugin_option_desc'), sql_real_escape_string($context)); + $query = "SELECT oid FROM %s WHERE ocontext=%s;"; + $query = sprintf($query, sql_table('plugin_option_desc'), DB::quoteValue($context)); - $result = sql_query($query); - while ( $o = sql_fetch_object($result) ) + $result = DB::getResult($query); + foreach ( $result as $row ) { - array_push($aOIDs, $o->oid); + array_push($aOIDs, $row['oid']); } - sql_free_result($result); + $result->closeCursor(); // delete those options. go go go if ( count($aOIDs) > 0 ) { $query = "DELETE FROM %s WHERE oid in (%s) and ocontextid=%d;"; $query = sprintf($query, sql_table('plugin_option'), implode(',',$aOIDs), (integer) $contextid); - sql_query($query); + DB::execute($query); } return; } @@ -853,11 +851,11 @@ abstract class NucleusPlugin */ public function subscribtionListIsUptodate() { - $res = sql_query('SELECT event FROM '.sql_table('plugin_event').' WHERE pid = '.$this->plugid); + $res = DB::getResult('SELECT event FROM '.sql_table('plugin_event').' WHERE pid = '.$this->plugid); $ev = array(); - while( $a = sql_fetch_array($res) ) + foreach ( $res as $row ) { - array_push($ev, $a['event']); + array_push($ev, $row['event']); } if ( count($ev) != count($this->getEventList()) ) { @@ -898,8 +896,8 @@ abstract class NucleusPlugin // get option type info $query = "SELECT opid, oname, ocontext, otype, oextra, odef FROM %s WHERE oid=%d;"; $query = sprintf($query, sql_table('plugin_option_desc'), (integer) $oid); - $result = sql_query($query); - if ( $info = sql_fetch_object($result) ) + $result = DB::getRow($query); + if ( $result ) { foreach ( $values as $id => $value ) { @@ -927,7 +925,7 @@ abstract class NucleusPlugin $value = undoMagic($value); /* validation the value according to its type */ - switch ( $info->otype ) + switch ( $result['otype'] ) { case 'yesno': if ( ($value != 'yes') && ($value != 'no') ) @@ -940,7 +938,7 @@ abstract class NucleusPlugin if ( array_key_exists('datatype', $meta) && ($meta['datatype'] == 'numerical') && ($value != (integer) $value) ) { - $value = (integer) $info->odef; + $value = (integer) $result['odef']; } break; case 'password': @@ -954,9 +952,9 @@ abstract class NucleusPlugin * possibility to change/validate the new value for the option */ $data = array( - 'context' => $info->ocontext, - 'plugid' => $info->opid, - 'optionname' => $info->oname, + 'context' => $result['ocontext'], + 'plugid' => $result['opid'], + 'optionname' => $result['oname'], 'contextid' => $contextid, 'value' => &$value); $manager->notify('PrePluginOptionsUpdate', $data); @@ -964,16 +962,16 @@ abstract class NucleusPlugin // delete and insert its fields of table in database $query = "DELETE FROM %s WHERE oid=%d AND ocontextid=%d;"; $query = sprintf($query, sql_table('plugin_option'), (integer) $oid, (integer) $contextid); - sql_query($query); - $query = "INSERT INTO %s (oid, ocontextid, ovalue) VALUES (%d, %d, '%s');"; - $query = sprintf($query, sql_table('plugin_option'), (integer) $oid, (integer) $contextid, sql_real_escape_string($value)); - sql_query($query); + DB::execute($query); + $query = "INSERT INTO %s (oid, ocontextid, ovalue) VALUES (%d, %d, %s);"; + $query = sprintf($query, sql_table('plugin_option'), (integer) $oid, (integer) $contextid, DB::quoteValue($value)); + DB::execute($query); } } // clear option value cache if the plugin object is already loaded if ( is_object($info) ) { - $plugin=& $manager->pidLoaded($info->opid); + $plugin=& $manager->pidLoaded($result['opid']); if ( $plugin ) { $plugin->clearOptionValueCache(); diff --git a/nucleus/libs/SEARCH.php b/nucleus/libs/SEARCH.php index 146b5e4..ae28362 100644 --- a/nucleus/libs/SEARCH.php +++ b/nucleus/libs/SEARCH.php @@ -42,9 +42,9 @@ class Search $this->blogs = array(); // get all public searchable blogs, no matter what, include the current blog allways. - $res = sql_query('SELECT bnumber FROM '.sql_table('blog').' WHERE bincludesearch=1 '); - while ($obj = sql_fetch_object($res)) - $this->blogs[] = intval($obj->bnumber); + $res = DB::getResult('SELECT bnumber FROM '.sql_table('blog').' WHERE bincludesearch=1 '); + foreach ( $res as $row ) + $this->blogs[] = intval($row['bnumber']); } function boolean_sql_select($match){ @@ -60,8 +60,8 @@ class Search } if(i18n::strlen($stringsum_long)>0){ - $stringsum_long = sql_real_escape_string($stringsum_long); - $stringsum_a[] = " match ($match) against ('$stringsum_long') "; + $stringsum_long = DB::quoteValue($stringsum_long); + $stringsum_a[] = " match ({$match}) against ({$stringsum_long}) "; } $stringsum .= implode("+",$stringsum_a); @@ -134,7 +134,7 @@ class Search if (!is_array($matches)) $match=$matches; - else return ' match ('.$match.') against (\''.sql_real_escape_string($matches[1]).'\') > 0 '; + else return ' match ('.$match.') against ('.DB::quoteValue($matches[1]).') > 0 '; } @@ -144,7 +144,7 @@ class Search if (!is_array($matches)) $match=$matches; - else return ' ('.$this->boolean_sql_where_short(sql_real_escape_string($matches[1]),$match).') '; + else return ' ('.$this->boolean_sql_where_short($matches[1], $match).') '; } @@ -197,7 +197,7 @@ class Search function boolean_sql_where_short($string,$match){ $match_a = preg_split('#,#',$match); for($ith=0;$ithid); - $res = sql_query($query); - $obj = sql_fetch_object($res); - - $this->valid = (sql_num_rows($res) > 0); - if ( !$this->valid ) - { - return; + $res = DB::getRow($query); + + $this->valid = !empty($res); + if ( $this->valid ) + { $this->name = $res['sdname']; + $this->description = $res['sddesc']; + $this->contentType = $res['sdtype']; + $this->includeMode = $res['sdincmode']; + $this->includePrefix = $res['sdincpref']; } - $this->name = $obj->sdname; - $this->description = $obj->sddesc; - $this->contentType = $obj->sdtype; - $this->includeMode = $obj->sdincmode; - $this->includePrefix = $obj->sdincpref; return; } @@ -201,9 +198,9 @@ class Skin */ static public function exists($name) { - $query = "SELECT COUNT(*) AS result FROM %s WHERE sdname='%s';"; - $query = sprintf($query, sql_table('skin_desc'), sql_real_escape_string($name)); - return (quickQuery($query) > 0); + $query = "SELECT COUNT(*) AS result FROM %s WHERE sdname=%s;"; + $query = sprintf($query, sql_table('skin_desc'), DB::quoteValue($name)); + return (DB::getValue($query) > 0); } /** @@ -218,7 +215,7 @@ class Skin { $query = "SELECT COUNT(*) AS result FROM %s WHERE sdnumber=%d;"; $query = sprintf($query, sql_table('skin_desc'), (integer) $id); - return (quickQuery($query) > 0); + return (DB::getValue($query) > 0); } /** @@ -244,11 +241,9 @@ class Skin */ static public function getIdFromName($name) { - $query = "SELECT sdnumber FROM %s WHERE sdname='%s';"; - $query = sprintf($query, sql_table('skin_desc'), sql_real_escape_string($name)); - $res = sql_query($query); - $obj = sql_fetch_object($res); - return $obj->sdnumber; + $query = "SELECT sdnumber FROM %s WHERE sdname=%s;"; + $query = sprintf($query, sql_table('skin_desc'), DB::quoteValue($name)); + return DB::getValue($query); } /** @@ -263,7 +258,7 @@ class Skin { $query = "SELECT sdname AS result FROM %s WHERE sdnumber=%d;"; $query = sprintf($query, sql_table('skin_desc'), (integer) $id); - return quickQuery($query); + return DB::getValue($query); } /** @@ -282,32 +277,32 @@ class Skin { global $manager; - $data = array( - 'name' => &$name, - 'description' => &$desc, - 'type' => &$type, - 'includeMode' => &$includeMode, - 'includePrefix' => &$includePrefix + $data = array( + 'name' => &$name, + 'description' => &$desc, + 'type' => &$type, + 'includeMode' => &$includeMode, + 'includePrefix' => &$includePrefix ); $manager->notify('PreAddSkin', $data); - $query = "INSERT INTO %s (sdname, sddesc, sdtype, sdincmode, sdincpref) VALUES ('%s', '%s', '%s', '%s', '%s');"; - $sdname = sql_real_escape_string($name); - $sddesc = sql_real_escape_string($desc); - $sdtype = sql_real_escape_string($type); - $sdincmode = sql_real_escape_string($includeMode); - $sdincpref = sql_real_escape_string($includePrefix); + $query = "INSERT INTO %s (sdname, sddesc, sdtype, sdincmode, sdincpref) VALUES (%s, %s, %s, %s, %s);"; + $sdname = DB::quoteValue($name); + $sddesc = DB::quoteValue($desc); + $sdtype = DB::quoteValue($type); + $sdincmode = DB::quoteValue($includeMode); + $sdincpref = DB::quoteValue($includePrefix); $query = sprintf($query, sql_table('skin_desc'), $sdname, $sddesc, $sdtype, $sdincmode, $sdincpref); - sql_query($query); - $newid = sql_insert_id(); - - $data = array( - 'skinid' => $newid, - 'name' => $name, - 'description' => $desc, - 'type' => $type, - 'includeMode' => $includeMode, - 'includePrefix' => $includePrefix + DB::execute($query); + $newid = DB::getInsertId(); + + $data = array( + 'skinid' => $newid, + 'name' => $name, + 'description' => $desc, + 'type' => $type, + 'includeMode' => $includeMode, + 'includePrefix' => $includePrefix ); $manager->notify('PostAddSkin', $data); @@ -400,16 +395,11 @@ class Skin */ public function getContentFromDB($skintype) { - $query = "SELECT scontent FROM %s WHERE sdesc=%d and stype='%s';"; - $query = sprintf($query, sql_table('skin'), (integer) $this->id, sql_real_escape_string($skintype)); - $res = sql_query($query); + $query = "SELECT scontent FROM %s WHERE sdesc=%d and stype=%s;"; + $query = sprintf($query, sql_table('skin'), (integer) $this->id, DB::quoteValue($skintype)); + $res = DB::getValue($query); - if ( sql_num_rows($res) == 0 ) - { - return FALSE; - } - - return sql_result($res, 0, 0); + return $res ? $res : ''; } /** @@ -455,11 +445,11 @@ class Skin { global $manager; - $query = "SELECT sdesc FROM %s WHERE stype='%s' and sdesc=%d;"; - $query = sprintf($query, sql_table('skin'), sql_real_escape_string($type), (integer) $this->id); - $res = sql_query($query); + $query = "SELECT sdesc FROM %s WHERE stype=%s and sdesc=%d;"; + $query = sprintf($query, sql_table('skin'), DB::quoteValue($type), (integer) $this->id); + $res = DB::getValue($query); - $skintypeexists = sql_fetch_object($res); + $skintypeexists = !empty($res); $skintypevalue = ($content == true); if( $skintypevalue && $skintypeexists ) @@ -476,9 +466,9 @@ class Skin else if( $skintypevalue && !$skintypeexists ) { $data = array( - 'skinid' => $this->id, - 'type' => $type, - 'content' => &$content + 'skinid' => $this->id, + 'type' => $type, + 'content' => &$content ); $manager->notify("PreAdd{$this->event_identifier}Part", $data); @@ -486,24 +476,24 @@ class Skin else if( !$skintypevalue && $skintypeexists ) { $data = array( - 'skinid' => $this->id, - 'type' => $type + 'skinid' => $this->id, + 'type' => $type ); $manager->notify("PreDelete{$this->event_identifier}Part", $data); } // delete old thingie - $query = "DELETE FROM %s WHERE stype='%s' and sdesc=%d"; - $query = sprintf($query, sql_table('skin'), sql_real_escape_string($type), (integer) $this->id); - sql_query($query); + $query = "DELETE FROM %s WHERE stype=%s and sdesc=%d"; + $query = sprintf($query, sql_table('skin'), DB::quoteValue($type), (integer) $this->id); + DB::execute($query); // write new thingie if ( $content ) { - $query = "INSERT INTO %s (scontent, stype, sdesc) VALUE ('%s', '%s', %d)"; - $query = sprintf($query, sql_table('skin'), sql_real_escape_string($content), sql_real_escape_string($type), (integer) $this->id); - sql_query($query); + $query = "INSERT INTO %s (scontent, stype, sdesc) VALUE (%s, %s, %d)"; + $query = sprintf($query, sql_table('skin'), DB::quoteValue($content), DB::quoteValue($type), (integer) $this->id); + DB::execute($query); } if( $skintypevalue && $skintypeexists ) @@ -551,7 +541,7 @@ class Skin { $query = "DELETE FROM %s WHERE sdesc=%d;"; $query = sprintf($query, sql_table('skin'), (integer) $this->id); - sql_query($query); + DB::execute($query); } /** @@ -567,16 +557,16 @@ class Skin */ public function updateGeneralInfo($name, $desc, $type = 'text/html', $includeMode = 'normal', $includePrefix = '') { - $name = sql_real_escape_string($name); - $desc = sql_real_escape_string($desc); - $type = sql_real_escape_string($type); - $includeMode = sql_real_escape_string($includeMode); - $includePrefix = sql_real_escape_string($includePrefix); + $name = DB::quoteValue($name); + $desc = DB::quoteValue($desc); + $type = DB::quoteValue($type); + $includeMode = DB::quoteValue($includeMode); + $includePrefix = DB::quoteValue($includePrefix); - $query ="UPDATE %s SET sdname='%s', sddesc='%s', sdtype='%s', sdincmode='%s', sdincpref='%s' WHERE sdnumber=%d"; + $query ="UPDATE %s SET sdname=%s, sddesc=%s, sdtype=%s, sdincmode=%s, sdincpref=%s WHERE sdnumber=%d"; $query = sprintf($query, sql_table('skin_desc'), $name, $desc, $type, $includeMode, $includePrefix, (integer) $this->id); - sql_query($query); + DB::execute($query); return; } @@ -649,8 +639,8 @@ class Skin $in_default = array(); $no_default = array(); - $res = sql_query($query); - while ( $row = sql_fetch_array($res) ) + $res = DB::getResult($query); + foreach ( $res as $row ) { if ( !array_key_exists($row['stype'], $default_skintypes) ) { @@ -669,7 +659,7 @@ class Skin * Skin::getAllowedActionsForType() * Get the allowed actions for a skin type * returns an array with the allowed actions - * + * @return array allowed action types * @param string $skintype type of the skin * @return array allowed action types */ diff --git a/nucleus/libs/TEMPLATE.php b/nucleus/libs/TEMPLATE.php index 5849437..250a921 100644 --- a/nucleus/libs/TEMPLATE.php +++ b/nucleus/libs/TEMPLATE.php @@ -68,12 +68,10 @@ class Template */ static public function getIdFromName($name) { - $name = sql_real_escape_string($name); - $query = "SELECT tdnumber FROM %s WHERE tdname='%s';"; + $name = DB::quoteValue($name); + $query = "SELECT tdnumber FROM %s WHERE tdname=%s"; $query = sprintf($query, sql_table('template_desc'), $name); - $res = sql_query($query); - $obj = sql_fetch_object($res); - return $obj->tdnumber; + return DB::getValue($query); } /** @@ -86,9 +84,9 @@ class Template */ public function updateGeneralInfo($name, $desc) { - $query = "UPDATE %s SET tdname='%s', tddesc='%s' WHERE tdnumber=%d;"; - $query = sprintf($query, sql_table('template_desc'), sql_real_escape_string($name), sql_real_escape_string($desc), (integer) $this->getID()); - sql_query($query); + $query = "UPDATE %s SET tdname=%s, tddesc=%s WHERE tdnumber=%d"; + $query = sprintf($query, sql_table('template_desc'), DB::quoteValue($name), DB::quoteValue($desc), (integer) $this->getID()); + DB::execute($query); return; } @@ -103,16 +101,16 @@ class Template public function update($type, $content) { // delete old thingie - $query = "DELETE FROM %s WHERE tpartname='%s' and tdesc=%d"; - $query = sprintf($query, sql_table('template'), sql_real_escape_string($type), (integer) $this->getID()); - sql_query($query); + $query = "DELETE FROM %s WHERE tpartname=%s and tdesc=%d"; + $query = sprintf($query, sql_table('template'), DB::quoteValue($type), (integer) $this->getID()); + DB::execute($query); // write new thingie if ( $content ) { - $query = "INSERT %s (tcontent, tpartname, tdesc) VALUE ('%s', '%s', %d)"; - $query = sprintf($query, sql_table('template'), sql_real_escape_string($content), sql_real_escape_string($type), (integer) $this->getID()); - sql_query($query); + $query = "INSERT %s (tcontent, tpartname, tdesc) VALUE (%s, %s, %d)"; + $query = sprintf($query, sql_table('template'), DB::quoteValue($content), DB::quoteValue($type), (integer) $this->getID()); + DB::execute($query); } return; } @@ -128,7 +126,7 @@ class Template { $query = "DELETE FROM %s WHERE tdesc=%d"; $query = sprintf($query, sql_table('template'), (integer) $this->getID()); - sql_query($query); + DB::execute($query); return; } @@ -153,8 +151,8 @@ class Template ) ); - sql_query('INSERT INTO '.sql_table('template_desc')." (tdname, tddesc) VALUES ('" . sql_real_escape_string($name) . "','" . sql_real_escape_string($desc) . "')"); - $newId = sql_insert_id(); + DB::execute('INSERT INTO '.sql_table('template_desc').' (tdname, tddesc) VALUES (' . DB::quoteValue($name) . ',' . DB::quoteValue($desc) . ')'); + $newId = DB::getInsertId(); $manager->notify( 'PostAddTemplate', @@ -185,14 +183,14 @@ class Template ) ); - $query = "SELECT tpartname, tcontent FROM %s, %s WHERE tdesc=tdnumber and tdname='%s'"; - $query = sprintf($query, sql_table('template_desc'), sql_table('template'), sql_real_escape_string($name)); - $res = sql_query($query); + $query = "SELECT tpartname, tcontent FROM %s, %s WHERE tdesc=tdnumber and tdname=%s"; + $query = sprintf($query, sql_table('template_desc'), sql_table('template'), DB::quoteValue($name)); + $res = DB::getResult($query); $template = array(); - while ($obj = sql_fetch_object($res)) + foreach ( $res as $row ) { - $template[$obj->tpartname] = $obj->tcontent; + $template[$row['tpartname']] = $row['tcontent']; } /* @@ -243,10 +241,10 @@ class Template */ static public function exists($name) { - $query = "SELECT * FROM %s WHERE tdname='%s';"; - $query = sprintf($query, sql_table('template_desc'), sql_real_escape_string($name)); - $r = sql_query($query); - return (sql_num_rows($r) != 0); + $query = "SELECT * FROM %s WHERE tdname=%s"; + $query = sprintf($query, sql_table('template_desc'), DB::quoteValue($name)); + $r = DB::getResult($query); + return ($r->rowCount() != 0); } /** @@ -259,10 +257,10 @@ class Template */ static public function existsID($id) { - $query = "SELECT * FROM %s WHERE tdnumber=%d;"; + $query = "SELECT * FROM %s WHERE tdnumber=%d"; $query = sprintf($query, sql_table('template_desc'), (integer) $id); - $r = sql_query($query); - return (sql_num_rows($r) != 0); + $r = DB::getResult($query); + return ($r->rowCount() != 0); } /** @@ -276,7 +274,7 @@ class Template { $query = "SELECT tdname as result FROM %s WHERE tdnumber=%d"; $query = sprintf($query, sql_table('template_desc'), (integer) $id); - return quickQuery($query); + return DB::getValue($query); } /** @@ -288,10 +286,8 @@ class Template */ static public function getDesc($id) { - $query = "SELECT tddesc FROM %s WHERE tdnumber=%d;"; + $query = "SELECT tddesc FROM %s WHERE tdnumber=%d"; $query = sprintf($query, sql_table('template_desc'), (integer) $id); - $res = sql_query($query); - $obj = sql_fetch_object($res); - return $obj->tddesc; + return DB::getValue($query); } } diff --git a/nucleus/libs/backup.php b/nucleus/libs/backup.php index 9147a71..64ae2da 100644 --- a/nucleus/libs/backup.php +++ b/nucleus/libs/backup.php @@ -75,10 +75,11 @@ class Backup // add tables that plugins want to backup to the list // catch all output generated by plugins ob_start(); - $res = sql_query('SELECT pfile FROM ' . sql_table('plugin')); - while ( $plugName = sql_fetch_object($res) ) + $query = sprintf('SELECT pfile FROM %s', sql_table('plugin')); + $res = DB::getResult($query); + foreach ( $res as $row ) { - $plug =& $manager->getPlugin($plugName->pfile); + $plug =& $manager->getPlugin($row['pfile']); if ( $plug ) { $tables = array_merge($tables, (array) $plug->getTableList()); @@ -178,10 +179,9 @@ class Backup static private function dump_structure($tablename) { // add command to drop table on restore - echo "DROP TABLE IF EXISTS `$tablename`;\n\n"; - $result = sql_query("SHOW CREATE TABLE $tablename"); - $create = sql_fetch_assoc($result); - echo $create['Create Table']; + echo "DROP TABLE IF EXISTS {$tablename};\n\n"; + $result = DB::getRow("SHOW CREATE TABLE {$tablename}"); + echo $result['Create Table']; echo ";\n\n"; return; } @@ -202,7 +202,8 @@ class Backup $fields = array(); for ( $j = 0; $j < $num_fields; $j++ ) { - $fields[] = sql_field_name($result, $j); + $col = $result->getColumnMeta($j); + $fields[] = $col['name']; } return '(' . implode(', ', $fields) . ')'; @@ -222,9 +223,9 @@ class Backup /* * Grab the data from the table. */ - $result = sql_query("SELECT * FROM $tablename"); + $result = DB::getResult("SELECT * FROM $tablename"); - if ( sql_num_rows($result) > 0 ) + if ( $result->rowCount() > 0 ) { echo "\n"; echo "/*\n"; @@ -232,7 +233,7 @@ class Backup echo " */\n"; } - $num_fields = sql_num_fields($result); + $num_fields = $result->columnCount(); /* * Compose fieldname list @@ -242,10 +243,10 @@ class Backup /* * Loop through the resulting rows and build the sql statement. */ - while ( $row = sql_fetch_array($result) ) + foreach ( $result as $row ) { // Start building the SQL statement. - echo "INSERT INTO ".$tablename." $tablename_list VALUES("; + echo 'INSERT INTO ' . $tablename . ' ' . $tablename_list . ' VALUES('; // Loop through the rows and fill in data for each column for ( $j = 0; $j < $num_fields; $j++ ) @@ -258,7 +259,7 @@ class Backup elseif ( $row[$j] != '' ) { // data - echo " '" . sql_real_escape_string($row[$j]) . "'"; + echo ' ' . DB::quoteValue($row[$j]); } else { @@ -269,7 +270,7 @@ class Backup // only add comma when not last column if ( $j != ($num_fields - 1) ) { - echo ","; + echo ','; } } echo ");\n"; @@ -367,9 +368,10 @@ class Backup /* execute sql statements */ foreach ( $queries as $query ) { - if ( !sql_query($query) ) + if ( DB::execute($query) === FALSE ) { - debug('SQL Error: ' . sql_error()); + $error = DB::getError(); + debug('SQL Error: ' . $error[2]); break; } continue; diff --git a/nucleus/libs/globalfunctions.php b/nucleus/libs/globalfunctions.php index 6cf9616..4db7221 100644 --- a/nucleus/libs/globalfunctions.php +++ b/nucleus/libs/globalfunctions.php @@ -2,7 +2,7 @@ /* * Nucleus: PHP/MySQL Weblog CMS (http://nucleuscms.org/) - * Copyright (C) 2002-2012 The Nucleus Group + * Copyright (C) 2002-2009 The Nucleus Group * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -12,8 +12,8 @@ */ /** * @license http://nucleuscms.org/license.txt GNU General Public License - * @copyright Copyright (C) 2002-2012 The Nucleus Group - * @version $Id: globalfunctions.php 1727 2012-04-07 02:54:22Z sakamocchi $ + * @copyright Copyright (C) 2002-2009 The Nucleus Group + * @version $Id: globalfunctions.php 1825 2012-05-04 16:56:35Z sakamocchi $ */ /* needed if we include globalfunctions from install.php */ @@ -22,14 +22,28 @@ global $nucleus, $CONF, $DIR_LIBS, $DIR_LOCALES, $manager, $member; $nucleus['version'] = 'v4.00 SVN'; $nucleus['codename'] = ''; +/* + * make sure there's no unnecessary escaping: + * set_magic_quotes_runtime(0); + */ +if ( version_compare(PHP_VERSION, '5.3.0', '<') ) +{ + ini_set('magic_quotes_runtime', '0'); +} + /* check and die if someone is trying to override internal globals (when register_globals turn on) */ checkVars(array('nucleus', 'CONF', 'DIR_LIBS', 'MYSQL_HOST', 'MYSQL_USER', 'MYSQL_PASSWORD', 'MYSQL_DATABASE', 'DIR_LOCALES', 'DIR_PLUGINS', 'HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_ENV_VARS', 'HTTP_SESSION_VARS', 'HTTP_POST_FILES', 'HTTP_SERVER_VARS', 'GLOBALS', 'argv', 'argc', '_GET', '_POST', '_COOKIE', '_ENV', '_SESSION', '_SERVER', '_FILES')); -/* debug mode */ if ( !isset($CONF) ) { $CONF = array(); } + +/* debug mode */ +if ( array_key_exists('debug', $CONF) && $CONF['debug'] ) +{ + $CONF = array(); +} if ( array_key_exists('debug', $CONF) && $CONF['debug'] ) { /* report all errors! */ @@ -42,63 +56,23 @@ else } /* - * FIXME: This is for compatibility since 4.0, should be obsoleted at future release. - */ -if ( !isset($DIR_LOCALES) ) -{ - $DIR_LOCALES = $DIR_NUCLEUS . 'locales/'; -} -global $DIR_LANG; -if ( !isset($DIR_LANG) ) -{ - $DIR_LANG = $DIR_LOCALES; -} - -/* - * load and initialize i18n class - */ -if (!class_exists('i18n', FALSE)) -{ - include($DIR_LIBS . 'i18n.php'); -} -if ( !i18n::init('UTF-8', $DIR_LOCALES) ) -{ - exit('Fail to initialize i18n class.'); -} -/* - * FIXME: This is for compatibility since 4.0, should be obsoleted at future release. - */ -define('_CHARSET', i18n::get_current_charset()); - -/* - * Indicates when Nucleus should display startup errors. Set to 1 if you want - * the error enabled (default), false otherwise - * * alertOnHeadersSent * Displays an error when visiting a public Nucleus page and headers have * been sent out to early. This usually indicates an error in either a * configuration file or a translation file, and could cause Nucleus to * malfunction - * alertOnSecurityRisk - * Displays an error only when visiting the admin area, and when one or - * more of the installation files (install.php, install.sql, upgrades/ - * directory) are still on the server. */ if ( !array_key_exists('alertOnHeadersSent', $CONF) || $CONF['alertOnHeadersSent'] !== 0 ) { $CONF['alertOnHeadersSent'] = 1; } -$CONF['alertOnSecurityRisk'] = 1; /* - * NOTE: this should be removed when releasing 4.0 -$CONF['ItemURL'] = $CONF['Self']; -$CONF['ArchiveURL'] = $CONF['Self']; -$CONF['ArchiveListURL'] = $CONF['Self']; -$CONF['MemberURL'] = $CONF['Self']; -$CONF['SearchURL'] = $CONF['Self']; -$CONF['BlogURL'] = $CONF['Self']; -$CONF['CategoryURL'] = $CONF['Self']; -*/ + * alertOnSecurityRisk + * Displays an error only when visiting the admin area, and when one or + * more of the installation files (install.php, install.sql, upgrades/ + * directory) are still on the server. + */ +$CONF['alertOnSecurityRisk'] = 1; /* * Set these to 1 to allow viewing of future items or draft items @@ -115,60 +89,80 @@ if ( getNucleusPatchLevel() > 0 ) } /* Avoid notices */ -if ( !isset($CONF['installscript']) ) +if ( !array_key_exists('installscript', $CONF) || empty($CONF['installscript']) ) { $CONF['installscript'] = 0; } - -/* we will use postVar, getVar, ... methods instead of $_GET, $_POST ...*/ -if ( $CONF['installscript'] != 1 ) +if ( !array_key_exists('UsingAdminArea', $CONF) ) { - /* vars were already included in install.php */ - include_once($DIR_LIBS . 'vars4.1.0.php'); + $CONF['UsingAdminArea'] = 0; } -/* sanitize option */ -$bLoggingSanitizedResult=0; -$bSanitizeAndContinue=0; +if ( !headers_sent() ) +{ + header('Generator: Nucleus CMS ' . $nucleus['version']); +} -$orgRequestURI = serverVar('REQUEST_URI'); -sanitizeParams(); -/* get all variables that can come from the request and put them in the global scope */ -$blogid = requestVar('blogid'); -$itemid = intRequestVar('itemid'); -$catid = intRequestVar('catid'); -$skinid = requestVar('skinid'); -$memberid = requestVar('memberid'); -$archivelist = requestVar('archivelist'); -$imagepopup = requestVar('imagepopup'); -$archive = requestVar('archive'); -$query = requestVar('query'); -$highlight = requestVar('highlight'); -$amount = requestVar('amount'); -$action = requestVar('action'); -$nextaction = requestVar('nextaction'); -$maxresults = requestVar('maxresults'); -$startpos = intRequestVar('startpos'); -$errormessage = ''; -$error = ''; -$special = requestVar('special'); -$virtualpath = ((getVar('virtualpath') != null) ? getVar('virtualpath') : serverVar('PATH_INFO')); +/* TODO: This is for compatibility since 4.0, should be obsoleted at future release. */ +if ( !isset($DIR_LOCALES) ) +{ + $DIR_LOCALES = $DIR_NUCLEUS . 'locales/'; +} +global $DIR_LANG; +if ( !isset($DIR_LANG) ) +{ + $DIR_LANG = $DIR_LOCALES; +} -if ( !headers_sent() ) +/* load and initialize i18n class */ +if (!class_exists('i18n', FALSE)) { - header('Generator: Nucleus CMS ' . $nucleus['version']); + include($DIR_LIBS . 'i18n.php'); } +if ( !i18n::init('UTF-8', $DIR_LOCALES) ) +{ + exit('Fail to initialize i18n class.'); +} + +/* TODO: This is just for compatibility since 4.0, should be obsoleted at future release. */ +define('_CHARSET', i18n::get_current_charset()); + /* * NOTE: Since 4.0 release, Entity class becomes to be important class * with some wrapper functions for htmlspechalchars/htmlentity PHP's built-in function -*/ + */ include($DIR_LIBS . 'ENTITY.php'); +/* we will use postVar, getVar, ... methods instead of $_GET, $_POST ... */ +if ( $CONF['installscript'] != 1 ) +{ + /* vars were already included in install.php */ + include_once($DIR_LIBS . 'vars4.1.0.php'); + + /* added for 4.0 DB::* wrapper and compatibility sql_* */ + include_once($DIR_LIBS . 'sql/sql.php'); +} + /* include core classes that are needed for login & plugin handling */ -include_once($DIR_LIBS . 'mysql.php'); -/* added for 3.5 sql_* wrapper */ +include($DIR_LIBS . 'MEMBER.php'); +include($DIR_LIBS . 'ACTIONLOG.php'); +include($DIR_LIBS . 'MANAGER.php'); +include($DIR_LIBS . 'PLUGIN.php'); + +$manager =& MANAGER::instance(); + +/* only needed when updating logs */ +if ( $CONF['UsingAdminArea'] ) +{ + /* XML-RPC client classes */ + include($DIR_LIBS . 'xmlrpc.inc.php'); + include($DIR_LIBS . 'ADMIN.php'); +} + + +/* connect to database */ global $MYSQL_HANDLER; if ( !isset($MYSQL_HANDLER) ) { @@ -178,50 +172,61 @@ if ( $MYSQL_HANDLER[0] == '' ) { $MYSQL_HANDLER[0] = 'mysql'; } -include_once($DIR_LIBS . 'sql/'.$MYSQL_HANDLER[0].'.php'); -/* end new for 3.5 sql_* wrapper */ -include($DIR_LIBS . 'MEMBER.php'); -include($DIR_LIBS . 'ACTIONLOG.php'); -include($DIR_LIBS . 'MANAGER.php'); -include($DIR_LIBS . 'PLUGIN.php'); +DB::setConnectionInfo($MYSQL_HANDLER[1], $MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD, $MYSQL_DATABASE); -$manager =& Manager::instance(); -/* - * make sure there's no unnecessary escaping: - * set_magic_quotes_runtime(0); - */ -if ( version_compare(PHP_VERSION, '5.3.0', '<') ) +/* force locale or charset */ +$locale = ''; +$charset = i18n::get_current_charset(); + +$data = array( + 'locale' => &$locale, + 'charset' => &$charset +); +$manager->notify('ForceLocale', $data); + +if ( $data['locale'] !== '' ) { - ini_set('magic_quotes_runtime', '0'); + i18n::set_forced_locale($data['locale']); } - -/* Avoid notices */ -if ( !array_key_exists('UsingAdminArea', $CONF) ) +if ( $data['charset'] !== '' ) { - $CONF['UsingAdminArea'] = 0; + i18n::set_forced_charset($data['charset']); } +unset($locale); +unset($charset); -/* only needed when updating logs */ -if ( $CONF['UsingAdminArea'] ) + +/* convert forced charset to current charset */ +if ( i18n::get_forced_charset() != i18n::get_current_charset() ) { - /* XML-RPC client classes */ - include($DIR_LIBS . 'xmlrpc.inc.php'); - include_once($DIR_LIBS . 'ADMIN.php'); + $_POST = i18n::convert_array($_POST, i18n::get_forced_charset()); + $_GET = i18n::convert_array($_GET, i18n::get_forced_charset()); + $_REQUEST = i18n::convert_array($_REQUEST, i18n::get_forced_charset()); + $_COOKIE = i18n::convert_array($_COOKIE, i18n::get_forced_charset()); + $_FILES = i18n::convert_array($_FILES, i18n::get_forced_charset()); + + if ( session_id() !== '' ) + { + $_SESSION = i18n::convert_array($_SESSION, i18n::get_forced_charset()); + } } -/* connect to database */ -sql_connect(); -$SQLCount = 0; + +/* sanitize option */ +$bLoggingSanitizedResult = 0; +$bSanitizeAndContinue = 0; +$orgRequestURI = serverVar('REQUEST_URI'); +sanitizeParams(); /* logs sanitized result if need */ -if ( $orgRequestURI!==serverVar('REQUEST_URI') ) +if ( $orgRequestURI !== serverVar('REQUEST_URI') ) { $msg = "Sanitized [" . serverVar('REMOTE_ADDR') . "] "; $msg .= $orgRequestURI . " -> " . serverVar('REQUEST_URI'); if ( $bLoggingSanitizedResult ) { - addToLog(WARNING, $msg); + addToLog(WARNING, $msg); } if ( !$bSanitizeAndContinue ) { @@ -229,25 +234,31 @@ if ( $orgRequestURI!==serverVar('REQUEST_URI') ) } } -/* makes sure database connection gets closed on script termination */ -register_shutdown_function('sql_disconnect'); +/* get all variables that can come from the request and put them in the global scope */ +$blogid = requestVar('blogid'); +$itemid = intRequestVar('itemid'); +$catid = intRequestVar('catid'); +$skinid = requestVar('skinid'); +$memberid = requestVar('memberid'); +$archivelist = requestVar('archivelist'); +$imagepopup = requestVar('imagepopup'); +$archive = requestVar('archive'); +$query = requestVar('query'); +$highlight = requestVar('highlight'); +$amount = requestVar('amount'); +$action = requestVar('action'); +$nextaction = requestVar('nextaction'); +$maxresults = requestVar('maxresults'); +$startpos = intRequestVar('startpos'); +$errormessage = ''; +$error = ''; +$special = requestVar('special'); +$virtualpath = ((getVar('virtualpath') != NULL) ? getVar('virtualpath') : serverVar('PATH_INFO')); + /* read config */ getConfig(); -/* - * FIXME: This is for backward compatibility, should be obsoleted near future. - */ -if ( !preg_match('#^(.+)_(.+)_(.+)$#', $CONF['Locale']) - && ($CONF['Locale'] = i18n::convert_old_language_file_name_to_locale($CONF['Locale'])) === FALSE ) -{ - $CONF['Locale'] = 'en_Latn_US'; -} -if ( !array_key_exists('Language', $CONF) ) -{ - $CONF['Language'] = i18n::convert_locale_to_old_language_file_name($CONF['Locale']); -} -$locale = $CONF['Locale']; /* Properly set $CONF['Self'] and others if it's not set... * usually when we are access from admin menu @@ -262,13 +273,13 @@ if ( !array_key_exists('Self', $CONF) ) } } -$CONF['ItemURL'] = $CONF['Self']; -$CONF['ArchiveURL'] = $CONF['Self']; -$CONF['ArchiveListURL'] = $CONF['Self']; -$CONF['MemberURL'] = $CONF['Self']; -$CONF['SearchURL'] = $CONF['Self']; -$CONF['BlogURL'] = $CONF['Self']; -$CONF['CategoryURL'] = $CONF['Self']; +$CONF['ItemURL'] = $CONF['Self']; +$CONF['ArchiveURL'] = $CONF['Self']; +$CONF['ArchiveListURL'] = $CONF['Self']; +$CONF['MemberURL'] = $CONF['Self']; +$CONF['SearchURL'] = $CONF['Self']; +$CONF['BlogURL'] = $CONF['Self']; +$CONF['CategoryURL'] = $CONF['Self']; /* *switch URLMode back to normal when $CONF['Self'] ends in .php @@ -307,14 +318,39 @@ else $member->cookielogin(); } + +/* TODO: This is for backward compatibility, should be obsoleted near future. */ +if ( !preg_match('#^(.+)_(.+)_(.+)$#', $CONF['Locale']) + && ($CONF['Locale'] = i18n::convert_old_language_file_name_to_locale($CONF['Locale'])) === FALSE ) +{ + $CONF['Locale'] = 'en_Latn_US'; +} +if ( !array_key_exists('Language', $CONF) ) +{ + $CONF['Language'] = i18n::convert_locale_to_old_language_file_name($CONF['Locale']); +} +$locale = $CONF['Locale']; + + /* NOTE: include translation file and set locale */ -if ( $member->isLoggedIn() && $member->getLocale()) +if ( $member->isLoggedIn() ) { - $locale = $member->getLocale(); + if ( $member->getLocale() ) + { + $locale = $member->getLocale(); + } +} +else +{ + if ( i18n::get_forced_locale() !== '' ) + { + $locale = i18n::get_forced_locale(); + } } include_translation($locale); i18n::set_current_locale($locale); + /* login completed */ $manager->notify('PostAuthentication', array('loggedIn' => $member->isLoggedIn() ) ); @@ -511,20 +547,38 @@ if ( $CONF['URLMode'] == 'pathinfo' ) * the values of something like catid or itemid * New in 3.60 */ -$manager->notify( - 'PostParseURL', - array( - /* e.g. item, blog, ... */ - 'type' => basename(serverVar('SCRIPT_NAME') ), - 'info' => $virtualpath - ) +$data = array( + 'type' => basename(serverVar('SCRIPT_NAME')), + 'info' => $virtualpath ); +$manager->notify('PostParseURL', $data); /* * NOTE: Here is the end of initialization */ - /** +/** + * Errors before the database connection has been made + * + * @param string $msg message to notify + * @param string $title page title + * @return void + */ +function startUpError($msg, $title) +{ + header('Content-Type: text/xml; charset=' . i18n::get_current_charset()); + echo "\n"; + echo "\n"; + echo ''. Entity::hsc($title) . "\n"; + echo "\n"; + echo '

' . Entity::hsc($title) . "

\n"; + echo $msg; + echo "\n"; + echo "\n"; + exit; +} + +/** * This function includes or requires the specified library file * @param string $file * @param bool $once use the _once() version @@ -735,51 +789,72 @@ $manager->notify( } - /** - * TODO: This function should be changed to send_content_type() per the Coding Guidelines. Ensure this change is compatible with rest of core. - * - * This function sends the Content-Type header if headers have not already been sent - * It also determines if the browser can accept application/xhtml+xml and sends it only to those that can. - * @param string $content_type - * @param string $page_type - * @param string $charset Deprecated. This has no meaning. - */ - function sendContentType($content_type, $page_type = '', $charset = _CHARSET) +/** + * sendContentType() + * This function sends the Content-Type header if headers have not already been sent + * It also determines if the browser can accept application/xhtml+xml and sends it only to those that can. + * + * if content type is application/xhtml+xml, only send it to browsers + * that can handle it (IE6 cannot). Otherwise, send text/html + * + * v2.5: + * For admin area pages, keep sending text/html (unless it's a debug version) + * application/xhtml+xml still causes too much problems with the javascript implementations + * + * v3.3: + * ($CONF['UsingAdminArea'] && !$CONF['debug']) gets removed, + * application/xhtml+xml seems to be working, so we're going to use it if we can. + * + * @param string $content_type MIME media type registered to IANA, http://www.iana.org/assignments/media-types/index.html + * @param string $page_type + * @param string $charset Deprecated. This has no meaning. + * @return void + * + */ +function sendContentType($content_type, $page_type = '', $charset = '') +{ + global $manager, $CONF; + + if ( headers_sent() ) { - global $manager, $CONF; - - if ( !headers_sent() ) - { - // if content type is application/xhtml+xml, only send it to browsers - // that can handle it (IE6 cannot). Otherwise, send text/html - - // v2.5: For admin area pages, keep sending text/html (unless it's a debug version) - // application/xhtml+xml still causes too much problems with the javascript implementations - - // v3.3: ($CONF['UsingAdminArea'] && !$CONF['debug']) gets removed, - // application/xhtml+xml seems to be working, so we're going to use it if we can. - - if ( ($content_type == 'application/xhtml+xml') - && (!stristr(serverVar('HTTP_ACCEPT'), 'application/xhtml+xml') ) ) - { - $content_type = 'text/html'; - } // end if - - $manager->notify( - 'PreSendContentType', - array( - 'contentType' => &$content_type, - 'charset' => i18n::get_current_charset(), - 'pageType' => $page_type - ) - ); - - // strip strange characters - $content_type = preg_replace('|[^a-z0-9-+./]|i', '', $content_type); - header('Content-Type: ' . $content_type . '; charset=' . i18n::get_current_charset()); - } // end if - + return; } + + /* NOTE: MIME Media Type */ + if ( ($content_type == 'application/xhtml+xml') + && (!stristr(serverVar('HTTP_ACCEPT'), 'application/xhtml+xml') ) ) + { + $content_type = 'text/html'; + } + + /* NOTE: generate event */ + $data = array( + 'pageType' => $page_type, + 'contentType' => &$content_type + ); + $manager->notify('PreSendContentType', $data); + + /* NOTE: confirm MIME Media Type */ + $content_type = preg_replace('#[^a-zA-Z0-9-+./]#', '', $content_type); + + /* NOTE: confirm character set */ + $charset = i18n::get_current_charset(); + if ( i18n::get_forced_charset() !== '' ) + { + $charset = i18n::get_forced_charset(); + } + + /* NOTE: send HTTP 1.1 header */ + header("Content-Type: {$content_type}; charset={$charset}"); + + /* NOTE: set handler for translating character set */ + if ( $charset != i18n::get_current_charset() ) + { + ob_start(array('i18n', 'convert_handler')); + } + + return; +} /** @@ -828,7 +903,8 @@ $manager->notify( */ function getBlogIDFromName($name) { - return quickQuery('SELECT bnumber AS result FROM ' . sql_table('blog') . ' WHERE bshortname = "' . sql_real_escape_string($name) . '"'); + $query = sprintf('SELECT bnumber AS result FROM %s WHERE bshortname=%s', sql_table('blog'), DB::quoteValue($name)); + return DB::getValue($query); } @@ -839,7 +915,8 @@ $manager->notify( */ function getBlogNameFromID($id) { - return quickQuery('SELECT bname AS result FROM ' . sql_table('blog') . ' WHERE bnumber = ' . intval($id)); + $query = sprintf('SELECT bname AS result FROM %s WHERE bnumber=%d', sql_table('blog'), intval($id)); + return DB::getValue($query); } @@ -850,7 +927,8 @@ $manager->notify( */ function getBlogIDFromItemID($item_id) { - return quickQuery('SELECT iblog AS result FROM ' . sql_table('item') . ' WHERE inumber = ' . intval($item_id)); + $query = sprintf('SELECT iblog AS result FROM %s WHERE inumber=%d', sql_table('item'), intval($item_id)); + return DB::getValue($query); } @@ -861,7 +939,8 @@ $manager->notify( */ function getBlogIDFromCommentID($comment_id) { - return quickQuery('SELECT cblog AS result FROM ' . sql_table('comment') . ' WHERE cnumber = ' . intval($comment_id)); + $query = sprintf('SELECT cblog AS result FROM %s WHERE cnumber=%d', sql_table('comment'), intval($comment_id)); + return DB::getValue($query); } @@ -872,7 +951,8 @@ $manager->notify( */ function getBlogIDFromCatID($category_id) { - return quickQuery('SELECT cblog AS result FROM ' . sql_table('category') . ' WHERE catid = ' . intval($category_id)); + $query = sprintf('SELECT cblog AS result FROM %s WHERE catid=%d', sql_table('category'), intval($category_id)); + return DB::getValue($query); } @@ -883,26 +963,25 @@ $manager->notify( */ function getCatIDFromName($name) { - return quickQuery('SELECT catid AS result FROM ' . sql_table('category') . ' WHERE cname = "' . sql_real_escape_string($name) . '"'); + $query = sprintf('SELECT catid AS result FROM %s WHERE cname=%s', sql_table('category'), DB::quoteValue($name)); + return DB::getValue($query); } /** * This function performs a quick SQL query + * @deprecated * @param string $query * @return object */ function quickQuery($query) { - $res = sql_query($query); - $obj = sql_fetch_object($res); - return (is_object($obj)) ? $obj->result : FALSE; + $row = DB::getRow($query); + return $row['result']; } - function getPluginNameFromPid($pid) { - $res = sql_query('SELECT pfile FROM ' . sql_table('plugin') . ' WHERE pid=' . intval($pid) ); - $obj = sql_fetch_object($res); - return $obj->pfile; + $query = sprintf('SELECT pfile FROM %s WHERE pid=%d', sql_table('plugin'), intval($pid)); + return DB::getValue($query); // return isset($obj->pfile) ? $obj->pfile : false; } @@ -972,69 +1051,64 @@ function selector() // 1. get timestamp, blogid and catid for item $query = 'SELECT itime, iblog, icat FROM %s WHERE inumber=%d'; - $query = sprintf($query, sql_table('item'), (integer) $itemid); - $res = sql_query($query); - $obj = sql_fetch_object($res); + $query = sprintf($query, sql_table('item'), intval($itemid)); + $row = DB::getRow($query); // if a different blog id has been set through the request or selectBlog(), // deny access - if ( $blogid && (intval($blogid) != $obj->iblog) ) + if ( $blogid && (intval($blogid) != $row['iblog']) ) { doError(_ERROR_NOSUCHITEM); } // if a category has been selected which doesn't match the item, ignore the // category. #85 - if ( ($catid != 0) && ($catid != $obj->icat) ) + if ( ($catid != 0) && ($catid != $row['icat']) ) { $catid = 0; } - $blogid = $obj->iblog; - $timestamp = strtotime($obj->itime); + $blogid = $row['iblog']; + $timestamp = strtotime($row['itime']); $b =& $manager->getBlog($blogid); if ( !$b->isValidCategory($catid) ) { - $query = "SELECT inumber, ititle FROM %s WHERE itime<'%s' AND idraft=0 AND iblog=%d ORDER BY itime DESC LIMIT 1"; - $query = sprintf($query, sql_table('item'), i18n::formatted_datetime('mysql', $timestamp), $blogid); + $query = "SELECT inumber, ititle FROM %s WHERE itime<%s AND idraft=0 AND iblog=%d ORDER BY itime DESC LIMIT 1"; + $query = sprintf($query, sql_table('item'), DB::formatDateTime($timestamp), intval($blogid)); } else { - $query = "SELECT inumber, ititle FROM %s WHERE itime<'%s' AND idraft=0 AND iblog=%d AND icat=%d ORDER BY itime DESC LIMIT 1"; - $query = sprintf($query, sql_table('item'), i18n::formatted_datetime('mysql', $timestamp), $blogid, $catid); + $query = "SELECT inumber, ititle FROM %s WHERE itime<%s AND idraft=0 AND iblog=%d AND icat=%d ORDER BY itime DESC LIMIT 1"; + $query = sprintf($query, sql_table('item'), DB::formatDateTime($timestamp), intval($blogid), intval($catid)); } + $row = DB::getRow($query); - $res = sql_query($query); - $obj = sql_fetch_object($res); - - if ( $obj ) + if ( $row ) { - $itemidprev = $obj->inumber; - $itemtitleprev = $obj->ititle; + $itemidprev = $row['inumber']; + $itemtitleprev = $row['ititle']; } // get next itemid and title if ( !$b->isValidCategory($catid) ) { - $query = "SELECT inumber, ititle FROM %s WHERE itime>'%s' AND itime<='%s' AND idraft=0 AND iblog=%d ORDER BY itime ASC LIMIT 1"; - $query = sprintf($query, sql_table('item'), i18n::formatted_datetime('mysql', $timestamp), i18n::formatted_datetime('mysql', $b->getCorrectTime()), $blogid); + $query = "SELECT inumber, ititle FROM %s WHERE itime>%s AND itime<=%s AND idraft=0 AND iblog=%d ORDER BY itime ASC LIMIT 1"; + $query = sprintf($query, sql_table('item'), DB::formatDateTime($timestamp), DB::formatDateTime($b->getCorrectTime()), intval($blogid)); } else { - $query = "SELECT inumber, ititle FROM %s WHERE itime>'%s' AND itime<='%s' AND idraft=0 AND iblog=%d AND icat=%d ORDER BY itime ASC LIMIT 1"; - $query = sprintf($query, sql_table('item'), i18n::formatted_datetime('mysql', $timestamp), i18n::formatted_datetime('mysql', $b->getCorrectTime()), $blogid, $catid); + $query = "SELECT inumber, ititle FROM %s WHERE itime>%s AND itime<=%s AND idraft=0 AND iblog=%d AND icat=%d ORDER BY itime ASC LIMIT 1"; + $query = sprintf($query, sql_table('item'), DB::formatDateTime($timestamp), DB::formatDateTime($b->getCorrectTime()), intval($blogid), intval($catid)); } - $res = sql_query($query); + $row = DB::getRow($query); - $obj = sql_fetch_object($res); - - if ( $obj ) + if ( $row ) { - $itemidnext = $obj->inumber; - $itemtitlenext = $obj->ititle; + $itemidnext = $row['inumber']; + $itemtitlenext = $row['ititle']; } } elseif ( $archive ) @@ -1046,10 +1120,10 @@ function selector() global $archivenext, $archiveprev, $archivetype, $archivenextexists, $archiveprevexists; // sql queries for the timestamp of the first and the last published item - $query = "SELECT UNIX_TIMESTAMP(itime) as result FROM ".sql_table('item')." WHERE idraft=0 ORDER BY itime ASC"; - $first_timestamp=quickQuery ($query); - $query = "SELECT UNIX_TIMESTAMP(itime) as result FROM ".sql_table('item')." WHERE idraft=0 ORDER BY itime DESC"; - $last_timestamp=quickQuery ($query); + $query = sprintf('SELECT UNIX_TIMESTAMP(itime) as result FROM %s WHERE idraft=0 ORDER BY itime ASC', sql_table('item')); + $first_timestamp = DB::getValue($query); + $query = sprintf('SELECT UNIX_TIMESTAMP(itime) as result FROM %s WHERE idraft=0 ORDER BY itime DESC', sql_table('item')); + $last_timestamp = DB::getValue($query); sscanf($archive, '%d-%d-%d', $y, $m, $d); @@ -1309,11 +1383,12 @@ function doError($msg, $skin = '') function getConfig() { global $CONF; - $query = 'SELECT * FROM ' . sql_table('config'); - $res = sql_query($query); + $query = sprintf('SELECT * FROM %s', sql_table('config')); + $res = DB::getResult($query); - while ($obj = sql_fetch_object($res) ) { - $CONF[$obj->name] = $obj->value; + foreach ( $res as $row ) + { + $CONF[$row['name']] = $row['value']; } } @@ -1408,7 +1483,7 @@ function selectItem($id) { function parseFile($filename, $includeMode = 'normal', $includePrefix = '') { global $skinid; - + if ( !$skinid || !existsID($skinid) ) { $skin = new Skin($CONF['BaseSkin']); @@ -1416,16 +1491,16 @@ function parseFile($filename, $includeMode = 'normal', $includePrefix = '') else { $skin = new Skin($skinid); - } - + } + $oldIncludeMode = Parser::getProperty('IncludeMode'); $oldIncludePrefix = Parser::getProperty('IncludePrefix'); - + $skin->parse('fileparse', $filename); - + Parser::setProperty('IncludeMode', $oldIncludeMode); Parser::setProperty('IncludePrefix', $oldIncludePrefix); - + return; } @@ -1583,52 +1658,42 @@ function checkVars($aVars) { /** + * sanitizeParams() * Sanitize parameters such as $_GET and $_SERVER['REQUEST_URI'] etc. - * to avoid XSS + * to avoid XSS. + * + * @param void + * @return void */ function sanitizeParams() { - global $HTTP_SERVER_VARS; - - $array = array(); - $str = ''; - $frontParam = ''; - - // REQUEST_URI of $HTTP_SERVER_VARS - $str =& $HTTP_SERVER_VARS["REQUEST_URI"]; - serverStringToArray($str, $array, $frontParam); - sanitizeArray($array); - arrayToServerString($array, $frontParam, $str); - - // QUERY_STRING of $HTTP_SERVER_VARS - $str =& $HTTP_SERVER_VARS["QUERY_STRING"]; - serverStringToArray($str, $array, $frontParam); - sanitizeArray($array); - arrayToServerString($array, $frontParam, $str); - - if (phpversion() >= '4.1.0') { - // REQUEST_URI of $_SERVER - $str =& $_SERVER["REQUEST_URI"]; - serverStringToArray($str, $array, $frontParam); - sanitizeArray($array); - arrayToServerString($array, $frontParam, $str); - - // QUERY_STRING of $_SERVER - $str =& $_SERVER["QUERY_STRING"]; - serverStringToArray($str, $array, $frontParam); - sanitizeArray($array); - arrayToServerString($array, $frontParam, $str); - } - - // $_GET - convArrayForSanitizing($_GET, $array); - sanitizeArray($array); - revertArrayForSanitizing($array, $_GET); - - // $_REQUEST (only GET param) - convArrayForSanitizing($_REQUEST, $array); - sanitizeArray($array); - revertArrayForSanitizing($array, $_REQUEST); + $array = array(); + $str = ''; + $frontParam = ''; + + // REQUEST_URI of $_SERVER + $str =& $_SERVER["REQUEST_URI"]; + serverStringToArray($str, $array, $frontParam); + sanitizeArray($array); + arrayToServerString($array, $frontParam, $str); + + // QUERY_STRING of $_SERVER + $str =& $_SERVER["QUERY_STRING"]; + serverStringToArray($str, $array, $frontParam); + sanitizeArray($array); + arrayToServerString($array, $frontParam, $str); + + // $_GET + convArrayForSanitizing($_GET, $array); + sanitizeArray($array); + revertArrayForSanitizing($array, $_GET); + + // $_REQUEST (only GET param) + convArrayForSanitizing($_REQUEST, $array); + sanitizeArray($array); + revertArrayForSanitizing($array, $_REQUEST); + + return; } /** @@ -1686,16 +1751,16 @@ function ticketForPlugin() // Solve the plugin name. $plugins = array(); - $query = 'SELECT pfile FROM '.sql_table('plugin'); - $res = sql_query($query); + $query = sprintf('SELECT pfile FROM %s', sql_table('plugin')); + $res = DB::getResult($query); - while($row = sql_fetch_row($res) ) + foreach ( $res as $row ) { - $name = i18n::substr($row[0], 3); + $name = i18n::substr($row['pfile'], 3); $plugins[strtolower($name)] = $name; } - sql_free_result($res); + $res->closeCursor(); if (array_key_exists($path, $plugins)) { @@ -1829,55 +1894,85 @@ function _addInputTags(&$keys,$prefix=''){ * Convert the server string such as $_SERVER['REQUEST_URI'] * to arry like arry['blogid']=1 and array['page']=2 etc. * - * @param string $str string - * @param string $array - * @param string $frontParam + * @param string $uri string + * @param string &$query_elements elements of query according to application/x-www-form-urlencoded + * @param string &$hier_part hierarchical part includes path + * + * NOTE: + * RFC 3986: Uniform Resource Identifiers (URI): Generic Syntax + * 3. Syntax Components + * http://www.ietf.org/rfc/rfc3986.txt + * + * Hypertext Markup Language - 2.0 + * 8.2.1. The form-urlencoded Media Type + * http://tools.ietf.org/html/rfc1866#section-8.2.1 + * + * $_SERVER > Language Reference > Predefined Variables > PHP Manual + * http://www.php.net/manual/en/reserved.variables.server.php */ -function serverStringToArray($str, &$array, &$frontParam) +function serverStringToArray($uri, &$query_elements, &$hier_part) { // init param - $array = array(); - $frontParam = ""; + $query_elements = array(); + $hier_part = ""; - // split front param, e.g. /index.php, and others, e.g. blogid=1&page=2 - if ( i18n::strpos($str, "?") > 0 ) + // split hierarchical part, e.g. /index.php, query and fragment, e.g. blogid=1&page=2#section1 + if ( i18n::strpos($uri, "?") > 0 ) { - list($frontParam, $args) = preg_split("#\?#", $str, 2); + list($hier_part, $query_and_fragment) = preg_split("#\?#", $uri, 2); } else { - $args = $str; - $frontParam = ""; + $query_and_fragment = $uri; + $hier_part = ''; } - // If there is no args like blogid=1&page=2, return - if ( i18n::strpos($str, "=") == FALSE && !i18n::strlen($frontParam) ) + // If there is no query like blogid=1&page=2, return + if ( i18n::strpos($uri, "=") == FALSE && !i18n::strlen($hier_part) ) { - $frontParam = $str; + $hier_part = $uri; return; } - $array = preg_split("#&#", $args); + $query_elements = preg_split("#&#", $query_and_fragment); return; } /** + * arrayToServerString() * Convert array like array['blogid'] to server string * such as $_SERVER['REQUEST_URI'] + * + * @param array $query_elements elements of query according to application/x-www-form-urlencoded + * @param string $hier_part hier-part defined in RFC3986 + * @param string &$uri return value + * @return void + * + * NOTE: + * RFC 3986: Uniform Resource Identifiers (URI): Generic Syntax + * 3. Syntax Components + * http://www.ietf.org/rfc/rfc3986.txt + * + * Hypertext Markup Language - 2.0 + * 8.2.1. The form-urlencoded Media Type + * http://tools.ietf.org/html/rfc1866#section-8.2.1 + * + * $_SERVER > Language Reference > Predefined Variables > PHP Manual + * http://www.php.net/manual/en/reserved.variables.server.php */ -function arrayToServerString($array, $frontParam, &$str) +function arrayToServerString($query_elements, $hier_part, &$uri) { - if ( i18n::strpos($str, "?") !== FALSE ) + if ( i18n::strpos($uri, "?") !== FALSE ) { - $str = $frontParam . "?"; + $uri = $hier_part . "?"; } else { - $str = $frontParam; + $uri = $hier_part; } - if ( count($array) ) + if ( count($query_elements) > 0 ) { - $str .= implode("&", $array); + $uri .= implode("&", $query_elements); } return; } @@ -1889,7 +1984,7 @@ function arrayToServerString($array, $frontParam, &$str) * - check key if it inclues " (double quote), remove from array * - check value if it includes \ (escape sequece), remove remaining string * - * @param array &$array + * @param array &$array elements of query according to application/x-www-form-urlencoded * @return void */ function sanitizeArray(&$array) @@ -1911,6 +2006,7 @@ function sanitizeArray(&$array) { $val = stripslashes($val); } + // note that we must use addslashes here because this function is called before the db connection is made // and sql_real_escape_string needs a db connection $val = addslashes($val); @@ -1919,7 +2015,7 @@ function sanitizeArray(&$array) if ( !in_array($key, $excludeListForSanitization) ) { // check value - if ( i18n::strpos($val, '\\') ) + if ( i18n::strpos($val, '\\') > 0 ) { list($val, $tmp) = preg_split('#\\\\#', $val); } @@ -1928,7 +2024,7 @@ function sanitizeArray(&$array) $val = strtr($val, "\0\r\n<>'\"", " "); // check key - if ( preg_match('#\"#', $key) ) + if ( preg_match('#\"#', $key) > 0 ) { unset($array[$k]); continue; @@ -1942,27 +2038,45 @@ function sanitizeArray(&$array) } /** + * convArrayForSanitizing() * Convert array for sanitizeArray function + * + * @param string $src array to be sanitized + * @param array &$array array to be temporarily stored + * @return void */ function convArrayForSanitizing($src, &$array) { - $array = array(); - foreach ($src as $key => $val) { - if (key_exists($key, $_GET)) { - array_push($array, sprintf("%s=%s", $key, $val)); - } - } + $array = array(); + foreach ( $src as $key => $val ) + { + if ( !key_exists($key, $_GET) ) + { + continue; + } + $array[] = sprintf("%s=%s", $key, $val); + continue; + } + return; } /** + * revertArrayForSanitizing() * Revert array after sanitizeArray function + * + * @param array $array element of query according to application/x-www-form-urlencoded + * @param array &$dst combination of key and value + * @return void */ function revertArrayForSanitizing($array, &$dst) { - foreach ($array as $v) { - list($key, $val) = preg_split("/=/", $v, 2); - $dst[$key] = $val; - } + foreach ( $array as $v ) + { + list($key, $val) = preg_split("#=#", $v, 2); + $dst[$key] = $val; + continue; + } + return; } /** @@ -2035,10 +2149,9 @@ function ifset(&$var) { * @return number of subscriber(s) */ function numberOfEventSubscriber($event) { - $query = 'SELECT COUNT(*) as count FROM ' . sql_table('plugin_event') . ' WHERE event=\'' . $event . '\''; - $res = sql_query($query); - $obj = sql_fetch_object($res); - return $obj->count; + $query = sprintf('SELECT COUNT(*) as count FROM %s WHERE event=%s', sql_table('plugin_event'), DB::quoteValue($event)); + $res = DB::getValue($query); + return $res; } /** @@ -2152,10 +2265,13 @@ function formatDate($format, $timestamp, $default_format, &$blog) } return i18n::formatted_datetime($format, $timestamp, $offset, $default_format); } -/* NOTE: use i18n::formatted_datetime() directly instead of this */ +/** + * NOTE: use DB::formatDateTime() directly instead of this + * @deprecated + */ function mysqldate($timestamp) { - return '"' . i18n::formatted_datetime('mysql', $timestamp) . '"'; + return DB::formatDateTime($timestamp); } /** * Centralisation of the functions that generate links diff --git a/nucleus/libs/i18n.php b/nucleus/libs/i18n.php index 6e89097..aebcc25 100644 --- a/nucleus/libs/i18n.php +++ b/nucleus/libs/i18n.php @@ -20,13 +20,19 @@ class i18n { static private $mode = FALSE; - static private $charset = ''; - static private $language = ''; - static private $script = ''; - static private $region = ''; + static private $current_charset = ''; + static private $current_language = ''; + static private $current_script = ''; + static private $current_region = ''; + static private $locale_list = array(); static private $timezone = 'UTC'; + static private $forced_charset = ''; + static private $forced_language = ''; + static private $forced_script = ''; + static private $forced_region = ''; + /** * i18n::init * Initializing i18n class @@ -68,7 +74,7 @@ class i18n && iconv_set_encoding('output_encoding', $charset) && iconv_set_encoding('internal_encoding', $charset) ) { - self::$charset = $charset; + self::$current_charset = $charset; self::$mode = 'iconv'; } } @@ -79,7 +85,7 @@ class i18n && mb_internal_encoding($charset) && mb_regex_encoding($charset) ) { - self::$charset = $charset; + self::$current_charset = $charset; self::$mode = 'mbstring'; } } @@ -110,7 +116,7 @@ class i18n */ static public function get_current_charset() { - return self::$charset; + return self::$current_charset; } /** @@ -131,9 +137,9 @@ class i18n { if ( preg_match('#^(.+)_(.+)_(.+)$#', $locale, $match) ) { - self::$language = $match[1]; - self::$script = $match[2]; - self::$region = $match[3]; + self::$current_language = $match[1]; + self::$current_script = $match[2]; + self::$current_region = $match[3]; return TRUE; } return FALSE; @@ -149,11 +155,78 @@ class i18n */ static public function get_current_locale() { - $elements = array(self::$language, self::$script, self::$region); + $elements = array(self::$current_language, self::$current_script, self::$current_region); + return implode('_', $elements); + } + + /** + * i18n::set_forced_locale() + * Set forced locale + * + * @static + * @param string $forced_locale + * @return bool TRUE/FALSE + * + */ + static public function set_forced_locale($forced_locale) + { + if ( preg_match('#^(.+)_(.+)_(.+)$#', $forced_locale, $match) ) + { + self::$forced_language = $match[1]; + self::$forced_script = $match[2]; + self::$forced_region = $match[3]; + return TRUE; + } + return FALSE; + } + + /** + * i18n::get_forced_locale + * Get forced locale + * + * @static + * @param void + * @return $forced_locale + */ + static public function get_forced_locale() + { + if ( !self::$forced_language ) + { + return; + } + + $elements = array(self::$forced_language, self::$forced_script, self::$forced_region); return implode('_', $elements); } /** + * i18n::set_forced_charset + * return forced charset + * + * @static + * @param void $charset forced character set + * @return void + */ + static public function set_forced_charset($forced_charset) + { + self::$forced_charset = $forced_charset; + return; + } + + /** + * i18n::get_forced_charset + * return forced charset + * + * @static + * @param void + * @return string $charset forced character set + */ + static public function get_forced_charset() + { + return self::$forced_charset; + } + + /** * i18n::confirm_default_date_timezone * to avoid E_NOTICE or E_WARNING generated when every calling to a date/time function. * @@ -205,10 +278,14 @@ class i18n { if ( $to == '' ) { - $to = self::$charset; + $to = self::$current_charset; } - if ( self::$mode == 'iconv' ) + if ( $from == $to ) + { + /* do nothing */ + } + else if ( self::$mode == 'iconv' ) { $string = iconv($from, $to.'//TRANSLIT', $string); } @@ -220,6 +297,51 @@ class i18n } /** + * i18n::convert_handler + * callable handler for character set converter + * + * @static + * @param string $string target string binary + * @return void + */ + static public function convert_handler($string) + { + return self::convert($string, self::$current_charset, self::$forced_charset); + } + + /** + * i18n::convert_array + * recursively converting array + * + * @static + * @param array $array array to convert + * @return void + */ + static public function convert_array($array, $from, $to='') + { + if ( !is_array($array) ) + { + $array = self::convert($array, $from, $to); + } + else + { + foreach ( $array as $key => $value ) + { + if ( !is_array($value) ) + { + $array[$key] = self::convert($value, $from, $to); + } + else + { + self::convert_array($array[$key]); + } + } + } + + return $array; + } + + /** * i18n::strlen * strlen wrapper * @@ -232,11 +354,11 @@ class i18n $length = 0; if ( self::$mode == 'iconv' ) { - $length = iconv_strlen($string, self::$charset); + $length = iconv_strlen($string, self::$current_charset); } else if ( self::$mode == 'mbstring' ) { - $length = mb_strlen($string, self::$charset); + $length = mb_strlen($string, self::$current_charset); } else { @@ -260,11 +382,11 @@ class i18n $position = 0; if ( self::$mode == 'iconv' ) { - $position = iconv_strpos($haystack, $needle, $offset, self::$charset); + $position = iconv_strpos($haystack, $needle, $offset, self::$current_charset); } else if ( self::$mode == 'mbstring' ) { - $position = mb_strpos($haystack, $needle, $offset, self::$charset); + $position = mb_strpos($haystack, $needle, $offset, self::$current_charset); } else { @@ -292,11 +414,11 @@ class i18n $position = 0; if ( self::$mode == 'iconv' ) { - $position = iconv_strrpos($haystack, $needle, self::$charset); + $position = iconv_strrpos($haystack, $needle, self::$current_charset); } else if ( self::$mode == 'mbstring' ) { - $position = mb_strrpos($haystack, $needle, 0, self::$charset); + $position = mb_strrpos($haystack, $needle, 0, self::$current_charset); } else { @@ -325,11 +447,11 @@ class i18n $return = ''; if ( self::$mode == 'iconv' ) { - $return = iconv_substr($string, $start, $length, self::$charset); + $return = iconv_substr($string, $start, $length, self::$current_charset); } else if ( self::$mode == 'mbstring' ) { - $return = mb_substr($string, $start, $length, self::$charset); + $return = mb_substr($string, $start, $length, self::$current_charset); } else { @@ -349,42 +471,10 @@ class i18n */ static public function strftime($format, $timestamp='') { - $formatted = ''; - - if ( $timestamp == '' ) - { - $timestamp = time(); - } - - if ( $format == '%%' ) - { - return '%'; - } - else if ( preg_match('#%[^%]#', $format) === 0 ) - { - return $format; - } - - $format = trim(preg_replace('#(%[^%])#', ',$1,', $format), ','); - $elements = preg_split('#,#', $format); - - foreach ( $elements as $element ) - { - if ( preg_match('#(%[^%])#', $element) ) - { - $formatted .= strftime($element, $timestamp); - } - else if ( $element == '%%' ) - { - $formatted .= '%'; - } - else - { - $formatted .= $element; - } - } - - return (string) $formatted; + return preg_replace_callback('/(%[a-z%])/i', + create_function('$matches', 'return strftime($matches[1], ' . intval($timestamp) . ');'), + $format + ); } /** @@ -505,7 +595,7 @@ class i18n { if ( preg_match('#-#', $language) ) { - if ( $target_locale . '.' . self::$charset == $locale ) + if ( $target_locale . '.' . self::$current_charset == $locale ) { $target_language = $language; break; diff --git a/nucleus/libs/showlist.php b/nucleus/libs/showlist.php index b677c02..d23b98a 100644 --- a/nucleus/libs/showlist.php +++ b/nucleus/libs/showlist.php @@ -42,24 +42,24 @@ function showlist($query, $type, $vars, $templateName = '') } else { - $res = sql_query($query); + $res = DB::getResult($query); // don't do anything if there are no results - $numrows = sql_num_rows($res); + $numrows = $res->rowCount(); if ( $numrows == 0 ) { return 0; } call_user_func("listplug_{$type}", $vars, 'HEAD', $templateName); - while( $vars['current'] = sql_fetch_object($res) ) + while( $vars['current'] = $res->fetchObject() ) { call_user_func("listplug_{$type}", $vars, 'BODY', $templateName); } call_user_func("listplug_{$type}", $vars, 'FOOT', $templateName); - sql_free_result($res); + $res->closeCursor(); // return amount of results return $numrows; @@ -532,10 +532,10 @@ function listplug_table_pluginlist($vars, $type, $templateName = '') } /* check dependency */ $req = array(); - $res = sql_query('SELECT pfile FROM ' . sql_table('plugin')); - while( $o = sql_fetch_object($res) ) + $res = DB::getResult('SELECT pfile FROM ' . sql_table('plugin')); + foreach ( $res as $row ) { - $preq =& $manager->getPlugin($o->pfile); + $preq =& $manager->getPlugin($row['pfile']); if ( $preq ) { $depList = $preq->getPluginDep(); @@ -543,7 +543,7 @@ function listplug_table_pluginlist($vars, $type, $templateName = '') { if ( $current->pfile == $depName ) { - $req[] = $o->pfile; + $req[] = $row['pfile']; } } } @@ -660,7 +660,7 @@ function listplug_table_pluginlist($vars, $type, $templateName = '') . 'WHERE ' . ' ocontext = "global" ' . 'AND opid = %d'; - $pOptions = quickQuery(sprintf($optQuery, $current->pid)); + $pOptions = DB::getValue(sprintf($optQuery, $current->pid)); if ( $pOptions > 0 ) { if ( !array_key_exists('SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL', $templates) || empty($templates['SHOWLIST_LISTPLUG_TABLE_PLUGOPTSETURL']) ) @@ -1988,7 +1988,7 @@ function listplug_table_adminskinlist($vars, $type, $templateName = '') ); // use a special style for the default skin - if ( $current->sdnumber != $CONF['DefaultAdminSkin'] ) + if ( $current->sdnumber != $CONF['AdminSkin'] ) { $data['skinname'] = Entity::hsc($current->sdname); } diff --git a/nucleus/libs/skinie.php b/nucleus/libs/skinie.php index f685e02..e15d0bd 100644 --- a/nucleus/libs/skinie.php +++ b/nucleus/libs/skinie.php @@ -703,11 +703,11 @@ class SkinExport echo "\t" . '' . "\n"; echo "\t\t" . Entity::hsc($skinObj->getDescription()) . "\n"; - $res = sql_query('SELECT stype, scontent FROM '. sql_table('skin') .' WHERE sdesc=' . $skinId); - while ( $partObj = sql_fetch_object($res) ) + $res = DB::getResult('SELECT stype, scontent FROM '. sql_table('skin') .' WHERE sdesc=' . $skinId); + foreach ( $res as $row ) { - echo "\t\t" . ''; - echo 'escapeCDATA($partObj->scontent) . ']]>'; + echo "\t\t" . ''; + echo 'escapeCDATA($row['scontent']) . ']]>'; echo "\n\n"; } echo "\t\n\n\n"; @@ -721,11 +721,11 @@ class SkinExport echo "\t" . '