From f84453497bd5ef4eba8bca84917b8e82d784937a Mon Sep 17 00:00:00 2001 From: habeascodice Date: Tue, 7 Oct 2014 22:34:30 -0700 Subject: x --- include/photo/photo_driver.php | 1 + 1 file changed, 1 insertion(+) diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index 42997060b..15eac5a6d 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -8,6 +8,7 @@ function photo_factory($data, $type = null) { if(class_exists('Imagick') && !$ignore_imagick) { $v = Imagick::getVersion(); preg_match('/ImageMagick ([0-9]+\.[0-9]+\.[0-9]+)/', $v['versionString'], $m); + logger('image v='.$v.',v[ver]='.$v['versionString'].',matches='.var_export($m, true), LOGGER_DEBUG); if(version_compare($m[1],'6.6.7') >= 0) { require_once('include/photo/photo_imagick.php'); $ph = new photo_imagick($data,$type); -- cgit v1.2.3 From c854f8c238da2df08b52249142ad24ef66e422d1 Mon Sep 17 00:00:00 2001 From: habeascodice Date: Sat, 11 Oct 2014 05:44:31 -0700 Subject: Revert "x" This reverts commit f84453497bd5ef4eba8bca84917b8e82d784937a. --- include/photo/photo_driver.php | 1 - 1 file changed, 1 deletion(-) diff --git a/include/photo/photo_driver.php b/include/photo/photo_driver.php index 9cd05e26e..508d82957 100644 --- a/include/photo/photo_driver.php +++ b/include/photo/photo_driver.php @@ -8,7 +8,6 @@ function photo_factory($data, $type = null) { if(class_exists('Imagick') && !$ignore_imagick) { $v = Imagick::getVersion(); preg_match('/ImageMagick ([0-9]+\.[0-9]+\.[0-9]+)/', $v['versionString'], $m); - logger('image v='.$v.',v[ver]='.$v['versionString'].',matches='.var_export($m, true), LOGGER_DEBUG); if(version_compare($m[1],'6.6.7') >= 0) { require_once('include/photo/photo_imagick.php'); $ph = new photo_imagick($data,$type); -- cgit v1.2.3 From 1a5a5c7edb8697c93f8bababbafa80245378dd7e Mon Sep 17 00:00:00 2001 From: Habeas Codice Date: Thu, 13 Nov 2014 12:21:58 -0800 Subject: PostgreSQL support initial commit There were 11 main types of changes: - UPDATE's and DELETE's sometimes had LIMIT 1 at the end of them. This is not only non-compliant but it would certainly not do what whoever wrote it thought it would. It is likely this mistake was just copied from Friendica. All of these instances, the LIMIT 1 was simply removed. - Bitwise operations (and even some non-zero int checks) erroneously rely on MySQL implicit integer-boolean conversion in the WHERE clauses. This is non-compliant (and bad programming practice to boot). Proper explicit boolean conversions were added. New queries should use proper conventions. - MySQL has a different operator for bitwise XOR than postgres. Rather than add yet another dba_ func, I converted them to "& ~" ("AND NOT") when turning off, and "|" ("OR") when turning on. There were no true toggles (XOR). New queries should refrain from using XOR when not necessary. - There are several fields which the schema has marked as NOT NULL, but the inserts don't specify them. The reason this works is because mysql totally ignores the constraint and adds an empty text default automatically. Again, non-compliant, obviously. In these cases a default of empty text was added. - Several statements rely on a non-standard MySQL feature (http://dev.mysql.com/doc/refman/5.5/en/group-by-handling.html). These queries can all be rewritten to be standards compliant. Interestingly enough, the newly rewritten standards compliant queries run a zillion times faster, even on MySQL. - A couple of function/operator name translations were needed (RAND/RANDOM, GROUP_CONCAT/STRING_AGG, UTC_NOW, REGEXP/~, ^/#) -- assist functions added in the dba_ - INTERVALs: postgres requires quotes around the value, mysql requires that there are not quotes around the value -- assist functions added in the dba_ - NULL_DATE's -- Postgres does not allow the invalid date '0000-00-00 00:00:00' (there is no such thing as year 0 or month 0 or day 0). We use '0001-01-01 00:00:00' for postgres. Conversions are handled in Zot/item packets automagically by quoting all dates with dbescdate(). - char(##) specifications in the schema creates fields with blank spaces that aren't trimmed in the code. MySQL apparently treats char(##) as varchar(##), again, non-compliant. Since postgres works better with text fields anyway, this ball of bugs was simply side-stepped by using 'text' datatype for all text fields in the postgres schema. varchar was used in a couple of places where it actually seemed appropriate (size constraint), but without rigorously vetting that all of the PHP code actually validates data, new bugs might come out from under the rug. - postgres doesn't store nul bytes and a few other non-printables in text fields, even when quoted. bytea fields were used when storing binary data (photo.data, attach.data). A new dbescbin() function was added to handle this transparently. - postgres does not support LIMIT #,# syntax. All databases support LIMIT # OFFSET # syntax. Statements were updated to be standard. These changes require corresponding changes in the coding standards. Please review those before adding any code going forward. Still on my TODO list: - remove quotes from non-reserved identifiers and make reserved identifiers use dba func for quoting - Rewrite search queries for better results (both MySQL and Postgres) --- boot.php | 12 +- doc/developers.bb | 3 + doc/sql_conventions.bb | 87 +++ include/Contact.php | 56 +- include/RedDAV/RedDirectory.php | 16 +- include/RedDAV/RedFile.php | 10 +- include/account.php | 31 +- include/acl_selectors.php | 2 +- include/api.php | 28 +- include/apps.php | 4 +- include/attach.php | 20 +- include/auth.php | 2 +- include/cache.php | 2 +- include/chat.php | 13 +- include/cli_startup.php | 4 +- include/config.php | 12 +- include/datetime.php | 7 +- include/dba/dba_driver.php | 135 ++++- include/dba/dba_postgres.php | 112 ++++ include/deliver.php | 8 +- include/diaspora.php | 4 +- include/dir_fns.php | 16 +- include/directory.php | 4 +- include/enotify.php | 4 +- include/event.php | 6 +- include/expire.php | 10 +- include/externals.php | 9 +- include/follow.php | 9 +- include/group.php | 11 +- include/hubloc.php | 8 +- include/identity.php | 20 +- include/items.php | 94 +-- include/menu.php | 6 +- include/message.php | 8 +- include/nav.php | 2 +- include/network.php | 10 +- include/notifier.php | 21 +- include/onedirsync.php | 4 +- include/onepoll.php | 15 +- include/permissions.php | 4 +- include/photo/photo_driver.php | 14 +- include/photos.php | 7 +- include/plugin.php | 6 +- include/poller.php | 51 +- include/queue.php | 24 +- include/queue_fn.php | 4 +- include/reddav.php | 22 +- include/security.php | 31 +- include/session.php | 8 +- include/socgraph.php | 57 +- include/statistics_fns.php | 20 +- include/text.php | 18 +- include/widgets.php | 6 +- include/zot.php | 104 ++-- index.php | 4 +- install/database.sql | 1228 --------------------------------------- install/schema_mysql.sql | 1228 +++++++++++++++++++++++++++++++++++++++ install/schema_postgres.sql | 1190 +++++++++++++++++++++++++++++++++++++ mod/acl.php | 29 +- mod/admin.php | 37 +- mod/channel.php | 18 +- mod/chatsvc.php | 4 +- mod/connect.php | 2 +- mod/connections.php | 18 +- mod/connedit.php | 4 +- mod/contactgroup.php | 2 +- mod/delegate.php | 2 +- mod/dirsearch.php | 8 +- mod/display.php | 8 +- mod/events.php | 8 +- mod/filer.php | 2 +- mod/filerm.php | 2 +- mod/fsuggest.php | 2 +- mod/group.php | 6 +- mod/import.php | 6 +- mod/item.php | 6 +- mod/like.php | 4 +- mod/locs.php | 6 +- mod/lostpass.php | 4 +- mod/mail.php | 2 +- mod/manage.php | 12 +- mod/network.php | 22 +- mod/notifications.php | 6 +- mod/openid.php | 2 +- mod/p.php | 2 +- mod/photo.php | 4 +- mod/photos.php | 47 +- mod/ping.php | 34 +- mod/poco.php | 20 +- mod/post.php | 18 +- mod/profile_photo.php | 10 +- mod/profiles.php | 8 +- mod/profperm.php | 4 +- mod/receive.php | 2 +- mod/register.php | 10 +- mod/search.php | 36 +- mod/settings.php | 22 +- mod/setup.php | 32 +- mod/siteinfo.php | 2 +- mod/sources.php | 4 +- mod/starred.php | 2 +- mod/subthread.php | 2 +- mod/thing.php | 6 +- mod/viewconnections.php | 8 +- mod/zfinger.php | 4 +- mod/zotfeed.php | 2 +- vendor/bin/sabredav | 1 - vendor/bin/vobjectvalidate.php | 1 - view/en/htconfig.tpl | 3 +- view/tpl/install_db.tpl | 2 +- view/tpl/install_settings.tpl | 1 + 111 files changed, 3484 insertions(+), 1876 deletions(-) create mode 100644 doc/sql_conventions.bb create mode 100644 include/dba/dba_postgres.php delete mode 100644 install/database.sql create mode 100644 install/schema_mysql.sql create mode 100644 install/schema_postgres.sql delete mode 120000 vendor/bin/sabredav delete mode 120000 vendor/bin/vobjectvalidate.php diff --git a/boot.php b/boot.php index abbf48636..085e6b36b 100755 --- a/boot.php +++ b/boot.php @@ -52,7 +52,7 @@ define ( 'DB_UPDATE_VERSION', 1130 ); define ( 'EOL', '
' . "\r\n" ); define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' ); -define ( 'NULL_DATE', '0000-00-00 00:00:00' ); +//define ( 'NULL_DATE', '0000-00-00 00:00:00' ); define ( 'TEMPLATE_BUILD_PATH', 'store/[data]/smarty3' ); define ( 'DIRECTORY_MODE_NORMAL', 0x0000); // This is technically DIRECTORY_MODE_TERTIARY, but it's the default, hence 0x0000 @@ -555,7 +555,9 @@ define ( 'ITEM_VERIFIED', 0x2000); // Signature verification was success define ( 'ITEM_RETAINED', 0x4000); // We looked at this item once to decide whether or not to expire it, and decided not to. define ( 'ITEM_RSS', 0x8000); // Item comes from a feed. Use this to decide whether to link the title // Don't make us evaluate this same item again. - +define ( 'DBTYPE_MYSQL', 0 ); +define ( 'DBTYPE_POSTGRES', 1 ); + /** * * Reverse the effect of magic_quotes_gpc if it is enabled. @@ -1417,7 +1419,7 @@ function fix_system_urls($oldurl,$newurl) { $replace_xchan_url = ((strpos($rr['xchan_url'],$oldurl) !== false) ? true : false); - $x = q("update xchan set xchan_addr = '%s', xchan_url = '%s', xchan_connurl = '%s', xchan_follow = '%s', xchan_connpage = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_date = '%s' where xchan_hash = '%s' limit 1", + $x = q("update xchan set xchan_addr = '%s', xchan_url = '%s', xchan_connurl = '%s', xchan_follow = '%s', xchan_connpage = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_date = '%s' where xchan_hash = '%s'", dbesc($channel_address . '@' . $rhs), dbesc(($replace_xchan_url) ? str_replace($oldurl,$newurl,$rr['xchan_url']) : $rr['xchan_url']), dbesc(str_replace($oldurl,$newurl,$rr['xchan_connurl'])), @@ -1430,7 +1432,7 @@ function fix_system_urls($oldurl,$newurl) { dbesc($rr['xchan_hash']) ); - $y = q("update hubloc set hubloc_addr = '%s', hubloc_url = '%s', hubloc_url_sig = '%s', hubloc_host = '%s', hubloc_callback = '%s' where hubloc_hash = '%s' and hubloc_url = '%s' limit 1", + $y = q("update hubloc set hubloc_addr = '%s', hubloc_url = '%s', hubloc_url_sig = '%s', hubloc_host = '%s', hubloc_callback = '%s' where hubloc_hash = '%s' and hubloc_url = '%s'", dbesc($channel_address . '@' . $rhs), dbesc($newurl), dbesc(base64url_encode(rsa_sign($newurl,$c[0]['channel_prvkey']))), @@ -1787,7 +1789,7 @@ function load_contact_links($uid) { // logger('load_contact_links'); - $r = q("SELECT abook_id, abook_flags, abook_my_perms, abook_their_perms, xchan_hash, xchan_photo_m, xchan_name, xchan_url from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d) ", + $r = q("SELECT abook_id, abook_flags, abook_my_perms, abook_their_perms, xchan_hash, xchan_photo_m, xchan_name, xchan_url from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d)>0 ", intval($uid), intval(ABOOK_FLAG_SELF) ); diff --git a/doc/developers.bb b/doc/developers.bb index 18e39c4ea..5365fd77a 100644 --- a/doc/developers.bb +++ b/doc/developers.bb @@ -64,4 +64,7 @@ In the interests of consistency we adopt the following code styling. We may acce [li] Generally speaking, opening braces go on the same line as the thing which opens the brace. They are the last character on the line. Closing braces are on a line by themselves. [/li] +[b]See Also[/b] +[zrl=[baseurl]/help/sql_conventions]SQL Conventions[/zrl] + #include doc/macros/main_footer.bb; diff --git a/doc/sql_conventions.bb b/doc/sql_conventions.bb new file mode 100644 index 000000000..88539ae19 --- /dev/null +++ b/doc/sql_conventions.bb @@ -0,0 +1,87 @@ +[h1]SQL Conventions[/h1] +[b]Intro[/b] +The following common SQL conventions appear throughout the code in many places. We use a simple DBA (DataBase Abstraction layer) to handle differences between databases. Please be sure to use only standards-compliant SQL. + +[b]Rule One[/b] +Worth Repeating: Don't use non-standard SQL. This goes for addons as well. If you do use non-standard SQL, and the dba funcs are insufficient, do a if()/switch() or similar for all currently supported databases. Currently nothing red# does requires non-standard SQL. + +[b]Using a format string[/b] +[li]Uses sprintf() +To be written +[code]// Example +$r = q("SELECT * FROM profile WHERE uid = %d", + local_user() +); +[/code][/li] + +[b]Checking bit flags in a where clause[/b] +[li]You must explicitly convert integers to booleans. The easiest way to do this is to compare to 0. +[code]// Example +$r = q("SELECT abook_id, abook_flags, abook_my_perms, abook_their_perms, xchan_hash, xchan_photo_m, xchan_name, xchan_url from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d)>0 ", + intval($uid), + intval(ABOOK_FLAG_SELF) +); +[/code] +[/li] +[li]Turning off a flag +[code]$y = q("update xchan set xchan_flags = (xchan_flags & ~%d) where (xchan_flags & %d)>0 and xchan_hash = '%s'", + intval(XCHAN_FLAGS_ORPHAN), + intval(XCHAN_FLAGS_ORPHAN), + dbesc($rr['hubloc_hash']) +);[/code] +[/li] +[li]Turning on a flag +[code]$y = q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s'", + intval(XCHAN_FLAGS_ORPHAN), + dbesc($rr['hubloc_hash']) +);[/code] +[/li] + +[b]Using relative times (INTERVALs)[/b] +[li]Sometimes you want to compare something, like less than x days old. +[code]// Example +$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash + WHERE abook_dob > %s + interval %s and abook_dob < %s + interval %s", + db_utcnow(), db_quoteinterval('7 day'), + db_utcnow(), db_quoteinterval('14 day') +);[/code] +[/li] +[b]Paged results[/b] +[li]To be written +[code]// Example +$r = q("SELECT * FROM mail WHERE uid=%d AND $sql_extra ORDER BY created DESC LIMIT %d OFFSET %d", + intval(api_user()), + intval($count), intval($start) +);[/code][/li] + +[b]NULL dates[/b] +[li]To be written +[code]Example[/code][/li] + +[b]Storing binary data[/b] +[li]To be written +[code]// Example +$x = q("update photo set data = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and scale = 0", + dbescbin($ph->imageString()), + intval($height), + intval($width), + dbesc($resource_id), + intval($page_owner_uid) +);[/code][/li] + +[b]Current timestamp[/b] +[li][code]// Example +$randfunc = db_getfunc('rand'); +$r = q("select xchan_url from xchan left join hubloc on hubloc_hash = xchan_hash where hubloc_connected > %s - interval %s order by $randfunc limit 1", + db_utcnow(), db_quoteinterval('30 day') +);[/code][/li] + +[b]SQL Function and Operator Abstraction[/b] +[li]Sometimes the same function or operator has a different name/symbol in each database. You use db_getfunc('funcname') to look them up. The string is [i]not[/i] case-sensitive; do [i]not[/i] include parens. +[code]// Example +$randfunc = db_getfunc('rand'); +$r = q("select xchan_url from xchan left join hubloc on hubloc_hash = xchan_hash where hubloc_connected > %s - interval %s order by $randfunc limit 1", + db_utcnow(), db_quoteinterval('30 day') +);[/code][/li] + +#include doc/macros/main_footer.bb; \ No newline at end of file diff --git a/include/Contact.php b/include/Contact.php index 20e5e1a1e..f0c7cd737 100644 --- a/include/Contact.php +++ b/include/Contact.php @@ -22,7 +22,7 @@ function rconnect_url($channel_id,$xchan) { if(($r) && ($r[0]['xchan_follow'])) return $r[0]['xchan_follow']; - $r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d ) limit 1", + $r = q("select hubloc_url from hubloc where hubloc_hash = '%s' and ( hubloc_flags & %d )>0 limit 1", dbesc($xchan), intval(HUBLOC_FLAGS_PRIMARY) ); @@ -35,7 +35,7 @@ function rconnect_url($channel_id,$xchan) { function abook_connections($channel_id, $sql_conditions = '') { $r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d - and not ( abook_flags & %d ) $sql_conditions", + and not ( abook_flags & %d )>0 $sql_conditions", intval($channel_id), intval(ABOOK_FLAG_SELF) ); @@ -44,7 +44,7 @@ function abook_connections($channel_id, $sql_conditions = '') { function abook_self($channel_id) { $r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d - and ( abook_flags & %d ) limit 1", + and ( abook_flags & %d )>0 limit 1", intval($channel_id), intval(ABOOK_FLAG_SELF) ); @@ -52,7 +52,7 @@ function abook_self($channel_id) { } function channelx_by_nick($nick) { - $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s' and not ( channel_pageflags & %d ) LIMIT 1", + $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s' and not ( channel_pageflags & %d )>0 LIMIT 1", dbesc($nick), intval(PAGE_REMOVED) ); @@ -60,7 +60,7 @@ function channelx_by_nick($nick) { } function channelx_by_hash($hash) { - $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_hash = '%s' and not ( channel_pageflags & %d ) LIMIT 1", + $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_hash = '%s' and not ( channel_pageflags & %d )>0 LIMIT 1", dbesc($hash), intval(PAGE_REMOVED) ); @@ -68,7 +68,7 @@ function channelx_by_hash($hash) { } function channelx_by_n($id) { - $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_id = %d and not ( channel_pageflags & %d ) LIMIT 1", + $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_id = %d and not ( channel_pageflags & %d )>0 LIMIT 1", dbesc($id), intval(PAGE_REMOVED) ); @@ -128,7 +128,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') { function abook_toggle_flag($abook,$flag) { - $r = q("UPDATE abook set abook_flags = (abook_flags ^ %d) where abook_id = %d and abook_channel = %d limit 1", + $r = q("UPDATE abook set abook_flags = (abook_flags & ~%d) where abook_id = %d and abook_channel = %d", intval($flag), intval($abook['abook_id']), intval($abook['abook_channel']) @@ -138,7 +138,7 @@ function abook_toggle_flag($abook,$flag) { if(($flag === ABOOK_FLAG_ARCHIVED) && ($abook['abook_flags'] & ABOOK_FLAG_ARCHIVED)) { $r = q("update abook set abook_connected = '%s', abook_updated = '%s' - where abook_id = %d and abook_channel = %d limit 1", + where abook_id = %d and abook_channel = %d", dbesc(datetime_convert()), dbesc(datetime_convert()), intval($abook['abook_id']), @@ -173,7 +173,7 @@ function account_remove($account_id,$local = true,$unset_session=true) { // Don't let anybody nuke the only admin account. - $r = q("select account_id from account where (account_roles & %d)", + $r = q("select account_id from account where (account_roles & %d)>0", intval(ACCOUNT_ROLE_ADMIN) ); @@ -201,7 +201,7 @@ function account_remove($account_id,$local = true,$unset_session=true) { } } - $r = q("delete from account where account_id = %d limit 1", + $r = q("delete from account where account_id = %d", intval($account_id) ); @@ -239,7 +239,7 @@ function channel_remove($channel_id, $local = true, $unset_session=true) { channel_r_photos = 0, channel_r_abook = 0, channel_w_stream = 0, channel_w_wall = 0, channel_w_tagwall = 0, channel_w_comment = 0, channel_w_mail = 0, channel_w_photos = 0, channel_w_chat = 0, channel_a_delegate = 0, channel_r_storage = 0, channel_w_storage = 0, channel_r_pages = 0, channel_w_pages = 0, channel_a_republish = 0 - where channel_id = %d limit 1", + where channel_id = %d", dbesc(datetime_convert()), intval(PAGE_REMOVED), intval($channel_id) @@ -275,12 +275,12 @@ function channel_remove($channel_id, $local = true, $unset_session=true) { q("DELETE FROM `spam` WHERE `uid` = %d", intval($channel_id)); - q("delete from abook where abook_xchan = '%s' and (abook_flags & %d) limit 1", + q("delete from abook where abook_xchan = '%s' and (abook_flags & %d)>0", dbesc($channel['channel_hash']), dbesc(ABOOK_FLAG_SELF) ); - $r = q("update channel set channel_deleted = '%s', channel_pageflags = (channel_pageflags | %d) where channel_id = %d limit 1", + $r = q("update channel set channel_deleted = '%s', channel_pageflags = (channel_pageflags | %d) where channel_id = %d", dbesc(datetime_convert()), intval(PAGE_REMOVED), intval($channel_id) @@ -296,7 +296,7 @@ function channel_remove($channel_id, $local = true, $unset_session=true) { $hublocs = 0; - $r = q("select hubloc_id from hubloc where hubloc_hash = '%s' and not (hubloc_flags & %d)", + $r = q("select hubloc_id from hubloc where hubloc_hash = '%s' and not (hubloc_flags & %d)>0", dbesc($channel['channel_hash']), intval(HUBLOC_FLAGS_DELETED) ); @@ -335,10 +335,11 @@ function mark_orphan_hubsxchans() { if($dirmode == DIRECTORY_MODE_NORMAL) return; - $r = q("update hubloc set hubloc_status = (hubloc_status | %d) where not (hubloc_status & %d) - and hubloc_network = 'zot' and hubloc_connected < utc_timestamp() - interval 36 day", + $r = q("update hubloc set hubloc_status = (hubloc_status | %d) where not (hubloc_status & %d)>0 + and hubloc_network = 'zot' and hubloc_connected < %s - interval %s", intval(HUBLOC_OFFLINE), - intval(HUBLOC_OFFLINE) + intval(HUBLOC_OFFLINE), + db_utcnow(), db_quoteinterval('36 day') ); // $realm = get_directory_realm(); @@ -354,7 +355,7 @@ function mark_orphan_hubsxchans() { // } - $r = q("select hubloc_id, hubloc_hash from hubloc where (hubloc_status & %d) and not (hubloc_flags & %d)", + $r = q("select hubloc_id, hubloc_hash from hubloc where (hubloc_status & %d)>0 and not (hubloc_flags & %d)>0", intval(HUBLOC_OFFLINE), intval(HUBLOC_FLAGS_ORPHANCHECK) ); @@ -364,7 +365,7 @@ function mark_orphan_hubsxchans() { // see if any other hublocs are still alive for this channel - $x = q("select * from hubloc where hubloc_hash = '%s' and not (hubloc_status & %d)", + $x = q("select * from hubloc where hubloc_hash = '%s' and not (hubloc_status & %d)>0", dbesc($rr['hubloc_hash']), intval(HUBLOC_OFFLINE) ); @@ -372,7 +373,7 @@ function mark_orphan_hubsxchans() { // yes - if the xchan was marked as an orphan, undo it - $y = q("update xchan set xchan_flags = (xchan_flags ^ %d) where (xchan_flags & %d) and xchan_hash = '%s' limit 1", + $y = q("update xchan set xchan_flags = (xchan_flags & ~%d) where (xchan_flags & %d)>0 and xchan_hash = '%s'", intval(XCHAN_FLAGS_ORPHAN), intval(XCHAN_FLAGS_ORPHAN), dbesc($rr['hubloc_hash']) @@ -383,7 +384,7 @@ function mark_orphan_hubsxchans() { // nope - mark the xchan as an orphan - $y = q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s' limit 1", + $y = q("update xchan set xchan_flags = (xchan_flags | %d) where xchan_hash = '%s'", intval(XCHAN_FLAGS_ORPHAN), dbesc($rr['hubloc_hash']) ); @@ -391,7 +392,7 @@ function mark_orphan_hubsxchans() { // mark that we've checked this entry so we don't need to do it again - $y = q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d limit 1", + $y = q("update hubloc set hubloc_flags = (hubloc_flags | %d) where hubloc_id = %d", intval(HUBLOC_FLAGS_ORPHANCHECK), dbesc($rr['hubloc_id']) ); @@ -449,7 +450,7 @@ function remove_all_xchan_resources($xchan, $channel_id = 0) { if($dirmode === false || $dirmode == DIRECTORY_MODE_NORMAL) { - $r = q("delete from xchan where xchan_hash = '%s' limit 1", + $r = q("delete from xchan where xchan_hash = '%s'", dbesc($xchan) ); $r = q("delete from hubloc where hubloc_hash = '%s'", @@ -482,7 +483,7 @@ function contact_remove($channel_id, $abook_id) { $archive = get_pconfig($channel_id, 'system','archive_removed_contacts'); if($archive) { - q("update abook set abook_flags = ( abook_flags | %d ) where abook_id = %d and abook_channel = %d limit 1", + q("update abook set abook_flags = ( abook_flags | %d ) where abook_id = %d and abook_channel = %d", intval(ABOOK_FLAG_ARCHIVED), intval($abook_id), intval($channel_id) @@ -514,7 +515,7 @@ function contact_remove($channel_id, $abook_id) { } } - q("delete from abook where abook_id = %d and abook_channel = %d limit 1", + q("delete from abook where abook_id = %d and abook_channel = %d", intval($abook['abook_id']), intval($channel_id) ); @@ -541,7 +542,10 @@ function contact_remove($channel_id, $abook_id) { function random_profile() { - $r = q("select xchan_url from xchan left join hubloc on hubloc_hash = xchan_hash where hubloc_connected > UTC_TIMESTAMP() - interval 30 day order by rand() limit 1"); + $randfunc = db_getfunc('rand'); + $r = q("select xchan_url from xchan left join hubloc on hubloc_hash = xchan_hash where hubloc_connected > %s - interval %s order by $randfunc limit 1", + db_utcnow(), db_quoteinterval('30 day') + ); if($r) return $r[0]['xchan_url']; return ''; diff --git a/include/RedDAV/RedDirectory.php b/include/RedDAV/RedDirectory.php index a46b77f5f..85af0d57f 100644 --- a/include/RedDAV/RedDirectory.php +++ b/include/RedDAV/RedDirectory.php @@ -159,7 +159,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { list($parent_path, ) = DAV\URLUtil::splitPath($this->red_path); $new_path = $parent_path . '/' . $name; - $r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND uid = %d", dbesc($name), dbesc($this->folder_hash), intval($this->auth->owner_id) @@ -197,7 +197,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { $mimetype = z_mime_content_type($name); - $c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d) LIMIT 1", + $c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1", intval($this->auth->owner_id), intval(PAGE_REMOVED) ); @@ -246,7 +246,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { $edited = datetime_convert(); // updates entry with filesize and timestamp - $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), dbesc($edited), dbesc($hash), @@ -254,7 +254,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { ); // update the folder's lastmodified timestamp - $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($this->folder_hash), intval($c[0]['channel_id']) @@ -293,7 +293,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { throw new DAV\Exception\Forbidden('Permission denied.'); } - $r = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d) LIMIT 1", + $r = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1", intval($this->auth->owner_id), intval(PAGE_REMOVED) ); @@ -362,7 +362,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { $channel_name = $path_arr[0]; - $r = q("SELECT channel_id FROM channel WHERE channel_address = '%s' AND NOT ( channel_pageflags & %d ) LIMIT 1", + $r = q("SELECT channel_id FROM channel WHERE channel_address = '%s' AND NOT ( channel_pageflags & %d )>0 LIMIT 1", dbesc($channel_name), intval(PAGE_REMOVED) ); @@ -380,7 +380,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { $os_path = ''; for ($x = 1; $x < count($path_arr); $x++) { - $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)", + $r = q("select id, hash, filename, flags from attach where folder = '%s' and filename = '%s' and uid = %d and (flags & %d)>0", dbesc($folder), dbesc($path_arr[$x]), intval($channel_id), @@ -440,7 +440,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { $free = disk_free_space('store'); if ($this->auth->owner_id) { - $c = q("select * from channel where channel_id = %d and not (channel_pageflags & %d) limit 1", + $c = q("select * from channel where channel_id = %d and not (channel_pageflags & %d)>0 limit 1", intval($this->auth->owner_id), intval(PAGE_REMOVED) ); diff --git a/include/RedDAV/RedFile.php b/include/RedDAV/RedFile.php index f96790631..3a5230dc1 100644 --- a/include/RedDAV/RedFile.php +++ b/include/RedDAV/RedFile.php @@ -79,7 +79,7 @@ class RedFile extends DAV\Node implements DAV\IFile { $newName = str_replace('/', '%2F', $newName); - $r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND id = %d LIMIT 1", + $r = q("UPDATE attach SET filename = '%s' WHERE hash = '%s' AND id = %d", dbesc($this->data['filename']), intval($this->data['id']) ); @@ -96,7 +96,7 @@ class RedFile extends DAV\Node implements DAV\IFile { $size = 0; // @todo only 3 values are needed - $c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d) LIMIT 1", + $c = q("SELECT * FROM channel WHERE channel_id = %d AND NOT (channel_pageflags & %d)>0 LIMIT 1", intval($this->auth->owner_id), intval(PAGE_REMOVED) ); @@ -113,7 +113,7 @@ class RedFile extends DAV\Node implements DAV\IFile { $size = @filesize($f); logger('filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG); } else { - $r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d", dbesc(stream_get_contents($data)), dbesc($this->data['hash']), intval($this->data['uid']) @@ -131,7 +131,7 @@ class RedFile extends DAV\Node implements DAV\IFile { // returns now() $edited = datetime_convert(); - $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), dbesc($edited), dbesc($this->data['hash']), @@ -139,7 +139,7 @@ class RedFile extends DAV\Node implements DAV\IFile { ); // update the folder's lastmodified timestamp - $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", + $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($r[0]['folder']), intval($c[0]['channel_id']) diff --git a/include/account.php b/include/account.php index df484e608..8df44acba 100644 --- a/include/account.php +++ b/include/account.php @@ -202,7 +202,7 @@ function create_account($arr) { // Set the parent record to the current record_id if no parent was provided if(! $parent) { - $r = q("update account set account_parent = %d where account_id = %d limit 1", + $r = q("update account set account_parent = %d where account_id = %d", intval($result['account']['account_id']), intval($result['account']['account_id']) ); @@ -367,16 +367,16 @@ function user_allow($hash) { if(! $account) return $ret; - $r = q("DELETE FROM register WHERE hash = '%s' LIMIT 1", + $r = q("DELETE FROM register WHERE hash = '%s'", dbesc($register[0]['hash']) ); - $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", + $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED), intval($register[0]['uid']) ); - $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", + $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING), intval($register[0]['uid']) @@ -430,11 +430,11 @@ function user_deny($hash) { if(! $account) return false; - $r = q("DELETE FROM account WHERE account_id = %d LIMIT 1", + $r = q("DELETE FROM account WHERE account_id = %d", intval($register[0]['uid']) ); - $r = q("DELETE FROM `register` WHERE id = %d LIMIT 1", + $r = q("DELETE FROM `register` WHERE id = %d", dbesc($register[0]['id']) ); notice( sprintf(t('Registration revoked for %s'), $account[0]['account_email']) . EOL); @@ -463,21 +463,21 @@ function user_approve($hash) { if(! $account) return $ret; - $r = q("DELETE FROM register WHERE hash = '%s' and password = 'verify' LIMIT 1", + $r = q("DELETE FROM register WHERE hash = '%s' and password = 'verify'", dbesc($register[0]['hash']) ); - $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", + $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_BLOCKED), intval(ACCOUNT_BLOCKED), intval($register[0]['uid']) ); - $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", + $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_PENDING), intval(ACCOUNT_PENDING), intval($register[0]['uid']) ); - $r = q("update account set account_flags = (account_flags ^ %d) where (account_flags & %d) and account_id = %d limit 1", + $r = q("update account set account_flags = (account_flags & ~%d) where (account_flags & %d)>0 and account_id = %d", intval(ACCOUNT_UNVERIFIED), intval(ACCOUNT_UNVERIFIED), intval($register[0]['uid']) @@ -510,11 +510,12 @@ function user_approve($hash) { function downgrade_accounts() { - $r = q("select * from account where not ( account_flags & %d ) + $r = q("select * from account where not ( account_flags & %d )>0 and account_expires != '%s' - and account_expires < UTC_TIMESTAMP() ", + and account_expires < %s ", intval(ACCOUNT_EXPIRED), - dbesc(NULL_DATE) + dbesc(NULL_DATE), + db_getfunc('UTC_TIMESTAMP') ); if(! $r) @@ -527,7 +528,7 @@ function downgrade_accounts() { if(($basic) && ($rr['account_service_class']) && ($rr['account_service_class'] != $basic)) { $x = q("UPDATE account set account_service_class = '%s', account_expires = '%s' - where account_id = %d limit 1", + where account_id = %d", dbesc($basic), dbesc(NULL_DATE), intval($rr['account_id']) @@ -537,7 +538,7 @@ function downgrade_accounts() { logger('downgrade_accounts: Account id ' . $rr['account_id'] . ' downgraded.'); } else { - $x = q("UPDATE account SET account_flags = (account_flags | %d) where account_id = %d limit 1", + $x = q("UPDATE account SET account_flags = (account_flags | %d) where account_id = %d", intval(ACCOUNT_EXPIRED), intval($rr['account_id']) ); diff --git a/include/acl_selectors.php b/include/acl_selectors.php index 5adafff2c..243e7a549 100644 --- a/include/acl_selectors.php +++ b/include/acl_selectors.php @@ -171,7 +171,7 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p $o .= " + {{include file="field_input.tpl" field=$adminmail}} -- cgit v1.2.3