From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 install/lib/mysql.lib.php |   25 ++++++++-----------------
 1 files changed, 8 insertions(+), 17 deletions(-)

diff --git a/install/lib/mysql.lib.php b/install/lib/mysql.lib.php
index 3a6d483..c6078ca 100644
--- a/install/lib/mysql.lib.php
+++ b/install/lib/mysql.lib.php
@@ -144,8 +144,10 @@
 				if($iPos2 !== false && ($iPos === false || $iPos2 <= $iPos)) {
 					$sTxt = $this->escape($sValue);
 
-					if(strpos($sTxt, '.') !== false) $sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
-					else $sTxt = '`' . $sTxt . '`';
+					if(strpos($sTxt, '.') !== false) {
+						$sTxt = preg_replace('/^(.+)\.(.+)$/', '`$1`.`$2`', $sTxt);
+						$sTxt = str_replace('.`*`', '.*', $sTxt);
+					} else $sTxt = '`' . $sTxt . '`';
 
 					$sQuery = substr_replace($sQuery, $sTxt, $iPos2, 2);
 					$iPos2 += strlen($sTxt);
@@ -186,8 +188,6 @@
 	}
 
 	private function _query($sQuery = '') {
-		global $app;
-
 		$this->do_connect();
 
 		if ($sQuery == '') {
@@ -204,10 +204,8 @@
 					if($this->errorNumber == '111') {
 						// server is not available
 						if($try > 9) {
-							if(isset($app) && isset($app->forceErrorExit)) {
-								$app->forceErrorExit('Database connection failure!');
-							}
-							// if we reach this, the app object is missing or has no exit method, so we continue as normal
+							$this->_sqlerror('DB::query -> error connecting');
+							exit;
 						}
 						sleep(30); // additional seconds, please!
 					}
@@ -439,18 +437,13 @@
 	 * @return string escaped string
 	 */
 	public function escape($sString) {
-		global $app;
 		if(!is_string($sString) && !is_numeric($sString)) {
-			$app->log('NON-String given in escape function! (' . gettype($sString) . ')', LOGLEVEL_INFO);
-			//$sAddMsg = getDebugBacktrace();
-			$app->log($sAddMsg, LOGLEVEL_DEBUG);
 			$sString = '';
 		}
 
 		$cur_encoding = mb_detect_encoding($sString);
 		if($cur_encoding != "UTF-8") {
 			if($cur_encoding != 'ASCII') {
-				$app->log('String ' . substr($sString, 0, 25) . '... is ' . $cur_encoding . '.', LOGLEVEL_INFO);
 				if($cur_encoding) $sString = mb_convert_encoding($sString, 'UTF-8', $cur_encoding);
 				else $sString = mb_convert_encoding($sString, 'UTF-8');
 			}
@@ -468,7 +461,7 @@
 	 * @access private
 	 */
 	private function _sqlerror($sErrormsg = 'Unbekannter Fehler', $sAddMsg = '') {
-		global $app, $conf;
+		global $conf;
 
 		$mysql_error = (is_object($this->_iConnId) ? mysqli_error($this->_iConnId) : mysqli_connect_error());
 		$mysql_errno = (is_object($this->_iConnId) ? mysqli_errno($this->_iConnId) : mysqli_connect_errno());
@@ -477,9 +470,7 @@
 
 		if($this->show_error_messages && $conf['demo_mode'] === false) {
 			echo $sErrormsg . $sAddMsg;
-		} else if(is_object($app) && method_exists($app, 'log')) {
-				$app->log($sErrormsg . $sAddMsg . ' -> ' . $mysql_errno . ' (' . $mysql_error . ')', LOGLEVEL_WARN);
-			}
+		}
 	}
 
 	public function affectedRows() {

--
Gitblit v1.9.1