From d87f76019fc231ec20d95126a7fee0487e7be5f0 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 14 Aug 2012 10:56:20 -0400
Subject: [PATCH] - Added new web folder named private to web folder layout. The folder is intended to store data that shall not be visible in the web directory, it is owned by the user of the web. - Changed ownership of web root directory to root user in all security modes to prevent symlink attacks. - Apache log files are now owned by user root. - Improved functions in system library.
---
interface/lib/classes/db_mysql.inc.php | 122 ++++++++++++++++++++--------------------
1 files changed, 60 insertions(+), 62 deletions(-)
diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php
index 8cbd2aa..8354be6 100644
--- a/interface/lib/classes/db_mysql.inc.php
+++ b/interface/lib/classes/db_mysql.inc.php
@@ -47,16 +47,17 @@
public $show_error_messages = true; // false in server, true in interface
// constructor
- public function __construct() {
+ public function __construct($prefix = '') {
global $conf;
- $this->dbHost = $conf['db_host'];
- $this->dbName = $conf['db_database'];
- $this->dbUser = $conf['db_user'];
- $this->dbPass = $conf['db_password'];
- $this->dbCharset = $conf['db_charset'];
- $this->dbNewLink = $conf['db_new_link'];
- $this->dbClientFlags = $conf['db_client_flags'];
- parent::__construct($conf['db_host'], $conf['db_user'],$conf['db_password'],$conf['db_database']);
+ if($prefix != '') $prefix .= '_';
+ $this->dbHost = $conf[$prefix.'db_host'];
+ $this->dbName = $conf[$prefix.'db_database'];
+ $this->dbUser = $conf[$prefix.'db_user'];
+ $this->dbPass = $conf[$prefix.'db_password'];
+ $this->dbCharset = $conf[$prefix.'db_charset'];
+ $this->dbNewLink = $conf[$prefix.'db_new_link'];
+ $this->dbClientFlags = $conf[$prefix.'db_client_flags'];
+ parent::__construct($conf[$prefix.'db_host'], $conf[$prefix.'db_user'],$conf[$prefix.'db_password'],$conf[$prefix.'db_database']);
if ($this->connect_error) {
$this->updateError('DB::__construct');
return false;
@@ -97,6 +98,7 @@
public function query($queryString) {
$this->queryId = parent::query($queryString);
$this->updateError('DB::query('.$queryString.') -> mysqli_query');
+ if($this->errorNumber) debug_print_backtrace();
if(!$this->queryId) {
return false;
}
@@ -143,6 +145,10 @@
public function numRows() {
return $this->queryId->num_rows;
}
+
+ public function affectedRows() {
+ return $this->queryId->affected_rows;
+ }
// returns mySQL insert id
public function insertID() {
@@ -150,14 +156,12 @@
}
- // Check der variablen
- // Really.. using quote should be phased out in favor of using bind_param's. Though, for legacy code..
- // here's the equivalent
+ //* Function to quote strings
public function quote($formfield) {
return $this->escape_string($formfield);
}
- // Check der variablen
+ //* Function to unquotae strings
public function unquote($formfield) {
return stripslashes($formfield);
}
@@ -171,44 +175,6 @@
}
return $out;
}
-
- /*
- //* These functions are deprecated and will be removed.
- function insert($tablename,$form,$debug = 0)
- {
- if(is_array($form)){
- foreach($form as $key => $value)
- {
- $sql_key .= "$key, ";
- $sql_value .= "'".$this->check($value)."', ";
- }
- $sql_key = substr($sql_key,0,strlen($sql_key) - 2);
- $sql_value = substr($sql_value,0,strlen($sql_value) - 2);
-
- $sql = "INSERT INTO $tablename (" . $sql_key . ") VALUES (" . $sql_value .")";
-
- if($debug == 1) echo "SQL-Statement: ".$sql."<br><br>";
- $this->query($sql);
- if($debug == 1) echo "mySQL Error Message: ".$this->errorMessage;
- }
- }
-
- function update($tablename,$form,$bedingung,$debug = 0)
- {
-
- if(is_array($form)){
- foreach($form as $key => $value)
- {
- $insql .= "$key = '".$this->check($value)."', ";
- }
- $insql = substr($insql,0,strlen($insql) - 2);
- $sql = "UPDATE $tablename SET " . $insql . " WHERE $bedingung";
- if($debug == 1) echo "SQL-Statement: ".$sql."<br><br>";
- $this->query($sql);
- if($debug == 1) echo "mySQL Error Message: ".$this->errorMessage;
- }
- }
- */
public function diffrec($record_old, $record_new) {
$diffrec_full = array();
@@ -246,7 +212,7 @@
}
//** Function to fill the datalog with a full differential record.
- public function datalogSave($db_table, $action, $primary_field, $primary_id, $record_old, $record_new) {
+ public function datalogSave($db_table, $action, $primary_field, $primary_id, $record_old, $record_new, $force_update = false) {
global $app,$conf;
// Insert backticks only for incomplete table names.
@@ -256,10 +222,17 @@
$escape = '`';
}
- $tmp = $this->diffrec($record_old, $record_new);
- $diffrec_full = $tmp['diff_rec'];
- $diff_num = $tmp['diff_num'];
- unset($tmp);
+ if($force_update == true) {
+ //* We force a update even if no record has changed
+ $diffrec_full = array('new' => $record_new,'old' => $record_old);
+ $diff_num = count($record_new);
+ } else {
+ //* get the difference record between old and new record
+ $tmp = $this->diffrec($record_old, $record_new);
+ $diffrec_full = $tmp['diff_rec'];
+ $diff_num = $tmp['diff_num'];
+ unset($tmp);
+ }
// Insert the server_id, if the record has a server_id
$server_id = (isset($record_old['server_id']) && $record_old['server_id'] > 0)?$record_old['server_id']:0;
@@ -286,9 +259,23 @@
//** Inserts a record and saves the changes into the datalog
public function datalogInsert($tablename, $insert_data, $index_field) {
global $app;
+
+ if(is_array($insert_data)) {
+ $key_str = '';
+ $val_str = '';
+ foreach($insert_data as $key => $val) {
+ $key_str .= "`".$key ."`,";
+ $val_str .= "'".$this->quote($val)."',";
+ }
+ $key_str = substr($key_str,0,-1);
+ $val_str = substr($val_str,0,-1);
+ $insert_data_str = '('.$key_str.') VALUES ('.$val_str.')';
+ } else {
+ $insert_data_str = $insert_data;
+ }
$old_rec = array();
- $this->query("INSERT INTO $tablename $insert_data");
+ $this->query("INSERT INTO $tablename $insert_data_str");
$index_value = $this->insertID();
$new_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
$this->datalogSave($tablename, 'INSERT', $index_field, $index_value, $old_rec, $new_rec);
@@ -297,13 +284,24 @@
}
//** Updates a record and saves the changes into the datalog
- public function datalogUpdate($tablename, $update_data, $index_field, $index_value) {
- global $app;
-
- $old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
+ public function datalogUpdate($tablename, $update_data, $index_field, $index_value, $force_update = false) {
+ global $app;
+
+ $old_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
+
+ if(is_array($update_data)) {
+ $update_data_str = '';
+ foreach($update_data as $key => $val) {
+ $update_data_str .= "`".$key ."` = '".$this->quote($val)."',";
+ }
+ $update_data_str = substr($update_data_str,0,-1);
+ } else {
+ $update_data_str = $update_data;
+ }
+
$this->query("UPDATE $tablename SET $update_data WHERE $index_field = '$index_value'");
$new_rec = $this->queryOneRecord("SELECT * FROM $tablename WHERE $index_field = '$index_value'");
- $this->datalogSave($tablename, 'UPDATE', $index_field, $index_value, $old_rec, $new_rec);
+ $this->datalogSave($tablename, 'UPDATE', $index_field, $index_value, $old_rec, $new_rec, $force_update);
return true;
}
--
Gitblit v1.9.1