ConLite
/
ConLite
1
0
Fork 0
Code Issues 22 Pull-Requests Projekte 2 Releases 2 Wiki Aktivität

changes for mysql 5.7 with strict mode

Dieser Commit ist enthalten in:
Oldperl 2017-08-10 13:35:06 +00:00
Ursprung 8edc520c7c
Commit b01fa5f486
17 geänderte Dateien mit 279 neuen und 277 gelöschten Zeilen
Statistiken anzeigen Patch-Datei herunterladen Vergleichs-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

3
conlib/db_sql_abstract.inc
Datei anzeigen

@ -755,6 +755,9 @@ abstract class DB_Sql_Abstract {
self::$_aProfileData[] = array(
'time' => $fEndTime - $fStartTime,
'query' => $sQuery
/*,
'ErrNo' => static::_getErrorNumber(),
'ErrMess' => static::_getErrorMessage()*/
);
}

4
conlib/local.php
Datei anzeigen

@ -607,8 +607,8 @@ class Contenido_Challenge_Crypt_Auth extends Auth {
$sDate = date('Y-m-d');
$this->db->query(sprintf("SELECT user_id, perms, password FROM %s WHERE username = '%s' AND
(valid_from <= '" . $sDate . "' OR valid_from = '0000-00-00' OR valid_from is NULL) AND
(valid_to >= '" . $sDate . "' OR valid_to = '0000-00-00' OR valid_to is NULL)", $this->database_table, Contenido_Security::escapeDB($username, $this->db)
(valid_from <= '" . $sDate . "' OR valid_from = '1000-01-01' OR valid_from = '0000-00-00' OR valid_from is NULL) AND
(valid_to >= '" . $sDate . "' OR valid_to = '1000-01-01' OR valid_to = '0000-00-00' OR valid_to is NULL)", $this->database_table, Contenido_Security::escapeDB($username, $this->db)
));
$sMaintenanceMode = getSystemProperty('maintenance', 'mode');

4
conlite/classes/class.request.password.php
Datei anzeigen

@ -278,8 +278,8 @@ class RequestPassword {
//check if requested username exists, also get email and timestamp when user last requests a new password (last_pw_request)
$sSql = "SELECT username, last_pw_request, email FROM ".$this->aCfg["tab"]["phplib_auth_user_md5"]."
WHERE username = '".$this->oDb->escape($this->sUsername)."'
AND ( valid_from <= NOW() OR valid_from = '0000-00-00')
AND ( valid_to >= NOW() OR valid_to = '0000-00-00' )";
AND ( valid_from <= NOW() OR valid_from = '0000-00-00' OR valid_from = '1000-01-01')
AND ( valid_to >= NOW() OR valid_to = '0000-00-00'OR valid_to = '1000-01-01' )";
$this->oDb->query($sSql);
if ($this->oDb->next_record() && md5($this->sUsername) == md5($this->oDb->f('username'))) {

4
conlite/classes/class.user.php
Datei anzeigen

@ -626,8 +626,8 @@ class User
perms LIKE \"%sysadmin%\"";
if ($forceActive === true) {
$sql.= " AND (valid_from <= NOW() OR valid_from = '0000-00-00')
AND (valid_to >= NOW() OR valid_to = '0000-00-00') ";
$sql.= " AND (valid_from <= NOW() OR valid_from = '0000-00-00' OR valid_from = '1000-01-01')
AND (valid_to >= NOW() OR valid_to = '0000-00-00' OR valid_to = '1000-01-01') ";
}
$db->query($sql);

10
conlite/cronjobs/setfrontenduserstate.php
Datei anzeigen

@ -48,11 +48,11 @@ if (!isRunningFromWeb() || function_exists("runJob") || $area == "cronjobs")
$db = new DB_ConLite();
$sSql = "UPDATE " . $cfg['tab']['frontendusers'] . "
SET active = 0
WHERE
(valid_to < NOW() AND valid_to != '0000-00-00 00:00:00')
OR
(valid_from > NOW() AND valid_from != '0000-00-00 00:00:00') ";
SET active = 0
WHERE
(valid_to < NOW() AND valid_to != '0000-00-00' AND valid_to != '1000-01-01')
OR
(valid_from > NOW() AND valid_from != '0000-00-00' AND valid_from != '1000-01-01')";
//echo $sSql;
$db->query($sSql);

127
conlite/includes/functions.database.php
Datei anzeigen

@ -1,4 +1,5 @@
<?php
/**
* Project:
* Contenido Content Management System
@ -29,25 +30,22 @@
* }}
*
*/
if(!defined('CON_FRAMEWORK')) {
if (!defined('CON_FRAMEWORK')) {
die('Illegal call');
}
/**
* Returns existing indexes of a specific table.
* @param DB_ConLite $db
* @param string $table
* @return array Assoziative array where the key and the value is the index name
*/
function dbGetIndexes($db, $table)
{
function dbGetIndexes($db, $table) {
if (!is_object($db)) {
return false;
}
$sql = "SHOW INDEX FROM ".Contenido_Security::escapeDB($table, $db);
$sql = "SHOW INDEX FROM " . Contenido_Security::escapeDB($table, $db);
$db->query($sql);
$indexes = array();
@ -59,7 +57,6 @@ function dbGetIndexes($db, $table)
return ($indexes);
}
/**
* Updates a specific table. Used e. g. by Contenido setup to create or update
* tables.
@ -98,9 +95,7 @@ function dbGetIndexes($db, $table)
* @param bool $bRemoveIndexes Flag to remove all indexes
* @return bool
*/
function dbUpgradeTable($db, $table, $field, $type, $null, $key, $default, $extra,
$upgradeStatement, $bRemoveIndexes = false)
{
function dbUpgradeTable($db, $table, $field, $type, $null, $key, $default, $extra, $upgradeStatement, $bRemoveIndexes = false) {
global $columnCache;
global $tableCache;
@ -109,7 +104,7 @@ function dbUpgradeTable($db, $table, $field, $type, $null, $key, $default, $extr
}
$bDebug = false;
if (($table == 'pica_alloc') && ($field == 'parentid')) {
if (($table == 'pica_alloc') && ($field == 'parentid')) {
$bDebug = true;
}
@ -134,14 +129,14 @@ function dbUpgradeTable($db, $table, $field, $type, $null, $key, $default, $extr
// Parameter check for $default. If set, create a default value
if ($default != "") {
if (((strpos($type, 'timestamp') !== FALSE) && ($default != '')) || ($default == 'NULL')) {
$parameter['DEFAULT'] = "DEFAULT ".Contenido_Security::escapeDB($default, $db);
$parameter['DEFAULT'] = "DEFAULT " . Contenido_Security::escapeDB($default, $db);
} else {
$parameter['DEFAULT'] = "DEFAULT '".Contenido_Security::escapeDB($default, $db)."'";
$parameter['DEFAULT'] = "DEFAULT '" . Contenido_Security::escapeDB($default, $db) . "'";
}
}
if (!dbTableExists($db, $table)) {
$createTable = " CREATE TABLE ".Contenido_Security::escapeDB($table, $db)." (".Contenido_Security::escapeDB($field, $db)." $type ".$parameter['NULL']." ".$parameter['DEFAULT']." ".$parameter['KEY'] .") ENGINE = MYISAM";
$createTable = " CREATE TABLE " . Contenido_Security::escapeDB($table, $db) . " (" . Contenido_Security::escapeDB($field, $db) . " $type " . $parameter['NULL'] . " " . $parameter['DEFAULT'] . " " . $parameter['KEY'] . ") ENGINE = MYISAM";
$db->query($createTable);
$tableCache[] = $table;
return true;
@ -154,8 +149,8 @@ function dbUpgradeTable($db, $table, $field, $type, $null, $key, $default, $extr
if ($structure[$field]['NULL'] == "") {
$structure[$field]['NULL'] = "NOT NULL";
}
$alterField = "ALTER TABLE ".Contenido_Security::escapeDB($table, $db)." CHANGE COLUMN ".Contenido_Security::escapeDB($field, $db)." ".Contenido_Security::escapeDB($field, $db)."
".Contenido_Security::escapeDB($type, $db)." ".$structure[$field]['NULL']." ".$structure[$field]['DEFAULT']." ".$structure[$field]['KEY'];
$alterField = "ALTER TABLE " . Contenido_Security::escapeDB($table, $db) . " CHANGE COLUMN " . Contenido_Security::escapeDB($field, $db) . " " . Contenido_Security::escapeDB($field, $db) . "
" . Contenido_Security::escapeDB($type, $db) . " " . $structure[$field]['NULL'] . " " . $structure[$field]['DEFAULT'] . " " . $structure[$field]['KEY'];
$db->query($alterField);
}
@ -167,12 +162,12 @@ function dbUpgradeTable($db, $table, $field, $type, $null, $key, $default, $extr
foreach ($indexes as $index) {
if ($index == "PRIMARY") {
if ($structure[$field]['Key'] == "PRI") {
$sql = " ALTER TABLE ".Contenido_Security::escapeDB($table, $db)." DROP PRIMARY KEY";
$sql = " ALTER TABLE " . Contenido_Security::escapeDB($table, $db) . " DROP PRIMARY KEY";
} else {
$sql = "";
}
} else {
$sql = " ALTER TABLE ".Contenido_Security::escapeDB($table, $db)."' DROP INDEX ".Contenido_Security::escapeDB($index, $db);
$sql = " ALTER TABLE " . Contenido_Security::escapeDB($table, $db) . "' DROP INDEX " . Contenido_Security::escapeDB($index, $db);
}
$db->query($sql);
@ -191,7 +186,7 @@ function dbUpgradeTable($db, $table, $field, $type, $null, $key, $default, $extr
$field = substr($field, 0, $sepPos);
}
if (!array_key_exists($field,$structure)) {
if (!array_key_exists($field, $structure)) {
// HerrB: Search field using $previousName
$blnFound = false;
if ($previousName != "") {
@ -199,7 +194,7 @@ function dbUpgradeTable($db, $table, $field, $type, $null, $key, $default, $extr
foreach ($arrPreviousName as $strPrevious) {
// Maybe someone has used field1, field2, ..., trim spaces
$strPrevious = trim($strPrevious);
if (array_key_exists($strPrevious,$structure)) {
if (array_key_exists($strPrevious, $structure)) {
$blnFound = true;
break;
}
@ -209,11 +204,11 @@ function dbUpgradeTable($db, $table, $field, $type, $null, $key, $default, $extr
if ($blnFound) {
// Rename column, update array, proceed
if ($structure[$strPrevious]['Null'] == 'YES') {
$alterField = " ALTER TABLE `".Contenido_Securiy::escapeDB($table, $db)."` CHANGE COLUMN `".Contenido_Security::escapeDB($strPrevious, $db)."` `".Contenido_Security::escapeDB($field, $db)."`
".$structure[$strPrevious]['Type']." DEFAULT '".$structure[$strPrevious]['Default']."'";
$alterField = " ALTER TABLE `" . Contenido_Securiy::escapeDB($table, $db) . "` CHANGE COLUMN `" . Contenido_Security::escapeDB($strPrevious, $db) . "` `" . Contenido_Security::escapeDB($field, $db) . "`
" . $structure[$strPrevious]['Type'] . " DEFAULT '" . $structure[$strPrevious]['Default'] . "'";
} else {
$alterField = " ALTER TABLE `".Contenido_Security::escapeDB($table, $db)."` CHANGE COLUMN `".Contenido_Security::escapeDB($strPrevious, $db)."` `".Contenido_Security::escapeDB($field, $db)."`
".$structure[$strPrevious]['Type']." NOT NULL DEFAULT '".$structure[$strPrevious]['Default']."'";
$alterField = " ALTER TABLE `" . Contenido_Security::escapeDB($table, $db) . "` CHANGE COLUMN `" . Contenido_Security::escapeDB($strPrevious, $db) . "` `" . Contenido_Security::escapeDB($field, $db) . "`
" . $structure[$strPrevious]['Type'] . " NOT NULL DEFAULT '" . $structure[$strPrevious]['Default'] . "'";
}
$db->query($alterField);
@ -221,11 +216,28 @@ function dbUpgradeTable($db, $table, $field, $type, $null, $key, $default, $extr
$columnCache[$table] = "";
$structure = dbGetColumns($db, $table);
} else {
// Add column as specified
$createField = " ALTER TABLE ".Contenido_Security::escapeDB($table, $db)." ADD COLUMN ".Contenido_Security::escapeDB($field, $db)." ".Contenido_Security::escapeDB($type, $db)."
".$parameter['NULL']." ".$parameter['DEFAULT']." ".$parameter['KEY'];
switch ($type) {
case "datetime":
if ($parameter['DEFAULT'] == "DEFAULT '0000-00-00 00:00:00'") {
$parameter['DEFAULT'] = "DEFAULT '1000-01-01 00:00:00'";
}
break;
case "date":
if ($parameter['DEFAULT'] == "DEFAULT '0000-00-00'") {
$parameter['DEFAULT'] = "DEFAULT '1000-01-01'";
}
break;
}
$createField = " ALTER TABLE " . Contenido_Security::escapeDB($table, $db) . " ADD COLUMN " . Contenido_Security::escapeDB($field, $db) . " " . Contenido_Security::escapeDB($type, $db) . "
" . $parameter['NULL'] . " " . $parameter['DEFAULT'] . " " . $parameter['KEY'];
$db->query($createField);
if ($bDebug) {echo 'createField:'.$createField.'<br />';}
$sDebugData = sprintf("%s:%s:ErrorNo. %s:%s\n", $createField, $parameter['DEFAULT'], $db->getErrorNumber(), $db->getErrorMessage());
file_put_contents('../data/logs/setup_queries.txt', $sDebugData, FILE_APPEND);
if ($bDebug) {
echo 'createField:' . $createField . '<br />';
}
$columnCache[$table] = "";
return true;
}
@ -235,15 +247,15 @@ if ($bDebug) {echo 'createField:'.$createField.'<br />';}
// Third check: Compare field properties
if (($structure[$field]['Type'] != $type) ||
($structure[$field]['Null'] != $null) ||
($structure[$field]['Key'] != $key) ||
($structure[$field]['Default'] != $default) ||
($structure[$field]['Extra'] != $extra)) {
($structure[$field]['Null'] != $null) ||
($structure[$field]['Key'] != $key) ||
($structure[$field]['Default'] != $default) ||
($structure[$field]['Extra'] != $extra)) {
if ($structure[$field]['Key'] == "PRI") {
$alterField = " ALTER TABLE ".Contenido_Security::escapeDB($table, $db)." ADD PRIMARY KEY ('".Contenido_Security::escapeDB($field, $db)."') ";
$alterField = " ALTER TABLE " . Contenido_Security::escapeDB($table, $db) . " ADD PRIMARY KEY ('" . Contenido_Security::escapeDB($field, $db) . "') ";
} else {
$alterField = " ALTER TABLE ".Contenido_Security::escapeDB($table, $db)." CHANGE COLUMN $field $field $type ".$parameter['NULL']." ".$parameter['DEFAULT']." ".$parameter['KEY'];
$alterField = " ALTER TABLE " . Contenido_Security::escapeDB($table, $db) . " CHANGE COLUMN $field $field $type " . $parameter['NULL'] . " " . $parameter['DEFAULT'] . " " . $parameter['KEY'];
}
$db->query($alterField);
@ -254,15 +266,13 @@ if ($bDebug) {echo 'createField:'.$createField.'<br />';}
return true;
}
/**
* Checks, if passed table exists in the database
* @param DB_ConLite $db
* @param string $table
* @return bool
*/
function dbTableExists($db, $table)
{
function dbTableExists($db, $table) {
global $tableCache;
if (!is_object($db)) {
@ -287,15 +297,13 @@ function dbTableExists($db, $table)
}
}
/**
* Returns the column structure of a table
* @param DB_ConLite $db
* @param string $table
* @return array|bool Either assoziative column array or false
*/
function dbGetColumns($db, $table)
{
function dbGetColumns($db, $table) {
global $columnCache;
if (!is_object($db)) {
@ -306,7 +314,7 @@ function dbGetColumns($db, $table)
return $columnCache[$table];
}
$sql = "SHOW COLUMNS FROM ".Contenido_Security::escapeDB($table, $db);
$sql = "SHOW COLUMNS FROM " . Contenido_Security::escapeDB($table, $db);
$db->query($sql);
$structure = array();
@ -320,15 +328,13 @@ function dbGetColumns($db, $table)
return $structure;
}
/**
* Returns the primary key column of a table
* @param DB_ConLite $db
* @param string $table
* @return string
*/
function dbGetPrimaryKeyName($db, $table)
{
function dbGetPrimaryKeyName($db, $table) {
$sReturn = "";
$structure = dbGetColumns($db, $table);
@ -343,7 +349,6 @@ function dbGetPrimaryKeyName($db, $table)
return $sReturn;
}
/**
* Updates the sequence table, stores the highest primary key value of a table in it.
* Retrieves the primary key field of the table, retrieves the highes value and
@ -353,8 +358,7 @@ function dbGetPrimaryKeyName($db, $table)
* @param string $table Name of table
* @param DB_ConLite|bool $db Database instance or false
*/
function dbUpdateSequence($sequencetable, $table, $db = false)
{
function dbUpdateSequence($sequencetable, $table, $db = false) {
if ($db === false) {
$bClose = true;
$db = new DB_Upgrade;
@ -365,7 +369,7 @@ function dbUpdateSequence($sequencetable, $table, $db = false)
$key = dbGetPrimaryKeyName($db, $table);
if ($key != "" && $key != $sequencetable) {
$sql = "SELECT ".Contenido_Security::escapeDB($key, $db)." FROM ". Contenido_Security::escapeDB($table, $db) ." ORDER BY " . Contenido_Security::escapeDB($key, $db) ." DESC";
$sql = "SELECT " . Contenido_Security::escapeDB($key, $db) . " FROM " . Contenido_Security::escapeDB($table, $db) . " ORDER BY " . Contenido_Security::escapeDB($key, $db) . " DESC";
$db->query($sql);
if ($db->next_record()) {
@ -374,10 +378,10 @@ function dbUpdateSequence($sequencetable, $table, $db = false)
$highestval = 0;
}
$sql = "DELETE FROM " . Contenido_Security::escapeDB($sequencetable, $db) . " WHERE seq_name = '".Contenido_Security::escapeDB($table, $db)."'";
$sql = "DELETE FROM " . Contenido_Security::escapeDB($sequencetable, $db) . " WHERE seq_name = '" . Contenido_Security::escapeDB($table, $db) . "'";
$db->query($sql);
$sql = "INSERT INTO " . Contenido_Security::escapeDB($sequencetable, $db) ." SET seq_name = '".Contenido_Security::escapeDB($table, $db)."', nextid = '".Contenido_Security::toInteger($highestval)."'";
$sql = "INSERT INTO " . Contenido_Security::escapeDB($sequencetable, $db) . " SET seq_name = '" . Contenido_Security::escapeDB($table, $db) . "', nextid = '" . Contenido_Security::toInteger($highestval) . "'";
$db->query($sql);
}
@ -386,13 +390,11 @@ function dbUpdateSequence($sequencetable, $table, $db = false)
}
}
/**
* @deprecated
* @since 2008-07-11
*/
function dbDumpStructure($db, $table, $return = false)
{
function dbDumpStructure($db, $table, $return = false) {
/* this function is deprecated since Contenido 4.8.7 - 2008-07-11 */
return;
}
@ -401,8 +403,7 @@ function dbDumpStructure($db, $table, $return = false)
* @deprecated
* @since 2008-07-11
*/
function dbDumpArea($db, $id)
{
function dbDumpArea($db, $id) {
/* this function is deprecated since Contenido 4.8.7 - 2008-07-11 */
return;
}
@ -411,8 +412,7 @@ function dbDumpArea($db, $id)
* @deprecated
* @since 2008-07-11
*/
function dbDumpAreasAsArray($arrayname, $db)
{
function dbDumpAreasAsArray($arrayname, $db) {
/* this function is deprecated since Contenido 4.8.7 - 2008-07-11 */
return;
}
@ -421,8 +421,7 @@ function dbDumpAreasAsArray($arrayname, $db)
* @deprecated
* @since 2008-07-11
*/
function dbDumpNavSub($arrayname, $db, $nextidarea)
{
function dbDumpNavSub($arrayname, $db, $nextidarea) {
/* this function is deprecated since Contenido 4.8.7 - 2008-07-11 */
return;
}
@ -431,8 +430,7 @@ function dbDumpNavSub($arrayname, $db, $nextidarea)
* @deprecated
* @since 2008-07-11
*/
function dbInsertData($table, $data)
{
function dbInsertData($table, $data) {
/* this function is deprecated since Contenido 4.8.7 - 2008-07-11 */
return;
}
@ -441,8 +439,7 @@ function dbInsertData($table, $data)
* @deprecated
* @since 2008-07-11
*/
function dbDumpData($table)
{
function dbDumpData($table) {
/* this function is deprecated since Contenido 4.8.7 - 2008-07-11 */
return;
}
@ -451,9 +448,9 @@ function dbDumpData($table)
* @deprecated
* @since 2008-07-11
*/
function dbUpgradeData($table, $valuesArray)
{
function dbUpgradeData($table, $valuesArray) {
/* this function is deprecated since Contenido 4.8.7 - 2008-07-11 */
return;
}
?>

3
conlite/includes/functions.system.php
Datei anzeigen

@ -311,7 +311,8 @@ function writeSystemValuesOutput($usage)
a.idclient
FROM
".$cfg["tab"]["clients"]." a
GROUP BY a.name";
GROUP BY a.name,
a.idclient";
$db->query($sql);
// create 'value' output

11
conlite/includes/include.con_str_overview.php
Datei anzeigen

@ -491,7 +491,7 @@ if ($syncoptions == -1) {
$sql2 = "SELECT
c.idcat AS idcat,
SUM(a.online) AS online,
d.startidartlang
d.startidartlang
FROM
" . $cfg["tab"]["art_lang"] . " AS a,
" . $cfg["tab"]["art"] . " AS b,
@ -503,7 +503,8 @@ if ($syncoptions == -1) {
b.idclient = '" . Contenido_Security::toInteger($client) . "' AND
b.idart = c.idart AND
c.idcat = d.idcat
GROUP BY c.idcat
GROUP BY c.idcat,
d.startidartlang
";
}
} else {
@ -525,7 +526,7 @@ if ($syncoptions == -1) {
$sql2 = "SELECT
c.idcat AS idcat,
SUM(a.online) AS online,
d.startidartlang
d.startidartlang
FROM
" . $cfg["tab"]["art_lang"] . " AS a,
" . $cfg["tab"]["art"] . " AS b,
@ -536,7 +537,8 @@ if ($syncoptions == -1) {
b.idclient = '" . Contenido_Security::toInteger($client) . "' AND
b.idart = c.idart AND
c.idcat = d.idcat
GROUP BY c.idcat";
GROUP BY c.idcat,
d.startidartlang";
}
}
@ -675,6 +677,7 @@ $sql = "SELECT DISTINCT " .
"b.visible, " .
"b.public, " .
"c.level, " .
"c.idtree, " .
"d.idtpl " .
$sql_fallback_lang_field.
"FROM {$cfg['tab']['cat']} AS a " .

10
conlite/includes/include.rights_menu.php
Datei anzeigen

@ -141,8 +141,14 @@ while ($cApiUser = $cApiUserCollection->next())
$iMenu++;
if (($sToday < $cApiUser->get("valid_from") && ($cApiUser->get("valid_from") != '0000-00-00' && $cApiUser->get("valid_from") != '')) ||
($sToday > $cApiUser->get("valid_to") && ($cApiUser->get("valid_to") != '0000-00-00') && $cApiUser->get("valid_from") != '')) {
if (($sToday < $cApiUser->get("valid_from")
&& $cApiUser->get("valid_from") != '0000-00-00'
&& $cApiUser->get("valid_from") != '1000-01-01'
&& $cApiUser->get("valid_from") != '')
|| ($sToday > $cApiUser->get("valid_to")
&& $cApiUser->get("valid_to") != '0000-00-00'
&& $cApiUser->get("valid_to") != '1000-01-01'
&& $cApiUser->get("valid_from") != '')) {
$mlist->setTitle($iMenu, '<span style="color:#b3b3b8">'.$cApiUser->get("username")."<br>".$cApiUser->get("realname").'</span>');
} else {
$mlist->setTitle($iMenu, $cApiUser->get("username")."<br>".$cApiUser->get("realname"));

1
conlite/includes/include.rights_overview.php
Datei anzeigen

@ -403,6 +403,7 @@ $tpl->next();
$sCurrentValueTo = str_replace('00:00:00', '', $oUser->getField('valid_to'));
$sCurrentValueTo = trim(str_replace('0000-00-00', '', $sCurrentValueTo));
$sCurrentValueTo = trim(str_replace('1000-01-01', '', $sCurrentValueTo));
$sInputValidTo = '<input type="text" id="valid_to" name="valid_to" value="'.$sCurrentValueTo.'" />&nbsp;<img src="images/calendar.gif" id="trigger_to" /">';
$sInputValidTo .= '<script type="text/javascript">

6
conlite/includes/main.login.php
Datei anzeigen

@ -83,11 +83,11 @@ if (file_exists(dirname(dirname(dirname(__FILE__)))."/setup")) {
$sDate = date('Y-m-d');
$sSQL = "SELECT * FROM ".$cfg["tab"]["phplib_auth_user_md5"]."
WHERE (username = 'sysadmin' AND password = '48a365b4ce1e322a55ae9017f3daf0c0'
AND (valid_from <= '".Contenido_Security::escapeDB($sDate, $db)."' OR valid_from = '0000-00-00' OR valid_from is NULL) AND
AND (valid_from <= '".Contenido_Security::escapeDB($sDate, $db)."' OR valid_from = '0000-00-00' OR valid_from = '1000-01-01' OR valid_from is NULL) AND
(valid_to >= '".Contenido_Security::escapeDB($sDate, $db)."' OR valid_to = '0000-00-00' OR valid_to is NULL))
OR (username = 'admin' AND password = '21232f297a57a5a743894a0e4a801fc3'
AND (valid_from <= '".Contenido_Security::escapeDB($sDate, $db)."' OR valid_from = '0000-00-00' OR valid_from is NULL) AND
(valid_to >= '".Contenido_Security::escapeDB($sDate, $db)."' OR valid_to = '0000-00-00' OR valid_to is NULL))
AND (valid_from <= '".Contenido_Security::escapeDB($sDate, $db)."' OR valid_from = '0000-00-00' OR valid_from = '1000-01-01' OR valid_from is NULL) AND
(valid_to >= '".Contenido_Security::escapeDB($sDate, $db)."' OR valid_to = '0000-00-00' OR valid_to = '1000-01-01' OR valid_to is NULL))
";
$db->query($sSQL);

5
conlite/plugins/frontendusers/valid_from/valid_from.php
Datei anzeigen

@ -17,7 +17,7 @@ function frontendusers_valid_from_display ()
$currentValue = $feuser->get("valid_from");
if ($currentValue == '') {
$currentValue = '0000-00-00';
$currentValue = '1000-01-01';
}
$currentValue = str_replace('00:00:00', '', $currentValue);
@ -58,7 +58,8 @@ function frontendusers_valid_from_store ($variables) {
if(Contenido_Security::isMySQLDate($variables["valid_from"], true)
|| Contenido_Security::isMySQLDateTime($variables["valid_from"], true)
|| empty($variables["valid_from"])
|| $variables["valid_from"] == "0000-00-00") {
|| $variables["valid_from"] == "0000-00-00"
|| $variables["valid_from"] == "1000-01-01") {
$feuser->set("valid_from", $variables["valid_from"], false);
}

5
conlite/plugins/frontendusers/valid_to/valid_to.php
Datei anzeigen

@ -16,7 +16,7 @@ function frontendusers_valid_to_display ()
$currentValue = $feuser->get("valid_to");
if ($currentValue == '') {
$currentValue = '0000-00-00';
$currentValue = '1000-01-01';
}
$currentValue = str_replace('00:00:00', '', $currentValue);
@ -54,7 +54,8 @@ function frontendusers_valid_to_store ($variables) {
if(Contenido_Security::isMySQLDate($variables["valid_to"], true)
|| Contenido_Security::isMySQLDateTime($variables["valid_to"], true)
|| empty($variables["valid_to"])
|| $variables["valid_to"] == "0000-00-00") {
|| $variables["valid_to"] == "0000-00-00"
|| $variables["valid_to"] == "1000-01-01") {
$feuser->set("valid_to", $variables["valid_to"], false);
}

43
setup/dbupdate.php
Datei anzeigen

@ -1,5 +1,6 @@
<?php
/**
/**
* Project:
* Contenido Content Management System
*
@ -17,7 +18,6 @@
*
* $Id: dbupdate.php 377 2015-11-09 19:10:37Z oldperl $:
*/
if (!defined('CON_FRAMEWORK')) {
define('CON_FRAMEWORK', true);
}
@ -73,7 +73,7 @@ while (($data = fgetcsv($file, 4000, ';')) !== false) {
} else {
$drop = false;
}
dbUpgradeTable($db, $_SESSION['dbprefix'].'_'.$data[0], $data[1], $data[2], $data[3], $data[4], $data[5], $data[6], '', $drop);
dbUpgradeTable($db, $_SESSION['dbprefix'] . '_' . $data[0], $data[1], $data[2], $data[3], $data[4], $data[5], $data[6], '', $drop);
if ($db->errno != 0) {
$_SESSION['install_failedupgradetable'] = true;
@ -99,7 +99,7 @@ while (($data = fgetcsv($file, 4000, ';')) !== false) {
} else {
$drop = false;
}
dbUpgradeTable($db, $_SESSION['dbprefix'].'_'.$data[0], $data[1], $data[2], $data[3], $data[4], $data[5], $data[6], '', $drop);
dbUpgradeTable($db, $_SESSION['dbprefix'] . '_' . $data[0], $data[1], $data[2], $data[3], $data[4], $data[5], $data[6], '', $drop);
if ($db->errno != 0) {
$_SESSION['install_failedupgradetable'] = true;
@ -163,7 +163,7 @@ $fullChunks = array_merge($fullChunks, $pluginChunks);
list($root_path, $root_http_path) = getSystemDirectories();
$totalsteps = ceil($fullcount/50) + count($fullChunks) + 1;
$totalsteps = ceil($fullcount / 50) + count($fullChunks) + 1;
foreach ($fullChunks as $fullChunk) {
$step++;
if ($step == $currentstep) {
@ -191,7 +191,7 @@ foreach ($fullChunks as $fullChunk) {
$percent = intval((100 / $totalsteps) * ($currentstep));
$width = ((700 / 100) * $percent) + 10;
echo '<script type="text/javascript">parent.updateProgressbar('.$percent.');</script>';
echo '<script type="text/javascript">parent.updateProgressbar(' . $percent . ');</script>';
//echo '<script type="text/javascript">parent.document.getElementById("progressbar").style.width = '.$width.';</script>';
if ($currentstep < $totalsteps) {
printf('<script type="text/javascript">window.setTimeout("nextStep()", 10); function nextStep () { window.location.href=\'dbupdate.php?step=%s\'; }</script>', $currentstep + 1);
@ -215,28 +215,28 @@ if ($currentstep < $totalsteps) {
}
foreach ($tables as $table) {
dbUpdateSequence($_SESSION['dbprefix'].'_sequence', $table, $db);
dbUpdateSequence($_SESSION['dbprefix'] . '_sequence', $table, $db);
}
updateContenidoVersion($db, $_SESSION['dbprefix'].'_system_prop', C_SETUP_VERSION);
updateSystemProperties($db, $_SESSION['dbprefix'].'_system_prop');
updateContenidoVersion($db, $_SESSION['dbprefix'] . '_system_prop', C_SETUP_VERSION);
updateSystemProperties($db, $_SESSION['dbprefix'] . '_system_prop');
if (isset($_SESSION['sysadminpass']) && $_SESSION['sysadminpass'] != '') {
updateSysadminPassword($db, $_SESSION['dbprefix'].'_phplib_auth_user_md5', 'sysadmin');
updateSysadminPassword($db, $_SESSION['dbprefix'] . '_phplib_auth_user_md5', 'sysadmin');
}
$sql = 'DELETE FROM %s';
$db->query(sprintf($sql, $_SESSION['dbprefix'].'_code'));
$db->query(sprintf($sql, $_SESSION['dbprefix'] . '_code'));
// As con_code has been emptied, force code creation (on update)
$sql = "UPDATE %s SET createcode = '1'";
$db->query(sprintf($sql, $_SESSION['dbprefix'].'_cat_art'));
$db->query(sprintf($sql, $_SESSION['dbprefix'] . '_cat_art'));
if ($_SESSION['setuptype'] == 'migration') {
$aClients = listClients($db, $_SESSION['dbprefix'].'_clients');
$aClients = listClients($db, $_SESSION['dbprefix'] . '_clients');
foreach ($aClients as $iIdClient => $aInfo) {
updateClientPath($db, $_SESSION['dbprefix'].'_clients', $iIdClient, $_SESSION['frontendpath'][$iIdClient], $_SESSION['htmlpath'][$iIdClient]);
updateClientPath($db, $_SESSION['dbprefix'] . '_clients', $iIdClient, $_SESSION['frontendpath'][$iIdClient], $_SESSION['htmlpath'][$iIdClient]);
}
}
@ -244,7 +244,7 @@ if ($currentstep < $totalsteps) {
if ($_SESSION['setuptype'] == 'upgrade') {
$sql = "SELECT is_start FROM %s WHERE is_start = 1";
$db->query(sprintf($sql, $_SESSION['dbprefix'].'_cat_art'));
$db->query(sprintf($sql, $_SESSION['dbprefix'] . '_cat_art'));
if ($db->next_record()) {
$_SESSION['start_compatible'] = true;
@ -256,15 +256,26 @@ if ($currentstep < $totalsteps) {
injectSQL($db, $_SESSION['dbprefix'], 'data/indexes.sql', array(), $aNothing);
// logging query stuff
$aSqlArray = $db->getProfileData();
if (is_array($aSqlArray) && count($aSqlArray) > 0) {
$fp = fopen('../data/logs/setup_queries.txt', 'w');
foreach ($aSqlArray as $failedChunk) {
fwrite($fp, print_r($aSqlArray, TRUE));
}
fclose($fp);
}
printf('<script type="text/javascript">parent.document.getElementById("installing").style.visibility="hidden";parent.document.getElementById("installingdone").style.visibility="visible";</script>');
printf('<script type="text/javascript">parent.document.getElementById("next").style.visibility="visible"; window.setTimeout("nextStep()", 10); function nextStep () { window.location.href=\'makeconfig.php\'; }</script>');
}
function txtFileToArray($sFile) {
$aFileArray = array();
if(file_exists($sFile) && is_readable($sFile)) {
if (file_exists($sFile) && is_readable($sFile)) {
$aFileArray = explode("\n", file_get_contents($sFile));
}
return $aFileArray;
}
?>

6
setup/lib/functions.mysql.php
Datei anzeigen

@ -64,7 +64,9 @@ function doMySQLConnect ($host, $username, $password)
),
);
$db = new DB_Contenido($aOptions);
$sFile = '../data/logs/setup_queries.txt';
file_put_contents($sFile, $db->getServerInfo(), FILE_APPEND);
chmod($sFile, 0666);
if ($db->connect() == 0)
{
return array($db, false);
@ -98,6 +100,8 @@ function getSetupMySQLDBConnection($full = true)
'sequenceTable' => $_SESSION['dbprefix'].'_sequence'
);
}
//$aOptions['enableProfiling'] = TRUE;
$db = new DB_Contenido($aOptions);
return $db;
}

312
setup/lib/functions.sql.php
Datei anzeigen

@ -1,4 +1,5 @@
<?php
/**
* Project:
* Contenido Content Management System
@ -27,206 +28,177 @@
* }}
*
*/
if(!defined('CON_FRAMEWORK')) {
die('Illegal call');
if (!defined('CON_FRAMEWORK')) {
die('Illegal call');
}
function injectSQL(&$db, $prefix, $file, $replacements = array(), &$failedChunks) {
$file = trim($file);
if (!isReadable($file)) {
return false;
}
function injectSQL ($db, $prefix, $file, $replacements = array(), &$failedChunks)
{
$file = trim($file);
if (!isReadable($file))
{
return false;
}
$sqlFile = file_get_contents($file);
$sqlFile = remove_comments($sqlFile);
$sqlFile = remove_remarks($sqlFile);
$sqlFile = str_replace("!PREFIX!", $prefix, $sqlFile);
$sqlFile = trim($sqlFile);
$sqlChunks = split_sql_file(trim($sqlFile), ";");
foreach ($sqlChunks as $sqlChunk)
{
foreach ($replacements as $find => $replace)
{
$sqlChunk = str_replace($find, $replace, $sqlChunk);
}
$db->query($sqlChunk);
$sqlFile = file_get_contents($file);
if ($db->Errno != 0)
{
$failedChunks[] = array("sql" => $sqlChunk, "errno" => $db->Errno, "error" => $db->Error);
}
}
return true;
$sqlFile = remove_comments($sqlFile);
$sqlFile = remove_remarks($sqlFile);
$sqlFile = str_replace("!PREFIX!", $prefix, $sqlFile);
$sqlFile = trim($sqlFile);
$sqlChunks = split_sql_file(trim($sqlFile), ";");
foreach ($sqlChunks as $sqlChunk) {
foreach ($replacements as $find => $replace) {
$sqlChunk = str_replace($find, $replace, $sqlChunk);
}
$db->query($sqlChunk);
if ($db->Errno != 0) {
$failedChunks[] = array("sql" => $sqlChunk, "errno" => $db->Errno, "error" => $db->Error);
}
}
return true;
}
//
// remove_comments will strip the sql comment lines out of an uploaded sql file
// specifically for mssql and postgres type files in the install....
//
function remove_comments(&$output)
{
$lines = explode("\n", $output);
$output = "";
function remove_comments(&$output) {
$lines = explode("\n", $output);
$output = "";
// try to keep mem. use down
$linecount = count($lines);
// try to keep mem. use down
$linecount = count($lines);
$in_comment = false;
for($i = 0; $i < $linecount; $i++)
{
if( preg_match("/^\/\*/", preg_quote($lines[$i])) )
{
$in_comment = true;
}
$in_comment = false;
for ($i = 0; $i < $linecount; $i++) {
if (preg_match("/^\/\*/", preg_quote($lines[$i]))) {
$in_comment = true;
}
if( !$in_comment )
{
$output .= $lines[$i] . "\n";
}
if (!$in_comment) {
$output .= $lines[$i] . "\n";
}
if( preg_match("/\*\/$/", preg_quote($lines[$i])) )
{
$in_comment = false;
}
}
if (preg_match("/\*\/$/", preg_quote($lines[$i]))) {
$in_comment = false;
}
}
unset($lines);
return $output;
unset($lines);
return $output;
}
//
// remove_remarks will strip the sql comment lines out of an uploaded sql file
//
function remove_remarks($sql)
{
$lines = explode("\n", $sql);
// try to keep mem. use down
$sql = "";
$linecount = count($lines);
$output = "";
function remove_remarks($sql) {
$lines = explode("\n", $sql);
for ($i = 0; $i < $linecount; $i++)
{
if (($i != ($linecount - 1)) || (strlen($lines[$i]) > 0))
{
if ($lines[$i][0] != "#")
{
$output .= $lines[$i] . "\n";
}
else
{
$output .= "\n";
}
// Trading a bit of speed for lower mem. use here.
$lines[$i] = "";
}
}
return $output;
// try to keep mem. use down
$sql = "";
$linecount = count($lines);
$output = "";
for ($i = 0; $i < $linecount; $i++) {
if (($i != ($linecount - 1)) || (strlen($lines[$i]) > 0)) {
if ($lines[$i][0] != "#") {
$output .= $lines[$i] . "\n";
} else {
$output .= "\n";
}
// Trading a bit of speed for lower mem. use here.
$lines[$i] = "";
}
}
return $output;
}
//
// split_sql_file will split an uploaded sql file into single sql statements.
// Note: expects trim() to have already been run on $sql.
//
function split_sql_file($sql, $delimiter)
{
// Split up our string into "possible" SQL statements.
$tokens = explode($delimiter, $sql);
function split_sql_file($sql, $delimiter) {
// Split up our string into "possible" SQL statements.
$tokens = explode($delimiter, $sql);
// try to save mem.
$sql = "";
$output = array();
// we don't actually care about the matches preg gives us.
$matches = array();
// this is faster than calling count($oktens) every time thru the loop.
$token_count = count($tokens);
for ($i = 0; $i < $token_count; $i++)
{
// Don't wanna add an empty string as the last thing in the array.
if (($i != ($token_count - 1)) || (strlen($tokens[$i] > 0)))
{
// This is the total number of single quotes in the token.
$total_quotes = preg_match_all("/'/", $tokens[$i], $matches);
// Counts single quotes that are preceded by an odd number of backslashes,
// which means they're escaped quotes.
$escaped_quotes = preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $tokens[$i], $matches);
$unescaped_quotes = $total_quotes - $escaped_quotes;
// If the number of unescaped quotes is even, then the delimiter did NOT occur inside a string literal.
if (($unescaped_quotes % 2) == 0)
{
// It's a complete sql statement.
$output[] = $tokens[$i];
// save memory.
$tokens[$i] = "";
}
else
{
// incomplete sql statement. keep adding tokens until we have a complete one.
// $temp will hold what we have so far.
$temp = $tokens[$i] . $delimiter;
// save memory..
$tokens[$i] = "";
// Do we have a complete statement yet?
$complete_stmt = false;
for ($j = $i + 1; (!$complete_stmt && ($j < $token_count)); $j++)
{
// This is the total number of single quotes in the token.
$total_quotes = preg_match_all("/'/", $tokens[$j], $matches);
// Counts single quotes that are preceded by an odd number of backslashes,
// which means they're escaped quotes.
$escaped_quotes = preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $tokens[$j], $matches);
$unescaped_quotes = $total_quotes - $escaped_quotes;
if (($unescaped_quotes % 2) == 1)
{
// odd number of unescaped quotes. In combination with the previous incomplete
// statement(s), we now have a complete statement. (2 odds always make an even)
$output[] = $temp . $tokens[$j];
// try to save mem.
$sql = "";
$output = array();
// save memory.
$tokens[$j] = "";
$temp = "";
// exit the loop.
$complete_stmt = true;
// make sure the outer loop continues at the right point.
$i = $j;
}
else
{
// even number of unescaped quotes. We still don't have a complete statement.
// (1 odd and 1 even always make an odd)
$temp .= $tokens[$j] . $delimiter;
// save memory.
$tokens[$j] = "";
}
} // for..
} // else
}
}
// we don't actually care about the matches preg gives us.
$matches = array();
return $output;
// this is faster than calling count($oktens) every time thru the loop.
$token_count = count($tokens);
for ($i = 0; $i < $token_count; $i++) {
// Don't wanna add an empty string as the last thing in the array.
if (($i != ($token_count - 1)) || (strlen($tokens[$i] > 0))) {
// This is the total number of single quotes in the token.
$total_quotes = preg_match_all("/'/", $tokens[$i], $matches);
// Counts single quotes that are preceded by an odd number of backslashes,
// which means they're escaped quotes.
$escaped_quotes = preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $tokens[$i], $matches);
$unescaped_quotes = $total_quotes - $escaped_quotes;
// If the number of unescaped quotes is even, then the delimiter did NOT occur inside a string literal.
if (($unescaped_quotes % 2) == 0) {
// It's a complete sql statement.
$output[] = $tokens[$i];
// save memory.
$tokens[$i] = "";
} else {
// incomplete sql statement. keep adding tokens until we have a complete one.
// $temp will hold what we have so far.
$temp = $tokens[$i] . $delimiter;
// save memory..
$tokens[$i] = "";
// Do we have a complete statement yet?
$complete_stmt = false;
for ($j = $i + 1; (!$complete_stmt && ($j < $token_count)); $j++) {
// This is the total number of single quotes in the token.
$total_quotes = preg_match_all("/'/", $tokens[$j], $matches);
// Counts single quotes that are preceded by an odd number of backslashes,
// which means they're escaped quotes.
$escaped_quotes = preg_match_all("/(?<!\\\\)(\\\\\\\\)*\\\\'/", $tokens[$j], $matches);
$unescaped_quotes = $total_quotes - $escaped_quotes;
if (($unescaped_quotes % 2) == 1) {
// odd number of unescaped quotes. In combination with the previous incomplete
// statement(s), we now have a complete statement. (2 odds always make an even)
$output[] = $temp . $tokens[$j];
// save memory.
$tokens[$j] = "";
$temp = "";
// exit the loop.
$complete_stmt = true;
// make sure the outer loop continues at the right point.
$i = $j;
} else {
// even number of unescaped quotes. We still don't have a complete statement.
// (1 odd and 1 even always make an odd)
$temp .= $tokens[$j] . $delimiter;
// save memory.
$tokens[$j] = "";
}
} // for..
} // else
}
}
return $output;
}
?>

2
setup/lib/startup.php
Datei anzeigen

@ -105,6 +105,8 @@ checkAndInclude('lib/defines.php');
checkAndInclude($cfg['path']['frontend'].'/pear/HTML/Common2.php');
checkAndInclude($cfg['path']['conlite'] . 'classes/cHTML5/class.chtml.php');
checkAndInclude($cfg['path']['conlite'] . 'classes/class.htmlelements.php');
checkAndInclude($cfg['path']['conlite'] . 'classes/con2con/class.filehandler.php');
checkAndInclude($cfg['path']['conlite'] . 'includes/functions.php54.php');
checkAndInclude($cfg['path']['conlite'] . 'classes/class.i18n.php');
checkAndInclude($cfg['path']['conlite'] . 'includes/functions.i18n.php');
checkAndInclude('lib/class.setupcontrols.php');