[Fusionforge-commits] r7086 - in trunk/gforge: common/include www/project/admin
Roland Mas
lolando at libremir.placard.fr.eu.org
Fri Feb 27 13:38:35 CET 2009
Author: lolando
Date: 2009-02-27 13:38:35 +0100 (Fri, 27 Feb 2009)
New Revision: 7086
Modified:
trunk/gforge/common/include/FusionForge.class.php
trunk/gforge/common/include/Group.class.php
trunk/gforge/common/include/GroupJoinRequest.class.php
trunk/gforge/common/include/Permission.class.php
trunk/gforge/common/include/PluginManager.class.php
trunk/gforge/common/include/Role.class.php
trunk/gforge/common/include/RoleObserver.class.php
trunk/gforge/common/include/cron_utils.php
trunk/gforge/common/include/forms.php
trunk/gforge/common/include/gettext.php
trunk/gforge/common/include/license.php
trunk/gforge/www/project/admin/editgroupinfo.php
Log:
Began conversion from db_query() to db_query_params()
Modified: trunk/gforge/common/include/FusionForge.class.php
===================================================================
--- trunk/gforge/common/include/FusionForge.class.php 2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/FusionForge.class.php 2009-02-27 12:38:35 UTC (rev 7086)
@@ -3,6 +3,7 @@
* FusionForge top-level information
*
* Copyright 2002, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -41,7 +42,8 @@
}
function getNumberOfPublicHostedProjects() {
- $res=db_query("SELECT count(*) AS count FROM groups WHERE status='A' AND is_public=1");
+ $res = db_query_params ('SELECT count(*) AS count FROM groups WHERE status=$1 AND is_public=1',
+ array ('A'));
if (!$res || db_numrows($res) < 1) {
$this->setError('Unable to get hosted project count: '.db_error());
return false;
@@ -50,7 +52,8 @@
}
function getNumberOfHostedProjects() {
- $res=db_query("SELECT count(*) AS count FROM groups WHERE status='A'");
+ $res = db_query_params ('SELECT count(*) AS count FROM groups WHERE status=$1',
+ array ('A'));
if (!$res || db_numrows($res) < 1) {
$this->setError('Unable to get hosted project count: '.db_error());
return false;
@@ -59,7 +62,8 @@
}
function getNumberOfActiveUsers() {
- $res = db_query("SELECT count(*) AS count FROM users WHERE status='A' and user_id != 100");
+ $res = db_query_params ('SELECT count(*) AS count FROM users WHERE status=$1 and user_id != 100',
+ array ('A'));
if (!$res || db_numrows($res) < 1) {
$this->setError('Unable to get user count: '.db_error());
return false;
@@ -69,25 +73,24 @@
function getPublicProjectNames() {
- $res = db_query("SELECT unix_group_name FROM groups WHERE status='A' AND is_public=1");
+ $res = db_query_params ('SELECT unix_group_name FROM groups WHERE status=$1 AND is_public=1',
+ array ('A'));
if (!$res) {
$this->setError('Unable to get list of public projects: '.db_error());
return false;
}
$rows=db_numrows($res);
$result = array();
- for ($i=0; $i<$rows; $i++) {
+ for ($i=0; $i<$rows; $i++) {
$result[$i] = db_result($res, $i, 'unix_group_name');
- }
+ }
return $result;
}
function parseCount($res) {
- $row_count = db_fetch_array($res);
- return $row_count['count'];
+ $row_count = db_fetch_array($res);
+ return $row_count['count'];
}
-
-
}
// Local Variables:
Modified: trunk/gforge/common/include/Group.class.php
===================================================================
--- trunk/gforge/common/include/Group.class.php 2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/Group.class.php 2009-02-27 12:38:35 UTC (rev 7086)
@@ -3,6 +3,7 @@
* FusionForge groups
*
* Copyright 1999-2001, VA Linux Systems, Inc.
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -50,7 +51,7 @@
function & group_get_licenses() {
global $LICENSE_NAMES;
if(empty($LICENSE_NAMES)) {
- $result = db_query('select * from licenses');
+ $result = db_query_params ('select * from licenses', array());
while($data = db_fetch_array($result)) {
$LICENSE_NAMES[$data['license_id']] = $data['license_name'];
}
@@ -88,7 +89,7 @@
if ($res) {
//the db result handle was passed in
} else {
- $res=db_query("SELECT * FROM groups WHERE group_id='$group_id'");
+ $res = db_query_params ('SELECT * FROM groups WHERE group_id=$1', array ($group_id)) ;
}
if (!$res || db_numrows($res) < 1) {
$GROUP_OBJ["_".$group_id."_"]=false;
@@ -129,7 +130,8 @@
}
}
if (count($fetch) > 0) {
- $res=db_query("SELECT * FROM groups WHERE group_id IN ('".implode($fetch,'\',\'') ."')");
+ $res=db_query_params ('SELECT * FROM groups WHERE group_id = ANY ($1)',
+ array (db_int_array_to_any_clause ($fetech))) ;
while ($arr =& db_fetch_array($res)) {
$GROUP_OBJ["_".$arr['group_id']."_"] = new Group($arr['group_id'],$arr);
$return[] =& $GROUP_OBJ["_".$arr['group_id']."_"];
@@ -139,20 +141,21 @@
}
function &group_get_object_by_name($groupname) {
- $res=db_query("SELECT * FROM groups WHERE unix_group_name='$groupname'");
+ $res=db_query_params('SELECT * FROM groups WHERE unix_group_name=$1', array ($groupname)) ;
return group_get_object(db_result($res,0,'group_id'),$res);
}
function &group_get_objects_by_name($groupname_arr) {
- $sql="SELECT group_id FROM groups WHERE unix_group_name IN ('".implode($groupname_arr,'\',\'')."')";
- $res=db_query($sql);
+ $res=db_query_params ('SELECT group_id FROM groups WHERE unix_group_name = ANY ($1)',
+ array (db_string_array_to_any_clause ($groupname_arr))
+ );
$arr =& util_result_column_to_array($res,0);
return group_get_objects($arr);
}
function &group_get_object_by_publicname($groupname) {
- $res=db_query("SELECT * FROM groups WHERE group_name ILIKE '" .
- htmlspecialchars($groupname) . "'");
+ $res=db_query_params ('SELECT * FROM groups WHERE group_name ILIKE $1',
+ array ($groupname)) ;
return group_get_object(db_result($res,0,'group_id'),$res);
}
@@ -255,7 +258,8 @@
* @param int The group_id.
*/
function fetchData($group_id) {
- $res = db_query("SELECT * FROM groups WHERE group_id='$group_id'");
+ $res = db_query_params ('SELECT * FROM groups WHERE group_id=$1',
+ array ($group_id));
if (!$res || db_numrows($res) < 1) {
$this->setError(sprintf(_('fetchData():: %s'),db_error()));
return false;
@@ -288,7 +292,8 @@
} else if (!account_groupnamevalid($unix_name)) {
$this->setError(_('Invalid Unix name'));
return false;
- } else if (db_numrows(db_query("SELECT group_id FROM groups WHERE unix_group_name='$unix_name'")) > 0) {
+ } else if (db_numrows(db_query_params('SELECT group_id FROM groups WHERE unix_group_name=$1',
+ array ($unix_name))) > 0) {
$this->setError(_('Unix name already taken'));
return false;
} else if (strlen($purpose)<10) {
@@ -319,7 +324,7 @@
db_begin();
- $res = db_query("
+ $res = db_query_params ('
INSERT INTO groups (
group_name,
is_public,
@@ -337,25 +342,22 @@
enable_anonscm,
rand_hash
)
- VALUES (
- '".htmlspecialchars($group_name)."',
- '$is_public',
- '$unix_name',
- '".htmlspecialchars($description)."',
- '$unix_name.".$GLOBALS['sys_default_domain']."',
- '$unix_name.".$GLOBALS['sys_default_domain']."',
- 'P',
- '$unix_box',
- '$scm_box',
- '$license',
- '".htmlspecialchars($purpose)."',
- ".time().",
- '".htmlspecialchars($license_other)."',
- '$is_public',
- '".md5($random_num)."'
- )
- ");
-
+ VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15)',
+ array ($group_name,
+ $is_public,
+ $unix_name,
+ htmlspecialchars($description),
+ $unix_name.".".$GLOBALS['sys_default_domain'],
+ $unix_name.".".$GLOBALS['sys_default_domain'],
+ 'P',
+ $unix_box,
+ $scm_box,
+ $license,
+ htmlspecialchars($purpose),
+ time(),
+ htmlspecialchars($license_other),
+ $is_public,
+ md5($random_num) )) ;
if (!$res || db_affected_rows($res) < 1) {
$this->setError(sprintf(_('ERROR: Could not create group: %s'),db_error()));
db_rollback();
@@ -372,11 +374,16 @@
//
// Now, make the user an admin
//
- $sql="INSERT INTO user_group ( user_id, group_id, admin_flags,
+ $res=db_query_params ('INSERT INTO user_group ( user_id, group_id, admin_flags,
cvs_flags, artifact_flags, forum_flags, role_id)
- VALUES ( ".$user->getID().", '$id', 'A', 1, 2, 2, 1)";
-
- $res=db_query($sql);
+ VALUES ($1, $2, $3, $4, $5, $6, $7)',
+ array ($user->getID(),
+ $id,
+ 'A',
+ 1,
+ 2,
+ 2,
+ 1));
if (!$res || db_affected_rows($res) < 1) {
$this->setError(sprintf(_('ERROR: Could not add admin to newly created group: %s'),db_error()));
db_rollback();
@@ -431,13 +438,17 @@
db_begin();
- $res = db_query("
+ $res = db_query_params ('
UPDATE groups
- SET is_public='$is_public',
- license='$license',type_id='$type_id',
- unix_box='$unix_box',http_domain='$http_domain'
- WHERE group_id='".$this->getID()."'
- ");
+ SET is_public=$1, license=$2, type_id=$3,
+ unix_box=$4, http_domain=$5
+ WHERE group_id=$6',
+ array ($is_public,
+ $license,
+ $type_id,
+ $unix_box,
+ $http_domain,
+ $this->getID())) ;
if (!$res || db_affected_rows($res) < 1) {
$this->setError(_('ERROR: DB: Could not change group properties: %s'),db_error());
@@ -474,20 +485,10 @@
* update - Update number of common properties.
*
* Unlike updateAdmin(), this function accessible to project admin.
- *
- * @param object User requesting operation (for access control).
- * @param bool Whether group is publicly accessible (0/1).
- * @param string Project's license (string ident).
- * @param int Group type (1-project, 2-foundry).
- * @param string Machine on which group's home directory located.
- * @param string Domain which serves group's WWW.
- * @return int status.
- * @access public.
*/
function update(&$user, $group_name,$homepage,$short_description,$use_mail,$use_survey,$use_forum,
- $use_pm,$use_pm_depend_box,$use_scm,$use_news,$use_docman,
- $new_doc_address,$send_all_docs,$logo_image_id,
- $enable_pserver,$enable_anonscm,
+ $use_pm,$use_pm_depend_box,$use_scm,$use_news,$use_docman,
+ $new_doc_address,$send_all_docs,$logo_image_id,
$use_ftp,$use_tracker,$use_frs,$use_stats,$is_public) {
$perm =& $this->getPermission($user);
@@ -569,42 +570,45 @@
db_begin();
//XXX not yet actived logo_image_id='$logo_image_id',
- $sql = "
- UPDATE groups
- SET
- group_name='".htmlspecialchars($group_name)."',
- homepage='$homepage',
- short_description='".htmlspecialchars($short_description)."',
- use_mail='$use_mail',
- use_survey='$use_survey',
- use_forum='$use_forum',
- use_pm='$use_pm',
- use_pm_depend_box='$use_pm_depend_box',
- use_scm='$use_scm',
- use_news='$use_news',
- use_docman='$use_docman',
- is_public='$is_public',
- new_doc_address='$new_doc_address',
- send_all_docs='$send_all_docs',
- ";
- if ($enable_pserver != '') {
- $sql .= "
- enable_pserver='$enable_pserver',
- ";
- }
- if ($enable_anonscm != '') {
- $sql .= "
- enable_anonscm='$enable_anonscm',
- ";
- }
- $sql .= "
- use_ftp='$use_ftp',
- use_tracker='$use_tracker',
- use_frs='$use_frs',
- use_stats='$use_stats'
- WHERE group_id='".$this->getID()."'
- ";
- $res = db_query($sql);
+ $res = db_query_params ('UPDATE groups
+ SET group_name=$1,
+ homepage=$2,
+ short_description=$3,
+ use_mail=$4,
+ use_survey=$5,
+ use_forum=$6,
+ use_pm=$7,
+ use_pm_depend_box=$8,
+ use_scm=$9,
+ use_news=$10,
+ use_docman=$11,
+ is_public=$12,
+ new_doc_address=$13,
+ send_all_docs=$14,
+ use_ftp=$15,
+ use_tracker=$16,
+ use_frs=$17,
+ use_stats=$18
+ WHERE group_id=$19',
+ array (htmlspecialchars($group_name),
+ $homepage,
+ htmlspecialchars($short_description),
+ $use_mail,
+ $use_survey,
+ $use_forum,
+ $use_pm,
+ $use_pm_depend_box,
+ $use_scm,
+ $use_news,
+ $use_docman,
+ $is_public,
+ $new_doc_address,
+ $send_all_docs,
+ $use_ftp,
+ $use_tracker,
+ $use_frs,
+ $use_stats,
+ $this->getID() )) ;
if (!$res) {
$this->setError(sprintf(_('Error updating project information: %s'), db_error()));
@@ -700,9 +704,9 @@
db_begin();
- $res = db_query("UPDATE groups
- SET status='$status'
- WHERE group_id='". $this->getID()."'");
+ $res = db_query_params ('UPDATE groups
+ SET status=$1
+ WHERE group_id=$2', array ($status, $this->getID())) ;
if (!$res || db_affected_rows($res) < 1) {
$this->setError(sprintf(_('ERROR: DB: Could not change group status: %s'),db_error()));
@@ -865,8 +869,7 @@
function setSCMBox($scm_box) {
if ($scm_box) {
db_begin();
- $sql = "UPDATE groups SET scm_box = '$scm_box' WHERE group_id = ".$this->getID();
- $res = db_query($sql);
+ $res = db_query_params ('UPDATE groups SET scm_box=$1 WHERE group_id=$2', array ($scm_box, $this->getID ()));
if ($res) {
$this->addHistory('scm_box', $this->data_array['scm_box']);
$this->data_array['scm_box']=$scm_box;
@@ -945,8 +948,8 @@
*/
function &getAdmins() {
// this function gets all group admins in order to send Jabber and mail messages
- $q = "SELECT user_id FROM user_group WHERE admin_flags = 'A' AND group_id = ".$this->getID();
- $res = db_query($q);
+ $res = db_query_params ('SELECT user_id FROM user_group WHERE admin_flags=$1 AND group_id=$2',
+ array ('A', $this->getID()));
$user_ids=util_result_column_to_array($res);
return user_get_objects($user_ids);
}
@@ -973,8 +976,8 @@
function SetUsesAnonSCM ($booleanparam) {
db_begin () ;
$booleanparam = $booleanparam ? 1 : 0 ;
- $sql = "UPDATE groups SET enable_anonscm = $booleanparam WHERE group_id = ".$this->getID() ;
- $res = db_query($sql);
+ $res = db_query_params ('UPDATE groups SET enable_anonscm=$1 WHERE group_id=$2',
+ array ($booleanparam, $this->getID()));
if ($res) {
$this->data_array['enable_anonscm']=$booleanparam;
db_commit () ;
@@ -1000,8 +1003,8 @@
function SetUsesPserver ($booleanparam) {
db_begin () ;
$booleanparam = $booleanparam ? 1 : 0 ;
- $sql = "UPDATE groups SET enable_pserver = $booleanparam WHERE group_id = ".$this->getID() ;
- $res = db_query($sql);
+ $res = db_query_params ('UPDATE groups SET enable_pserver=$1 WHERE group_id=$2',
+ array ($booleanparam, $this->getID()));
if ($res) {
$this->data_array['enable_pserver']=$booleanparam;
db_commit () ;
@@ -1168,11 +1171,10 @@
function getPlugins() {
if (!isset($this->plugins_data)) {
$this->plugins_data = array () ;
- $sql="SELECT group_plugin.plugin_id, plugins.plugin_name
- FROM group_plugin, plugins
- WHERE group_plugin.group_id=".$this->getID()."
- AND group_plugin.plugin_id = plugins.plugin_id" ;
- $res=db_query($sql);
+ $res = db_query_params ('SELECT group_plugin.plugin_id, plugins.plugin_name
+ FROM group_plugin, plugins
+ WHERE group_plugin.group_id=$1
+ AND group_plugin.plugin_id=plugins.plugin_id', array ($this->getID()));
$rows = db_numrows($res);
for ($i=0; $i<$rows; $i++) {
@@ -1211,10 +1213,8 @@
// State is already good, returning
return true ;
}
- $sql="SELECT plugin_id
- FROM plugins
- WHERE plugin_name = '" . $pluginname . "'" ;
- $res=db_query($sql);
+ $res = db_query_params ('SELECT plugin_id FROM plugins WHERE plugin_name=$1',
+ array ($pluginname));
$rows = db_numrows($res);
if ($rows == 0) {
// Error: no plugin by that name
@@ -1224,15 +1224,14 @@
// Invalidate cache
unset ($this->plugins_data) ;
if ($val) {
- $sql="INSERT INTO group_plugin (group_id, plugin_id)
- VALUES (". $this->getID() . ", ". $plugin_id .")" ;
- $res=db_query($sql);
+ $res = db_query_params ('INSERT INTO group_plugin (group_id, plugin_id) VALUES ($1, $2)',
+ array ($this->getID(),
+ $plugin_id));
return $res ;
} else {
- $sql="DELETE FROM group_plugin
- WHERE group_id = ". $this->getID() . "
- AND plugin_id = ". $plugin_id ;
- $res=db_query($sql);
+ $res = db_query_params ('DELETE FROM group_plugin WHERE group_id=$1 AND plugin_id=$2',
+ array ($this->getID(),
+ $plugin_id));
return $res ;
}
}
@@ -1365,7 +1364,8 @@
// Delete FRS Packages
//
//$frspf = new FRSPackageFactory($this);
- $res=db_query("SELECT * FROM frs_package WHERE group_id='".$this->getID()."'");
+ $res = db_query_params ('SELECT * FROM frs_package WHERE group_id=$A',
+ array ($this->getID())) ;
//echo 'frs_package'.db_error();
//$frsp_arr =& $frspf->getPackages();
while ($arr = db_fetch_array($res)) {
@@ -1380,36 +1380,43 @@
// Delete news
//
$news_group=&group_get_object($GLOBALS['sys_news_group']);
- $res=db_query("SELECT forum_id FROM news_bytes WHERE group_id='".$this->getID()."'");
+ $res = db_query_params ('SELECT forum_id FROM news_bytes WHERE group_id=$1',
+ array ($this->getID())) ;
for ($i=0; $i<db_numrows($res); $i++) {
$Forum = new Forum($news_group,db_result($res,$i,'forum_id'));
if (!$Forum->delete(1,1)) {
printf (_("Could Not Delete News Forum: %d"),$Forum->getID());
}
}
- $res=db_query("DELETE FROM news_bytes WHERE group_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM news_bytes WHERE group_id=$1',
+ array ($this->getID())) ;
//
// Delete docs
//
- $res=db_query("DELETE FROM doc_data WHERE group_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM doc_data WHERE group_id=$1',
+ array ($this->getID())) ;
//echo 'doc_data'.db_error();
- $res=db_query("DELETE FROM doc_groups WHERE group_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM doc_groups WHERE group_id=$1',
+ array ($this->getID())) ;
//echo 'doc_groups'.db_error();
//
// Delete group history
//
- $res=db_query("DELETE FROM group_history WHERE group_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM group_history WHERE group_id=$1',
+ array ($this->getID())) ;
//echo 'group_history'.db_error();
//
// Delete group plugins
//
- $res=db_query("DELETE FROM group_plugin WHERE group_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM group_plugin WHERE group_id=$1',
+ array ($this->getID())) ;
//echo 'group_plugin'.db_error();
//
// Delete group cvs stats
//
- $res=db_query("DELETE FROM stats_cvs_group WHERE group_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM stats_cvs_group WHERE group_id=$1',
+ array ($this->getID())) ;
//echo 'stats_cvs_group'.db_error();
//
// Delete Surveys
@@ -1455,18 +1462,23 @@
//
// Delete trove
//
- $res=db_query("DELETE FROM trove_group_link WHERE group_id='".$this->getID()."'");
- $res=db_query("DELETE FROM trove_agg WHERE group_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM trove_group_link WHERE group_id=$1',
+ array ($this->getID())) ;
+ $res = db_query_params ('DELETE FROM trove_agg WHERE group_id=$1',
+ array ($this->getID())) ;
//
// Delete counters
//
- $res=db_query("DELETE FROM project_sums_agg WHERE group_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM project_sums_agg WHERE group_id=$1',
+ array ($this->getID())) ;
//echo 'project_sums_agg'.db_error();
- $res=db_query("INSERT INTO deleted_groups (
- unix_group_name,delete_date,isdeleted) VALUES
- ('".$this->getUnixName()."','".time()."','0')");
+ $res = db_query_params ('INSERT INTO deleted_groups (unix_group_name,delete_date,isdeleted) VALUES ($1, $2, $3)',
+ array ($this->getUnixName(),
+ time(),
+ 0)) ;
//echo 'InsertIntoDeleteQueue'.db_error();
- $res=db_query("DELETE FROM groups WHERE group_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM groups WHERE group_id=$1',
+ array ($this->getID())) ;
//echo 'DeleteGroup'.db_error();
db_commit();
if (!$res) {
@@ -1487,11 +1499,14 @@
//
// Delete reporting
//
- $res=db_query("DELETE FROM rep_group_act_weekly WHERE group_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM rep_group_act_monthly WHERE group_id=$1',
+ array ($this->getID())) ;
+//echo 'rep_group_act_monthly'.db_error();
+ $res = db_query_params ('DELETE FROM rep_group_act_weekly WHERE group_id=$1',
+ array ($this->getID())) ;
//echo 'rep_group_act_weekly'.db_error();
- $res=db_query("DELETE FROM rep_group_act_monthly WHERE group_id='".$this->getID()."'");
-//echo 'rep_group_act_monthly'.db_error();
- $res=db_query("DELETE FROM rep_group_act_daily WHERE group_id='".$this->getID()."'");
+ $res = db_query_params ('DELETE FROM rep_group_act_daily WHERE group_id=$1',
+ array ($this->getID())) ;
//echo 'rep_group_act_daily'.db_error();
unset($this->data_array);
return true;
@@ -1531,10 +1546,10 @@
/*
get user id for this user's unix_name
*/
- if (preg_match('/^\d/',$user_unix_name)) {
- $res_newuser = db_query("SELECT * FROM users WHERE user_id='". intval($user_unix_name) ."'");
+ if (is_int ($user_unix_name)) {
+ $res_newuser = db_query_params ('SELECT * FROM users WHERE user_id=$1', array ($user_unix_name)) ;
} else {
- $res_newuser = db_query("SELECT * FROM users WHERE user_name='". strtolower($user_unix_name) ."'");
+ $res_newuser = db_query_params ('SELECT * FROM users WHERE user_name=$1', array ($user_unix_name)) ;
}
if (db_numrows($res_newuser) > 0) {
//
@@ -1554,18 +1569,29 @@
//
// if not already a member, add them
//
- $res_member = db_query("SELECT user_id
+ $res_member = db_query_params ('SELECT user_id
FROM user_group
- WHERE user_id='$user_id' AND group_id='". $this->getID() ."'");
+ WHERE user_id=$1 AND group_id=$2',
+ array ($user_id, $this->getID())) ;
if (db_numrows($res_member) < 1) {
//
// Create this user's row in the user_group table
//
- $res=db_query("INSERT INTO user_group
+ $res = db_query_params ('INSERT INTO user_group
(user_id,group_id,admin_flags,forum_flags,project_flags,
doc_flags,cvs_flags,member_role,release_flags,artifact_flags)
- VALUES ('$user_id','". $this->getID() ."','','0','0','0','1','100','0','0')");
+ VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)',
+ array ($user_id,
+ $this->getID(),
+ '',
+ 0,
+ 0,
+ 0,
+ 1,
+ 100,
+ 0,
+ 0)) ;
//verify the insert worked
if (!$res || db_affected_rows($res) < 1) {
@@ -1692,9 +1718,9 @@
}
db_begin();
- $res=db_query("DELETE FROM user_group
- WHERE group_id='".$this->getID()."'
- AND user_id='$user_id'");
+ $res = db_query_params ('DELETE FROM user_group WHERE group_id=$1 AND user_id=$2',
+ array ($this->getID(),
+ $user_id)) ;
if (!$res || db_affected_rows($res) < 1) {
$this->setError(sprintf(_('ERROR: User not removed: %s'),db_error()));
db_rollback();
@@ -1703,12 +1729,13 @@
//
// reassign open artifacts to id=100
//
- $res=db_query("UPDATE artifact SET assigned_to='100'
+ $res = db_query_params ('UPDATE artifact SET assigned_to=100
WHERE group_artifact_id
IN (SELECT group_artifact_id
FROM artifact_group_list
- WHERE group_id='".$this->getID()."')
- AND status_id='1' AND assigned_to='$user_id'");
+ WHERE group_id=$1 AND status_id=1 AND assigned_to=$2)',
+ array ($this->getID(),
+ $user_id)) ;
if (!$res) {
$this->setError(sprintf(_('ERROR: DB: artifact: %s'),db_error()));
db_rollback();
@@ -1733,26 +1760,30 @@
$res = db_next_result();
}
} else {
- $res=db_query("DELETE FROM project_assigned_to
+ $res = db_query_params ('DELETE FROM project_assigned_to
WHERE project_task_id IN (SELECT pt.project_task_id
FROM project_task pt, project_group_list pgl, project_assigned_to pat
WHERE pt.group_project_id = pgl.group_project_id
AND pat.project_task_id=pt.project_task_id
- AND pt.status_id='1' AND pgl.group_id='".$this->getID()."'
- AND pat.assigned_to_id='$user_id')
- AND assigned_to_id='100'");
+ AND pt.status_id=1 AND pgl.group_id=$1,
+ AND pat.assigned_to_id=$2)
+ AND assigned_to_id=100',
+ array ($this->getID(),
+ $user_id)) ;
}
if (!$res) {
$this->setError(sprintf(_('ERROR: DB: project_assigned_to %d: %s'),1,db_error()));
db_rollback();
return false;
}
- $res=db_query("UPDATE project_assigned_to SET assigned_to_id='100'
+ $res = db_query_params ('UPDATE project_assigned_to SET assigned_to_id=100
WHERE project_task_id IN (SELECT pt.project_task_id
FROM project_task pt, project_group_list pgl
WHERE pt.group_project_id = pgl.group_project_id
- AND pt.status_id='1' AND pgl.group_id='".$this->getID()."')
- AND assigned_to_id='$user_id'");
+ AND pt.status_id=1 AND pgl.group_id=$1)
+ AND assigned_to_id=$2',
+ array ($this->getID(),
+ $user_id)) ;
if (!$res) {
$this->setError(sprintf(_('ERROR: DB: project_assigned_to %d: %s'),2,db_error()));
db_rollback();
@@ -1824,11 +1855,13 @@
* @access public.
*/
function addHistory($field_name, $old_value) {
- $sql="
- INSERT INTO group_history(group_id,field_name,old_value,mod_by,adddate)
- VALUES ('". $this->getID() ."','$field_name','$old_value','". user_getid() ."','".time()."')
- ";
- return db_query($sql);
+ return db_query_params ('INSERT INTO group_history(group_id,field_name,old_value,mod_by,adddate)
+ VALUES ($1,$2,$3,$4,$5)',
+ array ($this->getID(),
+ $field_name,
+ $old_value,
+ user_getid(),
+ time()));
}
/**
@@ -1840,17 +1873,16 @@
* @access private.
*/
function activateUsers() {
-
+
/*
- Activate member(s) of the project
+ Activate member(s) of the project
*/
-
- $member_res = db_query("SELECT user_id, role_id
- FROM user_group
- WHERE group_id='".$this->getID()."'");
-
+
+ $member_res = db_query_params ('SELECT user_id, role_id FROM user_group WHERE group_id=$1',
+ array ($this->getID())) ;
+
$rows = db_numrows($member_res);
-
+
if ($rows > 0) {
for ($i=0; $i<$rows; $i++) {
@@ -1883,9 +1915,8 @@
*/
function &getMembers() {
if (!isset($this->membersArr)) {
- $res=db_query("SELECT users.* FROM users
- INNER JOIN user_group ON users.user_id=user_group.user_id
- WHERE user_group.group_id='".$this->getID()."'");
+ $res = db_query_params ('SELECT users.* FROM users INNER JOIN user_group ON users.user_id=user_group.user_id WHERE user_group.group_id=$1',
+ array ($this->getID())) ;
while ($arr =& db_fetch_array($res)) {
$this->membersArr[] =& new GFUser($arr['user_id'],$arr);
}
@@ -2032,8 +2063,9 @@
}
}
- $admin_group = db_query("SELECT user_id FROM user_group
- WHERE group_id=".$this->getID()." AND admin_flags='A'");
+ $admin_group = db_query_params ('SELECT user_id FROM user_group WHERE group_id=$1 AND admin_flags=$2',
+ array ($this->getID(),
+ 'A')) ;
if (db_numrows($admin_group) > 0) {
$idadmin_group = db_result($admin_group,0,'user_id');
} else {
@@ -2082,13 +2114,14 @@
* @access public.
*/
function sendApprovalEmail() {
- $res_admins = db_query("
+ $res_admins = db_query_params ('
SELECT users.user_name,users.email,users.language,users.user_id
FROM users,user_group
WHERE users.user_id=user_group.user_id
- AND user_group.group_id='".$this->getID()."'
- AND user_group.admin_flags='A'
- ");
+ AND user_group.group_id=$1
+ AND user_group.admin_flags=$2',
+ array ($this->getID(),
+ 'A')) ;
if (db_numrows($res_admins) < 1) {
$this->setError(_("Group does not have any administrators."));
@@ -2157,13 +2190,12 @@
* @access public.
*/
function sendRejectionEmail($response_id, $message="zxcv") {
- $res_admins = db_query("
+ $res_admins = db_query_params ('
SELECT u.email, u.language, u.user_id
FROM users u, user_group ug
- WHERE ug.group_id='".$this->getID()."'
- AND u.user_id=ug.user_id;
- ");
-
+ WHERE ug.group_id=$1
+ AND u.user_id=ug.user_id',
+ array ($this->getID())) ;
if (db_numrows($res_admins) < 1) {
$this->setError(_("Group does not have any administrators."));
return false;
@@ -2186,11 +2218,10 @@
if ($response_id == 0) {
$response .= stripcslashes($message);
} else {
- $response .= db_result(db_query("
- SELECT response_text
- FROM canned_responses
- WHERE response_id='$response_id'
- "), 0, "response_text");
+ $response .= db_result (
+ db_query_params('SELECT response_text FROM canned_responses WHERE response_id=$1', array ($response_id)),
+ 0,
+ "response_text");
}
util_send_message($row_admins['email'], sprintf(_('%1$s Project Denied'), $GLOBALS['sys_name']), $response);
@@ -2212,9 +2243,8 @@
*/
function sendNewProjectNotificationEmail() {
// Get the user who wants to register the project
- $res = db_query("SELECT u.user_id
- FROM users u, user_group ug
- WHERE ug.group_id='".$this->getID()."' AND u.user_id=ug.user_id;");
+ $res = db_query_params ('SELECT user_id FROM user_group WHERE group_id=$1',
+ array ($this->getID())) ;
if (db_numrows($res) < 1) {
$this->setError(_("Could not find user who has submitted the project."));
@@ -2224,11 +2254,12 @@
$submitter =& user_get_object(db_result($res,0,'user_id'));
- $res = db_query("SELECT users.email, users.language, users.user_id
- FROM users,user_group
+ $res = db_query_params ('SELECT users.email, users.language, users.user_id
+ FROM users, user_group
WHERE group_id=1
- AND user_group.admin_flags='A'
- AND users.user_id=user_group.user_id;");
+ AND user_group.admin_flags=$1
+ AND users.user_id=user_group.user_id',
+ array ('A'));
if (db_numrows($res) < 1) {
$this->setError(_("There is no administrator to send the mail."));
@@ -2378,11 +2409,9 @@
function setUnixStatus($status) {
global $SYS;
db_begin();
- $res=db_query("
- UPDATE groups
- SET unix_status='$status'
- WHERE group_id='". $this->getID()."'
- ");
+ $res = db_query_params ('UPDATE groups SET unix_status=$1 WHERE group_id=$2',
+ array ($status,
+ $this->getID())) ;
if (!$res) {
$this->setError(sprintf(_('ERROR - Could Not Update Group Unix Status: %s'),db_error()));
Modified: trunk/gforge/common/include/GroupJoinRequest.class.php
===================================================================
--- trunk/gforge/common/include/GroupJoinRequest.class.php 2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/GroupJoinRequest.class.php 2009-02-27 12:38:35 UTC (rev 7086)
@@ -3,6 +3,7 @@
* FusionForge
*
* Copyright 2005, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -25,36 +26,12 @@
require_once $gfcommon.'include/Error.class.php';
require_once $gfcommon.'include/Validator.class.php';
-/*
-function &groupjoinrequest_get_object($group_id,$user_id,$data=false) {
- global $GROUPJOINREQUEST_OBJ;
- if (!isset($GROUPJOINREQUEST_OBJ["_".$group_id."_".$user_id."_"])) {
- if ($data) {
- //the db result handle was passed in
- } else {
- $res=db_query("SELECT * FROM group_join_request
- WHERE group_id='$group_id' AND user_id='$user_id'");
-
- if (db_numrows($res) <1 ) {
- $GROUPJOINREQUEST_OBJ["_".$group_id."_".$user_id."_"]=false;
- return false;
- }
- $data =& db_fetch_array($res);
-
- }
- $grp =& group_get_object($group_id);
- $GROUPJOINREQUEST_OBJ["_".$group_id."_".$user_id."_"]= new GroupJoinRequest($grp,$user_id,$data);
-
- }
-
- return $GROUPJOINREQUEST_OBJ["_".$group_id."_".$user_id."_"];
-}
-*/
function &get_group_join_requests($Group) {
if (!$Group || !is_object($Group) || $Group->isError()) {
return false;
} else {
- $res=db_query("SELECT * FROM group_join_request WHERE group_id='".$Group->getID()."'");
+ $res = db_query_params ('SELECT * FROM group_join_request WHERE group_id=$1',
+ array ($Group->getID())) ;
while ($arr = db_fetch_array($res)) {
$reqs[] = new GroupJoinRequest($Group,$arr['user_id'],$arr);
}
@@ -136,8 +113,9 @@
}
// Check if user has already submitted a request
- $sql = "SELECT * FROM group_join_request WHERE group_id='".$this->Group->getID()."' AND user_id='".$user_id."'";
- $result = db_query($sql);
+ $result = db_query_params ('SELECT * FROM group_join_request WHERE group_id=$1 AND user_id=$2',
+ array ($this->Group->getID(),
+ $user_id)) ;
if (db_numrows($result)) {
$this->setError(_('You have already sent a request to the project administrators. Please wait for their reply.'));
return false;
@@ -145,10 +123,12 @@
db_begin();
- $sql="INSERT INTO group_join_request (group_id,user_id,comments,request_date)
- VALUES ('".$this->Group->getID()."','".$user_id."',
- '".addslashes(htmlspecialchars($comments))."','".time()."')";
- $result=db_query($sql);
+ $result = db_query_params ('INSERT INTO group_join_request (group_id,user_id,comments,request_date)
+ VALUES ($1, $2, $3, $4)',
+ array ($this->Group->getID(),
+ $user_id,
+ htmlspecialchars ($comments),
+ time())) ;
if (!$result || db_affected_rows($result) < 1) {
$this->setError('GroupJoinRequest::create() Posting Failed '.db_error());
db_rollback();
@@ -173,10 +153,9 @@
* @return boolean success.
*/
function fetchData($group_id,$user_id) {
- $res=db_query("SELECT * FROM group_join_request
- WHERE
- user_id='$user_id'
- AND group_id='". $this->Group->getID() ."'");
+ $res = db_query_params ('SELECT * FROM group_join_request WHERE user_id=$1 AND group_id=$2',
+ array ($user_id,
+ $this->Group->getID())) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('GroupJoinRequest::fetchData() Invalid ID '.db_error());
return false;
@@ -313,9 +292,9 @@
$this->setPermissionDeniedError();
return false;
} else {
- $res=db_query("DELETE FROM group_join_request WHERE
- group_id='".$this->Group->getID()."'
- AND user_id='".$this->getUserId()."'");
+ $res = db_query_params ('DELETE FROM group_join_request WHERE group_id=$1 AND user_id=$2',
+ array ($this->Group->getID(),
+ $this->getUserId()));
if (!$res || db_affected_rows($res) < 1) {
$this->setError('Could Not Delete: '.db_error());
} else {
Modified: trunk/gforge/common/include/Permission.class.php
===================================================================
--- trunk/gforge/common/include/Permission.class.php 2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/Permission.class.php 2009-02-27 12:38:35 UTC (rev 7086)
@@ -4,6 +4,7 @@
*
* Copyright 1999-2001, VA Linux Systems, Inc.
* Copyright 2002-2004, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -141,9 +142,9 @@
* @access private.
*/
function fetchData() {
- $res=db_query("SELECT * FROM user_group
- WHERE user_id='". $this->User->getID() ."'
- AND group_id='". $this->Group->getID() ."'");
+ $res = db_query_params ('SELECT * FROM user_group WHERE user_id=$1 AND group_id=$2',
+ array ($this->User->getID(),
+ $this->Group->getID())) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('Permission: User Not Found');
@@ -210,10 +211,9 @@
return $this->is_site_admin;
}
- $res = db_query("SELECT count(*) AS count FROM user_group
- WHERE user_id='". $this->User->getID() ."'
- AND group_id='1'
- AND admin_flags='A'");
+ $res = db_query_params ('SELECT count(*) AS count FROM user_group WHERE user_id=$1 AND group_id=1 AND admin_flags=$2',
+ array ($this->User->getID(),
+ 'A')) ;
$row_count = db_fetch_array($res);
$this->is_site_admin = $res && $row_count['count'] > 0;
db_free_result($res);
Modified: trunk/gforge/common/include/PluginManager.class.php
===================================================================
--- trunk/gforge/common/include/PluginManager.class.php 2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/PluginManager.class.php 2009-02-27 12:38:35 UTC (rev 7086)
@@ -2,7 +2,7 @@
/**
* FusionForge plugin system
*
- * Copyright 2002, Roland Mas
+ * Copyright 2002-2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -47,8 +47,8 @@
function GetPlugins () {
if (!isset($this->plugins_data)) {
$this->plugins_data = array () ;
- $sql = "SELECT plugin_id, plugin_name FROM plugins" ;
- $res = db_query($sql);
+ $res = db_query_params ('SELECT plugin_id, plugin_name FROM plugins',
+ array ());
$rows = db_numrows($res);
for ($i=0; $i<$rows; $i++) {
$plugin_id = db_result($res,$i,'plugin_id');
Modified: trunk/gforge/common/include/Role.class.php
===================================================================
--- trunk/gforge/common/include/Role.class.php 2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/Role.class.php 2009-02-27 12:38:35 UTC (rev 7086)
@@ -3,6 +3,7 @@
* FusionForge roles
*
* Copyright 2004, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -111,10 +112,9 @@
}
db_begin();
- $sql="INSERT INTO role (group_id,role_name)
- VALUES ('".$this->Group->getID()."','".htmlspecialchars($role_name)."')";
-//echo "\n<br>$sql";
- $res=db_query($sql);
+ $res = db_query_params ('INSERT INTO role (group_id, role_name) VALUES ($1, $2)',
+ array ($this->Group->getID(),
+ htmlspecialchars($role_name))) ;
if (!$res) {
$this->setError('create::'.db_error());
db_rollback();
@@ -143,8 +143,11 @@
}
$sql="INSERT INTO role_setting (role_id,section_name,ref_id,value)
values ('$role_id','$usection_name', '$uref_id','$uvalue')";
-//echo "\n<br>$sql";
- $res=db_query($sql);
+ $res = db_query_params ('INSERT INTO role_setting (role_id,section_name,ref_id,value) VALUES ($1,$2,$3,$4)',
+ array ($role_id,
+ $usection_name,
+ $uref_id,
+ $uvalue)) ;
if (!$res) {
$this->setError('create::insertsetting::'.db_error());
db_rollback();
@@ -171,9 +174,8 @@
for ($i=0; $i<count($keys); $i++) {
if ($keys[$i] == 'forum') {
- $res=db_query("SELECT group_forum_id
- FROM forum_group_list
- WHERE group_id='".$this->Group->getID()."'");
+ $res = db_query_params ('SELECT group_forum_id FROM forum_group_list WHERE group_id=$1',
+ array ($this->Group->getID())) ;
if (!$res) {
$this->setError('Error: Forum'.db_error());
return false;
@@ -182,9 +184,8 @@
$data[$keys[$i]][db_result($res,$j,'group_forum_id')]= $arr[$keys[$i]];
}
} elseif ($keys[$i] == 'pm') {
- $res=db_query("SELECT group_project_id
- FROM project_group_list
- WHERE group_id='".$this->Group->getID()."'");
+ $res = db_query_params ('SELECT group_project_id FROM project_group_list WHERE group_id=$1',
+ array ($this->Group->getID())) ;
if (!$res) {
$this->setError('Error: TaskMgr'.db_error());
return false;
@@ -193,9 +194,8 @@
$data[$keys[$i]][db_result($res,$j,'group_project_id')]= $arr[$keys[$i]];
}
} elseif ($keys[$i] == 'tracker') {
- $res=db_query("SELECT group_artifact_id
- FROM artifact_group_list
- WHERE group_id='".$this->Group->getID()."'");
+ $res = db_query_params ('SELECT group_artifact_id FROM artifact_group_list WHERE group_id=$1',
+ array ($this->Group->getID())) ;
if (!$res) {
$this->setError('Error: Tracker'.db_error());
return false;
@@ -223,13 +223,15 @@
function fetchData($role_id) {
unset($this->data_array);
unset($this->setting_array);
- $res=db_query("SELECT * FROM role WHERE role_id='$role_id'");
+ $res = db_query_params ('SELECT * FROM role WHERE role_id=$1',
+ array ($role_id)) ;
if (!$res || db_numrows($res) < 1) {
$this->setError('Role::fetchData()::'.db_error());
return false;
}
$this->data_array =& db_fetch_array($res);
- $res=db_query("SELECT * FROM role_setting WHERE role_id='$role_id'");
+ $res = db_query_params ('SELECT * FROM role_setting WHERE role_id=$1',
+ array ($role_id)) ;
if (!$res) {
$this->setError('Role::fetchData()::'.db_error());
return false;
@@ -304,12 +306,10 @@
db_begin();
if ($this->getName() != stripslashes($role_name)) {
- $sql="UPDATE role
- SET role_name='".htmlspecialchars($role_name)."'
- WHERE group_id='".$this->Group->getID()."'
- AND role_id='".$this->getID()."'";
-//echo "\n<br>$sql";
- $res=db_query($sql);
+ $res = db_query_params ('UPDATE role SET role_name=$1 WHERE group_id=$2 AND role_id=$3',
+ array (htmlspecialchars($role_name),
+ $this->Group->getID(),
+ $this->getID())) ;
if (!$res || db_affected_rows($res) < 1) {
$this->setError('update::name::'.db_error());
db_rollback();
@@ -335,18 +335,17 @@
// See if this setting changed. If so, then update it
//
// if ($this->getVal($usection_name,$uref_id) != $uvalue) {
- $sql="UPDATE role_setting
- SET value='$uvalue'
- WHERE role_id='".$this->getID()."'
- AND section_name='$usection_name'
- AND ref_id='$uref_id'";
-//echo "\n<br>$sql";
- $res=db_query($sql);
- if (!$res || db_affected_rows($res) < 1) {
- $sql="INSERT INTO role_setting (role_id,section_name,ref_id,value)
- values ('".$this->getID()."','$usection_name', '$uref_id','$uvalue')";
-//echo "\n<br>$sql";
- $res=db_query($sql);
+ $res = db_query_params ('UPDATE role_setting SET value=$1 WHERE role_id=$2 AND section_name=$3 AND ref_id=$4',
+ array ($uvalue,
+ $this->getID(),
+ $usection_name,
+ $uref_id)) ;
+ if (!$res || db_affected_rows($res) < 1) {
+ $res = db_query_params ('INSERT INTO role_setting (role_id, section_name, ref_id, value) VALUES ($1, $2, $3, $4)',
+ array ($this->getID(),
+ $usecrion_name,
+ $uref_id,
+ $uvalue)) ;
if (!$res) {
$this->setError('update::rolesettinginsert::'.db_error());
db_rollback();
@@ -359,9 +358,8 @@
//$update_usergroup=true;
//iterate all users with this role
- $res=db_query("SELECT user_id
- FROM user_group
- WHERE role_id='".$this->getID()."'");
+ $res = db_query_params ('SELECT user_id FROM user_group WHERE role_id=$1',
+ array ($this->getID())) ;
for ($z=0; $z<db_numrows($res); $z++) {
//TODO - Shell should be separate flag
@@ -370,11 +368,9 @@
// else - restricted.
//
$cvs_flags=$data['scm'][0];
- $sql="UPDATE user_group
- SET cvs_flags=".$cvs_flags."
- WHERE user_id=".db_result($res,$z,'user_id')." AND role_id=".$this->getID();
- //echo '<h1>'.$data['scm'][0].'::'.$sql.'</h1>';
- $res2=db_query($sql);
+ $res2 = db_query_params ('UPDATE user_group SET cvs_flags=$1 WHERE user_id=$2',
+ array ($cvs_flags,
+ db_result($res,$z,'user_id')));
if (!$res2) {
$this->setError('update::scm::'.db_error());
db_rollback();
@@ -431,18 +427,23 @@
}
}
// if ($update_usergroup) {
- $sql="UPDATE user_group
- SET
- admin_flags='".$data['projectadmin'][0]."',
- forum_flags='".$data['forumadmin'][0]."',
- project_flags='".$data['pmadmin'][0]."',
- doc_flags='".$data['docman'][0]."',
- cvs_flags='".$data['scm'][0]."',
- release_flags='".$data['frs'][0]."',
- artifact_flags='".$data['trackeradmin'][0]."'
- WHERE role_id='".$this->getID()."'";
-//echo "\n<br>$sql";
- $res=db_query($sql);
+ $res = db_query_params ('UPDATE user_group
+ SET admin_flags=$1,
+ forum_flags=$2,
+ project_flags=$3,
+ doc_flags=$4,
+ cvs_flags=$5,
+ release_flags=$-,
+ artifact_flags=$7,
+ WHERE role_id=$8',
+ array ($data['projectadmin'][0],
+ $data['forumadmin'][0],
+ $data['pmadmin'][0],
+ $data['docman'][0],
+ $data['scm'][0],
+ $data['frs'][0],
+ $data['trackeradmin'][0];
+ $this->getID())) ;
if (!$res) {
$this->setError('update::usergroup::'.db_error());
db_rollback();
@@ -476,9 +477,9 @@
//
// See if role is actually changing
//
- $res=db_query("SELECT role_id FROM user_group
- WHERE user_id='$user_id'
- AND group_id='".$this->Group->getID()."'");
+ $res = db_query_params ('SELECT role_id FROM user_group WHERE user_id=$1 AND group_id=$2',
+ array ($user_id,
+ $this->Group->getID())) ;
$old_roleid=db_result($res,0,0);
if ($this->getID() == $old_roleid) {
db_commit();
@@ -525,12 +526,10 @@
// else - restricted.
//
$cvs_flags=$this->getVal('scm',0);
- $sql="UPDATE user_group
- SET cvs_flags=".$cvs_flags."
- WHERE user_id=".$user_id."
- AND group_id='".$this->Group->getID()."'";
- //echo '<h1>'.$cvs_flags.'::'.$sql.'</h1>';
- $res2=db_query($sql);
+ $res2 = db_query_params ('UPDATE user_group SET cvs_flags=$1 WHERE user_id=$2 AND group_id=$3',
+ array ($cvs_flags,
+ $user_id,
+ $this->Group->getID())) ;
if (!$res2) {
$this->setError('update::scm::'.db_error());
db_rollback();
@@ -589,21 +588,26 @@
}
}
// if ($update_usergroup) {
- $sql="UPDATE user_group
- SET
- admin_flags='".$this->getVal('projectadmin',0)."',
- forum_flags='".$this->getVal('forumadmin',0)."',
- project_flags='".$this->getVal('pmadmin',0)."',
- doc_flags='".$this->getVal('docman',0)."',
- cvs_flags='".$this->getVal('scm',0)."',
- release_flags='".$this->getVal('frs',0)."',
- artifact_flags='".$this->getVal('trackeradmin',0)."',
- role_id='".$this->getID()."'
- WHERE
- user_id='".$user_id."'
- AND group_id='".$this->Group->getID()."'";
-//echo "\n<br>$sql";
- $res=db_query($sql);
+ $res = db_query_params ('UPDATE user_group
+ SET admin_flags=$1,
+ forum_flags=$2,
+ project_flags=$3,
+ doc_flags=$4,
+ cvs_flags=$5,
+ release_flags=$-,
+ artifact_flags=$7,
+ role_id=$8
+ WHERE user_id=$9 AND group_id=10',
+ array ($this->getVal('projectadmin',0),
+ $this->getVal('forumadmin',0),
+ $this->getVal('pmadmin',0),
+ $this->getVal('docman',0),
+ $this->getVal('scm',0),
+ $this->getVal('frs',0),
+ $this->getVal('trackeradmin',0),
+ $this->getID(),
+ $user_id,
+ $this->Group->getID()));
if (!$res) {
$this->setError('update::usergroup::'.db_error());
db_rollback();
Modified: trunk/gforge/common/include/RoleObserver.class.php
===================================================================
--- trunk/gforge/common/include/RoleObserver.class.php 2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/RoleObserver.class.php 2009-02-27 12:38:35 UTC (rev 7086)
@@ -3,6 +3,7 @@
* FusionForge observer role
*
* Copyright 2004, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -86,9 +87,8 @@
//
// Forum is_public/allow_anon
//
- $res=db_query("SELECT group_forum_id,is_public,allow_anonymous
- FROM forum_group_list
- WHERE group_id='".$this->Group->getID()."'");
+ $res = db_query_params ('SELECT group_forum_id,is_public,allow_anonymous FROM forum_group_list WHERE group_id=$1',
+ array ($this->Group->getID())) ;
while ($arr =& db_fetch_array($res)) {
$this->setting_array['forumpublic'][$arr['group_forum_id']] = $arr['is_public'];
$this->setting_array['forumanon'][$arr['group_forum_id']] = $arr['allow_anonymous'];
@@ -97,9 +97,8 @@
//
// Task Manager is_public/allow_anon
//
- $res=db_query("SELECT group_project_id,is_public
- FROM project_group_list
- WHERE group_id='".$this->Group->getID()."'");
+ $res = db_query_params ('SELECT group_project_id,is_public FROM project_group_list WHERE group_id=$1',
+ array ($this->Group->getID())) ;
while ($arr =& db_fetch_array($res)) {
$this->setting_array['pmpublic'][$arr['group_project_id']] = $arr['is_public'];
}
@@ -107,9 +106,8 @@
//
// Tracker is_public/allow_anon
//
- $res=db_query("SELECT group_artifact_id,is_public,allow_anon
- FROM artifact_group_list
- WHERE group_id='".$this->Group->getID()."'");
+ $res = db_query_params ('SELECT group_artifact_id,is_public,allow_anon FROM artifact_group_list WHERE group_id=$1',
+ array ($this->Group->getID())) ;
while ($arr =& db_fetch_array($res)) {
$this->setting_array['trackerpublic'][$arr['group_artifact_id']] = $arr['is_public'];
$this->setting_array['trackeranon'][$arr['group_artifact_id']] = $arr['allow_anon'];
@@ -118,9 +116,8 @@
//
// FRS packages can be public/private now
//
- $res=db_query("SELECT package_id,is_public
- FROM frs_package
- WHERE group_id='".$this->Group->getID()."'");
+ $res = db_query_params ('SELECT package_id,is_public FROM frs_package WHERE group_id=$1',
+ array ($this->Group->getID())) ;
while ($arr =& db_fetch_array($res)) {
$this->setting_array['frspackage'][$arr['package_id']] = $arr['is_public'];
}
@@ -222,12 +219,10 @@
// private if we change a group to private.
$data['scmpublic'][0]=0;
}
- $sql="UPDATE groups
- SET
- enable_anonscm='".$data['scmpublic'][0]."',
- is_public='".$data['projectpublic'][0]."'
- WHERE group_id='".$this->Group->getID()."'";
- $res=db_query($sql);
+ $res = db_query_params ('UPDATE groups SET enable_anonscm=$1, is_public=$2 WHERE group_id=$3',
+ array ($data['scmpublic'][0],
+ $data['projectpublic'][0],
+ $this->Group->getID())) ;
if (!$res) {
$this->setError('update::group::'.db_error());
db_rollback();
@@ -252,7 +247,11 @@
group_forum_id='$uref_id'
AND group_id='".$this->Group->getID()."'";
//echo "\n<br>$sql";
- $res=db_query($sql);
+ $res = db_query_params ('UPDATE forum_group_list SET is_public=$1, allow_anonymous=$2 WHERE group_forum_id=$3 AND group_id=$4',
+ array ($data['forumpublic'][$uref_id],
+ $data['forumanon'][$uref_id],
+ $uref_id,
+ $this->Group->getID())) ;
$updated['forum'][$uref_id]=1;
if (!$res) {
$this->setError('update::forum::'.db_error());
@@ -260,15 +259,10 @@
return false;
}
} elseif ($usection_name == 'pmpublic') {
-
- $sql="UPDATE project_group_list
- SET
- is_public='$uvalue'
- WHERE
- group_project_id='$uref_id'
- AND group_id='".$this->Group->getID()."'";
-//echo "\n<br>$sql";
- $res=db_query($sql);
+ $res = db_query_params ('UPDATE project_group_list SET is_public=$1 WHERE group_project_id=$2 AND group_id=$3',
+ array ($uvalue,
+ $uref_id,
+ $this->Group->getID())) ;
if (!$res) {
$this->setError('update::pm::'.db_error());
db_rollback();
@@ -276,15 +270,10 @@
}
} elseif ($usection_name == 'frspackage') {
-
- $sql="UPDATE frs_package
- SET
- is_public='$uvalue'
- WHERE
- package_id='$uref_id'
- AND group_id='".$this->Group->getID()."'";
-//echo "\n<br>$sql";
- $res=db_query($sql);
+ $res = db_query_params ('UPDATE frs_package SET is_public=$1 WHERE package_id=$2 AND group_id=$3',
+ array ($uvalue,
+ $uref_id,
+ $this->Group->getID())) ;
if (!$res) {
$this->setError('update::frspackage::'.db_error());
db_rollback();
@@ -298,15 +287,11 @@
if ($updated['tracker'][$uref_id]) {
continue;
}
- $sql="UPDATE artifact_group_list
- SET
- is_public='".$data['trackerpublic'][$uref_id]."',
- allow_anon='".$data['trackeranon'][$uref_id]."'
- WHERE
- group_artifact_id='$uref_id'
- AND group_id='".$this->Group->getID()."'";
-//echo "\n<br>$sql";
- $res=db_query($sql);
+ $res = db_query_params ('UPDATE artifact_group_list SET is_public=$1, allow_anon=$2 WHERE group_artifact_id=$3 AND group_id=$4',
+ array ($uvalue,
+ $data['trackerpublic'][$uref_id],
+ $data['trackeranon'][$uref_id],
+ $this->Group->getID())) ;
$updated['tracker'][$uref_id]=1;
if (!$res) {
$this->setError('update::tracker::'.db_error());
Modified: trunk/gforge/common/include/cron_utils.php
===================================================================
--- trunk/gforge/common/include/cron_utils.php 2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/cron_utils.php 2009-02-27 12:38:35 UTC (rev 7086)
@@ -3,6 +3,7 @@
* FusionForge cron job utilities
*
* Copyright 2003, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -55,9 +56,10 @@
$cron_arr[26]='update_users.php';
function cron_entry($job,$output) {
- $sql="INSERT INTO cron_history (rundate,job,output)
- values ('".time()."','$job','".addslashes($output)."')";
- return db_query($sql);
+ $sql='INSERT INTO cron_history (rundate,job,output)
+ values ($1, $2, $3)' ;
+ return db_query_params ($sql,
+ array (time(), $job, $output));
}
function cron_debug($string) {
Modified: trunk/gforge/common/include/forms.php
===================================================================
--- trunk/gforge/common/include/forms.php 2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/forms.php 2009-02-27 12:38:35 UTC (rev 7086)
@@ -3,6 +3,7 @@
* FusionForge form management
*
* Copyright 2005, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -38,10 +39,11 @@
$key = md5(microtime() + rand() + $_SERVER["REMOTE_ADDR"]);
if ( $sys_database_type == "mysql" ) {
$sql = "SELECT * FROM form_keys WHERE `key`='".$key."'";
+ $res=db_query($sql);
} else {
- $sql = "SELECT * FROM form_keys WHERE key='".$key."'";
+ $sql = 'SELECT * FROM form_keys WHERE key=$1';
+ $res=db_query_params ($sql, array ($key));
}
- $res=db_query($sql);
if (!db_numrows($res)) {
$is_new=true;
}
@@ -49,7 +51,7 @@
if ( $sys_database_type == "mysql" ) {
$res = db_query("INSERT INTO form_keys (`key`,is_used,creation_date) VALUES ('".$key."',0,".time().")");
} else {
- $res = db_query("INSERT INTO form_keys (key,is_used,creation_date) VALUES ('".$key."',0,".time().")");
+ $res = db_query_params('INSERT INTO form_keys (key,is_used,creation_date) VALUES ($1, 0, $2)', array ($key,time()));
}
if (!$res) {
db_rollback();
@@ -73,20 +75,22 @@
db_begin();
if ( $sys_database_type == "mysql" ) {
$sql = "SELECT * FROM form_keys WHERE `key`='$key' and is_used=0 FOR UPDATE";
+ $res=db_query($sql);
} else {
- $sql = "SELECT * FROM form_keys WHERE key='$key' and is_used=0 FOR UPDATE";
+ $sql = 'SELECT * FROM form_keys WHERE key=$1 and is_used=0 FOR UPDATE';
+ $res=db_query_params($sql, array ($key));
}
- $res=db_query($sql);
if (!$res || !db_numrows($res)) {
db_rollback();
return false;
}
if ( $sys_database_type == "mysql" ) {
$sql = "UPDATE form_keys SET is_used=1 WHERE `key`='$key'";
+ $res=db_query($sql);
} else {
- $sql = "UPDATE form_keys SET is_used=1 WHERE key='$key'";
+ $sql = 'UPDATE form_keys SET is_used=1 WHERE key=$1';
+ $res=db_query_params ($sql, array ($key));
}
- $res=db_query($sql);
if (!$res) {
db_rollback();
return false;
@@ -108,18 +112,21 @@
db_begin();
if ( $sys_database_type == "mysql" ) {
$sql = "SELECT * FROM form_keys WHERE `key`='$key' FOR UPDATE";
+ $res=db_query($sql);
} else {
- $sql = "SELECT * FROM form_keys WHERE key='$key' FOR UPDATE";
+ $sql = 'SELECT * FROM form_keys WHERE key=$1 FOR UPDATE';
+ $res=db_query_params($sql, array ($key));
}
- $res=db_query($sql);
if (!$res || !db_numrows($res)) {
db_rollback();
return false;
}
if ( $sys_database_type == "mysql" ) {
$sql = "UPDATE form_keys SET is_used=0 WHERE `key`='$key'";
+ $res=db_query($sql);
} else {
- $sql = "UPDATE form_keys SET is_used=0 WHERE key='$key'";
+ $sql = 'UPDATE form_keys SET is_used=0 WHERE key=$1';
+ $res=db_query_params ($sql, array ($key));
}
$res=db_query($sql);
if (!$res) {
Modified: trunk/gforge/common/include/gettext.php
===================================================================
--- trunk/gforge/common/include/gettext.php 2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/gettext.php 2009-02-27 12:38:35 UTC (rev 7086)
@@ -4,7 +4,7 @@
*
* Copyright 1999-2001, VA Linux Systems, Inc.
* Copyright 2003-2004, Guillaume Smet
- * Copyright 2007, Roland Mas
+ * Copyright 2007-2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -77,7 +77,7 @@
for( $i=0, $max = sizeof($languages); $i < $max; $i++){
$languageCode = $languages[$i];
- $res = db_query("select classname from supported_languages where language_code = '".addslashes($languageCode)."'");
+ $res = db_query_params ('select classname from supported_languages where language_code=$1', array ($languageCode)) ;
if (db_numrows($res) > 0) {
return db_result($res,0,'classname');
}
@@ -85,7 +85,7 @@
// If so, try to strip it and look for for main language only
if (strstr($languageCode, '-')) {
$languageCode = substr($languageCode, 0, 2);
- $res = db_query("select classname from supported_languages where language_code = '".addslashes($languageCode)."'");
+ $res = db_query_params ('select classname from supported_languages where language_code=$1', array ($languageCode)) ;
if (db_numrows($res) > 0) {
return db_result($res,0,'classname');
}
@@ -163,12 +163,12 @@
}
function lang_id_to_language_name ($lang_id) {
- $res = db_query('SELECT classname FROM supported_languages WHERE language_id=\''.$lang_id.'\'');
+ $res = db_query_params ('SELECT classname FROM supported_languages WHERE language_id=$1', array ($lang_id));
return db_result($res, 0, 'classname');
}
function language_name_to_lang_id ($language) {
- $res = db_query('SELECT language_id FROM supported_languages WHERE classname=\''.$language.'\'');
+ $res = db_query_params ('SELECT language_id FROM supported_languages WHERE classname=$1', array ($language)) ;
return db_result($res, 0, 'language_id');
}
Modified: trunk/gforge/common/include/license.php
===================================================================
--- trunk/gforge/common/include/license.php 2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/common/include/license.php 2009-02-27 12:38:35 UTC (rev 7086)
@@ -3,6 +3,7 @@
* FusionForge license functions
*
* Copyright 2004, GForge, LLC
+ * Copyright 2009, Roland Mas
*
* This file is part of FusionForge.
*
@@ -25,7 +26,8 @@
function license_getname($id) {
global $license_arr;
if (!isset($license_arr[$id])) {
- $res=db_query("SELECT * FROM licenses WHERE license_id='$id'");
+ $res = db_query_params ('SELECT * FROM licenses WHERE license_id=$1',
+ array ($id));
$license_arr[$id]=db_result($res,0,'license_name');
}
return $license_arr[$id];
@@ -33,8 +35,8 @@
function license_add($name) {
global $feedback;
- $res=db_query("INSERT INTO licenses(license_name)
- values ('".htmlspecialchars($name)."')");
+ $res = db_query_params ('INSERT INTO licenses (license_name) VALUES ($1)',
+ array (htmlspecialchars ($name))) ;
if (!$res) {
$feedback .= ' Error adding License: '.db_error();
return false;
@@ -45,11 +47,11 @@
function license_update($id,$name) {
global $feedback;
- $res=db_query("UPDATE licenses
- SET license_name='".htmlspecialchars($name)."'
- WHERE license_id='$id'");
+ $res = db_query_params ('UPDATE licenses SET license_name=$1 WHERE license_id=$2',
+ array (htmlspecialchars($name),
+ $id)) ;
if (!$res) {
- $feedback .= ' Error adding License: '.db_error();
+ $feedback .= ' Error updating License: '.db_error();
return false;
} else {
return true;
@@ -58,14 +60,14 @@
function license_delete($id) {
global $feedback;
- $res=db_query("UPDATE groups
- SET license_id='100'
- WHERE license_id='$id'");
+ $res = db_query_params ('UPDATE groups SET license_id=100 WHERE license_id=$1',
+ array ($id)) ;
if (!$res) {
$feedback .= ' Error deleting License: '.db_error();
return false;
} else {
- $res=db_query("DELETE FROM licenses WHERE license_id='$id'");
+ $res = db_query_params ('DELETE FROM licenses WHERE license_id=$1',
+ array ($id)) ;
if (!$res) {
$feedback .= ' Error deleting License: '.db_error();
return false;
@@ -76,7 +78,8 @@
}
function license_selectbox($title='license_id',$selected='xzxz') {
- $res=db_query("SELECT license_id, license_name FROM licenses ORDER BY license_name");
+ $res = db_query_params ('SELECT license_id, license_name FROM licenses ORDER BY license_name',
+ array()) ;
return html_build_select_box($res,$title,$selected,false);
}
Modified: trunk/gforge/www/project/admin/editgroupinfo.php
===================================================================
--- trunk/gforge/www/project/admin/editgroupinfo.php 2009-02-27 12:38:27 UTC (rev 7085)
+++ trunk/gforge/www/project/admin/editgroupinfo.php 2009-02-27 12:38:35 UTC (rev 7086)
@@ -1,30 +1,29 @@
<?php
/**
- * Project Admin page to edit project information (like description,
- * active facilities, etc.)
+ * FusionForge project admin page
*
- * Portions Copyright 1999-2001 (c) VA Linux Systems
- * The rest Copyright 2002-2004 (c) GForge Team
- * http://gforge.org/
+ * Copyright 1999-2001, VA Linux Systems, Inc.
+ * Copyright 2002-2004, GForge, LLC
+ * Copyright 2009, Roland Mas
*
- * This file is part of GForge.
+ * This file is part of FusionForge.
*
- * GForge is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
+ * FusionForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published
+ * by the Free Software Foundation; either version 2 of the License,
+ * or (at your option) any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
*
- * GForge is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
* You should have received a copy of the GNU General Public License
- * along with GForge; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * along with FusionForge; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ * USA
*/
-
require_once('../../env.inc.php');
require_once $gfwww.'include/pre.php';
require_once $gfwww.'project/admin/project_admin_utils.php';
@@ -78,8 +77,6 @@
$new_doc_address,
$send_all_docs,
100,
- '',
- '',
$use_ftp,
$use_tracker,
$use_frs,
More information about the Fusionforge-commits
mailing list