/** * Return criteria of fulltext search * @param string $text search keyword * @param string $mode search mode */ public function return_fulltext_criteria($text, $mode = null) { $text = $this->DB->escape($text); $fields = $this->settings['fulltext_field']; $mode = $mode ? " IN " . $mode : ""; $return = array('where_sql' => array("MATCH (search_field) AGAINST (" . $text . $mode . ")")); return $return; }
/** * Return escaped string * * @param string $var string to be escaped * @return string */ public function escape($var) { if (!is_null($this->_provider)) { return $this->_provider->escape($var); } else { return $var; } }
/** * Checks to see if $username and $password are valid credentials. * * @return integer 0 = false; X > 1 = Userid */ function is_valid_login($username, $password) { $result = $this->db->query("\n\t\t\tSELECT userid\n\t\t\tFROM {$this->dbprefix}user\n\t\t\tWHERE \n\t\t\t\tusername = "******" and\n\t\t\t\tpassword = md5(concat(md5(" . $this->db->escape($password) . "), salt))\n\t\t"); $user = $result->result_array(); if (empty($user)) { return false; } return intval($user[0]['userid']); }
/** * Returns db-rows of images matching the search string * E.g. useful for a search mambot * * @param string $searchstring The string to use for the search * @param array $access Access levels to filter for, null to use the ones of the current user * @param string $sorting Sorting string * @param int $numPics Limit number of images, leave away to return all * @param int $limitStart Where to start returning $numPics images * @return array An array of image objects from the database * @since 1.0.0 */ public function getPicsBySearch($searchstring, $access = null, $sorting = null, $numPics = null, $limitStart = 0) { $query = $this->getImagesQuery($access); $this->addSearchTerms($query, $searchstring); if ($sorting) { $query->order($this->_db->escape($sorting)); } $this->_db->setQuery($query, $limitStart, $numPics); return $this->_db->loadObjectList(); }
/** * Invoke controller targeted action method. * If not found the default action will be invoked instead. * * @throws \InvalidArgumentException */ protected function invokeAction() { if (is_object($this->instance)) { $action = $this->app->escape($this->getParams('@action')); $action .= static::ACTION_SUFFIX; if (!method_exists($this->instance, $action)) { $this->app->response->setStatus(404); throw new \BadMethodCallException('Controller action method [' . $action . '] not found.'); } call_user_func([$this->instance, $action]); } return $this; }
public function instr($where, $type = "AND") { foreach ($where as $k => $v) { $prefix = count($this->_instr) == 0 ? '' : $type . ' '; $arr = array(); $v = str_replace("+", " ", $v); $values = explode(' ', $v); foreach ($values as $value) { $arr[] = 'INSTR(' . $k . ', ' . self::$db->escape($value) . ')'; } $this->_instr[] = $prefix . '(' . implode(" OR ", $arr) . ') '; } return $this; }
/** * Checks if specified field exists in table * * true = exists * false = doesnt exist * * @access public * @param mixed $fieldname * @return bool */ public function field_exists($tablename, $fieldname) { # escape $tableName = $this->Database->escape($tablename); # check $query = "DESCRIBE `{$tablename}` `{$fieldname}`;"; try { $count = $this->Database->getObjectQuery($query); } catch (Exception $e) { $this->Result->show("danger", $e->getMessage(), true); return false; } # return true if it exists return sizeof($count) > 0 ? true : false; }
/** * Field attribute DEFAULT * * @param * array &$attributes * @param * array &$field * @return void */ protected function _attr_default(&$attributes, &$field) { if ($this->_default === FALSE) { return; } if (array_key_exists('DEFAULT', $attributes)) { if ($attributes['DEFAULT'] === NULL) { $field['default'] = empty($this->_null) ? '' : $this->_default . $this->_null; // Override the NULL attribute if that's our default $attributes['NULL'] = TRUE; $field['null'] = empty($this->_null) ? '' : ' ' . $this->_null; } else { $field['default'] = $this->_default . $this->db->escape($attributes['DEFAULT']); } } }
/** * Restores the parameters saved of a given extension in the database * * @access public * @param Array $manifestInformation the infomration identidying the extension * @param String $savedParameters the previously saved parameters */ function restoreParameters($manifestInformation, $savedParameters) { // Load the new settings switch ($manifestInformation["type"]) { case "component": $qry_load = "SELECT * FROM `#__components`" . " WHERE `name` = '" . $this->_db->escape($manifestInformation["element"]) . "'"; break; case "module": $qry_load = "SELECT * FROM `#__modules`" . " WHERE `module` = '" . $this->_db->escape($manifestInformation["element"]) . "'"; break; case "plugin": $qry_load = "SELECT * FROM `#__plugins`" . " WHERE `folder` = '" . $this->_db->escape($manifestInformation["group"]) . "' && " . "`element` = '" . $this->_db->escape($manifestInformation["element"]) . "'"; break; default: return; } // Load new parameters from the DB $this->_db->setQuery($qry_load); $obj = $this->_db->loadObject(); // enabled: keep the old parameter // access: keep the old parameter // published: keep the old parameter // params: merge (older is more important than defaut new) // Converting to Object Format $new_params = DSCParameterFormatINI::stringToObject($obj->params); $old_params = DSCParameterFormatINI::stringToObject($savedParameters->params); $old_params = (object) array_merge((array) $new_params, (array) $old_params); // Converting back to INI format $savedParameters->params = DSCParameterFormatINI::object__toString($old_params, ''); // Save the merged new / old settings switch ($manifestInformation["type"]) { case "component": $qry_save = "UPDATE `#__components` SET " . "`enabled`=" . intval($savedParameters->enabled) . ", " . "`params` = '" . $this->_db->escape($savedParameters->params) . "'" . " WHERE `name` = '" . $manifestInformation["element"] . "'"; break; case "module": $qry_save = "UPDATE `#__modules` SET " . "`access` = " . intval($savedParameters->access) . ", " . "`published` = " . intval($savedParameters->published) . ", " . "`params` = '" . $this->_db->escape($savedParameters->params) . "'" . " WHERE `module` = '" . $this->_db->escape($manifestInformation["element"]) . "'"; break; case "plugin": $qry_save = "UPDATE `#__plugins` SET " . "`access` = " . intval($savedParameters->access) . ", " . "`published` = " . intval($savedParameters->published) . ", " . "`params` = '" . $this->_db->escape($savedParameters->params) . "'" . " WHERE `folder` = '" . $this->_db->escape($manifestInformation["group"]) . "' && " . "`element` = '" . $this->_db->escape($manifestInformation["element"]) . "'"; break; default: return; } $this->_db->setQuery($qry_save); $this->_db->query(); }
/** * Field attribute DEFAULT * * @param array &$attributes * @param array &$field * @return void */ protected function _attr_default(&$attributes, &$field) { if ($this->_default === FALSE) { return; } if (!array_key_exists('DEFAULT', $attributes)) { return; } if ($attributes['DEFAULT'] === NULL) { $field['default'] = empty($this->_null) ? '' : $this->_default . $this->_null; // Override the NULL attribute if that's our default $attributes['NULL'] = TRUE; $field['null'] = empty($this->_null) ? '' : ' ' . $this->_null; return; } // White-list CURRENT_TIMESTAMP & similar (e.g. Oracle has stuff like SYSTIMESTAMP) defaults for date/time fields if (isset($attributes['TYPE']) && (stripos($attributes['TYPE'], 'time') !== FALSE or stripos($attributes['TYPE'], 'date') !== FALSE) && (stripos($attributes['DEFAULT'], 'time') !== FALSE or stripos($attributes['DEFAULT'], 'date') !== FALSE)) { $field['default'] = $this->_default . $attributes['DEFAULT']; return; } $field['default'] = $this->_default . $this->db->escape($attributes['DEFAULT']); }
/** * FTP Upload * Several images uploaded via FTP before are moved to a category * * @return void * @since 1.0.0 */ protected function uploadFTP() { // FTP upload is only available in backend at the moment if ($this->_site) { return false; } // Access check $category = $this->getCategory($this->catid); if (!$category || !$this->_user->authorise('joom.upload', _JOOM_OPTION . '.category.' . $this->catid) && (!$this->_user->authorise('joom.upload.inown', _JOOM_OPTION . '.category.' . $this->catid) || !$category->owner || $category->owner != $this->_user->get('id'))) { $this->setError(JText::_('COM_JOOMGALLERY_COMMON_MSG_YOU_ARE_NOT_ALLOWED_TO_UPLOAD_INTO_THIS_CATEGORY')); return false; } $subdirectory = $this->_db->escape($this->_mainframe->getUserStateFromRequest('joom.upload.ftp.subdirectory', 'subdirectory', '/', 'post', 'string')); $ftpfiles = $this->_mainframe->getUserStateFromRequest('joom.upload.ftp.files', 'ftpfiles', array(), 'array'); if (!$ftpfiles && JRequest::getBool('ftpfiles')) { $this->setError(JText::_('COM_JOOMGALLERY_COMMON_MSG_NO_IMAGES_SELECTED')); return false; } // Load the refresher require_once JPATH_COMPONENT . '/helpers/refresher.php'; $refresher = new JoomRefresher(array('remaining' => count($ftpfiles), 'start' => JRequest::getBool('ftpfiles'))); $this->_debugoutput .= '<p></p>'; foreach ($ftpfiles as $key => $origfilename) { // Check remaining time if (!$refresher->check()) { $this->_mainframe->setUserState('joom.upload.ftp.files', $ftpfiles); //$this->_mainframe->setUserState('joom.upload.debugoutput', $this->_debugoutput); $this->_mainframe->setUserState('joom.upload.debug', $this->debug); $refresher->refresh(count($ftpfiles)); } // Get extension $tag = strtolower(JFile::getExt($origfilename)); $this->_debugoutput .= '<hr />'; $this->_debugoutput .= JText::sprintf('COM_JOOMGALLERY_UPLOAD_FILENAME', $origfilename) . '<br />'; /*// Image size must not exceed the setting in backend if we are in frontend if($this->_site && $screenshot_filesize > $this->_config->get('jg_maxfilesize')) { $this->_debugoutput .= JText::sprintf('COM_JOOMGALLERY_UPLOAD_OUTPUT_MAX_ALLOWED_FILESIZE', $this->_config->get('jg_maxfilesize')).'<br />'; $this->debug = true; unset($ftpfiles[$key]); continue; }*/ // Check for right format if ($tag != 'jpeg' && $tag != 'jpg' && $tag != 'jpe' && $tag != 'gif' && $tag != 'png' || strlen($origfilename) == 0) { $this->_debugoutput .= JText::_('COM_JOOMGALLERY_UPLOAD_OUTPUT_INVALID_IMAGE_TYPE') . '<br />'; $this->debug = true; unset($ftpfiles[$key]); continue; } // Check filename for special characters if not allowed if ($this->_config->get('jg_filenamewithjs') == 0) { if ($this->_site && $this->_config->get('jg_useruseorigfilename') || !$this->_site && $this->_config->get('jg_useorigfilename')) { $filename = $origfilename; } else { $filename = $this->imgtitle; } if (JoomFile::checkValidFilename($filename, '', true) == false) { $this->_debugoutput .= strip_tags(JText::_('COM_JOOMGALLERY_UPLOAD_ERROR_INVALIDSC_FILENAME')); $this->debug = true; unset($ftpfiles[$key]); continue; } } $filecounter = null; if ($this->_site && $this->_config->get('jg_useruploadnumber') || !$this->_site && $this->_config->get('jg_filenamenumber')) { $filecounter = $this->_getSerial(); } // Create new filename // If generic filename set in backend use them if ($this->_site && $this->_config->get('jg_useruseorigfilename') || !$this->_site && $this->_config->get('jg_useorigfilename')) { $oldfilename = $origfilename; $newfilename = JoomFile::fixFilename($origfilename); } else { $oldfilename = $this->imgtitle; $newfilename = JoomFile::fixFilename($this->imgtitle); } // Check the new filename if (JoomFile::checkValidFilename($oldfilename, $newfilename) == false) { $this->_debugoutput .= strip_tags(JText::sprintf('COM_JOOMGALLERY_UPLOAD_ERROR_INVALID_FILENAME', $newfilename, $oldfilename)); $this->debug = true; unset($ftpfiles[$key]); continue; } $newfilename = $this->_genFilename($newfilename, $tag, $filecounter); // Resize image $delete_file = $this->_mainframe->getUserStateFromRequest('joom.upload.file_delete', 'file_delete', false, 'bool'); if (!$this->resizeImage(JPath::clean($this->_ambit->get('ftp_path') . $subdirectory . $origfilename), $newfilename, false, $delete_file)) { $this->rollback($this->_ambit->getImg('orig_path', $newfilename, null, $this->catid), $this->_ambit->getImg('img_path', $newfilename, null, $this->catid), $this->_ambit->getImg('thumb_path', $newfilename, null, $this->catid)); $this->debug = true; unset($ftpfiles[$key]); continue; } $row = JTable::getInstance('joomgalleryimages', 'Table'); if (!$this->registerImage($row, $origfilename, $newfilename, $tag, $filecounter)) { $this->rollback($this->_ambit->getImg('orig_path', $newfilename, null, $this->catid), $this->_ambit->getImg('img_path', $newfilename, null, $this->catid), $this->_ambit->getImg('thumb_path', $newfilename, null, $this->catid)); $this->debug = true; unset($ftpfiles[$key]); continue; } $this->_debugoutput .= JText::_('COM_JOOMGALLERY_UPLOAD_OUTPUT_IMAGE_SUCCESSFULLY_ADDED') . '<br />'; $this->_debugoutput .= JText::sprintf('COM_JOOMGALLERY_UPLOAD_NEW_FILENAME', $newfilename) . '<br /><br />'; $this->_mainframe->triggerEvent('onJoomAfterUpload', array($row)); unset($ftpfiles[$key]); } $this->_debugoutput .= '<hr /><br />'; // Reset file counter, delete original delete source file and // create special gif selection and debug information $this->_mainframe->setUserState('joom.upload.filecounter', 0); $this->_mainframe->setUserState('joom.upload.file_delete', false); $this->_mainframe->setUserState('joom.upload.delete_original', false); $this->_mainframe->setUserState('joom.upload.create_special_gif', false); $this->_mainframe->setUserState('joom.upload.debug', false); $this->_mainframe->setUserState('joom.upload.debugoutput', null); if ($this->debug) { echo $this->_debugoutput; } return !$this->debug; }
/** * SQL语句的转义 * * 完成SQL语句中关于数据值字符串的转义 * * @access protected * * @param string $sql SQL语句 * @param mixed $value 待转义的数值 * * @return string */ protected function _prepare($sql, $value) { $sql = str_replace('?', '%s', $sql); $value = $this->_dbLink->escape($value); return vsprintf($sql, $value); }
/** * Insert(modify, drop) into Table (Message or Subdivision or Template or.. see SystemTable) field * @param int FieldID * @param int type operation: 1 - add, 2 - modify, 3 - drop * @param object $db */ function ColumnInMessage($FieldID, $type, $db, $NewFieldName = false) { global $db; $FieldID = intval($FieldID); $SelectField = $db->get_row("SELECT `Class_ID`, `Widget_Class_ID`, `Field_Name`, `TypeOfData_ID`, `Extension`, `NotNull`, `DoSearch`, `DefaultState`, `System_Table_ID` FROM `Field` WHERE `Field_ID`= '" . $FieldID . "'"); if ($SelectField->Widget_Class_ID) { return true; } if ($NewFieldName) { $NewFieldName = $db->escape($NewFieldName); $sql = "UPDATE `Field` SET `Field_Name` = '{$NewFieldName}' WHERE `Field_ID` = {$FieldID}"; $db->query($sql); } $isSys = $SelectField->System_Table_ID; #for short, ==0 - if Component Field $TableName = $isSys ? GetSystemTableName($SelectField->System_Table_ID) : "Message" . $SelectField->Class_ID; switch ($type) { case 1: $oper = "ADD"; break; case 2: $oper = $NewFieldName ? "CHANGE" : "MODIFY"; break; case 3: $oper = "DROP"; break; } if ($type == 2 && !$isSys) { $arr_indexes = $db->get_results("SHOW INDEX FROM `Message{$SelectField->Class_ID}`", ARRAY_A); if (!empty($arr_indexes)) { foreach ($arr_indexes as $arr_indexes_row) { if ($arr_indexes_row['Key_name'] == $SelectField->Field_Name) { $db->query("ALTER TABLE `Message" . $SelectField->Class_ID . "` DROP INDEX `" . $SelectField->Field_Name . "`"); } } } } $alter = "ALTER TABLE `" . $TableName . "` " . $oper . " `" . $SelectField->Field_Name . "`"; if ($type == 3) { $db->query($alter); return true; } if ($NewFieldName && $type == 2) { $alter .= " `{$NewFieldName}`"; } $alter .= " "; switch ($SelectField->TypeOfData_ID) { case 1: $alter .= "CHAR(255)"; break; case 2: $alter .= "INT"; break; case 3: $alter .= "LONGTEXT"; break; case 4: $alter .= "INT"; break; case 5: $alter .= "TINYINT"; break; case 6: $alter .= "CHAR(255)"; break; case 7: $alter .= "DOUBLE"; break; case 8: $alter .= "DATETIME"; break; case 9: $alter .= "INT"; break; case 10: $alter .= "TEXT"; break; case 11: $alter .= "CHAR(255)"; break; } switch (true) { case $SelectField->DefaultState != NULL && !in_array($SelectField->TypeOfData_ID, array(3, 6, 8)): $alter .= " NOT NULL DEFAULT '" . $db->escape($SelectField->DefaultState) . "'"; break; case $SelectField->NotNull: $alter .= " NOT NULL"; break; default: $alter .= " NULL"; } $db->query($alter); if ($isSys) { return true; } if ($SelectField->DoSearch && $SelectField->TypeOfData_ID != 3) { $FieldName = $NewFieldName && $type == 2 ? $NewFieldName : $SelectField->Field_Name; $db->query("ALTER TABLE `" . $TableName . "` ADD INDEX (`" . $FieldName . "`)"); } return true; }
/** * Callback utilisé pour l'extension <<fichier>> dans le wiki-texte * @param array $args Arguments passés à l'extension * @param string $content Contenu éventuel (en mode bloc) * @param object $skriv Objet SkrivLite */ public static function SkrivFichier($args, $content, $skriv) { $_args = []; foreach ($args as $value) { if (preg_match('/^\\d+$/', $value)) { $_args['id'] = (int) $value; } } if (empty($_args['id'])) { return $skriv->parseError('/!\\ Tag fichier : aucun numéro de fichier indiqué.'); } try { $file = new Fichiers($_args['id']); } catch (\InvalidArgumentException $e) { return $skriv->parseError('/!\\ Tag fichier : ' . $e->getMessage()); } $out = '<aside class="fichier" data-type="' . $skriv->escape($file->type) . '">'; $out .= '<a href="' . $file->getURL() . '" class="internal-file">' . $skriv->escape($file->nom) . '</a> '; $out .= '<small>(' . $skriv->escape(($file->type ? $file->type . ', ' : '') . Utils::format_bytes($file->taille)) . ')</small>'; $out .= '</aside>'; return $out; }
/** * initializer if you have all image data and a thumb name * * @return void * @param int $thumbName * @param int $imageID * @param string $imageFileName * @param string $imagePath * @param string $imageExtension * @param int $imageWidth * @param int $imageHeight * @param string $imageData * @public */ public function initByThumbName($thumbName, $imageID, $imageFileName, $imagePath, $imageExtension, $imageWidth, $imageHeight, $imageData = '') { $_foo = getHash('SELECT * FROM ' . THUMBNAILS_TABLE . ' WHERE Name="' . $this->db->escape($thumbName) . '"', $this->db); $_foo = $_foo ?: array('ID' => 0, 'Width' => 0, 'Height' => 0, 'Ratio' => 0, 'Maxsize' => 0, 'Interlace' => false, 'Fitinside' => false, 'Format' => '', 'Name' => '', 'Date' => '', 'Quality' => ''); $this->init($_foo['ID'], $_foo['Width'], $_foo['Height'], $_foo['Ratio'], $_foo['Maxsize'], $_foo['Interlace'], $_foo['Fitinside'], $_foo['Format'], $_foo['Name'], $imageID, $imageFileName, $imagePath, $imageExtension, $imageWidth, $imageHeight, $imageData, $_foo['Date'], $_foo['Quality']); return $this->thumbID && $this->thumbName; }
/** * Escape value * * @param mixed $value * @return string */ public function escape($value) { return $this->object->escape($value); }
/** * Restores the parameters saved of a given extension in the database * * @access public * @param Array $manifestInformation the infomration identidying the extension * @param String $savedParameters the previously saved parameters */ function restoreParameters($manifestInformation, $savedParameters) { // Load the new settings switch ($manifestInformation["type"]) { case "component": if (version_compare(JVERSION, '1.6.0', 'ge')) { // Joomla! 1.6+ code here $qry_load = "SELECT * FROM #__extensions WHERE `type` = 'component' AND `element` = '" . $manifestInformation["element"] . "'"; } else { // Joomla! 1.5 code here $qry_load = "SELECT * FROM `#__components`" . " WHERE `name` = '" . $this->_db->escape($manifestInformation["element"]) . "'"; } break; case "module": if (version_compare(JVERSION, '1.6.0', 'ge')) { // Joomla! 1.6+ code here $qry_load = "SELECT * FROM #__extensions WHERE `type` = 'module' AND `element` = '" . $manifestInformation["element"] . "'"; } else { // Joomla! 1.5 code here $qry_load = "SELECT * FROM `#__modules`" . " WHERE `module` = '" . $this->_db->escape($manifestInformation["element"]) . "'"; } break; case "plugin": if (version_compare(JVERSION, '1.6.0', 'ge')) { // Joomla! 1.6+ code here $qry_load = "SELECT * FROM #__extensions WHERE `type` = 'plugin' AND `folder` = '" . $manifestInformation["group"] . "' AND `element` = '" . $manifestInformation["element"] . "'"; } else { // Joomla! 1.5 code here $qry_load = "SELECT * FROM `#__plugins`" . " WHERE `folder` = '" . $this->_db->escape($manifestInformation["group"]) . "' && " . "`element` = '" . $this->_db->escape($manifestInformation["element"]) . "'"; } break; default: return; } // Load new parameters from the DB $this->_db->setQuery($qry_load); $obj = $this->_db->loadObject(); // enabled: keep the old parameter // access: keep the old parameter // published: keep the old parameter // params: merge (older is more important than defaut new) // Converting to Object Format $jregistryformat = JRegistryFormat::getInstance('ini'); $new_params = $jregistryformat->stringToObject($obj->params); $old_params = $jregistryformat->stringToObject($savedParameters->params); $old_params = (object) array_merge((array) $new_params, (array) $old_params); // Converting back to INI format $savedParameters->params = $jregistryformat->object__toString($old_params, ''); // Save the merged new / old settings switch ($manifestInformation["type"]) { case "component": if (version_compare(JVERSION, '1.6.0', 'ge')) { // Joomla! 1.6+ code here $qry_save = "UPDATE `#__extensions` SET " . "`enabled` = " . intval($savedParameters->enabled) . ", " . "`params` = '" . $this->_db->escape($savedParameters->params) . "'" . " WHERE `element` = '" . $manifestInformation["element"] . "'" . " AND `type` = 'component'"; } else { // Joomla! 1.5 code here $qry_save = "UPDATE `#__components` SET " . "`enabled`=" . intval($savedParameters->enabled) . ", " . "`params` = '" . $this->_db->escape($savedParameters->params) . "'" . " WHERE `option` = '" . $manifestInformation["element"] . "'"; } break; case "module": if (version_compare(JVERSION, '1.6.0', 'ge')) { // Joomla! 1.6+ code here $qry_save = "UPDATE `#__extensions` SET " . "`access` = " . intval($savedParameters->access) . ", " . "`enabled` = " . intval($savedParameters->enabled) . ", " . "`params` = '" . $this->_db->escape($savedParameters->params) . "'" . " WHERE `element` = '" . $manifestInformation["element"] . "'" . " AND `type` = 'module'"; } else { // Joomla! 1.5 code here $qry_save = "UPDATE `#__modules` SET " . "`access` = " . intval($savedParameters->access) . ", " . "`published` = " . intval($savedParameters->published) . ", " . "`params` = '" . $this->_db->escape($savedParameters->params) . "'" . " WHERE `module` = '" . $this->_db->escape($manifestInformation["element"]) . "'"; } break; case "plugin": if (version_compare(JVERSION, '1.6.0', 'ge')) { // Joomla! 1.6+ code here $qry_save = "UPDATE `#__extensions` SET " . "`access` = " . intval($savedParameters->access) . ", " . "`enabled` = " . intval($savedParameters->enabled) . ", " . "`params` = '" . $this->_db->escape($savedParameters->params) . "'" . " WHERE `element` = '" . $manifestInformation["element"] . "'" . " AND `folder` = '" . $this->_db->escape($manifestInformation["group"]) . "'" . " AND `type` = 'plugin'"; } else { // Joomla! 1.5 code here $qry_save = "UPDATE `#__plugins` SET " . "`access` = " . intval($savedParameters->access) . ", " . "`published` = " . intval($savedParameters->published) . ", " . "`params` = '" . $this->_db->escape($savedParameters->params) . "'" . " WHERE `folder` = '" . $this->_db->escape($manifestInformation["group"]) . "' && " . "`element` = '" . $this->_db->escape($manifestInformation["element"]) . "'"; } break; default: return; } $this->_db->setQuery($qry_save); $this->_db->query(); }
public function _getPaymentForOrderQuery($OrderID) { $sql = $this->_config['default_getpaymentfororder_query']; if (empty($sql)) { $sql = $this->_defaultGetPaymentForOrderQuery(); } $OrderID = $this->_integrator->escape($OrderID); return $this->_applyFormat($sql, array('ID' => $OrderID, 'OrderID' => $OrderID)); }
/** * Import phpcs CSV results file * * @param string $csv CSV filename * @param string $paths Paths of file just sniffed * @return void */ protected function _importCsv($csv, $paths = null) { if (null === $paths) { $paths = $this->_paths; } $sql = "DELETE FROM snif_results"; // FIXME: This only correctly works if you are re-running // the sniff on a specific file, not a subdirectory if ($paths != $this->_paths) { // We ran the sniff for a specific file foreach ($paths as $path) { $sqlString = $sql . " WHERE file = '" . realpath($path) . "';"; $this->_db->executeQuery($sqlString); } } else { // Yes, just delete everything. $this->_db->executeQuery($sql); } $row = 0; $handle = fopen($csv, 'r'); $cols = fgetcsv($handle, 1000, ','); if (substr($cols[0], 0, 5) == 'ERROR') { throw new Exception("Error importing csv: " . $cols[0]); } if ($this->_qis->isVerbose()) { $this->_qis->log("Writing results to db"); } else { echo "Writing results to db..."; } $sqlPre = "INSERT INTO snif_results ('file', 'line', 'column', " . "'severity', 'message', 'sniffcode') VALUES "; $this->_db->beginTransaction(); while (($data = fgetcsv($handle, 1000, ',')) !== false) { // only add the row if there was a 1, // otherwise there was probably an error in the csv file if (!isset($data[1])) { continue; } if ($data[0] == $cols[0]) { // No data, we got the headers again. if ($this->_qis->isVerbose()) { $this->_qis->log('No sniff results found.'); } break; } if ($this->_includeSniffCodes) { $sniffCode = $this->_db->escape($data[5]); } else { $sniffCode = ''; } $sqlRow = "('" . $this->_db->escape($data[0]) . "'," . $this->_db->escape($data[1]) . "," . $this->_db->escape($data[2]) . "," . "'" . $this->_db->escape($data[3]) . "'," . "'" . $this->_db->escape($data[4]) . "'," . "'" . $sniffCode . "')"; $sql = $sqlPre . $sqlRow; $this->_db->executeQuery($sql); if ($this->_qis->isVerbose()) { echo '.'; } $row++; } $this->_db->commit(); if ($this->_qis->isVerbose()) { $this->_qis->log('Finished writing results to db.'); } else { echo "done\n"; } return true; }