/** * checkLock() helper * * @param string resource path to check for locks * @return bool true on success */ public function checkLock($path) { G::LoadSystem('inputfilter'); $filter = new InputFilter(); $path = $filter->validateInput($path, 'nosql'); $result = false; $query = "SELECT owner, token, expires, exclusivelock\n FROM locks\n WHERE path = '%s' "; $query = $filter->preventSqlInjection($query, array($path)); $res = mysql_query($query); if ($res) { $row = mysql_fetch_array($res); mysql_free_result($res); if ($row) { $result = array("type" => "write", "scope" => $row["exclusivelock"] ? "exclusive" : "shared", "depth" => 0, "owner" => $row['owner'], "token" => $row['token'], "expires" => $row['expires']); } } return $result; }
/** * Privates functions section, non callable by http request */ private function testMySQLconnection () { G::LoadSystem('inputfilter'); $filter = new InputFilter(); $info = new StdClass(); $info->result = false; $info->message = ''; if (! function_exists( "mysql_connect" )) { $info->message = G::LoadTranslation('ID_PHP_MYSQL_NOT _INSTALL'); return $info; } $db_hostname = $_REQUEST['db_hostname']; $db_hostname = $filter->validateInput($db_hostname); $db_port = $_REQUEST['db_port']; $db_port = $filter->validateInput($db_port); $db_username = $_REQUEST['db_username']; $db_username = $filter->validateInput($db_username); $db_password = $_REQUEST['db_password']; $db_password = $filter->validateInput($db_password); $fp = @fsockopen( $db_hostname, $db_port, $errno, $errstr, 30 ); if (! $fp) { $info->message .= G::LoadTranslation('ID_CONNECTION_ERROR', SYS_LANG, Array("$errstr ($errno)")); return $info; } $db_host = ($db_port != '' && $db_port != 1433) ? $db_hostname . ':' . $db_port : $db_hostname; $link = @mysql_connect( $db_host, $db_username, $db_password ); if (! $link) { $info->message .= G::LoadTranslation('ID_MYSQL_CREDENTIALS_WRONG'); return $info; } $db_username = $filter->validateInput($db_username, 'nosql'); $db_hostname = $filter->validateInput($db_hostname, 'nosql'); $query = "SELECT * FROM `information_schema`.`USER_PRIVILEGES` where (GRANTEE = \"'%s'@'%s'\" OR GRANTEE = \"'%s'@'%%'\") "; $query = $filter->preventSqlInjection($query, array($db_username, $db_hostname, $db_username)); $res = @mysql_query( $query, $link ); $row = @mysql_fetch_array( $res ); $hasSuper = is_array( $row ); @mysql_free_result( $res ); @mysql_close( $link ); if (! $hasSuper) { $info->message .= G::LoadTranslation('ID_CONNECTION_ERROR_PRIVILEGE', SYS_LANG, Array($db_username)); return $info; } $info->message .= G::LoadTranslation('ID_MYSQL_SUCCESS_CONNECT'); $info->result = true; return $info; }
function testConnection($type, $server, $user, $passwd, $port = 'none', $dbName = "") { if ($port == 'none' || $port == '' || $port == 0) { //setting defaults ports switch ($type) { case 'mysql': $port = 3306; break; case 'pgsql': $port = 5432; break; case 'mssql': $port = 1433; break; case 'oracle': $port = 1521; break; } } G::LoadClass('net'); $Server = new NET($server); G::LoadSystem('inputfilter'); $filter = new InputFilter(); if ($Server->getErrno() == 0) { $Server->scannPort($port); if ($Server->getErrno() == 0) { $Server->loginDbServer($user, $passwd); $Server->setDataBase($dbName, $port); if ($Server->errno == 0) { $response = $Server->tryConnectServer($type); if ($response->status == 'SUCCESS') { if ($Server->errno == 0) { $message = ""; $response = $Server->tryConnectServer($type); $server = $filter->validateInput($server); $user = $filter->validateInput($user); $passwd = $filter->validateInput($passwd); $connDatabase = @mysql_connect($server, $user, $passwd); $dbNameTest = "PROCESSMAKERTESTDC"; $dbNameTest = $filter->validateInput($dbNameTest, 'nosql'); $query = "CREATE DATABASE %s"; $query = $filter->preventSqlInjection($query, array($dbNameTest), $connDatabase); $db = @mysql_query($query, $connDatabase); $success = false; if (!$db) { $message = mysql_error(); } else { $usrTest = "wfrbtest"; $chkG = "GRANT ALL PRIVILEGES ON `%s`.* TO %s@'%%' IDENTIFIED BY 'sample' WITH GRANT OPTION"; $chkG = $filter->preventSqlInjection($chkG, array($dbNameTest, $usrTest), $connDatabase); $ch = @mysql_query($chkG, $connDatabase); if (!$ch) { $message = mysql_error(); } else { $sqlCreateUser = "******"; $user = $filter->validateInput($user, 'nosql'); $sqlCreateUser = $filter->preventSqlInjection($sqlCreateUser, array($user . "_usertest", "sample"), $connDatabase); $result = @mysql_query($sqlCreateUser, $connDatabase); if (!$result) { $message = mysql_error(); } else { $success = true; $message = G::LoadTranslation('ID_SUCCESSFUL_CONNECTION'); } $sqlDropUser = "******"; $user = $filter->validateInput($user, 'nosql'); $sqlDropUser = $filter->preventSqlInjection($sqlDropUser, array($user . "_usertest"), $connDatabase); @mysql_query($sqlDropUser, $connDatabase); $sqlDropUser = "******"; $usrTest = $filter->validateInput($usrTest, 'nosql'); $sqlDropUser = $filter->preventSqlInjection($sqlDropUser, array($usrTest), $connDatabase); @mysql_query($sqlDropUser, $connDatabase); } $sqlDropDb = "DROP DATABASE %s"; $dbNameTest = $filter->validateInput($dbNameTest, 'nosql'); $sqlDropDb = $filter->preventSqlInjection($sqlDropDb, array($dbNameTest), $connDatabase); @mysql_query($sqlDropDb, $connDatabase); } return array($success, $message != "" ? $message : $Server->error); } else { return array(false, $Server->error); } } else { return array(false, $Server->error); } } else { return array(false, $Server->error); } } else { return array(false, $Server->error); } } else { return array(false, $Server->error); } }
/** * PROPPATCH method handler * * @param array general parameter passing array * @return bool true on success */ function PROPPATCH(&$options) { global $prefs, $tab; $msg = ""; $path = $options["path"]; $dir = dirname($path) . "/"; $base = basename($path); if (!class_exists('G')) { $realdocuroot = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']); $docuroot = explode('/', $realdocuroot); array_pop($docuroot); $pathhome = implode('/', $docuroot) . '/'; array_pop($docuroot); $pathTrunk = implode('/', $docuroot) . '/'; require_once $pathTrunk . 'gulliver/system/class.g.php'; } G::LoadSystem('inputfilter'); $filter = new InputFilter(); foreach ($options["props"] as $key => $prop) { if ($prop["ns"] == "DAV:") { $options["props"][$key]['status'] = "403 Forbidden"; } else { if (isset($prop["val"])) { $query = "REPLACE INTO properties SET path = '%s', name = '%s', ns= '%s', value = '%s'"; $query = $filter->preventSqlInjection($query, array($options['path'], $prop['name'], $prop['ns'], $prop['val'])); error_log($query); } else { $query = "DELETE FROM properties WHERE path = '%s' AND name = '%s' AND ns = '%s'"; $query = $filter->preventSqlInjection($query, array($options['path'], $prop['name'], $prop['ns'])); } mysql_query($query); } } return ""; }
/** Loads the indexes for this table. */ protected function initIndexes() { include_once 'creole/metadata/IndexInfo.php'; // columns have to be loaded first if (!$this->colsLoaded) { $this->initColumns(); } $realdocuroot = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']); $docuroot = explode('/', $realdocuroot); array_pop($docuroot); $pathhome = implode('/', $docuroot) . '/'; array_pop($docuroot); $pathTrunk = implode('/', $docuroot) . '/'; require_once $pathTrunk . 'gulliver/system/class.inputfilter.php'; $filter = new InputFilter(); $sql = "PRAGMA index_list('" . $this->name . "')"; $res = sqlite_query($this->conn->getResource(), $sql); while ($row = sqlite_fetch_array($res, SQLITE_ASSOC)) { $name = $row['name']; $name = $filter->validateInput($name); $this->indexes[$name] = new IndexInfo($name); // get columns for that index $query = "PRAGMA index_info('{$name}')"; $res2 = sqlite_query($this->conn->getResource(), $filter->preventSqlInjection($query)); while ($row2 = sqlite_fetch_array($res2, SQLITE_ASSOC)) { $colname = $row2['name']; $this->indexes[$name]->addColumn($this->columns[$colname]); } } $this->indexesLoaded = true; }
public function isConnected() { if (!$this->oConnection) { return false; } G::LoadSystem('inputfilter'); $filter = new InputFilter(); $query = $filter->preventSqlInjection("USE %s", array($this->sDataBase)); return $this->executeQuery($query); }
/** Loads the primary keys for this table. */ protected function initPrimaryKey() { include_once 'creole/metadata/PrimaryKeyInfo.php'; // columns have to be loaded first if (!$this->colsLoaded) { $this->initColumns(); } // Primary Keys $realdocuroot = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']); $docuroot = explode('/', $realdocuroot); array_pop($docuroot); $pathhome = implode('/', $docuroot) . '/'; array_pop($docuroot); $pathTrunk = implode('/', $docuroot) . '/'; require_once $pathTrunk . 'gulliver/system/class.inputfilter.php'; $filter = new InputFilter(); $this->oid = $filter->validateInput($this->oid); $query = "SELECT\n\t\t\t\t\t\t\t\t\t\t\t\t\t DISTINCT ON(cls.relname)\n\t\t\t\t\t\t\t\t\t\t\t\t\t cls.relname as idxname,\n\t\t\t\t\t\t\t\t\t\t\t\t\t indkey,\n\t\t\t\t\t\t\t\t\t\t\t\t\t indisunique\n\t\t\t\t\t\t\t\t\t\t\t\t\tFROM pg_index idx\n\t\t\t\t\t\t\t\t\t\t\t\t\t JOIN pg_class cls ON cls.oid=indexrelid\n\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE indrelid = %s AND indisprimary\n\t\t\t\t\t\t\t\t\t\t\t\t\tORDER BY cls.relname"; $result = pg_query($this->conn->getResource(), sprintf($filter->preventSqlInjection($query), $this->oid)); if (!$result) { throw new SQLException("Could not list primary keys for table: " . $this->name, pg_last_error($this->conn->getResource())); } // Loop through the returned results, grouping the same key_name together // adding each column for that key. $realdocuroot = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']); $docuroot = explode('/', $realdocuroot); array_pop($docuroot); $pathhome = implode('/', $docuroot) . '/'; array_pop($docuroot); $pathTrunk = implode('/', $docuroot) . '/'; require_once $pathTrunk . 'gulliver/system/class.inputfilter.php'; $filter = new InputFilter(); $this->oid = $filter->validateInput($this->oid); while ($row = pg_fetch_assoc($result)) { $arrColumns = explode(' ', $row['indkey']); foreach ($arrColumns as $intColNum) { $intColNum = $filter->validateInput($intColNum, 'int'); $query = "SELECT a.attname\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tFROM pg_catalog.pg_class c JOIN pg_catalog.pg_attribute a ON a.attrelid = c.oid\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE c.oid = '%s' AND a.attnum = %d AND NOT a.attisdropped\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tORDER BY a.attnum"; $result2 = pg_query($this->conn->getResource(), sprintf($filter->preventSqlInjection($query), $this->oid, $intColNum)); if (!$result2) { throw new SQLException("Could not list indexes keys for table: " . $this->name, pg_last_error($this->conn->getResource())); } $row2 = pg_fetch_assoc($result2); if (!isset($this->primaryKey)) { $this->primaryKey = new PrimaryKeyInfo($row2['attname']); } $this->primaryKey->addColumn($this->columns[$row2['attname']]); } // foreach ($arrColumns as $intColNum) } $this->pkLoaded = true; }