diff options
author | Rafael Bodill <rafi@sortex.co.il> | 2014-09-28 19:27:06 +0200 |
---|---|---|
committer | Rafael Bodill <rafi@sortex.co.il> | 2014-09-28 19:27:06 +0200 |
commit | c902a13c01583e83fda7f8188130e01f2d3bb141 (patch) | |
tree | fed11d4004b4494864699b1a42b725a20b597768 | |
parent | 7c100145ce197c86e1c849124daaa39ac6b240f5 (diff) | |
parent | 4edab80a15cad1a479d110f6b7e782e1b434763d (diff) |
Merge branch 'pgsql_controllers'
* pgsql_controllers:
file/cron: Protecting identifiers
Fixing multipaste delete queries
-rw-r--r-- | application/controllers/file.php | 3 | ||||
-rw-r--r-- | application/models/mfile.php | 56 | ||||
-rw-r--r-- | application/models/mmultipaste.php | 15 |
3 files changed, 35 insertions, 39 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php index ddb7a38cf..329a0bdf7 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -1004,7 +1004,8 @@ class File extends MY_Controller { $query = $this->db->select('hash, id, user') ->from('files') ->where('date <', $oldest_time) - ->or_where("(user = 0 AND date < $oldest_session_time)") + ->or_where('('.$this->db->_protect_identifiers('user').' = 0 AND ' + .$this->db->_protect_identifiers('date')." < $oldest_session_time)") ->get()->result_array(); foreach($query as $row) { diff --git a/application/models/mfile.php b/application/models/mfile.php index 68f8ab299..8dc4772d9 100644 --- a/application/models/mfile.php +++ b/application/models/mfile.php @@ -327,19 +327,17 @@ class Mfile extends CI_Model { // Note that this does not delete all relations in multipaste_file_map // which is actually done by a SQL contraint. // TODO: make it work properly without the constraint - if (strpos($this->db->dbdriver, 'postgre') === FALSE) { - $this->db->query(' - DELETE m, mfm, f - FROM files f - LEFT JOIN multipaste_file_map mfm ON f.id = mfm.file_url_id - LEFT JOIN multipaste m ON mfm.multipaste_id = m.multipaste_id - WHERE f.id = ? - ', array($id)); - } else { - // TODO.rafi: Deletes files + multipaste_file_map - // but not a multipaste. - $this->db->where('id', $id) - ->delete('files'); + $map = $this->db->select('multipaste_id') + ->from('multipaste_file_map') + ->where('file_url_id', $id) + ->get()->row_array(); + + $this->db->where('id', $id) + ->delete('files'); + + if ( ! empty($map['multipaste_id'])) { + $this->db->where('multipaste_id', $map['multipaste_id']) + ->delete('multipaste'); } if ($this->id_exists($id)) { @@ -365,18 +363,26 @@ class Mfile extends CI_Model { // Note that this does not delete all relations in multipaste_file_map // which is actually done by a SQL contraint. // TODO: make it work properly without the constraint - if (strpos($this->db->dbdriver, 'postgre') === FALSE) { - $this->db->query(' - DELETE m, mfm, f - FROM files f - LEFT JOIN multipaste_file_map mfm ON f.id = mfm.file_url_id - LEFT JOIN multipaste m ON mfm.multipaste_id = m.multipaste_id - WHERE f.hash = ? - ', array($hash)); - } else { - // TODO.rafi: Test - $this->db->where('hash', $hash) - ->delete('files'); + $file = $this->db->select('id') + ->from('files') + ->where('hash', $hash) + ->get()->row_array(); + + if (empty($file['id'])) { + return false; + } + + $map = $this->db->select('multipaste_id') + ->from('multipaste_file_map') + ->where('file_url_id', $file['id']) + ->get()->row_array(); + + $this->db->where('hash', $hash) + ->delete('files'); + + if ( ! empty($map['multipaste_id'])) { + $this->db->where('multipaste_id', $map['multipaste_id']) + ->delete('multipaste'); } if (file_exists($this->file($hash))) { diff --git a/application/models/mmultipaste.php b/application/models/mmultipaste.php index 9b1a7b16e..367e74787 100644 --- a/application/models/mmultipaste.php +++ b/application/models/mmultipaste.php @@ -90,19 +90,8 @@ class Mmultipaste extends CI_Model { public function delete_id($id) { - if (strpos($this->db->dbdriver, 'postgre') === FALSE) { - $this->db->query(' - DELETE m, mfm - FROM multipaste m - LEFT JOIN multipaste_file_map mfm ON mfm.multipaste_id = m.multipaste_id - WHERE m.url_id = ? - ', array($id)); - } else { - // TODO.rafi: Deletes multipaste + multipaste_file_map - // but not files. Is it supposed to? - $this->db->where('url_id', $id) - ->delete('multipaste'); - } + $this->db->where('url_id', $id) + ->delete('multipaste'); if ($this->id_exists($id)) { return false; |