summaryrefslogtreecommitdiffstats
path: root/application
diff options
context:
space:
mode:
authorRafael Bodill <rafi@sortex.co.il>2014-09-28 19:27:06 +0200
committerRafael Bodill <rafi@sortex.co.il>2014-09-28 19:27:06 +0200
commitc902a13c01583e83fda7f8188130e01f2d3bb141 (patch)
treefed11d4004b4494864699b1a42b725a20b597768 /application
parent7c100145ce197c86e1c849124daaa39ac6b240f5 (diff)
parent4edab80a15cad1a479d110f6b7e782e1b434763d (diff)
Merge branch 'pgsql_controllers'
* pgsql_controllers: file/cron: Protecting identifiers Fixing multipaste delete queries
Diffstat (limited to 'application')
-rw-r--r--application/controllers/file.php3
-rw-r--r--application/models/mfile.php56
-rw-r--r--application/models/mmultipaste.php15
3 files changed, 35 insertions, 39 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php
index ddb7a38cf..329a0bdf7 100644
--- a/application/controllers/file.php
+++ b/application/controllers/file.php
@@ -1004,7 +1004,8 @@ class File extends MY_Controller {
$query = $this->db->select('hash, id, user')
->from('files')
->where('date <', $oldest_time)
- ->or_where("(user = 0 AND date < $oldest_session_time)")
+ ->or_where('('.$this->db->_protect_identifiers('user').' = 0 AND '
+ .$this->db->_protect_identifiers('date')." < $oldest_session_time)")
->get()->result_array();
foreach($query as $row) {
diff --git a/application/models/mfile.php b/application/models/mfile.php
index 68f8ab299..8dc4772d9 100644
--- a/application/models/mfile.php
+++ b/application/models/mfile.php
@@ -327,19 +327,17 @@ class Mfile extends CI_Model {
// Note that this does not delete all relations in multipaste_file_map
// which is actually done by a SQL contraint.
// TODO: make it work properly without the constraint
- if (strpos($this->db->dbdriver, 'postgre') === FALSE) {
- $this->db->query('
- DELETE m, mfm, f
- FROM files f
- LEFT JOIN multipaste_file_map mfm ON f.id = mfm.file_url_id
- LEFT JOIN multipaste m ON mfm.multipaste_id = m.multipaste_id
- WHERE f.id = ?
- ', array($id));
- } else {
- // TODO.rafi: Deletes files + multipaste_file_map
- // but not a multipaste.
- $this->db->where('id', $id)
- ->delete('files');
+ $map = $this->db->select('multipaste_id')
+ ->from('multipaste_file_map')
+ ->where('file_url_id', $id)
+ ->get()->row_array();
+
+ $this->db->where('id', $id)
+ ->delete('files');
+
+ if ( ! empty($map['multipaste_id'])) {
+ $this->db->where('multipaste_id', $map['multipaste_id'])
+ ->delete('multipaste');
}
if ($this->id_exists($id)) {
@@ -365,18 +363,26 @@ class Mfile extends CI_Model {
// Note that this does not delete all relations in multipaste_file_map
// which is actually done by a SQL contraint.
// TODO: make it work properly without the constraint
- if (strpos($this->db->dbdriver, 'postgre') === FALSE) {
- $this->db->query('
- DELETE m, mfm, f
- FROM files f
- LEFT JOIN multipaste_file_map mfm ON f.id = mfm.file_url_id
- LEFT JOIN multipaste m ON mfm.multipaste_id = m.multipaste_id
- WHERE f.hash = ?
- ', array($hash));
- } else {
- // TODO.rafi: Test
- $this->db->where('hash', $hash)
- ->delete('files');
+ $file = $this->db->select('id')
+ ->from('files')
+ ->where('hash', $hash)
+ ->get()->row_array();
+
+ if (empty($file['id'])) {
+ return false;
+ }
+
+ $map = $this->db->select('multipaste_id')
+ ->from('multipaste_file_map')
+ ->where('file_url_id', $file['id'])
+ ->get()->row_array();
+
+ $this->db->where('hash', $hash)
+ ->delete('files');
+
+ if ( ! empty($map['multipaste_id'])) {
+ $this->db->where('multipaste_id', $map['multipaste_id'])
+ ->delete('multipaste');
}
if (file_exists($this->file($hash))) {
diff --git a/application/models/mmultipaste.php b/application/models/mmultipaste.php
index 9b1a7b16e..367e74787 100644
--- a/application/models/mmultipaste.php
+++ b/application/models/mmultipaste.php
@@ -90,19 +90,8 @@ class Mmultipaste extends CI_Model {
public function delete_id($id)
{
- if (strpos($this->db->dbdriver, 'postgre') === FALSE) {
- $this->db->query('
- DELETE m, mfm
- FROM multipaste m
- LEFT JOIN multipaste_file_map mfm ON mfm.multipaste_id = m.multipaste_id
- WHERE m.url_id = ?
- ', array($id));
- } else {
- // TODO.rafi: Deletes multipaste + multipaste_file_map
- // but not files. Is it supposed to?
- $this->db->where('url_id', $id)
- ->delete('multipaste');
- }
+ $this->db->where('url_id', $id)
+ ->delete('multipaste');
if ($this->id_exists($id)) {
return false;