From 40fa09dcf09611afb34434a5c5c087b64f3fe8b6 Mon Sep 17 00:00:00 2001 From: Rafael Bodill Date: Fri, 19 Sep 2014 19:31:11 +0300 Subject: Fixing multipaste delete queries --- application/models/mfile.php | 56 +++++++++++++++++++++----------------- application/models/mmultipaste.php | 15 ++-------- 2 files changed, 33 insertions(+), 38 deletions(-) (limited to 'application') diff --git a/application/models/mfile.php b/application/models/mfile.php index 68f8ab299..8dc4772d9 100644 --- a/application/models/mfile.php +++ b/application/models/mfile.php @@ -327,19 +327,17 @@ class Mfile extends CI_Model { // Note that this does not delete all relations in multipaste_file_map // which is actually done by a SQL contraint. // TODO: make it work properly without the constraint - if (strpos($this->db->dbdriver, 'postgre') === FALSE) { - $this->db->query(' - DELETE m, mfm, f - FROM files f - LEFT JOIN multipaste_file_map mfm ON f.id = mfm.file_url_id - LEFT JOIN multipaste m ON mfm.multipaste_id = m.multipaste_id - WHERE f.id = ? - ', array($id)); - } else { - // TODO.rafi: Deletes files + multipaste_file_map - // but not a multipaste. - $this->db->where('id', $id) - ->delete('files'); + $map = $this->db->select('multipaste_id') + ->from('multipaste_file_map') + ->where('file_url_id', $id) + ->get()->row_array(); + + $this->db->where('id', $id) + ->delete('files'); + + if ( ! empty($map['multipaste_id'])) { + $this->db->where('multipaste_id', $map['multipaste_id']) + ->delete('multipaste'); } if ($this->id_exists($id)) { @@ -365,18 +363,26 @@ class Mfile extends CI_Model { // Note that this does not delete all relations in multipaste_file_map // which is actually done by a SQL contraint. // TODO: make it work properly without the constraint - if (strpos($this->db->dbdriver, 'postgre') === FALSE) { - $this->db->query(' - DELETE m, mfm, f - FROM files f - LEFT JOIN multipaste_file_map mfm ON f.id = mfm.file_url_id - LEFT JOIN multipaste m ON mfm.multipaste_id = m.multipaste_id - WHERE f.hash = ? - ', array($hash)); - } else { - // TODO.rafi: Test - $this->db->where('hash', $hash) - ->delete('files'); + $file = $this->db->select('id') + ->from('files') + ->where('hash', $hash) + ->get()->row_array(); + + if (empty($file['id'])) { + return false; + } + + $map = $this->db->select('multipaste_id') + ->from('multipaste_file_map') + ->where('file_url_id', $file['id']) + ->get()->row_array(); + + $this->db->where('hash', $hash) + ->delete('files'); + + if ( ! empty($map['multipaste_id'])) { + $this->db->where('multipaste_id', $map['multipaste_id']) + ->delete('multipaste'); } if (file_exists($this->file($hash))) { diff --git a/application/models/mmultipaste.php b/application/models/mmultipaste.php index 9b1a7b16e..367e74787 100644 --- a/application/models/mmultipaste.php +++ b/application/models/mmultipaste.php @@ -90,19 +90,8 @@ class Mmultipaste extends CI_Model { public function delete_id($id) { - if (strpos($this->db->dbdriver, 'postgre') === FALSE) { - $this->db->query(' - DELETE m, mfm - FROM multipaste m - LEFT JOIN multipaste_file_map mfm ON mfm.multipaste_id = m.multipaste_id - WHERE m.url_id = ? - ', array($id)); - } else { - // TODO.rafi: Deletes multipaste + multipaste_file_map - // but not files. Is it supposed to? - $this->db->where('url_id', $id) - ->delete('multipaste'); - } + $this->db->where('url_id', $id) + ->delete('multipaste'); if ($this->id_exists($id)) { return false; -- cgit v1.2.3-24-g4f1b From 4edab80a15cad1a479d110f6b7e782e1b434763d Mon Sep 17 00:00:00 2001 From: Rafael Bodill Date: Sun, 28 Sep 2014 20:23:13 +0300 Subject: file/cron: Protecting identifiers --- application/controllers/file.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'application') diff --git a/application/controllers/file.php b/application/controllers/file.php index ddb7a38cf..329a0bdf7 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -1004,7 +1004,8 @@ class File extends MY_Controller { $query = $this->db->select('hash, id, user') ->from('files') ->where('date <', $oldest_time) - ->or_where("(user = 0 AND date < $oldest_session_time)") + ->or_where('('.$this->db->_protect_identifiers('user').' = 0 AND ' + .$this->db->_protect_identifiers('date')." < $oldest_session_time)") ->get()->result_array(); foreach($query as $row) { -- cgit v1.2.3-24-g4f1b