Commit b5356845 authored by Kasper Skårhøj's avatar Kasper Skårhøj
Browse files

* Added Karsten D.s patches for DBAL.


git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@528 709f56b5-9817-0410-a4d7-c38de5d9e867
parent 98f8fb1d
2005-01-02 Kasper Skårhøj,,, <kasper@typo3.com>
* Added Karsten D.s patches for DBAL.
2004-12-20 Kasper Skårhøj,,, <kasper@typo3.com>
* Changed "config.disableContentLengthHeader" over to "enableContentLengthHeader" because a default content-length header might introduce some weird and hard-to-debug situation for people.
......
......@@ -326,7 +326,23 @@ class t3lib_admin {
if ($TCA[$table] && trim($field_list)) {
t3lib_div::loadTCA($table);
$fieldArr = explode(',',$field_list);
if(t3lib_extMgm::isLoaded('dbal')) {
$fields = $GLOBALS['TYPO3_DB']->admin_get_fields($table);
reset($fields);
list(,$field)=each($fieldArr);
$cl_fl = ($GLOBALS['TYPO3_DB']->MetaType($fields[$field]['type'],$table) == 'I' || $GLOBALS['TYPO3_DB']->MetaType($fields[$field]['type'],$table) == 'N' || $GLOBALS['TYPO3_DB']->MetaType($fields[$field]['type'],$table) == 'R') ?
$field.'!=0' : $field.'!=\'\'';
while (list(,$field)=each($fieldArr)) {
$cl_fl .= ($GLOBALS['TYPO3_DB']->MetaType($fields[$field]['type'],$table) == 'I' || $GLOBALS['TYPO3_DB']->MetaType($fields[$field]['type'],$table) == 'N' || $GLOBALS['TYPO3_DB']->MetaType($fields[$field]['type'],$table) == 'R') ?
' OR '.$field.'!=0' : ' OR '.$field.'!=\'\'';
}
unset($fields);
}
else {
$cl_fl = implode ('!="" OR ',$fieldArr). '!=""';
}
$mres = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,'.$field_list, $table, $cl_fl);
while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($mres)) {
reset($fieldArr);
......@@ -490,7 +506,7 @@ class t3lib_admin {
$mres = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
'uid,pid,'.$TCA[$table]['ctrl']['label'].','.$field,
$table,
$field.' LIKE "%'.$GLOBALS['TYPO3_DB']->quoteStr($id, $table).'%"'
$field.' LIKE \'%'.$GLOBALS['TYPO3_DB']->quoteStr($id, $table).'%\''
);
while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($mres)) {
// Now this is the field, where the reference COULD come from. But we're not garanteed, so we must carefully examine the data.
......@@ -526,7 +542,7 @@ class t3lib_admin {
$mres = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
'uid,pid,'.$TCA[$table]['ctrl']['label'].','.$field,
$table,
$field.' LIKE "%'.$GLOBALS['TYPO3_DB']->quoteStr($filename, $table).'%"'
$field.' LIKE \'%'.$GLOBALS['TYPO3_DB']->quoteStr($filename, $table).'%\''
);
while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($mres)) {
// Now this is the field, where the reference COULD come from. But we're not garanteed, so we must carefully examine the data.
......
......@@ -183,12 +183,12 @@ class t3lib_BEfunc {
* Usage: 71
*
* @param string Table name present in $TCA
* @return string WHERE clause for filtering out deleted records, eg " AND NOT tablename.deleted"
* @return string WHERE clause for filtering out deleted records, eg " AND tablename.deleted=0"
*/
function deleteClause($table) {
global $TCA;
if ($TCA[$table]['ctrl']['delete']) {
return ' AND NOT '.$table.'.'.$TCA[$table]['ctrl']['delete'];
return ' AND '.$table.'.'.$TCA[$table]['ctrl']['delete'].'=0';
} else {
return '';
}
......@@ -258,7 +258,7 @@ class t3lib_BEfunc {
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
'*',
$theTable,
$theField.'="'.$GLOBALS['TYPO3_DB']->quoteStr($theValue, $theTable).'"'.
$theField.'='.$GLOBALS['TYPO3_DB']->fullQuoteStr($theValue, $theTable).
t3lib_BEfunc::deleteClause($theTable).' '.
$whereClause, // whereClauseMightContainGroupOrderBy
$groupBy,
......@@ -395,8 +395,8 @@ class t3lib_BEfunc {
if (is_array($ctrl['enablecolumns'])) {
if ($ctrl['enablecolumns']['disabled']) {
$field = $table.'.'.$ctrl['enablecolumns']['disabled'];
$query[]='NOT '.$field;
$invQuery[]=$field;
$query[]=$field.'=0';
$invQuery[]=$field.'!=0';
}
if ($ctrl['enablecolumns']['starttime']) {
$field = $table.'.'.$ctrl['enablecolumns']['starttime'];
......@@ -1052,7 +1052,7 @@ class t3lib_BEfunc {
'ident' => $ident,
'tstamp' => time()
);
$GLOBALS['TYPO3_DB']->exec_DELETEquery('cache_hash', 'hash="'.$GLOBALS['TYPO3_DB']->quoteStr($hash, 'cache_hash').'"');
$GLOBALS['TYPO3_DB']->exec_DELETEquery('cache_hash', 'hash='.$GLOBALS['TYPO3_DB']->fullQuoteStr($hash, 'cache_hash'));
$GLOBALS['TYPO3_DB']->exec_INSERTquery('cache_hash', $insertFields);
}
......@@ -1071,7 +1071,7 @@ class t3lib_BEfunc {
if ($expTime) {
$whereAdd = ' AND tstamp > '.(time()-$expTime);
}
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('content', 'cache_hash', 'hash="'.$GLOBALS['TYPO3_DB']->quoteStr($hash, 'cache_hash').'"'.$whereAdd);
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('content', 'cache_hash', 'hash='.$GLOBALS['TYPO3_DB']->fullQuoteStr($hash, 'cache_hash').$whereAdd);
if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
return $row['content'];
}
......@@ -1877,7 +1877,7 @@ class t3lib_BEfunc {
if ($fN==$TCA[$table]['ctrl']['tstamp'] || $fN==$TCA[$table]['ctrl']['crdate']) {
$fVnew = t3lib_BEfunc::datetime($fV);
} elseif ($fN=='pid'){
$fVnew = t3lib_BEfunc::getRecordPath($fV,'1',20); // Fetches the path with no regard to the users permissions to select pages.
$fVnew = t3lib_BEfunc::getRecordPath($fV,'1=1',20); // Fetches the path with no regard to the users permissions to select pages.
} else {
$fVnew = $fV;
}
......@@ -2552,7 +2552,7 @@ class t3lib_BEfunc {
'SELECT' => t3lib_BEfunc::getCommonSelectFields($foreign_table,$foreign_table.'.'),
'FROM' => $foreign_table.',pages',
'WHERE' => 'pages.uid='.$foreign_table.'.pid
AND NOT pages.deleted '.
AND pages.deleted=0 '.
t3lib_BEfunc::deleteClause($foreign_table).
' AND '.$pageClause.' '.
$wgolParts['WHERE'],
......@@ -2564,7 +2564,7 @@ class t3lib_BEfunc {
$queryParts = array(
'SELECT' => t3lib_BEfunc::getCommonSelectFields($foreign_table,$foreign_table.'.'),
'FROM' => 'pages',
'WHERE' => 'NOT pages.deleted
'WHERE' => 'pages.deleted=0
AND '.$pageClause.' '.
$wgolParts['WHERE'],
'GROUPBY' => $wgolParts['GROUPBY'],
......@@ -2698,7 +2698,7 @@ class t3lib_BEfunc {
if (t3lib_extMgm::isLoaded('cms')) {
reset($rootLine);
while(list(,$row)=each($rootLine)) {
$dRec = t3lib_BEfunc::getRecordsByField('sys_domain','pid',$row['uid'],' AND redirectTo="" AND hidden=0', '', 'sorting');
$dRec = t3lib_BEfunc::getRecordsByField('sys_domain','pid',$row['uid'],' AND redirectTo=\'\' AND hidden=0', '', 'sorting');
if (is_array($dRec)) {
reset($dRec);
$dRecord = current($dRec);
......@@ -2727,8 +2727,8 @@ class t3lib_BEfunc {
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('sys_domain.*', 'pages,sys_domain', '
pages.uid=sys_domain.pid
AND NOT sys_domain.hidden
AND (sys_domain.domainName="'.$GLOBALS['TYPO3_DB']->quoteStr($domain, 'sys_domain').'" or sys_domain.domainName="'.$GLOBALS['TYPO3_DB']->quoteStr($domain.'/', 'sys_domain').'")'.
AND sys_domain.hidden=0
AND (sys_domain.domainName='.$GLOBALS['TYPO3_DB']->fullQuoteStr($domain, 'sys_domain').' or sys_domain.domainName='.$GLOBALS['TYPO3_DB']->fullQuoteStr($domain.'/', 'sys_domain').')'.
t3lib_BEfunc::deleteClause('pages'),
'', '', '1');
return $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res);
......@@ -3090,7 +3090,7 @@ class t3lib_BEfunc {
* @obsolete
*/
function getListOfBackendModules($name,$perms_clause,$backPath='',$script='index.php') {
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'pages', 'doktype!=255 AND module IN ("'.implode('","',$name).'") AND'.$perms_clause.t3lib_BEfunc::deleteClause('pages'));
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'pages', 'doktype!=255 AND module IN (\''.implode('\',\'',$name).'\') AND'.$perms_clause.t3lib_BEfunc::deleteClause('pages'));
if (!$GLOBALS['TYPO3_DB']->sql_num_rows($res)) return false;
$out='';
......
......@@ -176,7 +176,7 @@ class t3lib_DB {
* Usage count/core: 50
*
* @param string Database tablename
* @param string WHERE clause, eg. "uid=1". NOTICE: You must escape values in this argument with $this->quoteStr() yourself!
* @param string WHERE clause, eg. "uid=1". NOTICE: You must escape values in this argument with $this->fullQuoteStr() yourself!
* @param array Field values as key=>value pairs. Values will be escaped internally. Typically you would fill an array like "$updateFields" with 'fieldname'=>'value' and pass it to this function as argument.
* @return pointer MySQL result pointer / DBAL object
*/
......@@ -191,7 +191,7 @@ class t3lib_DB {
* Usage count/core: 40
*
* @param string Database tablename
* @param string WHERE clause, eg. "uid=1". NOTICE: You must escape values in this argument with $this->quoteStr() yourself!
* @param string WHERE clause, eg. "uid=1". NOTICE: You must escape values in this argument with $this->fullQuoteStr() yourself!
* @return pointer MySQL result pointer / DBAL object
*/
function exec_DELETEquery($table,$where) {
......@@ -207,7 +207,7 @@ class t3lib_DB {
*
* @param string List of fields to select from the table. This is what comes right after "SELECT ...". Required value.
* @param string Table(s) from which to select. This is what comes right after "FROM ...". Required value.
* @param string Optional additional WHERE clauses put in the end of the query. NOTICE: You must escape values in this argument with $this->quoteStr() yourself! DO NOT PUT IN GROUP BY, ORDER BY or LIMIT!
* @param string Optional additional WHERE clauses put in the end of the query. NOTICE: You must escape values in this argument with $this->fullQuoteStr() yourself! DO NOT PUT IN GROUP BY, ORDER BY or LIMIT!
* @param string Optional GROUP BY field(s), if none, supply blank string.
* @param string Optional ORDER BY field(s), if none, supply blank string.
* @param string Optional LIMIT value ([begin,]max), if none, supply blank string.
......@@ -231,7 +231,7 @@ class t3lib_DB {
* @param string Tablename, local table
* @param string Tablename, relation table
* @param string Tablename, foreign table
* @param string Optional additional WHERE clauses put in the end of the query. NOTICE: You must escape values in this argument with $this->quoteStr() yourself! DO NOT PUT IN GROUP BY, ORDER BY or LIMIT!
* @param string Optional additional WHERE clauses put in the end of the query. NOTICE: You must escape values in this argument with $this->fullQuoteStr() yourself! DO NOT PUT IN GROUP BY, ORDER BY or LIMIT!
* @param string Optional GROUP BY field(s), if none, supply blank string.
* @param string Optional ORDER BY field(s), if none, supply blank string.
* @param string Optional LIMIT value ([begin,]max), if none, supply blank string.
......@@ -336,7 +336,7 @@ class t3lib_DB {
// Add slashes old-school:
foreach($fields_values as $k => $v) {
$fields_values[$k] = $this->quoteStr($fields_values[$k], $table);
$fields_values[$k] = $this->fullQuoteStr($fields_values[$k], $table);
}
// Build query:
......@@ -345,8 +345,8 @@ class t3lib_DB {
'.implode(',
',array_keys($fields_values)).'
) VALUES (
"'.implode('",
"',$fields_values).'"
'.implode(',
',$fields_values).'
)';
// Return query:
......@@ -374,7 +374,7 @@ class t3lib_DB {
// Add slashes old-school:
$nArr = array();
foreach($fields_values as $k => $v) {
$nArr[] = $k.'="'.$this->quoteStr($v, $table).'"';
$nArr[] = $k.'='.$this->fullQuoteStr($v, $table);
}
// Build query:
......@@ -476,7 +476,7 @@ class t3lib_DB {
*/
function listQuery($field, $value, $table) {
$command = $this->quoteStr($value, $table);
$where = '('.$field.' LIKE "%,'.$command.',%" OR '.$field.' LIKE "'.$command.',%" OR '.$field.' LIKE "%,'.$command.'" OR '.$field.'="'.$command.'")';
$where = '('.$field.' LIKE \'%,'.$command.',%\' OR '.$field.' LIKE \''.$command.',%\' OR '.$field.' LIKE \'%,'.$command.'\' OR '.$field.'=\''.$command.'\')';
return $where;
}
......@@ -492,7 +492,7 @@ class t3lib_DB {
$queryParts = array();
foreach($searchWords as $sw) {
$like=' LIKE "%'.$this->quoteStr($sw, $table).'%"';
$like=' LIKE \'%'.$this->quoteStr($sw, $table).'%\'';
$queryParts[] = $table.'.'.implode($like.' OR '.$table.'.',$fields).$like;
}
$query = '('.implode(') AND (',$queryParts).')';
......@@ -525,14 +525,30 @@ class t3lib_DB {
*
**************************************/
/**
* Escaping and quoting values for SQL statements.
* Usage count/core: 100
*
* @param string Input string
* @param string Table name for which to quote string. Just enter the table that the field-value is selected from (and any DBAL will look up which handler to use and then how to quote the string!).
* @return string Output string; Wrapped in single quotes and quotes in the string (" / ') and \ will be backslashed (or otherwise based on DBAL handler)
* @see quoteStr()
*/
function fullQuoteStr($str, $table) {
return '\''.addslashes($str).'\'';
}
/**
* Substitution for PHP function "addslashes()"
* Use this function instead of the PHP addslashes() function when you build queries - this will prepare your code for DBAL.
* Usage count/core: 105
* NOTICE: You must wrap the output of this function in SINGLE QUOTES to be DBAL compatible. Unless you have to apply the single quotes yourself you should rather use ->fullQuoteStr()!
*
* Usage count/core: 20
*
* @param string Input string
* @param string Table name for which to quote string. Just enter the table that the field-value is selected from (and any DBAL will look up which handler to use and then how to quote the string!).
* @return string Output string; Quotes (" / ') and \ will be backslashed (or otherwise based on DBAL handler)
* @see quoteStr()
*/
function quoteStr($str, $table) {
return addslashes($str);
......@@ -578,7 +594,7 @@ class t3lib_DB {
* @see exec_SELECTquery(), stripGroupBy()
*/
function stripOrderBy($str) {
return eregi_replace('^ORDER[[:space:]]+BY[[:space:]]+','',trim($str));
return preg_replace('/^ORDER[[:space:]]+BY[[:space:]]+/i','',trim($str));
}
/**
......@@ -592,7 +608,7 @@ class t3lib_DB {
* @see exec_SELECTquery(), stripOrderBy()
*/
function stripGroupBy($str) {
return eregi_replace('^GROUP[[:space:]]+BY[[:space:]]+','',trim($str));
return preg_replace('/^GROUP[[:space:]]+BY[[:space:]]+/i','',trim($str));
}
/**
......@@ -614,19 +630,19 @@ class t3lib_DB {
);
// Find LIMIT:
if (eregi('^(.*)[[:space:]]+LIMIT[[:space:]]+([[:alnum:][:space:],._]+)$',$str,$reg)) {
if (preg_match('/^(.*)[[:space:]]+LIMIT[[:space:]]+([[:alnum:][:space:],._]+)$/i',$str,$reg)) {
$wgolParts['LIMIT'] = trim($reg[2]);
$str = $reg[1];
}
// Find ORDER BY:
if (eregi('^(.*)[[:space:]]+ORDER[[:space:]]+BY[[:space:]]+([[:alnum:][:space:],._]+)$',$str,$reg)) {
if (preg_match('/^(.*)[[:space:]]+ORDER[[:space:]]+BY[[:space:]]+([[:alnum:][:space:],._]+)$/i',$str,$reg)) {
$wgolParts['ORDERBY'] = trim($reg[2]);
$str = $reg[1];
}
// Find GROUP BY:
if (eregi('^(.*)[[:space:]]+GROUP[[:space:]]+BY[[:space:]]+([[:alnum:][:space:],._]+)$',$str,$reg)) {
if (preg_match('/^(.*)[[:space:]]+GROUP[[:space:]]+BY[[:space:]]+([[:alnum:][:space:],._]+)$/i',$str,$reg)) {
$wgolParts['GROUPBY'] = trim($reg[2]);
$str = $reg[1];
}
......@@ -845,7 +861,7 @@ class t3lib_DB {
/**
* Listing databases from current MySQL connection. NOTICE: It WILL try to select those databases and thus break selection of current database.
* This doesn't really make sense to transfer to a DBAL layer - this detection is also PRE-DBAL in many ways since it is only used as a service function in the 1-2-3 process of the Install Tool. In any case a lookup should be done in the _DEFAULT handler DBMS then.
* This is only used as a service function in the (1-2-3 process) of the Install Tool. In any case a lookup should be done in the _DEFAULT handler DBMS then.
* Use in Install Tool only!
* Usage count/core: 1
*
......
......@@ -3473,7 +3473,7 @@ class t3lib_div {
function makeRedirectUrl($inUrl,$l=0,$index_script_url='') {
if (strlen($inUrl)>$l) {
$md5 = substr(md5($inUrl),0,20);
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('md5hash', 'cache_md5params', 'md5hash="'.$GLOBALS['TYPO3_DB']->quoteStr($md5, 'cache_md5params').'"');
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('md5hash', 'cache_md5params', 'md5hash='.$GLOBALS['TYPO3_DB']->fullQuoteStr($md5, 'cache_md5params'));
if (!$GLOBALS['TYPO3_DB']->sql_num_rows($res)) {
$insertFields = array(
'md5hash' => $md5,
......
......@@ -261,8 +261,8 @@ class t3lib_dmailer extends t3lib_htmlmail {
* @return [type] ...
*/
function dmailer_masssend($query_info,$table,$mid) {
$enableFields['tt_address']='NOT tt_address.deleted AND NOT tt_address.hidden';
$enableFields['fe_users']='NOT fe_users.deleted AND NOT fe_users.disable';
$enableFields['tt_address']='tt_address.deleted=0 AND tt_address.hidden=0';
$enableFields['fe_users']='fe_users.deleted=0 AND fe_users.disable=0';
$tKey = substr($table,0,1);
$begin=intval($this->dmailer_howManySendMails($mid,$tKey));
if ($query_info[$table]) {
......@@ -297,8 +297,8 @@ class t3lib_dmailer extends t3lib_htmlmail {
* @return [type] ...
*/
function dmailer_masssend_list($query_info,$mid) {
$enableFields['tt_address']='NOT tt_address.deleted AND NOT tt_address.hidden';
$enableFields['fe_users']='NOT fe_users.deleted AND NOT fe_users.disable';
$enableFields['tt_address']='tt_address.deleted=0 AND tt_address.hidden=0';
$enableFields['fe_users']='fe_users.deleted=0 AND fe_users.disable=0';
$c=0;
$returnVal=true;
......@@ -414,7 +414,7 @@ class t3lib_dmailer extends t3lib_htmlmail {
* @return [type] ...
*/
function dmailer_howManySendMails($mid,$rtbl='') {
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('count(*)', 'sys_dmail_maillog', 'mid='.intval($mid).' AND response_type=0'.($rtbl ? ' AND rtbl="'.$GLOBALS['TYPO3_DB']->quoteStr($rtbl, 'sys_dmail_maillog').'"' : ''));
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('count(*)', 'sys_dmail_maillog', 'mid='.intval($mid).' AND response_type=0'.($rtbl ? ' AND rtbl='.$GLOBALS['TYPO3_DB']->fullQuoteStr($rtbl, 'sys_dmail_maillog') : ''));
$row = $GLOBALS['TYPO3_DB']->sql_fetch_row($res);
return $row[0];
}
......@@ -428,7 +428,7 @@ class t3lib_dmailer extends t3lib_htmlmail {
* @return [type] ...
*/
function dmailer_isSend($mid,$rid,$rtbl) {
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid', 'sys_dmail_maillog', 'rid='.intval($rid).' AND rtbl="'.$GLOBALS['TYPO3_DB']->quoteStr($rtbl, 'sys_dmail_maillog').'" AND mid='.intval($mid).' AND response_type=0');
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid', 'sys_dmail_maillog', 'rid='.intval($rid).' AND rtbl='.$GLOBALS['TYPO3_DB']->fullQuoteStr($rtbl, 'sys_dmail_maillog').' AND mid='.intval($mid).' AND response_type=0');
return $GLOBALS['TYPO3_DB']->sql_num_rows($res);
}
......@@ -440,7 +440,7 @@ class t3lib_dmailer extends t3lib_htmlmail {
* @return [type] ...
*/
function dmailer_getSentMails($mid,$rtbl) {
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('rid', 'sys_dmail_maillog', 'mid='.intval($mid).' AND rtbl="'.$GLOBALS['TYPO3_DB']->quoteStr($rtbl, 'sys_dmail_maillog').'" AND response_type=0');
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('rid', 'sys_dmail_maillog', 'mid='.intval($mid).' AND rtbl='.$GLOBALS['TYPO3_DB']->fullQuoteStr($rtbl, 'sys_dmail_maillog').' AND response_type=0');
$list = array();
while($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
$list[] = $row['rid'];
......
......@@ -82,6 +82,7 @@ require_once(PATH_t3lib.'class.t3lib_sqlparser.php');
*/
class t3lib_install {
// External, Static
var $updateIdentity = ''; // Set to string which identifies the script using this class.
var $deletedPrefixKey = 'zzz_deleted_'; // Prefix used for tables/fields when deleted/renamed.
......@@ -120,6 +121,7 @@ class t3lib_install {
*
* Writing to localconf.php
*
**************************************/
/**
......@@ -423,7 +425,7 @@ class t3lib_install {
foreach($info[$theKey] as $fieldN => $fieldC) {
if (!isset($FDcomp[$table][$theKey][$fieldN])) {
$extraArr[$table][$theKey][$fieldN] = $fieldC;
} elseif (strcmp($FDcomp[$table][$theKey][$fieldN], $fieldC)){
} elseif (strcmp($FDcomp[$table][$theKey][$fieldN], $fieldC) && strcmp($FDcomp[$table][$theKey][$fieldN], str_replace(' unsigned','',$fieldC))){
$diffArr[$table][$theKey][$fieldN] = $fieldC;
$diffArr_cur[$table][$theKey][$fieldN] = $FDcomp[$table][$theKey][$fieldN];
}
......
......@@ -109,7 +109,7 @@ class t3lib_loadDBGroup {
$this->tableArray[$tName] = Array();
if ($this->checkIfDeleted && $GLOBALS['TCA'][$tName]['ctrl']['delete']) {
$fieldN = $tName.'.'.$GLOBALS['TCA'][$tName]['ctrl']['delete'];
$this->additionalWhere[$tName].=' AND NOT '.$fieldN;
$this->additionalWhere[$tName].=' AND '.$fieldN.'=0';
}
}
......
......@@ -220,7 +220,7 @@ class t3lib_pageSelect {
*/
function getPageIdFromAlias($alias) {
$alias = strtolower($alias);
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid', 'pages', 'alias="'.$GLOBALS['TYPO3_DB']->quoteStr($alias, 'pages').'" AND pid>=0 AND pages.deleted=0'); // "AND pid>=0" is because of versioning...
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid', 'pages', 'alias='.$GLOBALS['TYPO3_DB']->fullQuoteStr($alias, 'pages').' AND pid>=0 AND pages.deleted=0'); // "AND pid>=0" is because of versioning...
if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
return $row['uid'];
}
......@@ -442,7 +442,7 @@ class t3lib_pageSelect {
'pages,sys_domain',
'pages.uid=sys_domain.pid
AND sys_domain.hidden=0
AND (sys_domain.domainName="'.$GLOBALS['TYPO3_DB']->quoteStr($domain, 'sys_domain').'" OR sys_domain.domainName="'.$GLOBALS['TYPO3_DB']->quoteStr($domain.'/', 'sys_domain').'") '.
AND (sys_domain.domainName='.$GLOBALS['TYPO3_DB']->fullQuoteStr($domain, 'sys_domain').' OR sys_domain.domainName='.$GLOBALS['TYPO3_DB']->fullQuoteStr($domain.'/', 'sys_domain').') '.
$this->where_hid_del,
'',
'',
......@@ -777,7 +777,7 @@ class t3lib_pageSelect {
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
'*',
$theTable,
$theField.'="'.$GLOBALS['TYPO3_DB']->quoteStr($theValue, $theTable).'"'.
$theField.'='.$GLOBALS['TYPO3_DB']->fullQuoteStr($theValue, $theTable).
$this->deleteClause($theTable).' '.
$whereClause, // whereClauseMightContainGroupOrderBy
$groupBy,
......@@ -829,7 +829,7 @@ class t3lib_pageSelect {
if ($expTime) {
$whereAdd = ' AND tstamp > '.(time()-$expTime);
}
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('content', 'cache_hash', 'hash="'.$GLOBALS['TYPO3_DB']->quoteStr($hash, 'cache_hash').'"'.$whereAdd);
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('content', 'cache_hash', 'hash='.$GLOBALS['TYPO3_DB']->fullQuoteStr($hash, 'cache_hash').$whereAdd);
if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
$GLOBALS['TYPO3_DB']->sql_free_result($res);
return $row['content'];
......@@ -853,7 +853,7 @@ class t3lib_pageSelect {
'ident' => $ident,
'tstamp' => time()
);
$GLOBALS['TYPO3_DB']->exec_DELETEquery('cache_hash', 'hash="'.$GLOBALS['TYPO3_DB']->quoteStr($hash, 'cache_hash').'"');
$GLOBALS['TYPO3_DB']->exec_DELETEquery('cache_hash', 'hash='.$GLOBALS['TYPO3_DB']->fullQuoteStr($hash, 'cache_hash'));
$GLOBALS['TYPO3_DB']->exec_INSERTquery('cache_hash', $insertFields);
}
......
......@@ -88,7 +88,7 @@ class t3lib_pageTree extends t3lib_treeView {
* @return void
*/
function init($clause='') {
parent::init(' AND NOT deleted '.$clause, 'sorting');
parent::init(' AND deleted=0 '.$clause, 'sorting');
if (t3lib_extMgm::isLoaded('cms')) {
$this->fieldArray=array_merge($this->fieldArray,array('hidden','starttime','endtime','fe_group','module','extendToSubpages'));
......
......@@ -127,14 +127,14 @@ class t3lib_queryGenerator {
"0" => "#FIELD# LIKE '%#VALUE#%'",
"1" => "#FIELD# NOT LIKE '%#VALUE#%'",
"2" => "#FIELD# LIKE '#VALUE#%'",
"3" => "#FIELD# NOT LIKE '#VALUE#%'",
"3" => "#FIELD# NOT LIKE #VALUE#%",
"4" => "#FIELD# LIKE '%#VALUE#'",
"5" => "#FIELD# NOT LIKE '%#VALUE#'",
"6" => "#FIELD# = '#VALUE#'",
"7" => "#FIELD# != '#VALUE#'",
"6" => "#FIELD# = #VALUE#",
"7" => "#FIELD# != #VALUE#",
// Type = date,number , offset = 32
"32" => "#FIELD# = '#VALUE#'",
"33" => "#FIELD# != '#VALUE#'",
"32" => "#FIELD# = #VALUE#",
"33" => "#FIELD# != #VALUE#",
"34" => "#FIELD# > #VALUE#",
"35" => "#FIELD# < #VALUE#",
"36" => "#FIELD# >= #VALUE# AND #FIELD# <= #VALUE1#",
......
......@@ -368,7 +368,7 @@ class t3lib_sqlengine extends t3lib_sqlparser {
*
* @param string List of fields to select from the table. This is what comes right after "SELECT ...". Required value.
* @param string Table(s) from which to select. This is what comes right after "FROM ...". Required value.
* @param string Optional additional WHERE clauses put in the end of the query. NOTICE: You must escape values in this argument with $this->quoteStr() yourself! DO NOT PUT IN GROUP BY, ORDER BY or LIMIT!
* @param string Optional additional WHERE clauses put in the end of the query. NOTICE: You must escape values in this argument with $this->fullQuoteStr() yourself! DO NOT PUT IN GROUP BY, ORDER BY or LIMIT!
* @param string Optional GROUP BY field(s), if none, supply blank string.
* @param string Optional ORDER BY field(s), if none, supply blank string.
* @param string Optional LIMIT value ([begin,]max), if none, supply blank string.
......@@ -617,7 +617,7 @@ class t3lib_sqlengine extends t3lib_sqlparser {
* @return [type] ...
*/
function select_evalSingle($table,$config,&$itemKeys) {
$neg = ereg('^AND[[:space:]]+NOT$',trim($config['operator']));
$neg = preg_match('/^AND[[:space:]]+NOT$/',trim($config['operator']));
if (is_array($config['sub'])) {
$subSelKeys = $this->selectFromData($table,$config['sub']);
......@@ -631,7 +631,7 @@ class t3lib_sqlengine extends t3lib_sqlparser {
$itemKeys = array_intersect($itemKeys, $subSelKeys);
}
} else {
$comp = strtoupper(ereg_replace('[[:space:]]','',$config['comparator']));
$comp = strtoupper(str_replace(array(' ',"\t","\r","\n"),'',$config['comparator']));
$mod = strtoupper($config['modifier']);
switch($comp) {
case 'NOTLIKE':
......@@ -758,18 +758,6 @@ class t3lib_sqlengine extends t3lib_sqlparser {
/*************************
*
* Debugging
......
......@@ -126,7 +126,6 @@ class t3lib_sqlparser {
* @see compileSQL(), debug_testSQL()
*/
function parseSQL($parseString) {
// Prepare variables:
$parseString = $this->trimSQL($parseString);
$this->parse_error = '';
......@@ -134,8 +133,8 @@ class t3lib_sqlparser {
// Finding starting keyword of string:
$_parseString = $parseString; // Protecting original string...
$keyword = $this->nextPart($_parseString, '^(SELECT|UPDATE|INSERT[[:space:]]+INTO|DELETE[[:space:]]+FROM|EXPLAIN|DROP[[:space:]]+TABLE|CREATE[[:space:]]+TABLE|ALTER[[:space:]]+TABLE)[[:space:]]+');
$keyword = strtoupper(ereg_replace('[[:space:]]*','',$keyword));
$keyword = $this->nextPart($_parseString, '^(SELECT|UPDATE|INSERT[[:space:]]+INTO|DELETE[[:space:]]+FROM|EXPLAIN|DROP[[:space:]]+TABLE|CREATE[[:space:]]+TABLE|CREATE[[:space:]]+DATABASE|ALTER[[:space:]]+TABLE)[[:space:]]+');
$keyword = strtoupper(str_replace(array(' ',"\t","\r","\n"),'',$keyword));
switch($keyword) {
case 'SELECT':
......@@ -170,6 +169,10 @@ class t3lib_sqlparser {
// Parsing CREATE TABLE query:
$result = $this->parseCREATETABLE($parseString);
break;
case 'CREATEDATABASE':
// Parsing CREATE DATABASE query:
$result = $this->parseCREATEDATABASE($parseString);
break;
default:
return $this->parseError('"'.$keyword.'" is not a keyword',$parseString);
break;
......@@ -189,7 +192,7 @@ class t3lib_sqlparser {
// Removing SELECT:
$parseString = $this->trimSQL($parseString);
$parseString = eregi_replace('^SELECT[[:space:]]+','',$parseString);
$parseString = ltrim(substr($parseString,6)); // REMOVE eregi_replace('^SELECT[[:space:]]+','',$parseString);
// Init output variable:
$result = array();
......@@ -233,7 +236,7 @@ class t3lib_sqlparser {
// LIMIT parsing:
if ($this->lastStopKeyWord == 'LIMIT') {
if (ereg('^([0-9]+|[0-9]+[[:space:]]*,[[:space:]]*[0-9]+)$',trim($parseString))) {
if (preg_match('/^([0-9]+|[0-9]+[[:space:]]*,[[:space:]]*[0-9]+)$/',trim($parseString))) {
$result['LIMIT'] = $parseString;
} else {
return $this->parseError('No value for limit!',$parseString);
......@@ -258,7 +261,7 @@ class t3lib_sqlparser {
// Removing UPDATE
$parseString = $this->trimSQL($parseString);
$parseString = eregi_replace('^UPDATE[[:space:]]+','',$parseString);
$parseString = ltrim(substr($parseString,6)); // REMOVE eregi_replace('^UPDATE[[:space:]]+','',$parseString);
// Init output variable:
$result = array();
......@@ -312,7 +315,7 @@ class t3lib_sqlparser {
// Removing INSERT
$parseString = $this->trimSQL($parseString);
$parseString = eregi_replace('^INSERT[[:space:]]+INTO[[:space:]]+','',$parseString);
$parseString = ltrim(substr(ltrim(substr($parseString,6)),4)); // REMOVE eregi_replace('^INSERT[[:space:]]+INTO[[:space:]]+','',$parseString);
// Init output variable:
$result = array();
......@@ -337,7 +340,7 @@ class t3lib_sqlparser {
if ($this->parse_error) { return $this->parse_error; }
foreach($fieldNames as $k => $fN) {
if (ereg('^[[:alnum:]_]+$',$fN)) {
if (preg_match('/^[[:alnum:]_]+$/',$fN))