From 278bb4414fd50315b148c78ac4ee22c5cc7500e2 Mon Sep 17 00:00:00 2001 From: umherirrender Date: Wed, 16 May 2012 19:22:36 +0200 Subject: [PATCH] multi dbms support in api Add some calls to Database::timestamp Change some calls from Database::strencode to Database::addQuotes to avoid ' in raw sql Remove ' from ints in raw sql Rename some vars to avoid duplicate names Change-Id: I63f5602fa968f969a42932902a3ccc45fc54b432 --- includes/api/ApiBlock.php | 2 +- includes/api/ApiProtect.php | 6 +++--- includes/api/ApiQueryAllLinks.php | 14 +++++++------- includes/api/ApiQueryAllUsers.php | 4 ++-- includes/api/ApiQueryBacklinks.php | 12 ++++++------ includes/api/ApiQueryBlocks.php | 9 +++++++-- includes/api/ApiQueryCategoryMembers.php | 2 +- includes/api/ApiQueryDeletedrevs.php | 12 ++++++------ includes/api/ApiQueryIWBacklinks.php | 13 +++++++------ includes/api/ApiQueryLangBacklinks.php | 13 +++++++------ includes/api/ApiQueryRecentChanges.php | 2 +- includes/api/ApiQueryRevisions.php | 8 ++++---- includes/api/ApiQueryUserContributions.php | 11 ++++++----- includes/api/ApiQueryWatchlistRaw.php | 8 ++++---- 14 files changed, 62 insertions(+), 54 deletions(-) diff --git a/includes/api/ApiBlock.php b/includes/api/ApiBlock.php index 7d3a40bb5f..d7f121fbfc 100644 --- a/includes/api/ApiBlock.php +++ b/includes/api/ApiBlock.php @@ -100,7 +100,7 @@ class ApiBlock extends ApiBase { $block = Block::newFromTarget( $target ); if( $block instanceof Block ){ - $res['expiry'] = $block->mExpiry == wfGetDB( DB_SLAVE )->getInfinity() + $res['expiry'] = $block->mExpiry == $this->getDB()->getInfinity() ? 'infinite' : wfTimestamp( TS_ISO_8601, $block->mExpiry ); } else { diff --git a/includes/api/ApiProtect.php b/includes/api/ApiProtect.php index 97e79ffe18..20b660a0ca 100644 --- a/includes/api/ApiProtect.php +++ b/includes/api/ApiProtect.php @@ -56,7 +56,7 @@ class ApiProtect extends ApiBase { } $restrictionTypes = $titleObj->getRestrictionTypes(); - $dbr = wfGetDB( DB_SLAVE ); + $db = $this->getDB(); $protections = array(); $expiryarray = array(); @@ -80,7 +80,7 @@ class ApiProtect extends ApiBase { } if ( in_array( $expiry[$i], array( 'infinite', 'indefinite', 'never' ) ) ) { - $expiryarray[$p[0]] = $dbr->getInfinity(); + $expiryarray[$p[0]] = $db->getInfinity(); } else { $exp = strtotime( $expiry[$i] ); if ( $exp < 0 || !$exp ) { @@ -94,7 +94,7 @@ class ApiProtect extends ApiBase { $expiryarray[$p[0]] = $exp; } $resultProtections[] = array( $p[0] => $protections[$p[0]], - 'expiry' => ( $expiryarray[$p[0]] == $dbr->getInfinity() ? + 'expiry' => ( $expiryarray[$p[0]] == $db->getInfinity() ? 'infinite' : wfTimestamp( TS_ISO_8601, $expiryarray[$p[0]] ) ) ); } diff --git a/includes/api/ApiQueryAllLinks.php b/includes/api/ApiQueryAllLinks.php index 903f144fe4..a190d3240a 100644 --- a/includes/api/ApiQueryAllLinks.php +++ b/includes/api/ApiQueryAllLinks.php @@ -76,16 +76,16 @@ class ApiQueryAllLinks extends ApiQueryGeneratorBase { $this->dieUsage( 'alcontinue and alfrom cannot be used together', 'params' ); } if ( !is_null( $params['continue'] ) ) { - $arr = explode( '|', $params['continue'] ); - if ( count( $arr ) != 2 ) { + $continueArr = explode( '|', $params['continue'] ); + if ( count( $continueArr ) != 2 ) { $this->dieUsage( 'Invalid continue parameter', 'badcontinue' ); } - $from = $this->getDB()->strencode( $this->titleToKey( $arr[0] ) ); - $id = intval( $arr[1] ); + $continueTitle = $db->addQuotes( $this->titleToKey( $continueArr[0] ) ); + $continueFrom = intval( $continueArr[1] ); $this->addWhere( - "pl_title > '$from' OR " . - "(pl_title = '$from' AND " . - "pl_from > $id)" + "pl_title > $continueTitle OR " . + "(pl_title = $continueTitle AND " . + "pl_from > $continueFrom)" ); } diff --git a/includes/api/ApiQueryAllUsers.php b/includes/api/ApiQueryAllUsers.php index e96676ea4b..c3f9567ec6 100644 --- a/includes/api/ApiQueryAllUsers.php +++ b/includes/api/ApiQueryAllUsers.php @@ -154,9 +154,9 @@ class ApiQueryAllUsers extends ApiQueryBase { $this->addFields( 'COUNT(*) AS recentedits' ); - $this->addWhere( "rc_log_type IS NULL OR rc_log_type != 'newusers'" ); + $this->addWhere( 'rc_log_type IS NULL OR rc_log_type != ' . $db->addQuotes( 'newusers' ) ); $timestamp = $db->timestamp( wfTimestamp( TS_UNIX ) - $wgActiveUserDays*24*3600 ); - $this->addWhere( "rc_timestamp >= {$db->addQuotes( $timestamp )}" ); + $this->addWhere( 'rc_timestamp >= ' . $db->addQuotes( $timestamp ) ); $this->addOption( 'GROUP BY', $userFieldToSort ); } diff --git a/includes/api/ApiQueryBacklinks.php b/includes/api/ApiQueryBacklinks.php index bf9aa3d6b3..57ac1065ee 100644 --- a/includes/api/ApiQueryBacklinks.php +++ b/includes/api/ApiQueryBacklinks.php @@ -188,25 +188,25 @@ class ApiQueryBacklinks extends ApiQueryGeneratorBase { $titleWhere = array(); foreach ( $this->redirTitles as $t ) { $titleWhere[] = "{$this->bl_title} = " . $db->addQuotes( $t->getDBkey() ) . - ( $this->hasNS ? " AND {$this->bl_ns} = '{$t->getNamespace()}'" : '' ); + ( $this->hasNS ? " AND {$this->bl_ns} = {$t->getNamespace()}" : '' ); } $this->addWhere( $db->makeList( $titleWhere, LIST_OR ) ); $this->addWhereFld( 'page_namespace', $this->params['namespace'] ); if ( !is_null( $this->redirID ) ) { $first = $this->redirTitles[0]; - $title = $db->strencode( $first->getDBkey() ); + $title = $db->addQuotes( $first->getDBkey() ); $ns = $first->getNamespace(); $from = $this->redirID; if ( $this->hasNS ) { $this->addWhere( "{$this->bl_ns} > $ns OR " . "({$this->bl_ns} = $ns AND " . - "({$this->bl_title} > '$title' OR " . - "({$this->bl_title} = '$title' AND " . + "({$this->bl_title} > $title OR " . + "({$this->bl_title} = $title AND " . "{$this->bl_from} >= $from)))" ); } else { - $this->addWhere( "{$this->bl_title} > '$title' OR " . - "({$this->bl_title} = '$title' AND " . + $this->addWhere( "{$this->bl_title} > $title OR " . + "({$this->bl_title} = $title AND " . "{$this->bl_from} >= $from)" ); } } diff --git a/includes/api/ApiQueryBlocks.php b/includes/api/ApiQueryBlocks.php index 824589cd30..8c287d6929 100644 --- a/includes/api/ApiQueryBlocks.php +++ b/includes/api/ApiQueryBlocks.php @@ -103,10 +103,15 @@ class ApiQueryBlocks extends ApiQueryBase { } $prefix = substr( $lower, 0, 4 ); + # Fairly hard to make a malicious SQL statement out of hex characters, + # but it is good practice to add quotes + $lower = $db->addQuotes( $lower ); + $upper = $db->addQuotes( $upper ); + $this->addWhere( array( 'ipb_range_start' . $db->buildLike( $prefix, $db->anyString() ), - "ipb_range_start <= '$lower'", - "ipb_range_end >= '$upper'", + 'ipb_range_start <= ' . $lower, + 'ipb_range_end >= ' . $upper, 'ipb_auto' => 0 ) ); } diff --git a/includes/api/ApiQueryCategoryMembers.php b/includes/api/ApiQueryCategoryMembers.php index 8fff94dc79..051ffd90cf 100644 --- a/includes/api/ApiQueryCategoryMembers.php +++ b/includes/api/ApiQueryCategoryMembers.php @@ -97,7 +97,7 @@ class ApiQueryCategoryMembers extends ApiQueryGeneratorBase { $dir = in_array( $params['dir'], array( 'asc', 'ascending', 'newer' ) ) ? 'newer' : 'older'; if ( $params['sort'] == 'timestamp' ) { - $this->addWhereRange( 'cl_timestamp', + $this->addTimestampWhereRange( 'cl_timestamp', $dir, $params['start'], $params['end'] ); diff --git a/includes/api/ApiQueryDeletedrevs.php b/includes/api/ApiQueryDeletedrevs.php index 397bdc4097..68f0122fac 100644 --- a/includes/api/ApiQueryDeletedrevs.php +++ b/includes/api/ApiQueryDeletedrevs.php @@ -155,7 +155,7 @@ class ApiQueryDeletedrevs extends ApiQueryBase { $this->addWhereFld( 'ar_user_text', $params['user'] ); } elseif ( !is_null( $params['excludeuser'] ) ) { $this->addWhere( 'ar_user_text != ' . - $this->getDB()->addQuotes( $params['excludeuser'] ) ); + $db->addQuotes( $params['excludeuser'] ) ); } if ( !is_null( $params['continue'] ) && ( $mode == 'all' || $mode == 'revs' ) ) { @@ -164,14 +164,14 @@ class ApiQueryDeletedrevs extends ApiQueryBase { $this->dieUsage( 'Invalid continue param. You should pass the original value returned by the previous query', 'badcontinue' ); } $ns = intval( $cont[0] ); - $title = $this->getDB()->strencode( $this->titleToKey( $cont[1] ) ); - $ts = $this->getDB()->strencode( $cont[2] ); + $title = $db->addQuotes( $this->titleToKey( $cont[1] ) ); + $ts = $db->addQuotes( $db->timestamp( $cont[2] ) ); $op = ( $dir == 'newer' ? '>' : '<' ); $this->addWhere( "ar_namespace $op $ns OR " . "(ar_namespace = $ns AND " . - "(ar_title $op '$title' OR " . - "(ar_title = '$title' AND " . - "ar_timestamp $op= '$ts')))" ); + "(ar_title $op $title OR " . + "(ar_title = $title AND " . + "ar_timestamp $op= $ts)))" ); } $this->addOption( 'LIMIT', $limit + 1 ); diff --git a/includes/api/ApiQueryIWBacklinks.php b/includes/api/ApiQueryIWBacklinks.php index 47ab34647c..344b2f0a41 100644 --- a/includes/api/ApiQueryIWBacklinks.php +++ b/includes/api/ApiQueryIWBacklinks.php @@ -61,14 +61,15 @@ class ApiQueryIWBacklinks extends ApiQueryGeneratorBase { 'original value returned by the previous query', '_badcontinue' ); } - $prefix = $this->getDB()->strencode( $cont[0] ); - $title = $this->getDB()->strencode( $this->titleToKey( $cont[1] ) ); + $db = $this->getDB(); + $prefix = $db->addQuotes( $cont[0] ); + $title = $db->addQuotes( $this->titleToKey( $cont[1] ) ); $from = intval( $cont[2] ); $this->addWhere( - "iwl_prefix > '$prefix' OR " . - "(iwl_prefix = '$prefix' AND " . - "(iwl_title > '$title' OR " . - "(iwl_title = '$title' AND " . + "iwl_prefix > $prefix OR " . + "(iwl_prefix = $prefix AND " . + "(iwl_title > $title OR " . + "(iwl_title = $title AND " . "iwl_from >= $from)))" ); } diff --git a/includes/api/ApiQueryLangBacklinks.php b/includes/api/ApiQueryLangBacklinks.php index d8c678a49a..de948f4c35 100644 --- a/includes/api/ApiQueryLangBacklinks.php +++ b/includes/api/ApiQueryLangBacklinks.php @@ -61,14 +61,15 @@ class ApiQueryLangBacklinks extends ApiQueryGeneratorBase { 'original value returned by the previous query', '_badcontinue' ); } - $prefix = $this->getDB()->strencode( $cont[0] ); - $title = $this->getDB()->strencode( $this->titleToKey( $cont[1] ) ); + $db = $this->getDB(); + $prefix = $db->addQuotes( $cont[0] ); + $title = $db->addQuotes( $this->titleToKey( $cont[1] ) ); $from = intval( $cont[2] ); $this->addWhere( - "ll_lang > '$prefix' OR " . - "(ll_lang = '$prefix' AND " . - "(ll_title > '$title' OR " . - "(ll_title = '$title' AND " . + "ll_lang > $prefix OR " . + "(ll_lang = $prefix AND " . + "(ll_title > $title OR " . + "(ll_title = $title AND " . "ll_from >= $from)))" ); } diff --git a/includes/api/ApiQueryRecentChanges.php b/includes/api/ApiQueryRecentChanges.php index 2d2d9fff93..931af08349 100644 --- a/includes/api/ApiQueryRecentChanges.php +++ b/includes/api/ApiQueryRecentChanges.php @@ -144,7 +144,7 @@ class ApiQueryRecentChanges extends ApiQueryGeneratorBase { /* Build our basic query. Namely, something along the lines of: * SELECT * FROM recentchanges WHERE rc_timestamp > $start * AND rc_timestamp < $end AND rc_namespace = $namespace - * AND rc_deleted = '0' + * AND rc_deleted = 0 */ $this->addTables( 'recentchanges' ); $index = array( 'recentchanges' => 'rc_timestamp' ); // May change diff --git a/includes/api/ApiQueryRevisions.php b/includes/api/ApiQueryRevisions.php index fa58bdf047..cf41c9154c 100644 --- a/includes/api/ApiQueryRevisions.php +++ b/includes/api/ApiQueryRevisions.php @@ -290,7 +290,7 @@ class ApiQueryRevisions extends ApiQueryBase { $this->addWhereFld( 'rev_id', array_keys( $revs ) ); if ( !is_null( $params['continue'] ) ) { - $this->addWhere( "rev_id >= '" . intval( $params['continue'] ) . "'" ); + $this->addWhere( 'rev_id >= ' . intval( $params['continue'] ) ); } $this->addOption( 'ORDER BY', 'rev_id' ); @@ -322,9 +322,9 @@ class ApiQueryRevisions extends ApiQueryBase { $pageid = intval( $cont[0] ); $revid = intval( $cont[1] ); $this->addWhere( - "rev_page > '$pageid' OR " . - "(rev_page = '$pageid' AND " . - "rev_id >= '$revid')" + "rev_page > $pageid OR " . + "(rev_page = $pageid AND " . + "rev_id >= $revid)" ); } $this->addOption( 'ORDER BY', 'rev_page, rev_id' ); diff --git a/includes/api/ApiQueryUserContributions.php b/includes/api/ApiQueryUserContributions.php index 16543820b3..097d3e174e 100644 --- a/includes/api/ApiQueryUserContributions.php +++ b/includes/api/ApiQueryUserContributions.php @@ -152,13 +152,14 @@ class ApiQueryContributions extends ApiQueryBase { $this->dieUsage( 'Invalid continue param. You should pass the original ' . 'value returned by the previous query', '_badcontinue' ); } - $encUser = $this->getDB()->strencode( $continue[0] ); - $encTS = wfTimestamp( TS_MW, $continue[1] ); + $db = $this->getDB(); + $encUser = $db->addQuotes( $continue[0] ); + $encTS = $db->addQuotes( $db->timestamp( $continue[1] ) ); $op = ( $this->params['dir'] == 'older' ? '<' : '>' ); $this->addWhere( - "rev_user_text $op '$encUser' OR " . - "(rev_user_text = '$encUser' AND " . - "rev_timestamp $op= '$encTS')" + "rev_user_text $op $encUser OR " . + "(rev_user_text = $encUser AND " . + "rev_timestamp $op= $encTS)" ); } diff --git a/includes/api/ApiQueryWatchlistRaw.php b/includes/api/ApiQueryWatchlistRaw.php index 4adadf1e32..ae375f95d7 100644 --- a/includes/api/ApiQueryWatchlistRaw.php +++ b/includes/api/ApiQueryWatchlistRaw.php @@ -76,12 +76,12 @@ class ApiQueryWatchlistRaw extends ApiQueryGeneratorBase { "original value returned by the previous query", "_badcontinue" ); } $ns = intval( $cont[0] ); - $title = $this->getDB()->strencode( $this->titleToKey( $cont[1] ) ); + $title = $this->getDB()->addQuotes( $this->titleToKey( $cont[1] ) ); $op = $params['dir'] == 'ascending' ? '>' : '<'; $this->addWhere( - "wl_namespace $op '$ns' OR " . - "(wl_namespace = '$ns' AND " . - "wl_title $op= '$title')" + "wl_namespace $op $ns OR " . + "(wl_namespace = $ns AND " . + "wl_title $op= $title)" ); } -- 2.20.1