$block = Block::newFromTarget( $target );
if( $block instanceof Block ){
- $res['expiry'] = $block->mExpiry == wfGetDB( DB_SLAVE )->getInfinity()
+ $res['expiry'] = $block->mExpiry == $this->getDB()->getInfinity()
? 'infinite'
: wfTimestamp( TS_ISO_8601, $block->mExpiry );
} else {
}
$restrictionTypes = $titleObj->getRestrictionTypes();
- $dbr = wfGetDB( DB_SLAVE );
+ $db = $this->getDB();
$protections = array();
$expiryarray = array();
}
if ( in_array( $expiry[$i], array( 'infinite', 'indefinite', 'never' ) ) ) {
- $expiryarray[$p[0]] = $dbr->getInfinity();
+ $expiryarray[$p[0]] = $db->getInfinity();
} else {
$exp = strtotime( $expiry[$i] );
if ( $exp < 0 || !$exp ) {
$expiryarray[$p[0]] = $exp;
}
$resultProtections[] = array( $p[0] => $protections[$p[0]],
- 'expiry' => ( $expiryarray[$p[0]] == $dbr->getInfinity() ?
+ 'expiry' => ( $expiryarray[$p[0]] == $db->getInfinity() ?
'infinite' :
wfTimestamp( TS_ISO_8601, $expiryarray[$p[0]] ) ) );
}
$this->dieUsage( 'alcontinue and alfrom cannot be used together', 'params' );
}
if ( !is_null( $params['continue'] ) ) {
- $arr = explode( '|', $params['continue'] );
- if ( count( $arr ) != 2 ) {
+ $continueArr = explode( '|', $params['continue'] );
+ if ( count( $continueArr ) != 2 ) {
$this->dieUsage( 'Invalid continue parameter', 'badcontinue' );
}
- $from = $this->getDB()->strencode( $this->titleToKey( $arr[0] ) );
- $id = intval( $arr[1] );
+ $continueTitle = $db->addQuotes( $this->titleToKey( $continueArr[0] ) );
+ $continueFrom = intval( $continueArr[1] );
$this->addWhere(
- "pl_title > '$from' OR " .
- "(pl_title = '$from' AND " .
- "pl_from > $id)"
+ "pl_title > $continueTitle OR " .
+ "(pl_title = $continueTitle AND " .
+ "pl_from > $continueFrom)"
);
}
$this->addFields( 'COUNT(*) AS recentedits' );
- $this->addWhere( "rc_log_type IS NULL OR rc_log_type != 'newusers'" );
+ $this->addWhere( 'rc_log_type IS NULL OR rc_log_type != ' . $db->addQuotes( 'newusers' ) );
$timestamp = $db->timestamp( wfTimestamp( TS_UNIX ) - $wgActiveUserDays*24*3600 );
- $this->addWhere( "rc_timestamp >= {$db->addQuotes( $timestamp )}" );
+ $this->addWhere( 'rc_timestamp >= ' . $db->addQuotes( $timestamp ) );
$this->addOption( 'GROUP BY', $userFieldToSort );
}
$titleWhere = array();
foreach ( $this->redirTitles as $t ) {
$titleWhere[] = "{$this->bl_title} = " . $db->addQuotes( $t->getDBkey() ) .
- ( $this->hasNS ? " AND {$this->bl_ns} = '{$t->getNamespace()}'" : '' );
+ ( $this->hasNS ? " AND {$this->bl_ns} = {$t->getNamespace()}" : '' );
}
$this->addWhere( $db->makeList( $titleWhere, LIST_OR ) );
$this->addWhereFld( 'page_namespace', $this->params['namespace'] );
if ( !is_null( $this->redirID ) ) {
$first = $this->redirTitles[0];
- $title = $db->strencode( $first->getDBkey() );
+ $title = $db->addQuotes( $first->getDBkey() );
$ns = $first->getNamespace();
$from = $this->redirID;
if ( $this->hasNS ) {
$this->addWhere( "{$this->bl_ns} > $ns OR " .
"({$this->bl_ns} = $ns AND " .
- "({$this->bl_title} > '$title' OR " .
- "({$this->bl_title} = '$title' AND " .
+ "({$this->bl_title} > $title OR " .
+ "({$this->bl_title} = $title AND " .
"{$this->bl_from} >= $from)))" );
} else {
- $this->addWhere( "{$this->bl_title} > '$title' OR " .
- "({$this->bl_title} = '$title' AND " .
+ $this->addWhere( "{$this->bl_title} > $title OR " .
+ "({$this->bl_title} = $title AND " .
"{$this->bl_from} >= $from)" );
}
}
}
$prefix = substr( $lower, 0, 4 );
+ # Fairly hard to make a malicious SQL statement out of hex characters,
+ # but it is good practice to add quotes
+ $lower = $db->addQuotes( $lower );
+ $upper = $db->addQuotes( $upper );
+
$this->addWhere( array(
'ipb_range_start' . $db->buildLike( $prefix, $db->anyString() ),
- "ipb_range_start <= '$lower'",
- "ipb_range_end >= '$upper'",
+ 'ipb_range_start <= ' . $lower,
+ 'ipb_range_end >= ' . $upper,
'ipb_auto' => 0
) );
}
$dir = in_array( $params['dir'], array( 'asc', 'ascending', 'newer' ) ) ? 'newer' : 'older';
if ( $params['sort'] == 'timestamp' ) {
- $this->addWhereRange( 'cl_timestamp',
+ $this->addTimestampWhereRange( 'cl_timestamp',
$dir,
$params['start'],
$params['end'] );
$this->addWhereFld( 'ar_user_text', $params['user'] );
} elseif ( !is_null( $params['excludeuser'] ) ) {
$this->addWhere( 'ar_user_text != ' .
- $this->getDB()->addQuotes( $params['excludeuser'] ) );
+ $db->addQuotes( $params['excludeuser'] ) );
}
if ( !is_null( $params['continue'] ) && ( $mode == 'all' || $mode == 'revs' ) ) {
$this->dieUsage( 'Invalid continue param. You should pass the original value returned by the previous query', 'badcontinue' );
}
$ns = intval( $cont[0] );
- $title = $this->getDB()->strencode( $this->titleToKey( $cont[1] ) );
- $ts = $this->getDB()->strencode( $cont[2] );
+ $title = $db->addQuotes( $this->titleToKey( $cont[1] ) );
+ $ts = $db->addQuotes( $db->timestamp( $cont[2] ) );
$op = ( $dir == 'newer' ? '>' : '<' );
$this->addWhere( "ar_namespace $op $ns OR " .
"(ar_namespace = $ns AND " .
- "(ar_title $op '$title' OR " .
- "(ar_title = '$title' AND " .
- "ar_timestamp $op= '$ts')))" );
+ "(ar_title $op $title OR " .
+ "(ar_title = $title AND " .
+ "ar_timestamp $op= $ts)))" );
}
$this->addOption( 'LIMIT', $limit + 1 );
'original value returned by the previous query', '_badcontinue' );
}
- $prefix = $this->getDB()->strencode( $cont[0] );
- $title = $this->getDB()->strencode( $this->titleToKey( $cont[1] ) );
+ $db = $this->getDB();
+ $prefix = $db->addQuotes( $cont[0] );
+ $title = $db->addQuotes( $this->titleToKey( $cont[1] ) );
$from = intval( $cont[2] );
$this->addWhere(
- "iwl_prefix > '$prefix' OR " .
- "(iwl_prefix = '$prefix' AND " .
- "(iwl_title > '$title' OR " .
- "(iwl_title = '$title' AND " .
+ "iwl_prefix > $prefix OR " .
+ "(iwl_prefix = $prefix AND " .
+ "(iwl_title > $title OR " .
+ "(iwl_title = $title AND " .
"iwl_from >= $from)))"
);
}
'original value returned by the previous query', '_badcontinue' );
}
- $prefix = $this->getDB()->strencode( $cont[0] );
- $title = $this->getDB()->strencode( $this->titleToKey( $cont[1] ) );
+ $db = $this->getDB();
+ $prefix = $db->addQuotes( $cont[0] );
+ $title = $db->addQuotes( $this->titleToKey( $cont[1] ) );
$from = intval( $cont[2] );
$this->addWhere(
- "ll_lang > '$prefix' OR " .
- "(ll_lang = '$prefix' AND " .
- "(ll_title > '$title' OR " .
- "(ll_title = '$title' AND " .
+ "ll_lang > $prefix OR " .
+ "(ll_lang = $prefix AND " .
+ "(ll_title > $title OR " .
+ "(ll_title = $title AND " .
"ll_from >= $from)))"
);
}
/* Build our basic query. Namely, something along the lines of:
* SELECT * FROM recentchanges WHERE rc_timestamp > $start
* AND rc_timestamp < $end AND rc_namespace = $namespace
- * AND rc_deleted = '0'
+ * AND rc_deleted = 0
*/
$this->addTables( 'recentchanges' );
$index = array( 'recentchanges' => 'rc_timestamp' ); // May change
$this->addWhereFld( 'rev_id', array_keys( $revs ) );
if ( !is_null( $params['continue'] ) ) {
- $this->addWhere( "rev_id >= '" . intval( $params['continue'] ) . "'" );
+ $this->addWhere( 'rev_id >= ' . intval( $params['continue'] ) );
}
$this->addOption( 'ORDER BY', 'rev_id' );
$pageid = intval( $cont[0] );
$revid = intval( $cont[1] );
$this->addWhere(
- "rev_page > '$pageid' OR " .
- "(rev_page = '$pageid' AND " .
- "rev_id >= '$revid')"
+ "rev_page > $pageid OR " .
+ "(rev_page = $pageid AND " .
+ "rev_id >= $revid)"
);
}
$this->addOption( 'ORDER BY', 'rev_page, rev_id' );
$this->dieUsage( 'Invalid continue param. You should pass the original ' .
'value returned by the previous query', '_badcontinue' );
}
- $encUser = $this->getDB()->strencode( $continue[0] );
- $encTS = wfTimestamp( TS_MW, $continue[1] );
+ $db = $this->getDB();
+ $encUser = $db->addQuotes( $continue[0] );
+ $encTS = $db->addQuotes( $db->timestamp( $continue[1] ) );
$op = ( $this->params['dir'] == 'older' ? '<' : '>' );
$this->addWhere(
- "rev_user_text $op '$encUser' OR " .
- "(rev_user_text = '$encUser' AND " .
- "rev_timestamp $op= '$encTS')"
+ "rev_user_text $op $encUser OR " .
+ "(rev_user_text = $encUser AND " .
+ "rev_timestamp $op= $encTS)"
);
}
"original value returned by the previous query", "_badcontinue" );
}
$ns = intval( $cont[0] );
- $title = $this->getDB()->strencode( $this->titleToKey( $cont[1] ) );
+ $title = $this->getDB()->addQuotes( $this->titleToKey( $cont[1] ) );
$op = $params['dir'] == 'ascending' ? '>' : '<';
$this->addWhere(
- "wl_namespace $op '$ns' OR " .
- "(wl_namespace = '$ns' AND " .
- "wl_title $op= '$title')"
+ "wl_namespace $op $ns OR " .
+ "(wl_namespace = $ns AND " .
+ "wl_title $op= $title)"
);
}