1
+ − 1
<?php
+ − 2
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
142
ca9118d9c0f2
Rebrand as 1.0.2 (Coblynau); internal links are now parsed by RenderMan::parse_internal_links()
Dan
diff
changeset
+ − 5
* Version 1.0.2 (Coblynau)
1
+ − 6
* Copyright (C) 2006-2007 Dan Fuhry
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
+ − 14
+ − 15
function db_error_handler($errno, $errstr, $errfile = false, $errline = false, $errcontext = Array() )
+ − 16
{
+ − 17
if ( !defined('ENANO_DEBUG') )
+ − 18
return;
+ − 19
$e = error_reporting(0);
+ − 20
error_reporting($e);
+ − 21
if ( $e < $errno )
+ − 22
return;
+ − 23
$errtype = 'Notice';
+ − 24
switch ( $errno )
+ − 25
{
+ − 26
case E_ERROR: case E_USER_ERROR: case E_CORE_ERROR: case E_COMPILE_ERROR: $errtype = 'Error'; break;
+ − 27
case E_WARNING: case E_USER_WARNING: case E_CORE_WARNING: case E_COMPILE_WARNING: $errtype = 'Warning'; break;
+ − 28
}
+ − 29
$debug = debug_backtrace();
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 30
if ( !isset($debug[0]['file']) )
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 31
return false;
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 32
$debug = $debug[0]['file'] . ', line ' . $debug[0]['line'];
1
+ − 33
echo "<b>$errtype:</b> $errstr<br />Error source:<pre>$debug</pre>";
+ − 34
}
+ − 35
+ − 36
class mysql {
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 37
var $num_queries, $query_backtrace, $query_times, $query_sources, $latest_result, $latest_query, $_conn, $sql_stack_fields, $sql_stack_values, $debug;
1
+ − 38
var $row = array();
+ − 39
var $rowset = array();
+ − 40
var $errhandler;
+ − 41
+ − 42
function enable_errorhandler()
+ − 43
{
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 44
// echo "DBAL: enabling error handler<br />";
1
+ − 45
if ( function_exists('debug_backtrace') )
+ − 46
{
+ − 47
$this->errhandler = set_error_handler('db_error_handler');
+ − 48
}
+ − 49
}
+ − 50
+ − 51
function disable_errorhandler()
+ − 52
{
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 53
// echo "DBAL: disabling error handler<br />";
1
+ − 54
if ( $this->errhandler )
+ − 55
{
+ − 56
set_error_handler($this->errhandler);
+ − 57
}
+ − 58
else
+ − 59
{
+ − 60
restore_error_handler();
+ − 61
}
+ − 62
}
+ − 63
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 64
function sql_backtrace()
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 65
{
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 66
return implode("\n-------------------------------------------------------------------\n", $this->query_backtrace);
1
+ − 67
}
+ − 68
+ − 69
function ensure_connection()
+ − 70
{
+ − 71
if(!$this->_conn)
+ − 72
{
+ − 73
$this->connect();
+ − 74
}
+ − 75
}
+ − 76
+ − 77
function _die($t = '') {
+ − 78
if(defined('ENANO_HEADERS_SENT')) {
+ − 79
ob_clean();
+ − 80
}
+ − 81
header('HTTP/1.1 500 Internal Server Error');
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 82
$bt = $this->latest_query; // $this->sql_backtrace();
1
+ − 83
$e = htmlspecialchars(mysql_error());
+ − 84
if($e=='') $e='<none>';
91
+ − 85
$t = ( !empty($t) ) ? $t : '<No error description provided>';
+ − 86
global $email;
+ − 87
$email_info = ( defined('ENANO_CONFIG_FETCHED') && is_object($email) ) ? ', at <' . $email->jscode() . $email->encryptEmail(getConfig('contact_email')) . '>' : '';
+ − 88
$internal_text = '<h3>The site was unable to finish serving your request.</h3>
+ − 89
<p>We apologize for the inconveience, but an error occurred in the Enano database layer. Please report the full text of this page to the administrator of this site' . $email_info . '.</p>
+ − 90
<p>Description or location of error: '.$t.'<br />
+ − 91
Error returned by MySQL extension: ' . $e . '<br />
+ − 92
Most recent SQL query:</p>
+ − 93
<pre>'.$bt.'</pre>';
+ − 94
if(defined('ENANO_CONFIG_FETCHED')) die_semicritical('Database error', $internal_text);
+ − 95
else grinding_halt('Database error', $internal_text);
1
+ − 96
exit;
+ − 97
}
+ − 98
+ − 99
function die_json()
+ − 100
{
+ − 101
$e = addslashes(htmlspecialchars(mysql_error()));
+ − 102
$q = addslashes($this->latest_query);
+ − 103
$t = "{'mode':'error','error':'An error occurred during database query.\nQuery was:\n $q\n\nError returned by MySQL: $e'}";
+ − 104
die($t);
+ − 105
}
+ − 106
+ − 107
function get_error($t = '') {
+ − 108
header('HTTP/1.1 500 Internal Server Error');
+ − 109
$bt = $this->sql_backtrace();
+ − 110
$e = htmlspecialchars(mysql_error());
+ − 111
if($e=='') $e='<none>';
91
+ − 112
global $email;
+ − 113
$email_info = ( defined('ENANO_CONFIG_FETCHED') && is_object($email) ) ? ', at <' . $email->jscode() . $email->encryptEmail(getConfig('contact_email')) . '>' : '';
+ − 114
$internal_text = '<h3>The site was unable to finish serving your request.</h3>
+ − 115
<p>We apologize for the inconveience, but an error occurred in the Enano database layer. Please report the full text of this page to the administrator of this site' . $email_info . '.</p>
+ − 116
<p>Description or location of error: '.$t.'<br />
+ − 117
Error returned by MySQL extension: ' . $e . '<br />
+ − 118
Most recent SQL query:</p>
+ − 119
<pre>'.$bt.'</pre>';
+ − 120
return $internal_text;
1
+ − 121
}
+ − 122
215
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 123
function connect()
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 124
{
1
+ − 125
$this->enable_errorhandler();
215
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 126
232
2b60c89dc27f
Fixed a few major bugs with the upgrade script and the config file not getting loaded properly due to IN_ENANO_INSTALL
Dan
diff
changeset
+ − 127
if ( defined('IN_ENANO_INSTALL') && !defined('IN_ENANO_UPGRADE') )
215
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 128
{
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 129
@include(ENANO_ROOT.'/config.new.php');
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 130
}
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 131
else
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 132
{
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 133
@include(ENANO_ROOT.'/config.php');
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 134
}
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 135
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 136
if ( isset($crypto_key) )
1
+ − 137
unset($crypto_key); // Get this sucker out of memory fast
215
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 138
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 139
if ( !defined('ENANO_INSTALLED') && !defined('MIDGET_INSTALLED') && !defined('IN_ENANO_INSTALL') )
1
+ − 140
{
218
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 141
// scriptPath isn't set yet - we need to autodetect it to avoid infinite redirects
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 142
if ( !defined('scriptPath') )
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 143
{
222
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 144
if ( isset($_SERVER['PATH_INFO']) && !preg_match('/index\.php$/', $_SERVER['PATH_INFO']) )
218
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 145
{
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 146
$_SERVER['REQUEST_URI'] = preg_replace(';' . preg_quote($_SERVER['PATH_INFO']) . '$;', '', $_SERVER['REQUEST_URI']);
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 147
}
231
+ − 148
if ( !preg_match('/\.php$/', $_SERVER['REQUEST_URI']) )
+ − 149
{
+ − 150
// user requested http://foo/enano as opposed to http://foo/enano/index.php
+ − 151
$_SERVER['REQUEST_URI'] .= '/index.php';
+ − 152
}
218
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 153
$sp = dirname($_SERVER['REQUEST_URI']);
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 154
if($sp == '/' || $sp == '\\') $sp = '';
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 155
define('scriptPath', $sp);
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 156
define('contentPath', "$sp/index.php?title=");
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 157
}
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 158
$loc = scriptPath . '/install.php';
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 159
// header("Location: $loc");
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 160
redirect($loc, 'Enano not installed', 'We can\'t seem to find an Enano installation (valid config file). You will be transferred to the installation wizard momentarily...', 3);
1
+ − 161
exit;
+ − 162
}
+ − 163
$this->_conn = @mysql_connect($dbhost, $dbuser, $dbpasswd);
+ − 164
unset($dbuser);
+ − 165
unset($dbpasswd); // Security
215
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 166
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 167
if ( !$this->_conn )
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 168
{
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 169
grinding_halt('Enano is having a problem', '<p>Error: couldn\'t connect to MySQL.<br />'.mysql_error().'</p>');
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 170
}
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 171
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 172
// Reset some variables
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 173
$this->query_backtrace = array();
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 174
$this->query_times = array();
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 175
$this->query_sources = array();
1
+ − 176
$this->num_queries = 0;
215
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 177
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 178
$this->debug = ( defined('ENANO_DEBUG') );
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 179
203
acb9d021b860
Database name can now contain dashes (as per requested at http://forum.enanocms.org/viewtopic.php?f=5&t=14); corrected some installer behavior issues with connecting as root and setting up permissions resulting in logs not being flushed, configs not being inserted, and what have you.
Dan
diff
changeset
+ − 180
$q = $this->sql_query('USE `'.$dbname.'`;');
215
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 181
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 182
if ( !$q )
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 183
$this->_die('The database could not be selected.');
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 184
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 185
// We're in!
1
+ − 186
$this->disable_errorhandler();
215
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 187
return true;
1
+ − 188
}
+ − 189
215
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 190
function sql_query($q)
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 191
{
1
+ − 192
$this->enable_errorhandler();
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 193
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 194
if ( $this->debug && function_exists('debug_backtrace') )
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 195
{
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 196
$backtrace = @debug_backtrace();
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 197
if ( is_array($backtrace) )
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 198
{
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 199
$bt = $backtrace[0];
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 200
if ( isset($backtrace[1]['class']) )
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 201
{
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 202
if ( $backtrace[1]['class'] == 'sessionManager' )
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 203
{
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 204
$bt = $backtrace[1];
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 205
}
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 206
}
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 207
$this->query_sources[$q] = substr($bt['file'], strlen(ENANO_ROOT) + 1) . ', line ' . $bt['line'];
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 208
}
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 209
unset($backtrace);
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 210
}
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 211
1
+ − 212
$this->num_queries++;
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 213
$this->query_backtrace[] = $q;
1
+ − 214
$this->latest_query = $q;
215
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 215
// First make sure we have a connection
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 216
if ( !$this->_conn )
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 217
{
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 218
$this->_die('A database connection has not yet been established.');
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 219
}
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 220
// Does this query look malicious?
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 221
if ( !$this->check_query($q) )
1
+ − 222
{
+ − 223
$this->report_query($q);
+ − 224
grinding_halt('SQL Injection attempt', '<p>Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.</p><p>Query was:</p><pre>'.htmlspecialchars($q).'</pre>');
+ − 225
}
215
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 226
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 227
$time_start = microtime_float();
1
+ − 228
$r = mysql_query($q, $this->_conn);
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 229
$this->query_times[$q] = microtime_float() - $time_start;
1
+ − 230
$this->latest_result = $r;
+ − 231
$this->disable_errorhandler();
+ − 232
return $r;
+ − 233
}
+ − 234
215
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 235
function sql_unbuffered_query($q)
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 236
{
1
+ − 237
$this->enable_errorhandler();
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 238
1
+ − 239
$this->num_queries++;
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 240
$this->query_backtrace[] = '(UNBUFFERED) ' . $q;
1
+ − 241
$this->latest_query = $q;
215
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 242
// First make sure we have a connection
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 243
if ( !$this->_conn )
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 244
{
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 245
$this->_die('A database connection has not yet been established.');
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 246
}
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 247
// Does this query look malicious?
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 248
if ( !$this->check_query($q) )
1
+ − 249
{
+ − 250
$this->report_query($q);
+ − 251
grinding_halt('SQL Injection attempt', '<p>Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.</p><p>Query was:</p><pre>'.htmlspecialchars($q).'</pre>');
+ − 252
}
215
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 253
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 254
$time_start = microtime_float();
1
+ − 255
$r = mysql_unbuffered_query($q, $this->_conn);
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 256
$this->query_times[$q] = microtime_float() - $time_start;
1
+ − 257
$this->latest_result = $r;
+ − 258
$this->disable_errorhandler();
+ − 259
return $r;
+ − 260
}
+ − 261
+ − 262
/**
+ − 263
* Checks a SQL query for possible signs of injection attempts
+ − 264
* @param string $q the query to check
+ − 265
* @return bool true if query passed check, otherwise false
+ − 266
*/
+ − 267
+ − 268
function check_query($q, $debug = false)
+ − 269
{
+ − 270
if($debug) echo "\$db->check_query(): checking query: ".htmlspecialchars($q).'<br />'."\n";
+ − 271
$sz = strlen($q);
+ − 272
$quotechar = false;
+ − 273
$quotepos = 0;
+ − 274
$prev_is_quote = false;
+ − 275
$just_started = false;
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 276
for ( $i = 0; $i < strlen($q); $i++, $c = substr($q, $i, 1) )
1
+ − 277
{
+ − 278
$next = substr($q, $i+1, 1);
+ − 279
$next2 = substr($q, $i+2, 1);
+ − 280
$prev = substr($q, $i-1, 1);
+ − 281
$prev2 = substr($q, $i-2, 1);
+ − 282
if(isset($c) && in_array($c, Array('"', "'", '`')))
+ − 283
{
+ − 284
if($quotechar)
+ − 285
{
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 286
if (
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 287
( $quotechar == $c && $quotechar != $next && ( $quotechar != $prev || $just_started ) && $prev != '\\') ||
1
+ − 288
( $prev2 == '\\' && $prev == $quotechar && $quotechar == $c )
+ − 289
)
+ − 290
{
+ − 291
$quotechar = false;
+ − 292
if($debug) echo('$db->check_query(): just finishing a quote section, quoted string: '.htmlspecialchars(substr($q, $quotepos, $i - $quotepos + 1)) . '<br />');
+ − 293
$q = substr($q, 0, $quotepos) . 'SAFE_QUOTE' . substr($q, $i + 1, strlen($q));
+ − 294
if($debug) echo('$db->check_query(): Filtered query: '.$q.'<br />');
+ − 295
$i = $quotepos;
+ − 296
}
+ − 297
}
+ − 298
else
+ − 299
{
+ − 300
$quotechar = $c;
+ − 301
$quotepos = $i;
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 302
$just_started = true;
1
+ − 303
}
+ − 304
if($debug) echo '$db->check_query(): found quote char as pos: '.$i.'<br />';
+ − 305
continue;
+ − 306
}
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 307
$just_started = false;
1
+ − 308
}
+ − 309
if(substr(trim($q), strlen(trim($q))-1, 1) == ';') $q = substr(trim($q), 0, strlen(trim($q))-1);
+ − 310
for($i=0;$i<strlen($q);$i++,$c=substr($q, $i, 1))
+ − 311
{
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 312
if (
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 313
( ( $c == ';' && $i != $sz-1 ) || $c . substr($q, $i+1, 1) == '--' )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 314
|| ( in_array($c, Array('"', "'", '`')) )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 315
) // Don't permit semicolons in mid-query, and never allow comments
1
+ − 316
{
+ − 317
// Injection attempt!
+ − 318
if($debug)
+ − 319
{
+ − 320
$e = '';
+ − 321
for($j=$i-5;$j<$i+5;$j++)
+ − 322
{
+ − 323
if($j == $i) $e .= '<span style="color: red; text-decoration: underline;">' . $c . '</span>';
+ − 324
else $e .= $c;
+ − 325
}
+ − 326
echo 'Injection attempt caught at pos: '.$i.'<br />';
+ − 327
}
+ − 328
return false;
+ − 329
}
+ − 330
}
128
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 331
if ( preg_match('/[\s]+(SAFE_QUOTE|[\S]+)=\\1($|[\s]+)/', $q, $match) )
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 332
{
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 333
if ( $debug ) echo 'Found always-true test in query, injection attempt caught, match:<br />' . '<pre>' . print_r($match, true) . '</pre>';
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 334
return false;
01955bf53f96
Improved ban control page and allowed multiple entries/IP ranges; changed some parameters on jBox; user level changes are logged now
Dan
diff
changeset
+ − 335
}
1
+ − 336
return true;
+ − 337
}
+ − 338
+ − 339
/**
+ − 340
* Set the internal result pointer to X
+ − 341
* @param int $pos The number of the row
+ − 342
* @param resource $result The MySQL result resource - if not given, the latest cached query is assumed
+ − 343
* @return true on success, false on failure
+ − 344
*/
+ − 345
+ − 346
function sql_data_seek($pos, $result = false)
+ − 347
{
+ − 348
$this->enable_errorhandler();
+ − 349
if(!$result)
+ − 350
$result = $this->latest_result;
+ − 351
if(!$result)
+ − 352
{
+ − 353
$this->disable_errorhandler();
+ − 354
return false;
+ − 355
}
+ − 356
if(mysql_data_seek($result, $pos))
+ − 357
{
+ − 358
$this->disable_errorhandler();
+ − 359
return true;
+ − 360
}
+ − 361
else
+ − 362
{
+ − 363
$this->disable_errorhandler();
+ − 364
return false;
+ − 365
}
+ − 366
}
+ − 367
+ − 368
/**
+ − 369
* Reports a bad query to the admin
+ − 370
* @param string $query the naughty query
+ − 371
* @access private
+ − 372
*/
+ − 373
+ − 374
function report_query($query)
+ − 375
{
+ − 376
global $session;
+ − 377
if(is_object($session) && defined('ENANO_MAINSTREAM'))
+ − 378
$username = $session->username;
+ − 379
else
+ − 380
$username = 'Unavailable';
+ − 381
$query = $this->escape($query);
+ − 382
$q = $this->sql_query('INSERT INTO '.table_prefix.'logs(log_type, action, time_id, date_string, page_text, author, edit_summary)
+ − 383
VALUES(\'security\', \'sql_inject\', '.time().', \'\', \''.$query.'\', \''.$username.'\', \''.$_SERVER['REMOTE_ADDR'].'\');');
+ − 384
}
+ − 385
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 386
/**
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 387
* Returns the ID of the row last inserted.
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 388
* @return int
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 389
*/
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 390
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 391
function insert_id()
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 392
{
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 393
return @mysql_insert_id();
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 394
}
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 395
1
+ − 396
function fetchrow($r = false) {
+ − 397
$this->enable_errorhandler();
+ − 398
if(!$this->_conn) return false;
+ − 399
if(!$r) $r = $this->latest_result;
+ − 400
if(!$r) $this->_die('$db->fetchrow(): an invalid MySQL resource was passed.');
+ − 401
$row = mysql_fetch_assoc($r);
+ − 402
$this->disable_errorhandler();
+ − 403
return $row;
+ − 404
}
+ − 405
+ − 406
function fetchrow_num($r = false) {
+ − 407
$this->enable_errorhandler();
+ − 408
if(!$r) $r = $this->latest_result;
+ − 409
if(!$r) $this->_die('$db->fetchrow(): an invalid MySQL resource was passed.');
+ − 410
$row = mysql_fetch_row($r);
+ − 411
$this->disable_errorhandler();
+ − 412
return $row;
+ − 413
}
+ − 414
+ − 415
function numrows($r = false) {
+ − 416
$this->enable_errorhandler();
+ − 417
if(!$r) $r = $this->latest_result;
+ − 418
if(!$r) $this->_die('$db->fetchrow(): an invalid MySQL resource was passed.');
+ − 419
$n = mysql_num_rows($r);
+ − 420
$this->disable_errorhandler();
+ − 421
return $n;
+ − 422
}
+ − 423
+ − 424
function escape($str)
+ − 425
{
+ − 426
$this->enable_errorhandler();
+ − 427
$str = mysql_real_escape_string($str);
+ − 428
$this->disable_errorhandler();
+ − 429
return $str;
+ − 430
}
+ − 431
+ − 432
function free_result($result = false)
+ − 433
{
+ − 434
$this->enable_errorhandler();
+ − 435
if(!$result)
+ − 436
$result = $this->latest_result;
+ − 437
if(!$result)
+ − 438
{
+ − 439
$this->disable_errorhandler();
+ − 440
return null;
+ − 441
}
+ − 442
mysql_free_result($result);
+ − 443
$this->disable_errorhandler();
+ − 444
return null;
+ − 445
}
+ − 446
+ − 447
function close() {
+ − 448
mysql_close($this->_conn);
+ − 449
unset($this->_conn);
+ − 450
}
+ − 451
+ − 452
// phpBB DBAL compatibility
+ − 453
function sql_fetchrow($r = false)
+ − 454
{
+ − 455
return $this->fetchrow($r);
+ − 456
}
+ − 457
function sql_freeresult($r = false)
+ − 458
{
+ − 459
if(!$this->_conn) return false;
+ − 460
if(!$r) $r = $this->latest_result;
+ − 461
if(!$r) $this->_die('$db->fetchrow(): an invalid MySQL resource was passed.');
+ − 462
mysql_free_result($r);
+ − 463
}
+ − 464
function sql_numrows($r = false)
+ − 465
{
+ − 466
if(!$this->_conn) return false;
+ − 467
if(!$r) $r = $this->latest_result;
+ − 468
if(!$r) $this->_die('$db->fetchrow(): an invalid MySQL resource was passed.');
+ − 469
return mysql_num_rows($r);
+ − 470
}
+ − 471
function sql_affectedrows($r = false, $f, $n)
+ − 472
{
+ − 473
if(!$this->_conn) return false;
+ − 474
if(!$r) $r = $this->latest_result;
+ − 475
if(!$r) $this->_die('$db->fetchrow(): an invalid MySQL resource was passed.');
+ − 476
return mysql_affected_rows();
+ − 477
}
+ − 478
+ − 479
function sql_type_cast(&$value)
+ − 480
{
+ − 481
if ( is_float($value) )
+ − 482
{
+ − 483
return doubleval($value);
+ − 484
}
+ − 485
if ( is_integer($value) || is_bool($value) )
+ − 486
{
+ − 487
return intval($value);
+ − 488
}
+ − 489
if ( is_string($value) || empty($value) )
+ − 490
{
+ − 491
return '\'' . $this->sql_escape_string($value) . '\'';
+ − 492
}
+ − 493
// uncastable var : let's do a basic protection on it to prevent sql injection attempt
+ − 494
return '\'' . $this->sql_escape_string(htmlspecialchars($value)) . '\'';
+ − 495
}
+ − 496
+ − 497
function sql_statement(&$fields, $fields_inc='')
+ − 498
{
+ − 499
// init result
+ − 500
$this->sql_fields = $this->sql_values = $this->sql_update = '';
+ − 501
if ( empty($fields) && empty($fields_inc) )
+ − 502
{
+ − 503
return;
+ − 504
}
+ − 505
+ − 506
// process
+ − 507
if ( !empty($fields) )
+ − 508
{
+ − 509
$first = true;
+ − 510
foreach ( $fields as $field => $value )
+ − 511
{
+ − 512
// field must contain a field name
+ − 513
if ( !empty($field) && is_string($field) )
+ − 514
{
+ − 515
$value = $this->sql_type_cast($value);
+ − 516
$this->sql_fields .= ( $first ? '' : ', ' ) . $field;
+ − 517
$this->sql_values .= ( $first ? '' : ', ' ) . $value;
+ − 518
$this->sql_update .= ( $first ? '' : ', ' ) . $field . ' = ' . $value;
+ − 519
$first = false;
+ − 520
}
+ − 521
}
+ − 522
}
+ − 523
if ( !empty($fields_inc) )
+ − 524
{
+ − 525
foreach ( $fields_inc as $field => $indent )
+ − 526
{
+ − 527
if ( $indent != 0 )
+ − 528
{
+ − 529
$this->sql_update .= (empty($this->sql_update) ? '' : ', ') . $field . ' = ' . $field . ($indent < 0 ? ' - ' : ' + ') . abs($indent);
+ − 530
}
+ − 531
}
+ − 532
}
+ − 533
}
+ − 534
+ − 535
function sql_stack_reset($id='')
+ − 536
{
+ − 537
if ( empty($id) )
+ − 538
{
+ − 539
$this->sql_stack_fields = array();
+ − 540
$this->sql_stack_values = array();
+ − 541
}
+ − 542
else
+ − 543
{
+ − 544
$this->sql_stack_fields[$id] = array();
+ − 545
$this->sql_stack_values[$id] = array();
+ − 546
}
+ − 547
}
+ − 548
+ − 549
function sql_stack_statement(&$fields, $id='')
+ − 550
{
+ − 551
$this->sql_statement($fields);
+ − 552
if ( empty($id) )
+ − 553
{
+ − 554
$this->sql_stack_fields = $this->sql_fields;
+ − 555
$this->sql_stack_values[] = '(' . $this->sql_values . ')';
+ − 556
}
+ − 557
else
+ − 558
{
+ − 559
$this->sql_stack_fields[$id] = $this->sql_fields;
+ − 560
$this->sql_stack_values[$id][] = '(' . $this->sql_values . ')';
+ − 561
}
+ − 562
}
+ − 563
+ − 564
function sql_stack_insert($table, $transaction=false, $line='', $file='', $break_on_error=true, $id='')
+ − 565
{
+ − 566
if ( (empty($id) && empty($this->sql_stack_values)) || (!empty($id) && empty($this->sql_stack_values[$id])) )
+ − 567
{
+ − 568
return false;
+ − 569
}
+ − 570
switch( SQL_LAYER )
+ − 571
{
+ − 572
case 'mysql':
+ − 573
case 'mysql4':
+ − 574
if ( empty($id) )
+ − 575
{
+ − 576
$sql = 'INSERT INTO ' . $table . '
+ − 577
(' . $this->sql_stack_fields . ') VALUES ' . implode(",\n", $this->sql_stack_values);
+ − 578
}
+ − 579
else
+ − 580
{
+ − 581
$sql = 'INSERT INTO ' . $table . '
+ − 582
(' . $this->sql_stack_fields[$id] . ') VALUES ' . implode(",\n", $this->sql_stack_values[$id]);
+ − 583
}
+ − 584
$this->sql_stack_reset($id);
+ − 585
return $this->sql_query($sql, $transaction, $line, $file, $break_on_error);
+ − 586
break;
+ − 587
default:
+ − 588
$count_sql_stack_values = empty($id) ? count($this->sql_stack_values) : count($this->sql_stack_values[$id]);
+ − 589
$result = !empty($count_sql_stack_values);
+ − 590
for ( $i = 0; $i < $count_sql_stack_values; $i++ )
+ − 591
{
+ − 592
if ( empty($id) )
+ − 593
{
+ − 594
$sql = 'INSERT INTO ' . $table . '
+ − 595
(' . $this->sql_stack_fields . ') VALUES ' . $this->sql_stack_values[$i];
+ − 596
}
+ − 597
else
+ − 598
{
+ − 599
$sql = 'INSERT INTO ' . $table . '
+ − 600
(' . $this->sql_stack_fields[$id] . ') VALUES ' . $this->sql_stack_values[$id][$i];
+ − 601
}
+ − 602
$result &= $this->sql_query($sql, $transaction, $line, $file, $break_on_error);
+ − 603
}
+ − 604
$this->sql_stack_reset($id);
+ − 605
return $result;
+ − 606
break;
+ − 607
}
+ − 608
}
+ − 609
+ − 610
function sql_subquery($field, $sql, $line='', $file='', $break_on_error=true, $type=TYPE_INT)
+ − 611
{
+ − 612
// sub-queries doable
+ − 613
$this->sql_get_version();
+ − 614
if ( !in_array(SQL_LAYER, array('mysql', 'mysql4')) || (($this->sql_version[0] + ($this->sql_version[1] / 100)) >= 4.01) )
+ − 615
{
+ − 616
return $sql;
+ − 617
}
+ − 618
+ − 619
// no sub-queries
+ − 620
$ids = array();
+ − 621
$result = $this->sql_query(trim($sql), false, $line, $file, $break_on_error);
+ − 622
while ( $row = $this->sql_fetchrow($result) )
+ − 623
{
+ − 624
$ids[] = $type == TYPE_INT ? intval($row[$field]) : '\'' . $this->sql_escape_string($row[$field]) . '\'';
+ − 625
}
+ − 626
$this->sql_freeresult($result);
+ − 627
return empty($ids) ? 'NULL' : implode(', ', $ids);
+ − 628
}
+ − 629
+ − 630
function sql_col_id($expr, $alias)
+ − 631
{
+ − 632
$this->sql_get_version();
+ − 633
return in_array(SQL_LAYER, array('mysql', 'mysql4')) && (($this->sql_version[0] + ($this->sql_version[1] / 100)) <= 4.01) ? $alias : $expr;
+ − 634
}
+ − 635
+ − 636
function sql_get_version()
+ − 637
{
+ − 638
if ( empty($this->sql_version) )
+ − 639
{
+ − 640
$this->sql_version = array(0, 0, 0);
+ − 641
switch ( SQL_LAYER )
+ − 642
{
+ − 643
case 'mysql':
+ − 644
case 'mysql4':
+ − 645
if ( function_exists('mysql_get_server_info') )
+ − 646
{
+ − 647
$lo_version = explode('-', mysql_get_server_info());
+ − 648
$this->sql_version = explode('.', $lo_version[0]);
+ − 649
$this->sql_version = array(intval($this->sql_version[0]), intval($this->sql_version[1]), intval($this->sql_version[2]), $lo_version[1]);
+ − 650
}
+ − 651
break;
+ − 652
+ − 653
case 'postgresql':
+ − 654
case 'mssql':
+ − 655
case 'mssql-odbc':
+ − 656
default:
+ − 657
break;
+ − 658
}
+ − 659
}
+ − 660
return $this->sql_version;
+ − 661
}
+ − 662
+ − 663
function sql_error()
+ − 664
{
+ − 665
if ( $this->_conn )
+ − 666
{
+ − 667
return mysql_error();
+ − 668
}
+ − 669
else
+ − 670
{
+ − 671
return array();
+ − 672
}
+ − 673
}
+ − 674
function sql_escape_string($t)
+ − 675
{
+ − 676
return mysql_real_escape_string($t);
+ − 677
}
+ − 678
function sql_close()
+ − 679
{
+ − 680
$this->close();
+ − 681
}
+ − 682
function sql_fetchrowset($query_id = 0)
+ − 683
{
+ − 684
if( !$query_id )
+ − 685
{
+ − 686
$query_id = $this->query_result;
+ − 687
}
+ − 688
+ − 689
if( $query_id )
+ − 690
{
+ − 691
unset($this->rowset[$query_id]);
+ − 692
unset($this->row[$query_id]);
+ − 693
+ − 694
while($this->rowset[$query_id] = mysql_fetch_array($query_id, MYSQL_ASSOC))
+ − 695
{
+ − 696
$result[] = $this->rowset[$query_id];
+ − 697
}
+ − 698
+ − 699
return $result;
+ − 700
}
+ − 701
else
+ − 702
{
+ − 703
return false;
+ − 704
}
+ − 705
}
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 706
/**
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 707
* Generates and outputs a report of all the SQL queries made during execution. Should only be called after everything's over with.
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 708
*/
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 709
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 710
function sql_report()
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 711
{
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 712
global $db, $session, $paths, $template, $plugins; // Common objects
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 713
if ( !$session->get_permissions('mod_misc') )
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 714
{
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 715
die_friendly('Access denied', '<p>You are not authorized to generate a SQL backtrace.</p>');
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 716
}
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 717
// Create copies of variables that may be changed after header is called
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 718
$backtrace = $this->query_backtrace;
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 719
$times = $this->query_times;
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 720
$template->header();
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 721
echo '<h3>SQL query log and timetable</h3>';
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 722
echo '<div class="tblholder">
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 723
<table border="0" cellspacing="1" cellpadding="4">';
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 724
$i = 0;
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 725
foreach ( $backtrace as $query )
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 726
{
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 727
$i++;
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 728
$unbuffered = false;
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 729
if ( substr($query, 0, 13) == '(UNBUFFERED) ' )
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 730
{
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 731
$query = substr($query, 13);
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 732
$unbuffered = true;
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 733
}
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 734
if ( $i == 1 )
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 735
{
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 736
echo '<tr>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 737
<th colspan="2">SQL backtrace for a normal page load of ' . htmlspecialchars($paths->cpage['urlname']) . '</th>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 738
</tr>';
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 739
}
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 740
else
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 741
{
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 742
echo '<tr>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 743
<th class="subhead" colspan="2"> </th>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 744
</tr>';
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 745
}
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 746
echo '<tr>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 747
<td class="row2">Query:</td>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 748
<td class="row1"><pre>' . htmlspecialchars($query) . '</pre></td>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 749
</tr>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 750
<tr>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 751
<td class="row2">Time:</td>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 752
<td class="row1">' . number_format($this->query_times[$query], 6) . ' seconds</td>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 753
</tr>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 754
<tr>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 755
<td class="row2">Unbuffered:</td>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 756
<td class="row1">' . ( $unbuffered ? 'Yes' : 'No' ) . '</td>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 757
</tr>';
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 758
if ( isset($this->query_sources[$query]) )
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 759
{
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 760
echo '<tr>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 761
<td class="row2">Called from:</td>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 762
<td class="row1">' . $this->query_sources[$query] . '</td>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 763
</tr>';
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 764
}
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 765
}
236
3f98d4ba1e33
Added OpenDocument MIME types and extensions; make sql_report page show total time taken for SQL queries
Dan
diff
changeset
+ − 766
if ( function_exists('array_sum') )
3f98d4ba1e33
Added OpenDocument MIME types and extensions; make sql_report page show total time taken for SQL queries
Dan
diff
changeset
+ − 767
{
3f98d4ba1e33
Added OpenDocument MIME types and extensions; make sql_report page show total time taken for SQL queries
Dan
diff
changeset
+ − 768
$query_time_total = array_sum($this->query_times);
3f98d4ba1e33
Added OpenDocument MIME types and extensions; make sql_report page show total time taken for SQL queries
Dan
diff
changeset
+ − 769
echo '<tr>
3f98d4ba1e33
Added OpenDocument MIME types and extensions; make sql_report page show total time taken for SQL queries
Dan
diff
changeset
+ − 770
<th class="subhead" colspan="2">
3f98d4ba1e33
Added OpenDocument MIME types and extensions; make sql_report page show total time taken for SQL queries
Dan
diff
changeset
+ − 771
Total time taken for SQL queries: ' . round( $query_time_total, 6 ) . ' seconds
3f98d4ba1e33
Added OpenDocument MIME types and extensions; make sql_report page show total time taken for SQL queries
Dan
diff
changeset
+ − 772
</th>
3f98d4ba1e33
Added OpenDocument MIME types and extensions; make sql_report page show total time taken for SQL queries
Dan
diff
changeset
+ − 773
</tr>';
3f98d4ba1e33
Added OpenDocument MIME types and extensions; make sql_report page show total time taken for SQL queries
Dan
diff
changeset
+ − 774
}
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 775
echo ' </table>
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 776
</div>';
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 777
$template->footer();
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 778
}
1
+ − 779
}
+ − 780
+ − 781
?>