reformat; fix some transition bugs

6 years ago · 1176c9ce78
parent ea33d9951a
commit 1176c9ce78
11 changed files with 61 additions and 132 deletions
--- a/functions.inc.php
+++ b/functions.inc.php
@ -327,39 +327,13 @@ function check_email($email) {
 * @return string cleaned data, suitable for use within an SQL statement.
 */
 function escape_string($string) {
-    global $CONF;
-
-    if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
-        $string = stripslashes($string);
+    if (is_numeric($string)) {
+        return $string;
    }

-    $escaped_string = '';
-
-    if (!is_numeric($string)) {
    $link = db_connect();

-        if ($CONF['database_type'] == "mysql" && is_resource($link)) {
-            $escaped_string = mysql_real_escape_string($string, $link);
-        }
-        if ($CONF['database_type'] == "mysqli" && $link instanceof mysqli) {
-            $escaped_string = mysqli_real_escape_string($link, $string);
-        }
-        if (db_sqlite()) {
-            $escaped_string = SQLite3::escapeString($string);
-        }
-        if (db_pgsql() && is_resource($link)) {
-            // php 5.2+ allows for $link to be specified.
-            if (version_compare(phpversion(), "5.2.0", ">=")) {
-                $escaped_string = pg_escape_string($link, $string);
-            } else {
-                $escaped_string = pg_escape_string($string);
-            }
-        }
-    } else {
-        $escaped_string = $string;
-    }
-
-    return $escaped_string;
+    return trim($link->quote($string), "'");
 }


@ -588,12 +562,10 @@ function create_page_browser($idxfield, $querypart) {
        if (isset($result[$k + 1])) {
            $row2 = $result[$k + 1];
            $label = substr($row['label'], 0, $label_len) . '-' . substr($row2['label'], 0, $label_len);
-        }
-        else {
+        } else {
            $label = substr($row['label'], 0, $label_len);
        }
        $pagebrowser[] = $label;
-
    }

    if (db_pgsql()) {
@ -652,7 +624,6 @@ function check_owner($username, $domain) {
 * @return array of domain names.
 */
 function list_domains_for_admin($username) {
-
    $table_domain = table_by_key('domain');
    $table_domain_admins = table_by_key('domain_admins');

@ -683,7 +654,6 @@ function list_domains_for_admin($username) {
    $result = db_prepared_fetch_all($query, $pvalues);

    return array_column($result, 'domain');
-
 }


@ -729,6 +699,7 @@ function list_admins() {
    $handler = new AdminHandler();

    $handler->getList('');
+
    return $handler->result();
 }

@ -1509,8 +1480,7 @@ function db_connect_with_errors() {
        }
        $queries[] = 'SET CHARACTER SET utf8';
        $queries[] = "SET COLLATION_CONNECTION='utf8_general_ci'";
-    }
-     elseif (db_sqlite()) {
+    } elseif (db_sqlite()) {
        $dsn = "sqlite:{$CONF['database_name']}";
        $username_password = false;
    } elseif (db_pgsql()) {
@ -1523,9 +1493,8 @@ function db_connect_with_errors() {
    }

    if ($username_password) {
-        $link = new PDO($dsn, Config::read_string('database_user'), Config::read_string('database_pass'), $options);
-    }
-    else {
+        $link = new PDO($dsn, Config::read_string('database_user'), Config::read_string('database_password'), $options);
+    } else {
        $link = new PDO($dsn, null, null, $options);
    }

@ -1658,8 +1627,7 @@ function db_prepared_insert($sql, array $values = array()) {
    try {
        $stmt = $link->prepare($sql);
        $stmt->execute($values);
-    }
-    catch(PDOException $e) {
+    } catch (PDOException $e) {
        $error_text = "Invalid query: " . $e->getMessage() .  " caused by " . $sql ;
        error_log($error_text);
    }
@ -1673,15 +1641,13 @@ function db_prepared_insert($sql, array $values = array()) {
 * @return array e.g. ['result' => PDOStatement, 'error' => string ]
 */
 function db_prepared_query($sql, array $values = array(), $ignore_errors = false) {
-
    $link = db_connect();
    $error_text = '';

    try {
        $stmt = $link->prepare($sql);
        $stmt->execute($values);
-    }
-    catch(PDOException $e) {
+    } catch (PDOException $e) {
        $error_text = "Invalid query: " . $e->getMessage() .  " caused by " . $sql ;
        error_log($error_text);
        if (!$ignore_errors) {
@ -1701,32 +1667,10 @@ function db_prepared_query($sql, array $values = array(), $ignore_errors = false
 * @param int $ignore_errors (default 0 aka do not ignore errors)
 * @return array ['result' => resource, 'rows' => int ,'error' => string]
 */
-function db_query($query, $ignore_errors = 0)
-{
+function db_query($query, $ignore_errors = 0) {
    return db_prepared_query($query, array(), $ignore_errors == 0);
 }

-// db_row
-// Action: Returns a row from a table
-// Call: db_row (int result)
-
-
-
-/**
- * Get an associative array from a DB query resource.
- *
- * @param PDOStatement $result
- * @return array
- */
-function db_assoc(PDOStatement $result) {
-
-    $row = $result->fetch(PDO::FETCH_ASSOC);
-
-    if (!is_array($row)) {
-        $row = [];
-    }
-    return $row;
-}


 /**
@ -1746,7 +1690,6 @@ function db_delete($table, $where, $delete, $additionalwhere='') {
    $query = "DELETE FROM $table WHERE $where = ? $additionalwhere";

    return db_prepared_insert($query, [$delete]);
-
 }


@ -1799,8 +1742,7 @@ function db_insert($table, array $values, $timestamp = array('created', 'modifie
        if (in_array($field, $timestamp)) {
            $value_string .= $comma . $value; // see above.
            unset($prepared_statment_values[$field]);
-        }
-        else {
+        } else {
            $value_string .= $comma . ":{$field}";
        }
        $comma = ',';
@ -1810,7 +1752,6 @@ function db_insert($table, array $values, $timestamp = array('created', 'modifie
    return db_prepared_insert(
        "INSERT INTO $table (" . implode(",", array_keys($values)) .") VALUES ($value_string)",
        $prepared_statment_values);
-
 }


@ -1826,7 +1767,6 @@ function db_insert($table, array $values, $timestamp = array('created', 'modifie
 * @return int - number of updated rows
 */
 function db_update($table, $where_col, $where_value, $values, $timestamp = array('modified')) {
-
    $table_key = table_by_key($table);
    $sql_values = array();

@ -1837,16 +1777,13 @@ function db_update($table, $where_col, $where_value, $values, $timestamp = array
        if (in_array($key, $timestamp)) {
            if (db_sqlite()) {
                $set[] = " $key = datetime('now') ";
-            }
-            else {
+            } else {
                $set[] = " $key = now() ";
            }
-        }
-        else {
+        } else {
            $set[] = " $key = :$key ";
            $pvalues[$key] = $value;
        }
-
    }

    /* @todo this needs refactoring/moving out from here */
@ -1867,7 +1804,6 @@ function db_update($table, $where_col, $where_value, $values, $timestamp = array
    $sql="UPDATE $table_key SET " . implode(",", $set) . " WHERE $where_col = :where";

    return db_prepared_insert($sql, $pvalues);
-
 }


@ -2042,8 +1978,7 @@ function check_db_version($error_out = true) {

    if (isset($row['value'])) {
        $dbversion = (int) $row['value'];
-    }
-    else {
+    } else {
        db_query("INSERT INTO $table (name, value) VALUES ('version', '0')", 0);
    }

@ -2071,10 +2006,10 @@ function gen_show_status($show_alias) {
    $stat_string = "";

    $stat_goto = "";
-    $stat_result = db_prepared_fetch_all("SELECT goto FROM $table_alias WHERE address=?", [$show_alias]);
+    $stat_result = db_prepared_fetch_one("SELECT goto FROM $table_alias WHERE address=?", array($show_alias));

-    if (sizeof($stat_result) > 0) {
-        $stat_goto = $stat_result[0]['goto'];
+    if ($stat_result) {
+        $stat_goto = $stat_result['goto'];
    }

    $delimiter_regex = null;
@ -2115,11 +2050,12 @@ function gen_show_status($show_alias) {
                $sql .= " OR address = ? ";
            }

-            $stat_result = db_prepared_query($sql, $v);
+            $stat_result = db_prepared_fetch_one($sql, $v);

-            if (array_key_exists('rows', $stat_result) && $stat_result['rows'] == 0) {
+            if (empty($stat_result)) {
                $stat_ok = 0;
            }
+
            if ($stat_ok == 0) {
                if ($stat_domain == $CONF['vacation_domain'] || in_array($stat_domain, $CONF['show_undeliverable_exceptions'])) {
                    $stat_ok = 1;
@ -2135,8 +2071,8 @@ function gen_show_status($show_alias) {

    // Vacation CHECK
    if ( $CONF['show_vacation'] == 'YES' ) {
-        $stat_result = db_prepared_query("SELECT * FROM ". $CONF['database_tables']['vacation'] ." WHERE email = ? AND active = ? ", array($show_alias, db_get_boolean(true) )) ;
-        if ($stat_result['rows'] == 1) {
+        $stat_result = db_prepared_fetch_one("SELECT * FROM ". $CONF['database_tables']['vacation'] ." WHERE email = ? AND active = ? ", array($show_alias, db_get_boolean(true) )) ;
+        if (!empty($stat_result)) {
            $stat_string .= "<span style='background-color:" . $CONF['show_vacation_color'] . "'>" . $CONF['show_status_text'] . "</span>&nbsp;";
        } else {
            $stat_string .= $CONF['show_status_text'] . "&nbsp;";
@ -2145,11 +2081,11 @@ function gen_show_status($show_alias) {

    // Disabled CHECK
    if ( $CONF['show_disabled'] == 'YES' ) {
-        $stat_result = db_prepared_query(
+        $stat_result = db_prepared_fetch_one(
            "SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = ? AND active = ?",
            array($show_alias, db_get_boolean(false))
        );
-        if ($stat_result['rows'] == 1) {
+        if (!empty($stat_result)) {
            $stat_string .= "<span style='background-color:" . $CONF['show_disabled_color'] . "'>" . $CONF['show_status_text'] . "</span>&nbsp;";
        } else {
            $stat_string .= $CONF['show_status_text'] . "&nbsp;";
@ -2163,9 +2099,9 @@ function gen_show_status($show_alias) {
            $now = "datetime('now')";
        }

-        $stat_result = db_prepared_query("SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = ? AND password_expiry <= ? AND active = ?", array( $show_alias , $now , db_get_boolean(true) ));
+        $stat_result = db_prepared_fetch_one("SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = ? AND password_expiry <= ? AND active = ?", array( $show_alias , $now , db_get_boolean(true) ));

-        if ($stat_result['rows'] == 1) {
+        if (!empty($stat_result)) {
            $stat_string .= "<span style='background-color:" . $CONF['show_expired_color'] . "'>" . $CONF['show_status_text'] . "</span>&nbsp;";
        } else {
            $stat_string .= $CONF['show_status_text'] . "&nbsp;";
--- a/model/AdminHandler.php
+++ b/model/AdminHandler.php
@ -154,8 +154,8 @@ class AdminHandler extends PFAHandler {
                    'domain'    => 'ALL',
                );
                $where = db_where_clause(array('username' => $this->id, 'domain' => 'ALL'), $this->struct);
-                $result = db_query("SELECT username from " . table_by_key('domain_admins') . " " . $where);
-                if ($result['rows'] == 0) {
+                $result = db_prepared_fetch_one("SELECT username from " . table_by_key('domain_admins') . " " . $where);
+                if(empty($result)) {
                    db_insert('domain_admins', $values, array('created'));
                    # TODO: check for errors
                }
--- a/model/PFAHandler.php
+++ b/model/PFAHandler.php
@ -727,7 +727,9 @@ abstract class PFAHandler {

        $db_result = array();

+
        $result = db_prepared_fetch_all($query);
+
        foreach ($result as $row) {
            $db_result[$row[$this->id_field]] = $row;
        }
@ -814,7 +816,6 @@ abstract class PFAHandler {
     * @return boolean true on successful login (i.e. password matches etc)
     */
    public function login($username, $password) {
-
        $table = table_by_key($this->db_table);
        $active = db_get_boolean(true);
        $query = "SELECT password FROM $table WHERE {$this->id_field} = :username AND active = :active";
@ -861,7 +862,6 @@ abstract class PFAHandler {
     * @return boolean true on success (i.e. code matches etc)
     */
    public function checkPasswordRecoveryCode($username, $token) {
-
        $table = table_by_key($this->db_table);
        $active = db_get_boolean(true);

--- a/model/VacationHandler.php
+++ b/model/VacationHandler.php
@ -186,7 +186,6 @@ class VacationHandler extends PFAHandler {
     * will return false if no existing data
     */
    public function get_details() {
-
        $table_vacation = table_by_key('vacation');

        $sql = "SELECT * FROM $table_vacation WHERE email = :username";
@ -244,8 +243,8 @@ class VacationHandler extends PFAHandler {

        // is there an entry in the vacaton table for the user, or do we need to insert?
        $table_vacation = table_by_key('vacation');
-        $result = db_query("SELECT * FROM $table_vacation WHERE email = '$E_username'");
-        if ($result['rows'] == 1) {
+        $result = db_prepared_fetch_one("SELECT * FROM $table_vacation WHERE email = ?", array($this->username));
+        if(!empty($result)) {
            $result = db_update('vacation', 'email', $this->username, $vacation_data);
        } else {
            $result = db_insert('vacation', $vacation_data);
--- a/public/backup.php
+++ b/public/backup.php
@ -101,7 +101,6 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") {
            foreach ($result as $row) {
                fwrite($fh, array_pop($row));
            }
-
        }

        for ($i = 0 ; $i < sizeof($tables) ; ++$i) {
@ -120,7 +119,6 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") {
                $fields = "";
                $values = "";
            }
-
        }
    }
    header("Content-Type: text/plain");
--- a/public/list-virtual.php
+++ b/public/list-virtual.php
@ -229,7 +229,6 @@ $delimiter = preg_quote($CONF['recipient_delimiter'], "/");
 $goto_single_rec_del = "";

 foreach ($result as $row) {
-
    if ($display_mailbox_aliases) {
        $goto_split = explode(",", $row['goto']);
        $row['goto_mailbox'] = 0;
--- a/public/list.php
+++ b/public/list.php
@ -76,6 +76,7 @@ if (count($search)) {
 } else {
    $handler->getList('');
 }
+
 $items = $handler->result();

 if (count($handler->errormsg)) {
--- a/public/upgrade.php
+++ b/public/upgrade.php
@ -1416,7 +1416,6 @@ function upgrade_1284_mysql_pgsql() {
        printdebug("Setting superadmin flag for " . $row['username']);
        db_update('admin', 'username', $row['username'], array('superadmin' => db_get_boolean(true)));
    }
-
 }

 function upgrade_1345_mysql() {
--- a/tests/DbBasicTest.php
+++ b/tests/DbBasicTest.php
@ -3,7 +3,6 @@
 require_once('common.php');

 class DbBasicTest extends \PHPUnit\Framework\TestCase {
-
    private $test_domain;

    public function setUp() {
@ -12,10 +11,8 @@ class DbBasicTest extends \PHPUnit\Framework\TestCase {
        $this->test_domain = $test_domain;

        $db->exec("DELETE FROM domain WHERE domain = '$test_domain'");
-
    }
    public function testInsertDeleteDomain() {
-
        $domain = $this->test_domain;

        $username = 'testusername' . uniqid();