banananetwork
/
postfixadmin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix psalm issues; reformat; rename new db functions

Browse Source
pull/231/head
David Goodwin 6 years ago
parent 1176c9ce78
commit 803e2342f8
15 changed files with 86 additions and 78 deletions
Show Stats Download Patch File Download Diff File

100
functions.inc.php
Unescape Escape View File

@ -270,11 +270,11 @@ function get_password_expiration_value($domain) {
$table_domain = table_by_key('domain');
$query = "SELECT password_expiry FROM $table_domain WHERE domain= :domain";
$result = db_prepared_fetch_one($query, array('domain' => $domain));
$result = db_query_one($query, array('domain' => $domain));
if (is_array($result) && isset($result['password_expiry'])) {
return $result['password_expiry'];
}
return null;
return 0;
}
/**
@ -507,7 +507,7 @@ function create_page_browser($idxfield, $querypart) {
# get number of rows
$query = "SELECT count(*) as counter FROM (SELECT $idxfield $querypart) AS tmp";
$result = db_prepared_fetch_one($query);
$result = db_query_one($query);
if ($result && isset($result['counter'])) {
$count_results = $result['counter'] -1; # we start counting at 0, not 1
}
@ -522,7 +522,7 @@ function create_page_browser($idxfield, $querypart) {
$initcount = "CREATE TEMPORARY SEQUENCE rowcount MINVALUE 0";
}
if (!db_sqlite()) {
db_query($initcount);
db_execute($initcount);
}
# get labels for relevant rows (first and last of each page)
@ -556,8 +556,7 @@ function create_page_browser($idxfield, $querypart) {
# CREATE TEMPORARY SEQUENCE foo MINVALUE 0 MAXVALUE $page_size_zerobase CYCLE
# afterwards: DROP SEQUENCE foo
$result = db_query($query);
$result = db_prepared_fetch_all($query);
$result = db_query_all($query);
foreach ($result as $k => $row) {
if (isset($result[$k + 1])) {
$row2 = $result[$k + 1];
@ -569,7 +568,7 @@ function create_page_browser($idxfield, $querypart) {
}
if (db_pgsql()) {
db_query("DROP SEQUENCE rowcount");
db_execute("DROP SEQUENCE rowcount");
}
return $pagebrowser;
@ -599,7 +598,7 @@ function divide_quota($quota) {
function check_owner($username, $domain) {
$table_domain_admins = table_by_key('domain_admins');
$result = db_prepared_fetch_all(
$result = db_query_all(
"SELECT 1 FROM $table_domain_admins WHERE username= ? AND (domain = ? OR domain = 'ALL') AND active = ?" ,
array($username, $domain, db_get_boolean(true))
);
@ -636,7 +635,7 @@ function list_domains_for_admin($username) {
$pvalues = array();
$result = db_prepared_fetch_one("SELECT username FROM $table_domain_admins WHERE username= :username AND domain='ALL'", array('username' => $username));
$result = db_query_one("SELECT username FROM $table_domain_admins WHERE username= :username AND domain='ALL'", array('username' => $username));
if (empty($result)) { # not a superadmin
$pvalues['username'] = $username;
$pvalues['active'] = db_get_boolean(true);
@ -651,20 +650,14 @@ function list_domains_for_admin($username) {
$query .= " WHERE " . join(' AND ', $condition);
$query .= " ORDER BY $table_domain.domain";
$result = db_prepared_fetch_all($query, $pvalues);
$result = db_query_all($query, $pvalues);
return array_column($result, 'domain');
}
if (!function_exists('array_column')) {
function array_column(array $array, $column) {
$retval = array();
foreach ($array as $row) {
$retval[] = $row[$column];
}
return $retval;
}
require_once(dirname(__FILE__) . '/lib/array_column.php');
}
/**
@ -676,7 +669,7 @@ function list_domains() {
$list = array();
$table_domain = table_by_key('domain');
$result = db_prepared_fetch_all("SELECT domain FROM $table_domain WHERE domain!='ALL' ORDER BY domain");
$result = db_query_all("SELECT domain FROM $table_domain WHERE domain!='ALL' ORDER BY domain");
$i = 0;
foreach ($result as $row) {
$list[$i] = $row['domain'];
@ -911,9 +904,9 @@ function _pacrypt_mysql_encrypt($pw, $pw_db) {
$pw = escape_string($pw);
if ($pw_db!="") {
$values = array('pw' => $pw_db, 'salt' => substr($pw_db, 0, 2));
$res = db_prepared_fetch_one("SELECT ENCRYPT(:pw,:salt) as result", $values);
$res = db_query_one("SELECT ENCRYPT(:pw,:salt) as result", $values);
} else {
$res= db_prepared_fetch_one("SELECT ENCRYPT(:pw) as result", array('pw' => $pw));
$res= db_query_one("SELECT ENCRYPT(:pw) as result", array('pw' => $pw));
}
return $res['result'];
@ -1456,7 +1449,6 @@ function db_connect_with_errors() {
global $CONF;
global $DEBUG_TEXT;
$DEBUG_TEXT = '';
$error_text = '';
static $link;
@ -1465,11 +1457,15 @@ function db_connect_with_errors() {
}
$link = 0;
$options = [
$options = array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
];
);
$username_password = true;
$queries = array();
$dsn = null;
if (db_mysql()) {
$dsn = "mysql:host={$CONF['database_host']};dbname={$CONF['database_name']};charset=UTF8";
if (Config::bool('database_use_ssl')) {
@ -1489,7 +1485,7 @@ function db_connect_with_errors() {
}
$dsn = "pgsql:host={$CONF['database_host']};port={$CONF['database_port']};dbname={$CONF['database_name']};charset=UTF8";
} else {
$error_text = "<p>DEBUG INFORMATION:<br />Invalid \$CONF['database_type']! Please fix your config.inc.php! $DEBUG_TEXT";
die("<p style='color: red'>FATAL Error:<br />Invalid \$CONF['database_type']! Please fix your config.inc.php!</p>");
}
if ($username_password) {
@ -1498,6 +1494,12 @@ function db_connect_with_errors() {
$link = new PDO($dsn, null, null, $options);
}
if (!empty($queries)) {
foreach ($queries as $q) {
$link->exec($q);
}
}
return array($link, $error_text);
}
@ -1604,8 +1606,8 @@ function db_sqlite() {
* @param array $values
* @return array
*/
function db_prepared_fetch_all($sql, array $values = array()) {
$r = db_prepared_query($sql, $values);
function db_query_all($sql, array $values = array()) {
$r = db_query($sql, $values);
return $r['result']->fetchAll(PDO::FETCH_ASSOC);
}
@ -1614,15 +1616,14 @@ function db_prepared_fetch_all($sql, array $values = array()) {
* @param array $values
* @return array
*/
function db_prepared_fetch_one($sql, array $values = array()) {
$r = db_prepared_query($sql, $values);
function db_query_one($sql, array $values = array()) {
$r = db_query($sql, $values);
return $r['result']->fetch(PDO::FETCH_ASSOC);
}
function db_prepared_insert($sql, array $values = array()) {
function db_execute($sql, array $values = array(), $throw_errors = false) {
$link = db_connect();
$error_text = '';
try {
$stmt = $link->prepare($sql);
@ -1630,6 +1631,9 @@ function db_prepared_insert($sql, array $values = array()) {
} catch (PDOException $e) {
$error_text = "Invalid query: " . $e->getMessage() . " caused by " . $sql ;
error_log($error_text);
if ($throw_errors) {
throw $e;
}
}
return $stmt->rowCount();
}
@ -1640,7 +1644,7 @@ function db_prepared_insert($sql, array $values = array()) {
* @param bool $ignore_errors - set to true to ignore errors.
* @return array e.g. ['result' => PDOStatement, 'error' => string ]
*/
function db_prepared_query($sql, array $values = array(), $ignore_errors = false) {
function db_query($sql, array $values = array(), $ignore_errors = false) {
$link = db_connect();
$error_text = '';
@ -1655,21 +1659,13 @@ function db_prepared_query($sql, array $values = array(), $ignore_errors = false
}
}
return array(
"result" => $stmt,
"error" => $error_text,
);
}
/**
* @param string $query SQL to execute
* @param int $ignore_errors (default 0 aka do not ignore errors)
* @return array ['result' => resource, 'rows' => int ,'error' => string]
*/
function db_query($query, $ignore_errors = 0) {
return db_prepared_query($query, array(), $ignore_errors == 0);
}
@ -1689,7 +1685,7 @@ function db_delete($table, $where, $delete, $additionalwhere='') {
$query = "DELETE FROM $table WHERE $where = ? $additionalwhere";
return db_prepared_insert($query, [$delete]);
return db_execute($query, array($delete));
}
@ -1749,7 +1745,7 @@ function db_insert($table, array $values, $timestamp = array('created', 'modifie
}
return db_prepared_insert(
return db_execute(
"INSERT INTO $table (" . implode(",", array_keys($values)) .") VALUES ($value_string)",
$prepared_statment_values);
}
@ -1772,6 +1768,8 @@ function db_update($table, $where_col, $where_value, $values, $timestamp = array
$sql = "UPDATE $table_key SET ";
$pvalues = array();
$set = array();
foreach ($values as $key => $value) {
if (in_array($key, $timestamp)) {
@ -1803,7 +1801,7 @@ function db_update($table, $where_col, $where_value, $values, $timestamp = array
$sql="UPDATE $table_key SET " . implode(",", $set) . " WHERE $where_col = :where";
return db_prepared_insert($sql, $pvalues);
return db_execute($sql, $pvalues);
}
@ -1974,12 +1972,12 @@ function check_db_version($error_out = true) {
$table = table_by_key('config');
$sql = "SELECT value FROM $table WHERE name = 'version'";
$row = db_prepared_fetch_one($sql);
$row = db_query_one($sql);
if (isset($row['value'])) {
$dbversion = (int) $row['value'];
} else {
db_query("INSERT INTO $table (name, value) VALUES ('version', '0')", 0);
db_execute("INSERT INTO $table (name, value) VALUES ('version', '0')");
$dbversion = 0;
}
if (($dbversion < $min_db_version) && $error_out == true) {
@ -2006,7 +2004,7 @@ function gen_show_status($show_alias) {
$stat_string = "";
$stat_goto = "";
$stat_result = db_prepared_fetch_one("SELECT goto FROM $table_alias WHERE address=?", array($show_alias));
$stat_result = db_query_one("SELECT goto FROM $table_alias WHERE address=?", array($show_alias));
if ($stat_result) {
$stat_goto = $stat_result['goto'];
@ -2050,7 +2048,7 @@ function gen_show_status($show_alias) {
$sql .= " OR address = ? ";
}
$stat_result = db_prepared_fetch_one($sql, $v);
$stat_result = db_query_one($sql, $v);
if (empty($stat_result)) {
$stat_ok = 0;
@ -2071,7 +2069,7 @@ function gen_show_status($show_alias) {
// Vacation CHECK
if ( $CONF['show_vacation'] == 'YES' ) {
$stat_result = db_prepared_fetch_one("SELECT * FROM ". $CONF['database_tables']['vacation'] ." WHERE email = ? AND active = ? ", array($show_alias, db_get_boolean(true) )) ;
$stat_result = db_query_one("SELECT * FROM ". $CONF['database_tables']['vacation'] ." WHERE email = ? AND active = ? ", array($show_alias, db_get_boolean(true) )) ;
if (!empty($stat_result)) {
$stat_string .= "<span style='background-color:" . $CONF['show_vacation_color'] . "'>" . $CONF['show_status_text'] . "</span>&nbsp;";
} else {
@ -2081,7 +2079,7 @@ function gen_show_status($show_alias) {
// Disabled CHECK
if ( $CONF['show_disabled'] == 'YES' ) {
$stat_result = db_prepared_fetch_one(
$stat_result = db_query_one(
"SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = ? AND active = ?",
array($show_alias, db_get_boolean(false))
);
@ -2099,7 +2097,7 @@ function gen_show_status($show_alias) {
$now = "datetime('now')";
}
$stat_result = db_prepared_fetch_one("SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = ? AND password_expiry <= ? AND active = ?", array( $show_alias , $now , db_get_boolean(true) ));
$stat_result = db_query_one("SELECT * FROM ". $CONF['database_tables']['mailbox'] ." WHERE username = ? AND password_expiry <= ? AND active = ?", array( $show_alias , $now , db_get_boolean(true) ));
if (!empty($stat_result)) {
$stat_string .= "<span style='background-color:" . $CONF['show_expired_color'] . "'>" . $CONF['show_status_text'] . "</span>&nbsp;";

4
model/AdminHandler.php
Unescape Escape View File

@ -154,8 +154,8 @@ class AdminHandler extends PFAHandler {
'domain' => 'ALL',
);
$where = db_where_clause(array('username' => $this->id, 'domain' => 'ALL'), $this->struct);
$result = db_prepared_fetch_one("SELECT username from " . table_by_key('domain_admins') . " " . $where);
if(empty($result)) {
$result = db_query_one("SELECT username from " . table_by_key('domain_admins') . " " . $where);
if (empty($result)) {
db_insert('domain_admins', $values, array('created'));
# TODO: check for errors
}

1
model/CliDelete.php
Unescape Escape View File

@ -5,7 +5,6 @@
*/
class CliDelete extends Shell {
protected $handler_to_use = '';
/**
* Execution method always used for tasks

2
model/MailboxHandler.php
Unescape Escape View File

@ -481,7 +481,7 @@ class MailboxHandler extends PFAHandler {
$table_mailbox = table_by_key('mailbox');
$query = "SELECT SUM(quota) as sum FROM $table_mailbox WHERE domain = ? AND username != ?";
$rows = db_prepared_fetch_all($query, array($domain, $this->id));
$rows = db_query_all($query, array($domain, $this->id));
$cur_quota_total = divide_quota($rows[0]['sum']); # convert to MB
if (($quota + $cur_quota_total) > $limit['quota']) {

6
model/PFAHandler.php
Unescape Escape View File

@ -728,7 +728,7 @@ abstract class PFAHandler {
$db_result = array();
$result = db_prepared_fetch_all($query);
$result = db_query_all($query);
foreach ($result as $row) {
$db_result[$row[$this->id_field]] = $row;
@ -822,7 +822,7 @@ abstract class PFAHandler {
$values = array('username' => $username, 'active' => $active);
$result = db_prepared_fetch_all($query,$values);
$result = db_query_all($query,$values);
if (sizeof($result) == 1) {
$row = $result[0];
@ -868,7 +868,7 @@ abstract class PFAHandler {
$query = "SELECT token FROM $table WHERE {$this->id_field} = :username AND token <> '' AND active = :active AND NOW() < token_validity";
$values = array('username' => $username, 'active' => $active);
$result = db_prepared_fetch_all($query, $values);
$result = db_query_all($query, $values);
if (sizeof($result) == 1) {
$row = $result[0];

6
model/VacationHandler.php
Unescape Escape View File

@ -189,7 +189,7 @@ class VacationHandler extends PFAHandler {
$table_vacation = table_by_key('vacation');
$sql = "SELECT * FROM $table_vacation WHERE email = :username";
$result = db_prepared_fetch_all($sql, array('username' => $this->username));
$result = db_query_all($sql, array('username' => $this->username));
if (sizeof($result) != 1) {
return false;
}
@ -243,8 +243,8 @@ class VacationHandler extends PFAHandler {
// is there an entry in the vacaton table for the user, or do we need to insert?
$table_vacation = table_by_key('vacation');
$result = db_prepared_fetch_one("SELECT * FROM $table_vacation WHERE email = ?", array($this->username));
if(!empty($result)) {
$result = db_query_one("SELECT * FROM $table_vacation WHERE email = ?", array($this->username));
if (!empty($result)) {
$result = db_update('vacation', 'email', $this->username, $vacation_data);
} else {
$result = db_insert('vacation', $vacation_data);

7
psalm.xml
Unescape Escape View File

@ -17,6 +17,13 @@
<issueHandlers>
<PossiblyUndefinedGlobalVariable>
<errorLevel type="suppress">
<file name="config.inc.php" />
<file name="config.local.php" />
</errorLevel>
</PossiblyUndefinedGlobalVariable>
<InvalidGlobal>
<errorLevel type="suppress">
<file name="config.inc.php" />

2
public/backup.php
Unescape Escape View File

@ -97,7 +97,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") {
);
for ($i = 0 ; $i < sizeof($tables) ; ++$i) {
$result = db_prepared_fetch_all("SHOW CREATE TABLE " . table_by_key($tables[$i]));
$result = db_query_all("SHOW CREATE TABLE " . table_by_key($tables[$i]));
foreach ($result as $row) {
fwrite($fh, array_pop($row));
}

2
public/broadcast-message.php
Unescape Escape View File

@ -63,7 +63,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
if (intval(safepost('mailboxes_only')) == 0) {
$q .= " UNION SELECT goto FROM $table_alias WHERE active='" . db_get_boolean(true) . "' AND ".db_in_clause("domain", $wanted_domains)."AND goto NOT IN ($q)";
}
$result = db_prepared_fetch_all($q);
$result = db_query_all($q);
$recipients = array_column($result, 'username');
$recipients = array_unique($recipients);

2
public/list-virtual.php
Unescape Escape View File

@ -220,7 +220,7 @@ if (Config::bool('used_quotas') && (! Config::bool('new_quota_table'))) {
$mailbox_pagebrowser_query = "$sql_from\n$sql_join\n$sql_where\n$sql_order" ;
$query = "$sql_select\n$mailbox_pagebrowser_query\n$sql_limit";
$result = db_prepared_fetch_all($query);
$result = db_query_all($query);
$tMailbox = array();

2
public/setup.php
Unescape Escape View File

@ -303,7 +303,7 @@ if ($error != 0) {
if ($error == 0 && $pw_check_result == 'pass_OK') {
// XXX need to ensure domains table includes an 'ALL' entry.
$table_domain = table_by_key('domain');
$rows = db_prepared_fetch_all("SELECT * FROM $table_domain WHERE domain = 'ALL'");
$rows = db_query_all("SELECT * FROM $table_domain WHERE domain = 'ALL'");
if (empty($rows)) {
db_insert('domain', array('domain' => 'ALL', 'description' => '', 'transport' => '')); // all other fields should default through the schema.
}

24
public/upgrade.php
Unescape Escape View File

@ -20,7 +20,7 @@ if (!isset($CONF) || !is_array($CONF)) {
*/
function _pgsql_object_exists($name) {
$sql = "select relname from pg_class where relname = '$name'";
$r = db_prepared_fetch_one($sql);
$r = db_query_one($sql);
return !empty($r);
}
@ -48,7 +48,7 @@ function _pgsql_field_exists($table, $field) {
AND pg_catalog.pg_table_is_visible(c.oid)
)
AND a.attname = '$field' ";
$r = db_prepared_fetch_all($sql);
$r = db_query_all($sql);
return !empty($r);
}
@ -56,14 +56,14 @@ function _pgsql_field_exists($table, $field) {
function _mysql_field_exists($table, $field) {
# $table = table_by_key($table); # _mysql_field_exists is always called with the expanded table name - don't expand it twice
$sql = "SHOW COLUMNS FROM $table LIKE ?";
$r = db_prepared_fetch_all($sql, array( $field));
$r = db_query_all($sql, array( $field));
return !empty($r);
}
function _sqlite_field_exists($table, $field) {
$sql = "PRAGMA table_info($table)";
$r = db_prepared_fetch_all($sql);
$r = db_query_all($sql);
foreach ($r as $row) {
if ($row[1] == $field) {
@ -225,8 +225,8 @@ function _do_upgrade($current_version) {
}
// Update config table so we don't run the same query twice in the future.
$table = table_by_key('config');
$sql = "UPDATE $table SET value = $i WHERE name = 'version'";
db_query($sql);
$sql = "UPDATE $table SET value = :value WHERE name = 'version'";
db_execute($sql, array('value' => $i));
};
}
@ -322,9 +322,13 @@ function db_query_parsed($sql, $ignore_errors = 0, $attach_mysql = "") {
if ($debug) {
printdebug($query);
}
$result = db_query($query, $ignore_errors);
if ($debug) {
echo_out("<div style='color:#f00'>" . $result['error'] . "</div>");
try {
$result = db_execute($query, array(), true);
} catch (PDOException $e) {
if ($debug) {
echo_out("<div style='color:#f00'>" . $e->getMessage() . "</div>");
}
}
}
@ -1410,7 +1414,7 @@ function upgrade_1284_mysql_pgsql() {
# migrate the ALL domain to the superadmin column
# Note: The ALL domain is not (yet) deleted to stay backwards-compatible for now (will be done in a later upgrade function)
$result = db_prepared_fetch_all("SELECT username FROM " . table_by_key('domain_admins') . " where domain='ALL'");
$result = db_query_all("SELECT username FROM " . table_by_key('domain_admins') . " where domain='ALL'");
foreach ($result as $row) {
printdebug("Setting superadmin flag for " . $row['username']);

2
public/users/password-recover.php
Unescape Escape View File

@ -70,7 +70,7 @@ if ($_SERVER['REQUEST_METHOD'] === "POST") {
$token = $handler->getPasswordRecoveryCode($tUsername);
if ($token !== false) {
$table = table_by_key($context === 'users' ? 'mailbox' : 'admin');
$row = db_prepared_fetch_one("SELECT * FROM $table WHERE username= :username", array('username' => $username));
$row = db_query_one("SELECT * FROM $table WHERE username= :username", array('username' => $username));
// $row must exist unless there's a race condition?

2
public/viewlog.php
Unescape Escape View File

@ -66,7 +66,7 @@ if ($error != 1) {
if (db_pgsql()) {
$query = "SELECT extract(epoch from timestamp) as timestamp,username,domain,action,data FROM $table_log WHERE domain= :domain ORDER BY timestamp DESC LIMIT $page_size";
}
$result = db_prepared_fetch_all($query, array('domain' => $fDomain));
$result = db_query_all($query, array('domain' => $fDomain));
foreach ($result as $row) {
if (is_array($row) && db_pgsql()) {
$row['timestamp'] = gmstrftime('%c %Z', $row['timestamp']);

2
tests/DbBasicTest.php
Unescape Escape View File

@ -42,7 +42,7 @@ class DbBasicTest extends \PHPUnit\Framework\TestCase {
)
);
$ret = db_prepared_fetch_one("SELECT * FROM mailbox WHERE username = :username", array('username' => $username));
$ret = db_query_one("SELECT * FROM mailbox WHERE username = :username", array('username' => $username));
$this->assertTrue(!empty($ret));

Write Preview
Loading…
Cancel
Save