banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

more pear/mdb2 integration

Browse Source
release-0.6
svncommit 19 years ago
parent e0ed972884
commit d7cb77414c
21 changed files with 343 additions and 325 deletions
Show Stats Download Patch File Download Diff File

8
SQL/postgres.initial.sql
Unescape Escape View File

@ -117,11 +117,11 @@ CREATE TABLE identities (
del boolean DEFAULT false NOT NULL, del boolean DEFAULT false NOT NULL,
"default" boolean DEFAULT false NOT NULL, "default" boolean DEFAULT false NOT NULL,
name character varying(128) NOT NULL, name character varying(128) NOT NULL,
organization character varying(128) NOT NULL, organization character varying(128),
email character varying(128) NOT NULL, email character varying(128) NOT NULL,
"reply-to" character varying(128) NOT NULL, "reply-to" character varying(128),
bcc character varying(128) NOT NULL, bcc character varying(128),
signature text NOT NULL signature text
); );

8
index.php
Unescape Escape View File

@ -51,17 +51,19 @@ if ($CURRENT_PATH!='')
$CURRENT_PATH.='/'; $CURRENT_PATH.='/';
// set environment first // set environment first
ini_set('include_path', ini_get('include_path').PATH_SEPARATOR.$INSTALL_PATH.PATH_SEPARATOR.$CURRENT_PATH.'program'.PATH_SEPARATOR.$CURRENT_PATH.'program/lib'); // RC include folders MUST be included FIRST to avoid other
// possible not compatible libraries (i.e PEAR) to be included
// instead the ones provided by RC
ini_set('include_path', $INSTALL_PATH.PATH_SEPARATOR.$CURRENT_PATH.'program'.PATH_SEPARATOR.$CURRENT_PATH.'program/lib'.PATH_SEPARATOR.ini_get('include_path'));
ini_set('session.name', 'sessid'); ini_set('session.name', 'sessid');
ini_set('session.use_cookies', 1); ini_set('session.use_cookies', 1);
ini_set('error_reporting', E_ALL&~E_NOTICE); ini_set('error_reporting', E_ALL&~E_NOTICE);
// increase maximum execution time for php scripts // increase maximum execution time for php scripts
// (does not work in safe mode) // (does not work in safe mode)
@set_time_limit('120'); @set_time_limit('120');
// include base files // include base files
require_once('include/rcube_shared.inc'); require_once('include/rcube_shared.inc');
require_once('include/rcube_imap.inc'); require_once('include/rcube_imap.inc');

69
program/include/cache.inc
Unescape Escape View File

@ -25,13 +25,12 @@ function rcube_read_cache($key)
global $DB, $CACHE_KEYS; global $DB, $CACHE_KEYS;
// query db // query db
$sql_result = $DB->query(sprintf("SELECT cache_id, data $sql_result = $DB->query("SELECT cache_id, data
FROM %s FROM ".get_table_name('cache')."
WHERE user_id=%d WHERE user_id=?
AND cache_key='%s'", AND cache_key=?",
get_table_name('cache'), $_SESSION['user_id'],
$_SESSION['user_id'], $key);
$key));
// get cached data // get cached data
if ($sql_arr = $DB->fetch_assoc($sql_result)) if ($sql_arr = $DB->fetch_assoc($sql_result))
@ -53,13 +52,12 @@ function rcube_write_cache($key, $data, $session_cache=FALSE)
// check if we already have a cache entry for this key // check if we already have a cache entry for this key
if (!isset($CACHE_KEYS[$key])) if (!isset($CACHE_KEYS[$key]))
{ {
$sql_result = $DB->query(sprintf("SELECT cache_id $sql_result = $DB->query("SELECT cache_id
FROM %s FROM ".get_table_name('cache')."
WHERE user_id=%d WHERE user_id=?
AND cache_key='%s'", AND cache_key=?",
get_table_name('cache'), $_SESSION['user_id'],
$_SESSION['user_id'], $key);
$key));
if ($sql_arr = $DB->fetch_assoc($sql_result)) if ($sql_arr = $DB->fetch_assoc($sql_result))
$CACHE_KEYS[$key] = $sql_arr['cache_id']; $CACHE_KEYS[$key] = $sql_arr['cache_id'];
@ -70,27 +68,25 @@ function rcube_write_cache($key, $data, $session_cache=FALSE)
// update existing cache record // update existing cache record
if ($CACHE_KEYS[$key]) if ($CACHE_KEYS[$key])
{ {
$DB->query(sprintf("UPDATE %s $DB->query("UPDATE ".get_table_name('cache')."
SET created=NOW(), SET created=NOW(),
data='%s' data=?
WHERE user_id=%d WHERE user_id=?
AND cache_key='%s'", AND cache_key=?",
get_table_name('cache'), $data,
addslashes($data), $_SESSION['user_id'],
$_SESSION['user_id'], $key);
$key));
} }
// add new cache record // add new cache record
else else
{ {
$DB->query(sprintf("INSERT INTO %s $DB->query("INSERT INTO ".get_table_name('cache')."
(created, user_id, session_id, cache_key, data) (created, user_id, session_id, cache_key, data)
VALUES (NOW(), %d, %s, '%s', '%s')", VALUES (NOW(), ?, ?, ?', ?)",
get_table_name('cache'), $_SESSION['user_id'],
$_SESSION['user_id'], $session_cache ? $sess_id : 'NULL',
$session_cache ? "'$sess_id'" : 'NULL', $key,
$key, $data);
addslashes($data)));
} }
} }
@ -100,12 +96,11 @@ function rcube_clear_cache($key)
{ {
global $DB; global $DB;
$DB->query(sprintf("DELETE FROM %s $DB->query("DELETE FROM ".get_table_name('cache')."
WHERE user_id=%d WHERE user_id=?
AND cache_key='%s'", AND cache_key=?",
get_table_name('cache'), $_SESSION['user_id'],
$_SESSION['user_id'], $key);
$key));
} }

50
program/include/main.inc
Unescape Escape View File

@ -263,13 +263,12 @@ function rcmail_login($user, $pass, $host=NULL)
} }
// query if user already registered // query if user already registered
$sql_result = $DB->query(sprintf("SELECT user_id, username, language, preferences $sql_result = $DB->query("SELECT user_id, username, language, preferences
FROM %s FROM ".get_table_name('users')."
WHERE mail_host='%s' AND (username='%s' OR alias='%s')", WHERE mail_host=? AND (username=? OR alias=?)",
get_table_name('users'), $host,
addslashes($host), $user,
addslashes($user), $user);
addslashes($user)));
// user already registered -> overwrite username // user already registered -> overwrite username
if ($sql_arr = $DB->fetch_assoc($sql_result)) if ($sql_arr = $DB->fetch_assoc($sql_result))
@ -299,11 +298,10 @@ function rcmail_login($user, $pass, $host=NULL)
$sess_user_lang = $_SESSION['user_lang'] = $sql_arr['language']; $sess_user_lang = $_SESSION['user_lang'] = $sql_arr['language'];
// update user's record // update user's record
$DB->query(sprintf("UPDATE %s $DB->query("UPDATE ".get_table_name('users')."
SET last_login=NOW() SET last_login=NOW()
WHERE user_id=%d", WHERE user_id=?",
get_table_name('users'), $user_id);
$user_id));
} }
// create new system user // create new system user
else if ($CONFIG['auto_create_user']) else if ($CONFIG['auto_create_user'])
@ -336,27 +334,25 @@ function rcmail_create_user($user, $host)
{ {
global $DB, $CONFIG, $IMAP; global $DB, $CONFIG, $IMAP;
$DB->query(sprintf("INSERT INTO %s $DB->query("INSERT INTO ".get_table_name('users')."
(created, last_login, username, mail_host, language) (created, last_login, username, mail_host, language)
VALUES (NOW(), NOW(), '%s', '%s', '%s')", VALUES (NOW(), NOW(), ?, ?, ?)",
get_table_name('users'), $user,
addslashes($user), $host,
addslashes($host), $_SESSION['user_lang']);
$_SESSION['user_lang']));
if ($user_id = $DB->insert_id()) if ($user_id = $DB->insert_id('user_ids'))
{ {
$user_email = strstr($user, '@') ? $user : sprintf('%s@%s', $user, $host); $user_email = strstr($user, '@') ? $user : sprintf('%s@%s', $user, $host);
$user_name = $user!=$user_email ? $user : ''; $user_name = $user!=$user_email ? $user : '';
// also create a new identity record // also create a new identity record
$DB->query(sprintf("INSERT INTO %s $DB->query("INSERT INTO ".get_table_name('identities')."
(user_id, `default`, name, email) (user_id, `default`, name, email)
VALUES (%d, '1', '%s', '%s')", VALUES (?, '1', ?, ?)",
get_table_name('identities'), $user_id,
$user_id, $user_name,
addslashes($user_name), $user_email);
addslashes($user_email)));
// get existing mailboxes // get existing mailboxes
$a_mailboxes = $IMAP->list_mailboxes(); $a_mailboxes = $IMAP->list_mailboxes();

49
program/include/rcube_db.inc
Unescape Escape View File

@ -101,9 +101,27 @@ class rcube_db
$this->db_connected = true; $this->db_connected = true;
} }
// Query database (read operations) // Query database
function query($query, $offset=0, $numrows=0) function query()
{
$params = func_get_args();
$query = array_shift($params);
return $this->_query($query, 0, 0, $params);
}
function limitquery()
{
$params = func_get_args();
$query = array_shift($params);
$offset = array_shift($params);
$numrows = array_shift($params);
return $this->_query($query, $offset, $numrows, $params);
}
function _query($query, $offset, $numrows, $params)
{ {
// Read or write ? // Read or write ?
if (strtolower(trim(substr($query,0,6)))=='select') if (strtolower(trim(substr($query,0,6)))=='select')
@ -118,17 +136,20 @@ class rcube_db
if ($numrows || $offset) if ($numrows || $offset)
{ {
$result = $this->db_handle->limitQuery($query,$offset,$numrows); $result = $this->db_handle->limitQuery($query,$offset,$numrows,$params);
} }
else else
$result = $this->db_handle->query($query); $result = $this->db_handle->query($query,$params);
if (DB::isError($result)) if (DB::isError($result))
{
raise_error(array('code' => 500, raise_error(array('code' => 500,
'type' => 'db', 'type' => 'db',
'line' => __LINE__, 'line' => __LINE__,
'file' => __FILE__, 'file' => __FILE__,
'message' => $result->getMessage()), TRUE, FALSE); 'message' => $result->getMessage()), TRUE, FALSE);
return false;
}
return $this->_add_result($result, $query); return $this->_add_result($result, $query);
} }
@ -196,6 +217,26 @@ class rcube_db
return $result->fetchRow(DB_FETCHMODE_ASSOC); return $result->fetchRow(DB_FETCHMODE_ASSOC);
} }
function quoteIdentifier ( $str )
{
if (!$this->db_handle)
$this->db_connect('r');
return $this->db_handle->quoteIdentifier($str);
}
function unixtimestamp($field)
{
switch($this->db_provider)
{
case 'pgsql':
return "EXTRACT (EPOCH FROM $field)";
break;
default:
return "UNIX_TIMESTAMP($field)";
}
}
function _add_result($res, $query) function _add_result($res, $query)
{ {
// sql error occured // sql error occured

42
program/include/rcube_mdb2.inc
Unescape Escape View File

@ -101,9 +101,27 @@ class rcube_db
$this->db_connected = true; $this->db_connected = true;
} }
// Query database (read operations) // Query database
function query($query, $offset=0, $numrows=0) function query()
{
$params = func_get_args();
$query = array_shift($params);
return $this->_query($query, 0, 0, $params);
}
function limitquery()
{
$params = func_get_args();
$query = array_shift($params);
$offset = array_shift($params);
$numrows = array_shift($params);
return $this->_query($query, $offset, $numrows, $params);
}
function _query($query, $offset, $numrows, $params)
{ {
// Read or write ? // Read or write ?
if (strtolower(trim(substr($query,0,6)))=='select') if (strtolower(trim(substr($query,0,6)))=='select')
@ -175,6 +193,26 @@ class rcube_db
return $result->fetchRow(MDB2_FETCHMODE_ASSOC); return $result->fetchRow(MDB2_FETCHMODE_ASSOC);
} }
function quoteIdentifier ( $str )
{
if (!$this->db_handle)
$this->db_connect('r');
return $this->db_handle->quoteIdentifier($str);
}
function unixtimestamp($field)
{
switch($this->db_provider)
{
case 'pgsql':
return "EXTRACT (EPOCH FROM $field)";
break;
default:
return "UNIX_TIMESTAMP($field)";
}
}
function _add_result($res, $query) function _add_result($res, $query)
{ {
// sql error occured // sql error occured

85
program/include/session.inc
Unescape Escape View File

@ -38,11 +38,10 @@ function sess_read($key)
{ {
global $DB, $SESS_CHANGED; global $DB, $SESS_CHANGED;
$sql_result = $DB->query(sprintf("SELECT vars, ip, UNIX_TIMESTAMP(changed) AS changed $sql_result = $DB->query("SELECT vars, ip, ".$DB->unixtimestamp('changed')." AS changed
FROM %s FROM ".get_table_name('session')."
WHERE sess_id='%s'", WHERE sess_id=?",
get_table_name('session'), $key);
$key));
if ($sql_arr = $DB->fetch_assoc($sql_result)) if ($sql_arr = $DB->fetch_assoc($sql_result))
{ {
@ -61,32 +60,29 @@ function sess_write($key, $vars)
{ {
global $DB; global $DB;
$sql_result = $DB->query(sprintf("SELECT 1 $sql_result = $DB->query("SELECT 1
FROM %s FROM ".get_table_name('session')."
WHERE sess_id='%s'", WHERE sess_id=?",
get_table_name('session'), $key);
$key));
if ($DB->num_rows($sql_result)) if ($DB->num_rows($sql_result))
{ {
session_decode($vars); session_decode($vars);
$DB->query(sprintf("UPDATE %s $DB->query("UPDATE ".get_table_name('session')."
SET vars='%s', SET vars=?,
changed=NOW() changed=NOW()
WHERE sess_id='%s'", WHERE sess_id=?",
get_table_name('session'), $vars,
$vars, $key);
$key));
} }
else else
{ {
$DB->query(sprintf("INSERT INTO %s $DB->query("INSERT INTO ".get_table_name('session')."
(sess_id, vars, ip, created, changed) (sess_id, vars, ip, created, changed)
VALUES ('%s', '%s', '%s', NOW(), NOW())", VALUES (?, ?, ?, NOW(), NOW())",
get_table_name('session'), $key,
$key, $vars,
$vars, $_SERVER['REMOTE_ADDR']);
$_SERVER['REMOTE_ADDR']));
} }
return TRUE; return TRUE;
@ -98,16 +94,14 @@ function sess_destroy($key)
{ {
global $DB; global $DB;
$DB->query(sprintf("DELETE FROM %s // delete session entries in cache table
WHERE sess_id='%s'", $DB->query("DELETE FROM ".get_table_name('cache')."
get_table_name('session'), WHERE session_id=?",
$key)); $key);
// also delete session entries in cache table $DB->query("DELETE FROM ".get_table_name('session')."
$DB->query(sprintf("DELETE FROM %s WHERE sess_id=?",
WHERE session_id='%s'", $key);
get_table_name('cache'),
$key));
return TRUE; return TRUE;
} }
@ -119,11 +113,10 @@ function sess_gc($maxlifetime)
global $DB; global $DB;
// get all expired sessions // get all expired sessions
$sql_result = $DB->query(sprintf("SELECT sess_id $sql_result = $DB->query("SELECT sess_id
FROM %s FROM ".get_table_name('session')."
WHERE UNIX_TIMESTAMP(NOW())-UNIX_TIMESTAMP(created) > %d", WHERE ".$DB->unixtimestamp('NOW()')."-".$DB->unixtimestamp('created')." > ?",
get_table_name('session'), $maxlifetime);
$maxlifetime));
$a_exp_sessions = array(); $a_exp_sessions = array();
while ($sql_arr = $DB->fetch_assoc($sql_result)) while ($sql_arr = $DB->fetch_assoc($sql_result))
@ -132,17 +125,13 @@ function sess_gc($maxlifetime)
if (sizeof($a_exp_sessions)) if (sizeof($a_exp_sessions))
{ {
// delete session cache records
$DB->query("DELETE FROM ".get_table_name('cache')."
WHERE session_id IN ('".join("','", $a_exp_sessions)."')");
// delete session records // delete session records
$DB->query(sprintf("DELETE FROM %s $DB->query("DELETE FROM ".get_table_name('session')."
WHERE sess_id IN ('%s')", WHERE sess_id IN ('".join("','", $a_exp_sessions)."')");
get_table_name('session'),
join("','", $a_exp_sessions)));
// also delete session cache records
$DB->query(sprintf("DELETE FROM %s
WHERE session_id IN ('%s')",
get_table_name('cache'),
join("','", $a_exp_sessions)));
} }
return TRUE; return TRUE;

38
program/steps/addressbook/delete.inc
Unescape Escape View File

@ -23,13 +23,11 @@ $REMOTE_REQUEST = TRUE;
if ($_GET['_cid']) if ($_GET['_cid'])
{ {
$DB->query(sprintf("UPDATE %s $DB->query("UPDATE ".get_table_name('contacts')."
SET del='1' SET del='1'
WHERE user_id=%d WHERE user_id=?
AND contact_id IN (%s)", AND contact_id IN (".$_GET['_cid'].")",
get_table_name('contacts'), $_SESSION['user_id']);
$_SESSION['user_id'],
$_GET['_cid']));
$count = $DB->affected_rows(); $count = $DB->affected_rows();
if (!$count) if (!$count)
@ -40,12 +38,11 @@ if ($_GET['_cid'])
// count contacts for this user // count contacts for this user
$sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows $sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
FROM %s FROM ".get_table_name('contacts')."
WHERE del!='1' WHERE del<>'1'
AND user_id=%d", AND user_id=?",
get_table_name('contacts'), $_SESSION['user_id']);
$_SESSION['user_id']));
$sql_arr = $DB->fetch_assoc($sql_result); $sql_arr = $DB->fetch_assoc($sql_result);
$rowcount = $sql_arr['rows']; $rowcount = $sql_arr['rows'];
@ -62,14 +59,13 @@ if ($_GET['_cid'])
$start_row = ($_SESSION['page'] * $CONFIG['pagesize']) - $count; $start_row = ($_SESSION['page'] * $CONFIG['pagesize']) - $count;
// get contacts from DB // get contacts from DB
$sql_result = $DB->query(sprintf("SELECT * FROM %s $sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
WHERE del!='1' WHERE del<>'1'
AND user_id=%d AND user_id=?
ORDER BY name", ORDER BY name",
get_table_name('contacts'), $start_row,
$_SESSION['user_id']), $count,
$start_row, $_SESSION['user_id']);
$count);
$commands .= rcmail_js_contacts_list($sql_result); $commands .= rcmail_js_contacts_list($sql_result);

13
program/steps/addressbook/edit.inc
Unescape Escape View File

@ -23,13 +23,12 @@
if (($_GET['_cid'] || $_POST['_cid']) && $_action=='edit') if (($_GET['_cid'] || $_POST['_cid']) && $_action=='edit')
{ {
$cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid']; $cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid'];
$DB->query(sprintf("SELECT * FROM %s $DB->query("SELECT * FROM ".get_table_name('contacts')."
WHERE contact_id=%d WHERE contact_id=?
AND user_id=%d AND user_id=?
AND del!='1'", AND del<>'1'",
get_table_name('contacts'), $cid,
$cid, $_SESSION['user_id']);
$_SESSION['user_id']));
$CONTACT_RECORD = $DB->fetch_assoc(); $CONTACT_RECORD = $DB->fetch_assoc();

35
program/steps/addressbook/func.inc
Unescape Escape View File

@ -41,12 +41,11 @@ function rcmail_contacts_list($attrib)
//$image_tag = '<img src="%s%s" alt="%s" border="0" />'; //$image_tag = '<img src="%s%s" alt="%s" border="0" />';
// count contacts for this user // count contacts for this user
$sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows $sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
FROM %s FROM ".get_table_name('contacts')."
WHERE del!='1' WHERE del<>'1'
AND user_id=%d", AND user_id=?",
get_table_name('contacts'), $_SESSION['user_id']);
$_SESSION['user_id']));
$sql_arr = $DB->fetch_assoc($sql_result); $sql_arr = $DB->fetch_assoc($sql_result);
$rowcount = $sql_arr['rows']; $rowcount = $sql_arr['rows'];
@ -56,14 +55,13 @@ function rcmail_contacts_list($attrib)
$start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize']; $start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize'];
// get contacts from DB // get contacts from DB
$sql_result = $DB->query(sprintf("SELECT * FROM %s $sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
WHERE del!='1' WHERE del<>'1'
AND user_id=%d AND user_id= ?
ORDER BY name", ORDER BY name",
get_table_name('contacts'), $start_row,
$_SESSION['user_id']), $CONFIG['pagesize'],
$start_row, $_SESSION['user_id']);
$CONFIG['pagesize']);
} }
else else
$sql_result = NULL; $sql_result = NULL;
@ -174,11 +172,10 @@ function rcmail_get_rowcount_text($max=NULL)
// get nr of contacts // get nr of contacts
if ($max===NULL) if ($max===NULL)
{ {
$sql_result = $DB->query(sprintf("SELECT 1 FROM %s $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
WHERE del!='1' WHERE del<>'1'
AND user_id=%d", AND user_id=?",
get_table_name('contacts'), $_SESSION['user_id']);
$_SESSION['user_id']));
$max = $DB->num_rows($sql_result); $max = $DB->num_rows($sql_result);
} }

26
program/steps/addressbook/list.inc
Unescape Escape View File

@ -22,12 +22,11 @@
$REMOTE_REQUEST = TRUE; $REMOTE_REQUEST = TRUE;
// count contacts for this user // count contacts for this user
$sql_result = $DB->query(sprintf("SELECT COUNT(contact_id) AS rows $sql_result = $DB->query("SELECT COUNT(contact_id) AS rows
FROM %s FROM ".get_table_name('contacts')."
WHERE del!='1' WHERE del<>'1'
AND user_id=%d", AND user_id=?",
get_table_name('contacts'), $_SESSION['user_id']);
$_SESSION['user_id']));
$sql_arr = $DB->fetch_assoc($sql_result); $sql_arr = $DB->fetch_assoc($sql_result);
$rowcount = $sql_arr['rows']; $rowcount = $sql_arr['rows'];
@ -40,14 +39,13 @@ $commands .= sprintf("this.set_env('pagecount', %d);\n", $pages);
$start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize']; $start_row = ($CONTACTS_LIST['page']-1) * $CONFIG['pagesize'];
// get contacts from DB // get contacts from DB
$sql_result = $DB->query(sprintf("SELECT * FROM %s $sql_result = $DB->limitquery("SELECT * FROM ".get_table_name('contacts')."
WHERE del!='1' WHERE del<>'1'
AND user_id=%d AND user_id=?
ORDER BY name", ORDER BY name",
get_table_name('contacts'), $start_row,
$_SESSION['user_id']), $CONFIG['pagesize'],
$start_row, $_SESSION['user_id']);
$CONFIG['pagesize']);
$commands .= rcmail_js_contacts_list($sql_result); $commands .= rcmail_js_contacts_list($sql_result);

49
program/steps/addressbook/save.inc
Unescape Escape View File

@ -39,15 +39,13 @@ if ($_POST['_cid'])
if (sizeof($a_write_sql)) if (sizeof($a_write_sql))
{ {
$DB->query(sprintf("UPDATE %s $DB->query("UPDATE ".get_table_name('contacts')."
SET %s SET ".join(', ', $a_write_sql)."
WHERE contact_id=%d WHERE contact_id=?
AND user_id=%d AND user_id=?
AND del!='1'", AND del<>'1'",
get_table_name('contacts'), $_POST['_cid'],
join(', ', $a_write_sql), $_SESSION['user_id']);
$_POST['_cid'],
$_SESSION['user_id']));
$updated = $DB->affected_rows(); $updated = $DB->affected_rows();
} }
@ -63,13 +61,12 @@ if ($_POST['_cid'])
$a_show_cols = array('name', 'email'); $a_show_cols = array('name', 'email');
$a_js_cols = array(); $a_js_cols = array();
$sql_result = $DB->query(sprintf("SELECT * FROM %s $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
WHERE contact_id=%d WHERE contact_id=?
AND user_id=%d AND user_id=?
AND del!='1'", AND del<>'1'",
get_table_name('contacts'),
$_POST['_cid'], $_POST['_cid'],
$_SESSION['user_id'])); $_SESSION['user_id']);
$sql_arr = $DB->fetch_assoc($sql_result); $sql_arr = $DB->fetch_assoc($sql_result);
foreach ($a_show_cols as $col) foreach ($a_show_cols as $col)
@ -111,13 +108,10 @@ else
if (sizeof($a_insert_cols)) if (sizeof($a_insert_cols))
{ {
$DB->query(sprintf("INSERT INTO %s $DB->query("INSERT INTO ".get_table_name('contacts')."
(user_id, %s) (user_id, ".join(', ', $a_insert_cols).")
VALUES (%d, %s)", VALUES (?, ".join(', ', $a_insert_values).")",
get_table_name('contacts'), $_SESSION['user_id']);
join(', ', $a_insert_cols),
$_SESSION['user_id'],
join(', ', $a_insert_values)));
$insert_id = $DB->insert_id(); $insert_id = $DB->insert_id();
} }
@ -131,12 +125,11 @@ else
{ {
// add contact row or jump to the page where it should appear // add contact row or jump to the page where it should appear
$commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME); $commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
$sql_result = $DB->query(sprintf("SELECT * FROM %s $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
WHERE contact_id=%d WHERE contact_id=?
AND user_id=%d", AND user_id=?",
get_table_name('contacts'), $insert_id,
$insert_id, $_SESSION['user_id']);
$_SESSION['user_id']));
$commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME); $commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);
$commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n", $commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n",

13
program/steps/addressbook/show.inc
Unescape Escape View File

@ -23,13 +23,12 @@
if ($_GET['_cid'] || $_POST['_cid']) if ($_GET['_cid'] || $_POST['_cid'])
{ {
$cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid']; $cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid'];
$DB->query(sprintf("SELECT * FROM %s $DB->query("SELECT * FROM ".get_table_name('contacts')."
WHERE contact_id=%d WHERE contact_id=?
AND user_id=%d AND user_id=?
AND del!='1'", AND del<>'1'",
get_table_name('contacts'), $cid,
$cid, $_SESSION['user_id']);
$_SESSION['user_id']));
$CONTACT_RECORD = $DB->fetch_assoc(); $CONTACT_RECORD = $DB->fetch_assoc();

25
program/steps/mail/addcontact.inc
Unescape Escape View File

@ -29,13 +29,11 @@ if ($_GET['_address'])
$contact = $contact_arr[1]; $contact = $contact_arr[1];
if ($contact['mailto']) if ($contact['mailto'])
$sql_result = $DB->query(sprintf("SELECT 1 FROM %s $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
WHERE user_id=%d WHERE user_id=?
AND email='%s' AND email=?
AND del!='1'", AND del<>'1'",
get_table_name('contacts'), $_SESSION['user_id'],$contact['mailto']);
$_SESSION['user_id'],
$contact['mailto']));
// contact entry with this mail address exists // contact entry with this mail address exists
if ($sql_result && $DB->num_rows($sql_result)) if ($sql_result && $DB->num_rows($sql_result))
@ -43,13 +41,12 @@ if ($_GET['_address'])
else if ($contact['mailto']) else if ($contact['mailto'])
{ {
$DB->query(sprintf("INSERT INTO %s $DB->query("INSERT INTO ".get_table_name('contacts')."
(user_id, name, email) (user_id, name, email)
VALUES (%d, '%s', '%s')", VALUES (?, ?, ?)",
get_table_name('contacts'), $_SESSION['user_id'],
$_SESSION['user_id'], $contact['name'],
$contact['name'], $contact['mailto']);
$contact['mailto']));
$added = $DB->insert_id(); $added = $DB->insert_id();
} }

34
program/steps/mail/compose.inc
Unescape Escape View File

@ -87,13 +87,11 @@ function rcmail_compose_headers($attrib)
$field_attrib[$attr] = $value; $field_attrib[$attr] = $value;
// get this user's identities // get this user's identities
$sql_result = $DB->query(sprintf("SELECT identity_id, name, email $sql_result = $DB->query("SELECT identity_id, name, email
FROM %s FROM ".get_table_name('identities')." WHERE user_id=?
WHERE user_id=%d AND del<>'1'
AND del!='1' ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
ORDER BY `default` DESC, name ASC", $_SESSION['user_id']);
get_table_name('identities'),
$_SESSION['user_id']));
if ($DB->num_rows($sql_result)) if ($DB->num_rows($sql_result))
{ {
@ -123,14 +121,11 @@ function rcmail_compose_headers($attrib)
if (!empty($_GET['_to']) && preg_match('/[0-9]+,?/', $_GET['_to'])) if (!empty($_GET['_to']) && preg_match('/[0-9]+,?/', $_GET['_to']))
{ {
$a_recipients = array(); $a_recipients = array();
$sql_result = $DB->query(sprintf("SELECT name, email $sql_result = $DB->query("SELECT name, email
FROM %s FROM ".get_table_name('contacts')." WHERE user_id=?
WHERE user_id=%d AND del<>'1'
AND del!='1' AND contact_id IN (".$_GET['_to'].")",
AND contact_id IN (%s)", $_SESSION['user_id']);
get_table_name('contacts'),
$_SESSION['user_id'],
$_GET['_to']));
while ($sql_arr = $DB->fetch_assoc($sql_result)) while ($sql_arr = $DB->fetch_assoc($sql_result))
$a_recipients[] = format_email_recipient($sql_arr['email'], $sql_arr['name']); $a_recipients[] = format_email_recipient($sql_arr['email'], $sql_arr['name']);
@ -559,12 +554,9 @@ function format_email_recipient($email, $name='')
/****** get contacts for this user and add them to client scripts ********/ /****** get contacts for this user and add them to client scripts ********/
$sql_result = $DB->query(sprintf("SELECT name, email $sql_result = $DB->query("SELECT name, email
FROM %s FROM ".get_table_name('contacts')." WHERE user_id=?
WHERE user_id=%d AND del<>'1'",$_SESSION['user_id']);
AND del!='1'",
get_table_name('contacts'),
$_SESSION['user_id']));
if ($DB->num_rows($sql_result)) if ($DB->num_rows($sql_result))
{ {

14
program/steps/mail/sendmail.inc
Unescape Escape View File

@ -42,14 +42,12 @@ function rcmail_get_identity($id)
global $DB; global $DB;
// get identity record // get identity record
$sql_result = $DB->query(sprintf("SELECT *, email AS mailto $sql_result = $DB->query("SELECT *, email AS mailto
FROM %s FROM ".get_table_name('identities')."
WHERE identity_id=%d WHERE identity_id=?
AND user_id=%d AND user_id=?
AND del!='1'", AND del<>'1'",
get_table_name('identities'), $id,$_SESSION['user_id']);
$id,
$_SESSION['user_id']));
if ($DB->num_rows($sql_result)) if ($DB->num_rows($sql_result))
{ {

12
program/steps/settings/delete_identity.inc
Unescape Escape View File

@ -23,13 +23,11 @@ $REMOTE_REQUEST = $_GET['_remote'] ? TRUE : FALSE;
if ($_GET['_iid']) if ($_GET['_iid'])
{ {
$DB->query(sprintf("UPDATE %s $DB->query("UPDATE ".get_table_name('identities')."
SET del='1' SET del='1'
WHERE user_id=%d WHERE user_id=?
AND identity_id IN (%s)", AND identity_id IN (".$_GET['_iid'].")",
get_table_name('identities'), $_SESSION['user_id']);
$_SESSION['user_id'],
$_GET['_iid']));
$count = $DB->affected_rows(); $count = $DB->affected_rows();
if ($count) if ($count)

13
program/steps/settings/edit_identity.inc
Unescape Escape View File

@ -22,13 +22,12 @@
if (($_GET['_iid'] || $_POST['_iid']) && $_action=='edit-identity') if (($_GET['_iid'] || $_POST['_iid']) && $_action=='edit-identity')
{ {
$id = $_POST['_iid'] ? $_POST['_iid'] : $_GET['_iid']; $id = $_POST['_iid'] ? $_POST['_iid'] : $_GET['_iid'];
$DB->query(sprintf("SELECT * FROM %s $DB->query("SELECT * FROM ".get_table_name('identities')."
WHERE identity_id=%d WHERE identity_id=?
AND user_id=%d AND user_id=?
AND del!='1'", AND del<>'1'",
get_table_name('identities'), $id,
$id, $_SESSION['user_id']);
$_SESSION['user_id']));
$IDENTITY_RECORD = $DB->fetch_assoc(); $IDENTITY_RECORD = $DB->fetch_assoc();

18
program/steps/settings/func.inc
Unescape Escape View File

@ -21,10 +21,9 @@
// get user record // get user record
$sql_result = $DB->query(sprintf("SELECT username, mail_host FROM %s $sql_result = $DB->query("SELECT username, mail_host FROM ".get_table_name('users')."
WHERE user_id=%d", WHERE user_id=?",
get_table_name('users'), $_SESSION['user_id']);
$_SESSION['user_id']));
if ($USER_DATA = $DB->fetch_assoc($sql_result)) if ($USER_DATA = $DB->fetch_assoc($sql_result))
$PAGE_TITLE = sprintf('%s %s@%s', rcube_label('settingsfor'), $USER_DATA['username'], $USER_DATA['mail_host']); $PAGE_TITLE = sprintf('%s %s@%s', rcube_label('settingsfor'), $USER_DATA['username'], $USER_DATA['mail_host']);
@ -143,12 +142,11 @@ function rcmail_identities_list($attrib)
// get contacts from DB // get contacts from DB
$sql_result = $DB->query(sprintf("SELECT * FROM %s $sql_result = $DB->query("SELECT * FROM ".get_table_name('identities')."
WHERE del!='1' WHERE del<>'1'
AND user_id=%d AND user_id=?
ORDER BY `default` DESC, name ASC", ORDER BY ".$DB->quoteIdentifier('default')." DESC, name ASC",
get_table_name('identities'), $_SESSION['user_id']);
$_SESSION['user_id']));
// add id to message list table if not specified // add id to message list table if not specified

44
program/steps/settings/save_identity.inc
Unescape Escape View File

@ -38,15 +38,13 @@ if ($_POST['_iid'])
if (sizeof($a_write_sql)) if (sizeof($a_write_sql))
{ {
$DB->query(sprintf("UPDATE %s $DB->query("UPDATE ".get_table_name('identities')."
SET %s SET ".join(', ', $a_write_sql)."
WHERE identity_id=%d WHERE identity_id=?
AND user_id=%d AND user_id=?
AND del!='1'", AND del<>'1'",
get_table_name('identities'), $_POST['_iid'],
join(', ', $a_write_sql), $_SESSION['user_id']);
$_POST['_iid'],
$_SESSION['user_id']));
$updated = $DB->affected_rows(); $updated = $DB->affected_rows();
} }
@ -56,14 +54,13 @@ if ($_POST['_iid'])
show_message('successfullysaved', 'confirmation'); show_message('successfullysaved', 'confirmation');
// mark all other identities as 'not-default' // mark all other identities as 'not-default'
$DB->query(sprintf("UPDATE %s $DB->query("UPDATE ".get_table_name('identities')."
SET `default`='0' SET ".$DB->quoteIdentifier('default')."='0'
WHERE identity_id!=%d WHERE identity_id!=?
AND user_id=%d AND user_id=?
AND del!='1'", AND del<>'1'",
get_table_name('identities'), $_POST['_iid'],
$_POST['_iid'], $_SESSION['user_id']);
$_SESSION['user_id']));
if ($_POST['_framed']) if ($_POST['_framed'])
{ {
@ -89,19 +86,16 @@ else
if (!isset($_POST[$fname])) if (!isset($_POST[$fname]))
continue; continue;
$a_insert_cols[] = "`$col`"; $a_insert_cols[] = $DB->quoteIdentifier($col);
$a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname])); $a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname]));
} }
if (sizeof($a_insert_cols)) if (sizeof($a_insert_cols))
{ {
$DB->query(sprintf("INSERT INTO %s $DB->query("INSERT INTO ".get_table_name('identities')."
(user_id, %s) (user_id, ".join(', ', $a_insert_cols).")
VALUES (%d, %s)", VALUES (?, ".join(', ', $a_insert_values).")",
get_table_name('identities'), $_SESSION['user_id']);
join(', ', $a_insert_cols),
$_SESSION['user_id'],
join(', ', $a_insert_values)));
$insert_id = $DB->insert_id(); $insert_id = $DB->insert_id();
} }

15
program/steps/settings/save_prefs.inc
Unescape Escape View File

@ -35,14 +35,13 @@ if (isset($_POST['_language']))
$sess_user_lang = $_SESSION['user_lang'] = $_POST['_language']; $sess_user_lang = $_SESSION['user_lang'] = $_POST['_language'];
$DB->query(sprintf("UPDATE %s $DB->query("UPDATE ".get_table_name('users')."
SET preferences='%s', SET preferences=?,
language='%s' language=?
WHERE user_id=%d", WHERE user_id=?",
get_table_name('users'), serialize($a_user_prefs),
addslashes(serialize($a_user_prefs)), $sess_user_lang,
$sess_user_lang, $_SESSION['user_id']);
$_SESSION['user_id']));
if ($DB->affected_rows()) if ($DB->affected_rows())
{ {

Write Preview
Loading…
Cancel
Save