Skip to content

Commit

Permalink
Conversion to PDO to support PHP 7. Ref #1230.
Browse files Browse the repository at this point in the history
  • Loading branch information
bakoontz committed Dec 15, 2016
1 parent 5af6afa commit 0f2bd2b
Show file tree
Hide file tree
Showing 27 changed files with 765 additions and 484 deletions.
68 changes: 40 additions & 28 deletions actions/adminpages/adminpages.php
Original file line number Diff line number Diff line change
Expand Up @@ -328,27 +328,28 @@ function optionRanges($limits, $max, $firstinc = 1)
if(isset($_GET['sort']) && in_array($_GET['sort'], $sort_fields)) $sort = $_GET['sort'];

// sort order
$d = "desc";
$sort_order = array('asc', 'desc');
if(isset($_GET['d']) && in_array($_GET['d'], $sort_order)) $d = $_GET['d'];
$d = 'desc';
if(isset($_GET['d'])) {
if($this->GetSafeVar('d', 'get') == 'asc') {
$d = 'asc';
}
}

// start record
$s = ADMINPAGES_DEFAULT_START;
if (isset($_GET['s']) && (int)$_GET['s'] >=0) $s = (int)$_GET['s'];


// search string
$search = ADMINPAGES_DEFAULT_SEARCH;
$search_disp = ADMINPAGES_DEFAULT_SEARCH;
$search = ADMINPAGES_DEFAULT_SEARCH;
if (isset($_POST['search']))
{
$search =
mysql_real_escape_string($this->GetSafeVar('search', 'post'));
$search_disp = $this->GetSafeVar('search', 'post');
$search = $this->GetSafeVar('search', 'post');
}
elseif (isset($_GET['search']))
{
$search = mysql_real_escape_string($this->GetSafeVar('search', 'get'));
$search_disp = $this->GetSafeVar('search', 'get');
$search = $this->GetSafeVar('search', 'get');
}

// select all added JW 2005-07-19
Expand All @@ -364,7 +365,7 @@ function optionRanges($limits, $max, $firstinc = 1)
// build pager form
$form_filter = $this->FormOpen('','','post','page_admin_panel');
$form_filter .= '<fieldset><legend>'.T_("Filter view:").'</legend>'."\n";
$form_filter .= '<label for="search">'.T_("Search page:").'</label> <input type ="text" id="search" name="search" title="'.T_("Enter a search string").'" size="20" maxlength="50" value="'.$search_disp.'"/> <input type="submit" value="'.T_("Submit").'" /><br />'."\n";
$form_filter .= '<label for="search">'.T_("Search page:").'</label> <input type ="text" id="search" name="search" title="'.T_("Enter a search string").'" size="20" maxlength="50" value="'.$search.'"/> <input type="submit" value="'.T_("Submit").'" /><br />'."\n";
// build date range fields
$form_filter .= '<label>'.T_("Last edit range: Between").'</label>&nbsp;<input class="datetime" type="text" name="start_YY" size="4" maxlength="4" value="'.$start_YY.'"/>-<input class="datetime" type="text" name="start_MM" size="2" maxlength="2" value="'.$start_MM.'"/>-<input class="datetime" type="text" name="start_DD" size="2" maxlength="2" value="'.$start_DD.'"/>&nbsp;<input class="datetime" type="text" name="start_hh" size="2" maxlength="2" value="'.$start_hh.'"/>:<input class="datetime" type="text" name="start_mm" size="2" maxlength="2" value="'.$start_mm.'"/>:<input class="datetime" type="text" name="start_ss" size="2" maxlength="2" value="'.$start_ss.'"/>&nbsp;'.T_("and").'&nbsp;<input class="datetime" type="text" name="end_YY" size="4" maxlength="4" value="'.$end_YY.'"/>-<input class="datetime" type="text" name="end_MM" size="2" maxlength="2" value="'.$end_MM.'"/>-<input class="datetime" type="text" name="end_DD" size="2" maxlength="2" value="'.$end_DD.'"/>&nbsp;<input class="datetime" type="text" name="end_hh" size="2" maxlength="2" value="'.$end_hh.'"/>:<input class="datetime" type="text" name="end_mm" size="2" maxlength="2" value="'.$end_mm.'"/>:<input class="datetime" type="text" name="end_ss" size="2" maxlength="2" value="'.$end_ss.'"/><br />'."\n";

Expand All @@ -380,20 +381,20 @@ function optionRanges($limits, $max, $firstinc = 1)
is_numeric($start_MM) && $start_MM > 0 && $start_MM < 13 &&
is_numeric($start_DD) && $start_DD > 0 && $start_DD < 32)
{
$start_ts = mysql_real_escape_string($start_YY);
$start_ts = $start_YY;
$start_ts .= '-';
$start_ts .= mysql_real_escape_string($start_MM);
$start_ts .= $start_MM;
$start_ts .= '-';
$start_ts .= mysql_real_escape_string($start_DD);
$start_ts .= $start_DD;
if (is_numeric($start_hh) && $start_hh >= 0 && $start_hh <=24)
{
$start_ts .= ' '.mysql_real_escape_string($start_hh).':';
$start_ts .= ' '.$start_hh.':';
if (is_numeric($start_mm) && $start_mm >= 0 && $start_mm <= 59)
{
$start_ts .= mysql_real_escape_string($start_mm).':';
$start_ts .= $start_mm.':';
if (is_numeric($start_ss) && $start_ss >= 0 && $start_ss <= 59)
{
$start_ts .= mysql_real_escape_string($start_ss);
$start_ts .= $start_ss;
}
else
{
Expand All @@ -409,20 +410,20 @@ function optionRanges($limits, $max, $firstinc = 1)
is_numeric($end_MM) && $end_MM > 0 && $end_MM < 13 &&
is_numeric($end_DD) && $end_DD > 0 && $end_DD < 32)
{
$end_ts = mysql_real_escape_string($end_YY);
$end_ts = $end_YY;
$end_ts .= '-';
$end_ts .= mysql_real_escape_string($end_MM);
$end_ts .= $end_MM;
$end_ts .= '-';
$end_ts .= mysql_real_escape_string($end_DD);
$end_ts .= $end_DD;
if (is_numeric($end_hh) && $end_hh >= 0 && $end_hh <=24)
{
$end_ts .= ' '.mysql_real_escape_string($end_hh).':';
$end_ts .= ' '.$end_hh.':';
if (is_numeric($end_mm) && $end_mm >= 0 && $end_mm <= 59)
{
$end_ts .= mysql_real_escape_string($end_mm).':';
$end_ts .= $end_mm.':';
if (is_numeric($end_ss) && $end_ss >= 0 && $end_ss <= 59)
{
$end_ts .= mysql_real_escape_string($end_ss);
$end_ts .= $end_ss;
}
else
{
Expand All @@ -442,13 +443,21 @@ function optionRanges($limits, $max, $firstinc = 1)
}

// restrict MySQL query by search string modified JW 2005-07-19
$where = ('' == $search) ? "`latest` = 'Y'" : "`tag` LIKE '%".$search."%' AND `latest` = 'Y'";
$params = array();
if('' == $search) {
$where = "`latest` = 'Y'";
} else {
$where = "`tag` LIKE :search AND `latest` = 'Y'";
$params = array(':search' => '%'.$search.'%');
}
if (!empty($start_ts) && !empty($end_ts))
{
$where .= " AND time > '".$start_ts."' AND time < '".$end_ts."'";
$where .= " AND time > :start_ts AND time < :end_ts";
$params = array(':start_ts' => $start_ts,
':end_ts' => $end_ts);
}
// get total number of pages
$numpages = $this->getCount('pages', $where);
$numpages = $this->getCount('pages', $where, $params);

// ranged drop-down
$pages_opts = optionRanges($page_limits,$numpages, ADMINPAGES_DEFAULT_MIN_RECORDS_DISPLAY);
Expand Down Expand Up @@ -503,8 +512,11 @@ function optionRanges($limits, $max, $firstinc = 1)
$table = 'pages';
}

$query = "SELECT *".$count." FROM ".$this->GetConfigValue('table_prefix').$table." WHERE ". $where." ".$group." ORDER BY ".$sort." ".$d." LIMIT ".$s.", ".$l;
$pagedata = $this->LoadAll($query);
$params[':sort'] = $sort;
$params[':s'] = (int)$s;
$params[':l'] = (int)$l;
$query = "SELECT *".$count." FROM ".$this->GetConfigValue('table_prefix').$table." WHERE ". $where." ".$group." ORDER BY :sort ".$d." LIMIT :s, :l";
$pagedata = $this->LoadAll($query, $params);

if ($pagedata)
{
Expand Down Expand Up @@ -710,7 +722,7 @@ function optionRanges($limits, $max, $firstinc = 1)
else
{
// no records matching the search string: print error message
echo '<p><em class="error">'.sprintf(T_("Sorry, there are no pages matching \"%s\""), $search_disp).'</em></p>';
echo '<p><em class="error">'.sprintf(T_("Sorry, there are no pages matching \"%s\""), $search).'</em></p>';
}
}
}
Expand Down
57 changes: 36 additions & 21 deletions actions/adminusers/adminusers.php
Original file line number Diff line number Diff line change
Expand Up @@ -306,26 +306,26 @@ function optionRanges($limits, $max, $firstinc = 1)
$sort_fields = array('name', 'email', 'signuptime');
$sort = (isset($_GET['sort'])) ? $this->GetSafeVar('sort', 'get') : "signuptime";
if(!in_array($sort, $sort_fields)) $sort = "signuptime";
// sort order
$sort_order = array('asc', 'desc');
$d = (isset($_GET['d'])) ? $this->GetSafeVar('d', 'get') : "desc";
if(!in_array($d, $sort_order)) $d = "desc";
$d = 'desc';
if(isset($_GET['d'])) {
if($this->GetSafeVar('d', 'get') == 'asc') {
$d = 'asc';
}
}
// start record
$s = (isset($_GET['s'])) ? $this->GetSafeVar('s', 'get') : ADMINUSERS_DEFAULT_START;
if ((int)$s < 0) $s = ADMINUSERS_DEFAULT_START;

// search string
$search = ADMINUSERS_DEFAULT_SEARCH;
$search_disp = ADMINUSERS_DEFAULT_SEARCH;
$search = ADMINUSERS_DEFAULT_SEARCH;
if (isset($_POST['search']))
{
$search = mysql_real_escape_string($this->GetSafeVar('search', 'post'));
$search_disp = $this->GetSafeVar('search', 'post');
$search = $this->GetSafeVar('search', 'post');
}
elseif (isset($_GET['search']))
{
$search = mysql_real_escape_string($this->GetSafeVar('search', 'get'));
$search_disp = $this->GetSafeVar('search', 'get');
$search = $this->GetSafeVar('search', 'get');
}
elseif($this->GetSafeVar('submit', 'post') == T_("Submit"))
{
Expand All @@ -335,16 +335,23 @@ function optionRanges($limits, $max, $firstinc = 1)

// select all
$checked = '';
$params = array();
if (isset($_GET['selectall']))
{
$checked = (1 == $_GET['selectall']) ? ' checked="checked"' : '';
}

// restrict MySQL query by search string
$where = "(status IS NULL OR status != 'deleted') AND ";
$where .= ('' == $search) ? '1' : "name LIKE '%".$search."%'";
if('' == $search) {
$where .= '1';
} else {
$where .= "name LIKE :search";
$params = array(':search' => '%'.$search.'%');
}
// get total number of users
$numusers = $this->getCount('users', $where);

$numusers = $this->getCount('users', $where, $params);
// If the user doesn't specifically want to change the records
// per page, then use the default. The problem here is that one
// form is being used to process two post requests, so things
Expand All @@ -363,7 +370,7 @@ function optionRanges($limits, $max, $firstinc = 1)
// build pager form
$form_filter = $this->FormOpen('','','post','user_admin_panel');
$form_filter .= '<fieldset><legend>'.T_("Filter view:").'</legend>'."\n";
$form_filter .= '<label for="search">'.T_("Search user:").'</label> <input type ="text" id="search" name="search" title="'.T_("Enter a search string").'" size="20" maxlength="50" value="'.$search_disp.'"/> <input name="submit" type="submit" value="'.T_("Submit").'" /><br />'."\n";
$form_filter .= '<label for="search">'.T_("Search user:").'</label> <input type ="text" id="search" name="search" title="'.T_("Enter a search string").'" size="20" maxlength="50" value="'.$search.'"/> <input name="submit" type="submit" value="'.T_("Submit").'" /><br />'."\n";
// get values range for drop-down
$users_opts = optionRanges($user_limits,$numusers, ADMINUSERS_DEFAULT_MIN_RECORDS_DISPLAY);
$form_filter .= '<label for="l">'.T_("Show").'</label> '."\n";
Expand Down Expand Up @@ -392,8 +399,10 @@ function optionRanges($limits, $max, $firstinc = 1)
$form_filter .= '</fieldset>'.$this->FormClose()."\n";

// get user list
$userdata = $this->LoadAll("SELECT * FROM ".$this->GetConfigValue('table_prefix')."users WHERE ".$where." ORDER BY ".$sort." ".$d." limit ".$s.", ".$l);

$params[':sort'] = $sort;
$params[':s'] = (int)$s;
$params[':l'] = (int)$l;
$userdata = $this->LoadAll("SELECT * FROM ".$this->GetConfigValue('table_prefix')."users WHERE ".$where." ORDER BY :sort $d limit :s, :l", $params);
if ($userdata)
{
// build header links
Expand Down Expand Up @@ -422,12 +431,18 @@ function optionRanges($limits, $max, $firstinc = 1)
foreach($userdata as $user)
{
// get counts
$where_owned = "`owner` = '".$user['name']."' AND latest = 'Y'";
$where_changes = "`user` = '".$user['name']."'";
$where_comments = "`user` = '".$user['name']."'";
$numowned = $this->getCount('pages', $where_owned);
$numchanges = $this->getCount('pages', $where_changes);
$numcomments = $this->getCount('comments', $where_comments);
$where_owned = "`owner` = :owner AND latest = 'Y'";
$where_changes = "`user` = :user";
$where_comments = "`user` = :user";
$numowned = $this->getCount('pages',
$where_owned,
array(':owner' => $user[name]));
$numchanges = $this->getCount('pages',
$where_changes,
array(':user' => $user[name]));
$numcomments = $this->getCount('comments',
$where_comments,
array(':user' => $user[name]));

// build statistics links if needed
$ownedlink = ($numowned > 0)? '<a title="'.sprintf(T_("Display pages owned by %s (%d)"),$user['name'],$numowned).'" href="'.$this->Href('','','user='.$user['name'].'&amp;action=owned').'">'.$numowned.'</a>' : '0';
Expand Down Expand Up @@ -485,7 +500,7 @@ function optionRanges($limits, $max, $firstinc = 1)
else
{
// no records matching the search string: print error message
echo '<p><em class="error">'.sprintf(T_("Sorry, there are no users matching \"%s\""), $search_disp).'</em></p>';
echo '<p><em class="error">'.sprintf(T_("Sorry, there are no users matching \"%s\""), $search).'</em></p>';
}
}
}
Expand Down
10 changes: 3 additions & 7 deletions actions/countowned/countowned.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,13 @@
* @todo print different text if user is not logged in
* @todo Add parameter to specify date range #955
*/
/*
$where = "`owner` = '".mysql_real_escape_string($this->GetUserName())."' AND `latest` = 'Y'";
$count = $this->getCount('pages', $where);
*/
$count = 0;
if ($username = $this->GetUserName()) // no param: get name of logged in user only (#543)
{
$where = "owner = '".mysql_real_escape_string($username)."' AND latest = 'Y'";
$count = $this->getCount('pages',$where);
$where = "owner = :username AND latest = 'Y'";
$count = $this->getCount('pages', $where, array(':username' => $username));
}

echo $this->Link('MyPages', '', $count,'','', T_("Display a list of the pages you currently own"));

?>
?>
32 changes: 20 additions & 12 deletions actions/dbinfo/dbinfo.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@
* By specifying prefix='0' the prefix configured for Wikka is ignored, allowing other tables in the same database (if any)
* to be inspected.
*
* NOTE: These calls are most likely MySQL-specific. This action
* needs some work to make it db-agnostic.
*
* Syntax:
* {{dbinfo [all="0|1"] [prefix="0|1"]}}
*
Expand Down Expand Up @@ -69,7 +72,7 @@
// variables

$isAdmin = $this->IsAdmin();
$database = $this->GetConfigValue('mysql_database');
$database = $this->GetConfigValue('dbms_database');
$prefix = $this->GetConfigValue('table_prefix');

// ---------------------- processsing --------------------------
Expand Down Expand Up @@ -105,10 +108,10 @@
if ($bAll)
{
$query = 'SHOW DATABASES';
$tableresult = mysql_query($query);
$tableresult = $this->Query($query)->fetchAll();
if ($tableresult)
{
while ($row = mysql_fetch_assoc($tableresult))
foreach ($tableresult as $row)
{
$aDbList[] = $row['Database'];
}
Expand Down Expand Up @@ -142,36 +145,38 @@
{
$seldb = $database; # no choice: wikka database
}

if (isset($seldb))
{
$query = 'SHOW CREATE DATABASE '.$seldb;
$dbcreateresult = mysql_query($query);
$query = 'SHOW CREATE DATABASE '.$this->pdo_quote_identifier($seldb);
$dbcreateresult =
$this->Query($query);
if ($dbcreateresult)
{
$row = mysql_fetch_assoc($dbcreateresult);
$dbcreate = $row['Create Database'];
$dbcreate = ($dbcreateresult->fetch())['Create Database'];
$dbcreateresult->closeCursor();
}
}

// table list
$aTableList = array();
if (isset($seldb))
{
$query = 'SHOW TABLES FROM '.$seldb;
$query = 'SHOW TABLES FROM '.$this->pdo_quote_identifier($seldb);
if ($bPrefix)
{
$pattern = $prefix.'%';
$query .= " LIKE '".$pattern."'";
}
$tablelistresult = mysql_query($query);
$tablelistresult = $this->Query($query)->fetchAll();
if ($tablelistresult)
{
$colname = 'Tables_in_'.$seldb;
if ($bPrefix)
{
$colname .= ' ('.$pattern.')';
}
while ($row = mysql_fetch_assoc($tablelistresult))
foreach($tablelistresult as $row)
{
$aTableList[] = $row[$colname];
}
Expand All @@ -184,12 +189,15 @@
if (isset($_POST['seltable']) && in_array($_POST['seltable'],$aTableList)) # valid choice
{
$seltable = $this->GetSafeVar('seltable', 'post');
$seltable = $this->pdo_quote_identifier($seltable);
$query = 'SHOW CREATE TABLE '.$seltable;
$tablecreateresult = mysql_query($query);
$tablecreateresult =
$this->Query($query);
if ($tablecreateresult)
{
$row = mysql_fetch_assoc($tablecreateresult);
$row = $tablecreateresult->fetch();
$tablecreate = $row['Create Table'];
$tablecreateresult->closeCursor();
}
}
}
Expand Down
4 changes: 2 additions & 2 deletions actions/highscores/highscores.php
Original file line number Diff line number Diff line change
Expand Up @@ -84,11 +84,11 @@
}

//fetch data
$rank_query = $this->Query($query);
$rank_query = $this->Query($query)->fetchAll();

$i = 0;
$str = '';
while($row = mysql_fetch_array($rank_query))
foreach($rank_query as $row)
{
$i++;
$str .= ' <tr '.(($i % 2)? '' : 'class="alt"').'>'."\n";
Expand Down
Loading

0 comments on commit 0f2bd2b

Please sign in to comment.