Skip to content
Snippets Groups Projects
Commit 4148c4d4 authored by Giovannoni Laurent's avatar Giovannoni Laurent
Browse files

FEAT #2681

parent 8a058f7b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
core/trunk/core/class/docservers_controler.php
+ 48
56
View file @ 4148c4d4
......@@ -723,20 +723,17 @@ class docservers_controler
return false;
}
$security = new security();
$db = new dbquery();
$db->connect();
$db = new Database();
$tableName = $security->retrieve_table_from_coll($coll_id);
if (!isset($tableName) || empty($tableName)) {
return false;
}
$query = "select docserver_id from " . $tableName
. " where docserver_id = '" . $docserver_id . "'";
$db->query($query);
if ($db->nb_result() > 0) {
$db->disconnect();
. " where docserver_id = ?";
$stmt = $db->query($query, array($docserver_id));
if ($stmt->rowCount() > 0) {
return true;
}
$db->disconnect();
return false;
}
......@@ -748,20 +745,17 @@ class docservers_controler
public function adrxLinkExists($docserver_id, $coll_id)
{
$security = new security();
$db = new dbquery();
$db->connect();
$db = new Database();
$adrName = $security->retrieveAdrFromColl($coll_id);
if (!isset($adrName) || empty($adrName)) {
return false;
}
$query = "select docserver_id from " . $adrName
. " where docserver_id = '" . $docserver_id . "'";
$db->query($query);
if ($db->nb_result() > 0) {
$db->disconnect();
. " where docserver_id = ?";
$stmt = $db->query($query, array($docserver_id));
if ($stmt->rowCount() > 0) {
return true;
}
$db->disconnect();
}
/**
......@@ -779,21 +773,21 @@ class docservers_controler
) {
return false;
}
$db = new dbquery();
$db->connect();
$db = new Database();
$query = "select adr_priority_number from " . _DOCSERVERS_TABLE_NAME
. " where adr_priority_number = "
. $docserver->adr_priority_number
. " AND docserver_type_id = '"
. $func->protect_string_db($docserver->docserver_type_id) . "'"
. " AND docserver_id <> '"
. $func->protect_string_db($docserver->docserver_id) . "'";
$db->query($query);
if ($db->nb_result() > 0) {
$db->disconnect();
. " where adr_priority_number = ? AND docserver_type_id = ?"
. " AND docserver_id <> ?";
$stmt = $db->query(
$query,
array(
$docserver->adr_priority_number,
$docserver->docserver_type_id,
$docserver->docserver_id
)
);
if ($stmt->rowCount() > 0) {
return false;
}
$db->disconnect();
return true;
}
......@@ -812,20 +806,21 @@ class docservers_controler
) {
return false;
}
$db = new dbquery();
$db->connect();
$db = new Database();
$query = "select priority_number from " . _DOCSERVERS_TABLE_NAME
. " where priority_number = " . $docserver->priority_number
. " AND docserver_type_id = '"
. $func->protect_string_db($docserver->docserver_type_id) . "'"
. " AND docserver_id <> '"
. $func->protect_string_db($docserver->docserver_id) . "'";
$db->query($query);
if ($db->nb_result() > 0) {
$db->disconnect();
. " where priority_number = ? AND docserver_type_id = ?"
. " AND docserver_id <> ?";
$stmt = $db->query(
$query,
array(
$docserver->priority_number,
$docserver->docserver_type_id,
$docserver->docserver_id
)
);
if ($stmt->rowCount() > 0) {
return false;
}
$db->disconnect();
return true;
}
......@@ -842,18 +837,16 @@ class docservers_controler
}
$size_limit_number = floatval($docserver->size_limit_number);
$size_limit_number = $size_limit_number * 1000 * 1000 * 1000;
$db = new dbquery();
$db->connect();
$db = new Database();
$query = "select actual_size_number from " . _DOCSERVERS_TABLE_NAME
. " where docserver_id = '" . $docserver->docserver_id . "'";
$db->query($query);
$queryResult = $db->fetch_object();
. " where docserver_id = ?";
$stmt = $db->query($query, array($docserver->docserver_id));
$queryResult = $stmt->fetchObject();
if (isset($queryResult->actual_size_number)) {
$actual_size_number = floatval($queryResult->actual_size_number);
} else {
$actual_size_number = 0;
}
$db->disconnect();
if ($size_limit_number < $actual_size_number) {
return true;
} else {
......@@ -891,15 +884,12 @@ class docservers_controler
*/
public function getDocserverToInsert($collId)
{
$db = new dbquery();
$db->connect();
$db = new Database();
$query = "select priority_number, docserver_id from "
. _DOCSERVERS_TABLE_NAME . " where is_readonly = 'N' and "
. " enabled = 'Y' and coll_id = '" . $collId
. "' order by priority_number";
$db->query($query);
$queryResult = $db->fetch_object();
$db->disconnect();
. " enabled = 'Y' and coll_id = ? order by priority_number";
$stmt = $db->query($query, array($collId));
$queryResult = $stmt->fetchObject();
if ($queryResult->docserver_id <> '') {
$docserver = $this->get($queryResult->docserver_id);
if (isset($docserver->docserver_id)) {
......@@ -1174,14 +1164,16 @@ class docservers_controler
*/
public function setSize($docserver, $newSize)
{
$db = new dbquery();
$db->connect();
$db->query(
$db = new Database();
$stmt = $db->query(
"update " . _DOCSERVERS_TABLE_NAME
. " set actual_size_number=" . $newSize . " where docserver_id='"
. $docserver->docserver_id . "'"
. " set actual_size_number = ? where docserver_id = ?",
array(
$newSize,
$docserver->docserver_id
)
);
$db->disconnect();
return $newSize;
}
......
core/trunk/core/class/resources_controler.php
+ 34
28
View file @ 4148c4d4
......@@ -77,8 +77,7 @@ class resources_controler
}
$returnCode = 0;
$db = new dbquery();
$db->connect();
$db = new Database();
//copy sended file on tmp
$fileContent = base64_decode($encodedFile);
$random = rand();
......@@ -175,8 +174,8 @@ class resources_controler
$data[$i]['column'] = strtolower($data[$i]['column']);
}
$returnCode = 0;
$db = new dbquery();
$db->connect();
$db = new Database();
//copy sended file on tmp
$fileContent = file_get_contents($fileURI);
$random = rand();
......@@ -263,7 +262,7 @@ class resources_controler
$userPrimaryEntity = false;
$destinationFound = false;
$initiatorFound = false;
$dbQuery = new dbquery();
$dbQuery = new Database();
for ($i=0;$i<count($data);$i++) {
if (strtoupper($data[$i]['type']) == 'INTEGER' || strtoupper($data[$i]['type']) == 'FLOAT') {
if ($data[$i]['value'] == '') {
......@@ -271,7 +270,7 @@ class resources_controler
}
}
if (strtoupper($data[$i]['type']) == 'STRING') {
$data[$i]['value'] = $dbQuery->protect_string_db($data[$i]['value']);
$data[$i]['value'] = $data[$i]['value'];
$data[$i]['value'] = str_replace(";", "", $data[$i]['value']);
$data[$i]['value'] = str_replace("--", "", $data[$i]['value']);
}
......@@ -285,23 +284,21 @@ class resources_controler
$typeIdFound = true;
}
if (strtoupper($data[$i]['column']) == strtoupper('custom_t10')) {
require_once 'core/class/class_db.php';
$dbQuery = new dbquery();
$dbQuery->connect();
require_once 'core/class/class_db_pdo.php';
$dbQuery = new Database();
$mail = array();
$theString = str_replace(">", "", $data[$i]['value']);
$mail = explode("<", $theString);
$queryUser = "SELECT user_id FROM users WHERE mail = "
. "'" . $dbQuery->protect_string_db($mail[count($mail) -1]) . "' and status = 'OK'";
$dbQuery->query($queryUser);
$userIdFound = $dbQuery->fetch_object();
$queryUser = "SELECT user_id FROM users WHERE mail = ? and status = 'OK'";
$stmt = $dbQuery->query($queryUser, array($mail[count($mail) -1]));
$userIdFound = $stmt->fetchObject();
if (!empty($userIdFound->user_id)) {
$toAddressFound = true;
$destUser = $userIdFound->user_id;
$queryUserEntity = "SELECT entity_id FROM users_entities WHERE primary_entity = 'Y' and user_id = '".$destUser."'";
$dbQuery->query($queryUserEntity);
$userEntityId = $dbQuery->fetch_object();
$queryUserEntity = "SELECT entity_id FROM users_entities WHERE primary_entity = 'Y' and user_id = ?";
$stmt = $dbQuery->query($queryUserEntity, array($destUser));
$userEntityId = $stmt->fetchObject();
if (!empty($userEntityId->entity_id)) {
$userEntity = $userEntityId->entity_id;
$userPrimaryEntity = true;
......@@ -445,8 +442,9 @@ class resources_controler
$data = $func->object2array($data);
$queryExtFields = '(';
$queryExtValues = '(';
$db = new dbquery();
$db->connect();
$queryExtValuesFinal = '(';
$parameters = array();
$db = new Database();
for ($i=0;$i<count($data);$i++) {
if (strtoupper($data[$i]['type']) == 'INTEGER' || strtoupper($data[$i]['type']) == 'FLOAT') {
if ($data[$i]['value'] == '') {
......@@ -467,8 +465,8 @@ class resources_controler
break;
}
}
$db->query("SELECT destination, type_id FROM ".$resViewTable." WHERE res_id = " . $resId);
$resView = $db->fetch_object();
$stmt = $db->query("SELECT destination, type_id FROM ".$resViewTable." WHERE res_id = ?", array($resId));
$resView = $stmt->fetchObject();
$myVars = array(
'entity_id' => $resView->destination,
'type_id' => $resView->type_id,
......@@ -476,13 +474,13 @@ class resources_controler
'folder_id' => "",
);
$myChrono = $chronoX->generate_chrono($categoryId, $myVars, 'false');
$data[$i]['value'] = $db->protect_string_db($myChrono);
$data[$i]['value'] = $myChrono;
}
if (strtoupper($data[$i]['column']) == strtoupper('exp_contact_id') && $data[$i]['value'] <> "" && !is_numeric($data[$i]['value'])) {
$theString = str_replace(">", "", $data[$i]['value']);
$mail = explode("<", $theString);
$db->query("SELECT contact_id FROM view_contacts WHERE email = '" . $db->protect_string_db($mail[count($mail) -1]) . "' and enabled = 'Y' order by creation_date asc");
$contact = $db->fetch_object();
$stmt = $db->query("SELECT contact_id FROM view_contacts WHERE email = ? and enabled = 'Y' order by creation_date asc", array($mail[count($mail) -1]));
$contact = $stmt->fetchObject();
if ($contact->contact_id <> "") {
$data[$i]['value'] = $contact->contact_id;
......@@ -493,8 +491,8 @@ class resources_controler
if (strtoupper($data[$i]['column']) == strtoupper('address_id') && $data[$i]['value'] <> "" && !is_numeric($data[$i]['value'])) {
$theString = str_replace(">", "", $data[$i]['value']);
$mail = explode("<", $theString);
$db->query("SELECT ca_id FROM view_contacts WHERE email = '" . $db->protect_string_db($mail[count($mail) -1]) . "' and enabled = 'Y' order by creation_date asc");
$contact = $db->fetch_object();
$stmt = $db->query("SELECT ca_id FROM view_contacts WHERE email = ? and enabled = 'Y' order by creation_date asc", array($mail[count($mail) -1]));
$contact = $stmt->fetchObject();
if ($contact->ca_id <> "") {
$data[$i]['value'] = $contact->ca_id;
} else {
......@@ -510,15 +508,23 @@ class resources_controler
} else {
$queryExtValues .= $data[$i]['value'] . ",";
}
$parameters[] = $data[$i]['value'];
$queryExtValuesFinal .= "?,";
}
$queryExtFields = preg_replace('/,$/', ',res_id)', $queryExtFields);
$queryExtValues = preg_replace(
'/,$/', ',' . $resId . ')', $queryExtValues
);
$queryExt = " insert into " . $table . " " . $queryExtFields
. ' values ' . $queryExtValues ;
$queryExtValuesFinal = preg_replace(
'/,$/', ',' . $resId . ')', $queryExtValuesFinal
);
/*$queryExt = " insert into " . $table . " " . $queryExtFields
. ' values ' . $queryExtValues ;*/
$queryExt = " insert into " . $table . " " . $queryExtFields
. ' values ' . $queryExtValuesFinal ;
//echo $queryExt;exit;
$returnCode = 0;
if ($db->query($queryExt)) {
if ($db->query($queryExt, $parameters)) {
$returnResArray = array(
'returnCode' => (int) 0,
'resId' => $resId,
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment