database.php cleanup. remove dbFetchMonitor and dbFetchGroup. Their usage has been replaced with the Object::find_one usage. Also more quoting of table and colume names to fix #2659

This commit is contained in:
Isaac Connor 2019-08-13 11:45:50 -04:00
parent 29fc63dd15
commit 4140d51e9f
4 changed files with 121 additions and 135 deletions

View File

@ -93,7 +93,7 @@ function dbLog( $sql, $update=false ) {
global $dbLogLevel; global $dbLogLevel;
$noExecute = $update && ($dbLogLevel >= DB_LOG_DEBUG); $noExecute = $update && ($dbLogLevel >= DB_LOG_DEBUG);
if ( $dbLogLevel > DB_LOG_OFF ) if ( $dbLogLevel > DB_LOG_OFF )
ZM\Logger::Debug( "SQL-LOG: $sql".($noExecute?" (not executed)":"") ); ZM\Logger::Debug( "SQL-LOG: $sql".($noExecute?' (not executed)':'') );
return( $noExecute ); return( $noExecute );
} }
@ -112,14 +112,14 @@ function dbEscape( $string ) {
global $dbConn; global $dbConn;
if ( version_compare(phpversion(), '4.3.0', '<')) if ( version_compare(phpversion(), '4.3.0', '<'))
if ( get_magic_quotes_gpc() ) if ( get_magic_quotes_gpc() )
return( $dbConn->quote( stripslashes( $string ) ) ); return $dbConn->quote(stripslashes($string));
else else
return( $dbConn->quote( $string ) ); return $dbConn->quote($string);
else else
if ( get_magic_quotes_gpc() ) if ( get_magic_quotes_gpc() )
return( $dbConn->quote( stripslashes( $string ) ) ); return $dbConn->quote(stripslashes($string));
else else
return( $dbConn->quote( $string ) ); return $dbConn->quote($string);
} }
function dbQuery($sql, $params=NULL) { function dbQuery($sql, $params=NULL) {
@ -204,82 +204,82 @@ function dbFetchAssoc( $sql, $indexCol, $dataCol=false ) {
$dbRows = array(); $dbRows = array();
while( $dbRow = $result->fetch(PDO::FETCH_ASSOC) ) while( $dbRow = $result->fetch(PDO::FETCH_ASSOC) )
$dbRows[$dbRow[$indexCol]] = $dataCol ? $dbRow[$dataCol] : $dbRow; $dbRows[$dbRow[$indexCol]] = $dataCol ? $dbRow[$dataCol] : $dbRow;
return( $dbRows ); return $dbRows;
} }
function dbFetch($sql, $col=false) { function dbFetch($sql, $col=false) {
return( dbFetchAll( $sql, $col ) ); return dbFetchAll($sql, $col);
} }
function dbFetchNext($result, $col=false) { function dbFetchNext($result, $col=false) {
if ( $dbRow = $result->fetch(PDO::FETCH_ASSOC) ) if ( $dbRow = $result->fetch(PDO::FETCH_ASSOC) )
return( $col?$dbRow[$col]:$dbRow ); return $col ? $dbRow[$col] : $dbRow;
return( false ); return false;
} }
function dbNumRows( $sql ) { function dbNumRows( $sql ) {
$result = dbQuery($sql); $result = dbQuery($sql);
return( $result->rowCount() ); return $result->rowCount();
} }
function dbInsertId() { function dbInsertId() {
global $dbConn; global $dbConn;
return( $dbConn->lastInsertId() ); return $dbConn->lastInsertId();
} }
function getEnumValues($table, $column) { function getEnumValues($table, $column) {
$row = dbFetchOne( "describe $table $column" ); $row = dbFetchOne("DESCRIBE `$table` `$column`");
preg_match_all("/'([^']+)'/", $row['Type'], $matches); preg_match_all("/'([^']+)'/", $row['Type'], $matches);
return( $matches[1] ); return $matches[1];
} }
function getSetValues($table, $column) { function getSetValues($table, $column) {
return( getEnumValues( $table, $column ) ); return getEnumValues($table, $column);
} }
function getUniqueValues($table, $column, $asString=1) { function getUniqueValues($table, $column, $asString=1) {
$values = array(); $values = array();
$sql = "select distinct $column from $table where (not isnull($column) and $column != '') order by $column"; $sql = "SELECT DISTINCT `$column` FROM `$table` WHERE (NOT isnull(`$column`) AND `$column` != '') ORDER BY `$column`";
foreach ( dbFetchAll($sql) as $row ) { foreach ( dbFetchAll($sql) as $row ) {
if ( $asString ) if ( $asString )
$values[$row[$column]] = $row[$column]; $values[$row[$column]] = $row[$column];
else else
$values[] = $row[$column]; $values[] = $row[$column];
} }
return( $values ); return $values;
} }
function getTableColumns( $table, $asString=1 ) { function getTableColumns( $table, $asString=1 ) {
$columns = array(); $columns = array();
$sql = "describe $table"; $sql = "DESCRIBE `$table`";
foreach ( dbFetchAll($sql) as $row ) { foreach ( dbFetchAll($sql) as $row ) {
if ( $asString ) if ( $asString )
$columns[$row['Field']] = $row['Type']; $columns[$row['Field']] = $row['Type'];
else else
$columns[] = $row['Type']; $columns[] = $row['Type'];
} }
return( $columns ); return $columns;
} }
function getTableAutoInc( $table ) { function getTableAutoInc( $table ) {
$row = dbFetchOne( 'show table status where Name=?', NULL, array($table) ); $row = dbFetchOne('SHOW TABLE status WHERE Name=?', NULL, array($table));
return( $row['Auto_increment'] ); return $row['Auto_increment'];
} }
function getTableDescription( $table, $asString=1 ) { function getTableDescription( $table, $asString=1 ) {
$columns = array(); $columns = array();
foreach( dbFetchAll( "describe $table" ) as $row ) { foreach( dbFetchAll("DESCRIBE `$table`") as $row ) {
$desc = array( $desc = array(
'name' => $row['Field'], 'name' => $row['Field'],
'required' => ($row['Null']=='NO')?true:false, 'required' => ($row['Null']=='NO')?true:false,
'default' => $row['Default'], 'default' => $row['Default'],
'db' => $row, 'db' => $row,
); );
if ( preg_match( "/^varchar\((\d+)\)$/", $row['Type'], $matches ) ) { if ( preg_match('/^varchar\((\d+)\)$/', $row['Type'], $matches) ) {
$desc['type'] = 'text'; $desc['type'] = 'text';
$desc['typeAttrib'] = 'varchar'; $desc['typeAttrib'] = 'varchar';
$desc['maxLength'] = $matches[1]; $desc['maxLength'] = $matches[1];
} elseif ( preg_match( "/^(\w+)?text$/", $row['Type'], $matches ) ) { } elseif ( preg_match('/^(\w+)?text$/', $row['Type'], $matches) ) {
$desc['type'] = 'text'; $desc['type'] = 'text';
if ( !empty($matches[1]) ) if ( !empty($matches[1]) )
$desc['typeAttrib'] = $matches[1]; $desc['typeAttrib'] = $matches[1];
@ -298,12 +298,12 @@ function getTableDescription( $table, $asString=1 ) {
ZM\Error("Unexpected text qualifier '".$matches[1]."' found for field '".$row['Field']."' in table '".$table."'"); ZM\Error("Unexpected text qualifier '".$matches[1]."' found for field '".$row['Field']."' in table '".$table."'");
break; break;
} }
} elseif ( preg_match( "/^(enum|set)\((.*)\)$/", $row['Type'], $matches ) ) { } elseif ( preg_match('/^(enum|set)\((.*)\)$/', $row['Type'], $matches) ) {
$desc['type'] = 'text'; $desc['type'] = 'text';
$desc['typeAttrib'] = $matches[1]; $desc['typeAttrib'] = $matches[1];
preg_match_all("/'([^']+)'/", $matches[2], $matches); preg_match_all("/'([^']+)'/", $matches[2], $matches);
$desc['values'] = $matches[1]; $desc['values'] = $matches[1];
} elseif ( preg_match( "/^(\w+)?int\(\d+\)(?:\s+(unsigned))?$/", $row['Type'], $matches ) ) { } elseif ( preg_match('/^(\w+)?int\(\d+\)(?:\s+(unsigned))?$/', $row['Type'], $matches) ) {
$desc['type'] = 'integer'; $desc['type'] = 'integer';
switch ( $matches[1] ) { switch ( $matches[1] ) {
case 'tiny' : case 'tiny' :
@ -336,7 +336,7 @@ function getTableDescription( $table, $asString=1 ) {
$desc['maxValue'] += (-$desc['minValue']); $desc['maxValue'] += (-$desc['minValue']);
$desc['minValue'] = 0; $desc['minValue'] = 0;
} }
} elseif ( preg_match( "/^(?:decimal|numeric)\((\d+)(?:,(\d+))?\)(?:\s+(unsigned))?$/", $row['Type'], $matches ) ) { } elseif ( preg_match('/^(?:decimal|numeric)\((\d+)(?:,(\d+))?\)(?:\s+(unsigned))?$/', $row['Type'], $matches) ) {
$desc['type'] = 'fixed'; $desc['type'] = 'fixed';
$desc['range'] = $matches[1]; $desc['range'] = $matches[1];
if ( isset($matches[2]) ) if ( isset($matches[2]) )
@ -344,7 +344,7 @@ function getTableDescription( $table, $asString=1 ) {
else else
$desc['precision'] = 0; $desc['precision'] = 0;
$desc['unsigned'] = ( isset($matches[3]) && $matches[3] == 'unsigned' ); $desc['unsigned'] = ( isset($matches[3]) && $matches[3] == 'unsigned' );
} elseif ( preg_match( "/^(datetime|timestamp|date|time)$/", $row['Type'], $matches ) ) { } elseif ( preg_match('/^(datetime|timestamp|date|time)$/', $row['Type'], $matches) ) {
$desc['type'] = 'datetime'; $desc['type'] = 'datetime';
switch ( $desc['typeAttrib'] = $matches[1] ) { switch ( $desc['typeAttrib'] = $matches[1] ) {
case 'datetime' : case 'datetime' :
@ -370,15 +370,6 @@ function getTableDescription( $table, $asString=1 ) {
else else
$columns[] = $desc; $columns[] = $desc;
} }
return( $columns ); return $columns;
} }
function dbFetchMonitor( $mid ) {
return( dbFetchOne( 'select * from Monitors where Id = ?', NULL, array($mid) ) );
}
function dbFetchGroup( $gid ) {
return( dbFetchOne( 'select * from Groups where Id = ?', NULL, array($gid) ) );
}
?> ?>

View File

@ -23,34 +23,34 @@ if ( !canEdit('Monitors') ) {
return; return;
} }
$monitor = dbFetchMonitor($_REQUEST['mid']); $monitor = ZM\Monitor::find_one(array('Id'=>$_REQUEST['mid']));
$focusWindow = true; $focusWindow = true;
xhtmlHeaders(__FILE__, translate('Function').' - '.validHtmlStr($monitor['Name'])); xhtmlHeaders(__FILE__, translate('Function').' - '.validHtmlStr($monitor->Name()));
?> ?>
<body> <body>
<div id="page"> <div id="page">
<div id="header"> <div id="header">
<h2><?php echo translate('Function').' - '.validHtmlStr($monitor['Name']) ?></h2> <h2><?php echo translate('Function').' - '.validHtmlStr($monitor->Name()) ?></h2>
</div> </div>
<div id="content"> <div id="content">
<form name="contentForm" id="contentForm" method="post" action="?"> <form name="contentForm" id="contentForm" method="post" action="?">
<input type="hidden" name="view" value="function"/> <input type="hidden" name="view" value="function"/>
<input type="hidden" name="action" value="function"/> <input type="hidden" name="action" value="function"/>
<input type="hidden" name="mid" value="<?php echo $monitor['Id'] ?>"/> <input type="hidden" name="mid" value="<?php echo $monitor->Id() ?>"/>
<p> <p>
<select name="newFunction"> <select name="newFunction">
<?php <?php
foreach ( getEnumValues('Monitors', 'Function') as $optFunction ) { foreach ( getEnumValues('Monitors', 'Function') as $optFunction ) {
?> ?>
<option value="<?php echo $optFunction ?>"<?php if ( $optFunction == $monitor['Function'] ) { ?> selected="selected"<?php } ?>><?php echo translate('Fn'.$optFunction) ?></option> <option value="<?php echo $optFunction ?>"<?php if ( $optFunction == $monitor->Function() ) { ?> selected="selected"<?php } ?>><?php echo translate('Fn'.$optFunction) ?></option>
<?php <?php
} }
?> ?>
</select> </select>
<label for="newEnabled"><?php echo translate('Enabled') ?></label> <label for="newEnabled"><?php echo translate('Enabled') ?></label>
<input type="checkbox" name="newEnabled" id="newEnabled" value="1"<?php if ( !empty($monitor['Enabled']) ) { ?> checked="checked"<?php } ?>/> <input type="checkbox" name="newEnabled" id="newEnabled" value="1"<?php if ( !empty($monitor->Enabled()) ) { ?> checked="checked"<?php } ?>/>
</p> </p>
<div id="contentButtons"> <div id="contentButtons">
<button type="submit" value="Save"><?php echo translate('Save') ?></button> <button type="submit" value="Save"><?php echo translate('Save') ?></button>

View File

@ -19,23 +19,21 @@
// //
if ( !canView( 'Monitors' ) ) if ( !canView('Monitors') ) {
{ $view = 'error';
$view = "error";
return; return;
} }
$mid = validInt($_REQUEST['mid']); $mid = validInt($_REQUEST['mid']);
$zid = !empty($_REQUEST['zid'])?validInt($_REQUEST['zid']):0; $zid = !empty($_REQUEST['zid'])?validInt($_REQUEST['zid']):0;
if ( $zid > 0 ) { if ( $zid > 0 ) {
$newZone = dbFetchOne('SELECT * FROM Zones WHERE MonitorId = ? AND Id = ?', NULL, array($mid, $zid)); $newZone = dbFetchOne('SELECT * FROM Zones WHERE MonitorId = ? AND Id = ?', NULL, array($mid, $zid));
} else { } else {
$view = "error"; $view = 'error';
return; return;
} }
$monitor = dbFetchMonitor ( $mid ); $monitor = ZM\Monitor::find_one($mid);
// Only allow certain filename characters (not including a period) to prevent directory traversal. // Only allow certain filename characters (not including a period) to prevent directory traversal.
$plugin = preg_replace('/[^-a-zA-Z0-9]/', '', $_REQUEST['pl']); $plugin = preg_replace('/[^-a-zA-Z0-9]/', '', $_REQUEST['pl']);
@ -104,7 +102,7 @@ function pLang($name)
<body> <body>
<div id="page"> <div id="page">
<div id="header"> <div id="header">
<h2><?php echo translate('Monitor') ?> <?php echo $monitor['Name'] ?> - <?php echo translate('Zone') ?> <?php echo $newZone['Name'] ?> - <?php echo translate('Plugin') ?> <?php echo validHtmlStr($plugin) ?></h2> <h2><?php echo translate('Monitor') ?> <?php echo $monitor->Name() ?> - <?php echo translate('Zone') ?> <?php echo $newZone['Name'] ?> - <?php echo translate('Plugin') ?> <?php echo validHtmlStr($plugin) ?></h2>
</div> </div>
<div id="content"> <div id="content">
<form name="pluginForm" id="pluginForm" method="post" action="?"> <form name="pluginForm" id="pluginForm" method="post" action="?">
@ -115,16 +113,14 @@ function pLang($name)
<input type="hidden" name="pl" value="<?php echo validHtmlStr($plugin) ?>"/> <input type="hidden" name="pl" value="<?php echo validHtmlStr($plugin) ?>"/>
<div id="settingsPanel"> <div id="settingsPanel">
<table id="pluginSettings" cellspacing="0"> <table id="pluginSettings">
<tbody> <tbody>
<?php <?php
foreach($pluginOptions as $name => $popt) foreach($pluginOptions as $name => $popt) {
{
?> ?>
<tr><th scope="row"><?php echo pLang($name) ?></th> <tr><th scope="row"><?php echo pLang($name) ?></th>
<?php <?php
switch($popt['Type']) switch($popt['Type']) {
{
case "checkbox": case "checkbox":
echo "CHECKBOX"; echo "CHECKBOX";
break; break;
@ -134,8 +130,7 @@ foreach($pluginOptions as $name => $popt)
<td colspan="2"> <td colspan="2">
<select name="pluginOpt[<?php echo $popt['Name'] ?>]" id="pluginOpt[<?php echo $popt['Name'] ?>]"> <select name="pluginOpt[<?php echo $popt['Name'] ?>]" id="pluginOpt[<?php echo $popt['Name'] ?>]">
<?php <?php
foreach($pchoices as $pchoice) foreach($pchoices as $pchoice) {
{
$psel=""; $psel="";
if($popt['Value']==$pchoice) if($popt['Value']==$pchoice)
$psel="selected"; $psel="selected";

View File

@ -18,30 +18,29 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
// //
if ( !canView( 'Control' ) ) if ( !canView('Control') ) {
{ $view = 'error';
$view = "error";
return; return;
} }
$monitor = dbFetchMonitor( $_REQUEST['mid'] ); $monitor = ZM\Monitor::find_one(array('Id'=>$_REQUEST['mid']));
$zmuCommand = getZmuCommand( " -m ".escapeshellarg($_REQUEST['mid'])." -B -C -H -O" ); $zmuCommand = getZmuCommand(' -m '.escapeshellarg($_REQUEST['mid']).' -B -C -H -O');
$zmuOutput = exec( $zmuCommand ); $zmuOutput = exec( $zmuCommand );
list($brightness, $contrast, $hue, $colour) = explode(' ', $zmuOutput); list($brightness, $contrast, $hue, $colour) = explode(' ', $zmuOutput);
$monitor['Brightness'] = $brightness; $monitor->Brightness() = $brightness;
$monitor['Contrast'] = $contrast; $monitor->Contrast() = $contrast;
$monitor['Hue'] = $hue; $monitor->Hue() = $hue;
$monitor['Colour'] = $colour; $monitor->Colour() = $colour;
$focusWindow = true; $focusWindow = true;
xhtmlHeaders(__FILE__, validHtmlStr($monitor['Name'])." - ".translate('Settings') ); xhtmlHeaders(__FILE__, validHtmlStr($monitor->Name()).' - '.translate('Settings'));
?> ?>
<body> <body>
<div id="page"> <div id="page">
<div id="header"> <div id="header">
<h2><?php echo validHtmlStr($monitor['Name']) ?> - <?php echo translate('Settings') ?></h2> <h2><?php echo validHtmlStr($monitor->Name()) ?> - <?php echo translate('Settings') ?></h2>
</div> </div>
<div id="content"> <div id="content">
<form name="contentForm" id="contentForm" method="post" action="?"> <form name="contentForm" id="contentForm" method="post" action="?">
@ -52,24 +51,25 @@ xhtmlHeaders(__FILE__, validHtmlStr($monitor['Name'])." - ".translate('Settings'
<tbody> <tbody>
<tr> <tr>
<th scope="row"><?php echo translate('Brightness') ?></th> <th scope="row"><?php echo translate('Brightness') ?></th>
<td><input type="text" name="newBrightness" value="<?php echo $monitor['Brightness'] ?>" size="8"<?php if ( !canView( 'Control' ) ) { ?> disabled="disabled"<?php } ?>/></td> <td><input type="number" name="newBrightness" value="<?php echo $monitor->Brightness() ?>" <?php if ( !canView( 'Control' ) ) { ?> disabled="disabled"<?php } ?>/></td>
</tr> </tr>
<tr> <tr>
<th scope="row"><?php echo translate('Contrast') ?></th> <th scope="row"><?php echo translate('Contrast') ?></th>
<td><input type="text" name="newContrast" value="<?php echo $monitor['Contrast'] ?>" size="8"<?php if ( !canView( 'Control' ) ) { ?> disabled="disabled"<?php } ?>/></td> <td><input type="number" name="newContrast" value="<?php echo $monitor->Contrast() ?>" <?php echo canView('Control') ? '' : ' disabled="disabled"' ?>/></td>
</tr> </tr>
<tr> <tr>
<th scope="row"><?php echo translate('Hue') ?></th> <th scope="row"><?php echo translate('Hue') ?></th>
<td><input type="text" name="newHue" value="<?php echo $monitor['Hue'] ?>" size="8"<?php if ( !canView( 'Control' ) ) { ?> disabled="disabled"<?php } ?>/></td> <td><input type="number" name="newHue" value="<?php echo $monitor->Hue() ?>" <?php echo canView('Control') ? '' : ' disabled="disabled"' ?>/></td>
</tr> </tr>
<tr> <tr>
<th scope="row"><?php echo translate('Colour') ?></th> <th scope="row"><?php echo translate('Colour') ?></th>
<td><input type="text" name="newColour" value="<?php echo $monitor['Colour'] ?>" size="8"<?php if ( !canView( 'Control' ) ) { ?> disabled="disabled"<?php } ?>/></td> <td><input type="number" name="newColour" value="<?php echo $monitor->Colour() ?>" <?php echo canView('Control') ? '' : ' disabled="disabled"' ?>/></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
<div id="contentButtons"> <div id="contentButtons">
<input type="submit" value="<?php echo translate('Save') ?>"<?php if ( !canView( 'Control' ) ) { ?> disabled="disabled"<?php } ?>/><input type="button" value="<?php echo translate('Close') ?>" data-on-click="closeWindow"/> <button type="submit" value="Save"<?php echo canView('Control') ? '' : ' disabled="disabled"' ?>><?php echo translate('Save') ?></button>
<button type="button" value="Close" data-on-click="closeWindow"/><?php echo translate('Close') ?></button>
</div> </div>
</form> </form>
</div> </div>