From 34a0902089a410d1f7dda78d1f8b0771333c09df Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 12 Sep 2014 08:37:51 -0400
Subject: [PATCH] Use consistent column/table quoting in sql queries
---
program/lib/Roundcube/rcube_session.php | 42 ++++++++++++++++++++++++++----------------
1 files changed, 26 insertions(+), 16 deletions(-)
diff --git a/program/lib/Roundcube/rcube_session.php b/program/lib/Roundcube/rcube_session.php
index caca262..8306a06 100644
--- a/program/lib/Roundcube/rcube_session.php
+++ b/program/lib/Roundcube/rcube_session.php
@@ -3,7 +3,7 @@
/*
+-----------------------------------------------------------------------+
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2005-2012, The Roundcube Dev Team |
+ | Copyright (C) 2005-2014, The Roundcube Dev Team |
| Copyright (C) 2011, Kolab Systems AG |
| |
| Licensed under the GNU General Public License version 3 or |
@@ -46,6 +46,13 @@
private $logging = false;
private $storage;
private $memcache;
+
+ /**
+ * Blocks session data from being written to database.
+ * Can be used if write-race conditions are to be expected
+ * @var boolean
+ */
+ public $nowrite = false;
/**
@@ -96,6 +103,8 @@
array($this, 'db_write'),
array($this, 'db_destroy'),
array($this, 'gc'));
+
+ $this->table_name = $this->db->table_name('session', true);
}
}
@@ -168,9 +177,8 @@
public function db_read($key)
{
$sql_result = $this->db->query(
- "SELECT vars, ip, changed, " . $this->db->now() . " AS ts"
- . " FROM " . $this->db->table_name('session')
- . " WHERE sess_id = ?", $key);
+ "SELECT `vars`, `ip`, `changed`, " . $this->db->now() . " AS ts"
+ . " FROM {$this->table_name} WHERE `sess_id` = ?", $key);
if ($sql_result && ($sql_arr = $this->db->fetch_assoc($sql_result))) {
$this->time_diff = time() - strtotime($sql_arr['ts']);
@@ -197,9 +205,11 @@
*/
public function db_write($key, $vars)
{
- $now = $this->db->now();
- $table = $this->db->table_name('session');
- $ts = microtime(true);
+ $now = $this->db->now();
+ $ts = microtime(true);
+
+ if ($this->nowrite)
+ return true;
// no session row in DB (db_read() returns false)
if (!$this->key) {
@@ -217,17 +227,18 @@
$newvars = $this->_fixvars($vars, $oldvars);
if ($newvars !== $oldvars) {
- $this->db->query("UPDATE $table "
- . "SET changed = $now, vars = ? WHERE sess_id = ?",
+ $this->db->query("UPDATE {$this->table_name} "
+ . "SET `changed` = $now, `vars` = ? WHERE `sess_id` = ?",
base64_encode($newvars), $key);
}
else if ($ts - $this->changed + $this->time_diff > $this->lifetime / 2) {
- $this->db->query("UPDATE $table SET changed = $now"
- . " WHERE sess_id = ?", $key);
+ $this->db->query("UPDATE {$this->table_name} SET `changed` = $now"
+ . " WHERE `sess_id` = ?", $key);
}
}
else {
- $this->db->query("INSERT INTO $table (sess_id, vars, ip, created, changed)"
+ $this->db->query("INSERT INTO {$this->table_name}"
+ . " (`sess_id`, `vars`, `ip`, `created`, `changed`)"
. " VALUES (?, ?, ?, $now, $now)",
$key, base64_encode($vars), (string)$this->ip);
}
@@ -280,8 +291,7 @@
public function db_destroy($key)
{
if ($key) {
- $this->db->query(sprintf("DELETE FROM %s WHERE sess_id = ?",
- $this->db->table_name('session')), $key);
+ $this->db->query("DELETE FROM {$this->table_name} WHERE `sess_id` = ?", $key);
}
return true;
@@ -397,8 +407,8 @@
if ($this->gc_enabled) {
// just delete all expired sessions
if ($this->storage == 'db') {
- $this->db->query("DELETE FROM " . $this->db->table_name('session')
- . " WHERE changed < " . $this->db->now(-$this->gc_enabled));
+ $this->db->query("DELETE FROM {$this->table_name}"
+ . " WHERE `changed` < " . $this->db->now(-$this->gc_enabled));
}
foreach ($this->gc_handlers as $fct) {
--
Gitblit v1.9.1