From 3412e50b54e3daac8745234e21ab6e72be0ed165 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Wed, 04 Jun 2014 11:20:33 -0400
Subject: [PATCH] Fix attachment menu structure and aria-attributes
---
program/lib/Roundcube/rcube_db.php | 434 ++++++++++++++++++++++++++++++++++-------------------
1 files changed, 279 insertions(+), 155 deletions(-)
diff --git a/program/lib/Roundcube/rcube_db.php b/program/lib/Roundcube/rcube_db.php
index 5d8c4a5..a2271fd 100644
--- a/program/lib/Roundcube/rcube_db.php
+++ b/program/lib/Roundcube/rcube_db.php
@@ -2,8 +2,6 @@
/**
+-----------------------------------------------------------------------+
- | program/include/rcube_db.php |
- | |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2005-2012, The Roundcube Dev Team |
| |
@@ -13,19 +11,17 @@
| |
| PURPOSE: |
| Database wrapper class that implements PHP PDO functions |
- | |
+-----------------------------------------------------------------------+
| Author: Aleksander Machniak <alec@alec.pl> |
+-----------------------------------------------------------------------+
*/
-
/**
* Database independent query interface.
* This is a wrapper for the PHP PDO.
*
* @package Framework
- * @sbpackage Database
+ * @subpackage Database
*/
class rcube_db
{
@@ -35,14 +31,16 @@
protected $db_dsnr; // DSN for read operations
protected $db_connected = false; // Already connected ?
protected $db_mode; // Connection mode
+ protected $db_table_dsn_map = array();
protected $dbh; // Connection handle
+ protected $dbhs = array();
+ protected $table_connections = array();
- protected $db_error = false;
- protected $db_error_msg = '';
- protected $conn_failure = false;
- protected $a_query_results = array('dummy');
- protected $last_res_id = 0;
- protected $db_index = 0;
+ protected $db_error = false;
+ protected $db_error_msg = '';
+ protected $conn_failure = false;
+ protected $db_index = 0;
+ protected $last_result;
protected $tables;
protected $variables;
@@ -52,6 +50,7 @@
'identifier_end' => '"',
);
+ const DEBUG_LINE_LENGTH = 4096;
/**
* Factory, returns driver-specific instance of the class
@@ -75,7 +74,7 @@
$driver = isset($driver_map[$driver]) ? $driver_map[$driver] : $driver;
$class = "rcube_db_$driver";
- if (!class_exists($class)) {
+ if (!$driver || !class_exists($class)) {
rcube::raise_error(array('code' => 600, 'type' => 'db',
'line' => __LINE__, 'file' => __FILE__,
'message' => "Configuration error. Unsupported database driver: $driver"),
@@ -101,39 +100,37 @@
$this->db_dsnw = $db_dsnw;
$this->db_dsnr = $db_dsnr;
$this->db_pconn = $pconn;
+ $this->db_dsnw_noread = rcube::get_instance()->config->get('db_dsnw_noread', false);
$this->db_dsnw_array = self::parse_dsn($db_dsnw);
$this->db_dsnr_array = self::parse_dsn($db_dsnr);
- // Initialize driver class
- $this->init();
- }
-
- /**
- * Initialization of the object with driver specific code
- */
- protected function init()
- {
- // To be used by driver classes
+ $this->db_table_dsn_map = array_map(array($this, 'table_name'), rcube::get_instance()->config->get('db_table_dsn', array()));
}
/**
* Connect to specific database
*
- * @param array $dsn DSN for DB connections
- *
- * @return PDO database handle
+ * @param array $dsn DSN for DB connections
+ * @param string $mode Connection mode (r|w)
*/
- protected function dsn_connect($dsn)
+ protected function dsn_connect($dsn, $mode)
{
$this->db_error = false;
$this->db_error_msg = null;
+
+ // return existing handle
+ if ($this->dbhs[$mode]) {
+ $this->dbh = $this->dbhs[$mode];
+ $this->db_mode = $mode;
+ return $this->dbh;
+ }
// Get database specific connection options
$dsn_string = $this->dsn_string($dsn);
$dsn_options = $this->dsn_options($dsn);
- if ($db_pconn) {
+ if ($this->db_pconn) {
$dsn_options[PDO::ATTR_PERSISTENT] = true;
}
@@ -162,9 +159,11 @@
return null;
}
+ $this->dbh = $dbh;
+ $this->dbhs[$mode] = $dbh;
+ $this->db_mode = $mode;
+ $this->db_connected = true;
$this->conn_configure($dsn, $dbh);
-
- return $dbh;
}
/**
@@ -187,21 +186,12 @@
}
/**
- * Driver-specific database character set setting
- *
- * @param string $charset Character set name
- */
- protected function set_charset($charset)
- {
- $this->query("SET NAMES 'utf8'");
- }
-
- /**
* Connect to appropriate database depending on the operation
*
* @param string $mode Connection mode (r|w)
+ * @param boolean $force Enforce using the given mode
*/
- public function db_connect($mode)
+ public function db_connect($mode, $force = false)
{
// previous connection failed, don't attempt to connect again
if ($this->conn_failure) {
@@ -215,31 +205,61 @@
// Already connected
if ($this->db_connected) {
- // connected to db with the same or "higher" mode
- if ($this->db_mode == 'w' || $this->db_mode == $mode) {
+ // connected to db with the same or "higher" mode (if allowed)
+ if ($this->db_mode == $mode || $this->db_mode == 'w' && !$force && !$this->db_dsnw_noread) {
return;
}
}
$dsn = ($mode == 'r') ? $this->db_dsnr_array : $this->db_dsnw_array;
-
- $this->dbh = $this->dsn_connect($dsn);
- $this->db_connected = is_object($this->dbh);
+ $this->dsn_connect($dsn, $mode);
// use write-master when read-only fails
- if (!$this->db_connected && $mode == 'r') {
- $mode = 'w';
- $this->dbh = $this->dsn_connect($this->db_dsnw_array);
- $this->db_connected = is_object($this->dbh);
+ if (!$this->db_connected && $mode == 'r' && $this->is_replicated()) {
+ $this->dsn_connect($this->db_dsnw_array, 'w');
}
- if ($this->db_connected) {
- $this->db_mode = $mode;
- $this->set_charset('utf8');
+ $this->conn_failure = !$this->db_connected;
+ }
+
+ /**
+ * Analyze the given SQL statement and select the appropriate connection to use
+ */
+ protected function dsn_select($query)
+ {
+ // no replication
+ if ($this->db_dsnw == $this->db_dsnr) {
+ return 'w';
}
- else {
- $this->conn_failure = true;
+
+ // Read or write ?
+ $mode = preg_match('/^(select|show|set)/i', $query) ? 'r' : 'w';
+
+ // find tables involved in this query
+ if (preg_match_all('/(?:^|\s)(from|update|into|join)\s+'.$this->options['identifier_start'].'?([a-z0-9._]+)'.$this->options['identifier_end'].'?\s+/i', $query, $matches, PREG_SET_ORDER)) {
+ foreach ($matches as $m) {
+ $table = $m[2];
+
+ // always use direct mapping
+ if ($this->db_table_dsn_map[$table]) {
+ $mode = $this->db_table_dsn_map[$table];
+ break; // primary table rules
+ }
+ else if ($mode == 'r') {
+ // connected to db with the same or "higher" mode for this table
+ $db_mode = $this->table_connections[$table];
+ if ($db_mode == 'w' && !$this->db_dsnw_noread) {
+ $mode = $db_mode;
+ }
+ }
+ }
+
+ // remember mode chosen (for primary table)
+ $table = $matches[0][2];
+ $this->table_connections[$table] = $mode;
}
+
+ return $mode;
}
/**
@@ -260,6 +280,11 @@
protected function debug($query)
{
if ($this->options['debug_mode']) {
+ if (($len = strlen($query)) > self::DEBUG_LINE_LENGTH) {
+ $diff = $len - self::DEBUG_LINE_LENGTH;
+ $query = substr($query, 0, self::DEBUG_LINE_LENGTH)
+ . "... [truncated $diff bytes]";
+ }
rcube::write_log('sql', '[' . (++$this->db_index) . '] ' . $query . ';');
}
}
@@ -267,14 +292,14 @@
/**
* Getter for error state
*
- * @param int $res_id Optional query result identifier
+ * @param mixed $result Optional query result
*
* @return string Error message
*/
- public function is_error($res_id = null)
+ public function is_error($result = null)
{
- if ($res_id !== null) {
- return $this->_get_result($res_id) === false ? $this->db_error_msg : null;
+ if ($result !== null) {
+ return $result === false ? $this->db_error_msg : null;
}
return $this->db_error ? $this->db_error_msg : null;
@@ -343,7 +368,7 @@
* @param int Number of rows for LIMIT statement
* @param mixed Values to be inserted in query
*
- * @return int Query handle identifier
+ * @return PDOStatement|bool Query handle or False on error
*/
public function limitquery()
{
@@ -363,78 +388,128 @@
* @param int $numrows Number of rows for LIMIT statement
* @param array $params Values to be inserted in query
*
- * @return int Query handle identifier
+ * @return PDOStatement|bool Query handle or False on error
*/
protected function _query($query, $offset, $numrows, $params)
{
- // Read or write ?
- $mode = preg_match('/^(select|show)/i', ltrim($query)) ? 'r' : 'w';
+ $query = ltrim($query);
- $this->db_connect($mode);
+ $this->db_connect($this->dsn_select($query), true);
// check connection before proceeding
if (!$this->is_connected()) {
- return null;
+ return $this->last_result = false;
}
if ($numrows || $offset) {
$query = $this->set_limit($query, $numrows, $offset);
}
- $params = (array) $params;
-
// Because in Roundcube we mostly use queries that are
// executed only once, we will not use prepared queries
$pos = 0;
$idx = 0;
- while ($pos = strpos($query, '?', $pos)) {
- if ($query[$pos+1] == '?') { // skip escaped ?
- $pos += 2;
- }
- else {
- $val = $this->quote($params[$idx++]);
- unset($params[$idx-1]);
- $query = substr_replace($query, $val, $pos, 1);
- $pos += strlen($val);
+ if (count($params)) {
+ while ($pos = strpos($query, '?', $pos)) {
+ if ($query[$pos+1] == '?') { // skip escaped '?'
+ $pos += 2;
+ }
+ else {
+ $val = $this->quote($params[$idx++]);
+ unset($params[$idx-1]);
+ $query = substr_replace($query, $val, $pos, 1);
+ $pos += strlen($val);
+ }
}
}
- // replace escaped ? back to normal
- $query = rtrim(strtr($query, array('??' => '?')), ';');
+ // replace escaped '?' back to normal, see self::quote()
+ $query = str_replace('??', '?', $query);
+ $query = rtrim($query, " \t\n\r\0\x0B;");
$this->debug($query);
- $query = $this->dbh->query($query);
+ // destroy reference to previous result, required for SQLite driver (#1488874)
+ $this->last_result = null;
+ $this->db_error_msg = null;
- if ($query === false) {
- $error = $this->dbh->errorInfo();
+ // send query
+ $result = $this->dbh->query($query);
+
+ if ($result === false) {
+ $result = $this->handle_error($query);
+ }
+
+ $this->last_result = $result;
+
+ return $result;
+ }
+
+ /**
+ * Helper method to handle DB errors.
+ * This by default logs the error but could be overriden by a driver implementation
+ *
+ * @param string Query that triggered the error
+ * @return mixed Result to be stored and returned
+ */
+ protected function handle_error($query)
+ {
+ $error = $this->dbh->errorInfo();
+
+ if (empty($this->options['ignore_key_errors']) || !in_array($error[0], array('23000', '23505'))) {
$this->db_error = true;
$this->db_error_msg = sprintf('[%s] %s', $error[1], $error[2]);
rcube::raise_error(array('code' => 500, 'type' => 'db',
'line' => __LINE__, 'file' => __FILE__,
- 'message' => $this->db_error_msg), true, false);
+ 'message' => $this->db_error_msg . " (SQL Query: $query)"
+ ), true, false);
}
- // add result, even if it's an error
- return $this->_add_result($query);
+ return false;
}
/**
* Get number of affected rows for the last query
*
- * @param number $res_id Optional query handle identifier
+ * @param mixed $result Optional query handle
*
- * @return int Number of rows or false on failure
+ * @return int Number of (matching) rows
*/
- public function affected_rows($res_id = null)
+ public function affected_rows($result = null)
{
- if ($result = $this->_get_result($res_id)) {
+ if ($result || ($result === null && ($result = $this->last_result))) {
return $result->rowCount();
}
return 0;
+ }
+
+ /**
+ * Get number of rows for a SQL query
+ * If no query handle is specified, the last query will be taken as reference
+ *
+ * @param mixed $result Optional query handle
+ * @return mixed Number of rows or false on failure
+ * @deprecated This method shows very poor performance and should be avoided.
+ */
+ public function num_rows($result = null)
+ {
+ if ($result || ($result === null && ($result = $this->last_result))) {
+ // repeat query with SELECT COUNT(*) ...
+ if (preg_match('/^SELECT\s+(?:ALL\s+|DISTINCT\s+)?(?:.*?)\s+FROM\s+(.*)$/ims', $result->queryString, $m)) {
+ $query = $this->dbh->query('SELECT COUNT(*) FROM ' . $m[1], PDO::FETCH_NUM);
+ return $query ? intval($query->fetchColumn(0)) : false;
+ }
+ else {
+ $num = count($result->fetchAll());
+ $result->execute(); // re-execute query because there's no seek(0)
+ return $num;
+ }
+ }
+
+ return false;
}
/**
@@ -464,13 +539,12 @@
* Get an associative array for one row
* If no query handle is specified, the last query will be taken as reference
*
- * @param int $res_id Optional query handle identifier
+ * @param mixed $result Optional query handle
*
* @return mixed Array with col values or false on failure
*/
- public function fetch_assoc($res_id = null)
+ public function fetch_assoc($result = null)
{
- $result = $this->_get_result($res_id);
return $this->_fetch_row($result, PDO::FETCH_ASSOC);
}
@@ -478,31 +552,30 @@
* Get an index array for one row
* If no query handle is specified, the last query will be taken as reference
*
- * @param int $res_id Optional query handle identifier
+ * @param mixed $result Optional query handle
*
* @return mixed Array with col values or false on failure
*/
- public function fetch_array($res_id = null)
+ public function fetch_array($result = null)
{
- $result = $this->_get_result($res_id);
return $this->_fetch_row($result, PDO::FETCH_NUM);
}
/**
* Get col values for a result row
*
- * @param PDOStatement $result Result handle
- * @param int $mode Fetch mode identifier
+ * @param mixed $result Optional query handle
+ * @param int $mode Fetch mode identifier
*
* @return mixed Array with col values or false on failure
*/
protected function _fetch_row($result, $mode)
{
- if (!is_object($result) || !$this->is_connected()) {
- return false;
+ if ($result || ($result === null && ($result = $this->last_result))) {
+ return $result->fetch($mode);
}
- return $result->fetch($mode);
+ return false;
}
/**
@@ -536,10 +609,11 @@
{
// get tables if not cached
if ($this->tables === null) {
- $q = $this->query('SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES ORDER BY TABLE_NAME');
+ $q = $this->query('SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = ? ORDER BY TABLE_NAME',
+ array($this->db_dsnw_array['database']));
- if ($res = $this->_get_result($q)) {
- $this->tables = $res->fetchAll(PDO::FETCH_COLUMN, 0);
+ if ($q) {
+ $this->tables = $q->fetchAll(PDO::FETCH_COLUMN, 0);
}
else {
$this->tables = array();
@@ -558,11 +632,11 @@
*/
public function list_cols($table)
{
- $q = $this->query('SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = ?',
- array($table));
+ $q = $this->query('SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = ? AND TABLE_SCHEMA = ?',
+ array($table, $this->db_dsnw_array['database']));
- if ($res = $this->_get_result($q)) {
- return $res->fetchAll(PDO::FETCH_COLUMN, 0);
+ if ($q) {
+ return $q->fetchAll(PDO::FETCH_COLUMN, 0);
}
return array();
@@ -572,7 +646,7 @@
* Formats input so it can be safely used in a query
*
* @param mixed $input Value to quote
- * @param string $type Type of data
+ * @param string $type Type of data (integer, bool, ident)
*
* @return string Quoted/converted string for use in query
*/
@@ -585,6 +659,10 @@
if (is_null($input)) {
return 'NULL';
+ }
+
+ if ($type == 'ident') {
+ return $this->quote_identifier($input);
}
// create DB handle if not available
@@ -605,6 +683,22 @@
}
/**
+ * Escapes a string so it can be safely used in a query
+ *
+ * @param string $str A string to escape
+ *
+ * @return string Escaped string for use in a query
+ */
+ public function escape($str)
+ {
+ if (is_null($str)) {
+ return 'NULL';
+ }
+
+ return substr($this->quote($str), 1, -1);
+ }
+
+ /**
* Quotes a string so it can be safely used as a table or column name
*
* @param string $str Value to quote
@@ -616,6 +710,20 @@
public function quoteIdentifier($str)
{
return $this->quote_identifier($str);
+ }
+
+ /**
+ * Escapes a string so it can be safely used in a query
+ *
+ * @param string $str A string to escape
+ *
+ * @return string Escaped string for use in a query
+ * @deprecated Replaced by rcube_db::escape
+ * @see rcube_db::escape
+ */
+ public function escapeSimple($str)
+ {
+ return $this->escape($str);
}
/**
@@ -636,24 +744,32 @@
$name[] = $start . $elem . $end;
}
- return implode($name, '.');
+ return implode($name, '.');
}
/**
* Return SQL function for current time and date
*
+ * @param int $interval Optional interval (in seconds) to add/subtract
+ *
* @return string SQL function to use in query
*/
- public function now()
+ public function now($interval = 0)
{
- return "now()";
+ if ($interval) {
+ $add = ' ' . ($interval > 0 ? '+' : '-') . ' INTERVAL ';
+ $add .= $interval > 0 ? intval($interval) : intval($interval) * -1;
+ $add .= ' SECOND';
+ }
+
+ return "now()" . $add;
}
/**
* Return list of elements for use with SQL's IN clause
*
* @param array $arr Input array
- * @param string $type Type of data
+ * @param string $type Type of data (integer, bool, ident)
*
* @return string Comma-separated list of quoted values for use in query
*/
@@ -729,12 +845,19 @@
/**
* Encodes non-UTF-8 characters in string/array/object (recursive)
*
- * @param mixed $input Data to fix
+ * @param mixed $input Data to fix
+ * @param bool $serialized Enable serialization
*
* @return mixed Properly UTF-8 encoded data
*/
- public static function encode($input)
+ public static function encode($input, $serialized = false)
{
+ // use Base64 encoding to workaround issues with invalid
+ // or null characters in serialized string (#1489142)
+ if ($serialized) {
+ return base64_encode(serialize($input));
+ }
+
if (is_object($input)) {
foreach (get_object_vars($input) as $idx => $value) {
$input->$idx = self::encode($value);
@@ -745,6 +868,7 @@
foreach ($input as $idx => $value) {
$input[$idx] = self::encode($value);
}
+
return $input;
}
@@ -754,12 +878,24 @@
/**
* Decodes encoded UTF-8 string/object/array (recursive)
*
- * @param mixed $input Input data
+ * @param mixed $input Input data
+ * @param bool $serialized Enable serialization
*
* @return mixed Decoded data
*/
- public static function decode($input)
+ public static function decode($input, $serialized = false)
{
+ // use Base64 encoding to workaround issues with invalid
+ // or null characters in serialized string (#1489142)
+ if ($serialized) {
+ // Keep backward compatybility where base64 wasn't used
+ if (strpos(substr($input, 0, 16), ':') !== false) {
+ return self::decode(@unserialize($input));
+ }
+
+ return @unserialize(base64_decode($input));
+ }
+
if (is_object($input)) {
foreach (get_object_vars($input) as $idx => $value) {
$input->$idx = self::decode($value);
@@ -777,42 +913,6 @@
}
/**
- * Adds a query result and returns a handle ID
- *
- * @param object $res Query handle
- *
- * @return int Handle ID
- */
- protected function _add_result($res)
- {
- $this->last_res_id = sizeof($this->a_query_results);
- $this->a_query_results[$this->last_res_id] = $res;
-
- return $this->last_res_id;
- }
-
- /**
- * Resolves a given handle ID and returns the according query handle
- * If no ID is specified, the last resource handle will be returned
- *
- * @param int $res_id Handle ID
- *
- * @return mixed Resource handle or false on failure
- */
- protected function _get_result($res_id = null)
- {
- if ($res_id == null) {
- $res_id = $this->last_res_id;
- }
-
- if (!empty($this->a_query_results[$res_id])) {
- return $this->a_query_results[$res_id];
- }
-
- return false;
- }
-
- /**
* Return correct name for a specific database table
*
* @param string $table Table name
@@ -821,19 +921,43 @@
*/
public function table_name($table)
{
- $rcube = rcube::get_instance();
+ static $rcube;
- // return table name if configured
- $config_key = 'db_table_'.$table;
+ if (!$rcube) {
+ $rcube = rcube::get_instance();
+ }
- if ($name = $rcube->config->get($config_key)) {
- return $name;
+ // add prefix to the table name if configured
+ if (($prefix = $rcube->config->get('db_prefix')) && strpos($table, $prefix) !== 0) {
+ return $prefix . $table;
}
return $table;
}
/**
+ * Set class option value
+ *
+ * @param string $name Option name
+ * @param mixed $value Option value
+ */
+ public function set_option($name, $value)
+ {
+ $this->options[$name] = $value;
+ }
+
+ /**
+ * Set DSN connection to be used for the given table
+ *
+ * @param string Table name
+ * @param string DSN connection ('r' or 'w') to be used
+ */
+ public function set_table_dsn($table, $mode)
+ {
+ $this->db_table_dsn_map[$this->table_name($table)] = $mode;
+ }
+
+ /**
* MDB2 DSN string parser
*
* @param string $sequence Secuence name
--
Gitblit v1.9.1