# # # patch "hostconfig.dist" # from [094160cadf511eb392c4949f4b846735a0a87025] # to [f194cf04bfa0ffb93df9434ceec738670202f2c3] # # patch "www/admin-description_backend.php" # from [35aaa14b1ed2fd7b061c029208d095f3ed520a58] # to [77be066f94469962dee95ebcbe852d3f7ef3bfc0] # # patch "www/admin-files_backend.php" # from [ef16f5dbaffe7f400e6b75126f7707abb5d5f9af] # to [8109ee3be651cbd4d693b930060403c1a7149a46] # # patch "www/admin-permissions_backend.php" # from [9dfe7767585351057995a7131f324748ec3136d1] # to [f03b110a705a1d3ae8ebed71987a94ebc2adaa80] # # patch "www/admin-resources_backend.php" # from [d1f490cc113924a005b87acd0228eb369e29cea6] # to [c25e06b302ff66e55ecee79a85765f2e90339d2e] # # patch "www/admin-source_control_backend.php" # from [fff189e4e8c4853672c1fc299fee91abb4c6e683] # to [6271371add902909298ece584864171f20e24ec5] # # patch "www/common-ctrl.php" # from [5cdf8502620216366fe9a4fbf60f228ef2e4414b] # to [8e9d200ced9294036b3f336eb34b00a9f00ac038] # # patch "www/common-resource.php" # from [bb89b43d6a10482146c02944a319179a2e60a85e] # to [958c85685f30e4a13024444e460b2c11528aa454] # # patch "www/common.php" # from [4dfe605e35ec8b2f139630192a65b7c5fe7a4a17] # to [3088c0608938da725d06013aa0f9d6d7eaa16527] # # patch "www/index.php" # from [8cda77dbe2da163ecad68bce5e4e9d036025a7d8] # to [3361dc77f10506370f720fae8b77065029d082ad] # # patch "www/login.php" # from [2411034b91d3b8441676c2ca0d559b32682027f5] # to [53f3fcfe78d47e975b16cc3237465f91688225fe] # # patch "www/proj-ctrl.php" # from [5e750a6316c4026612c6e578c8f604470394b702] # to [ce8e7729dcf57087f1948f384f6455cdb986cae2] # # patch "www/project.php" # from [3260a28bfd208039e33b8637a1ec5a5c4ee85dba] # to [02a98d34f5ed4b461542afedd2e846f980fe1731] # ============================================================ --- hostconfig.dist 094160cadf511eb392c4949f4b846735a0a87025 +++ hostconfig.dist f194cf04bfa0ffb93df9434ceec738670202f2c3 @@ -1,6 +1,8 @@ userpass "username" "password" hostname "hostname" serverdir "/home/timothy/experiment" +adodb_path "/usr/share/adodb" +dbtype "postgres" dbstring "dbname=testdb" admin "127.0.0.5:12345" ============================================================ --- www/admin-description_backend.php 35aaa14b1ed2fd7b061c029208d095f3ed520a58 +++ www/admin-description_backend.php 77be066f94469962dee95ebcbe852d3f7ef3bfc0 @@ -16,5 +16,5 @@ "longdescription" => file_get_contents($projwww . "/longdescription"))); } } -pg_close($db); +$db->Close(); ?> ============================================================ --- www/admin-files_backend.php ef16f5dbaffe7f400e6b75126f7707abb5d5f9af +++ www/admin-files_backend.php 8109ee3be651cbd4d693b930060403c1a7149a46 @@ -47,5 +47,5 @@ file_put_contents($projwww . "/files-about/" . basename($args->file), $args->filedesc); print $json->encode(array("ok" => "ok")); } -pg_close($db); +$db->Close(); ?> ============================================================ --- www/admin-permissions_backend.php 9dfe7767585351057995a7131f324748ec3136d1 +++ www/admin-permissions_backend.php f03b110a705a1d3ae8ebed71987a94ebc2adaa80 @@ -1,25 +1,23 @@ include_once("common-ctrl.php"); function maintlist() { - global $db, $safeproj; + global $db,$project; $fields = "username, give, upload, homepage, access, server, description"; - $query = sprintf("SELECT %s FROM permissions WHERE ", $fields); - $query = $query . "project = '%s'"; - $result = pg_exec($db, sprintf($query, $safeproj)); + $query = sprintf("SELECT %s FROM permissions WHERE project=?", $fields); + $result = $db->Execute($query, array($project)); $out = array(); if ($result) { - $rows = pg_numrows($result); - for($i = 0; $i < $rows; ++$i) { - $row = pg_fetch_row ($result,$i); - $perm['username'] = $row[0]; - $perm['give'] = ($row[1] == 1); - $perm['upload'] = ($row[2] == 1); - $perm['homepage'] = ($row[3] == 1); - $perm['access'] = ($row[4] == 1); - $perm['server'] = ($row[5] == 1); - $perm['description'] = ($row[6] == 1); + while (!$result->EOF) { + $perm['username'] = $result->fields[0]; + $perm['give'] = ($result->fields[1] == 1); + $perm['upload'] = ($result->fields[2] == 1); + $perm['homepage'] = ($result->fields[3] == 1); + $perm['access'] = ($result->fields[4] == 1); + $perm['server'] = ($result->fields[5] == 1); + $perm['description'] = ($result->fields[6] == 1); $out[] = $perm; + $result->MoveNext(); } } return $out; @@ -45,24 +43,28 @@ $res["error"] = "You're not allowed to revoke your own permissions to edit maintainers."; break; } - pg_exec($db, "BEGIN"); + $db->BeginTrans(); $begun = true; - pg_exec($db, "LOCK TABLE permissions"); - $query = sprintf("DELETE FROM permissions WHERE project = '%s'", $safeproj); - $result = pg_exec($db, $query); + # pg_exec($db, "LOCK TABLE permissions"); + $result = $db->Execute("DELETE FROM permissions WHERE project=?", array($project)); if (!$result) { $res['error'] = 'Internal server error.'; $ok = false; break; } $fields = "username, project, give, upload, homepage, access, server, description"; - $query = sprintf("INSERT INTO permissions (%s) VALUES (%%s)", $fields); + $query = sprintf("INSERT INTO permissions (%s) VALUES (i?,?,?,?,?,?,?,?)", $fields); + $istmt = $db->Prepare($query); foreach ($args->newmaint as $i) { - $values = sprintf("'%s', '%s', %s, %s, %s, %s, %s, %s", - pg_escape_string($i->username), $safeproj, - $i->give?1:0, $i->upload?1:0, $i->homepage?1:0, - $i->access?1:0, $i->server?1:0, $i->description?1:0); - $result = pg_exec($db, sprintf($query, $values)); + $result = $db->Execute($istmt, + array($i->username, + $project, + $i->give?1:0, + $i->upload?1:0, + $i->homepage?1:0, + $i->access?1:0, + $i->server?1:0, + $i->description?1:0)); if (!$result) { $res['error'] = 'Internal server error.'; $ok = false; @@ -73,10 +75,10 @@ $res["maintainers"] = maintlist(); } while(false); if (!$ok && $begun) - pg_exec($db, "ROLLBACK"); + $db->RollbackTrans(); print $json->encode($res); - pg_exec($db, "END"); + $db->CommitTrans(); } } -pg_close($db); +$db->Close(); ?> ============================================================ --- www/admin-resources_backend.php d1f490cc113924a005b87acd0228eb369e29cea6 +++ www/admin-resources_backend.php c25e06b302ff66e55ecee79a85765f2e90339d2e @@ -10,17 +10,15 @@ $res = array(); $ok = true; do { - pg_exec($db, "BEGIN"); - pg_exec($db, "LOCK TABLE resources"); - $query = sprintf("DELETE FROM resources WHERE project = '%s'", $safeproj); - $result = pg_exec($db, $query); + $db->BeginTrans(); + # pg_exec($db, "LOCK TABLE resources"); + $result = $db->Execute("DELETE FROM resources WHERE project=?", array($project)); if (!$result) { $res['error'] = 'Internal server error. (1)'; $ok = false; break; } - $fields = "project, name, type, data"; - $query = sprintf("INSERT INTO resources (%s) VALUES (%%s)", $fields); + $istmt = $db->Prepare("INSERT INTO resources(project,name,type,data) VALUES(?,?,?,?)"); foreach ($args->newresources as $i) { if ($i->type == "link") { $type = 0; @@ -29,15 +27,14 @@ } else { $type = -1; } - $values = sprintf("'%s', '%s', %s, '%s'", - $safeproj, - pg_escape_string($i->name), + $values = array($project, + $i->name, $type, - pg_escape_string($i->data)); - $result = pg_exec($db, sprintf($query, $values)); + $i->data); + $result = $db->Execute($istmt, $values); if (!$result) { $res['error'] = 'Internal server error. (2)'; - $res['verboseError'] = sprintf($query, $values); + $res['verboseError'] = sprintf("inserting into resources: %s, %s, %s, %s", $project, $i->name,$type,$i->data); $ok = false; break; } @@ -46,9 +43,10 @@ $res["resources"] = resourcelist(); } while(false); if (!$ok) - pg_exec($db, "ROLLBACK"); + $db->RollbackTrans(); + else + $db->CommitTrans(); print $json->encode($res); - pg_exec($db, "END"); } -pg_close($db); +$db->Close(); ?> ============================================================ --- www/admin-source_control_backend.php fff189e4e8c4853672c1fc299fee91abb4c6e683 +++ www/admin-source_control_backend.php 6271371add902909298ece584864171f20e24ec5 @@ -83,5 +83,5 @@ print $json->encode(array("result" => "ok")); } } -pg_close($db); +$db->Close(); ?> ============================================================ --- www/common-ctrl.php 5cdf8502620216366fe9a4fbf60f228ef2e4414b +++ www/common-ctrl.php 8e9d200ced9294036b3f336eb34b00a9f00ac038 @@ -5,7 +5,6 @@ $action = $args->action; if($_REQUEST['action']) $action = $_REQUEST['action']; $project = $args->project; if($_REQUEST['project']) $project = $_REQUEST['project']; -$safeproj = pg_escape_string($project); $projdir = "$serverdir/projects/" . basename($project); $projwww = "$serverdir/www/projects/" . basename($project); $monotone = "$monotone --confdir '$projdir'"; @@ -18,16 +17,12 @@ else return $args->$name; } -function safearg($name) { - return pg_escape_string(getarg($name)); -} function dirsafe($name) { return ($name == basename($name)) && ($name != '..'); } if (!$project) { $project = basename(dirname($_SERVER['PHP_SELF'])); - $safeproj = pg_escape_string($project); } function allowed($what) { global $json, $permissions, $validuser, $username; @@ -52,15 +47,15 @@ if ($validuser) { $fields = "give, upload, homepage, access, server, description"; $query = sprintf("SELECT %s FROM permissions WHERE ", $fields); - $query = $query . "username = '%s' AND project = '%s'"; - $result = pg_exec($db, sprintf($query, $safeuser, $safeproj)); + $query = $query . "username=? AND project=?"; + $result = $db->Execute($query, array($username, $project)); if ($result) { - $rows = pg_numrows($result); + $rows = $result->RecordCount(); $permissions['rows'] = $rows; - $permissions['safeuser'] = $safeuser; - $permissions['safeproj'] = $safeproj; + $permissions['username'] = $username; + $permissions['project'] = $project; if ($rows == 1) { - $row = pg_fetch_row ($result, 0); + $row = $result->FetchRow(); $permissions['give'] = ($row[0] == 1); $permissions['upload'] = ($row[1] == 1); $permissions['homepage'] = ($row[2] == 1); ============================================================ --- www/common-resource.php bb89b43d6a10482146c02944a319179a2e60a85e +++ www/common-resource.php 958c85685f30e4a13024444e460b2c11528aa454 @@ -1,14 +1,13 @@ include_once("common.php"); function resourcelist() { - global $db, $safeproj; - $query = "SELECT name, type, data FROM resources WHERE project = '%s'"; - $result = pg_exec($db, sprintf($query, $safeproj)); + global $db, $project; + $query = "SELECT name, type, data FROM resources WHERE project=?"; + $result = $db->Execute($db, $query, array($project)); $out = array(); if ($result) { - $rows = pg_numrows($result); - for($i = 0; $i < $rows; ++$i) { - $row = pg_fetch_row ($result,$i); + while (!$result->EOF) { + $row = $result->FetchRow(); $r['name'] = $row[0]; if ($row[1] == 0) { $r['type'] = "link"; ============================================================ --- www/common.php 4dfe605e35ec8b2f139630192a65b7c5fe7a4a17 +++ www/common.php 3088c0608938da725d06013aa0f9d6d7eaa16527 @@ -33,6 +33,10 @@ $hostname = nxt($splitconf); } elseif($i == "serverdir") { $serverdir = nxt($splitconf); + } elseif($i == "adodb_path") { + $adodb_path = nxt($splitconf); + } elseif($i == "dbtype") { + $dbtype = nxt($splitconf); } elseif($i == "dbstring") { $dbstring = nxt($splitconf); } elseif($i == "hostkey") { @@ -91,16 +95,14 @@ $shapass = ''; } -$safeuser = pg_escape_string($username); - +include_once($adodb_path); $validuser = false; -$db = pg_connect($dbstring); -$query = sprintf("SELECT password FROM users WHERE username = '%s'", $safeuser); -$result = pg_exec($db, $query); +$db = &ADONewConnection( rawurlencode($dbstring) ); +$result = $db->Execute("SELECT password FROM users WHERE username=?", array($username)); if ($result) { - $rows = pg_numrows($result); + $rows = $result->RecordCount(); if ($rows == 1) { - $row = pg_fetch_row ($result, 0); + $row = $result->fields[0]; if ($row[0] == $shapass) { $validuser = true; } ============================================================ --- www/index.php 8cda77dbe2da163ecad68bce5e4e9d036025a7d8 +++ www/index.php 3361dc77f10506370f720fae8b77065029d082ad @@ -20,25 +20,24 @@ #$query = "SELECT name, directory FROM projects"; $query = "SELECT name FROM projects"; -$result = pg_exec($db, $query); +$result = $db->Execute($query); if (!$result) {printf("ERROR"); } -$rows = pg_numrows($result); -for($i = 0; $i < $rows; ++$i) { - $row = pg_fetch_row ($result,$i); +while (!$result->EOF) { printf("