external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

rpc: unify methods return (fixes FS#17597)

Browse source 
Include maintainer in info and search method.

Lukas: Adjustments for "multiinfo" queries.

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
tuxce 2011-04-12 17:40:41 +02:00 committed by Lukas Fleischer
parent 0488e8597c
commit c6d84b3a8d
1 changed files with 19 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
web/lib/aurjson.class.php
View file

@ -83,7 +83,12 @@ class AurJSON {
return json_encode( array('type' => $type, 'results' => $data) ); return json_encode( array('type' => $type, 'results' => $data) );
} }
private function process_query($type, $query) { private function process_query($type, $where_condition) {
$fields = implode(',', self::$fields);
$query = "SELECT Users.Username as Maintainer, {$fields} " .
"FROM Packages LEFT JOIN Users " .
"ON Packages.MaintainerUID = Users.ID " .
"WHERE ${where_condition}";
$result = db_query($query, $this->dbh); $result = db_query($query, $this->dbh);
if ( $result && (mysql_num_rows($result) > 0) ) { if ( $result && (mysql_num_rows($result) > 0) ) {
@ -149,16 +154,13 @@ class AurJSON {
return $this->json_error('Query arg too small'); return $this->json_error('Query arg too small');
} }
$fields = implode(',', self::$fields);
$keyword_string = mysql_real_escape_string($keyword_string, $this->dbh); $keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
$keyword_string = addcslashes($keyword_string, '%_'); $keyword_string = addcslashes($keyword_string, '%_');
$query = "SELECT {$fields} " . $where_condition = "( Name LIKE '%{$keyword_string}%' OR " .
" FROM Packages WHERE " . "Description LIKE '%{$keyword_string}%' )";
" ( Name LIKE '%{$keyword_string}%' OR " .
" Description LIKE '%{$keyword_string}%' )";
return $this->process_query('search', $query); return $this->process_query('search', $where_condition);
} }
/** /**
@ -167,24 +169,18 @@ class AurJSON {
* @return mixed Returns an array of value data containing the package data * @return mixed Returns an array of value data containing the package data
**/ **/
private function info($pqdata) { private function info($pqdata) {
$fields = implode(',', self::$fields);
$base_query = "SELECT {$fields} " .
" FROM Packages WHERE ";
if ( is_numeric($pqdata) ) { if ( is_numeric($pqdata) ) {
// just using sprintf to coerce the pqd to an int // just using sprintf to coerce the pqd to an int
// should handle sql injection issues, since sprintf will // should handle sql injection issues, since sprintf will
// bork if not an int, or convert the string to a number 0 // bork if not an int, or convert the string to a number 0
$query_stub = "ID={$pqdata}"; $where_condition = "ID={$pqdata}";
} }
else { else {
$query_stub = sprintf("Name=\"%s\"", $where_condition = sprintf("Name=\"%s\"",
mysql_real_escape_string($pqdata, $this->dbh)); mysql_real_escape_string($pqdata, $this->dbh));
} }
$query = $base_query . $query_stub;
return $this->process_query('info', $query); return $this->process_query('info', $where_condition);
} }
/** /**
@ -193,7 +189,6 @@ class AurJSON {
* @return mixed Returns an array of results containing the package data * @return mixed Returns an array of results containing the package data
**/ **/
private function multiinfo($pqdata) { private function multiinfo($pqdata) {
$fields = implode(',', self::$fields);
$args = $this->parse_multiinfo_args($pqdata); $args = $this->parse_multiinfo_args($pqdata);
$ids = $args['ids']; $ids = $args['ids'];
$names = $args['names']; $names = $args['names'];
@ -202,22 +197,21 @@ class AurJSON {
return $this->json_error('Invalid query arguments'); return $this->json_error('Invalid query arguments');
} }
$query = "SELECT {$fields} " . $where_condition = "";
" FROM Packages WHERE ";
if ($ids) { if ($ids) {
$ids_value = implode(',', $args['ids']); $ids_value = implode(',', $args['ids']);
$query .= "ID IN ({$ids_value})"; $where_condition .= "ID IN ({$ids_value})";
} }
if ($ids && $names) { if ($ids && $names) {
$query .= " OR "; $where_condition .= " OR ";
} }
if ($names) { if ($names) {
// individual names were quoted in parse_multiinfo_args() // individual names were quoted in parse_multiinfo_args()
$names_value = implode(',', $args['names']); $names_value = implode(',', $args['names']);
$query .= "Name IN ({$names_value})"; $where_condition .= "Name IN ({$names_value})";
} }
return $this->process_query('multiinfo', $query); return $this->process_query('multiinfo', $where_condition);
} }
/** /**
@ -226,15 +220,11 @@ class AurJSON {
* @return mixed Returns an array of value data containing the package data * @return mixed Returns an array of value data containing the package data
**/ **/
private function msearch($maintainer) { private function msearch($maintainer) {
$fields = implode(',', self::$fields);
$maintainer = mysql_real_escape_string($maintainer, $this->dbh); $maintainer = mysql_real_escape_string($maintainer, $this->dbh);
$query = "SELECT Users.Username as Maintainer, {$fields} " . $where_condition = "Users.Username = '{$maintainer}'";
" FROM Packages, Users WHERE " .
" Packages.MaintainerUID = Users.ID AND " .
" Users.Username = '{$maintainer}'";
return $this->process_query('msearch', $query); return $this->process_query('msearch', $where_condition);
} }
} }