From 3e77f3f56b53c9733f27408d1c31b5c2c29b3a39 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Tue, 28 Sep 2010 23:06:29 +0200 Subject: [PATCH] fix sqlite compatibility for webdav server --- inc/HTTP/WebDAV/Server/Filesystem.php | 38 ++++++++++++++++----------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/inc/HTTP/WebDAV/Server/Filesystem.php b/inc/HTTP/WebDAV/Server/Filesystem.php index ea0625a5a1..30c19fd29a 100644 --- a/inc/HTTP/WebDAV/Server/Filesystem.php +++ b/inc/HTTP/WebDAV/Server/Filesystem.php @@ -512,15 +512,17 @@ } $destpath = $this->_unslashify($options["dest"]); if (is_dir($source)) { + $dpath=OC_DB::escape($destpath); + $path=OC_DB::escape($options["path"]); $query = "UPDATE {$CONFIG_DBTABLEPREFIX}properties - SET path = REPLACE(path, '".$options["path"]."', '".$destpath."') - WHERE path LIKE '".$this->_slashify($options["path"])."%'"; + SET path = REPLACE(path, '$path', '$dpath') + WHERE path LIKE '$path%'"; OC_DB::query($query); } $query = "UPDATE {$CONFIG_DBTABLEPREFIX}properties - SET path = '".$destpath."' - WHERE path = '".$options["path"]."'"; + SET path = '$dpath' + WHERE path = '$path'"; OC_DB::query($query); } else { if (OC_FILESYSTEM::is_dir($source)) { @@ -553,7 +555,7 @@ } } else { if (!OC_FILESYSTEM::copy($file, $destfile)) { - return "409 Conflict"; + return "409 Conflict($source) $file --> $destfile ".implode('::',$files); } } } @@ -581,10 +583,14 @@ if ($prop["ns"] == "DAV:") { $options["props"][$key]['status'] = "403 Forbidden"; } else { + $path=OC_DB::escape($options['path']); + $name=OC_DB::escape($prop['name']); + $ns=OC_DB::escape($prop['ns']); + $val=OC_DB::escape($prop['val']); if (isset($prop["val"])) { - $query = "REPLACE INTO {$CONFIG_DBTABLEPREFIX}properties SET path = '$options[path]', name = '$prop[name]', ns= '$prop[ns]', value = '$prop[val]'"; + $query = "REPLACE INTO {$CONFIG_DBTABLEPREFIX}properties (path,name,ns,value) VALUES('$path','$name','$ns','$val')"; } else { - $query = "DELETE FROM {$CONFIG_DBTABLEPREFIX}properties WHERE path = '$options[path]' AND name = '$prop[name]' AND ns = '$prop[ns]'"; + $query = "DELETE FROM {$CONFIG_DBTABLEPREFIX}properties WHERE path = '$path' AND name = '$name' AND ns = '$ns'"; } OC_DB::query($query); } @@ -659,15 +665,15 @@ } } - $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}locks` - SET `token` = '$options[locktoken]' - , `path` = '$options[path]' - , `created` = ".time()." - , `modified` = ".time()." - , `owner` = '$options[owner]' - , `expires` = '$options[timeout]' - , `exclusivelock` = " .($options['scope'] === "exclusive" ? "1" : "0")." - , `recursive` = $recursion"; + $locktoken=OC_DB::escape($options['locktoken']); + $path=OC_DB::escape($options['path']); + $time=time(); + $owner=OC_DB::escape($options['owner']); + $timeout=OC_DB::escape($options['timeout']); + $exclusive=($options['scope'] === "exclusive" ? "1" : "0"); + $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}locks` +(`token`,`path`,`created`,`modified`,`owner`,`expires`,`exclusivelock`,`recursive`) +VALUES ('$locktoken','$path',$time,$time,'$owner','timeout',$exclusive,$recursion)"; OC_DB::query($query); $rows=OC_DB::affected_rows(); if(!OC_FILESYSTEM::file_exists($fspath) and $rows>0) {