Revision 1951
Added by darkviper about 11 years ago
| droplets.functions.php | ||
|---|---|---|
| 77 | 77 |
$msgSql = ''; |
| 78 | 78 |
$extraSql = ''; |
| 79 | 79 |
$sDropletName = pathinfo ($sDropletFile, PATHINFO_FILENAME); |
| 80 |
$sql = 'SELECT `code` FROM `'.$oDb->TablePrefix.'mod_droplets` WHERE `name` LIKE "'.$sDropletName.'" '; |
|
| 81 |
if( !($oDb->get_one($sql)) ) {
|
|
| 80 |
$sql = 'SELECT `name` FROM `'.$oDb->TablePrefix.'mod_droplets` ' |
|
| 81 |
. 'WHERE `name` LIKE \''.addcslashes($oDb->escapeString($sDropletName), '%_').'\' '; |
|
| 82 |
if( !( $sTmpName = $oDb->get_one($sql)) ) |
|
| 83 |
{
|
|
| 82 | 84 |
$sql = 'INSERT INTO `'.$oDb->TablePrefix.'mod_droplets`'; |
| 83 |
$msgSql = 'INSERT Droplet `'.$sDropletName.'` INTO`'.$oDb->TablePrefix.'mod_droplets`'." $OK"; |
|
| 84 |
} elseif ($bOverwriteDroplets) {
|
|
| 85 |
$msgSql = 'INSERT Droplet `'.$oDb->escapeString($sDropletName).'` INTO`'.$oDb->TablePrefix.'mod_droplets`'." $OK"; |
|
| 86 |
} elseif ($bOverwriteDroplets) |
|
| 87 |
{
|
|
| 88 |
$sDropletName = $sTmpName; |
|
| 85 | 89 |
$sql = 'UPDATE `'.$oDb->TablePrefix.'mod_droplets` '; |
| 86 |
$extraSql = 'WHERE `name` = \''.$sDropletName.'\' ';
|
|
| 90 |
$extraSql = 'WHERE `name` = \''.addcslashes($oDb->escapeString($sDropletName), '%_').'\' ';
|
|
| 87 | 91 |
$msgSql = 'UPDATE Droplet `'.$sDropletName.'` INTO`'.$oDb->TablePrefix.'mod_droplets`'." $OK"; |
| 88 | 92 |
} |
| 89 | 93 |
// get description, comments and oode |
| 90 | 94 |
$sDropletFile = preg_replace('/^\xEF\xBB\xBF/', '', $sDropletFile);
|
| 91 | 95 |
if( ($msgSql!='') && ($aFileData = file($sDropletFile)) ) {
|
| 92 |
$bDescription = false; |
|
| 93 |
$bComments = false; |
|
| 94 |
$bCode = false; |
|
| 95 |
$sDescription = ''; |
|
| 96 |
$sComments = ''; |
|
| 97 |
$sCode = ''; |
|
| 98 |
$sPattern = "#//:#im"; |
|
| 99 |
while ( sizeof($aFileData) > 0 ) {
|
|
| 100 |
$sSqlLine = trim(array_shift($aFileData)); |
|
| 101 |
$isNotCode = (bool)preg_match($sPattern, $sSqlLine); |
|
| 102 |
if( $isNotCode==true ) {
|
|
| 96 |
$bDescription = false;
|
|
| 97 |
$bComments = false;
|
|
| 98 |
$bCode = false;
|
|
| 99 |
$sDescription = '';
|
|
| 100 |
$sComments = '';
|
|
| 101 |
$sCode = '';
|
|
| 102 |
$sPattern = "#//:#im";
|
|
| 103 |
while ( sizeof($aFileData) > 0 ) {
|
|
| 104 |
$sSqlLine = trim(array_shift($aFileData));
|
|
| 105 |
$isNotCode = (bool)preg_match($sPattern, $sSqlLine);
|
|
| 106 |
if( $isNotCode==true ) {
|
|
| 103 | 107 |
// first step line is description |
| 104 |
if($bDescription==false) {
|
|
| 105 |
$sDescription .= str_replace('//:','',$sSqlLine);
|
|
| 106 |
$bDescription = true; |
|
| 108 |
if($bDescription==false) {
|
|
| 109 |
$sDescription .= str_replace('//:','',$sSqlLine);
|
|
| 110 |
$bDescription = true; |
|
| 111 |
} else {
|
|
| 112 |
// second step fill comments |
|
| 113 |
$sComments .= str_replace('//:','',$sSqlLine).PHP_EOL;
|
|
| 114 |
} |
|
| 107 | 115 |
} else {
|
| 108 |
// second step fill comments
|
|
| 109 |
$sComments .= str_replace('//:','',$sSqlLine).PHP_EOL;
|
|
| 116 |
// third step fill code
|
|
| 117 |
$sCode .= str_replace('//:','',$sSqlLine).PHP_EOL;
|
|
| 110 | 118 |
} |
| 111 |
} else {
|
|
| 112 |
// third step fill code |
|
| 113 |
$sCode .= str_replace('//:','',$sSqlLine).PHP_EOL;
|
|
| 114 | 119 |
} |
| 115 |
} |
|
| 116 |
$iModifiedWhen = time(); |
|
| 117 |
$iModifiedBy = (method_exists($admin, 'get_user_id') && ($admin->get_user_id()!=null) ? $admin->get_user_id() : 1); |
|
| 118 |
$sql .= 'SET `name` =\''.$oDb->escapeString($sDropletName).'\',' |
|
| 119 |
. '`description` =\''.$oDb->escapeString($sDescription).'\',' |
|
| 120 |
. '`comments` =\''.$oDb->escapeString($sComments).'\',' |
|
| 121 |
. '`code` =\''.$oDb->escapeString($sCode).'\',' |
|
| 122 |
. '`modified_when` = '.$iModifiedWhen.',' |
|
| 123 |
. '`modified_by` = '.$iModifiedBy.',' |
|
| 124 |
. '`active` = 1' |
|
| 125 |
. $extraSql; |
|
| 120 |
$iModifiedWhen = time(); |
|
| 121 |
$iModifiedBy = (method_exists($admin, 'get_user_id') && ($admin->get_user_id()!=null) ? $admin->get_user_id() : 1); |
|
| 122 |
$sql .= 'SET `name` =\''.$oDb->escapeString($sDropletName).'\',' |
|
| 123 |
. '`description` =\''.$oDb->escapeString($sDescription).'\',' |
|
| 124 |
. '`comments` =\''.$oDb->escapeString($sComments).'\',' |
|
| 125 |
. '`code` =\''.$oDb->escapeString($sCode).'\',' |
|
| 126 |
. '`modified_when` = '.$iModifiedWhen.',' |
|
| 127 |
. '`modified_by` = '.$iModifiedBy.',' |
|
| 128 |
. '`active` = 1' |
|
| 129 |
. $extraSql; |
|
| 126 | 130 |
} |
| 127 | 131 |
if( $oDb->query($sql) ) {
|
| 128 | 132 |
if( $msgSql!='' ) { $msg[] = $msgSql; }
|
Also available in: Unified diff
solved problems with escaped strings in /modules/droplets/droplets.functions.php