diff options
Diffstat (limited to 'db')
-rw-r--r-- | db/feedmapper.php | 6 | ||||
-rw-r--r-- | db/feedtype.php | 2 | ||||
-rw-r--r-- | db/foldermapper.php | 12 | ||||
-rw-r--r-- | db/item.php | 15 | ||||
-rw-r--r-- | db/itemmapper.php | 75 | ||||
-rw-r--r-- | db/mapperfactory.php | 4 | ||||
-rw-r--r-- | db/mysql/itemmapper.php | 6 | ||||
-rw-r--r-- | db/newsmapper.php | 10 |
8 files changed, 87 insertions, 43 deletions
diff --git a/db/feedmapper.php b/db/feedmapper.php index 0d00057d3..479cead28 100644 --- a/db/feedmapper.php +++ b/db/feedmapper.php @@ -13,14 +13,14 @@ namespace OCA\News\Db; -use \OCP\IDb; -use \OCP\AppFramework\Db\Entity; +use OCP\IDBConnection; +use OCP\AppFramework\Db\Entity; class FeedMapper extends NewsMapper { - public function __construct(IDb $db) { + public function __construct(IDBConnection $db) { parent::__construct($db, 'news_feeds', '\OCA\News\Db\Feed'); } diff --git a/db/feedtype.php b/db/feedtype.php index a630d80f4..fcb42bb8a 100644 --- a/db/feedtype.php +++ b/db/feedtype.php @@ -21,4 +21,4 @@ class FeedType { const SUBSCRIPTIONS = 3; const SHARED = 4; const EXPLORE = 5; -};
\ No newline at end of file +}
\ No newline at end of file diff --git a/db/foldermapper.php b/db/foldermapper.php index bce599b45..867e05493 100644 --- a/db/foldermapper.php +++ b/db/foldermapper.php @@ -13,12 +13,12 @@ namespace OCA\News\Db; -use \OCP\IDb; -use \OCP\AppFramework\Db\Entity; +use OCP\IDBConnection; +use OCP\AppFramework\Db\Entity; class FolderMapper extends NewsMapper { - public function __construct(IDb $db) { + public function __construct(IDBConnection $db) { parent::__construct($db, 'news_folders', '\OCA\News\Db\Folder'); } @@ -58,12 +58,14 @@ class FolderMapper extends NewsMapper { // we needz CASCADE + FKs please $sql = 'DELETE FROM `*PREFIX*news_feeds` WHERE `folder_id` = ?'; $params = [$entity->getId()]; - $this->execute($sql, $params); + $stmt = $this->execute($sql, $params); + $stmt->closeCursor(); $sql = 'DELETE FROM `*PREFIX*news_items` WHERE `feed_id` NOT IN '. '(SELECT `feeds`.`id` FROM `*PREFIX*news_feeds` `feeds`)'; - $this->execute($sql); + $stmt = $this->execute($sql); + $stmt->closeCursor(); } diff --git a/db/item.php b/db/item.php index 24cc45de1..3d12692bc 100644 --- a/db/item.php +++ b/db/item.php @@ -57,6 +57,7 @@ class Item extends Entity implements IAPI, \JsonSerializable { protected $feedId; protected $status = 0; protected $lastModified; + protected $searchIndex; public function __construct(){ $this->addType('pubDate', 'integer'); @@ -196,6 +197,16 @@ class Item extends Entity implements IAPI, \JsonSerializable { parent::setTitle(strip_tags($title)); } + public function generateSearchIndex() { + $this->setSearchIndex( + strtolower( + html_entity_decode(strip_tags($this->getBody())) . + html_entity_decode($this->getAuthor()) . + html_entity_decode($this->getTitle()) . + $this->getUrl() + ) + ); + } public function setUrl($url) { $url = trim($url); @@ -208,7 +219,9 @@ class Item extends Entity implements IAPI, \JsonSerializable { public function setBody($body) { // FIXME: this should not happen if the target="_blank" is already // on the link - parent::setBody(str_replace('<a', '<a target="_blank" rel="noreferrer"', $body)); + parent::setBody(str_replace( + '<a', '<a target="_blank" rel="noreferrer"', $body + )); } } diff --git a/db/itemmapper.php b/db/itemmapper.php index a41ecfd66..0ea3b77fc 100644 --- a/db/itemmapper.php +++ b/db/itemmapper.php @@ -13,12 +13,12 @@ namespace OCA\News\Db; -use \OCP\IDb; +use OCP\IDBConnection; class ItemMapper extends NewsMapper { - public function __construct(IDb $db){ + public function __construct(IDBConnection $db){ parent::__construct($db, 'news_items', '\OCA\News\Db\Item'); } @@ -44,24 +44,30 @@ class ItemMapper extends NewsMapper { } private function makeSelectQueryStatus($prependTo, $status, - $oldestFirst=false) { - // Hi this is Ray and you're watching Jack Ass - // Now look closely: this is how we adults handle weird bugs in our - // code: we take them variables and we cast the shit out of them + $oldestFirst=false, $search=[]) { $status = (int) $status; - // now im gonna slowly stick them in the query, be careful! - return $this->makeSelectQuery( + // WARNING: Potential SQL injection if you change this carelessly + $sql = 'AND ((`items`.`status` & ' . $status . ') = ' . $status . ') '; - // WARNING: this is a desperate attempt at making this query work - // because prepared statements dont work. This is a possible - // SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGHT. - // think twice when changing this - 'AND ((`items`.`status` & ' . $status . ') = ' . $status . ') ' . - $prependTo, $oldestFirst - ); + foreach ($search as $_) { + $sql .= 'AND `items`.`search_index` LIKE ? '; + } + + $sql .= $prependTo; + + return $this->makeSelectQuery($sql, $oldestFirst); } + /** + * wrap and escape search parameters in a like statement + */ + private function buildLikeParameters($search=[]) { + return array_map(function ($param) { + $param = addcslashes($param, '\\_%'); + return '%' . strtolower($param) . '%'; + }, $search); + } public function find($id, $userId){ $sql = $this->makeSelectQuery('AND `items`.`id` = ? '); @@ -183,42 +189,53 @@ class ItemMapper extends NewsMapper { public function findAllFeed($id, $limit, $offset, $status, $oldestFirst, - $userId){ - $params = [$userId, $id]; + $userId, $search=[]){ + $params = [$userId]; + $params = array_merge($params, $this->buildLikeParameters($search)); + $params[] = $id; + $sql = 'AND `items`.`feed_id` = ? '; if($offset !== 0){ $sql .= 'AND `items`.`id` ' . $this->getOperator($oldestFirst) . ' ? '; $params[] = $offset; } - $sql = $this->makeSelectQueryStatus($sql, $status, $oldestFirst); + $sql = $this->makeSelectQueryStatus($sql, $status, $oldestFirst, + $search); return $this->findEntitiesIgnoringNegativeLimit($sql, $params, $limit); } public function findAllFolder($id, $limit, $offset, $status, $oldestFirst, - $userId){ - $params = [$userId, $id]; + $userId, $search=[]){ + $params = [$userId]; + $params = array_merge($params, $this->buildLikeParameters($search)); + $params[] = $id; + $sql = 'AND `feeds`.`folder_id` = ? '; if($offset !== 0){ $sql .= 'AND `items`.`id` ' . $this->getOperator($oldestFirst) . ' ? '; $params[] = $offset; } - $sql = $this->makeSelectQueryStatus($sql, $status, $oldestFirst); + $sql = $this->makeSelectQueryStatus($sql, $status, $oldestFirst, + $search); return $this->findEntitiesIgnoringNegativeLimit($sql, $params, $limit); } - public function findAll($limit, $offset, $status, $oldestFirst, $userId){ + public function findAll($limit, $offset, $status, $oldestFirst, $userId, + $search=[]){ $params = [$userId]; + $params = array_merge($params, $this->buildLikeParameters($search)); $sql = ''; if($offset !== 0){ $sql .= 'AND `items`.`id` ' . $this->getOperator($oldestFirst) . ' ? '; $params[] = $offset; } - $sql = $this->makeSelectQueryStatus($sql, $status, $oldestFirst); + $sql = $this->makeSelectQueryStatus($sql, $status, $oldestFirst, + $search); return $this->findEntitiesIgnoringNegativeLimit($sql, $params, $limit); } @@ -314,4 +331,16 @@ class ItemMapper extends NewsMapper { } + /** + * Returns a list of ids and userid of all items + */ + public function findAllItemIdsAndUsers() { + $sql = 'SELECT `items`.`id`, `feeds`.`user_id` ' . + 'FROM `*PREFIX*news_items` `items` ' . + 'JOIN `*PREFIX*news_feeds` `feeds` ' . + 'ON `items`.`feed_id` = `feeds`.`id`'; + return $this->execute($sql)->fetchAll(); + } + + } diff --git a/db/mapperfactory.php b/db/mapperfactory.php index 0b26574dc..6704842e4 100644 --- a/db/mapperfactory.php +++ b/db/mapperfactory.php @@ -13,7 +13,7 @@ namespace OCA\News\Db; -use \OCP\IDb; +use \OCP\IDBConnection; use \OCA\News\Db\Mysql\ItemMapper as MysqlItemMapper; class MapperFactory { @@ -21,7 +21,7 @@ class MapperFactory { private $dbType; private $db; - public function __construct($DatabaseType, IDb $db) { + public function __construct($DatabaseType, IDBConnection $db) { $this->dbType = $DatabaseType; $this->db = $db; } diff --git a/db/mysql/itemmapper.php b/db/mysql/itemmapper.php index c58036350..61d32a821 100644 --- a/db/mysql/itemmapper.php +++ b/db/mysql/itemmapper.php @@ -13,14 +13,14 @@ namespace OCA\News\Db\Mysql; -use \OCP\IDb; +use OCP\IDBConnection; -use \OCA\News\Db\StatusFlag; +use OCA\News\Db\StatusFlag; class ItemMapper extends \OCA\News\Db\ItemMapper { - public function __construct(IDb $db){ + public function __construct(IDBConnection $db){ parent::__construct($db); } diff --git a/db/newsmapper.php b/db/newsmapper.php index c483bd329..5f857d8ee 100644 --- a/db/newsmapper.php +++ b/db/newsmapper.php @@ -13,13 +13,13 @@ namespace OCA\News\Db; -use \OCP\IDb; -use \OCP\AppFramework\Db\Entity; -use \OCP\AppFramework\Db\Mapper; +use OCP\IDBConnection; +use OCP\AppFramework\Db\Entity; +use OCP\AppFramework\Db\Mapper; abstract class NewsMapper extends Mapper { - public function __construct(IDb $db, $table, $entity) { + public function __construct(IDBConnection $db, $table, $entity) { parent::__construct($db, $table, $entity); } @@ -28,7 +28,7 @@ abstract class NewsMapper extends Mapper { * @param string $userId the id of the user * @return \OCP\AppFramework\Db\Entity */ - public abstract function find($id, $userId); + abstract public function find($id, $userId); }
\ No newline at end of file |