- fixed many more small errors

This commit is contained in:
steinm 2011-12-07 07:33:43 +00:00
parent de0983ee7d
commit 1232b8f309
4 changed files with 94 additions and 81 deletions

View File

@ -231,13 +231,11 @@ if ($action=="setSettings") {
/** /**
* Check Parameters, require version 3.3.x * Check Parameters, require version 3.3.x
*/ */
$hasError = printCheckError( $settings->check(substr(str_replace('.', '', LETODMS_VERSION), 0,2))); // $hasError = printCheckError( $settings->check(substr(str_replace('.', '', LETODMS_VERSION), 0,2)));
if (!$hasError) if (!$hasError) {
{
// Create database // Create database
if (isset($_POST["createDatabase"])) if (isset($_POST["createDatabase"])) {
{
$createOK = false; $createOK = false;
$errorMsg = ""; $errorMsg = "";
@ -311,7 +309,7 @@ if ($action=="setSettings") {
if($updatedirs) { if($updatedirs) {
foreach($updatedirs as $updatedir) { foreach($updatedirs as $updatedir) {
if($updatedir >= $rec['major'].'.'.$rec['minor'].'.'.$rec['subminor']) { if($updatedir > $rec['major'].'.'.$rec['minor'].'.'.$rec['subminor']) {
$needsupdate = true; $needsupdate = true;
print "<h3>Database update to version ".$updatedir." needed</h3>"; print "<h3>Database update to version ".$updatedir." needed</h3>";
if(file_exists('update-'.$updatedir.'/update.txt')) { if(file_exists('update-'.$updatedir.'/update.txt')) {

View File

@ -45,7 +45,8 @@ function check($doupdate=0) { /* {{{ */
$queryStr = "SELECT ".$schema['key'].", `".implode('`,`', $schema['fields'])."` FROM ".$tblname; $queryStr = "SELECT ".$schema['key'].", `".implode('`,`', $schema['fields'])."` FROM ".$tblname;
elseif(isset($schema['keys'])) elseif(isset($schema['keys']))
$queryStr = "SELECT ".implode(',', $schema['keys']).", `".implode('`,`', $schema['fields'])."` FROM ".$tblname; $queryStr = "SELECT ".implode(',', $schema['keys']).", `".implode('`,`', $schema['fields'])."` FROM ".$tblname;
$recs = $db->getResultArray($queryStr); $res = $db->Execute($queryStr);
$recs = $res->GetArray();
foreach($recs as $rec) { foreach($recs as $rec) {
foreach($schema['fields'] as $field) { foreach($schema['fields'] as $field) {
if($rec[$field] !== mydmsDecodeString($rec[$field])) { if($rec[$field] !== mydmsDecodeString($rec[$field])) {
@ -62,7 +63,7 @@ function check($doupdate=0) { /* {{{ */
$allupdates[] = $updateSql; $allupdates[] = $updateSql;
echo "<tr><td>".$tblname."</td><td>".$field."</td><td>".htmlspecialchars($rec[$field])."</td><td>".htmlspecialchars(mydmsDecodeString($rec[$field]))."</td><td><pre>".htmlspecialchars($updateSql)."</pre></td></tr>\n"; echo "<tr><td>".$tblname."</td><td>".$field."</td><td>".htmlspecialchars($rec[$field])."</td><td>".htmlspecialchars(mydmsDecodeString($rec[$field]))."</td><td><pre>".htmlspecialchars($updateSql)."</pre></td></tr>\n";
if($doupdate) { if($doupdate) {
$res = $db->getResult($updateSql); $res = $db->Execute($updateSql);
if(!$res) { if(!$res) {
$errormsg = 'Could not execute update statement'; $errormsg = 'Could not execute update statement';
echo "<tr><td colspan=\"5\"><span style=\"color: red;\">".$errormsg."</span></td></tr>\n"; echo "<tr><td colspan=\"5\"><span style=\"color: red;\">".$errormsg."</span></td></tr>\n";
@ -76,8 +77,10 @@ function check($doupdate=0) { /* {{{ */
} }
} }
echo "</table>\n"; echo "</table>\n";
if($allupdates) {
echo "<b>Summary of all updates</b><br />\n"; echo "<b>Summary of all updates</b><br />\n";
echo "<pre>".implode("<br />", $allupdates)."</pre>"; echo "<pre>".implode("<br />", $allupdates)."</pre>";
}
return true; return true;
} /* }}} */ } /* }}} */
@ -86,6 +89,7 @@ if(isset($_GET['doupdate']) && $_GET['doupdate'] == 1)
else else
$doupdate = 0; $doupdate = 0;
$doupdate = 1;
if (!check($doupdate)) { if (!check($doupdate)) {
print "<p>Update failed</p>"; print "<p>Update failed</p>";
} }

View File

@ -2,7 +2,7 @@ Release information for 3.3.0
------------------------------------- -------------------------------------
This release contains various improvements which require your manual This release contains various improvements which require your manual
interaction during an upgrade from an earlier version. You ѕhould definitely interaction during an upgrade from an earlier version. You should definitely
make a backup of your database and possibly your content folder. make a backup of your database and possibly your content folder.
Folder search Folder search
@ -14,13 +14,13 @@ folder will not work. See below.
Data conversion Data conversion
--------------- ---------------
The conversion of strings like names and comments of documents and folders, The conversion of strings like names and comments of documents and folders,
when saved in the database, has been completely droped. This was originally when saved in the database, has been completely droped. The conversion was
done for security reasons, both to prevent sql injections and cross side originally done for security reasons, both to prevent sql injections and cross
scripting. Basically any field data that could do any harm, was replaced side scripting. Basically any field data that could do any harm, was replaced
by 'harmless' chars. Ampersands, semi colons, quotes, etc., they all have by 'harmless' chars. Ampersands, semi colons, quotes, etc., they all have been
been replaced by their html entity or masked by a backslash. The output of replaced by their html entity or masked by a backslash. The output of those
those fields on html pages was not decoded anymore, but any other application fields on html pages was not decoded anymore, but any other application that
that accessed the database had to decode the data. accessed the database had to decode the data.
The new approach with less impact on the data keeps the data The new approach with less impact on the data keeps the data
unmodified when saving it in the database without opening new security unmodified when saving it in the database without opening new security

View File

@ -49,13 +49,17 @@ if ($db) {
} }
} }
$errorMsg = '';
$res = $db->Execute('select * from tblVersion');
if($rec = $res->FetchRow()) {
if($_GET['version'] > $rec['major'].'.'.$rec['minor'].'.'.$rec['subminor']) {
$queries = file_get_contents('update-'.$_GET['version'].'/update.sql'); $queries = file_get_contents('update-'.$_GET['version'].'/update.sql');
$queries = explode(";", $queries); $queries = explode(";", $queries);
// execute queries // execute queries
$errorMsg = '';
if($queries) { if($queries) {
echo "<h3>Running sql statements</h3>"; echo "<h3>Updating database schema</h3>";
foreach($queries as $query) { foreach($queries as $query) {
$query = trim($query); $query = trim($query);
if (!empty($query)) { if (!empty($query)) {
@ -68,6 +72,10 @@ if($queries) {
} }
} }
} }
} else {
echo "<p>Database schema already up to date.</p>";
}
if(!$errorMsg) { if(!$errorMsg) {
echo "<h3>Running update script</h3>"; echo "<h3>Running update script</h3>";
@ -75,6 +83,9 @@ if(!$errorMsg) {
} else { } else {
echo $errorMsg; echo $errorMsg;
} }
} else {
echo "<p>Could not determine database schema version.</p>";
}
UI::contentContainerEnd(); UI::contentContainerEnd();
UI::htmlEndPage(); UI::htmlEndPage();