gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-11-26 15:32:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- fixed many more small errors

Browse Source
This commit is contained in:
steinm 2011-12-07 07:33:43 +00:00
parent de0983ee7d
commit 1232b8f309
4 changed files with 94 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
install/install.php
View File

@ -231,13 +231,11 @@ if ($action=="setSettings") {
/**
* Check Parameters, require version 3.3.x
*/
$hasError = printCheckError( $settings->check(substr(str_replace('.', '', LETODMS_VERSION), 0,2)));
// $hasError = printCheckError( $settings->check(substr(str_replace('.', '', LETODMS_VERSION), 0,2)));
if (!$hasError)
{
if (!$hasError) {
// Create database
if (isset($_POST["createDatabase"]))
{
if (isset($_POST["createDatabase"])) {
$createOK = false;
$errorMsg = "";
@ -311,7 +309,7 @@ if ($action=="setSettings") {
if($updatedirs) {
foreach($updatedirs as $updatedir) {
if($updatedir >= $rec['major'].'.'.$rec['minor'].'.'.$rec['subminor']) {
if($updatedir > $rec['major'].'.'.$rec['minor'].'.'.$rec['subminor']) {
$needsupdate = true;
print "<h3>Database update to version ".$updatedir." needed</h3>";
if(file_exists('update-'.$updatedir.'/update.txt')) {

8
install/update-3.3.0/update.php
View File

@ -45,7 +45,8 @@ function check($doupdate=0) { /* {{{ */
$queryStr = "SELECT ".$schema['key'].", `".implode('`,`', $schema['fields'])."` FROM ".$tblname;
elseif(isset($schema['keys']))
$queryStr = "SELECT ".implode(',', $schema['keys']).", `".implode('`,`', $schema['fields'])."` FROM ".$tblname;
$recs = $db->getResultArray($queryStr);
$res = $db->Execute($queryStr);
$recs = $res->GetArray();
foreach($recs as $rec) {
foreach($schema['fields'] as $field) {
if($rec[$field] !== mydmsDecodeString($rec[$field])) {
@ -62,7 +63,7 @@ function check($doupdate=0) { /* {{{ */
$allupdates[] = $updateSql;
echo "<tr><td>".$tblname."</td><td>".$field."</td><td>".htmlspecialchars($rec[$field])."</td><td>".htmlspecialchars(mydmsDecodeString($rec[$field]))."</td><td><pre>".htmlspecialchars($updateSql)."</pre></td></tr>\n";
if($doupdate) {
$res = $db->getResult($updateSql);
$res = $db->Execute($updateSql);
if(!$res) {
$errormsg = 'Could not execute update statement';
echo "<tr><td colspan=\"5\"><span style=\"color: red;\">".$errormsg."</span></td></tr>\n";
@ -76,8 +77,10 @@ function check($doupdate=0) { /* {{{ */
}
}
echo "</table>\n";
if($allupdates) {
echo "<b>Summary of all updates</b><br />\n";
echo "<pre>".implode("<br />", $allupdates)."</pre>";
}
return true;
} /* }}} */
@ -86,6 +89,7 @@ if(isset($_GET['doupdate']) && $_GET['doupdate'] == 1)
else
$doupdate = 0;
$doupdate = 1;
if (!check($doupdate)) {
print "<p>Update failed</p>";
}

16
install/update-3.3.0/update.txt
View File

@ -2,7 +2,7 @@ Release information for 3.3.0
-------------------------------------
This release contains various improvements which require your manual
interaction during an upgrade from an earlier version. You ѕhould definitely
interaction during an upgrade from an earlier version. You should definitely
make a backup of your database and possibly your content folder.
Folder search
@ -14,13 +14,13 @@ folder will not work. See below.
Data conversion
---------------
The conversion of strings like names and comments of documents and folders,
when saved in the database, has been completely droped. This was originally
done for security reasons, both to prevent sql injections and cross side
scripting. Basically any field data that could do any harm, was replaced
by 'harmless' chars. Ampersands, semi colons, quotes, etc., they all have
been replaced by their html entity or masked by a backslash. The output of
those fields on html pages was not decoded anymore, but any other application
that accessed the database had to decode the data.
when saved in the database, has been completely droped. The conversion was
originally done for security reasons, both to prevent sql injections and cross
side scripting. Basically any field data that could do any harm, was replaced
by 'harmless' chars. Ampersands, semi colons, quotes, etc., they all have been
replaced by their html entity or masked by a backslash. The output of those
fields on html pages was not decoded anymore, but any other application that
accessed the database had to decode the data.
The new approach with less impact on the data keeps the data
unmodified when saving it in the database without opening new security

29
install/update.php
View File

@ -49,13 +49,17 @@ if ($db) {
}
}
$queries = file_get_contents('update-'.$_GET['version'].'/update.sql');
$queries = explode(";", $queries);
// execute queries
$errorMsg = '';
if($queries) {
echo "<h3>Running sql statements</h3>";
$res = $db->Execute('select * from tblVersion');
if($rec = $res->FetchRow()) {
if($_GET['version'] > $rec['major'].'.'.$rec['minor'].'.'.$rec['subminor']) {
$queries = file_get_contents('update-'.$_GET['version'].'/update.sql');
$queries = explode(";", $queries);
// execute queries
if($queries) {
echo "<h3>Updating database schema</h3>";
foreach($queries as $query) {
$query = trim($query);
if (!empty($query)) {
@ -67,13 +71,20 @@ if($queries) {
}
}
}
}
}
} else {
echo "<p>Database schema already up to date.</p>";
}
if(!$errorMsg) {
if(!$errorMsg) {
echo "<h3>Running update script</h3>";
include('update-'.$_GET['version'].'/update.php');
} else {
} else {
echo $errorMsg;
}
} else {
echo "<p>Could not determine database schema version.</p>";
}
UI::contentContainerEnd();