From 2626fb4b2db5d62324113e1f62374870194105a0 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Fri, 27 Feb 2015 11:57:07 +0100 Subject: [PATCH] Cleaning Database lib from old code and unused code. --- main/admin/add_users_to_session.php | 2 +- .../classes/CourseBuilder.class.php | 2 +- main/gradebook/index.php | 2 +- main/gradebook/lib/fe/displaygradebook.php | 4 +- main/inc/lib/course.lib.php | 24 +++ main/inc/lib/database.lib.php | 197 ------------------ main/inc/lib/database.mysqli.lib.php | 126 ----------- main/inc/lib/internationalization.lib.php | 5 +- tests/main/inc/lib/database.lib.test.php | 36 ---- 9 files changed, 30 insertions(+), 368 deletions(-) diff --git a/main/admin/add_users_to_session.php b/main/admin/add_users_to_session.php index e42813b294..e488c913ff 100755 --- a/main/admin/add_users_to_session.php +++ b/main/admin/add_users_to_session.php @@ -201,7 +201,7 @@ function search_users($needle, $type) } } } - //echo Database::fixQuery($sql); + $rs = Database::query($sql); $i = 0; if ($type=='single') { diff --git a/main/coursecopy/classes/CourseBuilder.class.php b/main/coursecopy/classes/CourseBuilder.class.php index 0bcae0c54e..c3135656b2 100755 --- a/main/coursecopy/classes/CourseBuilder.class.php +++ b/main/coursecopy/classes/CourseBuilder.class.php @@ -1055,7 +1055,7 @@ class CourseBuilder { $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); $tbl_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE); - $list_course = Database::get_course_list(); + $list_course = CourseManager::get_course_list(); $list = array(); foreach($list_course as $_course) { $this->course = new Course(); diff --git a/main/gradebook/index.php b/main/gradebook/index.php index 954303c485..73ab2137d5 100755 --- a/main/gradebook/index.php +++ b/main/gradebook/index.php @@ -730,7 +730,7 @@ $certificate = array(); if ($category != '0') { $cat = new Category(); $category_id = intval($_GET['selectcat']); - $course_id = Database::get_course_by_category($category_id); + $course_id = CourseManager::get_course_by_category($category_id); $show_message = $cat->show_message_resource_delete($course_id); if ($show_message == '') { diff --git a/main/gradebook/lib/fe/displaygradebook.php b/main/gradebook/lib/fe/displaygradebook.php index 273ef15680..ecb37b2896 100755 --- a/main/gradebook/lib/fe/displaygradebook.php +++ b/main/gradebook/lib/fe/displaygradebook.php @@ -211,7 +211,7 @@ class DisplayGradebook // Student $status = CourseManager::get_user_in_course_status(api_get_user_id(), api_get_course_id()); $objcat = new Category(); - $course_id = Database::get_course_by_category($selectcat); + $course_id = CourseManager::get_course_by_category($selectcat); $message_resource = $objcat->show_message_resource_delete($course_id); if (!$is_course_admin && $status <> 1 && $selectcat <> 0) { @@ -394,7 +394,7 @@ class DisplayGradebook // Student. $status = CourseManager::get_user_in_course_status(api_get_user_id(), api_get_course_id()); $objcat = new Category(); - $course_id = Database::get_course_by_category($selectcat); + $course_id = CourseManager::get_course_by_category($selectcat); $message_resource = $objcat->show_message_resource_delete($course_id); $grade_model_id = $catobj->get_grade_model_id(); $header = null; diff --git a/main/inc/lib/course.lib.php b/main/inc/lib/course.lib.php index c8c90e7212..44de406290 100755 --- a/main/inc/lib/course.lib.php +++ b/main/inc/lib/course.lib.php @@ -5402,4 +5402,28 @@ class CourseManager return $result; } + /** + * @return array a list (array) of all courses. + */ + public static function get_course_list() + { + $table = Database::get_main_table(TABLE_MAIN_COURSE); + return Database::store_result(self::query("SELECT *, id as real_id FROM $table")); + } + + /** + * Returns course code from a given gradebook category's id + * @param int Category ID + * @return string Course code + */ + public static function get_course_by_category($category_id) + { + $category_id = intval($category_id); + $info = Database::fetch_array( + Database::query('SELECT course_code FROM '.Database::get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY).' + WHERE id='.$category_id), 'ASSOC' + ); + return $info ? $info['course_code'] : false; + } + } diff --git a/main/inc/lib/database.lib.php b/main/inc/lib/database.lib.php index 95ccad321c..1bfb15b7b1 100755 --- a/main/inc/lib/database.lib.php +++ b/main/inc/lib/database.lib.php @@ -55,29 +55,6 @@ class Database return $_configuration['main_database']; } - /** - * Returns the name of the database where all the personal stuff of the user is stored - * @todo use main_database - */ - public static function get_user_personal_database() - { - return self::get_main_database(); - } - - /** - * Returns the name of the current course database. - * @return mixed Glued database name of false if undefined - */ - public static function get_current_course_database() - { - $course_info = api_get_course_info(); - if (empty($course_info['dbName'])) { - return false; - } - - return $course_info['dbName']; - } - /** * Returns the glued name of the current course database. * @return mixed Glued database name of false if undefined @@ -182,7 +159,6 @@ class Database //exit; } return self::format_table_name(self::get_main_database(), DB_COURSE_PREFIX.$short_table_name); - //return self::format_glued_course_table_name(self::fix_database_parameter($database_name), $short_table_name); } /* @@ -190,74 +166,6 @@ class Database These methods execute a query and return the result(s). */ - /** - * @return array a list (array) of all courses. - * @todo shouldn't this be in the course.lib.php script? - */ - public static function get_course_list() - { - $table = self::get_main_table(TABLE_MAIN_COURSE); - return self::store_result(self::query("SELECT *, id as real_id FROM $table")); - } - - /** - * Gets user details from the "user" table - * @param $user_id (integer): the id of the user - * @return $user_info (array): user_id, lname, fname, username, email, ... - * @author Patrick Cool , expanded to get info for any user - * @author Roan Embrechts, first version + converted to Database API - * @version 30 September 2004 - * @deprecated use api_get_user_info(); - * @desc find all the information about a specified user. Without parameter this is the current user. - * @todo shouldn't this be in the user.lib.php script? - */ - public static function get_user_info_from_id($user_id = '') - { - if (empty($user_id)) { - return $GLOBALS['_user']; - } - $table = self::get_main_table(TABLE_MAIN_USER); - $user_id = self::escape_string($user_id); - return self::generate_abstract_user_field_names( - self::fetch_array(self::query("SELECT * FROM $table WHERE user_id = '$user_id'"))); - } - - /** - * Returns course code from a given gradebook category's id - * @param int Category ID - * @return string Course code - * @todo move this function in a gradebook-related library - */ - public static function get_course_by_category($category_id) - { - $category_id = intval($category_id); - $info = self::fetch_array(self::query('SELECT course_code FROM '.self::get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY).' WHERE id='.$category_id), 'ASSOC'); - return $info ? $info['course_code'] : false; - } - - /** - * This method creates an abstraction layer between database field names - * and field names expected in code. - * - * This helps when changing database names. - * It's also useful now to get rid of the 'franglais'. - * - * @todo add more array entries to abstract user info from field names - * @author Roan Embrechts - * @author Patrick Cool - * - * @todo what's the use of this function. I think this is better removed. - * There should be consistency in the variable names and the use throughout the scripts - */ - public static function generate_abstract_user_field_names($result_array) { - $result_array['firstName'] = $result_array['firstname']; - $result_array['lastName'] = $result_array['lastname']; - $result_array['mail'] = $result_array['email']; - #$result_array['picture_uri'] = $result_array['picture_uri']; - #$result_array ['user_id'] = $result_array['user_id']; - return $result_array; - } - /** * Counts the number of rows in a table * @param string $table The table of which the rows should be counted @@ -378,13 +286,6 @@ class Database */ public static function escape_string($string, $connection = null, $addFix = true) { - // Fixes security problem when there's no "" or '' between a variable. - // See #7440 for more info - /* - if ($addFix) { - //$string = "__@$string@__"; - } - */ return get_magic_quotes_gpc() ? (self::use_default_connection($connection) ? mysql_real_escape_string(stripslashes($string)) @@ -473,41 +374,6 @@ class Database return $result; } - /** - * Returns a list of the fields that a given table contains. The list may contain all of the available field names or filtered field names by using a pattern. - * By using a special option, this method is able to return an indexed list of fields' properties, where field names are keys. - * @param string $table This is the examined table. - * @param string $pattern (optional) A pattern for filtering field names as if it was needed for the SQL's LIKE clause, for example 'column_%'. - * @param string $database (optional) The name of the targeted database. If it is omited, the current database is assumed, see Database::select_db(). - * @param bool $including_properties (optional) When this option is true, the returned result has the followong format: - * array(field_name_1 => array(0 => property_1, 1 => property_2, ...), fieald_name_2 => array(0 => property_1, ...), ...) - * @param resource $connection (optional) The database server connection, for detailed description see the method query(). - * @return array Returns in an array the retrieved list of field names. - */ - public static function get_fields($table, $pattern = '', $database = '', $including_properties = false, $connection = null) { - $result = array(); - $query = "SHOW COLUMNS FROM `".self::escape_string($table, $connection)."`"; - if (!empty($database)) { - $query .= " FROM `".self::escape_string($database, $connection)."`"; - } - if (!empty($pattern)) { - $query .= " LIKE '".self::escape_string($pattern, $connection)."'"; - } - $query_result = Database::query($query, $connection); - if ($including_properties) { - // Making an indexed list of the fields and their properties. - while ($row = Database::fetch_row($query_result)) { - $result[$row[0]] = $row; - } - } else { - // Making a plain, flat list. - while ($row = Database::fetch_row($query_result)) { - $result[] = $row[0]; - } - } - return $result; - } - /** * Returns information about the type of the current connection and the server host name. * @param resource $connection (optional) The database server connection, for detailed description see the method query(). @@ -591,36 +457,6 @@ class Database return self::num_rows($resource) > 0 ? (!empty($field) ? mysql_result($resource, $row, $field) : mysql_result($resource, $row)) : null; } - /** - * Removes "__@" prefix and @__ suffix added by Database::escape_string() - * See #7440 for more info - * @param string $query - * @return mixed - */ - public static function fixQuery($query) - { - // LIKE condition - $query = str_replace("'%__@", "'%", $query); - $query = str_replace("@__%'", "%'", $query); - - $query = str_replace('@__%"', "%'", $query); - $query = str_replace('"%__@', "'%", $query); - - // Fixing doubles - $query = str_replace("__@__@", "__@", $query); - $query = str_replace("@__@__", "@__", $query); - - $query = str_replace("'__@", "'", $query); - $query = str_replace('"__@', "'", $query); - $query = str_replace("__@", "'", $query); - - $query = str_replace("@__'", "'", $query); - $query = str_replace('@__"', "'", $query); - $query = str_replace("@__", "'", $query); - - return $query; - } - /** * This method returns a resource * Documentation has been added by Arthur Portugal @@ -658,8 +494,6 @@ class Database $connection = null; } - //$query = self::fixQuery($query); - // Check if the table contains a c_ (means a course id) if (api_get_setting('server_type') === 'test' && strpos($query, 'c_')) { //Check if the table contains inner joins @@ -943,37 +777,6 @@ class Database No effort is made to keep the names / results the same. */ - /** - * Glues a course database. - * glue format from local.inc.php. - */ - private static function glue_course_database_name($database_name) { - return self::get_course_table_prefix().$database_name.self::get_database_glue(); - } - - /** - * @param string $database_name, can be empty to use current course db - * - * @return the glued parameter if it is not empty, - * or the current course database (glued) if the parameter is empty. - */ - private static function fix_database_parameter($database_name) { - if (empty($database_name)) { - $course_info = api_get_course_info(); - return $course_info['dbNameGlu']; - } - return self::glue_course_database_name($database_name); - } - - /** - * Structures a course database and table name to ready them - * for querying. The course database parameter is considered glued: - * e.g. COURSE001`.` - */ - private static function format_glued_course_table_name($database_name_with_glue, $table) { - return '`'.$database_name_with_glue.$table.'`'; - } - /** * Structures a database and table name to ready them * for querying. The database parameter is considered not glued, diff --git a/main/inc/lib/database.mysqli.lib.php b/main/inc/lib/database.mysqli.lib.php index 0f19c34af1..a34580671f 100755 --- a/main/inc/lib/database.mysqli.lib.php +++ b/main/inc/lib/database.mysqli.lib.php @@ -54,28 +54,6 @@ class MySQLIDatabase { return $_configuration['scorm_database']; } - /** - * Returns the name of the database where all the personal stuff of the user is stored - */ - public static function get_user_personal_database() - { - global $_configuration; - return $_configuration['user_personal_database']; - } - - /** - * Returns the name of the current course database. - * @return mixed Glued database name of false if undefined - */ - public static function get_current_course_database() - { - $course_info = api_get_course_info(); - if (empty($course_info['dbName'])) { - return false; - } - return $course_info['dbName']; - } - /** * Returns the glued name of the current course database. * @return mixed Glued database name of false if undefined @@ -180,74 +158,6 @@ class MySQLIDatabase { These methods execute a query and return the result(s). */ - /** - * Returns a full list of the contents of the course table as a PHP table - * @return a list (array) of all courses. - * @todo shouldn't this be in the course.lib.php script? - */ - public static function get_course_list() - { - $table = self::get_main_table(TABLE_MAIN_COURSE); - return self::store_result(self::query("SELECT * FROM $table")); - } - - /** - * @param $user_id (integer): the id of the user - * @return $user_info (array): user_id, lastname, firstname, username, email, ... - * @author Patrick Cool , expanded to get info for any user - * @author Roan Embrechts, first version + converted to Database API - * @version 30 September 2004 - * @desc find all the information about a specified user. Without parameter this is the current user. - * @todo shouldn't this be in the user.lib.php script? - */ - public static function get_user_info_from_id($user_id = '') - { - if (empty($user_id)) { - return $GLOBALS['_user']; - } - $table = self::get_main_table(TABLE_MAIN_USER); - $user_id = self::escape_string($user_id); - return self::generate_abstract_user_field_names( - self::fetch_array(self::query("SELECT * FROM $table WHERE user_id = '$user_id'"))); - } - - /** - * Returns course code from a given gradebook category's id - * @param int Category ID - * @return string Course code - * @todo move this function in a gradebook-related library - */ - public static function get_course_by_category($category_id) - { - $category_id = intval($category_id); - $info = self::fetch_array(self::query('SELECT course_code FROM '.self::get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY).' WHERE id='.$category_id), 'ASSOC'); - return $info ? $info['course_code'] : false; - } - - /** - * This method creates an abstraction layer between database field names - * and field names expected in code. - * - * This helps when changing database names. - * It's also useful now to get rid of the 'franglais'. - * - * @todo add more array entries to abstract user info from field names - * @author Roan Embrechts - * @author Patrick Cool - * - * @todo what's the use of this function. I think this is better removed. - * There should be consistency in the variable names and the use throughout the scripts - */ - public static function generate_abstract_user_field_names($result_array) - { - $result_array['firstName'] = $result_array['firstname']; - $result_array['lastName'] = $result_array['lastname']; - $result_array['mail'] = $result_array['email']; - #$result_array['picture_uri'] = $result_array['picture_uri']; - #$result_array ['user_id'] = $result_array['user_id']; - return $result_array; - } - /** * Counts the number of rows in a table * @param string $table The table of which the rows should be counted @@ -443,42 +353,6 @@ class MySQLIDatabase { return $result; } - /** - * Returns a list of the fields that a given table contains. The list may contain all of the available field names or filtered field names by using a pattern. - * By using a special option, this method is able to return an indexed list of fields' properties, where field names are keys. - * @param string $table This is the examined table. - * @param string $pattern (optional) A pattern for filtering field names as if it was needed for the SQL LIKE clause, for example 'column_%'. - * @param string $database (optional) The name of the targeted database. If it is omitted, the current database is assumed, see Database::select_db(). - * @param bool $including_properties (optional) When this option is true, the returned result has the following format: - * array(field_name_1 => array(0 => property_1, 1 => property_2, ...), field_name_2 => array(0 => property_1, ...), ...) - * @param resource $connection (optional) The database server connection, for detailed description see the method query(). - * @return array Returns in an array the retrieved list of field names. - */ - public static function get_fields($table, $pattern = '', $database = '', $including_properties = false, $connection = null) - { - $result = array(); - $query = "SHOW COLUMNS FROM `".self::escape_string($table, $connection)."`"; - if (!empty($database)) { - $query .= " FROM `".self::escape_string($database, $connection)."`"; - } - if (!empty($pattern)) { - $query .= " LIKE '".self::escape_string($pattern, $connection)."'"; - } - $query_result = Database::query($query, $connection); - if ($including_properties) { - // Making an indexed list of the fields and their properties. - while ($row = Database::fetch_row($query_result)) { - $result[$row[0]] = $row; - } - } else { - // Making a plain, flat list. - while ($row = Database::fetch_row($query_result)) { - $result[] = $row[0]; - } - } - return $result; - } - /** * Returns information about the type of the current connection and the server host name. * @param resource $connection (optional) The database server connection, for detailed description see the method query(). diff --git a/main/inc/lib/internationalization.lib.php b/main/inc/lib/internationalization.lib.php index bba16b38e4..1a49b55b8d 100755 --- a/main/inc/lib/internationalization.lib.php +++ b/main/inc/lib/internationalization.lib.php @@ -570,10 +570,7 @@ function api_get_utc_datetime($time = null, $return_null_if_invalid_date = false } return gmdate('Y-m-d H:i:s'); } - if (preg_match('/__@(.*)@__/', $time)) { - // unfilter special security fix for SQL injection, see Database::fixQuery() - $time = str_replace(array("__@","@__"), "", $time); - } + // If time is a timestamp, return directly in utc if (is_numeric($time)) { $time = intval($time); diff --git a/tests/main/inc/lib/database.lib.test.php b/tests/main/inc/lib/database.lib.test.php index 135114ef0a..973772eccf 100755 --- a/tests/main/inc/lib/database.lib.test.php +++ b/tests/main/inc/lib/database.lib.test.php @@ -71,18 +71,6 @@ class TestDatabase extends UnitTestCase { $this->assertTrue(is_array($resu)); } - /* // Contains a private unaccessible method, Database::fix_database_parameter(). - function testFixDatabaseParameterEmpty() { - $course_info = api_get_course_info(); - $database_name= $course_info[""]; - $res=$this->dbase->fix_database_parameter($database_name); - if(!is_null($res)) : - $this->assertTrue(is_string($res)); - endif; - //var_dump($res); - } - */ - /* // Contains a private unaccessible method, Database::fix_database_parameter(). function testFixDatabaseParameterReturnString() { $course_info = api_get_course_info(); @@ -141,17 +129,6 @@ class TestDatabase extends UnitTestCase { $this->assertTrue(is_string($res)); } - function testGetCurrentCourseDatabase() { - $res=$this->dbase->get_current_course_database(); - if (empty($GLOBALS['_course']['dbName'])) { - $this->assertFalse($res); - } else { - $this->assertTrue(is_string($res)); - } - $res=$this->dbase->get_current_course_database('___'); - $this->assertFalse($res); - } - function testGetCurrentCourseGluedDatabase() { global $_course; $res=$this->dbase->get_current_course_glued_database(); @@ -186,19 +163,6 @@ class TestDatabase extends UnitTestCase { $this->assertTrue(is_string($res)); } -/* Fails for some reason on automated tests server - function testGetUserInfoFromIdNullIsFalse() { - // should be returning GLOBALS[_user] (=null) if param is null (in testing context) - $res=$this->dbase->get_user_info_from_id(null); - $this->assertFalse($res); - } -*/ - function testGetUserInfoFromIdHighValueIsArray() { - // should be returning array with empty values if user doesn't exist - $res=$this->dbase->get_user_info_from_id(5000000); - $this->assertTrue(is_array($res)); - } - /* // Contains a private unaccessible method, Database::glue_course_database_name(). function testGlueCourseDatabaseName() { $database_name='';