makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

sql_in_set changes

Browse source 
git-svn-id: file:///svn/phpbb/trunk@6271 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2006-08-12 13:14:39 +00:00
parent 0c6bfcf4c7
commit 8405f0d324
49 changed files with 551 additions and 632 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

96
phpBB/develop/create_schema_files.php
View file

@ -182,7 +182,7 @@ foreach ($supported_dbms as $dbms)
case 'sqlite':
$line = "#\n# SQLite Schema for phpBB 3.x - (c) phpBB Group, 2005\n#\n# \$I" . "d: $\n#\n\n";
$line .= "BEGIN TRANSACTION;;\n\n";
$line .= "BEGIN TRANSACTION;\n\n";
break;
case 'mssql':
@ -477,7 +477,7 @@ foreach ($supported_dbms as $dbms)
case 'sqlite':
// Remove last line delimiter...
$line = substr($line, 0, -2);
$line .= "\n);;\n\n";
$line .= "\n);\n\n";
break;
}
@ -529,7 +529,7 @@ foreach ($supported_dbms as $dbms)
$line .= ($key_data[0] == 'INDEX') ? 'CREATE INDEX' : '';
$line .= ($key_data[0] == 'UNIQUE') ? 'CREATE UNIQUE INDEX' : '';
$line .= " {$table_name}_{$key_name} ON {$table_name} (" . implode(', ', $key_data[1]) . ");;\n";
$line .= " {$table_name}_{$key_name} ON {$table_name} (" . implode(', ', $key_data[1]) . ");\n";
break;
case 'postgres':
@ -588,86 +588,12 @@ foreach ($supported_dbms as $dbms)
// Write custom function at the end for some db's
switch ($dbms)
{
case 'firebird':
$line = <<<EOF
# Trigger for phpbb_forums bitfields
CREATE TRIGGER t_phpbb_forums_desc_bitf FOR phpbb_forums
ACTIVE BEFORE INSERT OR UPDATE POSITION 0
AS
BEGIN
IF (NEW.forum_desc_bitfield is null) THEN
NEW.forum_desc_bitfield = ASCII_CHAR(0);
END;;
CREATE TRIGGER t_phpbb_forums_rules_bitf FOR phpbb_forums
ACTIVE BEFORE INSERT OR UPDATE POSITION 0
AS
BEGIN
IF (NEW.forum_rules_bitfield is null) THEN
NEW.forum_rules_bitfield = ASCII_CHAR(0);
END;;
# Trigger for phpbb_groups bitfields
CREATE TRIGGER t_phpbb_groups_bitf FOR phpbb_groups
ACTIVE BEFORE INSERT OR UPDATE POSITION 0
AS
BEGIN
IF (NEW.group_desc_bitfield is null) THEN
NEW.group_desc_bitfield = ASCII_CHAR(0);
END;;
# Trigger for phpbb_posts bitfields
CREATE TRIGGER t_phpbb_posts_bitf FOR phpbb_posts
ACTIVE BEFORE INSERT OR UPDATE POSITION 0
AS
BEGIN
IF (NEW.bbcode_bitfield is null) THEN
NEW.bbcode_bitfield = ASCII_CHAR(0);
END;;
# Trigger for phpbb_privmsgs bitfields
CREATE TRIGGER t_phpbb_privmsgs_bitf FOR phpbb_privmsgs
ACTIVE BEFORE INSERT OR UPDATE POSITION 0
AS
BEGIN
IF (NEW.bbcode_bitfield is null) THEN
NEW.bbcode_bitfield = ASCII_CHAR(0);
END;;
# Trigger for phpbb_styles_template bitfields
CREATE TRIGGER t_phpbb_styles_template_bitf FOR phpbb_styles_template
ACTIVE BEFORE INSERT OR UPDATE POSITION 0
AS
BEGIN
IF (NEW.bbcode_bitfield is null) THEN
NEW.bbcode_bitfield = ASCII_CHAR(144) || ASCII_CHAR(216);
END;;
# Trigger for phpbb_users bitfields
CREATE TRIGGER t_phpbb_users_bitf FOR phpbb_users
ACTIVE BEFORE INSERT OR UPDATE POSITION 0
AS
BEGIN
IF (NEW.user_sig_bbcode_bitfield is null) THEN
NEW.user_sig_bbcode_bitfield = ASCII_CHAR(0);
END;;
EOF;
break;
case 'mssql':
$line = "\nCOMMIT\nGO\n\n";
break;
case 'sqlite':
$line = '
CREATE TRIGGER "t_phpbb_styles_template"
AFTER INSERT ON "phpbb_styles_template"
FOR EACH ROW WHEN NEW.bbcode_bitfield = \'\'
BEGIN
UPDATE phpbb_styles_template SET bbcode_bitfield = binary_insert(1) WHERE template_id = NEW.template_id;
END;;
COMMIT;;';
$line = "\nCOMMIT;";
break;
case 'postgres':
@ -955,7 +881,7 @@ function get_schema_struct()
'forum_parents' => array('MTEXT', ''),
'forum_name' => array('STEXT', ''),
'forum_desc' => array('TEXT', ''),
'forum_desc_bitfield' => array('VARBINARY', array('default' => '', 'mssql' => '0x', 'postgres' => '\000')),
'forum_desc_bitfield' => array('VCHAR:252', ''),
'forum_desc_options' => array('UINT:11', 0),
'forum_desc_uid' => array('VCHAR:5', ''),
'forum_link' => array('VCHAR', ''),
@ -964,7 +890,7 @@ function get_schema_struct()
'forum_image' => array('VCHAR', ''),
'forum_rules' => array('TEXT', ''),
'forum_rules_link' => array('VCHAR', ''),
'forum_rules_bitfield' => array('VARBINARY', array('default' => '', 'mssql' => '0x', 'postgres' => '\000')),
'forum_rules_bitfield' => array('VCHAR:252', ''),
'forum_rules_options' => array('UINT:11', 0),
'forum_rules_uid' => array('VCHAR:5', ''),
'forum_topics_per_page' => array('TINT:4', 0),
@ -1031,7 +957,7 @@ function get_schema_struct()
'group_type' => array('TINT:4', 1),
'group_name' => array('VCHAR_CI', ''),
'group_desc' => array('TEXT', ''),
'group_desc_bitfield' => array('VARBINARY', array('default' => '', 'mssql' => '0x', 'postgres' => '\000')),
'group_desc_bitfield' => array('VCHAR:252', ''),
'group_desc_options' => array('UINT:11', 0),
'group_desc_uid' => array('VCHAR:5', ''),
'group_display' => array('BOOL', 0),
@ -1190,7 +1116,7 @@ function get_schema_struct()
'post_checksum' => array('VCHAR:32', ''),
'post_encoding' => array('VCHAR:20', 'iso-8859-1'),
'post_attachment' => array('BOOL', 0),
'bbcode_bitfield' => array('VARBINARY', array('default' => '', 'mssql' => '0x', 'postgres' => '\000')),
'bbcode_bitfield' => array('VCHAR:252', ''),
'bbcode_uid' => array('VCHAR:5', ''),
'post_postcount' => array('BOOL', 1),
'post_edit_time' => array('TIMESTAMP', 0),
@ -1229,7 +1155,7 @@ function get_schema_struct()
'message_edit_user' => array('UINT', 0),
'message_encoding' => array('VCHAR:20', 'iso-8859-1'),
'message_attachment' => array('BOOL', 0),
'bbcode_bitfield' => array('VARBINARY', array('default' => '', 'mssql' => '0x', 'postgres' => '\000')),
'bbcode_bitfield' => array('VCHAR:252', ''),
'bbcode_uid' => array('VCHAR:5', ''),
'message_edit_time' => array('TIMESTAMP', 0),
'message_edit_count' => array('USINT', 0),
@ -1506,7 +1432,7 @@ function get_schema_struct()
'template_name' => array('VCHAR:252', ''),
'template_copyright' => array('VCHAR', ''),
'template_path' => array('VCHAR:100', ''),
'bbcode_bitfield' => array('VARBINARY', array('default' => '', 'mysql' => '0x90D8', 'mssql' => '0x90D8', 'oracle' => '90D8', 'postgres' => '\220\330')),
'bbcode_bitfield' => array('VCHAR:252', 'kNg='),
'template_storedb' => array('BOOL', 0),
),
'PRIMARY_KEY' => 'template_id',
@ -1818,7 +1744,7 @@ function get_schema_struct()
'user_avatar_height' => array('TINT:4', 0),
'user_sig' => array('MTEXT', ''),
'user_sig_bbcode_uid' => array('VCHAR:5', ''),
'user_sig_bbcode_bitfield' => array('VARBINARY', array('default' => '', 'mssql' => '0x', 'postgres' => '\000')),
'user_sig_bbcode_bitfield' => array('VCHAR:252', ''),
'user_from' => array('VCHAR:100', ''),
'user_icq' => array('VCHAR:15', ''),
'user_aim' => array('VCHAR', ''),

3
phpBB/download.php
View file

@ -19,9 +19,6 @@ include($phpbb_root_path . 'common.' . $phpEx);
$download_id = request_var('id', 0);
$thumbnail = request_var('t', false);
// Disable browser check for downloads
$config['browser_check'] = false;
// Start session management, do not update session page.
$user->session_begin(false);
$auth->acl($user->data);

20
phpBB/includes/acp/acp_attachments.php
View file

@ -294,7 +294,7 @@ class acp_attachments
{
$sql = 'SELECT extension
FROM ' . EXTENSIONS_TABLE . '
WHERE extension_id IN (' . implode(', ', $extension_id_list) . ')';
WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
$result = $db->sql_query($sql);
$extension_list = '';
@ -306,7 +306,7 @@ class acp_attachments
$sql = 'DELETE
FROM ' . EXTENSIONS_TABLE . '
WHERE extension_id IN (' . implode(', ', $extension_id_list) . ')';
WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
$db->sql_query($sql);
add_log('admin', 'LOG_ATTACH_EXT_DEL', $extension_list);
@ -508,7 +508,7 @@ class acp_attachments
{
$sql = 'UPDATE ' . EXTENSIONS_TABLE . "
SET group_id = $group_id
WHERE extension_id IN (" . implode(', ', $extension_list) . ")";
WHERE " . $db->sql_in_set('extension_id', $extension_list);
$db->sql_query($sql);
}
@ -865,7 +865,7 @@ class acp_attachments
$sql = 'SELECT forum_id, topic_id, post_id
FROM ' . POSTS_TABLE . '
WHERE post_id IN (' . implode(', ', array_keys($upload_list)) . ')';
WHERE ' . $db->sql_in_set('post_id', array_keys($upload_list));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -1373,16 +1373,16 @@ class acp_attachments
}
else if (isset($_POST['unsecuresubmit']))
{
$unip_sql = implode(', ', array_map('intval', $_POST['unip']));
$unip_sql = array_map('intval', $_POST['unip']);
if ($unip_sql != '')
if (sizeof($unip_sql))
{
$l_unip_list = '';
// Grab details of ips for logging information later
$sql = 'SELECT site_ip, site_hostname
FROM ' . SITELIST_TABLE . "
WHERE site_id IN ($unip_sql)";
FROM ' . SITELIST_TABLE . '
WHERE ' . $db->sql_in_set('site_id', $unip_sql);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -1391,8 +1391,8 @@ class acp_attachments
}
$db->sql_freeresult($result);
$sql = 'DELETE FROM ' . SITELIST_TABLE . "
WHERE site_id IN ($unip_sql)";
$sql = 'DELETE FROM ' . SITELIST_TABLE . '
WHERE ' . $db->sql_in_set('site_id', $unip_sql);
$db->sql_query($sql);
add_log('admin', 'LOG_DOWNLOAD_REMOVE_IP', $l_unip_list);

2
phpBB/includes/acp/acp_bots.php
View file

@ -96,7 +96,7 @@ class acp_bots
foreach ($_tables as $table)
{
$sql = "DELETE FROM $table
WHERE user_id IN (" . implode(', ', $user_id_ary) . ')';
WHERE " . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
}

8
phpBB/includes/acp/acp_email.php
View file

@ -55,13 +55,11 @@ class acp_email
{
if ($usernames)
{
$usernames = implode(', ', preg_replace('#^[\s]*?(.*?)[\s]*?$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", explode("\n", $usernames)));
$sql = 'SELECT username, user_email, user_jabber, user_notify_type, user_lang
FROM ' . USERS_TABLE . "
WHERE username IN ($usernames)
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('username', explode("\n", $usernames)) . '
AND user_allow_massemail = 1
ORDER BY user_lang, user_notify_type"; // , SUBSTRING(user_email FROM INSTR(user_email, '@'))
ORDER BY user_lang, user_notify_type'; // , SUBSTRING(user_email FROM INSTR(user_email, '@'))
}
else
{

13
phpBB/includes/acp/acp_forums.php
View file

@ -971,14 +971,14 @@ class acp_forums
$sql = 'UPDATE ' . FORUMS_TABLE . "
SET right_id = right_id + $diff, forum_parents = ''
WHERE " . $to_data['right_id'] . ' BETWEEN left_id AND right_id
AND forum_id NOT IN (' . implode(', ', $moved_ids) . ')';
AND ' . $db->sql_in_set('forum_id', $moved_ids, true);
$db->sql_query($sql);
// Resync the righthand side of the tree
$sql = 'UPDATE ' . FORUMS_TABLE . "
SET left_id = left_id + $diff, right_id = right_id + $diff, forum_parents = ''
WHERE left_id > " . $to_data['right_id'] . '
AND forum_id NOT IN (' . implode(', ', $moved_ids) . ')';
AND ' . $db->sql_in_set('forum_id', $moved_ids, true);
$db->sql_query($sql);
// Resync moved branch
@ -997,7 +997,7 @@ class acp_forums
{
$sql = 'SELECT MAX(right_id) AS right_id
FROM ' . FORUMS_TABLE . '
WHERE forum_id NOT IN (' . implode(', ', $moved_ids) . ')';
WHERE ' . $db->sql_in_set('forum_id', $moved_ids, true);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@ -1007,7 +1007,7 @@ class acp_forums
$sql = 'UPDATE ' . FORUMS_TABLE . "
SET left_id = left_id $diff, right_id = right_id $diff, forum_parents = ''
WHERE forum_id IN (" . implode(', ', $moved_ids) . ')';
WHERE " . $db->sql_in_set('forum_id', $moved_ids);
$db->sql_query($sql);
}
@ -1119,7 +1119,7 @@ class acp_forums
$diff = sizeof($forum_ids) * 2;
$sql = 'DELETE FROM ' . FORUMS_TABLE . '
WHERE forum_id IN (' . implode(', ', $forum_ids) . ')';
WHERE ' . $db->sql_in_set('forum_id', $forum_ids);
$db->sql_query($sql);
}
else if ($action_subforums == 'move')
@ -1362,11 +1362,10 @@ class acp_forums
if (sizeof($ids))
{
$start += sizeof($ids);
$id_list = implode(', ', $ids);
foreach ($tables as $table)
{
$db->sql_query("DELETE FROM $table WHERE $field IN ($id_list)");
$db->sql_query("DELETE FROM $table WHERE " . $db->sql_in_set($field, $id_list));
}
}
}

5
phpBB/includes/acp/acp_logs.php
View file

@ -42,14 +42,15 @@ class acp_logs
if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs'))
{
$where_sql = '';
if ($deletemark && $marked)
if ($deletemark && sizeof($marked))
{
$sql_in = array();
foreach ($marked as $mark)
{
$sql_in[] = $mark;
}
$where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
unset($sql_in);
}

21
phpBB/includes/acp/acp_main.php
View file

@ -21,9 +21,9 @@ class acp_main
global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
$action = request_var('action', '');
$mark = (isset($_REQUEST['mark'])) ? implode(', ', request_var('mark', array(0))) : '';
$mark = (isset($_REQUEST['mark'])) ? request_var('mark', array(0)) : array();
if ($mark)
if (sizeof($mark))
{
switch ($action)
{
@ -36,8 +36,8 @@ class acp_main
}
$sql = 'SELECT username
FROM ' . USERS_TABLE . "
WHERE user_id IN ($mark)";
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', $mark);
$result = $db->sql_query($sql);
$user_affected = array();
@ -50,14 +50,13 @@ class acp_main
if ($action == 'activate')
{
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
$mark_ary = explode(', ', $mark);
foreach ($mark_ary as $user_id)
foreach ($mark as $user_id)
{
user_active_flip($user_id, USER_INACTIVE);
}
set_config('num_users', $config['num_users'] + sizeof($mark_ary), true);
set_config('num_users', $config['num_users'] + sizeof($mark), true);
// Update latest username
update_last_username();
@ -69,9 +68,9 @@ class acp_main
trigger_error($user->lang['NO_ADMIN']);
}
$sql = 'DELETE FROM ' . USER_GROUP_TABLE . " WHERE user_id IN ($mark)";
$sql = 'DELETE FROM ' . USER_GROUP_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark);
$db->sql_query($sql);
$sql = 'DELETE FROM ' . USERS_TABLE . " WHERE user_id IN ($mark)";
$sql = 'DELETE FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark);
$db->sql_query($sql);
add_log('admin', 'LOG_INDEX_' . strtoupper($action), implode(', ', $user_affected));
@ -91,8 +90,8 @@ class acp_main
}
$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type, user_regdate, user_actkey
FROM ' . USERS_TABLE . "
WHERE user_id IN ($mark)";
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', $mark);
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))

8
phpBB/includes/acp/acp_modules.php
View file

@ -841,7 +841,7 @@ class acp_modules
SET right_id = right_id + $diff
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
AND " . $to_data['right_id'] . ' BETWEEN left_id AND right_id
AND module_id NOT IN (' . implode(', ', $moved_ids) . ')';
AND ' . $db->sql_in_set('module_id', $moved_ids, true);
$db->sql_query($sql);
// Resync the righthand side of the tree
@ -849,7 +849,7 @@ class acp_modules
SET left_id = left_id + $diff, right_id = right_id + $diff
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
AND left_id > " . $to_data['right_id'] . '
AND module_id NOT IN (' . implode(', ', $moved_ids) . ')';
AND ' . $db->sql_in_set('module_id', $moved_ids, true);
$db->sql_query($sql);
// Resync moved branch
@ -868,7 +868,7 @@ class acp_modules
$sql = 'SELECT MAX(right_id) AS right_id
FROM ' . MODULES_TABLE . "
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
AND module_id NOT IN (" . implode(', ', $moved_ids) . ')';
AND " . $db->sql_in_set('module_id', $moved_ids, true);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@ -879,7 +879,7 @@ class acp_modules
$sql = 'UPDATE ' . MODULES_TABLE . "
SET left_id = left_id $diff, right_id = right_id $diff
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
AND module_id IN (" . implode(', ', $moved_ids) . ')';
AND " . $db->sql_in_set('module_id', $moved_ids);
$db->sql_query($sql);
}

14
phpBB/includes/acp/acp_permissions.php
View file

@ -413,7 +413,7 @@ class acp_permissions
{
$sql = 'SELECT forum_name
FROM ' . FORUMS_TABLE . '
WHERE forum_id IN (' . implode(', ', $forum_id) . ')
WHERE ' . $db->sql_in_set('forum_id', $forum_id) . '
ORDER BY forum_name ASC';
$result = $db->sql_query($sql);
@ -554,7 +554,7 @@ class acp_permissions
$sql = "SELECT $sql_id
FROM $table
WHERE $sql_id IN (" . implode(', ', $ids) . ')';
WHERE " . $db->sql_in_set($sql_id, $ids);
$result = $db->sql_query($sql);
$ids = array();
@ -803,8 +803,8 @@ class acp_permissions
}
// Logging ... first grab user or groupnames ...
$sql = ($ug_type == 'group') ? 'SELECT group_name as name, group_type FROM ' . GROUPS_TABLE . ' WHERE group_id' : 'SELECT username as name FROM ' . USERS_TABLE . ' WHERE user_id';
$sql .= ' IN (' . implode(', ', array_map('intval', $ug_id)) . ')';
$sql = ($ug_type == 'group') ? 'SELECT group_name as name, group_type FROM ' . GROUPS_TABLE . ' WHERE ' : 'SELECT username as name FROM ' . USERS_TABLE . ' WHERE ';
$sql .= $db->sql_in_set(($ug_type == 'group') ? 'group_id' : 'user_id', array_map('intval', $ug_id));
$result = $db->sql_query($sql);
$l_ug_list = '';
@ -825,7 +825,7 @@ class acp_permissions
// Grab the forum details if non-zero forum_id
$sql = 'SELECT forum_name
FROM ' . FORUMS_TABLE . '
WHERE forum_id IN (' . implode(', ', $forum_id) . ')';
WHERE ' . $db->sql_in_set('forum_id', $forum_id);
$result = $db->sql_query($sql);
$l_forum_list = '';
@ -858,7 +858,7 @@ class acp_permissions
if (sizeof($perms))
{
$sql = 'DELETE FROM ' . ZEBRA_TABLE . '
WHERE zebra_id IN (' . implode(', ', array_unique($perms)) . ')
WHERE ' . $db->sql_in_set('zebra_id', array_unique($perms)) . '
AND foe = 1';
$db->sql_query($sql);
}
@ -1078,7 +1078,7 @@ class acp_permissions
{
global $db, $user;
$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')' : 'AND a.forum_id <> 0');
$sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND ' . $db->sql_in_set('a.forum_id', $forum_id) : 'AND a.forum_id <> 0');
$sql_permission_option = "AND o.auth_option LIKE '" . $db->sql_escape($permission_type) . "%'";
$sql = $db->sql_build_query('SELECT_DISTINCT', array(

14
phpBB/includes/acp/acp_prune.php
View file

@ -68,7 +68,7 @@ class acp_prune
'S_PRUNED' => true)
);
$sql_forum = (sizeof($forum_id)) ? ' AND forum_id IN (' . implode(', ', $forum_id) . ')' : '';
$sql_forum = (sizeof($forum_id)) ? ' AND ' . $db->sql_in_set('forum_id', $forum_id) : '';
// Get a list of forum's or the data for the forum that we are pruning.
$sql = 'SELECT forum_id, forum_name
@ -148,7 +148,7 @@ class acp_prune
{
$sql = 'SELECT forum_id, forum_name
FROM ' . FORUMS_TABLE . '
WHERE forum_id IN (' . implode(', ', $forum_id) . ')';
WHERE ' . $db->sql_in_set('forum_id', $forum_id);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
@ -202,15 +202,7 @@ class acp_prune
if ($users)
{
$users = explode("\n", $users);
$where_sql = '';
foreach ($users as $username)
{
$where_sql .= (($where_sql != '') ? ', ' : '') . "'" . $db->sql_escape($username) . "'";
}
$where_sql = " AND username IN ($where_sql)";
$where_sql = ' AND ' . $db->sql_in_set('username', explode("\n", $users));
}
else
{

12
phpBB/includes/acp/acp_users.php
View file

@ -393,7 +393,7 @@ class acp_users
{
$sql = 'SELECT topic_id, topic_replies, topic_replies_real
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')';
WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
$result = $db->sql_query($sql);
$del_topic_ary = array();
@ -409,7 +409,7 @@ class acp_users
if (sizeof($del_topic_ary))
{
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', $del_topic_ary) . ')';
WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
$db->sql_query($sql);
}
}
@ -495,7 +495,7 @@ class acp_users
{
$sql = 'SELECT topic_id, forum_id, topic_title, topic_replies, topic_replies_real
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')';
WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -842,7 +842,7 @@ class acp_users
{
$sql_in[] = $mark;
}
$where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
unset($sql_in);
}
@ -1630,7 +1630,7 @@ class acp_users
{
$sql = 'SELECT real_filename
FROM ' . ATTACHMENTS_TABLE . '
WHERE attach_id IN (' . implode(', ', $marked) . ')';
WHERE ' . $db->sql_in_set('attach_id', $marked);
$result = $db->sql_query($sql);
$log_attachments = array();
@ -1834,7 +1834,7 @@ class acp_users
// Select box for other groups
$sql = 'SELECT group_id, group_name, group_type
FROM ' . GROUPS_TABLE . '
' . ((sizeof($id_ary)) ? 'WHERE group_id NOT IN (' . implode(', ', $id_ary) . ')' : '') . '
' . ((sizeof($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . '
ORDER BY group_type DESC, group_name ASC';
$result = $db->sql_query($sql);

38
phpBB/includes/acp/auth.php
View file

@ -136,7 +136,7 @@ class auth_admin extends auth
$sql = 'SELECT user_id, user_permissions, user_type
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(',', $ug_id) . ')';
WHERE ' . $db->sql_in_set('user_id', $ug_id);
$result = $db->sql_query($sql);
while ($userdata = $db->sql_fetchrow($result))
@ -292,14 +292,14 @@ class auth_admin extends auth
{
$sql = 'SELECT user_id as ug_id, username as ug_name
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', array_keys($hold_ary)) . ')
WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary)) . '
ORDER BY username ASC';
}
else
{
$sql = 'SELECT group_id as ug_id, group_name as ug_name, group_type
FROM ' . GROUPS_TABLE . '
WHERE group_id IN (' . implode(', ', array_keys($hold_ary)) . ')
WHERE ' . $db->sql_in_set('group_id', array_keys($hold_ary)) . '
ORDER BY group_type DESC, group_name ASC';
}
$result = $db->sql_query($sql);
@ -361,7 +361,7 @@ class auth_admin extends auth
$sql = 'SELECT r.role_id, o.auth_option, r.auth_setting
FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
WHERE o.auth_option_id = r.auth_option_id
AND r.role_id IN (' . implode(', ', array_keys($roles)) . ')';
AND ' . $db->sql_in_set('r.role_id', array_keys($roles));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -584,7 +584,7 @@ class auth_admin extends auth
// Get forum names
$sql = 'SELECT forum_id, forum_name
FROM ' . FORUMS_TABLE . '
WHERE forum_id IN (' . implode(', ', array_keys($hold_ary)) . ')';
WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary));
$result = $db->sql_query($sql);
$forum_names = array();
@ -605,7 +605,7 @@ class auth_admin extends auth
{
$sql = 'SELECT user_id, username
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', $auth_ary['users']) . ')
WHERE ' . $db->sql_in_set('user_id', $auth_ary['users']) . '
ORDER BY username';
$result = $db->sql_query($sql);
@ -624,7 +624,7 @@ class auth_admin extends auth
{
$sql = 'SELECT group_id, group_name, group_type
FROM ' . GROUPS_TABLE . '
WHERE group_id IN (' . implode(', ', $auth_ary['groups']) . ')
WHERE ' . $db->sql_in_set('group_id', $auth_ary['groups']) . '
ORDER BY group_type ASC, group_name';
$result = $db->sql_query($sql);
@ -768,12 +768,12 @@ class auth_admin extends auth
$ug_id = array($ug_id);
}
$ug_id_sql = 'IN (' . implode(', ', array_map('intval', $ug_id)) . ')';
$forum_sql = 'IN (' . implode(', ', array_map('intval', $forum_id)) . ') ';
$ug_id_sql = $db->sql_in_set($ug_type . '_id', array_map('intval', $ug_id));
$forum_sql = $db->sql_in_set('forum_id', array_map('intval', $forum_id));
// Instead of updating, inserting, removing we just remove all current settings and re-set everything...
$table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
$id_field = $ug_type . '_id';
$id_field = $ug_type . '_id';
// Get any flags as required
reset($auth);
@ -797,8 +797,8 @@ class auth_admin extends auth
}
$sql = "DELETE FROM $table
WHERE forum_id $forum_sql
AND $id_field $ug_id_sql
WHERE $forum_sql
AND $ug_id_sql
AND auth_option_id IN ($any_option_id, " . implode(', ', $auth_option_ids) . ')';
$db->sql_query($sql);
@ -818,10 +818,10 @@ class auth_admin extends auth
if (sizeof($role_ids))
{
$sql = "DELETE FROM $table
WHERE forum_id $forum_sql
AND $id_field $ug_id_sql
WHERE $forum_sql
AND $ug_id_sql
AND auth_option_id = 0
AND auth_role_id IN (" . implode(', ', $role_ids) . ')';
AND " . $db->sql_in_set('auth_role_id', $role_ids);
$db->sql_query($sql);
}
@ -995,12 +995,12 @@ class auth_admin extends auth
if ($forum_id !== false)
{
$where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : 'forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')';
$where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : $db->sql_in_set('forum_id', array_map('intval', $forum_id));
}
if ($ug_id !== false)
{
$where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $id_field . ' IN (' . implode(', ', array_map('intval', $ug_id)) . ')';
$where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $db->sql_in_set($id_field, array_map('intval', $ug_id));
}
// There seem to be auth options involved, therefore we need to go through the list and make sure we capture roles correctly
@ -1043,7 +1043,7 @@ class auth_admin extends auth
$sql = 'SELECT ao.auth_option, rd.role_id, rd.auth_setting
FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_ROLES_DATA_TABLE . ' rd
WHERE ao.auth_option_id = rd.auth_option_id
AND rd.role_id IN (' . implode(', ', array_keys($cur_role_auth)) . ')';
AND ' . $db->sql_in_set('rd.role_id', array_keys($cur_role_auth));
$result = $db->sql_query($sql);
$auth_settings = array();
@ -1072,7 +1072,7 @@ class auth_admin extends auth
// Now, normally remove permissions...
if ($permission_type !== false)
{
$where_sql[] = 'auth_option_id IN (' . implode(', ', array_map('intval', $option_id_ary)) . ')';
$where_sql[] = $db->sql_in_set('auth_option_id', array_map('intval', $option_id_ary));
}
$sql = "DELETE FROM $table

32
phpBB/includes/auth.php
View file

@ -161,7 +161,7 @@ class auth
if (sizeof($this->acl))
{
$sql .= ' WHERE forum_id NOT IN (' . implode(', ', array_keys($this->acl)) . ')';
$sql .= ' WHERE ' . $db->sql_in_set('forum_id', array_keys($this->acl), true);
}
$result = $db->sql_query($sql);
@ -418,7 +418,13 @@ class auth
{
global $db;
$where_sql = ($user_id !== false) ? ' WHERE user_id ' . ((is_array($user_id)) ? ' IN (' . implode(', ', array_map('intval', $user_id)) . ')' : " = $user_id") : '';
$where_sql = '';
if ($user_id !== false)
{
$user_id = (!is_array($user_id)) ? $user_id = array((int) $user_id) : array_map('intval', $user_id);
$where_sql = ' WHERE ' . $db->sql_in_set('user_id', $user_id);
}
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_permissions = '',
@ -440,8 +446,8 @@ class auth
$sql_id = ($user_type == 'user') ? 'user_id' : 'group_id';
$sql_ug = ($ug_id !== false) ? ((!is_array($ug_id)) ? "AND a.$sql_id = $ug_id" : "AND a.$sql_id IN (" . implode(', ', $ug_id) . ')') : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
$sql_ug = ($ug_id !== false) ? ((!is_array($ug_id)) ? "AND a.$sql_id = $ug_id" : 'AND ' . $db->sql_in_set("a.$sql_id", $ug_id)) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
// Grab assigned roles...
$sql = 'SELECT a.auth_role_id, a.' . $sql_id . ', a.forum_id
@ -469,8 +475,8 @@ class auth
{
global $db;
$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : 'user_id IN (' . implode(', ', $user_id) . ')') : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
$sql_opts = '';
@ -482,7 +488,7 @@ class auth
}
else
{
$sql_opts = 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')';
$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
}
}
@ -586,8 +592,8 @@ class auth
{
global $db;
$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : 'user_id IN (' . implode(', ', $user_id) . ')') : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
$sql_opts = '';
@ -599,7 +605,7 @@ class auth
}
else
{
$sql_opts = 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')';
$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
}
}
@ -647,8 +653,8 @@ class auth
{
global $db;
$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : 'group_id IN (' . implode(', ', $group_id) . ')') : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : $db->sql_in_set('group_id', $group_id)) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
if ($opts !== false)
{
@ -658,7 +664,7 @@ class auth
}
else
{
$sql_opts = 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')';
$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
}
}

13
phpBB/includes/bbcode.php
View file

@ -124,8 +124,7 @@ class bbcode
}
}
$sql = '';
$bbcode_ids = $rowset = array();
$bbcode_ids = $rowset = $sql = array();
$bitfield = new bitfield($this->bbcode_bitfield);
$bbcodes_set = $bitfield->get_all_set();
@ -141,18 +140,18 @@ class bbcode
if ($bbcode_id > NUM_CORE_BBCODES)
{
$sql .= (($sql) ? ',' : '') . $bbcode_id;
$sql[] = $bbcode_id;
}
}
if ($sql)
if (sizeof($sql))
{
global $db;
$sql = 'SELECT *
FROM ' . BBCODES_TABLE . "
WHERE bbcode_id IN ($sql)";
$result = $db->sql_query($sql);
FROM ' . BBCODES_TABLE . '
WHERE ' . $db->sql_in_set('bbcode_id', $sql);
$result = $db->sql_query($sql, 3600);
while ($row = $db->sql_fetchrow($result))
{

95
phpBB/includes/db/dbal.php
View file

@ -193,22 +193,14 @@ class dbal
{
$fields[] = $key;
if (is_null($var))
{
$values[] = 'NULL';
}
else if (is_string($var))
{
$values[] = "'" . $this->sql_escape($var) . "'";
}
else if (is_array($var) && is_string($var[0]))
if (is_array($var) && is_string($var[0]))
{
// This is used for INSERT_SELECT(s)
$values[] = $var[0];
}
else
{
$values[] = (is_bool($var)) ? intval($var) : $var;
$values[] = $this->_sql_validate_value($var);
}
}
@ -222,25 +214,7 @@ class dbal
$values = array();
foreach ($sql_ary as $key => $var)
{
if (is_null($var))
{
$values[] = 'NULL';
}
else if (is_string($var))
{
if (strpos($key, 'bitfield') === false)
{
$values[] = "'" . $this->sql_escape($var) . "'";
}
else
{
$values[] = $this->sql_escape_binary($var);
}
}
else
{
$values[] = (is_bool($var)) ? intval($var) : $var;
}
$values[] = $this->_sql_validate_value($var);
}
$ary[] = '(' . implode(', ', $values) . ')';
}
@ -252,25 +226,7 @@ class dbal
$values = array();
foreach ($assoc_ary as $key => $var)
{
if (is_null($var))
{
$values[] = "$key = NULL";
}
else if (is_string($var))
{
if (strpos($key, 'bitfield') === false)
{
$values[] = "$key = '" . $this->sql_escape($var) . "'";
}
else
{
$values[] = "$key = " . $this->sql_escape_binary($var);
}
}
else
{
$values[] = (is_bool($var)) ? "$key = " . intval($var) : "$key = $var";
}
$values[] = "$key = " . $this->_sql_validate_value($var);
}
$query = implode(($query == 'UPDATE') ? ', ' : ' AND ', $values);
}
@ -285,30 +241,10 @@ class dbal
trigger_error('No values specified for SQL IN comparison', E_USER_ERROR);
}
$bitfield = (strpos($field, 'bitfield') !== false);
$values = array();
foreach ($array as $var)
{
if (is_null($var))
{
$values[] = 'NULL';
}
else if (is_string($var))
{
if (!$bitfield)
{
$values[] = "'" . $this->sql_escape($var) . "'";
}
else
{
$values[] = $this->sql_escape_binary($var);
}
}
else
{
$values[] = (is_bool($var)) ? intval($var) : $var;
}
$values[] = $this->_sql_validate_value($var);
}
if (sizeof($values) == 1)
@ -317,13 +253,28 @@ class dbal
}
else
{
return $field . ($negate ? ' NOT IN ' : ' IN ' ) . '(' . implode(',', $values) . ')';
return $field . ($negate ? ' NOT IN ' : ' IN ' ) . '(' . implode(', ', $values) . ')';
}
}
function sql_escape_binary($msg)
/**
* Function for validating values
* @access private
*/
function _sql_validate_value($var)
{
return "'" . $this->sql_escape($msg) . "'";
if (is_null($var))
{
return 'NULL';
}
else if (is_string($var))
{
return "'" . $this->sql_escape($var) . "'";
}
else
{
return (is_bool($var)) ? intval($var) : $var;
}
}
/**

12
phpBB/includes/functions.php
View file

@ -576,13 +576,13 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
{
$sql = 'DELETE FROM ' . TOPICS_TRACK_TABLE . "
WHERE user_id = {$user->data['user_id']}
AND forum_id IN (" . implode(', ', $forum_id) . ")";
AND " . $db->sql_in_set('forum_id', $forum_id);
$db->sql_query($sql);
$sql = 'SELECT forum_id
FROM ' . FORUMS_TRACK_TABLE . "
WHERE user_id = {$user->data['user_id']}
AND forum_id IN (" . implode(', ', $forum_id) . ')';
AND " . $db->sql_in_set('forum_id', $forum_id);
$result = $db->sql_query($sql);
$sql_update = array();
@ -597,7 +597,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $
$sql = 'UPDATE ' . FORUMS_TRACK_TABLE . '
SET mark_time = ' . time() . "
WHERE user_id = {$user->data['user_id']}
AND forum_id IN (" . implode(', ', $sql_update) . ')';
AND " . $db->sql_in_set('forum_id', $sql_update);
$db->sql_query($sql);
}
@ -888,7 +888,7 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis
$sql = 'SELECT topic_id, mark_time
FROM ' . TOPICS_TRACK_TABLE . "
WHERE user_id = {$user->data['user_id']}
AND topic_id IN (" . implode(', ', $topic_ids) . ")";
AND " . $db->sql_in_set('topic_id', $topic_ids);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -1805,13 +1805,13 @@ function login_forum_box($forum_data)
$sql_in = array();
do
{
$sql_in[] = "'" . $db->sql_escape($row['session_id']) . "'";
$sql_in[] = (string) $row['session_id'];
}
while ($row = $db->sql_fetchrow($result));
// Remove expired sessions
$sql = 'DELETE FROM ' . FORUMS_ACCESS_TABLE . '
WHERE session_id NOT IN (' . implode(', ', $sql_in) . ')';
WHERE ' . $db->sql_in_set('session_id', $sql_in, true);
$db->sql_query($sql);
}
$db->sql_freeresult($result);

171
phpBB/includes/functions_admin.php
View file

@ -206,7 +206,7 @@ function group_select_options($group_id, $exclude_ids = false)
{
global $db, $user, $config;
$exclude_sql = ($exclude_ids !== false && sizeof($exclude_ids)) ? 'WHERE group_id NOT IN (' . implode(', ', array_map('intval', $exclude_ids)) . ')' : '';
$exclude_sql = ($exclude_ids !== false && sizeof($exclude_ids)) ? 'WHERE ' . $db->sql_in_set('group_id', array_map('intval', $exclude_ids), true) : '';
$sql_and = (!$config['coppa_enable']) ? (($exclude_sql) ? ' AND ' : ' WHERE ') . "group_name NOT IN ('INACTIVE_COPPA', 'REGISTERED_COPPA')" : '';
$sql = 'SELECT group_id, group_name, group_type
@ -376,7 +376,7 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
}
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE topic_moved_id IN (' . implode(', ', $topic_ids) . ')
WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids) . '
AND forum_id = ' . $forum_id;
$db->sql_query($sql);
@ -384,7 +384,7 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
{
$sql = 'SELECT DISTINCT forum_id
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -399,7 +399,7 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true)
{
$sql = "UPDATE $table
SET forum_id = $forum_id
WHERE topic_id IN (" . implode(', ', $topic_ids) . ')';
WHERE " . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
}
unset($table_ary);
@ -428,7 +428,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
$sql = 'SELECT DISTINCT topic_id, forum_id
FROM ' . POSTS_TABLE . '
WHERE post_id IN (' . implode(', ', $post_ids) . ')';
WHERE ' . $db->sql_in_set('post_id', $post_ids);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -452,12 +452,12 @@ function move_posts($post_ids, $topic_id, $auto_sync = true)
$sql = 'UPDATE ' . POSTS_TABLE . '
SET forum_id = ' . $forum_row['forum_id'] . ", topic_id = $topic_id
WHERE post_id IN (" . implode(', ', $post_ids) . ')';
WHERE " . $db->sql_in_set('post_id', $post_ids);
$db->sql_query($sql);
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . "
SET topic_id = $topic_id, in_message = 0
WHERE post_msg_id IN (" . implode(', ', $post_ids) . ')';
WHERE " . $db->sql_in_set('post_msg_id', $post_ids);
$db->sql_query($sql);
if ($auto_sync)
@ -487,6 +487,10 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
{
$where_ids = array_unique($where_ids);
}
else
{
$where_ids = array($where_ids);
}
if (!sizeof($where_ids))
{
@ -498,8 +502,8 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
);
$sql = 'SELECT topic_id, forum_id
FROM ' . TOPICS_TABLE . "
WHERE $where_type " . ((!is_array($where_ids)) ? "= $where_ids" : 'IN (' . implode(', ', $where_ids) . ')');
FROM ' . TOPICS_TABLE . '
WHERE ' . $db->sql_in_set($where_type, $where_ids);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -516,8 +520,6 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
return $return;
}
$sql_where = ' IN (' . implode(', ', $topic_ids) . ')';
$db->sql_transaction('begin');
$table_ary = array(TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, POLL_VOTES_TABLE, POLL_OPTIONS_TABLE, TOPICS_WATCH_TABLE, TOPICS_TABLE);
@ -525,13 +527,13 @@ function delete_topics($where_type, $where_ids, $auto_sync = true)
foreach ($table_ary as $table)
{
$sql = "DELETE FROM $table
WHERE topic_id $sql_where";
WHERE " . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
}
unset($table_ary);
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE topic_moved_id' . $sql_where;
WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids);
$db->sql_query($sql);
$db->sql_transaction('commit');
@ -558,8 +560,12 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
{
$where_ids = array_unique($where_ids);
}
else
{
$where_ids = array($where_ids);
}
if (empty($where_ids))
if (!sizeof($where_ids))
{
return false;
}
@ -567,8 +573,8 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
$post_ids = $topic_ids = $forum_ids = $post_counts = array();
$sql = 'SELECT post_id, poster_id, post_postcount, topic_id, forum_id
FROM ' . POSTS_TABLE . "
WHERE $where_type " . ((!is_array($where_ids)) ? '= ' . (int) $where_ids : 'IN (' . implode(', ', array_map('intval', $where_ids)) . ')');
FROM ' . POSTS_TABLE . '
WHERE ' . $db->sql_in_set($where_type, array_map('intval', $where_ids));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -590,8 +596,6 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
return false;
}
$sql_where = implode(', ', $post_ids);
$db->sql_transaction('begin');
$table_ary = array(POSTS_TABLE, REPORTS_TABLE);
@ -599,7 +603,7 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync =
foreach ($table_ary as $table)
{
$sql = "DELETE FROM $table
WHERE post_id IN ($sql_where)";
WHERE " . $db->sql_in_set('post_id', $post_ids);
$db->sql_query($sql);
}
unset($table_ary);
@ -693,7 +697,7 @@ function delete_attachments($mode, $ids, $resync = true)
{
$sql = 'SELECT post_msg_id as post_id, topic_id, physical_filename, thumbnail, filesize
FROM ' . ATTACHMENTS_TABLE . '
WHERE ' . $sql_id . ' IN (' . implode(', ', $ids) . ')';
WHERE ' . $db->sql_in_set($sql_id, $ids);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -709,7 +713,7 @@ function delete_attachments($mode, $ids, $resync = true)
{
$sql = 'SELECT topic_id, physical_filename, thumbnail, filesize
FROM ' . ATTACHMENTS_TABLE . '
WHERE post_msg_id IN (' . implode(', ', $ids) . ')
WHERE ' . $db->sql_in_set('post_msg_id', $ids) . '
AND in_message = 0';
$result = $db->sql_query($sql);
@ -723,7 +727,7 @@ function delete_attachments($mode, $ids, $resync = true)
// Delete attachments
$sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . '
WHERE ' . $sql_id . ' IN (' . implode(', ', $ids) . ')';
WHERE ' . $db->sql_in_set($sql_id, $ids);
$db->sql_query($sql);
$num_deleted = $db->sql_affectedrows();
@ -771,7 +775,7 @@ function delete_attachments($mode, $ids, $resync = true)
{
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_attachment = 0
WHERE post_id IN (' . implode(', ', $post_ids) . ')';
WHERE ' . $db->sql_in_set('post_id', $post_ids);
$db->sql_query($sql);
}
@ -781,7 +785,7 @@ function delete_attachments($mode, $ids, $resync = true)
$sql = 'SELECT post_msg_id
FROM ' . ATTACHMENTS_TABLE . '
WHERE post_msg_id IN (' . implode(', ', $post_ids) . ')
WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . '
AND in_message = 0';
$result = $db->sql_query($sql);
@ -797,7 +801,7 @@ function delete_attachments($mode, $ids, $resync = true)
{
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_attachment = 0
WHERE post_id IN (' . implode(', ', $unset_ids) . ')';
WHERE ' . $db->sql_in_set('post_id', $unset_ids);
$db->sql_query($sql);
}
@ -805,7 +809,7 @@ function delete_attachments($mode, $ids, $resync = true)
$sql = 'SELECT post_msg_id
FROM ' . ATTACHMENTS_TABLE . '
WHERE post_msg_id IN (' . implode(', ', $post_ids) . ')
WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . '
AND in_message = 1';
$result = $db->sql_query($sql);
@ -821,7 +825,7 @@ function delete_attachments($mode, $ids, $resync = true)
{
$sql = 'UPDATE ' . PRIVMSGS_TABLE . '
SET message_attachment = 0
WHERE msg_id IN (' . implode(', ', $unset_ids) . ')';
WHERE ' . $db->sql_in_set('msg_id', $unset_ids);
$db->sql_query($sql);
}
}
@ -834,7 +838,7 @@ function delete_attachments($mode, $ids, $resync = true)
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_attachment = 0
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
}
@ -844,7 +848,7 @@ function delete_attachments($mode, $ids, $resync = true)
$sql = 'SELECT topic_id
FROM ' . ATTACHMENTS_TABLE . '
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -859,7 +863,7 @@ function delete_attachments($mode, $ids, $resync = true)
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_attachment = 0
WHERE topic_id IN (' . implode(', ', $unset_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $unset_ids);
$db->sql_query($sql);
}
}
@ -873,7 +877,7 @@ function delete_attachments($mode, $ids, $resync = true)
*/
function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true)
{
$where = (is_array($forum_id)) ? 'AND t.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')' : (($forum_id) ? 'AND t.forum_id = ' . (int) $forum_id : '');
$where = (is_array($forum_id)) ? 'AND ' . $db->sql_in_set('t.forum_id', array_map('intval', $forum_id)) : (($forum_id) ? 'AND t.forum_id = ' . (int) $forum_id : '');
switch (SQL_LAYER)
{
@ -905,7 +909,7 @@ function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true)
if (sizeof($topic_ids))
{
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(',', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
}
break;
@ -932,13 +936,13 @@ function update_posted_info(&$topic_ids)
// First of all, let us remove any posted information for these topics
$sql = 'DELETE FROM ' . TOPICS_POSTED_TABLE . '
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
// Now, let us collect the user/topic combos for rebuilding the information
$sql = 'SELECT poster_id, topic_id
FROM ' . POSTS_TABLE . '
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')
WHERE ' . $db->sql_in_set('topic_id', $topic_ids) . '
AND poster_id <> ' . ANONYMOUS . '
GROUP BY poster_id, topic_id';
$result = $db->sql_query($sql);
@ -1058,7 +1062,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
// Limit the topics/forums we are syncing, use specific topic/forum IDs.
// $where_type contains the field for the where clause (forum_id, topic_id)
$where_sql = 'WHERE ' . $mode{0} . ".$where_type IN (" . implode(', ', $where_ids) . ')';
$where_sql = 'WHERE ' . $db->sql_in_set($mode{0} . '.' . $where_type, $where_ids);
$where_sql_and = $where_sql . "\n\tAND";
}
}
@ -1070,7 +1074,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
}
// $where_type contains the field for the where clause (forum_id, topic_id)
$where_sql = 'WHERE ' . $mode{0} . ".$where_type IN (" . implode(', ', $where_ids) . ')';
$where_sql = 'WHERE ' . $db->sql_in_set($mode{0} . '.' . $where_type, $where_ids);
$where_sql_and = $where_sql . "\n\tAND";
}
@ -1108,7 +1112,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
}
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', $topic_id_ary) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_id_ary);
$db->sql_query($sql);
break;
@ -1147,7 +1151,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_approved = 1 - topic_approved
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
break;
}
@ -1174,7 +1178,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
$sql = 'SELECT DISTINCT(post_id)
FROM ' . REPORTS_TABLE . '
WHERE post_id IN (' . implode(', ', $post_ids) . ')
WHERE ' . $db->sql_in_set('post_id', $post_ids) . '
AND report_closed = 0';
$result = $db->sql_query($sql);
@ -1203,7 +1207,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
{
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_reported = 1 - post_reported
WHERE post_id IN (' . implode(', ', $post_ids) . ')';
WHERE ' . $db->sql_in_set('post_id', $post_ids);
$db->sql_query($sql);
}
break;
@ -1245,7 +1249,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_reported = 1 - topic_reported
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
}
break;
@ -1271,7 +1275,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
$sql = 'SELECT DISTINCT(post_msg_id)
FROM ' . ATTACHMENTS_TABLE . '
WHERE post_msg_id IN (' . implode(', ', $post_ids) . ')
WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . '
AND in_message = 0';
$result = $db->sql_query($sql);
@ -1300,7 +1304,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
{
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_attachment = 1 - post_attachment
WHERE post_id IN (' . implode(', ', $post_ids) . ')';
WHERE ' . $db->sql_in_set('post_id', $post_ids);
$db->sql_query($sql);
}
break;
@ -1342,7 +1346,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_attachment = 1 - topic_attachment
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
}
break;
@ -1385,7 +1389,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
// 2: Get topic counts for each forum
$sql = 'SELECT forum_id, topic_approved, COUNT(topic_id) AS forum_topics
FROM ' . TOPICS_TABLE . '
WHERE forum_id IN (' . implode(', ', $forum_ids) . ')
WHERE ' . $db->sql_in_set('forum_id', $forum_ids) . '
GROUP BY forum_id, topic_approved';
$result = $db->sql_query($sql);
@ -1404,7 +1408,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
// 3: Get post count and last_post_id for each forum
$sql = 'SELECT forum_id, COUNT(post_id) AS forum_posts, MAX(post_id) AS last_post_id
FROM ' . POSTS_TABLE . '
WHERE forum_id IN (' . implode(', ', $forum_ids) . ')
WHERE ' . $db->sql_in_set('forum_id', $forum_ids) . '
AND post_approved = 1
GROUP BY forum_id';
$result = $db->sql_query($sql);
@ -1425,7 +1429,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
{
$sql = 'SELECT p.post_id, p.poster_id, p.post_time, p.post_username, u.username
FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
WHERE p.post_id IN (' . implode(', ', $post_ids) . ')
WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . '
AND p.poster_id = u.user_id';
$result = $db->sql_query($sql);
@ -1491,15 +1495,21 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
break;
case 'topic':
$topic_data = $post_ids = $approved_unapproved_ids = $resync_forums = $delete_topics = $delete_posts = array();
$topic_data = $post_ids = $approved_unapproved_ids = $resync_forums = $delete_topics = $delete_posts = $moved_topics = array();
$sql = 'SELECT t.topic_id, t.forum_id, t.topic_approved, ' . (($sync_extra) ? 't.topic_attachment, t.topic_reported, ' : '') . 't.topic_poster, t.topic_time, t.topic_replies, t.topic_replies_real, t.topic_first_post_id, t.topic_first_poster_name, t.topic_last_post_id, t.topic_last_poster_id, t.topic_last_poster_name, t.topic_last_post_time
$sql = 'SELECT t.topic_id, t.forum_id, t.topic_moved_id, t.topic_approved, ' . (($sync_extra) ? 't.topic_attachment, t.topic_reported, ' : '') . 't.topic_poster, t.topic_time, t.topic_replies, t.topic_replies_real, t.topic_first_post_id, t.topic_first_poster_name, t.topic_last_post_id, t.topic_last_poster_id, t.topic_last_poster_name, t.topic_last_post_time
FROM ' . TOPICS_TABLE . " t
$where_sql";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
if ($row['topic_moved_id'])
{
$moved_topics[] = $row['topic_id'];
continue;
}
$topic_id = (int) $row['topic_id'];
$topic_data[$topic_id] = $row;
$topic_data[$topic_id]['replies_real'] = -1;
@ -1603,9 +1613,34 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
unset($delete_topics, $delete_topic_ids);
}
// Make sure shadow topics do link to existing topics
if (sizeof($moved_topics))
{
$delete_topics = array();
$sql = 'SELECT t1.topic_id, t1.topic_moved_id
FROM ' . TOPICS_TABLE . ' t1
LEFT JOIN ' . TOPICS_TABLE . ' t2 ON (t2.topic_id = t1.topic_moved_id)
WHERE ' . $db->sql_in_set('t1.topic_id', $moved_topics) . '
AND t2.topic_id IS NULL';
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$delete_topics[] = $row['topic_id'];
}
$db->sql_freeresult($result);
if (sizeof($delete_topics))
{
delete_topics('topic_id', $delete_topics, false);
}
unset($delete_topics);
}
$sql = 'SELECT p.post_id, p.topic_id, p.post_approved, p.poster_id, p.post_username, p.post_time, u.username
FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
WHERE p.post_id IN (' . implode(',', $post_ids) . ')
WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . '
AND u.user_id = p.poster_id';
$result = $db->sql_query($sql);
@ -1639,7 +1674,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false,
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_approved = 1 - topic_approved
WHERE topic_id IN (' . implode(', ', $approved_unapproved_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $approved_unapproved_ids);
$db->sql_query($sql);
}
unset($approved_unapproved_ids);
@ -1726,9 +1761,18 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
{
global $db;
$sql_forum = (is_array($forum_id)) ? ' IN (' . implode(', ', array_map('intval', $forum_id)) . ')' : ' = ' . (int) $forum_id;
if (!is_array($forum_id))
{
$forum_id = array($forum_id);
}
if (!sizeof($forum_id))
{
return;
}
$sql_and = '';
if (!($prune_flags & 4))
{
$sql_and .= ' AND topic_type <> ' . POST_ANNOUNCE;
@ -1750,8 +1794,8 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
}
$sql = 'SELECT topic_id
FROM ' . TOPICS_TABLE . "
WHERE forum_id $sql_forum
FROM ' . TOPICS_TABLE . '
WHERE ' . $db->sql_in_set('forum_id', $forum_id) . "
AND poll_start = 0
$sql_and";
$result = $db->sql_query($sql);
@ -1766,8 +1810,8 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync
if ($prune_flags & 2)
{
$sql = 'SELECT topic_id
FROM ' . TOPICS_TABLE . "
WHERE forum_id $sql_forum
FROM ' . TOPICS_TABLE . '
WHERE ' . $db->sql_in_set('forum_id', $forum_id) . "
AND poll_start > 0
AND poll_last_vote < $prune_date
$sql_and";
@ -1934,7 +1978,7 @@ function cache_moderators()
AND ((a.auth_setting = ' . ACL_NEVER . ' AND r.auth_setting IS NULL)
OR r.auth_setting = ' . ACL_NEVER . ')
AND a.group_id = ug.group_id
AND ug.user_id IN (' . implode(', ', $ug_id_ary) . ")
AND ' . $db->sql_in_set('ug.user_id', $ug_id_ary) . "
AND ug.user_pending = 0
AND o.auth_option LIKE 'm\_%'",
));
@ -1954,7 +1998,7 @@ function cache_moderators()
// Get usernames...
$sql = 'SELECT user_id, username
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', array_keys($hold_ary)) . ')';
WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary));
$result = $db->sql_query($sql);
$usernames_ary = array();
@ -1989,7 +2033,7 @@ function cache_moderators()
// Make sure not hidden or special groups are involved...
$sql = 'SELECT group_name, group_id, group_type
FROM ' . GROUPS_TABLE . '
WHERE group_id IN (' . implode(', ', $ug_id_ary) . ')';
WHERE ' . $db->sql_in_set('group_id', $ug_id_ary);
$result = $db->sql_query($sql);
$groupnames_ary = array();
@ -2082,7 +2126,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
}
else if (is_array($forum_id))
{
$sql_forum = 'AND l.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')';
$sql_forum = 'AND ' . $db->sql_in_set('l.forum_id', array_map('intval', $forum_id));
}
else
{
@ -2174,7 +2218,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id
// although it's also used to determine if the topic still exists in the database
$sql = 'SELECT topic_id, forum_id
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', array_map('intval', $topic_id_list)) . ')';
WHERE ' . $db->sql_in_set('topic_id', array_map('intval', $topic_id_list));
$result = $db->sql_query($sql);
$default_forum_id = 0;
@ -2472,9 +2516,8 @@ function tidy_warnings()
{
$db->sql_transaction('begin');
$sql_where = ' IN (' . implode(', ', $warning_list) . ')';
$sql = 'DELETE FROM ' . WARNINGS_TABLE . "
WHERE warning_id $sql_where";
$sql = 'DELETE FROM ' . WARNINGS_TABLE . '
WHERE ' . $db->sql_in_set('warning_id', $warning_list);
$db->sql_query($sql);
foreach ($user_list as $user_id => $value)

18
phpBB/includes/functions_display.php
View file

@ -556,18 +556,22 @@ function get_moderators(&$forum_moderators, $forum_id = false)
return;
}
if ($forum_id !== false && is_array($forum_id))
$forum_sql = '';
if ($forum_id !== false)
{
if (!is_array($forum_id))
{
$forum_id = array($forum_id);
}
// If we don't have a forum then we can't have a moderator
if (!sizeof($forum_id))
{
return;
}
$forum_sql = 'AND forum_id IN (' . implode(', ', $forum_id) . ')';
}
else
{
$forum_sql = ($forum_id !== false) ? 'AND forum_id = ' . $forum_id : '';
$forum_sql = 'AND ' . $db->sql_in_set('forum_id', $forum_id);
}
$sql = 'SELECT *
@ -1012,7 +1016,7 @@ function display_user_activity(&$userdata)
}
$forum_ary = array_unique($forum_ary);
$post_count_sql = (sizeof($forum_ary)) ? 'AND f.forum_id NOT IN (' . implode(', ', $forum_ary) . ')' : '';
$post_count_sql = (sizeof($forum_ary)) ? 'AND ' . $db->sql_in_set('f.forum_id', $forum_ary, true) : '';
// Firebird does not support ORDER BY on aliased columns
// MySQL does not support ORDER BY on functions

16
phpBB/includes/functions_posting.php
View file

@ -114,9 +114,9 @@ function update_post_information($type, $ids, $return_update_sql = false)
$update_sql = $empty_forums = array();
$sql = 'SELECT ' . $type . '_id, MAX(post_id) as last_post_id
FROM ' . POSTS_TABLE . "
FROM ' . POSTS_TABLE . '
WHERE post_approved = 1
AND {$type}_id IN (" . implode(', ', $ids) . ")
AND ' . $db->sql_in_set($type . '_id', $ids) . "
GROUP BY {$type}_id";
$result = $db->sql_query($sql);
@ -150,7 +150,7 @@ function update_post_information($type, $ids, $return_update_sql = false)
$sql = 'SELECT p.' . $type . '_id, p.post_id, p.post_time, p.poster_id, p.post_username, u.user_id, u.username
FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
WHERE p.poster_id = u.user_id
AND p.post_id IN (' . implode(', ', $last_post_ids) . ')';
AND ' . $db->sql_in_set('p.post_id', $last_post_ids);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -757,7 +757,7 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0)
{
$sql = 'SELECT topic_id, forum_id, topic_title
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(',', array_unique($topic_ids)) . ')';
WHERE ' . $db->sql_in_set('topic_id', array_unique($topic_ids));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -1109,7 +1109,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
$sql = 'UPDATE ' . TOPICS_WATCH_TABLE . "
SET notify_status = 1
WHERE topic_id = $topic_id
AND user_id IN (" . implode(', ', $update_notification['topic']) . ")";
AND " . $db->sql_in_set('user_id', $update_notification['topic']);
$db->sql_query($sql);
}
@ -1118,7 +1118,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
$sql = 'UPDATE ' . FORUMS_WATCH_TABLE . "
SET notify_status = 1
WHERE forum_id = $forum_id
AND user_id IN (" . implode(', ', $update_notification['forum']) . ")";
AND " . $db->sql_in_set('user_id', $update_notification['forum']);
$db->sql_query($sql);
}
@ -1127,7 +1127,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
{
$sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . "
WHERE topic_id = $topic_id
AND user_id IN (" . implode(', ', $delete_ids['topic']) . ")";
AND " . $db->sql_in_set('user_id', $delete_ids['topic']);
$db->sql_query($sql);
}
@ -1135,7 +1135,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id
{
$sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . "
WHERE forum_id = $forum_id
AND user_id IN (" . implode(', ', $delete_ids['forum']) . ")";
AND " . $db->sql_in_set('user_id', $delete_ids['forum']);
$db->sql_query($sql);
}

62
phpBB/includes/functions_privmsgs.php
View file

@ -387,7 +387,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
{
$sql = 'SELECT *
FROM ' . USER_GROUP_TABLE . '
WHERE user_id IN (' . implode(', ', $user_ids) . ')
WHERE ' . $db->sql_in_set('user_id', $user_ids) . '
AND user_pending = 0';
$result = $db->sql_query($sql);
@ -506,7 +506,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
{
$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
SET pm_unread = 0
WHERE msg_id IN (' . implode(', ', $unread_ids) . ")
WHERE ' . $db->sql_in_set('msg_id', $unread_ids) . "
AND user_id = $user_id
AND folder_id = " . PRIVMSGS_NO_BOX;
$db->sql_query($sql);
@ -519,7 +519,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
SET pm_marked = !pm_marked
WHERE folder_id = ' . PRIVMSGS_NO_BOX . "
AND user_id = $user_id
AND msg_id IN (" . implode(', ', $important_ids) . ')';
AND " . $db->sql_in_set('msg_id', $important_ids);
$db->sql_query($sql);
}
@ -531,9 +531,15 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
// Determine Full Folder Action - we need the move to folder id later eventually
$full_folder_action = ($user->data['user_full_folder'] == FULL_FOLDER_NONE) ? ($config['full_folder_action'] - (FULL_FOLDER_NONE*(-1))) : $user->data['user_full_folder'];
$sql_folder = array_keys($move_into_folder);
if ($full_folder_action >= 0)
{
$sql_folder[] = $full_folder_action;
}
$sql = 'SELECT folder_id, pm_count
FROM ' . PRIVMSGS_FOLDER_TABLE . '
WHERE folder_id IN (' . implode(', ', array_keys($move_into_folder)) . (($full_folder_action >= 0) ? ', ' . $full_folder_action : '') . ")
WHERE ' . $db->sql_in_set('folder_id', $sql_folder) . "
AND user_id = $user_id";
$result = $db->sql_query($sql);
@ -543,6 +549,8 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
}
$db->sql_freeresult($result);
unset($sql_folder);
if (in_array(PRIVMSGS_INBOX, array_keys($move_into_folder)))
{
$sql = 'SELECT folder_id, COUNT(msg_id) as num_messages
@ -610,7 +618,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
SET folder_id = ' . PRIVMSGS_HOLD_BOX . '
WHERE folder_id = ' . PRIVMSGS_NO_BOX . "
AND user_id = $user_id
AND msg_id IN (" . implode(', ', $msg_ary) . ')';
AND " . $db->sql_in_set('msg_id', $msg_ary);
$db->sql_query($sql);
}
else
@ -620,7 +628,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
WHERE folder_id = " . PRIVMSGS_NO_BOX . "
AND user_id = $user_id
AND pm_new = 1
AND msg_id IN (" . implode(', ', $msg_ary) . ')';
AND " . $db->sql_in_set('msg_id', $msg_ary);
$db->sql_query($sql);
if ($dest_folder != PRIVMSGS_INBOX)
@ -645,7 +653,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false)
$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
SET folder_id = ' . PRIVMSGS_SENTBOX . '
WHERE folder_id = ' . PRIVMSGS_OUTBOX . '
AND msg_id IN (' . implode(', ', array_keys($action_ary)) . ')';
AND ' . $db->sql_in_set('msg_id', array_keys($action_ary));
$db->sql_query($sql);
}
@ -730,7 +738,7 @@ function move_pm($user_id, $message_limit, $move_msg_ids, $dest_folder, $cur_fol
SET folder_id = $dest_folder
WHERE folder_id = $cur_folder_id
AND user_id = $user_id
AND msg_id IN (" . implode(', ', $move_msg_ids) . ')';
AND " . $db->sql_in_set('msg_id', $move_msg_ids);
$db->sql_query($sql);
$num_moved = $db->sql_affectedrows();
@ -809,7 +817,7 @@ function handle_mark_actions($user_id, $mark_action)
SET pm_marked = !pm_marked
WHERE folder_id = $cur_folder_id
AND user_id = $user_id
AND msg_id IN (" . implode(', ', $msg_ids) . ')';
AND " . $db->sql_in_set('msg_id', $msg_ids);
$db->sql_query($sql);
break;
@ -879,7 +887,7 @@ function delete_pm($user_id, $msg_ids, $folder_id)
// Get PM Informations for later deleting
$sql = 'SELECT msg_id, pm_unread, pm_new
FROM ' . PRIVMSGS_TO_TABLE . '
WHERE msg_id IN (' . implode(', ', array_map('intval', $msg_ids)) . ")
WHERE ' . $db->sql_in_set('msg_id', array_map('intval', $msg_ids)) . "
AND folder_id = $folder_id
AND user_id = $user_id";
$result = $db->sql_query($sql);
@ -908,19 +916,19 @@ function delete_pm($user_id, $msg_ids, $folder_id)
// Remove PM from Outbox
$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . "
WHERE user_id = $user_id AND folder_id = " . PRIVMSGS_OUTBOX . '
AND msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')';
AND ' . $db->sql_in_set('msg_id', array_keys($delete_rows));
$db->sql_query($sql);
// Update PM Information for safety
$sql = 'UPDATE ' . PRIVMSGS_TABLE . " SET message_text = ''
WHERE msg_id IN (" . implode(', ', array_keys($delete_rows)) . ')';
WHERE " . $db->sql_in_set('msg_id', array_keys($delete_rows));
$db->sql_query($sql);
// Set delete flag for those intended to receive the PM
// We do not remove the message actually, to retain some basic informations (sent time for example)
$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . '
SET pm_deleted = 1
WHERE msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')';
WHERE ' . $db->sql_in_set('msg_id', array_keys($delete_rows));
$db->sql_query($sql);
$num_deleted = $db->sql_affectedrows();
@ -931,7 +939,7 @@ function delete_pm($user_id, $msg_ids, $folder_id)
$sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . "
WHERE user_id = $user_id
AND folder_id = $folder_id
AND msg_id IN (" . implode(', ', array_keys($delete_rows)) . ')';
AND " . $db->sql_in_set('msg_id', array_keys($delete_rows));
$db->sql_query($sql);
$num_deleted = $db->sql_affectedrows();
}
@ -961,7 +969,7 @@ function delete_pm($user_id, $msg_ids, $folder_id)
// Now we have to check which messages we can delete completely
$sql = 'SELECT msg_id
FROM ' . PRIVMSGS_TO_TABLE . '
WHERE msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')';
WHERE ' . $db->sql_in_set('msg_id', array_keys($delete_rows));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -970,12 +978,12 @@ function delete_pm($user_id, $msg_ids, $folder_id)
}
$db->sql_freeresult($result);
$delete_ids = implode(', ', array_keys($delete_rows));
$delete_ids = array_keys($delete_rows);
if ($delete_ids)
if (sizeof($delete_ids))
{
$sql = 'DELETE FROM ' . PRIVMSGS_TABLE . '
WHERE msg_id IN (' . $delete_ids . ')';
WHERE ' . $db->sql_in_set('msg_id', $delete_ids);
$db->sql_query($sql);
}
@ -1051,7 +1059,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
{
$sql = 'SELECT user_id, username, user_colour
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', $u) . ')
WHERE ' . $db->sql_in_set('user_id', $u) . '
AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')';
$result = $db->sql_query($sql);
@ -1078,7 +1086,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
{
$sql = 'SELECT group_name, group_type
FROM ' . GROUPS_TABLE . '
WHERE group_id IN (' . implode(', ', $g) . ')';
WHERE ' . $db->sql_in_set('group_id', $g);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -1094,7 +1102,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false)
{
$sql = 'SELECT g.group_id, g.group_name, g.group_colour, g.group_type, ug.user_id
FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug
WHERE g.group_id IN (' . implode(', ', $g) . ')
WHERE ' . $db->sql_in_set('g.group_id', $g) . '
AND g.group_id = ug.group_id
AND ug.user_pending = 0';
$result = $db->sql_query($sql);
@ -1234,7 +1242,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
{
$sql = 'SELECT group_id, user_id
FROM ' . USER_GROUP_TABLE . '
WHERE group_id IN (' . implode(', ', array_keys($data['address_list']['g'])) . ')
WHERE ' . $db->sql_in_set('group_id', array_keys($data['address_list']['g'])) . '
AND user_pending = 0';
$result = $db->sql_query($sql);
@ -1373,7 +1381,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_new_privmsg = user_new_privmsg + 1, user_unread_privmsg = user_unread_privmsg + 1, user_last_privmsg = ' . time() . '
WHERE user_id IN (' . implode(', ', array_keys($recipients)) . ')';
WHERE ' . $db->sql_in_set('user_id', array_keys($recipients));
$db->sql_query($sql);
// Put PM into outbox
@ -1501,7 +1509,7 @@ function pm_notification($mode, $author, $recipients, $subject, $message)
// Get banned User ID's
$sql = 'SELECT ban_userid
FROM ' . BANLIST_TABLE . '
WHERE ban_userid IN (' . implode(', ', array_map('intval', array_keys($recipients))) . ')
WHERE ' . $db->sql_in_set('ban_userid', array_map('intval', array_keys($recipients))) . '
AND ban_exclude = 0';
$result = $db->sql_query($sql);
@ -1516,11 +1524,9 @@ function pm_notification($mode, $author, $recipients, $subject, $message)
return;
}
$recipient_list = implode(', ', array_map('intval', array_keys($recipients)));
$sql = 'SELECT user_id, username, user_email, user_lang, user_notify_pm, user_notify_type, user_jabber
FROM ' . USERS_TABLE . "
WHERE user_id IN ($recipient_list)";
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('user_id', array_map('intval', array_keys($recipients)));
$result = $db->sql_query($sql);
$msg_list_ary = array();

15
phpBB/includes/functions_profile_fields.php
View file

@ -358,14 +358,14 @@ class custom_profile
$this->build_cache();
}
if (!implode(', ', $user_id))
if (!sizeof($user_id))
{
return array();
}
$sql = 'SELECT *
FROM ' . PROFILE_FIELDS_DATA_TABLE . '
WHERE user_id IN (' . implode(', ', array_map('intval', $user_id)) . ')';
WHERE ' . $db->sql_in_set('user_id', array_map('intval', $user_id));
$result = $db->sql_query($sql);
$field_data = array();
@ -787,20 +787,13 @@ class custom_profile
$sql_not_in = array();
foreach ($cp_data as $key => $null)
{
if (strncmp($key, '_', 1) === 0)
{
$sql_not_in[] = "'" . $db->sql_escape(substr($key, 1)) . "'";
}
else
{
$sql_not_in[] = "'" . $db->sql_escape($key) . "'";
}
$sql_not_in[] = (strncmp($key, '_', 1) === 0) ? substr($key, 1) : $key;
}
$sql = 'SELECT f.field_type, f.field_ident, f.field_default_value, l.lang_default_value
FROM ' . PROFILE_LANG_TABLE . ' l, ' . PROFILE_FIELDS_TABLE . ' f
WHERE l.lang_id = ' . $user->get_iso_lang_id() . '
' . ((sizeof($sql_not_in)) ? ' AND f.field_ident NOT IN (' . implode(', ', $sql_not_in) . ')' : '') . '
' . ((sizeof($sql_not_in)) ? ' AND ' . $db->sql_in_set('f.field_ident', $sql_not_in, true) : '') . '
AND l.field_id = f.field_id';
$result = $db->sql_query($sql);

110
phpBB/includes/functions_user.php
View file

@ -34,7 +34,7 @@ function user_get_id_name(&$user_id_ary, &$username_ary)
$$which_ary = array($$which_ary);
}
$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $$which_ary);
$sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : $$which_ary;
unset($$which_ary);
$user_id_ary = $username_ary = array();
@ -42,8 +42,8 @@ function user_get_id_name(&$user_id_ary, &$username_ary)
// Grab the user id/username records
$sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username';
$sql = 'SELECT user_id, username
FROM ' . USERS_TABLE . "
WHERE $sql_where IN (" . implode(', ', $sql_in) . ')';
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set($sql_where, $sql_in);
$result = $db->sql_query($sql);
if (!($row = $db->sql_fetchrow($result)))
@ -307,7 +307,7 @@ function user_delete($mode, $user_id, $post_username = false)
{
$sql = 'SELECT topic_id, topic_replies, topic_replies_real
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')';
WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
$result = $db->sql_query($sql);
$del_topic_ary = array();
@ -323,7 +323,7 @@ function user_delete($mode, $user_id, $post_username = false)
if (sizeof($del_topic_ary))
{
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', $del_topic_ary) . ')';
WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
$db->sql_query($sql);
}
}
@ -528,24 +528,23 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
$username = trim($username);
if ($username != '')
{
$sql_usernames[] = "'" . $db->sql_escape($username) . "'";
$sql_usernames[] = strtolower($username);
}
}
$sql_usernames = implode(', ', $sql_usernames);
// Make sure we have been given someone to ban
if (empty($sql_usernames))
if (!sizeof($sql_usernames))
{
trigger_error($user->lang['NO_USER_SPECIFIED']);
}
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . '
WHERE username IN (' . $sql_usernames . ')';
WHERE ' . $db->sql_in_set('LOWER(username)', $sql_usernames);
if (sizeof($founder))
{
$sql .= ' AND user_id NOT IN (' . implode(', ', array_keys($founder)) . ')';
$sql .= ' AND ' . $db->sql_in_set('user_id', array_keys($founder), true);
}
$result = $db->sql_query($sql);
@ -762,17 +761,11 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
switch ($mode)
{
case 'user':
$sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE session_user_id IN (' . implode(', ', $banlist_ary) . ')';
$sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary);
break;
case 'ip':
$banlist_ary_sql = array();
foreach ($banlist_ary as $ban_entry)
{
$banlist_ary_sql[] = "'" . $db->sql_escape($ban_entry) . "'";
}
$sql_where = 'WHERE session_ip IN (' . implode(', ', $banlist_ary_sql) . ')';
$sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary);
break;
case 'email':
@ -780,12 +773,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
foreach ($banlist_ary as $ban_entry)
{
$banlist_ary_sql[] = "'" . $db->sql_escape(str_replace('*', '%', $ban_entry)) . "'";
$banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry);
}
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . '
WHERE user_email IN (' . implode(', ', $banlist_ary_sql) . ')';
WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql);
$result = $db->sql_query($sql);
$sql_in = array();
@ -798,7 +791,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
}
while ($row = $db->sql_fetchrow($result));
$sql_where = 'WHERE session_user_id IN (' . implode(', ', $sql_in) . ")";
$sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in);
}
$db->sql_freeresult($result);
break;
@ -812,7 +805,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
if ($mode == 'user')
{
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE user_id IN (' . implode(', ', $banlist_ary) . ')');
$sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary));
$db->sql_query($sql);
}
}
@ -847,30 +840,30 @@ function user_unban($mode, $ban)
$ban = array($ban);
}
$unban_sql = implode(', ', array_map('intval', $ban));
$unban_sql = array_map('intval', $ban);
if ($unban_sql)
if (sizeof($unban_sql))
{
// Grab details of bans for logging information later
switch ($mode)
{
case 'user':
$sql = 'SELECT u.username AS unban_info
FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . " b
WHERE b.ban_id IN ($unban_sql)
AND u.user_id = b.ban_userid";
FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b
WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . '
AND u.user_id = b.ban_userid';
break;
case 'email':
$sql = 'SELECT ban_email AS unban_info
FROM ' . BANLIST_TABLE . "
WHERE ban_id IN ($unban_sql)";
FROM ' . BANLIST_TABLE . '
WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
break;
case 'ip':
$sql = 'SELECT ban_ip AS unban_info
FROM ' . BANLIST_TABLE . "
WHERE ban_id IN ($unban_sql)";
FROM ' . BANLIST_TABLE . '
WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
break;
}
$result = $db->sql_query($sql);
@ -882,8 +875,8 @@ function user_unban($mode, $ban)
}
$db->sql_freeresult($result);
$sql = 'DELETE FROM ' . BANLIST_TABLE . "
WHERE ban_id IN ($unban_sql)";
$sql = 'DELETE FROM ' . BANLIST_TABLE . '
WHERE ' . $db->sql_in_set('ban_id', $unban_sql);
$db->sql_query($sql);
add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list);
@ -1580,7 +1573,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
// Remove users who are already members of this group
$sql = 'SELECT user_id, group_leader
FROM ' . USER_GROUP_TABLE . '
WHERE user_id IN (' . implode(', ', $user_id_ary) . ")
WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . "
AND group_id = $group_id";
$result = $db->sql_query($sql);
@ -1636,7 +1629,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false,
{
$sql = 'UPDATE ' . USER_GROUP_TABLE . '
SET group_leader = 1
WHERE user_id IN (' . implode(', ', $update_id_ary) . ")
WHERE ' . $db->sql_in_set('user_id', $update_id_ary) . "
AND group_id = $group_id";
$db->sql_query($sql);
}
@ -1682,7 +1675,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
$sql = 'SELECT *
FROM ' . GROUPS_TABLE . '
WHERE group_name IN (' . implode(', ', preg_replace('#^(.*)$#', "'\\1'", $group_order)) . ')';
WHERE ' . $db->sql_in_set('group_name', $group_order);
$result = $db->sql_query($sql);
$group_order_id = $special_group_data = array();
@ -1711,7 +1704,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
// Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default
$sql = 'SELECT user_id, group_id
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', $user_id_ary) . ")";
WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
$result = $db->sql_query($sql);
$default_groups = array();
@ -1724,7 +1717,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
// What special group memberships exist for these users?
$sql = 'SELECT g.group_id, g.group_name, ug.user_id
FROM ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g
WHERE ug.user_id IN (' . implode(', ', $user_id_ary) . ")
WHERE ' . $db->sql_in_set('ug.user_id', $user_id_ary) . "
AND g.group_id = ug.group_id
AND g.group_id <> $group_id
AND g.group_type = " . GROUP_SPECIAL . '
@ -1760,7 +1753,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
$sql = 'SELECT user_id, user_avatar
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ')
WHERE ' . $db->sql_in_set('user_id', $sql_where_ary[$gid]) . '
AND user_avatar_type = ' . AVATAR_UPLOAD;
$result = $db->sql_query($sql);
@ -1772,7 +1765,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
}
$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $special_group_data[$gid]) . '
WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ')';
WHERE ' . $db->sql_in_set('user_id', $sql_where_ary[$gid]);
$db->sql_query($sql);
}
}
@ -1780,7 +1773,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false,
$sql = 'DELETE FROM ' . USER_GROUP_TABLE . "
WHERE group_id = $group_id
AND user_id IN (" . implode(', ', $user_id_ary) . ')';
AND " . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
// Clear permissions cache of relevant users
@ -1825,7 +1818,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
$sql = 'UPDATE ' . USER_GROUP_TABLE . '
SET group_leader = ' . (($action == 'promote') ? 1 : 0) . "
WHERE group_id = $group_id
AND user_id IN (" . implode(', ', $user_id_ary) . ')';
AND " . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
$log = ($action == 'promote') ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED';
@ -1838,7 +1831,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
WHERE ug.group_id = ' . $group_id . '
AND ug.user_pending = 1
AND ug.user_id = u.user_id
AND ug.user_id IN (' . implode(', ', $user_id_ary) . ')';
AND ' . $db->sql_in_set('ug.user_id', $user_id_ary);
$result = $db->sql_query($sql);
$user_id_ary = $email_users = array();
@ -1857,7 +1850,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
$sql = 'UPDATE ' . USER_GROUP_TABLE . "
SET user_pending = 0
WHERE group_id = $group_id
AND user_id IN (" . implode(', ', $user_id_ary) . ')';
AND " . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
// Send approved email to users...
@ -1963,7 +1956,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
// Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem)
$sql = 'SELECT user_id, user_avatar
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', $user_id_ary) . ')
WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . '
AND user_avatar_type = ' . AVATAR_UPLOAD;
$result = $db->sql_query($sql);
@ -1975,7 +1968,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal
}
$sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . '
WHERE user_id IN (' . implode(', ', $user_id_ary) . ')';
WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
}
@ -2016,22 +2009,29 @@ function group_memberships($group_id_ary = false, $user_id_ary = false, $return_
return true;
}
if ($user_id_ary)
{
$user_id_ary = (!is_array($user_id_ary)) ? array($user_id_ary) : $user_id_ary;
}
if ($group_id_ary)
{
$group_id_ary = (!is_array($group_id_ary)) ? array($group_id_ary) : $group_id_ary;
}
$sql = 'SELECT ug.*, u.username, u.user_email
FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u
WHERE ug.user_id = u.user_id AND ';
if ($group_id_ary && $user_id_ary)
if ($group_id_ary)
{
$sql .= " ug.group_id " . ((is_array($group_id_ary)) ? ' IN (' . implode(', ', $group_id_ary) . ')' : " = $group_id_ary") . "
AND ug.user_id " . ((is_array($user_id_ary)) ? ' IN (' . implode(', ', $user_id_ary) . ')' : " = $user_id_ary");
$sql .= ' ' . $db->sql_in_set('ug.group_id', $group_id_ary);
}
else if ($group_id_ary)
if ($user_id_ary)
{
$sql .= " ug.group_id " . ((is_array($group_id_ary)) ? ' IN (' . implode(', ', $group_id_ary) . ')' : " = $group_id_ary");
}
else if ($user_id_ary)
{
$sql .= " ug.user_id " . ((is_array($user_id_ary)) ? ' IN (' . implode(', ', $user_id_ary) . ')' : " = $user_id_ary");
$sql .= ($group_id_ary) ? ' AND ' : ' ';
$sql .= $db->sql_in_set('ug.user_id', $user_id_ary);
}
$result = ($return_bool) ? $db->sql_query_limit($sql, 1) : $db->sql_query($sql);

2
phpBB/includes/mcp/mcp_forum.php
View file

@ -177,7 +177,7 @@ function mcp_resync_topics($topic_ids)
$sql = 'SELECT topic_id, forum_id, topic_title
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$result = $db->sql_query($sql);
// Log this action

4
phpBB/includes/mcp/mcp_front.php
View file

@ -41,7 +41,7 @@ function mcp_front_view($id, $mode, $action)
$sql = 'SELECT forum_id, forum_name
FROM ' . FORUMS_TABLE . '
WHERE forum_id IN (' . implode(', ', $forum_list) . ')';
WHERE ' . $db->sql_in_set('forum_id', $forum_list);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -65,7 +65,7 @@ function mcp_front_view($id, $mode, $action)
$sql = 'SELECT p.post_id, p.post_subject, p.post_time, p.poster_id, p.post_username, u.username, t.topic_id, t.topic_title, t.topic_first_post_id, p.forum_id
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u
WHERE p.post_id IN (' . implode(', ', $post_list) . ')
WHERE ' . $db->sql_in_set('p.post_id', $post_list) . '
AND t.topic_id = p.topic_id
AND p.poster_id = u.user_id
ORDER BY p.post_time DESC';

2
phpBB/includes/mcp/mcp_logs.php
View file

@ -84,7 +84,7 @@ class mcp_logs
$sql_in[] = $mark;
}
$where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
unset($sql_in);
}

22
phpBB/includes/mcp/mcp_main.php
View file

@ -224,8 +224,8 @@ function lock_unlock($action, $ids)
if (confirm_box(true))
{
$sql = "UPDATE $table
SET $set_id = " . (($action == 'lock' || $action == 'lock_post') ? ITEM_LOCKED : ITEM_UNLOCKED) . "
WHERE $sql_id IN (" . implode(', ', $ids) . ")";
SET $set_id = " . (($action == 'lock' || $action == 'lock_post') ? ITEM_LOCKED : ITEM_UNLOCKED) . '
WHERE ' . $db->sql_in_set($sql_id, $ids);
$db->sql_query($sql);
$data = ($action == 'lock' || $action == 'unlock') ? get_topic_data($ids) : get_post_data($ids);
@ -311,7 +311,7 @@ function change_topic_type($action, $topic_ids)
{
$sql = 'UPDATE ' . TOPICS_TABLE . "
SET topic_type = $new_topic_type
WHERE topic_id IN (" . implode(', ', $topic_ids) . ')
WHERE " . $db->sql_in_set('topic_id', $topic_ids) . '
AND forum_id <> 0';
$db->sql_query($sql);
@ -320,14 +320,14 @@ function change_topic_type($action, $topic_ids)
{
$sql = 'UPDATE ' . TOPICS_TABLE . "
SET topic_type = $new_topic_type, forum_id = $forum_id
WHERE topic_id IN (" . implode(', ', $topic_ids) . ')
WHERE " . $db->sql_in_set('topic_id', $topic_ids) . '
AND forum_id = 0';
$db->sql_query($sql);
// Update forum_ids for all posts
$sql = 'UPDATE ' . POSTS_TABLE . "
SET forum_id = $forum_id
WHERE topic_id IN (" . implode(', ', $topic_ids) . ')
WHERE " . $db->sql_in_set('topic_id', $topic_ids) . '
AND forum_id = 0';
$db->sql_query($sql);
@ -339,7 +339,7 @@ function change_topic_type($action, $topic_ids)
// Get away with those topics already being a global announcement by re-calculating $topic_ids
$sql = 'SELECT topic_id
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')
WHERE ' . $db->sql_in_set('topic_id', $topic_ids) . '
AND forum_id <> 0';
$result = $db->sql_query($sql);
@ -354,18 +354,18 @@ function change_topic_type($action, $topic_ids)
{
// Delete topic shadows for global announcements
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
WHERE topic_moved_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids);
$db->sql_query($sql);
$sql = 'UPDATE ' . TOPICS_TABLE . "
SET topic_type = $new_topic_type, forum_id = 0
WHERE topic_id IN (" . implode(', ', $topic_ids) . ')';
WHERE " . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
// Update forum_ids for all posts
$sql = 'UPDATE ' . POSTS_TABLE . '
SET forum_id = 0
WHERE topic_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_ids);
$db->sql_query($sql);
sync('forum', 'forum_id', $forum_id);
@ -640,7 +640,7 @@ function mcp_delete_post($post_ids)
$sql = 'SELECT DISTINCT topic_id
FROM ' . POSTS_TABLE . '
WHERE post_id IN (' . implode(', ', $post_ids) . ')';
WHERE ' . $db->sql_in_set('post_id', $post_ids);
$result = $db->sql_query($sql);
$topic_id_list = array();
@ -663,7 +663,7 @@ function mcp_delete_post($post_ids)
$sql = 'SELECT COUNT(topic_id) AS topics_left
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', $topic_id_list) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_id_list);
$result = $db->sql_query_limit($sql, 1);
$deleted_topics = ($row = $db->sql_fetchrow($result)) ? ($affected_topics - $row['topics_left']) : $affected_topics;

2
phpBB/includes/mcp/mcp_notes.php
View file

@ -106,7 +106,7 @@ class mcp_notes
{
$sql_in[] = $mark;
}
$where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
$where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
unset($sql_in);
}

12
phpBB/includes/mcp/mcp_queue.php
View file

@ -251,10 +251,10 @@ class mcp_queue
if (sizeof($post_ids))
{
$sql = 'SELECT t.topic_id, t.topic_title, t.forum_id, p.post_id, p.post_subject, p.post_username, p.poster_id, p.post_time, u.username
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . " u
WHERE p.post_id IN (" . implode(', ', $post_ids) . ")
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u
WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . '
AND t.topic_id = p.topic_id
AND u.user_id = p.poster_id";
AND u.user_id = p.poster_id';
$result = $db->sql_query($sql);
$post_data = $rowset = array();
@ -306,7 +306,7 @@ class mcp_queue
// Select the names for the forum_ids
$sql = 'SELECT forum_id, forum_name
FROM ' . FORUMS_TABLE . '
WHERE forum_id IN (' . implode(',', $forum_names) . ')';
WHERE ' . $db->sql_in_set('forum_id', $forum_names);
$result = $db->sql_query($sql, 3600);
$forum_names = array();
@ -449,7 +449,7 @@ function approve_post($post_id_list, $mode)
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_approved = 1
WHERE topic_id IN (' . implode(', ', $topic_approve_sql) . ')';
WHERE ' . $db->sql_in_set('topic_id', $topic_approve_sql);
$db->sql_query($sql);
}
@ -457,7 +457,7 @@ function approve_post($post_id_list, $mode)
{
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_approved = 1
WHERE post_id IN (' . implode(', ', $post_approve_sql) . ')';
WHERE ' . $db->sql_in_set('post_id', $post_approve_sql);
$db->sql_query($sql);
}

37
phpBB/includes/mcp/mcp_reports.php
View file

@ -191,9 +191,10 @@ class mcp_reports
$forum_id = $topic_info['forum_id'];
}
$forum_list = array();
if (!$forum_id)
{
$forum_list = array();
foreach ($forum_list_reports as $row)
{
$forum_list[] = $row['forum_id'];
@ -201,14 +202,14 @@ class mcp_reports
$global_id = $forum_list[0];
if (!($forum_list = implode(', ', $forum_list)))
if (!sizeof($forum_list))
{
trigger_error('NOT_MODERATOR');
}
$sql = 'SELECT SUM(forum_topics) as sum_forum_topics
FROM ' . FORUMS_TABLE . "
WHERE forum_id IN ($forum_list)";
FROM ' . FORUMS_TABLE . '
WHERE ' . $db->sql_in_set('forum_id', $forum_list);
$result = $db->sql_query($sql);
$forum_info['forum_topics'] = (int) $db->sql_fetchfield('sum_forum_topics');
$db->sql_freeresult($result);
@ -223,11 +224,11 @@ class mcp_reports
}
$forum_info = $forum_info[$forum_id];
$forum_list = $forum_id;
$forum_list = array($forum_id);
$global_id = $forum_id;
}
$forum_list .= ', 0';
$forum_list[] = 0;
$forum_data = array();
$forum_options = '<option value="0"' . (($forum_id == 0) ? ' selected="selected"' : '') . '>' . $user->lang['ALL_FORUMS'] . '</option>';
@ -256,8 +257,8 @@ class mcp_reports
}
$sql = 'SELECT r.report_id
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . REPORTS_TABLE . ' r ' . (($sort_order_sql[0] == 'u') ? ', ' . USERS_TABLE . ' u' : '') . (($sort_order_sql[0] == 'r') ? ', ' . USERS_TABLE . ' ru' : '') . "
WHERE p.forum_id IN ($forum_list)
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . REPORTS_TABLE . ' r ' . (($sort_order_sql[0] == 'u') ? ', ' . USERS_TABLE . ' u' : '') . (($sort_order_sql[0] == 'r') ? ', ' . USERS_TABLE . ' ru' : '') . '
WHERE ' . $db->sql_in_set('p.forum_id', $forum_list) . "
$report_state
AND r.post_id = p.post_id
" . (($sort_order_sql[0] == 'u') ? 'AND u.user_id = p.poster_id' : '') . '
@ -280,12 +281,12 @@ class mcp_reports
if (sizeof($report_ids))
{
$sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, p.post_id, p.post_subject, p.post_username, p.poster_id, p.post_time, u.username, r.user_id as reporter_id, ru.username as reporter_name, r.report_time, r.report_id
FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u, ' . USERS_TABLE . " ru
WHERE r.report_id IN (" . implode(', ', $report_ids) . ")
FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u, ' . USERS_TABLE . ' ru
WHERE ' . $db->sql_in_set('r.report_id', $report_ids) . '
AND t.topic_id = p.topic_id
AND r.post_id = p.post_id
AND u.user_id = p.poster_id
AND ru.user_id = r.user_id";
AND ru.user_id = r.user_id';
$result = $db->sql_query($sql);
$report_data = $rowset = array();
@ -387,7 +388,7 @@ function close_report($post_id_list, $mode, $action)
$sql = 'SELECT r.post_id, r.report_closed, r.user_id, r.user_notify, u.username, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type
FROM ' . REPORTS_TABLE . ' r, ' . USERS_TABLE . ' u
WHERE r.post_id IN (' . implode(',', array_keys($post_info)) . ')
WHERE ' . $db->sql_in_set('r.post_id', array_keys($post_info)) . '
' . (($action == 'close') ? 'AND r.report_closed = 0' : '') . '
AND r.user_id = u.user_id';
$result = $db->sql_query($sql);
@ -421,9 +422,9 @@ function close_report($post_id_list, $mode, $action)
// Get a list of topics that still contain reported posts
$sql = 'SELECT DISTINCT topic_id
FROM ' . POSTS_TABLE . '
WHERE topic_id IN (' . implode(', ', $close_report_topics) . ')
WHERE ' . $db->sql_in_set('topic_id', $close_report_topics) . '
AND post_reported = 1
AND post_id NOT IN (' . implode(', ', $close_report_posts) . ')';
AND ' . $db->sql_in_set('post_id', $close_report_posts, true);
$result = $db->sql_query($sql);
$keep_report_topics = array();
@ -442,25 +443,25 @@ function close_report($post_id_list, $mode, $action)
{
$sql = 'UPDATE ' . REPORTS_TABLE . '
SET report_closed = 1
WHERE post_id IN (' . implode(', ', $close_report_posts) . ')';
WHERE ' . $db->sql_in_set('post_id', $close_report_posts);
}
else
{
$sql = 'DELETE FROM ' . REPORTS_TABLE . '
WHERE post_id IN (' . implode(', ', $close_report_posts) . ')';
WHERE ' . $db->sql_in_set('post_id', $close_report_posts);
}
$db->sql_query($sql);
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_reported = 0
WHERE post_id IN (' . implode(', ', $close_report_posts) . ')';
WHERE ' . $db->sql_in_set('post_id', $close_report_posts);
$db->sql_query($sql);
if (sizeof($close_report_topics))
{
$sql = 'UPDATE ' . TOPICS_TABLE . '
SET topic_reported = 0
WHERE topic_id IN (' . implode(', ', $close_report_topics) . ')';
WHERE ' . $db->sql_in_set('topic_id', $close_report_topics);
$db->sql_query($sql);
}

17
phpBB/includes/message_parser.php
View file

@ -410,12 +410,11 @@ class bbcode_firstpass extends bbcode
switch (strtolower($stx))
{
case 'php':
$code = trim($code);
$remove_tags = false;
$code = str_replace(array('&lt;', '&gt;'), array('<', '>'), $code);
if (!preg_match('/^\<\?.*?\?\>/is', $code))
if (!preg_match('/\<\?.*?\?\>/is', $code))
{
$remove_tags = true;
$code = "<?php $code ?>";
@ -438,7 +437,7 @@ class bbcode_firstpass extends bbcode
{
$str_from[] = '<span class="syntaxdefault">&lt;?php </span>';
$str_to[] = '';
$str_from[] = '<span class="syntaxdefault">&lt;?php ';
$str_from[] = '<span class="syntaxdefault">&lt;?php&nbsp;';
$str_to[] = '<span class="syntaxdefault">';
}
@ -453,6 +452,12 @@ class bbcode_firstpass extends bbcode
$code = preg_replace('#^<span class="[a-z]+"><span class="([a-z]+)">(.*)</span></span>#s', '<span class="$1">$2</span>', $code);
$code = preg_replace('#(?:[\n\r\s\t]|&nbsp;)*</span>$#', '</span>', $code);
// remove newline at the end
if (!empty($code) && $code{strlen($code)-1} == "\n")
{
$code = substr($code, 0, -1);
}
$out .= "[code=$stx:" . $this->bbcode_uid . ']' . $code . '[/code:' . $this->bbcode_uid . ']';
break;
@ -1303,7 +1308,7 @@ class parse_message extends bbcode_firstpass
// Get the data from the attachments
$sql = 'SELECT attach_id, physical_filename, real_filename, extension, mimetype, filesize, filetime, thumbnail
FROM ' . ATTACHMENTS_TABLE . '
WHERE attach_id IN (' . implode(', ', array_keys($attach_ids)) . ')
WHERE ' . $db->sql_in_set('attach_id', array_keys($attach_ids)) . '
AND poster_id = ' . $check_user_id;
$result = $db->sql_query($sql);
@ -1332,8 +1337,8 @@ class parse_message extends bbcode_firstpass
include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
$sql = 'SELECT attach_id
FROM ' . ATTACHMENTS_TABLE . "
WHERE LOWER(physical_filename) IN ('" . implode("', '", array_map('strtolower', $filenames)) . "')";
FROM ' . ATTACHMENTS_TABLE . '
WHERE ' . $db->sql_in_set('LOWER(physical_filename)', array_map('strtolower', $filenames));
$result = $db->sql_query_limit($sql, 1);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);

12
phpBB/includes/search/fulltext_mysql.php
View file

@ -312,19 +312,19 @@ class fulltext_mysql extends search_backend
}
else
{
$m_approve_fid_sql = ' AND (p.post_approved = 1 OR p.forum_id NOT IN (' . implode(', ', $m_approve_fid_ary) . '))';
$m_approve_fid_sql = ' AND (p.post_approved = 1 OR ' . $db->sql_in_set('p.forum_id', $m_approve_fid_ary, true) . ')';
}
$sql_select = (!$result_count) ? 'SQL_CALC_FOUND_ROWS ' : '';
$sql_select = ($type == 'posts') ? $sql_select . 'p.post_id' : 'DISTINCT ' . $sql_select . 't.topic_id';
$sql_from = ($join_topic) ? TOPICS_TABLE . ' t, ' : '';
$field = ($type == 'posts') ? 'post_id' : 'topic_id';
$sql_author = (sizeof($author_ary) == 1) ? ' = ' . $author_ary[0] : 'IN (' . implode(',', $author_ary) . ')';
$sql_author = (sizeof($author_ary) == 1) ? ' = ' . $author_ary[0] : 'IN (' . implode(', ', $author_ary) . ')';
$sql_where_options = $sql_sort_join;
$sql_where_options .= ($topic_id) ? ' AND p.topic_id = ' . $topic_id : '';
$sql_where_options .= ($join_topic) ? ' AND t.topic_id = p.topic_id' : '';
$sql_where_options .= (sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '';
$sql_where_options .= (sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '';
$sql_where_options .= $m_approve_fid_sql;
$sql_where_options .= (sizeof($author_ary)) ? ' AND p.poster_id ' . $sql_author : '';
$sql_where_options .= ($sort_days) ? ' AND p.post_time >= ' . (time() - ($sort_days * 86400)) : '';
@ -451,8 +451,8 @@ class fulltext_mysql extends search_backend
$id_ary = array();
// Create some display specific sql strings
$sql_author = 'p.poster_id ' . ((sizeof($author_ary) > 1) ? 'IN (' . implode(',', $author_ary) . ')' : '= ' . $author_ary[0]);
$sql_fora = (sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '';
$sql_author = $db->sql_in_set('p.poster_id', $author_ary);
$sql_fora = (sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '';
$sql_topic_id = ($topic_id) ? ' AND p.topic_id = ' . (int) $topic_id : '';
$sql_time = ($sort_days) ? ' AND p.post_time >= ' . (time() - ($sort_days * 86400)) : '';
@ -487,7 +487,7 @@ class fulltext_mysql extends search_backend
}
else
{
$m_approve_fid_sql = ' AND (p.post_approved = 1 OR p.forum_id IN (' . implode($m_approve_fid_ary) . '))';
$m_approve_fid_sql = ' AND (p.post_approved = 1 OR ' . $db->sql_in_set('p.forum_id', $m_approve_fid_ary) . ')';
}
// If the cache was completely empty count the results

79
phpBB/includes/search/fulltext_native.php
View file

@ -142,15 +142,9 @@ class fulltext_native extends search_backend
if (sizeof($exact_words))
{
// we can match exact words with one IN
foreach ($exact_words as $i => $word)
{
$exact_words[$i] = '\'' . $db->sql_escape($word) . '\'';
}
$sql = 'SELECT word_id, word_text, word_common
FROM ' . SEARCH_WORDLIST_TABLE . '
WHERE word_text ' . ((sizeof($exact_words) > 1) ? 'IN (' . implode(', ', $exact_words) . ')' : '= ' . $exact_words[0]);
WHERE ' . $db->sql_in_set('word_text', $exact_words);
$result = $db->sql_query($sql);
// store an array of words and ids, remove common words
@ -419,7 +413,7 @@ class fulltext_native extends search_backend
}
}
$sql_where[] = (sizeof($word_ids) > 1) ? "m$m_num.word_id IN (" . implode(', ', $word_ids) . ')' : "m$m_num.word_id = {$word_ids[0]}";
$sql_where[] = $db->sql_in_set("m$m_num.word_id", $word_ids);
unset($word_id_sql);
unset($word_ids);
@ -473,7 +467,7 @@ class fulltext_native extends search_backend
{
$sql_array['LEFT_JOIN'][] = array(
'FROM' => array(SEARCH_WORDMATCH_TABLE => 'm' . $m_num),
'ON' => ((sizeof($this->must_not_contain_ids) > 1) ? "m$m_num.word_id IN (" . implode(', ', $this->must_not_contain_ids) . ')' : "m$m_num.word_id = " . $this->must_not_contain_ids[0]) . (($title_match) ? "m$m_num.$title_match" : '') . " AND m$m_num.post_id = m0.post_id"
'ON' => $db->sql_in_set("m$m_num.word_id", $this->must_not_contain_ids) . (($title_match) ? "m$m_num.$title_match" : '') . " AND m$m_num.post_id = m0.post_id"
);
$sql_where[] = "m$m_num.word_id IS NULL";
@ -514,7 +508,7 @@ class fulltext_native extends search_backend
}
else if ($m_approve_fid_ary !== array(-1))
{
$sql_where[] = '(p.post_approved = 1 OR p.forum_id ' . ((sizeof($m_approve_fid_ary) == 1) ? '= ' . $m_approve_fid_ary[0] : 'NOT IN (' . implode(', ', $m_approve_fid_ary) . ')' ) . ')';
$sql_where[] = '(p.post_approved = 1 OR ' . $db->sql_in_set('p.forum_id', $m_approve_fid_ary) . ')';
}
if ($topic_id)
@ -524,12 +518,12 @@ class fulltext_native extends search_backend
if (sizeof($author_ary))
{
$sql_where[] = 'p.poster_id ' . ((sizeof($author_ary) == 1) ? ' = ' . $author_ary[0] : 'IN (' . implode(',', $author_ary) . ')');
$sql_where[] = $db->sql_in_set('p.poster_id', $author_ary);
}
if (sizeof($ex_fid_ary))
{
$sql_where[] = 'p.forum_id ' . ((sizeof($ex_fid_ary) == 1) ? '<> ' . $ex_fid_ary[0] : 'NOT IN (' . implode(',', $ex_fid_ary) . ')');
$sql_where[] = $db->sql_in_set('p.forum_id', $ex_fid_ary, true);
}
if ($sort_days)
@ -696,8 +690,8 @@ class fulltext_native extends search_backend
$id_ary = array();
// Create some display specific sql strings
$sql_author = 'p.poster_id ' . ((sizeof($author_ary) > 1) ? 'IN (' . implode(',', $author_ary) . ')' : '= ' . $author_ary[0]);
$sql_fora = (sizeof($ex_fid_ary)) ? ' AND p.forum_id ' . ((sizeof($ex_fid_ary) == 1) ? '<> ' . $ex_fid_ary[0] : 'NOT IN (' . implode(',', $ex_fid_ary) . ')') : '';
$sql_author = $db->sql_in_set('p.poster_id', $author_ary);
$sql_fora = (sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '';
$sql_time = ($sort_days) ? ' AND p.post_time >= ' . (time() - ($sort_days * 86400)) : '';
$sql_topic_id = ($topic_id) ? ' AND p.topic_id = ' . (int) $topic_id : '';
@ -732,7 +726,7 @@ class fulltext_native extends search_backend
}
else
{
$m_approve_fid_sql = ' AND (p.post_approved = 1 OR p.forum_id ' . ((sizeof($m_approve_fid_ary) == 1) ? '= ' . $m_approve_fid_ary[0] : 'IN (' . implode($m_approve_fid_ary) . ')' ) . ')';
$m_approve_fid_sql = ' AND (p.post_approved = 1 OR ' . $db->sql_in_set('p.forum_id', $m_approve_fid_ary) . ')';
}
$select = ($type == 'posts') ? 'p.post_id' : 't.topic_id';
@ -1015,8 +1009,8 @@ class fulltext_native extends search_backend
if (sizeof($unique_add_words))
{
$sql = 'SELECT word_id, word_text
FROM ' . SEARCH_WORDLIST_TABLE . "
WHERE word_text IN ('" . implode("','", array_map(array(&$db, 'sql_escape'), $unique_add_words)) . "')";
FROM ' . SEARCH_WORDLIST_TABLE . '
WHERE ' . $db->sql_in_set('word_text', $unique_add_words);
$result = $db->sql_query($sql);
$word_ids = array();
@ -1026,7 +1020,7 @@ class fulltext_native extends search_backend
}
$db->sql_freeresult($result);
$new_words = array_map(array(&$db, 'sql_escape'), array_diff($unique_add_words, array_keys($word_ids)));
$new_words = array_diff($unique_add_words, array_keys($word_ids));
if (sizeof($new_words))
{
@ -1066,7 +1060,7 @@ class fulltext_native extends search_backend
}
$sql = 'DELETE FROM ' . SEARCH_WORDMATCH_TABLE . '
WHERE word_id IN (' . implode(', ', $sql_in) . ')
WHERE ' . $db->sql_in_set('word_id', $sql_in) . '
AND post_id = ' . intval($post_id) . "
AND title_match = $title_match";
$db->sql_query($sql);
@ -1082,8 +1076,8 @@ class fulltext_native extends search_backend
{
$sql = 'INSERT INTO ' . SEARCH_WORDMATCH_TABLE . " (post_id, word_id, title_match)
SELECT $post_id, word_id, $title_match
FROM " . SEARCH_WORDLIST_TABLE . "
WHERE word_text IN ('" . implode("','", array_map(array(&$db, 'sql_escape'), $word_ary)) . "')";
FROM " . SEARCH_WORDLIST_TABLE . '
WHERE ' . $db->sql_in_set('word_text', $word_ary);
$db->sql_query($sql);
}
}
@ -1119,12 +1113,14 @@ class fulltext_native extends search_backend
{
global $db;
$sql = 'DELETE FROM ' . SEARCH_WORDMATCH_TABLE . '
WHERE post_id IN (' . implode(', ', $post_ids) . ')';
$db->sql_query($sql);
if (sizeof($post_ids))
{
$sql = 'DELETE FROM ' . SEARCH_WORDMATCH_TABLE . '
WHERE ' . $db->sql_in_set('post_id', $post_ids);
$db->sql_query($sql);
}
// SEARCH_WORDLIST_TABLE will be updated by tidy()
$this->destroy_cache(array(), $author_ids);
}
@ -1156,42 +1152,39 @@ class fulltext_native extends search_backend
HAVING COUNT(word_id) > ' . floor($config['num_posts'] * 0.6);
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
$sql_in = array();
while ($row = $db->sql_fetchrow($result))
{
$sql_in = array();
do
{
$sql_in[] = $row['word_id'];
}
while ($row = $db->sql_fetchrow($result));
$sql_in = implode(', ', $sql_in);
$sql_in[] = $row['word_id'];
}
$db->sql_freeresult($result);
if (sizeof($sql_in))
{
// Get the text of those new common words
$sql = 'SELECT word_text
FROM ' . SEARCH_WORDLIST_TABLE . "
WHERE word_id IN ($sql_in)";
FROM ' . SEARCH_WORDLIST_TABLE . '
WHERE ' . $db->sql_in_set('word_id', $sql_in);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$destroy_cache_words[] = $row['word_text'];
}
$db->sql_freeresult($result);
// Flag the words
$sql = 'UPDATE ' . SEARCH_WORDLIST_TABLE . "
$sql = 'UPDATE ' . SEARCH_WORDLIST_TABLE . '
SET word_common = 1
WHERE word_id IN ($sql_in)";
WHERE ' . $db->sql_in_set('word_id', $sql_in);
$db->sql_query($sql);
// Delete the matches
$sql = 'DELETE FROM ' . SEARCH_WORDMATCH_TABLE . "
WHERE word_id IN ($sql_in)";
$sql = 'DELETE FROM ' . SEARCH_WORDMATCH_TABLE . '
WHERE ' . $db->sql_in_set('word_id', $sql_in);
$db->sql_query($sql);
unset($sql_in);
}
$db->sql_freeresult($result);
unset($sql_in);
}
// destroy cached search results containing any of the words that are now common or were removed

37
phpBB/includes/session.php
View file

@ -131,7 +131,7 @@ class session
* @todo Introduce further user types, bot, guest
* @todo Change user_type (as above) to a bitfield? user_type & USER_FOUNDER for example
*/
function session_begin($update_session_page = true, $loose_validation = false)
function session_begin($update_session_page = true)
{
global $phpEx, $SID, $_SID, $db, $config, $phpbb_root_path;
@ -658,33 +658,30 @@ class session
GROUP BY session_user_id, session_page';
$result = $db->sql_query_limit($sql, 5);
$del_user_id = '';
$del_user_id = array();
$del_sessions = 0;
if ($row = $db->sql_fetchrow($result))
{
do
{
if ($row['session_user_id'] != ANONYMOUS)
{
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_lastvisit = ' . $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
WHERE user_id = " . $row['session_user_id'];
$db->sql_query($sql);
}
$del_user_id .= (($del_user_id != '') ? ', ' : '') . (int) $row['session_user_id'];
$del_sessions++;
while ($row = $db->sql_fetchrow($result));
{
if ($row['session_user_id'] != ANONYMOUS)
{
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_lastvisit = ' . $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
WHERE user_id = " . $row['session_user_id'];
$db->sql_query($sql);
}
while ($row = $db->sql_fetchrow($result));
$del_user_id[] = (int) $row['session_user_id'];
$del_sessions++;
}
$db->sql_freeresult($result);
if ($del_user_id)
if (sizeof($del_user_id))
{
// Delete expired sessions
$sql = 'DELETE FROM ' . SESSIONS_TABLE . "
WHERE session_user_id IN ($del_user_id)
AND session_time < " . ($this->time_now - $config['session_length']);
$sql = 'DELETE FROM ' . SESSIONS_TABLE . '
WHERE ' . $db->sql_in_set('session_user_id', $del_user_id) . '
AND session_time < ' . ($this->time_now - $config['session_length']);
$db->sql_query($sql);
}

2
phpBB/includes/ucp/ucp_groups.php
View file

@ -318,7 +318,7 @@ class ucp_groups
$sql_and = ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? '<> ' . GROUP_SPECIAL : 'NOT IN (' . GROUP_SPECIAL . ', ' . GROUP_HIDDEN . ')';
$sql = 'SELECT group_id, group_name, group_desc, group_desc_uid, group_desc_bitfield, group_desc_options, group_type
FROM ' . GROUPS_TABLE . '
WHERE group_id NOT IN (' . implode(', ', $group_id_ary) . ")
WHERE ' . $db->sql_in_set('group_id', $group_id_ary, true) . ")
AND group_type $sql_and
ORDER BY group_type DESC, group_name";
$result = $db->sql_query($sql);

40
phpBB/includes/ucp/ucp_main.php
View file

@ -65,7 +65,7 @@ class ucp_main
if (sizeof($forum_ary))
{
$sql .= ' AND forum_id NOT IN ( ' . implode(', ', $forum_ary) . ')';
$sql .= ' AND ' . $db->sql_in_set('forum_id', $forum_ary);
}
$result = $db->sql_query_limit($sql, 1);
$g_forum_id = (int) $db->sql_fetchfield('forum_id');
@ -186,27 +186,27 @@ class ucp_main
if ($unwatch)
{
$forums = (isset($_POST['f'])) ? implode(', ', array_map('intval', array_keys($_POST['f']))) : false;
$topics = (isset($_POST['t'])) ? implode(', ', array_map('intval', array_keys($_POST['t']))) : false;
$forums = (isset($_POST['f'])) ? array_map('intval', array_keys($_POST['f'])) : array();
$topics = (isset($_POST['t'])) ? array_map('intval', array_keys($_POST['t'])) : array();
if ($forums || $topics)
if (sizeof($forums) || sizeof($topics))
{
$l_unwatch = '';
if ($forums)
if (sizeof($forums))
{
$sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . "
WHERE forum_id IN ($forums)
AND user_id = " . $user->data['user_id'];
$sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . '
WHERE ' . $db->sql_in_set('forum_id', $forums) . '
AND user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$l_unwatch .= '_FORUMS';
}
if ($topics)
if (sizeof($topics))
{
$sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . "
WHERE topic_id IN ($topics)
AND user_id = " . $user->data['user_id'];
$sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . '
WHERE ' . $db->sql_in_set('topic_id', $topics) . '
AND user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$l_unwatch .= '_TOPICS';
@ -511,7 +511,7 @@ class ucp_main
{
$sql = 'DELETE FROM ' . BOOKMARKS_TABLE . '
WHERE user_id = ' . $user->data['user_id'] . '
AND topic_id IN (' . implode(', ', $topics) . ')';
AND ' . $db->sql_in_set('topic_id', $topics);
$db->sql_query($sql);
// Re-Order bookmarks (possible with one query? This query massaker is not really acceptable...)
@ -620,13 +620,13 @@ class ucp_main
if ($delete)
{
$drafts = (isset($_POST['d'])) ? implode(', ', array_map('intval', array_keys($_POST['d']))) : '';
$drafts = (!empty($_POST['d'])) ? array_map('intval', array_keys($_POST['d'])) : array();
if ($drafts)
if (sizeof($drafts))
{
$sql = 'DELETE FROM ' . DRAFTS_TABLE . "
WHERE draft_id IN ($drafts)
AND user_id = " .$user->data['user_id'];
$sql = 'DELETE FROM ' . DRAFTS_TABLE . '
WHERE ' . $db->sql_in_set('draft_id', $drafts) . '
AND user_id = ' . $user->data['user_id'];
$db->sql_query($sql);
$message = $user->lang['DRAFTS_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>');
@ -634,6 +634,8 @@ class ucp_main
meta_refresh(3, $this->u_action);
trigger_error($message);
}
unset($drafts);
}
if ($submit && $edit)
@ -701,7 +703,7 @@ class ucp_main
{
$sql = 'SELECT topic_id, forum_id, topic_title
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(',', array_unique($topic_ids)) . ')';
WHERE ' . $db->sql_in_set('topic_id', array_unique($topic_ids));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))

6
phpBB/includes/ucp/ucp_pm_compose.php
View file

@ -663,7 +663,7 @@ function compose_pm($id, $mode, $action)
{
$sql = 'SELECT user_id as id, username as name, user_colour as colour
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', array_map('intval', array_keys($address_list['u']))) . ')';
WHERE ' . $db->sql_in_set('user_id', array_map('intval', array_keys($address_list['u'])));
$result['u'] = $db->sql_query($sql);
}
@ -672,7 +672,7 @@ function compose_pm($id, $mode, $action)
$sql = 'SELECT group_id as id, group_name as name, group_colour as colour, group_type
FROM ' . GROUPS_TABLE . '
WHERE group_receive_pm = 1
AND group_id IN (' . implode(', ', array_map('intval', array_keys($address_list['g']))) . ')';
AND ' . $db->sql_in_set('group_id', array_map('intval', array_keys($address_list['g'])));
$result['g'] = $db->sql_query($sql);
}
@ -894,7 +894,7 @@ function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_
{
$sql = 'SELECT user_id
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', $user_id_ary) . ')
WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . '
AND user_allow_pm = 1';
$result = $db->sql_query($sql);

12
phpBB/includes/ucp/ucp_pm_viewfolder.php
View file

@ -133,15 +133,15 @@ function view_folder($id, $mode, $folder_id, $folder)
{
$sql = 'SELECT user_id as id, username as name, user_colour as colour
FROM ' . USERS_TABLE . '
WHERE user_id';
WHERE ';
}
else
{
$sql = 'SELECT group_id as id, group_name as name, group_colour as colour, group_type
FROM ' . GROUPS_TABLE . '
WHERE group_id';
WHERE ';
}
$sql .= ' IN (' . implode(', ', array_map('intval', array_keys($recipient_list[$ug_type]))) . ')';
$sql .= $db->sql_in_set(($ug_type == 'u') ? 'user_id' : 'group_id', array_map('intval', array_keys($recipient_list[$ug_type])));
$result = $db->sql_query($sql);
@ -277,15 +277,15 @@ function view_folder($id, $mode, $folder_id, $folder)
{
$sql = 'SELECT user_id as id, username as name
FROM ' . USERS_TABLE . '
WHERE user_id';
WHERE ';
}
else
{
$sql = 'SELECT group_id as id, group_name as name
FROM ' . GROUPS_TABLE . '
WHERE group_id';
WHERE ';
}
$sql .= ' IN (' . implode(', ', array_map('intval', array_keys($address[$message_id][$ug_type]))) . ')';
$sql .= $db->sql_in_set(($ug_type == 'u') ? 'user_id' : 'group_id', array_map('intval', array_keys($address[$message_id][$ug_type])));
$result = $db->sql_query($sql);

2
phpBB/includes/ucp/ucp_pm_viewmessage.php
View file

@ -134,7 +134,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
{
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
SET download_count = download_count + 1
WHERE attach_id IN (' . implode(', ', array_unique($update_count)) . ')';
WHERE ' . $db->sql_in_set('attach_id', array_unique($update_count));
$db->sql_query($sql);
}
}

8
phpBB/includes/ucp/ucp_profile.php
View file

@ -153,7 +153,7 @@ class ucp_profile
$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', $admin_ary[0]['a_user']) .')';
WHERE ' . $db->sql_in_set('user_id', $admin_ary[0]['a_user']);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -585,7 +585,11 @@ class ucp_profile
// Delete old avatar if present
if ($user->data['user_avatar'] && $filename != $user->data['user_avatar'] && $user->data['user_avatar_type'] != AVATAR_GALLERY)
{
avatar_delete($user->data['user_avatar']);
// Check if the users avatar is actually a group avatar
if (strpos($user->data['user_avatar'], 'g' . $user->data['group_id'] . '_') !== 0 && strpos($user->data['user_avatar'], $user->data['user_id'] . '_') === 0)
{
avatar_delete($user->data['user_avatar']);
}
}
}

6
phpBB/includes/ucp/ucp_register.php
View file

@ -323,7 +323,7 @@ class ucp_register
$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', $admin_ary[0]['a_user']) .')';
WHERE ' . $db->sql_in_set('user_id', $admin_ary[0]['a_user']);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -375,12 +375,12 @@ class ucp_register
$sql_in = array();
do
{
$sql_in[] = "'" . $db->sql_escape($row['session_id']) . "'";
$sql_in[] = (string) $row['session_id'];
}
while ($row = $db->sql_fetchrow($result));
$sql = 'DELETE FROM ' . CONFIRM_TABLE . '
WHERE session_id NOT IN (' . implode(', ', $sql_in) . ')
WHERE ' . $db->sql_in_set('session_id', $sql_in, true) . '
AND confirm_type = ' . CONFIRM_REG;
$db->sql_query($sql);
}

2
phpBB/includes/ucp/ucp_resend.php
View file

@ -105,7 +105,7 @@ class ucp_resend
$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type
FROM ' . USERS_TABLE . '
WHERE user_id IN (' . implode(', ', $admin_ary[0]['a_user']) .')';
WHERE ' . $db->sql_in_set('user_id', $admin_ary[0]['a_user']);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))

8
phpBB/includes/ucp/ucp_zebra.php
View file

@ -97,13 +97,11 @@ class ucp_zebra
unset($friends, $foes, $n);
$data['add'] = implode(', ', preg_replace('#^(.*?)$#', "'$1'", array_map(array(&$db, 'sql_escape'), $data['add'])));
if ($data['add'])
if (sizeof($data['add']))
{
$sql = 'SELECT user_id, user_type
FROM ' . USERS_TABLE . '
WHERE LOWER(username) IN (' . $data['add'] . ')
WHERE ' . $db->sql_in_set('LOWER(username)', $data['add']) . '
AND user_type <> ' . USER_INACTIVE;
$result = $db->sql_query($sql);
@ -197,7 +195,7 @@ class ucp_zebra
$sql = 'DELETE FROM ' . ZEBRA_TABLE . '
WHERE user_id = ' . $user->data['user_id'] . '
AND zebra_id IN (' . implode(', ', $data['usernames']) . ')';
AND ' . $db->sql_in_set('zebra_id', $data['usernames']);
$db->sql_query($sql);
}

2
phpBB/language/en/install.php
View file

@ -187,7 +187,7 @@ $lang = array_merge($lang, array(
'NO_LOCATION' => 'Cannot determine location. If you know Imagemagick is installed, you may specify the location later within your Administration Panel',
'NO_TABLES_FOUND' => 'No tables found.',
// TODO: Write some explanatory introduction text
'OVERVIEW_BODY' => 'Welcome to our first public beta of the next-generation of phpBB after 2.0.x, phpBB 3.0! This beta release is intended for advanced users to try out on dedicated development enviroments to help us finish creating the best Opensource Bulletin Board solution available.</p><p><strong style="text-transform: uppercase;">Note:</strong> This release is <strong style="text-transform: uppercase;">not final</strong> and made available for testing purposes <strong style="text-transform: uppercase;">only</strong>.</p><p>This installation system will guide you through the process of installing phpBB, converting from a different software package or updating to the latest version of phpBB. For more information on each option, select it from the menu above.',
'OVERVIEW_BODY' => 'Welcome to our public beta of the next-generation of phpBB after 2.0.x, phpBB 3.0! This beta release is intended for advanced users to try out on dedicated development enviroments to help us finish creating the best Opensource Bulletin Board solution available.</p><p><strong style="text-transform: uppercase;">Note:</strong> This release is <strong style="text-transform: uppercase;">not final</strong> and made available for testing purposes <strong style="text-transform: uppercase;">only</strong>.</p><p>This installation system will guide you through the process of installing phpBB, converting from a different software package or updating to the latest version of phpBB. For more information on each option, select it from the menu above.',
'PHP_OPTIONAL_MODULE' => 'Optional Modules',
'PHP_OPTIONAL_MODULE_EXPLAIN' => '<strong>Optional</strong> - These modules or applications are optional, you do not need these to use phpBB 3.0. However if you do have them they will will enable greater functionality.',
'PHP_SUPPORTED_DB' => 'Supported Databases',

23
phpBB/mcp.php
View file

@ -273,7 +273,7 @@ function get_topic_data($topic_ids, $acl_list = false)
$sql = 'SELECT f.*, t.*
FROM ' . TOPICS_TABLE . ' t
LEFT JOIN ' . FORUMS_TABLE . ' f ON t.forum_id = f.forum_id
WHERE t.topic_id IN (' . implode(', ', $topic_ids) . ')';
WHERE ' . $db->sql_in_set('t.topic_id', $topic_ids);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -337,7 +337,7 @@ function get_post_data($post_ids, $acl_list = false)
)
),
'WHERE' => 'p.post_id IN (' . implode(', ', $post_ids) . ')
'WHERE' => $db->sql_in_set('p.post_id', $post_ids) . '
AND u.user_id = p.poster_id
AND t.topic_id = p.topic_id',
));
@ -378,6 +378,11 @@ function get_forum_data($forum_id, $acl_list = 'f_list')
$rowset = array();
if (!is_array($forum_id))
{
$forum_id = array($forum_id);
}
if (!sizeof($forum_id))
{
return array();
@ -385,7 +390,7 @@ function get_forum_data($forum_id, $acl_list = 'f_list')
$sql = 'SELECT *
FROM ' . FORUMS_TABLE . '
WHERE forum_id ' . ((is_array($forum_id)) ? 'IN (' . implode(', ', $forum_id) . ')' : "= $forum_id");
WHERE ' . $db->sql_in_set('forum_id', $forum_id);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@ -462,7 +467,7 @@ function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql,
$sql = 'SELECT COUNT(post_id) AS total
FROM ' . POSTS_TABLE . "
$where_sql forum_id IN (" . (($forum_id) ? $forum_id : implode(', ', get_forum_list('m_approve'))) . ')
$where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : get_forum_list('m_approve')) . '
AND post_approved = 0
AND post_time >= ' . $min_time;
break;
@ -474,7 +479,7 @@ function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql,
$sql = 'SELECT COUNT(topic_id) AS total
FROM ' . TOPICS_TABLE . "
$where_sql forum_id IN (" . (($forum_id) ? $forum_id : implode(', ', get_forum_list('m_approve'))) . ')
$where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : get_forum_list('m_approve')) . '
AND topic_approved = 0
AND topic_time >= ' . $min_time;
break;
@ -496,7 +501,7 @@ function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql,
}
else
{
$where_sql .= ' p.forum_id IN (' . implode(', ', get_forum_list('m_report')) . ')';
$where_sql .= ' ' . $db->sql_in_set('p.forum_id', get_forum_list('m_report'));
}
if ($mode == 'reports')
@ -522,7 +527,7 @@ function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql,
$sql = 'SELECT COUNT(log_id) AS total
FROM ' . LOG_TABLE . "
$where_sql forum_id IN (" . (($forum_id) ? $forum_id : implode(', ', get_forum_list('m_'))) . ')
$where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : get_forum_list('m_')) . '
AND log_time >= ' . $min_time . '
AND log_type = ' . LOG_MOD;
break;
@ -626,7 +631,7 @@ function check_ids(&$ids, $table, $sql_id, $acl_list = false)
WHERE forum_type = ' . FORUM_POST;
if (sizeof($forum_ary))
{
$sql .= ' AND forum_id NOT IN ( ' . implode(', ', $forum_ary) . ')';
$sql .= ' AND ' . $db->sql_in_set('forum_id', $forum_ary, true);
}
$result = $db->sql_query_limit($sql, 1);
@ -645,7 +650,7 @@ function check_ids(&$ids, $table, $sql_id, $acl_list = false)
}
$sql = "SELECT $sql_id FROM $table
WHERE $sql_id IN (" . implode(', ', $ids) . ")
WHERE " . $db->sql_in_set($sql_id, $ids) . "
AND (forum_id = $forum_id OR forum_id = 0)";
$result = $db->sql_query($sql);

8
phpBB/memberlist.php
View file

@ -136,7 +136,7 @@ switch ($mode)
)
),
'WHERE' => 'u.user_id IN (' . implode(', ', array_unique(array_merge($admin_id_ary, $mod_id_ary))) . ')
'WHERE' => $db->sql_in_set('u.user_id', array_unique(array_merge($admin_id_ary, $mod_id_ary))) . '
AND u.group_id = g.group_id',
'ORDER_BY' => 'g.group_name ASC, u.username ASC'
@ -878,7 +878,7 @@ switch ($mode)
if ($ips === false)
{
// A minor fudge but it does the job :D
$sql_where .= " AND u.user_id IN ('-1')";
$sql_where .= " AND u.user_id = 0";
}
else
{
@ -899,12 +899,12 @@ switch ($mode)
}
while ($row = $db->sql_fetchrow($result));
$sql_where .= ' AND u.user_id IN (' . implode(', ', $ip_sql) . ')';
$sql_where .= ' AND ' . $db->sql_in_set('u.user_id', $ip_sql);
}
else
{
// A minor fudge but it does the job :D
$sql_where .= " AND u.user_id IN ('-1')";
$sql_where .= " AND u.user_id = 0";
}
unset($ip_forums);

20
phpBB/search.php
View file

@ -89,7 +89,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
// Which forums should not be searched?
$ex_fid_ary = array_unique(array_merge(array_keys($auth->acl_getf('!f_read', true)), array_keys($auth->acl_getf('!f_search', true))));
$not_in_fid = (sizeof($ex_fid_ary)) ? 'WHERE f.forum_id NOT IN (' . implode(', ', $ex_fid_ary) . ") OR (f.forum_password <> '' AND fa.user_id <> " . (int) $user->data['user_id'] . ')' : "";
$not_in_fid = (sizeof($ex_fid_ary)) ? 'WHERE ' . $db->sql_in_set('f.forum_id', $ex_fid_ary, true) . " OR (f.forum_password <> '' AND fa.user_id <> " . (int) $user->data['user_id'] . ')' : "";
$sql = 'SELECT f.forum_id, f.forum_name, f.parent_id, f.forum_type, f.right_id, f.forum_password, fa.user_id
FROM ' . FORUMS_TABLE . ' f
@ -141,7 +141,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
else if ($auth->acl_getf_global('m_approve'))
{
$m_approve_fid_ary = array_diff(array_keys($auth->acl_getf('!m_approve', true)), $ex_fid_ary);
$m_approve_fid_sql = ' AND (p.post_approved = 1' . ((sizeof($m_approve_fid_ary)) ? ' OR p.forum_id NOT IN (' . implode(', ', $m_approve_fid_ary) . ')' : '') . ')';
$m_approve_fid_sql = ' AND (p.post_approved = 1' . ((sizeof($m_approve_fid_ary)) ? ' OR ' . $db->sql_in_set('p.forum_id', $m_approve_fid_ary, true) : '') . ')';
}
else
{
@ -276,7 +276,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
AND t.topic_approved = 1
AND p.topic_id = t.topic_id
$m_approve_fid_sql
" . ((sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '') . '
" . ((sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '') . '
ORDER BY t.topic_last_post_time DESC';
$field = 'topic_id';
break;
@ -304,7 +304,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
WHERE t.topic_replies = 0
AND p.topic_id = t.topic_id
$m_approve_fid_sql
" . ((sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '') . "
" . ((sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '') . "
$sql_sort";
$field = 'post_id';
}
@ -315,7 +315,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
WHERE t.topic_replies = 0
AND p.topic_id = t.topic_id
$m_approve_fid_sql
" . ((sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '') . "
" . ((sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '') . "
$sql_sort";
$field = 'topic_id';
}
@ -342,7 +342,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
FROM ' . POSTS_TABLE . ' p
WHERE p.post_time > ' . $user->data['user_lastvisit'] . "
$m_approve_fid_sql
" . ((sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '') . "
" . ((sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '') . "
$sql_sort";
$field = 'post_id';
}
@ -352,7 +352,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
FROM ' . TOPICS_TABLE . ' t
WHERE t.topic_last_post_time > ' . $user->data['user_lastvisit'] . '
' . str_replace(array('p.', 'post_'), array('t.', 'topic_'), $m_approve_fid_sql) . '
' . ((sizeof($ex_fid_ary)) ? 'AND t.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '') . "
' . ((sizeof($ex_fid_ary)) ? 'AND ' . $db->sql_in_set('t.forum_id', $ex_fid_ary, true) : '') . "
$sql_sort";
$field = 'topic_id';
}
@ -404,8 +404,8 @@ if ($keywords || $author || $author_id || $search_id || $submit)
trigger_error($user->lang['NO_SEARCH_RESULTS']);
}
$sql_where = (($show_results == 'posts') ? 'p.post_id' : 't.topic_id') . ' IN (' . implode(', ', $id_ary) . ')';
$sql_where .= (sizeof($ex_fid_ary)) ? ' AND (f.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ') OR f.forum_id IS NULL)' : '';
$sql_where = $db->sql_in_set(($show_results == 'posts') ? 'p.post_id' : 't.topic_id', $id_ary);
$sql_where .= (sizeof($ex_fid_ary)) ? ' AND (' . $db->sql_in_set('f.forum_id', $ex_fid_ary, true) . ' OR f.forum_id IS NULL)' : '';
$sql_where .= ($show_results == 'posts') ? $m_approve_fid_sql : str_replace(array('p.post_approved', 'p.forum_id'), array('t.topic_approved', 't.forum_id'), $m_approve_fid_sql);
if ($show_results == 'posts')
@ -616,7 +616,7 @@ if ($keywords || $author || $author_id || $search_id || $submit)
if (sizeof($forum_ary))
{
$sql .= ' AND forum_id NOT IN ( ' . implode(', ', $forum_ary) . ')';
$sql .= ' AND ' . $db->sql_in_set('forum_id', $forum_ary, true);
}
$result = $db->sql_query_limit($sql, 1);

4
phpBB/viewforum.php
View file

@ -371,7 +371,7 @@ $sql_array = array(
'FROM' => $sql_array['FROM'],
'LEFT_JOIN' => $sql_array['LEFT_JOIN'],
'WHERE' => (($forum_data['forum_type'] == FORUM_POST || !sizeof($active_forum_ary)) ? 't.forum_id = ' . $forum_id : 't.forum_id IN (' . implode(', ', $active_forum_ary['forum_id']) . ')') . '
'WHERE' => (($forum_data['forum_type'] == FORUM_POST || !sizeof($active_forum_ary)) ? 't.forum_id = ' . $forum_id : $db->sql_in_set('t.forum_id', $active_forum_ary['forum_id'])) . '
AND t.topic_type NOT IN (' . POST_ANNOUNCE . ', ' . POST_GLOBAL . ")
$sql_approved
$sql_limit_time",
@ -399,7 +399,7 @@ if (sizeof($shadow_topic_list))
{
$sql = 'SELECT *
FROM ' . TOPICS_TABLE . '
WHERE topic_id IN (' . implode(', ', array_keys($shadow_topic_list)) . ')';
WHERE ' . $db->sql_in_set('topic_id', array_keys($shadow_topic_list));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))

14
phpBB/viewtopic.php
View file

@ -848,7 +848,7 @@ $sql = $db->sql_build_query('SELECT', array(
)
),
'WHERE' => 'p.post_id IN (' . implode(', ', $post_list) . ')
'WHERE' => $db->sql_in_set('p.post_id', $post_list) . '
AND u.user_id = p.poster_id'
));
@ -1113,7 +1113,7 @@ if ($config['load_onlinetrack'] && sizeof($id_cache))
{
$sql = 'SELECT session_user_id, MAX(session_time) as online_time, MIN(session_viewonline) AS viewonline
FROM ' . SESSIONS_TABLE . '
WHERE session_user_id IN (' . implode(', ', $id_cache) . ')
WHERE ' . $db->sql_in_set('session_user_id', $id_cache) . '
GROUP BY session_user_id';
$result = $db->sql_query($sql);
@ -1133,7 +1133,7 @@ if (sizeof($attach_list))
{
$sql = 'SELECT *
FROM ' . ATTACHMENTS_TABLE . '
WHERE post_msg_id IN (' . implode(', ', $attach_list) . ')
WHERE ' . $db->sql_in_set('post_msg_id', $attach_list) . '
AND in_message = 0
ORDER BY filetime ' . ((!$config['display_order']) ? 'DESC' : 'ASC') . ', post_msg_id ASC';
$result = $db->sql_query($sql);
@ -1149,7 +1149,7 @@ if (sizeof($attach_list))
{
$sql = 'UPDATE ' . POSTS_TABLE . '
SET post_attachment = 0
WHERE post_id IN (' . implode(', ', $attach_list) . ')';
WHERE ' . $db->sql_in_set('post_id', $attach_list);
$db->sql_query($sql);
// We need to update the topic indicator too if the complete topic is now without an attachment
@ -1295,10 +1295,10 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i)
$sql = 'SELECT DISTINCT u.user_id, u.username, u.user_colour
FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u
WHERE p.post_id IN (' . implode(', ', $post_storage_list) . ")
WHERE ' . $db->sql_in_set('p.post_id', $post_storage_list) . '
AND p.post_edit_count <> 0
AND p.post_edit_user <> 0
AND p.post_edit_user = u.user_id";
AND p.post_edit_user = u.user_id';
$result2 = $db->sql_query($sql);
while ($user_edit_row = $db->sql_fetchrow($result2))
{
@ -1477,7 +1477,7 @@ if (isset($user->data['session_page']) && strpos($user->data['session_page'], '&
{
$sql = 'UPDATE ' . ATTACHMENTS_TABLE . '
SET download_count = download_count + 1
WHERE attach_id IN (' . implode(', ', array_unique($update_count)) . ')';
WHERE ' . $db->sql_in_set('attach_id', array_unique($update_count));
$db->sql_query($sql);
}
}