From 3e77f3f56b53c9733f27408d1c31b5c2c29b3a39 Mon Sep 17 00:00:00 2001
From: Robin Appelman <icewind1991@gmail.com>
Date: Tue, 28 Sep 2010 23:06:29 +0200
Subject: [PATCH] fix sqlite compatibility for webdav server
---
inc/HTTP/WebDAV/Server/Filesystem.php | 38 ++++++++++++++++-----------
1 file changed, 22 insertions(+), 16 deletions(-)
diff --git a/inc/HTTP/WebDAV/Server/Filesystem.php b/inc/HTTP/WebDAV/Server/Filesystem.php
index ea0625a5a1..30c19fd29a 100644
--- a/inc/HTTP/WebDAV/Server/Filesystem.php
+++ b/inc/HTTP/WebDAV/Server/Filesystem.php
@@ -512,15 +512,17 @@
}
$destpath = $this->_unslashify($options["dest"]);
if (is_dir($source)) {
+ $dpath=OC_DB::escape($destpath);
+ $path=OC_DB::escape($options["path"]);
$query = "UPDATE {$CONFIG_DBTABLEPREFIX}properties
- SET path = REPLACE(path, '".$options["path"]."', '".$destpath."')
- WHERE path LIKE '".$this->_slashify($options["path"])."%'";
+ SET path = REPLACE(path, '$path', '$dpath')
+ WHERE path LIKE '$path%'";
OC_DB::query($query);
}
$query = "UPDATE {$CONFIG_DBTABLEPREFIX}properties
- SET path = '".$destpath."'
- WHERE path = '".$options["path"]."'";
+ SET path = '$dpath'
+ WHERE path = '$path'";
OC_DB::query($query);
} else {
if (OC_FILESYSTEM::is_dir($source)) {
@@ -553,7 +555,7 @@
}
} else {
if (!OC_FILESYSTEM::copy($file, $destfile)) {
- return "409 Conflict";
+ return "409 Conflict($source) $file --> $destfile ".implode('::',$files);
}
}
}
@@ -581,10 +583,14 @@
if ($prop["ns"] == "DAV:") {
$options["props"][$key]['status'] = "403 Forbidden";
} else {
+ $path=OC_DB::escape($options['path']);
+ $name=OC_DB::escape($prop['name']);
+ $ns=OC_DB::escape($prop['ns']);
+ $val=OC_DB::escape($prop['val']);
if (isset($prop["val"])) {
- $query = "REPLACE INTO {$CONFIG_DBTABLEPREFIX}properties SET path = '$options[path]', name = '$prop[name]', ns= '$prop[ns]', value = '$prop[val]'";
+ $query = "REPLACE INTO {$CONFIG_DBTABLEPREFIX}properties (path,name,ns,value) VALUES('$path','$name','$ns','$val')";
} else {
- $query = "DELETE FROM {$CONFIG_DBTABLEPREFIX}properties WHERE path = '$options[path]' AND name = '$prop[name]' AND ns = '$prop[ns]'";
+ $query = "DELETE FROM {$CONFIG_DBTABLEPREFIX}properties WHERE path = '$path' AND name = '$name' AND ns = '$ns'";
}
OC_DB::query($query);
}
@@ -659,15 +665,15 @@
}
}
- $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}locks`
- SET `token` = '$options[locktoken]'
- , `path` = '$options[path]'
- , `created` = ".time()."
- , `modified` = ".time()."
- , `owner` = '$options[owner]'
- , `expires` = '$options[timeout]'
- , `exclusivelock` = " .($options['scope'] === "exclusive" ? "1" : "0")."
- , `recursive` = $recursion";
+ $locktoken=OC_DB::escape($options['locktoken']);
+ $path=OC_DB::escape($options['path']);
+ $time=time();
+ $owner=OC_DB::escape($options['owner']);
+ $timeout=OC_DB::escape($options['timeout']);
+ $exclusive=($options['scope'] === "exclusive" ? "1" : "0");
+ $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}locks`
+(`token`,`path`,`created`,`modified`,`owner`,`expires`,`exclusivelock`,`recursive`)
+VALUES ('$locktoken','$path',$time,$time,'$owner','timeout',$exclusive,$recursion)";
OC_DB::query($query);
$rows=OC_DB::affected_rows();
if(!OC_FILESYSTEM::file_exists($fspath) and $rows>0) {
--
GitLab