diff options
49 files changed, 550 insertions, 631 deletions
diff --git a/phpBB/develop/create_schema_files.php b/phpBB/develop/create_schema_files.php index a853d8a032..bab008436f 100644 --- a/phpBB/develop/create_schema_files.php +++ b/phpBB/develop/create_schema_files.php @@ -182,7 +182,7 @@ foreach ($supported_dbms as $dbms) case 'sqlite': $line = "#\n# SQLite Schema for phpBB 3.x - (c) phpBB Group, 2005\n#\n# \$I" . "d: $\n#\n\n"; - $line .= "BEGIN TRANSACTION;;\n\n"; + $line .= "BEGIN TRANSACTION;\n\n"; break; case 'mssql': @@ -477,7 +477,7 @@ foreach ($supported_dbms as $dbms) case 'sqlite': // Remove last line delimiter... $line = substr($line, 0, -2); - $line .= "\n);;\n\n"; + $line .= "\n);\n\n"; break; } @@ -529,7 +529,7 @@ foreach ($supported_dbms as $dbms) $line .= ($key_data[0] == 'INDEX') ? 'CREATE INDEX' : ''; $line .= ($key_data[0] == 'UNIQUE') ? 'CREATE UNIQUE INDEX' : ''; - $line .= " {$table_name}_{$key_name} ON {$table_name} (" . implode(', ', $key_data[1]) . ");;\n"; + $line .= " {$table_name}_{$key_name} ON {$table_name} (" . implode(', ', $key_data[1]) . ");\n"; break; case 'postgres': @@ -588,86 +588,12 @@ foreach ($supported_dbms as $dbms) // Write custom function at the end for some db's switch ($dbms) { - case 'firebird': - $line = <<<EOF -# Trigger for phpbb_forums bitfields -CREATE TRIGGER t_phpbb_forums_desc_bitf FOR phpbb_forums -ACTIVE BEFORE INSERT OR UPDATE POSITION 0 -AS -BEGIN - IF (NEW.forum_desc_bitfield is null) THEN - NEW.forum_desc_bitfield = ASCII_CHAR(0); -END;; - -CREATE TRIGGER t_phpbb_forums_rules_bitf FOR phpbb_forums -ACTIVE BEFORE INSERT OR UPDATE POSITION 0 -AS -BEGIN - IF (NEW.forum_rules_bitfield is null) THEN - NEW.forum_rules_bitfield = ASCII_CHAR(0); -END;; - -# Trigger for phpbb_groups bitfields -CREATE TRIGGER t_phpbb_groups_bitf FOR phpbb_groups -ACTIVE BEFORE INSERT OR UPDATE POSITION 0 -AS -BEGIN - IF (NEW.group_desc_bitfield is null) THEN - NEW.group_desc_bitfield = ASCII_CHAR(0); -END;; - -# Trigger for phpbb_posts bitfields -CREATE TRIGGER t_phpbb_posts_bitf FOR phpbb_posts -ACTIVE BEFORE INSERT OR UPDATE POSITION 0 -AS -BEGIN - IF (NEW.bbcode_bitfield is null) THEN - NEW.bbcode_bitfield = ASCII_CHAR(0); -END;; - -# Trigger for phpbb_privmsgs bitfields -CREATE TRIGGER t_phpbb_privmsgs_bitf FOR phpbb_privmsgs -ACTIVE BEFORE INSERT OR UPDATE POSITION 0 -AS -BEGIN - IF (NEW.bbcode_bitfield is null) THEN - NEW.bbcode_bitfield = ASCII_CHAR(0); -END;; - -# Trigger for phpbb_styles_template bitfields -CREATE TRIGGER t_phpbb_styles_template_bitf FOR phpbb_styles_template -ACTIVE BEFORE INSERT OR UPDATE POSITION 0 -AS -BEGIN - IF (NEW.bbcode_bitfield is null) THEN - NEW.bbcode_bitfield = ASCII_CHAR(144) || ASCII_CHAR(216); -END;; - -# Trigger for phpbb_users bitfields -CREATE TRIGGER t_phpbb_users_bitf FOR phpbb_users -ACTIVE BEFORE INSERT OR UPDATE POSITION 0 -AS -BEGIN - IF (NEW.user_sig_bbcode_bitfield is null) THEN - NEW.user_sig_bbcode_bitfield = ASCII_CHAR(0); -END;; -EOF; - break; - case 'mssql': $line = "\nCOMMIT\nGO\n\n"; break; case 'sqlite': - $line = ' -CREATE TRIGGER "t_phpbb_styles_template" -AFTER INSERT ON "phpbb_styles_template" -FOR EACH ROW WHEN NEW.bbcode_bitfield = \'\' -BEGIN - UPDATE phpbb_styles_template SET bbcode_bitfield = binary_insert(1) WHERE template_id = NEW.template_id; -END;; - -COMMIT;;'; + $line = "\nCOMMIT;"; break; case 'postgres': @@ -955,7 +881,7 @@ function get_schema_struct() 'forum_parents' => array('MTEXT', ''), 'forum_name' => array('STEXT', ''), 'forum_desc' => array('TEXT', ''), - 'forum_desc_bitfield' => array('VARBINARY', array('default' => '', 'mssql' => '0x', 'postgres' => '\000')), + 'forum_desc_bitfield' => array('VCHAR:252', ''), 'forum_desc_options' => array('UINT:11', 0), 'forum_desc_uid' => array('VCHAR:5', ''), 'forum_link' => array('VCHAR', ''), @@ -964,7 +890,7 @@ function get_schema_struct() 'forum_image' => array('VCHAR', ''), 'forum_rules' => array('TEXT', ''), 'forum_rules_link' => array('VCHAR', ''), - 'forum_rules_bitfield' => array('VARBINARY', array('default' => '', 'mssql' => '0x', 'postgres' => '\000')), + 'forum_rules_bitfield' => array('VCHAR:252', ''), 'forum_rules_options' => array('UINT:11', 0), 'forum_rules_uid' => array('VCHAR:5', ''), 'forum_topics_per_page' => array('TINT:4', 0), @@ -1031,7 +957,7 @@ function get_schema_struct() 'group_type' => array('TINT:4', 1), 'group_name' => array('VCHAR_CI', ''), 'group_desc' => array('TEXT', ''), - 'group_desc_bitfield' => array('VARBINARY', array('default' => '', 'mssql' => '0x', 'postgres' => '\000')), + 'group_desc_bitfield' => array('VCHAR:252', ''), 'group_desc_options' => array('UINT:11', 0), 'group_desc_uid' => array('VCHAR:5', ''), 'group_display' => array('BOOL', 0), @@ -1190,7 +1116,7 @@ function get_schema_struct() 'post_checksum' => array('VCHAR:32', ''), 'post_encoding' => array('VCHAR:20', 'iso-8859-1'), 'post_attachment' => array('BOOL', 0), - 'bbcode_bitfield' => array('VARBINARY', array('default' => '', 'mssql' => '0x', 'postgres' => '\000')), + 'bbcode_bitfield' => array('VCHAR:252', ''), 'bbcode_uid' => array('VCHAR:5', ''), 'post_postcount' => array('BOOL', 1), 'post_edit_time' => array('TIMESTAMP', 0), @@ -1229,7 +1155,7 @@ function get_schema_struct() 'message_edit_user' => array('UINT', 0), 'message_encoding' => array('VCHAR:20', 'iso-8859-1'), 'message_attachment' => array('BOOL', 0), - 'bbcode_bitfield' => array('VARBINARY', array('default' => '', 'mssql' => '0x', 'postgres' => '\000')), + 'bbcode_bitfield' => array('VCHAR:252', ''), 'bbcode_uid' => array('VCHAR:5', ''), 'message_edit_time' => array('TIMESTAMP', 0), 'message_edit_count' => array('USINT', 0), @@ -1506,7 +1432,7 @@ function get_schema_struct() 'template_name' => array('VCHAR:252', ''), 'template_copyright' => array('VCHAR', ''), 'template_path' => array('VCHAR:100', ''), - 'bbcode_bitfield' => array('VARBINARY', array('default' => '', 'mysql' => '0x90D8', 'mssql' => '0x90D8', 'oracle' => '90D8', 'postgres' => '\220\330')), + 'bbcode_bitfield' => array('VCHAR:252', 'kNg='), 'template_storedb' => array('BOOL', 0), ), 'PRIMARY_KEY' => 'template_id', @@ -1818,7 +1744,7 @@ function get_schema_struct() 'user_avatar_height' => array('TINT:4', 0), 'user_sig' => array('MTEXT', ''), 'user_sig_bbcode_uid' => array('VCHAR:5', ''), - 'user_sig_bbcode_bitfield' => array('VARBINARY', array('default' => '', 'mssql' => '0x', 'postgres' => '\000')), + 'user_sig_bbcode_bitfield' => array('VCHAR:252', ''), 'user_from' => array('VCHAR:100', ''), 'user_icq' => array('VCHAR:15', ''), 'user_aim' => array('VCHAR', ''), diff --git a/phpBB/download.php b/phpBB/download.php index 97692bf441..86cfed7292 100644 --- a/phpBB/download.php +++ b/phpBB/download.php @@ -19,9 +19,6 @@ include($phpbb_root_path . 'common.' . $phpEx); $download_id = request_var('id', 0); $thumbnail = request_var('t', false); -// Disable browser check for downloads -$config['browser_check'] = false; - // Start session management, do not update session page. $user->session_begin(false); $auth->acl($user->data); diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php index 257edf57e8..4ddcc10d1a 100644 --- a/phpBB/includes/acp/acp_attachments.php +++ b/phpBB/includes/acp/acp_attachments.php @@ -294,7 +294,7 @@ class acp_attachments { $sql = 'SELECT extension FROM ' . EXTENSIONS_TABLE . ' - WHERE extension_id IN (' . implode(', ', $extension_id_list) . ')'; + WHERE ' . $db->sql_in_set('extension_id', $extension_id_list); $result = $db->sql_query($sql); $extension_list = ''; @@ -306,7 +306,7 @@ class acp_attachments $sql = 'DELETE FROM ' . EXTENSIONS_TABLE . ' - WHERE extension_id IN (' . implode(', ', $extension_id_list) . ')'; + WHERE ' . $db->sql_in_set('extension_id', $extension_id_list); $db->sql_query($sql); add_log('admin', 'LOG_ATTACH_EXT_DEL', $extension_list); @@ -508,7 +508,7 @@ class acp_attachments { $sql = 'UPDATE ' . EXTENSIONS_TABLE . " SET group_id = $group_id - WHERE extension_id IN (" . implode(', ', $extension_list) . ")"; + WHERE " . $db->sql_in_set('extension_id', $extension_list); $db->sql_query($sql); } @@ -865,7 +865,7 @@ class acp_attachments $sql = 'SELECT forum_id, topic_id, post_id FROM ' . POSTS_TABLE . ' - WHERE post_id IN (' . implode(', ', array_keys($upload_list)) . ')'; + WHERE ' . $db->sql_in_set('post_id', array_keys($upload_list)); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -1373,16 +1373,16 @@ class acp_attachments } else if (isset($_POST['unsecuresubmit'])) { - $unip_sql = implode(', ', array_map('intval', $_POST['unip'])); + $unip_sql = array_map('intval', $_POST['unip']); - if ($unip_sql != '') + if (sizeof($unip_sql)) { $l_unip_list = ''; - + // Grab details of ips for logging information later $sql = 'SELECT site_ip, site_hostname - FROM ' . SITELIST_TABLE . " - WHERE site_id IN ($unip_sql)"; + FROM ' . SITELIST_TABLE . ' + WHERE ' . $db->sql_in_set('site_id', $unip_sql); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -1391,8 +1391,8 @@ class acp_attachments } $db->sql_freeresult($result); - $sql = 'DELETE FROM ' . SITELIST_TABLE . " - WHERE site_id IN ($unip_sql)"; + $sql = 'DELETE FROM ' . SITELIST_TABLE . ' + WHERE ' . $db->sql_in_set('site_id', $unip_sql); $db->sql_query($sql); add_log('admin', 'LOG_DOWNLOAD_REMOVE_IP', $l_unip_list); diff --git a/phpBB/includes/acp/acp_bots.php b/phpBB/includes/acp/acp_bots.php index a57283e3ea..f24a6b7b12 100644 --- a/phpBB/includes/acp/acp_bots.php +++ b/phpBB/includes/acp/acp_bots.php @@ -96,7 +96,7 @@ class acp_bots foreach ($_tables as $table) { $sql = "DELETE FROM $table - WHERE user_id IN (" . implode(', ', $user_id_ary) . ')'; + WHERE " . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); } diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php index f6f6e0de9d..c20640bd54 100644 --- a/phpBB/includes/acp/acp_email.php +++ b/phpBB/includes/acp/acp_email.php @@ -55,13 +55,11 @@ class acp_email { if ($usernames) { - $usernames = implode(', ', preg_replace('#^[\s]*?(.*?)[\s]*?$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", explode("\n", $usernames))); - $sql = 'SELECT username, user_email, user_jabber, user_notify_type, user_lang - FROM ' . USERS_TABLE . " - WHERE username IN ($usernames) + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('username', explode("\n", $usernames)) . ' AND user_allow_massemail = 1 - ORDER BY user_lang, user_notify_type"; // , SUBSTRING(user_email FROM INSTR(user_email, '@')) + ORDER BY user_lang, user_notify_type'; // , SUBSTRING(user_email FROM INSTR(user_email, '@')) } else { diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php index 414dc08913..5964a285e7 100644 --- a/phpBB/includes/acp/acp_forums.php +++ b/phpBB/includes/acp/acp_forums.php @@ -971,14 +971,14 @@ class acp_forums $sql = 'UPDATE ' . FORUMS_TABLE . " SET right_id = right_id + $diff, forum_parents = '' WHERE " . $to_data['right_id'] . ' BETWEEN left_id AND right_id - AND forum_id NOT IN (' . implode(', ', $moved_ids) . ')'; + AND ' . $db->sql_in_set('forum_id', $moved_ids, true); $db->sql_query($sql); // Resync the righthand side of the tree $sql = 'UPDATE ' . FORUMS_TABLE . " SET left_id = left_id + $diff, right_id = right_id + $diff, forum_parents = '' WHERE left_id > " . $to_data['right_id'] . ' - AND forum_id NOT IN (' . implode(', ', $moved_ids) . ')'; + AND ' . $db->sql_in_set('forum_id', $moved_ids, true); $db->sql_query($sql); // Resync moved branch @@ -997,7 +997,7 @@ class acp_forums { $sql = 'SELECT MAX(right_id) AS right_id FROM ' . FORUMS_TABLE . ' - WHERE forum_id NOT IN (' . implode(', ', $moved_ids) . ')'; + WHERE ' . $db->sql_in_set('forum_id', $moved_ids, true); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -1007,7 +1007,7 @@ class acp_forums $sql = 'UPDATE ' . FORUMS_TABLE . " SET left_id = left_id $diff, right_id = right_id $diff, forum_parents = '' - WHERE forum_id IN (" . implode(', ', $moved_ids) . ')'; + WHERE " . $db->sql_in_set('forum_id', $moved_ids); $db->sql_query($sql); } @@ -1119,7 +1119,7 @@ class acp_forums $diff = sizeof($forum_ids) * 2; $sql = 'DELETE FROM ' . FORUMS_TABLE . ' - WHERE forum_id IN (' . implode(', ', $forum_ids) . ')'; + WHERE ' . $db->sql_in_set('forum_id', $forum_ids); $db->sql_query($sql); } else if ($action_subforums == 'move') @@ -1362,11 +1362,10 @@ class acp_forums if (sizeof($ids)) { $start += sizeof($ids); - $id_list = implode(', ', $ids); foreach ($tables as $table) { - $db->sql_query("DELETE FROM $table WHERE $field IN ($id_list)"); + $db->sql_query("DELETE FROM $table WHERE " . $db->sql_in_set($field, $id_list)); } } } diff --git a/phpBB/includes/acp/acp_logs.php b/phpBB/includes/acp/acp_logs.php index 666ff208ba..d233d7c885 100644 --- a/phpBB/includes/acp/acp_logs.php +++ b/phpBB/includes/acp/acp_logs.php @@ -42,14 +42,15 @@ class acp_logs if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) { $where_sql = ''; - if ($deletemark && $marked) + + if ($deletemark && sizeof($marked)) { $sql_in = array(); foreach ($marked as $mark) { $sql_in[] = $mark; } - $where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')'; + $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in); unset($sql_in); } diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index 4aedb63df6..81c265581b 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -21,9 +21,9 @@ class acp_main global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix; $action = request_var('action', ''); - $mark = (isset($_REQUEST['mark'])) ? implode(', ', request_var('mark', array(0))) : ''; + $mark = (isset($_REQUEST['mark'])) ? request_var('mark', array(0)) : array(); - if ($mark) + if (sizeof($mark)) { switch ($action) { @@ -36,8 +36,8 @@ class acp_main } $sql = 'SELECT username - FROM ' . USERS_TABLE . " - WHERE user_id IN ($mark)"; + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('user_id', $mark); $result = $db->sql_query($sql); $user_affected = array(); @@ -50,14 +50,13 @@ class acp_main if ($action == 'activate') { include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx); - $mark_ary = explode(', ', $mark); - foreach ($mark_ary as $user_id) + foreach ($mark as $user_id) { user_active_flip($user_id, USER_INACTIVE); } - set_config('num_users', $config['num_users'] + sizeof($mark_ary), true); + set_config('num_users', $config['num_users'] + sizeof($mark), true); // Update latest username update_last_username(); @@ -69,9 +68,9 @@ class acp_main trigger_error($user->lang['NO_ADMIN']); } - $sql = 'DELETE FROM ' . USER_GROUP_TABLE . " WHERE user_id IN ($mark)"; + $sql = 'DELETE FROM ' . USER_GROUP_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark); $db->sql_query($sql); - $sql = 'DELETE FROM ' . USERS_TABLE . " WHERE user_id IN ($mark)"; + $sql = 'DELETE FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark); $db->sql_query($sql); add_log('admin', 'LOG_INDEX_' . strtoupper($action), implode(', ', $user_affected)); @@ -91,8 +90,8 @@ class acp_main } $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type, user_regdate, user_actkey - FROM ' . USERS_TABLE . " - WHERE user_id IN ($mark)"; + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('user_id', $mark); $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) diff --git a/phpBB/includes/acp/acp_modules.php b/phpBB/includes/acp/acp_modules.php index 2d9415bbf6..7c72a1ca6b 100644 --- a/phpBB/includes/acp/acp_modules.php +++ b/phpBB/includes/acp/acp_modules.php @@ -841,7 +841,7 @@ class acp_modules SET right_id = right_id + $diff WHERE module_class = '" . $db->sql_escape($this->module_class) . "' AND " . $to_data['right_id'] . ' BETWEEN left_id AND right_id - AND module_id NOT IN (' . implode(', ', $moved_ids) . ')'; + AND ' . $db->sql_in_set('module_id', $moved_ids, true); $db->sql_query($sql); // Resync the righthand side of the tree @@ -849,7 +849,7 @@ class acp_modules SET left_id = left_id + $diff, right_id = right_id + $diff WHERE module_class = '" . $db->sql_escape($this->module_class) . "' AND left_id > " . $to_data['right_id'] . ' - AND module_id NOT IN (' . implode(', ', $moved_ids) . ')'; + AND ' . $db->sql_in_set('module_id', $moved_ids, true); $db->sql_query($sql); // Resync moved branch @@ -868,7 +868,7 @@ class acp_modules $sql = 'SELECT MAX(right_id) AS right_id FROM ' . MODULES_TABLE . " WHERE module_class = '" . $db->sql_escape($this->module_class) . "' - AND module_id NOT IN (" . implode(', ', $moved_ids) . ')'; + AND " . $db->sql_in_set('module_id', $moved_ids, true); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -879,7 +879,7 @@ class acp_modules $sql = 'UPDATE ' . MODULES_TABLE . " SET left_id = left_id $diff, right_id = right_id $diff WHERE module_class = '" . $db->sql_escape($this->module_class) . "' - AND module_id IN (" . implode(', ', $moved_ids) . ')'; + AND " . $db->sql_in_set('module_id', $moved_ids); $db->sql_query($sql); } diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php index 8ebc83c524..53b835df7d 100644 --- a/phpBB/includes/acp/acp_permissions.php +++ b/phpBB/includes/acp/acp_permissions.php @@ -413,7 +413,7 @@ class acp_permissions { $sql = 'SELECT forum_name FROM ' . FORUMS_TABLE . ' - WHERE forum_id IN (' . implode(', ', $forum_id) . ') + WHERE ' . $db->sql_in_set('forum_id', $forum_id) . ' ORDER BY forum_name ASC'; $result = $db->sql_query($sql); @@ -554,7 +554,7 @@ class acp_permissions $sql = "SELECT $sql_id FROM $table - WHERE $sql_id IN (" . implode(', ', $ids) . ')'; + WHERE " . $db->sql_in_set($sql_id, $ids); $result = $db->sql_query($sql); $ids = array(); @@ -803,8 +803,8 @@ class acp_permissions } // Logging ... first grab user or groupnames ... - $sql = ($ug_type == 'group') ? 'SELECT group_name as name, group_type FROM ' . GROUPS_TABLE . ' WHERE group_id' : 'SELECT username as name FROM ' . USERS_TABLE . ' WHERE user_id'; - $sql .= ' IN (' . implode(', ', array_map('intval', $ug_id)) . ')'; + $sql = ($ug_type == 'group') ? 'SELECT group_name as name, group_type FROM ' . GROUPS_TABLE . ' WHERE ' : 'SELECT username as name FROM ' . USERS_TABLE . ' WHERE '; + $sql .= $db->sql_in_set(($ug_type == 'group') ? 'group_id' : 'user_id', array_map('intval', $ug_id)); $result = $db->sql_query($sql); $l_ug_list = ''; @@ -825,7 +825,7 @@ class acp_permissions // Grab the forum details if non-zero forum_id $sql = 'SELECT forum_name FROM ' . FORUMS_TABLE . ' - WHERE forum_id IN (' . implode(', ', $forum_id) . ')'; + WHERE ' . $db->sql_in_set('forum_id', $forum_id); $result = $db->sql_query($sql); $l_forum_list = ''; @@ -858,7 +858,7 @@ class acp_permissions if (sizeof($perms)) { $sql = 'DELETE FROM ' . ZEBRA_TABLE . ' - WHERE zebra_id IN (' . implode(', ', array_unique($perms)) . ') + WHERE ' . $db->sql_in_set('zebra_id', array_unique($perms)) . ' AND foe = 1'; $db->sql_query($sql); } @@ -1078,7 +1078,7 @@ class acp_permissions { global $db, $user; - $sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')' : 'AND a.forum_id <> 0'); + $sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND ' . $db->sql_in_set('a.forum_id', $forum_id) : 'AND a.forum_id <> 0'); $sql_permission_option = "AND o.auth_option LIKE '" . $db->sql_escape($permission_type) . "%'"; $sql = $db->sql_build_query('SELECT_DISTINCT', array( diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php index 3fa99b6727..4752e7bafe 100644 --- a/phpBB/includes/acp/acp_prune.php +++ b/phpBB/includes/acp/acp_prune.php @@ -68,7 +68,7 @@ class acp_prune 'S_PRUNED' => true) ); - $sql_forum = (sizeof($forum_id)) ? ' AND forum_id IN (' . implode(', ', $forum_id) . ')' : ''; + $sql_forum = (sizeof($forum_id)) ? ' AND ' . $db->sql_in_set('forum_id', $forum_id) : ''; // Get a list of forum's or the data for the forum that we are pruning. $sql = 'SELECT forum_id, forum_name @@ -148,7 +148,7 @@ class acp_prune { $sql = 'SELECT forum_id, forum_name FROM ' . FORUMS_TABLE . ' - WHERE forum_id IN (' . implode(', ', $forum_id) . ')'; + WHERE ' . $db->sql_in_set('forum_id', $forum_id); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); @@ -202,15 +202,7 @@ class acp_prune if ($users) { - $users = explode("\n", $users); - - $where_sql = ''; - - foreach ($users as $username) - { - $where_sql .= (($where_sql != '') ? ', ' : '') . "'" . $db->sql_escape($username) . "'"; - } - $where_sql = " AND username IN ($where_sql)"; + $where_sql = ' AND ' . $db->sql_in_set('username', explode("\n", $users)); } else { diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index a69a0f6681..e74a830b0f 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -393,7 +393,7 @@ class acp_users { $sql = 'SELECT topic_id, topic_replies, topic_replies_real FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')'; + WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary)); $result = $db->sql_query($sql); $del_topic_ary = array(); @@ -409,7 +409,7 @@ class acp_users if (sizeof($del_topic_ary)) { $sql = 'DELETE FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(', ', $del_topic_ary) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary); $db->sql_query($sql); } } @@ -495,7 +495,7 @@ class acp_users { $sql = 'SELECT topic_id, forum_id, topic_title, topic_replies, topic_replies_real FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')'; + WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary)); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -842,7 +842,7 @@ class acp_users { $sql_in[] = $mark; } - $where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')'; + $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in); unset($sql_in); } @@ -1630,7 +1630,7 @@ class acp_users { $sql = 'SELECT real_filename FROM ' . ATTACHMENTS_TABLE . ' - WHERE attach_id IN (' . implode(', ', $marked) . ')'; + WHERE ' . $db->sql_in_set('attach_id', $marked); $result = $db->sql_query($sql); $log_attachments = array(); @@ -1834,7 +1834,7 @@ class acp_users // Select box for other groups $sql = 'SELECT group_id, group_name, group_type FROM ' . GROUPS_TABLE . ' - ' . ((sizeof($id_ary)) ? 'WHERE group_id NOT IN (' . implode(', ', $id_ary) . ')' : '') . ' + ' . ((sizeof($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . ' ORDER BY group_type DESC, group_name ASC'; $result = $db->sql_query($sql); diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php index a6ff1ddc2b..4ebf617913 100644 --- a/phpBB/includes/acp/auth.php +++ b/phpBB/includes/acp/auth.php @@ -136,7 +136,7 @@ class auth_admin extends auth $sql = 'SELECT user_id, user_permissions, user_type FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(',', $ug_id) . ')'; + WHERE ' . $db->sql_in_set('user_id', $ug_id); $result = $db->sql_query($sql); while ($userdata = $db->sql_fetchrow($result)) @@ -292,14 +292,14 @@ class auth_admin extends auth { $sql = 'SELECT user_id as ug_id, username as ug_name FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', array_keys($hold_ary)) . ') + WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary)) . ' ORDER BY username ASC'; } else { $sql = 'SELECT group_id as ug_id, group_name as ug_name, group_type FROM ' . GROUPS_TABLE . ' - WHERE group_id IN (' . implode(', ', array_keys($hold_ary)) . ') + WHERE ' . $db->sql_in_set('group_id', array_keys($hold_ary)) . ' ORDER BY group_type DESC, group_name ASC'; } $result = $db->sql_query($sql); @@ -361,7 +361,7 @@ class auth_admin extends auth $sql = 'SELECT r.role_id, o.auth_option, r.auth_setting FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o WHERE o.auth_option_id = r.auth_option_id - AND r.role_id IN (' . implode(', ', array_keys($roles)) . ')'; + AND ' . $db->sql_in_set('r.role_id', array_keys($roles)); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -584,7 +584,7 @@ class auth_admin extends auth // Get forum names $sql = 'SELECT forum_id, forum_name FROM ' . FORUMS_TABLE . ' - WHERE forum_id IN (' . implode(', ', array_keys($hold_ary)) . ')'; + WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary)); $result = $db->sql_query($sql); $forum_names = array(); @@ -605,7 +605,7 @@ class auth_admin extends auth { $sql = 'SELECT user_id, username FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $auth_ary['users']) . ') + WHERE ' . $db->sql_in_set('user_id', $auth_ary['users']) . ' ORDER BY username'; $result = $db->sql_query($sql); @@ -624,7 +624,7 @@ class auth_admin extends auth { $sql = 'SELECT group_id, group_name, group_type FROM ' . GROUPS_TABLE . ' - WHERE group_id IN (' . implode(', ', $auth_ary['groups']) . ') + WHERE ' . $db->sql_in_set('group_id', $auth_ary['groups']) . ' ORDER BY group_type ASC, group_name'; $result = $db->sql_query($sql); @@ -768,12 +768,12 @@ class auth_admin extends auth $ug_id = array($ug_id); } - $ug_id_sql = 'IN (' . implode(', ', array_map('intval', $ug_id)) . ')'; - $forum_sql = 'IN (' . implode(', ', array_map('intval', $forum_id)) . ') '; + $ug_id_sql = $db->sql_in_set($ug_type . '_id', array_map('intval', $ug_id)); + $forum_sql = $db->sql_in_set('forum_id', array_map('intval', $forum_id)); // Instead of updating, inserting, removing we just remove all current settings and re-set everything... $table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE; - $id_field = $ug_type . '_id'; + $id_field = $ug_type . '_id'; // Get any flags as required reset($auth); @@ -797,8 +797,8 @@ class auth_admin extends auth } $sql = "DELETE FROM $table - WHERE forum_id $forum_sql - AND $id_field $ug_id_sql + WHERE $forum_sql + AND $ug_id_sql AND auth_option_id IN ($any_option_id, " . implode(', ', $auth_option_ids) . ')'; $db->sql_query($sql); @@ -818,10 +818,10 @@ class auth_admin extends auth if (sizeof($role_ids)) { $sql = "DELETE FROM $table - WHERE forum_id $forum_sql - AND $id_field $ug_id_sql + WHERE $forum_sql + AND $ug_id_sql AND auth_option_id = 0 - AND auth_role_id IN (" . implode(', ', $role_ids) . ')'; + AND " . $db->sql_in_set('auth_role_id', $role_ids); $db->sql_query($sql); } @@ -995,12 +995,12 @@ class auth_admin extends auth if ($forum_id !== false) { - $where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : 'forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')'; + $where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : $db->sql_in_set('forum_id', array_map('intval', $forum_id)); } if ($ug_id !== false) { - $where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $id_field . ' IN (' . implode(', ', array_map('intval', $ug_id)) . ')'; + $where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $db->sql_in_set($id_field, array_map('intval', $ug_id)); } // There seem to be auth options involved, therefore we need to go through the list and make sure we capture roles correctly @@ -1043,7 +1043,7 @@ class auth_admin extends auth $sql = 'SELECT ao.auth_option, rd.role_id, rd.auth_setting FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_ROLES_DATA_TABLE . ' rd WHERE ao.auth_option_id = rd.auth_option_id - AND rd.role_id IN (' . implode(', ', array_keys($cur_role_auth)) . ')'; + AND ' . $db->sql_in_set('rd.role_id', array_keys($cur_role_auth)); $result = $db->sql_query($sql); $auth_settings = array(); @@ -1072,7 +1072,7 @@ class auth_admin extends auth // Now, normally remove permissions... if ($permission_type !== false) { - $where_sql[] = 'auth_option_id IN (' . implode(', ', array_map('intval', $option_id_ary)) . ')'; + $where_sql[] = $db->sql_in_set('auth_option_id', array_map('intval', $option_id_ary)); } $sql = "DELETE FROM $table diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index af833d04d9..4e6a8af1d8 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -161,7 +161,7 @@ class auth if (sizeof($this->acl)) { - $sql .= ' WHERE forum_id NOT IN (' . implode(', ', array_keys($this->acl)) . ')'; + $sql .= ' WHERE ' . $db->sql_in_set('forum_id', array_keys($this->acl), true); } $result = $db->sql_query($sql); @@ -418,7 +418,13 @@ class auth { global $db; - $where_sql = ($user_id !== false) ? ' WHERE user_id ' . ((is_array($user_id)) ? ' IN (' . implode(', ', array_map('intval', $user_id)) . ')' : " = $user_id") : ''; + $where_sql = ''; + + if ($user_id !== false) + { + $user_id = (!is_array($user_id)) ? $user_id = array((int) $user_id) : array_map('intval', $user_id); + $where_sql = ' WHERE ' . $db->sql_in_set('user_id', $user_id); + } $sql = 'UPDATE ' . USERS_TABLE . " SET user_permissions = '', @@ -440,8 +446,8 @@ class auth $sql_id = ($user_type == 'user') ? 'user_id' : 'group_id'; - $sql_ug = ($ug_id !== false) ? ((!is_array($ug_id)) ? "AND a.$sql_id = $ug_id" : "AND a.$sql_id IN (" . implode(', ', $ug_id) . ')') : ''; - $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : ''; + $sql_ug = ($ug_id !== false) ? ((!is_array($ug_id)) ? "AND a.$sql_id = $ug_id" : 'AND ' . $db->sql_in_set("a.$sql_id", $ug_id)) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; // Grab assigned roles... $sql = 'SELECT a.auth_role_id, a.' . $sql_id . ', a.forum_id @@ -469,8 +475,8 @@ class auth { global $db; - $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : 'user_id IN (' . implode(', ', $user_id) . ')') : ''; - $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : ''; + $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; $sql_opts = ''; @@ -482,7 +488,7 @@ class auth } else { - $sql_opts = 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')'; + $sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts); } } @@ -586,8 +592,8 @@ class auth { global $db; - $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : 'user_id IN (' . implode(', ', $user_id) . ')') : ''; - $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : ''; + $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; $sql_opts = ''; @@ -599,7 +605,7 @@ class auth } else { - $sql_opts = 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')'; + $sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts); } } @@ -647,8 +653,8 @@ class auth { global $db; - $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : 'group_id IN (' . implode(', ', $group_id) . ')') : ''; - $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : ''; + $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : $db->sql_in_set('group_id', $group_id)) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; if ($opts !== false) { @@ -658,7 +664,7 @@ class auth } else { - $sql_opts = 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')'; + $sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts); } } diff --git a/phpBB/includes/bbcode.php b/phpBB/includes/bbcode.php index f8fbbc2d3e..7293f07dc9 100644 --- a/phpBB/includes/bbcode.php +++ b/phpBB/includes/bbcode.php @@ -124,8 +124,7 @@ class bbcode } } - $sql = ''; - $bbcode_ids = $rowset = array(); + $bbcode_ids = $rowset = $sql = array(); $bitfield = new bitfield($this->bbcode_bitfield); $bbcodes_set = $bitfield->get_all_set(); @@ -141,18 +140,18 @@ class bbcode if ($bbcode_id > NUM_CORE_BBCODES) { - $sql .= (($sql) ? ',' : '') . $bbcode_id; + $sql[] = $bbcode_id; } } - if ($sql) + if (sizeof($sql)) { global $db; $sql = 'SELECT * - FROM ' . BBCODES_TABLE . " - WHERE bbcode_id IN ($sql)"; - $result = $db->sql_query($sql); + FROM ' . BBCODES_TABLE . ' + WHERE ' . $db->sql_in_set('bbcode_id', $sql); + $result = $db->sql_query($sql, 3600); while ($row = $db->sql_fetchrow($result)) { diff --git a/phpBB/includes/db/dbal.php b/phpBB/includes/db/dbal.php index b12ff81e0f..f774b5dcc3 100644 --- a/phpBB/includes/db/dbal.php +++ b/phpBB/includes/db/dbal.php @@ -193,22 +193,14 @@ class dbal { $fields[] = $key; - if (is_null($var)) - { - $values[] = 'NULL'; - } - else if (is_string($var)) - { - $values[] = "'" . $this->sql_escape($var) . "'"; - } - else if (is_array($var) && is_string($var[0])) + if (is_array($var) && is_string($var[0])) { // This is used for INSERT_SELECT(s) $values[] = $var[0]; } else { - $values[] = (is_bool($var)) ? intval($var) : $var; + $values[] = $this->_sql_validate_value($var); } } @@ -222,25 +214,7 @@ class dbal $values = array(); foreach ($sql_ary as $key => $var) { - if (is_null($var)) - { - $values[] = 'NULL'; - } - else if (is_string($var)) - { - if (strpos($key, 'bitfield') === false) - { - $values[] = "'" . $this->sql_escape($var) . "'"; - } - else - { - $values[] = $this->sql_escape_binary($var); - } - } - else - { - $values[] = (is_bool($var)) ? intval($var) : $var; - } + $values[] = $this->_sql_validate_value($var); } $ary[] = '(' . implode(', ', $values) . ')'; } @@ -252,25 +226,7 @@ class dbal $values = array(); foreach ($assoc_ary as $key => $var) { - if (is_null($var)) - { - $values[] = "$key = NULL"; - } - else if (is_string($var)) - { - if (strpos($key, 'bitfield') === false) - { - $values[] = "$key = '" . $this->sql_escape($var) . "'"; - } - else - { - $values[] = "$key = " . $this->sql_escape_binary($var); - } - } - else - { - $values[] = (is_bool($var)) ? "$key = " . intval($var) : "$key = $var"; - } + $values[] = "$key = " . $this->_sql_validate_value($var); } $query = implode(($query == 'UPDATE') ? ', ' : ' AND ', $values); } @@ -285,30 +241,10 @@ class dbal trigger_error('No values specified for SQL IN comparison', E_USER_ERROR); } - $bitfield = (strpos($field, 'bitfield') !== false); - $values = array(); foreach ($array as $var) { - if (is_null($var)) - { - $values[] = 'NULL'; - } - else if (is_string($var)) - { - if (!$bitfield) - { - $values[] = "'" . $this->sql_escape($var) . "'"; - } - else - { - $values[] = $this->sql_escape_binary($var); - } - } - else - { - $values[] = (is_bool($var)) ? intval($var) : $var; - } + $values[] = $this->_sql_validate_value($var); } if (sizeof($values) == 1) @@ -317,13 +253,28 @@ class dbal } else { - return $field . ($negate ? ' NOT IN ' : ' IN ' ) . '(' . implode(',', $values) . ')'; + return $field . ($negate ? ' NOT IN ' : ' IN ' ) . '(' . implode(', ', $values) . ')'; } } - function sql_escape_binary($msg) + /** + * Function for validating values + * @access private + */ + function _sql_validate_value($var) { - return "'" . $this->sql_escape($msg) . "'"; + if (is_null($var)) + { + return 'NULL'; + } + else if (is_string($var)) + { + return "'" . $this->sql_escape($var) . "'"; + } + else + { + return (is_bool($var)) ? intval($var) : $var; + } } /** diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index a676a717ff..48fec2d795 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -576,13 +576,13 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ { $sql = 'DELETE FROM ' . TOPICS_TRACK_TABLE . " WHERE user_id = {$user->data['user_id']} - AND forum_id IN (" . implode(', ', $forum_id) . ")"; + AND " . $db->sql_in_set('forum_id', $forum_id); $db->sql_query($sql); $sql = 'SELECT forum_id FROM ' . FORUMS_TRACK_TABLE . " WHERE user_id = {$user->data['user_id']} - AND forum_id IN (" . implode(', ', $forum_id) . ')'; + AND " . $db->sql_in_set('forum_id', $forum_id); $result = $db->sql_query($sql); $sql_update = array(); @@ -597,7 +597,7 @@ function markread($mode, $forum_id = false, $topic_id = false, $post_time = 0, $ $sql = 'UPDATE ' . FORUMS_TRACK_TABLE . ' SET mark_time = ' . time() . " WHERE user_id = {$user->data['user_id']} - AND forum_id IN (" . implode(', ', $sql_update) . ')'; + AND " . $db->sql_in_set('forum_id', $sql_update); $db->sql_query($sql); } @@ -888,7 +888,7 @@ function get_complete_topic_tracking($forum_id, $topic_ids, $global_announce_lis $sql = 'SELECT topic_id, mark_time FROM ' . TOPICS_TRACK_TABLE . " WHERE user_id = {$user->data['user_id']} - AND topic_id IN (" . implode(', ', $topic_ids) . ")"; + AND " . $db->sql_in_set('topic_id', $topic_ids); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -1805,13 +1805,13 @@ function login_forum_box($forum_data) $sql_in = array(); do { - $sql_in[] = "'" . $db->sql_escape($row['session_id']) . "'"; + $sql_in[] = (string) $row['session_id']; } while ($row = $db->sql_fetchrow($result)); // Remove expired sessions $sql = 'DELETE FROM ' . FORUMS_ACCESS_TABLE . ' - WHERE session_id NOT IN (' . implode(', ', $sql_in) . ')'; + WHERE ' . $db->sql_in_set('session_id', $sql_in, true); $db->sql_query($sql); } $db->sql_freeresult($result); diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index 0eec9a5114..3b039d110d 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -206,7 +206,7 @@ function group_select_options($group_id, $exclude_ids = false) { global $db, $user, $config; - $exclude_sql = ($exclude_ids !== false && sizeof($exclude_ids)) ? 'WHERE group_id NOT IN (' . implode(', ', array_map('intval', $exclude_ids)) . ')' : ''; + $exclude_sql = ($exclude_ids !== false && sizeof($exclude_ids)) ? 'WHERE ' . $db->sql_in_set('group_id', array_map('intval', $exclude_ids), true) : ''; $sql_and = (!$config['coppa_enable']) ? (($exclude_sql) ? ' AND ' : ' WHERE ') . "group_name NOT IN ('INACTIVE_COPPA', 'REGISTERED_COPPA')" : ''; $sql = 'SELECT group_id, group_name, group_type @@ -376,7 +376,7 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true) } $sql = 'DELETE FROM ' . TOPICS_TABLE . ' - WHERE topic_moved_id IN (' . implode(', ', $topic_ids) . ') + WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids) . ' AND forum_id = ' . $forum_id; $db->sql_query($sql); @@ -384,7 +384,7 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true) { $sql = 'SELECT DISTINCT forum_id FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(', ', $topic_ids) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $topic_ids); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -399,7 +399,7 @@ function move_topics($topic_ids, $forum_id, $auto_sync = true) { $sql = "UPDATE $table SET forum_id = $forum_id - WHERE topic_id IN (" . implode(', ', $topic_ids) . ')'; + WHERE " . $db->sql_in_set('topic_id', $topic_ids); $db->sql_query($sql); } unset($table_ary); @@ -428,7 +428,7 @@ function move_posts($post_ids, $topic_id, $auto_sync = true) $sql = 'SELECT DISTINCT topic_id, forum_id FROM ' . POSTS_TABLE . ' - WHERE post_id IN (' . implode(', ', $post_ids) . ')'; + WHERE ' . $db->sql_in_set('post_id', $post_ids); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -452,12 +452,12 @@ function move_posts($post_ids, $topic_id, $auto_sync = true) $sql = 'UPDATE ' . POSTS_TABLE . ' SET forum_id = ' . $forum_row['forum_id'] . ", topic_id = $topic_id - WHERE post_id IN (" . implode(', ', $post_ids) . ')'; + WHERE " . $db->sql_in_set('post_id', $post_ids); $db->sql_query($sql); $sql = 'UPDATE ' . ATTACHMENTS_TABLE . " SET topic_id = $topic_id, in_message = 0 - WHERE post_msg_id IN (" . implode(', ', $post_ids) . ')'; + WHERE " . $db->sql_in_set('post_msg_id', $post_ids); $db->sql_query($sql); if ($auto_sync) @@ -487,6 +487,10 @@ function delete_topics($where_type, $where_ids, $auto_sync = true) { $where_ids = array_unique($where_ids); } + else + { + $where_ids = array($where_ids); + } if (!sizeof($where_ids)) { @@ -498,8 +502,8 @@ function delete_topics($where_type, $where_ids, $auto_sync = true) ); $sql = 'SELECT topic_id, forum_id - FROM ' . TOPICS_TABLE . " - WHERE $where_type " . ((!is_array($where_ids)) ? "= $where_ids" : 'IN (' . implode(', ', $where_ids) . ')'); + FROM ' . TOPICS_TABLE . ' + WHERE ' . $db->sql_in_set($where_type, $where_ids); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -516,8 +520,6 @@ function delete_topics($where_type, $where_ids, $auto_sync = true) return $return; } - $sql_where = ' IN (' . implode(', ', $topic_ids) . ')'; - $db->sql_transaction('begin'); $table_ary = array(TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, POLL_VOTES_TABLE, POLL_OPTIONS_TABLE, TOPICS_WATCH_TABLE, TOPICS_TABLE); @@ -525,13 +527,13 @@ function delete_topics($where_type, $where_ids, $auto_sync = true) foreach ($table_ary as $table) { $sql = "DELETE FROM $table - WHERE topic_id $sql_where"; + WHERE " . $db->sql_in_set('topic_id', $topic_ids); $db->sql_query($sql); } unset($table_ary); $sql = 'DELETE FROM ' . TOPICS_TABLE . ' - WHERE topic_moved_id' . $sql_where; + WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids); $db->sql_query($sql); $db->sql_transaction('commit'); @@ -558,8 +560,12 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = { $where_ids = array_unique($where_ids); } + else + { + $where_ids = array($where_ids); + } - if (empty($where_ids)) + if (!sizeof($where_ids)) { return false; } @@ -567,8 +573,8 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = $post_ids = $topic_ids = $forum_ids = $post_counts = array(); $sql = 'SELECT post_id, poster_id, post_postcount, topic_id, forum_id - FROM ' . POSTS_TABLE . " - WHERE $where_type " . ((!is_array($where_ids)) ? '= ' . (int) $where_ids : 'IN (' . implode(', ', array_map('intval', $where_ids)) . ')'); + FROM ' . POSTS_TABLE . ' + WHERE ' . $db->sql_in_set($where_type, array_map('intval', $where_ids)); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -590,8 +596,6 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = return false; } - $sql_where = implode(', ', $post_ids); - $db->sql_transaction('begin'); $table_ary = array(POSTS_TABLE, REPORTS_TABLE); @@ -599,7 +603,7 @@ function delete_posts($where_type, $where_ids, $auto_sync = true, $posted_sync = foreach ($table_ary as $table) { $sql = "DELETE FROM $table - WHERE post_id IN ($sql_where)"; + WHERE " . $db->sql_in_set('post_id', $post_ids); $db->sql_query($sql); } unset($table_ary); @@ -693,7 +697,7 @@ function delete_attachments($mode, $ids, $resync = true) { $sql = 'SELECT post_msg_id as post_id, topic_id, physical_filename, thumbnail, filesize FROM ' . ATTACHMENTS_TABLE . ' - WHERE ' . $sql_id . ' IN (' . implode(', ', $ids) . ')'; + WHERE ' . $db->sql_in_set($sql_id, $ids); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -709,7 +713,7 @@ function delete_attachments($mode, $ids, $resync = true) { $sql = 'SELECT topic_id, physical_filename, thumbnail, filesize FROM ' . ATTACHMENTS_TABLE . ' - WHERE post_msg_id IN (' . implode(', ', $ids) . ') + WHERE ' . $db->sql_in_set('post_msg_id', $ids) . ' AND in_message = 0'; $result = $db->sql_query($sql); @@ -723,7 +727,7 @@ function delete_attachments($mode, $ids, $resync = true) // Delete attachments $sql = 'DELETE FROM ' . ATTACHMENTS_TABLE . ' - WHERE ' . $sql_id . ' IN (' . implode(', ', $ids) . ')'; + WHERE ' . $db->sql_in_set($sql_id, $ids); $db->sql_query($sql); $num_deleted = $db->sql_affectedrows(); @@ -771,7 +775,7 @@ function delete_attachments($mode, $ids, $resync = true) { $sql = 'UPDATE ' . POSTS_TABLE . ' SET post_attachment = 0 - WHERE post_id IN (' . implode(', ', $post_ids) . ')'; + WHERE ' . $db->sql_in_set('post_id', $post_ids); $db->sql_query($sql); } @@ -781,7 +785,7 @@ function delete_attachments($mode, $ids, $resync = true) $sql = 'SELECT post_msg_id FROM ' . ATTACHMENTS_TABLE . ' - WHERE post_msg_id IN (' . implode(', ', $post_ids) . ') + WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . ' AND in_message = 0'; $result = $db->sql_query($sql); @@ -797,7 +801,7 @@ function delete_attachments($mode, $ids, $resync = true) { $sql = 'UPDATE ' . POSTS_TABLE . ' SET post_attachment = 0 - WHERE post_id IN (' . implode(', ', $unset_ids) . ')'; + WHERE ' . $db->sql_in_set('post_id', $unset_ids); $db->sql_query($sql); } @@ -805,7 +809,7 @@ function delete_attachments($mode, $ids, $resync = true) $sql = 'SELECT post_msg_id FROM ' . ATTACHMENTS_TABLE . ' - WHERE post_msg_id IN (' . implode(', ', $post_ids) . ') + WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . ' AND in_message = 1'; $result = $db->sql_query($sql); @@ -821,7 +825,7 @@ function delete_attachments($mode, $ids, $resync = true) { $sql = 'UPDATE ' . PRIVMSGS_TABLE . ' SET message_attachment = 0 - WHERE msg_id IN (' . implode(', ', $unset_ids) . ')'; + WHERE ' . $db->sql_in_set('msg_id', $unset_ids); $db->sql_query($sql); } } @@ -834,7 +838,7 @@ function delete_attachments($mode, $ids, $resync = true) { $sql = 'UPDATE ' . TOPICS_TABLE . ' SET topic_attachment = 0 - WHERE topic_id IN (' . implode(', ', $topic_ids) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $topic_ids); $db->sql_query($sql); } @@ -844,7 +848,7 @@ function delete_attachments($mode, $ids, $resync = true) $sql = 'SELECT topic_id FROM ' . ATTACHMENTS_TABLE . ' - WHERE topic_id IN (' . implode(', ', $topic_ids) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $topic_ids); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -859,7 +863,7 @@ function delete_attachments($mode, $ids, $resync = true) { $sql = 'UPDATE ' . TOPICS_TABLE . ' SET topic_attachment = 0 - WHERE topic_id IN (' . implode(', ', $unset_ids) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $unset_ids); $db->sql_query($sql); } } @@ -873,7 +877,7 @@ function delete_attachments($mode, $ids, $resync = true) */ function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true) { - $where = (is_array($forum_id)) ? 'AND t.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')' : (($forum_id) ? 'AND t.forum_id = ' . (int) $forum_id : ''); + $where = (is_array($forum_id)) ? 'AND ' . $db->sql_in_set('t.forum_id', array_map('intval', $forum_id)) : (($forum_id) ? 'AND t.forum_id = ' . (int) $forum_id : ''); switch (SQL_LAYER) { @@ -905,7 +909,7 @@ function delete_topic_shadows($max_age, $forum_id = '', $auto_sync = true) if (sizeof($topic_ids)) { $sql = 'DELETE FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(',', $topic_ids) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $topic_ids); $db->sql_query($sql); } break; @@ -932,13 +936,13 @@ function update_posted_info(&$topic_ids) // First of all, let us remove any posted information for these topics $sql = 'DELETE FROM ' . TOPICS_POSTED_TABLE . ' - WHERE topic_id IN (' . implode(', ', $topic_ids) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $topic_ids); $db->sql_query($sql); // Now, let us collect the user/topic combos for rebuilding the information $sql = 'SELECT poster_id, topic_id FROM ' . POSTS_TABLE . ' - WHERE topic_id IN (' . implode(', ', $topic_ids) . ') + WHERE ' . $db->sql_in_set('topic_id', $topic_ids) . ' AND poster_id <> ' . ANONYMOUS . ' GROUP BY poster_id, topic_id'; $result = $db->sql_query($sql); @@ -1058,7 +1062,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, // Limit the topics/forums we are syncing, use specific topic/forum IDs. // $where_type contains the field for the where clause (forum_id, topic_id) - $where_sql = 'WHERE ' . $mode{0} . ".$where_type IN (" . implode(', ', $where_ids) . ')'; + $where_sql = 'WHERE ' . $db->sql_in_set($mode{0} . '.' . $where_type, $where_ids); $where_sql_and = $where_sql . "\n\tAND"; } } @@ -1070,7 +1074,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, } // $where_type contains the field for the where clause (forum_id, topic_id) - $where_sql = 'WHERE ' . $mode{0} . ".$where_type IN (" . implode(', ', $where_ids) . ')'; + $where_sql = 'WHERE ' . $db->sql_in_set($mode{0} . '.' . $where_type, $where_ids); $where_sql_and = $where_sql . "\n\tAND"; } @@ -1108,7 +1112,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, } $sql = 'DELETE FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(', ', $topic_id_ary) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $topic_id_ary); $db->sql_query($sql); break; @@ -1147,7 +1151,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, $sql = 'UPDATE ' . TOPICS_TABLE . ' SET topic_approved = 1 - topic_approved - WHERE topic_id IN (' . implode(', ', $topic_ids) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $topic_ids); $db->sql_query($sql); break; } @@ -1174,7 +1178,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, $sql = 'SELECT DISTINCT(post_id) FROM ' . REPORTS_TABLE . ' - WHERE post_id IN (' . implode(', ', $post_ids) . ') + WHERE ' . $db->sql_in_set('post_id', $post_ids) . ' AND report_closed = 0'; $result = $db->sql_query($sql); @@ -1203,7 +1207,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, { $sql = 'UPDATE ' . POSTS_TABLE . ' SET post_reported = 1 - post_reported - WHERE post_id IN (' . implode(', ', $post_ids) . ')'; + WHERE ' . $db->sql_in_set('post_id', $post_ids); $db->sql_query($sql); } break; @@ -1245,7 +1249,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, { $sql = 'UPDATE ' . TOPICS_TABLE . ' SET topic_reported = 1 - topic_reported - WHERE topic_id IN (' . implode(', ', $topic_ids) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $topic_ids); $db->sql_query($sql); } break; @@ -1271,7 +1275,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, $sql = 'SELECT DISTINCT(post_msg_id) FROM ' . ATTACHMENTS_TABLE . ' - WHERE post_msg_id IN (' . implode(', ', $post_ids) . ') + WHERE ' . $db->sql_in_set('post_msg_id', $post_ids) . ' AND in_message = 0'; $result = $db->sql_query($sql); @@ -1300,7 +1304,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, { $sql = 'UPDATE ' . POSTS_TABLE . ' SET post_attachment = 1 - post_attachment - WHERE post_id IN (' . implode(', ', $post_ids) . ')'; + WHERE ' . $db->sql_in_set('post_id', $post_ids); $db->sql_query($sql); } break; @@ -1342,7 +1346,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, { $sql = 'UPDATE ' . TOPICS_TABLE . ' SET topic_attachment = 1 - topic_attachment - WHERE topic_id IN (' . implode(', ', $topic_ids) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $topic_ids); $db->sql_query($sql); } break; @@ -1385,7 +1389,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, // 2: Get topic counts for each forum $sql = 'SELECT forum_id, topic_approved, COUNT(topic_id) AS forum_topics FROM ' . TOPICS_TABLE . ' - WHERE forum_id IN (' . implode(', ', $forum_ids) . ') + WHERE ' . $db->sql_in_set('forum_id', $forum_ids) . ' GROUP BY forum_id, topic_approved'; $result = $db->sql_query($sql); @@ -1404,7 +1408,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, // 3: Get post count and last_post_id for each forum $sql = 'SELECT forum_id, COUNT(post_id) AS forum_posts, MAX(post_id) AS last_post_id FROM ' . POSTS_TABLE . ' - WHERE forum_id IN (' . implode(', ', $forum_ids) . ') + WHERE ' . $db->sql_in_set('forum_id', $forum_ids) . ' AND post_approved = 1 GROUP BY forum_id'; $result = $db->sql_query($sql); @@ -1425,7 +1429,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, { $sql = 'SELECT p.post_id, p.poster_id, p.post_time, p.post_username, u.username FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u - WHERE p.post_id IN (' . implode(', ', $post_ids) . ') + WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . ' AND p.poster_id = u.user_id'; $result = $db->sql_query($sql); @@ -1491,15 +1495,21 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, break; case 'topic': - $topic_data = $post_ids = $approved_unapproved_ids = $resync_forums = $delete_topics = $delete_posts = array(); + $topic_data = $post_ids = $approved_unapproved_ids = $resync_forums = $delete_topics = $delete_posts = $moved_topics = array(); - $sql = 'SELECT t.topic_id, t.forum_id, t.topic_approved, ' . (($sync_extra) ? 't.topic_attachment, t.topic_reported, ' : '') . 't.topic_poster, t.topic_time, t.topic_replies, t.topic_replies_real, t.topic_first_post_id, t.topic_first_poster_name, t.topic_last_post_id, t.topic_last_poster_id, t.topic_last_poster_name, t.topic_last_post_time + $sql = 'SELECT t.topic_id, t.forum_id, t.topic_moved_id, t.topic_approved, ' . (($sync_extra) ? 't.topic_attachment, t.topic_reported, ' : '') . 't.topic_poster, t.topic_time, t.topic_replies, t.topic_replies_real, t.topic_first_post_id, t.topic_first_poster_name, t.topic_last_post_id, t.topic_last_poster_id, t.topic_last_poster_name, t.topic_last_post_time FROM ' . TOPICS_TABLE . " t $where_sql"; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { + if ($row['topic_moved_id']) + { + $moved_topics[] = $row['topic_id']; + continue; + } + $topic_id = (int) $row['topic_id']; $topic_data[$topic_id] = $row; $topic_data[$topic_id]['replies_real'] = -1; @@ -1603,9 +1613,34 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, unset($delete_topics, $delete_topic_ids); } + // Make sure shadow topics do link to existing topics + if (sizeof($moved_topics)) + { + $delete_topics = array(); + + $sql = 'SELECT t1.topic_id, t1.topic_moved_id + FROM ' . TOPICS_TABLE . ' t1 + LEFT JOIN ' . TOPICS_TABLE . ' t2 ON (t2.topic_id = t1.topic_moved_id) + WHERE ' . $db->sql_in_set('t1.topic_id', $moved_topics) . ' + AND t2.topic_id IS NULL'; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $delete_topics[] = $row['topic_id']; + } + $db->sql_freeresult($result); + + if (sizeof($delete_topics)) + { + delete_topics('topic_id', $delete_topics, false); + } + unset($delete_topics); + } + $sql = 'SELECT p.post_id, p.topic_id, p.post_approved, p.poster_id, p.post_username, p.post_time, u.username FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u - WHERE p.post_id IN (' . implode(',', $post_ids) . ') + WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . ' AND u.user_id = p.poster_id'; $result = $db->sql_query($sql); @@ -1639,7 +1674,7 @@ function sync($mode, $where_type = '', $where_ids = '', $resync_parents = false, { $sql = 'UPDATE ' . TOPICS_TABLE . ' SET topic_approved = 1 - topic_approved - WHERE topic_id IN (' . implode(', ', $approved_unapproved_ids) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $approved_unapproved_ids); $db->sql_query($sql); } unset($approved_unapproved_ids); @@ -1726,9 +1761,18 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync { global $db; - $sql_forum = (is_array($forum_id)) ? ' IN (' . implode(', ', array_map('intval', $forum_id)) . ')' : ' = ' . (int) $forum_id; + if (!is_array($forum_id)) + { + $forum_id = array($forum_id); + } + + if (!sizeof($forum_id)) + { + return; + } $sql_and = ''; + if (!($prune_flags & 4)) { $sql_and .= ' AND topic_type <> ' . POST_ANNOUNCE; @@ -1750,8 +1794,8 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync } $sql = 'SELECT topic_id - FROM ' . TOPICS_TABLE . " - WHERE forum_id $sql_forum + FROM ' . TOPICS_TABLE . ' + WHERE ' . $db->sql_in_set('forum_id', $forum_id) . " AND poll_start = 0 $sql_and"; $result = $db->sql_query($sql); @@ -1766,8 +1810,8 @@ function prune($forum_id, $prune_mode, $prune_date, $prune_flags = 0, $auto_sync if ($prune_flags & 2) { $sql = 'SELECT topic_id - FROM ' . TOPICS_TABLE . " - WHERE forum_id $sql_forum + FROM ' . TOPICS_TABLE . ' + WHERE ' . $db->sql_in_set('forum_id', $forum_id) . " AND poll_start > 0 AND poll_last_vote < $prune_date $sql_and"; @@ -1934,7 +1978,7 @@ function cache_moderators() AND ((a.auth_setting = ' . ACL_NEVER . ' AND r.auth_setting IS NULL) OR r.auth_setting = ' . ACL_NEVER . ') AND a.group_id = ug.group_id - AND ug.user_id IN (' . implode(', ', $ug_id_ary) . ") + AND ' . $db->sql_in_set('ug.user_id', $ug_id_ary) . " AND ug.user_pending = 0 AND o.auth_option LIKE 'm\_%'", )); @@ -1954,7 +1998,7 @@ function cache_moderators() // Get usernames... $sql = 'SELECT user_id, username FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', array_keys($hold_ary)) . ')'; + WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary)); $result = $db->sql_query($sql); $usernames_ary = array(); @@ -1989,7 +2033,7 @@ function cache_moderators() // Make sure not hidden or special groups are involved... $sql = 'SELECT group_name, group_id, group_type FROM ' . GROUPS_TABLE . ' - WHERE group_id IN (' . implode(', ', $ug_id_ary) . ')'; + WHERE ' . $db->sql_in_set('group_id', $ug_id_ary); $result = $db->sql_query($sql); $groupnames_ary = array(); @@ -2082,7 +2126,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id } else if (is_array($forum_id)) { - $sql_forum = 'AND l.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')'; + $sql_forum = 'AND ' . $db->sql_in_set('l.forum_id', array_map('intval', $forum_id)); } else { @@ -2174,7 +2218,7 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id // although it's also used to determine if the topic still exists in the database $sql = 'SELECT topic_id, forum_id FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(', ', array_map('intval', $topic_id_list)) . ')'; + WHERE ' . $db->sql_in_set('topic_id', array_map('intval', $topic_id_list)); $result = $db->sql_query($sql); $default_forum_id = 0; @@ -2472,9 +2516,8 @@ function tidy_warnings() { $db->sql_transaction('begin'); - $sql_where = ' IN (' . implode(', ', $warning_list) . ')'; - $sql = 'DELETE FROM ' . WARNINGS_TABLE . " - WHERE warning_id $sql_where"; + $sql = 'DELETE FROM ' . WARNINGS_TABLE . ' + WHERE ' . $db->sql_in_set('warning_id', $warning_list); $db->sql_query($sql); foreach ($user_list as $user_id => $value) diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 10de128e31..f6b73afa0e 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -556,18 +556,22 @@ function get_moderators(&$forum_moderators, $forum_id = false) return; } - if ($forum_id !== false && is_array($forum_id)) + $forum_sql = ''; + + if ($forum_id !== false) { + if (!is_array($forum_id)) + { + $forum_id = array($forum_id); + } + // If we don't have a forum then we can't have a moderator if (!sizeof($forum_id)) { return; } - $forum_sql = 'AND forum_id IN (' . implode(', ', $forum_id) . ')'; - } - else - { - $forum_sql = ($forum_id !== false) ? 'AND forum_id = ' . $forum_id : ''; + + $forum_sql = 'AND ' . $db->sql_in_set('forum_id', $forum_id); } $sql = 'SELECT * @@ -1012,7 +1016,7 @@ function display_user_activity(&$userdata) } $forum_ary = array_unique($forum_ary); - $post_count_sql = (sizeof($forum_ary)) ? 'AND f.forum_id NOT IN (' . implode(', ', $forum_ary) . ')' : ''; + $post_count_sql = (sizeof($forum_ary)) ? 'AND ' . $db->sql_in_set('f.forum_id', $forum_ary, true) : ''; // Firebird does not support ORDER BY on aliased columns // MySQL does not support ORDER BY on functions diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index 1e3fd877b3..da3931d371 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -114,9 +114,9 @@ function update_post_information($type, $ids, $return_update_sql = false) $update_sql = $empty_forums = array(); $sql = 'SELECT ' . $type . '_id, MAX(post_id) as last_post_id - FROM ' . POSTS_TABLE . " + FROM ' . POSTS_TABLE . ' WHERE post_approved = 1 - AND {$type}_id IN (" . implode(', ', $ids) . ") + AND ' . $db->sql_in_set($type . '_id', $ids) . " GROUP BY {$type}_id"; $result = $db->sql_query($sql); @@ -150,7 +150,7 @@ function update_post_information($type, $ids, $return_update_sql = false) $sql = 'SELECT p.' . $type . '_id, p.post_id, p.post_time, p.poster_id, p.post_username, u.user_id, u.username FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u WHERE p.poster_id = u.user_id - AND p.post_id IN (' . implode(', ', $last_post_ids) . ')'; + AND ' . $db->sql_in_set('p.post_id', $last_post_ids); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -757,7 +757,7 @@ function load_drafts($topic_id = 0, $forum_id = 0, $id = 0) { $sql = 'SELECT topic_id, forum_id, topic_title FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(',', array_unique($topic_ids)) . ')'; + WHERE ' . $db->sql_in_set('topic_id', array_unique($topic_ids)); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -1109,7 +1109,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id $sql = 'UPDATE ' . TOPICS_WATCH_TABLE . " SET notify_status = 1 WHERE topic_id = $topic_id - AND user_id IN (" . implode(', ', $update_notification['topic']) . ")"; + AND " . $db->sql_in_set('user_id', $update_notification['topic']); $db->sql_query($sql); } @@ -1118,7 +1118,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id $sql = 'UPDATE ' . FORUMS_WATCH_TABLE . " SET notify_status = 1 WHERE forum_id = $forum_id - AND user_id IN (" . implode(', ', $update_notification['forum']) . ")"; + AND " . $db->sql_in_set('user_id', $update_notification['forum']); $db->sql_query($sql); } @@ -1127,7 +1127,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id { $sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . " WHERE topic_id = $topic_id - AND user_id IN (" . implode(', ', $delete_ids['topic']) . ")"; + AND " . $db->sql_in_set('user_id', $delete_ids['topic']); $db->sql_query($sql); } @@ -1135,7 +1135,7 @@ function user_notification($mode, $subject, $topic_title, $forum_name, $forum_id { $sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . " WHERE forum_id = $forum_id - AND user_id IN (" . implode(', ', $delete_ids['forum']) . ")"; + AND " . $db->sql_in_set('user_id', $delete_ids['forum']); $db->sql_query($sql); } diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index 068925b359..fe38b6276b 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -387,7 +387,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) { $sql = 'SELECT * FROM ' . USER_GROUP_TABLE . ' - WHERE user_id IN (' . implode(', ', $user_ids) . ') + WHERE ' . $db->sql_in_set('user_id', $user_ids) . ' AND user_pending = 0'; $result = $db->sql_query($sql); @@ -506,7 +506,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) { $sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' SET pm_unread = 0 - WHERE msg_id IN (' . implode(', ', $unread_ids) . ") + WHERE ' . $db->sql_in_set('msg_id', $unread_ids) . " AND user_id = $user_id AND folder_id = " . PRIVMSGS_NO_BOX; $db->sql_query($sql); @@ -519,7 +519,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) SET pm_marked = !pm_marked WHERE folder_id = ' . PRIVMSGS_NO_BOX . " AND user_id = $user_id - AND msg_id IN (" . implode(', ', $important_ids) . ')'; + AND " . $db->sql_in_set('msg_id', $important_ids); $db->sql_query($sql); } @@ -531,9 +531,15 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) // Determine Full Folder Action - we need the move to folder id later eventually $full_folder_action = ($user->data['user_full_folder'] == FULL_FOLDER_NONE) ? ($config['full_folder_action'] - (FULL_FOLDER_NONE*(-1))) : $user->data['user_full_folder']; + $sql_folder = array_keys($move_into_folder); + if ($full_folder_action >= 0) + { + $sql_folder[] = $full_folder_action; + } + $sql = 'SELECT folder_id, pm_count FROM ' . PRIVMSGS_FOLDER_TABLE . ' - WHERE folder_id IN (' . implode(', ', array_keys($move_into_folder)) . (($full_folder_action >= 0) ? ', ' . $full_folder_action : '') . ") + WHERE ' . $db->sql_in_set('folder_id', $sql_folder) . " AND user_id = $user_id"; $result = $db->sql_query($sql); @@ -543,6 +549,8 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) } $db->sql_freeresult($result); + unset($sql_folder); + if (in_array(PRIVMSGS_INBOX, array_keys($move_into_folder))) { $sql = 'SELECT folder_id, COUNT(msg_id) as num_messages @@ -610,7 +618,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) SET folder_id = ' . PRIVMSGS_HOLD_BOX . ' WHERE folder_id = ' . PRIVMSGS_NO_BOX . " AND user_id = $user_id - AND msg_id IN (" . implode(', ', $msg_ary) . ')'; + AND " . $db->sql_in_set('msg_id', $msg_ary); $db->sql_query($sql); } else @@ -620,7 +628,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) WHERE folder_id = " . PRIVMSGS_NO_BOX . " AND user_id = $user_id AND pm_new = 1 - AND msg_id IN (" . implode(', ', $msg_ary) . ')'; + AND " . $db->sql_in_set('msg_id', $msg_ary); $db->sql_query($sql); if ($dest_folder != PRIVMSGS_INBOX) @@ -645,7 +653,7 @@ function place_pm_into_folder(&$global_privmsgs_rules, $release = false) $sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' SET folder_id = ' . PRIVMSGS_SENTBOX . ' WHERE folder_id = ' . PRIVMSGS_OUTBOX . ' - AND msg_id IN (' . implode(', ', array_keys($action_ary)) . ')'; + AND ' . $db->sql_in_set('msg_id', array_keys($action_ary)); $db->sql_query($sql); } @@ -730,7 +738,7 @@ function move_pm($user_id, $message_limit, $move_msg_ids, $dest_folder, $cur_fol SET folder_id = $dest_folder WHERE folder_id = $cur_folder_id AND user_id = $user_id - AND msg_id IN (" . implode(', ', $move_msg_ids) . ')'; + AND " . $db->sql_in_set('msg_id', $move_msg_ids); $db->sql_query($sql); $num_moved = $db->sql_affectedrows(); @@ -809,7 +817,7 @@ function handle_mark_actions($user_id, $mark_action) SET pm_marked = !pm_marked WHERE folder_id = $cur_folder_id AND user_id = $user_id - AND msg_id IN (" . implode(', ', $msg_ids) . ')'; + AND " . $db->sql_in_set('msg_id', $msg_ids); $db->sql_query($sql); break; @@ -879,7 +887,7 @@ function delete_pm($user_id, $msg_ids, $folder_id) // Get PM Informations for later deleting $sql = 'SELECT msg_id, pm_unread, pm_new FROM ' . PRIVMSGS_TO_TABLE . ' - WHERE msg_id IN (' . implode(', ', array_map('intval', $msg_ids)) . ") + WHERE ' . $db->sql_in_set('msg_id', array_map('intval', $msg_ids)) . " AND folder_id = $folder_id AND user_id = $user_id"; $result = $db->sql_query($sql); @@ -908,19 +916,19 @@ function delete_pm($user_id, $msg_ids, $folder_id) // Remove PM from Outbox $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . " WHERE user_id = $user_id AND folder_id = " . PRIVMSGS_OUTBOX . ' - AND msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')'; + AND ' . $db->sql_in_set('msg_id', array_keys($delete_rows)); $db->sql_query($sql); // Update PM Information for safety $sql = 'UPDATE ' . PRIVMSGS_TABLE . " SET message_text = '' - WHERE msg_id IN (" . implode(', ', array_keys($delete_rows)) . ')'; + WHERE " . $db->sql_in_set('msg_id', array_keys($delete_rows)); $db->sql_query($sql); // Set delete flag for those intended to receive the PM // We do not remove the message actually, to retain some basic informations (sent time for example) $sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . ' SET pm_deleted = 1 - WHERE msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')'; + WHERE ' . $db->sql_in_set('msg_id', array_keys($delete_rows)); $db->sql_query($sql); $num_deleted = $db->sql_affectedrows(); @@ -931,7 +939,7 @@ function delete_pm($user_id, $msg_ids, $folder_id) $sql = 'DELETE FROM ' . PRIVMSGS_TO_TABLE . " WHERE user_id = $user_id AND folder_id = $folder_id - AND msg_id IN (" . implode(', ', array_keys($delete_rows)) . ')'; + AND " . $db->sql_in_set('msg_id', array_keys($delete_rows)); $db->sql_query($sql); $num_deleted = $db->sql_affectedrows(); } @@ -961,7 +969,7 @@ function delete_pm($user_id, $msg_ids, $folder_id) // Now we have to check which messages we can delete completely $sql = 'SELECT msg_id FROM ' . PRIVMSGS_TO_TABLE . ' - WHERE msg_id IN (' . implode(', ', array_keys($delete_rows)) . ')'; + WHERE ' . $db->sql_in_set('msg_id', array_keys($delete_rows)); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -970,12 +978,12 @@ function delete_pm($user_id, $msg_ids, $folder_id) } $db->sql_freeresult($result); - $delete_ids = implode(', ', array_keys($delete_rows)); + $delete_ids = array_keys($delete_rows); - if ($delete_ids) + if (sizeof($delete_ids)) { $sql = 'DELETE FROM ' . PRIVMSGS_TABLE . ' - WHERE msg_id IN (' . $delete_ids . ')'; + WHERE ' . $db->sql_in_set('msg_id', $delete_ids); $db->sql_query($sql); } @@ -1051,7 +1059,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false) { $sql = 'SELECT user_id, username, user_colour FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $u) . ') + WHERE ' . $db->sql_in_set('user_id', $u) . ' AND user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')'; $result = $db->sql_query($sql); @@ -1078,7 +1086,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false) { $sql = 'SELECT group_name, group_type FROM ' . GROUPS_TABLE . ' - WHERE group_id IN (' . implode(', ', $g) . ')'; + WHERE ' . $db->sql_in_set('group_id', $g); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -1094,7 +1102,7 @@ function write_pm_addresses($check_ary, $author_id, $plaintext = false) { $sql = 'SELECT g.group_id, g.group_name, g.group_colour, g.group_type, ug.user_id FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug - WHERE g.group_id IN (' . implode(', ', $g) . ') + WHERE ' . $db->sql_in_set('g.group_id', $g) . ' AND g.group_id = ug.group_id AND ug.user_pending = 0'; $result = $db->sql_query($sql); @@ -1234,7 +1242,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr { $sql = 'SELECT group_id, user_id FROM ' . USER_GROUP_TABLE . ' - WHERE group_id IN (' . implode(', ', array_keys($data['address_list']['g'])) . ') + WHERE ' . $db->sql_in_set('group_id', array_keys($data['address_list']['g'])) . ' AND user_pending = 0'; $result = $db->sql_query($sql); @@ -1373,7 +1381,7 @@ function submit_pm($mode, $subject, &$data, $update_message, $put_in_outbox = tr $sql = 'UPDATE ' . USERS_TABLE . ' SET user_new_privmsg = user_new_privmsg + 1, user_unread_privmsg = user_unread_privmsg + 1, user_last_privmsg = ' . time() . ' - WHERE user_id IN (' . implode(', ', array_keys($recipients)) . ')'; + WHERE ' . $db->sql_in_set('user_id', array_keys($recipients)); $db->sql_query($sql); // Put PM into outbox @@ -1501,7 +1509,7 @@ function pm_notification($mode, $author, $recipients, $subject, $message) // Get banned User ID's $sql = 'SELECT ban_userid FROM ' . BANLIST_TABLE . ' - WHERE ban_userid IN (' . implode(', ', array_map('intval', array_keys($recipients))) . ') + WHERE ' . $db->sql_in_set('ban_userid', array_map('intval', array_keys($recipients))) . ' AND ban_exclude = 0'; $result = $db->sql_query($sql); @@ -1516,11 +1524,9 @@ function pm_notification($mode, $author, $recipients, $subject, $message) return; } - $recipient_list = implode(', ', array_map('intval', array_keys($recipients))); - $sql = 'SELECT user_id, username, user_email, user_lang, user_notify_pm, user_notify_type, user_jabber - FROM ' . USERS_TABLE . " - WHERE user_id IN ($recipient_list)"; + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('user_id', array_map('intval', array_keys($recipients))); $result = $db->sql_query($sql); $msg_list_ary = array(); diff --git a/phpBB/includes/functions_profile_fields.php b/phpBB/includes/functions_profile_fields.php index 505e61b67b..6f71724754 100644 --- a/phpBB/includes/functions_profile_fields.php +++ b/phpBB/includes/functions_profile_fields.php @@ -358,14 +358,14 @@ class custom_profile $this->build_cache(); } - if (!implode(', ', $user_id)) + if (!sizeof($user_id)) { return array(); } $sql = 'SELECT * FROM ' . PROFILE_FIELDS_DATA_TABLE . ' - WHERE user_id IN (' . implode(', ', array_map('intval', $user_id)) . ')'; + WHERE ' . $db->sql_in_set('user_id', array_map('intval', $user_id)); $result = $db->sql_query($sql); $field_data = array(); @@ -787,20 +787,13 @@ class custom_profile $sql_not_in = array(); foreach ($cp_data as $key => $null) { - if (strncmp($key, '_', 1) === 0) - { - $sql_not_in[] = "'" . $db->sql_escape(substr($key, 1)) . "'"; - } - else - { - $sql_not_in[] = "'" . $db->sql_escape($key) . "'"; - } + $sql_not_in[] = (strncmp($key, '_', 1) === 0) ? substr($key, 1) : $key; } $sql = 'SELECT f.field_type, f.field_ident, f.field_default_value, l.lang_default_value FROM ' . PROFILE_LANG_TABLE . ' l, ' . PROFILE_FIELDS_TABLE . ' f WHERE l.lang_id = ' . $user->get_iso_lang_id() . ' - ' . ((sizeof($sql_not_in)) ? ' AND f.field_ident NOT IN (' . implode(', ', $sql_not_in) . ')' : '') . ' + ' . ((sizeof($sql_not_in)) ? ' AND ' . $db->sql_in_set('f.field_ident', $sql_not_in, true) : '') . ' AND l.field_id = f.field_id'; $result = $db->sql_query($sql); diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index bc1c41b087..c03e92d0b0 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -34,7 +34,7 @@ function user_get_id_name(&$user_id_ary, &$username_ary) $$which_ary = array($$which_ary); } - $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $$which_ary); + $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', $$which_ary) : $$which_ary; unset($$which_ary); $user_id_ary = $username_ary = array(); @@ -42,8 +42,8 @@ function user_get_id_name(&$user_id_ary, &$username_ary) // Grab the user id/username records $sql_where = ($which_ary == 'user_id_ary') ? 'user_id' : 'username'; $sql = 'SELECT user_id, username - FROM ' . USERS_TABLE . " - WHERE $sql_where IN (" . implode(', ', $sql_in) . ')'; + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set($sql_where, $sql_in); $result = $db->sql_query($sql); if (!($row = $db->sql_fetchrow($result))) @@ -307,7 +307,7 @@ function user_delete($mode, $user_id, $post_username = false) { $sql = 'SELECT topic_id, topic_replies, topic_replies_real FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')'; + WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary)); $result = $db->sql_query($sql); $del_topic_ary = array(); @@ -323,7 +323,7 @@ function user_delete($mode, $user_id, $post_username = false) if (sizeof($del_topic_ary)) { $sql = 'DELETE FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(', ', $del_topic_ary) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary); $db->sql_query($sql); } } @@ -528,24 +528,23 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas $username = trim($username); if ($username != '') { - $sql_usernames[] = "'" . $db->sql_escape($username) . "'"; + $sql_usernames[] = strtolower($username); } } - $sql_usernames = implode(', ', $sql_usernames); // Make sure we have been given someone to ban - if (empty($sql_usernames)) + if (!sizeof($sql_usernames)) { trigger_error($user->lang['NO_USER_SPECIFIED']); } $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' - WHERE username IN (' . $sql_usernames . ')'; + WHERE ' . $db->sql_in_set('LOWER(username)', $sql_usernames); if (sizeof($founder)) { - $sql .= ' AND user_id NOT IN (' . implode(', ', array_keys($founder)) . ')'; + $sql .= ' AND ' . $db->sql_in_set('user_id', array_keys($founder), true); } $result = $db->sql_query($sql); @@ -762,17 +761,11 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas switch ($mode) { case 'user': - $sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE session_user_id IN (' . implode(', ', $banlist_ary) . ')'; + $sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary); break; case 'ip': - $banlist_ary_sql = array(); - - foreach ($banlist_ary as $ban_entry) - { - $banlist_ary_sql[] = "'" . $db->sql_escape($ban_entry) . "'"; - } - $sql_where = 'WHERE session_ip IN (' . implode(', ', $banlist_ary_sql) . ')'; + $sql_where = 'WHERE ' . $db->sql_in_set('session_ip', $banlist_ary); break; case 'email': @@ -780,12 +773,12 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas foreach ($banlist_ary as $ban_entry) { - $banlist_ary_sql[] = "'" . $db->sql_escape(str_replace('*', '%', $ban_entry)) . "'"; + $banlist_ary_sql[] = (string) str_replace('*', '%', $ban_entry); } $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' - WHERE user_email IN (' . implode(', ', $banlist_ary_sql) . ')'; + WHERE ' . $db->sql_in_set('user_email', $banlist_ary_sql); $result = $db->sql_query($sql); $sql_in = array(); @@ -798,7 +791,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas } while ($row = $db->sql_fetchrow($result)); - $sql_where = 'WHERE session_user_id IN (' . implode(', ', $sql_in) . ")"; + $sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $sql_in); } $db->sql_freeresult($result); break; @@ -812,7 +805,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas if ($mode == 'user') { - $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE user_id IN (' . implode(', ', $banlist_ary) . ')'); + $sql = 'DELETE FROM ' . SESSIONS_KEYS_TABLE . ' ' . ((in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('user_id', $banlist_ary)); $db->sql_query($sql); } } @@ -847,30 +840,30 @@ function user_unban($mode, $ban) $ban = array($ban); } - $unban_sql = implode(', ', array_map('intval', $ban)); + $unban_sql = array_map('intval', $ban); - if ($unban_sql) + if (sizeof($unban_sql)) { // Grab details of bans for logging information later switch ($mode) { case 'user': $sql = 'SELECT u.username AS unban_info - FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . " b - WHERE b.ban_id IN ($unban_sql) - AND u.user_id = b.ban_userid"; + FROM ' . USERS_TABLE . ' u, ' . BANLIST_TABLE . ' b + WHERE ' . $db->sql_in_set('b.ban_id', $unban_sql) . ' + AND u.user_id = b.ban_userid'; break; case 'email': $sql = 'SELECT ban_email AS unban_info - FROM ' . BANLIST_TABLE . " - WHERE ban_id IN ($unban_sql)"; + FROM ' . BANLIST_TABLE . ' + WHERE ' . $db->sql_in_set('ban_id', $unban_sql); break; case 'ip': $sql = 'SELECT ban_ip AS unban_info - FROM ' . BANLIST_TABLE . " - WHERE ban_id IN ($unban_sql)"; + FROM ' . BANLIST_TABLE . ' + WHERE ' . $db->sql_in_set('ban_id', $unban_sql); break; } $result = $db->sql_query($sql); @@ -882,8 +875,8 @@ function user_unban($mode, $ban) } $db->sql_freeresult($result); - $sql = 'DELETE FROM ' . BANLIST_TABLE . " - WHERE ban_id IN ($unban_sql)"; + $sql = 'DELETE FROM ' . BANLIST_TABLE . ' + WHERE ' . $db->sql_in_set('ban_id', $unban_sql); $db->sql_query($sql); add_log('admin', 'LOG_UNBAN_' . strtoupper($mode), $l_unban_list); @@ -1580,7 +1573,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, // Remove users who are already members of this group $sql = 'SELECT user_id, group_leader FROM ' . USER_GROUP_TABLE . ' - WHERE user_id IN (' . implode(', ', $user_id_ary) . ") + WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . " AND group_id = $group_id"; $result = $db->sql_query($sql); @@ -1636,7 +1629,7 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, { $sql = 'UPDATE ' . USER_GROUP_TABLE . ' SET group_leader = 1 - WHERE user_id IN (' . implode(', ', $update_id_ary) . ") + WHERE ' . $db->sql_in_set('user_id', $update_id_ary) . " AND group_id = $group_id"; $db->sql_query($sql); } @@ -1682,7 +1675,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $sql = 'SELECT * FROM ' . GROUPS_TABLE . ' - WHERE group_name IN (' . implode(', ', preg_replace('#^(.*)$#', "'\\1'", $group_order)) . ')'; + WHERE ' . $db->sql_in_set('group_name', $group_order); $result = $db->sql_query($sql); $group_order_id = $special_group_data = array(); @@ -1711,7 +1704,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, // Get users default groups - we only need to reset default group membership if the group from which the user gets removed is set as default $sql = 'SELECT user_id, group_id FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $user_id_ary) . ")"; + WHERE ' . $db->sql_in_set('user_id', $user_id_ary); $result = $db->sql_query($sql); $default_groups = array(); @@ -1724,7 +1717,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, // What special group memberships exist for these users? $sql = 'SELECT g.group_id, g.group_name, ug.user_id FROM ' . USER_GROUP_TABLE . ' ug, ' . GROUPS_TABLE . ' g - WHERE ug.user_id IN (' . implode(', ', $user_id_ary) . ") + WHERE ' . $db->sql_in_set('ug.user_id', $user_id_ary) . " AND g.group_id = ug.group_id AND g.group_id <> $group_id AND g.group_type = " . GROUP_SPECIAL . ' @@ -1760,7 +1753,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, // Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem) $sql = 'SELECT user_id, user_avatar FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ') + WHERE ' . $db->sql_in_set('user_id', $sql_where_ary[$gid]) . ' AND user_avatar_type = ' . AVATAR_UPLOAD; $result = $db->sql_query($sql); @@ -1772,7 +1765,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, } $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $special_group_data[$gid]) . ' - WHERE user_id IN (' . implode(', ', $sql_where_ary[$gid]) . ')'; + WHERE ' . $db->sql_in_set('user_id', $sql_where_ary[$gid]); $db->sql_query($sql); } } @@ -1780,7 +1773,7 @@ function group_user_del($group_id, $user_id_ary = false, $username_ary = false, $sql = 'DELETE FROM ' . USER_GROUP_TABLE . " WHERE group_id = $group_id - AND user_id IN (" . implode(', ', $user_id_ary) . ')'; + AND " . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); // Clear permissions cache of relevant users @@ -1825,7 +1818,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna $sql = 'UPDATE ' . USER_GROUP_TABLE . ' SET group_leader = ' . (($action == 'promote') ? 1 : 0) . " WHERE group_id = $group_id - AND user_id IN (" . implode(', ', $user_id_ary) . ')'; + AND " . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); $log = ($action == 'promote') ? 'LOG_GROUP_PROMOTED' : 'LOG_GROUP_DEMOTED'; @@ -1838,7 +1831,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna WHERE ug.group_id = ' . $group_id . ' AND ug.user_pending = 1 AND ug.user_id = u.user_id - AND ug.user_id IN (' . implode(', ', $user_id_ary) . ')'; + AND ' . $db->sql_in_set('ug.user_id', $user_id_ary); $result = $db->sql_query($sql); $user_id_ary = $email_users = array(); @@ -1857,7 +1850,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna $sql = 'UPDATE ' . USER_GROUP_TABLE . " SET user_pending = 0 WHERE group_id = $group_id - AND user_id IN (" . implode(', ', $user_id_ary) . ')'; + AND " . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); // Send approved email to users... @@ -1963,7 +1956,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal // Ok, get the original avatar data from users having an uploaded one (we need to remove these from the filesystem) $sql = 'SELECT user_id, user_avatar FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $user_id_ary) . ') + WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . ' AND user_avatar_type = ' . AVATAR_UPLOAD; $result = $db->sql_query($sql); @@ -1975,7 +1968,7 @@ function group_set_user_default($group_id, $user_id_ary, $group_attributes = fal } $sql = 'UPDATE ' . USERS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' - WHERE user_id IN (' . implode(', ', $user_id_ary) . ')'; + WHERE ' . $db->sql_in_set('user_id', $user_id_ary); $db->sql_query($sql); } @@ -2016,22 +2009,29 @@ function group_memberships($group_id_ary = false, $user_id_ary = false, $return_ return true; } + if ($user_id_ary) + { + $user_id_ary = (!is_array($user_id_ary)) ? array($user_id_ary) : $user_id_ary; + } + + if ($group_id_ary) + { + $group_id_ary = (!is_array($group_id_ary)) ? array($group_id_ary) : $group_id_ary; + } + $sql = 'SELECT ug.*, u.username, u.user_email FROM ' . USER_GROUP_TABLE . ' ug, ' . USERS_TABLE . ' u WHERE ug.user_id = u.user_id AND '; - if ($group_id_ary && $user_id_ary) - { - $sql .= " ug.group_id " . ((is_array($group_id_ary)) ? ' IN (' . implode(', ', $group_id_ary) . ')' : " = $group_id_ary") . " - AND ug.user_id " . ((is_array($user_id_ary)) ? ' IN (' . implode(', ', $user_id_ary) . ')' : " = $user_id_ary"); - } - else if ($group_id_ary) + if ($group_id_ary) { - $sql .= " ug.group_id " . ((is_array($group_id_ary)) ? ' IN (' . implode(', ', $group_id_ary) . ')' : " = $group_id_ary"); + $sql .= ' ' . $db->sql_in_set('ug.group_id', $group_id_ary); } - else if ($user_id_ary) + + if ($user_id_ary) { - $sql .= " ug.user_id " . ((is_array($user_id_ary)) ? ' IN (' . implode(', ', $user_id_ary) . ')' : " = $user_id_ary"); + $sql .= ($group_id_ary) ? ' AND ' : ' '; + $sql .= $db->sql_in_set('ug.user_id', $user_id_ary); } $result = ($return_bool) ? $db->sql_query_limit($sql, 1) : $db->sql_query($sql); diff --git a/phpBB/includes/mcp/mcp_forum.php b/phpBB/includes/mcp/mcp_forum.php index 36211ab5b0..09470b8269 100644 --- a/phpBB/includes/mcp/mcp_forum.php +++ b/phpBB/includes/mcp/mcp_forum.php @@ -177,7 +177,7 @@ function mcp_resync_topics($topic_ids) $sql = 'SELECT topic_id, forum_id, topic_title FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(', ', $topic_ids) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $topic_ids); $result = $db->sql_query($sql); // Log this action diff --git a/phpBB/includes/mcp/mcp_front.php b/phpBB/includes/mcp/mcp_front.php index 4ff02c7a43..745b2c0d61 100644 --- a/phpBB/includes/mcp/mcp_front.php +++ b/phpBB/includes/mcp/mcp_front.php @@ -41,7 +41,7 @@ function mcp_front_view($id, $mode, $action) $sql = 'SELECT forum_id, forum_name FROM ' . FORUMS_TABLE . ' - WHERE forum_id IN (' . implode(', ', $forum_list) . ')'; + WHERE ' . $db->sql_in_set('forum_id', $forum_list); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -65,7 +65,7 @@ function mcp_front_view($id, $mode, $action) $sql = 'SELECT p.post_id, p.post_subject, p.post_time, p.poster_id, p.post_username, u.username, t.topic_id, t.topic_title, t.topic_first_post_id, p.forum_id FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u - WHERE p.post_id IN (' . implode(', ', $post_list) . ') + WHERE ' . $db->sql_in_set('p.post_id', $post_list) . ' AND t.topic_id = p.topic_id AND p.poster_id = u.user_id ORDER BY p.post_time DESC'; diff --git a/phpBB/includes/mcp/mcp_logs.php b/phpBB/includes/mcp/mcp_logs.php index e14ac094fe..f9cf7d27df 100755 --- a/phpBB/includes/mcp/mcp_logs.php +++ b/phpBB/includes/mcp/mcp_logs.php @@ -84,7 +84,7 @@ class mcp_logs $sql_in[] = $mark; } - $where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')'; + $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in); unset($sql_in); } diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index ce0c47941d..9b2d47c818 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -224,8 +224,8 @@ function lock_unlock($action, $ids) if (confirm_box(true)) { $sql = "UPDATE $table - SET $set_id = " . (($action == 'lock' || $action == 'lock_post') ? ITEM_LOCKED : ITEM_UNLOCKED) . " - WHERE $sql_id IN (" . implode(', ', $ids) . ")"; + SET $set_id = " . (($action == 'lock' || $action == 'lock_post') ? ITEM_LOCKED : ITEM_UNLOCKED) . ' + WHERE ' . $db->sql_in_set($sql_id, $ids); $db->sql_query($sql); $data = ($action == 'lock' || $action == 'unlock') ? get_topic_data($ids) : get_post_data($ids); @@ -311,7 +311,7 @@ function change_topic_type($action, $topic_ids) { $sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_type = $new_topic_type - WHERE topic_id IN (" . implode(', ', $topic_ids) . ') + WHERE " . $db->sql_in_set('topic_id', $topic_ids) . ' AND forum_id <> 0'; $db->sql_query($sql); @@ -320,14 +320,14 @@ function change_topic_type($action, $topic_ids) { $sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_type = $new_topic_type, forum_id = $forum_id - WHERE topic_id IN (" . implode(', ', $topic_ids) . ') + WHERE " . $db->sql_in_set('topic_id', $topic_ids) . ' AND forum_id = 0'; $db->sql_query($sql); // Update forum_ids for all posts $sql = 'UPDATE ' . POSTS_TABLE . " SET forum_id = $forum_id - WHERE topic_id IN (" . implode(', ', $topic_ids) . ') + WHERE " . $db->sql_in_set('topic_id', $topic_ids) . ' AND forum_id = 0'; $db->sql_query($sql); @@ -339,7 +339,7 @@ function change_topic_type($action, $topic_ids) // Get away with those topics already being a global announcement by re-calculating $topic_ids $sql = 'SELECT topic_id FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(', ', $topic_ids) . ') + WHERE ' . $db->sql_in_set('topic_id', $topic_ids) . ' AND forum_id <> 0'; $result = $db->sql_query($sql); @@ -354,18 +354,18 @@ function change_topic_type($action, $topic_ids) { // Delete topic shadows for global announcements $sql = 'DELETE FROM ' . TOPICS_TABLE . ' - WHERE topic_moved_id IN (' . implode(', ', $topic_ids) . ')'; + WHERE ' . $db->sql_in_set('topic_moved_id', $topic_ids); $db->sql_query($sql); $sql = 'UPDATE ' . TOPICS_TABLE . " SET topic_type = $new_topic_type, forum_id = 0 - WHERE topic_id IN (" . implode(', ', $topic_ids) . ')'; + WHERE " . $db->sql_in_set('topic_id', $topic_ids); $db->sql_query($sql); // Update forum_ids for all posts $sql = 'UPDATE ' . POSTS_TABLE . ' SET forum_id = 0 - WHERE topic_id IN (' . implode(', ', $topic_ids) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $topic_ids); $db->sql_query($sql); sync('forum', 'forum_id', $forum_id); @@ -640,7 +640,7 @@ function mcp_delete_post($post_ids) $sql = 'SELECT DISTINCT topic_id FROM ' . POSTS_TABLE . ' - WHERE post_id IN (' . implode(', ', $post_ids) . ')'; + WHERE ' . $db->sql_in_set('post_id', $post_ids); $result = $db->sql_query($sql); $topic_id_list = array(); @@ -663,7 +663,7 @@ function mcp_delete_post($post_ids) $sql = 'SELECT COUNT(topic_id) AS topics_left FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(', ', $topic_id_list) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $topic_id_list); $result = $db->sql_query_limit($sql, 1); $deleted_topics = ($row = $db->sql_fetchrow($result)) ? ($affected_topics - $row['topics_left']) : $affected_topics; diff --git a/phpBB/includes/mcp/mcp_notes.php b/phpBB/includes/mcp/mcp_notes.php index 0f716f5f9e..cc4ed0e72b 100755 --- a/phpBB/includes/mcp/mcp_notes.php +++ b/phpBB/includes/mcp/mcp_notes.php @@ -106,7 +106,7 @@ class mcp_notes { $sql_in[] = $mark; } - $where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')'; + $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in); unset($sql_in); } diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index 25fdc0a90a..95e89fa9dc 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -251,10 +251,10 @@ class mcp_queue if (sizeof($post_ids)) { $sql = 'SELECT t.topic_id, t.topic_title, t.forum_id, p.post_id, p.post_subject, p.post_username, p.poster_id, p.post_time, u.username - FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . " u - WHERE p.post_id IN (" . implode(', ', $post_ids) . ") + FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u + WHERE ' . $db->sql_in_set('p.post_id', $post_ids) . ' AND t.topic_id = p.topic_id - AND u.user_id = p.poster_id"; + AND u.user_id = p.poster_id'; $result = $db->sql_query($sql); $post_data = $rowset = array(); @@ -306,7 +306,7 @@ class mcp_queue // Select the names for the forum_ids $sql = 'SELECT forum_id, forum_name FROM ' . FORUMS_TABLE . ' - WHERE forum_id IN (' . implode(',', $forum_names) . ')'; + WHERE ' . $db->sql_in_set('forum_id', $forum_names); $result = $db->sql_query($sql, 3600); $forum_names = array(); @@ -449,7 +449,7 @@ function approve_post($post_id_list, $mode) { $sql = 'UPDATE ' . TOPICS_TABLE . ' SET topic_approved = 1 - WHERE topic_id IN (' . implode(', ', $topic_approve_sql) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $topic_approve_sql); $db->sql_query($sql); } @@ -457,7 +457,7 @@ function approve_post($post_id_list, $mode) { $sql = 'UPDATE ' . POSTS_TABLE . ' SET post_approved = 1 - WHERE post_id IN (' . implode(', ', $post_approve_sql) . ')'; + WHERE ' . $db->sql_in_set('post_id', $post_approve_sql); $db->sql_query($sql); } diff --git a/phpBB/includes/mcp/mcp_reports.php b/phpBB/includes/mcp/mcp_reports.php index be4502e23e..a52bc02359 100755 --- a/phpBB/includes/mcp/mcp_reports.php +++ b/phpBB/includes/mcp/mcp_reports.php @@ -191,9 +191,10 @@ class mcp_reports $forum_id = $topic_info['forum_id']; } + $forum_list = array(); + if (!$forum_id) { - $forum_list = array(); foreach ($forum_list_reports as $row) { $forum_list[] = $row['forum_id']; @@ -201,14 +202,14 @@ class mcp_reports $global_id = $forum_list[0]; - if (!($forum_list = implode(', ', $forum_list))) + if (!sizeof($forum_list)) { trigger_error('NOT_MODERATOR'); } $sql = 'SELECT SUM(forum_topics) as sum_forum_topics - FROM ' . FORUMS_TABLE . " - WHERE forum_id IN ($forum_list)"; + FROM ' . FORUMS_TABLE . ' + WHERE ' . $db->sql_in_set('forum_id', $forum_list); $result = $db->sql_query($sql); $forum_info['forum_topics'] = (int) $db->sql_fetchfield('sum_forum_topics'); $db->sql_freeresult($result); @@ -223,11 +224,11 @@ class mcp_reports } $forum_info = $forum_info[$forum_id]; - $forum_list = $forum_id; + $forum_list = array($forum_id); $global_id = $forum_id; } - $forum_list .= ', 0'; + $forum_list[] = 0; $forum_data = array(); $forum_options = '<option value="0"' . (($forum_id == 0) ? ' selected="selected"' : '') . '>' . $user->lang['ALL_FORUMS'] . '</option>'; @@ -256,8 +257,8 @@ class mcp_reports } $sql = 'SELECT r.report_id - FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . REPORTS_TABLE . ' r ' . (($sort_order_sql[0] == 'u') ? ', ' . USERS_TABLE . ' u' : '') . (($sort_order_sql[0] == 'r') ? ', ' . USERS_TABLE . ' ru' : '') . " - WHERE p.forum_id IN ($forum_list) + FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . REPORTS_TABLE . ' r ' . (($sort_order_sql[0] == 'u') ? ', ' . USERS_TABLE . ' u' : '') . (($sort_order_sql[0] == 'r') ? ', ' . USERS_TABLE . ' ru' : '') . ' + WHERE ' . $db->sql_in_set('p.forum_id', $forum_list) . " $report_state AND r.post_id = p.post_id " . (($sort_order_sql[0] == 'u') ? 'AND u.user_id = p.poster_id' : '') . ' @@ -280,12 +281,12 @@ class mcp_reports if (sizeof($report_ids)) { $sql = 'SELECT t.forum_id, t.topic_id, t.topic_title, p.post_id, p.post_subject, p.post_username, p.poster_id, p.post_time, u.username, r.user_id as reporter_id, ru.username as reporter_name, r.report_time, r.report_id - FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u, ' . USERS_TABLE . " ru - WHERE r.report_id IN (" . implode(', ', $report_ids) . ") + FROM ' . REPORTS_TABLE . ' r, ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . USERS_TABLE . ' u, ' . USERS_TABLE . ' ru + WHERE ' . $db->sql_in_set('r.report_id', $report_ids) . ' AND t.topic_id = p.topic_id AND r.post_id = p.post_id AND u.user_id = p.poster_id - AND ru.user_id = r.user_id"; + AND ru.user_id = r.user_id'; $result = $db->sql_query($sql); $report_data = $rowset = array(); @@ -387,7 +388,7 @@ function close_report($post_id_list, $mode, $action) $sql = 'SELECT r.post_id, r.report_closed, r.user_id, r.user_notify, u.username, u.user_email, u.user_jabber, u.user_lang, u.user_notify_type FROM ' . REPORTS_TABLE . ' r, ' . USERS_TABLE . ' u - WHERE r.post_id IN (' . implode(',', array_keys($post_info)) . ') + WHERE ' . $db->sql_in_set('r.post_id', array_keys($post_info)) . ' ' . (($action == 'close') ? 'AND r.report_closed = 0' : '') . ' AND r.user_id = u.user_id'; $result = $db->sql_query($sql); @@ -421,9 +422,9 @@ function close_report($post_id_list, $mode, $action) // Get a list of topics that still contain reported posts $sql = 'SELECT DISTINCT topic_id FROM ' . POSTS_TABLE . ' - WHERE topic_id IN (' . implode(', ', $close_report_topics) . ') + WHERE ' . $db->sql_in_set('topic_id', $close_report_topics) . ' AND post_reported = 1 - AND post_id NOT IN (' . implode(', ', $close_report_posts) . ')'; + AND ' . $db->sql_in_set('post_id', $close_report_posts, true); $result = $db->sql_query($sql); $keep_report_topics = array(); @@ -442,25 +443,25 @@ function close_report($post_id_list, $mode, $action) { $sql = 'UPDATE ' . REPORTS_TABLE . ' SET report_closed = 1 - WHERE post_id IN (' . implode(', ', $close_report_posts) . ')'; + WHERE ' . $db->sql_in_set('post_id', $close_report_posts); } else { $sql = 'DELETE FROM ' . REPORTS_TABLE . ' - WHERE post_id IN (' . implode(', ', $close_report_posts) . ')'; + WHERE ' . $db->sql_in_set('post_id', $close_report_posts); } $db->sql_query($sql); $sql = 'UPDATE ' . POSTS_TABLE . ' SET post_reported = 0 - WHERE post_id IN (' . implode(', ', $close_report_posts) . ')'; + WHERE ' . $db->sql_in_set('post_id', $close_report_posts); $db->sql_query($sql); if (sizeof($close_report_topics)) { $sql = 'UPDATE ' . TOPICS_TABLE . ' SET topic_reported = 0 - WHERE topic_id IN (' . implode(', ', $close_report_topics) . ')'; + WHERE ' . $db->sql_in_set('topic_id', $close_report_topics); $db->sql_query($sql); } diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 94e4d94d04..6aa78d091f 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -410,12 +410,11 @@ class bbcode_firstpass extends bbcode switch (strtolower($stx)) { case 'php': - $code = trim($code); $remove_tags = false; $code = str_replace(array('<', '>'), array('<', '>'), $code); - if (!preg_match('/^\<\?.*?\?\>/is', $code)) + if (!preg_match('/\<\?.*?\?\>/is', $code)) { $remove_tags = true; $code = "<?php $code ?>"; @@ -438,7 +437,7 @@ class bbcode_firstpass extends bbcode { $str_from[] = '<span class="syntaxdefault"><?php </span>'; $str_to[] = ''; - $str_from[] = '<span class="syntaxdefault"><?php '; + $str_from[] = '<span class="syntaxdefault"><?php '; $str_to[] = '<span class="syntaxdefault">'; } @@ -453,6 +452,12 @@ class bbcode_firstpass extends bbcode $code = preg_replace('#^<span class="[a-z]+"><span class="([a-z]+)">(.*)</span></span>#s', '<span class="$1">$2</span>', $code); $code = preg_replace('#(?:[\n\r\s\t]| )*</span>$#', '</span>', $code); + // remove newline at the end + if (!empty($code) && $code{strlen($code)-1} == "\n") + { + $code = substr($code, 0, -1); + } + $out .= "[code=$stx:" . $this->bbcode_uid . ']' . $code . '[/code:' . $this->bbcode_uid . ']'; break; @@ -1303,7 +1308,7 @@ class parse_message extends bbcode_firstpass // Get the data from the attachments $sql = 'SELECT attach_id, physical_filename, real_filename, extension, mimetype, filesize, filetime, thumbnail FROM ' . ATTACHMENTS_TABLE . ' - WHERE attach_id IN (' . implode(', ', array_keys($attach_ids)) . ') + WHERE ' . $db->sql_in_set('attach_id', array_keys($attach_ids)) . ' AND poster_id = ' . $check_user_id; $result = $db->sql_query($sql); @@ -1332,8 +1337,8 @@ class parse_message extends bbcode_firstpass include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); $sql = 'SELECT attach_id - FROM ' . ATTACHMENTS_TABLE . " - WHERE LOWER(physical_filename) IN ('" . implode("', '", array_map('strtolower', $filenames)) . "')"; + FROM ' . ATTACHMENTS_TABLE . ' + WHERE ' . $db->sql_in_set('LOWER(physical_filename)', array_map('strtolower', $filenames)); $result = $db->sql_query_limit($sql, 1); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); diff --git a/phpBB/includes/search/fulltext_mysql.php b/phpBB/includes/search/fulltext_mysql.php index 0b12e7cea9..827e13676d 100644 --- a/phpBB/includes/search/fulltext_mysql.php +++ b/phpBB/includes/search/fulltext_mysql.php @@ -312,19 +312,19 @@ class fulltext_mysql extends search_backend } else { - $m_approve_fid_sql = ' AND (p.post_approved = 1 OR p.forum_id NOT IN (' . implode(', ', $m_approve_fid_ary) . '))'; + $m_approve_fid_sql = ' AND (p.post_approved = 1 OR ' . $db->sql_in_set('p.forum_id', $m_approve_fid_ary, true) . ')'; } $sql_select = (!$result_count) ? 'SQL_CALC_FOUND_ROWS ' : ''; $sql_select = ($type == 'posts') ? $sql_select . 'p.post_id' : 'DISTINCT ' . $sql_select . 't.topic_id'; $sql_from = ($join_topic) ? TOPICS_TABLE . ' t, ' : ''; $field = ($type == 'posts') ? 'post_id' : 'topic_id'; - $sql_author = (sizeof($author_ary) == 1) ? ' = ' . $author_ary[0] : 'IN (' . implode(',', $author_ary) . ')'; + $sql_author = (sizeof($author_ary) == 1) ? ' = ' . $author_ary[0] : 'IN (' . implode(', ', $author_ary) . ')'; $sql_where_options = $sql_sort_join; $sql_where_options .= ($topic_id) ? ' AND p.topic_id = ' . $topic_id : ''; $sql_where_options .= ($join_topic) ? ' AND t.topic_id = p.topic_id' : ''; - $sql_where_options .= (sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : ''; + $sql_where_options .= (sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : ''; $sql_where_options .= $m_approve_fid_sql; $sql_where_options .= (sizeof($author_ary)) ? ' AND p.poster_id ' . $sql_author : ''; $sql_where_options .= ($sort_days) ? ' AND p.post_time >= ' . (time() - ($sort_days * 86400)) : ''; @@ -451,8 +451,8 @@ class fulltext_mysql extends search_backend $id_ary = array(); // Create some display specific sql strings - $sql_author = 'p.poster_id ' . ((sizeof($author_ary) > 1) ? 'IN (' . implode(',', $author_ary) . ')' : '= ' . $author_ary[0]); - $sql_fora = (sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : ''; + $sql_author = $db->sql_in_set('p.poster_id', $author_ary); + $sql_fora = (sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : ''; $sql_topic_id = ($topic_id) ? ' AND p.topic_id = ' . (int) $topic_id : ''; $sql_time = ($sort_days) ? ' AND p.post_time >= ' . (time() - ($sort_days * 86400)) : ''; @@ -487,7 +487,7 @@ class fulltext_mysql extends search_backend } else { - $m_approve_fid_sql = ' AND (p.post_approved = 1 OR p.forum_id IN (' . implode($m_approve_fid_ary) . '))'; + $m_approve_fid_sql = ' AND (p.post_approved = 1 OR ' . $db->sql_in_set('p.forum_id', $m_approve_fid_ary) . ')'; } // If the cache was completely empty count the results diff --git a/phpBB/includes/search/fulltext_native.php b/phpBB/includes/search/fulltext_native.php index 679ab3127e..bbe7542571 100755 --- a/phpBB/includes/search/fulltext_native.php +++ b/phpBB/includes/search/fulltext_native.php @@ -142,15 +142,9 @@ class fulltext_native extends search_backend if (sizeof($exact_words)) { - // we can match exact words with one IN - foreach ($exact_words as $i => $word) - { - $exact_words[$i] = '\'' . $db->sql_escape($word) . '\''; - } - $sql = 'SELECT word_id, word_text, word_common FROM ' . SEARCH_WORDLIST_TABLE . ' - WHERE word_text ' . ((sizeof($exact_words) > 1) ? 'IN (' . implode(', ', $exact_words) . ')' : '= ' . $exact_words[0]); + WHERE ' . $db->sql_in_set('word_text', $exact_words); $result = $db->sql_query($sql); // store an array of words and ids, remove common words @@ -419,7 +413,7 @@ class fulltext_native extends search_backend } } - $sql_where[] = (sizeof($word_ids) > 1) ? "m$m_num.word_id IN (" . implode(', ', $word_ids) . ')' : "m$m_num.word_id = {$word_ids[0]}"; + $sql_where[] = $db->sql_in_set("m$m_num.word_id", $word_ids); unset($word_id_sql); unset($word_ids); @@ -473,7 +467,7 @@ class fulltext_native extends search_backend { $sql_array['LEFT_JOIN'][] = array( 'FROM' => array(SEARCH_WORDMATCH_TABLE => 'm' . $m_num), - 'ON' => ((sizeof($this->must_not_contain_ids) > 1) ? "m$m_num.word_id IN (" . implode(', ', $this->must_not_contain_ids) . ')' : "m$m_num.word_id = " . $this->must_not_contain_ids[0]) . (($title_match) ? "m$m_num.$title_match" : '') . " AND m$m_num.post_id = m0.post_id" + 'ON' => $db->sql_in_set("m$m_num.word_id", $this->must_not_contain_ids) . (($title_match) ? "m$m_num.$title_match" : '') . " AND m$m_num.post_id = m0.post_id" ); $sql_where[] = "m$m_num.word_id IS NULL"; @@ -514,7 +508,7 @@ class fulltext_native extends search_backend } else if ($m_approve_fid_ary !== array(-1)) { - $sql_where[] = '(p.post_approved = 1 OR p.forum_id ' . ((sizeof($m_approve_fid_ary) == 1) ? '= ' . $m_approve_fid_ary[0] : 'NOT IN (' . implode(', ', $m_approve_fid_ary) . ')' ) . ')'; + $sql_where[] = '(p.post_approved = 1 OR ' . $db->sql_in_set('p.forum_id', $m_approve_fid_ary) . ')'; } if ($topic_id) @@ -524,12 +518,12 @@ class fulltext_native extends search_backend if (sizeof($author_ary)) { - $sql_where[] = 'p.poster_id ' . ((sizeof($author_ary) == 1) ? ' = ' . $author_ary[0] : 'IN (' . implode(',', $author_ary) . ')'); + $sql_where[] = $db->sql_in_set('p.poster_id', $author_ary); } if (sizeof($ex_fid_ary)) { - $sql_where[] = 'p.forum_id ' . ((sizeof($ex_fid_ary) == 1) ? '<> ' . $ex_fid_ary[0] : 'NOT IN (' . implode(',', $ex_fid_ary) . ')'); + $sql_where[] = $db->sql_in_set('p.forum_id', $ex_fid_ary, true); } if ($sort_days) @@ -696,8 +690,8 @@ class fulltext_native extends search_backend $id_ary = array(); // Create some display specific sql strings - $sql_author = 'p.poster_id ' . ((sizeof($author_ary) > 1) ? 'IN (' . implode(',', $author_ary) . ')' : '= ' . $author_ary[0]); - $sql_fora = (sizeof($ex_fid_ary)) ? ' AND p.forum_id ' . ((sizeof($ex_fid_ary) == 1) ? '<> ' . $ex_fid_ary[0] : 'NOT IN (' . implode(',', $ex_fid_ary) . ')') : ''; + $sql_author = $db->sql_in_set('p.poster_id', $author_ary); + $sql_fora = (sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : ''; $sql_time = ($sort_days) ? ' AND p.post_time >= ' . (time() - ($sort_days * 86400)) : ''; $sql_topic_id = ($topic_id) ? ' AND p.topic_id = ' . (int) $topic_id : ''; @@ -732,7 +726,7 @@ class fulltext_native extends search_backend } else { - $m_approve_fid_sql = ' AND (p.post_approved = 1 OR p.forum_id ' . ((sizeof($m_approve_fid_ary) == 1) ? '= ' . $m_approve_fid_ary[0] : 'IN (' . implode($m_approve_fid_ary) . ')' ) . ')'; + $m_approve_fid_sql = ' AND (p.post_approved = 1 OR ' . $db->sql_in_set('p.forum_id', $m_approve_fid_ary) . ')'; } $select = ($type == 'posts') ? 'p.post_id' : 't.topic_id'; @@ -1015,8 +1009,8 @@ class fulltext_native extends search_backend if (sizeof($unique_add_words)) { $sql = 'SELECT word_id, word_text - FROM ' . SEARCH_WORDLIST_TABLE . " - WHERE word_text IN ('" . implode("','", array_map(array(&$db, 'sql_escape'), $unique_add_words)) . "')"; + FROM ' . SEARCH_WORDLIST_TABLE . ' + WHERE ' . $db->sql_in_set('word_text', $unique_add_words); $result = $db->sql_query($sql); $word_ids = array(); @@ -1026,7 +1020,7 @@ class fulltext_native extends search_backend } $db->sql_freeresult($result); - $new_words = array_map(array(&$db, 'sql_escape'), array_diff($unique_add_words, array_keys($word_ids))); + $new_words = array_diff($unique_add_words, array_keys($word_ids)); if (sizeof($new_words)) { @@ -1066,7 +1060,7 @@ class fulltext_native extends search_backend } $sql = 'DELETE FROM ' . SEARCH_WORDMATCH_TABLE . ' - WHERE word_id IN (' . implode(', ', $sql_in) . ') + WHERE ' . $db->sql_in_set('word_id', $sql_in) . ' AND post_id = ' . intval($post_id) . " AND title_match = $title_match"; $db->sql_query($sql); @@ -1082,8 +1076,8 @@ class fulltext_native extends search_backend { $sql = 'INSERT INTO ' . SEARCH_WORDMATCH_TABLE . " (post_id, word_id, title_match) SELECT $post_id, word_id, $title_match - FROM " . SEARCH_WORDLIST_TABLE . " - WHERE word_text IN ('" . implode("','", array_map(array(&$db, 'sql_escape'), $word_ary)) . "')"; + FROM " . SEARCH_WORDLIST_TABLE . ' + WHERE ' . $db->sql_in_set('word_text', $word_ary); $db->sql_query($sql); } } @@ -1119,12 +1113,14 @@ class fulltext_native extends search_backend { global $db; - $sql = 'DELETE FROM ' . SEARCH_WORDMATCH_TABLE . ' - WHERE post_id IN (' . implode(', ', $post_ids) . ')'; - $db->sql_query($sql); + if (sizeof($post_ids)) + { + $sql = 'DELETE FROM ' . SEARCH_WORDMATCH_TABLE . ' + WHERE ' . $db->sql_in_set('post_id', $post_ids); + $db->sql_query($sql); + } // SEARCH_WORDLIST_TABLE will be updated by tidy() - $this->destroy_cache(array(), $author_ids); } @@ -1156,42 +1152,39 @@ class fulltext_native extends search_backend HAVING COUNT(word_id) > ' . floor($config['num_posts'] * 0.6); $result = $db->sql_query($sql); - if ($row = $db->sql_fetchrow($result)) + $sql_in = array(); + while ($row = $db->sql_fetchrow($result)) { - $sql_in = array(); - do - { - $sql_in[] = $row['word_id']; - } - while ($row = $db->sql_fetchrow($result)); - - $sql_in = implode(', ', $sql_in); + $sql_in[] = $row['word_id']; + } + $db->sql_freeresult($result); + if (sizeof($sql_in)) + { // Get the text of those new common words $sql = 'SELECT word_text - FROM ' . SEARCH_WORDLIST_TABLE . " - WHERE word_id IN ($sql_in)"; + FROM ' . SEARCH_WORDLIST_TABLE . ' + WHERE ' . $db->sql_in_set('word_id', $sql_in); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { $destroy_cache_words[] = $row['word_text']; } + $db->sql_freeresult($result); // Flag the words - $sql = 'UPDATE ' . SEARCH_WORDLIST_TABLE . " + $sql = 'UPDATE ' . SEARCH_WORDLIST_TABLE . ' SET word_common = 1 - WHERE word_id IN ($sql_in)"; + WHERE ' . $db->sql_in_set('word_id', $sql_in); $db->sql_query($sql); // Delete the matches - $sql = 'DELETE FROM ' . SEARCH_WORDMATCH_TABLE . " - WHERE word_id IN ($sql_in)"; + $sql = 'DELETE FROM ' . SEARCH_WORDMATCH_TABLE . ' + WHERE ' . $db->sql_in_set('word_id', $sql_in); $db->sql_query($sql); - - unset($sql_in); } - $db->sql_freeresult($result); + unset($sql_in); } // destroy cached search results containing any of the words that are now common or were removed diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 7514d070e5..46785158a5 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -131,7 +131,7 @@ class session * @todo Introduce further user types, bot, guest * @todo Change user_type (as above) to a bitfield? user_type & USER_FOUNDER for example */ - function session_begin($update_session_page = true, $loose_validation = false) + function session_begin($update_session_page = true) { global $phpEx, $SID, $_SID, $db, $config, $phpbb_root_path; @@ -658,33 +658,30 @@ class session GROUP BY session_user_id, session_page'; $result = $db->sql_query_limit($sql, 5); - $del_user_id = ''; + $del_user_id = array(); $del_sessions = 0; - if ($row = $db->sql_fetchrow($result)) + + while ($row = $db->sql_fetchrow($result)); { - do + if ($row['session_user_id'] != ANONYMOUS) { - if ($row['session_user_id'] != ANONYMOUS) - { - $sql = 'UPDATE ' . USERS_TABLE . ' - SET user_lastvisit = ' . $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "' - WHERE user_id = " . $row['session_user_id']; - $db->sql_query($sql); - } - - $del_user_id .= (($del_user_id != '') ? ', ' : '') . (int) $row['session_user_id']; - $del_sessions++; + $sql = 'UPDATE ' . USERS_TABLE . ' + SET user_lastvisit = ' . $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "' + WHERE user_id = " . $row['session_user_id']; + $db->sql_query($sql); } - while ($row = $db->sql_fetchrow($result)); + + $del_user_id[] = (int) $row['session_user_id']; + $del_sessions++; } $db->sql_freeresult($result); - if ($del_user_id) + if (sizeof($del_user_id)) { // Delete expired sessions - $sql = 'DELETE FROM ' . SESSIONS_TABLE . " - WHERE session_user_id IN ($del_user_id) - AND session_time < " . ($this->time_now - $config['session_length']); + $sql = 'DELETE FROM ' . SESSIONS_TABLE . ' + WHERE ' . $db->sql_in_set('session_user_id', $del_user_id) . ' + AND session_time < ' . ($this->time_now - $config['session_length']); $db->sql_query($sql); } diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index 1943db0190..9ac929fcea 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -318,7 +318,7 @@ class ucp_groups $sql_and = ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? '<> ' . GROUP_SPECIAL : 'NOT IN (' . GROUP_SPECIAL . ', ' . GROUP_HIDDEN . ')'; $sql = 'SELECT group_id, group_name, group_desc, group_desc_uid, group_desc_bitfield, group_desc_options, group_type FROM ' . GROUPS_TABLE . ' - WHERE group_id NOT IN (' . implode(', ', $group_id_ary) . ") + WHERE ' . $db->sql_in_set('group_id', $group_id_ary, true) . ") AND group_type $sql_and ORDER BY group_type DESC, group_name"; $result = $db->sql_query($sql); diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index e0c51204ed..8936a7728b 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -65,7 +65,7 @@ class ucp_main if (sizeof($forum_ary)) { - $sql .= ' AND forum_id NOT IN ( ' . implode(', ', $forum_ary) . ')'; + $sql .= ' AND ' . $db->sql_in_set('forum_id', $forum_ary); } $result = $db->sql_query_limit($sql, 1); $g_forum_id = (int) $db->sql_fetchfield('forum_id'); @@ -186,27 +186,27 @@ class ucp_main if ($unwatch) { - $forums = (isset($_POST['f'])) ? implode(', ', array_map('intval', array_keys($_POST['f']))) : false; - $topics = (isset($_POST['t'])) ? implode(', ', array_map('intval', array_keys($_POST['t']))) : false; + $forums = (isset($_POST['f'])) ? array_map('intval', array_keys($_POST['f'])) : array(); + $topics = (isset($_POST['t'])) ? array_map('intval', array_keys($_POST['t'])) : array(); - if ($forums || $topics) + if (sizeof($forums) || sizeof($topics)) { $l_unwatch = ''; - if ($forums) + if (sizeof($forums)) { - $sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . " - WHERE forum_id IN ($forums) - AND user_id = " . $user->data['user_id']; + $sql = 'DELETE FROM ' . FORUMS_WATCH_TABLE . ' + WHERE ' . $db->sql_in_set('forum_id', $forums) . ' + AND user_id = ' . $user->data['user_id']; $db->sql_query($sql); $l_unwatch .= '_FORUMS'; } - if ($topics) + if (sizeof($topics)) { - $sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . " - WHERE topic_id IN ($topics) - AND user_id = " . $user->data['user_id']; + $sql = 'DELETE FROM ' . TOPICS_WATCH_TABLE . ' + WHERE ' . $db->sql_in_set('topic_id', $topics) . ' + AND user_id = ' . $user->data['user_id']; $db->sql_query($sql); $l_unwatch .= '_TOPICS'; @@ -511,7 +511,7 @@ class ucp_main { $sql = 'DELETE FROM ' . BOOKMARKS_TABLE . ' WHERE user_id = ' . $user->data['user_id'] . ' - AND topic_id IN (' . implode(', ', $topics) . ')'; + AND ' . $db->sql_in_set('topic_id', $topics); $db->sql_query($sql); // Re-Order bookmarks (possible with one query? This query massaker is not really acceptable...) @@ -620,13 +620,13 @@ class ucp_main if ($delete) { - $drafts = (isset($_POST['d'])) ? implode(', ', array_map('intval', array_keys($_POST['d']))) : ''; + $drafts = (!empty($_POST['d'])) ? array_map('intval', array_keys($_POST['d'])) : array(); - if ($drafts) + if (sizeof($drafts)) { - $sql = 'DELETE FROM ' . DRAFTS_TABLE . " - WHERE draft_id IN ($drafts) - AND user_id = " .$user->data['user_id']; + $sql = 'DELETE FROM ' . DRAFTS_TABLE . ' + WHERE ' . $db->sql_in_set('draft_id', $drafts) . ' + AND user_id = ' . $user->data['user_id']; $db->sql_query($sql); $message = $user->lang['DRAFTS_DELETED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); @@ -634,6 +634,8 @@ class ucp_main meta_refresh(3, $this->u_action); trigger_error($message); } + + unset($drafts); } if ($submit && $edit) @@ -701,7 +703,7 @@ class ucp_main { $sql = 'SELECT topic_id, forum_id, topic_title FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(',', array_unique($topic_ids)) . ')'; + WHERE ' . $db->sql_in_set('topic_id', array_unique($topic_ids)); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 27a9735d35..ff95bfc307 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -663,7 +663,7 @@ function compose_pm($id, $mode, $action) { $sql = 'SELECT user_id as id, username as name, user_colour as colour FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', array_map('intval', array_keys($address_list['u']))) . ')'; + WHERE ' . $db->sql_in_set('user_id', array_map('intval', array_keys($address_list['u']))); $result['u'] = $db->sql_query($sql); } @@ -672,7 +672,7 @@ function compose_pm($id, $mode, $action) $sql = 'SELECT group_id as id, group_name as name, group_colour as colour, group_type FROM ' . GROUPS_TABLE . ' WHERE group_receive_pm = 1 - AND group_id IN (' . implode(', ', array_map('intval', array_keys($address_list['g']))) . ')'; + AND ' . $db->sql_in_set('group_id', array_map('intval', array_keys($address_list['g']))); $result['g'] = $db->sql_query($sql); } @@ -894,7 +894,7 @@ function handle_message_list_actions(&$address_list, $remove_u, $remove_g, $add_ { $sql = 'SELECT user_id FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $user_id_ary) . ') + WHERE ' . $db->sql_in_set('user_id', $user_id_ary) . ' AND user_allow_pm = 1'; $result = $db->sql_query($sql); diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index ef245e9d11..91a44c31c1 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -133,15 +133,15 @@ function view_folder($id, $mode, $folder_id, $folder) { $sql = 'SELECT user_id as id, username as name, user_colour as colour FROM ' . USERS_TABLE . ' - WHERE user_id'; + WHERE '; } else { $sql = 'SELECT group_id as id, group_name as name, group_colour as colour, group_type FROM ' . GROUPS_TABLE . ' - WHERE group_id'; + WHERE '; } - $sql .= ' IN (' . implode(', ', array_map('intval', array_keys($recipient_list[$ug_type]))) . ')'; + $sql .= $db->sql_in_set(($ug_type == 'u') ? 'user_id' : 'group_id', array_map('intval', array_keys($recipient_list[$ug_type]))); $result = $db->sql_query($sql); @@ -277,15 +277,15 @@ function view_folder($id, $mode, $folder_id, $folder) { $sql = 'SELECT user_id as id, username as name FROM ' . USERS_TABLE . ' - WHERE user_id'; + WHERE '; } else { $sql = 'SELECT group_id as id, group_name as name FROM ' . GROUPS_TABLE . ' - WHERE group_id'; + WHERE '; } - $sql .= ' IN (' . implode(', ', array_map('intval', array_keys($address[$message_id][$ug_type]))) . ')'; + $sql .= $db->sql_in_set(($ug_type == 'u') ? 'user_id' : 'group_id', array_map('intval', array_keys($address[$message_id][$ug_type]))); $result = $db->sql_query($sql); diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index 620bc9701f..4a399d847d 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -134,7 +134,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) { $sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' SET download_count = download_count + 1 - WHERE attach_id IN (' . implode(', ', array_unique($update_count)) . ')'; + WHERE ' . $db->sql_in_set('attach_id', array_unique($update_count)); $db->sql_query($sql); } } diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index 52f17a8048..d757d6e14d 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -153,7 +153,7 @@ class ucp_profile $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $admin_ary[0]['a_user']) .')'; + WHERE ' . $db->sql_in_set('user_id', $admin_ary[0]['a_user']); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -585,7 +585,11 @@ class ucp_profile // Delete old avatar if present if ($user->data['user_avatar'] && $filename != $user->data['user_avatar'] && $user->data['user_avatar_type'] != AVATAR_GALLERY) { - avatar_delete($user->data['user_avatar']); + // Check if the users avatar is actually a group avatar + if (strpos($user->data['user_avatar'], 'g' . $user->data['group_id'] . '_') !== 0 && strpos($user->data['user_avatar'], $user->data['user_id'] . '_') === 0) + { + avatar_delete($user->data['user_avatar']); + } } } diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index 620b388f99..01b92125ac 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -323,7 +323,7 @@ class ucp_register $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $admin_ary[0]['a_user']) .')'; + WHERE ' . $db->sql_in_set('user_id', $admin_ary[0]['a_user']); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -375,12 +375,12 @@ class ucp_register $sql_in = array(); do { - $sql_in[] = "'" . $db->sql_escape($row['session_id']) . "'"; + $sql_in[] = (string) $row['session_id']; } while ($row = $db->sql_fetchrow($result)); $sql = 'DELETE FROM ' . CONFIRM_TABLE . ' - WHERE session_id NOT IN (' . implode(', ', $sql_in) . ') + WHERE ' . $db->sql_in_set('session_id', $sql_in, true) . ' AND confirm_type = ' . CONFIRM_REG; $db->sql_query($sql); } diff --git a/phpBB/includes/ucp/ucp_resend.php b/phpBB/includes/ucp/ucp_resend.php index 0e59c7560c..84ce3fe9b7 100644 --- a/phpBB/includes/ucp/ucp_resend.php +++ b/phpBB/includes/ucp/ucp_resend.php @@ -105,7 +105,7 @@ class ucp_resend $sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type FROM ' . USERS_TABLE . ' - WHERE user_id IN (' . implode(', ', $admin_ary[0]['a_user']) .')'; + WHERE ' . $db->sql_in_set('user_id', $admin_ary[0]['a_user']); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) diff --git a/phpBB/includes/ucp/ucp_zebra.php b/phpBB/includes/ucp/ucp_zebra.php index fb9925e248..2cf6edcac4 100644 --- a/phpBB/includes/ucp/ucp_zebra.php +++ b/phpBB/includes/ucp/ucp_zebra.php @@ -97,13 +97,11 @@ class ucp_zebra unset($friends, $foes, $n); - $data['add'] = implode(', ', preg_replace('#^(.*?)$#', "'$1'", array_map(array(&$db, 'sql_escape'), $data['add']))); - - if ($data['add']) + if (sizeof($data['add'])) { $sql = 'SELECT user_id, user_type FROM ' . USERS_TABLE . ' - WHERE LOWER(username) IN (' . $data['add'] . ') + WHERE ' . $db->sql_in_set('LOWER(username)', $data['add']) . ' AND user_type <> ' . USER_INACTIVE; $result = $db->sql_query($sql); @@ -197,7 +195,7 @@ class ucp_zebra $sql = 'DELETE FROM ' . ZEBRA_TABLE . ' WHERE user_id = ' . $user->data['user_id'] . ' - AND zebra_id IN (' . implode(', ', $data['usernames']) . ')'; + AND ' . $db->sql_in_set('zebra_id', $data['usernames']); $db->sql_query($sql); } diff --git a/phpBB/language/en/install.php b/phpBB/language/en/install.php index 35192e48c4..619d68e6b4 100755 --- a/phpBB/language/en/install.php +++ b/phpBB/language/en/install.php @@ -187,7 +187,7 @@ $lang = array_merge($lang, array( 'NO_LOCATION' => 'Cannot determine location. If you know Imagemagick is installed, you may specify the location later within your Administration Panel', 'NO_TABLES_FOUND' => 'No tables found.', // TODO: Write some explanatory introduction text - 'OVERVIEW_BODY' => 'Welcome to our first public beta of the next-generation of phpBB after 2.0.x, phpBB 3.0! This beta release is intended for advanced users to try out on dedicated development enviroments to help us finish creating the best Opensource Bulletin Board solution available.</p><p><strong style="text-transform: uppercase;">Note:</strong> This release is <strong style="text-transform: uppercase;">not final</strong> and made available for testing purposes <strong style="text-transform: uppercase;">only</strong>.</p><p>This installation system will guide you through the process of installing phpBB, converting from a different software package or updating to the latest version of phpBB. For more information on each option, select it from the menu above.', + 'OVERVIEW_BODY' => 'Welcome to our public beta of the next-generation of phpBB after 2.0.x, phpBB 3.0! This beta release is intended for advanced users to try out on dedicated development enviroments to help us finish creating the best Opensource Bulletin Board solution available.</p><p><strong style="text-transform: uppercase;">Note:</strong> This release is <strong style="text-transform: uppercase;">not final</strong> and made available for testing purposes <strong style="text-transform: uppercase;">only</strong>.</p><p>This installation system will guide you through the process of installing phpBB, converting from a different software package or updating to the latest version of phpBB. For more information on each option, select it from the menu above.', 'PHP_OPTIONAL_MODULE' => 'Optional Modules', 'PHP_OPTIONAL_MODULE_EXPLAIN' => '<strong>Optional</strong> - These modules or applications are optional, you do not need these to use phpBB 3.0. However if you do have them they will will enable greater functionality.', 'PHP_SUPPORTED_DB' => 'Supported Databases', diff --git a/phpBB/mcp.php b/phpBB/mcp.php index 702f1a28e8..0ecef72efa 100644 --- a/phpBB/mcp.php +++ b/phpBB/mcp.php @@ -273,7 +273,7 @@ function get_topic_data($topic_ids, $acl_list = false) $sql = 'SELECT f.*, t.* FROM ' . TOPICS_TABLE . ' t LEFT JOIN ' . FORUMS_TABLE . ' f ON t.forum_id = f.forum_id - WHERE t.topic_id IN (' . implode(', ', $topic_ids) . ')'; + WHERE ' . $db->sql_in_set('t.topic_id', $topic_ids); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -337,7 +337,7 @@ function get_post_data($post_ids, $acl_list = false) ) ), - 'WHERE' => 'p.post_id IN (' . implode(', ', $post_ids) . ') + 'WHERE' => $db->sql_in_set('p.post_id', $post_ids) . ' AND u.user_id = p.poster_id AND t.topic_id = p.topic_id', )); @@ -378,6 +378,11 @@ function get_forum_data($forum_id, $acl_list = 'f_list') $rowset = array(); + if (!is_array($forum_id)) + { + $forum_id = array($forum_id); + } + if (!sizeof($forum_id)) { return array(); @@ -385,7 +390,7 @@ function get_forum_data($forum_id, $acl_list = 'f_list') $sql = 'SELECT * FROM ' . FORUMS_TABLE . ' - WHERE forum_id ' . ((is_array($forum_id)) ? 'IN (' . implode(', ', $forum_id) . ')' : "= $forum_id"); + WHERE ' . $db->sql_in_set('forum_id', $forum_id); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -462,7 +467,7 @@ function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql, $sql = 'SELECT COUNT(post_id) AS total FROM ' . POSTS_TABLE . " - $where_sql forum_id IN (" . (($forum_id) ? $forum_id : implode(', ', get_forum_list('m_approve'))) . ') + $where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : get_forum_list('m_approve')) . ' AND post_approved = 0 AND post_time >= ' . $min_time; break; @@ -474,7 +479,7 @@ function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql, $sql = 'SELECT COUNT(topic_id) AS total FROM ' . TOPICS_TABLE . " - $where_sql forum_id IN (" . (($forum_id) ? $forum_id : implode(', ', get_forum_list('m_approve'))) . ') + $where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : get_forum_list('m_approve')) . ' AND topic_approved = 0 AND topic_time >= ' . $min_time; break; @@ -496,7 +501,7 @@ function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql, } else { - $where_sql .= ' p.forum_id IN (' . implode(', ', get_forum_list('m_report')) . ')'; + $where_sql .= ' ' . $db->sql_in_set('p.forum_id', get_forum_list('m_report')); } if ($mode == 'reports') @@ -522,7 +527,7 @@ function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql, $sql = 'SELECT COUNT(log_id) AS total FROM ' . LOG_TABLE . " - $where_sql forum_id IN (" . (($forum_id) ? $forum_id : implode(', ', get_forum_list('m_'))) . ') + $where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : get_forum_list('m_')) . ' AND log_time >= ' . $min_time . ' AND log_type = ' . LOG_MOD; break; @@ -626,7 +631,7 @@ function check_ids(&$ids, $table, $sql_id, $acl_list = false) WHERE forum_type = ' . FORUM_POST; if (sizeof($forum_ary)) { - $sql .= ' AND forum_id NOT IN ( ' . implode(', ', $forum_ary) . ')'; + $sql .= ' AND ' . $db->sql_in_set('forum_id', $forum_ary, true); } $result = $db->sql_query_limit($sql, 1); @@ -645,7 +650,7 @@ function check_ids(&$ids, $table, $sql_id, $acl_list = false) } $sql = "SELECT $sql_id FROM $table - WHERE $sql_id IN (" . implode(', ', $ids) . ") + WHERE " . $db->sql_in_set($sql_id, $ids) . " AND (forum_id = $forum_id OR forum_id = 0)"; $result = $db->sql_query($sql); diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 2ace920917..0c29bd6559 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -136,7 +136,7 @@ switch ($mode) ) ), - 'WHERE' => 'u.user_id IN (' . implode(', ', array_unique(array_merge($admin_id_ary, $mod_id_ary))) . ') + 'WHERE' => $db->sql_in_set('u.user_id', array_unique(array_merge($admin_id_ary, $mod_id_ary))) . ' AND u.group_id = g.group_id', 'ORDER_BY' => 'g.group_name ASC, u.username ASC' @@ -878,7 +878,7 @@ switch ($mode) if ($ips === false) { // A minor fudge but it does the job :D - $sql_where .= " AND u.user_id IN ('-1')"; + $sql_where .= " AND u.user_id = 0"; } else { @@ -899,12 +899,12 @@ switch ($mode) } while ($row = $db->sql_fetchrow($result)); - $sql_where .= ' AND u.user_id IN (' . implode(', ', $ip_sql) . ')'; + $sql_where .= ' AND ' . $db->sql_in_set('u.user_id', $ip_sql); } else { // A minor fudge but it does the job :D - $sql_where .= " AND u.user_id IN ('-1')"; + $sql_where .= " AND u.user_id = 0"; } unset($ip_forums); diff --git a/phpBB/search.php b/phpBB/search.php index 53f75ab0cf..76e84de0e6 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -89,7 +89,7 @@ if ($keywords || $author || $author_id || $search_id || $submit) // Which forums should not be searched? $ex_fid_ary = array_unique(array_merge(array_keys($auth->acl_getf('!f_read', true)), array_keys($auth->acl_getf('!f_search', true)))); - $not_in_fid = (sizeof($ex_fid_ary)) ? 'WHERE f.forum_id NOT IN (' . implode(', ', $ex_fid_ary) . ") OR (f.forum_password <> '' AND fa.user_id <> " . (int) $user->data['user_id'] . ')' : ""; + $not_in_fid = (sizeof($ex_fid_ary)) ? 'WHERE ' . $db->sql_in_set('f.forum_id', $ex_fid_ary, true) . " OR (f.forum_password <> '' AND fa.user_id <> " . (int) $user->data['user_id'] . ')' : ""; $sql = 'SELECT f.forum_id, f.forum_name, f.parent_id, f.forum_type, f.right_id, f.forum_password, fa.user_id FROM ' . FORUMS_TABLE . ' f @@ -141,7 +141,7 @@ if ($keywords || $author || $author_id || $search_id || $submit) else if ($auth->acl_getf_global('m_approve')) { $m_approve_fid_ary = array_diff(array_keys($auth->acl_getf('!m_approve', true)), $ex_fid_ary); - $m_approve_fid_sql = ' AND (p.post_approved = 1' . ((sizeof($m_approve_fid_ary)) ? ' OR p.forum_id NOT IN (' . implode(', ', $m_approve_fid_ary) . ')' : '') . ')'; + $m_approve_fid_sql = ' AND (p.post_approved = 1' . ((sizeof($m_approve_fid_ary)) ? ' OR ' . $db->sql_in_set('p.forum_id', $m_approve_fid_ary, true) : '') . ')'; } else { @@ -276,7 +276,7 @@ if ($keywords || $author || $author_id || $search_id || $submit) AND t.topic_approved = 1 AND p.topic_id = t.topic_id $m_approve_fid_sql - " . ((sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '') . ' + " . ((sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '') . ' ORDER BY t.topic_last_post_time DESC'; $field = 'topic_id'; break; @@ -304,7 +304,7 @@ if ($keywords || $author || $author_id || $search_id || $submit) WHERE t.topic_replies = 0 AND p.topic_id = t.topic_id $m_approve_fid_sql - " . ((sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '') . " + " . ((sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '') . " $sql_sort"; $field = 'post_id'; } @@ -315,7 +315,7 @@ if ($keywords || $author || $author_id || $search_id || $submit) WHERE t.topic_replies = 0 AND p.topic_id = t.topic_id $m_approve_fid_sql - " . ((sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '') . " + " . ((sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '') . " $sql_sort"; $field = 'topic_id'; } @@ -342,7 +342,7 @@ if ($keywords || $author || $author_id || $search_id || $submit) FROM ' . POSTS_TABLE . ' p WHERE p.post_time > ' . $user->data['user_lastvisit'] . " $m_approve_fid_sql - " . ((sizeof($ex_fid_ary)) ? ' AND p.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '') . " + " . ((sizeof($ex_fid_ary)) ? ' AND ' . $db->sql_in_set('p.forum_id', $ex_fid_ary, true) : '') . " $sql_sort"; $field = 'post_id'; } @@ -352,7 +352,7 @@ if ($keywords || $author || $author_id || $search_id || $submit) FROM ' . TOPICS_TABLE . ' t WHERE t.topic_last_post_time > ' . $user->data['user_lastvisit'] . ' ' . str_replace(array('p.', 'post_'), array('t.', 'topic_'), $m_approve_fid_sql) . ' - ' . ((sizeof($ex_fid_ary)) ? 'AND t.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ')' : '') . " + ' . ((sizeof($ex_fid_ary)) ? 'AND ' . $db->sql_in_set('t.forum_id', $ex_fid_ary, true) : '') . " $sql_sort"; $field = 'topic_id'; } @@ -404,8 +404,8 @@ if ($keywords || $author || $author_id || $search_id || $submit) trigger_error($user->lang['NO_SEARCH_RESULTS']); } - $sql_where = (($show_results == 'posts') ? 'p.post_id' : 't.topic_id') . ' IN (' . implode(', ', $id_ary) . ')'; - $sql_where .= (sizeof($ex_fid_ary)) ? ' AND (f.forum_id NOT IN (' . implode(',', $ex_fid_ary) . ') OR f.forum_id IS NULL)' : ''; + $sql_where = $db->sql_in_set(($show_results == 'posts') ? 'p.post_id' : 't.topic_id', $id_ary); + $sql_where .= (sizeof($ex_fid_ary)) ? ' AND (' . $db->sql_in_set('f.forum_id', $ex_fid_ary, true) . ' OR f.forum_id IS NULL)' : ''; $sql_where .= ($show_results == 'posts') ? $m_approve_fid_sql : str_replace(array('p.post_approved', 'p.forum_id'), array('t.topic_approved', 't.forum_id'), $m_approve_fid_sql); if ($show_results == 'posts') @@ -616,7 +616,7 @@ if ($keywords || $author || $author_id || $search_id || $submit) if (sizeof($forum_ary)) { - $sql .= ' AND forum_id NOT IN ( ' . implode(', ', $forum_ary) . ')'; + $sql .= ' AND ' . $db->sql_in_set('forum_id', $forum_ary, true); } $result = $db->sql_query_limit($sql, 1); diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index 1e7a078c7f..36f740e210 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -371,7 +371,7 @@ $sql_array = array( 'FROM' => $sql_array['FROM'], 'LEFT_JOIN' => $sql_array['LEFT_JOIN'], - 'WHERE' => (($forum_data['forum_type'] == FORUM_POST || !sizeof($active_forum_ary)) ? 't.forum_id = ' . $forum_id : 't.forum_id IN (' . implode(', ', $active_forum_ary['forum_id']) . ')') . ' + 'WHERE' => (($forum_data['forum_type'] == FORUM_POST || !sizeof($active_forum_ary)) ? 't.forum_id = ' . $forum_id : $db->sql_in_set('t.forum_id', $active_forum_ary['forum_id'])) . ' AND t.topic_type NOT IN (' . POST_ANNOUNCE . ', ' . POST_GLOBAL . ") $sql_approved $sql_limit_time", @@ -399,7 +399,7 @@ if (sizeof($shadow_topic_list)) { $sql = 'SELECT * FROM ' . TOPICS_TABLE . ' - WHERE topic_id IN (' . implode(', ', array_keys($shadow_topic_list)) . ')'; + WHERE ' . $db->sql_in_set('topic_id', array_keys($shadow_topic_list)); $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 1798e1b144..e296f80438 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -848,7 +848,7 @@ $sql = $db->sql_build_query('SELECT', array( ) ), - 'WHERE' => 'p.post_id IN (' . implode(', ', $post_list) . ') + 'WHERE' => $db->sql_in_set('p.post_id', $post_list) . ' AND u.user_id = p.poster_id' )); @@ -1113,7 +1113,7 @@ if ($config['load_onlinetrack'] && sizeof($id_cache)) { $sql = 'SELECT session_user_id, MAX(session_time) as online_time, MIN(session_viewonline) AS viewonline FROM ' . SESSIONS_TABLE . ' - WHERE session_user_id IN (' . implode(', ', $id_cache) . ') + WHERE ' . $db->sql_in_set('session_user_id', $id_cache) . ' GROUP BY session_user_id'; $result = $db->sql_query($sql); @@ -1133,7 +1133,7 @@ if (sizeof($attach_list)) { $sql = 'SELECT * FROM ' . ATTACHMENTS_TABLE . ' - WHERE post_msg_id IN (' . implode(', ', $attach_list) . ') + WHERE ' . $db->sql_in_set('post_msg_id', $attach_list) . ' AND in_message = 0 ORDER BY filetime ' . ((!$config['display_order']) ? 'DESC' : 'ASC') . ', post_msg_id ASC'; $result = $db->sql_query($sql); @@ -1149,7 +1149,7 @@ if (sizeof($attach_list)) { $sql = 'UPDATE ' . POSTS_TABLE . ' SET post_attachment = 0 - WHERE post_id IN (' . implode(', ', $attach_list) . ')'; + WHERE ' . $db->sql_in_set('post_id', $attach_list); $db->sql_query($sql); // We need to update the topic indicator too if the complete topic is now without an attachment @@ -1295,10 +1295,10 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i) $sql = 'SELECT DISTINCT u.user_id, u.username, u.user_colour FROM ' . POSTS_TABLE . ' p, ' . USERS_TABLE . ' u - WHERE p.post_id IN (' . implode(', ', $post_storage_list) . ") + WHERE ' . $db->sql_in_set('p.post_id', $post_storage_list) . ' AND p.post_edit_count <> 0 AND p.post_edit_user <> 0 - AND p.post_edit_user = u.user_id"; + AND p.post_edit_user = u.user_id'; $result2 = $db->sql_query($sql); while ($user_edit_row = $db->sql_fetchrow($result2)) { @@ -1477,7 +1477,7 @@ if (isset($user->data['session_page']) && strpos($user->data['session_page'], '& { $sql = 'UPDATE ' . ATTACHMENTS_TABLE . ' SET download_count = download_count + 1 - WHERE attach_id IN (' . implode(', ', array_unique($update_count)) . ')'; + WHERE ' . $db->sql_in_set('attach_id', array_unique($update_count)); $db->sql_query($sql); } } |