aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/acp
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/acp')
-rw-r--r--phpBB/includes/acp/acp_attachments.php22
-rw-r--r--phpBB/includes/acp/acp_bots.php2
-rw-r--r--phpBB/includes/acp/acp_email.php8
-rw-r--r--phpBB/includes/acp/acp_forums.php13
-rw-r--r--phpBB/includes/acp/acp_logs.php5
-rw-r--r--phpBB/includes/acp/acp_main.php21
-rw-r--r--phpBB/includes/acp/acp_modules.php8
-rw-r--r--phpBB/includes/acp/acp_permissions.php14
-rw-r--r--phpBB/includes/acp/acp_prune.php14
-rw-r--r--phpBB/includes/acp/acp_users.php12
-rw-r--r--phpBB/includes/acp/auth.php38
11 files changed, 73 insertions, 84 deletions
diff --git a/phpBB/includes/acp/acp_attachments.php b/phpBB/includes/acp/acp_attachments.php
index 257edf57e8..4ddcc10d1a 100644
--- a/phpBB/includes/acp/acp_attachments.php
+++ b/phpBB/includes/acp/acp_attachments.php
@@ -294,7 +294,7 @@ class acp_attachments
{
$sql = 'SELECT extension
FROM ' . EXTENSIONS_TABLE . '
- WHERE extension_id IN (' . implode(', ', $extension_id_list) . ')';
+ WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
$result = $db->sql_query($sql);
$extension_list = '';
@@ -306,7 +306,7 @@ class acp_attachments
$sql = 'DELETE
FROM ' . EXTENSIONS_TABLE . '
- WHERE extension_id IN (' . implode(', ', $extension_id_list) . ')';
+ WHERE ' . $db->sql_in_set('extension_id', $extension_id_list);
$db->sql_query($sql);
add_log('admin', 'LOG_ATTACH_EXT_DEL', $extension_list);
@@ -508,7 +508,7 @@ class acp_attachments
{
$sql = 'UPDATE ' . EXTENSIONS_TABLE . "
SET group_id = $group_id
- WHERE extension_id IN (" . implode(', ', $extension_list) . ")";
+ WHERE " . $db->sql_in_set('extension_id', $extension_list);
$db->sql_query($sql);
}
@@ -865,7 +865,7 @@ class acp_attachments
$sql = 'SELECT forum_id, topic_id, post_id
FROM ' . POSTS_TABLE . '
- WHERE post_id IN (' . implode(', ', array_keys($upload_list)) . ')';
+ WHERE ' . $db->sql_in_set('post_id', array_keys($upload_list));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@@ -1373,16 +1373,16 @@ class acp_attachments
}
else if (isset($_POST['unsecuresubmit']))
{
- $unip_sql = implode(', ', array_map('intval', $_POST['unip']));
+ $unip_sql = array_map('intval', $_POST['unip']);
- if ($unip_sql != '')
+ if (sizeof($unip_sql))
{
$l_unip_list = '';
-
+
// Grab details of ips for logging information later
$sql = 'SELECT site_ip, site_hostname
- FROM ' . SITELIST_TABLE . "
- WHERE site_id IN ($unip_sql)";
+ FROM ' . SITELIST_TABLE . '
+ WHERE ' . $db->sql_in_set('site_id', $unip_sql);
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@@ -1391,8 +1391,8 @@ class acp_attachments
}
$db->sql_freeresult($result);
- $sql = 'DELETE FROM ' . SITELIST_TABLE . "
- WHERE site_id IN ($unip_sql)";
+ $sql = 'DELETE FROM ' . SITELIST_TABLE . '
+ WHERE ' . $db->sql_in_set('site_id', $unip_sql);
$db->sql_query($sql);
add_log('admin', 'LOG_DOWNLOAD_REMOVE_IP', $l_unip_list);
diff --git a/phpBB/includes/acp/acp_bots.php b/phpBB/includes/acp/acp_bots.php
index a57283e3ea..f24a6b7b12 100644
--- a/phpBB/includes/acp/acp_bots.php
+++ b/phpBB/includes/acp/acp_bots.php
@@ -96,7 +96,7 @@ class acp_bots
foreach ($_tables as $table)
{
$sql = "DELETE FROM $table
- WHERE user_id IN (" . implode(', ', $user_id_ary) . ')';
+ WHERE " . $db->sql_in_set('user_id', $user_id_ary);
$db->sql_query($sql);
}
diff --git a/phpBB/includes/acp/acp_email.php b/phpBB/includes/acp/acp_email.php
index f6f6e0de9d..c20640bd54 100644
--- a/phpBB/includes/acp/acp_email.php
+++ b/phpBB/includes/acp/acp_email.php
@@ -55,13 +55,11 @@ class acp_email
{
if ($usernames)
{
- $usernames = implode(', ', preg_replace('#^[\s]*?(.*?)[\s]*?$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", explode("\n", $usernames)));
-
$sql = 'SELECT username, user_email, user_jabber, user_notify_type, user_lang
- FROM ' . USERS_TABLE . "
- WHERE username IN ($usernames)
+ FROM ' . USERS_TABLE . '
+ WHERE ' . $db->sql_in_set('username', explode("\n", $usernames)) . '
AND user_allow_massemail = 1
- ORDER BY user_lang, user_notify_type"; // , SUBSTRING(user_email FROM INSTR(user_email, '@'))
+ ORDER BY user_lang, user_notify_type'; // , SUBSTRING(user_email FROM INSTR(user_email, '@'))
}
else
{
diff --git a/phpBB/includes/acp/acp_forums.php b/phpBB/includes/acp/acp_forums.php
index 414dc08913..5964a285e7 100644
--- a/phpBB/includes/acp/acp_forums.php
+++ b/phpBB/includes/acp/acp_forums.php
@@ -971,14 +971,14 @@ class acp_forums
$sql = 'UPDATE ' . FORUMS_TABLE . "
SET right_id = right_id + $diff, forum_parents = ''
WHERE " . $to_data['right_id'] . ' BETWEEN left_id AND right_id
- AND forum_id NOT IN (' . implode(', ', $moved_ids) . ')';
+ AND ' . $db->sql_in_set('forum_id', $moved_ids, true);
$db->sql_query($sql);
// Resync the righthand side of the tree
$sql = 'UPDATE ' . FORUMS_TABLE . "
SET left_id = left_id + $diff, right_id = right_id + $diff, forum_parents = ''
WHERE left_id > " . $to_data['right_id'] . '
- AND forum_id NOT IN (' . implode(', ', $moved_ids) . ')';
+ AND ' . $db->sql_in_set('forum_id', $moved_ids, true);
$db->sql_query($sql);
// Resync moved branch
@@ -997,7 +997,7 @@ class acp_forums
{
$sql = 'SELECT MAX(right_id) AS right_id
FROM ' . FORUMS_TABLE . '
- WHERE forum_id NOT IN (' . implode(', ', $moved_ids) . ')';
+ WHERE ' . $db->sql_in_set('forum_id', $moved_ids, true);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@@ -1007,7 +1007,7 @@ class acp_forums
$sql = 'UPDATE ' . FORUMS_TABLE . "
SET left_id = left_id $diff, right_id = right_id $diff, forum_parents = ''
- WHERE forum_id IN (" . implode(', ', $moved_ids) . ')';
+ WHERE " . $db->sql_in_set('forum_id', $moved_ids);
$db->sql_query($sql);
}
@@ -1119,7 +1119,7 @@ class acp_forums
$diff = sizeof($forum_ids) * 2;
$sql = 'DELETE FROM ' . FORUMS_TABLE . '
- WHERE forum_id IN (' . implode(', ', $forum_ids) . ')';
+ WHERE ' . $db->sql_in_set('forum_id', $forum_ids);
$db->sql_query($sql);
}
else if ($action_subforums == 'move')
@@ -1362,11 +1362,10 @@ class acp_forums
if (sizeof($ids))
{
$start += sizeof($ids);
- $id_list = implode(', ', $ids);
foreach ($tables as $table)
{
- $db->sql_query("DELETE FROM $table WHERE $field IN ($id_list)");
+ $db->sql_query("DELETE FROM $table WHERE " . $db->sql_in_set($field, $id_list));
}
}
}
diff --git a/phpBB/includes/acp/acp_logs.php b/phpBB/includes/acp/acp_logs.php
index 666ff208ba..d233d7c885 100644
--- a/phpBB/includes/acp/acp_logs.php
+++ b/phpBB/includes/acp/acp_logs.php
@@ -42,14 +42,15 @@ class acp_logs
if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs'))
{
$where_sql = '';
- if ($deletemark && $marked)
+
+ if ($deletemark && sizeof($marked))
{
$sql_in = array();
foreach ($marked as $mark)
{
$sql_in[] = $mark;
}
- $where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
+ $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
unset($sql_in);
}
diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php
index 4aedb63df6..81c265581b 100644
--- a/phpBB/includes/acp/acp_main.php
+++ b/phpBB/includes/acp/acp_main.php
@@ -21,9 +21,9 @@ class acp_main
global $phpbb_root_path, $phpbb_admin_path, $phpEx, $table_prefix;
$action = request_var('action', '');
- $mark = (isset($_REQUEST['mark'])) ? implode(', ', request_var('mark', array(0))) : '';
+ $mark = (isset($_REQUEST['mark'])) ? request_var('mark', array(0)) : array();
- if ($mark)
+ if (sizeof($mark))
{
switch ($action)
{
@@ -36,8 +36,8 @@ class acp_main
}
$sql = 'SELECT username
- FROM ' . USERS_TABLE . "
- WHERE user_id IN ($mark)";
+ FROM ' . USERS_TABLE . '
+ WHERE ' . $db->sql_in_set('user_id', $mark);
$result = $db->sql_query($sql);
$user_affected = array();
@@ -50,14 +50,13 @@ class acp_main
if ($action == 'activate')
{
include_once($phpbb_root_path . 'includes/functions_user.' . $phpEx);
- $mark_ary = explode(', ', $mark);
- foreach ($mark_ary as $user_id)
+ foreach ($mark as $user_id)
{
user_active_flip($user_id, USER_INACTIVE);
}
- set_config('num_users', $config['num_users'] + sizeof($mark_ary), true);
+ set_config('num_users', $config['num_users'] + sizeof($mark), true);
// Update latest username
update_last_username();
@@ -69,9 +68,9 @@ class acp_main
trigger_error($user->lang['NO_ADMIN']);
}
- $sql = 'DELETE FROM ' . USER_GROUP_TABLE . " WHERE user_id IN ($mark)";
+ $sql = 'DELETE FROM ' . USER_GROUP_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark);
$db->sql_query($sql);
- $sql = 'DELETE FROM ' . USERS_TABLE . " WHERE user_id IN ($mark)";
+ $sql = 'DELETE FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('user_id', $mark);
$db->sql_query($sql);
add_log('admin', 'LOG_INDEX_' . strtoupper($action), implode(', ', $user_affected));
@@ -91,8 +90,8 @@ class acp_main
}
$sql = 'SELECT user_id, username, user_email, user_lang, user_jabber, user_notify_type, user_regdate, user_actkey
- FROM ' . USERS_TABLE . "
- WHERE user_id IN ($mark)";
+ FROM ' . USERS_TABLE . '
+ WHERE ' . $db->sql_in_set('user_id', $mark);
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result))
diff --git a/phpBB/includes/acp/acp_modules.php b/phpBB/includes/acp/acp_modules.php
index 2d9415bbf6..7c72a1ca6b 100644
--- a/phpBB/includes/acp/acp_modules.php
+++ b/phpBB/includes/acp/acp_modules.php
@@ -841,7 +841,7 @@ class acp_modules
SET right_id = right_id + $diff
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
AND " . $to_data['right_id'] . ' BETWEEN left_id AND right_id
- AND module_id NOT IN (' . implode(', ', $moved_ids) . ')';
+ AND ' . $db->sql_in_set('module_id', $moved_ids, true);
$db->sql_query($sql);
// Resync the righthand side of the tree
@@ -849,7 +849,7 @@ class acp_modules
SET left_id = left_id + $diff, right_id = right_id + $diff
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
AND left_id > " . $to_data['right_id'] . '
- AND module_id NOT IN (' . implode(', ', $moved_ids) . ')';
+ AND ' . $db->sql_in_set('module_id', $moved_ids, true);
$db->sql_query($sql);
// Resync moved branch
@@ -868,7 +868,7 @@ class acp_modules
$sql = 'SELECT MAX(right_id) AS right_id
FROM ' . MODULES_TABLE . "
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
- AND module_id NOT IN (" . implode(', ', $moved_ids) . ')';
+ AND " . $db->sql_in_set('module_id', $moved_ids, true);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@@ -879,7 +879,7 @@ class acp_modules
$sql = 'UPDATE ' . MODULES_TABLE . "
SET left_id = left_id $diff, right_id = right_id $diff
WHERE module_class = '" . $db->sql_escape($this->module_class) . "'
- AND module_id IN (" . implode(', ', $moved_ids) . ')';
+ AND " . $db->sql_in_set('module_id', $moved_ids);
$db->sql_query($sql);
}
diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php
index 8ebc83c524..53b835df7d 100644
--- a/phpBB/includes/acp/acp_permissions.php
+++ b/phpBB/includes/acp/acp_permissions.php
@@ -413,7 +413,7 @@ class acp_permissions
{
$sql = 'SELECT forum_name
FROM ' . FORUMS_TABLE . '
- WHERE forum_id IN (' . implode(', ', $forum_id) . ')
+ WHERE ' . $db->sql_in_set('forum_id', $forum_id) . '
ORDER BY forum_name ASC';
$result = $db->sql_query($sql);
@@ -554,7 +554,7 @@ class acp_permissions
$sql = "SELECT $sql_id
FROM $table
- WHERE $sql_id IN (" . implode(', ', $ids) . ')';
+ WHERE " . $db->sql_in_set($sql_id, $ids);
$result = $db->sql_query($sql);
$ids = array();
@@ -803,8 +803,8 @@ class acp_permissions
}
// Logging ... first grab user or groupnames ...
- $sql = ($ug_type == 'group') ? 'SELECT group_name as name, group_type FROM ' . GROUPS_TABLE . ' WHERE group_id' : 'SELECT username as name FROM ' . USERS_TABLE . ' WHERE user_id';
- $sql .= ' IN (' . implode(', ', array_map('intval', $ug_id)) . ')';
+ $sql = ($ug_type == 'group') ? 'SELECT group_name as name, group_type FROM ' . GROUPS_TABLE . ' WHERE ' : 'SELECT username as name FROM ' . USERS_TABLE . ' WHERE ';
+ $sql .= $db->sql_in_set(($ug_type == 'group') ? 'group_id' : 'user_id', array_map('intval', $ug_id));
$result = $db->sql_query($sql);
$l_ug_list = '';
@@ -825,7 +825,7 @@ class acp_permissions
// Grab the forum details if non-zero forum_id
$sql = 'SELECT forum_name
FROM ' . FORUMS_TABLE . '
- WHERE forum_id IN (' . implode(', ', $forum_id) . ')';
+ WHERE ' . $db->sql_in_set('forum_id', $forum_id);
$result = $db->sql_query($sql);
$l_forum_list = '';
@@ -858,7 +858,7 @@ class acp_permissions
if (sizeof($perms))
{
$sql = 'DELETE FROM ' . ZEBRA_TABLE . '
- WHERE zebra_id IN (' . implode(', ', array_unique($perms)) . ')
+ WHERE ' . $db->sql_in_set('zebra_id', array_unique($perms)) . '
AND foe = 1';
$db->sql_query($sql);
}
@@ -1078,7 +1078,7 @@ class acp_permissions
{
global $db, $user;
- $sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')' : 'AND a.forum_id <> 0');
+ $sql_forum_id = ($permission_scope == 'global') ? 'AND a.forum_id = 0' : ((sizeof($forum_id)) ? 'AND ' . $db->sql_in_set('a.forum_id', $forum_id) : 'AND a.forum_id <> 0');
$sql_permission_option = "AND o.auth_option LIKE '" . $db->sql_escape($permission_type) . "%'";
$sql = $db->sql_build_query('SELECT_DISTINCT', array(
diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php
index 3fa99b6727..4752e7bafe 100644
--- a/phpBB/includes/acp/acp_prune.php
+++ b/phpBB/includes/acp/acp_prune.php
@@ -68,7 +68,7 @@ class acp_prune
'S_PRUNED' => true)
);
- $sql_forum = (sizeof($forum_id)) ? ' AND forum_id IN (' . implode(', ', $forum_id) . ')' : '';
+ $sql_forum = (sizeof($forum_id)) ? ' AND ' . $db->sql_in_set('forum_id', $forum_id) : '';
// Get a list of forum's or the data for the forum that we are pruning.
$sql = 'SELECT forum_id, forum_name
@@ -148,7 +148,7 @@ class acp_prune
{
$sql = 'SELECT forum_id, forum_name
FROM ' . FORUMS_TABLE . '
- WHERE forum_id IN (' . implode(', ', $forum_id) . ')';
+ WHERE ' . $db->sql_in_set('forum_id', $forum_id);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
@@ -202,15 +202,7 @@ class acp_prune
if ($users)
{
- $users = explode("\n", $users);
-
- $where_sql = '';
-
- foreach ($users as $username)
- {
- $where_sql .= (($where_sql != '') ? ', ' : '') . "'" . $db->sql_escape($username) . "'";
- }
- $where_sql = " AND username IN ($where_sql)";
+ $where_sql = ' AND ' . $db->sql_in_set('username', explode("\n", $users));
}
else
{
diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php
index a69a0f6681..e74a830b0f 100644
--- a/phpBB/includes/acp/acp_users.php
+++ b/phpBB/includes/acp/acp_users.php
@@ -393,7 +393,7 @@ class acp_users
{
$sql = 'SELECT topic_id, topic_replies, topic_replies_real
FROM ' . TOPICS_TABLE . '
- WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')';
+ WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
$result = $db->sql_query($sql);
$del_topic_ary = array();
@@ -409,7 +409,7 @@ class acp_users
if (sizeof($del_topic_ary))
{
$sql = 'DELETE FROM ' . TOPICS_TABLE . '
- WHERE topic_id IN (' . implode(', ', $del_topic_ary) . ')';
+ WHERE ' . $db->sql_in_set('topic_id', $del_topic_ary);
$db->sql_query($sql);
}
}
@@ -495,7 +495,7 @@ class acp_users
{
$sql = 'SELECT topic_id, forum_id, topic_title, topic_replies, topic_replies_real
FROM ' . TOPICS_TABLE . '
- WHERE topic_id IN (' . implode(', ', array_keys($topic_id_ary)) . ')';
+ WHERE ' . $db->sql_in_set('topic_id', array_keys($topic_id_ary));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@@ -842,7 +842,7 @@ class acp_users
{
$sql_in[] = $mark;
}
- $where_sql = ' AND log_id IN (' . implode(', ', $sql_in) . ')';
+ $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in);
unset($sql_in);
}
@@ -1630,7 +1630,7 @@ class acp_users
{
$sql = 'SELECT real_filename
FROM ' . ATTACHMENTS_TABLE . '
- WHERE attach_id IN (' . implode(', ', $marked) . ')';
+ WHERE ' . $db->sql_in_set('attach_id', $marked);
$result = $db->sql_query($sql);
$log_attachments = array();
@@ -1834,7 +1834,7 @@ class acp_users
// Select box for other groups
$sql = 'SELECT group_id, group_name, group_type
FROM ' . GROUPS_TABLE . '
- ' . ((sizeof($id_ary)) ? 'WHERE group_id NOT IN (' . implode(', ', $id_ary) . ')' : '') . '
+ ' . ((sizeof($id_ary)) ? 'WHERE ' . $db->sql_in_set('group_id', $id_ary, true) : '') . '
ORDER BY group_type DESC, group_name ASC';
$result = $db->sql_query($sql);
diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php
index a6ff1ddc2b..4ebf617913 100644
--- a/phpBB/includes/acp/auth.php
+++ b/phpBB/includes/acp/auth.php
@@ -136,7 +136,7 @@ class auth_admin extends auth
$sql = 'SELECT user_id, user_permissions, user_type
FROM ' . USERS_TABLE . '
- WHERE user_id IN (' . implode(',', $ug_id) . ')';
+ WHERE ' . $db->sql_in_set('user_id', $ug_id);
$result = $db->sql_query($sql);
while ($userdata = $db->sql_fetchrow($result))
@@ -292,14 +292,14 @@ class auth_admin extends auth
{
$sql = 'SELECT user_id as ug_id, username as ug_name
FROM ' . USERS_TABLE . '
- WHERE user_id IN (' . implode(', ', array_keys($hold_ary)) . ')
+ WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary)) . '
ORDER BY username ASC';
}
else
{
$sql = 'SELECT group_id as ug_id, group_name as ug_name, group_type
FROM ' . GROUPS_TABLE . '
- WHERE group_id IN (' . implode(', ', array_keys($hold_ary)) . ')
+ WHERE ' . $db->sql_in_set('group_id', array_keys($hold_ary)) . '
ORDER BY group_type DESC, group_name ASC';
}
$result = $db->sql_query($sql);
@@ -361,7 +361,7 @@ class auth_admin extends auth
$sql = 'SELECT r.role_id, o.auth_option, r.auth_setting
FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
WHERE o.auth_option_id = r.auth_option_id
- AND r.role_id IN (' . implode(', ', array_keys($roles)) . ')';
+ AND ' . $db->sql_in_set('r.role_id', array_keys($roles));
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
@@ -584,7 +584,7 @@ class auth_admin extends auth
// Get forum names
$sql = 'SELECT forum_id, forum_name
FROM ' . FORUMS_TABLE . '
- WHERE forum_id IN (' . implode(', ', array_keys($hold_ary)) . ')';
+ WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary));
$result = $db->sql_query($sql);
$forum_names = array();
@@ -605,7 +605,7 @@ class auth_admin extends auth
{
$sql = 'SELECT user_id, username
FROM ' . USERS_TABLE . '
- WHERE user_id IN (' . implode(', ', $auth_ary['users']) . ')
+ WHERE ' . $db->sql_in_set('user_id', $auth_ary['users']) . '
ORDER BY username';
$result = $db->sql_query($sql);
@@ -624,7 +624,7 @@ class auth_admin extends auth
{
$sql = 'SELECT group_id, group_name, group_type
FROM ' . GROUPS_TABLE . '
- WHERE group_id IN (' . implode(', ', $auth_ary['groups']) . ')
+ WHERE ' . $db->sql_in_set('group_id', $auth_ary['groups']) . '
ORDER BY group_type ASC, group_name';
$result = $db->sql_query($sql);
@@ -768,12 +768,12 @@ class auth_admin extends auth
$ug_id = array($ug_id);
}
- $ug_id_sql = 'IN (' . implode(', ', array_map('intval', $ug_id)) . ')';
- $forum_sql = 'IN (' . implode(', ', array_map('intval', $forum_id)) . ') ';
+ $ug_id_sql = $db->sql_in_set($ug_type . '_id', array_map('intval', $ug_id));
+ $forum_sql = $db->sql_in_set('forum_id', array_map('intval', $forum_id));
// Instead of updating, inserting, removing we just remove all current settings and re-set everything...
$table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
- $id_field = $ug_type . '_id';
+ $id_field = $ug_type . '_id';
// Get any flags as required
reset($auth);
@@ -797,8 +797,8 @@ class auth_admin extends auth
}
$sql = "DELETE FROM $table
- WHERE forum_id $forum_sql
- AND $id_field $ug_id_sql
+ WHERE $forum_sql
+ AND $ug_id_sql
AND auth_option_id IN ($any_option_id, " . implode(', ', $auth_option_ids) . ')';
$db->sql_query($sql);
@@ -818,10 +818,10 @@ class auth_admin extends auth
if (sizeof($role_ids))
{
$sql = "DELETE FROM $table
- WHERE forum_id $forum_sql
- AND $id_field $ug_id_sql
+ WHERE $forum_sql
+ AND $ug_id_sql
AND auth_option_id = 0
- AND auth_role_id IN (" . implode(', ', $role_ids) . ')';
+ AND " . $db->sql_in_set('auth_role_id', $role_ids);
$db->sql_query($sql);
}
@@ -995,12 +995,12 @@ class auth_admin extends auth
if ($forum_id !== false)
{
- $where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : 'forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')';
+ $where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : $db->sql_in_set('forum_id', array_map('intval', $forum_id));
}
if ($ug_id !== false)
{
- $where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $id_field . ' IN (' . implode(', ', array_map('intval', $ug_id)) . ')';
+ $where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $db->sql_in_set($id_field, array_map('intval', $ug_id));
}
// There seem to be auth options involved, therefore we need to go through the list and make sure we capture roles correctly
@@ -1043,7 +1043,7 @@ class auth_admin extends auth
$sql = 'SELECT ao.auth_option, rd.role_id, rd.auth_setting
FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_ROLES_DATA_TABLE . ' rd
WHERE ao.auth_option_id = rd.auth_option_id
- AND rd.role_id IN (' . implode(', ', array_keys($cur_role_auth)) . ')';
+ AND ' . $db->sql_in_set('rd.role_id', array_keys($cur_role_auth));
$result = $db->sql_query($sql);
$auth_settings = array();
@@ -1072,7 +1072,7 @@ class auth_admin extends auth
// Now, normally remove permissions...
if ($permission_type !== false)
{
- $where_sql[] = 'auth_option_id IN (' . implode(', ', array_map('intval', $option_id_ary)) . ')';
+ $where_sql[] = $db->sql_in_set('auth_option_id', array_map('intval', $option_id_ary));
}
$sql = "DELETE FROM $table
generated by cgit v1.2.1 (git 2.21.0) at 2025-10-09 21:56:00 +0000