openrat-cms

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs
commit 50823f84888de358023f34d075081ad9fd405326
parent 595ac61653aad2304087fa7dc7dc16211bec0824
Author: dankert <devnull@localhost>
Date:   Wed, 14 Oct 2009 01:14:38 +0200

Bei SQL-Statements keine \"stringlist\" benutzen, da damit keine Prepared-Statements möglich sind.

Diffstat:

objectClasses/Object.class.php | 12+++++++-----


objectClasses/Project.class.php | 3+++


2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/objectClasses/Object.class.php b/objectClasses/Object.class.php
@@ -367,21 +367,21 @@ class Object
 			if	( $user->isAdmin && $type & ACL_READ )
 				return true;
 	
+			$sqlGroupClause = $user->getGroupClause();
 			$sql = new Sql( <<<SQL
 SELECT {t_acl}.* FROM {t_acl}
 	                 LEFT JOIN {t_object}
 	                        ON {t_object}.id={t_acl}.objectid
 	                 WHERE objectid={objectid}
 	                   AND ( languageid={languageid} OR languageid IS NULL )
-	                   AND ( {t_acl}.userid={userid} OR {group_clause}
-			                                                  OR ({t_acl}.userid IS NULL AND {t_acl}.groupid IS NULL) )
+	                   AND ( {t_acl}.userid={userid} OR $sqlGroupClause
+			                                         OR ({t_acl}.userid IS NULL AND {t_acl}.groupid IS NULL) )
 SQL
 );
 
 			$sql->setInt  ( 'languageid'  ,$language->languageid   );
 			$sql->setInt  ( 'objectid'    ,$this->objectid         );
 			$sql->setInt  ( 'userid'      ,$user->userid           );
-			$sql->setParam( 'group_clause',$user->getGroupClause() );
 	
 			$db = db_connection();
 			foreach( $db->getAll( $sql ) as $row )
@@ -592,8 +592,8 @@ SQL
 		               ' LEFT JOIN {t_user} as createuser '.
 		               '        ON {t_object}.create_userid=createuser.id '.
 		               ' WHERE {t_object}.id={objectid}');
-		$sql->setInt('objectid'  , $this->objectid  );
 		$sql->setInt('languageid', $this->languageid);
+		$sql->setInt('objectid'  , $this->objectid  );
 
 		$row = $db->getRow($sql);
 		
@@ -887,6 +887,7 @@ SQL
 	function objectDelete()
 	{
 		$db = db_connection();
+		$db->start();
 
 		$sql = new Sql( 'UPDATE {t_element} '.
 		                '  SET default_objectid=NULL '.
@@ -919,7 +920,8 @@ SQL
 		$sql = new Sql('DELETE FROM {t_object} WHERE id={objectid}');
 		$sql->setInt('objectid', $this->objectid);
 		$db->query($sql);
-
+		
+		$db->commit();
 	}
 
 
diff --git a/objectClasses/Project.class.php b/objectClasses/Project.class.php
@@ -383,6 +383,7 @@ SQL
 	function delete()
 	{
 		$db = db_connection();
+		$db->start();
 
 		// Root-Ordner rekursiv samt Inhalten loeschen
 		$folder = new Folder( $this->getRootObjectId() );
@@ -415,6 +416,8 @@ SQL
 		                '  WHERE id= {projectid} ' );
 		$sql->setInt( 'projectid',$this->projectid );
 		$db->query( $sql );
+		
+		$db->commit();
 	}
 	
 	function getDefaultLanguageId()