Commit 4c11e365 authored by cobalt74's avatar cobalt74

Protection des tables sql

https://github.com/ldleman/Leed/issues/378
parent 6ab4d0dd
......@@ -162,7 +162,7 @@ function epub_plugin_download(&$_){
if($myUser===false) exit('Vous devez vous connecter pour télécharger les fichiers Epub.');
$requete = 'SELECT title,creator,content,pubdate
FROM '.MYSQL_PREFIX.'event
FROM `'.MYSQL_PREFIX.'event`
WHERE ';
$epubfile_title = "Title to be defined";
......
......@@ -10,7 +10,7 @@
function fleaditlater_plugin_AddButton(&$event){
$eventId = $event->getId();
$count = mysql_query('SELECT COUNT(id) FROM '.MYSQL_PREFIX.'plugin_feaditlater WHERE event='.$eventId);
$count = mysql_query('SELECT COUNT(id) FROM `'.MYSQL_PREFIX.'plugin_feaditlater` WHERE event='.$eventId);
$count = mysql_fetch_row($count);
if(!$count[0]){
echo '<a class="pointer fleaditLaterButton" onclick="fleadItLater('.$eventId.',\'add\',this);">Lire + Tard</a>&nbsp;';
......@@ -19,7 +19,7 @@ function fleaditlater_plugin_AddButton(&$event){
}
function fleaditlater_plugin_displayEvents(&$myUser){
$query = mysql_query('SELECT le.id,le.title,le.link FROM '.MYSQL_PREFIX.'event le INNER JOIN '.MYSQL_PREFIX.'plugin_feaditlater fil ON (le.id=fil.event)');
$query = mysql_query('SELECT le.id,le.title,le.link FROM `'.MYSQL_PREFIX.'event` le INNER JOIN '.MYSQL_PREFIX.'plugin_feaditlater` fil ON (le.id=fil.event)');
if($query!=null){
echo '<aside class="fleaditLaterMenu">
......@@ -55,9 +55,9 @@ function fleaditlater_plugin_action($_,$myUser){
if($myUser==false) exit('Vous devez vous connecter pour cette action.');
if (isset($_['id'])){
if(isset($_['state']) && $_['state']=='add'){
$return = mysql_query('INSERT INTO '.MYSQL_PREFIX.'plugin_feaditlater (event)VALUES(\''.$_['id'].'\')');
$return = mysql_query('INSERT INTO `'.MYSQL_PREFIX.'plugin_feaditlater` (event)VALUES(\''.$_['id'].'\')');
}else{
$return = mysql_query('DELETE FROM '.MYSQL_PREFIX.'plugin_feaditlater WHERE event=\''.$_['id'].'\'');
$return = mysql_query('DELETE FROM `'.MYSQL_PREFIX.'plugin_feaditlater` WHERE event=\''.$_['id'].'\'');
}
if(!$return) echo mysql_error();
}
......
<?php
mysql_query('DROP TABLE '.MYSQL_PREFIX.'plugin_feaditlater');
mysql_query('DROP TABLE `'.MYSQL_PREFIX.'plugin_feaditlater`');
?>
\ No newline at end of file
......@@ -26,11 +26,11 @@ function leedStats_plugin_setting_bloc(&$myUser){
//Nombre global d'article lus / non lus / total / favoris
$requete = 'SELECT
(SELECT count(1) FROM '.MYSQL_PREFIX.'feed)as nbFeed,
(SELECT count(1) FROM '.MYSQL_PREFIX.'event WHERE unread = 1)as nbUnread,
(SELECT count(1) FROM '.MYSQL_PREFIX.'event WHERE unread = 0)as nbRead,
(SELECT count(1) FROM '.MYSQL_PREFIX.'event) as nbTotal,
(SELECT count(1) FROM '.MYSQL_PREFIX.'event WHERE favorite = 1)as nbFavorite
(SELECT count(1) FROM `'.MYSQL_PREFIX.'feed`) as nbFeed,
(SELECT count(1) FROM `'.MYSQL_PREFIX.'event` WHERE unread = 1) as nbUnread,
(SELECT count(1) FROM `'.MYSQL_PREFIX.'event` WHERE unread = 0) as nbRead,
(SELECT count(1) FROM `'.MYSQL_PREFIX.'event`) as nbTotal,
(SELECT count(1) FROM `'.MYSQL_PREFIX.'event` WHERE favorite = 1) as nbFavorite
';
$query = mysql_query($requete);
if($query!=null){
......@@ -62,11 +62,11 @@ function leedStats_plugin_setting_bloc(&$myUser){
';
//Nombre global d'article lus / non lus / total / favoris
$requete = 'SELECT name, count(1) as nbTotal,
(SELECT count(1) FROM '.MYSQL_PREFIX.'event le2 WHERE le2.unread=1 and le1.feed = le2.feed) as nbUnread,
(SELECT count(1) FROM '.MYSQL_PREFIX.'event le2 WHERE le2.unread=0 and le1.feed = le2.feed) as nbRead,
(SELECT count(1) FROM '.MYSQL_PREFIX.'event le2 WHERE le2.favorite=1 and le1.feed = le2.feed) as nbFavorite
FROM '.MYSQL_PREFIX.'feed lf1
INNER JOIN '.MYSQL_PREFIX.'event le1 on le1.feed = lf1.id
(SELECT count(1) FROM `'.MYSQL_PREFIX.'event` le2 WHERE le2.unread=1 and le1.feed = le2.feed) as nbUnread,
(SELECT count(1) FROM `'.MYSQL_PREFIX.'event` le2 WHERE le2.unread=0 and le1.feed = le2.feed) as nbRead,
(SELECT count(1) FROM `'.MYSQL_PREFIX.'event` le2 WHERE le2.favorite=1 and le1.feed = le2.feed) as nbFavorite
FROM `'.MYSQL_PREFIX.'feed` lf1
INNER JOIN `'.MYSQL_PREFIX.'event` le1 on le1.feed = lf1.id
GROUP BY name
ORDER BY name
';
......
......@@ -10,7 +10,7 @@
*/
function openanon_plugin_button(&$event){
$requete = 'SELECT link FROM '.MYSQL_PREFIX.'event WHERE id = '.$event->getId();
$requete = 'SELECT link FROM `'.MYSQL_PREFIX.'event` WHERE id = '.$event->getId();
$query = mysql_query($requete);
$result = mysql_fetch_row($query);
$link = $result[0];
......
......@@ -67,7 +67,7 @@ function search_plugin_AddForm(){
// foction de recherche des articles avec affichage du résultat.
function search_plugin_recherche(){
$requete = 'SELECT id,title,guid,content,description,link,pubdate,unread, favorite
FROM '.MYSQL_PREFIX.'event
FROM `'.MYSQL_PREFIX.'event`
WHERE title like \'%'.$_GET['plugin_search'].'%\'';
if (isset($_GET['search_option']) && $_GET['search_option']=="1"){
$requete = $requete.' OR content like \'%'.$_GET['plugin_search'].'%\'';
......
......@@ -15,7 +15,7 @@ function shaarleed_plugin_button(&$event){
$configurationManager->getAll();
$shareOption = $configurationManager->get('plugin_shaarli_link');
$requete = 'SELECT link, title FROM '.MYSQL_PREFIX.'event WHERE id = '.$event->getId();
$requete = 'SELECT link, title FROM `'.MYSQL_PREFIX.'event` WHERE id = '.$event->getId();
$query = mysql_query($requete);
$result = mysql_fetch_row($query);
$link = $result[0];
......
<?php
/*
Le code contenu dans cette page ne sera éxecuté qu'à la désactivation du plugin
Le code contenu dans cette page ne sera �xecut� qu'� la d�sactivation du plugin
Vous pouvez donc l'utiliser pour supprimer des tables MySQL, des dossiers, ou executer une action
qui ne doit se lancer qu'à la désinstallation ex :
qui ne doit se lancer qu'� la d�sinstallation ex :
mysql_query('DROP TABLE '.MYSQL_PREFIX.'plugin_squelette');
mysql_query('DROP TABLE `'.MYSQL_PREFIX.'plugin_squelette`');
*/
?>
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment