[Sommaire] [Imprimer]

   1  <?php
   2  # Mantis - a php based bugtracking system
   3  
   4  # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
   5  # Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
   6  
   7  # Mantis is free software: you can redistribute it and/or modify
   8  # it under the terms of the GNU General Public License as published by
   9  # the Free Software Foundation, either version 2 of the License, or
  10  # (at your option) any later version.
  11  #
  12  # Mantis is distributed in the hope that it will be useful,
  13  # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  # GNU General Public License for more details.
  16  #
  17  # You should have received a copy of the GNU General Public License
  18  # along with Mantis.  If not, see <http://www.gnu.org/licenses/>.
  19  
  20      # These upgrades fix the double escaped data that was put into the database
  21      #  in every version up 0.17.x.  We pull out the data, unescape it, remove
  22      #  entities and then insert the data back in.
  23  
  24      # --------------------------------------------------------
  25      # $Id: 0_17_escaping_fixes_inc.php,v 1.5.16.1 2007-10-13 22:35:07 giallu Exp $
  26      # --------------------------------------------------------
  27  ?>
  28  <?php
  29      require( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'db_table_names_inc.php' );
  30  
  31      $upgrades = array();
  32  
  33  	function upgrade_decode_entities( $p_string ) {
  34          $p_string = strtr( $p_string, array_flip( get_html_translation_table( HTML_ENTITIES ) ) );
  35          $p_string = preg_replace( "/&#([0-9]+);/me", "chr('\\1')", $p_string );
  36          return $p_string;
  37      }
  38  
  39  	function upgrade_fix_strings( $p_table_name, $p_primary_key, $p_fields ) {
  40          $c_table_name = db_prepare_string( $p_table_name );
  41          $c_primary_key = db_prepare_string( $p_primary_key );
  42          $t_field_string = db_prepare_string( implode( ',', $p_fields ) );
  43          $query = "SELECT $c_primary_key, $t_field_string FROM $c_table_name";
  44  
  45          $result = @db_query( $query );
  46  
  47          if ( false == $result ) {
  48              return false;
  49          }
  50  
  51          $count = db_num_rows( $result );
  52          $t_failures = 0;
  53  
  54          for ( $i=0 ; $i < $count ; $i++ ) {
  55              $row = db_fetch_array( $result );
  56  
  57              $query2 = "UPDATE $c_table_name SET ";
  58              $t_updates = array();
  59              foreach( $p_fields as $t_field ) {
  60                  $t_new_value = stripslashes( upgrade_decode_entities( $row[$t_field] ) );
  61                  $t_updates[] = db_prepare_string( $t_field ) . "='" . db_prepare_string( $t_new_value ) . "'";
  62              }
  63  
  64              $query2 .= implode( ',', $t_updates );
  65  
  66              $query2 .= "WHERE $c_primary_key=" . $row[$p_primary_key];
  67  
  68              $result2 = @db_query( $query2 );
  69  
  70              if ( false == $result2 ) {
  71                  $t_failures++;
  72              }
  73          }
  74  
  75          # If every query failed, something must be wrong so let's fail
  76          # If fewer failed, we don't want to fail because unescaping the
  77          #  successful ones again is bad.
  78          if ( $count > 0 && $t_failures == $count ) {
  79              return false;
  80          } else {
  81              return true;
  82          }
  83      }
  84  
  85      $upgrades[] = new FunctionUpgrade(
  86          'escaping-fix-1',
  87          'Fix double escaped data in mantis_bug_file_table',
  88          'upgrade_escaping_fix_1' );
  89  
  90  	function upgrade_escaping_fix_1() {
  91          global $t_bug_file_table;
  92          return upgrade_fix_strings( $t_bug_file_table, 'id',
  93              array( 'title', 'description', 'filename' ) );
  94      }
  95  
  96      $upgrades[] = new FunctionUpgrade(
  97          'escaping-fix-2',
  98          'Fix double escaped data in mantis_bug_table',
  99          'upgrade_escaping_fix_2' );
 100  
 101  	function upgrade_escaping_fix_2() {
 102          global $t_bug_table;
 103          return upgrade_fix_strings( $t_bug_table, 'id',
 104              array( 'os', 'os_build', 'platform', 'version', 'build', 'summary' ) );
 105      }
 106  
 107      $upgrades[] = new FunctionUpgrade(
 108          'escaping-fix-3',
 109          'Fix double escaped data in mantis_bug_text_table',
 110          'upgrade_escaping_fix_3' );
 111  
 112  	function upgrade_escaping_fix_3() {
 113          global $t_bug_text_table;
 114          return upgrade_fix_strings( $t_bug_text_table, 'id',
 115              array( 'description', 'steps_to_reproduce', 'additional_information' ) );
 116      }
 117  
 118      $upgrades[] = new FunctionUpgrade(
 119          'escaping-fix-4',
 120          'Fix double escaped data in mantis_bugnote_text_table',
 121          'upgrade_escaping_fix_4' );
 122  
 123  	function upgrade_escaping_fix_4() {
 124          global $t_bugnote_text_table;
 125          return upgrade_fix_strings( $t_bugnote_text_table, 'id',
 126              array( 'note' ) );
 127      }
 128  
 129      $upgrades[] = new FunctionUpgrade(
 130          'escaping-fix-5',
 131          'Fix double escaped data in mantis_news_table',
 132          'upgrade_escaping_fix_5' );
 133  
 134  	function upgrade_escaping_fix_5() {
 135          global $t_news_table;
 136          return upgrade_fix_strings( $t_news_table, 'id',
 137              array( 'headline', 'body' ) );
 138      }
 139  
 140      $upgrades[] = new FunctionUpgrade(
 141          'escaping-fix-6',
 142          'Fix double escaped data in mantis_project_file_table',
 143          'upgrade_escaping_fix_6' );
 144  
 145  	function upgrade_escaping_fix_6() {
 146          global $t_project_file_table;
 147          return upgrade_fix_strings( $t_project_file_table, 'id',
 148              array( 'title', 'description', 'filename' ) );
 149      }
 150  
 151      $upgrades[] = new FunctionUpgrade(
 152          'escaping-fix-7',
 153          'Fix double escaped data in mantis_project_table',
 154          'upgrade_escaping_fix_7' );
 155  
 156  	function upgrade_escaping_fix_7() {
 157          global $t_project_table;
 158          return upgrade_fix_strings( $t_project_table, 'id',
 159              array( 'name', 'file_path', 'description' ) );
 160      }
 161  
 162      $upgrades[] = new FunctionUpgrade(
 163          'escaping-fix-8',
 164          'Fix double escaped data in mantis_user_profile_table',
 165          'upgrade_escaping_fix_8' );
 166  
 167  	function upgrade_escaping_fix_8() {
 168          global $t_user_profile_table;
 169          return upgrade_fix_strings( $t_user_profile_table, 'id',
 170              array( 'platform', 'os', 'os_build', 'description' ) );
 171      }
 172  
 173      $upgrades[] = new FunctionUpgrade(
 174          'escaping-fix-9',
 175          'Fix double escaped data in mantis_bug_history_table',
 176          'upgrade_escaping_fix_9' );
 177  
 178  	function upgrade_escaping_fix_9() {
 179          global $t_bug_history_table;
 180  
 181          if ( db_field_exists( 'id', $t_bug_history_table ) ) {
 182              return upgrade_fix_strings( $t_bug_history_table, 'id',
 183                  array( 'field_name', 'old_value', 'new_value' ) );
 184          }
 185  
 186          return false;
 187      }
 188  
 189      $upgrades[] = new SQLUpgrade(
 190          'escaping-fix-10',
 191          'Remove history entries where type=0 and the old value = new value.  These existed because of escaping errors',
 192          "DELETE FROM $t_bug_history_table
 193            WHERE (type = 0) AND (old_value = new_value)");
 194  
 195      return $upgrades;
 196  ?>