summaryrefslogtreecommitdiffstats
path: root/inc
diff options
context:
space:
mode:
authorRobin Appelman <icewind1991@gmail.com>2010-09-28 23:06:29 +0200
committerRobin Appelman <icewind1991@gmail.com>2010-09-28 23:06:29 +0200
commit3e77f3f56b53c9733f27408d1c31b5c2c29b3a39 (patch)
tree254011f99cec3c67cb35944b59587c51c0a61dcb /inc
parentd4fa1ddaa152723eb100bb7c732d624d8305ba2c (diff)
downloadnextcloud-server-3e77f3f56b53c9733f27408d1c31b5c2c29b3a39.tar.gz
nextcloud-server-3e77f3f56b53c9733f27408d1c31b5c2c29b3a39.zip
fix sqlite compatibility for webdav server
Diffstat (limited to 'inc')
-rw-r--r--inc/HTTP/WebDAV/Server/Filesystem.php38
1 files changed, 22 insertions, 16 deletions
diff --git a/inc/HTTP/WebDAV/Server/Filesystem.php b/inc/HTTP/WebDAV/Server/Filesystem.php
index ea0625a5a1e..30c19fd29a6 100644
--- a/inc/HTTP/WebDAV/Server/Filesystem.php
+++ b/inc/HTTP/WebDAV/Server/Filesystem.php
@@ -512,15 +512,17 @@
}
$destpath = $this->_unslashify($options["dest"]);
if (is_dir($source)) {
+ $dpath=OC_DB::escape($destpath);
+ $path=OC_DB::escape($options["path"]);
$query = "UPDATE {$CONFIG_DBTABLEPREFIX}properties
- SET path = REPLACE(path, '".$options["path"]."', '".$destpath."')
- WHERE path LIKE '".$this->_slashify($options["path"])."%'";
+ SET path = REPLACE(path, '$path', '$dpath')
+ WHERE path LIKE '$path%'";
OC_DB::query($query);
}
$query = "UPDATE {$CONFIG_DBTABLEPREFIX}properties
- SET path = '".$destpath."'
- WHERE path = '".$options["path"]."'";
+ SET path = '$dpath'
+ WHERE path = '$path'";
OC_DB::query($query);
} else {
if (OC_FILESYSTEM::is_dir($source)) {
@@ -553,7 +555,7 @@
}
} else {
if (!OC_FILESYSTEM::copy($file, $destfile)) {
- return "409 Conflict";
+ return "409 Conflict($source) $file --> $destfile ".implode('::',$files);
}
}
}
@@ -581,10 +583,14 @@
if ($prop["ns"] == "DAV:") {
$options["props"][$key]['status'] = "403 Forbidden";
} else {
+ $path=OC_DB::escape($options['path']);
+ $name=OC_DB::escape($prop['name']);
+ $ns=OC_DB::escape($prop['ns']);
+ $val=OC_DB::escape($prop['val']);
if (isset($prop["val"])) {
- $query = "REPLACE INTO {$CONFIG_DBTABLEPREFIX}properties SET path = '$options[path]', name = '$prop[name]', ns= '$prop[ns]', value = '$prop[val]'";
+ $query = "REPLACE INTO {$CONFIG_DBTABLEPREFIX}properties (path,name,ns,value) VALUES('$path','$name','$ns','$val')";
} else {
- $query = "DELETE FROM {$CONFIG_DBTABLEPREFIX}properties WHERE path = '$options[path]' AND name = '$prop[name]' AND ns = '$prop[ns]'";
+ $query = "DELETE FROM {$CONFIG_DBTABLEPREFIX}properties WHERE path = '$path' AND name = '$name' AND ns = '$ns'";
}
OC_DB::query($query);
}
@@ -659,15 +665,15 @@
}
}
- $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}locks`
- SET `token` = '$options[locktoken]'
- , `path` = '$options[path]'
- , `created` = ".time()."
- , `modified` = ".time()."
- , `owner` = '$options[owner]'
- , `expires` = '$options[timeout]'
- , `exclusivelock` = " .($options['scope'] === "exclusive" ? "1" : "0")."
- , `recursive` = $recursion";
+ $locktoken=OC_DB::escape($options['locktoken']);
+ $path=OC_DB::escape($options['path']);
+ $time=time();
+ $owner=OC_DB::escape($options['owner']);
+ $timeout=OC_DB::escape($options['timeout']);
+ $exclusive=($options['scope'] === "exclusive" ? "1" : "0");
+ $query = "INSERT INTO `{$CONFIG_DBTABLEPREFIX}locks`
+(`token`,`path`,`created`,`modified`,`owner`,`expires`,`exclusivelock`,`recursive`)
+VALUES ('$locktoken','$path',$time,$time,'$owner','timeout',$exclusive,$recursion)";
OC_DB::query($query);
$rows=OC_DB::affected_rows();
if(!OC_FILESYSTEM::file_exists($fspath) and $rows>0) {