diff --git a/ajax/settings.php b/ajax/settings.php index 87b936c..28ecce3 100644 --- a/ajax/settings.php +++ b/ajax/settings.php @@ -61,53 +61,89 @@ if(isset($_POST['appname']) && ($_POST['appname'] === 'user_sql') && isset($_POS { // Save the settings for the given domain to the database case 'saveSettings': - foreach($params as $param) + $parameters = array('host' => $_POST['sql_hostname'], + 'password' => $_POST['sql_password'], + 'user' => $_POST['sql_username'], + 'dbname' => $_POST['sql_database'], + 'tablePrefix' => '' + ); + + // Check if the table exists + if(!$helper->verifyTable($parameters, $_POST['sql_driver'], $_POST['sql_table'])) + { + $response->setData(array('status' => 'error', + 'data' => array('message' => $l -> t('The selected SQL table '.$_POST['sql_table'].' does not exist!')))); + break; + } + + // Retrieve all column settings + $columns = array(); + foreach($params as $param) + { + if(strpos($param, 'col_') === 0) { - // Special handling for checkbox fields - if(isset($_POST[$param])) + if(isset($_POST[$param]) && $_POST[$param] !== '') + $columns[] = $_POST[$param]; + } + } + + // Check if the columns exist + $status = $helper->verifyColumns($parameters, $_POST['sql_driver'], $_POST['sql_table'], $columns); + if($status !== true) + { + $response->setData(array('status' => 'error', + 'data' => array('message' => $l -> t('The selected SQL column(s) do(es) not exist: '.$status)))); + break; + } + + // If we reach this point, all settings have been verified + foreach($params as $param) + { + // Special handling for checkbox fields + if(isset($_POST[$param])) + { + if($param === 'set_strip_domain') { - if($param === 'set_strip_domain') - { - \OC::$server->getConfig()->setAppValue('user_sql', 'set_strip_domain_'.$domain, 'true'); - } - elseif($param === 'set_allow_pwchange') - { - \OC::$server->getConfig()->setAppValue('user_sql', 'set_allow_pwchange_'.$domain, 'true'); - } - elseif($param === 'set_active_invert') - { - \OC::$server->getConfig()->setAppValue('user_sql', 'set_active_invert_'.$domain, 'true'); - } - elseif($param === 'set_enable_gethome') - { - \OC::$server->getConfig()->setAppValue('user_sql', 'set_enable_gethome_'.$domain, 'true'); - } - else - { - \OC::$server->getConfig()->setAppValue('user_sql', $param.'_'.$domain, $_POST[$param]); - } - } else + \OC::$server->getConfig()->setAppValue('user_sql', 'set_strip_domain_'.$domain, 'true'); + } + elseif($param === 'set_allow_pwchange') { - if($param === 'set_strip_domain') - { - \OC::$server->getConfig()->setAppValue('user_sql', 'set_strip_domain_'.$domain, 'false'); - } - elseif($param === 'set_allow_pwchange') - { - \OC::$server->getConfig()->setAppValue('user_sql', 'set_allow_pwchange_'.$domain, 'false'); - } - elseif($param === 'set_active_invert') - { - \OC::$server->getConfig()->setAppValue('user_sql', 'set_active_invert_'.$domain, 'false'); - } - elseif($param === 'set_enable_gethome') - { - \OC::$server->getConfig()->setAppValue('user_sql', 'set_enable_gethome_'.$domain, 'false'); - } + \OC::$server->getConfig()->setAppValue('user_sql', 'set_allow_pwchange_'.$domain, 'true'); + } + elseif($param === 'set_active_invert') + { + \OC::$server->getConfig()->setAppValue('user_sql', 'set_active_invert_'.$domain, 'true'); + } + elseif($param === 'set_enable_gethome') + { + \OC::$server->getConfig()->setAppValue('user_sql', 'set_enable_gethome_'.$domain, 'true'); + } + else + { + \OC::$server->getConfig()->setAppValue('user_sql', $param.'_'.$domain, $_POST[$param]); + } + } else + { + if($param === 'set_strip_domain') + { + \OC::$server->getConfig()->setAppValue('user_sql', 'set_strip_domain_'.$domain, 'false'); + } + elseif($param === 'set_allow_pwchange') + { + \OC::$server->getConfig()->setAppValue('user_sql', 'set_allow_pwchange_'.$domain, 'false'); + } + elseif($param === 'set_active_invert') + { + \OC::$server->getConfig()->setAppValue('user_sql', 'set_active_invert_'.$domain, 'false'); + } + elseif($param === 'set_enable_gethome') + { + \OC::$server->getConfig()->setAppValue('user_sql', 'set_enable_gethome_'.$domain, 'false'); } } - $response->setData(array('status' => 'success', - 'data' => array('message' => $l -> t('Application settings successfully stored.')))); + } + $response->setData(array('status' => 'success', + 'data' => array('message' => $l -> t('Application settings successfully stored.')))); break; // Load the settings for a given domain @@ -160,69 +196,56 @@ if(isset($_POST['appname']) && ($_POST['appname'] === 'user_sql') && isset($_POS // Get the autocompletion values for a column case 'getColumnAutocomplete': - $cm = new \OC\DB\ConnectionFactory(); - $search = $_POST['request']; - $table = $_POST['sql_table']; + + $parameters = array('host' => $_POST['sql_hostname'], 'password' => $_POST['sql_password'], 'user' => $_POST['sql_username'], 'dbname' => $_POST['sql_database'], 'tablePrefix' => '' ); - try { - $conn = $cm -> getConnection($_POST['sql_driver'], $parameters); - $platform = $conn -> getDatabasePlatform(); - $query = $platform -> getListTableColumnsSQL($table); - $result = $conn -> executeQuery($query); - $ret = array(); - while($row = $result -> fetch()) - { - $name = $row['Field']; - if(($search === '') || ($search === 'search') || (strpos($name, $search) === 0)) - { - $ret[] = array('label' => $name, - 'value' => $name); - } - } - $response -> setData($ret); - } - catch(\Exception $e) + + if($helper->verifyTable($parameters, $_POST['sql_driver'], $_POST['sql_table'])) + $columns = $helper->getColumns($parameters, $_POST['sql_driver'], $_POST['sql_table']); + else + $columns = array(); + + $search = $_POST['request']; + $ret = array(); + + foreach($columns as $name) { - $response->setData(array()); + if(($search === '') || ($search === 'search') || (strpos($name, $search) === 0)) + { + $ret[] = array('label' => $name, + 'value' => $name); + } } + $response -> setData($ret); break; // Get the autocompletion values for a table case 'getTableAutocomplete': - $cm = new \OC\DB\ConnectionFactory(); - $search = $_POST['request']; $parameters = array('host' => $_POST['sql_hostname'], 'password' => $_POST['sql_password'], 'user' => $_POST['sql_username'], 'dbname' => $_POST['sql_database'], 'tablePrefix' => '' ); - try { - $conn = $cm -> getConnection($_POST['sql_driver'], $parameters); - $platform = $conn -> getDatabasePlatform(); - $query = $platform -> getListTablesSQL(); - $result = $conn -> executeQuery($query); - $ret = array(); - while($row = $result -> fetch()) - { - $name = $row['Tables_in_'.$_POST['sql_database']]; - if(($search === '') || ($search === 'search') || (strpos($name, $search) === 0)) - { - $ret[] = array('label' => $name, - 'value' => $name); - } - } - $response -> setData($ret); - } - catch(\Exception $e) + + $tables = $helper->getTables($parameters, $_POST['sql_driver']); + + $search = $_POST['request']; + $ret = array(); + foreach($tables as $name) { - $response->setData(array()); + if(($search === '') || ($search === 'search') || (strpos($name, $search) === 0)) + { + $ret[] = array('label' => $name, + 'value' => $name); + } } + $response -> setData($ret); break; } diff --git a/lib/helper.php b/lib/helper.php index b4a49e0..8964ef9 100644 --- a/lib/helper.php +++ b/lib/helper.php @@ -246,6 +246,103 @@ class Helper { return false; } } + + /** + * Check if all of the given columns exist + * @param array $parameters The connection parameters + * @param string $sql_driver The SQL driver to use + * @param string $table The table name to check + * @param array $cols The columns to check + * @param array True if found, otherwise false + */ + public function verifyColumns($parameters, $sql_driver, $table, $cols) + { + $columns = $this->getColumns($parameters, $sql_driver, $table); + $res = true; + $err = ''; + foreach($cols as $col) + { + if(!in_array($col, $columns, true)) + { + $res = false; + $err .= $col.' '; + } + } + if($res) + return true; + else + return $err; + } + + /** + * Check if a given table exists + * @param array $parameters The connection parameters + * @param string $sql_driver The SQL driver to use + * @param string $table The table name to check + * @param array True if found, otherwise false + */ + public function verifyTable($parameters, $sql_driver, $table) + { + $tables = $this->getTables($parameters, $sql_driver); + return in_array($table, $tables, true); + } + + /** + * Retrieve a list of tables for the given connection parameters + * @param array $parameters The connection parameters + * @param string $sql_driver The SQL driver to use + * @return array The found tables, empty if an error occured + */ + public function getTables($parameters, $sql_driver) + { + $cm = new \OC\DB\ConnectionFactory(); + try { + $conn = $cm -> getConnection($sql_driver, $parameters); + $platform = $conn -> getDatabasePlatform(); + $query = $platform -> getListTablesSQL(); + $result = $conn -> executeQuery($query); + $ret = array(); + while($row = $result -> fetch()) + { + $name = $row['Tables_in_'.$parameters['dbname']]; + $ret[] = $name; + } + return $ret; + } + catch(\Exception $e) + { + return array(); + } + } + + /** + * Retrieve a list of columns for the given connection parameters + * @param array $parameters The connection parameters + * @param string $sql_driver The SQL driver to use + * @param string $table The SQL table to work with + * @return array The found column, empty if an error occured + */ + public function getColumns($parameters, $sql_driver, $table) + { + $cm = new \OC\DB\ConnectionFactory(); + try { + $conn = $cm -> getConnection($sql_driver, $parameters); + $platform = $conn -> getDatabasePlatform(); + $query = $platform -> getListTableColumnsSQL($table); + $result = $conn -> executeQuery($query); + $ret = array(); + while($row = $result -> fetch()) + { + $name = $row['Field']; + $ret[] = $name; + } + return $ret; + } + catch(\Exception $e) + { + return array(); + } + } }