fixed OGo bug #1883

git-svn-id: http://svn.opengroupware.org/SOPE/trunk@1512 e4a50df8-12e2-0310-a44c-efbce7f8a7e3

diff --git a/sope-gdl1/GDLContentStore/ChangeLog b/sope-gdl1/GDLContentStore/ChangeLog
index 1b062a949eb789a3a358fc077ff21a005a0a1828..4973f64f95b69c0b6277d67fa1dd80fff42bd1ac 100644 (file)
--- a/sope-gdl1/GDLContentStore/ChangeLog
+++ b/sope-gdl1/GDLContentStore/ChangeLog
@@ -1,3 +1,12 @@
+2007-07-20  Helge Hess  <helge.hess@opengroupware.org>
+
+       * GCSFolderManager.m: added 'some' rollback after an error (v4.7.48)
+
+2007-07-20  Wolfgang Sourdeau  <WSourdeau@Inverse.CA>
+
+       * GCSFolderManager.m: fixed a bug in last check, DROP TABLE is allowed
+         to fail in the given context (bug #1883) (v4.7.47)
+
 2007-07-11  Helge Hess  <helge.hess@opengroupware.org>
 
        * GCSFolderManager.m: added some error checking, plenty of open ends

diff --git a/sope-gdl1/GDLContentStore/GCSFolderManager.m b/sope-gdl1/GDLContentStore/GCSFolderManager.m
index 8932c98e8a54a7c7888d9755ee5cac09b9030014..dfb64925ef673978648df5951659f81f4f944e05 100644 (file)
--- a/sope-gdl1/GDLContentStore/GCSFolderManager.m
+++ b/sope-gdl1/GDLContentStore/GCSFolderManager.m
@@ -710,10 +710,10 @@ static NSCharacterSet *asciiAlphaNumericCS    = nil;
   NSException      *error;
   NSString         *sql;
 
-  if ([[self performSQL: [NSString stringWithFormat: @"SELECT * FROM %@"
-                                 @" WHERE c_path = '%@'",
-                                 [self folderInfoTableName], _path]]
-       isNotEmpty]) {
+  // TBD: fix SQL injection issue!
+  sql = [NSString stringWithFormat: @"SELECT * FROM %@ WHERE c_path = '%@'",
+                   [self folderInfoTableName], _path];
+  if ([[self performSQL: sql] isNotEmpty]) {
     return [NSException exceptionWithName:@"GCSExitingFolder"
                        reason:@"a folder already exists at that path"
                        userInfo:nil];
@@ -727,43 +727,64 @@ static NSCharacterSet *asciiAlphaNumericCS    = nil;
                        reason:@"could not open channel"
                        userInfo:nil];
   }
-
+  
   tableName = [self baseTableNameForFolderAtPath: _path];
   baseURL
     = [[folderInfoLocation absoluteString] stringByDeletingLastPathComponent];
   tableName = [self finalizedTableNameForBaseName: tableName
                    atBaseURL: baseURL withChannel: channel];
-  quickTableName = [NSString stringWithFormat: @"%@_quick", tableName];
-  aclTableName   = [NSString stringWithFormat: @"%@_acl",   tableName];
-
+  quickTableName = [tableName stringByAppendingString: @"_quick"];
+  aclTableName   = [tableName stringByAppendingString: @"_acl"];
+  
+  sql = [@"DROP TABLE " stringByAppendingString:quickTableName];
+  if ((error = [channel evaluateExpressionX:sql]) != nil)
+    ; // 'DROP TABLE' is allowed to fail (DROP IF EXISTS is not in PG<8.2)
+  
   sql = [@"DROP TABLE " stringByAppendingString:tableName];
   if ((error = [channel evaluateExpressionX:sql]) != nil)
-    return error;
+    ; // 'DROP TABLE' is allowed to fail (DROP IF EXISTS is not in PG<8.2)
 
-  sql = [@"DROP TABLE " stringByAppendingString:quickTableName];
+  sql = [@"DROP TABLE " stringByAppendingString:aclTableName];
   if ((error = [channel evaluateExpressionX:sql]) != nil)
-    return error;
+    ; // 'DROP TABLE' is allowed to fail (DROP IF EXISTS is not in PG<8.2)
   
   sql = [self sqlCreateWithTableName: tableName];
   if ((error = [channel evaluateExpressionX:sql]) != nil)
     return error;
-
-  sql = [ftype sqlQuickCreateWithTableName: quickTableName];
-  if ((error = [channel evaluateExpressionX:sql]) != nil)
-    return error;
   
-  sql = [@"DROP TABLE " stringByAppendingString:aclTableName];
-  if ((error = [channel evaluateExpressionX:sql]) != nil)
+  sql = [ftype sqlQuickCreateWithTableName: quickTableName];
+  if ((error = [channel evaluateExpressionX:sql]) != nil) {
+    /* 'rollback' TBD: wrap in proper tx */
+    sql = [@"DROP TABLE " stringByAppendingString:tableName];
+    if ((error = [channel evaluateExpressionX:sql]) != nil) {
+      [self warnWithFormat:@"failed to drop freshly created table: %@", 
+             tableName];
+    }
+    
     return error;
+  }
   
   sql = [self sqlAclCreateWithTableName: aclTableName];
-  if ((error = [channel evaluateExpressionX:sql]) != nil)
+  if ((error = [channel evaluateExpressionX:sql]) != nil) {
+    /* 'rollback' TBD: wrap in proper tx */
+    sql = [@"DROP TABLE " stringByAppendingString:quickTableName];
+    if ((error = [channel evaluateExpressionX:sql]) != nil) {
+      [self warnWithFormat:@"failed to drop freshly created table: %@", 
+             tableName];
+    }
+    sql = [@"DROP TABLE " stringByAppendingString:tableName];
+    if ((error = [channel evaluateExpressionX:sql]) != nil) {
+      [self warnWithFormat:@"failed to drop freshly created table: %@", 
+             tableName];
+    }
+    
     return error;
+  }
   
   paths = [[NSMutableArray alloc] initWithCapacity: 5];
 
   pathElements = [[_path componentsSeparatedByString: @"/"] objectEnumerator];
-  while ((pathElement  = [pathElements nextObject]) != nil) {
+  while ((pathElement = [pathElements nextObject]) != nil) {
     NSString *p = [[NSString alloc] initWithFormat: @"'%@'", pathElement];
     [paths addObject: p];
     [p release]; p = nil;
@@ -771,7 +792,8 @@ static NSCharacterSet *asciiAlphaNumericCS    = nil;
   
   while ([paths count] < 5)
     [paths addObject: @"NULL"];
-
+  
+  // TBD: fix SQL injection issues
   sql = [NSString stringWithFormat: @"INSERT INTO %@"
                        @"        (c_path, c_path1, c_path2, c_path3, c_path4,"
                        @"         c_foldername, c_location, c_quick_location,"

diff --git a/sope-gdl1/GDLContentStore/Version b/sope-gdl1/GDLContentStore/Version
index e03084c928ed55a5d47f0909871bdc649df3132d..780e00ac4eb91d457f1667a301271d26f97dc4ea 100644 (file)
--- a/sope-gdl1/GDLContentStore/Version
+++ b/sope-gdl1/GDLContentStore/Version
@@ -2,7 +2,7 @@
 
 MAJOR_VERSION:=4
 MINOR_VERSION:=7
-SUBMINOR_VERSION:=46
+SUBMINOR_VERSION:=48
 
 # v4.5.29 requires libNGExtensions v4.5.161
 # v4.5.26 does not require libNGiCal anymore