From 3e743ea1f24483f71f378a310fcf21078d9cda8f Mon Sep 17 00:00:00 2001 From: helge Date: Fri, 20 Jul 2007 10:21:01 +0000 Subject: [PATCH] fixed OGo bug #1883 git-svn-id: http://svn.opengroupware.org/SOPE/trunk@1512 e4a50df8-12e2-0310-a44c-efbce7f8a7e3 --- sope-gdl1/GDLContentStore/ChangeLog | 9 +++ sope-gdl1/GDLContentStore/GCSFolderManager.m | 62 +++++++++++++------- sope-gdl1/GDLContentStore/Version | 2 +- 3 files changed, 52 insertions(+), 21 deletions(-) diff --git a/sope-gdl1/GDLContentStore/ChangeLog b/sope-gdl1/GDLContentStore/ChangeLog index 1b062a94..4973f64f 100644 --- a/sope-gdl1/GDLContentStore/ChangeLog +++ b/sope-gdl1/GDLContentStore/ChangeLog @@ -1,3 +1,12 @@ +2007-07-20 Helge Hess + + * GCSFolderManager.m: added 'some' rollback after an error (v4.7.48) + +2007-07-20 Wolfgang Sourdeau + + * GCSFolderManager.m: fixed a bug in last check, DROP TABLE is allowed + to fail in the given context (bug #1883) (v4.7.47) + 2007-07-11 Helge Hess * GCSFolderManager.m: added some error checking, plenty of open ends diff --git a/sope-gdl1/GDLContentStore/GCSFolderManager.m b/sope-gdl1/GDLContentStore/GCSFolderManager.m index 8932c98e..dfb64925 100644 --- a/sope-gdl1/GDLContentStore/GCSFolderManager.m +++ b/sope-gdl1/GDLContentStore/GCSFolderManager.m @@ -710,10 +710,10 @@ static NSCharacterSet *asciiAlphaNumericCS = nil; NSException *error; NSString *sql; - if ([[self performSQL: [NSString stringWithFormat: @"SELECT * FROM %@" - @" WHERE c_path = '%@'", - [self folderInfoTableName], _path]] - isNotEmpty]) { + // TBD: fix SQL injection issue! + sql = [NSString stringWithFormat: @"SELECT * FROM %@ WHERE c_path = '%@'", + [self folderInfoTableName], _path]; + if ([[self performSQL: sql] isNotEmpty]) { return [NSException exceptionWithName:@"GCSExitingFolder" reason:@"a folder already exists at that path" userInfo:nil]; @@ -727,43 +727,64 @@ static NSCharacterSet *asciiAlphaNumericCS = nil; reason:@"could not open channel" userInfo:nil]; } - + tableName = [self baseTableNameForFolderAtPath: _path]; baseURL = [[folderInfoLocation absoluteString] stringByDeletingLastPathComponent]; tableName = [self finalizedTableNameForBaseName: tableName atBaseURL: baseURL withChannel: channel]; - quickTableName = [NSString stringWithFormat: @"%@_quick", tableName]; - aclTableName = [NSString stringWithFormat: @"%@_acl", tableName]; - + quickTableName = [tableName stringByAppendingString: @"_quick"]; + aclTableName = [tableName stringByAppendingString: @"_acl"]; + + sql = [@"DROP TABLE " stringByAppendingString:quickTableName]; + if ((error = [channel evaluateExpressionX:sql]) != nil) + ; // 'DROP TABLE' is allowed to fail (DROP IF EXISTS is not in PG<8.2) + sql = [@"DROP TABLE " stringByAppendingString:tableName]; if ((error = [channel evaluateExpressionX:sql]) != nil) - return error; + ; // 'DROP TABLE' is allowed to fail (DROP IF EXISTS is not in PG<8.2) - sql = [@"DROP TABLE " stringByAppendingString:quickTableName]; + sql = [@"DROP TABLE " stringByAppendingString:aclTableName]; if ((error = [channel evaluateExpressionX:sql]) != nil) - return error; + ; // 'DROP TABLE' is allowed to fail (DROP IF EXISTS is not in PG<8.2) sql = [self sqlCreateWithTableName: tableName]; if ((error = [channel evaluateExpressionX:sql]) != nil) return error; - - sql = [ftype sqlQuickCreateWithTableName: quickTableName]; - if ((error = [channel evaluateExpressionX:sql]) != nil) - return error; - sql = [@"DROP TABLE " stringByAppendingString:aclTableName]; - if ((error = [channel evaluateExpressionX:sql]) != nil) + sql = [ftype sqlQuickCreateWithTableName: quickTableName]; + if ((error = [channel evaluateExpressionX:sql]) != nil) { + /* 'rollback' TBD: wrap in proper tx */ + sql = [@"DROP TABLE " stringByAppendingString:tableName]; + if ((error = [channel evaluateExpressionX:sql]) != nil) { + [self warnWithFormat:@"failed to drop freshly created table: %@", + tableName]; + } + return error; + } sql = [self sqlAclCreateWithTableName: aclTableName]; - if ((error = [channel evaluateExpressionX:sql]) != nil) + if ((error = [channel evaluateExpressionX:sql]) != nil) { + /* 'rollback' TBD: wrap in proper tx */ + sql = [@"DROP TABLE " stringByAppendingString:quickTableName]; + if ((error = [channel evaluateExpressionX:sql]) != nil) { + [self warnWithFormat:@"failed to drop freshly created table: %@", + tableName]; + } + sql = [@"DROP TABLE " stringByAppendingString:tableName]; + if ((error = [channel evaluateExpressionX:sql]) != nil) { + [self warnWithFormat:@"failed to drop freshly created table: %@", + tableName]; + } + return error; + } paths = [[NSMutableArray alloc] initWithCapacity: 5]; pathElements = [[_path componentsSeparatedByString: @"/"] objectEnumerator]; - while ((pathElement = [pathElements nextObject]) != nil) { + while ((pathElement = [pathElements nextObject]) != nil) { NSString *p = [[NSString alloc] initWithFormat: @"'%@'", pathElement]; [paths addObject: p]; [p release]; p = nil; @@ -771,7 +792,8 @@ static NSCharacterSet *asciiAlphaNumericCS = nil; while ([paths count] < 5) [paths addObject: @"NULL"]; - + + // TBD: fix SQL injection issues sql = [NSString stringWithFormat: @"INSERT INTO %@" @" (c_path, c_path1, c_path2, c_path3, c_path4," @" c_foldername, c_location, c_quick_location," diff --git a/sope-gdl1/GDLContentStore/Version b/sope-gdl1/GDLContentStore/Version index e03084c9..780e00ac 100644 --- a/sope-gdl1/GDLContentStore/Version +++ b/sope-gdl1/GDLContentStore/Version @@ -2,7 +2,7 @@ MAJOR_VERSION:=4 MINOR_VERSION:=7 -SUBMINOR_VERSION:=46 +SUBMINOR_VERSION:=48 # v4.5.29 requires libNGExtensions v4.5.161 # v4.5.26 does not require libNGiCal anymore -- 2.39.5