* src/odbc/ejabberd_odbc.erl: underscore and percent are now only

escaped in like queries. MySQL where not escaping those escaped characters in other context (EJAB-24) * src/mod_vcard_odbc.erl: likewise. * src/odbc/mysql.sql: Fixed MySQL database creation script: Was not properly working with all MySQL version. SVN Revision: 484
2024-11-20 16:15:59 +01:00 · 2006-01-13 10:59:52 +00:00 · 2006-01-13 10:59:52 +00:00 · 54a1ced6f6
commit 54a1ced6f6
parent 6bb510d99e
4 changed files with 49 additions and 43 deletions
--- a/9
+++ b/9
@ -1,3 +1,12 @@
+2006-01-13  Mickaël Rémond  <mickael.remond@process-one.net>
+
+	* src/odbc/ejabberd_odbc.erl: underscore and percent are now only
+	escaped in like queries. MySQL where not escaping those escaped
+	characters in other context.
+	* src/mod_vcard_odbc.erl: likewise.
+	* src/odbc/mysql.sql: Fixed MySQL database creation script: Was
+	not properly working with all MySQL version.
+	
 2006-01-13  Alexey Shchepin  <alexey@sevcom.net>

 	* src/ejabberd_service.erl: Bugfix
--- a/src/mod_vcard_odbc.erl
+++ b/src/mod_vcard_odbc.erl
@ -131,7 +131,6 @@ process_sm_iq(From, To, #iq{type = Type, sub_el = SubEl} = IQ) ->
 	    end;
 	get ->
 	    #jid{luser = LUser, lserver = LServer} = To,
-	    US = {LUser, LServer},
 	    Username = ejabberd_odbc:escape(LUser),
 	    case catch ejabberd_odbc:sql_query(
 			 LServer,
@ -186,8 +185,6 @@ set_vcard(User, LServer, VCARD) ->
    LOrgName  = stringprep:tolower(OrgName),
    LOrgUnit  = stringprep:tolower(OrgUnit),

-    US = {LUser, LServer},
-
    if
 	(LUser     == error) or
 	(LFN       == error) or
@ -559,12 +556,7 @@ make_val(Match, Field, Val) ->
 	case lists:suffix("*", Val) of
 	    true ->
 		Val1 = lists:sublist(Val, length(Val) - 1),
-		Val2 = lists:flatten([case C of
-					  $_ -> "\\_";
-					  $% -> "\\%";
-					  _ -> C
-				      end || C <- Val1]),
-		SVal = ejabberd_odbc:escape(Val2 ++ "%"),
+		SVal = ejabberd_odbc:escape_like(Val1) ++ "%",
 		[Field, " LIKE '", SVal, "'"];
 	    _ ->
 		SVal = ejabberd_odbc:escape(Val),
--- a/src/odbc/ejabberd_odbc.erl
+++ b/src/odbc/ejabberd_odbc.erl
@ -17,7 +17,8 @@
 	 sql_query/2,
 	 sql_query_t/1,
 	 sql_transaction/2,
-	 escape/1]).
+	 escape/1,
+	 escape_like/1]).

 %% gen_server callbacks
 -export([init/1,
@ -84,20 +85,27 @@ sql_query_t(Query) ->
 	    QRes
    end.

-escape(S) ->
-    [case C of
-	 $\0 -> "\\0";
-	 $\n -> "\\n";
-	 $\t -> "\\t";
-	 $\b -> "\\b";
-	 $\r -> "\\r";
-	 $'  -> "\\'";
-	 $"  -> "\\\"";
-	 $%  -> "\\%";
-	 $_  -> "\\_";
-	 $\\ -> "\\\\";
-	 _ -> C
-     end || C <- S].
+%% Escape character that will confuse an SQL engine
+escape(S) when is_list(S) ->
+    [escape(C) || C <- S];
+escape($\0) -> "\\0";
+escape($\n) -> "\\n";
+escape($\t) -> "\\t";
+escape($\b) -> "\\b";
+escape($\r) -> "\\r";
+escape($')  -> "\\'";
+escape($")  -> "\\\"";
+escape($\\) -> "\\\\";
+escape(C)   -> C.
+
+%% Escape character that will confuse an SQL engine
+%% Percent and underscore only need to be escaped for pattern matching like
+%% statement
+escape_like(S) when is_list(S) ->
+    [escape_like(C) || C <- S];
+escape_like($%) -> "\\%";
+escape_like($_) -> "\\_";
+escape_like(C)  -> escape(C).


 %%%----------------------------------------------------------------------
--- a/src/odbc/mysql.sql
+++ b/src/odbc/mysql.sql
@ -1,14 +1,16 @@
+-- Needs MySQL max with innodb back-end
+
 CREATE TABLE users (
    username varchar(250) PRIMARY KEY,
    password text NOT NULL
-);
+) TYPE=InnoDB CHARACTER SET utf8;


 CREATE TABLE last (
    username varchar(250) PRIMARY KEY,
    seconds text NOT NULL,
    state text
-);
+) TYPE=InnoDB CHARACTER SET utf8;


 CREATE TABLE rosterusers (
@ -20,32 +22,35 @@ CREATE TABLE rosterusers (
    server character(1) NOT NULL,
    subscribe text,
    type text
-);
+) TYPE=InnoDB CHARACTER SET utf8;

-CREATE UNIQUE INDEX i_rosteru_user_jid USING BTREE ON rosterusers(username, jid);
-CREATE INDEX i_rosteru_username USING BTREE ON rosterusers(username);
-CREATE INDEX i_rosteru_jid USING BTREE ON rosterusers(jid);
+CREATE UNIQUE INDEX i_rosteru_user_jid USING HASH ON rosterusers(username(75), jid(75));
+CREATE INDEX i_rosteru_username USING HASH ON rosterusers(username);
+CREATE INDEX i_rosteru_jid USING HASH ON rosterusers(jid);

 CREATE TABLE rostergroups (
    username varchar(250) NOT NULL,
    jid varchar(250) NOT NULL,
    grp text NOT NULL
-);
+) TYPE=InnoDB CHARACTER SET utf8;
+
+CREATE INDEX pk_rosterg_user_jid USING HASH ON rostergroups(username(75), jid(75));

-CREATE INDEX pk_rosterg_user_jid USING BTREE ON rostergroups(username, jid);

 CREATE TABLE spool (
    username varchar(250) NOT NULL,
    xml text,
    seq SERIAL
-);
+) TYPE=InnoDB CHARACTER SET utf8;

 CREATE INDEX i_despool USING BTREE ON spool(username);

+
 CREATE TABLE vcard (
    username varchar(250) PRIMARY KEY,
    vcard text NOT NULL
-);
+) TYPE=InnoDB CHARACTER SET utf8;
+

 CREATE TABLE vcard_search (
    username varchar(250) NOT NULL,
@ -72,7 +77,7 @@ CREATE TABLE vcard_search (
    lorgname varchar(250) NOT NULL,
    orgunit text NOT NULL,
    lorgunit varchar(250) NOT NULL
-);
+) TYPE=InnoDB CHARACTER SET utf8;

 CREATE INDEX i_vcard_search_lfn       ON vcard_search(lfn);
 CREATE INDEX i_vcard_search_lfamily   ON vcard_search(lfamily);
@ -86,11 +91,3 @@ CREATE INDEX i_vcard_search_lemail    ON vcard_search(lemail);
 CREATE INDEX i_vcard_search_lorgname  ON vcard_search(lorgname);
 CREATE INDEX i_vcard_search_lorgunit  ON vcard_search(lorgunit);

-- Needs MySQL max with innodb back-end
-ALTER TABLE users ENGINE = InnoDB;
-ALTER TABLE rosterusers ENGINE = InnoDB;
-ALTER TABLE rostergroups ENGINE = InnoDB;
-ALTER TABLE last ENGINE = InnoDB; 
-ALTER TABLE vcard ENGINE = InnoDB; 
-ALTER TABLE vcard_search ENGINE = InnoDB; 
-ALTER TABLE spool ENGINE = InnoDB;