Chapril/xmpp.chapril.org-ejabberd
24
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-06-02 21:17:12 +02:00
Code Releases Activity

* src/odbc/ejabberd_odbc.erl: underscore and percent are now only

Browse Source 
escaped in like queries. MySQL where not escaping those escaped
characters in other context (EJAB-24)
* src/mod_vcard_odbc.erl: likewise.
* src/odbc/mysql.sql: Fixed MySQL database creation script: Was
not properly working with all MySQL version.

SVN Revision: 484
This commit is contained in:
Mickaël Rémond 2006-01-13 10:59:52 +00:00
parent 6bb510d99e
commit 54a1ced6f6
4 changed files with 49 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ChangeLog
View File

@ -1,3 +1,12 @@
2006-01-13 Mickaël Rémond <mickael.remond@process-one.net>
* src/odbc/ejabberd_odbc.erl: underscore and percent are now only
escaped in like queries. MySQL where not escaping those escaped
characters in other context.
* src/mod_vcard_odbc.erl: likewise.
* src/odbc/mysql.sql: Fixed MySQL database creation script: Was
not properly working with all MySQL version.
2006-01-13 Alexey Shchepin <alexey@sevcom.net> 2006-01-13 Alexey Shchepin <alexey@sevcom.net>
* src/ejabberd_service.erl: Bugfix * src/ejabberd_service.erl: Bugfix

10
src/mod_vcard_odbc.erl
View File

@ -131,7 +131,6 @@ process_sm_iq(From, To, #iq{type = Type, sub_el = SubEl} = IQ) ->
end; end;
get -> get ->
#jid{luser = LUser, lserver = LServer} = To, #jid{luser = LUser, lserver = LServer} = To,
US = {LUser, LServer},
Username = ejabberd_odbc:escape(LUser), Username = ejabberd_odbc:escape(LUser),
case catch ejabberd_odbc:sql_query( case catch ejabberd_odbc:sql_query(
LServer, LServer,
@ -186,8 +185,6 @@ set_vcard(User, LServer, VCARD) ->
LOrgName = stringprep:tolower(OrgName), LOrgName = stringprep:tolower(OrgName),
LOrgUnit = stringprep:tolower(OrgUnit), LOrgUnit = stringprep:tolower(OrgUnit),
US = {LUser, LServer},
if if
(LUser == error) or (LUser == error) or
(LFN == error) or (LFN == error) or
@ -559,12 +556,7 @@ make_val(Match, Field, Val) ->
case lists:suffix("*", Val) of case lists:suffix("*", Val) of
true -> true ->
Val1 = lists:sublist(Val, length(Val) - 1), Val1 = lists:sublist(Val, length(Val) - 1),
Val2 = lists:flatten([case C of SVal = ejabberd_odbc:escape_like(Val1) ++ "%",
$_ -> "\\_";
$% -> "\\%";
_ -> C
end || C <- Val1]),
SVal = ejabberd_odbc:escape(Val2 ++ "%"),
[Field, " LIKE '", SVal, "'"]; [Field, " LIKE '", SVal, "'"];
_ -> _ ->
SVal = ejabberd_odbc:escape(Val), SVal = ejabberd_odbc:escape(Val),

38
src/odbc/ejabberd_odbc.erl
View File

@ -17,7 +17,8 @@
sql_query/2, sql_query/2,
sql_query_t/1, sql_query_t/1,
sql_transaction/2, sql_transaction/2,
escape/1]). escape/1,
escape_like/1]).
%% gen_server callbacks %% gen_server callbacks
-export([init/1, -export([init/1,
@ -84,20 +85,27 @@ sql_query_t(Query) ->
QRes QRes
end. end.
escape(S) -> %% Escape character that will confuse an SQL engine
[case C of escape(S) when is_list(S) ->
$\0 -> "\\0"; [escape(C) || C <- S];
$\n -> "\\n"; escape($\0) -> "\\0";
$\t -> "\\t"; escape($\n) -> "\\n";
$\b -> "\\b"; escape($\t) -> "\\t";
$\r -> "\\r"; escape($\b) -> "\\b";
$' -> "\\'"; escape($\r) -> "\\r";
$" -> "\\\""; escape($') -> "\\'";
$% -> "\\%"; escape($") -> "\\\"";
$_ -> "\\_"; escape($\\) -> "\\\\";
$\\ -> "\\\\"; escape(C) -> C.
_ -> C
end || C <- S]. %% Escape character that will confuse an SQL engine
%% Percent and underscore only need to be escaped for pattern matching like
%% statement
escape_like(S) when is_list(S) ->
[escape_like(C) || C <- S];
escape_like($%) -> "\\%";
escape_like($_) -> "\\_";
escape_like(C) -> escape(C).
%%%---------------------------------------------------------------------- %%%----------------------------------------------------------------------

35
src/odbc/mysql.sql
View File

@ -1,14 +1,16 @@
-- Needs MySQL max with innodb back-end
CREATE TABLE users ( CREATE TABLE users (
username varchar(250) PRIMARY KEY, username varchar(250) PRIMARY KEY,
password text NOT NULL password text NOT NULL
); ) TYPE=InnoDB CHARACTER SET utf8;
CREATE TABLE last ( CREATE TABLE last (
username varchar(250) PRIMARY KEY, username varchar(250) PRIMARY KEY,
seconds text NOT NULL, seconds text NOT NULL,
state text state text
); ) TYPE=InnoDB CHARACTER SET utf8;
CREATE TABLE rosterusers ( CREATE TABLE rosterusers (
@ -20,32 +22,35 @@ CREATE TABLE rosterusers (
server character(1) NOT NULL, server character(1) NOT NULL,
subscribe text, subscribe text,
type text type text
); ) TYPE=InnoDB CHARACTER SET utf8;
CREATE UNIQUE INDEX i_rosteru_user_jid USING BTREE ON rosterusers(username, jid); CREATE UNIQUE INDEX i_rosteru_user_jid USING HASH ON rosterusers(username(75), jid(75));
CREATE INDEX i_rosteru_username USING BTREE ON rosterusers(username); CREATE INDEX i_rosteru_username USING HASH ON rosterusers(username);
CREATE INDEX i_rosteru_jid USING BTREE ON rosterusers(jid); CREATE INDEX i_rosteru_jid USING HASH ON rosterusers(jid);
CREATE TABLE rostergroups ( CREATE TABLE rostergroups (
username varchar(250) NOT NULL, username varchar(250) NOT NULL,
jid varchar(250) NOT NULL, jid varchar(250) NOT NULL,
grp text NOT NULL grp text NOT NULL
); ) TYPE=InnoDB CHARACTER SET utf8;
CREATE INDEX pk_rosterg_user_jid USING HASH ON rostergroups(username(75), jid(75));
CREATE INDEX pk_rosterg_user_jid USING BTREE ON rostergroups(username, jid);
CREATE TABLE spool ( CREATE TABLE spool (
username varchar(250) NOT NULL, username varchar(250) NOT NULL,
xml text, xml text,
seq SERIAL seq SERIAL
); ) TYPE=InnoDB CHARACTER SET utf8;
CREATE INDEX i_despool USING BTREE ON spool(username); CREATE INDEX i_despool USING BTREE ON spool(username);
CREATE TABLE vcard ( CREATE TABLE vcard (
username varchar(250) PRIMARY KEY, username varchar(250) PRIMARY KEY,
vcard text NOT NULL vcard text NOT NULL
); ) TYPE=InnoDB CHARACTER SET utf8;
CREATE TABLE vcard_search ( CREATE TABLE vcard_search (
username varchar(250) NOT NULL, username varchar(250) NOT NULL,
@ -72,7 +77,7 @@ CREATE TABLE vcard_search (
lorgname varchar(250) NOT NULL, lorgname varchar(250) NOT NULL,
orgunit text NOT NULL, orgunit text NOT NULL,
lorgunit varchar(250) NOT NULL lorgunit varchar(250) NOT NULL
); ) TYPE=InnoDB CHARACTER SET utf8;
CREATE INDEX i_vcard_search_lfn ON vcard_search(lfn); CREATE INDEX i_vcard_search_lfn ON vcard_search(lfn);
CREATE INDEX i_vcard_search_lfamily ON vcard_search(lfamily); CREATE INDEX i_vcard_search_lfamily ON vcard_search(lfamily);
@ -86,11 +91,3 @@ CREATE INDEX i_vcard_search_lemail ON vcard_search(lemail);
CREATE INDEX i_vcard_search_lorgname ON vcard_search(lorgname); CREATE INDEX i_vcard_search_lorgname ON vcard_search(lorgname);
CREATE INDEX i_vcard_search_lorgunit ON vcard_search(lorgunit); CREATE INDEX i_vcard_search_lorgunit ON vcard_search(lorgunit);
-- Needs MySQL max with innodb back-end
ALTER TABLE users ENGINE = InnoDB;
ALTER TABLE rosterusers ENGINE = InnoDB;
ALTER TABLE rostergroups ENGINE = InnoDB;
ALTER TABLE last ENGINE = InnoDB;
ALTER TABLE vcard ENGINE = InnoDB;
ALTER TABLE vcard_search ENGINE = InnoDB;
ALTER TABLE spool ENGINE = InnoDB;