Chapril/xmpp.chapril.org-ejabberd
26
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-12-26 17:38:45 +01:00
Code Releases Activity

Fix use of like parameter in sql pubsub's requests

Browse Source
This commit is contained in:
Christophe Romain 2016-07-05 15:43:59 +02:00
parent 8e04a7ef4d
commit e300f8095d
2 changed files with 34 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/node_flat_sql.erl
View File

@ -365,21 +365,22 @@ get_entity_subscriptions(Host, Owner) ->
H = encode_host(Host), H = encode_host(Host),
SJ = encode_jid(SubKey), SJ = encode_jid(SubKey),
GJ = encode_jid(GenKey), GJ = encode_jid(GenKey),
GJLike = <<(encode_jid_like(GenKey))/binary, "%">>, GJLike = <<(encode_jid_like(GenKey))/binary, "/%">>,
Query = Query =
case SubKey of case SubKey of
GenKey -> GenKey ->
?SQL("select @(node)s, @(type)s, @(i.nodeid)d," ?SQL("select @(node)s, @(type)s, @(i.nodeid)d,"
" @(jid)s, @(subscriptions)s " " @(jid)s, @(subscriptions)s "
"from pubsub_state i, pubsub_node n " "from pubsub_state i, pubsub_node n "
"where i.nodeid = n.nodeid and jid like %(GJLike)s" "where i.nodeid = n.nodeid and "
" escape '^' and host=%(H)s"); "(jid=%(GJ)s or jid like %(GJLike)s escape '^')"
" and host=%(H)s");
_ -> _ ->
?SQL("select @(node)s, @(type)s, @(i.nodeid)d," ?SQL("select @(node)s, @(type)s, @(i.nodeid)d,"
" @(jid)s, @(subscriptions)s " " @(jid)s, @(subscriptions)s "
"from pubsub_state i, pubsub_node n " "from pubsub_state i, pubsub_node n "
"where i.nodeid = n.nodeid and jid in" "where i.nodeid = n.nodeid and"
" (%(SJ)s, %(GJ)s) and host=%(H)s") " jid in (%(SJ)s, %(GJ)s) and host=%(H)s")
end, end,
Reply = case catch ejabberd_sql:sql_query_t(Query) of Reply = case catch ejabberd_sql:sql_query_t(Query) of
{selected, RItems} -> {selected, RItems} ->
@ -423,8 +424,9 @@ get_entity_subscriptions_for_send_last(Host, Owner) ->
" @(jid)s, @(subscriptions)s " " @(jid)s, @(subscriptions)s "
"from pubsub_state i, pubsub_node n, pubsub_node_option o " "from pubsub_state i, pubsub_node n, pubsub_node_option o "
"where i.nodeid = n.nodeid and n.nodeid = o.nodeid and name='send_last_published_item' " "where i.nodeid = n.nodeid and n.nodeid = o.nodeid and name='send_last_published_item' "
"and val='on_sub_and_presence' and jid like %(GJLike)s" "and val='on_sub_and_presence' and "
" escape '^' and host=%(H)s"); "(jid=%(GJ)s or jid like %(GJLike)s escape '^')"
" and host=%(H)s");
_ -> _ ->
?SQL("select @(node)s, @(type)s, @(i.nodeid)d," ?SQL("select @(node)s, @(type)s, @(i.nodeid)d,"
" @(jid)s, @(subscriptions)s " " @(jid)s, @(subscriptions)s "
@ -912,11 +914,12 @@ first_in_list(Pred, [H | T]) ->
end. end.
itemids(Nidx, {_U, _S, _R} = JID) -> itemids(Nidx, {_U, _S, _R} = JID) ->
SJID = <<(ejabberd_sql:escape(encode_jid_like(JID)))/binary, "%">>, SJID = <<(ejabberd_sql:escape(encode_jid_like(JID)))/binary, "/%">>,
case catch case catch
ejabberd_sql:sql_query_t( ejabberd_sql:sql_query_t(
?SQL("select @(itemid)s from pubsub_item where " ?SQL("select @(itemid)s from pubsub_item where "
"nodeid=%(Nidx)d and publisher like %(SJID)s escape '^' " "nodeid=%(Nidx)d and (publisher=%(JID)s"
" or publisher like %(SJID)s escape '^') "
"order by modification desc")) "order by modification desc"))
of of
{selected, RItems} -> {selected, RItems} ->

36
src/nodetree_tree_sql.erl
View File

@ -191,18 +191,25 @@ get_subnodes_tree(Host, Node, _From) ->
get_subnodes_tree(Host, Node). get_subnodes_tree(Host, Node).
get_subnodes_tree(Host, Node) -> get_subnodes_tree(Host, Node) ->
H = node_flat_sql:encode_host(Host), case get_node(Host, Node) of
N = <<(ejabberd_sql:escape_like_arg_circumflex(Node))/binary, "%">>, {error, _} ->
case catch [];
ejabberd_sql:sql_query_t( Rec ->
?SQL("select @(node)s, @(parent)s, @(type)s, @(nodeid)d from " H = node_flat_sql:encode_host(Host),
"pubsub_node where host=%(H)s" N = <<(ejabberd_sql:escape_like_arg_circumflex(Node))/binary, "/%">>,
" and node like %(N)s escape '^'")) Sub = case catch
of ejabberd_sql:sql_query_t(
{selected, RItems} -> ?SQL("select @(node)s, @(parent)s, @(type)s, @(nodeid)d from "
[raw_to_node(Host, Item) || Item <- RItems]; "pubsub_node where host=%(H)s"
_ -> " and node like %(N)s escape '^'"
[] " and type='hometree'"))
of
{selected, RItems} ->
[raw_to_node(Host, Item) || Item <- RItems];
_ ->
[]
end,
[Rec|Sub]
end. end.
create_node(Host, Node, Type, Owner, Options, Parents) -> create_node(Host, Node, Type, Owner, Options, Parents) ->
@ -252,11 +259,12 @@ create_node(Host, Node, Type, Owner, Options, Parents) ->
delete_node(Host, Node) -> delete_node(Host, Node) ->
H = node_flat_sql:encode_host(Host), H = node_flat_sql:encode_host(Host),
N = <<(ejabberd_sql:escape_like_arg_circumflex(Node))/binary, "%">>, N = <<(ejabberd_sql:escape_like_arg_circumflex(Node))/binary, "/%">>,
Removed = get_subnodes_tree(Host, Node), Removed = get_subnodes_tree(Host, Node),
catch ejabberd_sql:sql_query_t( catch ejabberd_sql:sql_query_t(
?SQL("delete from pubsub_node where host=%(H)s" ?SQL("delete from pubsub_node where host=%(H)s"
" and node like %(N)s escape '^'")), " and (node=%(Node)s"
" or (type = 'hometree' and node like %(N)s escape '^'))")),
Removed. Removed.
%% helpers %% helpers