Chapril/xmpp.chapril.org-ejabberd
26
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-12-26 17:38:45 +01:00
Code Releases Activity

Fix use of like parameter in sql pubsub's requests

Browse Source
This commit is contained in:
Christophe Romain 2016-07-05 15:43:59 +02:00
parent 8e04a7ef4d
commit e300f8095d
2 changed files with 34 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/node_flat_sql.erl
View File

@ -365,21 +365,22 @@ get_entity_subscriptions(Host, Owner) ->
H = encode_host(Host),
SJ = encode_jid(SubKey),
GJ = encode_jid(GenKey),
GJLike = <<(encode_jid_like(GenKey))/binary, "%">>,
GJLike = <<(encode_jid_like(GenKey))/binary, "/%">>,
Query =
case SubKey of
GenKey ->
?SQL("select @(node)s, @(type)s, @(i.nodeid)d,"
" @(jid)s, @(subscriptions)s "
"from pubsub_state i, pubsub_node n "
"where i.nodeid = n.nodeid and jid like %(GJLike)s"
" escape '^' and host=%(H)s");
"where i.nodeid = n.nodeid and "
"(jid=%(GJ)s or jid like %(GJLike)s escape '^')"
" and host=%(H)s");
_ ->
?SQL("select @(node)s, @(type)s, @(i.nodeid)d,"
" @(jid)s, @(subscriptions)s "
"from pubsub_state i, pubsub_node n "
"where i.nodeid = n.nodeid and jid in"
" (%(SJ)s, %(GJ)s) and host=%(H)s")
"where i.nodeid = n.nodeid and"
" jid in (%(SJ)s, %(GJ)s) and host=%(H)s")
end,
Reply = case catch ejabberd_sql:sql_query_t(Query) of
{selected, RItems} ->
@ -423,8 +424,9 @@ get_entity_subscriptions_for_send_last(Host, Owner) ->
" @(jid)s, @(subscriptions)s "
"from pubsub_state i, pubsub_node n, pubsub_node_option o "
"where i.nodeid = n.nodeid and n.nodeid = o.nodeid and name='send_last_published_item' "
"and val='on_sub_and_presence' and jid like %(GJLike)s"
" escape '^' and host=%(H)s");
"and val='on_sub_and_presence' and "
"(jid=%(GJ)s or jid like %(GJLike)s escape '^')"
" and host=%(H)s");
_ ->
?SQL("select @(node)s, @(type)s, @(i.nodeid)d,"
" @(jid)s, @(subscriptions)s "
@ -912,11 +914,12 @@ first_in_list(Pred, [H | T]) ->
end.
itemids(Nidx, {_U, _S, _R} = JID) ->
SJID = <<(ejabberd_sql:escape(encode_jid_like(JID)))/binary, "%">>,
SJID = <<(ejabberd_sql:escape(encode_jid_like(JID)))/binary, "/%">>,
case catch
ejabberd_sql:sql_query_t(
?SQL("select @(itemid)s from pubsub_item where "
"nodeid=%(Nidx)d and publisher like %(SJID)s escape '^' "
"nodeid=%(Nidx)d and (publisher=%(JID)s"
" or publisher like %(SJID)s escape '^') "
"order by modification desc"))
of
{selected, RItems} ->

36
src/nodetree_tree_sql.erl
View File

@ -191,18 +191,25 @@ get_subnodes_tree(Host, Node, _From) ->
get_subnodes_tree(Host, Node).
get_subnodes_tree(Host, Node) ->
H = node_flat_sql:encode_host(Host),
N = <<(ejabberd_sql:escape_like_arg_circumflex(Node))/binary, "%">>,
case catch
ejabberd_sql:sql_query_t(
?SQL("select @(node)s, @(parent)s, @(type)s, @(nodeid)d from "
"pubsub_node where host=%(H)s"
" and node like %(N)s escape '^'"))
of
{selected, RItems} ->
[raw_to_node(Host, Item) || Item <- RItems];
_ ->
[]
case get_node(Host, Node) of
{error, _} ->
[];
Rec ->
H = node_flat_sql:encode_host(Host),
N = <<(ejabberd_sql:escape_like_arg_circumflex(Node))/binary, "/%">>,
Sub = case catch
ejabberd_sql:sql_query_t(
?SQL("select @(node)s, @(parent)s, @(type)s, @(nodeid)d from "
"pubsub_node where host=%(H)s"
" and node like %(N)s escape '^'"
" and type='hometree'"))
of
{selected, RItems} ->
[raw_to_node(Host, Item) || Item <- RItems];
_ ->
[]
end,
[Rec|Sub]
end.
create_node(Host, Node, Type, Owner, Options, Parents) ->
@ -252,11 +259,12 @@ create_node(Host, Node, Type, Owner, Options, Parents) ->
delete_node(Host, Node) ->
H = node_flat_sql:encode_host(Host),
N = <<(ejabberd_sql:escape_like_arg_circumflex(Node))/binary, "%">>,
N = <<(ejabberd_sql:escape_like_arg_circumflex(Node))/binary, "/%">>,
Removed = get_subnodes_tree(Host, Node),
catch ejabberd_sql:sql_query_t(
?SQL("delete from pubsub_node where host=%(H)s"
" and node like %(N)s escape '^'")),
" and (node=%(Node)s"
" or (type = 'hometree' and node like %(N)s escape '^'))")),
Removed.
%% helpers