2012-04-29 13:15:06 -04:00
|
|
|
<?php
|
|
|
|
/**
|
2016-07-11 05:58:15 -04:00
|
|
|
* PrivateBin
|
2012-04-29 13:15:06 -04:00
|
|
|
*
|
|
|
|
* a zero-knowledge paste bin
|
|
|
|
*
|
2016-07-11 05:58:15 -04:00
|
|
|
* @link https://github.com/PrivateBin/PrivateBin
|
2012-04-29 13:15:06 -04:00
|
|
|
* @copyright 2012 Sébastien SAUVAGE (sebsauvage.net)
|
2016-07-19 07:56:52 -04:00
|
|
|
* @license https://www.opensource.org/licenses/zlib-license.php The zlib/libpng License
|
2016-12-26 06:13:50 -05:00
|
|
|
* @version 1.1
|
2012-04-29 13:15:06 -04:00
|
|
|
*/
|
2016-12-12 12:43:23 -05:00
|
|
|
|
2016-12-12 12:49:08 -05:00
|
|
|
namespace PrivateBin\Data;
|
2016-07-21 11:09:48 -04:00
|
|
|
|
|
|
|
use Exception;
|
|
|
|
use PDO;
|
|
|
|
use PDOException;
|
2016-10-29 04:24:08 -04:00
|
|
|
use PrivateBin\PrivateBin;
|
2016-07-21 11:09:48 -04:00
|
|
|
use stdClass;
|
|
|
|
|
2012-04-29 13:15:06 -04:00
|
|
|
/**
|
2016-08-09 05:54:42 -04:00
|
|
|
* Database
|
2012-04-29 13:15:06 -04:00
|
|
|
*
|
2016-08-09 05:54:42 -04:00
|
|
|
* Model for database access, implemented as a singleton.
|
2012-04-29 13:15:06 -04:00
|
|
|
*/
|
2016-08-09 05:54:42 -04:00
|
|
|
class Database extends AbstractData
|
2012-04-29 13:15:06 -04:00
|
|
|
{
|
2015-08-16 09:55:31 -04:00
|
|
|
/**
|
|
|
|
* cache for select queries
|
|
|
|
*
|
|
|
|
* @var array
|
2012-05-19 17:59:41 -04:00
|
|
|
*/
|
|
|
|
private static $_cache = array();
|
|
|
|
|
2015-08-16 09:55:31 -04:00
|
|
|
/**
|
|
|
|
* instance of database connection
|
|
|
|
*
|
2012-04-29 13:15:06 -04:00
|
|
|
* @access private
|
|
|
|
* @static
|
2015-08-16 09:55:31 -04:00
|
|
|
* @var PDO
|
2012-04-29 13:15:06 -04:00
|
|
|
*/
|
|
|
|
private static $_db;
|
|
|
|
|
2015-08-16 09:55:31 -04:00
|
|
|
/**
|
|
|
|
* table prefix
|
|
|
|
*
|
2012-05-19 17:59:41 -04:00
|
|
|
* @access private
|
|
|
|
* @static
|
2015-08-16 09:55:31 -04:00
|
|
|
* @var string
|
2012-05-19 17:59:41 -04:00
|
|
|
*/
|
|
|
|
private static $_prefix = '';
|
|
|
|
|
2015-08-16 09:55:31 -04:00
|
|
|
/**
|
|
|
|
* database type
|
|
|
|
*
|
2012-05-19 17:59:41 -04:00
|
|
|
* @access private
|
|
|
|
* @static
|
2015-08-16 09:55:31 -04:00
|
|
|
* @var string
|
2012-05-19 17:59:41 -04:00
|
|
|
*/
|
|
|
|
private static $_type = '';
|
|
|
|
|
2012-04-29 13:15:06 -04:00
|
|
|
/**
|
|
|
|
* get instance of singleton
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @static
|
2015-08-16 09:55:31 -04:00
|
|
|
* @param array $options
|
2012-05-19 17:59:41 -04:00
|
|
|
* @throws Exception
|
2016-08-09 05:54:42 -04:00
|
|
|
* @return Database
|
2012-04-29 13:15:06 -04:00
|
|
|
*/
|
2012-05-19 17:59:41 -04:00
|
|
|
public static function getInstance($options = null)
|
2012-04-29 13:15:06 -04:00
|
|
|
{
|
|
|
|
// if needed initialize the singleton
|
2016-08-15 10:45:47 -04:00
|
|
|
if (!(self::$_instance instanceof self)) {
|
2012-08-25 18:49:11 -04:00
|
|
|
self::$_instance = new self;
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
2012-05-19 17:59:41 -04:00
|
|
|
|
2016-07-26 02:19:35 -04:00
|
|
|
if (is_array($options)) {
|
2012-05-19 17:59:41 -04:00
|
|
|
// set table prefix if given
|
2016-07-26 02:19:35 -04:00
|
|
|
if (array_key_exists('tbl', $options)) {
|
|
|
|
self::$_prefix = $options['tbl'];
|
|
|
|
}
|
2012-05-19 17:59:41 -04:00
|
|
|
|
|
|
|
// initialize the db connection with new options
|
|
|
|
if (
|
|
|
|
array_key_exists('dsn', $options) &&
|
|
|
|
array_key_exists('usr', $options) &&
|
|
|
|
array_key_exists('pwd', $options) &&
|
|
|
|
array_key_exists('opt', $options)
|
2016-07-26 02:19:35 -04:00
|
|
|
) {
|
2015-10-16 17:13:36 -04:00
|
|
|
// set default options
|
2016-08-15 10:45:47 -04:00
|
|
|
$options['opt'][PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION;
|
2015-10-16 17:13:36 -04:00
|
|
|
$options['opt'][PDO::ATTR_EMULATE_PREPARES] = false;
|
2016-08-15 10:45:47 -04:00
|
|
|
$options['opt'][PDO::ATTR_PERSISTENT] = true;
|
|
|
|
$db_tables_exist = true;
|
2015-10-16 17:13:36 -04:00
|
|
|
|
2015-11-01 11:02:20 -05:00
|
|
|
// setup type and dabase connection
|
2012-05-19 17:59:41 -04:00
|
|
|
self::$_type = strtolower(
|
|
|
|
substr($options['dsn'], 0, strpos($options['dsn'], ':'))
|
|
|
|
);
|
2015-11-01 11:02:20 -05:00
|
|
|
$tableQuery = self::_getTableQuery(self::$_type);
|
2016-08-15 10:45:47 -04:00
|
|
|
self::$_db = new PDO(
|
2015-08-27 15:41:21 -04:00
|
|
|
$options['dsn'],
|
|
|
|
$options['usr'],
|
|
|
|
$options['pwd'],
|
|
|
|
$options['opt']
|
|
|
|
);
|
2012-05-19 17:59:41 -04:00
|
|
|
|
2015-11-01 11:02:20 -05:00
|
|
|
// check if the database contains the required tables
|
|
|
|
$tables = self::$_db->query($tableQuery)->fetchAll(PDO::FETCH_COLUMN, 0);
|
|
|
|
|
|
|
|
// create paste table if necessary
|
2016-07-26 02:19:35 -04:00
|
|
|
if (!in_array(self::_sanitizeIdentifier('paste'), $tables)) {
|
2015-11-01 11:02:20 -05:00
|
|
|
self::_createPasteTable();
|
|
|
|
$db_tables_exist = false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// create comment table if necessary
|
2016-07-26 02:19:35 -04:00
|
|
|
if (!in_array(self::_sanitizeIdentifier('comment'), $tables)) {
|
2015-11-01 11:02:20 -05:00
|
|
|
self::_createCommentTable();
|
|
|
|
$db_tables_exist = false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// create config table if necessary
|
2016-08-09 05:54:42 -04:00
|
|
|
$db_version = PrivateBin::VERSION;
|
2016-07-26 02:19:35 -04:00
|
|
|
if (!in_array(self::_sanitizeIdentifier('config'), $tables)) {
|
2015-11-01 11:02:20 -05:00
|
|
|
self::_createConfigTable();
|
|
|
|
// if we only needed to create the config table, the DB is older then 0.22
|
2016-07-26 02:19:35 -04:00
|
|
|
if ($db_tables_exist) {
|
|
|
|
$db_version = '0.21';
|
|
|
|
}
|
|
|
|
} else {
|
2015-11-01 11:02:20 -05:00
|
|
|
$db_version = self::_getConfig('VERSION');
|
2015-09-21 16:32:52 -04:00
|
|
|
}
|
2012-05-19 17:59:41 -04:00
|
|
|
|
2015-11-01 11:02:20 -05:00
|
|
|
// update database structure if necessary
|
2016-08-09 05:54:42 -04:00
|
|
|
if (version_compare($db_version, PrivateBin::VERSION, '<')) {
|
2015-11-01 11:02:20 -05:00
|
|
|
self::_upgradeDatabase($db_version);
|
2012-05-19 17:59:41 -04:00
|
|
|
}
|
2016-07-26 02:19:35 -04:00
|
|
|
} else {
|
2016-07-13 03:41:45 -04:00
|
|
|
throw new Exception(
|
|
|
|
'Missing configuration for key dsn, usr, pwd or opt in the section model_options, please check your configuration file', 6
|
|
|
|
);
|
|
|
|
}
|
2012-05-19 17:59:41 -04:00
|
|
|
}
|
|
|
|
|
2015-10-03 09:52:37 -04:00
|
|
|
return self::$_instance;
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a paste.
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @param string $pasteid
|
|
|
|
* @param array $paste
|
2012-05-19 17:59:41 -04:00
|
|
|
* @return bool
|
2012-04-29 13:15:06 -04:00
|
|
|
*/
|
|
|
|
public function create($pasteid, $paste)
|
|
|
|
{
|
2013-02-24 11:41:32 -05:00
|
|
|
if (
|
2015-09-21 16:32:52 -04:00
|
|
|
array_key_exists($pasteid, self::$_cache)
|
2012-08-25 18:49:11 -04:00
|
|
|
) {
|
2016-07-26 02:19:35 -04:00
|
|
|
if (false !== self::$_cache[$pasteid]) {
|
2012-08-25 18:49:11 -04:00
|
|
|
return false;
|
|
|
|
} else {
|
|
|
|
unset(self::$_cache[$pasteid]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-09-21 16:32:52 -04:00
|
|
|
$opendiscussion = $burnafterreading = false;
|
2016-08-15 10:45:47 -04:00
|
|
|
$attachment = $attachmentname = '';
|
|
|
|
$meta = $paste['meta'];
|
2015-09-21 16:32:52 -04:00
|
|
|
unset($meta['postdate']);
|
2015-09-26 21:03:55 -04:00
|
|
|
$expire_date = 0;
|
2016-07-26 02:19:35 -04:00
|
|
|
if (array_key_exists('expire_date', $paste['meta'])) {
|
2015-09-26 21:03:55 -04:00
|
|
|
$expire_date = (int) $paste['meta']['expire_date'];
|
|
|
|
unset($meta['expire_date']);
|
|
|
|
}
|
2016-07-26 02:19:35 -04:00
|
|
|
if (array_key_exists('opendiscussion', $paste['meta'])) {
|
2015-09-21 16:32:52 -04:00
|
|
|
$opendiscussion = (bool) $paste['meta']['opendiscussion'];
|
|
|
|
unset($meta['opendiscussion']);
|
|
|
|
}
|
2016-07-26 02:19:35 -04:00
|
|
|
if (array_key_exists('burnafterreading', $paste['meta'])) {
|
2015-09-21 16:32:52 -04:00
|
|
|
$burnafterreading = (bool) $paste['meta']['burnafterreading'];
|
|
|
|
unset($meta['burnafterreading']);
|
|
|
|
}
|
2016-07-26 02:19:35 -04:00
|
|
|
if (array_key_exists('attachment', $paste['meta'])) {
|
2015-11-01 11:02:20 -05:00
|
|
|
$attachment = $paste['meta']['attachment'];
|
|
|
|
unset($meta['attachment']);
|
|
|
|
}
|
2016-07-26 02:19:35 -04:00
|
|
|
if (array_key_exists('attachmentname', $paste['meta'])) {
|
2015-11-01 11:02:20 -05:00
|
|
|
$attachmentname = $paste['meta']['attachmentname'];
|
|
|
|
unset($meta['attachmentname']);
|
|
|
|
}
|
2012-05-19 17:59:41 -04:00
|
|
|
return self::_exec(
|
2016-07-11 08:15:20 -04:00
|
|
|
'INSERT INTO ' . self::_sanitizeIdentifier('paste') .
|
|
|
|
' VALUES(?,?,?,?,?,?,?,?,?)',
|
2012-05-19 17:59:41 -04:00
|
|
|
array(
|
|
|
|
$pasteid,
|
|
|
|
$paste['data'],
|
|
|
|
$paste['meta']['postdate'],
|
2015-09-26 21:03:55 -04:00
|
|
|
$expire_date,
|
2015-09-21 16:32:52 -04:00
|
|
|
(int) $opendiscussion,
|
|
|
|
(int) $burnafterreading,
|
|
|
|
json_encode($meta),
|
2015-11-01 11:02:20 -05:00
|
|
|
$attachment,
|
|
|
|
$attachmentname,
|
2012-05-19 17:59:41 -04:00
|
|
|
)
|
|
|
|
);
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Read a paste.
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @param string $pasteid
|
2012-08-25 18:49:11 -04:00
|
|
|
* @return stdClass|false
|
2012-04-29 13:15:06 -04:00
|
|
|
*/
|
|
|
|
public function read($pasteid)
|
|
|
|
{
|
2012-05-19 17:59:41 -04:00
|
|
|
if (
|
|
|
|
!array_key_exists($pasteid, self::$_cache)
|
2012-08-25 18:49:11 -04:00
|
|
|
) {
|
|
|
|
self::$_cache[$pasteid] = false;
|
2016-08-15 10:45:47 -04:00
|
|
|
$paste = self::_select(
|
2016-07-11 08:15:20 -04:00
|
|
|
'SELECT * FROM ' . self::_sanitizeIdentifier('paste') .
|
|
|
|
' WHERE dataid = ?', array($pasteid), true
|
2012-08-25 18:49:11 -04:00
|
|
|
);
|
2012-05-19 17:59:41 -04:00
|
|
|
|
2016-07-26 02:19:35 -04:00
|
|
|
if (false !== $paste) {
|
2012-08-25 18:49:11 -04:00
|
|
|
// create object
|
2016-08-15 10:45:47 -04:00
|
|
|
self::$_cache[$pasteid] = new stdClass;
|
2012-08-25 18:49:11 -04:00
|
|
|
self::$_cache[$pasteid]->data = $paste['data'];
|
2015-09-26 21:03:55 -04:00
|
|
|
|
|
|
|
$meta = json_decode($paste['meta']);
|
2016-07-26 02:19:35 -04:00
|
|
|
if (!is_object($meta)) {
|
|
|
|
$meta = new stdClass;
|
|
|
|
}
|
2015-11-01 11:02:20 -05:00
|
|
|
|
|
|
|
// support older attachments
|
2016-07-26 02:19:35 -04:00
|
|
|
if (property_exists($meta, 'attachment')) {
|
2015-09-26 21:03:55 -04:00
|
|
|
self::$_cache[$pasteid]->attachment = $meta->attachment;
|
|
|
|
unset($meta->attachment);
|
2016-07-26 02:19:35 -04:00
|
|
|
if (property_exists($meta, 'attachmentname')) {
|
2015-09-26 21:03:55 -04:00
|
|
|
self::$_cache[$pasteid]->attachmentname = $meta->attachmentname;
|
|
|
|
unset($meta->attachmentname);
|
|
|
|
}
|
|
|
|
}
|
2015-11-01 11:02:20 -05:00
|
|
|
// support current attachments
|
2016-07-26 02:19:35 -04:00
|
|
|
elseif (array_key_exists('attachment', $paste) && strlen($paste['attachment'])) {
|
2015-11-01 11:02:20 -05:00
|
|
|
self::$_cache[$pasteid]->attachment = $paste['attachment'];
|
2016-07-26 02:19:35 -04:00
|
|
|
if (array_key_exists('attachmentname', $paste) && strlen($paste['attachmentname'])) {
|
2015-11-01 11:02:20 -05:00
|
|
|
self::$_cache[$pasteid]->attachmentname = $paste['attachmentname'];
|
|
|
|
}
|
|
|
|
}
|
2016-08-15 10:45:47 -04:00
|
|
|
self::$_cache[$pasteid]->meta = $meta;
|
2012-08-25 18:49:11 -04:00
|
|
|
self::$_cache[$pasteid]->meta->postdate = (int) $paste['postdate'];
|
2016-08-15 10:45:47 -04:00
|
|
|
$expire_date = (int) $paste['expiredate'];
|
2015-09-26 21:03:55 -04:00
|
|
|
if (
|
|
|
|
$expire_date > 0
|
2016-07-26 02:19:35 -04:00
|
|
|
) {
|
|
|
|
self::$_cache[$pasteid]->meta->expire_date = $expire_date;
|
|
|
|
}
|
2012-08-25 18:49:11 -04:00
|
|
|
if (
|
|
|
|
$paste['opendiscussion']
|
2016-07-26 02:19:35 -04:00
|
|
|
) {
|
|
|
|
self::$_cache[$pasteid]->meta->opendiscussion = true;
|
|
|
|
}
|
2012-08-25 18:49:11 -04:00
|
|
|
if (
|
|
|
|
$paste['burnafterreading']
|
2016-07-26 02:19:35 -04:00
|
|
|
) {
|
|
|
|
self::$_cache[$pasteid]->meta->burnafterreading = true;
|
|
|
|
}
|
2012-08-25 18:49:11 -04:00
|
|
|
}
|
|
|
|
}
|
2012-05-19 17:59:41 -04:00
|
|
|
|
2012-08-25 18:49:11 -04:00
|
|
|
return self::$_cache[$pasteid];
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Delete a paste and its discussion.
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @param string $pasteid
|
|
|
|
*/
|
|
|
|
public function delete($pasteid)
|
|
|
|
{
|
2012-05-19 17:59:41 -04:00
|
|
|
self::_exec(
|
2016-07-11 08:15:20 -04:00
|
|
|
'DELETE FROM ' . self::_sanitizeIdentifier('paste') .
|
|
|
|
' WHERE dataid = ?', array($pasteid)
|
2012-05-19 17:59:41 -04:00
|
|
|
);
|
|
|
|
self::_exec(
|
2016-07-11 08:15:20 -04:00
|
|
|
'DELETE FROM ' . self::_sanitizeIdentifier('comment') .
|
|
|
|
' WHERE pasteid = ?', array($pasteid)
|
2012-05-19 17:59:41 -04:00
|
|
|
);
|
2012-08-25 18:49:11 -04:00
|
|
|
if (
|
2015-08-27 15:41:21 -04:00
|
|
|
array_key_exists($pasteid, self::$_cache)
|
2016-07-26 02:19:35 -04:00
|
|
|
) {
|
|
|
|
unset(self::$_cache[$pasteid]);
|
|
|
|
}
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test if a paste exists.
|
|
|
|
*
|
|
|
|
* @access public
|
2016-07-15 11:02:59 -04:00
|
|
|
* @param string $pasteid
|
2016-08-09 07:07:11 -04:00
|
|
|
* @return bool
|
2012-04-29 13:15:06 -04:00
|
|
|
*/
|
|
|
|
public function exists($pasteid)
|
|
|
|
{
|
2012-05-19 17:59:41 -04:00
|
|
|
if (
|
|
|
|
!array_key_exists($pasteid, self::$_cache)
|
2016-07-26 02:19:35 -04:00
|
|
|
) {
|
|
|
|
self::$_cache[$pasteid] = $this->read($pasteid);
|
|
|
|
}
|
2012-05-19 17:59:41 -04:00
|
|
|
return (bool) self::$_cache[$pasteid];
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a comment in a paste.
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @param string $pasteid
|
|
|
|
* @param string $parentid
|
|
|
|
* @param string $commentid
|
|
|
|
* @param array $comment
|
2016-07-11 09:47:42 -04:00
|
|
|
* @return bool
|
2012-04-29 13:15:06 -04:00
|
|
|
*/
|
|
|
|
public function createComment($pasteid, $parentid, $commentid, $comment)
|
|
|
|
{
|
2016-07-26 02:19:35 -04:00
|
|
|
foreach (array('nickname', 'vizhash') as $key) {
|
|
|
|
if (!array_key_exists($key, $comment['meta'])) {
|
2016-07-18 04:14:38 -04:00
|
|
|
$comment['meta'][$key] = null;
|
|
|
|
}
|
|
|
|
}
|
2012-05-19 17:59:41 -04:00
|
|
|
return self::_exec(
|
2016-07-11 08:15:20 -04:00
|
|
|
'INSERT INTO ' . self::_sanitizeIdentifier('comment') .
|
|
|
|
' VALUES(?,?,?,?,?,?,?)',
|
2012-05-19 17:59:41 -04:00
|
|
|
array(
|
2012-08-25 18:49:11 -04:00
|
|
|
$commentid,
|
2012-05-19 17:59:41 -04:00
|
|
|
$pasteid,
|
|
|
|
$parentid,
|
|
|
|
$comment['data'],
|
|
|
|
$comment['meta']['nickname'],
|
|
|
|
$comment['meta']['vizhash'],
|
|
|
|
$comment['meta']['postdate'],
|
|
|
|
)
|
|
|
|
);
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Read all comments of paste.
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @param string $pasteid
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
public function readComments($pasteid)
|
|
|
|
{
|
2012-05-19 17:59:41 -04:00
|
|
|
$rows = self::_select(
|
2016-07-11 08:15:20 -04:00
|
|
|
'SELECT * FROM ' . self::_sanitizeIdentifier('comment') .
|
|
|
|
' WHERE pasteid = ?', array($pasteid)
|
2012-05-19 17:59:41 -04:00
|
|
|
);
|
|
|
|
|
|
|
|
// create comment list
|
|
|
|
$comments = array();
|
2016-07-26 02:19:35 -04:00
|
|
|
if (count($rows)) {
|
|
|
|
foreach ($rows as $row) {
|
2016-08-15 10:45:47 -04:00
|
|
|
$i = $this->getOpenSlot($comments, (int) $row['postdate']);
|
|
|
|
$comments[$i] = new stdClass;
|
|
|
|
$comments[$i]->id = $row['dataid'];
|
|
|
|
$comments[$i]->parentid = $row['parentid'];
|
|
|
|
$comments[$i]->data = $row['data'];
|
|
|
|
$comments[$i]->meta = new stdClass;
|
2015-10-18 05:38:48 -04:00
|
|
|
$comments[$i]->meta->postdate = (int) $row['postdate'];
|
2017-03-24 19:58:59 -04:00
|
|
|
foreach (array('nickname', 'vizhash') as $key) {
|
|
|
|
if (array_key_exists($key, $row) && !empty($row[$key])) {
|
|
|
|
$comments[$i]->meta->$key = $row[$key];
|
|
|
|
}
|
2016-07-26 02:19:35 -04:00
|
|
|
}
|
2012-05-19 17:59:41 -04:00
|
|
|
}
|
|
|
|
ksort($comments);
|
|
|
|
}
|
|
|
|
return $comments;
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Test if a comment exists.
|
|
|
|
*
|
|
|
|
* @access public
|
2016-07-15 11:02:59 -04:00
|
|
|
* @param string $pasteid
|
2012-04-29 13:15:06 -04:00
|
|
|
* @param string $parentid
|
|
|
|
* @param string $commentid
|
2016-08-09 07:07:11 -04:00
|
|
|
* @return bool
|
2012-04-29 13:15:06 -04:00
|
|
|
*/
|
|
|
|
public function existsComment($pasteid, $parentid, $commentid)
|
|
|
|
{
|
2012-05-19 17:59:41 -04:00
|
|
|
return (bool) self::_select(
|
2016-07-11 08:15:20 -04:00
|
|
|
'SELECT dataid FROM ' . self::_sanitizeIdentifier('comment') .
|
|
|
|
' WHERE pasteid = ? AND parentid = ? AND dataid = ?',
|
2012-05-19 17:59:41 -04:00
|
|
|
array($pasteid, $parentid, $commentid), true
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2016-07-15 11:02:59 -04:00
|
|
|
/**
|
|
|
|
* Returns up to batch size number of paste ids that have expired
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @param int $batchsize
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
protected function _getExpiredPastes($batchsize)
|
|
|
|
{
|
|
|
|
$pastes = array();
|
2016-08-15 10:45:47 -04:00
|
|
|
$rows = self::_select(
|
2016-07-15 11:02:59 -04:00
|
|
|
'SELECT dataid FROM ' . self::_sanitizeIdentifier('paste') .
|
2016-12-25 06:15:29 -05:00
|
|
|
' WHERE expiredate < ? AND expiredate != ? LIMIT ?', array(time(), 0, $batchsize)
|
2016-07-15 11:02:59 -04:00
|
|
|
);
|
2016-07-26 02:19:35 -04:00
|
|
|
if (count($rows)) {
|
|
|
|
foreach ($rows as $row) {
|
2016-07-15 11:02:59 -04:00
|
|
|
$pastes[] = $row['dataid'];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return $pastes;
|
|
|
|
}
|
|
|
|
|
2012-05-19 17:59:41 -04:00
|
|
|
/**
|
|
|
|
* execute a statement
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @static
|
|
|
|
* @param string $sql
|
|
|
|
* @param array $params
|
|
|
|
* @throws PDOException
|
2016-07-11 09:47:42 -04:00
|
|
|
* @return bool
|
2012-05-19 17:59:41 -04:00
|
|
|
*/
|
|
|
|
private static function _exec($sql, array $params)
|
|
|
|
{
|
|
|
|
$statement = self::$_db->prepare($sql);
|
2016-08-15 10:45:47 -04:00
|
|
|
$result = $statement->execute($params);
|
2012-05-19 17:59:41 -04:00
|
|
|
$statement->closeCursor();
|
|
|
|
return $result;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* run a select statement
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @static
|
|
|
|
* @param string $sql
|
|
|
|
* @param array $params
|
|
|
|
* @param bool $firstOnly if only the first row should be returned
|
|
|
|
* @throws PDOException
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
private static function _select($sql, array $params, $firstOnly = false)
|
|
|
|
{
|
|
|
|
$statement = self::$_db->prepare($sql);
|
|
|
|
$statement->execute($params);
|
|
|
|
$result = $firstOnly ?
|
|
|
|
$statement->fetch(PDO::FETCH_ASSOC) :
|
|
|
|
$statement->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
$statement->closeCursor();
|
|
|
|
return $result;
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|
2015-11-01 11:02:20 -05:00
|
|
|
|
|
|
|
/**
|
|
|
|
* get table list query, depending on the database type
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @static
|
|
|
|
* @param string $type
|
|
|
|
* @throws Exception
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
private static function _getTableQuery($type)
|
|
|
|
{
|
2016-07-26 02:19:35 -04:00
|
|
|
switch ($type) {
|
2015-11-01 11:02:20 -05:00
|
|
|
case 'ibm':
|
|
|
|
$sql = 'SELECT tabname FROM SYSCAT.TABLES ';
|
|
|
|
break;
|
|
|
|
case 'informix':
|
|
|
|
$sql = 'SELECT tabname FROM systables ';
|
|
|
|
break;
|
|
|
|
case 'mssql':
|
2016-08-15 10:45:47 -04:00
|
|
|
$sql = 'SELECT name FROM sysobjects '
|
2015-11-01 11:02:20 -05:00
|
|
|
. "WHERE type = 'U' ORDER BY name";
|
|
|
|
break;
|
|
|
|
case 'mysql':
|
|
|
|
$sql = 'SHOW TABLES';
|
|
|
|
break;
|
|
|
|
case 'oci':
|
|
|
|
$sql = 'SELECT table_name FROM all_tables';
|
|
|
|
break;
|
|
|
|
case 'pgsql':
|
2016-08-15 10:45:47 -04:00
|
|
|
$sql = 'SELECT c.relname AS table_name '
|
|
|
|
. 'FROM pg_class c, pg_user u '
|
2015-11-01 11:02:20 -05:00
|
|
|
. "WHERE c.relowner = u.usesysid AND c.relkind = 'r' "
|
2016-08-15 10:45:47 -04:00
|
|
|
. 'AND NOT EXISTS (SELECT 1 FROM pg_views WHERE viewname = c.relname) '
|
2015-11-01 11:02:20 -05:00
|
|
|
. "AND c.relname !~ '^(pg_|sql_)' "
|
2016-08-15 10:45:47 -04:00
|
|
|
. 'UNION '
|
|
|
|
. 'SELECT c.relname AS table_name '
|
|
|
|
. 'FROM pg_class c '
|
2015-11-01 11:02:20 -05:00
|
|
|
. "WHERE c.relkind = 'r' "
|
2016-08-15 10:45:47 -04:00
|
|
|
. 'AND NOT EXISTS (SELECT 1 FROM pg_views WHERE viewname = c.relname) '
|
|
|
|
. 'AND NOT EXISTS (SELECT 1 FROM pg_user WHERE usesysid = c.relowner) '
|
2015-11-01 11:02:20 -05:00
|
|
|
. "AND c.relname !~ '^pg_'";
|
|
|
|
break;
|
|
|
|
case 'sqlite':
|
|
|
|
$sql = "SELECT name FROM sqlite_master WHERE type='table' "
|
2016-08-15 10:45:47 -04:00
|
|
|
. 'UNION ALL SELECT name FROM sqlite_temp_master '
|
2015-11-01 11:02:20 -05:00
|
|
|
. "WHERE type='table' ORDER BY name";
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
throw new Exception(
|
|
|
|
"PDO type $type is currently not supported.", 5
|
|
|
|
);
|
|
|
|
}
|
|
|
|
return $sql;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get a value by key from the config table
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @static
|
|
|
|
* @param string $key
|
|
|
|
* @throws PDOException
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
private static function _getConfig($key)
|
|
|
|
{
|
|
|
|
$row = self::_select(
|
2016-07-11 08:15:20 -04:00
|
|
|
'SELECT value FROM ' . self::_sanitizeIdentifier('config') .
|
|
|
|
' WHERE id = ?', array($key), true
|
2015-11-01 11:02:20 -05:00
|
|
|
);
|
|
|
|
return $row['value'];
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* get the primary key clauses, depending on the database driver
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @static
|
|
|
|
* @param string $key
|
|
|
|
* @return array
|
|
|
|
*/
|
|
|
|
private static function _getPrimaryKeyClauses($key = 'dataid')
|
|
|
|
{
|
|
|
|
$main_key = $after_key = '';
|
2016-07-26 02:19:35 -04:00
|
|
|
if (self::$_type === 'mysql') {
|
2015-11-01 11:02:20 -05:00
|
|
|
$after_key = ", PRIMARY KEY ($key)";
|
2016-07-26 02:19:35 -04:00
|
|
|
} else {
|
2015-11-01 11:02:20 -05:00
|
|
|
$main_key = ' PRIMARY KEY';
|
|
|
|
}
|
|
|
|
return array($main_key, $after_key);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* create the paste table
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @static
|
|
|
|
*/
|
|
|
|
private static function _createPasteTable()
|
|
|
|
{
|
|
|
|
list($main_key, $after_key) = self::_getPrimaryKeyClauses();
|
2016-08-15 10:45:47 -04:00
|
|
|
$dataType = self::$_type === 'pgsql' ? 'TEXT' : 'BLOB';
|
2015-11-01 11:02:20 -05:00
|
|
|
self::$_db->exec(
|
2016-07-11 08:15:20 -04:00
|
|
|
'CREATE TABLE ' . self::_sanitizeIdentifier('paste') . ' ( ' .
|
2015-11-01 11:02:20 -05:00
|
|
|
"dataid CHAR(16) NOT NULL$main_key, " .
|
2016-07-18 09:55:51 -04:00
|
|
|
"data $dataType, " .
|
2015-11-01 11:02:20 -05:00
|
|
|
'postdate INT, ' .
|
|
|
|
'expiredate INT, ' .
|
|
|
|
'opendiscussion INT, ' .
|
|
|
|
'burnafterreading INT, ' .
|
|
|
|
'meta TEXT, ' .
|
2016-07-18 09:55:51 -04:00
|
|
|
'attachment ' . (self::$_type === 'pgsql' ? 'TEXT' : 'MEDIUMBLOB') . ', ' .
|
|
|
|
"attachmentname $dataType$after_key );"
|
2015-11-01 11:02:20 -05:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* create the paste table
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @static
|
|
|
|
*/
|
|
|
|
private static function _createCommentTable()
|
|
|
|
{
|
|
|
|
list($main_key, $after_key) = self::_getPrimaryKeyClauses();
|
2016-08-15 10:45:47 -04:00
|
|
|
$dataType = self::$_type === 'pgsql' ? 'text' : 'BLOB';
|
2015-11-01 11:02:20 -05:00
|
|
|
self::$_db->exec(
|
2016-07-11 08:15:20 -04:00
|
|
|
'CREATE TABLE ' . self::_sanitizeIdentifier('comment') . ' ( ' .
|
2015-11-01 11:02:20 -05:00
|
|
|
"dataid CHAR(16) NOT NULL$main_key, " .
|
|
|
|
'pasteid CHAR(16), ' .
|
|
|
|
'parentid CHAR(16), ' .
|
2016-07-18 09:55:51 -04:00
|
|
|
"data $dataType, " .
|
|
|
|
"nickname $dataType, " .
|
|
|
|
"vizhash $dataType, " .
|
2015-11-01 11:02:20 -05:00
|
|
|
"postdate INT$after_key );"
|
|
|
|
);
|
|
|
|
self::$_db->exec(
|
2016-07-18 08:47:32 -04:00
|
|
|
'CREATE INDEX IF NOT EXISTS comment_parent ON ' .
|
|
|
|
self::_sanitizeIdentifier('comment') . '(pasteid);'
|
2015-11-01 11:02:20 -05:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* create the paste table
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @static
|
|
|
|
*/
|
|
|
|
private static function _createConfigTable()
|
|
|
|
{
|
|
|
|
list($main_key, $after_key) = self::_getPrimaryKeyClauses('id');
|
|
|
|
self::$_db->exec(
|
2016-07-11 08:15:20 -04:00
|
|
|
'CREATE TABLE ' . self::_sanitizeIdentifier('config') .
|
|
|
|
" ( id CHAR(16) NOT NULL$main_key, value TEXT$after_key );"
|
2015-11-01 11:02:20 -05:00
|
|
|
);
|
|
|
|
self::_exec(
|
2016-07-11 08:15:20 -04:00
|
|
|
'INSERT INTO ' . self::_sanitizeIdentifier('config') .
|
|
|
|
' VALUES(?,?)',
|
2016-08-09 05:54:42 -04:00
|
|
|
array('VERSION', PrivateBin::VERSION)
|
2015-11-01 11:02:20 -05:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2016-07-11 08:15:20 -04:00
|
|
|
/**
|
|
|
|
* sanitizes identifiers
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @static
|
|
|
|
* @param string $identifier
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
private static function _sanitizeIdentifier($identifier)
|
|
|
|
{
|
2016-07-11 08:33:45 -04:00
|
|
|
return preg_replace('/[^A-Za-z0-9_]+/', '', self::$_prefix . $identifier);
|
2016-07-11 08:15:20 -04:00
|
|
|
}
|
|
|
|
|
2015-11-01 11:02:20 -05:00
|
|
|
/**
|
|
|
|
* upgrade the database schema from an old version
|
|
|
|
*
|
|
|
|
* @access private
|
|
|
|
* @static
|
|
|
|
* @param string $oldversion
|
|
|
|
*/
|
|
|
|
private static function _upgradeDatabase($oldversion)
|
|
|
|
{
|
2016-07-18 09:55:51 -04:00
|
|
|
$dataType = self::$_type === 'pgsql' ? 'TEXT' : 'BLOB';
|
2016-07-26 02:19:35 -04:00
|
|
|
switch ($oldversion) {
|
2015-11-01 11:02:20 -05:00
|
|
|
case '0.21':
|
|
|
|
// create the meta column if necessary (pre 0.21 change)
|
|
|
|
try {
|
2016-07-11 08:33:45 -04:00
|
|
|
self::$_db->exec('SELECT meta FROM ' . self::_sanitizeIdentifier('paste') . ' LIMIT 1;');
|
2015-11-01 11:02:20 -05:00
|
|
|
} catch (PDOException $e) {
|
2016-07-11 08:33:45 -04:00
|
|
|
self::$_db->exec('ALTER TABLE ' . self::_sanitizeIdentifier('paste') . ' ADD COLUMN meta TEXT;');
|
2015-11-01 11:02:20 -05:00
|
|
|
}
|
|
|
|
// SQLite only allows one ALTER statement at a time...
|
|
|
|
self::$_db->exec(
|
2016-07-18 09:55:51 -04:00
|
|
|
'ALTER TABLE ' . self::_sanitizeIdentifier('paste') .
|
|
|
|
' ADD COLUMN attachment ' .
|
|
|
|
(self::$_type === 'pgsql' ? 'TEXT' : 'MEDIUMBLOB') . ';'
|
2015-11-01 11:02:20 -05:00
|
|
|
);
|
|
|
|
self::$_db->exec(
|
2016-07-18 09:55:51 -04:00
|
|
|
'ALTER TABLE ' . self::_sanitizeIdentifier('paste') . " ADD COLUMN attachmentname $dataType;"
|
2015-11-01 11:02:20 -05:00
|
|
|
);
|
|
|
|
// SQLite doesn't support MODIFY, but it allows TEXT of similar
|
|
|
|
// size as BLOB, so there is no need to change it there
|
2016-07-26 02:19:35 -04:00
|
|
|
if (self::$_type !== 'sqlite') {
|
2015-11-01 11:02:20 -05:00
|
|
|
self::$_db->exec(
|
2016-07-11 08:33:45 -04:00
|
|
|
'ALTER TABLE ' . self::_sanitizeIdentifier('paste') .
|
2016-07-18 09:55:51 -04:00
|
|
|
' ADD PRIMARY KEY (dataid), MODIFY COLUMN data $dataType;'
|
2015-11-01 11:02:20 -05:00
|
|
|
);
|
|
|
|
self::$_db->exec(
|
2016-07-11 08:33:45 -04:00
|
|
|
'ALTER TABLE ' . self::_sanitizeIdentifier('comment') .
|
2016-07-18 09:55:51 -04:00
|
|
|
" ADD PRIMARY KEY (dataid), MODIFY COLUMN data $dataType, " .
|
|
|
|
"MODIFY COLUMN nickname $dataType, MODIFY COLUMN vizhash $dataType;"
|
2015-11-01 11:02:20 -05:00
|
|
|
);
|
2016-07-26 02:19:35 -04:00
|
|
|
} else {
|
2015-11-01 11:02:20 -05:00
|
|
|
self::$_db->exec(
|
2016-07-18 08:47:32 -04:00
|
|
|
'CREATE UNIQUE INDEX IF NOT EXISTS paste_dataid ON ' .
|
|
|
|
self::_sanitizeIdentifier('paste') . '(dataid);'
|
2015-11-01 11:02:20 -05:00
|
|
|
);
|
|
|
|
self::$_db->exec(
|
2016-07-18 08:47:32 -04:00
|
|
|
'CREATE UNIQUE INDEX IF NOT EXISTS comment_dataid ON ' .
|
|
|
|
self::_sanitizeIdentifier('comment') . '(dataid);'
|
2015-11-01 11:02:20 -05:00
|
|
|
);
|
|
|
|
}
|
|
|
|
self::$_db->exec(
|
2016-07-18 08:47:32 -04:00
|
|
|
'CREATE INDEX IF NOT EXISTS comment_parent ON ' .
|
|
|
|
self::_sanitizeIdentifier('comment') . '(pasteid);'
|
2015-11-01 11:02:20 -05:00
|
|
|
);
|
2016-08-25 03:53:31 -04:00
|
|
|
// no break, continue with updates for 0.22
|
|
|
|
case '0.22':
|
2016-12-26 06:13:50 -05:00
|
|
|
case '1.0':
|
2016-08-25 03:53:31 -04:00
|
|
|
self::_exec(
|
|
|
|
'UPDATE ' . self::_sanitizeIdentifier('config') .
|
|
|
|
' SET value = ? WHERE id = ?',
|
2016-12-26 06:13:50 -05:00
|
|
|
array(PrivateBin::VERSION, 'VERSION')
|
2016-08-25 03:53:31 -04:00
|
|
|
);
|
2015-11-01 11:02:20 -05:00
|
|
|
}
|
|
|
|
}
|
2012-04-29 13:15:06 -04:00
|
|
|
}
|