OC_Group_Database::escapeLikeParameter() - Code Metrics - Inspection of "[stable8.2] Escape special characters (#25429)" - owncloud/core - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — stable8.2 (#26410)

by Thomas

created 2016-10-20 15:18 UTC

OC_Group_Database::escapeLikeParameter() A

↳ Parent: OC_Group_Database

Complexity

Conditions	1
Paths	1

Size

Total Lines	3
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	2

Importance

Changes

Metric	Value
cc	1
eloc	2
nc	1
nop	1
dl	0
loc	3
ccs	0
cts	0
cp	0
crap	2
rs	10
c	0
b	0
f	0

<?php
/**
 * @author Arthur Schiwon <[email protected]>
 * @author Bart Visscher <[email protected]>
 * @author Jakob Sack <[email protected]>
 * @author Joas Schilling <[email protected]>
 * @author Jörn Friedrich Dreyer <[email protected]>
 * @author Michael Gapczynski <[email protected]>
 * @author michag86 <[email protected]>
 * @author Morris Jobke <[email protected]>
 * @author Robin Appelman <[email protected]>
 * @author Robin McCorkell <[email protected]>
 * @author Thomas Müller <[email protected]>
 *
 * @copyright Copyright (c) 2015, ownCloud, Inc.
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program.  If not, see <http://www.gnu.org/licenses/>
 *
 */
/*
 *
 * The following SQL statement is just a help for developers and will not be
 * executed!
 *
 * CREATE TABLE `groups` (
 *   `gid` varchar(64) COLLATE utf8_unicode_ci NOT NULL,
 *   PRIMARY KEY (`gid`)
 * ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
 *
 * CREATE TABLE `group_user` (
 *   `gid` varchar(64) COLLATE utf8_unicode_ci NOT NULL,
 *   `uid` varchar(64) COLLATE utf8_unicode_ci NOT NULL
 * ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
 *
 */

/**
 * Class for group management in a SQL Database (e.g. MySQL, SQLite)
 */
class OC_Group_Database extends OC_Group_Backend {

	/**
	 * Try to create a new group
	 * @param string $gid The name of the group to create
	 * @return bool
	 *
	 * Tries to create a new group. If the group name already exists, false will
	 * be returned.
	 */
	public function createGroup( $gid ) {
		// Check for existence
		$stmt = OC_DB::prepare( "SELECT `gid` FROM `*PREFIX*groups` WHERE `gid` = ?" );
		$result = $stmt->execute( array( $gid ));

		if( $result->fetchRow() ) {
			// Can not add an existing group
			return false;
		}
		else{
			// Add group and exit
			$stmt = OC_DB::prepare( "INSERT INTO `*PREFIX*groups` ( `gid` ) VALUES( ? )" );
			$result = $stmt->execute( array( $gid ));

			return $result ? true : false;
		}
	}

	/**
	 * delete a group
	 * @param string $gid gid of the group to delete
	 * @return bool
	 *
	 * Deletes a group and removes it from the group_user-table
	 */
	public function deleteGroup( $gid ) {
		// Delete the group
		$stmt = OC_DB::prepare( "DELETE FROM `*PREFIX*groups` WHERE `gid` = ?" );
		$stmt->execute( array( $gid ));

		// Delete the group-user relation
		$stmt = OC_DB::prepare( "DELETE FROM `*PREFIX*group_user` WHERE `gid` = ?" );
		$stmt->execute( array( $gid ));

		// Delete the group-groupadmin relation
		$stmt = OC_DB::prepare( "DELETE FROM `*PREFIX*group_admin` WHERE `gid` = ?" );
		$stmt->execute( array( $gid ));

		return true;
	}

	/**
	 * is user in group?
	 * @param string $uid uid of the user
	 * @param string $gid gid of the group
	 * @return bool
	 *
	 * Checks whether the user is member of a group or not.
	 */
	public function inGroup( $uid, $gid ) {
		// check
		$stmt = OC_DB::prepare( "SELECT `uid` FROM `*PREFIX*group_user` WHERE `gid` = ? AND `uid` = ?" );
		$result = $stmt->execute( array( $gid, $uid ));

		return $result->fetchRow() ? true : false;
	}

	/**
	 * Add a user to a group
	 * @param string $uid Name of the user to add to group
	 * @param string $gid Name of the group in which add the user
	 * @return bool
	 *
	 * Adds a user to a group.
	 */
	public function addToGroup( $uid, $gid ) {
		// No duplicate entries!
		if( !$this->inGroup( $uid, $gid )) {
			$stmt = OC_DB::prepare( "INSERT INTO `*PREFIX*group_user` ( `uid`, `gid` ) VALUES( ?, ? )" );
			$stmt->execute( array( $uid, $gid ));
			return true;
		}else{
			return false;
		}
	}

	/**
	 * Removes a user from a group
	 * @param string $uid Name of the user to remove from group
	 * @param string $gid Name of the group from which remove the user
	 * @return bool
	 *
	 * removes the user from a group.
	 */
	public function removeFromGroup( $uid, $gid ) {
		$stmt = OC_DB::prepare( "DELETE FROM `*PREFIX*group_user` WHERE `uid` = ? AND `gid` = ?" );
		$stmt->execute( array( $uid, $gid ));

		return true;
	}

	/**
	 * Get all groups a user belongs to
	 * @param string $uid Name of the user
	 * @return array an array of group names
	 *
	 * This function fetches all groups a user belongs to. It does not check
	 * if the user exists at all.
	 */
	public function getUserGroups( $uid ) {
		// No magic!
		$stmt = OC_DB::prepare( "SELECT `gid` FROM `*PREFIX*group_user` WHERE `uid` = ?" );
		$result = $stmt->execute( array( $uid ));

		$groups = array();
		while( $row = $result->fetchRow()) {
			$groups[] = $row["gid"];
		}

		return $groups;
	}

	/**
	 * get a list of all groups
	 * @param string $search
	 * @param int $limit
	 * @param int $offset
	 * @return array an array of group names
	 *
	 * Returns a list with all groups
	 */
	public function getGroups($search = '', $limit = null, $offset = null) {
		$parameters = [];
		$searchLike = '';
		if ($search !== '') {
			$parameters[] = '%' . $search . '%';
			$searchLike = ' WHERE LOWER(`gid`) LIKE LOWER(?)';
		}

		$stmt = OC_DB::prepare('SELECT `gid` FROM `*PREFIX*groups`' . $searchLike . ' ORDER BY `gid` ASC', $limit, $offset);
		$result = $stmt->execute($parameters);
		$groups = array();
		while ($row = $result->fetchRow()) {
			$groups[] = $row['gid'];
		}
		return $groups;
	}

	/**
	 * check if a group exists
	 * @param string $gid
	 * @return bool
	 */
	public function groupExists($gid) {
		$query = OC_DB::prepare('SELECT `gid` FROM `*PREFIX*groups` WHERE `gid` = ?');
		$result = $query->execute(array($gid))->fetchOne();
		if ($result !== false) {
			return true;
		}
		return false;
	}

	/**
	 * get a list of all users in a group
	 * @param string $gid
	 * @param string $search
	 * @param int $limit
	 * @param int $offset
	 * @return array an array of user ids
	 */
	public function usersInGroup($gid, $search = '', $limit = null, $offset = null) {
		$parameters = [$gid];
		$searchLike = '';
		if ($search !== '') {
			$parameters[] = '%' . $this->escapeLikeParameter($search) . '%';
			$searchLike = ' AND `uid` LIKE ?';
		}

		$stmt = OC_DB::prepare('SELECT `uid` FROM `*PREFIX*group_user` WHERE `gid` = ?' . $searchLike . ' ORDER BY `uid` ASC',
			$limit,
			$offset);
		$result = $stmt->execute($parameters);
		$users = array();
		while ($row = $result->fetchRow()) {
			$users[] = $row['uid'];
		}
		return $users;
	}

	/**
	 * get the number of all users matching the search string in a group
	 * @param string $gid
	 * @param string $search
	 * @return int|false
	 * @throws \OC\DatabaseException
	 */
	public function countUsersInGroup($gid, $search = '') {
		$parameters = [$gid];
		$searchLike = '';
		if ($search !== '') {
			$parameters[] = '%' . $this->escapeLikeParameter($search) . '%';
			$searchLike = ' AND `uid` LIKE ?';
		}

		$stmt = OC_DB::prepare('SELECT COUNT(`uid`) AS `count` FROM `*PREFIX*group_user` WHERE `gid` = ?' . $searchLike);
		$result = $stmt->execute($parameters);
		$count = $result->fetchOne();
		if($count !== false) {
			$count = intval($count);
		}
		return $count;
	}

	private function escapeLikeParameter($param) {
		return addcslashes($param, '\\_%');
	}

}


1			<?php
2			/**
3			* @author Arthur Schiwon <[email protected]>
4			* @author Bart Visscher <[email protected]>
5			* @author Jakob Sack <[email protected]>
6			* @author Joas Schilling <[email protected]>
7			* @author Jörn Friedrich Dreyer <[email protected]>
8			* @author Michael Gapczynski <[email protected]>
9			* @author michag86 <[email protected]>
10			* @author Morris Jobke <[email protected]>
11			* @author Robin Appelman <[email protected]>
12			* @author Robin McCorkell <[email protected]>
13			* @author Thomas Müller <[email protected]>
14			*
15			* @copyright Copyright (c) 2015, ownCloud, Inc.
16			* @license AGPL-3.0
17			*
18			* This code is free software: you can redistribute it and/or modify
19			* it under the terms of the GNU Affero General Public License, version 3,
20			* as published by the Free Software Foundation.
21			*
22			* This program is distributed in the hope that it will be useful,
23			* but WITHOUT ANY WARRANTY; without even the implied warranty of
24			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25			* GNU Affero General Public License for more details.
26			*
27			* You should have received a copy of the GNU Affero General Public License, version 3,
28			* along with this program. If not, see <http://www.gnu.org/licenses/>
29			*
30			*/
31			/*
32			*
33			* The following SQL statement is just a help for developers and will not be
34			* executed!
35			*
36			* CREATE TABLE `groups` (
37			* `gid` varchar(64) COLLATE utf8_unicode_ci NOT NULL,
38			* PRIMARY KEY (`gid`)
39			* ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
40			*
41			* CREATE TABLE `group_user` (
42			* `gid` varchar(64) COLLATE utf8_unicode_ci NOT NULL,
43			* `uid` varchar(64) COLLATE utf8_unicode_ci NOT NULL
44			* ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
45			*
46			*/
47
48			/**
49			* Class for group management in a SQL Database (e.g. MySQL, SQLite)
50			*/
51			class OC_Group_Database extends OC_Group_Backend {
52
53			/**
54			* Try to create a new group
55			* @param string $gid The name of the group to create
56			* @return bool
57			*
58			* Tries to create a new group. If the group name already exists, false will
59			* be returned.
60			*/
61	338		public function createGroup( $gid ) {
62			// Check for existence
63	338		$stmt = OC_DB::prepare( "SELECT `gid` FROM `PREFIXgroups` WHERE `gid` = ?" );
64	338		$result = $stmt->execute( array( $gid ));
65
66	338		if( $result->fetchRow() ) {
67			// Can not add an existing group
68			return false;
69			}
70			else{
71			// Add group and exit
72	338		$stmt = OC_DB::prepare( "INSERT INTO `PREFIXgroups` ( `gid` ) VALUES( ? )" );
73	338		$result = $stmt->execute( array( $gid ));
74
75	338		return $result ? true : false;
76			}
77			}
78
79			/**
80			* delete a group
81			* @param string $gid gid of the group to delete
82			* @return bool
83			*
84			* Deletes a group and removes it from the group_user-table
85			*/
86	332		public function deleteGroup( $gid ) {
87			// Delete the group
88	332		$stmt = OC_DB::prepare( "DELETE FROM `PREFIXgroups` WHERE `gid` = ?" );
89	332		$stmt->execute( array( $gid ));
90
91			// Delete the group-user relation
92	332		$stmt = OC_DB::prepare( "DELETE FROM `PREFIXgroup_user` WHERE `gid` = ?" );
93	332		$stmt->execute( array( $gid ));
94
95			// Delete the group-groupadmin relation
96	332		$stmt = OC_DB::prepare( "DELETE FROM `PREFIXgroup_admin` WHERE `gid` = ?" );
97	332		$stmt->execute( array( $gid ));
98
99	332		return true;
100			}
101
102			/**
103			* is user in group?
104			* @param string $uid uid of the user
105			* @param string $gid gid of the group
106			* @return bool
107			*
108			* Checks whether the user is member of a group or not.
109			*/
110	357	View Code Duplication	public function inGroup( $uid, $gid ) {
111			// check
112	357		$stmt = OC_DB::prepare( "SELECT `uid` FROM `PREFIXgroup_user` WHERE `gid` = ? AND `uid` = ?" );
113	357		$result = $stmt->execute( array( $gid, $uid ));
114
115	357		return $result->fetchRow() ? true : false;
116			}
117
118			/**
119			* Add a user to a group
120			* @param string $uid Name of the user to add to group
121			* @param string $gid Name of the group in which add the user
122			* @return bool
123			*
124			* Adds a user to a group.
125			*/
126	348	View Code Duplication	public function addToGroup( $uid, $gid ) {
127			// No duplicate entries!
128	348		if( !$this->inGroup( $uid, $gid )) {
129	348		$stmt = OC_DB::prepare( "INSERT INTO `PREFIXgroup_user` ( `uid`, `gid` ) VALUES( ?, ? )" );
130	348		$stmt->execute( array( $uid, $gid ));
131	348		return true;
132			}else{
133	1		return false;
134			}
135			}
136
137			/**
138			* Removes a user from a group
139			* @param string $uid Name of the user to remove from group
140			* @param string $gid Name of the group from which remove the user
141			* @return bool
142			*
143			* removes the user from a group.
144			*/
145	339		public function removeFromGroup( $uid, $gid ) {
146	339		$stmt = OC_DB::prepare( "DELETE FROM `PREFIXgroup_user` WHERE `uid` = ? AND `gid` = ?" );
147	339		$stmt->execute( array( $uid, $gid ));
148
149	339		return true;
150			}
151
152			/**
153			* Get all groups a user belongs to
154			* @param string $uid Name of the user
155			* @return array an array of group names
156			*
157			* This function fetches all groups a user belongs to. It does not check
158			* if the user exists at all.
159			*/
160	480	View Code Duplication	public function getUserGroups( $uid ) {
161			// No magic!
162	480		$stmt = OC_DB::prepare( "SELECT `gid` FROM `PREFIXgroup_user` WHERE `uid` = ?" );
163	480		$result = $stmt->execute( array( $uid ));
164
165	480		$groups = array();
166	480		while( $row = $result->fetchRow()) {
167	347		$groups[] = $row["gid"];
168	347		}
169
170	480		return $groups;
171			}
172
173			/**
174			* get a list of all groups
175			* @param string $search
176			* @param int $limit
177			* @param int $offset
178			* @return array an array of group names
179			*
180			* Returns a list with all groups
181			*/
182	3	View Code Duplication	public function getGroups($search = '', $limit = null, $offset = null) {
183	3		$parameters = [];
184	3		$searchLike = '';
185	3		if ($search !== '') {
186	2		$parameters[] = '%' . $search . '%';
187	2		$searchLike = ' WHERE LOWER(`gid`) LIKE LOWER(?)';
188	2		}
189
190	3		$stmt = OC_DB::prepare('SELECT `gid` FROM `PREFIXgroups`' . $searchLike . ' ORDER BY `gid` ASC', $limit, $offset);
191	3		$result = $stmt->execute($parameters);
192	3		$groups = array();
193	3		while ($row = $result->fetchRow()) {
194	3		$groups[] = $row['gid'];
195	3		}
196	3		return $groups;
197			}
198
199			/**
200			* check if a group exists
201			* @param string $gid
202			* @return bool
203			*/
204	339	View Code Duplication	public function groupExists($gid) {
205	339		$query = OC_DB::prepare('SELECT `gid` FROM `PREFIXgroups` WHERE `gid` = ?');
206	339		$result = $query->execute(array($gid))->fetchOne();
207	339		if ($result !== false) {
208	335		return true;
209			}
210	338		return false;
211			}
212
213			/**
214			* get a list of all users in a group
215			* @param string $gid
216			* @param string $search
217			* @param int $limit
218			* @param int $offset
219			* @return array an array of user ids
220			*/
221	4	View Code Duplication	public function usersInGroup($gid, $search = '', $limit = null, $offset = null) {
222	4		$parameters = [$gid];
223	4		$searchLike = '';
224	4		if ($search !== '') {
225	1		$parameters[] = '%' . $this->escapeLikeParameter($search) . '%';
226	1		$searchLike = ' AND `uid` LIKE ?';
227	1		}
228
229	4		$stmt = OC_DB::prepare('SELECT `uid` FROM `PREFIXgroup_user` WHERE `gid` = ?' . $searchLike . ' ORDER BY `uid` ASC',
230	4		$limit,
231	4		$offset);
232	4		$result = $stmt->execute($parameters);
233	4		$users = array();
234	4		while ($row = $result->fetchRow()) {
235	4		$users[] = $row['uid'];
236	4		}
237	4		return $users;
238			}
239
240			/**
241			* get the number of all users matching the search string in a group
242			* @param string $gid
243			* @param string $search
244			* @return int\|false
245			* @throws \OC\DatabaseException
246			*/
247	1		public function countUsersInGroup($gid, $search = '') {
248	1		$parameters = [$gid];
249	1		$searchLike = '';
250	1		if ($search !== '') {
251	1		$parameters[] = '%' . $this->escapeLikeParameter($search) . '%';
252	1		$searchLike = ' AND `uid` LIKE ?';
253	1		}
254
255	1		$stmt = OC_DB::prepare('SELECT COUNT(`uid`) AS `count` FROM `PREFIXgroup_user` WHERE `gid` = ?' . $searchLike);
256	1		$result = $stmt->execute($parameters);
257	1		$count = $result->fetchOne();
258	1		if($count !== false) {
259	1		$count = intval($count);
260	1		}
261	1		return $count;
262			}
263
264			private function escapeLikeParameter($param) {
265			return addcslashes($param, '\\_%');
266			}
267
268			}
269

owncloud / core

Pull Request — stable8.2 (#26410)

OC_Group_Database::escapeLikeParameter() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like