From ffbb45cefbcfe2dc948965169f4eeb0b4a847685 Mon Sep 17 00:00:00 2001
From: "mdomba (mdwork)" <mdomba@gmail.com>
Date: Tue, 24 Jul 2012 13:13:51 +0200
Subject: [PATCH] Fixes issue #449 - proper quoting in CDbLogRoute and
 CDbHttpSession

---
 CHANGELOG                         |  1 +
 framework/logging/CDbLogRoute.php | 46 ++++++++--------------
 framework/web/CDbHttpSession.php  | 64 ++++++++++++++++---------------
 3 files changed, 49 insertions(+), 62 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 12fabbc8b..cb94a7f97 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -16,6 +16,7 @@ Version 1.1.11 work in progress
 - Bug #392: There was no way to get and modify criteria in CActiveRecord::beforeFind (samdark)
 - Bug #417: CAttributeCollections::mergeWith() does not take into account the caseSensitive (dmtrs)
 - Bug #433: Fixed the bug that Gii model name input autocomplete was not working sometimes (mdomba)
+- Bug #449: CDbHttpSession and CDbLogRoute now use query builder instead of DAO for proper quoting (mdomba, redguy)
 - Bug #454: Removed translation on CDbConnection exception as it was creating an endless loop if the application used CDbCache (mdomba)
 - Bug #517: Rule parameter sub-patterns are not checked correctly (ranvis)
 - Bug #539: Fixed CUrlRule::createUrl() to treat sub-patterns as Unicode as parseUrl() does (ranvis)
diff --git a/framework/logging/CDbLogRoute.php b/framework/logging/CDbLogRoute.php
index 8d463a969..458bef6a6 100644
--- a/framework/logging/CDbLogRoute.php
+++ b/framework/logging/CDbLogRoute.php
@@ -70,10 +70,9 @@ class CDbLogRoute extends CLogRoute
 		if($this->autoCreateLogTable)
 		{
 			$db=$this->getDbConnection();
-			$sql="DELETE FROM {$this->logTableName} WHERE 0=1";
 			try
 			{
-				$db->createCommand($sql)->execute();
+				$db->createCommand()->delete($this->logTableName,'0=1');
 			}
 			catch(Exception $e)
 			{
@@ -89,24 +88,13 @@ class CDbLogRoute extends CLogRoute
 	 */
 	protected function createLogTable($db,$tableName)
 	{
-		$driver=$db->getDriverName();
-		if($driver==='mysql')
-			$logID='id INTEGER NOT NULL AUTO_INCREMENT PRIMARY KEY';
-		else if($driver==='pgsql')
-			$logID='id SERIAL PRIMARY KEY';
-		else
-			$logID='id INTEGER NOT NULL PRIMARY KEY';
-
-		$sql="
-CREATE TABLE $tableName
-(
-	$logID,
-	level VARCHAR(128),
-	category VARCHAR(128),
-	logtime INTEGER,
-	message TEXT
-)";
-		$db->createCommand($sql)->execute();
+		$db->createCommand()->createTable($tableName, array(
+			'id'=>'pk',
+			'level'=>'varchar(128)',
+			'category'=>'varchar(128)',
+			'logtime'=>'integer',
+			'message'=>'text',
+		));
 	}
 
 	/**
@@ -138,19 +126,15 @@ CREATE TABLE $tableName
 	 */
 	protected function processLogs($logs)
 	{
-		$sql="
-INSERT INTO {$this->logTableName}
-(level, category, logtime, message) VALUES
-(:level, :category, :logtime, :message)
-";
-		$command=$this->getDbConnection()->createCommand($sql);
+		$command=$this->getDbConnection()->createCommand();
 		foreach($logs as $log)
 		{
-			$command->bindValue(':level',$log[1]);
-			$command->bindValue(':category',$log[2]);
-			$command->bindValue(':logtime',(int)$log[3]);
-			$command->bindValue(':message',$log[0]);
-			$command->execute();
+			$command->insert($this->logTableName,array(
+				'level'=>$log[1],
+				'category'=>$log[2],
+				'logtime'=>(int)$log[3],
+				'message'=>$log[0],
+			));
 		}
 	}
 }
diff --git a/framework/web/CDbHttpSession.php b/framework/web/CDbHttpSession.php
index 2a05a2348..c53c32793 100644
--- a/framework/web/CDbHttpSession.php
+++ b/framework/web/CDbHttpSession.php
@@ -100,15 +100,17 @@ class CDbHttpSession extends CHttpSession
 		$newID=session_id();
 		$db=$this->getDbConnection();
 
-		$sql="SELECT * FROM {$this->sessionTableName} WHERE id=:id";
-		$row=$db->createCommand($sql)->bindValue(':id',$oldID)->queryRow();
+		$row=$db->createCommand()
+			->select()
+			->from($this->sessionTableName)
+			->where('id=:id',array(':id'=>$oldID))
+			->queryRow();
 		if($row!==false)
 		{
 			if($deleteOldSession)
-			{
-				$sql="UPDATE {$this->sessionTableName} SET id=:newID WHERE id=:oldID";
-				$db->createCommand($sql)->bindValue(':newID',$newID)->bindValue(':oldID',$oldID)->execute();
-			}
+				$db->createCommand()->update($this->sessionTableName,array(
+					'id'=>$newID
+				),'id=:oldID',array(':oldID'=>$oldID));
 			else
 			{
 				$row['id']=$newID;
@@ -139,14 +141,11 @@ class CDbHttpSession extends CHttpSession
 			$blob='BYTEA';
 		else
 			$blob='BLOB';
-		$sql="
-CREATE TABLE $tableName
-(
-	id CHAR(32) PRIMARY KEY,
-	expire INTEGER,
-	data $blob
-)";
-		$db->createCommand($sql)->execute();
+		$db->createCommand()->createTable($tableName,array(
+			'id'=>'CHAR(32) PRIMARY KEY',
+			'expire'=>'integer',
+			'data'=>$blob,
+		));
 	}
 
 	/**
@@ -185,10 +184,9 @@ CREATE TABLE $tableName
 		{
 			$db=$this->getDbConnection();
 			$db->setActive(true);
-			$sql="DELETE FROM {$this->sessionTableName} WHERE expire<".time();
 			try
 			{
-				$db->createCommand($sql)->execute();
+				$db->createCommand()->delete($this->sessionTableName,'expire<:expire',array(':expire'=>time()));
 			}
 			catch(Exception $e)
 			{
@@ -206,12 +204,11 @@ CREATE TABLE $tableName
 	 */
 	public function readSession($id)
 	{
-		$now=time();
-		$sql="
-SELECT data FROM {$this->sessionTableName}
-WHERE expire>$now AND id=:id
-";
-		$data=$this->getDbConnection()->createCommand($sql)->bindValue(':id',$id)->queryScalar();
+		$data=$this->getDbConnection()->createCommand()
+			->select('data')
+			->from($this->sessionTableName)
+			->where('expire>:expire AND id=:id',array(':expire'=>time(),':id'=>$id))
+			->queryScalar();
 		return $data===false?'':$data;
 	}
 
@@ -230,12 +227,17 @@ WHERE expire>$now AND id=:id
 		{
 			$expire=time()+$this->getTimeout();
 			$db=$this->getDbConnection();
-			$sql="SELECT id FROM {$this->sessionTableName} WHERE id=:id";
-			if($db->createCommand($sql)->bindValue(':id',$id)->queryScalar()===false)
-				$sql="INSERT INTO {$this->sessionTableName} (id, data, expire) VALUES (:id, :data, $expire)";
+			if($db->createCommand()->select('id')->from($this->sessionTableName)->where('id=:id',array(':id'=>$id))->queryScalar()===false)
+				$db->createCommand()->insert($this->sessionTableName,array(
+					'id'=>$id,
+					'data'=>$data,
+					'expire'=>$expire,
+				));
 			else
-				$sql="UPDATE {$this->sessionTableName} SET expire=$expire, data=:data WHERE id=:id";
-			$db->createCommand($sql)->bindValue(':id',$id)->bindValue(':data',$data)->execute();
+				$db->createCommand()->update($this->sessionTableName,array(
+					'data'=>$data,
+					'expire'=>$expire
+				),'id=:id',array(':id'=>$id));
 		}
 		catch(Exception $e)
 		{
@@ -255,8 +257,8 @@ WHERE expire>$now AND id=:id
 	 */
 	public function destroySession($id)
 	{
-		$sql="DELETE FROM {$this->sessionTableName} WHERE id=:id";
-		$this->getDbConnection()->createCommand($sql)->bindValue(':id',$id)->execute();
+		$this->getDbConnection()->createCommand()
+			->delete($this->sessionTableName,'id=:id',array(':id'=>$id));
 		return true;
 	}
 
@@ -268,8 +270,8 @@ WHERE expire>$now AND id=:id
 	 */
 	public function gcSession($maxLifetime)
 	{
-		$sql="DELETE FROM {$this->sessionTableName} WHERE expire<".time();
-		$this->getDbConnection()->createCommand($sql)->execute();
+		$this->getDbConnection()->createCommand()
+			->delete($this->sessionTableName,'expire<:expire',array(':expire'=>time()));
 		return true;
 	}
 }