Mirrors/yii
2
0
Fork 0
mirror of https://github.com/yiisoft/yii.git synced 2026-03-06 16:16:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixes issue #449 - proper quoting in CDbLogRoute and CDbHttpSession

Browse Source
This commit is contained in:
mdomba (mdwork)
2012-07-24 13:13:51 +02:00
parent 6705e15f70
commit ffbb45cefb
3 changed files with 49 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
framework/web/CDbHttpSession.php
View File

@@ -100,15 +100,17 @@ class CDbHttpSession extends CHttpSession
$newID=session_id();
$db=$this->getDbConnection();
$sql="SELECT * FROM {$this->sessionTableName} WHERE id=:id";
$row=$db->createCommand($sql)->bindValue(':id',$oldID)->queryRow();
$row=$db->createCommand()
->select()
->from($this->sessionTableName)
->where('id=:id',array(':id'=>$oldID))
->queryRow();
if($row!==false)
{
if($deleteOldSession)
{
$sql="UPDATE {$this->sessionTableName} SET id=:newID WHERE id=:oldID";
$db->createCommand($sql)->bindValue(':newID',$newID)->bindValue(':oldID',$oldID)->execute();
}
$db->createCommand()->update($this->sessionTableName,array(
'id'=>$newID
),'id=:oldID',array(':oldID'=>$oldID));
else
{
$row['id']=$newID;
@@ -139,14 +141,11 @@ class CDbHttpSession extends CHttpSession
$blob='BYTEA';
else
$blob='BLOB';
$sql="
CREATE TABLE $tableName
(
id CHAR(32) PRIMARY KEY,
expire INTEGER,
data $blob
)";
$db->createCommand($sql)->execute();
$db->createCommand()->createTable($tableName,array(
'id'=>'CHAR(32) PRIMARY KEY',
'expire'=>'integer',
'data'=>$blob,
));
}
/**
@@ -185,10 +184,9 @@ CREATE TABLE $tableName
{
$db=$this->getDbConnection();
$db->setActive(true);
$sql="DELETE FROM {$this->sessionTableName} WHERE expire<".time();
try
{
$db->createCommand($sql)->execute();
$db->createCommand()->delete($this->sessionTableName,'expire<:expire',array(':expire'=>time()));
}
catch(Exception $e)
{
@@ -206,12 +204,11 @@ CREATE TABLE $tableName
*/
public function readSession($id)
{
$now=time();
$sql="
SELECT data FROM {$this->sessionTableName}
WHERE expire>$now AND id=:id
";
$data=$this->getDbConnection()->createCommand($sql)->bindValue(':id',$id)->queryScalar();
$data=$this->getDbConnection()->createCommand()
->select('data')
->from($this->sessionTableName)
->where('expire>:expire AND id=:id',array(':expire'=>time(),':id'=>$id))
->queryScalar();
return $data===false?'':$data;
}
@@ -230,12 +227,17 @@ WHERE expire>$now AND id=:id
{
$expire=time()+$this->getTimeout();
$db=$this->getDbConnection();
$sql="SELECT id FROM {$this->sessionTableName} WHERE id=:id";
if($db->createCommand($sql)->bindValue(':id',$id)->queryScalar()===false)
$sql="INSERT INTO {$this->sessionTableName} (id, data, expire) VALUES (:id, :data, $expire)";
if($db->createCommand()->select('id')->from($this->sessionTableName)->where('id=:id',array(':id'=>$id))->queryScalar()===false)
$db->createCommand()->insert($this->sessionTableName,array(
'id'=>$id,
'data'=>$data,
'expire'=>$expire,
));
else
$sql="UPDATE {$this->sessionTableName} SET expire=$expire, data=:data WHERE id=:id";
$db->createCommand($sql)->bindValue(':id',$id)->bindValue(':data',$data)->execute();
$db->createCommand()->update($this->sessionTableName,array(
'data'=>$data,
'expire'=>$expire
),'id=:id',array(':id'=>$id));
}
catch(Exception $e)
{
@@ -255,8 +257,8 @@ WHERE expire>$now AND id=:id
*/
public function destroySession($id)
{
$sql="DELETE FROM {$this->sessionTableName} WHERE id=:id";
$this->getDbConnection()->createCommand($sql)->bindValue(':id',$id)->execute();
$this->getDbConnection()->createCommand()
->delete($this->sessionTableName,'id=:id',array(':id'=>$id));
return true;
}
@@ -268,8 +270,8 @@ WHERE expire>$now AND id=:id
*/
public function gcSession($maxLifetime)
{
$sql="DELETE FROM {$this->sessionTableName} WHERE expire<".time();
$this->getDbConnection()->createCommand($sql)->execute();
$this->getDbConnection()->createCommand()
->delete($this->sessionTableName,'expire<:expire',array(':expire'=>time()));
return true;
}
}