diff --git a/htdocs/admin/system/database.php b/htdocs/admin/system/database.php index f60714dc3a3..f32122df7b9 100644 --- a/htdocs/admin/system/database.php +++ b/htdocs/admin/system/database.php @@ -1,6 +1,6 @@ - * Copyright (C) 2004-2013 Laurent Destailleur + * Copyright (C) 2004-2014 Laurent Destailleur * Copyright (C) 2004 Sebastien Di Cintio * Copyright (C) 2004 Benoit Mortier * @@ -63,33 +63,17 @@ print 'db->type == 'pgsql') -{ - $sqls[0] = "select name,setting from pg_settings"; // TODO function getServerParametersValues - //$sqls[1] = ""; // TODO Use function getServerStatusValues - $base=2; -} -else if ($conf->db->type == 'mssql') -{ - //$sqls[0] = ""; - //$base=3; -} +$listofvars=$db->getServerParametersValues(); +$listofstatus=$db->getServerStatusValues(); +$arraylist=array('listofvars','listofstatus'); -if (! $base) +if (! count($listofvars) && ! count($listofstatus)) { print $langs->trans("FeatureNotAvailableWithThisDatabaseDriver"); } else { - foreach($sqls as $sql) + foreach($arraylist as $listname) { print '
'; print ''; @@ -97,7 +81,7 @@ else print ''; print ''; print ''."\n"; - + // arraytest is an array of test to do $arraytest=array(); if (preg_match('/mysql/i',$db->type)) @@ -107,38 +91,37 @@ else 'collation_database'=>array('var'=>'dolibarr_main_db_collation','valifempty'=>'utf8_general_ci') ); } + + $listtouse=array(); + if ($listname == 'listofvars') $listtouse=$listofvars; + if ($listname == 'listofstatus') $listtouse=$listofstatus; - $resql = $db->query($sql); - if ($resql) + $var=true; + foreach($listtouse as $param => $paramval) { - $var=True; - while ($row = $db->fetch_row($resql)) + $var=!$var; + print ''; + print ''; + print ''; - print ''; - print ''; - print ''."\n"; + if ($key != $param) continue; + $val2=${$val['var']}; + $text='Should be in line with value of param '.$val['var'].' thas is '.($val2?$val2:"'' (=".$val['valifempty'].")").''; + $show=1; } - $db->free($resql); + if ($show==0) print $paramval; + if ($show==1) print $form->textwithpicto($paramval,$text); + if ($show==2) print $form->textwithpicto($paramval,$text,1,'warning'); + print ''; + print ''."\n"; } print '
'.$langs->trans("Parameters").''.$langs->trans("Value").'
'; + print $param; + print ''; + $show=0;$text=''; + foreach($arraytest as $key => $val) { - $var=!$var; - print '
'; - print $row[0]; - print ''; - $show=0;$text=''; - foreach($arraytest as $key => $val) - { - if ($key != $row[0]) continue; - $val2=${$val['var']}; - $text='Should be in line with value of param '.$val['var'].' thas is '.($val2?$val2:"'' (=".$val['valifempty'].")").''; - $show=1; - } - if ($show==0) print $row[1]; - if ($show==1) print $form->textwithpicto($row[1],$text); - if ($show==2) print $form->textwithpicto($row[1],$text,1,'warning'); - print '
'."\n"; } } llxFooter(); -?> +?> \ No newline at end of file diff --git a/htdocs/core/db/mysql.class.php b/htdocs/core/db/mysql.class.php index 59d302aa3f2..5ff714cef7b 100644 --- a/htdocs/core/db/mysql.class.php +++ b/htdocs/core/db/mysql.class.php @@ -1207,12 +1207,11 @@ class DoliDBMysql extends DoliDB $result=array(); $sql='SHOW VARIABLES'; - if ($filter) $sql.=" LIKE '".addslashes($filter)."'"; + if ($filter) $sql.=" LIKE '".$this->escape($filter)."'"; $resql=$this->query($sql); if ($resql) { - $obj=$this->fetch_object($resql); - $result[$obj->Variable_name]=$obj->Value; + while ($obj=$this->fetch_object($resql)) $result[$obj->Variable_name]=$obj->Value; } return $result; @@ -1233,8 +1232,7 @@ class DoliDBMysql extends DoliDB $resql=$this->query($sql); if ($resql) { - $obj=$this->fetch_object($resql); - $result[$obj->Variable_name]=$obj->Value; + while ($obj=$this->fetch_object($resql)) $result[$obj->Variable_name]=$obj->Value; } return $result; diff --git a/htdocs/core/db/mysqli.class.php b/htdocs/core/db/mysqli.class.php index d26026e9f95..dc65eddbbd8 100644 --- a/htdocs/core/db/mysqli.class.php +++ b/htdocs/core/db/mysqli.class.php @@ -1210,12 +1210,11 @@ class DoliDBMysqli extends DoliDB $result=array(); $sql='SHOW VARIABLES'; - if ($filter) $sql.=" LIKE '".addslashes($filter)."'"; + if ($filter) $sql.=" LIKE '".$this->escape($filter)."'"; $resql=$this->query($sql); if ($resql) { - $obj=$this->fetch_object($resql); - $result[$obj->Variable_name]=$obj->Value; + while($obj=$this->fetch_object($resql)) $result[$obj->Variable_name]=$obj->Value; } return $result; @@ -1236,8 +1235,7 @@ class DoliDBMysqli extends DoliDB $resql=$this->query($sql); if ($resql) { - $obj=$this->fetch_object($resql); - $result[$obj->Variable_name]=$obj->Value; + while($obj=$this->fetch_object($resql)) $result[$obj->Variable_name]=$obj->Value; } return $result; diff --git a/htdocs/core/db/pgsql.class.php b/htdocs/core/db/pgsql.class.php index cfb25e76508..eb3677b5f6d 100644 --- a/htdocs/core/db/pgsql.class.php +++ b/htdocs/core/db/pgsql.class.php @@ -1137,15 +1137,15 @@ class DoliDBPgsql extends DoliDB /** * Create a user to connect to database * - * @param string $dolibarr_main_db_host Ip serveur - * @param string $dolibarr_main_db_user Nom user a creer - * @param string $dolibarr_main_db_pass Mot de passe user a creer + * @param string $dolibarr_main_db_host Ip server + * @param string $dolibarr_main_db_user Name of user to create + * @param string $dolibarr_main_db_pass Password of user to create * @param string $dolibarr_main_db_name Database name where user must be granted * @return int <0 if KO, >=0 if OK */ function DDLCreateUser($dolibarr_main_db_host,$dolibarr_main_db_user,$dolibarr_main_db_pass,$dolibarr_main_db_name) { - $sql = "create user \"".addslashes($dolibarr_main_db_user)."\" with password '".addslashes($dolibarr_main_db_pass)."'"; + $sql = "CREATE USER '".$this->escape($dolibarr_main_db_user)."' with password '".$this->escape($dolibarr_main_db_pass)."'"; dol_syslog(get_class($this)."::DDLCreateUser", LOG_DEBUG); // No sql to avoid password in log $resql=$this->query($sql); @@ -1401,8 +1401,7 @@ class DoliDBPgsql extends DoliDB $resql=$this->query($resql); if ($resql) { - $obj=$this->fetch_object($resql); - $result[$obj->name]=$obj->setting; + while ($obj=$this->fetch_object($resql)) $result[$obj->name]=$obj->setting; } return $result; diff --git a/htdocs/core/db/sqlite.class.php b/htdocs/core/db/sqlite.class.php index 496de961d68..b3a9e35cf1f 100644 --- a/htdocs/core/db/sqlite.class.php +++ b/htdocs/core/db/sqlite.class.php @@ -1185,7 +1185,7 @@ class DoliDBSqlite extends DoliDB { $sql = "INSERT INTO user "; $sql.= "(Host,User,password,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Index_Priv,Alter_priv,Lock_tables_priv)"; - $sql.= " VALUES ('".addslashes($dolibarr_main_db_host)."','".addslashes($dolibarr_main_db_user)."',password('".addslashes($dolibarr_main_db_pass)."')"; + $sql.= " VALUES ('".$this->escape($dolibarr_main_db_host)."','".$this->escape($dolibarr_main_db_user)."',password('".addslashes($dolibarr_main_db_pass)."')"; $sql.= ",'Y','Y','Y','Y','Y','Y','Y','Y','Y')"; dol_syslog(get_class($this)."::DDLCreateUser", LOG_DEBUG); // No sql to avoid password in log @@ -1198,7 +1198,7 @@ class DoliDBSqlite extends DoliDB $sql = "INSERT INTO db "; $sql.= "(Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Index_Priv,Alter_priv,Lock_tables_priv)"; - $sql.= " VALUES ('".addslashes($dolibarr_main_db_host)."','".addslashes($dolibarr_main_db_name)."','".addslashes($dolibarr_main_db_user)."'"; + $sql.= " VALUES ('".$this->escape($dolibarr_main_db_host)."','".$this->escape($dolibarr_main_db_name)."','".addslashes($dolibarr_main_db_user)."'"; $sql.= ",'Y','Y','Y','Y','Y','Y','Y','Y','Y')"; dol_syslog(get_class($this)."::DDLCreateUser sql=".$sql); @@ -1319,12 +1319,11 @@ class DoliDBSqlite extends DoliDB $result=array(); $sql='SHOW VARIABLES'; - if ($filter) $sql.=" LIKE '".addslashes($filter)."'"; + if ($filter) $sql.=" LIKE '".$this->escape($filter)."'"; $resql=$this->query($sql); if ($resql) { - $obj=$this->fetch_object($resql); - $result[$obj->Variable_name]=$obj->Value; + while ($obj=$this->fetch_object($resql)) $result[$obj->Variable_name]=$obj->Value; } return $result; @@ -1345,8 +1344,7 @@ class DoliDBSqlite extends DoliDB $resql=$this->query($sql); if ($resql) { - $obj=$this->fetch_object($resql); - $result[$obj->Variable_name]=$obj->Value; + while ($obj=$this->fetch_object($resql)) $result[$obj->Variable_name]=$obj->Value; } return $result;