From 34a0902089a410d1f7dda78d1f8b0771333c09df Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 12 Sep 2014 08:37:51 -0400
Subject: [PATCH] Use consistent column/table quoting in sql queries

---
 program/lib/Roundcube/rcube_cache.php |   51 ++++++++++++++++++++++++---------------------------
 1 files changed, 24 insertions(+), 27 deletions(-)

diff --git a/program/lib/Roundcube/rcube_cache.php b/program/lib/Roundcube/rcube_cache.php
index 0017dca..7210ce6 100644
--- a/program/lib/Roundcube/rcube_cache.php
+++ b/program/lib/Roundcube/rcube_cache.php
@@ -75,7 +75,7 @@
         else {
             $this->type  = 'db';
             $this->db    = $rcube->get_dbh();
-            $this->table = $this->db->table_name('cache');
+            $this->table = $this->db->table_name('cache', true);
         }
 
         // convert ttl string to seconds
@@ -197,10 +197,10 @@
     {
         if ($this->type == 'db' && $this->db && $this->ttl) {
             $this->db->query(
-                "DELETE FROM ".$this->table.
-                " WHERE user_id = ?".
-                " AND cache_key LIKE ?".
-                " AND expires < " . $this->db->now(),
+                "DELETE FROM {$this->table}".
+                " WHERE `user_id` = ?".
+                " AND `cache_key` LIKE ?".
+                " AND `expires` < " . $this->db->now(),
                 $this->userid,
                 $this->prefix.'.%');
         }
@@ -215,7 +215,7 @@
         $rcube = rcube::get_instance();
         $db    = $rcube->get_dbh();
 
-        $db->query("DELETE FROM " . $db->table_name('cache') . " WHERE expires < " . $db->now());
+        $db->query("DELETE FROM " . $db->table_name('cache', true) . " WHERE `expires` < " . $db->now());
     }
 
 
@@ -284,13 +284,12 @@
         }
         else {
             $sql_result = $this->db->limitquery(
-                "SELECT data, cache_key".
-                " FROM " . $this->table.
-                " WHERE user_id = ?".
-                " AND cache_key = ?".
+                "SELECT `data`, `cache_key`".
+                " FROM {$this->table}".
+                " WHERE `user_id` = ? AND `cache_key` = ?".
                 // for better performance we allow more records for one key
                 // get the newer one
-                " ORDER BY created DESC",
+                " ORDER BY `created` DESC",
                 0, 1, $this->userid, $this->prefix.'.'.$key);
 
             if ($sql_arr = $this->db->fetch_assoc($sql_result)) {
@@ -346,9 +345,8 @@
         // Remove NULL rows (here we don't need to check if the record exist)
         if ($data == 'N;') {
             $this->db->query(
-                "DELETE FROM " . $this->table.
-                " WHERE user_id = ?".
-                " AND cache_key = ?",
+                "DELETE FROM {$this->table}".
+                " WHERE `user_id` = ? AND `cache_key` = ?",
                 $this->userid, $key);
 
             return true;
@@ -357,12 +355,12 @@
         // update existing cache record
         if ($key_exists) {
             $result = $this->db->query(
-                "UPDATE " . $this->table.
-                " SET created = " . $this->db->now().
-                    ", expires = " . ($this->ttl ? $this->db->now($this->ttl) : 'NULL').
-                    ", data = ?".
-                " WHERE user_id = ?".
-                " AND cache_key = ?",
+                "UPDATE {$this->table}".
+                " SET `created` = " . $this->db->now().
+                    ", `expires` = " . ($this->ttl ? $this->db->now($this->ttl) : 'NULL').
+                    ", `data` = ?".
+                " WHERE `user_id` = ?".
+                " AND `cache_key` = ?",
                 $data, $this->userid, $key);
         }
         // add new cache record
@@ -370,8 +368,8 @@
             // for better performance we allow more records for one key
             // so, no need to check if record exist (see rcube_cache::read_record())
             $result = $this->db->query(
-                "INSERT INTO " . $this->table.
-                " (created, expires, user_id, cache_key, data)".
+                "INSERT INTO {$this->table}".
+                " (`created`, `expires`, `user_id`, `cache_key`, `data`)".
                 " VALUES (" . $this->db->now() . ", " . ($this->ttl ? $this->db->now($this->ttl) : 'NULL') . ", ?, ?, ?)",
                 $this->userid, $key, $data);
         }
@@ -421,20 +419,19 @@
 
         // Remove all keys (in specified cache)
         if ($key === null) {
-            $where = " AND cache_key LIKE " . $this->db->quote($this->prefix.'.%');
+            $where = " AND `cache_key` LIKE " . $this->db->quote($this->prefix.'.%');
         }
         // Remove keys by name prefix
         else if ($prefix_mode) {
-            $where = " AND cache_key LIKE " . $this->db->quote($this->prefix.'.'.$key.'%');
+            $where = " AND `cache_key` LIKE " . $this->db->quote($this->prefix.'.'.$key.'%');
         }
         // Remove one key by name
         else {
-            $where = " AND cache_key = " . $this->db->quote($this->prefix.'.'.$key);
+            $where = " AND `cache_key` = " . $this->db->quote($this->prefix.'.'.$key);
         }
 
         $this->db->query(
-            "DELETE FROM " . $this->table.
-            " WHERE user_id = ?" . $where,
+            "DELETE FROM {$this->table} WHERE `user_id` = ?" . $where,
             $this->userid);
     }
 

--
Gitblit v1.9.1