Fix Mysql access driver

cdujeu · cdujeu · commit 697cc7ee6747 · 2016-09-30T13:18:18.000+02:00
diff --git a/core/src/plugins/access.mysql/MysqlAccessDriver.php b/core/src/plugins/access.mysql/MysqlAccessDriver.php
@@ -137,7 +137,9 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
             case "edit_record";
 
                 $isNew = false;
-                if(isSet($record_is_new) && $record_is_new == "true") $isNew = true;
+                if(isSet($httpVars['record_is_new']) && $httpVars['record_is_new'] == "true") {
+                    $isNew = true;
+                }
                 $tableName = $httpVars["table_name"];
                 $pkName = $httpVars["pk_name"];
                 $arrValues = array();
@@ -147,16 +149,19 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
                         $arrValues[$newKey] = $value;
                     }
                 }
+                $autoKey = $this->findTableAutoIncrementKey($ctx, $tableName);
                 if ($isNew) {
-                    $string = "";
+                    $values = [];
                     $index = 0;
                     foreach ($arrValues as $k=>$v) {
-                        // CHECK IF AUTO KEY!!!
-                        $string .= "'".addslashes($v)."'";
-                        if($index < count($arrValues)-1) $string.=",";
+                        if($autoKey !== false && $k === $autoKey){
+                            $values[] = 'NULL';
+                        }else{
+                            $values []= "'".addslashes($v)."'";
+                        }
                         $index++;
                     }
-                    $query = "INSERT INTO $tableName VALUES ($string)";
+                    $query = "INSERT INTO `$tableName` VALUES (".implode(",", $values).")";
                 } else {
                     $string = "";
                     $index = 0;
@@ -170,7 +175,7 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
                         $index++;
                     }
                     if(!isSet($pkValue)) throw new PydioException("Cannot find PK Value");
-                    $query = "UPDATE $tableName SET $string WHERE $pkName='$pkValue'";
+                    $query = "UPDATE `$tableName` SET $string WHERE $pkName='$pkValue'";
                 }
                 $this->execQuery($ctx, $query);
                 $logMessage = $query;
@@ -183,6 +188,7 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
             //------------------------------------
             case "edit_table":
                 if (isSet($httpVars["current_table"])) {
+                    $current_table = InputFilter::sanitize($httpVars["current_table"], InputFilter::SANITIZE_ALPHANUM);
                     if (isSet($httpVars["delete_column"])) {
                         $query = "ALTER TABLE ".$httpVars["current_table"]." DROP COLUMN ".$httpVars["delete_column"];
                         $this->execQuery($ctx, $query);
@@ -192,7 +198,7 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
                     }
                     if (isSet($httpVars["add_column"])) {
                         $defString = $this->makeColumnDef($httpVars, "add_field_");
-                        $query = "ALTER TABLE ".$httpVars["current_table"]." ADD COLUMN ($defString)";
+                        $query = "ALTER TABLE `".$current_table."` ADD COLUMN ($defString)";
                         if (isSet($httpVars["add_field_pk"]) && $httpVars["add_field_pk"]=="1") {
                             $query.= ", ADD PRIMARY KEY (".$httpVars["add_field_name"].")";
                         }
@@ -232,7 +238,8 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
                         $reload_file_list = true;
                     }
                     $logMessage = $qMessage;
-                } else if (isSet($new_table)) {
+                } else if (isSet($httpVars["new_table"])) {
+                    $new_table = InputFilter::sanitize($httpVars["new_table"], InputFilter::SANITIZE_ALPHANUM);
                     $fieldsDef = array();
                     $pks = array();
                     $indexes = array();
@@ -261,6 +268,7 @@ public function switchAction(ServerRequestInterface $requestInterface, ResponseI
                     $reload_file_list = true;
                     $reload_current_node = true;
                 }
+
             break;
 
             //------------------------------------
@@ -593,6 +601,25 @@ public function listTables(ContextInterface $ctx)
         return $allTables;
     }
 
+    /**
+     * Find autoincrement key
+     * @param ContextInterface $ctx
+     * @param $tablename
+     * @return bool
+     * @throws PydioException
+     */
+    public function findTableAutoIncrementKey(ContextInterface $ctx, $tablename){
+
+        $result = $this->execQuery($ctx, "SELECT * from `$tablename` LIMIT 0,1");
+        $fields =  mysqli_fetch_fields($result);
+        foreach($fields as $field){
+            if($field->flags & MYSQLI_AUTO_INCREMENT_FLAG){
+                return $field->name;
+            }
+        }
+        return false;
+    }
+
     /**
      * @param ContextInterface $ctx
      * @param $query
@@ -673,7 +700,7 @@ public function showRecords(ContextInterface $ctx, $query, $tablename, $currentP
         }
 
         // MAKE ROWS RESULT
-        for ($s=0; $s < $rpp; $s++) {
+        for ($s=0; $s < min($rpp, mysqli_num_rows($result)); $s++) {
             $row=mysqli_fetch_array($result);
             if (!isset($pk)) {
                 $pk=' ';
diff --git a/core/src/plugins/access.mysql/manifest.xml b/core/src/plugins/access.mysql/manifest.xml
@@ -45,7 +45,7 @@
 					<html><![CDATA[
 						<div style="padding:10px;">
 							<big style="font-weight: bold; font-size: 14px; color:#79f;display: block; text-align:center; padding-bottom:20px;">#{text}</big>
-							<div><b>#{files_string}</b> : #{count}</div>
+							<div>#{files_string} : #{count}</div>
 						</div>
 					]]></html>
 				</infoPanel>
diff --git a/core/src/plugins/access.mysql/mysqlActions.xml b/core/src/plugins/access.mysql/mysqlActions.xml
@@ -50,8 +50,8 @@
 				<serverCallback methodName="switchAction"></serverCallback>
 			</processing>
 		</action>
-		<action name="mkdir">
-			<gui text="sql.1" title="sql.1" src="sql_images/actions/ICON_SIZE/table_new.png" accessKey="folder_access_key" hasAccessKey="false">
+		<action name="mktable">
+			<gui text="sql.1" title="sql.1" iconClass="mdi mdi-folder-plus" accessKey="folder_access_key" hasAccessKey="false">
 				<context selection="false" dir="true" recycle="hidden" actionBar="true" contextMenu="true" infoPanel="false" actionBarGroup="put" inZip="false"/>
 			</gui>
 			<rightsContext noUser="true" userLogged="only" read="true" write="true" adminOnly=""/>
@@ -70,10 +70,10 @@
 				</processing>
 		</action>
 		<action name="mkfile">
-			<gui text="273" title="274" src="sql_images/actions/ICON_SIZE/table_record_new.png" accessKey="file_access_key" hasAccessKey="false">
+			<gui text="273" title="274" iconClass="mdi mdi-file" accessKey="file_access_key" hasAccessKey="false">
 				<context selection="false" dir="true" recycle="hidden"
 					actionBar="true" contextMenu="true" infoPanel="false"
-					actionBarGroup="change" inZip="false" root="false">
+					actionBarGroup="put" inZip="false" root="false">
 				</context></gui>
 			<rightsContext noUser="true" userLogged="only" read="true" write="true" adminOnly=""></rightsContext>
 			<processing>
@@ -97,7 +97,7 @@
 			<gui text="269" title="270" src="sql_images/actions/ICON_SIZE/table_edit.png" accessKey="edit_access_key" hasAccessKey="false">
 				<context selection="false" dir="true" recycle="hidden"
 					actionBar="true" contextMenu="true" infoPanel="true"
-					actionBarGroup="put" inZip="false" root="false">
+					actionBarGroup="change_main" inZip="false" root="false">
 				</context>
 				<selectionContext dir="true" file="true" recycle="false" unique="true" allowedMimes="pk" behaviour="hidden"></selectionContext></gui>
 			<rightsContext noUser="true" userLogged="only" read="true" write="true" adminOnly=""></rightsContext>
@@ -235,10 +235,10 @@
 				</processing>
 		</action>
 		<action name="delete_table">
-			<gui text="271" title="272" src="sql_images/actions/ICON_SIZE/table_delete.png" accessKey="delete_access_key" hasAccessKey="false" specialAccessKey="delete">
+			<gui text="271" title="272" src="sql_images/actions/ICON_SIZE/table_delete.png" iconClass="icon-trash"  accessKey="delete_access_key" hasAccessKey="false" specialAccessKey="delete">
 				<context selection="true" dir="true" recycle="false"
 					actionBar="true" contextMenu="true" infoPanel="false"
-					actionBarGroup="put" inZip="false">
+					actionBarGroup="change_main" inZip="false">
 				</context>
 				<selectionContext dir="true" file="false" recycle="false" unique="false" allowedMimes="*" behaviour="hidden"></selectionContext></gui>
 			<rightsContext noUser="true" userLogged="only" read="true" write="true" adminOnly=""></rightsContext>
diff --git a/core/src/plugins/access.mysql/resources/js/class.SQLEditor.js b/core/src/plugins/access.mysql/resources/js/class.SQLEditor.js
@@ -198,7 +198,7 @@ Class.create("SQLEditor", {
 			addTable.select('td[new="false"]')[0].setStyle({width:'40px'});
 			var addRow = addTable.select('tbody tr')[0];
 			var addButton = new Element('input', {type:'button', value:'Add', className:'dialogButton'});
-			var submitDiv = new Element('div', {className:'dialogButtons'}).insert(addButton);
+			var submitDiv = new Element('div', {className:''}).insert(addButton);
 			var submitRow = new Element('tr').insert(new Element('td', {colspan:"9"}).insert(submitDiv));
 			addRow.insert({after:submitRow});
 			addButton.observe('click', function(e){
