From 816f381791ed2fb993bcb070aac483bf15d36ea8 Mon Sep 17 00:00:00 2001 From: icewing Date: Wed, 28 May 2008 11:02:14 +0000 Subject: Marcus Povey * Fixed ACL where "where" is missing * Added catch for exceptions git-svn-id: https://code.elgg.org/elgg/trunk@733 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/database.php | 117 +++++++++++++++++++++++++++--------------------- 1 file changed, 65 insertions(+), 52 deletions(-) (limited to 'engine') diff --git a/engine/lib/database.php b/engine/lib/database.php index 6b8db1956..1cc348574 100644 --- a/engine/lib/database.php +++ b/engine/lib/database.php @@ -444,67 +444,80 @@ $sql = ""; - // Query prefix & fields - if (!empty($this->query_type)) - { - $sql .= "{$this->query_type} "; - - if (!empty($this->fields)) + try + { + // Query prefix & fields + if (!empty($this->query_type)) { - $fields = ""; + $sql .= "{$this->query_type} "; - foreach ($this->fields as $field) - $fields .= "$field"; + if (!empty($this->fields)) + { + $fields = ""; + + foreach ($this->fields as $field) + $fields .= "$field"; + + $sql .= " $fields from "; + } + } + else + throw new DatabaseException("Unrecognised or unspecified query type."); + + // Tables + if (!empty($this->tables)) + { + foreach($this->tables as $table) + $sql .= "$table, "; + + $sql = trim($sql, ", "); + } + + // Joins on select queries + if ($this->query_type->query_type == 'select') + { + if (!empty($this->joins)) + { + foreach($this->joins as $join) + $sql .= "$join "; + } + } + + // Where + if (!empty($this->where)) + { + $sql .= "where 1 "; - $sql .= " $fields from "; + foreach ($this->where as $where) + $sql .= "$where "; } - } - else - throw new DatabaseException("Unrecognised or unspecified query type."); + + // Access control + if (!empty($this->access_control)) + { + + // Catch missing Where + if (empty($this->where)) + $sql .= "where 1 "; - // Tables - if (!empty($this->tables)) - { - foreach($this->tables as $table) - $sql .= "$table, "; + $sql .= "{$this->access_control} "; + } + else + throw new DatabaseException("No access control was provided on query"); - $sql = trim($sql, ", "); - } - - // Joins on select queries - if ($this->query_type->query_type == 'select') - { - if (!empty($this->joins)) - { - foreach($this->joins as $join) - $sql .= "$join "; - } - } - - // Where - if (!empty($this->where)) - { - $sql .= "where 1 "; + // Limits + if (!empty($this->limit_and_offset)) + $sql .= "{$this->limit_and_offset} "; - foreach ($this->where as $where) - $sql .= "$where "; - } - - // Access control - if (!empty($this->access_control)) - $sql .= "{$this->access_control} "; - else - throw DatabaseException("No access control was provided on query"); + // Order by + if (!empty($this->order)) + $sql .= $this->order; - // Limits - if (!empty($this->limit_and_offset)) - $sql .= "{$this->limit_and_offset} "; - - // Order by - if (!empty($this->order)) - $sql .= $this->order; - + } catch (Exception $e) { + trigger_error($e, E_USER_WARNING); + } + return $sql; } -- cgit v1.2.3