Skip to content

Commit bddaa39

Browse files
MauricioFauthMauricioFauth
committed
Refactor ConfigStorage\RelationCleanup::table()
- Replaces escapeString() with quoteString() Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
1 parent c4a5440 commit bddaa39

File tree

3 files changed

+91
-122
lines changed

3 files changed

+91
-122
lines changed

libraries/classes/ConfigStorage/RelationCleanup.php

Lines changed: 70 additions & 61 deletions
Original file line numberDiff line numberDiff line change
@@ -94,84 +94,93 @@ public function column(string $db, string $table, string $column): void
9494
* @param string $db database name
9595
* @param string $table table name
9696
*/
97-
public function table($db, $table): void
97+
public function table(string $db, string $table): void
9898
{
9999
$relationParameters = $this->relation->getRelationParameters();
100+
$columnCommentsFeature = $relationParameters->columnCommentsFeature;
101+
$displayFeature = $relationParameters->displayFeature;
102+
$pdfFeature = $relationParameters->pdfFeature;
103+
$relationFeature = $relationParameters->relationFeature;
104+
$uiPreferencesFeature = $relationParameters->uiPreferencesFeature;
105+
$navigationItemsHidingFeature = $relationParameters->navigationItemsHidingFeature;
100106

101-
if ($relationParameters->columnCommentsFeature !== null) {
102-
$remove_query = 'DELETE FROM '
103-
. Util::backquote($relationParameters->columnCommentsFeature->database)
104-
. '.' . Util::backquote($relationParameters->columnCommentsFeature->columnInfo)
105-
. ' WHERE db_name = \'' . $this->dbi->escapeString($db) . '\''
106-
. ' AND table_name = \'' . $this->dbi->escapeString($table)
107-
. '\'';
108-
$this->dbi->queryAsControlUser($remove_query);
107+
if ($columnCommentsFeature !== null) {
108+
$statement = sprintf(
109+
'DELETE FROM %s.%s WHERE db_name = %s AND table_name = %s',
110+
Util::backquote($columnCommentsFeature->database),
111+
Util::backquote($columnCommentsFeature->columnInfo),
112+
$this->dbi->quoteString($db),
113+
$this->dbi->quoteString($table),
114+
);
115+
$this->dbi->queryAsControlUser($statement);
109116
}
110117

111-
if ($relationParameters->displayFeature !== null) {
112-
$remove_query = 'DELETE FROM '
113-
. Util::backquote($relationParameters->displayFeature->database)
114-
. '.' . Util::backquote($relationParameters->displayFeature->tableInfo)
115-
. ' WHERE db_name = \'' . $this->dbi->escapeString($db) . '\''
116-
. ' AND table_name = \'' . $this->dbi->escapeString($table)
117-
. '\'';
118-
$this->dbi->queryAsControlUser($remove_query);
118+
if ($displayFeature !== null) {
119+
$statement = sprintf(
120+
'DELETE FROM %s.%s WHERE db_name = %s AND table_name = %s',
121+
Util::backquote($displayFeature->database),
122+
Util::backquote($displayFeature->tableInfo),
123+
$this->dbi->quoteString($db),
124+
$this->dbi->quoteString($table),
125+
);
126+
$this->dbi->queryAsControlUser($statement);
119127
}
120128

121-
if ($relationParameters->pdfFeature !== null) {
122-
$remove_query = 'DELETE FROM '
123-
. Util::backquote($relationParameters->pdfFeature->database)
124-
. '.' . Util::backquote($relationParameters->pdfFeature->tableCoords)
125-
. ' WHERE db_name = \'' . $this->dbi->escapeString($db) . '\''
126-
. ' AND table_name = \'' . $this->dbi->escapeString($table)
127-
. '\'';
128-
$this->dbi->queryAsControlUser($remove_query);
129+
if ($pdfFeature !== null) {
130+
$statement = sprintf(
131+
'DELETE FROM %s.%s WHERE db_name = %s AND table_name = %s',
132+
Util::backquote($pdfFeature->database),
133+
Util::backquote($pdfFeature->tableCoords),
134+
$this->dbi->quoteString($db),
135+
$this->dbi->quoteString($table),
136+
);
137+
$this->dbi->queryAsControlUser($statement);
129138
}
130139

131-
if ($relationParameters->relationFeature !== null) {
132-
$remove_query = 'DELETE FROM '
133-
. Util::backquote($relationParameters->relationFeature->database)
134-
. '.' . Util::backquote($relationParameters->relationFeature->relation)
135-
. ' WHERE master_db = \'' . $this->dbi->escapeString($db)
136-
. '\''
137-
. ' AND master_table = \'' . $this->dbi->escapeString($table)
138-
. '\'';
139-
$this->dbi->queryAsControlUser($remove_query);
140+
if ($relationFeature !== null) {
141+
$statement = sprintf(
142+
'DELETE FROM %s.%s WHERE master_db = %s AND master_table = %s',
143+
Util::backquote($relationFeature->database),
144+
Util::backquote($relationFeature->relation),
145+
$this->dbi->quoteString($db),
146+
$this->dbi->quoteString($table),
147+
);
148+
$this->dbi->queryAsControlUser($statement);
140149

141-
$remove_query = 'DELETE FROM '
142-
. Util::backquote($relationParameters->relationFeature->database)
143-
. '.' . Util::backquote($relationParameters->relationFeature->relation)
144-
. ' WHERE foreign_db = \'' . $this->dbi->escapeString($db)
145-
. '\''
146-
. ' AND foreign_table = \'' . $this->dbi->escapeString($table)
147-
. '\'';
148-
$this->dbi->queryAsControlUser($remove_query);
150+
$statement = sprintf(
151+
'DELETE FROM %s.%s WHERE foreign_db = %s AND foreign_table = %s',
152+
Util::backquote($relationFeature->database),
153+
Util::backquote($relationFeature->relation),
154+
$this->dbi->quoteString($db),
155+
$this->dbi->quoteString($table),
156+
);
157+
$this->dbi->queryAsControlUser($statement);
149158
}
150159

151-
if ($relationParameters->uiPreferencesFeature !== null) {
152-
$remove_query = 'DELETE FROM '
153-
. Util::backquote($relationParameters->uiPreferencesFeature->database)
154-
. '.' . Util::backquote($relationParameters->uiPreferencesFeature->tableUiPrefs)
155-
. ' WHERE db_name = \'' . $this->dbi->escapeString($db) . '\''
156-
. ' AND table_name = \'' . $this->dbi->escapeString($table)
157-
. '\'';
158-
$this->dbi->queryAsControlUser($remove_query);
160+
if ($uiPreferencesFeature !== null) {
161+
$statement = sprintf(
162+
'DELETE FROM %s.%s WHERE db_name = %s AND table_name = %s',
163+
Util::backquote($uiPreferencesFeature->database),
164+
Util::backquote($uiPreferencesFeature->tableUiPrefs),
165+
$this->dbi->quoteString($db),
166+
$this->dbi->quoteString($table),
167+
);
168+
$this->dbi->queryAsControlUser($statement);
159169
}
160170

161-
if ($relationParameters->navigationItemsHidingFeature === null) {
171+
if ($navigationItemsHidingFeature === null) {
162172
return;
163173
}
164174

165-
$remove_query = 'DELETE FROM '
166-
. Util::backquote($relationParameters->navigationItemsHidingFeature->database)
167-
. '.' . Util::backquote($relationParameters->navigationItemsHidingFeature->navigationHiding)
168-
. ' WHERE db_name = \'' . $this->dbi->escapeString($db) . '\''
169-
. ' AND (table_name = \'' . $this->dbi->escapeString($table)
170-
. '\''
171-
. ' OR (item_name = \'' . $this->dbi->escapeString($table)
172-
. '\''
173-
. ' AND item_type = \'table\'))';
174-
$this->dbi->queryAsControlUser($remove_query);
175+
$statement = sprintf(
176+
'DELETE FROM %s.%s WHERE db_name = %s AND (table_name = %s OR (item_name = %s AND item_type = \'table\'))',
177+
Util::backquote($navigationItemsHidingFeature->database),
178+
Util::backquote($navigationItemsHidingFeature->navigationHiding),
179+
$this->dbi->quoteString($db),
180+
$this->dbi->quoteString($table),
181+
$this->dbi->quoteString($table),
182+
);
183+
$this->dbi->queryAsControlUser($statement);
175184
}
176185

177186
/**

psalm-baseline.xml

Lines changed: 0 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1401,21 +1401,6 @@
14011401
<code>escapeString</code>
14021402
<code>escapeString</code>
14031403
<code>escapeString</code>
1404-
<code>escapeString</code>
1405-
<code>escapeString</code>
1406-
<code>escapeString</code>
1407-
<code>escapeString</code>
1408-
<code>escapeString</code>
1409-
<code>escapeString</code>
1410-
<code>escapeString</code>
1411-
<code>escapeString</code>
1412-
<code>escapeString</code>
1413-
<code>escapeString</code>
1414-
<code>escapeString</code>
1415-
<code>escapeString</code>
1416-
<code>escapeString</code>
1417-
<code>escapeString</code>
1418-
<code>escapeString</code>
14191404
</DeprecatedMethod>
14201405
</file>
14211406
<file src="libraries/classes/ConfigStorage/UserGroups.php">
@@ -16236,7 +16221,6 @@
1623616221
<DeprecatedMethod>
1623716222
<code>withConsecutive</code>
1623816223
<code>withConsecutive</code>
16239-
<code>withConsecutive</code>
1624016224
</DeprecatedMethod>
1624116225
</file>
1624216226
<file src="test/classes/ConfigStorage/RelationTest.php">

test/classes/ConfigStorage/RelationCleanupTest.php

Lines changed: 21 additions & 45 deletions
Original file line numberDiff line numberDiff line change
@@ -78,8 +78,8 @@ public function testTableWithoutRelations(): void
7878

7979
public function testTableWithRelations(): void
8080
{
81-
$_SESSION['relation'] = [];
82-
$_SESSION['relation'][$GLOBALS['server']] = RelationParameters::fromArray([
81+
$relation = $this->createStub(Relation::class);
82+
$relation->method('getRelationParameters')->willReturn(RelationParameters::fromArray([
8383
'user' => 'user',
8484
'db' => 'pmadb',
8585
'commwork' => true,
@@ -95,51 +95,27 @@ public function testTableWithRelations(): void
9595
'pdf_pages' => 'pdf_pages',
9696
'table_uiprefs' => 'table_uiprefs',
9797
'navigationhiding' => 'navigationhiding',
98-
])->toArray();
98+
]));
9999

100-
$dbi = $this->createPartialMock(DatabaseInterface::class, ['queryAsControlUser']);
101-
$dbi->expects($this->exactly(7))
102-
->method('queryAsControlUser')
103-
->withConsecutive(
104-
[
105-
$this->equalTo(
106-
"DELETE FROM `pmadb`.`column_info` WHERE db_name = 'database' AND table_name = 'table'"
107-
),
108-
],
109-
[
110-
$this->equalTo(
111-
"DELETE FROM `pmadb`.`table_info` WHERE db_name = 'database' AND table_name = 'table'"
112-
),
113-
],
114-
[
115-
$this->equalTo(
116-
"DELETE FROM `pmadb`.`table_coords` WHERE db_name = 'database' AND table_name = 'table'"
117-
),
118-
],
119-
[
120-
$this->equalTo(
121-
"DELETE FROM `pmadb`.`relation` WHERE master_db = 'database' AND master_table = 'table'"
122-
),
123-
],
124-
[
125-
$this->equalTo(
126-
"DELETE FROM `pmadb`.`relation` WHERE foreign_db = 'database' AND foreign_table = 'table'"
127-
),
128-
],
129-
[
130-
$this->equalTo(
131-
"DELETE FROM `pmadb`.`table_uiprefs` WHERE db_name = 'database' AND table_name = 'table'"
132-
),
133-
],
134-
[
135-
$this->equalTo(
136-
"DELETE FROM `pmadb`.`navigationhiding` WHERE db_name = 'database' AND"
137-
. " (table_name = 'table' OR (item_name = 'table' AND item_type = 'table'))"
138-
),
139-
]
140-
);
100+
$dbi = $this->createMock(DatabaseInterface::class);
101+
$dbi->expects($this->any())->method('quoteString')
102+
->will($this->returnCallback(static fn (string $string): string => "'" . $string . "'"));
103+
$result = $this->createStub(ResultInterface::class);
104+
$dbi->expects($this->exactly(7))->method('queryAsControlUser')->willReturnMap([
105+
["DELETE FROM `pmadb`.`column_info` WHERE db_name = 'database' AND table_name = 'table'", $result],
106+
["DELETE FROM `pmadb`.`table_info` WHERE db_name = 'database' AND table_name = 'table'", $result],
107+
["DELETE FROM `pmadb`.`table_coords` WHERE db_name = 'database' AND table_name = 'table'", $result],
108+
["DELETE FROM `pmadb`.`relation` WHERE master_db = 'database' AND master_table = 'table'", $result],
109+
["DELETE FROM `pmadb`.`relation` WHERE foreign_db = 'database' AND foreign_table = 'table'", $result],
110+
["DELETE FROM `pmadb`.`table_uiprefs` WHERE db_name = 'database' AND table_name = 'table'", $result],
111+
[
112+
"DELETE FROM `pmadb`.`navigationhiding` WHERE db_name = 'database' AND"
113+
. " (table_name = 'table' OR (item_name = 'table' AND item_type = 'table'))",
114+
$result,
115+
],
116+
]);
141117

142-
(new RelationCleanup($dbi, new Relation($dbi)))->table('database', 'table');
118+
(new RelationCleanup($dbi, $relation))->table('database', 'table');
143119
}
144120

145121
public function testDatabaseWithoutRelations(): void

0 commit comments

Comments
 (0)