OpencachingDeutschland/oc-server3
1
0
Fork 0
Code Issues Pull Requests Releases Activity

okapi r694

Browse Source
This commit is contained in:
following 2013-04-09 16:54:36 +02:00
parent b5f94644a8
commit d3510b9174
16 changed files with 73 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/okapi/core.php
View File

@ -778,7 +778,7 @@ class Okapi
{
public static $data_store;
public static $server;
public static $revision = 672; # This gets replaced in automatically deployed packages
public static $revision = 694; # This gets replaced in automatically deployed packages
private static $okapi_vars = null;
/** Get a variable stored in okapi_vars. If variable not found, return $default. */
@ -1716,10 +1716,10 @@ class Cache
# just replace it with a big value.
$timeout = 100*365*86400;
}
$entries = array();
$entries_escaped = array();
foreach ($dict as $key => $value)
{
$entries[] = "(
$entries_escaped[] = "(
'".mysql_real_escape_string($key)."',
'".mysql_real_escape_string(gzdeflate(serialize($value)))."',
date_add(now(), interval '".mysql_real_escape_string($timeout)."' second)
@ -1727,7 +1727,7 @@ class Cache
}
Db::execute("
replace into okapi_cache (`key`, value, expires)
values ".implode(", ", $entries)."
values ".implode(", ", $entries_escaped)."
");
}

20
htdocs/okapi/cronjobs.php
View File

@ -308,7 +308,7 @@ class CacheCleanupCronJob extends Cron5Job
Db::execute("
update okapi_cache
set score = score * $multiplier
set score = score * '".mysql_real_escape_string($multiplier)."'
where score is not null
");
Db::execute("
@ -333,7 +333,7 @@ class CacheCleanupCronJob extends Cron5Job
delete from okapi_cache
where
score is not null
and score < $limit
and score < '".mysql_real_escape_string($limit)."'
");
Db::query("optimize table okapi_cache");
@ -385,18 +385,18 @@ class StatsWriterCronJob extends PrerequestCronJob
'".mysql_real_escape_string($row['user_id'])."',
'".mysql_real_escape_string($row['period_start'])."',
'".mysql_real_escape_string($row['service_name'])."',
".$row['calls'].",
".(($row['calltype'] == 'http') ? $row['calls'] : 0).",
".$row['runtime'].",
".(($row['calltype'] == 'http') ? $row['runtime'] : 0)."
'".mysql_real_escape_string($row['calls'])."',
'".mysql_real_escape_string(($row['calltype'] == 'http') ? $row['calls'] : 0)."',
'".mysql_real_escape_string($row['runtime'])."',
'".mysql_real_escape_string(($row['calltype'] == 'http') ? $row['runtime'] : 0)."'
)
on duplicate key update
".(($row['calltype'] == 'http') ? "
http_calls = http_calls + ".$row['calls'].",
http_runtime = http_runtime + ".$row['runtime'].",
http_calls = http_calls + '".mysql_real_escape_string($row['calls'])."',
http_runtime = http_runtime + '".mysql_real_escape_string($row['runtime'])."',
" : "")."
total_calls = total_calls + ".$row['calls'].",
total_runtime = total_runtime + ".$row['runtime']."
total_calls = total_calls + '".mysql_real_escape_string($row['calls'])."',
total_runtime = total_runtime + '".mysql_real_escape_string($row['runtime'])."'
");
}
Db::execute("delete from okapi_stats_temp;");

6
htdocs/okapi/services/attrs/info.xml
View File

@ -2,11 +2,11 @@
<brief>ALPHA: Get the list of all cache attributes</brief>
<issue-id>194</issue-id>
<desc>
This method is in its ALPHA stage. It's signature will most probably
change, or it might be removed altogether. You should not use it!
This method is in its ALPHA stage. It's signature WILL change, or it
might be removed altogether. You should not use it!
</desc>
<common-format-params/>
<returns>
Not yet documented. You should not use this method.
Not yet documented. You should not use this method!
</returns>
</xml>

2
htdocs/okapi/services/caches/formatters/gpx.xml
View File

@ -41,7 +41,7 @@
</opt>
<opt name='ns_ox' default='false'>
Boolean. If <b>true</b> then response will include Garmin's
<a href='http://www.opencaching.com/xmlschemas/opencaching/1/0/opencaching.xsd'>Opencaching.com
<a href='http://www.opencaching.com/xmlschemas/opencaching/1/0/opencaching.xsd'>OpenCaching.com
GPX extension</a>. This namespace declares an extra &lt;opencaching&gt; element
used by <a href='http://www.opencaching.com/'>Garmin's Opencaching.com</a>.
The element includes information on cache difficulty, ratings, tags and images.

14
htdocs/okapi/services/caches/geocache.xml
View File

@ -192,12 +192,14 @@
</ul>
</li>
<li>
<p><b>preview_image</b> - This is either <b>null</b> or a dictionary describing
an image, which has been marked by the owner as <em>preview image</em>. You are
encouraged to display it as a 'teaser' for this cache.
The structure of the dictionary is the same as in the <b>images</b> field above.</p>
<p>The preview image is no additional image but one of those which
are included in the <b>images</b> list.</p>
<p><b>preview_image</b> - On some installations, owners may select one of the <b>images</b>
(see above) as a preview image. You are encouraged to display it as a 'teaser'
for this cache. On other installations this functionality is disabled and you
will always get the <b>null</b> value here.</p>
<p>The value of <b>preview_image</b> is either <b>null</b> or a dictionary describing
an image. The structure of this dictionary is the same as of a single entry on
the <b>images</b> list described above.</p>
</li>
<li>
<p><b>attrnames</b> - list of names of attributes of the cache; the language will

14
htdocs/okapi/services/caches/geocaches.php
View File

@ -179,8 +179,8 @@ class WebService
# PL branch:
# - Caches have ratings.
# - Total numbers of found and notfounds are kept in the "caches" table.
# - search_time is round trip and way_length one way; both can be null;
# 0 or null = not specified
# - search_time is round trip and way_length one way or both ways (this is different on OCDE!);
# both can be null; 0 or null = not specified
$rs = Db::query("
select
@ -188,7 +188,7 @@ class WebService
c.date_created, c.type, c.status, c.date_hidden, c.size, c.difficulty,
c.terrain, c.wp_oc, c.logpw, c.user_id,
if(c.search_time=0, null, c.search_time) as trip_time,
if(c.way_length=0, null, 2*c.way_length) as trip_distance,
if(c.way_length=0, null, c.way_length) as trip_distance,
c.topratings,
c.founds,
@ -850,17 +850,13 @@ class WebService
# Country and/or state.
if (Settings::get('OC_BRANCH') == 'oc.de')
$cache_location_state = 'adm2';
else
$cache_location_state = 'adm3';
if (in_array('country', $fields) || in_array('state', $fields))
{
$rs = Db::query("
select
c.wp_oc as cache_code,
cl.adm1 as country,
cl.".$cache_location_state." as state
cl.".((Settings::get('OC_BRANCH') == 'oc.de') ? 'adm2' : 'adm3')." as state
from
caches c,
cache_location cl
@ -1016,6 +1012,8 @@ class WebService
}
else
{
# OC.de wants the tld in lowercase here
$site_name = ucfirst(strtolower($site_name));
if ($type == 'full')
{
$note = sprintf(

14
htdocs/okapi/services/caches/map/replicate_listener.inc.php
View File

@ -174,17 +174,17 @@ class ReplicateListener
# Most of these tiles aren't cached at all. We need to update
# only the cached ones.
$alternatives = array();
$alternatives_escaped = array();
foreach ($tiles_to_update as $coords)
{
list($z, $x, $y) = $coords;
$alternatives[] = "(
$alternatives_escaped[] = "(
z = '".mysql_real_escape_string($z)."'
and x = '".mysql_real_escape_string($x)."'
and y = '".mysql_real_escape_string($y)."'
)";
}
if (count($alternatives) > 0)
if (count($alternatives_escaped) > 0)
{
Db::execute("
replace into okapi_tile_caches (
@ -197,11 +197,11 @@ class ReplicateListener
'".mysql_real_escape_string($row[2])."',
'".mysql_real_escape_string($row[3])."',
'".mysql_real_escape_string($row[4])."',
".(($row[5] === null) ? "null" : $row[5]).",
".(($row[5] === null) ? "null" : "'".mysql_real_escape_string($row[5])."'").",
'".mysql_real_escape_string($row[6])."'
from okapi_tile_status
where
(".implode(" or ", $alternatives).")
(".implode(" or ", $alternatives_escaped).")
and status in (1,2)
");
@ -212,7 +212,7 @@ class ReplicateListener
update okapi_tile_status
set status=2
where
(".implode(" or ", $alternatives).")
(".implode(" or ", $alternatives_escaped).")
and status=1
");
}
@ -231,7 +231,7 @@ class ReplicateListener
set
status = '".mysql_real_escape_string($row[3])."',
type = '".mysql_real_escape_string($row[4])."',
rating = ".(($row[5] === null) ? "null" : $row[5]).",
rating = ".(($row[5] === null) ? "null" : "'".mysql_real_escape_string($row[5])."'").",
flags = '".mysql_real_escape_string($row[6])."'
where
cache_id = '".mysql_real_escape_string($row[0])."'

19
htdocs/okapi/services/caches/map/tiletree.inc.php
View File

@ -83,27 +83,30 @@ class TileTree
$tile_upper_x = $x << 8;
$tile_leftmost_y = $y << 8;
$zoom_escaped = "'".mysql_real_escape_string($zoom)."'";
$tile_upper_x_escaped = "'".mysql_real_escape_string($tile_upper_x)."'";
$tile_leftmost_y_escaped = "'".mysql_real_escape_string($tile_leftmost_y)."'";
return Db::query("
select
otc.cache_id,
cast(otc.z21x >> (21 - $zoom) as signed) - $tile_upper_x as px,
cast(otc.z21y >> (21 - $zoom) as signed) - $tile_leftmost_y as py,
cast(otc.z21x >> (21 - $zoom_escaped) as signed) - $tile_upper_x_escaped as px,
cast(otc.z21y >> (21 - $zoom_escaped) as signed) - $tile_leftmost_y_escaped as py,
otc.status, otc.type, otc.rating, otc.flags, count(*)
from
okapi_tile_caches otc,
okapi_search_results osr
where
z = '".mysql_real_escape_string($zoom)."'
z = $zoom_escaped
and x = '".mysql_real_escape_string($x)."'
and y = '".mysql_real_escape_string($y)."'
and otc.cache_id = osr.cache_id
and osr.set_id = '".mysql_real_escape_string($set_id)."'
group by
z21x >> (3 + (21 - $zoom)),
z21y >> (3 + (21 - $zoom))
z21x >> (3 + (21 - $zoom_escaped)),
z21y >> (3 + (21 - $zoom_escaped))
order by
z21y >> (3 + (21 - $zoom)),
z21x >> (3 + (21 - $zoom))
z21y >> (3 + (21 - $zoom_escaped)),
z21x >> (3 + (21 - $zoom_escaped))
");
}
@ -161,7 +164,7 @@ class TileTree
'".mysql_real_escape_string($row[2])."',
'".mysql_real_escape_string($row[3])."',
'".mysql_real_escape_string($row[4])."',
".(($row[5] === null) ? "null" : $row[5]).",
".(($row[5] === null) ? "null" : "'".mysql_real_escape_string($row[5])."'").",
'".mysql_real_escape_string($row[6])."'
);
");

4
htdocs/okapi/services/caches/search/save.php
View File

@ -80,6 +80,10 @@ class WebService
return Okapi::formatted_response($request, $result);
}
/**
* Important: YOU HAVE TO make sure $tables and $where_conds don't contain
* unescaped user-supplied data!
*/
public static function get_set($tables, $where_conds, $min_store, $ref_max_age)
{
# Compute the "params hash".

3
htdocs/okapi/services/caches/search/searching.inc.php
View File

@ -570,6 +570,9 @@ class SearchAssistant
* the query,
* - order_by - list or SQL clauses to be used with ORDER BY,
* - limit - maximum number of cache codes to be returned.
*
* Important: YOU HAVE TO make sure that all options are properly sanitized
* for SQL queries! I.e. they cannot contain unescaped user-supplied data.
*/
public static function get_common_search_result($options)
{

6
htdocs/okapi/services/logs/entry.xml
View File

@ -14,8 +14,10 @@
<li><b>cache_code</b> - code of the cache which the log entry refers to,</li>
<li>
<p><b>date</b> - date and time (ISO 8601) when the log entry was submitted.</p>
<p>Note, that some Opencaching servers don't store the exact times along
with the log entries.</p>
<p>Please note that log entries often contain dates only (with the times
truncated to midnight, as in the local timezone). In such cases, you may
want to avoid displaying the time. You may assume that if the <b>date</b>
value contains the "00:00:00" string, then it is date-only.</p>
</li>
<li>
<p><b>user</b> - a dictionary:</p>

12
htdocs/okapi/services/logs/submit.php
View File

@ -100,7 +100,7 @@ class WebService
throw new InvalidParam('recommend', "Unknown option: '$recommend'.");
$recommend = ($recommend == 'true');
if ($recommend && $logtype != 'Found it')
throw new BadRequest(_("Recommending is allowed only for 'Found it' logtypes."));
throw new BadRequest("Recommending is allowed only for 'Found it' logtypes.");
$needs_maintenance = $request->get_parameter('needs_maintenance');
if (!$needs_maintenance) $needs_maintenance = 'false';
@ -165,10 +165,6 @@ class WebService
if ($comment_format == 'plaintext')
{
# If we would like to be compatible with old OCDE/OC.nl installation,
# "$comment_format == 'auto'" should go here, too. But we must choose
# to resemble either old OCDE or OCPL behaviour and opt for OCPL compatibility.
$formatted_comment = htmlspecialchars($comment, ENT_QUOTES);
$formatted_comment = nl2br($formatted_comment);
$value_for_text_html_field = 0;
@ -177,9 +173,9 @@ class WebService
{
if ($comment_format == 'auto')
{
# This does not make sense on HTML comments, but it resembles the
# OCPL implementation and is needed for full compatibility with existing
# OKAPI clients.
# 'Auto' is for backward compatibility. Before the "comment_format"
# was introduced, OKAPI used a weird format in between (it allowed
# HTML, but applied nl2br too).
$formatted_comment = nl2br($comment);
}

2
htdocs/okapi/services/logs/submit.xml
View File

@ -18,7 +18,7 @@
</opt>
<opt name='comment_format' default='auto'>
<p>Indicates the format of your <b>comment</b>. Three values allowed:
<b>auto</b>, <b>html</b> or <b>plaintext</b>. Usually, you should not
<b>auto</b>, <b>html</b> or <b>plaintext</b>. Usually, you should <b>not</b>
use the <b>auto</b> option, because its exact behavior is unspecified
and may depend on the installation
(<a href='https://code.google.com/p/opencaching-api/issues/detail?id=124'>more info</a>).</p>

6
htdocs/okapi/services/logs/userlogs.xml
View File

@ -23,8 +23,10 @@
<li><b>uuid</b> - ID of the log entry,</li>
<li>
<p><b>date</b> - date and time (ISO 8601) when the log entry was submitted.</p>
<p>Note, that some Opencaching servers don't store the exact times along
with the log entries.</p>
<p>Please note that log entries often contain dates only (with the times
truncated to midnight, as in the local timezone). In such cases, you may
want to avoid displaying the time. You may assume that if the <b>date</b>
value contains the "00:00:00" string, then it is date-only.</p>
</li>
<li><b>cache_code</b> - code of the geocache,</li>
<li>

3
htdocs/okapi/views/devel/dbstruct.php
View File

@ -27,7 +27,8 @@ class View
$user = Settings::get('DB_USERNAME');
$password = Settings::get('DB_PASSWORD');
$dbname = Settings::get('DB_NAME');
$struct = shell_exec("mysqldump --no-data -u$user -p$password $dbname");
$dbserver = Settings::get('DB_SERVER');
$struct = shell_exec("mysqldump --no-data -h$dbserver -u$user -p$password $dbname");
# Remove the "AUTO_INCREMENT=..." values. They break the diffs.

2
htdocs/okapi/views/update.php
View File

@ -146,7 +146,7 @@ class View
where
sh.consumer_key = c.`key`
and sh.service_name in ('".implode("','", array_map('mysql_real_escape_string', $service_names))."')
".(($days != null) ? "and sh.period_start > date_add(now(), interval -".$days." day)" : "")."
".(($days != null) ? "and sh.period_start > date_add(now(), interval '".mysql_real_escape_string(-$days)."' day)" : "")."
");
}