summaryrefslogtreecommitdiffstats
path: root/web/lib
diff options
context:
space:
mode:
Diffstat (limited to 'web/lib')
-rw-r--r--web/lib/aurjson.class.php48
1 files changed, 19 insertions, 29 deletions
diff --git a/web/lib/aurjson.class.php b/web/lib/aurjson.class.php
index bb7344a..50cf6d0 100644
--- a/web/lib/aurjson.class.php
+++ b/web/lib/aurjson.class.php
@@ -83,7 +83,12 @@ class AurJSON {
return json_encode( array('type' => $type, 'results' => $data) );
}
- private function process_query($type, $query) {
+ private function process_query($type, $where_condition) {
+ $fields = implode(',', self::$fields);
+ $query = "SELECT Users.Username as Maintainer, {$fields} " .
+ "FROM Packages LEFT JOIN Users " .
+ "ON Packages.MaintainerUID = Users.ID " .
+ "WHERE ${where_condition}";
$result = db_query($query, $this->dbh);
if ( $result && (mysql_num_rows($result) > 0) ) {
@@ -149,16 +154,13 @@ class AurJSON {
return $this->json_error('Query arg too small');
}
- $fields = implode(',', self::$fields);
$keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
$keyword_string = addcslashes($keyword_string, '%_');
- $query = "SELECT {$fields} " .
- " FROM Packages WHERE " .
- " ( Name LIKE '%{$keyword_string}%' OR " .
- " Description LIKE '%{$keyword_string}%' )";
+ $where_condition = "( Name LIKE '%{$keyword_string}%' OR " .
+ "Description LIKE '%{$keyword_string}%' )";
- return $this->process_query('search', $query);
+ return $this->process_query('search', $where_condition);
}
/**
@@ -167,24 +169,18 @@ class AurJSON {
* @return mixed Returns an array of value data containing the package data
**/
private function info($pqdata) {
- $fields = implode(',', self::$fields);
-
- $base_query = "SELECT {$fields} " .
- " FROM Packages WHERE ";
-
if ( is_numeric($pqdata) ) {
// just using sprintf to coerce the pqd to an int
// should handle sql injection issues, since sprintf will
// bork if not an int, or convert the string to a number 0
- $query_stub = "ID={$pqdata}";
+ $where_condition = "ID={$pqdata}";
}
else {
- $query_stub = sprintf("Name=\"%s\"",
+ $where_condition = sprintf("Name=\"%s\"",
mysql_real_escape_string($pqdata, $this->dbh));
}
- $query = $base_query . $query_stub;
- return $this->process_query('info', $query);
+ return $this->process_query('info', $where_condition);
}
/**
@@ -193,7 +189,6 @@ class AurJSON {
* @return mixed Returns an array of results containing the package data
**/
private function multiinfo($pqdata) {
- $fields = implode(',', self::$fields);
$args = $this->parse_multiinfo_args($pqdata);
$ids = $args['ids'];
$names = $args['names'];
@@ -202,22 +197,21 @@ class AurJSON {
return $this->json_error('Invalid query arguments');
}
- $query = "SELECT {$fields} " .
- " FROM Packages WHERE ";
+ $where_condition = "";
if ($ids) {
$ids_value = implode(',', $args['ids']);
- $query .= "ID IN ({$ids_value})";
+ $where_condition .= "ID IN ({$ids_value})";
}
if ($ids && $names) {
- $query .= " OR ";
+ $where_condition .= " OR ";
}
if ($names) {
// individual names were quoted in parse_multiinfo_args()
$names_value = implode(',', $args['names']);
- $query .= "Name IN ({$names_value})";
+ $where_condition .= "Name IN ({$names_value})";
}
- return $this->process_query('multiinfo', $query);
+ return $this->process_query('multiinfo', $where_condition);
}
/**
@@ -226,15 +220,11 @@ class AurJSON {
* @return mixed Returns an array of value data containing the package data
**/
private function msearch($maintainer) {
- $fields = implode(',', self::$fields);
$maintainer = mysql_real_escape_string($maintainer, $this->dbh);
- $query = "SELECT Users.Username as Maintainer, {$fields} " .
- " FROM Packages, Users WHERE " .
- " Packages.MaintainerUID = Users.ID AND " .
- " Users.Username = '{$maintainer}'";
+ $where_condition = "Users.Username = '{$maintainer}'";
- return $this->process_query('msearch', $query);
+ return $this->process_query('msearch', $where_condition);
}
}