From eaefcf9de7a1acb702edb9387445b188e9d447e8 Mon Sep 17 00:00:00 2001 From: Michael Vogel Date: Sun, 3 Nov 2013 02:07:44 +0100 Subject: [PATCH] All subqueries in tag searches are now reformed. Further SQL improvements --- include/plugin.php | 10 +++++----- mod/content.php | 11 ++++++++--- mod/item.php | 42 +++++++++++++++++++++--------------------- mod/network.php | 17 ++++++++++++----- mod/search.php | 15 +++++++++++---- 5 files changed, 57 insertions(+), 38 deletions(-) diff --git a/include/plugin.php b/include/plugin.php index 0f0ad9d964..a706dcf51c 100644 --- a/include/plugin.php +++ b/include/plugin.php @@ -42,7 +42,7 @@ function install_plugin($plugin) { // This way the system won't fall over dead during the update. if(file_exists('addon/' . $plugin . '/.hidden')) { - q("update addon set hidden = 1 where name = '%s' limit 1", + q("update addon set hidden = 1 where name = '%s'", dbesc($plugin) ); } @@ -92,7 +92,7 @@ function reload_plugins() { $func = $pl . '_install'; $func(); } - q("UPDATE `addon` SET `timestamp` = %d WHERE `id` = %d LIMIT 1", + q("UPDATE `addon` SET `timestamp` = %d WHERE `id` = %d", intval($t), intval($i['id']) ); @@ -104,7 +104,7 @@ function reload_plugins() { } }} - + @@ -132,7 +132,7 @@ function register_hook($hook,$file,$function,$priority=0) { if(! function_exists('unregister_hook')) { function unregister_hook($hook,$file,$function) { - $r = q("DELETE FROM `hook` WHERE `hook` = '%s' AND `file` = '%s' AND `function` = '%s' LIMIT 1", + $r = q("DELETE FROM `hook` WHERE `hook` = '%s' AND `file` = '%s' AND `function` = '%s'", dbesc($hook), dbesc($file), dbesc($function) @@ -175,7 +175,7 @@ function call_hooks($name, &$data = null) { } else { // remove orphan hooks - q("delete from hook where hook = '%s' and file = '%s' and function = '%s' limit 1", + q("delete from hook where hook = '%s' and file = '%s' and function = '%s'", dbesc($name), dbesc($hook[0]), dbesc($hook[1]) diff --git a/mod/content.php b/mod/content.php index 06f5d58b22..6deee57a5b 100644 --- a/mod/content.php +++ b/mod/content.php @@ -191,9 +191,14 @@ function content_content(&$a, $update = 0) { }*/ if($tag) { - $sql_extra = sprintf(" AND `term`.`term` = '%s' AND `term`.`otype` = %d AND `term`.`type` = %d ", - dbesc(protect_sprintf($search)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG)); - $sql_table = "`term` LEFT JOIN `item` ON `item`.`id` = `term`.`oid` AND `item`.`uid` = `term`.`uid` "; + //$sql_extra = sprintf(" AND `term`.`term` = '%s' AND `term`.`otype` = %d AND `term`.`type` = %d ", + // dbesc(protect_sprintf($search)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG)); + //$sql_table = "`term` LEFT JOIN `item` ON `item`.`id` = `term`.`oid` AND `item`.`uid` = `term`.`uid` "; + + $sql_extra = ""; + $sql_table = sprintf("`item` INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ", + dbesc(protect_sprintf($search)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG), intval(local_user())); + } else { if (get_config('system','use_fulltext_engine')) $sql_extra = sprintf(" AND MATCH (`item`.`body`, `item`.`title`) AGAINST ('%s' in boolean mode) ", dbesc(protect_sprintf($search))); diff --git a/mod/item.php b/mod/item.php index 57a9680e96..14acc5d0f3 100644 --- a/mod/item.php +++ b/mod/item.php @@ -106,7 +106,7 @@ function item_post(&$a) { if(($r === false) || (! count($r))) { notice( t('Unable to locate original post.') . EOL); - if(x($_REQUEST,'return')) + if(x($_REQUEST,'return')) goaway($a->get_baseurl() . "/" . $return_path ); killme(); } @@ -157,7 +157,7 @@ function item_post(&$a) { if((! can_write_wall($a,$profile_uid)) && (! $allow_moderated)) { notice( t('Permission denied.') . EOL) ; - if(x($_REQUEST,'return')) + if(x($_REQUEST,'return')) goaway($a->get_baseurl() . "/" . $return_path ); killme(); } @@ -275,10 +275,10 @@ function item_post(&$a) { if($parent_item) { $private = 0; - if(($parent_item['private']) - || strlen($parent_item['allow_cid']) - || strlen($parent_item['allow_gid']) - || strlen($parent_item['deny_cid']) + if(($parent_item['private']) + || strlen($parent_item['allow_cid']) + || strlen($parent_item['allow_gid']) + || strlen($parent_item['deny_cid']) || strlen($parent_item['deny_gid'])) { $private = (($parent_item['private']) ? $parent_item['private'] : 1); } @@ -288,7 +288,7 @@ function item_post(&$a) { $str_contact_deny = $parent_item['deny_cid']; $str_group_deny = $parent_item['deny_gid']; } - + $pubmail_enable = ((x($_REQUEST,'pubmail_enable') && intval($_REQUEST['pubmail_enable']) && (! $private)) ? 1 : 0); // if using the API, we won't see pubmail_enable - figure out if it should be set @@ -308,7 +308,7 @@ function item_post(&$a) { if($preview) killme(); info( t('Empty post discarded.') . EOL ); - if(x($_REQUEST,'return')) + if(x($_REQUEST,'return')) goaway($a->get_baseurl() . "/" . $return_path ); killme(); } @@ -361,7 +361,7 @@ function item_post(&$a) { break; } } - } + } if($contact_id) { $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", intval($contact_id) @@ -375,7 +375,7 @@ function item_post(&$a) { } // get contact info for owner - + if($profile_uid == local_user()) { $contact_record = $author; } @@ -400,7 +400,7 @@ function item_post(&$a) { /** * - * When a photo was uploaded into the message using the (profile wall) ajax + * When a photo was uploaded into the message using the (profile wall) ajax * uploader, The permissions are initially set to disallow anybody but the * owner from seeing it. This is because the permissions may not yet have been * set for the post. If it's private, the photo permissions should be set @@ -433,7 +433,7 @@ function item_post(&$a) { if(! count($r)) continue; - + $r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource-id` = '%s' AND `uid` = %d AND `album` = '%s' ", @@ -445,7 +445,7 @@ function item_post(&$a) { intval($profile_uid), dbesc( t('Wall Photos')) ); - + } } } @@ -464,10 +464,10 @@ function item_post(&$a) { $r = q("SELECT * FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), intval($attach) - ); + ); if(count($r)) { $r = q("UPDATE `attach` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' - WHERE `uid` = %d AND `id` = %d LIMIT 1", + WHERE `uid` = %d AND `id` = %d", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), @@ -555,7 +555,7 @@ function item_post(&$a) { // we tagged a private forum in a top level post and the message was public. // Restrict it. $private = 1; - $str_contact_allow = '<' . $private_id . '>'; + $str_contact_allow = '<' . $private_id . '>'; } $attachments = ''; @@ -683,7 +683,7 @@ function item_post(&$a) { if($orig_post) { - $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `attach` = '%s', `file` = '%s', `edited` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", + $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `attach` = '%s', `file` = '%s', `edited` = '%s' WHERE `id` = %d AND `uid` = %d", dbesc($datarray['title']), dbesc($datarray['body']), dbesc($datarray['tag']), @@ -786,7 +786,7 @@ function item_post(&$a) { // Inherit ACL's from the parent item. $r = q("UPDATE `item` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `private` = %d - WHERE `id` = %d LIMIT 1", + WHERE `id` = %d", dbesc($parent_item['allow_cid']), dbesc($parent_item['allow_gid']), dbesc($parent_item['deny_cid']), @@ -849,7 +849,7 @@ function item_post(&$a) { $parent = $post_id; $r = q("UPDATE `item` SET `parent` = %d, `parent-uri` = '%s', `plink` = '%s', `changed` = '%s', `last-child` = 1, `visible` = 1 - WHERE `id` = %d LIMIT 1", + WHERE `id` = %d", intval($parent), dbesc(($parent == $post_id) ? $uri : $parent_item['uri']), dbesc($a->get_baseurl() . '/display/' . $user['nickname'] . '/' . $post_id), @@ -862,7 +862,7 @@ function item_post(&$a) { // They will show up as people comment on them. if(! $parent_item['visible']) { - $r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d LIMIT 1", + $r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d", intval($parent_item['id']) ); } @@ -876,7 +876,7 @@ function item_post(&$a) { // update the commented timestamp on the parent - q("UPDATE `item` set `commented` = '%s', `changed` = '%s' WHERE `id` = %d LIMIT 1", + q("UPDATE `item` set `commented` = '%s', `changed` = '%s' WHERE `id` = %d", dbesc(datetime_convert()), dbesc(datetime_convert()), intval($parent) diff --git a/mod/network.php b/mod/network.php index ce32ce826f..ff79fb2cff 100644 --- a/mod/network.php +++ b/mod/network.php @@ -168,7 +168,7 @@ function network_init(&$a) { } } if(x($_GET,'remove')) { - q("delete from `search` where `uid` = %d and `term` = '%s' limit 1", + q("delete from `search` where `uid` = %d and `term` = '%s'", intval(local_user()), dbesc($search) ); @@ -675,11 +675,18 @@ function network_content(&$a, $update = 0) { }*/ if($tag) { - $sql_extra = sprintf(" AND `term`.`term` = '%s' AND `term`.`otype` = %d AND `term`.`type` = %d ", - dbesc(protect_sprintf($search)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG)); - $sql_table = "`term` LEFT JOIN `item` ON `item`.`id` = `term`.`oid` AND `item`.`uid` = `term`.`uid` "; + //$sql_extra = sprintf(" AND `term`.`term` = '%s' AND `term`.`otype` = %d AND `term`.`type` = %d ", + // dbesc(protect_sprintf($search)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG)); + //$sql_table = "`term` LEFT JOIN `item` ON `item`.`id` = `term`.`oid` AND `item`.`uid` = `term`.`uid` "; - $sql_order = "`term`.`tid`"; + //$sql_order = "`term`.`tid`"; + + $sql_extra = ""; + + $sql_table = sprintf("`item` INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ", + dbesc(protect_sprintf($search)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG), intval(local_user())); + + $sql_order = "`item`.`received`"; } else { if (get_config('system','use_fulltext_engine')) $sql_extra = sprintf(" AND MATCH (`item`.`body`, `item`.`title`) AGAINST ('%s' in boolean mode) ", dbesc(protect_sprintf($search))); diff --git a/mod/search.php b/mod/search.php index 2a6308632f..04abdf04d5 100644 --- a/mod/search.php +++ b/mod/search.php @@ -141,15 +141,22 @@ function search_content(&$a) { if($tag) { //$sql_extra = sprintf(" AND `term`.`term` = '%s' AND `term`.`otype` = %d AND `term`.`type` = %d", - $sql_extra = sprintf(" AND `term`.`term` = '%s' AND `term`.`otype` = %d AND `term`.`type` = %d group by `item`.`uri` ", - dbesc(protect_sprintf($search)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG)); - $sql_table = "`term` LEFT JOIN `item` ON `item`.`id` = `term`.`oid` AND `item`.`uid` = `term`.`uid` "; - $sql_order = "`term`.`tid`"; + //$sql_extra = sprintf(" AND `term`.`term` = '%s' AND `term`.`otype` = %d AND `term`.`type` = %d group by `item`.`uri` ", + // dbesc(protect_sprintf($search)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG)); + //$sql_table = "`term` LEFT JOIN `item` ON `item`.`id` = `term`.`oid` AND `item`.`uid` = `term`.`uid` "; + //$sql_order = "`term`.`tid`"; //$sql_order = "`item`.`received`"; //$sql_extra = sprintf(" AND EXISTS (SELECT * FROM `term` WHERE `item`.`id` = `term`.`oid` AND `item`.`uid` = `term`.`uid` AND `term`.`term` = '%s' AND `term`.`otype` = %d AND `term`.`type` = %d) GROUP BY `item`.`uri` ", // dbesc(protect_sprintf($search)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG)); //$sql_table = "`item` FORCE INDEX (`uri`) "; + + $sql_extra = ""; + + $sql_table = sprintf("`item` INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ", + dbesc(protect_sprintf($search)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG), intval(local_user())); + + $sql_order = "`item`.`received`"; } else { if (get_config('system','use_fulltext_engine')) { $sql_extra = sprintf(" AND MATCH (`item`.`body`, `item`.`title`) AGAINST ('%s' in boolean mode) ", dbesc(protect_sprintf($search)));