pluginhost: use PDO

author Andrew Dolgov <noreply@fakecake.org>

Sat, 2 Dec 2017 08:25:43 +0000 (11:25 +0300)

committer Andrew Dolgov <noreply@fakecake.org>

Sat, 2 Dec 2017 08:25:43 +0000 (11:25 +0300)
author Andrew Dolgov <noreply@fakecake.org>
Sat, 2 Dec 2017 08:25:43 +0000 (11:25 +0300)
committer Andrew Dolgov <noreply@fakecake.org>
Sat, 2 Dec 2017 08:25:43 +0000 (11:25 +0300)
diff --git a/classes/pluginhost.php b/classes/pluginhost.php

index 533e7ee911f59872b518dcb62d039d0acf911a3e..bff7c32d0b5ea3f69ee145ec06e750fac69b57b6 100644 (file)
--- a/classes/pluginhost.php
+++ b/classes/pluginhost.php
@@ -1,6 +1,7 @@
  <?php
  class PluginHost {
         private $dbh;
+       private $pdo;
         private $hooks = array();
         private $plugins = array();
         private $handlers = array();
@@ -63,6 +64,7 @@ class PluginHost {
  
         function __construct() {
                 $this->dbh = Db::get();
+               $this->pdo = Db::pdo();
  
                 $this->storage = array();
         }
@@ -92,6 +94,10 @@ class PluginHost {
                 return $this->dbh;
         }
  
+       function get_pdo() {
+               return $this->pdo;
+       }
+       
         function get_plugin_names() {
                 $names = array();
  
@@ -294,10 +300,11 @@ class PluginHost {
  
         function load_data() {
                 if ($this->owner_uid)  {
-                       $result = $this->dbh->query("SELECT name, content FROM ttrss_plugin_storage
-                               WHERE owner_uid = '".$this->owner_uid."'");
+                       $sth = $this->pdo->prepare("SELECT name, content FROM ttrss_plugin_storage
+                               WHERE owner_uid = ?");
+                       $sth->execute([$this->owner_uid]);
  
-                       while ($line = $this->dbh->fetch_assoc($result)) {
+                       while ($line = $sth->fetch()) {
                                 $this->storage[$line["name"]] = unserialize($line["content"]);
                         }
                 }
@@ -305,30 +312,31 @@ class PluginHost {
  
         private function save_data($plugin) {
                 if ($this->owner_uid) {
-                       $plugin = $this->dbh->escape_string($plugin);
-
-                       $this->dbh->query("BEGIN");
+                       $this->pdo->beginTransaction();
  
-                       $result = $this->dbh->query("SELECT id FROM ttrss_plugin_storage WHERE
-                               owner_uid= '".$this->owner_uid."' AND name = '$plugin'");
+                       $sth = $this->pdo->prepare("SELECT id FROM ttrss_plugin_storage WHERE
+                               owner_uid= ? AND name = ?");
+                       $sth->execute([$this->owner_uid, $plugin]);
  
                         if (!isset($this->storage[$plugin]))
                                 $this->storage[$plugin] = array();
  
-                       $content = $this->dbh->escape_string(serialize($this->storage[$plugin]),
+                       $content = serialize($this->storage[$plugin],
                                 false);
  
-                       if ($this->dbh->num_rows($result) != 0) {
-                               $this->dbh->query("UPDATE ttrss_plugin_storage SET content = '$content'
-                                       WHERE owner_uid= '".$this->owner_uid."' AND name = '$plugin'");
+                       if ($sth->fetch()) {
+                               $sth = $this->pdo->prepare("UPDATE ttrss_plugin_storage SET content = ?
+                                       WHERE owner_uid= ? AND name = ?");
+                               $sth->execute([$content, $this->owner_uid, $plugin]);
  
                         } else {
-                               $this->dbh->query("INSERT INTO ttrss_plugin_storage
+                               $sth = $this->pdo->prepare("INSERT INTO ttrss_plugin_storage
                                         (name,owner_uid,content) VALUES
-                                       ('$plugin','".$this->owner_uid."','$content')");
+                                       (?, ?, ?)");
+                               $sth->execute([$plugin, $this->owner_uid, $content]);
                         }
  
-                       $this->dbh->query("COMMIT");
+                       $this->pdo->commit();
                 }
         }
  
@@ -365,8 +373,9 @@ class PluginHost {
  
                         unset($this->storage[$idx]);
  
-                       $this->dbh->query("DELETE FROM ttrss_plugin_storage WHERE name = '$idx'
-                               AND owner_uid = " . $this->owner_uid);
+                       $sth = $this->pdo->prepare("DELETE FROM ttrss_plugin_storage WHERE name = ?
+                               AND owner_uid = ?");
+                       $sth->execute([$idx, $this->owner_uid]);
                 }
         }
author	Andrew Dolgov <noreply@fakecake.org>
	Sat, 2 Dec 2017 08:25:43 +0000 (11:25 +0300)
committer	Andrew Dolgov <noreply@fakecake.org>
	Sat, 2 Dec 2017 08:25:43 +0000 (11:25 +0300)