X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fdb%2Fconnect_db_mysql.inc;h=8abdaa34f268e4cce6b934213abf645f6c0426ad;hb=df317147686e6577fcfa7215705d376a3939772d;hp=2f30aef0fa75ec24a3891b70fcb70477231cc553;hpb=bd8f517d30d1edd3261e26e582ddd9e11c555616;p=fa-stable.git

diff --git a/includes/db/connect_db_mysql.inc b/includes/db/connect_db_mysql.inc
index 2f30aef0..8abdaa34 100644
--- a/includes/db/connect_db_mysql.inc
+++ b/includes/db/connect_db_mysql.inc
@@ -10,11 +10,11 @@
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
 define('DB_DUPLICATE_ERROR', 1062);
-define('SQL_MODE', ''); // STRICT_ALL_TABLES,NO_ZERO_IN_DATE ?
+define('SQL_MODE', 'STRICT_ALL_TABLES'); // prevents SQL injection with silent field content truncation
 
 function set_global_connection($company=-1)
 {
-	global $db, $path_to_root, $db_connections;
+	global $db, $path_to_root, $db_connections, $SysPrefs;
 
 	include ($path_to_root . "/config_db.php");
 	if ($company == -1) 
@@ -25,16 +25,21 @@ function set_global_connection($company=-1)
 	$_SESSION["wa_current_user"]->cur_con = $company;
 
 	$connection = $db_connections[$company];
+	
+	$server = $connection["host"];
+	if (!empty($connection["port"]))
+		$server .= ":".$connection["port"];
 
-	$db = mysql_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"]);
-		mysql_select_db($connection["dbname"], $db);
+	$db = mysql_connect($server, $connection["dbuser"], $connection["dbpassword"]);
+	mysql_select_db($connection["dbname"], $db);
 	///// From MySql release 5.6.6 the sql_mode is no longer empty as it was prior to
 	///// this release. Just for safety we make it empty for all 5.6 release and higher.
 	///// This non empty sql_mode values can interphere with FA, so all is set empty during
 	///// our sessions.
 	///// We are, however, investigating the existing code to be compatible in the future.
-		db_query("SET sql_mode = '".SQL_MODE."'");
+	db_query("SET sql_mode = '".SQL_MODE."'");
 	/////
+	$SysPrefs->refresh();
 	return $db;
 }
 
@@ -42,11 +47,11 @@ function set_global_connection($company=-1)
 
 function db_query($sql, $err_msg=null)
 {
-	global $db, $SysPres, $sql_queries, $Ajax, $db_connections, $db_last_inserted_id;
+	global $db, $SysPrefs, $sql_queries, $Ajax, $db_connections, $db_last_inserted_id;
 
 	// set current db prefix
 	$comp = isset($_SESSION["wa_current_user"]->cur_con) ? $_SESSION["wa_current_user"]->cur_con : 0;
-	$cur_prefix = $db_connections[$comp]['tbpref'];
+	$cur_prefix = @$db_connections[$comp]['tbpref'];
 	$sql = str_replace(TB_PREF, $cur_prefix, $sql);
 
 	if ($SysPrefs->show_sql)
@@ -57,7 +62,14 @@ function db_query($sql, $err_msg=null)
 
 	db_profile(); // mysql profiling
 
-	$result = mysql_query($sql, $db);
+	$retry = MAX_DEADLOCK_RETRY;
+	do {
+		$result = mysql_query($db, $sql);
+		if (mysql_errno($db) == 1213)	{ // deadlock detected
+			sleep(1); $retry--;
+		} else
+			$retry = 0;
+	} while ($retry);
 
 	db_profile($sql);
 
@@ -75,48 +87,47 @@ function db_query($sql, $err_msg=null)
 	if ($err_msg != null || $SysPrefs->go_debug) {
 		$exit = $err_msg != null;
 		if (function_exists('xdebug_call_file'))
-			check_db_error('<br>At file '.xdebug_call_file().':'.xdebug_call_line().':<br>'.$err_msg, $sql, $exit);
-		else
-			check_db_error($err_msg, $sql, $exit);
+			$err_msg = '<br>At file '.xdebug_call_file().':'.xdebug_call_line().':<br>'.$err_msg;
+		check_db_error($err_msg, $sql, $exit);
 	}
 	return $result;
 }
 
-function db_fetch_row ($result)
+function db_fetch_row($result)
 {
 
 	return mysql_fetch_row($result);
 }
 
-function db_fetch_assoc ($result)
+function db_fetch_assoc($result)
 {
 
 	return mysql_fetch_assoc($result);
 }
 
-function db_fetch ($result)
+function db_fetch($result)
 {
 
 	return mysql_fetch_array($result);
 }
 
-function db_seek (&$result,$record)
+function db_seek(&$result,$record)
 {
 	return mysql_data_seek($result, $record);
 }
 
-function db_free_result ($result)
+function db_free_result($result)
 {
 	if ($result)
 		mysql_free_result($result);
 }
 
-function db_num_rows ($result)
+function db_num_rows($result)
 {
 	return mysql_num_rows($result);
 }
 
-function db_num_fields ($result)
+function db_num_fields($result)
 {
 	return mysql_num_fields($result);
 }
@@ -124,7 +135,7 @@ function db_num_fields ($result)
 function db_escape($value = "", $nullify = false)
 {
 	$value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
-	$value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
+	$value = html_specials_encode($value);
 
   	//reset default if second parameter is skipped
 	$nullify = ($nullify === null) ? (false) : ($nullify);
@@ -150,7 +161,7 @@ function db_escape($value = "", $nullify = false)
 	return $value;
 }
 
-function db_error_no ()
+function db_error_no()
 {
 	global $db;
 	return mysql_errno($db);
@@ -179,18 +190,33 @@ function db_field_name($result, $n)
 	return mysql_field_name($result, $n);
 }
 
+function db_set_collation($db, $fa_collation)
+{
+	return mysql_query("ALTER DATABASE COLLATE ".get_mysql_collation($fa_collation), $db);
+}
+
+/*
+	Create database for FA company. If database already exists,
+	just set collation to be sure nothing weird will happen later.
+*/
 function db_create_db($connection)
 {
-	$db = mysql_connect($connection["host"] ,
-		$connection["dbuser"], $connection["dbpassword"]);
-	if (strncmp(db_get_version(), "5.6", 3) >= 0) 
-		db_query("SET sql_mode = ''");
+	$server = $connection["host"];
+	if (!empty($connection["port"]))
+		$server .= ":".$connection["port"];
+	$db = mysql_connect($server, $connection["dbuser"], $connection["dbpassword"]);
+
 	if (!mysql_select_db($connection["dbname"], $db))
 	{
-		$sql = "CREATE DATABASE IF NOT EXISTS " . $connection["dbname"] . "";
+		$sql = "CREATE DATABASE IF NOT EXISTS `" . $connection["dbname"] . "`"
+			. " DEFAULT COLLATE '" . get_mysql_collation($connection["collation"]) . "'";
+
 		if (!mysql_query($sql) || !mysql_select_db($connection["dbname"], $db))
+				return 0;
+	} else
+		if (!db_set_collation($connection["collation"], $db))
 			return 0;
-	}
+
 	return $db;
 }