forked from CIT/Vmeda.Online
		
	MOBILE-2471 sqlite: Escape multi-byte characters
This commit is contained in:
		
							parent
							
								
									ab3da0f38c
								
							
						
					
					
						commit
						e3db4afe22
					
				| @ -960,9 +960,10 @@ export class CoreSite { | ||||
| 
 | ||||
|         this.logger.debug('Invalidate cache for key starting with: ' + key); | ||||
| 
 | ||||
|         const sql = 'UPDATE ' + this.WS_CACHE_TABLE + ' SET expirationTime=0 WHERE key LIKE ?'; | ||||
|         const sql = 'UPDATE ' + this.WS_CACHE_TABLE + ' SET expirationTime=0 WHERE key LIKE ? ESCAPE ?'; | ||||
|         const params = [this.db.encodeValue(key).replace(/%/g, '\\%') + '%', '\\']; | ||||
| 
 | ||||
|         return this.db.execute(sql, [key + '%']); | ||||
|         return this.db.execute(sql, params); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|  | ||||
| @ -259,6 +259,24 @@ export class SQLiteDB { | ||||
|         return Promise.all(promises); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Decode a value returned from the database if it's a string. | ||||
|      * | ||||
|      * @param {any} value The value. | ||||
|      * @return {any} The decoded string or the original value if it's not a string. | ||||
|      */ | ||||
|     decodeValue(value: any): any { | ||||
|         if (typeof value === 'string') { | ||||
|             try { | ||||
|                 value = decodeURI(value); | ||||
|             } catch (ex) { | ||||
|                 // Error, use the original value.
 | ||||
|             } | ||||
|         } | ||||
| 
 | ||||
|         return value; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Delete the records from a table where all the given conditions met. | ||||
|      * If conditions not specified, table is truncated. | ||||
| @ -308,6 +326,16 @@ export class SQLiteDB { | ||||
|         return this.execute(`DELETE FROM ${table} ${select}`, params); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Encode a value that will be inserted into the database or compared to values in the database. | ||||
|      * | ||||
|      * @param {any} value The value. | ||||
|      * @return {any} The encoded string or the original value if it's not a string. | ||||
|      */ | ||||
|     encodeValue(value: any): any { | ||||
|         return (typeof value === 'string') ? encodeURI(value) : value; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Execute a SQL query. | ||||
|      * IMPORTANT: Use this function only if you cannot use any of the other functions in this API. Please take into account that | ||||
| @ -352,6 +380,8 @@ export class SQLiteDB { | ||||
|             const value = data[name]; | ||||
|             if (typeof value == 'undefined') { | ||||
|                 delete data[name]; | ||||
|             } else { | ||||
|                 data[name] = this.encodeValue(value); | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| @ -456,7 +486,7 @@ export class SQLiteDB { | ||||
|             params = items; | ||||
|         } | ||||
| 
 | ||||
|         return [sql, params]; | ||||
|         return [sql, params.map(this.encodeValue)]; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
| @ -607,7 +637,11 @@ export class SQLiteDB { | ||||
|             // Retrieve the records.
 | ||||
|             const records = []; | ||||
|             for (let i = 0; i < result.rows.length; i++) { | ||||
|                 records.push(result.rows.item(i)); | ||||
|                 const record = result.rows.item(i); | ||||
|                 for (const key in record) { | ||||
|                     record[key] = this.decodeValue(record[key]); | ||||
|                 } | ||||
|                 records.push(record); | ||||
|             } | ||||
| 
 | ||||
|             return records; | ||||
| @ -819,6 +853,8 @@ export class SQLiteDB { | ||||
|      * @return {Promise<any>} Promise resolved when updated. | ||||
|      */ | ||||
|     updateRecordsWhere(table: string, data: any, where?: string, whereParams?: any[]): Promise<any> { | ||||
|         this.formatDataToInsert(data); | ||||
| 
 | ||||
|         if (!data || !Object.keys(data).length) { | ||||
|             // No fields to update, consider it's done.
 | ||||
|             return Promise.resolve(); | ||||
| @ -850,9 +886,10 @@ export class SQLiteDB { | ||||
|      * Returns the SQL WHERE conditions. | ||||
|      * | ||||
|      * @param {object} [conditions] The conditions to build the where clause. Must not contain numeric indexes. | ||||
|      * @param {boolean} [encodeValues=true] Encode condiiton values. True by default. | ||||
|      * @return {any[]} An array list containing sql 'where' part and 'params'. | ||||
|      */ | ||||
|     whereClause(conditions: any = {}): any[] { | ||||
|     whereClause(conditions: any = {}, encodeValues: boolean = true): any[] { | ||||
|         if (!conditions || !Object.keys(conditions).length) { | ||||
|             return ['1 = 1', []]; | ||||
|         } | ||||
| @ -861,7 +898,11 @@ export class SQLiteDB { | ||||
|             params = []; | ||||
| 
 | ||||
|         for (const key in conditions) { | ||||
|             const value = conditions[key]; | ||||
|             let value = conditions[key]; | ||||
| 
 | ||||
|             if (encodeValues) { | ||||
|                 value = this.encodeValue(value); | ||||
|             } | ||||
| 
 | ||||
|             if (typeof value == 'undefined' || value === null) { | ||||
|                 where.push(key + ' IS NULL'); | ||||
| @ -897,7 +938,7 @@ export class SQLiteDB { | ||||
|             if (typeof value == 'undefined' || value === null) { | ||||
|                 select = field + ' IS NULL'; | ||||
|             } else { | ||||
|                 params.push(value); | ||||
|                 params.push(this.encodeValue(value)); | ||||
|             } | ||||
|         }); | ||||
| 
 | ||||
|  | ||||
| @ -2,7 +2,7 @@ | ||||
|     "app_id" : "com.moodle.moodlemobile", | ||||
|     "appname": "Moodle Mobile", | ||||
|     "desktopappname": "Moodle Desktop", | ||||
|     "versioncode" : 3510, | ||||
|     "versioncode" : 3520, | ||||
|     "versionname" : "3.5.1", | ||||
|     "cache_expiration_time" : 300000, | ||||
|     "default_lang" : "en", | ||||
|  | ||||
| @ -346,6 +346,13 @@ export class CoreUpdateManagerProvider implements CoreInitHandler { | ||||
|                     // DBs migrated, get the version applied again.
 | ||||
|                     return this.configProvider.get(this.VERSION_APPLIED, 0); | ||||
|                 }); | ||||
|             } else if (versionCode >= 3520 && versionApplied < 3520 && versionApplied > 0) { | ||||
|                 // Encode special characters in the contents of all DBs to work around Unicode bugs in the Cordova plugin.
 | ||||
|                 // This is not needed if the DBs are created from scratch, because all content is already encoded.
 | ||||
|                 // We do this before any other update because SQLiteDB methods expect the content to be encoded.
 | ||||
|                 return this.encodeAllDBs().then(() => { | ||||
|                     return versionApplied; | ||||
|                 }); | ||||
|             } else { | ||||
|                 return versionApplied; | ||||
|             } | ||||
| @ -706,4 +713,68 @@ export class CoreUpdateManagerProvider implements CoreInitHandler { | ||||
|             return this.utils.allPromises(promises); | ||||
|         }); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Encode all DBs to escape special characters. | ||||
|      * | ||||
|      * @return {Promise<any>} Promise resolved when done. | ||||
|      */ | ||||
|     protected encodeAllDBs(): Promise<any> { | ||||
|         // First encode the app DB.
 | ||||
|         return this.encodeDB(this.appProvider.getDB()).then(() => { | ||||
|             // Now encode all site DBs.
 | ||||
|             return this.sitesProvider.getSitesIds(); | ||||
|         }).then((ids) => { | ||||
|             return this.utils.allPromises(ids.map((siteId) => { | ||||
|                 return this.sitesProvider.getSiteDb(siteId).then((db) => { | ||||
|                     return this.encodeDB(db); | ||||
|                 }); | ||||
|             })); | ||||
|         }); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Encode content of a certain DB to escape special characters. | ||||
|      * | ||||
|      * @param {SQLiteDB} db The DB. | ||||
|      * @return {Promise<any>} Promise resolved when done. | ||||
|      */ | ||||
|     protected encodeDB(db: SQLiteDB): Promise<any> { | ||||
|         const sql = 'SELECT tbl_name FROM sqlite_master WHERE type = ?'; | ||||
|         const params = ['table']; | ||||
| 
 | ||||
|         return db.execute(sql, params).then((result) => { | ||||
|             const promises = []; | ||||
| 
 | ||||
|             for (let i = 0; i < result.rows.length; i++) { | ||||
|                 const table = result.rows.item(i).tbl_name; | ||||
|                 promises.push(this.encodeTable(db, table)); | ||||
|             } | ||||
| 
 | ||||
|             return this.utils.allPromises(promises); | ||||
|         }); | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Encode content of a certain table to escape special characters. | ||||
|      * | ||||
|      * @param {SQLiteDB} db The DB. | ||||
|      * @param {string} table Name of the table. | ||||
|      * @return {Promise<any>} Promise resolved when done. | ||||
|      */ | ||||
|     protected encodeTable(db: SQLiteDB, table: string): Promise<any> { | ||||
|         const sql = 'SELECT * FROM ' + table; | ||||
| 
 | ||||
|         return db.execute(sql).then((result) => { | ||||
|             const promises = []; | ||||
| 
 | ||||
|             for (let i = 0; i < result.rows.length; i++) { | ||||
|                 const record = result.rows.item(i); | ||||
|                 const selectAndParams = db.whereClause(record, false); | ||||
|                 promises.push(db.updateRecordsWhere(table, record, selectAndParams[0], selectAndParams[1])); | ||||
|             } | ||||
| 
 | ||||
|             return this.utils.allPromises(promises); | ||||
|         }); | ||||
|     } | ||||
| } | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user