diff --git a/ChangeLog b/ChangeLog index 711bc9324..2b0283935 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2012-02-14 Wolfgang Sourdeau + + * SoObjects/SOGo/SOGoSQLUserProfile.m (_sqlJsonRepresentation:): + removed obsolete method. + (-storeJSONProfileInDB:): we now properly escape the stored value + via the adaptor methods and by using a hacking EOAttribute + instance (FIXME). + 2012-02-13 Wolfgang Sourdeau * UI/WebServerResources/JavascriptAPIExtensions.js diff --git a/SoObjects/SOGo/SOGoSQLUserProfile.m b/SoObjects/SOGo/SOGoSQLUserProfile.m index 4f571d92c..1335e1496 100644 --- a/SoObjects/SOGo/SOGoSQLUserProfile.m +++ b/SoObjects/SOGo/SOGoSQLUserProfile.m @@ -25,6 +25,7 @@ #import #import +#import #import #import #import @@ -35,11 +36,13 @@ static NSURL *tableURL = nil; static NSString *uidColumnName = @"c_uid"; +static EOAttribute *textColumn = nil; @implementation SOGoSQLUserProfile + (void) initialize { + NSDictionary *description; NSString *profileURL; SOGoSystemDefaults *sd; @@ -50,6 +53,19 @@ static NSString *uidColumnName = @"c_uid"; if (profileURL) tableURL = [[NSURL alloc] initWithString: profileURL]; } + + if (!textColumn) + { + #warning This is a hack for providing an EOAttribute definition \ + that is compatible with all the backends that we support + /* TODO: ... We should make use of EOModel for the profile tables */ + description = [NSDictionary dictionaryWithObjectsAndKeys: + @"c_textfield", @"columnName", + @"VARCHAR", @"externalType", + nil]; + textColumn = [EOAttribute attributeFromPropertyList: description]; + [textColumn retain]; + } } - (id) init @@ -139,17 +155,6 @@ static NSString *uidColumnName = @"c_uid"; return value; } -- (NSString *) _sqlJsonRepresentation: (NSString *) jsonRepresentation -{ - NSMutableString *sql; - - sql = [jsonRepresentation mutableCopy]; - [sql autorelease]; - [sql replaceString: @"'" withString: @"''"]; - - return sql; -} - - (NSString *) generateSQLForInsert: (NSString *) jsonRepresentation { NSString *sql; @@ -157,10 +162,10 @@ static NSString *uidColumnName = @"c_uid"; if ([jsonRepresentation length]) sql = [NSString stringWithFormat: (@"INSERT INTO %@" @" (%@, %@)" - @" VALUES ('%@', '%@')"), + @" VALUES ('%@', %@)"), [tableURL gcsTableName], uidColumnName, fieldName, [self uid], - [self _sqlJsonRepresentation: jsonRepresentation]]; + jsonRepresentation]; else sql = nil; @@ -173,11 +178,11 @@ static NSString *uidColumnName = @"c_uid"; if ([jsonRepresentation length]) sql = [NSString stringWithFormat: (@"UPDATE %@" - @" SET %@ = '%@'" + @" SET %@ = %@" @" WHERE %@ = '%@'"), [tableURL gcsTableName], fieldName, - [self _sqlJsonRepresentation: jsonRepresentation], + jsonRepresentation, uidColumnName, [self uid]]; else sql = nil; @@ -191,14 +196,11 @@ static NSString *uidColumnName = @"c_uid"; EOAdaptorChannel *channel; EOAdaptorContext *context; NSException *ex; - NSString *sql; + NSString *sql, *formattedValue; BOOL rc; rc = NO; - sql = ((defFlags.isNew) - ? [self generateSQLForInsert: jsonRepresentation] - : [self generateSQLForUpdate: jsonRepresentation]); cm = [GCSChannelManager defaultChannelManager]; channel = [cm acquireOpenChannelForURL: tableURL]; if (channel) @@ -206,6 +208,12 @@ static NSString *uidColumnName = @"c_uid"; context = [channel adaptorContext]; if ([context beginTransaction]) { + formattedValue = [[context adaptor] formatValue: jsonRepresentation + forAttribute: textColumn]; + sql = ((defFlags.isNew) + ? [self generateSQLForInsert: formattedValue] + : [self generateSQLForUpdate: formattedValue]); + defFlags.ready = YES; ex = [channel evaluateExpressionX:sql]; if (ex)