[LON-CAPA-cvs] cvs: loncom /interface lonmysql.pm
albertel
lon-capa-cvs@mail.lon-capa.org
Mon, 12 Mar 2007 17:10:02 -0000
albertel Mon Mar 12 13:10:02 2007 EDT
Modified files:
/loncom/interface lonmysql.pm
Log:
- need to clean usernames and domains of nonword characters to use them as table names
Index: loncom/interface/lonmysql.pm
diff -u loncom/interface/lonmysql.pm:1.35 loncom/interface/lonmysql.pm:1.36
--- loncom/interface/lonmysql.pm:1.35 Wed Aug 24 15:33:32 2005
+++ loncom/interface/lonmysql.pm Mon Mar 12 13:10:02 2007
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# MySQL utility functions
#
-# $Id: lonmysql.pm,v 1.35 2005/08/24 19:33:32 matthew Exp $
+# $Id: lonmysql.pm,v 1.36 2007/03/12 17:10:02 albertel Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -87,14 +87,15 @@
a complete reimplementation of the DBI interface. Instead we try to
make using mysql as painless as possible.
-Each table has a numeric ID that is a parameter to most lonmysql functions.
-The table id is returned by &create_table.
-If you lose the table id, it is lost forever.
-The table names in MySQL correspond to
-$env{'user.name'}.'_'.$env{'user.domain'}.'_'.$table_id. If the table id
-is non-numeric, it is assumed to be the full name of a table. If you pass
-the table id in a form, you MUST ensure that what you send to lonmysql is
-numeric, otherwise you are opening up all the tables in the MySQL database.
+Each table has a numeric ID that is a parameter to most lonmysql
+functions. The table id is returned by &create_table. If you lose
+the table id, it is lost forever. The table names in MySQL correspond
+to $env{'user.name'}.'_'.$env{'user.domain'}.'_'.$table_id. (With all
+non-word characters removed form user.name and user.domain) If the
+table id is non-numeric, it is assumed to be the full name of a table.
+If you pass the table id in a form, you MUST ensure that what you send
+to lonmysql is numeric, otherwise you are opening up all the tables in
+the MySQL database.
=over 4
@@ -750,6 +751,7 @@
$table_id = &get_new_table_id();
}
my $tablename = &translate_id($table_id);
+ &Apache::lonnet::logthis(" hmm $tablename, $table_id, ". $table_des->{'id'});
my $request = "CREATE TABLE IF NOT EXISTS ".$tablename." ";
foreach my $coldata (@{$table_des->{'columns'}}) {
my $column = $coldata->{'name'};
@@ -824,6 +826,25 @@
=pod
+=item &get_table_prefix()
+
+returns the cleaned version of user.name and user.domain for us in table names
+
+=cut
+
+###############################
+sub get_table_prefix {
+ my $clean_name = $env{'user.name'};
+ my $clean_domain = $env{'user.domain'};
+ $clean_name =~ s/\W//g;
+ $clean_domain =~ s/\W//g;
+ return $clean_name.'_'.$clean_domain.'_';
+}
+
+###############################
+
+=pod
+
=item &get_new_table_id()
Used internally to prevent table name collisions.
@@ -834,8 +855,9 @@
sub get_new_table_id {
my $newid = 0;
my @tables = &tables_in_db();
+ my $prefix = &get_table_prefix();
foreach (@tables) {
- if (/^$env{'user.name'}_$env{'user.domain'}_(\d+)$/) {
+ if (/^\Q$prefix\E(\d+)$/) {
$newid = $1 if ($1 > $newid);
}
}
@@ -1114,7 +1136,7 @@
# id should be a digit. If it is not a digit we assume the given id
# is complete and does not need to be translated.
return $id if ($id =~ /\D/);
- return $env{'user.name'}.'_'.$env{'user.domain'}.'_'.$id;
+ return &get_table_prefix().$id;
}
###########################################