Fix all query warnings in "arc unit --everything"

+2 -2

src/applications/config/schema/PhabricatorConfigSchemaQuery.php

··· 115 115 'SELECT TABLE_SCHEMA, TABLE_NAME, COLUMN_NAME, CHARACTER_SET_NAME, 116 116 COLLATION_NAME, COLUMN_TYPE, IS_NULLABLE, EXTRA 117 117 FROM INFORMATION_SCHEMA.COLUMNS 118 - WHERE (%Q)', 119 - '('.implode(') OR (', $sql).')'); 118 + WHERE %LO', 119 + $sql); 120 120 $column_info = igroup($column_info, 'TABLE_SCHEMA'); 121 121 } else { 122 122 $column_info = array();

+1 -1

src/applications/diffusion/query/DiffusionCommitQuery.php

··· 696 696 pht('No commit identifiers.')); 697 697 } 698 698 699 - $where[] = '('.implode(' OR ', $sql).')'; 699 + $where[] = qsprintf($conn, '%LO', $sql); 700 700 } 701 701 702 702 if ($this->auditIDs !== null) {

+7 -7

src/applications/diffusion/query/DiffusionPathQuery.php

··· 10 10 } 11 11 12 12 public function execute() { 13 - $conn_r = id(new PhabricatorRepository())->establishConnection('r'); 13 + $conn = id(new PhabricatorRepository())->establishConnection('r'); 14 14 15 - $where = $this->buildWhereClause($conn_r); 15 + $where = $this->buildWhereClause($conn); 16 16 17 17 $results = queryfx_all( 18 - $conn_r, 18 + $conn, 19 19 'SELECT * FROM %T %Q', 20 20 PhabricatorRepository::TABLE_PATH, 21 21 $where); ··· 23 23 return ipull($results, null, 'id'); 24 24 } 25 25 26 - protected function buildWhereClause(AphrontDatabaseConnection $conn_r) { 26 + protected function buildWhereClause(AphrontDatabaseConnection $conn) { 27 27 $where = array(); 28 28 29 29 if ($this->pathIDs) { 30 30 $where[] = qsprintf( 31 - $conn_r, 31 + $conn, 32 32 'id IN (%Ld)', 33 33 $this->pathIDs); 34 34 } 35 35 36 36 if ($where) { 37 - return 'WHERE ('.implode(') AND (', $where).')'; 37 + return qsprintf($conn, 'WHERE %LA', $where); 38 38 } else { 39 - return ''; 39 + return qsprintf($conn, ''); 40 40 } 41 41 } 42 42

+1 -1

src/applications/files/query/PhabricatorFileQuery.php

··· 391 391 $transform['transform']); 392 392 } 393 393 } 394 - $where[] = qsprintf($conn, '(%Q)', implode(') OR (', $clauses)); 394 + $where[] = qsprintf($conn, '%LO', $clauses); 395 395 } 396 396 397 397 if ($this->dateCreatedAfter !== null) {

+5 -2

src/applications/people/storage/PhabricatorUser.php

··· 458 458 } 459 459 460 460 public function loadPrimaryEmail() { 461 + $email = new PhabricatorUserEmail(); 462 + $conn = $email->establishConnection('r'); 463 + 461 464 return $this->loadOneRelative( 462 - new PhabricatorUserEmail(), 465 + $email, 463 466 'userPHID', 464 467 'getPHID', 465 - '(isPrimary = 1)'); 468 + qsprintf($conn, '(isPrimary = 1)')); 466 469 } 467 470 468 471

+19 -25

src/applications/phortune/query/PhortuneAccountQuery.php

··· 42 42 return $this; 43 43 } 44 44 45 - protected function loadPage() { 46 - $table = new PhortuneAccount(); 47 - $conn = $table->establishConnection('r'); 48 - 49 - $rows = queryfx_all( 50 - $conn, 51 - 'SELECT a.* FROM %T a %Q %Q %Q %Q', 52 - $table->getTableName(), 53 - $this->buildJoinClause($conn), 54 - $this->buildWhereClause($conn), 55 - $this->buildOrderClause($conn), 56 - $this->buildLimitClause($conn)); 45 + public function newResultObject() { 46 + return new PhortuneAccount(); 47 + } 57 48 58 - return $table->loadAllFromArray($rows); 49 + protected function loadPage() { 50 + return $this->loadStandardPage($this->newResultObject()); 59 51 } 60 52 61 53 protected function willFilterPage(array $accounts) { ··· 73 65 return $accounts; 74 66 } 75 67 76 - protected function buildWhereClause(AphrontDatabaseConnection $conn) { 77 - $where = array(); 78 - 79 - $where[] = $this->buildPagingClause($conn); 68 + protected function buildWhereClauseParts(AphrontDatabaseConnection $conn) { 69 + $where = parent::buildWhereClauseParts($conn); 80 70 81 - if ($this->ids) { 71 + if ($this->ids !== null) { 82 72 $where[] = qsprintf( 83 73 $conn, 84 74 'a.id IN (%Ld)', 85 75 $this->ids); 86 76 } 87 77 88 - if ($this->phids) { 78 + if ($this->phids !== null) { 89 79 $where[] = qsprintf( 90 80 $conn, 91 81 'a.phid IN (%Ls)', 92 82 $this->phids); 93 83 } 94 84 95 - if ($this->memberPHIDs) { 85 + if ($this->memberPHIDs !== null) { 96 86 $where[] = qsprintf( 97 87 $conn, 98 88 'm.dst IN (%Ls)', 99 89 $this->memberPHIDs); 100 90 } 101 91 102 - return $this->formatWhereClause($conn, $where); 92 + return $where; 103 93 } 104 94 105 - protected function buildJoinClause(AphrontDatabaseConnection $conn) { 106 - $joins = array(); 95 + protected function buildJoinClauseParts(AphrontDatabaseConnection $conn) { 96 + $joins = parent::buildJoinClauseParts($conn); 107 97 108 - if ($this->memberPHIDs) { 98 + if ($this->memberPHIDs !== null) { 109 99 $joins[] = qsprintf( 110 100 $conn, 111 101 'LEFT JOIN %T m ON a.phid = m.src AND m.type = %d', ··· 113 103 PhortuneAccountHasMemberEdgeType::EDGECONST); 114 104 } 115 105 116 - return implode(' ', $joins); 106 + return $joins; 117 107 } 118 108 119 109 public function getQueryApplicationClass() { 120 110 return 'PhabricatorPhortuneApplication'; 111 + } 112 + 113 + protected function getPrimaryTableAlias() { 114 + return 'a'; 121 115 } 122 116 123 117 }

+2 -2

src/applications/project/engine/PhabricatorBoardLayoutEngine.php

··· 297 297 queryfx( 298 298 $conn_w, 299 299 'INSERT INTO %T (id, sequence, boardPHID, columnPHID, objectPHID) 300 - VALUES %Q ON DUPLICATE KEY UPDATE sequence = VALUES(sequence)', 300 + VALUES %LQ ON DUPLICATE KEY UPDATE sequence = VALUES(sequence)', 301 301 $table->getTableName(), 302 - implode(', ', $pairs)); 302 + $pairs); 303 303 } 304 304 305 305 foreach ($adds as $position) {

+1 -1

src/applications/project/query/PhabricatorProjectQuery.php

··· 557 557 $ancestor_path['projectDepth']); 558 558 } 559 559 560 - $where[] = '('.implode(' OR ', $sql).')'; 560 + $where[] = qsprintf($conn, '%LO', $sql); 561 561 562 562 $where[] = qsprintf( 563 563 $conn,

+3 -3

src/applications/repository/query/PhabricatorRepositoryQuery.php

··· 513 513 if ($this->shouldJoinURITable()) { 514 514 $joins[] = qsprintf( 515 515 $conn, 516 - 'LEFT JOIN %T uri ON r.phid = uri.repositoryPHID', 517 - id(new PhabricatorRepositoryURIIndex())->getTableName()); 516 + 'LEFT JOIN %R uri ON r.phid = uri.repositoryPHID', 517 + new PhabricatorRepositoryURIIndex()); 518 518 } 519 519 520 520 return $joins; ··· 639 639 $this->slugIdentifiers); 640 640 } 641 641 642 - $where = array('('.implode(' OR ', $identifier_clause).')'); 642 + $where[] = qsprintf($conn, '%LO', $identifier_clause); 643 643 } 644 644 645 645 if ($this->types) {

+2 -2

src/applications/repository/worker/commitchangeparser/PhabricatorRepositoryCommitChangeParserWorker.php

··· 70 70 } 71 71 queryfx( 72 72 $conn_w, 73 - 'INSERT IGNORE INTO %T (path, pathHash) VALUES %Q', 73 + 'INSERT IGNORE INTO %T (path, pathHash) VALUES %LQ', 74 74 PhabricatorRepository::TABLE_PATH, 75 - implode(', ', $sql)); 75 + $sql); 76 76 } 77 77 $result_map += self::lookupPaths($missing_paths); 78 78 }

+2 -2

src/applications/repository/worker/commitchangeparser/PhabricatorRepositorySvnCommitChangeParserWorker.php

··· 463 463 $conn_w, 464 464 'INSERT INTO %T 465 465 (repositoryID, parentID, svnCommit, pathID, existed, fileType) 466 - VALUES %Q', 466 + VALUES %LQ', 467 467 PhabricatorRepository::TABLE_FILESYSTEM, 468 - implode(', ', $sql_chunk)); 468 + $sql_chunk); 469 469 } 470 470 471 471 }

+1 -1

src/infrastructure/query/policy/PhabricatorCursorPagedPolicyAwareQuery.php

··· 2353 2353 (array)$constraint->getValue(), 2354 2354 $idx++); 2355 2355 } 2356 - $parts = implode(', ', $parts); 2356 + $parts = qsprintf($conn, '%LQ', $parts); 2357 2357 2358 2358 $select[] = qsprintf( 2359 2359 $conn,

+10 -1

src/infrastructure/storage/lisk/LiskDAOSet.php

··· 77 77 } else { 78 78 $set = new LiskDAOSet(); 79 79 $this->subsets[] = $set; 80 + 81 + $conn = $object->establishConnection('r'); 82 + 83 + if (strlen($where)) { 84 + $where_clause = qsprintf($conn, 'AND %Q', $where); 85 + } else { 86 + $where_clause = qsprintf($conn, ''); 87 + } 88 + 80 89 $relatives = $object->putInSet($set)->loadAllWhere( 81 90 '%C IN (%Ls) %Q', 82 91 $foreign_column, 83 92 $ids, 84 - ($where != '' ? 'AND '.$where : '')); 93 + $where_clause); 85 94 $relatives = mgroup($relatives, 'get'.$foreign_column); 86 95 } 87 96 }

+3 -1

src/infrastructure/storage/management/PhabricatorStorageManagementAPI.php

··· 265 265 } 266 266 267 267 try { 268 - queryfx($conn, '%Q', $query); 268 + // NOTE: We're using the unsafe "%Z" conversion here. There's no 269 + // avoiding it since we're executing raw text files full of SQL. 270 + queryfx($conn, '%Z', $query); 269 271 } catch (AphrontAccessDeniedQueryException $ex) { 270 272 throw new PhutilProxyException( 271 273 pht(

+62 -8

src/infrastructure/storage/management/workflow/PhabricatorStorageManagementWorkflow.php

··· 357 357 } 358 358 359 359 if ($adjust['charset']) { 360 + switch ($adjust['charset']) { 361 + case 'binary': 362 + $charset_value = qsprintf($conn, 'binary'); 363 + break; 364 + case 'utf8': 365 + $charset_value = qsprintf($conn, 'utf8'); 366 + break; 367 + case 'utf8mb4': 368 + $charset_value = qsprintf($conn, 'utf8mb4'); 369 + break; 370 + default: 371 + throw new Exception( 372 + pht( 373 + 'Unsupported character set "%s".', 374 + $adjust['charset'])); 375 + } 376 + 377 + switch ($adjust['collation']) { 378 + case 'binary': 379 + $collation_value = qsprintf($conn, 'binary'); 380 + break; 381 + case 'utf8_general_ci': 382 + $collation_value = qsprintf($conn, 'utf8_general_ci'); 383 + break; 384 + case 'utf8mb4_bin': 385 + $collation_value = qsprintf($conn, 'utf8mb4_bin'); 386 + break; 387 + case 'utf8mb4_unicode_ci': 388 + $collation_value = qsprintf($conn, 'utf8mb4_unicode_ci'); 389 + break; 390 + default: 391 + throw new Exception( 392 + pht( 393 + 'Unsupported collation set "%s".', 394 + $adjust['collation'])); 395 + } 396 + 360 397 $parts[] = qsprintf( 361 398 $conn, 362 399 'CHARACTER SET %Q COLLATE %Q', 363 - $adjust['charset'], 364 - $adjust['collation']); 400 + $charset_value, 401 + $collation_value); 402 + } 403 + 404 + if ($parts) { 405 + $parts = qsprintf($conn, '%LJ', $parts); 406 + } else { 407 + $parts = qsprintf($conn, ''); 408 + } 409 + 410 + if ($adjust['nullable']) { 411 + $nullable = qsprintf($conn, 'NULL'); 412 + } else { 413 + $nullable = qsprintf($conn, 'NOT NULL'); 365 414 } 366 415 416 + // TODO: We're using "%Z" here for the column type, which is 417 + // technically unsafe. It would be nice to be able to use "%Q" 418 + // instead, but this requires a fair amount of legwork to 419 + // enumerate all column types. 420 + 367 421 queryfx( 368 422 $conn, 369 - 'ALTER TABLE %T.%T MODIFY %T %Q %Q %Q', 423 + 'ALTER TABLE %T.%T MODIFY %T %Z %Q %Q', 370 424 $adjust['database'], 371 425 $adjust['table'], 372 426 $adjust['name'], 373 427 $adjust['type'], 374 - implode(' ', $parts), 375 - $adjust['nullable'] ? 'NULL' : 'NOT NULL'); 428 + $parts, 429 + $nullable); 376 430 } 377 431 break; 378 432 case 'key': ··· 395 449 // Different keys need different creation syntax. Notable 396 450 // special cases are primary keys and fulltext keys. 397 451 if ($adjust['name'] == 'PRIMARY') { 398 - $key_name = 'PRIMARY KEY'; 452 + $key_name = qsprintf($conn, 'PRIMARY KEY'); 399 453 } else if ($adjust['indexType'] == 'FULLTEXT') { 400 454 $key_name = qsprintf($conn, 'FULLTEXT %T', $adjust['name']); 401 455 } else { ··· 414 468 415 469 queryfx( 416 470 $conn, 417 - 'ALTER TABLE %T.%T ADD %Q (%Q)', 471 + 'ALTER TABLE %T.%T ADD %Q (%LK)', 418 472 $adjust['database'], 419 473 $adjust['table'], 420 474 $key_name, 421 - implode(', ', $adjust['columns'])); 475 + $adjust['columns']); 422 476 } 423 477 break; 424 478 default:

Configure Feed

Configure Feed