1 |
commit: 5099c71493abe193f23b7f0a7381e539bc67bb33 |
2 |
Author: Liam McLoughlin <hexxeh <AT> hexxeh <DOT> net> |
3 |
AuthorDate: Wed Jul 27 19:29:49 2011 +0000 |
4 |
Commit: Liam McLoughlin <hexxeh <AT> hexxeh <DOT> net> |
5 |
CommitDate: Wed Jul 27 19:29:49 2011 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/gentoaster.git;a=commit;h=5099c714 |
7 |
|
8 |
Moved to using mysqli and prepared statements |
9 |
|
10 |
--- |
11 |
client.php | 19 +++++---- |
12 |
daemon.php | 108 ++++++++++++++++++++++++++++++++++------------------ |
13 |
status.php | 40 ++++++++++++-------- |
14 |
web/config.php | 2 +- |
15 |
web/process.php | 60 +++++++++++++++++++---------- |
16 |
web/status.php | 61 +++++++++++++++--------------- |
17 |
web/testdrive.php | 39 ++++++++++++------- |
18 |
7 files changed, 200 insertions(+), 129 deletions(-) |
19 |
|
20 |
diff --git a/client.php b/client.php |
21 |
index e2284b4..56313ae 100644 |
22 |
--- a/client.php |
23 |
+++ b/client.php |
24 |
@@ -21,13 +21,16 @@ |
25 |
|
26 |
echo "Job sent, handle was ".$handle." - hash ".$handlehash."\n"; |
27 |
|
28 |
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); |
29 |
- if (!$db) { |
30 |
- die("Could not connect to database ".mysql_error()); |
31 |
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME, |
32 |
+ MYSQL_PASSWORD, MYSQL_DATABASE); |
33 |
+ if (mysqli_connect_errno()) { |
34 |
+ die("Could not connect to database ".mysqli_connect_error()); |
35 |
} |
36 |
- mysql_select_db(MYSQL_DATABASE); |
37 |
- $query = "INSERT INTO builds (id, handle)". |
38 |
- ." VALUES('".$handlehash."','".$handle."')"; |
39 |
- mysql_query($query); |
40 |
- echo "Job handle mapping added to database\n"; |
41 |
|
42 |
+ $query = "INSERT INTO builds (id, handle) VALUES(?, ?)"; |
43 |
+ $stmt = $db->prepare($query); |
44 |
+ $stmt->bind_param("ss", $handlehash, $handle); |
45 |
+ $stmt->execute(); |
46 |
+ $stmt->close(); |
47 |
+ $db->close(); |
48 |
+ echo "Job handle mapping added to database\n"; |
49 |
\ No newline at end of file |
50 |
|
51 |
diff --git a/daemon.php b/daemon.php |
52 |
index 1936864..5fa09b2 100644 |
53 |
--- a/daemon.php |
54 |
+++ b/daemon.php |
55 |
@@ -17,16 +17,22 @@ |
56 |
{ |
57 |
$result = trim($result); |
58 |
echo "A job finished with return code ".$returncode.": ".$result."\n"; |
59 |
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); |
60 |
- if (!$db) { |
61 |
- die("Could not connect to database ".mysql_error()); |
62 |
+ |
63 |
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME, |
64 |
+ MYSQL_PASSWORD, MYSQL_DATABASE); |
65 |
+ if (mysqli_connect_errno()) { |
66 |
+ die("Could not connect to database ".mysqli_connect_error()); |
67 |
} |
68 |
- mysql_select_db(MYSQL_DATABASE); |
69 |
- $result = mysql_real_escape_string($result); |
70 |
- $query = "UPDATE builds". |
71 |
- " SET result = '".$result."', returncode = '".$returncode. |
72 |
- "' WHERE handle = '".mysql_real_escape_string($handle)."'"; |
73 |
- mysql_query($query); |
74 |
+ |
75 |
+ $query = "UPDATE builds SET result = ?, returncode = ? ". |
76 |
+ "WHERE handle = ?"; |
77 |
+ |
78 |
+ $stmt = $db->prepare($query); |
79 |
+ $stmt->bind_param("sds", $result, $returncode, $handle); |
80 |
+ $stmt->execute(); |
81 |
+ $stmt->close(); |
82 |
+ $db->close(); |
83 |
+ |
84 |
return serialize(array($returncode, $result)); |
85 |
} |
86 |
|
87 |
@@ -103,26 +109,42 @@ |
88 |
$insert = false; |
89 |
$update = false; |
90 |
|
91 |
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); |
92 |
- if (!$db) { |
93 |
- die("Could not connect to database ".mysql_error()); |
94 |
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME, |
95 |
+ MYSQL_PASSWORD, MYSQL_DATABASE); |
96 |
+ if (mysqli_connect_errno()) { |
97 |
+ die("Could not connect to database ".mysqli_connect_error()); |
98 |
} |
99 |
- mysql_select_db(MYSQL_DATABASE); |
100 |
+ |
101 |
+ $query = "UPDATE builds SET result = ?, returncode = ? ". |
102 |
+ "WHERE handle = ?"; |
103 |
+ |
104 |
+ $stmt = $db->prepare($query); |
105 |
+ $stmt->bind_param("sds", $result, $returncode, $handle); |
106 |
+ $stmt->execute(); |
107 |
+ $stmt->close(); |
108 |
+ $db->close(); |
109 |
+ |
110 |
$query = "SELECT port FROM ports ORDER BY port DESC LIMIT 1"; |
111 |
- $result = mysql_query($query); |
112 |
- if (mysql_num_rows($result) == 0) { |
113 |
+ $stmt = $db->prepare($query); |
114 |
+ $stmt->execute(); |
115 |
+ if ($stmt->num_rows == 0) { |
116 |
// no ports! assign a new one |
117 |
+ $stmt->close(); |
118 |
$port = LOW_PORT; |
119 |
$insert = true; |
120 |
echo "No ports! Assigning ".$port."\n"; |
121 |
} else { |
122 |
// we have a port! let's check if our vm has one |
123 |
- $ports = mysql_fetch_array($result); |
124 |
- $lastport = $ports[0]; |
125 |
- $query = "SELECT port, pid FROM ports WHERE id = '".$buildID."'"; |
126 |
- $result = mysql_query($query); |
127 |
- if (mysql_num_rows($result) == 0) { |
128 |
+ $stmt->bind_result($lastport); |
129 |
+ $stmt->fetch(); |
130 |
+ $stmt->close(); |
131 |
+ $query = "SELECT port, pid FROM ports WHERE id = ?"; |
132 |
+ $stmt = $db->prepare($query); |
133 |
+ $stmt->bind_param("s", $buildID); |
134 |
+ $stmt->execute(); |
135 |
+ if ($stmt->num_rows == 0) { |
136 |
// vm doesn't have one, assign one! |
137 |
+ $stmt->close(); |
138 |
$port = $lastport+1; |
139 |
if ($port > HIGH_PORT) { |
140 |
$port = LOW_PORT; |
141 |
@@ -131,18 +153,18 @@ |
142 |
echo "Assigning new port ".$port."\n"; |
143 |
} else { |
144 |
// vm already has one, return it |
145 |
- $ports = mysql_fetch_array($result); |
146 |
- $port = $ports[0]; |
147 |
- $pid = $ports[1]; |
148 |
- $running = true; |
149 |
- if (!check_pid($pid)) { |
150 |
- $running = false; |
151 |
- $update = true; |
152 |
- echo "VM is not running, PID ".$pid." is dead!\n"; |
153 |
- } else { |
154 |
- echo "VM is running on PID ".$pid."\n"; |
155 |
- } |
156 |
- echo "VM already has port ".$port."\n"; |
157 |
+ $stmt->bind_result($port, $pid); |
158 |
+ $stmt->fetch(); |
159 |
+ $stmt->close(); |
160 |
+ $running = true; |
161 |
+ if (!check_pid($pid)) { |
162 |
+ $running = false; |
163 |
+ $update = true; |
164 |
+ echo "VM is not running, PID ".$pid." is dead!\n"; |
165 |
+ } else { |
166 |
+ echo "VM is running on PID ".$pid."\n"; |
167 |
+ } |
168 |
+ echo "VM already has port ".$port."\n"; |
169 |
} |
170 |
} |
171 |
|
172 |
@@ -162,17 +184,27 @@ |
173 |
$pid = $pid + 2; |
174 |
|
175 |
if ($insert) { |
176 |
- $query = "DELETE FROM ports WHERE port = ".$port; |
177 |
- $result = mysql_query($query); |
178 |
- $query = "INSERT INTO ports (id, port, pid) VALUES('".mysql_real_escape_string($buildID)."', ".$port.", ".$pid.")"; |
179 |
- $result = mysql_query($query); |
180 |
+ $query = "DELETE FROM ports WHERE port = ?"; |
181 |
+ $stmt = $db->prepare($query); |
182 |
+ $stmt->bind_param("d", $port); |
183 |
+ $stmt->execute(); |
184 |
+ $stmt->close(); |
185 |
+ $query = "INSERT INTO ports (id, port, pid) VALUES(?, ?, ?)"; |
186 |
+ $stmt = $db->prepare($query); |
187 |
+ $stmt->bind_param("sdd", $buildID, $port, $pid); |
188 |
+ $stmt->execute(); |
189 |
+ $stmt->close(); |
190 |
echo "Doing insert!\n"; |
191 |
} elseif ($update) { |
192 |
- $query = "UPDATE ports SET pid = ".$pid." WHERE id = '".$buildID."'"; |
193 |
- $result = mysql_query($query); |
194 |
+ $query = "UPDATE ports SET pid = ? WHERE id = ?"; |
195 |
+ $stmt = $db->prepare($query); |
196 |
+ $stmt->bind_param("ds", $pid, $buildID); |
197 |
+ $stmt->execute(); |
198 |
+ $stmt->close(); |
199 |
echo "Doing update\n"; |
200 |
} |
201 |
|
202 |
+ $db->close(); |
203 |
$port = $port+1000; |
204 |
return serialize(array(EXTERNAL_HOST, $port)); |
205 |
} |
206 |
|
207 |
diff --git a/status.php b/status.php |
208 |
index 48f4dff..66d55f8 100644 |
209 |
--- a/status.php |
210 |
+++ b/status.php |
211 |
@@ -8,17 +8,21 @@ |
212 |
if (!isset($argv[1])) { |
213 |
die("No handle hash given\n"); |
214 |
} |
215 |
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); |
216 |
- if (!$db) { |
217 |
- die("Could not connect to database ".mysql_error()."\n"); |
218 |
+ |
219 |
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME, |
220 |
+ MYSQL_PASSWORD, MYSQL_DATABASE); |
221 |
+ if (mysqli_connect_errno()) { |
222 |
+ die("Could not connect to database ".mysqli_connect_error()); |
223 |
} |
224 |
- mysql_select_db(MYSQL_DATABASE); |
225 |
- $query = "SELECT handle FROM builds ". |
226 |
- "WHERE id = '".mysql_real_escape_string($argv[1])."'"; |
227 |
- $result = mysql_query($query); |
228 |
- if (mysql_num_rows($result) == 1) { |
229 |
- $handles = mysql_fetch_array($result); |
230 |
- $handle = $handles[0]; |
231 |
+ |
232 |
+ $query = "SELECT handle FROM builds WHERE id = ?"; |
233 |
+ $stmt = $db->prepare($query); |
234 |
+ $stmt->bind_param("s", $argv[1]); |
235 |
+ $stmt->execute(); |
236 |
+ $stmt->store_result(); |
237 |
+ if ($stmt->num_rows == 1) { |
238 |
+ $stmt->bind_result($handle); |
239 |
+ $stmt->close(); |
240 |
$client = new GearmanClient(); |
241 |
$client->addServer(); |
242 |
|
243 |
@@ -33,11 +37,14 @@ |
244 |
} |
245 |
} else { |
246 |
$query = "SELECT returncode, result FROM builds ". |
247 |
- "WHERE id = '".mysql_real_escape_string($argv[1])."'"; |
248 |
- $result = mysql_query($query); |
249 |
- $jobres = mysql_fetch_array($result); |
250 |
- if ($jobres[0] !== null) { |
251 |
- echo "Job returned with code ".$jobres[0].": ".$jobres[1]."\n"; |
252 |
+ "WHERE id = ?"; |
253 |
+ $stmt = $db->prepare($query); |
254 |
+ $stmt->bind_param("s", $argv[1]); |
255 |
+ $stmt->execute(); |
256 |
+ $stmt->bind_result($returncode, $result); |
257 |
+ $stmt->fetch(); |
258 |
+ if ($returncode !== null) { |
259 |
+ echo "Job returned with code ".$returncode.": ".$result."\n"; |
260 |
} else { |
261 |
echo "Job failed\n"; |
262 |
} |
263 |
@@ -45,4 +52,5 @@ |
264 |
} else { |
265 |
echo "Invalid handle hash\n"; |
266 |
} |
267 |
- |
268 |
+ |
269 |
+ $db->close(); |
270 |
\ No newline at end of file |
271 |
|
272 |
diff --git a/web/config.php b/web/config.php |
273 |
index 6d5735c..30d6aa4 100644 |
274 |
--- a/web/config.php |
275 |
+++ b/web/config.php |
276 |
@@ -16,6 +16,6 @@ |
277 |
define("MYSQL_DATABASE", "gentoaster"); |
278 |
|
279 |
// Set the RECAPTCHA keys that should be used, if enabled |
280 |
- define("RECAPTCHA_ENABLED", true); |
281 |
+ define("RECAPTCHA_ENABLED", false); |
282 |
define("RECAPTCHA_PUBLIC_KEY","REPLACE_ME"); |
283 |
define("RECAPTCHA_PRIVATE_KEY", "REPLACE_ME"); |
284 |
\ No newline at end of file |
285 |
|
286 |
diff --git a/web/process.php b/web/process.php |
287 |
index 43827b9..238e843 100644 |
288 |
--- a/web/process.php |
289 |
+++ b/web/process.php |
290 |
@@ -8,27 +8,42 @@ |
291 |
if (RECAPTCHA_ENABLED) { |
292 |
require_once "recaptcha.php"; |
293 |
|
294 |
+ $remoteAddress = filter_input(INPUT_SERVER, |
295 |
+ "remote_addr", |
296 |
+ FILTER_VALIDATE_IP); |
297 |
+ $challenge = filter_input(INPUT_POST, |
298 |
+ "recaptcha_challenge_field", |
299 |
+ FILTER_UNSAFE_RAW); |
300 |
+ $response = filter_input(INPUT_POST, |
301 |
+ "recaptcha_response_field", |
302 |
+ FILTER_UNSAFE_RAW); |
303 |
+ |
304 |
$resp = recaptcha_check_answer(RECAPTCHA_PRIVATE_KEY, |
305 |
- $_SERVER["REMOTE_ADDR"], |
306 |
- $_POST["recaptcha_challenge_field"], |
307 |
- $_POST["recaptcha_response_field"]); |
308 |
+ $remoteAddress, |
309 |
+ $challenge, |
310 |
+ $response); |
311 |
|
312 |
if (!$resp->is_valid) { |
313 |
die("CAPTCHA was incorrect"); |
314 |
} |
315 |
} |
316 |
|
317 |
+ function sanitize_shellarg($arg) { |
318 |
+ return escapeshellarg($arg); |
319 |
+ } |
320 |
+ define("FILTER_SANITIZE_SHELL", array("options" => "sanitize_shellarg")); |
321 |
+ |
322 |
$buildID = uniqid(); |
323 |
- $bootMegabytes = intval($_POST["boot_size"]); |
324 |
- $swapMegabytes = intval($_POST["swap_size"]); |
325 |
- $rootMegabytes = intval($_POST["root_size"]); |
326 |
- $timezone = escapeshellarg($_POST["timezone"]); |
327 |
- $hostname = escapeshellarg($_POST["hostname"]); |
328 |
- $username = escapeshellarg($_POST["username"]); |
329 |
- $password = escapeshellarg($_POST["password"]); |
330 |
- $rootPassword = escapeshellarg($_POST["rootpassword"]); |
331 |
- $packagesList = escapeshellarg($_POST["packages"]); |
332 |
- $outputFormat = escapeshellarg($_POST["format"]); |
333 |
+ $bootMegabytes = filter_input(INPUT_POST, "boot_size", FILTER_VALIDATE_INT); |
334 |
+ $swapMegabytes = filter_input(INPUT_POST, "swap_size", FILTER_VALIDATE_INT); |
335 |
+ $rootMegabytes = filter_input(INPUT_POST, "root_size", FILTER_VALIDATE_INT); |
336 |
+ $timezone = filter_input(INPUT_POST, "timezone", FILTER_SANITIZE_SHELL); |
337 |
+ $hostname = filter_input(INPUT_POST, "hostname", FILTER_SANITIZE_SHELL); |
338 |
+ $username = filter_input(INPUT_POST, "username", FILTER_SANITIZE_SHELL); |
339 |
+ $password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_SHELL); |
340 |
+ $rootPass = filter_input(INPUT_POST, "rootpassword", FILTER_SANITIZE_SHELL); |
341 |
+ $packagesList = filter_input(INPUT_POST, "packages", FILTER_SANITIZE_SHELL); |
342 |
+ $outputFormat = filter_input(INPUT_POST, "format", FILTER_SANITIZE_SHELL); |
343 |
|
344 |
$packagesList = str_replace("\r\n", " ", $packagesList); |
345 |
$packagesList = str_replace("\n", " ", $packagesList); |
346 |
@@ -41,7 +56,7 @@ SWAP_MEGABYTES='$swapMegabytes' |
347 |
ROOT_MEGABYTES='$rootMegabytes' |
348 |
TIMEZONE=$timezone |
349 |
HOSTNAME=$hostname |
350 |
-ROOT_PASSWORD=$rootPassword |
351 |
+ROOT_PASSWORD=$rootPass |
352 |
DEFAULT_USERNAME=$username |
353 |
DEFAULT_PASSWORD=$password |
354 |
USE_FLAGS='' |
355 |
@@ -55,13 +70,16 @@ OUTPUT_FORMAT=$outputFormat"; |
356 |
$client->addServer(); |
357 |
$handle = $client->doBackground("invoke_image_build", $iniString); |
358 |
|
359 |
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); |
360 |
- if (!$db) { |
361 |
- die("Could not connect to database ".mysql_error()); |
362 |
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME, |
363 |
+ MYSQL_PASSWORD, MYSQL_DATABASE); |
364 |
+ if (mysqli_connect_errno()) { |
365 |
+ die("Could not connect to database ".mysqli_connect_error()); |
366 |
} |
367 |
- mysql_select_db(MYSQL_DATABASE); |
368 |
- $query = "INSERT INTO builds (id, handle) ". |
369 |
- "VALUES('".$buildID."','".$handle."')"; |
370 |
- mysql_query($query); |
371 |
+ |
372 |
+ $stmt = $db->prepare("INSERT INTO builds (id, handle) VALUES(?, ?)"); |
373 |
+ $stmt->bind_param("ss", $buildID, $handle); |
374 |
+ $stmt->execute(); |
375 |
+ $stmt->close(); |
376 |
+ $db->close(); |
377 |
|
378 |
header("Location: finished.php?uuid=".$buildID); |
379 |
\ No newline at end of file |
380 |
|
381 |
diff --git a/web/status.php b/web/status.php |
382 |
index 86e7e0e..719afe6 100644 |
383 |
--- a/web/status.php |
384 |
+++ b/web/status.php |
385 |
@@ -5,22 +5,24 @@ |
386 |
|
387 |
require_once "config.php"; |
388 |
|
389 |
- $buildID = $_GET["uuid"]; |
390 |
+ $buildID = filter_input(INPUT_GET, "uuid", FILTER_UNSAFE_RAW); |
391 |
$buildresult = "Unknown!"; |
392 |
$inprogress = false; |
393 |
$builddone = false; |
394 |
|
395 |
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); |
396 |
- if (!$db) { |
397 |
- die("Could not connect to database ".mysql_error()."\n"); |
398 |
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME, |
399 |
+ MYSQL_PASSWORD, MYSQL_DATABASE); |
400 |
+ if (mysqli_connect_errno()) { |
401 |
+ die("Could not connect to database ".mysqli_connect_error()); |
402 |
} |
403 |
- mysql_select_db(MYSQL_DATABASE); |
404 |
- $query = "SELECT handle FROM builds ". |
405 |
- "WHERE id = '".mysql_real_escape_string($buildID)."'"; |
406 |
- $result = mysql_query($query); |
407 |
- if (mysql_num_rows($result) == 1) { |
408 |
- $handles = mysql_fetch_array($result); |
409 |
- $handle = $handles[0]; |
410 |
+ |
411 |
+ $stmt = $db->prepare("SELECT handle FROM builds WHERE id = ?"); |
412 |
+ $stmt->bind_param("s", $buildID); |
413 |
+ $stmt->execute(); |
414 |
+ if ($stmt->num_rows == 1) { |
415 |
+ $stmt->bind_result($handle); |
416 |
+ $stmt->fetch(); |
417 |
+ $stmt->close(); |
418 |
$client = new GearmanClient(); |
419 |
$client->addServer(); |
420 |
|
421 |
@@ -35,13 +37,14 @@ |
422 |
$buildresult = "Task has not yet been processed"; |
423 |
} |
424 |
} else { |
425 |
- $cleanBuildID = mysql_real_escape_string($buildID); |
426 |
- $query = "SELECT returncode, result FROM builds ". |
427 |
- "WHERE id = '".$cleanBuildID."'"; |
428 |
- $result = mysql_query($query); |
429 |
- $jobres = mysql_fetch_array($result); |
430 |
- if ($jobres[0] !== null) { |
431 |
- if ($jobres[0] == 0) { |
432 |
+ $stmt = $db->prepare("SELECT returncode, result FROM builds WHERE id = ?"); |
433 |
+ $stmt->bind_param("s", $buildID); |
434 |
+ $stmt->execute(); |
435 |
+ $stmt->bind_result($returncode, $result); |
436 |
+ $stmt->fetch(); |
437 |
+ $stmt->close(); |
438 |
+ if ($returncode !== null) { |
439 |
+ if ($returncode == 0) { |
440 |
$buildresult = "Your build is complete! ". |
441 |
"What would you like to do now?". |
442 |
"<br /><br /><center>". |
443 |
@@ -56,16 +59,24 @@ |
444 |
"</table></center>"; |
445 |
$builddone = true; |
446 |
} else { |
447 |
- $buildresult = "Job returned with code ".$jobres[0].": ".$jobres[1]; |
448 |
+ $buildresult = "Job returned with code ".$returncode.": ".$result; |
449 |
} |
450 |
} else { |
451 |
$buildresult = "Job failed"; |
452 |
} |
453 |
} |
454 |
} else { |
455 |
+ $stmt->close(); |
456 |
$buildresult = "Invalid handle hash"; |
457 |
} |
458 |
|
459 |
+ $db->close(); |
460 |
+ |
461 |
+ if (!$builddone) { |
462 |
+ $titleString = "How's things?"; |
463 |
+ } else { |
464 |
+ $titleString = "It's showtime!"; |
465 |
+ } |
466 |
?> |
467 |
<html> |
468 |
<head> |
469 |
@@ -90,17 +101,7 @@ |
470 |
<div id="content"> |
471 |
<div id="main"> |
472 |
<div id="status" class="step"> |
473 |
- <?php |
474 |
- if (!$builddone) { |
475 |
- ?> |
476 |
- <h1>How's things?</h1> |
477 |
- <?php |
478 |
- } else { |
479 |
- ?> |
480 |
- <h1>It's showtime!</h1> |
481 |
- <?php |
482 |
- } |
483 |
- ?> |
484 |
+ <h1><?php echo $titleString; ?></h1> |
485 |
<p> |
486 |
<?php echo $buildresult; ?> |
487 |
<div id="progressbar"></div> |
488 |
|
489 |
diff --git a/web/testdrive.php b/web/testdrive.php |
490 |
index 066dd4c..8f3c718 100644 |
491 |
--- a/web/testdrive.php |
492 |
+++ b/web/testdrive.php |
493 |
@@ -5,19 +5,24 @@ |
494 |
|
495 |
require_once "config.php"; |
496 |
|
497 |
- $buildID = $_GET["uuid"]; |
498 |
+ $buildID = filter_input(INPUT_GET, "uuid", FILTER_UNSAFE_RAW); |
499 |
$buildresult = "Unknown!"; |
500 |
$inprogress = false; |
501 |
|
502 |
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); |
503 |
- if (!$db) { |
504 |
- die("Could not connect to database ".mysql_error()."\n"); |
505 |
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME, |
506 |
+ MYSQL_PASSWORD, MYSQL_DATABASE); |
507 |
+ if (mysqli_connect_errno()) { |
508 |
+ die("Could not connect to database ".mysqli_connect_error()); |
509 |
} |
510 |
- mysql_select_db(MYSQL_DATABASE); |
511 |
- $result = mysql_query("SELECT handle FROM builds WHERE id = '".mysql_real_escape_string($buildID)."'"); |
512 |
- if (mysql_num_rows($result) == 1) { |
513 |
- $handles = mysql_fetch_array($result); |
514 |
- $handle = $handles[0]; |
515 |
+ |
516 |
+ $stmt = $db->prepare("SELECT handle FROM builds WHERE id = ?"); |
517 |
+ $stmt->bind_param("s", $buildID); |
518 |
+ $stmt->execute(); |
519 |
+ |
520 |
+ if ($stmt->num_rows == 1) { |
521 |
+ $stmt->bind_result($handle); |
522 |
+ $stmt->fetch(); |
523 |
+ $stmt->close(); |
524 |
$client = new GearmanClient(); |
525 |
$client->addServer(); |
526 |
|
527 |
@@ -25,12 +30,14 @@ |
528 |
if ($status[0]) { |
529 |
header("Location: status.php?uuid=".$buildID); |
530 |
} else { |
531 |
- $cleanBuildID = mysql_real_escape_string($buildID); |
532 |
- $query = "SELECT returncode, result FROM builds WHERE id = '".$cleanBuildID."'"; |
533 |
- $result = mysql_query(); |
534 |
- $jobres = mysql_fetch_array($result); |
535 |
- if ($jobres[0] !== null) { |
536 |
- if ($jobres[0] == 0) { |
537 |
+ $stmt = $db->prepare("SELECT returncode, result FROM builds WHERE id = ?"); |
538 |
+ $stmt->bind_param("s", $buildID); |
539 |
+ $stmt->execute(); |
540 |
+ $stmt->bind_result($returncode, $result); |
541 |
+ $stmt->fetch(); |
542 |
+ $stmt->close(); |
543 |
+ if ($returncode !== null) { |
544 |
+ if ($returncode == 0) { |
545 |
// we're built, let's do this |
546 |
$client = new GearmanClient(); |
547 |
$client->addServer(); |
548 |
@@ -44,9 +51,11 @@ |
549 |
} |
550 |
} |
551 |
} else { |
552 |
+ $stmt->close(); |
553 |
die("Invalid handle hash"); |
554 |
} |
555 |
|
556 |
+ $db->close(); |
557 |
?> |
558 |
<html> |
559 |
<head> |