| 1 |
commit: 5099c71493abe193f23b7f0a7381e539bc67bb33 |
| 2 |
Author: Liam McLoughlin <hexxeh <AT> hexxeh <DOT> net> |
| 3 |
AuthorDate: Wed Jul 27 19:29:49 2011 +0000 |
| 4 |
Commit: Liam McLoughlin <hexxeh <AT> hexxeh <DOT> net> |
| 5 |
CommitDate: Wed Jul 27 19:29:49 2011 +0000 |
| 6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/gentoaster.git;a=commit;h=5099c714 |
| 7 |
|
| 8 |
Moved to using mysqli and prepared statements |
| 9 |
|
| 10 |
--- |
| 11 |
client.php | 19 +++++---- |
| 12 |
daemon.php | 108 ++++++++++++++++++++++++++++++++++------------------ |
| 13 |
status.php | 40 ++++++++++++-------- |
| 14 |
web/config.php | 2 +- |
| 15 |
web/process.php | 60 +++++++++++++++++++---------- |
| 16 |
web/status.php | 61 +++++++++++++++--------------- |
| 17 |
web/testdrive.php | 39 ++++++++++++------- |
| 18 |
7 files changed, 200 insertions(+), 129 deletions(-) |
| 19 |
|
| 20 |
diff --git a/client.php b/client.php |
| 21 |
index e2284b4..56313ae 100644 |
| 22 |
--- a/client.php |
| 23 |
+++ b/client.php |
| 24 |
@@ -21,13 +21,16 @@ |
| 25 |
|
| 26 |
echo "Job sent, handle was ".$handle." - hash ".$handlehash."\n"; |
| 27 |
|
| 28 |
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); |
| 29 |
- if (!$db) { |
| 30 |
- die("Could not connect to database ".mysql_error()); |
| 31 |
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME, |
| 32 |
+ MYSQL_PASSWORD, MYSQL_DATABASE); |
| 33 |
+ if (mysqli_connect_errno()) { |
| 34 |
+ die("Could not connect to database ".mysqli_connect_error()); |
| 35 |
} |
| 36 |
- mysql_select_db(MYSQL_DATABASE); |
| 37 |
- $query = "INSERT INTO builds (id, handle)". |
| 38 |
- ." VALUES('".$handlehash."','".$handle."')"; |
| 39 |
- mysql_query($query); |
| 40 |
- echo "Job handle mapping added to database\n"; |
| 41 |
|
| 42 |
+ $query = "INSERT INTO builds (id, handle) VALUES(?, ?)"; |
| 43 |
+ $stmt = $db->prepare($query); |
| 44 |
+ $stmt->bind_param("ss", $handlehash, $handle); |
| 45 |
+ $stmt->execute(); |
| 46 |
+ $stmt->close(); |
| 47 |
+ $db->close(); |
| 48 |
+ echo "Job handle mapping added to database\n"; |
| 49 |
\ No newline at end of file |
| 50 |
|
| 51 |
diff --git a/daemon.php b/daemon.php |
| 52 |
index 1936864..5fa09b2 100644 |
| 53 |
--- a/daemon.php |
| 54 |
+++ b/daemon.php |
| 55 |
@@ -17,16 +17,22 @@ |
| 56 |
{ |
| 57 |
$result = trim($result); |
| 58 |
echo "A job finished with return code ".$returncode.": ".$result."\n"; |
| 59 |
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); |
| 60 |
- if (!$db) { |
| 61 |
- die("Could not connect to database ".mysql_error()); |
| 62 |
+ |
| 63 |
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME, |
| 64 |
+ MYSQL_PASSWORD, MYSQL_DATABASE); |
| 65 |
+ if (mysqli_connect_errno()) { |
| 66 |
+ die("Could not connect to database ".mysqli_connect_error()); |
| 67 |
} |
| 68 |
- mysql_select_db(MYSQL_DATABASE); |
| 69 |
- $result = mysql_real_escape_string($result); |
| 70 |
- $query = "UPDATE builds". |
| 71 |
- " SET result = '".$result."', returncode = '".$returncode. |
| 72 |
- "' WHERE handle = '".mysql_real_escape_string($handle)."'"; |
| 73 |
- mysql_query($query); |
| 74 |
+ |
| 75 |
+ $query = "UPDATE builds SET result = ?, returncode = ? ". |
| 76 |
+ "WHERE handle = ?"; |
| 77 |
+ |
| 78 |
+ $stmt = $db->prepare($query); |
| 79 |
+ $stmt->bind_param("sds", $result, $returncode, $handle); |
| 80 |
+ $stmt->execute(); |
| 81 |
+ $stmt->close(); |
| 82 |
+ $db->close(); |
| 83 |
+ |
| 84 |
return serialize(array($returncode, $result)); |
| 85 |
} |
| 86 |
|
| 87 |
@@ -103,26 +109,42 @@ |
| 88 |
$insert = false; |
| 89 |
$update = false; |
| 90 |
|
| 91 |
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); |
| 92 |
- if (!$db) { |
| 93 |
- die("Could not connect to database ".mysql_error()); |
| 94 |
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME, |
| 95 |
+ MYSQL_PASSWORD, MYSQL_DATABASE); |
| 96 |
+ if (mysqli_connect_errno()) { |
| 97 |
+ die("Could not connect to database ".mysqli_connect_error()); |
| 98 |
} |
| 99 |
- mysql_select_db(MYSQL_DATABASE); |
| 100 |
+ |
| 101 |
+ $query = "UPDATE builds SET result = ?, returncode = ? ". |
| 102 |
+ "WHERE handle = ?"; |
| 103 |
+ |
| 104 |
+ $stmt = $db->prepare($query); |
| 105 |
+ $stmt->bind_param("sds", $result, $returncode, $handle); |
| 106 |
+ $stmt->execute(); |
| 107 |
+ $stmt->close(); |
| 108 |
+ $db->close(); |
| 109 |
+ |
| 110 |
$query = "SELECT port FROM ports ORDER BY port DESC LIMIT 1"; |
| 111 |
- $result = mysql_query($query); |
| 112 |
- if (mysql_num_rows($result) == 0) { |
| 113 |
+ $stmt = $db->prepare($query); |
| 114 |
+ $stmt->execute(); |
| 115 |
+ if ($stmt->num_rows == 0) { |
| 116 |
// no ports! assign a new one |
| 117 |
+ $stmt->close(); |
| 118 |
$port = LOW_PORT; |
| 119 |
$insert = true; |
| 120 |
echo "No ports! Assigning ".$port."\n"; |
| 121 |
} else { |
| 122 |
// we have a port! let's check if our vm has one |
| 123 |
- $ports = mysql_fetch_array($result); |
| 124 |
- $lastport = $ports[0]; |
| 125 |
- $query = "SELECT port, pid FROM ports WHERE id = '".$buildID."'"; |
| 126 |
- $result = mysql_query($query); |
| 127 |
- if (mysql_num_rows($result) == 0) { |
| 128 |
+ $stmt->bind_result($lastport); |
| 129 |
+ $stmt->fetch(); |
| 130 |
+ $stmt->close(); |
| 131 |
+ $query = "SELECT port, pid FROM ports WHERE id = ?"; |
| 132 |
+ $stmt = $db->prepare($query); |
| 133 |
+ $stmt->bind_param("s", $buildID); |
| 134 |
+ $stmt->execute(); |
| 135 |
+ if ($stmt->num_rows == 0) { |
| 136 |
// vm doesn't have one, assign one! |
| 137 |
+ $stmt->close(); |
| 138 |
$port = $lastport+1; |
| 139 |
if ($port > HIGH_PORT) { |
| 140 |
$port = LOW_PORT; |
| 141 |
@@ -131,18 +153,18 @@ |
| 142 |
echo "Assigning new port ".$port."\n"; |
| 143 |
} else { |
| 144 |
// vm already has one, return it |
| 145 |
- $ports = mysql_fetch_array($result); |
| 146 |
- $port = $ports[0]; |
| 147 |
- $pid = $ports[1]; |
| 148 |
- $running = true; |
| 149 |
- if (!check_pid($pid)) { |
| 150 |
- $running = false; |
| 151 |
- $update = true; |
| 152 |
- echo "VM is not running, PID ".$pid." is dead!\n"; |
| 153 |
- } else { |
| 154 |
- echo "VM is running on PID ".$pid."\n"; |
| 155 |
- } |
| 156 |
- echo "VM already has port ".$port."\n"; |
| 157 |
+ $stmt->bind_result($port, $pid); |
| 158 |
+ $stmt->fetch(); |
| 159 |
+ $stmt->close(); |
| 160 |
+ $running = true; |
| 161 |
+ if (!check_pid($pid)) { |
| 162 |
+ $running = false; |
| 163 |
+ $update = true; |
| 164 |
+ echo "VM is not running, PID ".$pid." is dead!\n"; |
| 165 |
+ } else { |
| 166 |
+ echo "VM is running on PID ".$pid."\n"; |
| 167 |
+ } |
| 168 |
+ echo "VM already has port ".$port."\n"; |
| 169 |
} |
| 170 |
} |
| 171 |
|
| 172 |
@@ -162,17 +184,27 @@ |
| 173 |
$pid = $pid + 2; |
| 174 |
|
| 175 |
if ($insert) { |
| 176 |
- $query = "DELETE FROM ports WHERE port = ".$port; |
| 177 |
- $result = mysql_query($query); |
| 178 |
- $query = "INSERT INTO ports (id, port, pid) VALUES('".mysql_real_escape_string($buildID)."', ".$port.", ".$pid.")"; |
| 179 |
- $result = mysql_query($query); |
| 180 |
+ $query = "DELETE FROM ports WHERE port = ?"; |
| 181 |
+ $stmt = $db->prepare($query); |
| 182 |
+ $stmt->bind_param("d", $port); |
| 183 |
+ $stmt->execute(); |
| 184 |
+ $stmt->close(); |
| 185 |
+ $query = "INSERT INTO ports (id, port, pid) VALUES(?, ?, ?)"; |
| 186 |
+ $stmt = $db->prepare($query); |
| 187 |
+ $stmt->bind_param("sdd", $buildID, $port, $pid); |
| 188 |
+ $stmt->execute(); |
| 189 |
+ $stmt->close(); |
| 190 |
echo "Doing insert!\n"; |
| 191 |
} elseif ($update) { |
| 192 |
- $query = "UPDATE ports SET pid = ".$pid." WHERE id = '".$buildID."'"; |
| 193 |
- $result = mysql_query($query); |
| 194 |
+ $query = "UPDATE ports SET pid = ? WHERE id = ?"; |
| 195 |
+ $stmt = $db->prepare($query); |
| 196 |
+ $stmt->bind_param("ds", $pid, $buildID); |
| 197 |
+ $stmt->execute(); |
| 198 |
+ $stmt->close(); |
| 199 |
echo "Doing update\n"; |
| 200 |
} |
| 201 |
|
| 202 |
+ $db->close(); |
| 203 |
$port = $port+1000; |
| 204 |
return serialize(array(EXTERNAL_HOST, $port)); |
| 205 |
} |
| 206 |
|
| 207 |
diff --git a/status.php b/status.php |
| 208 |
index 48f4dff..66d55f8 100644 |
| 209 |
--- a/status.php |
| 210 |
+++ b/status.php |
| 211 |
@@ -8,17 +8,21 @@ |
| 212 |
if (!isset($argv[1])) { |
| 213 |
die("No handle hash given\n"); |
| 214 |
} |
| 215 |
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); |
| 216 |
- if (!$db) { |
| 217 |
- die("Could not connect to database ".mysql_error()."\n"); |
| 218 |
+ |
| 219 |
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME, |
| 220 |
+ MYSQL_PASSWORD, MYSQL_DATABASE); |
| 221 |
+ if (mysqli_connect_errno()) { |
| 222 |
+ die("Could not connect to database ".mysqli_connect_error()); |
| 223 |
} |
| 224 |
- mysql_select_db(MYSQL_DATABASE); |
| 225 |
- $query = "SELECT handle FROM builds ". |
| 226 |
- "WHERE id = '".mysql_real_escape_string($argv[1])."'"; |
| 227 |
- $result = mysql_query($query); |
| 228 |
- if (mysql_num_rows($result) == 1) { |
| 229 |
- $handles = mysql_fetch_array($result); |
| 230 |
- $handle = $handles[0]; |
| 231 |
+ |
| 232 |
+ $query = "SELECT handle FROM builds WHERE id = ?"; |
| 233 |
+ $stmt = $db->prepare($query); |
| 234 |
+ $stmt->bind_param("s", $argv[1]); |
| 235 |
+ $stmt->execute(); |
| 236 |
+ $stmt->store_result(); |
| 237 |
+ if ($stmt->num_rows == 1) { |
| 238 |
+ $stmt->bind_result($handle); |
| 239 |
+ $stmt->close(); |
| 240 |
$client = new GearmanClient(); |
| 241 |
$client->addServer(); |
| 242 |
|
| 243 |
@@ -33,11 +37,14 @@ |
| 244 |
} |
| 245 |
} else { |
| 246 |
$query = "SELECT returncode, result FROM builds ". |
| 247 |
- "WHERE id = '".mysql_real_escape_string($argv[1])."'"; |
| 248 |
- $result = mysql_query($query); |
| 249 |
- $jobres = mysql_fetch_array($result); |
| 250 |
- if ($jobres[0] !== null) { |
| 251 |
- echo "Job returned with code ".$jobres[0].": ".$jobres[1]."\n"; |
| 252 |
+ "WHERE id = ?"; |
| 253 |
+ $stmt = $db->prepare($query); |
| 254 |
+ $stmt->bind_param("s", $argv[1]); |
| 255 |
+ $stmt->execute(); |
| 256 |
+ $stmt->bind_result($returncode, $result); |
| 257 |
+ $stmt->fetch(); |
| 258 |
+ if ($returncode !== null) { |
| 259 |
+ echo "Job returned with code ".$returncode.": ".$result."\n"; |
| 260 |
} else { |
| 261 |
echo "Job failed\n"; |
| 262 |
} |
| 263 |
@@ -45,4 +52,5 @@ |
| 264 |
} else { |
| 265 |
echo "Invalid handle hash\n"; |
| 266 |
} |
| 267 |
- |
| 268 |
+ |
| 269 |
+ $db->close(); |
| 270 |
\ No newline at end of file |
| 271 |
|
| 272 |
diff --git a/web/config.php b/web/config.php |
| 273 |
index 6d5735c..30d6aa4 100644 |
| 274 |
--- a/web/config.php |
| 275 |
+++ b/web/config.php |
| 276 |
@@ -16,6 +16,6 @@ |
| 277 |
define("MYSQL_DATABASE", "gentoaster"); |
| 278 |
|
| 279 |
// Set the RECAPTCHA keys that should be used, if enabled |
| 280 |
- define("RECAPTCHA_ENABLED", true); |
| 281 |
+ define("RECAPTCHA_ENABLED", false); |
| 282 |
define("RECAPTCHA_PUBLIC_KEY","REPLACE_ME"); |
| 283 |
define("RECAPTCHA_PRIVATE_KEY", "REPLACE_ME"); |
| 284 |
\ No newline at end of file |
| 285 |
|
| 286 |
diff --git a/web/process.php b/web/process.php |
| 287 |
index 43827b9..238e843 100644 |
| 288 |
--- a/web/process.php |
| 289 |
+++ b/web/process.php |
| 290 |
@@ -8,27 +8,42 @@ |
| 291 |
if (RECAPTCHA_ENABLED) { |
| 292 |
require_once "recaptcha.php"; |
| 293 |
|
| 294 |
+ $remoteAddress = filter_input(INPUT_SERVER, |
| 295 |
+ "remote_addr", |
| 296 |
+ FILTER_VALIDATE_IP); |
| 297 |
+ $challenge = filter_input(INPUT_POST, |
| 298 |
+ "recaptcha_challenge_field", |
| 299 |
+ FILTER_UNSAFE_RAW); |
| 300 |
+ $response = filter_input(INPUT_POST, |
| 301 |
+ "recaptcha_response_field", |
| 302 |
+ FILTER_UNSAFE_RAW); |
| 303 |
+ |
| 304 |
$resp = recaptcha_check_answer(RECAPTCHA_PRIVATE_KEY, |
| 305 |
- $_SERVER["REMOTE_ADDR"], |
| 306 |
- $_POST["recaptcha_challenge_field"], |
| 307 |
- $_POST["recaptcha_response_field"]); |
| 308 |
+ $remoteAddress, |
| 309 |
+ $challenge, |
| 310 |
+ $response); |
| 311 |
|
| 312 |
if (!$resp->is_valid) { |
| 313 |
die("CAPTCHA was incorrect"); |
| 314 |
} |
| 315 |
} |
| 316 |
|
| 317 |
+ function sanitize_shellarg($arg) { |
| 318 |
+ return escapeshellarg($arg); |
| 319 |
+ } |
| 320 |
+ define("FILTER_SANITIZE_SHELL", array("options" => "sanitize_shellarg")); |
| 321 |
+ |
| 322 |
$buildID = uniqid(); |
| 323 |
- $bootMegabytes = intval($_POST["boot_size"]); |
| 324 |
- $swapMegabytes = intval($_POST["swap_size"]); |
| 325 |
- $rootMegabytes = intval($_POST["root_size"]); |
| 326 |
- $timezone = escapeshellarg($_POST["timezone"]); |
| 327 |
- $hostname = escapeshellarg($_POST["hostname"]); |
| 328 |
- $username = escapeshellarg($_POST["username"]); |
| 329 |
- $password = escapeshellarg($_POST["password"]); |
| 330 |
- $rootPassword = escapeshellarg($_POST["rootpassword"]); |
| 331 |
- $packagesList = escapeshellarg($_POST["packages"]); |
| 332 |
- $outputFormat = escapeshellarg($_POST["format"]); |
| 333 |
+ $bootMegabytes = filter_input(INPUT_POST, "boot_size", FILTER_VALIDATE_INT); |
| 334 |
+ $swapMegabytes = filter_input(INPUT_POST, "swap_size", FILTER_VALIDATE_INT); |
| 335 |
+ $rootMegabytes = filter_input(INPUT_POST, "root_size", FILTER_VALIDATE_INT); |
| 336 |
+ $timezone = filter_input(INPUT_POST, "timezone", FILTER_SANITIZE_SHELL); |
| 337 |
+ $hostname = filter_input(INPUT_POST, "hostname", FILTER_SANITIZE_SHELL); |
| 338 |
+ $username = filter_input(INPUT_POST, "username", FILTER_SANITIZE_SHELL); |
| 339 |
+ $password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_SHELL); |
| 340 |
+ $rootPass = filter_input(INPUT_POST, "rootpassword", FILTER_SANITIZE_SHELL); |
| 341 |
+ $packagesList = filter_input(INPUT_POST, "packages", FILTER_SANITIZE_SHELL); |
| 342 |
+ $outputFormat = filter_input(INPUT_POST, "format", FILTER_SANITIZE_SHELL); |
| 343 |
|
| 344 |
$packagesList = str_replace("\r\n", " ", $packagesList); |
| 345 |
$packagesList = str_replace("\n", " ", $packagesList); |
| 346 |
@@ -41,7 +56,7 @@ SWAP_MEGABYTES='$swapMegabytes' |
| 347 |
ROOT_MEGABYTES='$rootMegabytes' |
| 348 |
TIMEZONE=$timezone |
| 349 |
HOSTNAME=$hostname |
| 350 |
-ROOT_PASSWORD=$rootPassword |
| 351 |
+ROOT_PASSWORD=$rootPass |
| 352 |
DEFAULT_USERNAME=$username |
| 353 |
DEFAULT_PASSWORD=$password |
| 354 |
USE_FLAGS='' |
| 355 |
@@ -55,13 +70,16 @@ OUTPUT_FORMAT=$outputFormat"; |
| 356 |
$client->addServer(); |
| 357 |
$handle = $client->doBackground("invoke_image_build", $iniString); |
| 358 |
|
| 359 |
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); |
| 360 |
- if (!$db) { |
| 361 |
- die("Could not connect to database ".mysql_error()); |
| 362 |
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME, |
| 363 |
+ MYSQL_PASSWORD, MYSQL_DATABASE); |
| 364 |
+ if (mysqli_connect_errno()) { |
| 365 |
+ die("Could not connect to database ".mysqli_connect_error()); |
| 366 |
} |
| 367 |
- mysql_select_db(MYSQL_DATABASE); |
| 368 |
- $query = "INSERT INTO builds (id, handle) ". |
| 369 |
- "VALUES('".$buildID."','".$handle."')"; |
| 370 |
- mysql_query($query); |
| 371 |
+ |
| 372 |
+ $stmt = $db->prepare("INSERT INTO builds (id, handle) VALUES(?, ?)"); |
| 373 |
+ $stmt->bind_param("ss", $buildID, $handle); |
| 374 |
+ $stmt->execute(); |
| 375 |
+ $stmt->close(); |
| 376 |
+ $db->close(); |
| 377 |
|
| 378 |
header("Location: finished.php?uuid=".$buildID); |
| 379 |
\ No newline at end of file |
| 380 |
|
| 381 |
diff --git a/web/status.php b/web/status.php |
| 382 |
index 86e7e0e..719afe6 100644 |
| 383 |
--- a/web/status.php |
| 384 |
+++ b/web/status.php |
| 385 |
@@ -5,22 +5,24 @@ |
| 386 |
|
| 387 |
require_once "config.php"; |
| 388 |
|
| 389 |
- $buildID = $_GET["uuid"]; |
| 390 |
+ $buildID = filter_input(INPUT_GET, "uuid", FILTER_UNSAFE_RAW); |
| 391 |
$buildresult = "Unknown!"; |
| 392 |
$inprogress = false; |
| 393 |
$builddone = false; |
| 394 |
|
| 395 |
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); |
| 396 |
- if (!$db) { |
| 397 |
- die("Could not connect to database ".mysql_error()."\n"); |
| 398 |
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME, |
| 399 |
+ MYSQL_PASSWORD, MYSQL_DATABASE); |
| 400 |
+ if (mysqli_connect_errno()) { |
| 401 |
+ die("Could not connect to database ".mysqli_connect_error()); |
| 402 |
} |
| 403 |
- mysql_select_db(MYSQL_DATABASE); |
| 404 |
- $query = "SELECT handle FROM builds ". |
| 405 |
- "WHERE id = '".mysql_real_escape_string($buildID)."'"; |
| 406 |
- $result = mysql_query($query); |
| 407 |
- if (mysql_num_rows($result) == 1) { |
| 408 |
- $handles = mysql_fetch_array($result); |
| 409 |
- $handle = $handles[0]; |
| 410 |
+ |
| 411 |
+ $stmt = $db->prepare("SELECT handle FROM builds WHERE id = ?"); |
| 412 |
+ $stmt->bind_param("s", $buildID); |
| 413 |
+ $stmt->execute(); |
| 414 |
+ if ($stmt->num_rows == 1) { |
| 415 |
+ $stmt->bind_result($handle); |
| 416 |
+ $stmt->fetch(); |
| 417 |
+ $stmt->close(); |
| 418 |
$client = new GearmanClient(); |
| 419 |
$client->addServer(); |
| 420 |
|
| 421 |
@@ -35,13 +37,14 @@ |
| 422 |
$buildresult = "Task has not yet been processed"; |
| 423 |
} |
| 424 |
} else { |
| 425 |
- $cleanBuildID = mysql_real_escape_string($buildID); |
| 426 |
- $query = "SELECT returncode, result FROM builds ". |
| 427 |
- "WHERE id = '".$cleanBuildID."'"; |
| 428 |
- $result = mysql_query($query); |
| 429 |
- $jobres = mysql_fetch_array($result); |
| 430 |
- if ($jobres[0] !== null) { |
| 431 |
- if ($jobres[0] == 0) { |
| 432 |
+ $stmt = $db->prepare("SELECT returncode, result FROM builds WHERE id = ?"); |
| 433 |
+ $stmt->bind_param("s", $buildID); |
| 434 |
+ $stmt->execute(); |
| 435 |
+ $stmt->bind_result($returncode, $result); |
| 436 |
+ $stmt->fetch(); |
| 437 |
+ $stmt->close(); |
| 438 |
+ if ($returncode !== null) { |
| 439 |
+ if ($returncode == 0) { |
| 440 |
$buildresult = "Your build is complete! ". |
| 441 |
"What would you like to do now?". |
| 442 |
"<br /><br /><center>". |
| 443 |
@@ -56,16 +59,24 @@ |
| 444 |
"</table></center>"; |
| 445 |
$builddone = true; |
| 446 |
} else { |
| 447 |
- $buildresult = "Job returned with code ".$jobres[0].": ".$jobres[1]; |
| 448 |
+ $buildresult = "Job returned with code ".$returncode.": ".$result; |
| 449 |
} |
| 450 |
} else { |
| 451 |
$buildresult = "Job failed"; |
| 452 |
} |
| 453 |
} |
| 454 |
} else { |
| 455 |
+ $stmt->close(); |
| 456 |
$buildresult = "Invalid handle hash"; |
| 457 |
} |
| 458 |
|
| 459 |
+ $db->close(); |
| 460 |
+ |
| 461 |
+ if (!$builddone) { |
| 462 |
+ $titleString = "How's things?"; |
| 463 |
+ } else { |
| 464 |
+ $titleString = "It's showtime!"; |
| 465 |
+ } |
| 466 |
?> |
| 467 |
<html> |
| 468 |
<head> |
| 469 |
@@ -90,17 +101,7 @@ |
| 470 |
<div id="content"> |
| 471 |
<div id="main"> |
| 472 |
<div id="status" class="step"> |
| 473 |
- <?php |
| 474 |
- if (!$builddone) { |
| 475 |
- ?> |
| 476 |
- <h1>How's things?</h1> |
| 477 |
- <?php |
| 478 |
- } else { |
| 479 |
- ?> |
| 480 |
- <h1>It's showtime!</h1> |
| 481 |
- <?php |
| 482 |
- } |
| 483 |
- ?> |
| 484 |
+ <h1><?php echo $titleString; ?></h1> |
| 485 |
<p> |
| 486 |
<?php echo $buildresult; ?> |
| 487 |
<div id="progressbar"></div> |
| 488 |
|
| 489 |
diff --git a/web/testdrive.php b/web/testdrive.php |
| 490 |
index 066dd4c..8f3c718 100644 |
| 491 |
--- a/web/testdrive.php |
| 492 |
+++ b/web/testdrive.php |
| 493 |
@@ -5,19 +5,24 @@ |
| 494 |
|
| 495 |
require_once "config.php"; |
| 496 |
|
| 497 |
- $buildID = $_GET["uuid"]; |
| 498 |
+ $buildID = filter_input(INPUT_GET, "uuid", FILTER_UNSAFE_RAW); |
| 499 |
$buildresult = "Unknown!"; |
| 500 |
$inprogress = false; |
| 501 |
|
| 502 |
- $db = mysql_connect(MYSQL_HOSTNAME, MYSQL_USERNAME, MYSQL_PASSWORD); |
| 503 |
- if (!$db) { |
| 504 |
- die("Could not connect to database ".mysql_error()."\n"); |
| 505 |
+ $db = new mysqli(MYSQL_HOSTNAME, MYSQL_USERNAME, |
| 506 |
+ MYSQL_PASSWORD, MYSQL_DATABASE); |
| 507 |
+ if (mysqli_connect_errno()) { |
| 508 |
+ die("Could not connect to database ".mysqli_connect_error()); |
| 509 |
} |
| 510 |
- mysql_select_db(MYSQL_DATABASE); |
| 511 |
- $result = mysql_query("SELECT handle FROM builds WHERE id = '".mysql_real_escape_string($buildID)."'"); |
| 512 |
- if (mysql_num_rows($result) == 1) { |
| 513 |
- $handles = mysql_fetch_array($result); |
| 514 |
- $handle = $handles[0]; |
| 515 |
+ |
| 516 |
+ $stmt = $db->prepare("SELECT handle FROM builds WHERE id = ?"); |
| 517 |
+ $stmt->bind_param("s", $buildID); |
| 518 |
+ $stmt->execute(); |
| 519 |
+ |
| 520 |
+ if ($stmt->num_rows == 1) { |
| 521 |
+ $stmt->bind_result($handle); |
| 522 |
+ $stmt->fetch(); |
| 523 |
+ $stmt->close(); |
| 524 |
$client = new GearmanClient(); |
| 525 |
$client->addServer(); |
| 526 |
|
| 527 |
@@ -25,12 +30,14 @@ |
| 528 |
if ($status[0]) { |
| 529 |
header("Location: status.php?uuid=".$buildID); |
| 530 |
} else { |
| 531 |
- $cleanBuildID = mysql_real_escape_string($buildID); |
| 532 |
- $query = "SELECT returncode, result FROM builds WHERE id = '".$cleanBuildID."'"; |
| 533 |
- $result = mysql_query(); |
| 534 |
- $jobres = mysql_fetch_array($result); |
| 535 |
- if ($jobres[0] !== null) { |
| 536 |
- if ($jobres[0] == 0) { |
| 537 |
+ $stmt = $db->prepare("SELECT returncode, result FROM builds WHERE id = ?"); |
| 538 |
+ $stmt->bind_param("s", $buildID); |
| 539 |
+ $stmt->execute(); |
| 540 |
+ $stmt->bind_result($returncode, $result); |
| 541 |
+ $stmt->fetch(); |
| 542 |
+ $stmt->close(); |
| 543 |
+ if ($returncode !== null) { |
| 544 |
+ if ($returncode == 0) { |
| 545 |
// we're built, let's do this |
| 546 |
$client = new GearmanClient(); |
| 547 |
$client->addServer(); |
| 548 |
@@ -44,9 +51,11 @@ |
| 549 |
} |
| 550 |
} |
| 551 |
} else { |
| 552 |
+ $stmt->close(); |
| 553 |
die("Invalid handle hash"); |
| 554 |
} |
| 555 |
|
| 556 |
+ $db->close(); |
| 557 |
?> |
| 558 |
<html> |
| 559 |
<head> |
Archives