Cleaning Database lib from old code and unused code.

main/admin/add_users_to_session.php

@@ -201,7 +201,7 @@ function search_users($needle, $type)
                 }
             }
         }
-        //echo Database::fixQuery($sql);
+
         $rs = Database::query($sql);
         $i = 0;
         if ($type=='single') {

main/coursecopy/classes/CourseBuilder.class.php

@@ -1055,7 +1055,7 @@ class CourseBuilder
     {
         $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
         $tbl_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
-        $list_course = Database::get_course_list();
+        $list_course = CourseManager::get_course_list();
         $list = array();
         foreach($list_course as $_course) {
             $this->course = new Course();

main/gradebook/index.php

@@ -730,7 +730,7 @@ $certificate = array();
 if ($category != '0') {
     $cat = new Category();
     $category_id   = intval($_GET['selectcat']);
-    $course_id     = Database::get_course_by_category($category_id);
+    $course_id     = CourseManager::get_course_by_category($category_id);
     $show_message  = $cat->show_message_resource_delete($course_id);
 
     if ($show_message == '') {

main/gradebook/lib/fe/displaygradebook.php

@@ -211,7 +211,7 @@ class DisplayGradebook
         // Student
         $status = CourseManager::get_user_in_course_status(api_get_user_id(), api_get_course_id());
         $objcat = new Category();
-        $course_id = Database::get_course_by_category($selectcat);
+        $course_id = CourseManager::get_course_by_category($selectcat);
         $message_resource = $objcat->show_message_resource_delete($course_id);
 
         if (!$is_course_admin && $status <> 1 && $selectcat <> 0) {
@@ -394,7 +394,7 @@ class DisplayGradebook
         // Student.
         $status = CourseManager::get_user_in_course_status(api_get_user_id(), api_get_course_id());
         $objcat = new Category();
-        $course_id = Database::get_course_by_category($selectcat);
+        $course_id = CourseManager::get_course_by_category($selectcat);
         $message_resource = $objcat->show_message_resource_delete($course_id);
         $grade_model_id = $catobj->get_grade_model_id();
         $header = null;

main/inc/lib/course.lib.php

@@ -5402,4 +5402,28 @@ class CourseManager
         return $result;
     }
 
+    /**
+     *  @return array a list (array) of all courses.
+     */
+    public static function get_course_list()
+    {
+        $table = Database::get_main_table(TABLE_MAIN_COURSE);
+        return Database::store_result(self::query("SELECT *, id as real_id FROM $table"));
+    }
+
+    /**
+     * Returns course code from a given gradebook category's id
+     * @param int  Category ID
+     * @return string  Course code
+     */
+    public static function get_course_by_category($category_id)
+    {
+        $category_id = intval($category_id);
+        $info = Database::fetch_array(
+            Database::query('SELECT course_code FROM '.Database::get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY).'
+            WHERE id='.$category_id), 'ASSOC'
+        );
+        return $info ? $info['course_code'] : false;
+    }
+
 }

main/inc/lib/database.lib.php

@@ -55,29 +55,6 @@ class Database
         return $_configuration['main_database'];
     }
 
-    /**
-     *  Returns the name of the database where all the personal stuff of the user is stored
-     *  @todo use main_database
-     */
-    public static function get_user_personal_database()
-    {
-        return self::get_main_database();
-    }
-
-    /**
-     *  Returns the name of the current course database.
-     *  @return    mixed   Glued database name of false if undefined
-     */
-    public static function get_current_course_database()
-    {
-        $course_info = api_get_course_info();
-        if (empty($course_info['dbName'])) {
-            return false;
-        }
-
-        return $course_info['dbName'];
-    }
-
     /**
      *  Returns the glued name of the current course database.
      *  @return    mixed   Glued database name of false if undefined
@@ -182,7 +159,6 @@ class Database
             //exit;
         }
         return self::format_table_name(self::get_main_database(), DB_COURSE_PREFIX.$short_table_name);
-        //return self::format_glued_course_table_name(self::fix_database_parameter($database_name), $short_table_name);
     }
 
     /*
@@ -190,74 +166,6 @@ class Database
         These methods execute a query and return the result(s).
     */
 
-    /**
-     *  @return array a list (array) of all courses.
-     *  @todo shouldn't this be in the course.lib.php script?
-     */
-    public static function get_course_list()
-    {
-        $table = self::get_main_table(TABLE_MAIN_COURSE);
-        return self::store_result(self::query("SELECT *, id as real_id FROM $table"));
-    }
-
-    /**
-     * Gets user details from the "user" table
-     * @param $user_id (integer): the id of the user
-     * @return $user_info (array): user_id, lname, fname, username, email, ...
-     * @author Patrick Cool <patrick.cool@UGent.be>, expanded to get info for any user
-     * @author Roan Embrechts, first version + converted to Database API
-     * @version 30 September 2004
-     * @deprecated use api_get_user_info();
-     * @desc find all the information about a specified user. Without parameter this is the current user.
-     * @todo shouldn't this be in the user.lib.php script?
-     */
-    public static function get_user_info_from_id($user_id = '')
-    {
-        if (empty($user_id)) {
-            return $GLOBALS['_user'];
-        }
-        $table = self::get_main_table(TABLE_MAIN_USER);
-        $user_id = self::escape_string($user_id);
-        return self::generate_abstract_user_field_names(
-            self::fetch_array(self::query("SELECT * FROM $table WHERE user_id = '$user_id'")));
-    }
-
-    /**
-     * Returns course code from a given gradebook category's id
-     * @param int  Category ID
-     * @return string  Course code
-     * @todo move this function in a gradebook-related library
-     */
-    public static function get_course_by_category($category_id)
-    {
-        $category_id = intval($category_id);
-        $info = self::fetch_array(self::query('SELECT course_code FROM '.self::get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY).' WHERE id='.$category_id), 'ASSOC');
-        return $info ? $info['course_code'] : false;
-    }
-
-    /**
-     *  This method creates an abstraction layer between database field names
-     *  and field names expected in code.
-     *
-     *  This helps when changing database names.
-     *  It's also useful now to get rid of the 'franglais'.
-     *
-     *  @todo add more array entries to abstract user info from field names
-     *  @author Roan Embrechts
-     *  @author Patrick Cool
-     *
-     *  @todo what's the use of this function. I think this is better removed.
-     *      There should be consistency in the variable names and the use throughout the scripts
-     */
-    public static function generate_abstract_user_field_names($result_array) {
-        $result_array['firstName']      = $result_array['firstname'];
-        $result_array['lastName']       = $result_array['lastname'];
-        $result_array['mail']           = $result_array['email'];
-        #$result_array['picture_uri']   = $result_array['picture_uri'];
-        #$result_array ['user_id']      = $result_array['user_id'];
-        return $result_array;
-    }
-
     /**
      * Counts the number of rows in a table
      * @param string $table The table of which the rows should be counted
@@ -378,13 +286,6 @@ class Database
      */
     public static function escape_string($string, $connection = null, $addFix = true)
     {
-        // Fixes security problem when there's no "" or '' between a variable.
-        // See #7440 for more info
-        /*
-        if ($addFix) {
-            //$string = "__@$string@__";
-        }
-        */
         return get_magic_quotes_gpc()
             ? (self::use_default_connection($connection)
                 ? mysql_real_escape_string(stripslashes($string))
@@ -473,41 +374,6 @@ class Database
         return $result;
     }
 
-    /**
-     * Returns a list of the fields that a given table contains. The list may contain all of the available field names or filtered field names by using a pattern.
-     * By using a special option, this method is able to return an indexed list of fields' properties, where field names are keys.
-     * @param string $table                     This is the examined table.
-     * @param string $pattern (optional)        A pattern for filtering field names as if it was needed for the SQL's LIKE clause, for example 'column_%'.
-     * @param string $database (optional)       The name of the targeted database. If it is omited, the current database is assumed, see Database::select_db().
-     * @param bool $including_properties (optional) When this option is true, the returned result has the followong format:
-     *                                              array(field_name_1 => array(0 => property_1, 1 => property_2, ...), fieald_name_2 => array(0 => property_1, ...), ...)
-     * @param resource $connection (optional)   The database server connection, for detailed description see the method query().
-     * @return array                            Returns in an array the retrieved list of field names.
-     */
-    public static function get_fields($table, $pattern = '', $database = '', $including_properties = false, $connection = null) {
-        $result = array();
-        $query = "SHOW COLUMNS FROM `".self::escape_string($table, $connection)."`";
-        if (!empty($database)) {
-            $query .= " FROM `".self::escape_string($database, $connection)."`";
-        }
-        if (!empty($pattern)) {
-            $query .= " LIKE '".self::escape_string($pattern, $connection)."'";
-        }
-        $query_result = Database::query($query, $connection);
-        if ($including_properties) {
-            // Making an indexed list of the fields and their properties.
-            while ($row = Database::fetch_row($query_result)) {
-                $result[$row[0]] = $row;
-            }
-        } else {
-            // Making a plain, flat list.
-            while ($row = Database::fetch_row($query_result)) {
-                $result[] = $row[0];
-            }
-        }
-        return $result;
-    }
-
     /**
      * Returns information about the type of the current connection and the server host name.
      * @param resource $connection (optional)   The database server connection, for detailed description see the method query().
@@ -591,36 +457,6 @@ class Database
         return self::num_rows($resource) > 0 ? (!empty($field) ? mysql_result($resource, $row, $field) : mysql_result($resource, $row)) : null;
     }
 
-    /**
-     * Removes "__@" prefix and @__ suffix added by Database::escape_string()
-     * See #7440 for more info
-     * @param string $query
-     * @return mixed
-     */
-    public static function fixQuery($query)
-    {
-        // LIKE condition
-        $query = str_replace("'%__@", "'%", $query);
-        $query = str_replace("@__%'", "%'", $query);
-
-        $query = str_replace('@__%"', "%'", $query);
-        $query = str_replace('"%__@', "'%", $query);
-
-        // Fixing doubles
-        $query = str_replace("__@__@", "__@", $query);
-        $query = str_replace("@__@__", "@__", $query);
-
-        $query = str_replace("'__@", "'", $query);
-        $query = str_replace('"__@', "'", $query);
-        $query = str_replace("__@", "'", $query);
-
-        $query = str_replace("@__'", "'", $query);
-        $query = str_replace('@__"', "'", $query);
-        $query = str_replace("@__", "'", $query);
-
-        return $query;
-    }
-
     /**
      * This method returns a resource
      * Documentation has been added by Arthur Portugal
@@ -658,8 +494,6 @@ class Database
             $connection = null;
         }
 
-        //$query = self::fixQuery($query);
-
         // Check if the table contains a c_ (means a course id)
         if (api_get_setting('server_type') === 'test' && strpos($query, 'c_')) {
             //Check if the table contains inner joins
@@ -943,37 +777,6 @@ class Database
         No effort is made to keep the names / results the same.
     */
 
-    /**
-     *  Glues a course database.
-     *  glue format from local.inc.php.
-     */
-    private static function glue_course_database_name($database_name) {
-        return self::get_course_table_prefix().$database_name.self::get_database_glue();
-    }
-
-    /**
-     *  @param string $database_name, can be empty to use current course db
-     *
-     *  @return the glued parameter if it is not empty,
-     *  or the current course database (glued) if the parameter is empty.
-     */
-    private static function fix_database_parameter($database_name) {
-        if (empty($database_name)) {
-            $course_info = api_get_course_info();
-            return $course_info['dbNameGlu'];
-        }
-        return self::glue_course_database_name($database_name);
-    }
-
-    /**
-     *  Structures a course database and table name to ready them
-     *  for querying. The course database parameter is considered glued:
-     *  e.g. COURSE001`.`
-     */
-    private static function format_glued_course_table_name($database_name_with_glue, $table) {
-        return '`'.$database_name_with_glue.$table.'`';
-    }
-
     /**
      *  Structures a database and table name to ready them
      *  for querying. The database parameter is considered not glued,

main/inc/lib/database.mysqli.lib.php

@@ -54,28 +54,6 @@ class MySQLIDatabase {
         return $_configuration['scorm_database'];
     }
 
-    /**
-     *	Returns the name of the database where all the personal stuff of the user is stored
-     */
-    public static function get_user_personal_database()
-    {
-        global $_configuration;
-        return $_configuration['user_personal_database'];
-    }
-
-    /**
-     *	Returns the name of the current course database.
-     *  @return    mixed   Glued database name of false if undefined
-     */
-    public static function get_current_course_database()
-    {
-        $course_info = api_get_course_info();
-        if (empty($course_info['dbName'])) {
-            return false;
-        }
-        return $course_info['dbName'];
-    }
-
     /**
      *	Returns the glued name of the current course database.
      *  @return    mixed   Glued database name of false if undefined
@@ -180,74 +158,6 @@ class MySQLIDatabase {
         These methods execute a query and return the result(s).
     */
 
-    /**
-     * Returns a full list of the contents of the course table as a PHP table
-     * @return a list (array) of all courses.
-     * @todo shouldn't this be in the course.lib.php script?
-     */
-    public static function get_course_list()
-    {
-        $table = self::get_main_table(TABLE_MAIN_COURSE);
-        return self::store_result(self::query("SELECT * FROM $table"));
-    }
-
-    /**
-     *	@param $user_id (integer): the id of the user
-     *	@return $user_info (array): user_id, lastname, firstname, username, email, ...
-     *	@author Patrick Cool <patrick.cool@UGent.be>, expanded to get info for any user
-     *	@author Roan Embrechts, first version + converted to Database API
-     *	@version 30 September 2004
-     *	@desc find all the information about a specified user. Without parameter this is the current user.
-     * 	@todo shouldn't this be in the user.lib.php script?
-     */
-    public static function get_user_info_from_id($user_id = '')
-    {
-        if (empty($user_id)) {
-            return $GLOBALS['_user'];
-        }
-        $table = self::get_main_table(TABLE_MAIN_USER);
-        $user_id = self::escape_string($user_id);
-        return self::generate_abstract_user_field_names(
-            self::fetch_array(self::query("SELECT * FROM $table WHERE user_id = '$user_id'")));
-    }
-
-    /**
-     * Returns course code from a given gradebook category's id
-     * @param int  Category ID
-     * @return string  Course code
-     * @todo move this function in a gradebook-related library
-     */
-    public static function get_course_by_category($category_id)
-    {
-        $category_id = intval($category_id);
-        $info = self::fetch_array(self::query('SELECT course_code FROM '.self::get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY).' WHERE id='.$category_id), 'ASSOC');
-        return $info ? $info['course_code'] : false;
-    }
-
-    /**
-     *	This method creates an abstraction layer between database field names
-     *	and field names expected in code.
-     *
-     *	This helps when changing database names.
-     *	It's also useful now to get rid of the 'franglais'.
-     *
-     *	@todo add more array entries to abstract user info from field names
-     *	@author Roan Embrechts
-     *	@author Patrick Cool
-     *
-     * 	@todo what's the use of this function. I think this is better removed.
-     * 		There should be consistency in the variable names and the use throughout the scripts
-     */
-    public static function generate_abstract_user_field_names($result_array)
-    {
-        $result_array['firstName'] 		= $result_array['firstname'];
-        $result_array['lastName'] 		= $result_array['lastname'];
-        $result_array['mail'] 			= $result_array['email'];
-        #$result_array['picture_uri'] 	= $result_array['picture_uri'];
-        #$result_array ['user_id']		= $result_array['user_id'];
-        return $result_array;
-    }
-
     /**
      * Counts the number of rows in a table
      * @param string $table The table of which the rows should be counted
@@ -443,42 +353,6 @@ class MySQLIDatabase {
         return $result;
     }
 
-    /**
-     * Returns a list of the fields that a given table contains. The list may contain all of the available field names or filtered field names by using a pattern.
-     * By using a special option, this method is able to return an indexed list of fields' properties, where field names are keys.
-     * @param string $table						This is the examined table.
-     * @param string $pattern (optional)		A pattern for filtering field names as if it was needed for the SQL LIKE clause, for example 'column_%'.
-     * @param string $database (optional)		The name of the targeted database. If it is omitted, the current database is assumed, see Database::select_db().
-     * @param bool $including_properties (optional)	When this option is true, the returned result has the following format:
-     * 												array(field_name_1 => array(0 => property_1, 1 => property_2, ...), field_name_2 => array(0 => property_1, ...), ...)
-     * @param resource $connection (optional)	The database server connection, for detailed description see the method query().
-     * @return array							Returns in an array the retrieved list of field names.
-     */
-    public static function get_fields($table, $pattern = '', $database = '', $including_properties = false, $connection = null)
-    {
-        $result = array();
-        $query = "SHOW COLUMNS FROM `".self::escape_string($table, $connection)."`";
-        if (!empty($database)) {
-            $query .= " FROM `".self::escape_string($database, $connection)."`";
-        }
-        if (!empty($pattern)) {
-            $query .= " LIKE '".self::escape_string($pattern, $connection)."'";
-        }
-        $query_result = Database::query($query, $connection);
-        if ($including_properties) {
-            // Making an indexed list of the fields and their properties.
-            while ($row = Database::fetch_row($query_result)) {
-                $result[$row[0]] = $row;
-            }
-        } else {
-            // Making a plain, flat list.
-            while ($row = Database::fetch_row($query_result)) {
-                $result[] = $row[0];
-            }
-        }
-        return $result;
-    }
-
     /**
      * Returns information about the type of the current connection and the server host name.
      * @param resource $connection (optional)	The database server connection, for detailed description see the method query().

main/inc/lib/internationalization.lib.php

@@ -570,10 +570,7 @@ function api_get_utc_datetime($time = null, $return_null_if_invalid_date = false
         }
         return gmdate('Y-m-d H:i:s');
     }
-    if (preg_match('/__@(.*)@__/', $time)) {
-        // unfilter special security fix for SQL injection, see Database::fixQuery()
-        $time = str_replace(array("__@","@__"), "", $time);
-    }
+
     // If time is a timestamp, return directly in utc
     if (is_numeric($time)) {
         $time = intval($time);

tests/main/inc/lib/database.lib.test.php

@@ -71,18 +71,6 @@ class TestDatabase extends UnitTestCase {
 		$this->assertTrue(is_array($resu));
 	}
 
-	/* // Contains a private unaccessible method, Database::fix_database_parameter().
-	function testFixDatabaseParameterEmpty() {
-		$course_info = api_get_course_info();
-		$database_name= $course_info[""];
-		$res=$this->dbase->fix_database_parameter($database_name);
-		if(!is_null($res)) :
-		$this->assertTrue(is_string($res));
-		endif;
-		//var_dump($res);
-	}
-	*/
-
 	/* // Contains a private unaccessible method, Database::fix_database_parameter().
 	function testFixDatabaseParameterReturnString() {
 		$course_info = api_get_course_info();
@@ -141,17 +129,6 @@ class TestDatabase extends UnitTestCase {
 		$this->assertTrue(is_string($res));
 	}
 
-	function testGetCurrentCourseDatabase() {
-		$res=$this->dbase->get_current_course_database();
-        if (empty($GLOBALS['_course']['dbName'])) {
-            $this->assertFalse($res);
-        } else {
-            $this->assertTrue(is_string($res));
-        }
-        $res=$this->dbase->get_current_course_database('___');
-        $this->assertFalse($res);
-	}
-
 	function testGetCurrentCourseGluedDatabase() {
 	    global $_course;
 	    $res=$this->dbase->get_current_course_glued_database();
@@ -186,19 +163,6 @@ class TestDatabase extends UnitTestCase {
 		$this->assertTrue(is_string($res));
 	}
 
-/* Fails for some reason on automated tests server
-    function testGetUserInfoFromIdNullIsFalse() {
-        // should be returning GLOBALS[_user] (=null) if param is null (in testing context)
-        $res=$this->dbase->get_user_info_from_id(null);
-        $this->assertFalse($res);
-    }
-*/
-	function testGetUserInfoFromIdHighValueIsArray() {
-        	// should be returning array with empty values if user doesn't exist
-	        $res=$this->dbase->get_user_info_from_id(5000000);
-        	$this->assertTrue(is_array($res));
-	}
-
 	/* // Contains a private unaccessible method, Database::glue_course_database_name().
 	function testGlueCourseDatabaseName() {
 		$database_name='';