1 files changed, 280 insertions, 63 deletions
diff --git a/ratatoeskr/sys/models.php b/ratatoeskr/sys/models.php
index fe80ce4..44367dd 100644
--- a/ratatoeskr/sys/models.php
+++ b/ratatoeskr/sys/models.php
@@ -74,6 +74,13 @@ class AlreadyExistsError extends Exception { }
  */
 class NotAllowedError extends Exception { }
 
+/*
+ * Class: InvalidDataError
+ * Exception that will be thrown, if a object with invalid data (e.g. urlname in this form not allowed) should have been saved / created.
+ * Unless something else is said at a function, the exception message is a translation key.
+ */
+class InvalidDataError extends Exception { }
+
 abstract class BySQLRowEnabled
 {
 	protected function __construct() {  }
@@ -89,6 +96,101 @@ abstract class BySQLRowEnabled
 }
 
 /*
+ * Class: KVStorage
+ * An abstract class for a KVStorage.
+ *
+ * See also:
+ * 	<PluginKVStorage>, <ArticleExtradata>
+ */
+abstract class KVStorage implements Countable, ArrayAccess, Iterator
+{
+	private $keybuffer;
+	private $counter;
+	private $prepared_queries;
+	private $silent_mode;
+	
+	final protected function init($sqltable, $common_fields)
+	{
+		$this->silent_mode = False;
+		$this->keybuffer = array();
+		
+		$selector = "WHERE " . (empty($common_fields) ? 1 : implode(" AND ", array_map(function($x) { return qdb_fmt("`{$x[0]}` = {$x[1]}", $x[2]); }, $common_fields)));
+		$this->prepared_queries = array(
+			"get"    => "SELECT `value` FROM `$sqltable` $selector AND `key` = '%s'",
+			"unset"  => "DELETE FROM `$sqltable` $selector AND `key` = '%s'",
+			"update" => "UPDATE `$sqltable` SET `value` = '%s' $selector AND `key` = '%s'",
+			"create" => "INSERT INTO `$sqltable` (`key`, `value` "
+			            . (empty($common_fields) ?: ", " . implode(", ", array_map(function($x) { return "`".$x[0]."`"; }, $common_fields)))
+			            . ") VALUES ('%s', '%s'"
+			            . (empty($common_fields) ?: ", " . implode(", ", array_map(function($x) { return qdb_fmt($x[1], $x[2]); }, $common_fields)))
+			            . ")"
+		);
+				
+		$result = qdb("SELECT `key` FROM `$sqltable` $selector");
+		while($sqlrow = mysql_fetch_assoc($result))
+			$this->keybuffer[] = $sqlrow["key"];
+		
+		$this->counter = 0;
+	}
+	
+	/*
+	 * Functions: Silent mode
+	 * If the silent mode is enabled, the KVStorage behaves even more like a PHP array, i.e. it just returns NULL,
+	 * if a unknown key was requested and does not throw an DoesNotExistError Exception.
+	 * 
+	 * enable_silent_mode  - Enable the silent mode.
+	 * disable_silent_mode - Disable the silent mode (default).
+	 */
+	final public function enable_silent_mode()  { $this->silent_mode = True;  }
+	final public function disable_silent_mode() { $this->silent_mode = False; }
+	
+	/* Countable interface implementation */
+	final public function count() { return count($this->keybuffer); }
+	
+	/* ArrayAccess interface implementation */
+	final public function offsetExists($offset) { return in_array($offset, $this->keybuffer); }
+	final public function offsetGet($offset)
+	{
+		if($this->offsetExists($offset))
+		{
+			$result = qdb($this->prepared_queries["get"], $offset);
+			$sqlrow = mysql_fetch_assoc($result);
+			return unserialize(base64_decode($sqlrow["value"]));
+		}
+		elseif($this->silent_mode)
+			return NULL;
+		else
+			throw new DoesNotExistError();
+	}
+	final public function offsetUnset($offset)
+	{
+		if($this->offsetExists($offset))
+		{
+			unset($this->keybuffer[array_search($offset, $this->keybuffer)]);
+			$this->keybuffer = array_merge($this->keybuffer);
+			qdb($this->prepared_queries["unset"], $offset);
+		}
+	}
+	final public function offsetSet($offset, $value)
+	{
+		if($this->offsetExists($offset))
+			qdb($this->prepared_queries["update"], base64_encode(serialize($value)), $offset);
+		else
+		{
+			qdb($this->prepared_queries["create"], $offset, base64_encode(serialize($value)));
+			$this->keybuffer[] = $offset;
+		}
+	}
+	
+	/* Iterator interface implementation */
+	final public function rewind()  { return $this->counter = 0; }
+	final public function current() { return $this->offsetGet($this->keybuffer[$this->counter]); }
+	final public function key()     { return $this->keybuffer[$this->counter]; }
+	final public function next()    { ++$this->counter; }
+	final public function valid()   { return isset($this->keybuffer[$this->counter]); }
+}
+
+/*
  * Class: User
  * Data model for Users
  */
@@ -771,13 +873,11 @@ $ratatoeskr_settings = Settings::get_instance();
  * A Key-Value-Storage for Plugins
  * Can be accessed like an array.
  * Keys are strings and Values can be everything serialize() can process.
+ *
+ * Extends the abstract <KVStorage> class.
  */
-class PluginKVStorage implements Countable, ArrayAccess, Iterator
+class PluginKVStorage extends KVStorage
 {
-	private $plugin_id;
-	private $keybuffer;
-	private $counter;
-	
 	/*
 	 * Constructor: __construct
 	 * 
@@ -786,60 +886,10 @@ class PluginKVStorage implements Countable, ArrayAccess, Iterator
 	 */
 	public function __construct($plugin_id)
 	{
-		$this->keybuffer = array();
-		$this->plugin_id = $plugin_id;
-		
-		$result = qdb("SELECT `key` FROM `PREFIX_plugin_kvstorage` WHERE `plugin` = %d", $plugin_id);
-		while($sqlrow = mysql_fetch_assoc($result))
-			$this->keybuffer[] = $sqlrow["key"];
-		
-		$this->counter = 0;
-	}
-	
-	/* Countable interface implementation */
-	public function count() { return count($this->keybuffer); }
-	
-	/* ArrayAccess interface implementation */
-	public function offsetExists($offset) { return in_array($offset, $this->keybuffer); }
-	public function offsetGet($offset)
-	{
-		if($this->offsetExists($offset))
-		{
-			$result = qdb("SELECT `value` FROM `PREFIX_plugin_kvstorage` WHERE `key` = '%s' AND `plugin` = %d", $offset, $this->plugin_id);
-			$sqlrow = mysql_fetch_assoc($result);
-			return unserialize(base64_decode($sqlrow["value"]));
-		}
-		else
-			throw new DoesNotExistError();
-	}
-	public function offsetUnset($offset)
-	{
-		if($this->offsetExists($offset))
-		{
-			unset($this->keybuffer[array_search($offset, $this->keybuffer)]);
-			$this->keybuffer = array_merge($this->keybuffer);
-			qdb("DELETE FROM `PREFIX_plugin_kvstorage` WHERE `key` = '%s' AND `plugin` = %d", $offset, $this->plugin_id);
-		}
-	}
-	public function offsetSet($offset, $value)
-	{
-		if($this->offsetExists($offset))
-			qdb("UPDATE `PREFIX_plugin_kvstorage` SET `value` = '%s' WHERE `key` = '%s' AND `plugin` = %d",
-				base64_encode(serialize($value)), $offset, $this->plugin_id);
-		else
-		{
-			qdb("INSERT INTO `PREFIX_plugin_kvstorage` (`plugin`, `key`, `value`) VALUES (%d, '%s', '%s')",
-				$this->plugin_id, $offset, base64_encode(serialize($value)));
-			$this->keybuffer[] = $offset;
-		}
+		$this->init("PREFIX_plugin_kvstorage", array(
+			array("plugin", "%d", $plugin_id)
+		));
 	}
-	
-	/* Iterator interface implementation */
-	function rewind()  { return $this->position = 0; }
-	function current() { return $this->offsetGet($this->keybuffer[$this->position]); }
-	function key()     { return $this->keybuffer[$this->position]; }
-	function next()    { ++$this->position; }
-	function valid()   { return isset($this->keybuffer[$this->position]); }
 }
 
 /*
@@ -1080,6 +1130,21 @@ class Style extends BySQLRowEnabled
 	}
 	
 	/*
+	 * Function: test_name
+	 * Test, if a name is a valid Style name.
+	 * 
+	 * Parameters:
+	 * 	$name - The name to test
+	 * 
+	 * Returns:
+	 * 	True, if the name is a valid style name, False if not.
+	 */
+	public static function test_name($name)
+	{
+		return preg_match("/^[a-zA-Z0-9\\-_\\.]+$/", $name) == 1;
+	}
+	
+	/*
 	 * Function: get_id
 	 */
 	public function get_id() { return $this->id; }
@@ -1096,6 +1161,9 @@ class Style extends BySQLRowEnabled
 	 */
 	public static function create($name)
 	{
+		if(!self::test_name($name))
+			throw new InvalidDataError("invalid_style_name");
+			
 		try
 		{
 			self::by_name($name);
@@ -1181,6 +1249,9 @@ class Style extends BySQLRowEnabled
 	 */
 	public function save()
 	{
+		if(!self::test_name($name))
+			throw new InvalidDataError("invalid_style_name");
+		
 		$result = qdb("SELECT COUNT(*) AS `n` FROM `PREFIX_styles` WHERE `name` = '%s' AND `id` != %d", $this->name, $this->id);
 		$sqlrow = mysql_fetch_assoc($result);
 		if($sqlrow["n"] > 0)
@@ -1372,6 +1443,7 @@ class Plugin extends BySQLRowEnabled
 	{
 		qdb("DELETE FROM `PREFIX_plugins` WHERE `id` = %d", $this->id);
 		qdb("DELETE FROM `PREFIX_plugin_kvstorage` WHERE `plugin` = %d", $this->id);
+		qdb("DELETE FROM `PREFIX_article_extradata` WHERE `plugin` = %d", $this->id);
 		if(is_dir(SITE_BASE_PATH . "/ratatoeskr/plugin_extradata/private/" . $this->id))
 			delete_directory(SITE_BASE_PATH . "/ratatoeskr/plugin_extradata/private/" . $this->id);
 		if(is_dir(SITE_BASE_PATH . "/ratatoeskr/plugin_extradata/public/" . $this->id))
@@ -1421,6 +1493,21 @@ class Section extends BySQLRowEnabled
 	}
 	
 	/*
+	 * Function: test_name
+	 * Tests, if a name is a valid section name.
+	 * 
+	 * Parameters:
+	 * 	$name - The name to test.
+	 * 
+	 * Returns:
+	 * 	True, if the name is a valid section name, False otherwise.
+	 */
+	public static function test_name($name)
+	{
+		return preg_match("/^[a-zA-Z0-9\\-_]+$/", $name) != 0;
+	}
+	
+	/*
 	 * Function: get_id
 	 */
 	public function get_id() { return $this->id; }
@@ -1433,10 +1520,13 @@ class Section extends BySQLRowEnabled
 	 * 	$name - The name of the new section.
 	 * 
 	 * Throws:
-	 * 	<AlreadyExistsError>
+	 * 	<AlreadyExistsError>, <InvalidDataError>
 	 */
 	public static function create($name)
 	{
+		if(!self::test_name($name))
+			throw new InvalidDataError("invalid_section_name");
+			
 		try
 		{
 			$obj = self::by_name($name);
@@ -1568,10 +1658,13 @@ class Section extends BySQLRowEnabled
 	 * Function: save
 	 * 
 	 * Throws:
-	 * 	<AlreadyExistsError>
+	 * 	<AlreadyExistsError>, <InvalidDataError>
 	 */
 	public function save()
 	{
+		if(!self::test_name($name))
+			throw new InvalidDataError("invalid_section_name");
+		
 		$result = qdb("SELECT COUNT(*) AS `n` FROM `PREFIX_sections` WHERE `name` = '%s' AND `id` != %d", $this->name, $this->id);
 		$sqlrow = mysql_fetch_assoc($result);
 		if($sqlrow["n"] > 0)
@@ -1627,6 +1720,21 @@ class Tag extends BySQLRowEnabled
 	public $title;
 	
 	/*
+	 * Function: test_name
+	 * Test, if a name is a valid tag name.
+	 * 
+	 * Parameters:
+	 * 	$name - Name to test.
+	 * 
+	 * Returns:
+	 * 	True, if the name is valid, False otherwise.
+	 */
+	public static function test_name($name)
+	{
+		return (strpos($name, ",") === False) and (strpos($name, " ") === False);
+	}
+	
+	/*
 	 * Function: get_id
 	 */
 	public function get_id() { return $this->id; }
@@ -1646,10 +1754,13 @@ class Tag extends BySQLRowEnabled
 	 * 	$name - The name
 	 * 
 	 * Throws:
-	 * 	<AlreadyExistsError>
+	 * 	<AlreadyExistsError>, <InvalidDataError>
 	 */
 	public static function create($name)
 	{
+		if(!self::test_name($name))
+			throw new InvalidDataError("invalid_tag_name");
+			
 		try
 		{
 			$obj = self::by_name($name);
@@ -1763,10 +1874,13 @@ WHERE `b`.`tag` = '%d'" , $this->id);
 	 * Function: save
 	 * 
 	 * Throws:
-	 * 	<AlreadyExistsError>
+	 * 	<AlreadyExistsError>, <InvalidDataError>
 	 */
 	public function save()
 	{
+		if(!self::test_name($name))
+			throw new InvalidDataError("invalid_tag_name");
+		
 		$result = qdb("SELECT COUNT(*) AS `n` FROM `PREFIX_tags` WHERE `name` = '%s' AND `id` != %d", $this->name, $this->id);
 		$sqlrow = mysql_fetch_assoc($result);
 		if($sqlrow["n"] > 0)
@@ -2286,6 +2400,36 @@ class Article extends BySQLRowEnabled
 	public function get_id() { return $this->id; }
 	
 	/*
+	 * Function: test_urlname
+	 * Test, if a urlname is a valid urlname.
+	 * 
+	 * Parameters:
+	 * 	$urlname - Urlname to test
+	 * 
+	 * Returns:
+	 * 	True, if the urlname is valid, False otherwise.
+	 */
+	public static function test_urlname($urlname)
+	{
+		return (bool) preg_match('/^[a-zA-Z0-9-_]+$/', $urlname);
+	}
+	
+	/*
+	 * Function: test_status
+	 * Test, if a status is valid.
+	 * 
+	 * Parameters:
+	 * 	$status - Status value to test.
+	 * 
+	 * Returns:
+	 * 	True, if the status is a valid status value, False otherwise.
+	 */
+	public static function test_status($status)
+	{
+		return is_numeric($status) and ($status >= 0) and ($status <= 3);
+	}
+	
+	/*
 	 * Constructor: create
 	 * Create a new Article object.
 	 * 
@@ -2293,12 +2437,15 @@ class Article extends BySQLRowEnabled
 	 * 	urlname - A unique URL name
 	 * 
 	 * Throws:
-	 * 	<AlreadyExistsError>
+	 * 	<AlreadyExistsError>, <InvalidDataError>
 	 */
 	public static function create($urlname)
 	{
 		global $ratatoeskr_settings;
 		
+		if(!self::test_urlname($urlname))
+			throw new InvalidDataError("invalid_urlname");
+		
 		try
 		{
 			self::by_urlname($urlname);
@@ -2562,10 +2709,34 @@ WHERE " . implode(" AND ", $subqueries) . " $sorting");
 	}
 	
 	/*
+	 * Function: get_extradata
+	 * Get the extradata for this article and the given plugin.
+	 * 
+	 * Parameters:
+	 * 	$plugin_id - The ID of the plugin.
+	 * 
+	 * Returns:
+	 * 	An <ArticleExtradata> object.
+	 */
+	public function get_extradata($plugin_id)
+	{
+		return new ArticleExtradata($this->id, $plugin_id);
+	}
+	
+	/*
 	 * Function: save
+	 * 
+	 * Throws:
+	 * 	<AlreadyExistsError>, <InvalidDataError>
 	 */
 	public function save()
 	{
+		if(!self::test_urlname($this->urlname))
+			throw new InvalidDataError("invalid_urlname");
+		
+		if(!self::test_status($this->status))
+			throw new InvalidDataError("invalid_article_status");
+			
 		$result = qdb("SELECT COUNT(*) AS `n` FROM `PREFIX_articles` WHERE `urlname` = '%s' AND `id` != %d", $this->urlname, $this->id);
 		$sqlrow = mysql_fetch_assoc($result);
 		if($sqlrow["n"] > 0)
@@ -2604,11 +2775,57 @@ WHERE " . implode(" AND ", $subqueries) . " $sorting");
 			$comment->delete();
 		
 		qdb("DELETE FROM `PREFIX_article_tag_relations` WHERE `article` = %d", $this->id);
+		qdb("DELETE FROM `PREFIX_article_extradata` WHERE `article` = %d", $this->id);
 		qdb("DELETE FROM `PREFIX_articles` WHERE `id` = %d", $this->id);
 	}
 }
 
 /*
+ * Class: ArticleExtradata
+ * A Key-Value-Storage assigned to Articles for plugins to store additional data.
+ * Can be accessed like an array.
+ * Keys are strings and Values can be everything serialize() can process.
+ * 
+ * Extends the abstract <KVStorage> class.
+ */
+class ArticleExtradata extends KVStorage
+{
+	/*
+	 * Constructor: __construct
+	 * 
+	 * Parameters:
+	 * 	$article_id - The ID of the Article.
+	 * 	$plugin_id  - The ID of the Plugin.
+	 */
+	public function __construct($article_id, $plugin_id)
+	{
+		$this->init("PREFIX_article_extradata", array(
+			array("article", "%d", $article_id),
+			array("plugin",  "%d", $plugin_id)
+		));
+	}
+}
+
+/*
+ * Function: dbversion
+ * Get the version of the database structure currently used.
+ * 
+ * Returns:
+ * 	The numerical version of the current database structure.
+ */
+function dbversion()
+{
+	/* Is the meta table present? If no, the version is 0. */
+	$result = qdb("SHOW TABLES LIKE 'PREFIX_meta'");
+	if(mysql_num_rows($result) == 0)
+		return 0;
+	
+	$result = qdb("SELECT `value` FROM `PREFIX_meta` WHERE `key` = 'dbversion'");
+	$sqlrow = mysql_fetch_assoc($result);
+	return unserialize(base64_decode($sqlrow["value"]));
+}
+
+/*
  * Function: clean_database
  * Clean up the database
  */