From be35f689c38218968fe8b10161e71e87ea03b89b Mon Sep 17 00:00:00 2001 From: Alexey Melnichuk Date: Mon, 21 Nov 2016 23:53:47 +0300 Subject: [PATCH] xml handler use sql params (#2109) * Add. Use parameters in all xml_handler configuration files. * Add. Use dialplan, domains and languages params * Fix. load correct database module * Fix. Pass params in dialplan query * Fix. Load correct database class. --- .../scripts/configuration/acl.conf.lua | 17 ++++-- .../scripts/configuration/callcenter.conf.lua | 4 +- .../scripts/configuration/conference.conf.lua | 28 +++++---- .../scripts/configuration/ivr.conf.lua | 29 +++++---- .../configuration/local_stream.conf.lua | 4 +- .../scripts/configuration/sofia.conf.lua | 35 +++++++---- .../resources/scripts/dialplan/dialplan.lua | 19 ++++-- .../scripts/directory/action/domains.lua | 6 +- .../resources/scripts/languages/languages.lua | 59 +++++++++++-------- 9 files changed, 123 insertions(+), 78 deletions(-) diff --git a/resources/install/scripts/app/xml_handler/resources/scripts/configuration/acl.conf.lua b/resources/install/scripts/app/xml_handler/resources/scripts/configuration/acl.conf.lua index bc739429c5..7df083ec4e 100644 --- a/resources/install/scripts/app/xml_handler/resources/scripts/configuration/acl.conf.lua +++ b/resources/install/scripts/app/xml_handler/resources/scripts/configuration/acl.conf.lua @@ -48,8 +48,14 @@ end --connect to the database - require "resources.functions.database_handle"; - dbh = database_handle('system'); + local Database = require "resources.functions.database"; + dbh = Database.new('system'); + + --include json library + local json + if (debug["sql"]) then + json = require "resources.functions.lunajson" + end --exits the script if we didn't connect properly assert(dbh:connected()); @@ -76,12 +82,13 @@ --get the nodes sql = "select * from v_access_control_nodes "; - sql = sql .. "where access_control_uuid = '"..row.access_control_uuid.."' "; + sql = sql .. "where access_control_uuid = :access_control_uuid"; + local params = {access_control_uuid = row.access_control_uuid} if (debug["sql"]) then - freeswitch.consoleLog("notice", "[xml_handler] SQL: " .. sql .. "\n"); + freeswitch.consoleLog("notice", "[xml_handler] SQL: " .. sql .. "; params:" .. json.encode(params) .. "\n"); end x = 0; - dbh:query(sql, function(field) + dbh:query(sql, params, function(field) if (string.len(field.node_domain) > 0) then table.insert(xml, [[ ]]); else diff --git a/resources/install/scripts/app/xml_handler/resources/scripts/configuration/callcenter.conf.lua b/resources/install/scripts/app/xml_handler/resources/scripts/configuration/callcenter.conf.lua index 57cda269fc..84e919abc1 100644 --- a/resources/install/scripts/app/xml_handler/resources/scripts/configuration/callcenter.conf.lua +++ b/resources/install/scripts/app/xml_handler/resources/scripts/configuration/callcenter.conf.lua @@ -39,8 +39,8 @@ if (XML_STRING == "-ERR NOT FOUND") or (XML_STRING == "-ERR CONNECTION FAILURE") then --connect to the database - require "resources.functions.database_handle"; - dbh = database_handle('system'); + local Database = require "resources.functions.database"; + dbh = Database.new('system'); --exits the script if we didn't connect properly assert(dbh:connected()); diff --git a/resources/install/scripts/app/xml_handler/resources/scripts/configuration/conference.conf.lua b/resources/install/scripts/app/xml_handler/resources/scripts/configuration/conference.conf.lua index 36f8cba3cb..e8b72f6333 100644 --- a/resources/install/scripts/app/xml_handler/resources/scripts/configuration/conference.conf.lua +++ b/resources/install/scripts/app/xml_handler/resources/scripts/configuration/conference.conf.lua @@ -25,8 +25,14 @@ -- POSSIBILITY OF SUCH DAMAGE. --connect to the database - require "resources.functions.database_handle"; - dbh = database_handle('system'); + local Database = require "resources.functions.database"; + dbh = Database.new('system'); + +--include json library + local json + if (debug["sql"]) then + json = require "resources.functions.lunajson" + end --exits the script if we didn't connect properly assert(dbh:connected()); @@ -45,19 +51,20 @@ if (debug["sql"]) then freeswitch.consoleLog("notice", "[conference_control] SQL: " .. sql .. "\n"); end - status = dbh:query(sql, function(field) + dbh:query(sql, function(field) conference_control_uuid = field["conference_control_uuid"]; table.insert(xml, [[ ]]); --get the conference control details from the database sql = [[SELECT * FROM v_conference_control_details - WHERE conference_control_uuid = ']] .. conference_control_uuid ..[[' + WHERE conference_control_uuid = :conference_control_uuid AND control_enabled = 'true' ]]; + local params = {conference_control_uuid = conference_control_uuid}; if (debug["sql"]) then - freeswitch.consoleLog("notice", "[conference_control] SQL: " .. sql .. "\n"); + freeswitch.consoleLog("notice", "[conference_control] SQL: " .. sql .. "; params:" .. json.encode(params) .. "\n"); end - status = dbh:query(sql, function(row) + dbh:query(sql, params, function(row) --conference_control_uuid = row["conference_control_uuid"]; --conference_control_detail_uuid = row["conference_control_detail_uuid"]; table.insert(xml, [[ ]]); @@ -74,19 +81,20 @@ if (debug["sql"]) then freeswitch.consoleLog("notice", "[conference_profiles] SQL: " .. sql .. "\n"); end - status = dbh:query(sql, function(field) + dbh:query(sql, function(field) conference_profile_uuid = field["conference_profile_uuid"]; table.insert(xml, [[ ]]); --get the conference profile parameters from the database sql = [[SELECT * FROM v_conference_profile_params - WHERE conference_profile_uuid = ']] .. conference_profile_uuid ..[[' + WHERE conference_profile_uuid = :conference_profile_uuid AND profile_param_enabled = 'true' ]]; + local params = {conference_profile_uuid = conference_profile_uuid}; if (debug["sql"]) then - freeswitch.consoleLog("notice", "[conference_profiles] SQL: " .. sql .. "\n"); + freeswitch.consoleLog("notice", "[conference_profiles] SQL: " .. sql .. "; params:" .. json.encode(params) .. "\n"); end - status = dbh:query(sql, function(row) + dbh:query(sql, params, function(row) --conference_profile_uuid = row["conference_profile_uuid"]; --conference_profile_param_uuid = row["conference_profile_param_uuid"]; --profile_param_description = row["profile_param_description"]; diff --git a/resources/install/scripts/app/xml_handler/resources/scripts/configuration/ivr.conf.lua b/resources/install/scripts/app/xml_handler/resources/scripts/configuration/ivr.conf.lua index fff5d76c3a..4001e27508 100644 --- a/resources/install/scripts/app/xml_handler/resources/scripts/configuration/ivr.conf.lua +++ b/resources/install/scripts/app/xml_handler/resources/scripts/configuration/ivr.conf.lua @@ -41,6 +41,10 @@ --required includes local Database = require "resources.functions.database" local Settings = require "resources.functions.lazy_settings" + local json + if (debug["sql"]) then + json = require "resources.functions.lunajson" + end --set the sound prefix sound_prefix = sounds_dir.."/${default_language}/${default_dialect}/${default_voice}/"; @@ -52,14 +56,15 @@ assert(dbh:connected()); --get the ivr menu from the database - sql = [[SELECT * FROM v_ivr_menus - WHERE ivr_menu_uuid = ']] .. ivr_menu_uuid ..[[' + local sql = [[SELECT * FROM v_ivr_menus + WHERE ivr_menu_uuid = :ivr_menu_uuid AND ivr_menu_enabled = 'true' ]]; + local params = {ivr_menu_uuid = ivr_menu_uuid}; if (debug["sql"]) then - freeswitch.consoleLog("notice", "[ivr_menu] SQL: " .. sql .. "\n"); + freeswitch.consoleLog("notice", "[ivr_menu] SQL: " .. sql .. "; params:" .. json.encode(params) .. "\n"); end - status = dbh:query(sql, function(row) + dbh:query(sql, params, function(row) domain_uuid = row["domain_uuid"]; ivr_menu_name = row["ivr_menu_name"]; ivr_menu_extension = row["ivr_menu_extension"]; @@ -109,13 +114,14 @@ if not file_exists(path) then local sql = "SELECT recording_base64 FROM v_recordings " .. - "WHERE domain_uuid = '" .. domain_uuid .. "' " .. - "AND recording_filename = '" .. name .. "' " + "WHERE domain_uuid = :domain_uuid " .. + "AND recording_filename = :name " + local params = {domain_uuid = domain_uuid, name = name}; if (debug["sql"]) then - freeswitch.consoleLog("notice", "[ivr_menu] SQL: "..sql.."\n"); + freeswitch.consoleLog("notice", "[ivr_menu] SQL: "..sql.."; params:" .. json.encode(params) .. "\n"); end - dbh:query(sql, function(row) + dbh:query(sql, params, function(row) --get full path to recording is_base64, name = true, path @@ -226,11 +232,12 @@ table.insert(xml, [[ >]]); --get the ivr menu options - sql = [[SELECT * FROM v_ivr_menu_options WHERE ivr_menu_uuid = ']] .. ivr_menu_uuid ..[[' ORDER BY ivr_menu_option_order asc ]]; + local sql = [[SELECT * FROM v_ivr_menu_options WHERE ivr_menu_uuid = :ivr_menu_uuid ORDER BY ivr_menu_option_order asc ]]; + local params = {ivr_menu_uuid = ivr_menu_uuid}; if (debug["sql"]) then - freeswitch.consoleLog("notice", "[ivr_menu] SQL: " .. sql .. "\n"); + freeswitch.consoleLog("notice", "[ivr_menu] SQL: " .. sql .. "; params:" .. json.encode(params) .. "\n"); end - status = dbh:query(sql, function(r) + dbh:query(sql, params, function(r) ivr_menu_option_digits = r.ivr_menu_option_digits ivr_menu_option_action = r.ivr_menu_option_action ivr_menu_option_param = r.ivr_menu_option_param diff --git a/resources/install/scripts/app/xml_handler/resources/scripts/configuration/local_stream.conf.lua b/resources/install/scripts/app/xml_handler/resources/scripts/configuration/local_stream.conf.lua index fbdaabc2f1..bcc19b3ca7 100644 --- a/resources/install/scripts/app/xml_handler/resources/scripts/configuration/local_stream.conf.lua +++ b/resources/install/scripts/app/xml_handler/resources/scripts/configuration/local_stream.conf.lua @@ -1,7 +1,7 @@ --connect to the database - require "resources.functions.database_handle"; - dbh = database_handle('system'); + local Database = require "resources.functions.database"; + dbh = Database.new('system'); --exits the script if we didn't connect properly assert(dbh:connected()); diff --git a/resources/install/scripts/app/xml_handler/resources/scripts/configuration/sofia.conf.lua b/resources/install/scripts/app/xml_handler/resources/scripts/configuration/sofia.conf.lua index af45ad6f84..ed2eec27dc 100644 --- a/resources/install/scripts/app/xml_handler/resources/scripts/configuration/sofia.conf.lua +++ b/resources/install/scripts/app/xml_handler/resources/scripts/configuration/sofia.conf.lua @@ -41,8 +41,14 @@ end --connect to the database - require "resources.functions.database_handle"; - dbh = database_handle('system'); + local Database = require "resources.functions.database"; + dbh = Database.new('system'); + + --include json library + local json + if (debug["sql"]) then + json = require "resources.functions.lunajson" + end --exits the script if we didn't connect properly assert(dbh:connected()); @@ -52,11 +58,12 @@ --get the domain_uuid if (domain_name ~= nil) then sql = "SELECT domain_uuid FROM v_domains "; - sql = sql .. "WHERE domain_name = '" .. domain_name .."' "; + sql = sql .. "WHERE domain_name = :domain_name"; + local params = {domain_name = domain_name}; if (debug["sql"]) then - freeswitch.consoleLog("notice", "[xml_handler] SQL: " .. sql .. "\n"); + freeswitch.consoleLog("notice", "[xml_handler] SQL: " .. sql .. "; params:" .. json.encode(params) .. "\n"); end - status = dbh:query(sql, function(rows) + dbh:query(sql, params, function(rows) domain_uuid = rows["domain_uuid"]; end); end @@ -88,14 +95,15 @@ sql = sql .. "from v_sip_profiles as p, v_sip_profile_settings as s "; sql = sql .. "where s.sip_profile_setting_enabled = 'true' "; sql = sql .. "and p.sip_profile_enabled = 'true' "; - sql = sql .. "and (p.sip_profile_hostname = '" .. hostname.. "' or p.sip_profile_hostname is null or p.sip_profile_hostname = '') "; + sql = sql .. "and (p.sip_profile_hostname = :hostname or p.sip_profile_hostname is null or p.sip_profile_hostname = '') "; sql = sql .. "and p.sip_profile_uuid = s.sip_profile_uuid "; sql = sql .. "order by p.sip_profile_name asc "; + local params = {hostname = hostname}; if (debug["sql"]) then - freeswitch.consoleLog("notice", "[xml_handler] SQL: " .. sql .. "\n"); + freeswitch.consoleLog("notice", "[xml_handler] SQL: " .. sql .. "; params: " .. json.encode(params) .. "\n"); end x = 0; - dbh:query(sql, function(row) + dbh:query(sql, params, function(row) --set as variables sip_profile_name = row.sip_profile_name; --sip_profile_description = row.sip_profile_description; @@ -117,19 +125,20 @@ --get the gateways if (domain_count > 1) then sql = "select * from v_gateways as g, v_domains as d "; - sql = sql .. "where g.profile = '"..sip_profile_name.."' "; + sql = sql .. "where g.profile = :profile "; sql = sql .. "and g.enabled = 'true' "; sql = sql .. "and (g.domain_uuid = d.domain_uuid or g.domain_uuid is null) "; else sql = "select * from v_gateways as g "; - sql = sql .. "where g.enabled = 'true' and g.profile = '"..sip_profile_name.."' "; + sql = sql .. "where g.enabled = 'true' and g.profile = :profile "; end - sql = sql .. "and (g.hostname = '" .. hostname.. "' or g.hostname is null or g.hostname = '') "; + sql = sql .. "and (g.hostname = :hostname or g.hostname is null or g.hostname = '') "; + local params = {profile = sip_profile_name, hostname = hostname}; if (debug["sql"]) then - freeswitch.consoleLog("notice", "[xml_handler] SQL: " .. sql .. "\n"); + freeswitch.consoleLog("notice", "[xml_handler] SQL: " .. sql .. "; params:" .. json.encode(params) .. "\n"); end x = 0; - dbh:query(sql, function(field) + dbh:query(sql, params, function(field) table.insert(xml, [[ ]]); if (string.len(field.username) > 0) then diff --git a/resources/install/scripts/app/xml_handler/resources/scripts/dialplan/dialplan.lua b/resources/install/scripts/app/xml_handler/resources/scripts/dialplan/dialplan.lua index 898aecb7ac..601f42f234 100644 --- a/resources/install/scripts/app/xml_handler/resources/scripts/dialplan/dialplan.lua +++ b/resources/install/scripts/app/xml_handler/resources/scripts/dialplan/dialplan.lua @@ -47,8 +47,14 @@ if not XML_STRING then --connect to the database - require "resources.functions.database_handle"; - dbh = database_handle('system'); + local Database = require "resources.functions.database"; + dbh = Database.new('system'); + + --include json library + local json + if (debug["sql"]) then + json = require "resources.functions.lunajson" + end --exits the script if we didn't connect properly assert(dbh:connected()); @@ -63,19 +69,20 @@ --get the dialplan xml sql = "select dialplan_xml from v_dialplans as p "; if (call_context == "public" or string.sub(call_context, 0, 7) == "public@" or string.sub(call_context, -7) == ".public") then - sql = sql .. "where p.dialplan_context = '" .. call_context .. "' "; + sql = sql .. "where p.dialplan_context = :call_context "; else - sql = sql .. "where (p.dialplan_context = '" .. call_context .. "' or p.dialplan_context = '${domain_name}') "; + sql = sql .. "where (p.dialplan_context = :call_context or p.dialplan_context = '${domain_name}') "; end sql = sql .. "and p.dialplan_enabled = 'true' "; sql = sql .. "order by "; sql = sql .. "p.dialplan_order asc "; + local params = {call_context = call_context}; if (debug["sql"]) then - log.notice("SQL: " .. sql); + freeswitch.consoleLog("notice", "[dialplan] SQL: " .. sql .. "; params:" .. json.encode(params) .. "\n"); end local x = 0; local pass - dbh:query(sql, function(row) + dbh:query(sql, params, function(row) table.insert(xml, row.dialplan_xml); end); diff --git a/resources/install/scripts/app/xml_handler/resources/scripts/directory/action/domains.lua b/resources/install/scripts/app/xml_handler/resources/scripts/directory/action/domains.lua index cfd42346e3..e68a2a1f9a 100644 --- a/resources/install/scripts/app/xml_handler/resources/scripts/directory/action/domains.lua +++ b/resources/install/scripts/app/xml_handler/resources/scripts/directory/action/domains.lua @@ -25,8 +25,8 @@ -- POSSIBILITY OF SUCH DAMAGE. --connect to the database - require "resources.functions.database_handle"; - dbh = database_handle('system'); + local Database = require "resources.functions.database"; + dbh = Database.new('system'); --exits the script if we didn't connect properly assert(dbh:connected()); @@ -36,7 +36,7 @@ table.insert(xml, [[]]); table.insert(xml, [[]]); table.insert(xml, [[
]]); - sql = "SELECT domain_name FROM v_domains "; + local sql = "SELECT domain_name FROM v_domains "; dbh:query(sql, function(row) table.insert(xml, [[ ]]); end); diff --git a/resources/install/scripts/app/xml_handler/resources/scripts/languages/languages.lua b/resources/install/scripts/app/xml_handler/resources/scripts/languages/languages.lua index f0b01d242d..e5a009021b 100644 --- a/resources/install/scripts/app/xml_handler/resources/scripts/languages/languages.lua +++ b/resources/install/scripts/app/xml_handler/resources/scripts/languages/languages.lua @@ -67,29 +67,35 @@ --build the XML string from the database if (source == "database") then - --database connection + --connect to the database + local Database = require "resources.functions.database"; + dbh = Database.new('system'); + + --include json library + local json + if (debug["sql"]) then + json = require "resources.functions.lunajson" + end + + --exits the script if we didn't connect properly + assert(dbh:connected()); + + --get the domain_uuid if (continue) then - --connect to the database - require "resources.functions.database_handle"; - dbh = database_handle('system'); - - --exits the script if we didn't connect properly - assert(dbh:connected()); - - --get the domain_uuid - if (domain_uuid == nil) then - --get the domain_uuid - if (domain_name ~= nil) then - sql = "SELECT domain_uuid FROM v_domains "; - sql = sql .. "WHERE domain_name = '" .. domain_name .."' "; - if (debug["sql"]) then - freeswitch.consoleLog("notice", "[xml_handler] SQL: " .. sql .. "\n"); - end - status = dbh:query(sql, function(rows) - domain_uuid = rows["domain_uuid"]; - end); + if (domain_uuid == nil) then + --get the domain_uuid + if (domain_name ~= nil) then + local sql = "SELECT domain_uuid FROM v_domains "; + sql = sql .. "WHERE domain_name = :domain_name "; + local params = {domain_name = domain_name}; + if (debug["sql"]) then + freeswitch.consoleLog("notice", "[xml_handler] SQL: " .. sql .. "; params:" .. json.encode(params) .. "\n"); end - end + dbh:query(sql, params, function(rows) + domain_uuid = rows["domain_uuid"]; + end); + end + end end --prevent processing for invalid domains @@ -113,20 +119,21 @@ table.insert(xml, [[ ]]); table.insert(xml, [[ ]]); - sql = "SELECT * FROM v_phrases as p, v_phrase_details as d "; - sql = sql .. "WHERE d.domain_uuid = '" .. domain_uuid .. "' "; - sql = sql .. "AND p.phrase_uuid = '".. macro_name .."' "; - sql = sql .. "AND p.phrase_language = '".. language .."' "; + local sql = "SELECT * FROM v_phrases as p, v_phrase_details as d "; + sql = sql .. "WHERE d.domain_uuid = :domain_uuid "; + sql = sql .. "AND p.phrase_uuid = :macro_name "; + sql = sql .. "AND p.phrase_language = :language "; sql = sql .. "AND p.phrase_uuid = d.phrase_uuid "; sql = sql .. "AND p.phrase_enabled = 'true' "; sql = sql .. "ORDER BY d.domain_uuid, p.phrase_uuid, d.phrase_detail_order ASC "; + local params = {domain_uuid = domain_uuid, macro_name = macro_name, language = language}; if (debug["sql"]) then freeswitch.consoleLog("notice", "[xml_handler] SQL: " .. sql .. "\n"); end previous_phrase_uuid = ""; match_tag = "open"; x = 0; - dbh:query(sql, function(row) + dbh:query(sql, params, function(row) --phrase_uuid,domain_uuid,phrase_name,phrase_language --phrase_description,phrase_enabled,phrase_detail_uuid --phrase_detail_group,phrase_detail_tag,phrase_detail_pattern