Prevented SQL injections in function addPersonToDB.
[toast/confclerk.git] / src / sql / schedulexmlparser.cpp
index db74630..dadfa6a 100644 (file)
@@ -1,9 +1,29 @@
+/*
+ * Copyright (C) 2010 Ixonos Plc.
+ * Copyright (C) 2011 Philipp Spitzer, gregor herrmann
+ *
+ * This file is part of ConfClerk.
+ *
+ * ConfClerk is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation, either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * ConfClerk is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * ConfClerk.  If not, see <http://www.gnu.org/licenses/>.
+ */
 
 #include <QDomDocument>
 #include <QHash>
 
 #include "schedulexmlparser.h"
 #include "sqlengine.h"
+#include "../gui/errormessage.h"
 
 #include <QDebug>
 
@@ -12,25 +32,28 @@ ScheduleXmlParser::ScheduleXmlParser(QObject *aParent)
 {
 }
 
-void ScheduleXmlParser::parseData(const QByteArray &aData, SqlEngine *aDBEngine)
+void ScheduleXmlParser::parseData(const QByteArray &aData, const QString& url)
 {
-    Q_ASSERT(NULL != aDBEngine);
-
     QDomDocument document;
-    document.setContent (aData, false);
+    QString xml_error;
+    if (!document.setContent (aData, false, &xml_error)) {
+        error_message("Could not parse schedule: " + xml_error);
+        return;
+    }
 
     QDomElement scheduleElement = document.firstChildElement("schedule");
 
+    SqlEngine::beginTransaction();
+
+    int confId = 0;
+    QString conference_title;
     if (!scheduleElement.isNull())
     {
-        // TODO: assign conferenceID based on eg. title
-        int conferenceID = 1; // HARD-WIRED for now to '1' - only one Conference
-
         QDomElement conferenceElement = scheduleElement.firstChildElement("conference");
         if (!conferenceElement.isNull())
         {
             QHash<QString,QString> conference;
-            conference["id"] = QString::number(conferenceID,10);
+            conference["id"] = QString::number(0); // conference ID is assigned automatically, or obtained from the DB
             conference["title"] = conferenceElement.firstChildElement("title").text();
             conference["subtitle"] = conferenceElement.firstChildElement("subtitle").text();
             conference["venue"] = conferenceElement.firstChildElement("venue").text();
@@ -40,7 +63,11 @@ void ScheduleXmlParser::parseData(const QByteArray &aData, SqlEngine *aDBEngine)
             conference["days"] = conferenceElement.firstChildElement("days").text(); // int
             conference["day_change"] = conferenceElement.firstChildElement("day_change").text(); // time
             conference["timeslot_duration"] = conferenceElement.firstChildElement("timeslot_duration").text(); // time
-            aDBEngine->addConferenceToDB(conference);
+            conference["url"] = url;
+            SqlEngine::addConferenceToDB(conference);
+            confId = conference["id"].toInt();
+            conference_title = conference["title"];
+            emit(parsingScheduleBegin());
         }
 
         // we need to get count of all events in order to emit 'progressStatus' signal
@@ -75,14 +102,14 @@ void ScheduleXmlParser::parseData(const QByteArray &aData, SqlEngine *aDBEngine)
                         QHash<QString,QString> room;
                         room["name"] = roomElement.attribute("name");
                         room["event_id"] = eventElement.attribute("id");
-                        room["conference_id"] = QString::number(conferenceID,10);
-                        room["picture"] = "NOT DEFINED YET"; // TODO: implement some mapping to assign correct picture to specified room_name
-                        aDBEngine->addRoomToDB(room);
+                        room["conference_id"] = QString::number(confId,10);
+                        room["picture"] = ""; // TODO: implement some mapping to assign correct picture to specified room_name
+                        SqlEngine::addRoomToDB(room);
 
                         // process event's nodes
                         QHash<QString,QString> event;
                         event["id"] = eventElement.attribute("id");;
-                        event["conference_id"] = QString::number(conferenceID, 10);
+                        event["conference_id"] = QString::number(confId, 10);
                         event["start"] = eventElement.firstChildElement("start").text(); // time eg. 10:00
                         event["date"] = dayElement.attribute("date"); // date eg. 2009-02-07
                         event["duration"] = eventElement.firstChildElement("duration").text(); // time eg. 00:30
@@ -95,7 +122,7 @@ void ScheduleXmlParser::parseData(const QByteArray &aData, SqlEngine *aDBEngine)
                         event["language"] = eventElement.firstChildElement("language").text(); // language eg. "English"
                         event["abstract"] = eventElement.firstChildElement("abstract").text(); // string
                         event["description"] = eventElement.firstChildElement("description").text(); // string
-                        aDBEngine->addEventToDB(event);
+                        SqlEngine::addEventToDB(event);
                         // process persons' nodes
                         QList<QString> persons;
                         QDomElement personsElement = eventElement.firstChildElement("persons");
@@ -105,9 +132,9 @@ void ScheduleXmlParser::parseData(const QByteArray &aData, SqlEngine *aDBEngine)
                             person["id"] = personList.at(i).toElement().attribute("id");
                             person["name"] = personList.at(i).toElement().text();
                             person["event_id"] = eventElement.attribute("id");
-                            person["conference_id"] = QString::number(conferenceID, 10);
+                            person["conference_id"] = QString::number(confId, 10);
                             //qDebug() << "adding Person: " << person["name"];
-                            aDBEngine->addPersonToDB(person);
+                            SqlEngine::addPersonToDB(person);
                         }
                         // process links' nodes
                         QDomElement linksElement = eventElement.firstChildElement("links");
@@ -117,8 +144,8 @@ void ScheduleXmlParser::parseData(const QByteArray &aData, SqlEngine *aDBEngine)
                             link["name"] = linkList.at(i).toElement().text();
                             link["url"] = linkList.at(i).toElement().attribute("href");
                             link["event_id"] = eventElement.attribute("id");
-                            link["conference_id"] = QString::number(conferenceID, 10);
-                            aDBEngine->addLinkToDB(link);
+                            link["conference_id"] = QString::number(confId, 10);
+                            SqlEngine::addLinkToDB(link);
                         }
                         // emit signal to inform the user about the current status (how many events are parsed so far - expressed in %)
                         int status = currentEvent * 100 / totalEventsCount;
@@ -128,5 +155,11 @@ void ScheduleXmlParser::parseData(const QByteArray &aData, SqlEngine *aDBEngine)
             } // parsing room elements
         } // parsing day elements
     } // schedule element
+    SqlEngine::commitTransaction();
+    if (!conference_title.isNull()) {
+        emit parsingScheduleEnd(conference_title);
+    } else {
+        error_message("Could not parse schedule");
+    }
 }