diff --git a/ChangeLog b/ChangeLog index acde2ed..4653025 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,15 @@ +v0.6 (08/10/2016) +** User ** + Set autofocus attribute to user in index.php + +** Dev ** + Use transactions for SQL updates + Use prepared query for value replacement allowing to use non escaped characters + package.sh was broken due to parsing errors in debian/changelog + +** Bugs ** + Crash when use of a tag in a new operation + v0.5 (19/06/2015) ** User ** Add tag management diff --git a/debian/changelog b/debian/changelog index 24c2de4..fe268e7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,5 @@ -kisscount (0.5-1) unstable; urgency=low +kisscount (0.6-1) unstable; urgency=low * Initial release - -- Grégory Soutadé Mon, 10 June 2013 13:13:52 +0100 + -- Grégory Soutadé Sat, 8 Oct 2016 20:26:00 +0200 diff --git a/resources/po/french.po b/resources/po/french.po index 072171e..d5f7034 100644 --- a/resources/po/french.po +++ b/resources/po/french.po @@ -11,7 +11,7 @@ msgstr "" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-SourceCharset: utf-8\n" -"X-Generator: Poedit 1.7.6\n" +"X-Generator: Poedit 1.8.7.1\n" # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER @@ -621,7 +621,7 @@ msgstr "Nouveau mot de passe" #: src/view/grid/GridAccount.cpp:124 msgid "No Tag" -msgstr "Pas de tag" +msgstr "Pas d'étiquette" #: src/view/ExportPanel.cpp:95 src/view/SearchPanel.cpp:154 msgid "No entry found" diff --git a/resources/po/french.qm b/resources/po/french.qm index 20550ae..19141dc 100644 Binary files a/resources/po/french.qm and b/resources/po/french.qm differ diff --git a/resources/po/kisscount.pot b/resources/po/kisscount.pot index 2eae29f..5a93414 100644 --- a/resources/po/kisscount.pot +++ b/resources/po/kisscount.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2015-06-20 17:48+0200\n" +"POT-Creation-Date: 2016-05-22 15:59+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -582,7 +582,7 @@ msgstr "" msgid "Language successfully changed, please go to another panel" msgstr "" -#: src/view/wxUI.cpp:319 +#: src/view/wxUI.cpp:318 msgid "Licenced under GNU GPL v3" msgstr "" @@ -690,7 +690,7 @@ msgstr "" msgid "Password changed" msgstr "" -#: src/view/wxUI.cpp:319 +#: src/view/wxUI.cpp:318 msgid "Personal accounting software" msgstr "" @@ -702,7 +702,7 @@ msgstr "" msgid "Preferences" msgstr "" -#: src/view/wxUI.cpp:324 +#: src/view/wxUI.cpp:323 msgid "Quit KissCount ?" msgstr "" diff --git a/src/controller/KissCount.hpp b/src/controller/KissCount.hpp index 14ee33e..7e3ebbf 100644 --- a/src/controller/KissCount.hpp +++ b/src/controller/KissCount.hpp @@ -1,5 +1,5 @@ /* - Copyright 2010-2012 Grégory Soutadé + Copyright 2010-2015 Grégory Soutadé This file is part of KissCount. @@ -30,7 +30,7 @@ #include -#define APP_VERSION "0.5" +#define APP_VERSION "0.6" #define ESCAPE_CHARS(s) s = s.replace("\"", " "); // #define ESCAPE_CHARS(s) s = s.replace("\"", "\\\""); s = s.replace("\'", "\\\'"); diff --git a/src/model/Database.cpp b/src/model/Database.cpp index a433410..50a14f4 100644 --- a/src/model/Database.cpp +++ b/src/model/Database.cpp @@ -1,5 +1,5 @@ /* - Copyright 2010-2012 Grégory Soutadé + Copyright 2010-2016 Grégory Soutadé This file is part of KissCount. @@ -171,7 +171,10 @@ bool Database::IsValidUser(const QString& user, const QString& password) { QSqlQuery query(_db); - EXECUTE_SQL_QUERY(QString("SELECT name FROM user WHERE name='%1' AND password='%2'").arg(user, HashPassword(password)), false); + query.prepare("SELECT name FROM user WHERE name=:id AND password=:password"); + query.bindValue(":id", user); + query.bindValue(":password", HashPassword(password)); + EXECUTE_PREPARED_SQL_QUERY(false); return query.next(); } @@ -239,7 +242,9 @@ User* Database::LoadUser(const QString& name) std::vector::iterator it; - EXECUTE_SQL_QUERY(QString("SELECT * FROM user WHERE name='%1'").arg(name), 0); + query.prepare("SELECT * FROM user WHERE name=:name"); + query.bindValue(":name", name); + EXECUTE_PREPARED_SQL_QUERY(0); if (!query.next()) return 0; @@ -570,14 +575,18 @@ void Database::UpdateOperation(User* user, Operation& op, bool checkTransfert) ESCAPE_CHARS(op.description); - req = "UPDATE operation SET parent='%1', account='%2', year='%3', month='%4', day='%5', amount='%6', description=\"%7\", category='%8', tag='%9'" ; + req = "UPDATE operation SET parent='%1', account='%2', year='%3', month='%4', day='%5', amount='%6', description=:description, category='%8', tag='%9'" ; req = req.arg((op.parent) ? QString::number(op.parent) : "", QString::number(op.account), QString::number(op.year), QString::number(op.month), - QString::number(op.day), v.sprintf("%d", op.amount), op.description, QString::number(op.category), QString::number(op.tag)); - req += ", fix_cost='%1', checked='%2', transfert='%3', meta='%4', virtual='%5', formula='%6' WHERE id='%7'"; + QString::number(op.day), v.sprintf("%d", op.amount), QString::number(op.category), QString::number(op.tag)); + req += ", fix_cost='%1', checked='%2', transfert='%3', meta='%4', virtual='%5', formula=:formula WHERE id='%7'"; req = req.arg(QString::number(op.fix_cost), QString::number(op.checked), (op.transfert) ? QString::number(op.transfert): "", - QString::number(op.meta), QString::number(op._virtual), op.formula, QString::number(op.id)); + QString::number(op.meta), QString::number(op._virtual), QString::number(op.id)); - EXECUTE_SQL_UPDATE(req, ); + query.prepare(req); + query.bindValue(":description", op.description); + query.bindValue(":formula", op.formula); + + EXECUTE_PREPARED_SQL_UPDATE(); if (checkTransfert) LinkOrUnlinkOperation(user, op); @@ -592,14 +601,18 @@ int Database::AddOperation(User* user, Operation& op, bool checkTransfert) ESCAPE_CHARS(op.description); - req = "INSERT INTO operation ('user', 'parent', 'account', 'year', 'month', 'day', 'amount', 'description', 'category', 'tag', 'fix_cost', 'formula', 'transfert', 'meta', 'virtual', 'checked') VALUES ('%1', '%2', '%3', '%4', '%5', '%6', '%7', \"%8\"" ; + req = "INSERT INTO operation ('user', 'parent', 'account', 'year', 'month', 'day', 'amount', 'description', 'category', 'tag', 'fix_cost', 'formula', 'transfert', 'meta', 'virtual', 'checked') VALUES ('%1', '%2', '%3', '%4', '%5', '%6', '%7', :description" ; req = req.arg(QString::number(user->_id), (op.parent) ? QString::number(op.parent): "", QString::number(op.account), QString::number(op.year), - QString::number(op.month), QString::number(op.day), v.sprintf("%d", op.amount), op.description); - req += ", '%1', '%2', '%3', '%4', '%5', '%6', '%7', '%8')"; - req = req.arg(QString::number(op.category), QString::number(op.tag), QString::number(op.fix_cost), op.formula, (op.transfert) ? QString::number(op.transfert): "", + QString::number(op.month), QString::number(op.day), v.sprintf("%d", op.amount)); + req += ", '%1', '%2', '%3', :formula, '%4', '%5', '%6', '%7')"; + req = req.arg(QString::number(op.category), QString::number(op.tag), QString::number(op.fix_cost), (op.transfert) ? QString::number(op.transfert): "", QString::number(op.meta), QString::number(op._virtual), QString::number(op.checked)); + + query.prepare(req); + query.bindValue(":description", op.description); + query.bindValue(":formula", op.formula); - if (!query.exec(req)) + if (!query.exec()) { QMessageBox::critical(0, _("Error"), _("Update failed !\n") + req); return 0; @@ -841,9 +854,12 @@ void Database::AddSharedAccount(Account& ac, const QString& granted) QSqlRecord set; QSqlQuery query(_db); - req = QString("SELECT id FROM user WHERE name='%1'").arg(granted); + req = QString("SELECT id FROM user WHERE name=:name"); - EXECUTE_SQL_QUERY(req, ); + query.prepare(req); + query.bindValue(":name", granted); + + EXECUTE_PREPARED_SQL_QUERY(); query.next(); @@ -907,7 +923,7 @@ int Database::AddCategory(User* user, Category& category) req = "INSERT INTO category ('user', 'parent', 'name', 'backcolor', 'forecolor', 'font', 'fix_cost') VALUES ('" ; req += QString::number(user->_id) + "'"; req += ", '" + QString::number(category.parent) + "'"; - req += ", '" + category.name + "'"; + req += ", :name"; req += ", '" + backcolor + "'"; req += ", '" + forecolor + "'"; req += ", '" + category.font + "'"; @@ -916,8 +932,11 @@ int Database::AddCategory(User* user, Category& category) else req += ", '0'"; req += ")"; - - if (!query.exec(req)) + + query.prepare(req); + query.bindValue(":name", category.name); + + if (!query.exec()) { QMessageBox::critical(0, _("Error"), _("Update failed !\n") + req); std::cerr << __FUNCTION__ << "\n" ; @@ -933,6 +952,7 @@ void Database::UpdateCategory(Category& category) { QString req, tmp; QString backcolor, forecolor; + QSqlQuery query(_db); backcolor = "#" ; tmp = QString::number(category.backcolor.red(), 16); @@ -958,7 +978,7 @@ void Database::UpdateCategory(Category& category) req = "UPDATE category SET" ; req += " parent='" + QString::number(category.parent) + "'"; - req += ", name='" + category.name + "'"; + req += ", name=:name"; req += ", backcolor='" + backcolor + "'"; req += ", forecolor='" + forecolor + "'"; req += ", font='" + category.font + "'"; @@ -968,7 +988,9 @@ void Database::UpdateCategory(Category& category) req += ", fix_cost='0'"; req += " WHERE id='" + QString::number(category.id) + "'"; - EXECUTE_SQL_UPDATE(req, ); + query.prepare(req); + query.bindValue(":name", category.name); + EXECUTE_PREPARED_SQL_UPDATE(); } void Database::DeleteCategory(User* user, Category& category, int replacement) @@ -1004,11 +1026,17 @@ bool Database::LoadCategory(int id, const QString& name, Category& category) bool ret = false ; if (id) + { req = QString("SELECT * FROM category WHERE id='%1'").arg(id); + EXECUTE_SQL_QUERY(req, false); + } else - req = QString("SELECT * FROM category WHERE name='%1'").arg(name); - - EXECUTE_SQL_QUERY(req, false); + { + req = QString("SELECT * FROM category WHERE name=:name"); + query.prepare(req); + query.bindValue(":name", name); + EXECUTE_PREPARED_SQL_QUERY(false); + } if (query.next()) { @@ -1030,10 +1058,13 @@ int Database::AddTag(User* user, Tag& tag) req = "INSERT INTO tag ('user', 'name') VALUES ('" ; req += QString::number(user->_id) + "'"; - req += ", '" + tag.name + "'"; + req += ", :name"; req += ")"; - - if (!query.exec(req)) + + query.prepare(req); + query.bindValue(":name", tag.name); + + if (!query.exec()) { QMessageBox::critical(0, _("Error"), _("Update failed !\n") + req); std::cerr << __FUNCTION__ << "\n" ; @@ -1048,12 +1079,16 @@ int Database::AddTag(User* user, Tag& tag) void Database::UpdateTag(Tag& tag) { QString req; + QSqlQuery query(_db); req = "UPDATE tag SET" ; - req += "name='" + tag.name + "'"; + req += "name=:name"; req += " WHERE id='" + QString::number(tag.id) + "'"; - EXECUTE_SQL_UPDATE(req, ); + query.prepare(req); + query.bindValue(":name", tag.name); + + EXECUTE_PREPARED_SQL_UPDATE(); } void Database::DeleteTag(User* user, Tag& tag, int replacement) @@ -1078,11 +1113,17 @@ bool Database::LoadTag(int id, const QString& name, Tag& tag) bool ret = false ; if (id) + { req = QString("SELECT * FROM tag WHERE id='%1'").arg(id); + EXECUTE_SQL_QUERY(req, false); + } else - req = QString("SELECT * FROM tag WHERE name='%1'").arg(name); - - EXECUTE_SQL_QUERY(req, false); + { + req = QString("SELECT * FROM tag WHERE name=:name"); + query.prepare(req); + query.bindValue(":name", name); + EXECUTE_PREPARED_SQL_QUERY(false); + } if (query.next()) { @@ -1225,10 +1266,15 @@ void Database::GenerateMonth(User* user, int monthFrom, int yearFrom, int monthT void Database::ChangePassword(User* user, const QString& password) { QString req; + QSqlQuery query(_db); - req = QString("UPDATE user SET password='%1' WHERE name='%2'").arg(HashPassword(password), user->_name) ; + req = QString("UPDATE user SET password=:password WHERE name=:name"); - EXECUTE_SQL_UPDATE(req, ); + query.prepare(req); + query.bindValue(":name", user->_name); + query.bindValue(":password", HashPassword(password)); + + EXECUTE_PREPARED_SQL_UPDATE(); } bool Database::UserExists(const QString& name) @@ -1238,9 +1284,12 @@ bool Database::UserExists(const QString& name) QString req; bool res=false; - req = QString("SELECT name FROM user WHERE name='%1'").arg(name); + req = QString("SELECT name FROM user WHERE name=:name"); - EXECUTE_SQL_QUERY(req, false); + query.prepare(req); + query.bindValue(":name", name); + + EXECUTE_PREPARED_SQL_QUERY(false); if (query.next()) res = true; @@ -1255,19 +1304,29 @@ bool Database::UserExists(const QString& name) void Database::ChangeName(User* user, const QString& name) { QString req; + QSqlQuery query(_db); - req = QString("UPDATE user SET name='%1' WHERE name='%2'").arg(name, user->_name) ; + req = QString("UPDATE user SET name=:name WHERE name=:name2"); - EXECUTE_SQL_UPDATE(req, ); + query.prepare(req); + query.bindValue(":name", name); + query.bindValue(":name2", user->_name); + + EXECUTE_PREPARED_SQL_UPDATE(); } void Database::NewUser(const QString& name) { QString req; + QSqlQuery query(_db); - req = QString("INSERT INTO user ('name', 'password') VALUES ('%1', '%2')").arg(name, HashPassword("")) ; + req = QString("INSERT INTO user ('name', 'password') VALUES (:name, :password)"); - EXECUTE_SQL_UPDATE(req, ); + query.prepare(req); + query.bindValue(":name", name); + query.bindValue(":password", HashPassword("")); + + EXECUTE_PREPARED_SQL_UPDATE(); } /* diff --git a/src/model/Database.hpp b/src/model/Database.hpp index 817e78d..770330e 100644 --- a/src/model/Database.hpp +++ b/src/model/Database.hpp @@ -1,5 +1,5 @@ /* - Copyright 2010-2012 Grégory Soutadé + Copyright 2010-2016 Grégory Soutadé This file is part of KissCount. @@ -49,6 +49,7 @@ #define EXECUTE_SQL_UPDATE_WITH_CODE(req, return_value, code_if_fail, code_if_syntax_fail) \ do { \ + _db.transaction(); \ QSqlQuery query; \ if (!query.exec(req)) \ { \ @@ -56,26 +57,63 @@ std::cerr << __FUNCTION__ << " " << __FILE__ << " " << __LINE__ << "\n" ; \ std::cerr << req.toStdString() << "\n" ; \ std::cerr << query.lastError().text().toStdString() << "\n" ; \ + _db.rollback(); \ + code_if_fail; \ + return return_value; \ + } \ + _db.commit(); \ + } while(0); + +#define EXECUTE_PREPARED_SQL_UPDATE_WITH_CODE(return_value, code_if_fail, code_if_syntax_fail) \ + do { \ + _db.transaction(); \ + if (!query.exec()) \ + { \ + QMessageBox::critical(0, _("Error"), _("Update failed !\n")); \ + std::cerr << __FUNCTION__ << " " << __FILE__ << " " << __LINE__ << "\n" ; \ + std::cerr << query.lastQuery().toStdString() << "\n" ; \ + std::cerr << query.lastError().text().toStdString() << "\n" ; \ + _db.rollback(); \ + code_if_fail; \ + return return_value; \ + } \ + _db.commit(); \ + } while(0); + +#define EXECUTE_SQL_QUERY_WITH_CODE(req, return_value, code_if_fail, code_if_syntax_fail) \ + do { \ + if (!query.exec(req)) \ + { \ + QMessageBox::critical(0, _("Error"), _("Query failed !\n") + req); \ + std::cerr << __FUNCTION__ << "\n" ; \ + std::cerr << req.toStdString() << "\n" ; \ + std::cerr << query.lastError().text().toStdString() << "\n" ; \ code_if_fail; \ return return_value; \ } \ } while(0); -#define EXECUTE_SQL_QUERY_WITH_CODE(req, return_value, code_if_fail, code_if_syntax_fail) \ - if (!query.exec(req)) \ - { \ - QMessageBox::critical(0, _("Error"), _("Query failed !\n") + req); \ - std::cerr << __FUNCTION__ << "\n" ; \ - std::cerr << req.toStdString() << "\n" ; \ - std::cerr << query.lastError().text().toStdString() << "\n" ; \ - code_if_fail; \ - return return_value; \ - } \ +#define EXECUTE_PREPARED_SQL_QUERY_WITH_CODE(return_value, code_if_fail, code_if_syntax_fail) \ + do { \ + if (!query.exec()) \ + { \ + QMessageBox::critical(0, _("Error"), _("Query failed !\n")); \ + std::cerr << __FUNCTION__ << "\n" ; \ + std::cerr << query.lastQuery().toStdString() << "\n" ; \ + std::cerr << query.lastError().text().toStdString() << "\n" ; \ + code_if_fail; \ + return return_value; \ + } \ + } while(0); #define EXECUTE_SQL_QUERY(req, return_value) EXECUTE_SQL_QUERY_WITH_CODE(req, return_value, {}, {}) #define EXECUTE_SQL_UPDATE(req, return_value) EXECUTE_SQL_UPDATE_WITH_CODE(req, return_value, {}, {}) +#define EXECUTE_PREPARED_SQL_UPDATE(return_value) EXECUTE_PREPARED_SQL_UPDATE_WITH_CODE(return_value, {}, {}) + +#define EXECUTE_PREPARED_SQL_QUERY(return_value) EXECUTE_PREPARED_SQL_QUERY_WITH_CODE(return_value, {}, {}) + class KissCount; class User; diff --git a/src/view/grid/GridAccount.cpp b/src/view/grid/GridAccount.cpp index 278bdbc..dd0af56 100644 --- a/src/view/grid/GridAccount.cpp +++ b/src/view/grid/GridAccount.cpp @@ -1,5 +1,5 @@ /* - Copyright 2010-2012 Grégory Soutadé + Copyright 2010-2016 Grégory Soutadé This file is part of KissCount. @@ -913,7 +913,7 @@ void GridAccount::OnOperationModified(int row, int col) { User* user = _kiss->GetUser(); Operation new_op, cur_op, op_tmp, op_tmp2; - int op_complete = 6; + int op_complete = 6, new_op_id; QString value, v ; QDate date; bool need_insertion = false, transfertCompleted = false; @@ -1043,10 +1043,8 @@ void GridAccount::OnOperationModified(int row, int col) } catch (User::TagNotFound e) { - op_complete++; setItem(row, TAG, new QTableWidgetItem("")); } - op_complete--; } value = item(row, ACCOUNT)->text(); @@ -1113,12 +1111,20 @@ void GridAccount::OnOperationModified(int row, int col) new_op._virtual = false; new_op.parent = 0; + new_op_id = _kiss->AddOperation(new_op); + + if (!new_op_id) + { + _inModification = false ; + return; + } + RemoveRow(new_op, row, false); NULLop.id = 0; InsertOperation(user, NULLop, row, new_op.fix_cost, _curMonth, _curYear); - new_op.id = _kiss->AddOperation(new_op); - + new_op.id = new_op_id; + if (transfertCompleted) _transfertCompletionIndex = (_transfertCompletionIndex + 1) % 2; } diff --git a/src/view/wxUI.cpp b/src/view/wxUI.cpp index c31dd6d..5672a34 100644 --- a/src/view/wxUI.cpp +++ b/src/view/wxUI.cpp @@ -310,7 +310,6 @@ void wxUI::ChangeUser() } catch (UsersDialog::ExceptionNewUser e) { - } }