use mysqli for escaping input string. fix some errors logged to system.log

app/Wiz.php

@@ -8,7 +8,7 @@
  * http://opensource.org/licenses/osl-3.0.php
  *
  * DISCLAIMER
- * 
+ *
  * This program is provided to you AS-IS.  There is no warranty.  It has not been
  * certified for any particular purpose.
  *
@@ -118,16 +118,16 @@ static function getMagentoRoot() {
      * Instantiates and sets up Magento.  By default, use the admin scopeCode so we run
      * inside of the administration context.
      *
-     * @param string $scopeCode 
-     * @param string $scopeId 
+     * @param string $scopeCode
+     * @param string $scopeId
      * @return Mage_Core_Model_App
      * @author Nicholas Vahalik <[email protected]>
      */
     public static function getMagento($scopeCode = 'admin', $scopeId = 'store') {
 
         /**
          * Our local copy of the Magento Application Object
-         * 
+         *
          * @see Mage_Core_Model_App
          */
         static $_magento;
@@ -168,8 +168,8 @@ public static function getMagento($scopeCode = 'admin', $scopeId = 'store') {
             $_magento = Mage::app($scopeCode, $scopeId);
 
             // We only want to enable profiling if it has been turned on within the
-            // configuration AND if the --profile argument was passed into the command. 
-            if(Mage::getStoreConfig('dev/debug/profiler') && Wiz::getWiz()->getArg('profile')){
+            // configuration AND if the --profile argument was passed into the command.
+            if (Mage::getStoreConfig('dev/debug/profiler') && Wiz::getWiz()->getArg('profile')) {
             	Varien_Profiler::enable();
             }
         }
@@ -201,13 +201,13 @@ public function updateAction() {
             else {
                 // Aw snap, it's on now!
                 $ourDirectory = dirname(dirname(__FILE__));
-                
+
                 // Do a quick sanity check to ensure that we "own" the directory.
                 $objectsInOurDirectory = scandir(dirname(dirname(__FILE__)));
 
-                // Only enable auto-upgrade if we have our own directory.  This will leave some 
+                // Only enable auto-upgrade if we have our own directory.  This will leave some
                 // people out, but for now it appears most people have it in ~/bin.
-                if (count($objectsInOurDirectory) <= 7 
+                if (count($objectsInOurDirectory) <= 7
                   && in_array('wiz.php', $objectsInOurDirectory)
                   && in_array('app', $objectsInOurDirectory)
                   && in_array('wiz', $objectsInOurDirectory)) {
@@ -241,24 +241,24 @@ public function updateAction() {
         // Check the remote service to see what the latest version of Wiz is.
     }
 
-    private function rrmdir($dir) { 
-        if (is_dir($dir)) { 
-            $objects = scandir($dir); 
-            foreach ($objects as $object) { 
-                if ($object != "." && $object != "..") { 
-                    if (filetype($dir."/".$object) == "dir") $this->rrmdir($dir."/".$object); else unlink($dir."/".$object); 
-                } 
-            } 
-            reset($objects); 
+    private function rrmdir($dir) {
+        if (is_dir($dir)) {
+            $objects = scandir($dir);
+            foreach ($objects as $object) {
+                if ($object != "." && $object != "..") {
+                    if (filetype($dir."/".$object) == "dir") $this->rrmdir($dir."/".$object); else unlink($dir."/".$object);
+                }
+            }
+            reset($objects);
             rmdir($dir);
-        } 
+        }
     }
 
     private function _findPlugins() {
 
         $plugins = array();
         $pluginFiles = new DirectoryIterator($this->pluginDirectory);
-        
+
         foreach ($pluginFiles as $file) {
             $fileExtension = substr($file->getFilename(), -3);
             if ($file->isFile() && $fileExtension == "php") {
@@ -303,7 +303,7 @@ private function _findPlugins() {
      * Gives you help on a command.  For simplicity's sake, it just returns the Comment
      * block in the source code.
      *
-     * @param string Command to get help on. 
+     * @param string Command to get help on.
      * @author Nicholas Vahalik <[email protected]>
      */
     public function helpAction($options) {
@@ -336,7 +336,7 @@ public function listActions() {
         echo 'Available commands: '.PHP_EOL;
         echo PHP_EOL;
         foreach ($this->_availableCommands as $commandName => $commandArray) {
-            if(!array_key_exists('documentation', $commandArray) || trim($commandArray['documentation']) == '') {
+            if (!array_key_exists('documentation', $commandArray) || trim($commandArray['documentation']) == '') {
                 continue;
             }
             $docLines = explode(PHP_EOL, $commandArray['documentation']);
@@ -493,7 +493,7 @@ public function getArg($name, $default = false) {
      * @return string
      * @author Kevin Kirchner
      **/
-    public function getWebsiteCode()
+    public static function getWebsiteCode()
     {
         $wiz = Wiz::getWiz();
         return $wiz->getArg('website') ? $wiz->getArg('website') : Mage::app()->getWebsite()->getCode();
@@ -505,7 +505,7 @@ public function getWebsiteCode()
      * @return string
      * @author Kevin Kirchner
      **/
-    public function getStoreCode()
+    public static function getStoreCode()
     {
         $wiz = Wiz::getWiz();
         return $wiz->getArg('store') ? $wiz->getArg('store') : Mage::app()->getStore()->getCode();
@@ -540,7 +540,7 @@ public static function batchOutput($table) {
             default:
                 $delimiter = ',';
                 $enclosure = '"';
-                // Quickly put everything 
+                // Quickly put everything
                 break;
             case 'pipe':
                 $delimiter = '|';
@@ -572,7 +572,7 @@ public static function prettyTableOutput($table) {
                 $cell_length = strlen($cell);
                 $cell_count++;
                 if (!isset($cell_lengths[$key]) || $cell_length > $cell_lengths[$key]) $cell_lengths[$key] = $cell_length;
-            }    
+            }
         }
         array_pop($table);
 

app/plugins/Sql.php

@@ -8,7 +8,7 @@
  * http://opensource.org/licenses/osl-3.0.php
  *
  * DISCLAIMER
- * 
+ *
  * This program is provided to you AS-IS.  There is no warranty.  It has not been
  * certified for any particular purpose.
  *
@@ -30,6 +30,9 @@ private function _getDbConfig($config = 'core') {
         $resources = Mage::getSingleton('core/resource');
         $connection = $resources->getConnection('core');
         $config = $connection->getConfig();
+        if (!isset($config['port'])) {
+            $config['port'] = 3306;
+        }
         return $config;
     }
 
@@ -48,18 +51,18 @@ public function infoAction($options) {
             }
             echo $key . ' = '. $value.PHP_EOL;
         }
-        echo 'MySQL command line: '."mysql -u{$config['username']} -p{$config['password']}".( $config['port'] ? " -P{$config['port']}" : '')." -h{$config['host']} {$config['dbname']}".PHP_EOL;
+        echo 'MySQL command line: '."mysql -u{$config['username']} -p{$config['password']}".($config['port'] ? " -P{$config['port']}" : '')." -h{$config['host']} {$config['dbname']}".PHP_EOL;
     }
 
     /**
      * Opens up a shell command directly to the the database server.
      *
-     * @param string $options 
+     * @param string $options
      * @author Nicholas Vahalik <[email protected]>
      */
     public function cliAction($options) {
         $config = $this->_getDbConfig();
-        proc_close(proc_open("mysql -u{$config['username']} -p{$config['password']}".( $config['port'] ? " -P{$config['port']}" : '')." -h{$config['host']} {$config['dbname']}", array(0 => STDIN, 1 => STDOUT, 2 => STDERR), $pipes));
+        proc_close(proc_open("mysql -u{$config['username']} -p{$config['password']}".($config['port'] ? " -P{$config['port']}" : '')." -h{$config['host']} {$config['dbname']}", array(0 => STDIN, 1 => STDOUT, 2 => STDERR), $pipes));
     }
 
     /**
@@ -75,8 +78,10 @@ public function cliAction($options) {
      * @author Nicholas Vahalik <[email protected]>
      */
     public function execAction($options) {
-        $query = mysql_real_escape_string(array_shift($options));
+        $batch = '';
         $config = $this->_getDbConfig();
+        $link = new mysqli($config['host'], $config['username'], $config['password'], $config['dbname'], $config['port']);
+        $query = $link->real_escape_string(array_shift($options));
         if (count($options) > 0 && $options[0] == 'batch') {
             $batch = '--batch';
         }

wiz

@@ -23,6 +23,7 @@ fi
 
 WIZ_DIR="`dirname $WIZ_PATH`";
 WIZ_PHP_VERSION="5.2";
+WIZ_INI="";
 
 # If no valid PHP executable has been set in WIZ_PHP_PATH, iterate PATH looking for one
 if [ ! -x "$WIZ_PHP_PATH" ] || [ "`$WIZ_PHP_PATH -r "echo (int) version_compare(PHP_VERSION, '$WIZ_PHP_VERSION', '>=');"`" == "0" ]; then
@@ -38,11 +39,16 @@ if [ ! -x "$WIZ_PHP_PATH" ] || [ "`$WIZ_PHP_PATH -r "echo (int) version_compare(
     done
 fi
 
+# If WIZ_INI_PATHFILE enviroment variable is set, look for and use php.ini file  located there.
+if [ -n "$WIZ_INI_PATHFILE" ]; then
+	WIZ_INI="-c $WIZ_INI_PATHFILE"
+fi
+
 # Validate that we have a valid executable file on our hands and that one has been found.
 if [ ! -x "$WIZ_PHP_PATH" ]; then
 	echo "ERROR: Could not find a PHP executable >= $WIZ_PHP_VERSION. Please set WIZ_PHP_PATH to a valid PHP executable binary and try again."
 	exit;
 fi
 
 # Begin tool execution
-$WIZ_PHP_PATH -f "$WIZ_DIR/wiz.php" $@
+$WIZ_PHP_PATH $WIZ_INI  -f "$WIZ_DIR/wiz.php" $@