From 02ad9f8d84d24e968b8e93998765d0fb411afc6e Mon Sep 17 00:00:00 2001
From: Paul Dale Smith <p.smith@ctidigital.com>
Date: Fri, 7 Apr 2017 13:23:54 +0100
Subject: [PATCH] Updated to use an expression for a single DB transaction.
 2867311

---
 file_upload_security.module | 44 +++++++++++++++++++++++++++++++++-----------
 1 file changed, 33 insertions(+), 11 deletions(-)

diff --git a/file_upload_security.module b/file_upload_security.module
index 296bed8..9d104b8 100644
--- a/file_upload_security.module
+++ b/file_upload_security.module
@@ -300,28 +300,50 @@ function file_upload_security_fix_fields(&$files = array()) {
  *   Passed by reference to collect fids that may require moving on server.
  */
 function file_upload_security_fix_webforms(&$files = array()) {
-  $query = db_select('webform_component', 'c')
-    ->fields('c', array('cid'))
+  $scheme_condition = db_or()
     ->condition('extra', '%s:6:"scheme";s:6:"public"%', 'LIKE')
-    ->condition('type', 'file');
+    ->condition('extra', '%s:6:"scheme";%', 'NOT LIKE');
 
+  $query = db_select('webform_component', 'c')
+    ->fields('c', array('cid'))
+    ->condition('type', 'file')
+    ->condition($scheme_condition);
   $query->leftJoin('webform_submitted_data', 's', 's.cid = c.cid AND s.nid = c.nid');
   $query->fields('s', array('data'));
-  $query->isNotNull('data');
-
-  $fids = $query->execute()->fetchAllKeyed(1, 1);
-
-  if ($fids) {
-    $files = $files + $fids;
-  }
+  $files = $files + $query->execute()->fetchAllKeyed(1, 1);
 
-  $update = db_update('webform_component')
+  db_update('webform_component')
     ->expression('extra', 'REPLACE(extra, :public_scheme, :private_scheme)', array(
       ':public_scheme' => 's:6:"scheme";s:6:"public"',
       ':private_scheme' => 's:6:"scheme";s:7:"private"',
     ))
     ->condition('type', 'file')
     ->execute();
+
+  $select = db_select('webform_component', 'c')
+    ->fields('c', array('cid', 'extra'))
+    ->condition('extra', '%s:6:"scheme";%', 'NOT LIKE')
+    ->condition('type', 'file');
+
+  $expression = 'CASE';
+  $cids = array();
+
+  foreach ($select->execute() as $component) {
+    $extra = unserialize($component->extra);
+    $extra['scheme'] = 'private';
+    $component->extra = serialize($extra);
+    $expression .= " WHEN cid = " . $component->cid . " THEN '" . $component->extra . "'\n";
+    $cids[] = $component->cid;
+  }
+
+  if ($expression !== 'CASE') {
+    $expression .= ' END';
+
+    db_update('webform_component')
+      ->condition('cid', $cids, 'IN')
+      ->expression('extra', $expression)
+      ->execute();
+  }
 }
 
 /**
-- 
2.7.4 (Apple Git-66)

