summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2018-03-08Bump version to 5.20.10v5.20.10Damien Regad131-132/+132
2018-03-08Update changelogDamien Regad1-0/+11
2018-01-30README: remove 5.19 associative fetch mode warningDamien Regad1-9/+0
5.20.0 was released in November 2015, everybody should have migrated by now...
2018-01-30LICENCE: home page link, line breaks on copyrightDamien Regad1-3/+3
2018-01-30README: add link to ADOdb contributors on GithubDamien Regad1-1/+2
2018-01-30Clarifly licensing under LGPL v2.1 *or later*Damien Regad3-6/+11
Packagist.org complained about invalid data in composer.json: 'License "LGPL-2.1" is a deprecated SPDX license identifier, use "LGPL-2.1-only" or "LGPL-2.1-or-later" instead'. README.md and LICENCE.md were updated accordingly.
2018-01-30Avoid full file path disclosure in ADOLoadCode()Damien Regad1-2/+2
To avoid unwanted information disclosure if an error occurs when loading a database driver, we should not output the full path in the error message. Fixes #389
2017-11-29sybase: fix PHP Warning in _connect()/_pconnectAlejandro Aguayo1-4/+4
Fixes #371 Signed-off-by: Damien Regad <dregad@mantisbt.org> Changes from original pull request: - suppress errors in _connect() also - commit message reworded
2017-11-26mysql: fix typo in _connect() error messageRyan P.C. McQuen1-1/+1
2017-11-26mysqli: suppress error on db connectRyan P.C. McQuen1-1/+1
This way if the connection fails, the error can be captured and used as intended. Without this, mysqli_real_connect() triggers a PHP warning. Fixes #348
2017-11-25Release a potential reference to a db resourceNicolas Dermine1-0/+1
We had a problem in our app using the pdo_sqlsrv driver with PHP 7 that manifested itself by a ODBC32.dll crash at the end of a PHP request (see issue: https://github.com/Microsoft/msphpsql/issues/434). It seems the dll tried to free a statement after the connection had been disconnected. We looked at our code and the ADOdb code to see if a reference to a statement could imply that it would be garbage-collected after the PDO disconnection. We found that `ADODB_pdo#_query` returns a statement to `ADOConnection#_Execute` which stores it in its `_queryID` property and never empties it explicitly. Setting it to `false` in `ADOConnection#Close` seems to fix the problem in our app. Fixes #379
2017-11-25mssql: string keys are not allowed in parameters arraysAndreas Thaden2-3/+1
Fixes #316
2017-11-25PDO sqlsrv fix auto-commit errormarcelto3-3/+32
Add SetAutoCommit() method for PDO drivers. Avoids PDO Error: The auto-commit mode cannot be changed for this driver Fixes #347
2017-11-25MSSQL requires table alias in _adodb_getcount() queryZoltan Monori1-1/+4
Currently the _ADODB_ALIAS_ is only used for postgres and mysql, but it's also necessary for mssql, otherwise the query assigned to $rewritesql on line 422 fails and produces the following warning: PHP Warning (2): mssql_query(): message: Incorrect syntax near ')'. (severity 15) in /usr/share/php/adodb/drivers/adodb-mssql.inc.php on line 832 Fixes #359 Signed-off-by: Damien Regad <dregad@mantisbt.org> Original commit amended to split long line.
2017-11-25Fix year validation in adodb_validdate()Marco Menzel1-1/+1
Given year can only be less than 3000 or greater than 1000. Fixes #375
2016-12-21Bump version to 5.20.9v5.20.9Damien Regad130-131/+131
2016-12-21Update changelogDamien Regad1-0/+4
2016-12-17mssql: Fix syntax error in version matching regexDamien Regad1-1/+1
Regression introduced by 7c758c3cbb9ecc639f5744d991e8a6d5c35e5be4. Fixes #305
2016-12-17Bump version to 5.20.8v5.20.8Damien Regad130-131/+131
2016-12-17Update changelogDamien Regad1-1/+13
Includes fixes to 5.20.2 and 5.20.4 that were modified after release, so that the changelog is aligned with the master branch.
2016-12-17mssql: fix drop/alter column with existing default constraintMartin Schleußer1-9/+61
With MSSQL it is not possible to drop or alter a column with an existing constraint. The constraint has to be removed before the operation takes place. In 'datadict-mssqlnative.inc.php' AlterColumnSQL is commented out and DropColumnSQL doesn't care. This tries to fix the problem with the smallest possible impact: - Fix DropColumnSQL(), to allow the drop even with a constraint on that given column. We drop, so any default doesn't matter. - Fix AlterColumnSql(), to allow changes if (and only if !) either a 'new' default is given for an existing default, or there is no existing one at all. So something like 'ALTER TABLE t ALTER COLUMN c INT NOT NULL' with an existing constraint on c will still fail since it can't be determined if keeping or removing the constraint is implied here. Fixes #290 via #297 Changes to original commit: - split long lines, whitespace - Added commit message text from issue #290's description Signed-off-by: Damien Regad <dregad@mantisbt.org>
2016-12-17oci8po: fix SelectLimit() with prepared statementsDamien Regad2-26/+42
The ADOdb_oci8::SelectLimit() method performs Oracle-specific query optimization, manipulating the SQL to apply hints in a way that is not compatible with the oci8po driver, due to conversion of query parameters ('?' vs oci8 native ':xx'). To avoid the problem, we define the SelectLimit() method directly in ADODB_oci8po, and rely on the slower ADOConnection::SelectLimit() method from the base class. Also, to avoid issues with prepared statements causing PHP to throw a Warning: "oci_execute(): supplied resource is not a valid oci8 statement resource", we retrieve the prepared statement's SQL and pass it on to ADOConnection::SelectLimit(). Fixes #282
2016-12-17mssql: Method errorno returned -1 on success instead of 0Mark Newnham1-2/+1
The method incorrectly returned -1 for success instead of 0. In addition, the method attempted to distinguish between warnings and errors produced by the SQL Server parameter "WarningsReturnAsErrors" when logging was enabled, but in ADOdb logging this parameter is always set false so the code was removed. Fixes #298
2016-12-17mssql: default sequence name consistencyDamien Regad1-1/+1
Use 'adodbseq' everywhere
2016-12-17mssql: fix parameter forwarding in GenID methodsLaurent Navarro1-5/+5
Incorrect forwarding of parameter values from GenID() to GenID2008/2012 forced the sequence name to the default of 'adodbseq'. Fixes #300
2016-12-17mssql: GenId2008() not returning next value in sequenceLaurent Navarro1-1/+1
Fixes #302
2016-12-17mssql: fix typo in class variable nameDamien Regad1-1/+1
2016-12-01mssql: Workaround to fix query not returning idDamien Regad1-1/+1
This modified regex allows matching of empty strings and is much more efficient than the original one. A better fix for this will be available in v5.21 Fixes #185
2016-11-20mssql: allow GenID2012() to use any sequence nameDamien Regad1-1/+1
Removes the extra assignment of $seq when calling CreateSequence2012() (possibly leftover from a copy/paste ?) which was causing the code to always use the default 'adodbseq' sequence. Fixes #295
2016-11-20mssql: support SQL server 2014, 2016 and laterDamien Regad1-18/+15
2016-11-20mssql: add support for versions 2016 and laterDamien Regad1-5/+3
Removes the unnecessary upper bound on the server version check. Fixes #294
2016-11-20mssql: optimize server version detectionDamien Regad1-22/+13
The code in ServerVersion() method now only calls preg_match() once.
2016-11-20Driver now correctly recognizes SQL Server 2014 databases when creating ↵Mark Newnham1-0/+8
sequences Backported from master (b28cafea05d0c88018dd0c980ba024de1e54192f).
2016-11-20mssql: add missing cachedSchemaFlush propertyDamien Regad1-0/+1
The property is referenced in MetaColumns(), and calling this method causes an 'Undefined property' PHP Notice to be thrown. Fixes #289
2016-11-19oci8po: fix inconsistent variable binding in SelectLimit()Pat Bateman1-3/+9
Allow indexed or associative array for bindvars. Fixes #288 Signed-off-by: Damien Regad <dregad@mantisbt.org>
2016-09-20Bump version to 5.20.7v5.20.7Damien Regad130-131/+131
2016-09-20Align release scripts with master branchDamien Regad3-109/+257
2016-09-20Update changelogDamien Regad131-131/+137
2016-09-14oci8po: prevent segfault on php7Damyon Wiese1-4/+9
The OCIFetchinto function is causing segfaults on php7 - probably because the fields array is not initialised or it is optimised out. This fixes just changes to use the safer function oci_fetch_array instead. Fixes #259 Signed-off-by: Damien Regad <dregad@mantisbt.org>
2016-09-06PDO: fix incorrect quoting allowing SQL injectionDamien Regad1-0/+24
The PDO driver was relying on ADOConnection::qstr() for quoting strings. An application relying on qstr() to manually prepare SQL statements rather than using parameterized queries may be vulnerable to SQL injection attacks, as demonstrated by @jdavidlists. This commit delegates string quoting to PDO::quote() when a connection is available. If not, it simply replaces single quotes by the value of $replaceQuote property. Fixes #226
2016-09-06PDO/mysql: fix MetaTables broken SQLDamien Regad1-1/+1
When a schema is specified in $showSchema, the function generates an invalid where clause: WHERE TABLE_SCHEMA= from myschema ^ should be 'myschema' Fixes #275
2016-09-06PDO MySQL fix for MetaTablesAndy Theuninck1-0/+2
The generated query is broken with the default method arguments. Fixes #275 Signed-off-by: Damien Regad <dregad@mantisbt.org> Original commit changed to use single quotes, added issue reference.
2016-08-31Bump version to 5.20.6v5.20.6Damien Regad130-131/+131
2016-08-31Update changelogDamien Regad1-0/+5
2016-08-29Exclude 'tests' directory from release tarballsDamien Regad1-0/+1
It is only used for development purposes and is not necessary for normal ADOdb operations. Issue #274
2016-08-29Tests: fix XSS vulnerabilityDamien Regad1-2/+5
This issue was reported by JPCERT Coordination Center (JPCERT/CC) with reference JVN#48237713. The root cause is a foreach loop processing all GET parameters and blindly assigning them to variables, allowing an attacker to replace contents of global variables. This limits variable processing using a regex matching those used in testdatabases.inc.php (i.e. beginning with 'test' or 'no'). Fixes #274
2016-08-29Composer: update homepageDamien Regad1-1/+1
2016-08-29Abort with error if ADOdb Extension is detectedDamien Regad1-1/+16
When the old ADOdb extension is installed and a more recent version of ADOdb is running, a PHP warning 'undefined constant ADODB_ASSOC_CASE_NATIVE' is thrown. The PHP Extension is obsolete and unsupported, so we shouldn't even try to run when it is loaded. This commit will cause ADOdb to exit with an error (or throw an exception if adodb-exceptions.inc.php has been included) if the Extension is detected. Fixes #269
2016-08-29Remove '\n' from Exception messagesDamien Regad1-3/+3
Messages with newline cause uncaught exceptions to be displayed as follows (note the single ' where the message is expected): $ php -r 'throw new exception("blah\n");' Fatal error: Uncaught exception 'Exception' with message ' in Command line code on line 1 Fixes #273
2016-08-10Bump version to 5.20.5v5.20.5Damien Regad130-131/+131