summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2016-09-20Bump version to 5.20.7v5.20.7Damien Regad130-131/+131
2016-09-20Align release scripts with master branchDamien Regad3-109/+257
2016-09-20Update changelogDamien Regad131-131/+137
2016-09-14oci8po: prevent segfault on php7Damyon Wiese1-4/+9
The OCIFetchinto function is causing segfaults on php7 - probably because the fields array is not initialised or it is optimised out. This fixes just changes to use the safer function oci_fetch_array instead. Fixes #259 Signed-off-by: Damien Regad <dregad@mantisbt.org>
2016-09-06PDO: fix incorrect quoting allowing SQL injectionDamien Regad1-0/+24
The PDO driver was relying on ADOConnection::qstr() for quoting strings. An application relying on qstr() to manually prepare SQL statements rather than using parameterized queries may be vulnerable to SQL injection attacks, as demonstrated by @jdavidlists. This commit delegates string quoting to PDO::quote() when a connection is available. If not, it simply replaces single quotes by the value of $replaceQuote property. Fixes #226
2016-09-06PDO/mysql: fix MetaTables broken SQLDamien Regad1-1/+1
When a schema is specified in $showSchema, the function generates an invalid where clause: WHERE TABLE_SCHEMA= from myschema ^ should be 'myschema' Fixes #275
2016-09-06PDO MySQL fix for MetaTablesAndy Theuninck1-0/+2
The generated query is broken with the default method arguments. Fixes #275 Signed-off-by: Damien Regad <dregad@mantisbt.org> Original commit changed to use single quotes, added issue reference.
2016-08-31Bump version to 5.20.6v5.20.6Damien Regad130-131/+131
2016-08-31Update changelogDamien Regad1-0/+5
2016-08-29Exclude 'tests' directory from release tarballsDamien Regad1-0/+1
It is only used for development purposes and is not necessary for normal ADOdb operations. Issue #274
2016-08-29Tests: fix XSS vulnerabilityDamien Regad1-2/+5
This issue was reported by JPCERT Coordination Center (JPCERT/CC) with reference JVN#48237713. The root cause is a foreach loop processing all GET parameters and blindly assigning them to variables, allowing an attacker to replace contents of global variables. This limits variable processing using a regex matching those used in testdatabases.inc.php (i.e. beginning with 'test' or 'no'). Fixes #274
2016-08-29Composer: update homepageDamien Regad1-1/+1
2016-08-29Abort with error if ADOdb Extension is detectedDamien Regad1-1/+16
When the old ADOdb extension is installed and a more recent version of ADOdb is running, a PHP warning 'undefined constant ADODB_ASSOC_CASE_NATIVE' is thrown. The PHP Extension is obsolete and unsupported, so we shouldn't even try to run when it is loaded. This commit will cause ADOdb to exit with an error (or throw an exception if adodb-exceptions.inc.php has been included) if the Extension is detected. Fixes #269
2016-08-29Remove '\n' from Exception messagesDamien Regad1-3/+3
Messages with newline cause uncaught exceptions to be displayed as follows (note the single ' where the message is expected): $ php -r 'throw new exception("blah\n");' Fatal error: Uncaught exception 'Exception' with message ' in Command line code on line 1 Fixes #273
2016-08-10Bump version to 5.20.5v5.20.5Damien Regad130-131/+131
2016-08-10Update changelogDamien Regad1-0/+11
2016-08-10Fix fatal error when connecting with missing extensionDamien Regad1-4/+4
When connecting to a database using mysqli driver and the corresponding PHP extension is extension is not loaded, ADOdb dies with exit code 255 signaling a fatal error. This is due to ADODB_mysqli::ErrorNo() calling mysqli_connect_errno() with the '@' operator, suppressing the 'Call to undefined function' fatal error. When not using adodb-exceptions, setting `$db->debug=true;` causes ADOdb to print message 'Missing extension for mysql', but this is not the case when exceptions are used. To fix the problem, we only call the ErrorNo() method when the result of _connect() is set, and otherwise pass arbitrary error number 0 with the missing extension message to the exception handler. Fixes #254
2016-08-02xml: remove calls to 'unset($this)' (PHP 7.1 compatibility)Christian Kuhn2-4/+0
unset($this) throws a fatal error on linting. Use internal garbage collection to clean up old objects instead. Fixes #257 Signed-off-by: Damien Regad <dregad@mantisbt.org> As per PHP manual, "It is not possible to unset $this inside an object method since PHP 5." (see http://php.net/manual/function.unset, Notes section)
2016-08-02xml: fix php strict warningDamien Regad2-4/+8
dbTable::_tag_open() throws "Only variables should be passed by reference" error when processing INDEX and DATA tags. Fixes #229, fixes #260
2016-05-25mysqli: fix #240 PHP notice in _close() methodRamūnas Bunokas1-1/+1
2016-05-25PDO: let driver handle SelectDB() and SQLDate() callsAndy Theuninck1-0/+11
Calls to ADODB_pdo::SelectDB() and ADODB_pdo::SQLDate() should be passed through to the underlying $_driver object. If the $database property of the underlying $_driver object isn't initialized correctly, the 1st call to MetaColumns using "schemaName.tableName" as an argument may alter the connection's currently selected database. Fixes #242, related to #40. Signed-off-by: Damien Regad <dregad@mantisbt.org>
2016-05-25Fix _adodb_getcount()mike.benoit1-1/+1
This reverts the regular expression back to its original (i.e. before it was changed in #88, see commit 41839f5c18abe262ee088f1d4bd92453616d2a4a) as it seems to work in more cases, and doesn't break simple ones. Since we support _ADODB_COUNT now anyways we should be able to handle any possible situation. Fixes #236, #239 Signed-off-by: Damien Regad <dregad@mantisbt.org>
2016-05-25Use SQL server native data types if available, see #234Mark Newnham1-4/+14
If the database is Microsoft SQL Server, use the sqlsrv native data types (sqlsrv:decl_type) instead of the PDO native type for improved field type recognition. This fix has been migrated to the pdo_sqlsrv driver in v5.21 (see #245, #247, #245, #250)
2016-05-25Destructor fails if recordset already closedMark Newnham1-1/+1
If the recordset has already been closed, the destructor occasionally fails because the queryId has sometimes been set to -1, not false. See #170, #180
2016-03-31Fix PHP warning in ADORecordset_mysqli::__close()v5.20.4Damien Regad2-1/+2
A warning is triggered when getInsertSql() is passed a string for the tablename: mysqli_free_result() expects parameter 1 to be mysqli_result, integer given Fixes #217
2016-03-31.gitignore: exclude PHPStorm filesDamien Regad1-0/+1
2016-03-30Bump version to 5.20.4Damien Regad130-131/+131
2016-03-30Added Documentation README fileDamien Regad1-0/+17
2016-03-30Removing legacy documentation filesDamien Regad11-10790/+0
Now replaced by the new Wiki at http://adodb.org/ Offline documentation can be downloaded from https://sourceforge.net/projects/adodb/files/Documentation/
2016-03-30README: Added Sourceforge download badgeDamien Regad1-0/+1
2016-03-30README: link Doc section to the WikiDamien Regad1-10/+6
Also add link to documentation download page on Sourceforge
2016-03-30README: update Homepage linkDamien Regad1-1/+1
2016-03-30Update changelogDamien Regad1-0/+5
2016-03-30mysqli: cast port number to int when connectingDamien Regad1-1/+2
In PHP7, mysqli_real_connect() expects the port number to be an int; PHP throws a warning if we give it a string, which is usually the case since the port is parsed from a 'hostname:port'. Fixes #218
2016-03-30Fix BulkBind() param count validation10n1-6/+21
Before checking the number of arguments if array_2d is detected then we should make sure all list of arguments have the same size. Fixes #199, #200 Signed-off-by: Damien Regad <dregad@mantisbt.org> Changes to original patch: fixed whitespace and rewrote commit message.
2016-01-01Bump version to 5.20.3v5.20.3Damien Regad138-139/+139
2016-01-01Update changelogDamien Regad1-0/+4
2016-01-01mssql: fix error when closing RS from destructorDamien Regad2-3/+5
Fixes #180 (this is the correct fix for issue #170).
2015-12-27Bump version to 5.20.2v5.20.2Damien Regad139-140/+140
2015-12-27Doc: update index pageDamien Regad1-10/+18
Cherry-picked from master branch
2015-12-20Update changelogDamien Regad1-0/+1
2015-12-20mssql: avoid error when closing RS from destructorDamien Regad2-4/+9
Fix #170
2015-12-20informix: avoid error when closing RS from destructorDamien Regad1-2/+8
Fixing this is somewhat academic considering that informix driver is no longer supported since PHP 5.2.1 Fixes #170
2015-12-20mysqli: Remove use of '@' operator in RS::_close()Damien Regad1-3/+7
Avoids PHP notice when closing recordset Fixes #170
2015-12-16Better replacement for preg_replace '/e' flagDamien Regad1-4/+15
Instead of creating an anonymous function, modify the existing _colontrack() function to be used as the callback Fixes #168
2015-12-16PHP7 compatibility: remove preg_replace '/e' flagMarina Glancy1-1/+1
This is the original commit contributed by @marinaglancy (dff32013c1f2f1e51ea8be59d447280d60362e33) minus the changes in mysqlt driver (PHP4 constructor), already fixed in a82f3c692df997e2130cec1e5a0c8f77eb5f1ef8. Fixes #168 Signed-off-by: Damien Regad <dregad@mantisbt.org>
2015-12-16Remove a couple leftover PHP4 constructorsDamien Regad3-10/+1
Follow-up on #139 (commit 9ffa02e6ddc88dbfdfdf4437e0a398cc39960094)A Fixes #168
2015-12-15mysql: MoveNext() apply field names case conversionDamien Regad3-2/+8
Fixes #167
2015-12-06Bump version to 5.20.1Damien Regad1-0/+2
2015-12-06Bump version to 5.20.1v5.20.1Damien Regad138-139/+139