| Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
The OCIFetchinto function is causing segfaults on php7 - probably
because the fields array is not initialised or it is optimised out. This
fixes just changes to use the safer function oci_fetch_array instead.
Fixes #259
Signed-off-by: Damien Regad <dregad@mantisbt.org>
|
|
The PDO driver was relying on ADOConnection::qstr() for quoting strings.
An application relying on qstr() to manually prepare SQL statements
rather than using parameterized queries may be vulnerable to SQL
injection attacks, as demonstrated by @jdavidlists.
This commit delegates string quoting to PDO::quote() when a connection
is available. If not, it simply replaces single quotes by the value of
$replaceQuote property.
Fixes #226
|
|
When a schema is specified in $showSchema, the function generates an
invalid where clause:
WHERE TABLE_SCHEMA= from myschema
^
should be 'myschema'
Fixes #275
|
|
The generated query is broken with the default method arguments.
Fixes #275
Signed-off-by: Damien Regad <dregad@mantisbt.org>
Original commit changed to use single quotes, added issue reference.
|
|
|
|
|
|
It is only used for development purposes and is not necessary for normal
ADOdb operations.
Issue #274
|
|
This issue was reported by JPCERT Coordination Center (JPCERT/CC) with
reference JVN#48237713.
The root cause is a foreach loop processing all GET parameters and
blindly assigning them to variables, allowing an attacker to
replace contents of global variables.
This limits variable processing using a regex matching those used in
testdatabases.inc.php (i.e. beginning with 'test' or 'no').
Fixes #274
|
|
|
|
When the old ADOdb extension is installed and a more recent version of
ADOdb is running, a PHP warning 'undefined constant
ADODB_ASSOC_CASE_NATIVE' is thrown.
The PHP Extension is obsolete and unsupported, so we shouldn't even try
to run when it is loaded.
This commit will cause ADOdb to exit with an error (or throw an
exception if adodb-exceptions.inc.php has been included) if the
Extension is detected.
Fixes #269
|
|
Messages with newline cause uncaught exceptions to be displayed as
follows (note the single ' where the message is expected):
$ php -r 'throw new exception("blah\n");'
Fatal error: Uncaught exception 'Exception' with message ' in Command line code on line 1
Fixes #273
|
|
|
|
|
|
When connecting to a database using mysqli driver and the corresponding
PHP extension is extension is not loaded, ADOdb dies with exit code 255
signaling a fatal error. This is due to ADODB_mysqli::ErrorNo() calling
mysqli_connect_errno() with the '@' operator, suppressing the 'Call to
undefined function' fatal error.
When not using adodb-exceptions, setting `$db->debug=true;` causes ADOdb
to print message 'Missing extension for mysql', but this is not the case
when exceptions are used.
To fix the problem, we only call the ErrorNo() method when the result of
_connect() is set, and otherwise pass arbitrary error number 0 with the
missing extension message to the exception handler.
Fixes #254
|
|
unset($this) throws a fatal error on linting. Use internal
garbage collection to clean up old objects instead.
Fixes #257
Signed-off-by: Damien Regad <dregad@mantisbt.org>
As per PHP manual, "It is not possible to unset $this inside an object
method since PHP 5." (see http://php.net/manual/function.unset, Notes
section)
|
|
dbTable::_tag_open() throws "Only variables should be passed by
reference" error when processing INDEX and DATA tags.
Fixes #229, fixes #260
|
|
|
|
Calls to ADODB_pdo::SelectDB() and ADODB_pdo::SQLDate() should be passed
through to the underlying $_driver object.
If the $database property of the underlying $_driver object isn't
initialized correctly, the 1st call to MetaColumns using
"schemaName.tableName" as an argument may alter the connection's
currently selected database.
Fixes #242, related to #40.
Signed-off-by: Damien Regad <dregad@mantisbt.org>
|
|
This reverts the regular expression back to its original (i.e. before it
was changed in #88, see commit 41839f5c18abe262ee088f1d4bd92453616d2a4a)
as it seems to work in more cases, and doesn't break simple ones. Since
we support _ADODB_COUNT now anyways we should be able to handle any
possible situation.
Fixes #236, #239
Signed-off-by: Damien Regad <dregad@mantisbt.org>
|
|
If the database is Microsoft SQL Server, use the sqlsrv native data
types (sqlsrv:decl_type) instead of the PDO native type for improved
field type recognition.
This fix has been migrated to the pdo_sqlsrv driver in v5.21 (see #245,
#247, #245, #250)
|
|
If the recordset has already been closed, the destructor occasionally
fails because the queryId has sometimes been set to -1, not false.
See #170, #180
|
|
A warning is triggered when getInsertSql() is passed a string for the
tablename:
mysqli_free_result() expects parameter 1 to be mysqli_result, integer
given
Fixes #217
|
|
|
|
|
|
|
|
Now replaced by the new Wiki at http://adodb.org/
Offline documentation can be downloaded from
https://sourceforge.net/projects/adodb/files/Documentation/
|
|
|
|
Also add link to documentation download page on Sourceforge
|
|
|
|
|
|
In PHP7, mysqli_real_connect() expects the port number to be an int; PHP
throws a warning if we give it a string, which is usually the case since
the port is parsed from a 'hostname:port'.
Fixes #218
|
|
Before checking the number of arguments if array_2d is detected then we
should make sure all list of arguments have the same size.
Fixes #199, #200
Signed-off-by: Damien Regad <dregad@mantisbt.org>
Changes to original patch: fixed whitespace and rewrote commit message.
|
|
|
|
|
|
Fixes #180 (this is the correct fix for issue #170).
|
|
|
|
Cherry-picked from master branch
|
|
|
|
Fix #170
|
|
Fixing this is somewhat academic considering that informix driver is no
longer supported since PHP 5.2.1
Fixes #170
|
|
Avoids PHP notice when closing recordset
Fixes #170
|
|
Instead of creating an anonymous function, modify the existing
_colontrack() function to be used as the callback
Fixes #168
|
|
This is the original commit contributed by @marinaglancy
(dff32013c1f2f1e51ea8be59d447280d60362e33) minus the changes in
mysqlt driver (PHP4 constructor), already fixed in
a82f3c692df997e2130cec1e5a0c8f77eb5f1ef8.
Fixes #168
Signed-off-by: Damien Regad <dregad@mantisbt.org>
|
|
Follow-up on #139 (commit 9ffa02e6ddc88dbfdfdf4437e0a398cc39960094)A
Fixes #168
|
|
Fixes #167
|
|
|
|
|