| Age | Commit message (Collapse) | Author | Files | Lines |
|
The `SelectLimit` function has a potential SQL injection vulnerability
through the use of the `nrows` and `offset` parameters which are not
forced to integers.
This is a follow-up on #311, and fixes all remaining drivers that do not
use ADOConnection::SelectLimit().
Fixes #401
Signed-off-by: Damien Regad <dregad@mantisbt.org>
Original commits squashed, message reworded. Fixed whitespace.
|
|
The same is done (at least for `$nrows`) in the `SelectLimit` method of `Adodb/adodb.inc.php`.
This lowers the risk of SQL injection.
Fixes #311
(cherry picked from commit 7d43989dc95fd00fcf3ba73e08fdaf56ffa4f3e5)
|
|
In the pdo_sqlsrv driver, static locals were used to cache field names.
Unfortunately, this means that if the results for multiple queries
were mapped, the field names for the first query were used instead of
updated field names for the subsequent queries.
|
|
Reserved variable $php_errormsg is deprecated in PHP 7.2
http://php.net/manual/en/reserved.variables.phperrormsg.php
Fixes #405
|
|
create_function() is deprecated in PHP 7.2
http://php.net/manual/en/function.create-function.php
Fixes #404
|
|
Fixes #373
|
|
Backported from d9cc6c66ec08e5a517f8fa4503345ead992e2a62. I meant to do
this in 5.20.10 but I forgot...
Fixes #373
|
|
|
|
|
|
|
|
|
|
Regression from f12543aef8f772b8e2e07e84fb3fd0767a67fb17 (#334)
Fixes #382
|
|
Fixes #371
Signed-off-by: Damien Regad <dregad@mantisbt.org>
Changes from original pull request:
- suppress errors in _connect() also
- commit message reworded
|
|
Fixes #278
|
|
Follow-up on 811f491830adc0b0a510a2ad30affe159f68e5d8.
Fixes #278
|
|
PostgreSQL 9.0 changed the default output for bytea from 'escape' to
'hex', and PHP does not handle data properly if compiled with postgres
library < 9.2.
Reference
- https://bugs.php.net/bug.php?id=59831
- https://bugs.horde.org/ticket/10919#c4
So setting bytea_output=escape is only needed when server >= 9.0 and
client < 9.2.
|
|
Make use of the revised ServerInfo() method to avoid running a query
with each connection to retrieve the server version number.
Fixes #334
|
|
|
|
The PostgreSQL server version number can be retrieved through
pg_parameter_status().
A new optional parameter was added to allow caller to only retrieve the
version number without executing an extra SQL statement.
To maintain backwards compatibility and keep returning a detailed
version string in the 'description' key of the version array as the code
used to do, the parameter defaults to true.
|
|
|
|
|
|
This way if the connection fails, the error can be captured and used as
intended. Without this, mysqli_real_connect() triggers a PHP warning.
Fixes #348
|
|
|
|
The same is done (at least for `$nrows`) in the `SelectLimit` method of `Adodb/adodb.inc.php`.
This lowers the risk of SQL injection.
Fixes #311
|
|
Fix actually using the alternative port if it was specified. The base
driver class will strip the port from hostname and put it in port
property. So now add it again if it was set.
Fixes #314
|
|
Fixes #316
|
|
Add SetAutoCommit() method for PDO drivers.
Avoids PDO Error: The auto-commit mode cannot be changed for this driver
Fixes #347
|
|
|
|
Fixes PDO Errors:
- The transaction isolation level cannot be changed for this driver
- The auto-commit mode cannot be changed for this driver
Fixes #363
Signed-off-by: Damien Regad <dregad@mantisbt.org>
|
|
Fixes PDO Error: The transaction isolation level cannot be changed for
this driver.
Fixes #362
Signed-off-by: Damien Regad <dregad@mantisbt.org>
|
|
Most of the includes in adodb.inc.php are done with include_once but
in a couple locations its still done with include.
This is the case for adodb-lib.inc.php which is conditionally included
based on a global var. I ran into problems with running adodb in debug
mode while running phpunit tests. Phpunit will reset the global vars
and thus break the include mechanism. This is a problem of phpunit
and can be worked around. However it would make adodb more robust
to just use include_once everywhere. It will remove the dependency on
the $ADODB_INCLUDED_LIB global var.
I also replaced one include statement in adodb-time.inc.php, in various
drivers and other files too, so include_once is used everywhere.
Signed-off-by: Damien Regad <dregad@mantisbt.org>
|
|
|
|
Conflicts:
docs/changelog.md
|
|
|
|
|
|
Regression introduced by 7c758c3cbb9ecc639f5744d991e8a6d5c35e5be4.
Fixes #305
|
|
|
|
This avoids having to test whether the property has been set, and to
call the ServerVersion() method several times.
|
|
Conflicts:
drivers/adodb-mssqlnative.inc.php
|
|
|
|
|
|
The ADOdb_oci8::SelectLimit() method performs Oracle-specific query
optimization, manipulating the SQL to apply hints in a way that is not
compatible with the oci8po driver, due to conversion of query
parameters ('?' vs oci8 native ':xx').
To avoid the problem, we define the SelectLimit() method directly in
ADODB_oci8po, and rely on the slower ADOConnection::SelectLimit()
method from the base class.
Also, to avoid issues with prepared statements causing PHP to throw a
Warning: "oci_execute(): supplied resource is not a valid oci8
statement resource", we retrieve the prepared statement's SQL and pass
it on to ADOConnection::SelectLimit().
Fixes #282
|
|
The method incorrectly returned -1 for success instead of 0. In
addition, the method attempted to distinguish between warnings and
errors produced by the SQL Server parameter "WarningsReturnAsErrors"
when logging was enabled, but in ADOdb logging this parameter is always
set false so the code was removed.
Fixes #298
|
|
Use 'adodbseq' everywhere
|
|
Incorrect forwarding of parameter values from GenID() to GenID2008/2012
forced the sequence name to the default of 'adodbseq'.
Fixes #300
|
|
Fixes #302
|
|
|
|
Fix broken link to PostgreSQL online documentation.
|
|
This modified regex allows matching of empty strings and is much more
efficient than the original one.
A better fix for this will be available in v5.21
Fixes #185
|
|
The method incorrectly returned -1 for success instead of 0. In addition, the method attempted to distinguish between warnings and errors produced by the SQL Server parameter "WarningsReturnAsErrors" when logging was enabled, but in ADOdb logging this parameter is always set false so the code was removed.
|