From 60c48af0bf265a200070466aa4de97dd5126ed06 Mon Sep 17 00:00:00 2001 From: Damien Regad Date: Fri, 30 Mar 2018 01:18:24 +0200 Subject: Replace $php_errormsg with error_get_last() Reserved variable $php_errormsg is deprecated in PHP 7.2 http://php.net/manual/en/reserved.variables.phperrormsg.php Fixes #405 --- drivers/adodb-db2.inc.php | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) (limited to 'drivers/adodb-db2.inc.php') diff --git a/drivers/adodb-db2.inc.php b/drivers/adodb-db2.inc.php index 1312b70b..eacecd29 100644 --- a/drivers/adodb-db2.inc.php +++ b/drivers/adodb-db2.inc.php @@ -71,8 +71,6 @@ class ADODB_db2 extends ADOConnection { // returns true or false function _connect($argDSN, $argUsername, $argPassword, $argDatabasename) { - global $php_errormsg; - if (!function_exists('db2_connect')) { ADOConnection::outp("Warning: The old ODBC based DB2 driver has been renamed 'odbc_db2'. This ADOdb driver calls PHP's native db2 extension which is not installed."); return null; @@ -90,7 +88,6 @@ class ADODB_db2 extends ADOConnection { if (stripos($argDSN,'UID=') && stripos($argDSN,'PWD=')) $this->_connectionID = db2_connect($argDSN,null,null); else $this->_connectionID = db2_connect($argDSN,$argUsername,$argPassword); } - if (isset($php_errormsg)) $php_errormsg = ''; // For db2_connect(), there is an optional 4th arg. If present, it must be // an array of valid options. So far, we don't use them. @@ -105,17 +102,12 @@ class ADODB_db2 extends ADOConnection { // returns true or false function _pconnect($argDSN, $argUsername, $argPassword, $argDatabasename) { - global $php_errormsg; - if (!function_exists('db2_connect')) return null; // This needs to be set before the connect(). // Replaces the odbc_binmode() call that was in Execute() ini_set('ibm_db2.binmode', $this->binmode); - if (isset($php_errormsg)) $php_errormsg = ''; - $this->_errorMsg = isset($php_errormsg) ? $php_errormsg : ''; - if ($argDatabasename && empty($argDSN)) { if (stripos($argDatabasename,'UID=') && stripos($argDatabasename,'PWD=')) $this->_connectionID = db2_pconnect($argDatabasename,null,null); @@ -125,7 +117,6 @@ class ADODB_db2 extends ADOConnection { if (stripos($argDSN,'UID=') && stripos($argDSN,'PWD=')) $this->_connectionID = db2_pconnect($argDSN,null,null); else $this->_connectionID = db2_pconnect($argDSN,$argUsername,$argPassword); } - if (isset($php_errormsg)) $php_errormsg = ''; $this->_errorMsg = @db2_conn_errormsg(); if ($this->_connectionID && $this->autoRollback) @db2_rollback($this->_connectionID); @@ -627,9 +618,8 @@ See http://msdn.microsoft.com/library/default.asp?url=/library/en-us/db2/htm/db2 /* returns queryID or false */ function _query($sql,$inputarr=false) { - GLOBAL $php_errormsg; - if (isset($php_errormsg)) $php_errormsg = ''; - $this->_error = ''; + error_clear_last(); + $this->_errorMsg = ''; if ($inputarr) { if (is_array($sql)) { @@ -638,7 +628,8 @@ See http://msdn.microsoft.com/library/default.asp?url=/library/en-us/db2/htm/db2 $stmtid = db2_prepare($this->_connectionID,$sql); if ($stmtid == false) { - $this->_errorMsg = isset($php_errormsg) ? $php_errormsg : ''; + $err = error_get_last(); + $this->_errorMsg = $err ? $err['message'] : ''; return false; } } @@ -675,15 +666,18 @@ See http://msdn.microsoft.com/library/default.asp?url=/library/en-us/db2/htm/db2 if ($this->_haserrorfunctions) { $this->_errorMsg = ''; $this->_errorCode = 0; - } else - $this->_errorMsg = isset($php_errormsg) ? $php_errormsg : ''; + } else { + $err = error_get_last(); + $this->_errorMsg = $err ? $err['message'] : ''; + } } else { if ($this->_haserrorfunctions) { $this->_errorMsg = db2_stmt_errormsg(); $this->_errorCode = db2_stmt_error(); - } else - $this->_errorMsg = isset($php_errormsg) ? $php_errormsg : ''; - + } else { + $err = error_get_last(); + $this->_errorMsg = $err ? $err['message'] : ''; + } } return $stmtid; } -- cgit v1.3 From d29c23f2264ec95c6d3851e0f51ce240b2f36b74 Mon Sep 17 00:00:00 2001 From: Dave Paul Date: Tue, 6 Mar 2018 15:40:29 +0000 Subject: Fix potential SQL injection in SelectLimit() The `SelectLimit` function has a potential SQL injection vulnerability through the use of the `nrows` and `offset` parameters which are not forced to integers. This is a follow-up on #311, and fixes all remaining drivers that do not use ADOConnection::SelectLimit(). Fixes #401 Signed-off-by: Damien Regad Original commits squashed, message reworded. Fixed whitespace. --- drivers/adodb-borland_ibase.inc.php | 2 ++ drivers/adodb-csv.inc.php | 4 +++- drivers/adodb-db2.inc.php | 3 ++- drivers/adodb-mssql.inc.php | 2 ++ drivers/adodb-mysql.inc.php | 2 ++ drivers/adodb-mysqli.inc.php | 2 ++ drivers/adodb-oci8.inc.php | 2 ++ drivers/adodb-odbc_mssql.inc.php | 2 ++ drivers/adodb-pdo_pgsql.inc.php | 14 ++++++++------ drivers/adodb-pdo_sqlite.inc.php | 10 ++++++---- drivers/adodb-postgres7.inc.php | 2 ++ drivers/adodb-sqlite.inc.php | 2 ++ drivers/adodb-sqlite3.inc.php | 2 ++ 13 files changed, 37 insertions(+), 12 deletions(-) (limited to 'drivers/adodb-db2.inc.php') diff --git a/drivers/adodb-borland_ibase.inc.php b/drivers/adodb-borland_ibase.inc.php index 05fb4607..70c30fbb 100644 --- a/drivers/adodb-borland_ibase.inc.php +++ b/drivers/adodb-borland_ibase.inc.php @@ -53,6 +53,8 @@ class ADODB_borland_ibase extends ADODB_ibase { // SELECT FIRST 5 SKIP 2 col1, col2 FROM TABLE function SelectLimit($sql,$nrows=-1,$offset=-1,$inputarr=false,$secs2cache=0) { + $nrows = (int) $nrows; + $offset = (int) $offset; if ($nrows > 0) { if ($offset <= 0) $str = " ROWS $nrows "; else { diff --git a/drivers/adodb-csv.inc.php b/drivers/adodb-csv.inc.php index 5ac23fce..61fad92a 100644 --- a/drivers/adodb-csv.inc.php +++ b/drivers/adodb-csv.inc.php @@ -83,8 +83,10 @@ class ADODB_csv extends ADOConnection { // parameters use PostgreSQL convention, not MySQL function SelectLimit($sql, $nrows = -1, $offset = -1, $inputarr = false, $secs2cache = 0) { - global $ADODB_FETCH_MODE; + global $ADODB_FETCH_MODE; + $nrows = (int) $nrows; + $offset = (int) $offset; $url = $this->_url.'?sql='.urlencode($sql)."&nrows=$nrows&fetch=". (($this->fetchMode !== false)?$this->fetchMode : $ADODB_FETCH_MODE). "&offset=$offset"; diff --git a/drivers/adodb-db2.inc.php b/drivers/adodb-db2.inc.php index eacecd29..c42fef69 100644 --- a/drivers/adodb-db2.inc.php +++ b/drivers/adodb-db2.inc.php @@ -234,7 +234,8 @@ class ADODB_db2 extends ADOConnection { function SelectLimit($sql, $nrows = -1, $offset = -1, $inputArr = false, $secs2cache = 0) { - $nrows = (integer) $nrows; + $nrows = (int) $nrows; + $offset = (int) $offset; if ($offset <= 0) { // could also use " OPTIMIZE FOR $nrows ROWS " if ($nrows >= 0) $sql .= " FETCH FIRST $nrows ROWS ONLY "; diff --git a/drivers/adodb-mssql.inc.php b/drivers/adodb-mssql.inc.php index a6d4c6b4..da3791c1 100644 --- a/drivers/adodb-mssql.inc.php +++ b/drivers/adodb-mssql.inc.php @@ -245,6 +245,8 @@ class ADODB_mssql extends ADOConnection { function SelectLimit($sql,$nrows=-1,$offset=-1, $inputarr=false,$secs2cache=0) { + $nrows = (int) $nrows; + $offset = (int) $offset; if ($nrows > 0 && $offset <= 0) { $sql = preg_replace( '/(^\s*select\s+(distinctrow|distinct)?)/i','\\1 '.$this->hasTop." $nrows ",$sql); diff --git a/drivers/adodb-mysql.inc.php b/drivers/adodb-mysql.inc.php index ebe6dbc1..732acff6 100644 --- a/drivers/adodb-mysql.inc.php +++ b/drivers/adodb-mysql.inc.php @@ -585,6 +585,8 @@ class ADODB_mysql extends ADOConnection { // parameters use PostgreSQL convention, not MySQL function SelectLimit($sql,$nrows=-1,$offset=-1,$inputarr=false,$secs=0) { + $nrows = (int) $nrows; + $offset = (int) $offset; $offsetStr =($offset>=0) ? ((integer)$offset)."," : ''; // jason judge, see http://phplens.com/lens/lensforum/msgs.php?id=9220 if ($nrows < 0) $nrows = '18446744073709551615'; diff --git a/drivers/adodb-mysqli.inc.php b/drivers/adodb-mysqli.inc.php index ceec44f5..617eccdf 100644 --- a/drivers/adodb-mysqli.inc.php +++ b/drivers/adodb-mysqli.inc.php @@ -713,6 +713,8 @@ class ADODB_mysqli extends ADOConnection { $inputarr = false, $secs = 0) { + $nrows = (int) $nrows; + $offset = (int) $offset; $offsetStr = ($offset >= 0) ? "$offset," : ''; if ($nrows < 0) $nrows = '18446744073709551615'; diff --git a/drivers/adodb-oci8.inc.php b/drivers/adodb-oci8.inc.php index bedc81cb..75593569 100644 --- a/drivers/adodb-oci8.inc.php +++ b/drivers/adodb-oci8.inc.php @@ -709,6 +709,8 @@ END; */ function SelectLimit($sql,$nrows=-1,$offset=-1, $inputarr=false,$secs2cache=0) { + $nrows = (int) $nrows; + $offset = (int) $offset; // Since the methods used to limit the number of returned rows rely // on modifying the provided SQL query, we can't work with prepared // statements so we just extract the SQL string. diff --git a/drivers/adodb-odbc_mssql.inc.php b/drivers/adodb-odbc_mssql.inc.php index 5d51126e..65637d5b 100644 --- a/drivers/adodb-odbc_mssql.inc.php +++ b/drivers/adodb-odbc_mssql.inc.php @@ -280,6 +280,8 @@ order by constraint_name, referenced_table_name, keyno"; function SelectLimit($sql,$nrows=-1,$offset=-1, $inputarr=false,$secs2cache=0) { + $nrows = (int) $nrows; + $offset = (int) $offset; if ($nrows > 0 && $offset <= 0) { $sql = preg_replace( '/(^\s*select\s+(distinctrow|distinct)?)/i','\\1 '.$this->hasTop." $nrows ",$sql); diff --git a/drivers/adodb-pdo_pgsql.inc.php b/drivers/adodb-pdo_pgsql.inc.php index 2fc2ad40..111d9efa 100644 --- a/drivers/adodb-pdo_pgsql.inc.php +++ b/drivers/adodb-pdo_pgsql.inc.php @@ -73,12 +73,14 @@ WHERE relkind in ('r','v') AND (c.relname='%s' or c.relname = lower('%s')) function SelectLimit($sql,$nrows=-1,$offset=-1,$inputarr=false,$secs2cache=0) { - $offsetStr = ($offset >= 0) ? " OFFSET $offset" : ''; - $limitStr = ($nrows >= 0) ? " LIMIT $nrows" : ''; - if ($secs2cache) - $rs = $this->CacheExecute($secs2cache,$sql."$limitStr$offsetStr",$inputarr); - else - $rs = $this->Execute($sql."$limitStr$offsetStr",$inputarr); + $nrows = (int) $nrows; + $offset = (int) $offset; + $offsetStr = ($offset >= 0) ? " OFFSET $offset" : ''; + $limitStr = ($nrows >= 0) ? " LIMIT $nrows" : ''; + if ($secs2cache) + $rs = $this->CacheExecute($secs2cache,$sql."$limitStr$offsetStr",$inputarr); + else + $rs = $this->Execute($sql."$limitStr$offsetStr",$inputarr); return $rs; } diff --git a/drivers/adodb-pdo_sqlite.inc.php b/drivers/adodb-pdo_sqlite.inc.php index 82bf9c15..524de31e 100644 --- a/drivers/adodb-pdo_sqlite.inc.php +++ b/drivers/adodb-pdo_sqlite.inc.php @@ -54,13 +54,15 @@ class ADODB_pdo_sqlite extends ADODB_pdo { function SelectLimit($sql,$nrows=-1,$offset=-1,$inputarr=false,$secs2cache=0) { + $nrows = (int) $nrows; + $offset = (int) $offset; $parent = $this->pdoDriver; $offsetStr = ($offset >= 0) ? " OFFSET $offset" : ''; $limitStr = ($nrows >= 0) ? " LIMIT $nrows" : ($offset >= 0 ? ' LIMIT 999999999' : ''); - if ($secs2cache) - $rs = $parent->CacheExecute($secs2cache,$sql."$limitStr$offsetStr",$inputarr); - else - $rs = $parent->Execute($sql."$limitStr$offsetStr",$inputarr); + if ($secs2cache) + $rs = $parent->CacheExecute($secs2cache,$sql."$limitStr$offsetStr",$inputarr); + else + $rs = $parent->Execute($sql."$limitStr$offsetStr",$inputarr); return $rs; } diff --git a/drivers/adodb-postgres7.inc.php b/drivers/adodb-postgres7.inc.php index 90ba0a47..33b8adf7 100644 --- a/drivers/adodb-postgres7.inc.php +++ b/drivers/adodb-postgres7.inc.php @@ -109,6 +109,8 @@ class ADODB_postgres7 extends ADODB_postgres64 { // which makes obsolete the LIMIT limit,offset syntax function SelectLimit($sql,$nrows=-1,$offset=-1,$inputarr=false,$secs2cache=0) { + $nrows = (int) $nrows; + $offset = (int) $offset; $offsetStr = ($offset >= 0) ? " OFFSET ".((integer)$offset) : ''; $limitStr = ($nrows >= 0) ? " LIMIT ".((integer)$nrows) : ''; if ($secs2cache) diff --git a/drivers/adodb-sqlite.inc.php b/drivers/adodb-sqlite.inc.php index bb197707..5996e712 100644 --- a/drivers/adodb-sqlite.inc.php +++ b/drivers/adodb-sqlite.inc.php @@ -226,6 +226,8 @@ class ADODB_sqlite extends ADOConnection { function SelectLimit($sql,$nrows=-1,$offset=-1,$inputarr=false,$secs2cache=0) { + $nrows = (int) $nrows; + $offset = (int) $offset; $offsetStr = ($offset >= 0) ? " OFFSET $offset" : ''; $limitStr = ($nrows >= 0) ? " LIMIT $nrows" : ($offset >= 0 ? ' LIMIT 999999999' : ''); if ($secs2cache) { diff --git a/drivers/adodb-sqlite3.inc.php b/drivers/adodb-sqlite3.inc.php index 7c8ceee4..e957fcc4 100644 --- a/drivers/adodb-sqlite3.inc.php +++ b/drivers/adodb-sqlite3.inc.php @@ -209,6 +209,8 @@ class ADODB_sqlite3 extends ADOConnection { function SelectLimit($sql,$nrows=-1,$offset=-1,$inputarr=false,$secs2cache=0) { + $nrows = (int) $nrows; + $offset = (int) $offset; $offsetStr = ($offset >= 0) ? " OFFSET $offset" : ''; $limitStr = ($nrows >= 0) ? " LIMIT $nrows" : ($offset >= 0 ? ' LIMIT 999999999' : ''); if ($secs2cache) { -- cgit v1.3