Project

General

Profile

Feature #7096

Weak test in database API library, makes some database names breaking the queries precheck

Added by Valery FREMAUX over 5 years ago. Updated over 4 years ago.

Status:
Bug resolved
Priority:
Normal
Assignee:
-
Category:
Database & API changes
Target version:
Start date:
22/04/2014
Due date:
% Done:

10%

Estimated time:
Complexity:
Piece of cake
SCRUM pts - complexity:
?

Description

Function query() checks for course database prefix in the query to check intergity.
but the test is too weak as :

if (strpos($query, 'c_'))

making any query string containing c_ anywhere to break in.

replace this test with a stronger one as :

if(preg_match('/\bc_/', $query))

that will at least check the c_ is a real token prefix and not just a in-string pattern.

History

#1

Updated by Yannick Warnier almost 5 years ago

  • Target version set to 1.10.0
#2

Updated by Yannick Warnier over 4 years ago

  • Subject changed from Weak test in database API library, makes some database names breacking the queries precheck to Weak test in database API library, makes some database names breaking the queries precheck
#3

Updated by Yannick Warnier over 4 years ago

  • Status changed from New to Assigned
  • Assignee set to Julio Montoya
#4

Updated by Julio Montoya over 4 years ago

  • Status changed from Assigned to Needs more info
  • Assignee changed from Julio Montoya to Yannick Warnier

I think we don't need any more that check. It was mainly because we move from multiple databases to 1 database.
So we should remove that code.

#5

Updated by Yannick Warnier over 4 years ago

  • Status changed from Needs more info to Assigned
  • Assignee changed from Yannick Warnier to Julio Montoya
  • % Done changed from 0 to 10

Agreed. We don't need that code anymore. Go ahead and drop it, Julio.

#6

Updated by Yannick Warnier over 4 years ago

  • Category changed from Global / Others / Misc to Database & API changes
#7

Updated by Julio Montoya over 4 years ago

  • Status changed from Assigned to Bug resolved
  • Assignee deleted (Julio Montoya)

Solved in the 1.10.x.doctrine branch to be merge in 1.10.x

Also available in: Atom PDF