Weak test in database API library, makes some database names breaking the queries precheck
Database & API changes
Function query() checks for course database prefix in the query to check intergity.
but the test is too weak as :
if (strpos($query, 'c_'))
making any query string containing c_ anywhere to break in.
replace this test with a stronger one as :
that will at least check the c_ is a real token prefix and not just a in-string pattern.
- Target version set to 1.10.0
- Subject changed from Weak test in database API library, makes some database names breacking the queries precheck to Weak test in database API library, makes some database names breaking the queries precheck
- Status changed from New to Assigned
- Assignee set to Julio Montoya
- Status changed from Assigned to Needs more info
- Assignee changed from Julio Montoya to Yannick Warnier
I think we don't need any more that check. It was mainly because we move from multiple databases to 1 database.
So we should remove that code.
- Status changed from Needs more info to Assigned
- Assignee changed from Yannick Warnier to Julio Montoya
- % Done changed from 0 to 10
Agreed. We don't need that code anymore. Go ahead and drop it, Julio.
- Category changed from Global / Others / Misc to Database & API changes
- Status changed from Assigned to Bug resolved
- Assignee deleted (
Solved in the 1.10.x.doctrine branch to be merge in 1.10.x
Also available in: Atom