Commit Graph

34 Commits

Author SHA1 Message Date
Daniel Hensby
0f2049d4d4
[SS-2017-008] Fix SQL injection in search engine 2017-11-21 14:45:36 +00:00
James Pluck
b04a1ab41c Fix Truncate Error Issue when using views in a Unittest.
When using a view in a SilverStripe project, whenever the tear down scripts for the Unittests are run the following error occurs:

Couldn't run query:
TRUNCATE "ActivityPoints_view"
Table 'ss_tmpdb2391727.ActivityPoints_view' doesn't exist

This was due to the MySQLSchemaManager::tableList() function assuming that all records in the TABLES were actual tables containing data.

This small tweak fixes the issue by modifying the SQL to filter out views from the list before truncating.
2017-08-14 15:22:19 +12:00
Andrew O'Neil
9492a8b92f Error should be checked on the db connection, not on the result 2017-03-01 10:41:06 +11:00
Andrew O'Neil
6af3289f43 Remove negation of condition to make the code easier to read. 2017-02-10 10:54:15 +11:00
Andrew O'Neil
6e2797ffc0 Fixes for using dblib PDO driver.
These fixes allow *nix environments to connect to SQL Server using
the dblib PDO driver and the silverstripe mssql module.

  - Only set MYSQL_ATTR_INIT_COMMAND when using the mysql driver, this
    constant isn't defined if the mysql pdo driver isn't installed
  - Supress warnings on getting the server version, attributes aren't
    supported by the dblib driver
  - Explicitly check for errors on sql exec, checking the return
    value isn't reliable for statements with no return value (e.g.
    USE database)
2017-02-10 10:20:16 +11:00
Stephan van Diepen
95b66d19b2
Added MySQL support for Bigint.
Conflicts:
	model/MySQLDatabase.php
2016-09-30 16:38:25 +01:00
Damian Mooyman
b87c668bf4 API support dblib (#5996) 2016-09-16 11:39:29 +12:00
Daniel Hensby
f25b88b146 showqueries debugging tool now inserts parameters in place (#5885) 2016-09-15 09:15:19 +12:00
Damian Mooyman
e810a9928c
API Add optimistic_connect to SS_Database
Fixes #4765
2016-07-12 10:19:03 +12:00
assertchris
8b4311f020 Checking for resource before closing MySQL connection 2016-07-07 10:01:33 +12:00
Daniel Hensby
679185514d
Merge 3.3 into 3
Conflicts:
	admin/css/screen.css.map
2016-04-26 00:24:59 +01:00
Damian Mooyman
6a2245474d BUG Fix FulltextsearchEnable 2016-03-07 14:47:20 +13:00
Damian Mooyman
634e86f949 API Include File.ParentID in fulltext search results
Fixes https://github.com/silverstripe-labs/silverstripe-secureassets/issues/22
2016-03-07 13:15:40 +13:00
Oliver Shaw
ec647ed007 UPDATE: Add support for user defined charset and collation 2016-02-23 15:40:30 +00:00
Sam Minnee
3ee8f505b7 MINORE: Remove training whitespace.
The main benefit of this is so that authors who make use of
.editorconfig don't end up with whitespace changes in their PRs.

Spaces vs. tabs has been left alone, although that could do with a
tidy-up in SS4 after the switch to PSR-1/2.

The command used was this:

for match in '*.ss' '*.css' '*.scss' '*.html' '*.yml' '*.php' '*.js' '*.csv' '*.inc' '*.php5'; do
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" | xargs perl -pi -e 's/ +$//'
done
2016-01-07 10:15:54 +13:00
Damian Mooyman
0272e443f4 BUG Prevent dev/build continually regenerating Number field type 2015-11-11 09:21:50 +13:00
Loz Calver
862429e5d7 Only notify users about PDO native mode once 2015-10-14 09:53:51 +01:00
Simon Brüchner
9416c31805 Typo 2015-09-02 15:51:04 +02:00
Damian Mooyman
4a011303b9 Add missing packages 2015-08-24 16:15:38 +12:00
Damian Mooyman
1686c83826 Revert #3425 #3396 to restore deprecated functionality
Fixes #4514
2015-08-24 11:26:25 +12:00
Damian Mooyman
97b226abe0 BUG Fix semver violation in create_table_options 2015-07-30 14:24:41 +12:00
micmania1
a5b3083dcc FIX memory exhaustion in MySQLStatement->bind() 2015-07-05 03:06:37 +00:00
Damian Mooyman
e14f743bf0 Set deprecation level for all changes in 3.x to 4.0 2015-06-19 13:07:41 +12:00
Damian Mooyman
ce3b5a5ace BUG Fix major segfault on PDOConnector after any DDL
BUG Fix issue in PDOQuery::first()
Refactor previewWrite and benchmarkQuery into SS_Database
2015-06-17 13:34:21 +12:00
Damian Mooyman
e8d6f15f28 API Use mysql buffered statements
Avoids the usage of any MySQL Native Driver specific API
2015-05-08 13:23:53 +12:00
Loz Calver
23fc498c27 NEW: Allow 'null' limit for database queries (closes #3487) 2015-05-04 22:50:33 +01:00
Damian Mooyman
0b1f297873 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
	README.md
	admin/code/LeftAndMain.php
	admin/css/screen.css
	admin/scss/screen.scss
	api/RestfulService.php
	conf/ConfigureFromEnv.php
	control/injector/ServiceConfigurationLocator.php
	control/injector/SilverStripeServiceConfigurationLocator.php
	core/ClassInfo.php
	core/Object.php
	css/AssetUploadField.css
	css/ComplexTableField_popup.css
	dev/CSSContentParser.php
	dev/DevelopmentAdmin.php
	docs/en/changelogs/index.md
	docs/en/misc/contributing/code.md
	docs/en/reference/execution-pipeline.md
	filesystem/GD.php
	filesystem/ImagickBackend.php
	filesystem/Upload.php
	forms/Form.php
	forms/FormField.php
	forms/HtmlEditorConfig.php
	forms/gridfield/GridFieldDetailForm.php
	forms/gridfield/GridFieldSortableHeader.php
	lang/en.yml
	model/Aggregate.php
	model/DataList.php
	model/DataObject.php
	model/DataQuery.php
	model/Image.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	model/fieldtypes/HTMLText.php
	model/fieldtypes/Text.php
	scss/AssetUploadField.scss
	search/filters/SearchFilter.php
	security/Authenticator.php
	security/LoginForm.php
	security/Member.php
	security/MemberAuthenticator.php
	security/MemberLoginForm.php
	security/Security.php
	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
	tests/control/HTTPTest.php
	tests/control/RequestHandlingTest.php
	tests/filesystem/UploadTest.php
	tests/forms/FormTest.php
	tests/forms/NumericFieldTest.php
	tests/model/DataListTest.php
	tests/model/DataObjectTest.php
	tests/model/TextTest.php
	tests/security/MemberAuthenticatorTest.php
	tests/security/SecurityDefaultAdminTest.php
	tests/view/SSViewerCacheBlockTest.php
	tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Damian Mooyman
062ad8e685 API Allow parameterised joins / subselects 2014-09-16 17:54:30 +12:00
Sean Harvey
07eef2ece2 Removing deprecated class/functions marked for deprecation in 3.0/3.1 2014-08-25 12:06:05 +12:00
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Damian Mooyman
b0239f4330 BUG Fix PDOConnector issues
Travis support for PDO
ATTR_EMULATE_PREPARES = false breaks some test cases
Enable username sans password
Remove unnecessary semicolons delimiting queries
2014-08-01 18:17:51 +12:00
Damian Mooyman
81c0a3499b BUG Remove caching of statements due to risk of instability
This would cause segfaults in rare situations where statements are reused
2014-07-25 14:14:59 +12:00
Damian Mooyman
0433ba1642 BUG Revert some changes to ManyManyList
BUG Fix incompatibility in Member_GroupList
Fix regressions in merges from 3.1
BUG Fix Security failing on test classes
BUG Fix postgresql compatibility
Clarify sql encoding of table names
2014-07-23 12:38:41 +12:00
Damian Mooyman
d8e9af8af8 API New Database abstraction layer. Ticket #7429
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
2014-07-09 18:04:05 +12:00