mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-07-17 17:03:52 +02:00
d8e9af8af8
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector Creation of new DBQueryGenerator for database specific generation of SQL Support for parameterised queries, move of code base to use these over escaped conditions Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT Support for PDO Installation process upgraded to use new ORM SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data. Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn) 3.2 upgrade docs Performance Optimisation and simplification of code to use more concise API API Ability for database adapters to register extensions to ConfigureFromEnv.php
135 lines
4.5 KiB
PHP
135 lines
4.5 KiB
PHP
<?php
|
|
|
|
/**
|
|
* @package framework
|
|
* @subpackage tests
|
|
*/
|
|
class MySQLDatabaseConfigurationHelperTest extends SapphireTest {
|
|
|
|
/**
|
|
* Tests that invalid names are disallowed
|
|
*/
|
|
public function testInvalidDatabaseNames() {
|
|
$helper = new MySQLDatabaseConfigurationHelper();
|
|
|
|
// Reject filename unsafe characters
|
|
$this->assertEmpty($helper->checkValidDatabaseName('database%name'));
|
|
$this->assertEmpty($helper->checkValidDatabaseName('database?name'));
|
|
$this->assertEmpty($helper->checkValidDatabaseName('database|name'));
|
|
$this->assertEmpty($helper->checkValidDatabaseName('database<name'));
|
|
$this->assertEmpty($helper->checkValidDatabaseName('database"name'));
|
|
|
|
// Reject additional characters
|
|
$this->assertEmpty($helper->checkValidDatabaseName('database.name'));
|
|
$this->assertEmpty($helper->checkValidDatabaseName('database\name'));
|
|
$this->assertEmpty($helper->checkValidDatabaseName('database/name'));
|
|
|
|
// Reject blank
|
|
$this->assertEmpty($helper->checkValidDatabaseName(""));
|
|
}
|
|
|
|
/**
|
|
* Tests that valid names are allowed
|
|
*/
|
|
public function testValidDatabaseNames() {
|
|
$helper = new MySQLDatabaseConfigurationHelper();
|
|
|
|
// Names with spaces
|
|
$this->assertNotEmpty($helper->checkValidDatabaseName('database name'));
|
|
|
|
// Basic latin characters
|
|
$this->assertNotEmpty($helper->checkValidDatabaseName('database_name'));
|
|
$this->assertNotEmpty($helper->checkValidDatabaseName('UPPERCASE_NAME'));
|
|
$this->assertNotEmpty($helper->checkValidDatabaseName('name_with_numbers_1234'));
|
|
|
|
// Extended unicode names
|
|
$this->assertNotEmpty($helper->checkValidDatabaseName('亝亞亟')); // U+4E9D, U+4E9E, U+4E9F
|
|
$this->assertNotEmpty($helper->checkValidDatabaseName('おかが')); // U+304A, U+304B, U+304C
|
|
$this->assertNotEmpty($helper->checkValidDatabaseName('¶»Ã')); // U+00B6, U+00BB, U+00C3
|
|
}
|
|
|
|
public function testDatabaseCreateCheck() {
|
|
|
|
$helper = new MySQLDatabaseConfigurationHelper();
|
|
|
|
// Accept all privileges
|
|
$this->assertNotEmpty($helper->checkDatabasePermissionGrant(
|
|
'database_name',
|
|
'create',
|
|
"GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD 'XXXX' WITH GRANT OPTION"
|
|
));
|
|
|
|
// Accept create (mysql syntax)
|
|
$this->assertNotEmpty($helper->checkDatabasePermissionGrant(
|
|
'database_name',
|
|
'create',
|
|
"GRANT CREATE, SELECT ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD 'XXXX' WITH GRANT OPTION"
|
|
));
|
|
|
|
// Accept create on this database only
|
|
$this->assertNotEmpty($helper->checkDatabasePermissionGrant(
|
|
'database_name',
|
|
'create',
|
|
"GRANT ALL PRIVILEGES, CREATE ON \"database_name\".* TO 'root'@'localhost' IDENTIFIED BY PASSWORD 'XXXX'"
|
|
. " WITH GRANT OPTION"
|
|
));
|
|
|
|
// Accept create on any database (alternate wildcard syntax)
|
|
$this->assertNotEmpty($helper->checkDatabasePermissionGrant(
|
|
'database_name',
|
|
'create',
|
|
"GRANT CREATE ON \"%\".* TO 'root'@'localhost' IDENTIFIED BY PASSWORD 'XXXX' WITH GRANT OPTION"
|
|
));
|
|
}
|
|
|
|
public function testDatabaseCreateFail() {
|
|
|
|
$helper = new MySQLDatabaseConfigurationHelper();
|
|
|
|
// Don't be fooled by create routine
|
|
$this->assertEmpty($helper->checkDatabasePermissionGrant(
|
|
'database_name',
|
|
'create',
|
|
"GRANT SELECT, CREATE ROUTINE ON *.* TO 'user'@'localhost' IDENTIFIED BY PASSWORD 'XXXX' WITH GRANT OPTION"
|
|
));
|
|
|
|
// Or create view
|
|
$this->assertEmpty($helper->checkDatabasePermissionGrant(
|
|
'database_name',
|
|
'create',
|
|
"GRANT CREATE VIEW, SELECT ON *.* TO 'user'@'localhost' IDENTIFIED BY PASSWORD 'XXXX' WITH GRANT OPTION"
|
|
));
|
|
|
|
// Don't accept permission if only given on a single subtable
|
|
$this->assertEmpty($helper->checkDatabasePermissionGrant(
|
|
'database_name',
|
|
'create',
|
|
"GRANT CREATE, SELECT ON *.\"onetable\" TO 'user'@'localhost' IDENTIFIED BY PASSWORD 'XXXX' "
|
|
. "WITH GRANT OPTION"
|
|
));
|
|
|
|
// Don't accept permission on wrong database
|
|
$this->assertEmpty($helper->checkDatabasePermissionGrant(
|
|
'database_name',
|
|
'create',
|
|
"GRANT ALL PRIVILEGES, CREATE ON \"wrongdb\".* TO 'user'@'localhost' IDENTIFIED BY PASSWORD 'XXXX' "
|
|
. "WITH GRANT OPTION"
|
|
));
|
|
|
|
// Don't accept wrong permission
|
|
$this->assertEmpty($helper->checkDatabasePermissionGrant(
|
|
'database_name',
|
|
'create',
|
|
"GRANT UPDATE ON \"%\".* TO 'user'@'localhost' IDENTIFIED BY PASSWORD 'XXXX' WITH GRANT OPTION"
|
|
));
|
|
|
|
// Don't accept sneaky table name
|
|
$this->assertEmpty($helper->checkDatabasePermissionGrant(
|
|
'grant create on . to',
|
|
'create',
|
|
"GRANT UPDATE ON \"grant create on . to\".* TO 'user'@'localhost' IDENTIFIED BY PASSWORD 'XXXX' WITH "
|
|
. "GRANT OPTION"
|
|
));
|
|
}
|
|
}
|