Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
D
doctrine-dbal
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Tomáš Trávníček
doctrine-dbal
Commits
ca360d7a
Commit
ca360d7a
authored
Mar 20, 2011
by
Benjamin Eberlei
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
[Security] Fix security problem in AbstractPlatform::modifyLimitQuery
parent
556351d9
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
34 additions
and
7 deletions
+34
-7
AbstractPlatform.php
lib/Doctrine/DBAL/Platforms/AbstractPlatform.php
+30
-3
DB2Platform.php
lib/Doctrine/DBAL/Platforms/DB2Platform.php
+1
-1
MsSqlPlatform.php
lib/Doctrine/DBAL/Platforms/MsSqlPlatform.php
+2
-2
OraclePlatform.php
lib/Doctrine/DBAL/Platforms/OraclePlatform.php
+1
-1
No files found.
lib/Doctrine/DBAL/Platforms/AbstractPlatform.php
View file @
ca360d7a
...
@@ -1960,13 +1960,40 @@ abstract class AbstractPlatform
...
@@ -1960,13 +1960,40 @@ abstract class AbstractPlatform
return
'H:i:s'
;
return
'H:i:s'
;
}
}
public
function
modifyLimitQuery
(
$query
,
$limit
,
$offset
=
null
)
/**
* Modify limit query
*
* @param string $query
* @param int $limit
* @param int $offset
* @return string
*/
final
public
function
modifyLimitQuery
(
$query
,
$limit
,
$offset
=
null
)
{
if
(
$limit
!==
null
)
{
$limit
=
(
int
)
$limit
;
}
if
(
$offset
!==
null
)
{
$offset
=
(
int
)
$offset
;
}
return
$this
->
doModifyLimitQuery
(
$query
,
$limit
,
$offset
);
}
/**
* @param string $query
* @param int $limit
* @param int $offset
* @return string
*/
protected
function
doModifyLimitQuery
(
$query
,
$limit
,
$offset
)
{
{
if
(
!
is_null
(
$limit
)
)
{
if
(
$limit
!==
null
)
{
$query
.=
' LIMIT '
.
$limit
;
$query
.=
' LIMIT '
.
$limit
;
}
}
if
(
!
is_null
(
$offset
)
)
{
if
(
$offset
!==
null
)
{
$query
.=
' OFFSET '
.
$offset
;
$query
.=
' OFFSET '
.
$offset
;
}
}
...
...
lib/Doctrine/DBAL/Platforms/DB2Platform.php
View file @
ca360d7a
...
@@ -453,7 +453,7 @@ class DB2Platform extends AbstractPlatform
...
@@ -453,7 +453,7 @@ class DB2Platform extends AbstractPlatform
return
"SESSION."
.
$tableName
;
return
"SESSION."
.
$tableName
;
}
}
p
ublic
function
m
odifyLimitQuery
(
$query
,
$limit
,
$offset
=
null
)
p
rotected
function
doM
odifyLimitQuery
(
$query
,
$limit
,
$offset
=
null
)
{
{
if
(
$limit
===
null
&&
$offset
===
null
)
{
if
(
$limit
===
null
&&
$offset
===
null
)
{
return
$query
;
return
$query
;
...
...
lib/Doctrine/DBAL/Platforms/MsSqlPlatform.php
View file @
ca360d7a
...
@@ -583,14 +583,14 @@ class MsSqlPlatform extends AbstractPlatform
...
@@ -583,14 +583,14 @@ class MsSqlPlatform extends AbstractPlatform
* @link http://lists.bestpractical.com/pipermail/rt-devel/2005-June/007339.html
* @link http://lists.bestpractical.com/pipermail/rt-devel/2005-June/007339.html
* @return string
* @return string
*/
*/
p
ublic
function
m
odifyLimitQuery
(
$query
,
$limit
,
$offset
=
null
)
p
rotected
function
doM
odifyLimitQuery
(
$query
,
$limit
,
$offset
=
null
)
{
{
if
(
$limit
>
0
)
{
if
(
$limit
>
0
)
{
$count
=
intval
(
$limit
);
$count
=
intval
(
$limit
);
$offset
=
intval
(
$offset
);
$offset
=
intval
(
$offset
);
if
(
$offset
<
0
)
{
if
(
$offset
<
0
)
{
throw
new
D
octrine_Connection_
Exception
(
"LIMIT argument offset=
$offset
is not valid"
);
throw
new
D
BAL
Exception
(
"LIMIT argument offset=
$offset
is not valid"
);
}
}
if
(
$offset
==
0
)
{
if
(
$offset
==
0
)
{
...
...
lib/Doctrine/DBAL/Platforms/OraclePlatform.php
View file @
ca360d7a
...
@@ -555,7 +555,7 @@ LEFT JOIN all_cons_columns r_cols
...
@@ -555,7 +555,7 @@ LEFT JOIN all_cons_columns r_cols
* @param integer $offset start reading from given offset
* @param integer $offset start reading from given offset
* @return string the modified query
* @return string the modified query
*/
*/
p
ublic
function
m
odifyLimitQuery
(
$query
,
$limit
,
$offset
=
null
)
p
rotected
function
doM
odifyLimitQuery
(
$query
,
$limit
,
$offset
=
null
)
{
{
$limit
=
(
int
)
$limit
;
$limit
=
(
int
)
$limit
;
$offset
=
(
int
)
$offset
;
$offset
=
(
int
)
$offset
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment