diff options
| author | Robert Treat | 2010-01-01 15:45:11 +0000 |
|---|---|---|
| committer | Robert Treat | 2010-01-01 15:45:11 +0000 |
| commit | 12e27672993b47a80eca61ab0bb0174cf2249dd8 (patch) | |
| tree | 67758cb86d7872fd14edcd79c8f8586d61cabb57 | |
| parent | 185b61947114ddd1f38607086c1afb34ad647379 (diff) | |
Fix for BUG #2857758, don't clean() comments before submitting them to setComment. This is somewhat counter-intuitive, but since we clean the comment in setComment itself, cleaning before hand means we end up with doubly escaped data. We don't really have a good way to prevent this (like a subclassed type or something), so we'll go with this for now. The alternative would have been to not clean() the comments in setComment itself, however that would mean that forgetting to clean() it in the passing function would result in a security exploit (and note we already did not apply this uniformly). I think there is a saying to keep the escaping as close to the db interaction as possible, and this seems to mesh with that idea.
| -rwxr-xr-x | classes/database/Postgres.php | 25 | ||||
| -rw-r--r-- | classes/database/Postgres73.php | 2 | ||||
| -rw-r--r-- | classes/database/Postgres74.php | 6 | ||||
| -rw-r--r-- | classes/database/Postgres80.php | 3 | ||||
| -rw-r--r-- | classes/database/Postgres82.php | 1 |
5 files changed, 5 insertions, 32 deletions
diff --git a/classes/database/Postgres.php b/classes/database/Postgres.php index 1b68a860..8876406d 100755 --- a/classes/database/Postgres.php +++ b/classes/database/Postgres.php @@ -640,7 +640,6 @@ class Postgres extends ADODB_base { $this->clean($dbName); $this->clean($newName); $this->clean($newOwner); - $this->clean($comment); $status = $this->beginTransaction(); if ($status != 0) { @@ -951,7 +950,6 @@ class Postgres extends ADODB_base { function createSchema($schemaname, $authorization = '', $comment = '') { $this->fieldClean($schemaname); $this->fieldClean($authorization); - $this->clean($comment); $sql = "CREATE SCHEMA \"{$schemaname}\""; if ($authorization != '') $sql .= " AUTHORIZATION \"{$authorization}\""; @@ -993,7 +991,6 @@ class Postgres extends ADODB_base { $this->fieldClean($schemaname); $this->fieldClean($name); $this->fieldClean($owner); - $this->clean($comment); $status = $this->beginTransaction(); if ($status != 0) { @@ -1653,7 +1650,6 @@ class Postgres extends ADODB_base { $f_schema = $this->_schema; $this->fieldClean($f_schema); $this->fieldClean($name); - $this->clean($tblcomment); $status = $this->beginTransaction(); if ($status != 0) return -1; @@ -1913,7 +1909,6 @@ class Postgres extends ADODB_base { $this->fieldArrayClean($tblrs->fields); // Comment - $this->clean($comment); $status = $this->setComment('TABLE', '', $tblrs->fields['relname'], $comment); if ($status != 0) return -4; @@ -2074,7 +2069,6 @@ class Postgres extends ADODB_base { $this->fieldClean($column); $this->clean($type); $this->clean($length); - $this->clean($comment); if ($length == '') $sql = "ALTER TABLE \"{$f_schema}\".\"{$table}\" ADD COLUMN \"{$column}\" {$type}"; @@ -2829,7 +2823,6 @@ class Postgres extends ADODB_base { $this->fieldArrayClean($seqrs->fields); // Comment - $this->clean($comment); $status = $this->setComment('SEQUENCE', $seqrs->fields['seqname'], '', $comment); if ($status != 0) return -4; @@ -2997,7 +2990,6 @@ class Postgres extends ADODB_base { $f_schema = $this->_schema; $this->fieldClean($f_schema); $this->fieldClean($viewname); - $this->clean($comment); // Note: $definition not cleaned @@ -3099,7 +3091,6 @@ class Postgres extends ADODB_base { $this->fieldArrayClean($vwrs->fields); // Comment - $this->clean($comment); if ($this->setComment('VIEW', $vwrs->fields['relname'], '', $comment) != 0) return -4; @@ -4253,7 +4244,6 @@ class Postgres extends ADODB_base { } /* set the comment */ - $this->clean($comment); $status = $this->setComment('FUNCTION', "\"{$funcname}\"({$args})", null, $comment); if ($status != 0) { $this->rollbackTransaction(); @@ -4403,7 +4393,6 @@ class Postgres extends ADODB_base { $f_schema = $this->_schema; $this->fieldClean($f_schema); $this->fieldClean($name); - $this->clean($typcomment); if (empty($values)) return -2; @@ -4469,7 +4458,6 @@ class Postgres extends ADODB_base { $f_schema = $this->_schema; $this->fieldClean($f_schema); $this->fieldClean($name); - $this->clean($typcomment); $status = $this->beginTransaction(); if ($status != 0) return -1; @@ -5123,7 +5111,6 @@ class Postgres extends ADODB_base { // Set the comment if ($comment != '') { - $this->clean($comment); $status = $this->setComment('TEXT SEARCH CONFIGURATION', $cfgname, '', $comment); if ($status != 0) { $this->rollbackTransaction(); @@ -5362,7 +5349,6 @@ class Postgres extends ADODB_base { } $this->fieldClean($cfgname); - $this->clean($comment); $status = $this->setComment('TEXT SEARCH CONFIGURATION', $cfgname, '', $comment); if ($status != 0) { @@ -5447,8 +5433,6 @@ class Postgres extends ADODB_base { // Set the comment if ($comment != '') { - $this->clean($comment); - $status = $this->setComment($whatToComment, $dictname, '', $comment); if ($status != 0) { $this->rollbackTransaction(); @@ -5475,7 +5459,6 @@ class Postgres extends ADODB_base { return -1; } - $this->clean($comment); $this->fieldClean($dictname); $status = $this->setComment('TEXT SEARCH DICTIONARY', $dictname, '', $comment); if ($status != 0) { @@ -5683,7 +5666,6 @@ class Postgres extends ADODB_base { $this->fieldClean($ffunc); $this->fieldClean($initcond); $this->fieldClean($sortop); - $this->clean($comment); $this->beginTransaction(); @@ -5843,11 +5825,9 @@ class Postgres extends ADODB_base { $this->fieldClean($aggrtype); $this->fieldClean($aggrowner); $this->fieldClean($aggrschema); - $this->clean($aggrcomment); $this->fieldClean($newaggrname); $this->fieldClean($newaggrowner); $this->fieldClean($newaggrschema); - $this->clean($newaggrcomment); $this->beginTransaction(); @@ -6861,7 +6841,6 @@ class Postgres extends ADODB_base { function createTablespace($spcname, $spcowner, $spcloc, $comment='') { $this->fieldClean($spcname); $this->clean($spcloc); - $this->clean($comment); $sql = "CREATE TABLESPACE \"{$spcname}\""; @@ -7093,7 +7072,9 @@ class Postgres extends ADODB_base { $sql = "COMMENT ON {$obj_type} " ; $f_schema = $this->_schema; $this->fieldClean($f_schema); - $this->clean($comment); + $this->clean($comment); // Passing in an already cleaned comment will lead to double escaped data + // So, while counter-intuitive, it is important to not clean comments before + // calling setComment. We will clean it here instead. /* $this->fieldClean($table); $this->fieldClean($obj_name); diff --git a/classes/database/Postgres73.php b/classes/database/Postgres73.php index a0565fe5..b00bc8d4 100644 --- a/classes/database/Postgres73.php +++ b/classes/database/Postgres73.php @@ -193,7 +193,6 @@ class Postgres73 extends Postgres74 { $this->fieldArrayClean($seqrs->fields); // Comment - $this->clean($comment); $status = $this->setComment('SEQUENCE', $seqrs->fields['seqname'], '', $comment); if ($status != 0) return -4; @@ -312,7 +311,6 @@ class Postgres73 extends Postgres74 { // Comment on the function /*$this->fieldClean($newname); - $this->clean($comment); $status = $this->setComment('FUNCTION', "\"{$newname}\"({$args})", null, $comment); if ($status != 0) { $this->rollbackTransaction(); diff --git a/classes/database/Postgres74.php b/classes/database/Postgres74.php index 7afafcb5..160e80c0 100644 --- a/classes/database/Postgres74.php +++ b/classes/database/Postgres74.php @@ -124,7 +124,6 @@ class Postgres74 extends Postgres80 { $this->fieldArrayClean($tblrs->fields); // Comment - $this->clean($comment); $status = $this->setComment('TABLE', '', $tblrs->fields['relname'], $comment); if ($status != 0) return -4; @@ -199,11 +198,10 @@ class Postgres74 extends Postgres80 { } } - // Parameters must be cleaned for the setComment function. It's ok to do - // that here since this is the last time these variables are used. + // The $name and $table parameters must be cleaned for the setComment function. + // It's ok to do that here since this is the last time these variables are used. $this->fieldClean($name); $this->fieldClean($table); - $this->clean($comment); $status = $this->setComment('COLUMN', $name, $table, $comment); if ($status != 0) { $this->rollbackTransaction(); diff --git a/classes/database/Postgres80.php b/classes/database/Postgres80.php index 6c400fb2..c8da9f43 100644 --- a/classes/database/Postgres80.php +++ b/classes/database/Postgres80.php @@ -142,7 +142,6 @@ class Postgres80 extends Postgres81 { /* $schema not supported in pg80- */ // Comment - $this->clean($comment); $status = $this->setComment('TABLE', '', $tblrs->fields['relname'], $comment); if ($status != 0) return -4; @@ -185,7 +184,6 @@ class Postgres80 extends Postgres81 { $this->fieldArrayClean($vwrs->fields); // Comment - $this->clean($comment); if ($this->setComment('VIEW', $vwrs->fields['relname'], '', $comment) != 0) return -4; @@ -232,7 +230,6 @@ class Postgres80 extends Postgres81 { $this->fieldArrayClean($seqrs->fields); // Comment - $this->clean($comment); $status = $this->setComment('SEQUENCE', $seqrs->fields['seqname'], '', $comment); if ($status != 0) return -4; diff --git a/classes/database/Postgres82.php b/classes/database/Postgres82.php index 16a8b0b6..346eace6 100644 --- a/classes/database/Postgres82.php +++ b/classes/database/Postgres82.php @@ -239,7 +239,6 @@ class Postgres82 extends Postgres83 { } /* set the comment */ - $this->clean($comment); $status = $this->setComment('FUNCTION', "\"{$funcname}\"({$args})", null, $comment); if ($status != 0) { $this->rollbackTransaction(); |