[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pear-cvs
Subject:    [PEAR-CVS] cvs: pear /MDB2 MDB2.php package.php  /MDB2/MDB2/Driver mysql.php mysqli.php oci8.php pgs
From:       "David Coallier" <davidc () php ! net>
Date:       2007-05-03 22:20:21
Message-ID: cvsdavidc1178230821 () cvsserver
[Download RAW message or body]

davidc		Thu May  3 22:20:21 2007 UTC

  Modified files:              
    /pear/MDB2	MDB2.php package.php 
    /pear/MDB2/MDB2/Driver	mysql.php mysqli.php oci8.php pgsql.php 
  Log:
  - fix bug #10024. Added new option called lob_allow_url_include that is defaulted
    to false. This means that if you are inserting a LOB from an url (file, http, \
...)  it will not fetch it if it's false. If you setOption('lob_allow_url_include', \
true); then  you will be able to fetch it.
  
  
http://cvs.php.net/viewvc.cgi/pear/MDB2/MDB2.php?r1=1.292&r2=1.293&diff_format=u
Index: pear/MDB2/MDB2.php
diff -u pear/MDB2/MDB2.php:1.292 pear/MDB2/MDB2.php:1.293
--- pear/MDB2/MDB2.php:1.292	Wed Apr 25 09:31:01 2007
+++ pear/MDB2/MDB2.php	Thu May  3 22:20:20 2007
@@ -43,7 +43,7 @@
 // | Author: Lukas Smith <smith@pooteeweet.org>                           |
 // +----------------------------------------------------------------------+
 //
-// $Id: MDB2.php,v 1.292 2007/04/25 09:31:01 quipo Exp $
+// $Id: MDB2.php,v 1.293 2007/05/03 22:20:20 davidc Exp $
 //
 
 /**
@@ -1156,6 +1156,7 @@
         'datatype_map' => array(),
         'datatype_map_callback' => array(),
         'nativetype_map_callback' => array(),
+        'lob_allow_url_include' => false,
     );
 
     /**
@@ -4268,4 +4269,4 @@
 }
 
 // }}}
-?>
\ No newline at end of file
+?>
http://cvs.php.net/viewvc.cgi/pear/MDB2/package.php?r1=1.255&r2=1.256&diff_format=u
Index: pear/MDB2/package.php
diff -u pear/MDB2/package.php:1.255 pear/MDB2/package.php:1.256
--- pear/MDB2/package.php:1.255	Thu May  3 18:54:16 2007
+++ pear/MDB2/package.php	Thu May  3 22:20:20 2007
@@ -7,6 +7,7 @@
 $version_api = $version_release;
 $state = 'stable';
 $notes = <<<EOT
+- fixed bug #10024: Security fix for LOBs. Added an option to turn \
                lob_allow_url_include off by default
 - fixed bug #10407: propagate errors in MDB2_Statement_Common::execute()
 - fixed bug #10452: error in getDeclaration() with custom datatype_map and no
   datatype_map_callback function
@@ -134,4 +135,4 @@
     $package->writePackageFile();
 } else {
     $package->debugPackageFile();
-}
\ No newline at end of file
+}
http://cvs.php.net/viewvc.cgi/pear/MDB2/MDB2/Driver/mysql.php?r1=1.182&r2=1.183&diff_format=u
                
Index: pear/MDB2/MDB2/Driver/mysql.php
diff -u pear/MDB2/MDB2/Driver/mysql.php:1.182 pear/MDB2/MDB2/Driver/mysql.php:1.183
--- pear/MDB2/MDB2/Driver/mysql.php:1.182	Wed May  2 22:00:08 2007
+++ pear/MDB2/MDB2/Driver/mysql.php	Thu May  3 22:20:20 2007
@@ -43,7 +43,7 @@
 // | Author: Lukas Smith <smith@pooteeweet.org>                           |
 // +----------------------------------------------------------------------+
 //
-// $Id: mysql.php,v 1.182 2007/05/02 22:00:08 quipo Exp $
+// $Id: mysql.php,v 1.183 2007/05/03 22:20:20 davidc Exp $
 //
 
 /**
@@ -1398,7 +1398,7 @@
                 }
                 $value = $this->values[$parameter];
                 $type = array_key_exists($parameter, $this->types) ? \
                $this->types[$parameter] : null;
-                if (is_resource($value) || $type == 'clob' || $type == 'blob') {
+                if (is_resource($value) || $type == 'clob' || $type == 'blob' && \
                $this->options['lob_allow_url_include']) {
                     if (!is_resource($value) && preg_match('/^(\w+:\/\/)(.*)$/', \
$value, $match)) {  if ($match[1] == 'file://') {
                             $value = $match[2];
@@ -1476,4 +1476,4 @@
         return $result;
     }
 }
-?>
\ No newline at end of file
+?>
http://cvs.php.net/viewvc.cgi/pear/MDB2/MDB2/Driver/mysqli.php?r1=1.162&r2=1.163&diff_format=u
                
Index: pear/MDB2/MDB2/Driver/mysqli.php
diff -u pear/MDB2/MDB2/Driver/mysqli.php:1.162 pear/MDB2/MDB2/Driver/mysqli.php:1.163
--- pear/MDB2/MDB2/Driver/mysqli.php:1.162	Wed May  2 22:00:08 2007
+++ pear/MDB2/MDB2/Driver/mysqli.php	Thu May  3 22:20:20 2007
@@ -43,7 +43,7 @@
 // | Author: Lukas Smith <smith@pooteeweet.org>                           |
 // +----------------------------------------------------------------------+
 //
-// $Id: mysqli.php,v 1.162 2007/05/02 22:00:08 quipo Exp $
+// $Id: mysqli.php,v 1.163 2007/05/03 22:20:20 davidc Exp $
 //
 
 /**
@@ -1476,7 +1476,7 @@
                 $value = $this->values[$parameter];
                 $type = array_key_exists($parameter, $this->types) ? \
$this->types[$parameter] : null;  if (!is_object($this->statement)) {
-                    if (is_resource($value) || $type == 'clob' || $type == 'blob') {
+                    if (is_resource($value) || $type == 'clob' || $type == 'blob' && \
                $this->options['lob_allow_url_include']) {
                         if (!is_resource($value) && preg_match('/^(\w+:\/\/)(.*)$/', \
$value, $match)) {  if ($match[1] == 'file://') {
                                 $value = $match[2];
@@ -1628,4 +1628,4 @@
         return $result;
    }
 }
-?>
\ No newline at end of file
+?>
http://cvs.php.net/viewvc.cgi/pear/MDB2/MDB2/Driver/oci8.php?r1=1.192&r2=1.193&diff_format=u
                
Index: pear/MDB2/MDB2/Driver/oci8.php
diff -u pear/MDB2/MDB2/Driver/oci8.php:1.192 pear/MDB2/MDB2/Driver/oci8.php:1.193
--- pear/MDB2/MDB2/Driver/oci8.php:1.192	Sun Mar  4 22:27:11 2007
+++ pear/MDB2/MDB2/Driver/oci8.php	Thu May  3 22:20:20 2007
@@ -43,7 +43,7 @@
 // | Author: Lukas Smith <smith@pooteeweet.org>                           |
 // +----------------------------------------------------------------------+
 
-// $Id: oci8.php,v 1.192 2007/03/04 22:27:11 quipo Exp $
+// $Id: oci8.php,v 1.193 2007/05/03 22:20:20 davidc Exp $
 
 /**
  * MDB2 OCI8 driver
@@ -1386,7 +1386,7 @@
             }
             $value = $this->values[$parameter];
             $type = array_key_exists($parameter, $this->types) ? \
                $this->types[$parameter] : null;
-            if ($type == 'clob' || $type == 'blob') {
+            if ($type == 'clob' || $type == 'blob' && \
$this->options['lob_allow_url_include']) {  $lobs[$i]['file'] = false;
                 if (is_resource($value)) {
                     $fp = $value;
@@ -1511,4 +1511,4 @@
         return $result;
     }
 }
-?>
\ No newline at end of file
+?>
http://cvs.php.net/viewvc.cgi/pear/MDB2/MDB2/Driver/pgsql.php?r1=1.173&r2=1.174&diff_format=u
                
Index: pear/MDB2/MDB2/Driver/pgsql.php
diff -u pear/MDB2/MDB2/Driver/pgsql.php:1.173 pear/MDB2/MDB2/Driver/pgsql.php:1.174
--- pear/MDB2/MDB2/Driver/pgsql.php:1.173	Wed May  2 22:00:08 2007
+++ pear/MDB2/MDB2/Driver/pgsql.php	Thu May  3 22:20:21 2007
@@ -43,7 +43,7 @@
 // | Author: Paul Cooper <pgc@ucecom.com>                                 |
 // +----------------------------------------------------------------------+
 //
-// $Id: pgsql.php,v 1.173 2007/05/02 22:00:08 quipo Exp $
+// $Id: pgsql.php,v 1.174 2007/05/03 22:20:21 davidc Exp $
 
 /**
  * MDB2 PostGreSQL driver
@@ -1351,7 +1351,7 @@
                 }
                 $value = $this->values[$parameter];
                 $type = array_key_exists($parameter, $this->types) ? \
                $this->types[$parameter] : null;
-                if (is_resource($value) || $type == 'clob' || $type == 'blob') {
+                if (is_resource($value) || $type == 'clob' || $type == 'blob' || \
                $this->options['lob_allow_url_include']) {
                     if (!is_resource($value) && preg_match('/^(\w+:\/\/)(.*)$/', \
$value, $match)) {  if ($match[1] == 'file://') {
                             $value = $match[2];
@@ -1432,4 +1432,4 @@
         return $result;
     }
 }
-?>
\ No newline at end of file
+?>

-- 
PEAR CVS Mailing List (http://pear.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic