[prev in list] [next in list] [prev in thread] [next in thread]
List: pear-cvs
Subject: [PEAR-CVS] cvs: pear /MDB2 MDB2.php package.php /MDB2/MDB2/Driver mysql.php mysqli.php oci8.php pgs
From: "David Coallier" <davidc () php ! net>
Date: 2007-05-03 22:20:21
Message-ID: cvsdavidc1178230821 () cvsserver
[Download RAW message or body]
davidc Thu May 3 22:20:21 2007 UTC
Modified files:
/pear/MDB2 MDB2.php package.php
/pear/MDB2/MDB2/Driver mysql.php mysqli.php oci8.php pgsql.php
Log:
- fix bug #10024. Added new option called lob_allow_url_include that is defaulted
to false. This means that if you are inserting a LOB from an url (file, http, \
...) it will not fetch it if it's false. If you setOption('lob_allow_url_include', \
true); then you will be able to fetch it.
http://cvs.php.net/viewvc.cgi/pear/MDB2/MDB2.php?r1=1.292&r2=1.293&diff_format=u
Index: pear/MDB2/MDB2.php
diff -u pear/MDB2/MDB2.php:1.292 pear/MDB2/MDB2.php:1.293
--- pear/MDB2/MDB2.php:1.292 Wed Apr 25 09:31:01 2007
+++ pear/MDB2/MDB2.php Thu May 3 22:20:20 2007
@@ -43,7 +43,7 @@
// | Author: Lukas Smith <smith@pooteeweet.org> |
// +----------------------------------------------------------------------+
//
-// $Id: MDB2.php,v 1.292 2007/04/25 09:31:01 quipo Exp $
+// $Id: MDB2.php,v 1.293 2007/05/03 22:20:20 davidc Exp $
//
/**
@@ -1156,6 +1156,7 @@
'datatype_map' => array(),
'datatype_map_callback' => array(),
'nativetype_map_callback' => array(),
+ 'lob_allow_url_include' => false,
);
/**
@@ -4268,4 +4269,4 @@
}
// }}}
-?>
\ No newline at end of file
+?>
http://cvs.php.net/viewvc.cgi/pear/MDB2/package.php?r1=1.255&r2=1.256&diff_format=u
Index: pear/MDB2/package.php
diff -u pear/MDB2/package.php:1.255 pear/MDB2/package.php:1.256
--- pear/MDB2/package.php:1.255 Thu May 3 18:54:16 2007
+++ pear/MDB2/package.php Thu May 3 22:20:20 2007
@@ -7,6 +7,7 @@
$version_api = $version_release;
$state = 'stable';
$notes = <<<EOT
+- fixed bug #10024: Security fix for LOBs. Added an option to turn \
lob_allow_url_include off by default
- fixed bug #10407: propagate errors in MDB2_Statement_Common::execute()
- fixed bug #10452: error in getDeclaration() with custom datatype_map and no
datatype_map_callback function
@@ -134,4 +135,4 @@
$package->writePackageFile();
} else {
$package->debugPackageFile();
-}
\ No newline at end of file
+}
http://cvs.php.net/viewvc.cgi/pear/MDB2/MDB2/Driver/mysql.php?r1=1.182&r2=1.183&diff_format=u
Index: pear/MDB2/MDB2/Driver/mysql.php
diff -u pear/MDB2/MDB2/Driver/mysql.php:1.182 pear/MDB2/MDB2/Driver/mysql.php:1.183
--- pear/MDB2/MDB2/Driver/mysql.php:1.182 Wed May 2 22:00:08 2007
+++ pear/MDB2/MDB2/Driver/mysql.php Thu May 3 22:20:20 2007
@@ -43,7 +43,7 @@
// | Author: Lukas Smith <smith@pooteeweet.org> |
// +----------------------------------------------------------------------+
//
-// $Id: mysql.php,v 1.182 2007/05/02 22:00:08 quipo Exp $
+// $Id: mysql.php,v 1.183 2007/05/03 22:20:20 davidc Exp $
//
/**
@@ -1398,7 +1398,7 @@
}
$value = $this->values[$parameter];
$type = array_key_exists($parameter, $this->types) ? \
$this->types[$parameter] : null;
- if (is_resource($value) || $type == 'clob' || $type == 'blob') {
+ if (is_resource($value) || $type == 'clob' || $type == 'blob' && \
$this->options['lob_allow_url_include']) {
if (!is_resource($value) && preg_match('/^(\w+:\/\/)(.*)$/', \
$value, $match)) { if ($match[1] == 'file://') {
$value = $match[2];
@@ -1476,4 +1476,4 @@
return $result;
}
}
-?>
\ No newline at end of file
+?>
http://cvs.php.net/viewvc.cgi/pear/MDB2/MDB2/Driver/mysqli.php?r1=1.162&r2=1.163&diff_format=u
Index: pear/MDB2/MDB2/Driver/mysqli.php
diff -u pear/MDB2/MDB2/Driver/mysqli.php:1.162 pear/MDB2/MDB2/Driver/mysqli.php:1.163
--- pear/MDB2/MDB2/Driver/mysqli.php:1.162 Wed May 2 22:00:08 2007
+++ pear/MDB2/MDB2/Driver/mysqli.php Thu May 3 22:20:20 2007
@@ -43,7 +43,7 @@
// | Author: Lukas Smith <smith@pooteeweet.org> |
// +----------------------------------------------------------------------+
//
-// $Id: mysqli.php,v 1.162 2007/05/02 22:00:08 quipo Exp $
+// $Id: mysqli.php,v 1.163 2007/05/03 22:20:20 davidc Exp $
//
/**
@@ -1476,7 +1476,7 @@
$value = $this->values[$parameter];
$type = array_key_exists($parameter, $this->types) ? \
$this->types[$parameter] : null; if (!is_object($this->statement)) {
- if (is_resource($value) || $type == 'clob' || $type == 'blob') {
+ if (is_resource($value) || $type == 'clob' || $type == 'blob' && \
$this->options['lob_allow_url_include']) {
if (!is_resource($value) && preg_match('/^(\w+:\/\/)(.*)$/', \
$value, $match)) { if ($match[1] == 'file://') {
$value = $match[2];
@@ -1628,4 +1628,4 @@
return $result;
}
}
-?>
\ No newline at end of file
+?>
http://cvs.php.net/viewvc.cgi/pear/MDB2/MDB2/Driver/oci8.php?r1=1.192&r2=1.193&diff_format=u
Index: pear/MDB2/MDB2/Driver/oci8.php
diff -u pear/MDB2/MDB2/Driver/oci8.php:1.192 pear/MDB2/MDB2/Driver/oci8.php:1.193
--- pear/MDB2/MDB2/Driver/oci8.php:1.192 Sun Mar 4 22:27:11 2007
+++ pear/MDB2/MDB2/Driver/oci8.php Thu May 3 22:20:20 2007
@@ -43,7 +43,7 @@
// | Author: Lukas Smith <smith@pooteeweet.org> |
// +----------------------------------------------------------------------+
-// $Id: oci8.php,v 1.192 2007/03/04 22:27:11 quipo Exp $
+// $Id: oci8.php,v 1.193 2007/05/03 22:20:20 davidc Exp $
/**
* MDB2 OCI8 driver
@@ -1386,7 +1386,7 @@
}
$value = $this->values[$parameter];
$type = array_key_exists($parameter, $this->types) ? \
$this->types[$parameter] : null;
- if ($type == 'clob' || $type == 'blob') {
+ if ($type == 'clob' || $type == 'blob' && \
$this->options['lob_allow_url_include']) { $lobs[$i]['file'] = false;
if (is_resource($value)) {
$fp = $value;
@@ -1511,4 +1511,4 @@
return $result;
}
}
-?>
\ No newline at end of file
+?>
http://cvs.php.net/viewvc.cgi/pear/MDB2/MDB2/Driver/pgsql.php?r1=1.173&r2=1.174&diff_format=u
Index: pear/MDB2/MDB2/Driver/pgsql.php
diff -u pear/MDB2/MDB2/Driver/pgsql.php:1.173 pear/MDB2/MDB2/Driver/pgsql.php:1.174
--- pear/MDB2/MDB2/Driver/pgsql.php:1.173 Wed May 2 22:00:08 2007
+++ pear/MDB2/MDB2/Driver/pgsql.php Thu May 3 22:20:21 2007
@@ -43,7 +43,7 @@
// | Author: Paul Cooper <pgc@ucecom.com> |
// +----------------------------------------------------------------------+
//
-// $Id: pgsql.php,v 1.173 2007/05/02 22:00:08 quipo Exp $
+// $Id: pgsql.php,v 1.174 2007/05/03 22:20:21 davidc Exp $
/**
* MDB2 PostGreSQL driver
@@ -1351,7 +1351,7 @@
}
$value = $this->values[$parameter];
$type = array_key_exists($parameter, $this->types) ? \
$this->types[$parameter] : null;
- if (is_resource($value) || $type == 'clob' || $type == 'blob') {
+ if (is_resource($value) || $type == 'clob' || $type == 'blob' || \
$this->options['lob_allow_url_include']) {
if (!is_resource($value) && preg_match('/^(\w+:\/\/)(.*)$/', \
$value, $match)) { if ($match[1] == 'file://') {
$value = $match[2];
@@ -1432,4 +1432,4 @@
return $result;
}
}
-?>
\ No newline at end of file
+?>
--
PEAR CVS Mailing List (http://pear.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic