mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-26 15:54:43 +02:00
Code Issues Releases Wiki Activity

Fix all PHP 8.1 test failures

Browse Source 
* `strftime()` has been replaced with a polyfill based on `DateTime`.
* Explicit type casts/assertions added where required by PHP 8.1
* `filter_var(…, FILTER_SANITIZE_STRING)` replaced with `strip_tags()`
  or HTML entity encoding of quotation marks, depending on a guess of
  what the intended "sanitization" was
* `http_build_query()` usage type mismatches fixed
* Removed usages of the `FILE_TEXT` constant
* To avoid breaking PHP 5.6 compatibility (function return types),
  `e_session_db` no longer implements `SessionHandlerInterface`.
  Instead, the alternative non-OOP invocation of
  `session_set_save_handler()` is used instead to apply the session
  handler.
* The shim for `strptime()` still calls the native function if available
  but now suppresses the deprecation warning.

* `e_db_pdo` explicitly asks for `PDO::ATTR_STRINGIFY_FETCHES` to
  maintain consistent behavior with past versions of PHP.
* `e_db_mysql` explicitly sets `mysqli_report(MYSQLI_REPORT_OFF)` to
  maintain consistent behavior with past versions of PHP.

* Removed pointless random number generator seed from `banner` plugin
* Workaround for `COUNT(*)` SQL query in
  `validatorClass::dbValidateArray()` without a proper API for avoiding
  SQL injection
This commit is contained in:
Nick Liu
2021-09-04 15:06:19 +02:00
parent 64cd796605
commit 20882920a0
54 changed files with 295 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
e107_handlers/validator_class.php
View File

@@ -1386,7 +1386,20 @@ class validatorClass
break;
}
$field = varset($options['dbFieldName'], $f);
if ($temp = $u_sql->count($targetTable, "(*)", "WHERE `{$f}`='" . filter_var($v, FILTER_SANITIZE_STRING) . "' AND `user_id` != " . $userID))
// XXX: Different implementations due to missing API for preventing SQL injections
$count = 0;
if ($u_sql instanceof e_db_mysql)
{
$v = $u_sql->escape($v);
$count = $u_sql->count($targetTable, "(*)", "WHERE `{$f}`='$v' AND `user_id` != " . $userID);
}
else
{
$u_sql->select($targetTable, "COUNT(*)", "`{$f}`=:value", ['value' => $v]);
$row = $u_sql->fetch('num');
$count = $row[0];
}
if ($count)
{
$errMsg = ERR_DUPLICATE;
}