From 55d9154b01c5f8add0fff6c0cc04180f911cea32 Mon Sep 17 00:00:00 2001 From: rxu Date: Fri, 26 Jun 2020 11:22:36 +0700 Subject: [PATCH 1/3] [ticket/16538] Add MySQL 8 tests PHPBB3-16538 --- .travis.yml | 5 +++++ travis/setup-mysql8.sh | 27 +++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100755 travis/setup-mysql8.sh diff --git a/.travis.yml b/.travis.yml index a2bd3b15ee..ef23f37614 100644 --- a/.travis.yml +++ b/.travis.yml @@ -21,6 +21,8 @@ matrix: env: DB=mysqli - php: 7.4 env: DB=mysqli + - php: 7.4 + env: DB=mysqli;MYSQL8=1 - php: nightly env: DB=mysqli allow_failures: @@ -33,6 +35,9 @@ services: - mysql - memcached +before_install: + - travis/setup-mysql8.sh $MYSQL8 + install: - travis/setup-phpbb.sh $DB $TRAVIS_PHP_VERSION $NOTESTS diff --git a/travis/setup-mysql8.sh b/travis/setup-mysql8.sh new file mode 100755 index 0000000000..8450d8d6c7 --- /dev/null +++ b/travis/setup-mysql8.sh @@ -0,0 +1,27 @@ +#!/bin/bash +# +# This file is part of the phpBB Forum Software package. +# +# @copyright (c) phpBB Limited +# @license GNU General Public License, version 2 (GPL-2.0) +# +# For full copyright and license information, please see +# the docs/CREDITS.txt file. +# +set -e +set -x + +MYSQL8=$1 + +if [ "$MYSQL8" != '1' ] +then + exit 0 +fi + +wget https://repo.mysql.com//mysql-apt-config_0.8.15-1_all.deb +sudo dpkg -i mysql-apt-config_0.8.15-1_all.deb +sudo apt-get update -q +sudo apt-get install -q -y --allow-unauthenticated -o Dpkg::Options::=--force-confnew mysql-server +sudo systemctl restart mysql +sudo mysql_upgrade +mysql --version From 3bbe0f1d4e8f34094f8b1286d6fa8ee6869f32c3 Mon Sep 17 00:00:00 2001 From: rxu Date: Fri, 26 Jun 2020 17:24:18 +0700 Subject: [PATCH 2/3] [ticket/16538] Move script execution to setip-phpbb.sh PHPBB3-16538 --- .travis.yml | 5 +---- travis/setup-mysql8.sh | 7 ------- travis/setup-phpbb.sh | 6 ++++++ 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/.travis.yml b/.travis.yml index ef23f37614..2d3e56f47e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -35,11 +35,8 @@ services: - mysql - memcached -before_install: - - travis/setup-mysql8.sh $MYSQL8 - install: - - travis/setup-phpbb.sh $DB $TRAVIS_PHP_VERSION $NOTESTS + - travis/setup-phpbb.sh $DB $TRAVIS_PHP_VERSION ${NOTESTS:-0} ${MYSQL8:-0} before_script: - travis/setup-database.sh $DB $TRAVIS_PHP_VERSION $NOTESTS diff --git a/travis/setup-mysql8.sh b/travis/setup-mysql8.sh index 8450d8d6c7..3fb16e5159 100755 --- a/travis/setup-mysql8.sh +++ b/travis/setup-mysql8.sh @@ -11,13 +11,6 @@ set -e set -x -MYSQL8=$1 - -if [ "$MYSQL8" != '1' ] -then - exit 0 -fi - wget https://repo.mysql.com//mysql-apt-config_0.8.15-1_all.deb sudo dpkg -i mysql-apt-config_0.8.15-1_all.deb sudo apt-get update -q diff --git a/travis/setup-phpbb.sh b/travis/setup-phpbb.sh index be9eb703d5..0fcb63c311 100755 --- a/travis/setup-phpbb.sh +++ b/travis/setup-phpbb.sh @@ -14,6 +14,7 @@ set -x DB=$1 TRAVIS_PHP_VERSION=$2 NOTESTS=$3 +MYSQL8=$4 if [ "$NOTESTS" == '1' ] then @@ -26,6 +27,11 @@ then travis/setup-mariadb.sh fi +if [ "$MYSQL8" == '1' ] +then + travis/setup-mysql8.sh +fi + if [ "$NOTESTS" != '1' ] then travis/setup-php-extensions.sh From 0bc9d87891cdbf5df8a11124a6618ded3f355b97 Mon Sep 17 00:00:00 2001 From: rxu Date: Sat, 27 Jun 2020 12:11:48 +0700 Subject: [PATCH 3/3] [ticket/16538] Add identifiers quoting If reserved word is used as identifier, it must be quoted. If alias is used elsewhere in SQL statement, it must be quoted. PHPBB3-16535 PHPBB3-16538 --- phpBB/includes/functions_posting.php | 2 +- phpBB/install/convert/convertor.php | 6 +++--- phpBB/phpbb/db/driver/driver_interface.php | 8 ++++++++ phpBB/phpbb/db/driver/factory.php | 8 ++++++++ phpBB/phpbb/db/driver/mssql_base.php | 8 ++++++++ phpBB/phpbb/db/driver/mysqli.php | 8 ++++++++ phpBB/phpbb/db/driver/oracle.php | 8 ++++++++ phpBB/phpbb/db/driver/postgres.php | 8 ++++++++ phpBB/phpbb/db/driver/sqlite3.php | 8 ++++++++ tests/functional/smilies_test.php | 4 ++-- 10 files changed, 62 insertions(+), 6 deletions(-) diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index c056d93fb4..8544513bc5 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -118,7 +118,7 @@ function generate_smilies($mode, $forum_id) SMILIES_TABLE => 's', ], 'GROUP_BY' => 's.smiley_url, s.smiley_width, s.smiley_height', - 'ORDER_BY' => 'min_smiley_order', + 'ORDER_BY' => $db->sql_quote('min_smiley_order'), ]; } else diff --git a/phpBB/install/convert/convertor.php b/phpBB/install/convert/convertor.php index 09088fe824..c1da17ad2b 100644 --- a/phpBB/install/convert/convertor.php +++ b/phpBB/install/convert/convertor.php @@ -1300,7 +1300,7 @@ class convertor else { // No table alias - $sql_data['source_tables'][$m[1]] = (empty($convert->src_table_prefix)) ? $m[1] : $convert->src_table_prefix . $m[1] . ' ' . $m[1]; + $sql_data['source_tables'][$m[1]] = (empty($convert->src_table_prefix)) ? $m[1] : $convert->src_table_prefix . $m[1] . ' ' . $db->sql_quote($m[1]); } $sql_data['select_fields'][$value_1] = $value_1; @@ -1314,7 +1314,7 @@ class convertor { foreach ($m[1] as $value) { - $sql_data['source_tables'][$value] = (empty($convert->src_table_prefix)) ? $value : $convert->src_table_prefix . $value . ' ' . $value; + $sql_data['source_tables'][$value] = (empty($convert->src_table_prefix)) ? $value : $convert->src_table_prefix . $value . ' ' . $db->sql_quote($value); } } } @@ -1323,7 +1323,7 @@ class convertor // Add the aliases to the list of tables foreach ($aliases as $alias => $table) { - $sql_data['source_tables'][$alias] = $convert->src_table_prefix . $table . ' ' . $alias; + $sql_data['source_tables'][$alias] = $convert->src_table_prefix . $table . ' ' . $db->sql_quote($alias); } // 'left_join' => 'forums LEFT JOIN forum_prune ON forums.forum_id = forum_prune.forum_id', diff --git a/phpBB/phpbb/db/driver/driver_interface.php b/phpBB/phpbb/db/driver/driver_interface.php index 05ff5ef066..e269fac585 100644 --- a/phpBB/phpbb/db/driver/driver_interface.php +++ b/phpBB/phpbb/db/driver/driver_interface.php @@ -464,4 +464,12 @@ interface driver_interface * @return string A SQL statement like: "IN (1, 2, 3, 4)" or "= 1" */ public function sql_in_set($field, $array, $negate = false, $allow_empty_set = false); + + /** + * Quote identifiers used in sql query + * + * @param string $msg String to be quoted + * @return string Quoted version of $msg + */ + public function sql_quote($msg); } diff --git a/phpBB/phpbb/db/driver/factory.php b/phpBB/phpbb/db/driver/factory.php index bb6e7a2682..db58897b88 100644 --- a/phpBB/phpbb/db/driver/factory.php +++ b/phpBB/phpbb/db/driver/factory.php @@ -456,4 +456,12 @@ class factory implements driver_interface { return $this->get_driver()->sql_in_set($field, $array, $negate, $allow_empty_set); } + + /** + * {@inheritdoc} + */ + public function sql_quote($msg) + { + return $this->get_driver()->sql_quote($msg); + } } diff --git a/phpBB/phpbb/db/driver/mssql_base.php b/phpBB/phpbb/db/driver/mssql_base.php index 98d16ca7fc..c48f7d42a6 100644 --- a/phpBB/phpbb/db/driver/mssql_base.php +++ b/phpBB/phpbb/db/driver/mssql_base.php @@ -76,4 +76,12 @@ abstract class mssql_base extends \phpbb\db\driver\driver { return $data; } + + /** + * {@inheritDoc} + */ + function sql_quote($msg) + { + return '"' . $msg . '"'; + } } diff --git a/phpBB/phpbb/db/driver/mysqli.php b/phpBB/phpbb/db/driver/mysqli.php index 0c1c063262..826233507f 100644 --- a/phpBB/phpbb/db/driver/mysqli.php +++ b/phpBB/phpbb/db/driver/mysqli.php @@ -489,4 +489,12 @@ class mysqli extends \phpbb\db\driver\mysql_base break; } } + + /** + * {@inheritDoc} + */ + function sql_quote($msg) + { + return '`' . $msg . '`'; + } } diff --git a/phpBB/phpbb/db/driver/oracle.php b/phpBB/phpbb/db/driver/oracle.php index f2a0bb557a..a9137e8463 100644 --- a/phpBB/phpbb/db/driver/oracle.php +++ b/phpBB/phpbb/db/driver/oracle.php @@ -818,4 +818,12 @@ class oracle extends \phpbb\db\driver\driver break; } } + + /** + * {@inheritDoc} + */ + function sql_quote($msg) + { + return '"' . $msg . '"'; + } } diff --git a/phpBB/phpbb/db/driver/postgres.php b/phpBB/phpbb/db/driver/postgres.php index 1a276638d4..52a5b6b546 100644 --- a/phpBB/phpbb/db/driver/postgres.php +++ b/phpBB/phpbb/db/driver/postgres.php @@ -497,4 +497,12 @@ class postgres extends \phpbb\db\driver\driver break; } } + + /** + * {@inheritDoc} + */ + function sql_quote($msg) + { + return '"' . $msg . '"'; + } } diff --git a/phpBB/phpbb/db/driver/sqlite3.php b/phpBB/phpbb/db/driver/sqlite3.php index 43906f1b58..106400bf0a 100644 --- a/phpBB/phpbb/db/driver/sqlite3.php +++ b/phpBB/phpbb/db/driver/sqlite3.php @@ -427,4 +427,12 @@ class sqlite3 extends \phpbb\db\driver\driver break; } } + + /** + * {@inheritDoc} + */ + function sql_quote($msg) + { + return '\'' . $msg . '\''; + } } diff --git a/tests/functional/smilies_test.php b/tests/functional/smilies_test.php index f17171bd1f..4ee45e9bde 100644 --- a/tests/functional/smilies_test.php +++ b/tests/functional/smilies_test.php @@ -28,7 +28,7 @@ class phpbb_functional_smilies_test extends phpbb_functional_test_case SMILIES_TABLE => 's', ], 'GROUP_BY' => 's.smiley_url, s.smiley_width, s.smiley_height', - 'ORDER_BY' => 'min_smiley_order', + 'ORDER_BY' => $db->sql_quote('min_smiley_order'), ]; $sql = $db->sql_build_query('SELECT', $sql_ary); $result = $db->sql_query($sql); @@ -39,7 +39,7 @@ class phpbb_functional_smilies_test extends phpbb_functional_test_case $crawler = self::request('GET', 'posting.php?mode=smilies'); foreach ($smilies as $index => $smiley) { - $this->assertContains($smiley['smiley_url'], + $this->assertStringContainsString($smiley['smiley_url'], $crawler->filter('div[class="inner"] > a > img')->eq($index)->attr('src') ); }