mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-31 12:45:04 +01:00
Code Issues Projects Releases Wiki Activity

MDL-61626 core_dml: pgsql and schema qualification.

Browse Source
This commit is contained in:
Matteo Scaramuccia 2018-03-08 23:27:25 +01:00
parent 1287039e62
commit bccbd3b4eb
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/dml/pgsql_native_moodle_database.php
View File

@ -351,13 +351,15 @@ class pgsql_native_moodle_database extends moodle_database {
if ($result) {
while ($row = pg_fetch_assoc($result)) {
if (!preg_match('/CREATE (|UNIQUE )INDEX ([^\s]+) ON '.$tablename.' USING ([^\s]+) \(([^\)]+)\)/i', $row['indexdef'], $matches)) {
// The index definition could be generated schema-qualifying the target table name
// for safety, depending on the pgsql version (CVE-2018-1058).
if (!preg_match('/CREATE (|UNIQUE )INDEX ([^\s]+) ON (|'.$row['schemaname'].'\.)'.$tablename.' USING ([^\s]+) \(([^\)]+)\)/i', $row['indexdef'], $matches)) {
continue;
}
if ($matches[4] === 'id') {
if ($matches[5] === 'id') {
continue;
}
$columns = explode(',', $matches[4]);
$columns = explode(',', $matches[5]);
foreach ($columns as $k=>$column) {
$column = trim($column);
if ($pos = strpos($column, ' ')) {