CoreLibs/development
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

DB\IO fix for regex query detection

Browse Source 
Fix for basic query detection:
Simeple starts with
SELECT/WITH/SHOW
INSERT INTO/UPDATE/DELETE FROM
UPDATE

Above does no complex query detection, just if the string starts with this

Fix form table detection for primary key auto set trial.
This commit is contained in:
Clemens Schwaighofer
2023-01-27 11:12:46 +09:00
parent 4c28e6d0ec
commit 4bbbd653cd
2 changed files with 106 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
README.V6-Upgrade.md
View File

@@ -4,6 +4,7 @@
* copy `config/config.php` * copy `config/config.php`
* install composer if not installed `composer init` and `composer install` * install composer if not installed `composer init` and `composer install`
* update composer.json * update composer.json
```json ```json
"autoload": { "autoload": {
"classmap": [ "classmap": [
@@ -11,18 +12,23 @@
] ]
}, },
``` ```
Run to update autoloader list Run to update autoloader list
```sh ```sh
composer dump-autoload composer dump-autoload
``` ```
* copy `includes/edit_base.inc` * copy `includes/edit_base.inc`
* add session start in the top header block where the `header()` calls are * add session start in the top header block where the `header()` calls are
```php ```php
// start session // start session
CoreLibs\Create\Session::startSession(); CoreLibs\Create\Session::startSession();
``` ```
* update all header calls if needed to add new log type call * update all header calls if needed to add new log type call
```php ```php
// create logger // create logger
$log = new CoreLibs\Debug\Logging([ $log = new CoreLibs\Debug\Logging([
@@ -34,17 +40,23 @@ $log = new CoreLibs\Debug\Logging([
'print_all' => $PRINT_ALL ?? false, 'print_all' => $PRINT_ALL ?? false,
]); ]);
``` ```
* add a db class * add a db class
```php ```php
// db config with logger // db config with logger
$db = new CoreLibs\DB\IO(DB_CONFIG, $log); $db = new CoreLibs\DB\IO(DB_CONFIG, $log);
``` ```
* login class needs to have db and logger added * login class needs to have db and logger added
```php ```php
// login & page access check // login & page access check
$login = new CoreLibs\ACL\Login($db, $log); $login = new CoreLibs\ACL\Login($db, $log);
``` ```
* update language class * update language class
```php ```php
// pre auto detect language after login // pre auto detect language after login
$locale = \CoreLibs\Language\GetLocale::setLocale(); $locale = \CoreLibs\Language\GetLocale::setLocale();
@@ -55,35 +67,46 @@ $l10n = new \CoreLibs\Language\L10n(
$locale['path'], $locale['path'],
); );
``` ```
* smarty needs language * smarty needs language
```php ```php
$smarty = new CoreLibs\Template\SmartyExtend($l10n, $locale); $smarty = new CoreLibs\Template\SmartyExtend($l10n, $locale);
``` ```
* admin backend also needs logger * admin backend also needs logger
```php ```php
$cms = new CoreLibs\Admin\Backend($db, $log, $l10n, $locale); $cms = new CoreLibs\Admin\Backend($db, $log, $l10n, $locale);
``` ```
* update and `$cms` or similar calls so db is in `$cms->db->...` and log are in `$cms->log->...` * update and `$cms` or similar calls so db is in `$cms->db->...` and log are in `$cms->log->...`
* update all `config.*.php` files where needed * update all `config.*.php` files where needed
* check config.master.php for `BASE_NAME` and `G_TITLE` and set them in the `.env` file so the `config.master.php` can be copied as os * check config.master.php for `BASE_NAME` and `G_TITLE` and set them in the `.env` file so the `config.master.php` can be copied as os
* If not doable, see changed below in `config.master.php` must remove old auto loder and `FLASH` constant at least * If not doable, see changed below in `config.master.php` must remove old auto loder and `FLASH` constant at least
**REMOVE:** **REMOVE:**
```php ```php
/************* AUTO LOADER *******************/ /************* AUTO LOADER *******************/
// read auto loader // read auto loader
require BASE . LIB . 'autoloader.php'; require BASE . LIB . 'autoloader.php';
``` ```
**UPDATE:** **UPDATE:**
```php ```php
// po langs [DEPRECAED: use LOCALE] // po langs [DEPRECAED: use LOCALE]
define('LANG', 'lang' . DIRECTORY_SEPARATOR); define('LANG', 'lang' . DIRECTORY_SEPARATOR);
// po locale file // po locale file
define('LOCALE', 'locale' . DIRECTORY_SEPARATOR); define('LOCALE', 'locale' . DIRECTORY_SEPARATOR);
``` ```
```php ```php
// SSL host name // SSL host name
// define('SSL_HOST', $_ENV['SSL_HOST'] ?? ''); // define('SSL_HOST', $_ENV['SSL_HOST'] ?? '');
``` ```
```php ```php
// define full regex // define full regex
define('PASSWORD_REGEX', "/^" define('PASSWORD_REGEX', "/^"
@@ -93,11 +116,13 @@ define('PASSWORD_REGEX', "/^"
. (defined('PASSWORD_SPECIAL') ? PASSWORD_SPECIAL : '') . (defined('PASSWORD_SPECIAL') ? PASSWORD_SPECIAL : '')
. "[A-Za-z\d" . PASSWORD_SPECIAL_RANGE . "]{" . PASSWORD_MIN_LENGTH . "," . PASSWORD_MAX_LENGTH . "}$/"); . "[A-Za-z\d" . PASSWORD_SPECIAL_RANGE . "]{" . PASSWORD_MIN_LENGTH . "," . PASSWORD_MAX_LENGTH . "}$/");
``` ```
```php ```php
/************* LAYOUT WIDTHS *************/ /************* LAYOUT WIDTHS *************/
define('PAGE_WIDTH', '100%'); define('PAGE_WIDTH', '100%');
define('CONTENT_WIDTH', '100%'); define('CONTENT_WIDTH', '100%');
``` ```
```php ```php
/************* OVERALL CONTROL NAMES *************/ /************* OVERALL CONTROL NAMES *************/
// BELOW has HAS to be changed // BELOW has HAS to be changed
@@ -105,6 +130,7 @@ define('CONTENT_WIDTH', '100%');
// only alphanumeric characters, strip all others // only alphanumeric characters, strip all others
define('BASE_NAME', preg_replace('/[^A-Za-z0-9]/', '', $_ENV['BASE_NAME'] ?? '')); define('BASE_NAME', preg_replace('/[^A-Za-z0-9]/', '', $_ENV['BASE_NAME'] ?? ''));
``` ```
```php ```php
/************* LANGUAGE / ENCODING *******/ /************* LANGUAGE / ENCODING *******/
// default lang + encoding // default lang + encoding
@@ -112,6 +138,7 @@ define('DEFAULT_LOCALE', 'en_US.UTF-8');
// default web page encoding setting // default web page encoding setting
define('DEFAULT_ENCODING', 'UTF-8'); define('DEFAULT_ENCODING', 'UTF-8');
``` ```
```php ```php
// BAIL ON MISSING DB CONFIG: // BAIL ON MISSING DB CONFIG:
// we have either no db selction for this host but have db config entries // we have either no db selction for this host but have db config entries
@@ -131,34 +158,43 @@ if (
exit; exit;
} }
``` ```
```php ```php
// remove SITE_LANG // remove SITE_LANG
define('SITE_LOCALE', $SITE_CONFIG[HOST_NAME]['site_locale'] ?? DEFAULT_LOCALE); define('SITE_LOCALE', $SITE_CONFIG[HOST_NAME]['site_locale'] ?? DEFAULT_LOCALE);
define('SITE_ENCODING', $SITE_CONFIG[HOST_NAME]['site_encoding'] ?? DEFAULT_ENCODING); define('SITE_ENCODING', $SITE_CONFIG[HOST_NAME]['site_encoding'] ?? DEFAULT_ENCODING);
``` ```
```php ```php
/************* GENERAL PAGE TITLE ********/ /************* GENERAL PAGE TITLE ********/
define('G_TITLE', $_ENV['G_TITLE'] ?? ''); define('G_TITLE', $_ENV['G_TITLE'] ?? '');
``` ```
* move all login passweords into the `.env` file in the `configs/` folder * move all login passweords into the `.env` file in the `configs/` folder
in the `.env` file in the `.env` file
```
```sql
DB_NAME.TEST=some_database DB_NAME.TEST=some_database
... ...
``` ```
In the config then In the config then
```php ```php
'db_name' => $_ENV['DB_NAME.TEST'] ?? '', 'db_name' => $_ENV['DB_NAME.TEST'] ?? '',
``` ```
* config.host.php update * config.host.php update
must add site_locale (site_lang + site_encoding) must add site_locale (site_lang + site_encoding)
remove site_lang remove site_lang
```php ```php
// lang + encoding // lang + encoding
'site_locale' => 'en_US.UTF-8', 'site_locale' => 'en_US.UTF-8',
// site language // site language
'site_encoding' => 'UTF-8', 'site_encoding' => 'UTF-8',
``` ```
* copy `layout/admin/javascript/edit.jq.js` * copy `layout/admin/javascript/edit.jq.js`
* check other javacsript files if needed (`edit.jq.js`) * check other javacsript files if needed (`edit.jq.js`)

40
www/lib/CoreLibs/DB/IO.php
View File

@@ -575,14 +575,14 @@ class IO
/** /**
* checks if query is a SELECT, SHOW or WITH, if not error, 0 return * checks if query is a SELECT, SHOW or WITH, if not error, 0 return
* NOTE: * NOTE:
* Query needs to start with SELECT, SHOW or WITH. if starts with "with" it is ignored * Query needs to start with SELECT, SHOW or WITH
* @param string $query query to check * @param string $query query to check
* @return bool true if matching, false if not * @return bool true if matching, false if not
*/ */
private function __checkQueryForSelect(string $query): bool private function __checkQueryForSelect(string $query): bool
{ {
// perhaps allow spaces before select ?!? // change to string starts with?
if (preg_match("/^(select|show|with) /i", $query)) { if (preg_match("/^(?:SELECT|SHOW|WITH)\s/i", $query)) {
return true; return true;
} }
return false; return false;
@@ -599,10 +599,10 @@ class IO
*/ */
private function __checkQueryForInsert(string $query, bool $pure = false): bool private function __checkQueryForInsert(string $query, bool $pure = false): bool
{ {
if ($pure && preg_match("/^insert /i", $query)) { if ($pure && preg_match("/^INSERT\s+?INTO\s/i", $query)) {
return true; return true;
} }
if (!$pure && preg_match("/^(insert|update|delete) /i", $query)) { if (!$pure && preg_match("/^(?:INSERT\s+?INTO|DELETE\s+?FROM|UPDATE)\s/i", $query)) {
return true; return true;
} }
return false; return false;
@@ -616,7 +616,7 @@ class IO
*/ */
private function __checkQueryForUpdate(string $query): bool private function __checkQueryForUpdate(string $query): bool
{ {
if (preg_match("/^update /i", $query)) { if (preg_match("/^UPDATE\s?(.+)/i", $query)) {
return true; return true;
} }
return false; return false;
@@ -881,12 +881,32 @@ class IO
private function __dbReturnTable(string $query): array private function __dbReturnTable(string $query): array
{ {
$matches = []; $matches = [];
if (preg_match("/^SELECT /i", $query)) { $schema_table = [];
preg_match("/ (FROM) \"?(([\w_]+)\.)?([\w_]+)\"? /i", $query, $matches); if ($this->__checkQueryForSelect($query)) {
// only selects the first one, this is more a fallback
// MATCHES 1 (call), 3 (schema), 4 (table)
preg_match("/\s+?(FROM)\s+?([\"'])?(?:([\w_]+)\.)?([\w_]+)(?:\2)?\s?/i", $query, $matches);
$schema_table = [
$matches[3] ?? '',
$matches[4] ?? '',
];
} else { } else {
preg_match("/(INSERT INTO|DELETE FROM|UPDATE) \"?(([\w_]+)\.)?([\w_]+)\"? /i", $query, $matches); preg_match(
// must start with
// INSERT INTO (table)
// DELETE FROM (table)
// UPDATE (table) SET
// MATCHES 1 (call), 4 (schema), 5 (table)
"/^(INSERT\s+?INTO|DELETE\s+?FROM|(UPDATE))\s+?([\"'])?(?:([\w_]+)\.)?([\w_]+)(?:\3)?\s?(?(2)SET|)/i",
$query,
$matches
);
$schema_table = [
$matches[4] ?? '',
$matches[5] ?? ''
];
} }
return [$matches[3] ?? '', $matches[4] ?? '']; return $schema_table;
} }
/** /**