From 53eef033877e7f16329dfbea26623533281856de Mon Sep 17 00:00:00 2001
From: Clemens Schwaighofer <clemens.schwaighofer@egplusww.com>
Date: Thu, 2 Feb 2023 10:27:07 +0900
Subject: [PATCH] Fixes in DB\IO query detection regex

- start with allow whitespace in front
- returning allows more white space types between keyword and parameter list
---
 www/admin/class_test.db.php | 12 +++++++++++-
 www/lib/CoreLibs/DB/IO.php  | 12 ++++++------
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/www/admin/class_test.db.php b/www/admin/class_test.db.php
index 4e07f6bb..6cb00098 100644
--- a/www/admin/class_test.db.php
+++ b/www/admin/class_test.db.php
@@ -153,9 +153,19 @@ var_dump($db->dbGetReturningExt());
 
 // should throw deprecated error
 // $db->getReturningExt();
+$last_insert_pk = $db->dbGetInsertPK();
 print "DIRECT INSERT PREVIOUS INSERTED: "
 	. print_r($db->dbReturnRow("SELECT test_foo_id, test FROM test_foo "
-		. "WHERE test_foo_id = " . $db->dbGetInsertPK()), true) . "<br>";
+		. "WHERE test_foo_id = " . $last_insert_pk), true) . "<br>";
+$q = <<<EOM
+	SELECT
+		test_foo_id, test
+	FROM test_foo
+	WHERE test_foo_id = $last_insert_pk;
+EOM;
+print "EOM READ OF PREVIOUS INSERTED: " . print_r($db->dbReturnRow($q), true) . "<br>";
+print "LAST ERROR: " . $db->dbGetLastError() . "<br>";
+print "<br>";
 
 // PREPARED INSERT
 $db->dbPrepare("ins_test_foo", "INSERT INTO test_foo (test) VALUES ($1) RETURNING test");
diff --git a/www/lib/CoreLibs/DB/IO.php b/www/lib/CoreLibs/DB/IO.php
index eacaedaf..af1668c2 100644
--- a/www/lib/CoreLibs/DB/IO.php
+++ b/www/lib/CoreLibs/DB/IO.php
@@ -277,7 +277,7 @@ class IO
 	/** @var string default hash type */
 	public const ERROR_HASH_TYPE = 'adler32';
 	/** @var string regex to get returning with matches at position 1 */
-	public const REGEX_RETURNING = '/\s?returning(?: (.+?));?$/i';
+	public const REGEX_RETURNING = '/\s+returning\s+(.+?);?$/i';
 
 	// recommend to set private/protected and only allow setting via method
 	// can bet set from outside
@@ -582,7 +582,7 @@ class IO
 	private function __checkQueryForSelect(string $query): bool
 	{
 		// change to string starts with?
-		if (preg_match("/^(?:SELECT|SHOW|WITH)\s/i", $query)) {
+		if (preg_match("/^\s*(?:SELECT|SHOW|WITH)\s/i", $query)) {
 			return true;
 		}
 		return false;
@@ -599,10 +599,10 @@ class IO
 	 */
 	private function __checkQueryForInsert(string $query, bool $pure = false): bool
 	{
-		if ($pure && preg_match("/^INSERT\s+?INTO\s/i", $query)) {
+		if ($pure && preg_match("/^\s*INSERT\s+?INTO\s/i", $query)) {
 			return true;
 		}
-		if (!$pure && preg_match("/^(?:INSERT\s+?INTO|DELETE\s+?FROM|UPDATE)\s/i", $query)) {
+		if (!$pure && preg_match("/^\s*(?:INSERT\s+?INTO|DELETE\s+?FROM|UPDATE)\s/i", $query)) {
 			return true;
 		}
 		return false;
@@ -616,7 +616,7 @@ class IO
 	 */
 	private function __checkQueryForUpdate(string $query): bool
 	{
-		if (preg_match("/^UPDATE\s?(.+)/i", $query)) {
+		if (preg_match("/^\s*UPDATE\s?(.+)/i", $query)) {
 			return true;
 		}
 		return false;
@@ -897,7 +897,7 @@ class IO
 				// DELETE FROM (table)
 				// UPDATE (table) SET
 				// MATCHES 1 (call), 4 (schema), 5 (table)
-				"/^(INSERT\s+?INTO|DELETE\s+?FROM|(UPDATE))\s+?"
+				"/^\s*(INSERT\s+?INTO|DELETE\s+?FROM|(UPDATE))\s+?"
 					. "([\"'])?(?:([\w_]+)\.)?([\w_]+)(?:\3)?\s?(?(2)\s+?SET|)/i",
 				$query,
 				$matches