Compare commits
5 Commits
e8299a123b
...
41cb6358f9
| Author | SHA1 | Date | |
|---|---|---|---|
 Clemens Schwaighofer
|
41cb6358f9 | ||
|
Clemens Schwaighofer
|
23142a4549 | ||
|
Clemens Schwaighofer
|
a7742bd5c8 | ||
|
Clemens Schwaighofer
|
50f83b822c | ||
|
Clemens Schwaighofer
|
78591d6ba4 |
@@ -651,36 +651,43 @@ CREATE TABLE edit_log (
|
||||
euid INT, -- this is a foreign key, but I don't nedd to reference to it
|
||||
FOREIGN KEY (euid) REFERENCES edit_user (edit_user_id) MATCH FULL ON UPDATE CASCADE ON DELETE SET NULL,
|
||||
ecuid VARCHAR,
|
||||
ecuuid UUID,
|
||||
ecuuid UUID, -- this is the one we want to use, full UUIDv4 from the edit user table
|
||||
username VARCHAR,
|
||||
password VARCHAR,
|
||||
event_date TIMESTAMP WITHOUT TIME ZONE DEFAULT CURRENT_TIMESTAMP,
|
||||
ip VARCHAR,
|
||||
ip VARCHAR, -- just the REMOTE_IP, full set see ip_address
|
||||
ip_address JSONB, -- REMOTE_IP and all other IPs (X_FORWARD, etc) as JSON block
|
||||
error TEXT,
|
||||
event TEXT,
|
||||
data_binary BYTEA,
|
||||
data TEXT,
|
||||
page VARCHAR,
|
||||
action VARCHAR,
|
||||
action_id VARCHAR,
|
||||
action_sub_id VARCHAR,
|
||||
action_yes VARCHAR,
|
||||
action_flag VARCHAR,
|
||||
action_menu VARCHAR,
|
||||
action_loaded VARCHAR,
|
||||
action_value VARCHAR,
|
||||
action_type VARCHAR,
|
||||
action_error VARCHAR,
|
||||
-- various info data sets
|
||||
user_agent VARCHAR,
|
||||
referer VARCHAR,
|
||||
script_name VARCHAR,
|
||||
query_string VARCHAR,
|
||||
request_scheme VARCHAR, -- http or https
|
||||
server_name VARCHAR,
|
||||
http_host VARCHAR,
|
||||
http_accept VARCHAR,
|
||||
http_accept_charset VARCHAR,
|
||||
http_accept_encoding VARCHAR,
|
||||
session_id VARCHAR
|
||||
http_data JSONB,
|
||||
http_accept VARCHAR, -- in http_data
|
||||
http_accept_charset VARCHAR, -- in http_data
|
||||
http_accept_encoding VARCHAR, -- in http_data
|
||||
-- session ID if set
|
||||
session_id VARCHAR.
|
||||
-- any action var, -> same set in action_data as JSON
|
||||
action_data JSONB,
|
||||
action VARCHAR, -- in action_data
|
||||
action_id VARCHAR, -- in action_data
|
||||
action_sub_id VARCHAR, -- in action_data
|
||||
action_yes VARCHAR, -- in action_data
|
||||
action_flag VARCHAR, -- in action_data
|
||||
action_menu VARCHAR, -- in action_data
|
||||
action_loaded VARCHAR, -- in action_data
|
||||
action_value VARCHAR, -- in action_data
|
||||
action_type VARCHAR, -- in action_data
|
||||
action_error VARCHAR -- in action_data
|
||||
) INHERITS (edit_generic) WITHOUT OIDS;
|
||||
-- END: table/edit_log.sql
|
||||
-- START: table/edit_log_overflow.sql
|
||||
|
||||
@@ -5135,6 +5135,39 @@ final class CoreLibsDBIOTest extends TestCase
|
||||
SQL,
|
||||
'count' => 6,
|
||||
'convert' => false,
|
||||
],
|
||||
'comments in insert' => [
|
||||
'query' => <<<SQL
|
||||
INSERT INTO table_with_primary_key (
|
||||
row_int, row_numeric, row_varchar, row_varchar_literal
|
||||
) VALUES (
|
||||
-- comment 1
|
||||
$1, $2,
|
||||
-- comment 2
|
||||
$3
|
||||
-- comment 3
|
||||
, $4
|
||||
)
|
||||
SQL,
|
||||
'count' => 4,
|
||||
'convert' => false
|
||||
],
|
||||
// Note some are not set
|
||||
'a complete set of possible' => [
|
||||
'query' => <<<SQL
|
||||
UPDATE table_with_primary_key SET
|
||||
-- ROW
|
||||
row_varchar = $1
|
||||
WHERE
|
||||
row_varchar = ANY($2) AND row_varchar <> $3
|
||||
AND row_varchar > $4 AND row_varchar < $5
|
||||
AND row_varchar >= $6 AND row_varchar <=$7
|
||||
AND row_jsonb->'a' = $8 AND row_jsonb->>$9 = 'a'
|
||||
AND row_jsonb<@$10 AND row_jsonb@>$11
|
||||
AND row_varchar ^@ $12
|
||||
SQL,
|
||||
'count' => 12,
|
||||
'convert' => false,
|
||||
]
|
||||
];
|
||||
}
|
||||
|
||||
@@ -2197,9 +2197,15 @@ HTML;
|
||||
(string)$this->page_name,
|
||||
// row 2
|
||||
$_SERVER["REMOTE_ADDR"] ?? null,
|
||||
[
|
||||
Json::jsonConvertArrayTo([
|
||||
'REMOTE_ADDR' => $_SERVER["REMOTE_ADDR"],
|
||||
],
|
||||
'HTTP_X_FORWARDED_FOR' => !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ?
|
||||
explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])
|
||||
: [],
|
||||
'CLIENT_IP' => !empty($_SERVER['CLIENT_IP']) ?
|
||||
explode(',', $_SERVER['CLIENT_IP'])
|
||||
: [],
|
||||
]),
|
||||
$_SERVER['HTTP_USER_AGENT'] ?? null,
|
||||
$_SERVER['HTTP_REFERER'] ?? null,
|
||||
$_SERVER['SCRIPT_FILENAME'] ?? null,
|
||||
@@ -2208,17 +2214,17 @@ HTML;
|
||||
$_SERVER['SERVER_NAME'] ?? null,
|
||||
// row 3
|
||||
$_SERVER['HTTP_HOST'] ?? null,
|
||||
[
|
||||
Json::jsonConvertArrayTo([
|
||||
'HTTP_ACCEPT' => $_SERVER['HTTP_ACCEPT'] ?? null,
|
||||
'HTTP_ACCEPT_CHARSET' => $_SERVER['HTTP_ACCEPT_CHARSET'] ?? null,
|
||||
'HTTP_ACCEPT_LANGUAGE' => $_SERVER['HTTP_ACCEPT_LANGUAGE'] ?? null,
|
||||
'HTTP_ACCEPT_ENCODING' => $_SERVER['HTTP_ACCEPT_ENCODING'] ?? null,
|
||||
],
|
||||
]),
|
||||
$this->session->getSessionId() !== '' ?
|
||||
$this->session->getSessionId() : null,
|
||||
// row 4
|
||||
// action data as JSONB
|
||||
[
|
||||
Json::jsonConvertArrayTo([
|
||||
'action' => $action_set['action'] ?? null,
|
||||
'action_id' => $action_set['action_id'] ?? null,
|
||||
'action_sub_id' => $action_set['action_sub_id'] ?? null,
|
||||
@@ -2229,7 +2235,7 @@ HTML;
|
||||
'action_value' => $action_set['action_value'] ?? null,
|
||||
'action_type' => $action_set['action_type'] ?? null,
|
||||
'action_error' => $action_set['action_error'] ?? null,
|
||||
]
|
||||
])
|
||||
],
|
||||
'NULL'
|
||||
);
|
||||
|
||||
@@ -1332,6 +1332,7 @@ class IO
|
||||
*/
|
||||
private function __dbCheckQueryParams(string $query, array $params): bool
|
||||
{
|
||||
// $this->log->debug('DB QUERY PARAMS REGEX', ConvertPlaceholder::REGEX_LOOKUP_PLACEHOLDERS);
|
||||
$placeholder_count = $this->__dbCountQueryParams($query);
|
||||
$params_count = count($params);
|
||||
if ($params_count != $placeholder_count) {
|
||||
|
||||
@@ -14,8 +14,19 @@ namespace CoreLibs\DB\Support;
|
||||
|
||||
class ConvertPlaceholder
|
||||
{
|
||||
/** @var string split regex */
|
||||
private const PATTERN_QUERY_SPLIT = '[(<>=,?-]|->|->>|#>|#>>|@>|<@|\?\|\?\&|\|\||#-';
|
||||
// NOTE for missing: range */+ are not iplemented in the regex below, but - is for now
|
||||
// NOTE some combinations are allowed, but the query will fail before this
|
||||
/** @var string split regex, entries before $ group */
|
||||
private const PATTERN_QUERY_SPLIT =
|
||||
',|' // for ',' mostly in INSERT
|
||||
. '[(<>=]|' // general set for (, <, >, = in any query with any combination
|
||||
. '(?:[\(,]\s*\-\-[\s\w]*)\r?\n|' // a comment that starts after a ( or ,
|
||||
. '\^@|' // text search for start from text with ^@
|
||||
. '\|\||' // concats two elements
|
||||
. '&&|' // array overlap
|
||||
. '\-\|\-|' // range overlap
|
||||
. '[^-]-{1}|' // single -, used in JSON too
|
||||
. '->|->>|#>|#>>|@>|<@|@@|@\?|\?{1}|\?\||\?&|#-'; //JSON searches, Array searchs, etc
|
||||
/** @var string the main regex including the pattern query split */
|
||||
private const PATTERN_ELEMENT = '(?:\'.*?\')?\s*(?:\?\?|' . self::PATTERN_QUERY_SPLIT . ')\s*';
|
||||
/** @var string parts to ignore in the SQL */
|
||||
|
||||
Reference in New Issue
Block a user