Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot create or save a block with type PHP when Protector is active and db type is PDO #496

Closed
skenow opened this issue Sep 29, 2019 · 0 comments
Assignees
Labels
Projects
Milestone

Comments

@skenow
Copy link
Contributor

@skenow skenow commented Sep 29, 2019

In preparing to benchmark some performance metrics on the current 1.4 branch, I went to create a new block with type PHP and I could not save it. I could create and save custom blocks with other types. I disabled Protector and was able to save the block as PHP.

I had chosen to install with PDO as the db type, so I switched back to MySQL and tested again - I could save the block as PHP. The logic in icms_db_legacy_mysql_Utility::checkSQL() needs to be reviewed and tested further

@skenow skenow self-assigned this Sep 29, 2019
@skenow skenow added this to To do in v1.4.x via automation Sep 29, 2019
@skenow skenow added this to the 1.4.0 milestone Sep 29, 2019
skenow added a commit to skenow/impresscms that referenced this issue Sep 29, 2019
The PDO method for invoking Protector's SQL check was flawed and
therefore PHP blocks could not be created or modified. There were some
redundant lines and an invalid return after checking.
MekDrop added a commit that referenced this issue Oct 8, 2019
Protector update for PDO SQL sanitizing Close #496
@MekDrop MekDrop closed this Oct 8, 2019
v1.4.x automation moved this from To do to Done Oct 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
v1.4.x
  
Done
2 participants
You can’t perform that action at this time.