Skip to content
Browse files

[2.1.4] Merge in final changes

- Security fixes
- Version bump and changelog
  • Loading branch information...
2 parents 977f491 + 227fc66 commit 2e7cf5bd956e669daec75ac0515fe031dbc310ac @weierophinney weierophinney committed
Showing with 1,287 additions and 102 deletions.
  1. +105 −0 CHANGELOG.md
  2. +69 −2 README.md
  3. +3 −0 composer.json
  4. +14 −5 library/Zend/Db/Adapter/Adapter.php
  5. +35 −5 library/Zend/Db/Adapter/Platform/IbmDb2.php
  6. +78 −5 library/Zend/Db/Adapter/Platform/Mysql.php
  7. +26 −5 library/Zend/Db/Adapter/Platform/Oracle.php
  8. +12 −0 library/Zend/Db/Adapter/Platform/PlatformInterface.php
  9. +77 −5 library/Zend/Db/Adapter/Platform/Postgresql.php
  10. +26 −5 library/Zend/Db/Adapter/Platform/Sql92.php
  11. +68 −4 library/Zend/Db/Adapter/Platform/SqlServer.php
  12. +65 −5 library/Zend/Db/Adapter/Platform/Sqlite.php
  13. +57 −20 library/Zend/Math/Rand.php
  14. +114 −0 library/Zend/Math/Source/HashTiming.php
  15. +3 −0 library/Zend/Math/composer.json
  16. +9 −7 library/Zend/Mvc/Router/Http/Query.php
  17. +1 −1 library/Zend/Version/Version.php
  18. +1 −1 tests/ZendTest/Db/Adapter/Driver/Oci8/ConnectionIntegrationTest.php
  19. +1 −1 tests/ZendTest/Db/Adapter/Driver/Oci8/Oci8IntegrationTest.php
  20. +1 −1 tests/ZendTest/Db/Adapter/Driver/Oci8/ResultIntegrationTest.php
  21. +1 −1 tests/ZendTest/Db/Adapter/Driver/Sqlsrv/SqlSrvIntegrationTest.php
  22. +1 −1 tests/ZendTest/Db/Adapter/Driver/Sqlsrv/StatementIntegrationTest.php
  23. +24 −3 tests/ZendTest/Db/Adapter/Platform/IbmDb2Test.php
  24. +45 −0 tests/ZendTest/Db/Adapter/Platform/MysqlIntegrationTest.php
  25. +21 −2 tests/ZendTest/Db/Adapter/Platform/MysqlTest.php
  26. +21 −2 tests/ZendTest/Db/Adapter/Platform/OracleTest.php
  27. +47 −0 tests/ZendTest/Db/Adapter/Platform/PostgresqlIntegrationTest.php
  28. +21 −2 tests/ZendTest/Db/Adapter/Platform/PostgresqlTest.php
  29. +21 −2 tests/ZendTest/Db/Adapter/Platform/Sql92Test.php
  30. +26 −0 tests/ZendTest/Db/Adapter/Platform/SqlServerIntegrationTest.php
  31. +19 −2 tests/ZendTest/Db/Adapter/Platform/SqlServerTest.php
  32. +29 −0 tests/ZendTest/Db/Adapter/Platform/SqliteIntegrationTest.php
  33. +21 −2 tests/ZendTest/Db/Adapter/Platform/SqliteTest.php
  34. +142 −0 tests/ZendTest/Db/IntegrationTestListener.php
  35. +2 −2 tests/ZendTest/Db/Sql/AbstractSqlTest.php
  36. +4 −3 tests/ZendTest/Db/Sql/InsertTest.php
  37. +2 −1 tests/ZendTest/Db/Sql/SelectTest.php
  38. +5 −4 tests/ZendTest/Db/Sql/UpdateTest.php
  39. +13 −0 tests/ZendTest/Db/TestAsset/TrustingSql92Platform.php
  40. +25 −0 tests/ZendTest/Math/RandTest.php
  41. +0 −1 tests/ZendTest/Mvc/Router/Http/PartTest.php
  42. +15 −2 tests/ZendTest/Mvc/Router/Http/QueryTest.php
  43. +17 −0 tests/phpunit.xml.dist
View
105 CHANGELOG.md
@@ -1,5 +1,105 @@
# CHANGELOG
+## 2.1.4 (13 Mar 2013):
+
+- ZF2013-01: Query route (http://framework.zend.com/security/ZF2013-01)
+- ZF2013-02: RNG support (http://framework.zend.com/security/ZF2013-02)
+- ZF2013-03: DB platform quoting (http://framework.zend.com/security/ZF2013-03)
+- 2752: `Zend_Json_Server` to accept null parameters
+ (https://github.com/zendframework/zf2/issues/2752)
+- 3696: `Zend\Json\Server\Server` should allow parameters with NULL values
+ (https://github.com/zendframework/zf2/issues/3696)
+- 3767: Allow NULL parameter values in `Zend/Json/Server`
+ (https://github.com/zendframework/zf2/issues/3767)
+- 3827: Fix mismatches between the PHPDoc and the method signatures
+ (https://github.com/zendframework/zf2/issues/3827)
+- 3840: allow a null page in pages array, to compensate for ZF issue #3823
+ (https://github.com/zendframework/zf2/issues/3840)
+- 3842: Hotfix/zend test improve console usage
+ (https://github.com/zendframework/zf2/issues/3842)
+- 3849: Check if values are set in `Zend\Db\Sql\Insert.php` for prepared
+ statement
+ (https://github.com/zendframework/zf2/issues/3849)
+- 3867: `FileGenerator::setUses()` MUST can take arguments from
+ `FileGenerator::getUses()`
+ (https://github.com/zendframework/zf2/issues/3867)
+- 3868: `ClassGenerator::fromReflection` not generate class properties
+ (https://github.com/zendframework/zf2/issues/3868)
+- 3869: Remove BC break in `Identical` validator
+ (https://github.com/zendframework/zf2/issues/3869)
+- 3871: The method delete on the `RowGateway` now returns the affected rows
+ (https://github.com/zendframework/zf2/issues/3871)
+- 3873: Fixes an issue when binding a model to a form collection element
+ (https://github.com/zendframework/zf2/issues/3873)
+- 3885: Hotfix/add tests console adapter
+ (https://github.com/zendframework/zf2/issues/3885)
+- 3886: Add tests console prompt
+ (https://github.com/zendframework/zf2/issues/3886)
+- 3888: `DefinitionList` `hasMethod` fix
+ (https://github.com/zendframework/zf2/issues/3888)
+- 3907: Add tests console request response
+ (https://github.com/zendframework/zf2/issues/3907)
+- 3916: Fix PUT HTTP method usage with params
+ (https://github.com/zendframework/zf2/issues/3916)
+- 3917: Clean the Console abstract adapter
+ (https://github.com/zendframework/zf2/issues/3917)
+- 3921: [+BUGFIX] Fixed column names bug `Zend\Db\Sql\Select`
+ (https://github.com/zendframework/zf2/issues/3921)
+- 3925: Added view and validator dependency
+ (https://github.com/zendframework/zf2/issues/3925)
+- 3936: Improve the remove of `SendResponseListener`
+ (https://github.com/zendframework/zf2/issues/3936)
+- 3946: Adding config to `openssl_pkey_export()`
+ (https://github.com/zendframework/zf2/issues/3946)
+- 3947: fix exception %s passed variable of 'A service by the name or alias %s' should be $name
+ (https://github.com/zendframework/zf2/issues/3947)
+- 3948: Bug/merging translator textdomains
+ (https://github.com/zendframework/zf2/issues/3948)
+- 3950: Fix zero value in argument
+ (https://github.com/zendframework/zf2/issues/3950)
+- 3957: [Hotfix] Fixed incorrect `PDO_Oci` platform recognition
+ (https://github.com/zendframework/zf2/issues/3957)
+- 3960: Update toString() to use late static binding for encoding methods
+ (https://github.com/zendframework/zf2/issues/3960)
+- 3964: Fix fluent interface
+ (https://github.com/zendframework/zf2/issues/3964)
+- 3966: Better polyfill support for `Stdlib` and `Session`
+ (https://github.com/zendframework/zf2/issues/3966)
+- 3968: fixed `Exception\InvalidArgumentException` messages in `Zend\Log`
+ (https://github.com/zendframework/zf2/issues/3968)
+- 3971: SessionArrayStorage doesn't preserve `_REQUEST_ACCESS_TIME`
+ (https://github.com/zendframework/zf2/issues/3971)
+- 3973: Documentation improvement `Zend\View\Stream`
+ (https://github.com/zendframework/zf2/issues/3973)
+- 3980: change `HOST_DNS_OR_IPV4_OR_IPV6` to `0x13` for `$validHostTypes`
+ (https://github.com/zendframework/zf2/issues/3980)
+- 3981: Improve exception messages
+ (https://github.com/zendframework/zf2/issues/3981)
+- 3982: Fix `\Zend\Soap\AutoDiscover` constructor
+ (https://github.com/zendframework/zf2/issues/3982)
+- 3984: Update `ArrayStack.php`
+ (https://github.com/zendframework/zf2/issues/3984)
+- 3987: Fix ChromePhp logger interface and debug level
+ (https://github.com/zendframework/zf2/issues/3987)
+- 3988: Fix & Unit test for `preparestatement` notices
+ (https://github.com/zendframework/zf2/issues/3988)
+- 3991: Hotfix/3858 - `findHelper` problem in Navigation Helper
+ (https://github.com/zendframework/zf2/issues/3991)
+- 3993: `SessionArrayStorage` Request Access Time and Storage Initialization
+ (https://github.com/zendframework/zf2/issues/3993)
+- 3997: Allow https on scheme without a hostname
+ (https://github.com/zendframework/zf2/issues/3997)
+- 4001: Fix `ViewFeedStrategyFactory` comment
+ (https://github.com/zendframework/zf2/issues/4001)
+- 4005: Hotfix/case sensitive console
+ (https://github.com/zendframework/zf2/issues/4005)
+- 4007: Pass `ClassGenerator` instance instead of boolean
+ (https://github.com/zendframework/zf2/issues/4007)
+- 4009: Minor if to else if improvement
+ (https://github.com/zendframework/zf2/issues/4009)
+- 4010: Hotfix/zend test with console route
+ (https://github.com/zendframework/zf2/issues/4010)
+
## 2.1.3 (21 Feb 2013):
- 3714: Zend\Stdlib\ArrayObject::offsetExists() returning by reference
@@ -568,6 +668,11 @@ For those affected, the following courses of action are possible:
* Initialize and register a Zend\Session\Storage\SessionStorage object
explicitly with the session manager instance.
+## 2.0.8 (13 Mar 2013):
+
+- ZF2013-01: Query route (http://framework.zend.com/security/ZF2013-01)
+- ZF2013-02: RNG support (http://framework.zend.com/security/ZF2013-02)
+- ZF2013-03: DB platform quoting (http://framework.zend.com/security/ZF2013-03)
## 2.0.7 (29 Jan 2013):
View
71 README.md
@@ -5,14 +5,81 @@ Develop: [![Build Status](https://secure.travis-ci.org/zendframework/zf2.png?bra
## RELEASE INFORMATION
-*Zend Framework 2.1.4dev*
+*Zend Framework 2.1.4*
This is the fourth maintenance release for the version 2.1 series.
-DD MMM YYYY
+13 Mar 2013
### UPDATES IN 2.1.4
+#### Security fix: Query route
+
+The query route was deprecated, as a replacement exists within the HTTP router
+itself. You can pass a "query" option to the assemble method containing either
+the query string or an array of key-value pairs:
+
+```php
+$url = $router->assemble(array(
+ 'name' => 'foo',
+), array(
+ 'query' => array(
+ 'page' => 3,
+ 'sort' => 'DESC',
+ ),
+ // or: 'query' => 'page=3&sort=DESC'
+));
+
+// via URL helper/plugin:
+$rendererOrController->url('foo', array(), array('query' => $request->getQuery()));
+```
+
+Additionally, the merging of query parameters into the route match was removed
+to avoid potential security issues. Please use the query container of the
+request object instead.
+
+For more information on the security vector, please see
+[ZF2013-01](http://framework.zend.com/security/ZF2013-01).
+
+#### Security fix: Better RNG support
+
+The `Zend\Math\Rand` component generates random bytes using the OpenSSL
+or Mcrypt extensions when available but will otherwise use PHP's
+`mt_rand()` function as a fallback. All outputs from `mt_rand()` are
+predictable for the same PHP process if an attacker can brute force
+the seed - which can be done if the attacker has access to a random number
+generated by `mt_rand` or the session ID (if generated without using additional
+entropy).
+
+Zend Framework have revised the `Zend\Math\Rand` component to replace the
+current `mt_rand()` fallback for OpenSSL/Mcrypt with Anthony Ferrara's
+[RandomLib](https://github.com/ircmaxell/RandomLib), incorporating an additional
+entropy source based on [source code published by George
+Argyros](https://github.com/GeorgeArgyros/Secure-random-bytes-in-PHP). The new
+fallback collects entropy from numerous sources other than PHP's internal seed
+mechanism and extracts random bytes from the resulting mixed entropy pool.
+
+For more information on this security vector, please see
+[ZF2013-02](http://framework.zend.com/security/ZF2013-02).
+
+#### Security fix: DB platform quoting
+
+Altered `Zend\Db` to throw notices when insecure usage of the following methods
+is called:
+
+- `Zend\Db\Adapter\Platform\*::quoteValue*()`
+- `Zend\Db\Sql\*::getSqlString*()`
+
+Fixed `Zend\Db` Platform objects to use driver level quoting when provided, and
+throw `E_USER_NOTICE` when not provided. Added `quoteTrustedValue()` API for
+notice-free value quoting. Fixed all userland quoting in Platform objects to
+handle a wider array of escapable characters.
+
+For more information on this security vector, please see
+[ZF2013-03](http://framework.zend.com/security/ZF2013-03).
+
+#### Better polyfill support
+
Better polyfill support in `Zend\Session` and `Zend\Stdlib`. Polyfills
(version-specific class replacements) have caused some issues in the 2.1 series.
In particular, users who were not using Composer were unaware/uncertain about
View
3 composer.json
@@ -13,11 +13,14 @@
},
"require-dev": {
"doctrine/common": ">=2.1",
+ "ircmaxell/random-lib": "dev-master",
+ "ircmaxell/security-lib": "dev-master",
"phpunit/PHPUnit": "3.7.*"
},
"suggest": {
"doctrine/common": "Doctrine\\Common >=2.1 for annotation features",
"ext-intl": "ext/intl for i18n features",
+ "ircmaxell/random-lib": "Fallback random byte generator for Zend\\Math\\Rand if OpenSSL/Mcrypt extensions are unavailable",
"pecl-weakref": "Implementation of weak references for Zend\\Stdlib\\CallbackHandler",
"zendframework/zendpdf": "ZendPdf for creating PDF representations of barcodes",
"zendframework/zendservice-recaptcha": "ZendService\\ReCaptcha for rendering ReCaptchas in Zend\\Captcha and/or Zend\\Form"
View
19 library/Zend/Db/Adapter/Adapter.php
@@ -321,23 +321,32 @@ protected function createPlatform($parameters)
throw new Exception\InvalidArgumentException('A platform could not be determined from the provided configuration');
}
+ // currently only supported by the IbmDb2 & Oracle concrete implementations
$options = (isset($parameters['platform_options'])) ? $parameters['platform_options'] : array();
switch ($platformName) {
case 'Mysql':
- return new Platform\Mysql($options);
+ // mysqli or pdo_mysql driver
+ $driver = ($this->driver instanceof Driver\Mysqli\Mysqli || $this->driver instanceof Driver\Pdo\Pdo) ? $this->driver : null;
+ return new Platform\Mysql($driver);
case 'SqlServer':
- return new Platform\SqlServer($options);
+ // PDO is only supported driver for quoting values in this platform
+ return new Platform\SqlServer(($this->driver instanceof Driver\Pdo\Pdo) ? $this->driver : null);
case 'Oracle':
+ // oracle does not accept a driver as an option, no driver specific quoting available
return new Platform\Oracle($options);
case 'Sqlite':
- return new Platform\Sqlite($options);
+ // PDO is only supported driver for quoting values in this platform
+ return new Platform\Sqlite(($this->driver instanceof Driver\Pdo\Pdo) ? $this->driver : null);
case 'Postgresql':
- return new Platform\Postgresql($options);
+ // pgsql or pdo postgres driver
+ $driver = ($this->driver instanceof Driver\Pgsql\Pgsql || $this->driver instanceof Driver\Pdo\Pdo) ? $this->driver : null;
+ return new Platform\Postgresql($driver);
case 'IbmDb2':
+ // ibm_db2 driver escaping does not need an action connection
return new Platform\IbmDb2($options);
default:
- return new Platform\Sql92($options);
+ return new Platform\Sql92();
}
}
View
40 library/Zend/Db/Adapter/Platform/IbmDb2.php
@@ -12,6 +12,8 @@
class IbmDb2 implements PlatformInterface
{
+ protected $quoteValueAllowed = false;
+
/**
* @var bool
*/
@@ -109,7 +111,30 @@ public function getQuoteValueSymbol()
*/
public function quoteValue($value)
{
- return '\'' . str_replace('\'', '\\' . '\'', $value) . '\'';
+ if (function_exists('db2_escape_string')) {
+ return '\'' . db2_escape_string($value) . '\'';
+ }
+ trigger_error(
+ 'Attempting to quote a value in ' . __CLASS__ . ' without extension/driver support '
+ . 'can introduce security vulnerabilities in a production environment.'
+ );
+ return '\'' . str_replace("'", "''", $value) . '\'';
+ }
+
+ /**
+ * Quote Trusted Value
+ *
+ * The ability to quote values without notices
+ *
+ * @param $value
+ * @return mixed
+ */
+ public function quoteTrustedValue($value)
+ {
+ if (function_exists('db2_escape_string')) {
+ return '\'' . db2_escape_string($value) . '\'';
+ }
+ return '\'' . str_replace("'", "''", $value) . '\'';
}
/**
@@ -120,11 +145,15 @@ public function quoteValue($value)
*/
public function quoteValueList($valueList)
{
- $valueList = str_replace('\'', '\\' . '\'', $valueList);
- if (is_array($valueList)) {
- $valueList = implode('\', \'', $valueList);
+ if (!is_array($valueList)) {
+ return $this->quoteValue($valueList);
}
- return '\'' . $valueList . '\'';
+
+ $value = reset($valueList);
+ do {
+ $valueList[key($valueList)] = $this->quoteValue($value);
+ } while ($value = next($valueList));
+ return implode(', ', $valueList);
}
/**
@@ -176,4 +205,5 @@ public function quoteIdentifierInFragment($identifier, array $safeWords = array(
return implode('', $parts);
}
+
}
View
83 library/Zend/Db/Adapter/Platform/Mysql.php
@@ -9,8 +9,48 @@
namespace Zend\Db\Adapter\Platform;
+use Zend\Db\Adapter\Driver\Mysqli;
+use Zend\Db\Adapter\Driver\Pdo;
+use Zend\Db\Adapter\Exception;
+
class Mysql implements PlatformInterface
{
+ /** @var \mysqli|\PDO */
+ protected $resource = null;
+
+ public function __construct($driver = null)
+ {
+ if ($driver) {
+ $this->setDriver($driver);
+ }
+ }
+
+ /**
+ * @param \Zend\Db\Adapter\Driver\Mysqli\Mysqli|\Zend\Db\Adapter\Driver\Pdo\Pdo||\mysqli|\PDO $driver
+ * @throws \Zend\Db\Adapter\Exception\InvalidArgumentException
+ * @return $this
+ */
+ public function setDriver($driver)
+ {
+ // handle Zend_Db drivers
+ if ($driver instanceof Mysqli\Mysqli
+ || ($driver instanceof Pdo\Pdo && $driver->getDatabasePlatformName() == 'Mysql')
+ ) {
+ /** @var $driver \Zend\Db\Adapter\Driver\DriverInterface */
+ $this->resource = $driver->getConnection()->getResource();
+ return $this;
+ }
+
+ // handle
+ if ($driver instanceof \mysqli
+ || ($driver instanceof \PDO && $driver->getAttribute(\PDO::ATTR_DRIVER_NAME) == 'mysql')
+ ) {
+ $this->resource = $driver;
+ return $this;
+ }
+
+ throw new Exception\InvalidArgumentException('$driver must be a Mysqli or Mysql PDO Zend\Db\Adapter\Driver, Mysqli instance or MySQL PDO instance');
+ }
/**
* Get name
@@ -76,7 +116,36 @@ public function getQuoteValueSymbol()
*/
public function quoteValue($value)
{
- return '\'' . str_replace('\'', '\\' . '\'', $value) . '\'';
+ if ($this->resource instanceof \mysqli) {
+ return '\'' . $this->resource->real_escape_string($value) . '\'';
+ }
+ if ($this->resource instanceof \PDO) {
+ return $this->resource->quote($value);
+ }
+ trigger_error(
+ 'Attempting to quote a value in ' . __CLASS__ . ' without extension/driver support '
+ . 'can introduce security vulnerabilities in a production environment.'
+ );
+ return '\'' . addcslashes($value, "\x00\n\r\\'\"\x1a") . '\'';
+ }
+
+ /**
+ * Quote Trusted Value
+ *
+ * The ability to quote values without notices
+ *
+ * @param $value
+ * @return mixed
+ */
+ public function quoteTrustedValue($value)
+ {
+ if ($this->resource instanceof \mysqli) {
+ return '\'' . $this->resource->real_escape_string($value) . '\'';
+ }
+ if ($this->resource instanceof \PDO) {
+ return $this->resource->quote($value);
+ }
+ return '\'' . addcslashes($value, "\x00\n\r\\'\"\x1a") . '\'';
}
/**
@@ -87,11 +156,15 @@ public function quoteValue($value)
*/
public function quoteValueList($valueList)
{
- $valueList = str_replace('\'', '\\' . '\'', $valueList);
- if (is_array($valueList)) {
- $valueList = implode('\', \'', $valueList);
+ if (!is_array($valueList)) {
+ return $this->quoteValue($valueList);
}
- return '\'' . $valueList . '\'';
+
+ $value = reset($valueList);
+ do {
+ $valueList[key($valueList)] = $this->quoteValue($value);
+ } while ($value = next($valueList));
+ return implode(', ', $valueList);
}
/**
View
31 library/Zend/Db/Adapter/Platform/Oracle.php
@@ -100,7 +100,24 @@ public function getQuoteValueSymbol()
*/
public function quoteValue($value)
{
- return '\'' . str_replace('\'', '\\' . '\'', $value) . '\'';
+ trigger_error(
+ 'Attempting to quote a value in ' . __CLASS__ . ' without extension/driver support '
+ . 'can introduce security vulnerabilities in a production environment.'
+ );
+ return '\'' . addcslashes($value, "\x00\n\r\\'\"\x1a") . '\'';
+ }
+
+ /**
+ * Quote Trusted Value
+ *
+ * The ability to quote values without notices
+ *
+ * @param $value
+ * @return mixed
+ */
+ public function quoteTrustedValue($value)
+ {
+ return '\'' . addcslashes($value, "\x00\n\r\\'\"\x1a") . '\'';
}
/**
@@ -111,11 +128,15 @@ public function quoteValue($value)
*/
public function quoteValueList($valueList)
{
- $valueList = str_replace('\'', '\\' . '\'', $valueList);
- if (is_array($valueList)) {
- $valueList = implode('\', \'', $valueList);
+ if (!is_array($valueList)) {
+ return $this->quoteValue($valueList);
}
- return '\'' . $valueList . '\'';
+
+ $value = reset($valueList);
+ do {
+ $valueList[key($valueList)] = $this->quoteValue($value);
+ } while ($value = next($valueList));
+ return implode(', ', $valueList);
}
/**
View
12 library/Zend/Db/Adapter/Platform/PlatformInterface.php
@@ -51,12 +51,24 @@ public function getQuoteValueSymbol();
/**
* Quote value
*
+ * Will throw a notice when used in a workflow that can be considered "unsafe"
+ *
* @param string $value
* @return string
*/
public function quoteValue($value);
/**
+ * Quote Trusted Value
+ *
+ * The ability to quote values without notices
+ *
+ * @param $value
+ * @return mixed
+ */
+ public function quoteTrustedValue($value);
+
+ /**
* Quote value list
*
* @param string|string[] $valueList
View
82 library/Zend/Db/Adapter/Platform/Postgresql.php
@@ -9,8 +9,46 @@
namespace Zend\Db\Adapter\Platform;
+use Zend\Db\Adapter\Driver\Pgsql;
+use Zend\Db\Adapter\Driver\Pdo;
+use Zend\Db\Adapter\Exception;
+
class Postgresql implements PlatformInterface
{
+ /** @var resource|\PDO */
+ protected $resource = null;
+
+ public function __construct($driver = null)
+ {
+ if ($driver) {
+ $this->setDriver($driver);
+ }
+ }
+
+ /**
+ * @param \Zend\Db\Adapter\Driver\Pgsql\Pgsql|\Zend\Db\Adapter\Driver\Pdo\Pdo|resource|\PDO $driver
+ * @throws \Zend\Db\Adapter\Exception\InvalidArgumentException
+ * @return $this
+ */
+ public function setDriver($driver)
+ {
+ if ($driver instanceof Pgsql\Pgsql
+ || ($driver instanceof Pdo\Pdo && $driver->getDatabasePlatformName() == 'Postgresql')
+ ) {
+ $this->resource = $driver->getConnection()->getResource();
+ return $this;
+ }
+
+ if ((is_resource($driver) && (in_array(get_resource_type($driver), array('pgsql link', 'pgsql link persistent'))))
+ || ($driver instanceof \PDO && $driver->getAttribute(\PDO::ATTR_DRIVER_NAME) == 'pgsql')
+ ) {
+ $this->resource = $driver;
+ return $this;
+ }
+
+ throw new Exception\InvalidArgumentException('$driver must be a Pgsql or Postgresql PDO Zend\Db\Adapter\Driver, pgsql link resource or Postgresql PDO instance');
+ }
+
/**
* Get name
*
@@ -75,7 +113,36 @@ public function getQuoteValueSymbol()
*/
public function quoteValue($value)
{
- return '\'' . str_replace('\'', '\\' . '\'', $value) . '\'';
+ if (is_resource($this->resource)) {
+ return '\'' . pg_escape_string($this->resource, $value) . '\'';
+ }
+ if ($this->resource instanceof \PDO) {
+ return $this->resource->quote($value);
+ }
+ trigger_error(
+ 'Attempting to quote a value in ' . __CLASS__ . ' without extension/driver support '
+ . 'can introduce security vulnerabilities in a production environment.'
+ );
+ return '\'' . addcslashes($value, "\x00\n\r\\'\"\x1a") . '\'';
+ }
+
+ /**
+ * Quote Trusted Value
+ *
+ * The ability to quote values without notices
+ *
+ * @param $value
+ * @return mixed
+ */
+ public function quoteTrustedValue($value)
+ {
+ if (is_resource($this->resource)) {
+ return '\'' . pg_escape_string($this->resource, $value) . '\'';
+ }
+ if ($this->resource instanceof \PDO) {
+ return $this->resource->quote($value);
+ }
+ return '\'' . addcslashes($value, "\x00\n\r\\'\"\x1a") . '\'';
}
/**
@@ -86,11 +153,15 @@ public function quoteValue($value)
*/
public function quoteValueList($valueList)
{
- $valueList = str_replace('\'', '\\' . '\'', $valueList);
- if (is_array($valueList)) {
- $valueList = implode('\', \'', $valueList);
+ if (!is_array($valueList)) {
+ return $this->quoteValue($valueList);
}
- return '\'' . $valueList . '\'';
+
+ $value = reset($valueList);
+ do {
+ $valueList[key($valueList)] = $this->quoteValue($value);
+ } while ($value = next($valueList));
+ return implode(', ', $valueList);
}
/**
@@ -136,4 +207,5 @@ public function quoteIdentifierInFragment($identifier, array $safeWords = array(
}
return implode('', $parts);
}
+
}
View
31 library/Zend/Db/Adapter/Platform/Sql92.php
@@ -75,7 +75,23 @@ public function getQuoteValueSymbol()
*/
public function quoteValue($value)
{
- return '\'' . str_replace('\'', '\\' . '\'', $value) . '\'';
+ trigger_error(
+ 'Attempting to quote a value without specific driver level support can introduce security vulnerabilities in a production environment.'
+ );
+ return '\'' . addcslashes($value, "\x00\n\r\\'\"\x1a") . '\'';
+ }
+
+ /**
+ * Quote Trusted Value
+ *
+ * The ability to quote values without notices
+ *
+ * @param $value
+ * @return mixed
+ */
+ public function quoteTrustedValue($value)
+ {
+ return '\'' . addcslashes($value, "\x00\n\r\\'\"\x1a") . '\'';
}
/**
@@ -86,11 +102,15 @@ public function quoteValue($value)
*/
public function quoteValueList($valueList)
{
- $valueList = str_replace('\'', '\\' . '\'', $valueList);
- if (is_array($valueList)) {
- $valueList = implode('\', \'', $valueList);
+ if (!is_array($valueList)) {
+ return $this->quoteValue($valueList);
}
- return '\'' . $valueList . '\'';
+
+ $value = reset($valueList);
+ do {
+ $valueList[key($valueList)] = $this->quoteValue($value);
+ } while ($value = next($valueList));
+ return implode(', ', $valueList);
}
/**
@@ -138,4 +158,5 @@ public function quoteIdentifierInFragment($identifier, array $safeWords = array(
return implode('', $parts);
}
+
}
View
72 library/Zend/Db/Adapter/Platform/SqlServer.php 100644 → 100755
@@ -9,9 +9,46 @@
namespace Zend\Db\Adapter\Platform;
+use Zend\Db\Adapter\Driver\Sqlsrv;
+use Zend\Db\Adapter\Driver\Pdo;
+use Zend\Db\Adapter\Exception;
+
class SqlServer implements PlatformInterface
{
+ /** @var resource|\PDO */
+ protected $resource = null;
+
+ public function __construct($driver = null)
+ {
+ if ($driver) {
+ $this->setDriver($driver);
+ }
+ }
+
+ /**
+ * @param \Zend\Db\Adapter\Driver\Sqlsrv\Sqlsrv|\Zend\Db\Adapter\Driver\Pdo\Pdo||resource|\PDO $driver
+ * @throws \Zend\Db\Adapter\Exception\InvalidArgumentException
+ * @return $this
+ */
+ public function setDriver($driver)
+ {
+ // handle Zend_Db drivers
+ if ($driver instanceof Pdo\Pdo && $driver->getDatabasePlatformName() == 'Sqlsrv') {
+ /** @var $driver \Zend\Db\Adapter\Driver\DriverInterface */
+ $this->resource = $driver->getConnection()->getResource();
+ return $this;
+ }
+
+ // handle
+ if (($driver instanceof \PDO && $driver->getAttribute(\PDO::ATTR_DRIVER_NAME) == 'sqlsrv')) {
+ $this->resource = $driver;
+ return $this;
+ }
+
+ throw new Exception\InvalidArgumentException('$driver must be a Sqlsrv PDO Zend\Db\Adapter\Driver or Sqlsrv PDO instance');
+ }
+
/**
* Get name
*
@@ -75,6 +112,29 @@ public function getQuoteValueSymbol()
*/
public function quoteValue($value)
{
+ if ($this->resource instanceof \PDO) {
+ return $this->resource->quote($value);
+ }
+ trigger_error(
+ 'Attempting to quote a value in ' . __CLASS__ . ' without extension/driver support '
+ . 'can introduce security vulnerabilities in a production environment.'
+ );
+ return '\'' . str_replace('\'', '\'\'', $value) . '\'';
+ }
+
+ /**
+ * Quote Trusted Value
+ *
+ * The ability to quote values without notices
+ *
+ * @param $value
+ * @return mixed
+ */
+ public function quoteTrustedValue($value)
+ {
+ if ($this->resource instanceof \PDO) {
+ return $this->resource->quote($value);
+ }
return '\'' . str_replace('\'', '\'\'', $value) . '\'';
}
@@ -86,11 +146,14 @@ public function quoteValue($value)
*/
public function quoteValueList($valueList)
{
- $valueList = str_replace('\'', '\'\'', $valueList);
- if (is_array($valueList)) {
- $valueList = implode('\', \'', $valueList);
+ if (!is_array($valueList)) {
+ return $this->quoteValue($valueList);
}
- return '\'' . $valueList . '\'';
+ $value = reset($valueList);
+ do {
+ $valueList[key($valueList)] = $this->quoteValue($value);
+ } while ($value = next($valueList));
+ return implode(', ', $valueList);
}
/**
@@ -136,4 +199,5 @@ public function quoteIdentifierInFragment($identifier, array $safeWords = array(
}
return implode('', $parts);
}
+
}
View
70 library/Zend/Db/Adapter/Platform/Sqlite.php
@@ -9,9 +9,42 @@
namespace Zend\Db\Adapter\Platform;
+use Zend\Db\Adapter\Driver\Pdo;
+use Zend\Db\Adapter\Exception;
+
class Sqlite implements PlatformInterface
{
+ /** @var \PDO */
+ protected $resource = null;
+
+ public function __construct($driver = null)
+ {
+ if ($driver) {
+ $this->setDriver($driver);
+ }
+ }
+
+ /**
+ * @param \Zend\Db\Adapter\Driver\Pdo\Pdo||\PDO $driver
+ * @throws \Zend\Db\Adapter\Exception\InvalidArgumentException
+ * @return $this
+ */
+ public function setDriver($driver)
+ {
+ if ($driver instanceof \PDO && $driver->getAttribute(\PDO::ATTR_DRIVER_NAME) == 'sqlite') {
+ $this->resource = $driver;
+ return $this;
+ }
+
+ if ($driver instanceof Pdo\Pdo && $driver->getDatabasePlatformName() == 'Sqlite') {
+ $this->resource = $driver->getConnection()->getResource();
+ return $this;
+ }
+
+ throw new Exception\InvalidArgumentException('$driver must be a Sqlite PDO Zend\Db\Adapter\Driver, Sqlite PDO instance');
+ }
+
/**
* Get name
*
@@ -76,7 +109,30 @@ public function getQuoteValueSymbol()
*/
public function quoteValue($value)
{
- return '\'' . str_replace('\'', '\\' . '\'', $value) . '\'';
+ if ($this->resource instanceof \PDO) {
+ return $this->resource->quote($value);
+ }
+ trigger_error(
+ 'Attempting to quote a value in ' . __CLASS__ . ' without extension/driver support '
+ . 'can introduce security vulnerabilities in a production environment.'
+ );
+ return '\'' . addcslashes($value, "\x00\n\r\\'\"\x1a") . '\'';
+ }
+
+ /**
+ * Quote Trusted Value
+ *
+ * The ability to quote values without notices
+ *
+ * @param $value
+ * @return mixed
+ */
+ public function quoteTrustedValue($value)
+ {
+ if ($this->resource instanceof \PDO) {
+ return $this->resource->quote($value);
+ }
+ return '\'' . addcslashes($value, "\x00\n\r\\'\"\x1a") . '\'';
}
/**
@@ -87,11 +143,14 @@ public function quoteValue($value)
*/
public function quoteValueList($valueList)
{
- $valueList = str_replace('\'', '\\' . '\'', $valueList);
- if (is_array($valueList)) {
- $valueList = implode('\', \'', $valueList);
+ if (!is_array($valueList)) {
+ return $this->quoteValue($valueList);
}
- return '\'' . $valueList . '\'';
+ $value = reset($valueList);
+ do {
+ $valueList[key($valueList)] = $this->quoteValue($value);
+ } while ($value = next($valueList));
+ return implode(', ', $valueList);
}
/**
@@ -137,4 +196,5 @@ public function quoteIdentifierInFragment($identifier, array $safeWords = array(
}
return implode('', $parts);
}
+
}
View
77 library/Zend/Math/Rand.php
@@ -9,11 +9,21 @@
namespace Zend\Math;
+use RandomLib;
+
/**
* Pseudorandom number generator (PRNG)
*/
abstract class Rand
{
+
+ /**
+ * Alternative random byte generator using RandomLib
+ *
+ * @var RandomLib\Generator
+ */
+ protected static $generator = null;
+
/**
* Generate random bytes using OpenSSL or Mcrypt and mt_rand() as fallback
*
@@ -27,34 +37,61 @@ public static function getBytes($length, $strong = false)
if ($length <= 0) {
return false;
}
- if (extension_loaded('openssl')) {
- $rand = openssl_random_pseudo_bytes($length, $secure);
- if ($secure === true) {
- return $rand;
+ $bytes = '';
+ if (function_exists('openssl_random_pseudo_bytes')
+ && (version_compare(PHP_VERSION, '5.3.4') >= 0
+ || strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')
+ ) {
+ $bytes = openssl_random_pseudo_bytes($length, $usable);
+ if (true === $usable) {
+ return $bytes;
}
}
- if (extension_loaded('mcrypt')) {
- // PHP bug #55169
- // @see https://bugs.php.net/bug.php?id=55169
- if (strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN' ||
- version_compare(PHP_VERSION, '5.3.7') >= 0) {
- $rand = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
- if ($rand !== false && strlen($rand) === $length) {
- return $rand;
- }
+ if (function_exists('mcrypt_create_iv')
+ && (version_compare(PHP_VERSION, '5.3.7') >= 0
+ || strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN')
+ ) {
+ $bytes = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
+ if ($bytes !== false && strlen($bytes) === $length) {
+ return $bytes;
}
}
- if ($strong) {
- throw new Exception\RuntimeException(
+ $checkAlternatives = (file_exists('/dev/urandom') && is_readable('/dev/urandom'))
+ || class_exists('\\COM', false);
+ if (true === $strong && false === $checkAlternatives) {
+ throw new Exception\RuntimeException (
'This PHP environment doesn\'t support secure random number generation. ' .
- 'Please consider to install the OpenSSL and/or Mcrypt extensions'
+ 'Please consider installing the OpenSSL and/or Mcrypt extensions'
);
}
- $rand = '';
- for ($i = 0; $i < $length; $i++) {
- $rand .= chr(mt_rand(0, 255));
+ $generator = self::getAlternativeGenerator();
+ return $generator->generate($length);
+ }
+
+ /**
+ * Retrieve a fallback/alternative RNG generator
+ *
+ * @return RandomLib\Generator
+ */
+ public static function getAlternativeGenerator()
+ {
+ if (!is_null(self::$generator)) {
+ return self::$generator;
+ }
+ if (!class_exists('RandomLib\\Factory')) {
+ throw new Exception\RuntimeException(
+ 'The RandomLib fallback pseudorandom number generator (PRNG) '
+ . ' must be installed in the absence of the OpenSSL and '
+ . 'Mcrypt extensions'
+ );
}
- return $rand;
+ $factory = new RandomLib\Factory;
+ $factory->registerSource(
+ 'HashTiming',
+ 'Zend\Math\Source\HashTiming'
+ );
+ self::$generator = $factory->getMediumStrengthGenerator();
+ return self::$generator;
}
/**
View
114 library/Zend/Math/Source/HashTiming.php
@@ -0,0 +1,114 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+namespace Zend\Math\Source;
+
+use RandomLib;
+use SecurityLib\Strength;
+
+/**
+ * Author:
+ * George Argyros <argyros.george@gmail.com>
+ *
+ * Copyright (c) 2012, George Argyros
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the <organization> nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL GEORGE ARGYROS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ *
+ *
+ * The function is providing, at least at the systems tested :),
+ * $len bytes of entropy under any PHP installation or operating system.
+ * The execution time should be at most 10-20 ms in any system.
+ *
+ * Modified by Padraic Brady as part of Zend Framework to use 25% of the
+ * original version's iterations.
+ */
+class HashTiming implements RandomLib\Source
+{
+
+ /**
+ * Return an instance of Strength indicating the strength of the source
+ *
+ * @return Strength An instance of one of the strength classes
+ */
+ public static function getStrength()
+ {
+ return new Strength(Strength::VERYLOW);
+ }
+
+ /**
+ * Generate a random string of the specified size
+ *
+ * @param int $size The size of the requested random string
+ *
+ * @return string A string of the requested size
+ */
+ public function generate($size)
+ {
+ $result = '';
+ $entropy = '';
+ $msec_per_round = 400;
+ $bits_per_round = 2;
+ $total = $size;
+ $bytes = 0;
+ $hash_length = 20;
+ $rounds = 0;
+ while (strlen($result) < $size) {
+ $bytes = ($total > $hash_length)? $hash_length : $total;
+ $total -= $bytes;
+ for ($i=1; $i < 3; $i++) {
+ $t1 = microtime(true);
+ $seed = mt_rand();
+ for ($j=1; $j < 50; $j++) {
+ $seed = sha1($seed);
+ }
+ $t2 = microtime(true);
+ $entropy .= $t1 . $t2;
+ }
+ $div = (int) (($t2 - $t1) * 1000000);
+ if ($div <= 0) {
+ $div = 400;
+ }
+ $rounds = (int) ($msec_per_round * 50 / $div);
+ $iter = $bytes * (int) (ceil(8 / $bits_per_round));
+ for ($i = 0; $i < $iter; $i ++) {
+ $t1 = microtime();
+ $seed = sha1(mt_rand());
+ for ($j = 0; $j < $rounds; $j++) {
+ $seed = sha1($seed);
+ }
+ $t2 = microtime();
+ $entropy .= $t1 . $t2;
+ }
+ $result .= sha1($entropy, true);
+ }
+ return substr($result, 0, $size);
+ }
+
+}
View
3 library/Zend/Math/composer.json
@@ -15,6 +15,9 @@
"require": {
"php": ">=5.3.3"
},
+ "suggest": {
+ "ircmaxell/random-lib": "Fallback random byte generator for Zend\\Math\\Rand if OpenSSL/Mcrypt extensions are unavailable"
+ }
"extra": {
"branch-alias": {
"dev-master": "2.1-dev",
View
16 library/Zend/Mvc/Router/Http/Query.php
@@ -15,6 +15,11 @@
use Zend\Stdlib\ArrayUtils;
use Zend\Stdlib\RequestInterface as Request;
+ /**
+ * Legacy purposes only, to prevent code that uses it from breaking.
+ */
+trigger_error('Query route deprecated as of ZF 2.1.4; use the "query" option of the HTTP router\'s assembling method instead', E_USER_DEPRECATED);
+
/**
* Query route.
*
@@ -82,13 +87,10 @@ public static function factory($options = array())
*/
public function match(Request $request, $pathOffset = null)
{
- if (!method_exists($request, 'getQuery')) {
- return null;
- }
-
- $matches = $this->recursiveUrldecode($request->getQuery()->toArray());
-
- return new RouteMatch(array_merge($this->defaults, $matches));
+ // We don't merge the query parameters into the rotue match here because
+ // of possible security problems. Use the Query object instead which is
+ // included in the Request object.
+ return new RouteMatch($this->defaults);
}
/**
View
2 library/Zend/Version/Version.php
@@ -19,7 +19,7 @@
/**
* Zend Framework version identification - see compareVersion()
*/
- const VERSION = '2.1.4dev';
+ const VERSION = '2.1.4';
/**
* Github Service Identifier for version information is retreived from
View
2 tests/ZendTest/Db/Adapter/Driver/Oci8/ConnectionIntegrationTest.php
@@ -6,7 +6,7 @@
/**
* @group integration
- * @group integration-sqlserver
+ * @group integration-oracle
*/
class ConnectionIntegrationTest extends AbstractIntegrationTest
{
View
2 tests/ZendTest/Db/Adapter/Driver/Oci8/Oci8IntegrationTest.php
@@ -5,7 +5,7 @@
/**
* @group integration
- * @group integration-oci8
+ * @group integration-oracle
*/
class Oci8IntegrationTest extends AbstractIntegrationTest
{
View
2 tests/ZendTest/Db/Adapter/Driver/Oci8/ResultIntegrationTest.php
@@ -5,7 +5,7 @@
/**
* @group integration
- * @group integration-oci8
+ * @group integration-oracle
*/
class ResultIntegrationTest extends \PHPUnit_Framework_TestCase
{
View
2 tests/ZendTest/Db/Adapter/Driver/Sqlsrv/SqlSrvIntegrationTest.php
@@ -5,7 +5,7 @@
/**
* @group integration
- * @group integration-sqlsrv
+ * @group integration-sqlserver
*/
class SqlsrvIntegrationTest extends AbstractIntegrationTest
{
View
2 tests/ZendTest/Db/Adapter/Driver/Sqlsrv/StatementIntegrationTest.php
@@ -6,7 +6,7 @@
/**
* @group integration
- * @group integration-sqlsrv
+ * @group integration-sqlserver
*/
class StatementIntegrationTest extends \PHPUnit_Framework_TestCase
{
View
27 tests/ZendTest/Db/Adapter/Platform/IbmDb2Test.php 100644 → 100755
@@ -86,17 +86,38 @@ public function testGetQuoteValueSymbol()
*/
public function testQuoteValue()
{
+ if (!function_exists('db2_escape_string')) {
+ $this->setExpectedException(
+ 'PHPUnit_Framework_Error',
+ 'Attempting to quote a value in Zend\Db\Adapter\Platform\IbmDb2 without extension/driver support can introduce security vulnerabilities in a production environment'
+ );
+ }
$this->assertEquals("'value'", $this->platform->quoteValue('value'));
}
/**
+ * @covers Zend\Db\Adapter\Platform\IbmDb2::quoteTrustedValue
+ */
+ public function testQuoteTrustedValue()
+ {
+ $this->assertEquals("'value'", $this->platform->quoteTrustedValue('value'));
+ $this->assertEquals("'Foo O''Bar'", $this->platform->quoteTrustedValue("Foo O'Bar"));
+ $this->assertEquals("'''; DELETE FROM some_table; -- '", $this->platform->quoteTrustedValue("'; DELETE FROM some_table; -- "));
+ $this->assertEquals("'\\''; \nDELETE FROM some_table; -- '", $this->platform->quoteTrustedValue("\\'; \nDELETE FROM some_table; -- "));
+ }
+
+ /**
* @covers Zend\Db\Adapter\Platform\IbmDb2::quoteValueList
*/
public function testQuoteValueList()
{
- $this->assertEquals("'Foo O\\'Bar'", $this->platform->quoteValueList("Foo O'Bar"));
- $this->assertEquals("'Foo O\\'Bar'", $this->platform->quoteValueList(array("Foo O'Bar")));
- $this->assertEquals("'value', 'Foo O\\'Bar'", $this->platform->quoteValueList(array('value',"Foo O'Bar")));
+ if (!function_exists('db2_escape_string')) {
+ $this->setExpectedException(
+ 'PHPUnit_Framework_Error',
+ 'Attempting to quote a value in Zend\Db\Adapter\Platform\IbmDb2 without extension/driver support can introduce security vulnerabilities in a production environment'
+ );
+ }
+ $this->assertEquals("'Foo O''Bar'", $this->platform->quoteValueList("Foo O'Bar"));
}
/**
View
45 tests/ZendTest/Db/Adapter/Platform/MysqlIntegrationTest.php
@@ -0,0 +1,45 @@
+<?php
+
+namespace ZendTest\Db\Adapter\Platform;
+
+use Zend\Db\Adapter\Platform\Mysql;
+use Zend\Db\Adapter\Driver\Mysqli;
+use Zend\Db\Adapter\Driver\Pdo;
+
+/**
+ * @group integration
+ * @group integration-mysql
+ */
+class MysqlIntegrationTest extends \PHPUnit_Framework_TestCase
+{
+ public $adapters = array();
+
+ public function testQuoteValueWithMysqli()
+ {
+ if (!$this->adapters['mysqli'] instanceof \Mysqli) {
+ $this->markTestSkipped('MySQL (Mysqli) not configured in unit test configuration file');
+ }
+ $mysql = new Mysql($this->adapters['mysqli']);
+ $value = $mysql->quoteValue('value');
+ $this->assertEquals('\'value\'', $value);
+
+ $mysql = new Mysql(new Mysqli\Mysqli(new Mysqli\Connection($this->adapters['mysqli'])));
+ $value = $mysql->quoteValue('value');
+ $this->assertEquals('\'value\'', $value);
+
+ }
+
+ public function testQuoteValueWithPdoMysql()
+ {
+ if (!$this->adapters['pdo_mysql'] instanceof \PDO) {
+ $this->markTestSkipped('MySQL (PDO_Mysql) not configured in unit test configuration file');
+ }
+ $mysql = new Mysql($this->adapters['pdo_mysql']);
+ $value = $mysql->quoteValue('value');
+ $this->assertEquals('\'value\'', $value);
+
+ $mysql = new Mysql(new Pdo\Pdo(new Pdo\Connection($this->adapters['pdo_mysql'])));
+ $value = $mysql->quoteValue('value');
+ $this->assertEquals('\'value\'', $value);
+ }
+}
View
23 tests/ZendTest/Db/Adapter/Platform/MysqlTest.php
@@ -80,17 +80,36 @@ public function testGetQuoteValueSymbol()
*/
public function testQuoteValue()
{
+ $this->setExpectedException(
+ 'PHPUnit_Framework_Error',
+ 'Attempting to quote a value in Zend\Db\Adapter\Platform\Mysql without extension/driver support can introduce security vulnerabilities in a production environment'
+ );
$this->assertEquals("'value'", $this->platform->quoteValue('value'));
}
/**
+ * @covers Zend\Db\Adapter\Platform\Mysql::quoteTrustedValue
+ */
+ public function testQuoteTrustedValue()
+ {
+ $this->assertEquals("'value'", $this->platform->quoteTrustedValue('value'));
+ $this->assertEquals("'Foo O\\'Bar'", $this->platform->quoteTrustedValue("Foo O'Bar"));
+ $this->assertEquals('\'\\\'; DELETE FROM some_table; -- \'', $this->platform->quoteTrustedValue('\'; DELETE FROM some_table; -- '));
+
+ // '\\\'; DELETE FROM some_table; -- ' <- actual below
+ $this->assertEquals("'\\\\\\'; DELETE FROM some_table; -- '", $this->platform->quoteTrustedValue('\\\'; DELETE FROM some_table; -- '));
+ }
+
+ /**
* @covers Zend\Db\Adapter\Platform\Mysql::quoteValueList
*/
public function testQuoteValueList()
{
+ $this->setExpectedException(
+ 'PHPUnit_Framework_Error',
+ 'Attempting to quote a value in Zend\Db\Adapter\Platform\Mysql without extension/driver support can introduce security vulnerabilities in a production environment'
+ );
$this->assertEquals("'Foo O\\'Bar'", $this->platform->quoteValueList("Foo O'Bar"));
- $this->assertEquals("'Foo O\\'Bar'", $this->platform->quoteValueList(array("Foo O'Bar")));
- $this->assertEquals("'value', 'Foo O\\'Bar'", $this->platform->quoteValueList(array('value',"Foo O'Bar")));
}
/**
View
23 tests/ZendTest/Db/Adapter/Platform/OracleTest.php
@@ -83,17 +83,36 @@ public function testGetQuoteValueSymbol()
*/
public function testQuoteValue()
{
+ $this->setExpectedException(
+ 'PHPUnit_Framework_Error',
+ 'Attempting to quote a value in Zend\Db\Adapter\Platform\Oracle without extension/driver support can introduce security vulnerabilities in a production environment'
+ );
$this->assertEquals("'value'", $this->platform->quoteValue('value'));
}
/**
+ * @covers Zend\Db\Adapter\Platform\Oracle::quoteTrustedValue
+ */
+ public function testQuoteTrustedValue()
+ {
+ $this->assertEquals("'value'", $this->platform->quoteTrustedValue('value'));
+ $this->assertEquals("'Foo O\\'Bar'", $this->platform->quoteTrustedValue("Foo O'Bar"));
+ $this->assertEquals('\'\\\'; DELETE FROM some_table; -- \'', $this->platform->quoteTrustedValue('\'; DELETE FROM some_table; -- '));
+
+ // '\\\'; DELETE FROM some_table; -- ' <- actual below
+ $this->assertEquals("'\\\\\\'; DELETE FROM some_table; -- '", $this->platform->quoteTrustedValue('\\\'; DELETE FROM some_table; -- '));
+ }
+
+ /**
* @covers Zend\Db\Adapter\Platform\Oracle::quoteValueList
*/
public function testQuoteValueList()
{
+ $this->setExpectedException(
+ 'PHPUnit_Framework_Error',
+ 'Attempting to quote a value in Zend\Db\Adapter\Platform\Oracle without extension/driver support can introduce security vulnerabilities in a production environment'
+ );
$this->assertEquals("'Foo O\\'Bar'", $this->platform->quoteValueList("Foo O'Bar"));
- $this->assertEquals("'Foo O\\'Bar'", $this->platform->quoteValueList(array("Foo O'Bar")));
- $this->assertEquals("'value', 'Foo O\\'Bar'", $this->platform->quoteValueList(array('value',"Foo O'Bar")));
}
/**
View
47 tests/ZendTest/Db/Adapter/Platform/PostgresqlIntegrationTest.php
@@ -0,0 +1,47 @@
+<?php
+
+namespace ZendTest\Db\Adapter\Platform;
+
+use Zend\Db\Adapter\Platform\Postgresql;
+use Zend\Db\Adapter\Driver\Pgsql;
+use Zend\Db\Adapter\Driver\Pdo;
+
+/**
+ * @group integration
+ * @group integration-postgres
+ */
+class PostgresIntegrationTest extends \PHPUnit_Framework_TestCase
+{
+
+ public $adapters = array();
+
+ public function testQuoteValueWithPgsql()
+ {
+ if (!is_resource($this->adapters['pgsql'])) {
+ $this->markTestSkipped('Postgres (pgsql) not configured in unit test configuration file');
+ }
+ $pgsql = new Postgresql($this->adapters['pgsql']);
+ $value = $pgsql->quoteValue('value');
+ $this->assertEquals('\'value\'', $value);
+
+ $pgsql = new Postgresql(new Pgsql\Pgsql(new Pgsql\Connection($this->adapters['pgsql'])));
+ $value = $pgsql->quoteValue('value');
+ $this->assertEquals('\'value\'', $value);
+
+ }
+
+ public function testQuoteValueWithPdoPgsql()
+ {
+ if (!$this->adapters['pdo_pgsql'] instanceof \PDO) {
+ $this->markTestSkipped('Postgres (PDO_PGSQL) not configured in unit test configuration file');
+ }
+ $pgsql = new Postgresql($this->adapters['pdo_pgsql']);
+ $value = $pgsql->quoteValue('value');
+ $this->assertEquals('\'value\'', $value);
+
+ $pgsql = new Postgresql(new Pdo\Pdo(new Pdo\Connection($this->adapters['pdo_pgsql'])));
+ $value = $pgsql->quoteValue('value');
+ $this->assertEquals('\'value\'', $value);
+ }
+
+}
View
23 tests/ZendTest/Db/Adapter/Platform/PostgresqlTest.php
@@ -75,17 +75,36 @@ public function testGetQuoteValueSymbol()
*/
public function testQuoteValue()
{
+ $this->setExpectedException(
+ 'PHPUnit_Framework_Error',
+ 'Attempting to quote a value in Zend\Db\Adapter\Platform\Postgresql without extension/driver support can introduce security vulnerabilities in a production environment'
+ );
$this->assertEquals("'value'", $this->platform->quoteValue('value'));
}
/**
+ * @covers Zend\Db\Adapter\Platform\Postgresql::quoteTrustedValue
+ */
+ public function testQuoteTrustedValue()
+ {
+ $this->assertEquals("'value'", $this->platform->quoteTrustedValue('value'));
+ $this->assertEquals("'Foo O\\'Bar'", $this->platform->quoteTrustedValue("Foo O'Bar"));
+ $this->assertEquals('\'\\\'; DELETE FROM some_table; -- \'', $this->platform->quoteTrustedValue('\'; DELETE FROM some_table; -- '));
+
+ // '\\\'; DELETE FROM some_table; -- ' <- actual below
+ $this->assertEquals("'\\\\\\'; DELETE FROM some_table; -- '", $this->platform->quoteTrustedValue('\\\'; DELETE FROM some_table; -- '));
+ }
+
+ /**
* @covers Zend\Db\Adapter\Platform\Postgresql::quoteValueList
*/
public function testQuoteValueList()
{
+ $this->setExpectedException(
+ 'PHPUnit_Framework_Error',
+ 'Attempting to quote a value in Zend\Db\Adapter\Platform\Postgresql without extension/driver support can introduce security vulnerabilities in a production environment'
+ );
$this->assertEquals("'Foo O\\'Bar'", $this->platform->quoteValueList("Foo O'Bar"));
- $this->assertEquals("'Foo O\\'Bar'", $this->platform->quoteValueList(array("Foo O'Bar")));
- $this->assertEquals("'value', 'Foo O\\'Bar'", $this->platform->quoteValueList(array('value',"Foo O'Bar")));
}
/**
View
23 tests/ZendTest/Db/Adapter/Platform/Sql92Test.php
@@ -75,17 +75,36 @@ public function testGetQuoteValueSymbol()
*/
public function testQuoteValue()
{
+ $this->setExpectedException(
+ 'PHPUnit_Framework_Error',
+ 'Attempting to quote a value without specific driver level support can introduce security vulnerabilities in a production environment.'
+ );
$this->assertEquals("'value'", $this->platform->quoteValue('value'));
}
/**
+ * @covers Zend\Db\Adapter\Platform\Sql92::quoteTrustedValue
+ */
+ public function testQuoteTrustedValue()
+ {
+ $this->assertEquals("'value'", $this->platform->quoteTrustedValue('value'));
+ $this->assertEquals("'Foo O\\'Bar'", $this->platform->quoteTrustedValue("Foo O'Bar"));
+ $this->assertEquals('\'\\\'; DELETE FROM some_table; -- \'', $this->platform->quoteTrustedValue('\'; DELETE FROM some_table; -- '));
+
+ // '\\\'; DELETE FROM some_table; -- ' <- actual below
+ $this->assertEquals("'\\\\\\'; DELETE FROM some_table; -- '", $this->platform->quoteTrustedValue('\\\'; DELETE FROM some_table; -- '));
+ }
+
+ /**
* @covers Zend\Db\Adapter\Platform\Sql92::quoteValueList
*/
public function testQuoteValueList()
{
+ $this->setExpectedException(
+ 'PHPUnit_Framework_Error',
+ 'Attempting to quote a value without specific driver level support can introduce security vulnerabilities in a production environment.'
+ );
$this->assertEquals("'Foo O\\'Bar'", $this->platform->quoteValueList("Foo O'Bar"));
- $this->assertEquals("'Foo O\\'Bar'", $this->platform->quoteValueList(array("Foo O'Bar")));
- $this->assertEquals("'value', 'Foo O\\'Bar'", $this->platform->quoteValueList(array('value',"Foo O'Bar")));
}
/**
View
26 tests/ZendTest/Db/Adapter/Platform/SqlServerIntegrationTest.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace ZendTest\Db\Adapter\Platform;
+
+use Zend\Db\Adapter\Platform\SqlServer;
+use Zend\Db\Adapter\Driver\Sqlsrv;
+
+/**
+ * @group integration
+ * @group integration-sqlserver
+ */
+class SqlServerIntegrationTest extends \PHPUnit_Framework_TestCase
+{
+ public $adapters = array();
+
+ public function testQuoteValueWithSqlServer()
+ {
+ if (!$this->adapters['pdo_sqlsrv']) {
+ $this->markTestSkipped('SQLServer (pdo_sqlsrv) not configured in unit test configuration file');
+ }
+ $sqlite = new SqlServer($this->adapters['pdo_sqlsrv']);
+ $value = $sqlite->quoteValue('value');
+ $this->assertEquals('\'value\'', $value);
+
+ }
+}
View
21 tests/ZendTest/Db/Adapter/Platform/SqlServerTest.php
@@ -75,17 +75,34 @@ public function testGetQuoteValueSymbol()
*/
public function testQuoteValue()
{
+ $this->setExpectedException(
+ 'PHPUnit_Framework_Error',
+ 'Attempting to quote a value in Zend\Db\Adapter\Platform\SqlServer without extension/driver support can introduce security vulnerabilities in a production environment'
+ );
$this->assertEquals("'value'", $this->platform->quoteValue('value'));
}
/**
+ * @covers Zend\Db\Adapter\Platform\SqlServer::quoteTrustedValue
+ */
+ public function testQuoteTrustedValue()
+ {
+ $this->assertEquals("'value'", $this->platform->quoteTrustedValue('value'));
+ $this->assertEquals("'Foo O''Bar'", $this->platform->quoteTrustedValue("Foo O'Bar"));
+ $this->assertEquals("'''; DELETE FROM some_table; -- '", $this->platform->quoteTrustedValue('\'; DELETE FROM some_table; -- '));
+ $this->assertEquals("'\\''; DELETE FROM some_table; -- '", $this->platform->quoteTrustedValue('\\\'; DELETE FROM some_table; -- '));
+ }
+
+ /**
* @covers Zend\Db\Adapter\Platform\SqlServer::quoteValueList
*/
public function testQuoteValueList()
{
+ $this->setExpectedException(
+ 'PHPUnit_Framework_Error',
+ 'Attempting to quote a value in Zend\Db\Adapter\Platform\SqlServer without extension/driver support can introduce security vulnerabilities in a production environment'
+ );
$this->assertEquals("'Foo O''Bar'", $this->platform->quoteValueList("Foo O'Bar"));
- $this->assertEquals("'Foo O''Bar'", $this->platform->quoteValueList(array("Foo O'Bar")));
- $this->assertEquals("'value', 'Foo O''Bar'", $this->platform->quoteValueList(array('value',"Foo O'Bar")));
}
/**
View
29 tests/ZendTest/Db/Adapter/Platform/SqliteIntegrationTest.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace ZendTest\Db\Adapter\Platform;
+
+use Zend\Db\Adapter\Platform\Sqlite;
+use Zend\Db\Adapter\Driver\Pdo;
+
+/**
+ * @group integration
+ * @group integration-sqlite
+ */
+class SqliteIntegrationTest extends \PHPUnit_Framework_TestCase
+{
+ public $adapters = array();
+
+ public function testQuoteValueWithPdoSqlite()
+ {
+ if (!$this->adapters['pdo_sqlite'] instanceof \PDO) {
+ $this->markTestSkipped('SQLite (PDO_SQLITE) not configured in unit test configuration file');
+ }
+ $sqlite = new Sqlite($this->adapters['pdo_sqlite']);
+ $value = $sqlite->quoteValue('value');
+ $this->assertEquals('\'value\'', $value);
+
+ $sqlite = new Sqlite(new Pdo\Pdo(new Pdo\Connection($this->adapters['pdo_sqlite'])));
+ $value = $sqlite->quoteValue('value');
+ $this->assertEquals('\'value\'', $value);
+ }
+}
View
23 tests/ZendTest/Db/Adapter/Platform/SqliteTest.php
@@ -75,17 +75,36 @@ public function testGetQuoteValueSymbol()
*/
public function testQuoteValue()
{
+ $this->setExpectedException(
+ 'PHPUnit_Framework_Error',
+ 'Attempting to quote a value in Zend\Db\Adapter\Platform\Sqlite without extension/driver support can introduce security vulnerabilities in a production environment'
+ );
$this->assertEquals("'value'", $this->platform->quoteValue('value'));
}
/**
+ * @covers Zend\Db\Adapter\Platform\Sqlite::quoteTrustedValue
+ */
+ public function testQuoteTrustedValue()
+ {
+ $this->assertEquals("'value'", $this->platform->quoteTrustedValue('value'));
+ $this->assertEquals("'Foo O\\'Bar'", $this->platform->quoteTrustedValue("Foo O'Bar"));
+ $this->assertEquals('\'\\\'; DELETE FROM some_table; -- \'', $this->platform->quoteTrustedValue('\'; DELETE FROM some_table; -- '));
+
+ // '\\\'; DELETE FROM some_table; -- ' <- actual below
+ $this->assertEquals("'\\\\\\'; DELETE FROM some_table; -- '", $this->platform->quoteTrustedValue('\\\'; DELETE FROM some_table; -- '));
+ }
+
+ /**
* @covers Zend\Db\Adapter\Platform\Sqlite::quoteValueList
*/
public function testQuoteValueList()
{
+ $this->setExpectedException(
+ 'PHPUnit_Framework_Error',
+ 'Attempting to quote a value in Zend\Db\Adapter\Platform\Sqlite without extension/driver support can introduce security vulnerabilities in a production environment'
+ );
$this->assertEquals("'Foo O\\'Bar'", $this->platform->quoteValueList("Foo O'Bar"));
- $this->assertEquals("'Foo O\\'Bar'", $this->platform->quoteValueList(array("Foo O'Bar")));
- $this->assertEquals("'value', 'Foo O\\'Bar'", $this->platform->quoteValueList(array('value',"Foo O'Bar")));
}
/**
View
142 tests/ZendTest/Db/IntegrationTestListener.php
@@ -0,0 +1,142 @@
+<?php
+
+namespace ZendTest\Db;
+
+use Exception;
+
+use PHPUnit_Framework_AssertionFailedError;
+use PHPUnit_Framework_Test;
+use PHPUnit_Framework_TestListener;
+use PHPUnit_Framework_TestSuite;
+
+class IntegrationTestListener implements PHPUnit_Framework_TestListener
+{
+
+ protected $adapters = array(
+ 'mysqli' => null,
+ 'pdo_mysql' => null,
+ 'pgsql' => null,
+ 'pdo_pgsql' => null,
+ 'pdo_sqlite' => null,
+ 'sqlsrv' => null,
+ 'pdo_sqlsrv' => null,
+ );
+
+ public function __construct()
+ {
+ if (isset($GLOBALS['ZEND_DB_ADAPTER_DRIVER_MYSQL_HOSTNAME'])) {
+ if (extension_loaded('mysqli')) {
+ $this->adapters['mysqli'] = new \mysqli(
+ $GLOBALS['ZEND_DB_ADAPTER_DRIVER_MYSQL_HOSTNAME'],
+ $GLOBALS['ZEND_DB_ADAPTER_DRIVER_MYSQL_USERNAME'],
+ $GLOBALS['ZEND_DB_ADAPTER_DRIVER_MYSQL_PASSWORD'],
+ $GLOBALS['ZEND_DB_ADAPTER_DRIVER_MYSQL_DATABASE']
+ );
+ }
+ if (extension_loaded('pdo')) {
+ $this->adapters['pdo_mysql'] = new \Pdo(
+ 'mysql:host=' . $GLOBALS['ZEND_DB_ADAPTER_DRIVER_MYSQL_HOSTNAME'] . ';dbname=' . $GLOBALS['ZEND_DB_ADAPTER_DRIVER_MYSQL_DATABASE'],
+ $GLOBALS['ZEND_DB_ADAPTER_DRIVER_MYSQL_USERNAME'],
+ $GLOBALS['ZEND_DB_ADAPTER_DRIVER_MYSQL_PASSWORD']
+ );
+ }
+ }
+ if (isset($GLOBALS['ZEND_DB_ADAPTER_DRIVER_PGSQL_HOSTNAME'])) {
+ if (extension_loaded('pgsql')) {
+ $this->adapters['pgsql'] = pg_connect(
+ 'host=' . $GLOBALS['ZEND_DB_ADAPTER_DRIVER_PGSQL_HOSTNAME']
+ . ' dbname=' . $GLOBALS['ZEND_DB_ADAPTER_DRIVER_PGSQL_DATABASE']
+ . ' user=' . $GLOBALS['ZEND_DB_ADAPTER_DRIVER_PGSQL_USERNAME']
+ . ' password=' . $GLOBALS['ZEND_DB_ADAPTER_DRIVER_PGSQL_PASSWORD']
+ );
+ }
+ if (extension_loaded('pdo')) {
+ $this->adapters['pdo_pgsql'] = new \Pdo(
+ 'pgsql:host=' . $GLOBALS['ZEND_DB_ADAPTER_DRIVER_PGSQL_HOSTNAME'] . ';dbname=' . $GLOBALS['ZEND_DB_ADAPTER_DRIVER_PGSQL_DATABASE'],
+ $GLOBALS['ZEND_DB_ADAPTER_DRIVER_PGSQL_USERNAME'],
+ $GLOBALS['ZEND_DB_ADAPTER_DRIVER_PGSQL_PASSWORD']
+ );
+ }
+ }
+ if (isset($GLOBALS['ZEND_DB_ADAPTER_DRIVER_SQLITE_MEMORY'])) {
+ if (extension_loaded('pdo')) {
+ $this->adapters['pdo_sqlite'] = new \Pdo(
+ 'sqlite::memory:'
+ );
+ }
+ }
+ if (isset($GLOBALS['ZEND_DB_ADAPTER_DRIVER_SQLSRV_HOSTNAME'])) {
+ if (extension_loaded('sqlsrv')) {
+ $this->adapters['sqlsrv'] = sqlsrv_connect(
+ $GLOBALS['ZEND_DB_ADAPTER_DRIVER_SQLSRV_HOSTNAME'],
+ array(
+ 'UID' => $GLOBALS['ZEND_DB_ADAPTER_DRIVER_SQLSRV_USERNAME'],
+ 'PWD' => $GLOBALS['ZEND_DB_ADAPTER_DRIVER_SQLSRV_PASSWORD'],
+ 'Database' => (isset($GLOBALS['ZEND_DB_ADAPTER_DRIVER_SQLSRV_DATABASE'])
+ ? $GLOBALS['ZEND_DB_ADAPTER_DRIVER_SQLSRV_DATABASE'] : null)
+ )
+ );
+ if (!$this->adapters['sqlsrv']) {
+ var_dump(sqlsrv_errors());
+ exit;
+ }
+ }
+ if (extension_loaded('pdo')) {
+ $this->adapters['pdo_sqlsrv'] = new \Pdo(
+ 'sqlsrv:Server=' . $GLOBALS['ZEND_DB_ADAPTER_DRIVER_SQLSRV_HOSTNAME']
+ . ';Database=' . (isset($GLOBALS['ZEND_DB_ADAPTER_DRIVER_SQLSRV_DATABASE'])
+ ? $GLOBALS['ZEND_DB_ADAPTER_DRIVER_SQLSRV_DATABASE'] : null),
+ $GLOBALS['ZEND_DB_ADAPTER_DRIVER_SQLSRV_USERNAME'],
+ $GLOBALS['ZEND_DB_ADAPTER_DRIVER_SQLSRV_PASSWORD']
+ );
+ }
+ }
+ }
+
+ /** methods required for the listener interface compliance */
+ public function addError(PHPUnit_Framework_Test $test, Exception $e, $time) {}
+ public function addFailure(PHPUnit_Framework_Test $test, PHPUnit_Framework_AssertionFailedError $e, $time) {}
+ public function addIncompleteTest(PHPUnit_Framework_Test $test, Exception $e, $time) {}
+ public function addSkippedTest(PHPUnit_Framework_Test $test, Exception $e, $time) {}
+ public function startTestSuite(PHPUnit_Framework_TestSuite $suite) {}
+ public function endTestSuite(PHPUnit_Framework_TestSuite $suite) {}
+
+ /**
+ * A test started.
+ *
+ * @param PHPUnit_Framework_Test $test
+ */
+ public function startTest(PHPUnit_Framework_Test $test)
+ {
+ /** @var $test \PHPUnit_Framework_TestCase */
+ $testcase = get_class($test);
+ if (strpos($testcase, 'ZendTest\Db') === 0 && strpos($testcase, 'Integration')) {
+ $refObj = new \ReflectionObject($test);
+ if ($refObj->hasProperty('adapters')) {
+ $refProp = $refObj->getProperty('adapters');
+ $refProp->setAccessible(true);
+ $refProp->setValue($test, $this->adapters);
+ }
+ }
+ }
+
+ /**
+ * A test ended.
+ *
+ * @param PHPUnit_Framework_Test $test
+ * @param float $time
+ */
+ public function endTest(PHPUnit_Framework_Test $test, $time)
+ {
+ /** @var $test \PHPUnit_Framework_TestCase */
+ $testcase = get_class($test);
+ if (strpos($testcase, 'ZendTest\Db') === 0 && strpos($testcase, 'Integration')) {
+ $refObj = new \ReflectionObject($test);
+ if ($refObj->hasProperty('adapters')) {
+ $refProp = $refObj->getProperty('adapters');
+ $refProp->setAccessible(true);
+ $refProp->setValue($test, array());
+ }
+ }
+ }
+}
View
4 tests/ZendTest/Db/Sql/AbstractSqlTest.php
@@ -13,9 +13,9 @@
use Zend\Db\Sql\Expression;
use Zend\Db\Sql\ExpressionInterface;
use Zend\Db\Adapter\Driver\DriverInterface;
-use Zend\Db\Adapter\Platform\Sql92;
use Zend\Db\Sql\Predicate;
use Zend\Db\Sql\Select;
+use ZendTest\Db\TestAsset\TrustingSql92Platform;
class AbstractSqlTest extends \PHPUnit_Framework_TestCase
{
@@ -135,7 +135,7 @@ protected function invokeProcessExpressionMethod(ExpressionInterface $expression
{
$method = new \ReflectionMethod($this->abstractSql, 'processExpression');
$method->setAccessible(true);
- return $method->invoke($this->abstractSql, $expression, new Sql92, $driver);
+ return $method->invoke($this->abstractSql, $expression, new TrustingSql92Platform, $driver);
}
}