Skip to content

Commit

Permalink
MDL-32112 validate table name restrictions in sql_generator
Browse files Browse the repository at this point in the history
  • Loading branch information
@skodak
skodak committed Mar 24, 2012
1 parent 6cfade8 commit f9090b1
Show file tree
Hide file tree
Showing 3 changed files with 70 additions and 0 deletions.
46 changes: 46 additions & 0 deletions lib/ddl/simpletest/testddl.php
View file
Expand Up @@ -311,6 +311,52 @@ public function test_create_table() {
$this->assertTrue($e instanceof ddl_exception);
}

// long table name names - the largest allowed
$table = new xmldb_table('abcdef____0123456789_____xyz');
$table->add_field('id', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, XMLDB_SEQUENCE, null);
$table->add_field('course', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, '2');
$table->add_key('primary', XMLDB_KEY_PRIMARY, array('id'));
$table->setComment("This is a test'n drop table. You can drop it safely");

$this->tables[$table->getName()] = $table;

$dbman->create_table($table);
$this->assertTrue($dbman->table_exists($table));
$dbman->drop_table($table);

// table name is too long
$table = new xmldb_table('abcdef____0123456789_____xyz9');
$table->add_field('id', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, XMLDB_SEQUENCE, null);
$table->add_field('course', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, '2');
$table->add_key('primary', XMLDB_KEY_PRIMARY, array('id'));
$table->setComment("This is a test'n drop table. You can drop it safely");

$this->tables[$table->getName()] = $table;

try {
$dbman->create_table($table);
$this->fail('Exception expected');
} catch (Exception $e) {
$this->assertIdentical(get_class($e), 'coding_exception');
}

// invalid table name
$table = new xmldb_table('abCD');
$table->add_field('id', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, XMLDB_SEQUENCE, null);
$table->add_field('course', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, '2');
$table->add_key('primary', XMLDB_KEY_PRIMARY, array('id'));
$table->setComment("This is a test'n drop table. You can drop it safely");

$this->tables[$table->getName()] = $table;

try {
$dbman->create_table($table);
$this->fail('Exception expected');
} catch (Exception $e) {
$this->assertIdentical(get_class($e), 'coding_exception');
}


// weird column names - the largest allowed
$table = new xmldb_table('test_table3');
$table->add_field('id', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, XMLDB_SEQUENCE, null);
Expand Down
3 changes: 3 additions & 0 deletions lib/ddl/sql_generator.php
View file
Expand Up @@ -292,6 +292,9 @@ public function getTableName(xmldb_table $xmldb_table, $quoted=true) {
* by any of its comments, indexes and sequence creation SQL statements.
*/
public function getCreateTableSQL($xmldb_table) {
if ($error = $xmldb_table->validateDefinition()) {
throw new coding_exception($error);
}

$results = array(); //Array where all the sentences will be stored

Expand Down
21 changes: 21 additions & 0 deletions lib/xmldb/xmldb_table.php
View file
Expand Up @@ -660,6 +660,27 @@ function calculateHash($recursive = false) {
}

/**
* Validates the table restrictions (does not validate child elements).
*
* The error message should not be localised because it is intended for developers,
* end users and admins should never see these problems!
*
* @param xmldb_table $xmldb_table optional when object is table
* @return string null if ok, error message if problem found
*/
function validateDefinition(xmldb_table $xmldb_table=null) {
// table parameter is ignored
$name = $this->getName();
if (strlen($name) > 28) {
return 'Invalid table name {'.$name.'}: name is too long. Limit is 28 chars.';
}
if (!preg_match('/^[a-z][a-z0-9_]*$/', $name)) {
return 'Invalid table name {'.$name.'}: name includes invalid characters.';
}

return null;
}
/**
* This function will output the XML text for one table
*/
function xmlOutput() {
Expand Down

0 comments on commit f9090b1

Please sign in to comment.