Please sign in to comment.
SQL injection fix: Coerce offset and limit values to integers (#1054)
* Use HTTPS repository URL for PEAR Fixes this installation error: PEAR repository from http://pear.php.net could not be loaded. Your configuration does not allow connections to http://pear.php.net/channel.xml. See https://getcomposer.org/doc/06-config.md#secure-http for details. * Fix fatal error in some versions of PHP `$buildScopeVars` is initialized as a string but later appended to as an array via `$buildScopeVars = …`. This throws a fatal error in some versions of PHP. The fix was to re-initialize it to an array before appending values. * Include PHPUnit in dev dependencies This avoids having to download it separately, especially since the tests only work with PHPUnit < 6 * Cast limit to integer when setting via Criteria::setLimit() This prevents SQL injection via limit() and is a similar fix as the one added to Propel2 . See that pull request for details.  propelorm/Propel2#1465 * Coerce offset and limit values to integers for MySQL LIMIT clause When constructing a MySQL LIMIT clause, values for the offset and limit are coerced to integers. This prevents arbitrary SQL from being injected via a query limit. Example: UserQuery::create()->limit('1;DROP TABLE users')->find(); Previously, this would have injected `DROP TABLE users` into the generated SQL. Now, the limit value would be coerced to the integer `1`. This is similar to the fix for Propel2 . Fixes #1052  propelorm/Propel2#1464 * Update Travis configuration to use installed phpunit From dev dependencies. * Update Travis config to support PHP 5.3 correctly Per https://docs.travis-ci.com/user/reference/trusty#PHP-images * Fix encoding issues in tests h/t @smhg
- Loading branch information
Showing with 350 additions and 11 deletions.
- +4 −2 .travis.yml
- +3 −2 composer.json
- +1 −0 generator/lib/behavior/sortable/SortableBehavior.php
- +3 −0 runtime/lib/adapter/DBMySQL.php
- +2 −4 runtime/lib/query/Criteria.php
- +2 −0 test/fixtures/reverse/mysql/build/sql/schema.sql
- +188 −0 test/testsuite/runtime/adapter/DBMySQLTest.php
- +147 −3 test/testsuite/runtime/query/CriteriaTest.php
Oops, something went wrong.