Permalink
Commits on Feb 19, 2018
  1. added note about Propel2 project status.

    marcj committed Feb 19, 2018
  2. SQL injection fix: Cast limit to integer when setting via Criteria::s…

    mpetrovich authored and marcj committed Feb 19, 2018
    …etLimit() (#1465)
    
    * Cast limit to integer when setting via Criteria::setLimit()
    
    This is a followup to a fix for SQL injections with LIMIT clauses in MySQL [1]. That fix only applied to the MySQL adapter, and other existing or future adapters could still be at risk.
    
    By coercing limit inputs to integers upon setting them, we can avoid SQL injection vulnerabilities with `limit()` across all database adapters.
    
    The original code comments implied that integer coercion could be problematic with 32-bit integers, but unit tests in this PR prove otherwise. Even 64-bit integers seem to work fine.
    
    [1] #1464
    
    * Add missing tests for setOffset()
    
    * Remove note about 32-bit truncation
    
    Unit tests show that even 64-bit integers aren't truncated.
Commits on Feb 16, 2018
  1. Coerce offset and limit values to integers for MySQL LIMIT clause (#1464

    mpetrovich authored and marcj committed Feb 16, 2018
    )
    
    When constructing a MySQL LIMIT clause, values for the offset and limit are coerced to integers. This prevents arbitrary SQL from being injected via a query limit. Example:
    
        UserQuery::create()->limit('1;DROP TABLE users')->find();
    
    Previously, this would have injected `DROP TABLE users` into the generated SQL. Now, the limit value would be coerced to the integer `1`.
    
    Fixes #1463
Commits on Feb 12, 2018
  1. Format parameter can be null (#1462)

    timoschwarzer authored and marcj committed Feb 12, 2018
  2. #1447. On preInsert object in TimestampableBehavior we get different…

    eugenekurasov authored and marcj committed Feb 12, 2018
    … dataTime. (#1457)
    
    For solve this situation we need available set same time on create and update field.
Commits on Feb 7, 2018
  1. Fix getPrimaryKeyFromRow for custom php types (#1397)

    jaspervdm authored and marcj committed Feb 7, 2018
  2. Address failed tests after applying fix for issue #1425 (#1449)

    Gomes81 authored and marcj committed Feb 7, 2018
    Address failed tests after applying fix for issue #1425 which is ralated to the countable issue in php 7.2.
Commits on Jan 27, 2018
  1. Fix test suite and init command (#1452)

    cristianoc72 authored and marcj committed Jan 27, 2018
    * Fix test suite
    
    Fix #1450
    
    * Fix init command
    
    Fix `Propel\Generator\Command\InitCommand` to work with `symfony\console` v. 4.0.
    This PR fixes #1451
    
    * Add InitCommand test
    
    Add test for `Propel\Generator\Command\InitCommand` class.
    
    * Update .travis.yml
    
    Remove Postgresql 9.1 from build matrix and add Postgresql 9.5 and 9.6.
    Fix #1453
Commits on Jan 16, 2018
  1. Make offsetGet compatible with the parent's offsetGet method (#1446)

    timoschwarzer authored and marcj committed Jan 16, 2018
    This prevents fatal errors with PHP 7.2.
Commits on Jan 9, 2018
  1. Added referenceOnly attribute to external-schema (#1439)

    JonasRudolph authored and marcj committed Jan 9, 2018
    I use this xsd file in my IDE and it always complains, that the referenceOnly-attribute 'is not allowed here', even though it is [0]. Thats why I would like this to be merged :)
    
    [0]: http://propelorm.org/documentation/reference/schema.html#external-schema-element
  2. address countable issue in php7.2 (#1425)

    cbschuld authored and marcj committed Jan 9, 2018
    * address countable issue in php7.2 and update if/else sturcture for unnecessary else
    
    * removed unnecessary else
  3. Added php 7.2 in travis (#1415)

    Big-Shark authored and marcj committed Jan 9, 2018
  4. improved formatting speed (#1428)

    prgTW authored and marcj committed Jan 9, 2018
    serialize primary key only once
  5. Symfony 4 compatibility (#1434)

    cristianoc72 authored and marcj committed Jan 9, 2018
Commits on Oct 2, 2017
  1. Fix vendorInfo handling for foreign keys and add support for postgres…

    NicolaF authored and marcj committed Oct 2, 2017
    … deferrable FK constraints (#1418)
    
    * Fix #1416: Fix vendorInfo handling for foreign keys
    
    * Fix #1417: vendor/pgsql: add supoport for deferrable constraints
  2. Throw original exception in criteria file (#1422)

    Big-Shark authored and marcj committed Oct 2, 2017
Commits on Aug 25, 2017
  1. Fix issue #1406 : diff issue with CURRENT_TIMESTAMP on maria 10.2 (#1407

    wollanup authored and marcj committed Aug 25, 2017
    )
    
    In mariadb 10.2 `CURRENT_TIMESTAMP` is replaced by`current_timestamp()` in `SHOW COLUMNS FROM my_table`
Commits on Aug 14, 2017
  1. Remove tailing hashes (#1401)

    wdhwg001 authored and marcj committed Aug 14, 2017
    It is recommended to write hashes only on the left side, not wrapping the title up.
  2. Fix Gitter (#1402)

    wdhwg001 authored and marcj committed Aug 14, 2017
    A valid URL cannot contain raw whitespaces.
  3. PHP Warning in Profiler (#1400)

    Big-Shark authored and marcj committed Aug 14, 2017
Commits on Aug 9, 2017
  1. fix ObjectBuilder addFKAccessor reference to int (#1399)

    ktret authored and marcj committed Aug 9, 2017
    php type is int, not integer.
Commits on Aug 4, 2017
  1. spell DECIMAL correctly in isNumber function (#1398)

    ktret authored and marcj committed Aug 4, 2017
  2. Fix json equality check for json columns (#1396)

    kriks57 authored and marcj committed Aug 4, 2017
Commits on Jul 15, 2017
  1. Fix MssqlAdapter::applyLimit from generating malformed queries when `…

    McManning authored and marcj committed Jul 15, 2017
    …from` is included as a non-keyword (#1395)
Commits on Jul 7, 2017
  1. Fix detection of subquery virtual columns in MssqlAdapter::applyLimit (

    McManning authored and marcj committed Jul 7, 2017
Commits on Jun 8, 2017
  1. Fix wrong string generation in PropelDateTime::getMicrotime

    marcj committed Jun 8, 2017
Commits on May 30, 2017
  1. Update Database.php (#1379)

    gulaandrij authored and marcj committed May 30, 2017
    * Update Database.php
    
    fix #1378
    
    * Update Database.php
    
    recheck travis
Commits on May 29, 2017
  1. Fixed versionable behavior with incorrect constant (#1270)

    gabor-kormany authored and marcj committed May 29, 2017
    * Fixed versionable behavior
     - related object's addVersion was adding foreignKey -> foreignColumn, which is actually the local column, exchanged to add the foreignTable's first primary key
    - $fkColumn from the point of the related entry is $fk->getLocalColumn(), foreignColumn would be the local and therefore would be unkown on the foreign object's map
    
    * Further changes:
     - made pass unit test
     - also added new unit test to check from N>1 point
Commits on May 28, 2017
  1. Fix greedy regex incorrectly splitting query string with multiple FRO…

    McManning authored and marcj committed May 28, 2017
    …M statements [Mssql] (#1375)
Commits on May 26, 2017
  1. Check incomplete foreign-keys #675 (#1259)

    atompulse authored and marcj committed May 26, 2017
    * Incomplete foreign key references
    
    Propel should not allow incomplete foreign key references when foreign
    table has a composite primary key
    
    * Revert "Merge remote-tracking branch 'propelorm/master'"
    
    This reverts commit 6f47656, reversing
    changes made to 906b84d.
    
    * Incomplete foreign key references
    
    Propel should not allow incomplete foreign key references when foreign
    table has a composite primary key
  2. Fix broken boolean types on IniFileLoader (propelorm/Propel2#1355) (#…

    gboddin authored and marcj committed May 26, 2017
  3. Undefined method being called; issue #1352 (#1354)

    Alexander-Bliznyuk authored and marcj committed May 26, 2017
  4. json type column for mysql 5.7 (#1372)

    cedriclombardot authored and marcj committed May 26, 2017
    * Init json type column
    
    * Add tests
  5. Allowing file loader to accept empty env vars (e.g. DB_PW) (#1373)

    AviBueno authored and marcj committed May 26, 2017
    * Allowing file loader to accept empty env vars (e.g. DB_PW)
    
    * Added a unit test case
  6. Allows the use of Unsigned="true|false" as a MySQL vendor column para…

    TrogloGeek authored and marcj committed May 26, 2017
    …meter. (#1360)