Permalink
Browse files

Merge remote-tracking branch 'upstream/master'

  • Loading branch information...
2 parents 04e5109 + e00aefc commit 5a181920967b6a4b92a1156dc71825d33a55f6a8 @ossinkine ossinkine committed Mar 21, 2013
Showing with 1,431 additions and 205 deletions.
  1. +105 −0 CHANGELOG.md
  2. +3 −23 README.md
  3. +3 −0 composer.json
  4. +14 −5 library/Zend/Db/Adapter/Adapter.php
  5. +5 −0 library/Zend/Db/Adapter/Driver/Pdo/Pdo.php
  6. +35 −5 library/Zend/Db/Adapter/Platform/IbmDb2.php
  7. +78 −5 library/Zend/Db/Adapter/Platform/Mysql.php
  8. +26 −5 library/Zend/Db/Adapter/Platform/Oracle.php
  9. +12 −0 library/Zend/Db/Adapter/Platform/PlatformInterface.php
  10. +77 −5 library/Zend/Db/Adapter/Platform/Postgresql.php
  11. +26 −5 library/Zend/Db/Adapter/Platform/Sql92.php
  12. +68 −4 library/Zend/Db/Adapter/Platform/SqlServer.php
  13. +65 −5 library/Zend/Db/Adapter/Platform/Sqlite.php
  14. +6 −2 library/Zend/Db/Sql/Insert.php
  15. +8 −4 library/Zend/Db/Sql/Select.php
  16. +10 −0 library/Zend/I18n/Translator/Plural/Rule.php
  17. +28 −0 library/Zend/I18n/Translator/TextDomain.php
  18. +23 −60 library/Zend/I18n/Translator/Translator.php
  19. +57 −20 library/Zend/Math/Rand.php
  20. +114 −0 library/Zend/Math/Source/HashTiming.php
  21. +3 −0 library/Zend/Math/composer.json
  22. +8 −7 library/Zend/Mvc/Router/Http/Query.php
  23. +1 −4 library/Zend/Stdlib/composer.json
  24. +1 −1 library/Zend/Version/Version.php
  25. +0 −1 tests/Bootstrap.php
  26. +1 −1 tests/ZendTest/Db/Adapter/Driver/Oci8/ConnectionIntegrationTest.php
  27. +1 −1 tests/ZendTest/Db/Adapter/Driver/Oci8/Oci8IntegrationTest.php
  28. +1 −1 tests/ZendTest/Db/Adapter/Driver/Oci8/ResultIntegrationTest.php
  29. +1 −1 tests/ZendTest/Db/Adapter/Driver/Sqlsrv/SqlSrvIntegrationTest.php
  30. +1 −1 tests/ZendTest/Db/Adapter/Driver/Sqlsrv/StatementIntegrationTest.php
  31. +24 −3 tests/ZendTest/Db/Adapter/Platform/IbmDb2Test.php
  32. +45 −0 tests/ZendTest/Db/Adapter/Platform/MysqlIntegrationTest.php
  33. +21 −2 tests/ZendTest/Db/Adapter/Platform/MysqlTest.php
  34. +21 −2 tests/ZendTest/Db/Adapter/Platform/OracleTest.php
  35. +47 −0 tests/ZendTest/Db/Adapter/Platform/PostgresqlIntegrationTest.php
  36. +21 −2 tests/ZendTest/Db/Adapter/Platform/PostgresqlTest.php
  37. +21 −2 tests/ZendTest/Db/Adapter/Platform/Sql92Test.php
  38. +26 −0 tests/ZendTest/Db/Adapter/Platform/SqlServerIntegrationTest.php
  39. +19 −2 tests/ZendTest/Db/Adapter/Platform/SqlServerTest.php
  40. +29 −0 tests/ZendTest/Db/Adapter/Platform/SqliteIntegrationTest.php
  41. +21 −2 tests/ZendTest/Db/Adapter/Platform/SqliteTest.php
  42. +142 −0 tests/ZendTest/Db/IntegrationTestListener.php
  43. +2 −2 tests/ZendTest/Db/Sql/AbstractSqlTest.php
  44. +4 −3 tests/ZendTest/Db/Sql/InsertTest.php
  45. +12 −3 tests/ZendTest/Db/Sql/SelectTest.php
  46. +15 −0 tests/ZendTest/Db/Sql/SqlTest.php
  47. +5 −4 tests/ZendTest/Db/Sql/UpdateTest.php
  48. +13 −0 tests/ZendTest/Db/TestAsset/TrustingSql92Platform.php
  49. +6 −0 tests/ZendTest/I18n/Translator/Plural/RuleTest.php
  50. +22 −0 tests/ZendTest/I18n/Translator/TextDomainTest.php
  51. +46 −3 tests/ZendTest/I18n/Translator/TranslatorTest.php
  52. +22 −0 tests/ZendTest/I18n/Translator/_files/testarray/translation-more-de_DE-incompatible.php
  53. +1 −2 tests/ZendTest/I18n/Translator/_files/testarray/translation-more-de_DE.php
  54. +25 −0 tests/ZendTest/Math/RandTest.php
  55. +8 −1 tests/ZendTest/Mvc/Router/Http/PartTest.php
  56. +10 −4 tests/ZendTest/Mvc/Router/Http/QueryTest.php
  57. +2 −0 tests/ZendTest/Mvc/Router/Http/TreeRouteStackTest.php
  58. +1 −1 tests/ZendTest/Mvc/Router/RoutePluginManagerTest.php
  59. +2 −1 tests/ZendTest/Validator/Db/RecordExistsTest.php
  60. +17 −0 tests/phpunit.xml.dist
View
@@ -1,5 +1,105 @@
# CHANGELOG
+## 2.1.4 (13 Mar 2013):
+
+- ZF2013-01: Query route (http://framework.zend.com/security/ZF2013-01)
+- ZF2013-02: RNG support (http://framework.zend.com/security/ZF2013-02)
+- ZF2013-03: DB platform quoting (http://framework.zend.com/security/ZF2013-03)
+- 2752: `Zend_Json_Server` to accept null parameters
+ (https://github.com/zendframework/zf2/issues/2752)
+- 3696: `Zend\Json\Server\Server` should allow parameters with NULL values
+ (https://github.com/zendframework/zf2/issues/3696)
+- 3767: Allow NULL parameter values in `Zend/Json/Server`
+ (https://github.com/zendframework/zf2/issues/3767)
+- 3827: Fix mismatches between the PHPDoc and the method signatures
+ (https://github.com/zendframework/zf2/issues/3827)
+- 3840: allow a null page in pages array, to compensate for ZF issue #3823
+ (https://github.com/zendframework/zf2/issues/3840)
+- 3842: Hotfix/zend test improve console usage
+ (https://github.com/zendframework/zf2/issues/3842)
+- 3849: Check if values are set in `Zend\Db\Sql\Insert.php` for prepared
+ statement
+ (https://github.com/zendframework/zf2/issues/3849)
+- 3867: `FileGenerator::setUses()` MUST can take arguments from
+ `FileGenerator::getUses()`
+ (https://github.com/zendframework/zf2/issues/3867)
+- 3868: `ClassGenerator::fromReflection` not generate class properties
+ (https://github.com/zendframework/zf2/issues/3868)
+- 3869: Remove BC break in `Identical` validator
+ (https://github.com/zendframework/zf2/issues/3869)
+- 3871: The method delete on the `RowGateway` now returns the affected rows
+ (https://github.com/zendframework/zf2/issues/3871)
+- 3873: Fixes an issue when binding a model to a form collection element
+ (https://github.com/zendframework/zf2/issues/3873)
+- 3885: Hotfix/add tests console adapter
+ (https://github.com/zendframework/zf2/issues/3885)
+- 3886: Add tests console prompt
+ (https://github.com/zendframework/zf2/issues/3886)
+- 3888: `DefinitionList` `hasMethod` fix
+ (https://github.com/zendframework/zf2/issues/3888)
+- 3907: Add tests console request response
+ (https://github.com/zendframework/zf2/issues/3907)
+- 3916: Fix PUT HTTP method usage with params
+ (https://github.com/zendframework/zf2/issues/3916)
+- 3917: Clean the Console abstract adapter
+ (https://github.com/zendframework/zf2/issues/3917)
+- 3921: [+BUGFIX] Fixed column names bug `Zend\Db\Sql\Select`
+ (https://github.com/zendframework/zf2/issues/3921)
+- 3925: Added view and validator dependency
+ (https://github.com/zendframework/zf2/issues/3925)
+- 3936: Improve the remove of `SendResponseListener`
+ (https://github.com/zendframework/zf2/issues/3936)
+- 3946: Adding config to `openssl_pkey_export()`
+ (https://github.com/zendframework/zf2/issues/3946)
+- 3947: fix exception %s passed variable of 'A service by the name or alias %s' should be $name
+ (https://github.com/zendframework/zf2/issues/3947)
+- 3948: Bug/merging translator textdomains
+ (https://github.com/zendframework/zf2/issues/3948)
+- 3950: Fix zero value in argument
+ (https://github.com/zendframework/zf2/issues/3950)
+- 3957: [Hotfix] Fixed incorrect `PDO_Oci` platform recognition
+ (https://github.com/zendframework/zf2/issues/3957)
+- 3960: Update toString() to use late static binding for encoding methods
+ (https://github.com/zendframework/zf2/issues/3960)
+- 3964: Fix fluent interface
+ (https://github.com/zendframework/zf2/issues/3964)
+- 3966: Better polyfill support for `Stdlib` and `Session`
+ (https://github.com/zendframework/zf2/issues/3966)
+- 3968: fixed `Exception\InvalidArgumentException` messages in `Zend\Log`
+ (https://github.com/zendframework/zf2/issues/3968)
+- 3971: SessionArrayStorage doesn't preserve `_REQUEST_ACCESS_TIME`
+ (https://github.com/zendframework/zf2/issues/3971)
+- 3973: Documentation improvement `Zend\View\Stream`
+ (https://github.com/zendframework/zf2/issues/3973)
+- 3980: change `HOST_DNS_OR_IPV4_OR_IPV6` to `0x13` for `$validHostTypes`
+ (https://github.com/zendframework/zf2/issues/3980)
+- 3981: Improve exception messages
+ (https://github.com/zendframework/zf2/issues/3981)
+- 3982: Fix `\Zend\Soap\AutoDiscover` constructor
+ (https://github.com/zendframework/zf2/issues/3982)
+- 3984: Update `ArrayStack.php`
+ (https://github.com/zendframework/zf2/issues/3984)
+- 3987: Fix ChromePhp logger interface and debug level
+ (https://github.com/zendframework/zf2/issues/3987)
+- 3988: Fix & Unit test for `preparestatement` notices
+ (https://github.com/zendframework/zf2/issues/3988)
+- 3991: Hotfix/3858 - `findHelper` problem in Navigation Helper
+ (https://github.com/zendframework/zf2/issues/3991)
+- 3993: `SessionArrayStorage` Request Access Time and Storage Initialization
+ (https://github.com/zendframework/zf2/issues/3993)
+- 3997: Allow https on scheme without a hostname
+ (https://github.com/zendframework/zf2/issues/3997)
+- 4001: Fix `ViewFeedStrategyFactory` comment
+ (https://github.com/zendframework/zf2/issues/4001)
+- 4005: Hotfix/case sensitive console
+ (https://github.com/zendframework/zf2/issues/4005)
+- 4007: Pass `ClassGenerator` instance instead of boolean
+ (https://github.com/zendframework/zf2/issues/4007)
+- 4009: Minor if to else if improvement
+ (https://github.com/zendframework/zf2/issues/4009)
+- 4010: Hotfix/zend test with console route
+ (https://github.com/zendframework/zf2/issues/4010)
+
## 2.1.3 (21 Feb 2013):
- 3714: Zend\Stdlib\ArrayObject::offsetExists() returning by reference
@@ -568,6 +668,11 @@ For those affected, the following courses of action are possible:
* Initialize and register a Zend\Session\Storage\SessionStorage object
explicitly with the session manager instance.
+## 2.0.8 (13 Mar 2013):
+
+- ZF2013-01: Query route (http://framework.zend.com/security/ZF2013-01)
+- ZF2013-02: RNG support (http://framework.zend.com/security/ZF2013-02)
+- ZF2013-03: DB platform quoting (http://framework.zend.com/security/ZF2013-03)
## 2.0.7 (29 Jan 2013):
View
@@ -5,33 +5,13 @@ Develop: [![Build Status](https://secure.travis-ci.org/zendframework/zf2.png?bra
## RELEASE INFORMATION
-*Zend Framework 2.1.4dev*
+*Zend Framework 2.1.5dev*
-This is the fourth maintenance release for the version 2.1 series.
+This is the fifth maintenance release for the version 2.1 series.
DD MMM YYYY
-### UPDATES IN 2.1.4
-
-Better polyfill support in `Zend\Session` and `Zend\Stdlib`. Polyfills
-(version-specific class replacements) have caused some issues in the 2.1 series.
-In particular, users who were not using Composer were unaware/uncertain about
-what extra files needed to be included to load polyfills, and those users who
-were generating classmaps were running into issues since the same class was
-being generated twice.
-
-New polyfill support was created which does the following:
-
-- New, uniquely named classes were created for each polyfill base.
-- A stub class file was created for each class needing polyfill support. A
- conditional is present in each that uses `class_alias` to alias the appropriate
- polyfill base as an import. The stub class then extends the base.
-- The `compatibility/autoload.php` files in each component affected was altered
- to trigger an `E_USER_DEPRECATED` error asking the user to remove the require
- statement for the file.
-
-The functionality works with both Composer and ZF2's autoloading support, using
-either PSR-0 or classmaps. All typehinting is preserved.
+### UPDATES IN 2.1.5
Please see [CHANGELOG.md](CHANGELOG.md).
View
@@ -13,11 +13,14 @@
},
"require-dev": {
"doctrine/common": ">=2.1",
+ "ircmaxell/random-lib": "dev-master",
+ "ircmaxell/security-lib": "dev-master",
"phpunit/PHPUnit": "3.7.*"
},
"suggest": {
"doctrine/common": "Doctrine\\Common >=2.1 for annotation features",
"ext-intl": "ext/intl for i18n features",
+ "ircmaxell/random-lib": "Fallback random byte generator for Zend\\Math\\Rand if OpenSSL/Mcrypt extensions are unavailable",
"pecl-weakref": "Implementation of weak references for Zend\\Stdlib\\CallbackHandler",
"zendframework/zendpdf": "ZendPdf for creating PDF representations of barcodes",
"zendframework/zendservice-recaptcha": "ZendService\\ReCaptcha for rendering ReCaptchas in Zend\\Captcha and/or Zend\\Form"
@@ -321,23 +321,32 @@ protected function createPlatform($parameters)
throw new Exception\InvalidArgumentException('A platform could not be determined from the provided configuration');
}
+ // currently only supported by the IbmDb2 & Oracle concrete implementations
$options = (isset($parameters['platform_options'])) ? $parameters['platform_options'] : array();
switch ($platformName) {
case 'Mysql':
- return new Platform\Mysql($options);
+ // mysqli or pdo_mysql driver
+ $driver = ($this->driver instanceof Driver\Mysqli\Mysqli || $this->driver instanceof Driver\Pdo\Pdo) ? $this->driver : null;
+ return new Platform\Mysql($driver);
case 'SqlServer':
- return new Platform\SqlServer($options);
+ // PDO is only supported driver for quoting values in this platform
+ return new Platform\SqlServer(($this->driver instanceof Driver\Pdo\Pdo) ? $this->driver : null);
case 'Oracle':
+ // oracle does not accept a driver as an option, no driver specific quoting available
return new Platform\Oracle($options);
case 'Sqlite':
- return new Platform\Sqlite($options);
+ // PDO is only supported driver for quoting values in this platform
+ return new Platform\Sqlite(($this->driver instanceof Driver\Pdo\Pdo) ? $this->driver : null);
case 'Postgresql':
- return new Platform\Postgresql($options);
+ // pgsql or pdo postgres driver
+ $driver = ($this->driver instanceof Driver\Pgsql\Pgsql || $this->driver instanceof Driver\Pdo\Pdo) ? $this->driver : null;
+ return new Platform\Postgresql($driver);
case 'IbmDb2':
+ // ibm_db2 driver escaping does not need an action connection
return new Platform\IbmDb2($options);
default:
- return new Platform\Sql92($options);
+ return new Platform\Sql92();
}
}
@@ -187,6 +187,9 @@ public function getDatabasePlatformName($nameFormat = self::NAME_FORMAT_CAMELCAS
switch ($name) {
case 'pgsql':
return 'Postgresql';
+ case 'oci':
+ return 'Oracle';
+
default:
return ucfirst($name);
}
@@ -198,6 +201,8 @@ public function getDatabasePlatformName($nameFormat = self::NAME_FORMAT_CAMELCAS
return 'MySQL';
case 'pgsql':
return 'PostgreSQL';
+ case 'oci':
+ return 'Oracle';
default:
return ucfirst($name);
}
@@ -12,6 +12,8 @@
class IbmDb2 implements PlatformInterface
{
+ protected $quoteValueAllowed = false;
+
/**
* @var bool
*/
@@ -109,7 +111,30 @@ public function getQuoteValueSymbol()
*/
public function quoteValue($value)
{
- return '\'' . str_replace('\'', '\\' . '\'', $value) . '\'';
+ if (function_exists('db2_escape_string')) {
+ return '\'' . db2_escape_string($value) . '\'';
+ }
+ trigger_error(
+ 'Attempting to quote a value in ' . __CLASS__ . ' without extension/driver support '
+ . 'can introduce security vulnerabilities in a production environment.'
+ );
+ return '\'' . str_replace("'", "''", $value) . '\'';
+ }
+
+ /**
+ * Quote Trusted Value
+ *
+ * The ability to quote values without notices
+ *
+ * @param $value
+ * @return mixed
+ */
+ public function quoteTrustedValue($value)
+ {
+ if (function_exists('db2_escape_string')) {
+ return '\'' . db2_escape_string($value) . '\'';
+ }
+ return '\'' . str_replace("'", "''", $value) . '\'';
}
/**
@@ -120,11 +145,15 @@ public function quoteValue($value)
*/
public function quoteValueList($valueList)
{
- $valueList = str_replace('\'', '\\' . '\'', $valueList);
- if (is_array($valueList)) {
- $valueList = implode('\', \'', $valueList);
+ if (!is_array($valueList)) {
+ return $this->quoteValue($valueList);
}
- return '\'' . $valueList . '\'';
+
+ $value = reset($valueList);
+ do {
+ $valueList[key($valueList)] = $this->quoteValue($value);
+ } while ($value = next($valueList));
+ return implode(', ', $valueList);
}
/**
@@ -176,4 +205,5 @@ public function quoteIdentifierInFragment($identifier, array $safeWords = array(
return implode('', $parts);
}
+
}
Oops, something went wrong.

0 comments on commit 5a18192

Please sign in to comment.