Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[RTM] Quote reserved words in database queries #1262

Merged
merged 2 commits into from
Dec 27, 2017

Conversation

ausi
Copy link
Member

@ausi ausi commented Dec 20, 2017

This is the port of contao/core#8813.

Also see #1106 and contao/installation-bundle#70

@aschempp
Copy link
Member

Is there a reason we don't copy the reserved words from Contao 3.5 to 4.4? I mean it should be very little effort to also fix that version?

@ausi
Copy link
Member Author

ausi commented Dec 21, 2017

IIRC we didn’t want to add support for using Contao 4.4 with PHP 5 together with MariaDB 10.2.4+, see contao/installation-bundle#70 (comment)

*/
public static function quoteColumnName($strName)
{
return \System::getContainer()->get('database_connection')->getDatabasePlatform()->quoteSingleIdentifier($strName);
Copy link
Member

@leofeyer leofeyer Dec 27, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should just return '`' . $strName . '`' instead? Contao does not work with anything but MySQL and quoteColumnName() is potentially executed often, so we might be able to optimize performance here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should definitely use quoteSingleIdentifier() from the doctrine database platform, but maybe we can store the DatabasePlatform object in a static variable so that we don’t call the whole \System::getContainer()->get('database_connection')->getDatabasePlatform() every time?

Copy link
Member

@leofeyer leofeyer Dec 27, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can simply use quoteIdentifier() instead of quoteSingleIdentifier() (see 130fc00). Then we don't have to fix the findInSet() method, either.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That makes sense 👍

@leofeyer leofeyer merged commit 44a0ba1 into contao:4.4 Dec 27, 2017
@leofeyer
Copy link
Member

Thank you @ausi.

leofeyer added a commit to contao/listing-bundle that referenced this pull request Dec 27, 2017
@leofeyer
Copy link
Member

IIRC we didn’t want to add support for using Contao 4.4 with PHP 5 together with MariaDB 10.2.4+

Even though we are now quoting database fields, the changes in MariaDB 10.2 also broke Doctrine. And Doctrine will only fix the issue in version 2.7, which requires PHP 7.1+, so this effectively means that Contao 4 with PHP 5 will never be compatible with MariaDB 10.2.7+.

@leofeyer
Copy link
Member

leofeyer commented Dec 27, 2017

From the current ER2 outage I have learned that some developers are manually quoting identifiers in their code. I had to add this fix: 541a8ca

leofeyer added a commit to contao/listing-bundle that referenced this pull request Dec 28, 2017
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Jan 4, 2018
From release announce:

4.4.9 (2017/12/14)

* Fixes several minor PHP 7.2 related issues.


4.4.10 (2017/12/27)

* Fixes a few minor issues including a problem with the comments bundle.


4.4.11 (2017/12/28)

* Reverts the identifier quoting changes.

  MySQL 8 and MariaDB 10.2

    In MySQL 8.0.2 and MariaDB 10.2.7 rows has been added as reserved
    word. Since we are using a field named rows in the tl_layout
    table, Contao is no longer compatible with the mentioned database
    versions.

    To avoid renaming the field in Contao and potentially causing
    theme import issues, we have added identifier quoting in version
    4.4.10(*1). Unfortunately this led to several unforeseen
    problems(*2), so we had to revert the changes in version 4.4.11.

    (*1) contao/core-bundle#1262
    (*2) contao/core#8813 (comment)


4.4.12 (2018/1/3)

* Optimizes adding pages to the search index and fixes a few minor issues.
leofeyer added a commit that referenced this pull request Jan 19, 2018
Description
-----------

This is the follow-up PR to #1262.

Commits
-------

34bbec1 Re-add identifier quoting.
07748b5 Also quote a few overlooked identifiers.
1853ab7 Allow . in identifier names since AbstractPlatform::quoteIdentifier() will handle it.
@leofeyer leofeyer modified the milestones: 4.4.10, 4.4 May 14, 2019
leofeyer added a commit that referenced this pull request Mar 30, 2020
Description
-----------

| Q                | A
| -----------------| ---
| Fixed issues     | Fixes #1262
| Docs PR or issue | -

Commits
-------

f2cb3f11 Add a 5 seconds timeout to the CAPTCHA widget
481076df Only unset the "required" attribute via JS
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants