Merge pull request from GHSA-x93w-64x9-58qw

* Remove ability to use SQL expressions as string in criterion values * Fix iterator syntax Co-authored-by: Johan Cwiklinski <jcwiklinski@teclib.com>
glpi-project · Oct 6, 2020 · f021f1f · f021f1f
1 parent 3dc4475
commit f021f1f
Show file tree

Hide file tree

Showing 8 changed files with 16 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,7 +3,15 @@
 The present file will list all changes made to the project; according to the
 [Keep a Changelog](http://keepachangelog.com/) project.
 
-## [9.5.1] unreleased
+## [9.5.2] unreleased
+
+### API changes
+
+#### Removed
+
+- Ability to use SQL expressions as string in criterion values in SQL iterator (replaced by usage of `QueryExpression`).
+
+## [9.5.1] 2020-07-16
 
 ## [9.5.0] 2020-07-07
 

diff --git a/ajax/dropdownConnectNetworkPort.php b/ajax/dropdownConnectNetworkPort.php
@@ -97,7 +97,7 @@
                'glpi_networkports_networkports' => 'networkports_id_1',
                'glpi_networkports'              => 'id', [
                   'OR'  => [
-                     'glpi_networkports_networkports.networkports_id_2' => $DB->quoteName('glpi_networkports.id')
+                     'glpi_networkports_networkports.networkports_id_2' => new QueryExpression($DB->quoteName('glpi_networkports.id'))
                   ]
                ]
             ]

diff --git a/inc/crontask.class.php b/inc/crontask.class.php
@@ -396,12 +396,12 @@ function getNeedToRun($mode = 0, $name = '') {
          // Build query for frequency and allowed hour
          $WHERE[] = ['OR' => [
             ['AND' => [
-               ['hourmin'   => ['<', $DB->quoteName('hourmax')]],
+               ['hourmin'   => ['<', new QueryExpression($DB->quoteName('hourmax'))]],
                'hourmin'   => ['<=', $hour],
                'hourmax'   => ['>', $hour]
             ]],
             ['AND' => [
-               'hourmin'   => ['>', $DB->quoteName('hourmax')],
+               'hourmin'   => ['>', new QueryExpression($DB->quoteName('hourmax'))],
                'OR'        => [
                   'hourmin'   => ['<=', $hour],
                   'hourmax'   => ['>', $hour]

diff --git a/inc/dbmysql.class.php b/inc/dbmysql.class.php
@@ -1077,7 +1077,7 @@ public static function quoteValue($value) {
          $value = $value->getValue();
       } else if ($value === null || $value === 'NULL' || $value === 'null') {
          $value = 'NULL';
-      } else if (!preg_match("/^`.*?`$/", $value)) { //`field` is valid only for mysql :/
+      } else {
          //phone numbers may start with '+' and will be considered as numeric
          $value = "'$value'";
       }

diff --git a/inc/dbmysqliterator.class.php b/inc/dbmysqliterator.class.php
@@ -589,8 +589,6 @@ private function getCriterionValue($value) {
          return $value->getQuery();
       } else if ($value instanceof \QueryExpression) {
          return $value->getValue();
-      } else if (DBmysql::isNameQuoted($value)) { //FIXME: database related
-         return $value;
       } else if ($value instanceof \QueryParam) {
          return $value->getValue();
       } else {

diff --git a/inc/report.class.php b/inc/report.class.php
@@ -393,7 +393,7 @@ static function reportForNetworkInformations(
                   'LINK'   => 'networkports_id_1',
                   'PORT_1' => 'id', [
                      'OR'     => [
-                        'LINK.networkports_id_2'   => $DB->quoteName('PORT_1.id')
+                        'LINK.networkports_id_2'   => new QueryExpression($DB->quoteName('PORT_1.id'))
                      ]
                   ]
                ]

diff --git a/tests/units/DB.php b/tests/units/DB.php
@@ -96,7 +96,7 @@ protected function dataValue() {
          [null, 'NULL'],
          ['null', 'NULL'],
          ['NULL', 'NULL'],
-         ['`field`', '`field`'],
+         [new \QueryExpression('`field`'), '`field`'],
          ['`field', "'`field'"]
       ];
    }

diff --git a/tests/units/DBmysqlIterator.php b/tests/units/DBmysqlIterator.php
@@ -562,7 +562,7 @@ function() {
       $it = $this->it->execute('foo', ['bar' => 'val']);
       $this->string($it->getSql())->isIdenticalTo("SELECT * FROM `foo` WHERE `bar` = 'val'");
 
-      $it = $this->it->execute('foo', ['bar' => '`field`']);
+      $it = $this->it->execute('foo', ['bar' => new \QueryExpression('`field`')]);
       $this->string($it->getSql())->isIdenticalTo('SELECT * FROM `foo` WHERE `bar` = `field`');
 
       $it = $this->it->execute('foo', ['bar' => '?']);