mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #23952 from nextcloud/backport/23922/stable19 

[stable19] Improve query type detection
This commit is contained in:
Roeland Jago Douma 2020-11-07 10:48:56 +01:00 committed by GitHub
parent 80399bd890 ce718ebd7b
commit 8c384b8856
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/private/legacy/OC_DB.php
View File

@ -73,8 +73,7 @@ class OC_DB {
throw new \OC\DatabaseException($e->getMessage()); throw new \OC\DatabaseException($e->getMessage());
} }
// differentiate between query and manipulation // differentiate between query and manipulation
$result = new OC_DB_StatementWrapper($result, $isManipulation); return new OC_DB_StatementWrapper($result, $isManipulation);
return $result;
} }
/** /**
@ -85,22 +84,26 @@ class OC_DB {
* @return bool * @return bool
*/ */
public static function isManipulation($sql) { public static function isManipulation($sql) {
$sql = trim($sql);
$selectOccurrence = stripos($sql, 'SELECT'); $selectOccurrence = stripos($sql, 'SELECT');
if ($selectOccurrence !== false && $selectOccurrence < 10) { if ($selectOccurrence === 0) {
return false; return false;
} }
$insertOccurrence = stripos($sql, 'INSERT'); $insertOccurrence = stripos($sql, 'INSERT');
if ($insertOccurrence !== false && $insertOccurrence < 10) { if ($insertOccurrence === 0) {
return true; return true;
} }
$updateOccurrence = stripos($sql, 'UPDATE'); $updateOccurrence = stripos($sql, 'UPDATE');
if ($updateOccurrence !== false && $updateOccurrence < 10) { if ($updateOccurrence === 0) {
return true; return true;
} }
$deleteOccurrence = stripos($sql, 'DELETE'); $deleteOccurrence = stripos($sql, 'DELETE');
if ($deleteOccurrence !== false && $deleteOccurrence < 10) { if ($deleteOccurrence === 0) {
return true; return true;
} }
\OC::$server->getLogger()->logException(new \Exception('Can not detect if query is manipulating: ' . $sql));
return false; return false;
} }