Skip to content

Commit 56cfefc

Browse files
OldiesmannOldiesmann
committed
Merge branch 'release-3.0' of github.com:SimpleMachines/SMF into reactions
2 parents 8d89400 + d80ee69 commit 56cfefc

File tree

3 files changed

+9
-17
lines changed

3 files changed

+9
-17
lines changed

Sources/Db/APIs/MySQL.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -169,7 +169,7 @@ public function query(string $db_string, array $db_values = [], ?object $connect
169169

170170
// First, we clean strings out of the query, reduce whitespace, lowercase, and trim - so we can check it over.
171171
if (!$this->disableQueryCheck) {
172-
$clean = preg_split('/(?<![\'\\\\])\'(?![\'])/', $db_string);
172+
$clean = preg_split('/(?:\\\\{2})*\K(?<![\'\\\\])\'(?![\'])/', $db_string);
173173

174174
for ($i = 0; $i < \count($clean); $i++) {
175175
if ($i % 2 === 1) {

Sources/Db/APIs/PostgreSQL.php

Lines changed: 8 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -177,12 +177,14 @@ public function query(string $db_string, array $db_values = [], ?object $connect
177177

178178
// Comments that are allowed in a query are preg_removed.
179179
$allowed_comments_from = [
180+
'~\'\X*?\'~s',
180181
'~\s+~s',
181182
'~/\*!40001 SQL_NO_CACHE \*/~',
182183
'~/\*!40000 USE INDEX \([A-Za-z\_]+?\) \*/~',
183184
'~/\*!40100 ON DUPLICATE KEY UPDATE id_msg = \d+ \*/~',
184185
];
185186
$allowed_comments_to = [
187+
' %s ',
186188
' ',
187189
'',
188190
'',
@@ -216,19 +218,9 @@ public function query(string $db_string, array $db_values = [], ?object $connect
216218

217219
// First, we clean strings out of the query, reduce whitespace, lowercase, and trim - so we can check it over.
218220
if (!$this->disableQueryCheck) {
219-
$clean = preg_split('/(?<![\'\\\\])\'(?![\'])/', $db_string);
220-
221-
for ($i = 0; $i < \count($clean); $i++) {
222-
if ($i % 2 === 1) {
223-
$clean[$i] = ' %s ';
224-
}
225-
}
226-
227-
$clean = trim(strtolower(preg_replace(
228-
$allowed_comments_from,
229-
$allowed_comments_to,
230-
implode('', $clean),
231-
)));
221+
// Clear out escaped single quotes first, to make it simpler to ID & remove string literals
222+
$clean = str_replace('\'\'', ' ', $db_string);
223+
$clean = trim(strtolower(preg_replace($allowed_comments_from, $allowed_comments_to, $clean)));
232224

233225
if (
234226
// Empty string?
@@ -1813,10 +1805,11 @@ public function create_table(string $table_name, array $columns, array $indexes
18131805
$default = 'default nextval(\'' . $short_table_name . '_seq\')';
18141806
} elseif (isset($column['default']) && $column['default'] !== null) {
18151807
// Numbers don't need quotes.
1816-
if (is_numeric($column['default']))
1808+
if (is_numeric($column['default'])) {
18171809
$default = 'default ' . $column['default'];
1818-
else
1810+
} else {
18191811
$default = 'default \'' . $this->escape_string($column['default']) . '\'';
1812+
}
18201813
} else {
18211814
$default = '';
18221815
}

Sources/ErrorHandler.php

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -280,7 +280,6 @@ public static function log(string $error_message, string|bool $error_type = 'gen
280280
time(),
281281
User::$me->ip ?? IP::getUserIP(),
282282
$request_url,
283-
$query_string,
284283
$error_message,
285284
(string) (User::$sc ?? ''),
286285
$error_type,

0 commit comments

Comments
 (0)