From 48d01837a0a5725d2779f30d20478e77572e9ac5 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 06 Apr 2015 06:00:09 -0400
Subject: [PATCH] Fix tables listing routine on mysql and postgres so it skips system or other database tables and views (#1490337)
---
program/lib/Roundcube/rcube_db_mysql.php | 66 ++++++++++++++++++++++++--------
1 files changed, 49 insertions(+), 17 deletions(-)
diff --git a/program/lib/Roundcube/rcube_db_mysql.php b/program/lib/Roundcube/rcube_db_mysql.php
index d3d0ac5..616d175 100644
--- a/program/lib/Roundcube/rcube_db_mysql.php
+++ b/program/lib/Roundcube/rcube_db_mysql.php
@@ -1,6 +1,6 @@
<?php
-/**
+/*
+-----------------------------------------------------------------------+
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2005-2012, The Roundcube Dev Team |
@@ -38,13 +38,6 @@
*/
public function __construct($db_dsnw, $db_dsnr = '', $pconn = false)
{
- if (version_compare(PHP_VERSION, '5.3.0', '<')) {
- rcube::raise_error(array('code' => 600, 'type' => 'db',
- 'line' => __LINE__, 'file' => __FILE__,
- 'message' => "MySQL driver requires PHP >= 5.3, current version is " . PHP_VERSION),
- true, true);
- }
-
parent::__construct($db_dsnw, $db_dsnr, $pconn);
// SQL identifiers quoting
@@ -128,11 +121,11 @@
$result = array();
if (!empty($dsn['key'])) {
- $result[PDO::MYSQL_ATTR_KEY] = $dsn['key'];
+ $result[PDO::MYSQL_ATTR_SSL_KEY] = $dsn['key'];
}
if (!empty($dsn['cipher'])) {
- $result[PDO::MYSQL_ATTR_CIPHER] = $dsn['cipher'];
+ $result[PDO::MYSQL_ATTR_SSL_CIPHER] = $dsn['cipher'];
}
if (!empty($dsn['cert'])) {
@@ -157,6 +150,30 @@
}
/**
+ * Returns list of tables in a database
+ *
+ * @return array List of all tables of the current database
+ */
+ public function list_tables()
+ {
+ // get tables if not cached
+ if ($this->tables === null) {
+ // first fetch current database name
+ $d = $this->query("SELECT database()");
+ $d = $this->fetch_array($d);
+
+ // get list of tables in current database
+ $q = $this->query("SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES"
+ . " WHERE TABLE_SCHEMA = ? AND TABLE_TYPE = 'BASE TABLE'"
+ . " ORDER BY TABLE_NAME", $d ? $d[0] : '');
+
+ $this->tables = $q ? $q->fetchAll(PDO::FETCH_COLUMN, 0) : array();
+ }
+
+ return $this->tables;
+ }
+
+ /**
* Get database runtime variables
*
* @param string $varname Variable name
@@ -168,15 +185,30 @@
{
if (!isset($this->variables)) {
$this->variables = array();
-
- $result = $this->query('SHOW VARIABLES');
-
- while ($row = $this->fetch_array($result)) {
- $this->variables[$row[0]] = $row[1];
- }
}
- return isset($this->variables[$varname]) ? $this->variables[$varname] : $default;
+ if (array_key_exists($varname, $this->variables)) {
+ return $this->variables[$varname];
+ }
+
+ // configured value has higher prio
+ $conf_value = rcube::get_instance()->config->get('db_' . $varname);
+ if ($conf_value !== null) {
+ return $this->variables[$varname] = $conf_value;
+ }
+
+ $result = $this->query('SHOW VARIABLES LIKE ?', $varname);
+
+ while ($row = $this->fetch_array($result)) {
+ $this->variables[$row[0]] = $row[1];
+ }
+
+ // not found, use default
+ if (!isset($this->variables[$varname])) {
+ $this->variables[$varname] = $default;
+ }
+
+ return $this->variables[$varname];
}
/**
--
Gitblit v1.9.1