From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/lib/MDB2/Driver/mssql.php | 764 +++++++++++++++++++++++++++++++++++++++++++++-------------
1 files changed, 585 insertions(+), 179 deletions(-)
diff --git a/program/lib/MDB2/Driver/mssql.php b/program/lib/MDB2/Driver/mssql.php
old mode 100755
new mode 100644
index 9134654..88d326b
--- a/program/lib/MDB2/Driver/mssql.php
+++ b/program/lib/MDB2/Driver/mssql.php
@@ -3,7 +3,7 @@
// +----------------------------------------------------------------------+
// | PHP versions 4 and 5 |
// +----------------------------------------------------------------------+
-// | Copyright (c) 1998-2004 Manuel Lemos, Tomas V.V.Cox, |
+// | Copyright (c) 1998-2008 Manuel Lemos, Tomas V.V.Cox, |
// | Stig. S. Bakken, Lukas Smith, Frank M. Kromann |
// | All rights reserved. |
// +----------------------------------------------------------------------+
@@ -43,7 +43,7 @@
// | Author: Frank M. Kromann <frank@kromann.info> |
// +----------------------------------------------------------------------+
//
-// $Id$
+// $Id: mssql.php 295587 2010-02-28 17:16:38Z quipo $
//
// {{{ Class MDB2_Driver_mssql
/**
@@ -56,7 +56,10 @@
class MDB2_Driver_mssql extends MDB2_Driver_Common
{
// {{{ properties
- var $escape_quotes = "'";
+
+ var $string_quoting = array('start' => "'", 'end' => "'", 'escape' => "'", 'escape_pattern' => false);
+
+ var $identifier_quoting = array('start' => '[', 'end' => ']', 'escape' => ']');
// }}}
// {{{ constructor
@@ -75,6 +78,7 @@
$this->supported['indexes'] = true;
$this->supported['affected_rows'] = true;
$this->supported['transactions'] = true;
+ $this->supported['savepoints'] = false;
$this->supported['summary_functions'] = true;
$this->supported['order_by_text'] = true;
$this->supported['current_id'] = 'emulated';
@@ -82,11 +86,19 @@
$this->supported['LOBs'] = true;
$this->supported['replace'] = 'emulated';
$this->supported['sub_selects'] = true;
+ $this->supported['triggers'] = true;
$this->supported['auto_increment'] = true;
$this->supported['primary_key'] = true;
+ $this->supported['result_introspection'] = true;
+ $this->supported['prepared_statements'] = 'emulated';
+ $this->supported['pattern_escaping'] = true;
+ $this->supported['new_link'] = true;
+ $this->options['DBA_username'] = false;
+ $this->options['DBA_password'] = false;
$this->options['database_device'] = false;
$this->options['database_size'] = false;
+ $this->options['max_identifiers_length'] = 128; // MS Access: 64
}
// }}}
@@ -99,34 +111,61 @@
* @return array
* @access public
*/
- function errorInfo($error = null)
+ function errorInfo($error = null, $connection = null)
{
+ if (null === $connection) {
+ $connection = $this->connection;
+ }
+
$native_code = null;
- if ($this->connection) {
- $result = @mssql_query('select @@ERROR as ErrorCode', $this->connection);
+ if ($connection) {
+ $result = @mssql_query('select @@ERROR as ErrorCode', $connection);
if ($result) {
$native_code = @mssql_result($result, 0, 0);
@mssql_free_result($result);
}
}
$native_msg = @mssql_get_last_message();
- if (is_null($error)) {
+ if (null === $error) {
static $ecode_map;
if (empty($ecode_map)) {
$ecode_map = array(
+ 102 => MDB2_ERROR_SYNTAX,
110 => MDB2_ERROR_VALUE_COUNT_ON_ROW,
155 => MDB2_ERROR_NOSUCHFIELD,
+ 156 => MDB2_ERROR_SYNTAX,
170 => MDB2_ERROR_SYNTAX,
207 => MDB2_ERROR_NOSUCHFIELD,
208 => MDB2_ERROR_NOSUCHTABLE,
245 => MDB2_ERROR_INVALID_NUMBER,
+ 319 => MDB2_ERROR_SYNTAX,
+ 321 => MDB2_ERROR_NOSUCHFIELD,
+ 325 => MDB2_ERROR_SYNTAX,
+ 336 => MDB2_ERROR_SYNTAX,
515 => MDB2_ERROR_CONSTRAINT_NOT_NULL,
547 => MDB2_ERROR_CONSTRAINT,
+ 911 => MDB2_ERROR_NOT_FOUND,
+ 1018 => MDB2_ERROR_SYNTAX,
+ 1035 => MDB2_ERROR_SYNTAX,
+ 1801 => MDB2_ERROR_ALREADY_EXISTS,
1913 => MDB2_ERROR_ALREADY_EXISTS,
+ 2209 => MDB2_ERROR_SYNTAX,
+ 2223 => MDB2_ERROR_SYNTAX,
+ 2248 => MDB2_ERROR_SYNTAX,
+ 2256 => MDB2_ERROR_SYNTAX,
+ 2257 => MDB2_ERROR_SYNTAX,
2627 => MDB2_ERROR_CONSTRAINT,
2714 => MDB2_ERROR_ALREADY_EXISTS,
+ 3607 => MDB2_ERROR_DIVZERO,
3701 => MDB2_ERROR_NOSUCHTABLE,
+ 7630 => MDB2_ERROR_SYNTAX,
8134 => MDB2_ERROR_DIVZERO,
+ 9303 => MDB2_ERROR_SYNTAX,
+ 9317 => MDB2_ERROR_SYNTAX,
+ 9318 => MDB2_ERROR_SYNTAX,
+ 9331 => MDB2_ERROR_SYNTAX,
+ 9332 => MDB2_ERROR_SYNTAX,
+ 15253 => MDB2_ERROR_SYNTAX,
);
}
if (isset($ecode_map[$native_code])) {
@@ -143,37 +182,69 @@
}
// }}}
- // {{{ quoteIdentifier()
+ // {{{ function escapePattern($text)
/**
- * Quote a string so it can be safely used as a table / column name
+ * Quotes pattern (% and _) characters in a string)
*
- * Quoting style depends on which database driver is being used.
+ * @param string the input string to quote
*
- * @param string $str identifier name to be quoted
+ * @return string quoted string
*
- * @return string quoted identifier string
+ * @access public
+ */
+ function escapePattern($text)
+ {
+ $text = str_replace("[", "[ [ ]", $text);
+ foreach ($this->wildcards as $wildcard) {
+ $text = str_replace($wildcard, '[' . $wildcard . ']', $text);
+ }
+ return $text;
+ }
+
+ // }}}
+ // {{{ escape()
+
+ /**
+ * Quotes a string so it can be safely used in a query. It will quote
+ * the text so it can safely be used within a query.
*
- * @since 1.6.0
+ * @param string $text the input string to quote
+ * @param bool $escape_wildcards flag
+ *
+ * @return string quoted string
* @access public
*/
- function quoteIdentifier($str)
+ function escape($text, $escape_wildcards = false)
{
- return '[' . str_replace(']', ']]', $str) . ']';
+ $text = parent::escape($text, $escape_wildcards);
+ // http://pear.php.net/bugs/bug.php?id=16118
+ // http://support.microsoft.com/kb/164291
+ return preg_replace("/\\\\(\r\n|\r|\n)/", '\\\\$1', $text);
}
// }}}
// {{{ beginTransaction()
/**
- * Start a transaction.
+ * Start a transaction or set a savepoint.
+ *
+ * @param string $savepoint name of a savepoint to set
*
* @return mixed MDB2_OK on success, a MDB2 error on failure
* @access public
*/
- function beginTransaction()
+ function beginTransaction($savepoint = null)
{
- $this->debug('starting transaction', 'beginTransaction');
+ $this->debug('Starting transaction/savepoint', __FUNCTION__, array('is_manip' => true, 'savepoint' => $savepoint));
+ if (null !== $savepoint) {
+ if (!$this->in_transaction) {
+ return $this->raiseError(MDB2_ERROR_INVALID, null, null,
+ 'savepoint cannot be released when changes are auto committed', __FUNCTION__);
+ }
+ $query = 'SAVE TRANSACTION '.$savepoint;
+ return $this->_doQuery($query, true);
+ }
if ($this->in_transaction) {
return MDB2_OK; //nothing to do
}
@@ -181,7 +252,7 @@
$this->destructor_registered = true;
register_shutdown_function('MDB2_closeOpenTransactions');
}
- $result = $this->_doQuery('BEGIN TRANSACTION', true);
+ $result =& $this->_doQuery('BEGIN TRANSACTION', true);
if (PEAR::isError($result)) {
return $result;
}
@@ -194,19 +265,27 @@
/**
* Commit the database changes done during a transaction that is in
- * progress.
+ * progress or release a savepoint. This function may only be called when
+ * auto-committing is disabled, otherwise it will fail. Therefore, a new
+ * transaction is implicitly started after committing the pending changes.
+ *
+ * @param string $savepoint name of a savepoint to release
*
* @return mixed MDB2_OK on success, a MDB2 error on failure
- * @access public
+ * @access public
*/
- function commit()
+ function commit($savepoint = null)
{
- $this->debug('commit transaction', 'commit');
+ $this->debug('Committing transaction/savepoint', __FUNCTION__, array('is_manip' => true, 'savepoint' => $savepoint));
if (!$this->in_transaction) {
- return $this->raiseError(MDB2_ERROR, null, null,
- 'commit: transaction changes are being auto committed');
+ return $this->raiseError(MDB2_ERROR_INVALID, null, null,
+ 'commit/release savepoint cannot be done changes are auto committed', __FUNCTION__);
}
- $result = $this->_doQuery('COMMIT TRANSACTION', true);
+ if (null !== $savepoint) {
+ return MDB2_OK;
+ }
+
+ $result =& $this->_doQuery('COMMIT TRANSACTION', true);
if (PEAR::isError($result)) {
return $result;
}
@@ -218,25 +297,110 @@
// {{{ rollback()
/**
- * Cancel any database changes done during a transaction that is in
- * progress.
+ * Cancel any database changes done during a transaction or since a specific
+ * savepoint that is in progress. This function may only be called when
+ * auto-committing is disabled, otherwise it will fail. Therefore, a new
+ * transaction is implicitly started after canceling the pending changes.
+ *
+ * @param string $savepoint name of a savepoint to rollback to
*
* @return mixed MDB2_OK on success, a MDB2 error on failure
* @access public
*/
- function rollback()
+ function rollback($savepoint = null)
{
- $this->debug('rolling back transaction', 'rollback');
+ $this->debug('Rolling back transaction/savepoint', __FUNCTION__, array('is_manip' => true, 'savepoint' => $savepoint));
if (!$this->in_transaction) {
- return $this->raiseError(MDB2_ERROR, null, null,
- 'rollback: transactions can not be rolled back when changes are auto committed');
+ return $this->raiseError(MDB2_ERROR_INVALID, null, null,
+ 'rollback cannot be done changes are auto committed', __FUNCTION__);
}
- $result = $this->_doQuery('ROLLBACK TRANSACTION', true);
+ if (null !== $savepoint) {
+ $query = 'ROLLBACK TRANSACTION '.$savepoint;
+ return $this->_doQuery($query, true);
+ }
+
+ $result =& $this->_doQuery('ROLLBACK TRANSACTION', true);
if (PEAR::isError($result)) {
return $result;
}
$this->in_transaction = false;
return MDB2_OK;
+ }
+
+ // }}}
+ // {{{ _doConnect()
+
+ /**
+ * do the grunt work of the connect
+ *
+ * @param string $username
+ * @param string $password
+ * @param boolean $persistent
+ *
+ * @return connection on success or MDB2 Error Object on failure
+ * @access protected
+ */
+ function _doConnect($username, $password, $persistent = false)
+ {
+ if ( !PEAR::loadExtension($this->phptype)
+ && !PEAR::loadExtension('sybase_ct')
+ && !PEAR::loadExtension('odbtp')
+ && !function_exists('mssql_connect')
+ ) {
+ return $this->raiseError(MDB2_ERROR_NOT_FOUND, null, null,
+ 'extension '.$this->phptype.' is not compiled into PHP', __FUNCTION__);
+ }
+
+ $params = array(
+ $this->dsn['hostspec'] ? $this->dsn['hostspec'] : 'localhost',
+ $username ? $username : null,
+ $password ? $password : null,
+ );
+ if ($this->dsn['port']) {
+ $params[0].= ((substr(PHP_OS, 0, 3) == 'WIN') ? ',' : ':').$this->dsn['port'];
+ }
+ if (!$persistent) {
+ if ($this->_isNewLinkSet()) {
+ $params[] = true;
+ } else {
+ $params[] = false;
+ }
+ }
+
+ $connect_function = $persistent ? 'mssql_pconnect' : 'mssql_connect';
+
+ $connection = @call_user_func_array($connect_function, $params);
+ if ($connection <= 0) {
+ return $this->raiseError(MDB2_ERROR_CONNECT_FAILED, null, null,
+ 'unable to establish a connection', __FUNCTION__, __FUNCTION__);
+ }
+
+ @mssql_query('SET ANSI_NULL_DFLT_ON ON', $connection);
+
+ /*
+ if (!empty($this->dsn['charset'])) {
+ $result = $this->setCharset($this->dsn['charset'], $connection);
+ if (PEAR::isError($result)) {
+ return $result;
+ }
+ }
+ */
+
+ if ((bool)ini_get('mssql.datetimeconvert')) {
+ // his isn't the most elegant way of doing it but it prevents from
+ // breaking anything thus preserves BC. Bug #11849
+ if (isset($this->options['datetimeconvert']) && (bool)$this->options['datetimeconvert'] !== false) {
+ @ini_set('mssql.datetimeconvert', '1');
+ } else {
+ @ini_set('mssql.datetimeconvert', '0');
+ }
+ }
+
+ if (empty($this->dsn['disable_iso_date'])) {
+ @mssql_query('SET DATEFORMAT ymd', $connection);
+ }
+
+ return $connection;
}
// }}}
@@ -250,7 +414,8 @@
function connect()
{
if (is_resource($this->connection)) {
- if (count(array_diff($this->connected_dsn, $this->dsn)) == 0
+ //if (count(array_diff($this->connected_dsn, $this->dsn)) == 0
+ if (MDB2::areEquals($this->connected_dsn, $this->dsn)
&& $this->opened_persistent == $this->options['persistent']
) {
return MDB2_OK;
@@ -258,26 +423,13 @@
$this->disconnect(false);
}
- if (!PEAR::loadExtension($this->phptype)) {
- return $this->raiseError(MDB2_ERROR_NOT_FOUND, null, null,
- 'connect: extension '.$this->phptype.' is not compiled into PHP');
- }
-
- $params = array(
- $this->dsn['hostspec'] ? $this->dsn['hostspec'] : 'localhost',
- $this->dsn['username'] ? $this->dsn['username'] : null,
- $this->dsn['password'] ? $this->dsn['password'] : null,
+ $connection = $this->_doConnect(
+ $this->dsn['username'],
+ $this->dsn['password'],
+ $this->options['persistent']
);
- if ($this->dsn['port']) {
- $params[0].= ((substr(PHP_OS, 0, 3) == 'WIN') ? ',' : ':')
- . $this->dsn['port'];
- }
-
- $connect_function = $this->options['persistent'] ? 'mssql_pconnect' : 'mssql_connect';
-
- $connection = @call_user_func_array($connect_function, $params);
- if ($connection <= 0) {
- return $this->raiseError(MDB2_ERROR_CONNECT_FAILED);
+ if (PEAR::isError($connection)) {
+ return $connection;
}
$this->connection = $connection;
@@ -286,12 +438,53 @@
$this->opened_persistent = $this->options['persistent'];
$this->dbsyntax = $this->dsn['dbsyntax'] ? $this->dsn['dbsyntax'] : $this->phptype;
- if ((bool) ini_get('mssql.datetimeconvert')) {
- ini_set('mssql.datetimeconvert', '0');
- }
- @mssql_query('SET DATEFORMAT ymd', $this->connection);
+ if ($this->database_name) {
+ if ($this->database_name != $this->connected_database_name) {
+ if (!@mssql_select_db($this->database_name, $connection)) {
+ $err = $this->raiseError(null, null, null,
+ 'Could not select the database: '.$this->database_name, __FUNCTION__);
+ return $err;
+ }
+ $this->connected_database_name = $this->database_name;
+ }
+ }
return MDB2_OK;
+ }
+
+ // }}}
+ // {{{ databaseExists()
+
+ /**
+ * check if given database name is exists?
+ *
+ * @param string $name name of the database that should be checked
+ *
+ * @return mixed true/false on success, a MDB2 error on failure
+ * @access public
+ */
+ function databaseExists($name)
+ {
+ $connection = $this->_doConnect($this->dsn['username'],
+ $this->dsn['password'],
+ $this->options['persistent']);
+ if (PEAR::isError($connection)) {
+ return $connection;
+ }
+
+ $result = @mssql_select_db($name, $connection);
+ $errorInfo = $this->errorInfo(null, $connection);
+ @mssql_close($connection);
+ if (!$result) {
+ if ($errorInfo[0] != MDB2_ERROR_NOT_FOUND) {
+ exit;
+ $result = $this->raiseError($errorInfo[0], null, null, $errorInfo[2], __FUNCTION__);
+ return $result;
+ }
+ $result = false;
+ }
+
+ return $result;
}
// }}}
@@ -300,6 +493,8 @@
/**
* Log out and disconnect from the database.
*
+ * @param boolean $force if the disconnect should be forced even if the
+ * connection is opened persistently
* @return mixed true on success, false if not connected and error
* object on error
* @access public
@@ -307,12 +502,66 @@
function disconnect($force = true)
{
if (is_resource($this->connection)) {
- if (!$this->opened_persistent || $force) {
- @mssql_close($this->connection);
+ if ($this->in_transaction) {
+ $dsn = $this->dsn;
+ $database_name = $this->database_name;
+ $persistent = $this->options['persistent'];
+ $this->dsn = $this->connected_dsn;
+ $this->database_name = $this->connected_database_name;
+ $this->options['persistent'] = $this->opened_persistent;
+ $this->rollback();
+ $this->dsn = $dsn;
+ $this->database_name = $database_name;
+ $this->options['persistent'] = $persistent;
}
- $this->connection = 0;
+
+ if (!$this->opened_persistent || $force) {
+ $ok = @mssql_close($this->connection);
+ if (!$ok) {
+ return $this->raiseError(MDB2_ERROR_DISCONNECT_FAILED,
+ null, null, null, __FUNCTION__);
+ }
+ }
+ } else {
+ return false;
}
- return MDB2_OK;
+ return parent::disconnect($force);
+ }
+
+ // }}}
+ // {{{ standaloneQuery()
+
+ /**
+ * execute a query as DBA
+ *
+ * @param string $query the SQL query
+ * @param mixed $types array that contains the types of the columns in
+ * the result set
+ * @param boolean $is_manip if the query is a manipulation query
+ * @return mixed MDB2_OK on success, a MDB2 error on failure
+ * @access public
+ */
+ function standaloneQuery($query, $types = null, $is_manip = false)
+ {
+ $user = $this->options['DBA_username']? $this->options['DBA_username'] : $this->dsn['username'];
+ $pass = $this->options['DBA_password']? $this->options['DBA_password'] : $this->dsn['password'];
+ $connection = $this->_doConnect($user, $pass, $this->options['persistent']);
+ if (PEAR::isError($connection)) {
+ return $connection;
+ }
+
+ $offset = $this->offset;
+ $limit = $this->limit;
+ $this->offset = $this->limit = 0;
+ $query = $this->_modifyQuery($query, $is_manip, $limit, $offset);
+
+ $result = $this->_doQuery($query, $is_manip, $connection, $this->database_name);
+ if (!PEAR::isError($result)) {
+ $result = $this->_affectedRows($connection, $result);
+ }
+
+ @mssql_close($connection);
+ return $result;
}
// }}}
@@ -321,38 +570,43 @@
/**
* Execute a query
* @param string $query query
- * @param boolean $isManip if the query is a manipulation query
+ * @param boolean $is_manip if the query is a manipulation query
* @param resource $connection
* @param string $database_name
* @return result or error object
* @access protected
*/
- function _doQuery($query, $isManip = false, $connection = null, $database_name = null)
+ function _doQuery($query, $is_manip = false, $connection = null, $database_name = null)
{
$this->last_query = $query;
- $this->debug($query, 'query');
- if ($this->getOption('disable_query')) {
- if ($isManip) {
- return 0;
+ $result = $this->debug($query, 'query', array('is_manip' => $is_manip, 'when' => 'pre'));
+ if ($result) {
+ if (PEAR::isError($result)) {
+ return $result;
}
- return null;
+ $query = $result;
+ }
+ if ($this->options['disable_query']) {
+ $result = $is_manip ? 0 : null;
+ return $result;
}
- if (is_null($connection)) {
- $err = $this->connect();
- if (PEAR::isError($err)) {
- return $err;
+ if (null === $connection) {
+ $connection = $this->getConnection();
+ if (PEAR::isError($connection)) {
+ return $connection;
}
- $connection = $this->connection;
}
- if (is_null($database_name)) {
+ if (null === $database_name) {
$database_name = $this->database_name;
}
if ($database_name) {
if ($database_name != $this->connected_database_name) {
if (!@mssql_select_db($database_name, $connection)) {
- return $this->raiseError();
+ $err = $this->raiseError(null, null, null,
+ 'Could not select the database: '.$database_name, __FUNCTION__);
+ return $err;
}
$this->connected_database_name = $database_name;
}
@@ -360,13 +614,35 @@
$result = @mssql_query($query, $connection);
if (!$result) {
- return $this->raiseError();
+ $err = $this->raiseError(null, null, null,
+ 'Could not execute statement', __FUNCTION__);
+ return $err;
}
- if ($isManip) {
- return @mssql_rows_affected($connection);
- }
+ $this->debug($query, 'query', array('is_manip' => $is_manip, 'when' => 'post', 'result' => $result));
return $result;
+ }
+
+ // }}}
+ // {{{ _affectedRows()
+
+ /**
+ * Returns the number of rows affected
+ *
+ * @param resource $result
+ * @param resource $connection
+ * @return mixed MDB2 Error Object or the number of rows affected
+ * @access private
+ */
+ function _affectedRows($connection, $result = null)
+ {
+ if (null === $connection) {
+ $connection = $this->getConnection();
+ if (PEAR::isError($connection)) {
+ return $connection;
+ }
+ }
+ return @mssql_rows_affected($connection);
}
// }}}
@@ -376,49 +652,101 @@
* Changes a query string for various DBMS specific reasons
*
* @param string $query query to modify
- * @return the new (modified) query
+ * @param boolean $is_manip if it is a DML query
+ * @param integer $limit limit the number of rows
+ * @param integer $offset start reading from given offset
+ * @return string modified query
* @access protected
*/
- function _modifyQuery($query, $isManip, $limit, $offset)
+ function _modifyQuery($query, $is_manip, $limit, $offset)
{
if ($limit > 0) {
$fetch = $offset + $limit;
- if (!$isManip) {
- return preg_replace('/^([\s(])*SELECT(?!\s*TOP\s*\()/i',
- "\\1SELECT TOP $fetch", $query);
+ if (!$is_manip) {
+ return preg_replace('/^([\s(])*SELECT( DISTINCT)?(?!\s*TOP\s*\()/i',
+ "\\1SELECT\\2 TOP $fetch", $query);
}
}
return $query;
}
+
+ // }}}
+ // {{{ getServerVersion()
+
+ /**
+ * return version information about the server
+ *
+ * @param bool $native determines if the raw version string should be returned
+ * @return mixed array/string with version information or MDB2 error object
+ * @access public
+ */
+ function getServerVersion($native = false)
+ {
+ if ($this->connected_server_info) {
+ $server_info = $this->connected_server_info;
+ } else {
+ $query = 'SELECT @@VERSION';
+ $server_info = $this->queryOne($query, 'text');
+ if (PEAR::isError($server_info)) {
+ return $server_info;
+ }
+ }
+ // cache server_info
+ $this->connected_server_info = $server_info;
+ if (!$native && !PEAR::isError($server_info)) {
+ if (preg_match('/(\d+)\.(\d+)\.(\d+)/', $server_info, $tmp)) {
+ $server_info = array(
+ 'major' => $tmp[1],
+ 'minor' => $tmp[2],
+ 'patch' => $tmp[3],
+ 'extra' => null,
+ 'native' => $server_info,
+ );
+ } else {
+ $server_info = array(
+ 'major' => null,
+ 'minor' => null,
+ 'patch' => null,
+ 'extra' => null,
+ 'native' => $server_info,
+ );
+ }
+ }
+ return $server_info;
+ }
+
// }}}
// {{{ _checkSequence
+
/**
* Checks if there's a sequence that exists.
*
* @param string $seq_name The sequence name to verify.
- * @return bool $tableExists The value if the table exists or not
+ * @return bool $tableExists The value if the table exists or not
* @access private
*/
function _checkSequence($seq_name)
{
- $query = "SELECT * FROM $seq_name";
+ $query = "SELECT * FROM $seq_name";
$tableExists = $this->_doQuery($query, true);
if (PEAR::isError($tableExists)) {
if ($tableExists->getCode() == MDB2_ERROR_NOSUCHTABLE) {
- return 0;
+ return false;
}
- } else {
- return 1;
+ //return $tableExists;
+ return false;
}
+ return mssql_result($tableExists, 0, 0);
}
+
// }}}
// {{{ nextID()
/**
- * returns the next free id of a sequence
+ * Returns the next free id of a sequence
*
* @param string $seq_name name of the sequence
- * @param boolean $ondemand when true the seqence is
+ * @param boolean $ondemand when true the sequence is
* automatic created, if it
* not exists
*
@@ -427,66 +755,104 @@
*/
function nextID($seq_name, $ondemand = true)
{
- $sequence_name = $this->getSequenceName($seq_name);
- if (!$this->_checkSequence($sequence_name)) {
- $query = "INSERT INTO $sequence_name (".$this->options['seqcol_name'].") VALUES (0)";
- } else {
- $query = "SET IDENTITY_INSERT $sequence_name ON ".
- "INSERT INTO $sequence_name (".$this->options['seqcol_name'].") VALUES (0)";
- }
+ $sequence_name = $this->quoteIdentifier($this->getSequenceName($seq_name), true);
+ $seqcol_name = $this->quoteIdentifier($this->options['seqcol_name'], true);
+ $this->pushErrorHandling(PEAR_ERROR_RETURN);
$this->expectError(MDB2_ERROR_NOSUCHTABLE);
+
+ $seq_val = $this->_checkSequence($sequence_name);
+
+ if ($seq_val) {
+ $query = "SET IDENTITY_INSERT $sequence_name OFF ".
+ "INSERT INTO $sequence_name DEFAULT VALUES";
+ } else {
+ $query = "INSERT INTO $sequence_name ($seqcol_name) VALUES (0)";
+ }
$result = $this->_doQuery($query, true);
$this->popExpect();
+ $this->popErrorHandling();
if (PEAR::isError($result)) {
if ($ondemand && !$this->_checkSequence($sequence_name)) {
- $this->loadModule('Manager');
- // Since we are creating the sequence on demand
- // we know the first id = 1 so initialize the
- // sequence at 2
- $result = $this->manager->createSequence($seq_name, 2);
+ $this->loadModule('Manager', null, true);
+ $result = $this->manager->createSequence($seq_name);
if (PEAR::isError($result)) {
- return $this->raiseError(MDB2_ERROR, null, null,
- 'nextID: on demand sequence '.$seq_name.' could not be created');
+ return $this->raiseError($result, null, null,
+ 'on demand sequence '.$seq_name.' could not be created', __FUNCTION__);
} else {
- // First ID of a newly created sequence is 1
- return 1;
+ /**
+ * Little off-by-one problem with the sequence emulation
+ * here being fixed, that instead of re-calling nextID
+ * and forcing an increment by one, we simply check if it
+ * exists, then we get the last inserted id if it does.
+ *
+ * In theory, $seq_name should be created otherwise there would
+ * have been an error thrown somewhere up there..
+ *
+ * @todo confirm
+ */
+ if ($this->_checkSequence($seq_name)) {
+ return $this->lastInsertID($seq_name);
+ }
+
+ return $this->nextID($seq_name, false);
}
}
return $result;
}
-
- // TODO: Make sure that this works.
- $value = $this->queryRow("SELECT @@IDENTITY", 'integer');
+ $value = $this->lastInsertID($sequence_name);
if (is_numeric($value)) {
- $query = "DELETE FROM $sequence_name WHERE ".
- $this->options['seqcol_name']." < $value";
+ $query = "DELETE FROM $sequence_name WHERE $seqcol_name < $value";
$result = $this->_doQuery($query, true);
-
if (PEAR::isError($result)) {
- $this->warnings[] = 'nextID: could not delete previous sequence table values';
+ $this->warnings[] = 'nextID: could not delete previous sequence table values from '.$seq_name;
}
}
return $value;
}
+
// }}}
// {{{ lastInsertID()
+
/**
- * returns the autoincrement ID if supported or $id
+ * Returns the autoincrement ID if supported or $id or fetches the current
+ * ID in a sequence called: $table.(empty($field) ? '' : '_'.$field)
*
- * @param mixed $id value as returned by getBeforeId()
* @param string $table name of the table into which a new row was inserted
+ * @param string $field name of the field into which a new row was inserted
+ *
* @return mixed MDB2 Error Object or id
* @access public
*/
function lastInsertID($table = null, $field = null)
{
- return $this->queryOne("SELECT @@IDENTITY FROM $table", 'integer');
+ $server_info = $this->getServerVersion();
+ if (is_array($server_info) && (null !== $server_info['major'])
+ && $server_info['major'] >= 8
+ ) {
+ $query = "SELECT IDENT_CURRENT('$table')";
+ } else {
+ $query = "SELECT @@IDENTITY";
+ if (null !== $table) {
+ $query .= ' FROM '.$this->quoteIdentifier($table, true);
+ }
+ }
+
+ return $this->queryOne($query, 'integer');
}
+
// }}}
}
+
// }}}
// {{{ Class MDB2_Result_mssql
+/**
+ * MDB2 MSSQL Server result driver
+ *
+ * @package MDB2
+ * @category Database
+ * @author Frank M. Kromann <frank@kromann.info>
+ */
class MDB2_Result_mssql extends MDB2_Result_Common
{
// {{{ _skipLimitOffset()
@@ -508,7 +874,7 @@
if ($this->offset) {
while ($this->offset_count < $this->offset) {
++$this->offset_count;
- if (!is_array(@mysql_fetch_row($this->result))) {
+ if (!is_array(@mssql_fetch_row($this->result))) {
$this->offset_count = $this->limit;
return false;
}
@@ -523,18 +889,18 @@
/**
* Fetch a row and insert the data into an existing array.
*
- * @param int $fetchmode how the array data should be indexed
- * @param int $rownum number of the row where the data can be found
+ * @param int $fetchmode how the array data should be indexed
+ * @param int $rownum number of the row where the data can be found
+ *
* @return int data array on success, a MDB2 error on failure
* @access public
*/
- function &fetchRow($fetchmode = MDB2_FETCHMODE_DEFAULT, $rownum = null)
+ function fetchRow($fetchmode = MDB2_FETCHMODE_DEFAULT, $rownum = null)
{
if (!$this->_skipLimitOffset()) {
- $null = null;
- return $null;
+ return null;
}
- if (!is_null($rownum)) {
+ if (null !== $rownum) {
$seek = $this->seek($rownum);
if (PEAR::isError($seek)) {
return $seek;
@@ -554,29 +920,38 @@
$row = @mssql_fetch_row($this->result);
}
if (!$row) {
- if (is_null($this->result)) {
- $err =& $this->db->raiseError(MDB2_ERROR_NEED_MORE_DATA, null, null,
- 'fetchRow: resultset has already been freed');
+ if (false === $this->result) {
+ $err = $this->db->raiseError(MDB2_ERROR_NEED_MORE_DATA, null, null,
+ 'resultset has already been freed', __FUNCTION__);
return $err;
}
- $null = null;
- return $null;
+ return null;
}
- if ($this->db->options['portability'] & MDB2_PORTABILITY_EMPTY_TO_NULL) {
- $this->db->_fixResultArrayValues($row, MDB2_PORTABILITY_EMPTY_TO_NULL);
+ $mode = $this->db->options['portability'] & MDB2_PORTABILITY_EMPTY_TO_NULL;
+ $rtrim = false;
+ if ($this->db->options['portability'] & MDB2_PORTABILITY_RTRIM) {
+ if (empty($this->types)) {
+ $mode += MDB2_PORTABILITY_RTRIM;
+ } else {
+ $rtrim = true;
+ }
+ }
+ if ($mode) {
+ $this->db->_fixResultArrayValues($row, $mode);
+ }
+ if (!empty($this->types)) {
+ $row = $this->db->datatype->convertResultRow($this->types, $row, $rtrim);
}
if (!empty($this->values)) {
$this->_assignBindColumns($row);
- }
- if (!empty($this->types)) {
- $row = $this->db->datatype->convertResultRow($this->types, $row);
}
if ($fetchmode === MDB2_FETCHMODE_OBJECT) {
$object_class = $this->db->options['fetch_class'];
if ($object_class == 'stdClass') {
$row = (object) $row;
} else {
- $row = &new $object_class($row);
+ $rowObj = new $object_class($row);
+ $row = $rowObj;
}
}
++$this->rownum;
@@ -589,17 +964,10 @@
/**
* Retrieve the names of columns returned by the DBMS in a query result.
*
- * @param resource $result result identifier
- * @return mixed an associative array variable
- * that will hold the names of columns. The
- * indexes of the array are the column names
- * mapped to lower case and the values are the
- * respective numbers of the columns starting
- * from 0. Some DBMS may not return any
- * columns when the result set does not
- * contain any rows.
- *
- * a MDB2 error on failure
+ * @return mixed Array variable that holds the names of columns as keys
+ * or an MDB2 error on failure.
+ * Some DBMS may not return any columns when the result set
+ * does not contain any rows.
* @access private
*/
function _getColumnNames()
@@ -632,12 +1000,16 @@
function numCols()
{
$cols = @mssql_num_fields($this->result);
- if (is_null($cols)) {
- if (is_null($this->result)) {
+ if (null === $cols) {
+ if (false === $this->result) {
return $this->db->raiseError(MDB2_ERROR_NEED_MORE_DATA, null, null,
- 'numCols: resultset has already been freed');
+ 'resultset has already been freed', __FUNCTION__);
}
- return $this->db->raiseError();
+ if (null === $this->result) {
+ return count($this->types);
+ }
+ return $this->db->raiseError(null, null, null,
+ 'Could not get column count', __FUNCTION__);
}
return $cols;
}
@@ -647,16 +1019,18 @@
/**
* Move the internal result pointer to the next available result
- * Currently not supported
*
- * @return true if a result is available otherwise return false
+ * @return true on success, false if there is no more result set or an error object on failure
* @access public
*/
function nextResult()
{
- if (is_null($this->result)) {
+ if (false === $this->result) {
return $this->db->raiseError(MDB2_ERROR_NEED_MORE_DATA, null, null,
- 'nextResult: resultset has already been freed');
+ 'resultset has already been freed', __FUNCTION__);
+ }
+ if (null === $this->result) {
+ return false;
}
return @mssql_next_result($this->result);
}
@@ -672,48 +1046,64 @@
*/
function free()
{
- $free = @mssql_free_result($this->result);
- if (!$free) {
- if (is_null($this->result)) {
- return MDB2_OK;
+ if (is_resource($this->result) && $this->db->connection) {
+ $free = @mssql_free_result($this->result);
+ if (false === $free) {
+ return $this->db->raiseError(null, null, null,
+ 'Could not free result', __FUNCTION__);
}
- return $this->db->raiseError();
}
- $this->result = null;
+ $this->result = false;
return MDB2_OK;
}
+
+ // }}}
}
+// }}}
+// {{{ class MDB2_BufferedResult_mssql
+
+/**
+ * MDB2 MSSQL Server buffered result driver
+ *
+ * @package MDB2
+ * @category Database
+ * @author Frank M. Kromann <frank@kromann.info>
+ */
class MDB2_BufferedResult_mssql extends MDB2_Result_mssql
{
- // }}}
// {{{ seek()
/**
- * seek to a specific row in a result set
- *
- * @param int $rownum number of the row where the data can be found
- * @return mixed MDB2_OK on success, a MDB2 error on failure
- * @access public
- */
+ * Seek to a specific row in a result set
+ *
+ * @param int $rownum number of the row where the data can be found
+ *
+ * @return mixed MDB2_OK on success, a MDB2 error on failure
+ * @access public
+ */
function seek($rownum = 0)
{
if ($this->rownum != ($rownum - 1) && !@mssql_data_seek($this->result, $rownum)) {
- if (is_null($this->result)) {
+ if (false === $this->result) {
return $this->db->raiseError(MDB2_ERROR_NEED_MORE_DATA, null, null,
- 'seek: resultset has already been freed');
+ 'resultset has already been freed', __FUNCTION__);
+ }
+ if (null === $this->result) {
+ return MDB2_OK;
}
return $this->db->raiseError(MDB2_ERROR_INVALID, null, null,
- 'seek: tried to seek to an invalid row number ('.$rownum.')');
+ 'tried to seek to an invalid row number ('.$rownum.')', __FUNCTION__);
}
$this->rownum = $rownum - 1;
return MDB2_OK;
}
+ // }}}
// {{{ valid()
/**
- * check if the end of the result set has been reached
+ * Check if the end of the result set has been reached
*
* @return mixed true or false on sucess, a MDB2 error on failure
* @access public
@@ -731,7 +1121,7 @@
// {{{ numRows()
/**
- * returns the number of rows in a result object
+ * Returns the number of rows in a result object
*
* @return mixed MDB2 Error Object or the number of rows
* @access public
@@ -739,15 +1129,22 @@
function numRows()
{
$rows = @mssql_num_rows($this->result);
- if (is_null($rows)) {
- if (is_null($this->result)) {
+ if (null === $rows) {
+ if (false === $this->result) {
return $this->db->raiseError(MDB2_ERROR_NEED_MORE_DATA, null, null,
- 'numRows: resultset has already been freed');
+ 'resultset has already been freed', __FUNCTION__);
}
- return $this->raiseError();
+ if (null === $this->result) {
+ return 0;
+ }
+ return $this->db->raiseError(null, null, null,
+ 'Could not get row count', __FUNCTION__);
}
if ($this->limit) {
- $rows -= $this->limit;
+ $rows -= $this->offset;
+ if ($rows > $this->limit + 1) {
+ $rows = $this->limit + 1;
+ }
if ($rows < 0) {
$rows = 0;
}
@@ -755,12 +1152,21 @@
return $rows;
}
}
+
// }}}
// {{{ MDB2_Statement_mssql
+
+/**
+ * MDB2 MSSQL Server statement driver
+ *
+ * @package MDB2
+ * @category Database
+ * @author Frank M. Kromann <frank@kromann.info>
+ */
class MDB2_Statement_mssql extends MDB2_Statement_Common
{
}
-// }}}
-?>
+// }}}
+?>
\ No newline at end of file
--
Gitblit v1.9.1