Remove the check for SQL "from" and "join" from minaccept script
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Aaron Wells | ||
1.10 |
Fix Released
|
High
|
Unassigned | ||
1.8 |
Fix Released
|
High
|
Unassigned | ||
1.9 |
Fix Released
|
High
|
Unassigned |
Bug Description
When you use Mahara's makefile to push a patch to reviews.mahara.org, it runs a minaccept script which checks for various simple errors. One of the things it includes is a check for the word "from" or "join" not followed by a curly bracket. The idea is that this is supposed to be a check for SQL queries that haven't properly escaped table names. In order to support the $cfg->dbprefix setting, raw SQL is supposed to surround table names with curly brackets, e.g. "select * from {view}".
The problem is, this check throws a LOT of false positives, because the word "from" is a common English word, often used in comments, function names, and variables. It also throws a false positive if you format a multi-line query so that "from" is on a line by itself (which I like to do). These false positives then lead people to ignore the rest of the output from the minaccept script.
Robert suggested that we should do this:
1. Drop the from/join check in minaccept
2. Update the Behat test so that it runs with a $cfg->dbprefix setting, so that running the Behat tests will help check for problems with this.
description: | updated |
Changed in mahara: | |
status: | In Progress → Fix Committed |
milestone: | none → 15.04.0 |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
Patch for "master" branch: https:/ /reviews. mahara. org/4245