Mahara

Update library: ADODB to 5.21.1 (incl. security)

Bug #1940611 reported by Doris Tam on 2021-08-20

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	High	Doris Tam	Mahara 21.10.0

Bug Description

Security - 5.21.0 incl.5.21.0-beta.1 - 2020-12-20
- adodb: prevent SQL injection in SelectLimit()
- session: add 'httponly' flag to cookie

Minor - Deprecation
- mysqli: Deprecate $optionFlags property in favor
of standard setConnectionParameter() method

Doris Tam (doristam) on 2021-08-20

Changed in mahara:
assignee:	nobody → Doris Tam (doristam)
assignee:	Doris Tam (doristam) → nobody
summary:	- Update library: ADODB to 5.21.1 + Update library: ADODB to 5.21.1 (incl. security)

Doris Tam (doristam) on 2021-08-20

Changed in mahara:
assignee:	nobody → Doris Tam (doristam)
status:	New → Incomplete
status:	Incomplete → In Progress

Revision history for this message

Doris Tam (doristam) wrote on 2021-08-22:

https://reviews.mahara.org/11927

Kristina Hoeppner (kris-hoeppner) on 2021-08-24

information type:	Public → Public Security
Changed in mahara:
importance:	Undecided → High

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2021-09-30:

Reviewed: https://reviews.mahara.org/12045
Committed: https://git.mahara.org/mahara/mahara/commit/adeb066d29ec4c65fea26c26b83afcfebf8cbc7a
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit adeb066d29ec4c65fea26c26b83afcfebf8cbc7a
Author: Doris Tam <email address hidden>
Date: Thu Sep 30 13:49:52 2021 +1300

Bug 1940611 - Update README.Mahara on removed files

Change-Id: I32e15b7f9088c385d6ef46da581044a498a7722f

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2021-09-30: A change has been merged

Reviewed: https://reviews.mahara.org/11932
Committed: https://git.mahara.org/mahara/mahara/commit/de28747b60d5dbf03c479bf4255fc1195655610e
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit de28747b60d5dbf03c479bf4255fc1195655610e
Author: Robert Lyon <email address hidden>
Date: Mon Aug 15 12:27:03 2016 +1200

Bug 1940611 - ADODB customisation: Modified session variable setting in ADOdb adodb-pager.inc.php

Change-Id: I752b9fee75e789eb78278c7f2d96a3be2c128520

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2021-09-30:

Reviewed: https://reviews.mahara.org/11931
Committed: https://git.mahara.org/mahara/mahara/commit/1144f6c9f549947328501742afacf92f9db068b0
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 1144f6c9f549947328501742afacf92f9db068b0
Author: Doris Tam <email address hidden>
Date: Mon Aug 23 15:20:48 2021 +1200

Bug 1940611 - ADODB customisation: Check for valid columns in adodb postgres64 driver MetaIndexes fn

Change-Id: I3d640ad3aa75c70478418d370857d000d19cd0d4

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2021-09-30:

Reviewed: https://reviews.mahara.org/11934
Committed: https://git.mahara.org/mahara/mahara/commit/50286d3e06301d1ae8d864f59d1f33b32de77763
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 50286d3e06301d1ae8d864f59d1f33b32de77763
Author: Robert Lyon <email address hidden>
Date: Mon Aug 10 12:39:36 2015 +1200

Bug 1940611 - ADODB customisation: Escaping names when showing table / index

Change-Id: Ib26f3a5390a43b2e8dd89e3d2ad74d2d616c9139

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2021-09-30:

Reviewed: https://reviews.mahara.org/11927
Committed: https://git.mahara.org/mahara/mahara/commit/6cb280062d3b9f0b03854a353ad8de4732d8d6bb
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 6cb280062d3b9f0b03854a353ad8de4732d8d6bb
Author: Doris Tam <email address hidden>
Date: Fri Aug 20 17:06:40 2021 +1200

Security bug 1940611: Update ADODB to 5.21.1

Removed 'ADODB_ASSOC_CASE_* calls...' customisation as it's not needed
anymore.

Change-Id: I82f67ab97b5f2520becb4e7040c6ce5ff8feb010

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2021-09-30:

Reviewed: https://reviews.mahara.org/11928
Committed: https://git.mahara.org/mahara/mahara/commit/88f2803e00d9e88d867e0481da9715c25da35335
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 88f2803e00d9e88d867e0481da9715c25da35335
Author: Martin Langhoff <email address hidden>
Date: Sat Dec 1 23:54:23 2007 +1300

Bug 1940611 - ADODB customisation: RecordSet_postgres7->MoveNext() - remove expensive is_array()

And implicit count() of the array keys/columns. This shaves a good 5%
of the exec time of get_records('config')

(cherry picked from commit 4652e5617d9616e3f61e78df5a4c863e16ac5634)

Change-Id: Id23af8aa2ce36c0e94bcdaf1bf6c1479030e5eed
Signed-off-by: Francois Marier <email address hidden>

Robert Lyon (robertl-9) on 2021-09-30

Changed in mahara:
status:	In Progress → Fix Committed

Robert Lyon (robertl-9) on 2021-10-28

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.