date:20180725

[PHP-QA] com web/qa: Use prepared statements: reports/details.php reports/parserfunc.php reports/run_tests.php reports/viewreports.php

2018-07-25 Thread Christoph Michael Becker

Commit:77ab09143f7d7cb941db5aa256d9290487a9a3ec
Author:Christoph M. Becker  Wed, 25 Jul 2018 
16:06:14 +0200
Parents:   0452e9b401061e97f099ce8af2d5feff7f420274
Branches:  master

Link:   
http://git.php.net/?p=web/qa.git;a=commitdiff;h=77ab09143f7d7cb941db5aa256d9290487a9a3ec

Log:
Use prepared statements

“Oh, yes. Little Bobby Tables, we call him.”

Changed paths:
  M  reports/details.php
  M  reports/parserfunc.php
  M  reports/run_tests.php
  M  reports/viewreports.php

diff --git a/reports/details.php b/reports/details.php
index 80709c2..0a6700d 100644
--- a/reports/details.php
+++ b/reports/details.php
@@ -41,15 +41,19 @@ if (!$database) {
 }
 
 // GET infos from DB
-$query = 'SELECT reports.* FROM failed JOIN reports ON 
reports.id=failed.id_report WHERE signature=X\''.$signature.'\'';
-
-$q = $database->query($query);
+$query = 'SELECT reports.* FROM failed JOIN reports ON 
reports.id=failed.id_report WHERE signature=:signature';
+$stmt = $database->prepare($query);
+$stmt->bindValue(':signature', hex2bin($signature), SQLITE3_BLOB);
+$q = $stmt->execute();
 $reportsArray = array();
 while ($tab = $q->fetchArray(SQLITE3_ASSOC)) {
 $reportsArray[$tab['id']] = $tab;
 }
 
-$tab = $database->query('SELECT test_name FROM failed WHERE 
signature=X\''.$signature.'\' LIMIT 1');
+$query = 'SELECT test_name FROM failed WHERE signature=:signature LIMIT 1';
+$stmt = $database->prepare($query);
+$stmt->bindValue(':signature', hex2bin($signature), SQLITE3_BLOB);
+$tab = $database->query($query);
 list($testName) = $tab->fetchArray(SQLITE3_NUM);
 
 // We stop everything
diff --git a/reports/parserfunc.php b/reports/parserfunc.php
index 519ef0a..82ea966 100644
--- a/reports/parserfunc.php
+++ b/reports/parserfunc.php
@@ -108,19 +108,28 @@ function insertToDb_phpmaketest($array, $QA_RELEASES = 
array())
 // handle tests with no success
 if (!isset($array['succeededTest'])) $array['succeededTest'] = array();
 
-$query = "INSERT INTO `reports` (`id`, `date`, `status`, 
-`nb_failed`, `nb_expected_fail`, `success`, `build_env`, `phpinfo`, 
user_email) VALUES(null, 
-datetime(".((int) $array['date']).", 'unixepoch', 'localtime'), 
-".((int)$array['status']).", 
-".count($array['failedTest']).", 
-".count($array['expectedFailedTest']).", 
-".count($array['succeededTest']).", 
-('".$dbi->escapeString($array['buildEnvironment'])."'), 
-('".$dbi->escapeString($array['phpinfo'])."'),
-".(!$array['userEmail'] ? "NULL" : 
"'".$dbi->escapeString($array['userEmail'])."'")."
-)";
-
-$dbi->query($query);
+$query = <<<'SQL'
+INSERT INTO `reports` (
+`id`, `date`, `status`, `nb_failed`, `nb_expected_fail`, `success`, 
`build_env`, `phpinfo`, `user_email`
+) VALUES (
+null, datetime(:date, 'unixepoch', 'localtime'), :status, :nb_failed, 
+:nb_expected_fail, :success, :build_env, :phpinfo, :user_email
+)
+SQL;
+$stmt = $dbi->prepare($query);
+$stmt->bindValue(':date', (int) $array['date'], SQLITE3_INTEGER);
+$stmt->bindValue(':status', (int)$array['status'], SQLITE3_INTEGER);
+$stmt->bindValue(':nb_failed', count($array['failedTest']), 
SQLITE3_INTEGER);
+$stmt->bindValue(':nb_expected_fail', 
count($array['expectedFailedTest']), SQLITE3_INTEGER);
+$stmt->bindValue(':success', count($array['succeededTest']), 
SQLITE3_INTEGER);
+$stmt->bindValue(':build_env', $array['buildEnvironment'], 
SQLITE3_TEXT);
+$stmt->bindValue(':phpinfo', $array['phpinfo'], SQLITE3_TEXT);
+if (!$array['userEmail']) {
+$stmt->bindValue(':user_email', NULL, SQLITE3_NULL);
+} else {
+$stmt->bindValue(':user_email', $array['userEmail'], SQLITE3_TEXT);
+}
+$stmt->execute();
 if ($dbi->lastErrorCode() != '') {
 echo "ERROR: ".$dbi->lastErrorMsg()."\n";
 exit;
@@ -132,13 +141,17 @@ function insertToDb_phpmaketest($array, $QA_RELEASES = 
array())
 if (substr($name, 0, 1) != '/') $name = '/'.$name;
 
 $test = $array['tests'][$name];
-$query = "INSERT INTO `failed` 
-(`id`, `id_report`, `test_name`, signature, `output`, `diff`) 
VALUES(null, 
-'".$reportId."', '".$name."', 
-X'".md5($name.'__'.$test['diff'])."',
-('".$dbi->escapeString($test['output'])."'), 
('".$dbi->escapeString($test['diff'])."'))";
-
-@$dbi->query($query);
+$query = <<<'SQL'
+INSERT INTO `failed` (`id`, `id_report`, `test_name`, `signature`, `output`, 
`diff`)
+VALUES (null, :id_report, :test_name, :signature, :output, :diff)
+SQL;
+$stmt = $dbi->prepare($query);
+$stmt->bindValue(':id_report', $reportId, SQLITE3_INTEGER);
+$stmt->bindValue(':test_name', $name, SQLITE3_TEXT);
+$stmt->bindValue(':

[PHP-QA] com web/qa: Forbid usage of reports/test-insert.php: reports/test-insert.php

2018-07-25 Thread Christoph Michael Becker

Commit:0452e9b401061e97f099ce8af2d5feff7f420274
Author:Christoph M. Becker  Wed, 25 Jul 2018 
16:04:34 +0200
Parents:   3e036143980cbd629bb626db49c3d2e607e4423f
Branches:  master

Link:   
http://git.php.net/?p=web/qa.git;a=commitdiff;h=0452e9b401061e97f099ce8af2d5feff7f420274

Log:
Forbid usage of reports/test-insert.php

This script is for *local* testing purposes only, and better should not
run in the production environment.

Changed paths:
  M  reports/test-insert.php


Diff:
diff --git a/reports/test-insert.php b/reports/test-insert.php
index 83597a0..f0c73b8 100644
--- a/reports/test-insert.php
+++ b/reports/test-insert.php
@@ -16,6 +16,9 @@
 #  +--+
 #   $Id$
 
+header('HTTP/1.0 403 Forbidden');
+die('This script is for local testing purposes only! Uncomment these lines to 
use it.');
+
 error_reporting(E_ALL);
 
 require 'parserfunc.php';


--
PHP Quality Assurance Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-QA] com web/qa: Match expected failed and failed test filenames: reports/parserfunc.php

2018-07-25 Thread Christoph Michael Becker

Commit:271cdf420c877e55339ef921705dedcc2b6f1bfc
Author:Christoph M. Becker  Wed, 25 Jul 2018 
23:43:26 +0200
Parents:   5d9e7526a065b7d661bf5fee6c9aaf222f29ae83
Branches:  master

Link:   
http://git.php.net/?p=web/qa.git;a=commitdiff;h=271cdf420c877e55339ef921705dedcc2b6f1bfc

Log:
Match expected failed and failed test filenames

Presently, XFAIL test filenames don't have a leading slash, while the
filenames of failing tests do.  We add a leading slash to XFAIL
filenames for purely cosmetical reasons.

Changed paths:
  M  reports/parserfunc.php


Diff:
diff --git a/reports/parserfunc.php b/reports/parserfunc.php
index 6b58770..79eff75 100644
--- a/reports/parserfunc.php
+++ b/reports/parserfunc.php
@@ -159,6 +159,7 @@ SQL;
 }
 
 foreach ($array['expectedFailedTest'] as $name) {
+if (substr($name, 0, 1) != '/') $name = '/'.$name;
 $query = <<<'SQL'
 INSERT INTO `expectedfail` (`id`, `id_report`, `test_name`)
 VALUES (null, :id_report, :test_name)


--
PHP Quality Assurance Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-QA] com web/qa: Fix recognition of test filenames: reports/parserfunc.php

2018-07-25 Thread Christoph Michael Becker

Commit:5d9e7526a065b7d661bf5fee6c9aaf222f29ae83
Author:Christoph M. Becker  Wed, 25 Jul 2018 
23:39:40 +0200
Parents:   77ab09143f7d7cb941db5aa256d9290487a9a3ec
Branches:  master

Link:   
http://git.php.net/?p=web/qa.git;a=commitdiff;h=5d9e7526a065b7d661bf5fee6c9aaf222f29ae83

Log:
Fix recognition of test filenames

The filenames of submitted test runs are determined from each line of
the test results, which has the format `testname [filename]` for failed
tests.  If the testname contains a bracketed phrase, the filename is
not correctly recognized.  Expected failing tests have the format
`testname [filename] XFAIL REASON: reason`, though.  We fix this by
asserting that the bracketed filename is either at the end of the
string or that it's been followed by `XFAIL`.

We also cater to output of redirected tests, which add lines with the
format `via [filename]`, which we have to ignore.

This is supposed to fix the resulting mess that currently can be seen
on  for new bug
reports.

However, this kind of filename recognition is still fragile, especially
with regard to potential changes of the run-tests.php output.  It
might be sensible to change it so it can more reliably be parsed.  We'd
still would have to cater to tests results produced with the present
test runner, though.

Changed paths:
  M  reports/parserfunc.php


Diff:
diff --git a/reports/parserfunc.php b/reports/parserfunc.php
index 82ea966..6b58770 100644
--- a/reports/parserfunc.php
+++ b/reports/parserfunc.php
@@ -265,7 +265,7 @@ function parse_phpmaketest($version, $status=null, $file)
 $currentTest = '';
 
 } elseif ($currentPart == 'failedTest' || $currentPart == 
'expectedFailedTest') {
-preg_match('@ \[([^\]]{1,})\]@', $row, $tab);
+preg_match('@(?http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-QA] com web/qa: Use prepared statements: reports/details.php reports/parserfunc.php reports/run_tests.php reports/viewreports.php

[PHP-QA] com web/qa: Forbid usage of reports/test-insert.php: reports/test-insert.php

[PHP-QA] com web/qa: Match expected failed and failed test filenames: reports/parserfunc.php

[PHP-QA] com web/qa: Fix recognition of test filenames: reports/parserfunc.php

4 matches

Site Navigation

Mail list logo

Footer information