#5633: [TEST][PATCH]DboSource::value() ignores identifiers by passing only it's
value and making it being escaped by DboSource::name()
--------------------------------+-------------------------------------------
    Reporter:  rafaelbandeira3  |         Owner:         
        Type:  Bug              |        Status:  new    
    Priority:  High             |     Milestone:  1.2.x.x
   Component:  Core Libs        |       Version:  RC3    
    Severity:  Major            |    Resolution:         
    Keywords:                   |   Php_version:  n/a    
Cake_version:                   |  
--------------------------------+-------------------------------------------
Comment (by rafaelbandeira3):

 The previous attached patch is invalid, as it is only a workaround. The
 right approach would be to check if the value that DboSource::name() is
 trying to parse is a string, as it can be possible in at least 2
 scenarios:

 {{{
 $db->name('\'CakePHP\' AS `best_framework`'); // lol
 }}}
 and
 {{{
 $value = $db->value('string');
 // $value === "'string'"
 $field = $db->identifier('UPPER({$value})');
 // $field->value === "UPPER('string')"
 $db->value($field);
 }}}

 both scenarios can lead to the bug specified in this ticket if, and only
 if, their string contains dots. i.e. 'www.cakephp.org', 'Dr.Robert',
 'User.name'...

 The current implementation uses no PCRE and therefore is very lightweight,
 but ends up covering only few use cases.

 I'm attaching a more complete test case, covering some more use cases with
 common SQL functions.

-- 
Ticket URL: <https://trac.cakephp.org/ticket/5633#comment:1>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design 
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. 
Our primary goal is to provide a structured framework that enables PHP users at 
all levels to rapidly develop robust web applications, without any loss to 
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"tickets cakephp" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to