WebSVN – Moodle – Diff – /lib/adodb/drivers/adodb-mysqli.inc.php

 	var $ssl_cert = null;
 	var $ssl_ca = null;
 	var $ssl_capath = null;
 	var $ssl_cipher = null;
+	/**
+	 * Forcing emulated prepared statements.
+	 *
+	 * When set to true, ADODb will not execute queries using MySQLi native
+	 * bound variables, and will instead use the built-in string interpolation
+	 * and argument quoting from the parent class {@see ADOConnection::Execute()}.
+	 *
+	 * This is needed for some database engines that use mysql wire-protocol but
+	 * do not support prepared statements, like
+	 * {@see https://manticoresearch.com/ Manticore Search} or
+	 * {@see https://clickhouse.com/ ClickHouse}.
+	 *
+	 * WARNING: This is a potential security risk, and strongly discouraged for code
+	 * handling untrusted input {@see https://github.com/ADOdb/ADOdb/issues/1028#issuecomment-2081586024}.
+	 *
+	 * @var bool $doNotUseBoundVariables
+	 */
+	var $doNotUseBoundVariables = false;
 	/** @var mysqli Identifier for the native database connection */
 	var $_connectionID = false;
 		if (!stristr($transaction_mode,'isolation')) $transaction_mode = 'ISOLATION LEVEL '.$transaction_mode;
 		$this->execute("SET SESSION TRANSACTION ".$transaction_mode);
+	}
 	/**
-	 * Adds a parameter to the connection string.
+	 * Adds a parameter to the connection string, can also set connection property values.
+	 *
 	 * Parameter must be one of the constants listed in mysqli_options().
 	 * @see https://www.php.net/manual/en/mysqli.options.php
+	 *
+	 * OR
+	 *
+	 * Parameter must be a string matching one of the following special cases.
+	 * 'ssl' - SSL values e.g. ('ssl' => ['ca' => '/path/to/ca.crt.pem'])
+	 * 'clientflags' - Client flags of type 'MYSQLI_CLIENT_'
+	 * @see https://www.php.net/manual/en/mysqli.real-connect.php
+	 * @see https://www.php.net/manual/en/mysqli.constants.php
+	 * 'socket' - The socket or named pipe that should be used
+	 * 'port' - The port number to attempt to connect to the MySQL server
 	 *
-	 * @param int    $parameter The parameter to set
+	 * @param string|int $parameter The parameter to set
-	 * @param string $value     The value of the parameter
+	 * @param string|int|array $value The value of the parameter
+	 *
 	 * @return bool
 	 */
+	public function setConnectionParameter($parameter, $value) {
+		// Special case for setting SSL values.
+		if ("ssl" === $parameter && is_array($value)) {
+			if (isset($value["key"])) {
+				$this->ssl_key = $value["key"];
-	public function setConnectionParameter($parameter, $value) {
+			}
+			if (isset($value["cert"])) {
+				$this->ssl_cert = $value["cert"];
+			}
+			if (isset($value["ca"])) {
+				$this->ssl_ca = $value["ca"];
+			}
+			if (isset($value["capath"])) {
+				$this->ssl_capath = $value["capath"];
+			}
+			if (isset($value["cipher"])) {
+				$this->ssl_cipher = $value["cipher"];
+			}
+			return true;
+		}
-		if(!is_numeric($parameter)) {
+		// Special case for setting the client flag(s).
+		if ("clientflags" === $parameter && is_numeric($value)) {
+			$this->clientFlags = $value;
+			return true;
+		}
+		// Special case for setting the socket.
+		if ("socket" === $parameter && is_string($value)) {
+			$this->socket = $value;
+			return true;
+		}
+		// Special case for setting the port.
+		if ("port" === $parameter && is_numeric($value)) {
-			$this->outp_throw("Invalid connection parameter '$parameter'", __METHOD__);
+			$this->port = (int)$value;
+			return true;
+		}
+		// Standard mysqli_options.
+		if (is_numeric($parameter)) {
-			return false;
+			return parent::setConnectionParameter($parameter, $value);
+		}
-		}
+		$this->outp_throw("Invalid connection parameter '$parameter'", __METHOD__);
-		return parent::setConnectionParameter($parameter, $value);
+		return false;
+	}
 	/**
 			$argHostname = 'p:' . $argHostname;
+		}
 		// SSL Connections for MySQLI
+		if ($this->ssl_key || $this->ssl_cert || $this->ssl_ca || $this->ssl_capath || $this->ssl_cipher) {
 		if ($this->ssl_key || $this->ssl_cert || $this->ssl_ca || $this->ssl_capath || $this->ssl_cipher) {
+			mysqli_ssl_set($this->_connectionID, $this->ssl_key, $this->ssl_cert, $this->ssl_ca, $this->ssl_capath, $this->ssl_cipher);
-			mysqli_ssl_set($this->_connectionID, $this->ssl_key, $this->ssl_cert, $this->ssl_ca, $this->ssl_capath, $this->ssl_cipher);
+			// Check for any SSL client flag set, NOTE: bitwise operation.
-			$this->socket = MYSQLI_CLIENT_SSL;
+			if (!($this->clientFlags & MYSQLI_CLIENT_SSL)) {
+        			ADOConnection::outp('When using certificates, set the client flag MYSQLI_CLIENT_SSL_VERIFY_SERVER_CERT or MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT');
+				return false;
 			$this->clientFlags = MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT;
+		}
 		#if (!empty($this->port)) $argHostname .= ":".$this->port;
 				  FROM information_schema.columns
 				 WHERE table_schema='{$this->database}'
 				   AND table_name='$table'";
+		$schemaArray = $this->getAssoc($SQL);
-		$schemaArray = $this->getAssoc($SQL);
+		if (is_array($schemaArray)) {
+			$schemaArray = array_change_key_case($schemaArray,CASE_LOWER);
+			$rs = $this->Execute(sprintf($this->metaColumnsSQL,$table));
-		$schemaArray = array_change_key_case($schemaArray,CASE_LOWER);
+		}
 		$rs = $this->Execute(sprintf($this->metaColumnsSQL,$table));
 		if (isset($savem)) $this->SetFetchMode($savem);
 		$ADODB_FETCH_MODE = $save;
 		return array($sql,$stmt);
+	}
 	public function execute($sql, $inputarr = false)
+	{
+		if ($this->doNotUseBoundVariables) {
+			return parent::execute($sql, $inputarr);
+		}
 		if ($this->fnExecute) {
 			$fn = $this->fnExecute;
 			$ret = $fn($this, $sql, $inputarr);
 			if (isset($ret)) {

Proyectos de Subversion Moodle

(root)/lib/adodb/drivers/adodb-mysqli.inc.php – Rev 1 → 1441