Merge pull request #23953 from nextcloud/backport/23922/stable18

rullzer · web-flow · commit dafd09d30b96 · 2020-11-12T14:16:27.000+01:00
[stable18] Improve query type detection
diff --git a/lib/private/legacy/db.php b/lib/private/legacy/db.php
@@ -72,8 +72,7 @@ static public function prepare( $query , $limit = null, $offset = null, $isManip
 			throw new \OC\DatabaseException($e->getMessage());
 		}
 		// differentiate between query and manipulation
-		$result = new OC_DB_StatementWrapper($result, $isManipulation);
-		return $result;
+		return new OC_DB_StatementWrapper($result, $isManipulation);
 	}
 
 	/**
@@ -84,22 +83,26 @@ static public function prepare( $query , $limit = null, $offset = null, $isManip
 	 * @return bool
 	 */
 	static public function isManipulation( $sql ) {
+		$sql = trim($sql);
 		$selectOccurrence = stripos($sql, 'SELECT');
-		if ($selectOccurrence !== false && $selectOccurrence < 10) {
+		if ($selectOccurrence === 0) {
 			return false;
 		}
 		$insertOccurrence = stripos($sql, 'INSERT');
-		if ($insertOccurrence !== false && $insertOccurrence < 10) {
+		if ($insertOccurrence === 0) {
 			return true;
 		}
 		$updateOccurrence = stripos($sql, 'UPDATE');
-		if ($updateOccurrence !== false && $updateOccurrence < 10) {
+		if ($updateOccurrence === 0) {
 			return true;
 		}
 		$deleteOccurrence = stripos($sql, 'DELETE');
-		if ($deleteOccurrence !== false && $deleteOccurrence < 10) {
+		if ($deleteOccurrence === 0) {
 			return true;
 		}
+
+		\OC::$server->getLogger()->logException(new \Exception('Can not detect if query is manipulating: ' . $sql));
+
 		return false;
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -72,8 +72,7 @@ static public function prepare( $query , $limit = null, $offset = null, $isManip`
`72`	`72`	`throw new \OC\DatabaseException($e->getMessage());`
`73`	`73`	`}`
`74`	`74`	`// differentiate between query and manipulation`
`75`		`- $result = new OC_DB_StatementWrapper($result, $isManipulation);`
`76`		`- return $result;`
	`75`	`+ return new OC_DB_StatementWrapper($result, $isManipulation);`
`77`	`76`	`}`
`78`	`77`
`79`	`78`	`/**`
`@@ -84,22 +83,26 @@ static public function prepare( $query , $limit = null, $offset = null, $isManip`
`84`	`83`	`* @return bool`
`85`	`84`	`*/`
`86`	`85`	`static public function isManipulation( $sql ) {`
	`86`	`+ $sql = trim($sql);`
`87`	`87`	`$selectOccurrence = stripos($sql, 'SELECT');`
`88`		`- if ($selectOccurrence !== false && $selectOccurrence < 10) {`
	`88`	`+ if ($selectOccurrence === 0) {`
`89`	`89`	`return false;`
`90`	`90`	`}`
`91`	`91`	`$insertOccurrence = stripos($sql, 'INSERT');`
`92`		`- if ($insertOccurrence !== false && $insertOccurrence < 10) {`
	`92`	`+ if ($insertOccurrence === 0) {`
`93`	`93`	`return true;`
`94`	`94`	`}`
`95`	`95`	`$updateOccurrence = stripos($sql, 'UPDATE');`
`96`		`- if ($updateOccurrence !== false && $updateOccurrence < 10) {`
	`96`	`+ if ($updateOccurrence === 0) {`
`97`	`97`	`return true;`
`98`	`98`	`}`
`99`	`99`	`$deleteOccurrence = stripos($sql, 'DELETE');`
`100`		`- if ($deleteOccurrence !== false && $deleteOccurrence < 10) {`
	`100`	`+ if ($deleteOccurrence === 0) {`
`101`	`101`	`return true;`
`102`	`102`	`}`
	`103`	`+`
	`104`	`+ \OC::$server->getLogger()->logException(new \Exception('Can not detect if query is manipulating: ' . $sql));`
	`105`	`+`
`103`	`106`	`return false;`
`104`	`107`	`}`
`105`	`108`