diff options
author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2020-11-12 16:16:27 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-11-12 16:16:27 +0300 |
commit | dafd09d30b96d372272317460dec2fc473ebf1ee (patch) | |
tree | 0feabbe6bc4040ec2f0f6d86bd97cfa948dd106f | |
parent | 8ab36c4cf66061c10fe39c43ee83e083f6adbfc4 (diff) | |
parent | 92d8d339e366005ccd3e6e7da2c54cb53d63582e (diff) |
Merge pull request #23953 from nextcloud/backport/23922/stable18
[stable18] Improve query type detection
-rw-r--r-- | lib/private/legacy/db.php | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/lib/private/legacy/db.php b/lib/private/legacy/db.php index 9371e733d28..31e3c24ceb7 100644 --- a/lib/private/legacy/db.php +++ b/lib/private/legacy/db.php @@ -72,8 +72,7 @@ class OC_DB { throw new \OC\DatabaseException($e->getMessage()); } // differentiate between query and manipulation - $result = new OC_DB_StatementWrapper($result, $isManipulation); - return $result; + return new OC_DB_StatementWrapper($result, $isManipulation); } /** @@ -84,22 +83,26 @@ class OC_DB { * @return bool */ static public function isManipulation( $sql ) { + $sql = trim($sql); $selectOccurrence = stripos($sql, 'SELECT'); - if ($selectOccurrence !== false && $selectOccurrence < 10) { + if ($selectOccurrence === 0) { return false; } $insertOccurrence = stripos($sql, 'INSERT'); - if ($insertOccurrence !== false && $insertOccurrence < 10) { + if ($insertOccurrence === 0) { return true; } $updateOccurrence = stripos($sql, 'UPDATE'); - if ($updateOccurrence !== false && $updateOccurrence < 10) { + if ($updateOccurrence === 0) { return true; } $deleteOccurrence = stripos($sql, 'DELETE'); - if ($deleteOccurrence !== false && $deleteOccurrence < 10) { + if ($deleteOccurrence === 0) { return true; } + + \OC::$server->getLogger()->logException(new \Exception('Can not detect if query is manipulating: ' . $sql)); + return false; } |