#1 dbUtility.php mixes use of db_query and mysql_fetch_row

open-rejected
None
5
2011-04-07
2011-04-04
Anonymous
No

Database functions in customcode/dbUtility.php mix use of db_query and mysql_fetch_*. Additionally, many proprietary MySQL keywords are used in queries, making them less portable.

The attached patch modifies this file to accomplish the following:
- Use db_result and db_fetch_row instead of mysql_fetch_*
- Utilize Drupal's database escaping functionality to prevent possible vulnerabilities
- Use only ANSI SQL in queries (with two exceptions, accompanied by WARNING comments)
- Make database query logic more readable
- Enforce coding style standards

Discussion

  • Gaurav Mullick

    Gaurav Mullick - 2011-04-04

    Thanks for the patch Daniel, we are currently reviewing it and will let you know if we will accept it.

     
  • Gaurav Mullick

    Gaurav Mullick - 2011-04-04
    • assigned_to: nobody --> gmullick
     
  • Gaurav Mullick

    Gaurav Mullick - 2011-04-04
    • labels: 2171613 -->
    • assigned_to: gmullick --> nobody
     
  • Gaurav Mullick

    Gaurav Mullick - 2011-04-04

    Moving to Patches

     
  • Gaurav Mullick

    Gaurav Mullick - 2011-04-04
    • assigned_to: nobody --> gmullick
     
  • Gaurav Mullick

    Gaurav Mullick - 2011-04-06

    Was unable to apply this patch until I changed line 1 from

    --- customcode/dbUtility.php-orig 2011-04-04 09:33:07.382328700 -0400
    to
    --- customcode/dbUtility.php 2011-04-04 09:33:07.382328700 -0400

    Have attached the corrected file. Still evaluating the patch as a whole

     
  • Gaurav Mullick

    Gaurav Mullick - 2011-04-07
    • status: open --> open-rejected
     
  • Gaurav Mullick

    Gaurav Mullick - 2011-04-07

    Daniel,

    We cannot accept this patch as it seems to remove the functions isOMBUser and getUserAgency. Both of these are integral to almost all pages.

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2011-04-13

    Patching functions in small chunks/batches for easier testability

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2011-04-13

    The dbUtility-1.patch is the first of a series of patches that will address the functions in dbUtility.php one by one.

    As always:
    cd $webroot
    patch -p0 < dbUtility-1.patch

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2011-04-15

    Cleanup of four more functions in dbUtility.php

     
  • Gaurav Mullick

    Gaurav Mullick - 2011-04-18

    Daniel since the functions dbUtility file are used throughout the site it would require multiple regression test cycles from our end if you submit multiple patches. We would really appreciate it if you could make all your changes and submit as one patch.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks