mahara-contributors team mailing list archive

Thread
Date

[Bug 1417364] Re: Remove the check for SQL "from" and "join" from minaccept script

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Robert Lyon <robertl@xxxxxxxxxxxxxxx>
Date: Tue, 03 Feb 2015 21:54:55 -0000
Reply-to: Bug 1417364 <1417364@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: mahara
       Status: In Progress => Fix Committed

** Changed in: mahara
    Milestone: None => 15.04.0

** Also affects: mahara/1.10
   Importance: Undecided
       Status: New

** Also affects: mahara/1.9
   Importance: Undecided
       Status: New

** Also affects: mahara/1.8
   Importance: Undecided
       Status: New

** Changed in: mahara/1.10
       Status: New => Fix Committed

** Changed in: mahara/1.8
       Status: New => Fix Committed

** Changed in: mahara/1.9
       Status: New => Fix Committed

** Changed in: mahara/1.10
   Importance: Undecided => Medium

** Changed in: mahara/1.8
   Importance: Undecided => Medium

** Changed in: mahara/1.9
   Importance: Undecided => Medium

** Changed in: mahara/1.10
    Milestone: None => 1.10.3

** Changed in: mahara/1.8
    Milestone: None => 1.9.5

** Changed in: mahara/1.8
    Milestone: 1.9.5 => 1.8.7

** Changed in: mahara/1.9
    Milestone: None => 1.9.5

** Changed in: mahara/1.10
   Importance: Medium => High

** Changed in: mahara/1.8
   Importance: Medium => High

** Changed in: mahara/1.9
   Importance: Medium => High

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1417364

Title:
  Remove the check for SQL "from" and "join" from minaccept script

Status in Mahara ePortfolio:
  Fix Committed
Status in Mahara 1.10 series:
  Fix Committed
Status in Mahara 1.8 series:
  Fix Committed
Status in Mahara 1.9 series:
  Fix Committed

Bug description:
  When you use Mahara's makefile to push a patch to reviews.mahara.org,
  it runs a minaccept script which checks for various simple errors. One
  of the things it includes is a check for the word "from" or "join" not
  followed by a curly bracket. The idea is that this is supposed to be a
  check for SQL queries that haven't properly escaped table names. In
  order to support the $cfg->dbprefix setting, raw SQL is supposed to
  surround table names with curly brackets, e.g. "select * from {view}".

  The problem is, this check throws a LOT of false positives, because
  the word "from" is a common English word, often used in comments,
  function names, and variables. It also throws a false positive if you
  format a multi-line query so that "from" is on a line by itself (which
  I like to do). These false positives then lead people to ignore the
  rest of the output from the minaccept script.

  Robert suggested that we should do this:

  1. Drop the from/join check in minaccept

  2. Update the Behat test so that it runs with a $cfg->dbprefix
  setting, so that running the Behat tests will help check for problems
  with this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1417364/+subscriptions

References

[Bug 1417364] [NEW] Remove the check for SQL "from" and "join" from minaccept script
From: Aaron Wells, 2015-02-03