diff options
author | Morris Jobke <hey@morrisjobke.de> | 2020-11-06 22:18:14 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-11-06 22:18:14 +0100 |
commit | 9981ffd7840ce6492664fb08e0ea8459bd279531 (patch) | |
tree | 181d9025ed9c06e1c29d761ea7529ea926c53728 /lib/private/legacy/OC_DB.php | |
parent | 63f996408b404d55afab8589b82a71e42d053b4b (diff) | |
parent | 3d2f71cfa9a38a0db8be7dc6111e61b67b17695e (diff) | |
download | nextcloud-server-9981ffd7840ce6492664fb08e0ea8459bd279531.tar.gz nextcloud-server-9981ffd7840ce6492664fb08e0ea8459bd279531.zip |
Merge pull request #23922 from nextcloud/bugfix/noid/fix-query-type-detection
Improve query type detection
Diffstat (limited to 'lib/private/legacy/OC_DB.php')
-rw-r--r-- | lib/private/legacy/OC_DB.php | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/lib/private/legacy/OC_DB.php b/lib/private/legacy/OC_DB.php index b12ecd11100..ee769a46deb 100644 --- a/lib/private/legacy/OC_DB.php +++ b/lib/private/legacy/OC_DB.php @@ -74,8 +74,7 @@ class OC_DB { throw new \OC\DatabaseException($e->getMessage()); } // differentiate between query and manipulation - $result = new OC_DB_StatementWrapper($result, $isManipulation); - return $result; + return new OC_DB_StatementWrapper($result, $isManipulation); } /** @@ -86,22 +85,26 @@ class OC_DB { * @return bool */ public static function isManipulation($sql) { + $sql = trim($sql); $selectOccurrence = stripos($sql, 'SELECT'); - if ($selectOccurrence !== false && $selectOccurrence < 10) { + if ($selectOccurrence === 0) { return false; } $insertOccurrence = stripos($sql, 'INSERT'); - if ($insertOccurrence !== false && $insertOccurrence < 10) { + if ($insertOccurrence === 0) { return true; } $updateOccurrence = stripos($sql, 'UPDATE'); - if ($updateOccurrence !== false && $updateOccurrence < 10) { + if ($updateOccurrence === 0) { return true; } $deleteOccurrence = stripos($sql, 'DELETE'); - if ($deleteOccurrence !== false && $deleteOccurrence < 10) { + if ($deleteOccurrence === 0) { return true; } + + \OC::$server->getLogger()->logException(new \Exception('Can not detect if query is manipulating: ' . $sql)); + return false; } |