From a0f1872e4978304a3b096ce90ee539c5e481b4f2 Mon Sep 17 00:00:00 2001 From: Tim Nolte Date: Fri, 5 Jun 2015 13:40:18 -0400 Subject: Updated the MySQLi driver to provide support for SSL connections as well as additional database connection options. Uses the DB_driver class encrypt option as the flag for turning on encryption. Also added SSL connection validation with error logging in order to provide users a way to know if they are actually connecting via SSL. Signed-off-by: Tim Nolte --- system/database/drivers/mysqli/mysqli_driver.php | 92 +++++++++++++++++++++++- 1 file changed, 90 insertions(+), 2 deletions(-) (limited to 'system/database') diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index e953db052..dd4a9c460 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -59,6 +59,21 @@ class CI_DB_mysqli_driver extends CI_DB { */ public $dbdriver = 'mysqli'; + /** + * Database options list + * + * Used to set various database options and values. + * + * @example http://php.net/manual/en/mysqli.options.php Allows to set options not built-in/handled by CI. + * + * + * array( MYSQLI_OPT_SSL_VERIFY_SERVER_CERT => true ); + * + * + * @var array + */ + public $db_options = array(); + /** * Compression flag * @@ -86,6 +101,41 @@ class CI_DB_mysqli_driver extends CI_DB { */ public $stricton = FALSE; + /** + * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi + * + * @var string + */ + public $ssl_key = ''; + + /** + * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi + * + * @var string + */ + public $ssl_cert = ''; + + /** + * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi + * + * @var string + */ + public $ssl_ca = ''; + + /** + * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi + * + * @var string + */ + public $ssl_capath = ''; + + /** + * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi + * + * @var string + */ + public $ssl_cipher = ''; + // -------------------------------------------------------------------- /** @@ -132,8 +182,46 @@ class CI_DB_mysqli_driver extends CI_DB { $mysqli->options(MYSQLI_INIT_COMMAND, 'SET SESSION sql_mode="STRICT_ALL_TABLES"'); } - return $mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, $socket, $client_flags) - ? $mysqli : FALSE; + foreach ($this->db_options AS $key => $value) + { + $mysqli->options($key, $value); + } + + if ($this->encrypt === TRUE) + { + $mysqli->ssl_set($this->ssl_key, $this->ssl_cert, $this->ssl_ca, $this->ssl_capath, $this->ssl_cipher); + $client_flags |= MYSQLI_CLIENT_SSL; + } + + $connected = @$mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, $socket, $client_flags); + + if ($connected) + { + // If SSL was requested we want to do some checking and log an error if an SSL connection wasn't established. + if ($this->encrypt === TRUE) + { + $res = $mysqli->query("SHOW STATUS LIKE 'ssl_cipher';"); + $ssl_status = $res->fetch_row(); + + if ($ssl_status[1] == '') + { + log_message('error', + "Problem With MySQLi SSL: An SSL connection was requested but the resulting connection is not using SSL!"); + } + } + + return $mysqli; + } + else + { + if ($mysqli->connect_errno) + { + log_message('error', + 'msqli connect failed, error: ' . mysqli_connect_error() . " | " . $mysqli->connect_error . " | " . $mysqli->connect_errno); + } + } + + return FALSE; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From c09ab9d2b31a6c1d60a8db3970dd56feceee9415 Mon Sep 17 00:00:00 2001 From: Tim Nolte Date: Mon, 8 Jun 2015 10:40:26 -0400 Subject: Fixed missing MySQLi driver parameter DOCBLOCK descriptions. Updated database configuration documentation to include a list of the new MySQLi driver parameters. Signed-off-by: Tim Nolte --- system/database/drivers/mysqli/mysqli_driver.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'system/database') diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index dd4a9c460..26b2a8a09 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -102,6 +102,8 @@ class CI_DB_mysqli_driver extends CI_DB { public $stricton = FALSE; /** + * The path name to the key file. + * * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi * * @var string @@ -109,6 +111,8 @@ class CI_DB_mysqli_driver extends CI_DB { public $ssl_key = ''; /** + * The path name to the certificate file. + * * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi * * @var string @@ -116,6 +120,8 @@ class CI_DB_mysqli_driver extends CI_DB { public $ssl_cert = ''; /** + * The path name to the certificate authority file. + * * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi * * @var string @@ -123,6 +129,8 @@ class CI_DB_mysqli_driver extends CI_DB { public $ssl_ca = ''; /** + * The pathname to a directory that contains trusted SSL CA certificates in PEM format. + * * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi * * @var string @@ -130,6 +138,8 @@ class CI_DB_mysqli_driver extends CI_DB { public $ssl_capath = ''; /** + * A list of allowable ciphers to use for SSL encryption. + * * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi * * @var string -- cgit v1.2.3-24-g4f1b From ced557b99cec159a3ad36e497819b8da7f70cd1e Mon Sep 17 00:00:00 2001 From: Tim Nolte Date: Thu, 18 Jun 2015 15:28:43 -0400 Subject: Removed db_options configuration item for implementation later. Changed 5 new MySQLi SSL configuration options to a single ssl_options config item that is an array that will be read to set the individual SSL options. Signed-off-by: Tim Nolte --- system/database/drivers/mysqli/mysqli_driver.php | 76 +++++------------------- 1 file changed, 16 insertions(+), 60 deletions(-) (limited to 'system/database') diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index 26b2a8a09..61a37bd03 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -59,21 +59,6 @@ class CI_DB_mysqli_driver extends CI_DB { */ public $dbdriver = 'mysqli'; - /** - * Database options list - * - * Used to set various database options and values. - * - * @example http://php.net/manual/en/mysqli.options.php Allows to set options not built-in/handled by CI. - * - * - * array( MYSQLI_OPT_SSL_VERIFY_SERVER_CERT => true ); - * - * - * @var array - */ - public $db_options = array(); - /** * Compression flag * @@ -102,49 +87,19 @@ class CI_DB_mysqli_driver extends CI_DB { public $stricton = FALSE; /** - * The path name to the key file. + * Used to set various SSL options that can be used when making SSL connections. * * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi * - * @var string - */ - public $ssl_key = ''; - - /** - * The path name to the certificate file. - * - * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi - * - * @var string - */ - public $ssl_cert = ''; - - /** - * The path name to the certificate authority file. - * - * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi - * - * @var string - */ - public $ssl_ca = ''; - - /** - * The pathname to a directory that contains trusted SSL CA certificates in PEM format. - * - * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi - * - * @var string - */ - public $ssl_capath = ''; - - /** - * A list of allowable ciphers to use for SSL encryption. - * - * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi - * - * @var string + * @var array */ - public $ssl_cipher = ''; + public $ssl_options = array( + "ssl_key" => '', // The path name to the key file. + "ssl_cert" => '', // The path name to the certificate file. + "ssl_ca" => '', // The path name to the certificate authority file. + "ssl_capath" => '', // The pathname to a directory that contains trusted SSL CA certificates in PEM format. + "ssl_cipher" => '' // A list of allowable ciphers to use for SSL encryption. + ); // -------------------------------------------------------------------- @@ -192,14 +147,15 @@ class CI_DB_mysqli_driver extends CI_DB { $mysqli->options(MYSQLI_INIT_COMMAND, 'SET SESSION sql_mode="STRICT_ALL_TABLES"'); } - foreach ($this->db_options AS $key => $value) - { - $mysqli->options($key, $value); - } - if ($this->encrypt === TRUE) { - $mysqli->ssl_set($this->ssl_key, $this->ssl_cert, $this->ssl_ca, $this->ssl_capath, $this->ssl_cipher); + $ssl_key = array_key_exists('ssl_key', $this->ssl_options) ? $this->ssl_options['ssl_key'] : ''; + $ssl_cert = array_key_exists('ssl_cert', $this->ssl_options) ? $this->ssl_options['ssl_cert'] : ''; + $ssl_ca = array_key_exists('ssl_ca', $this->ssl_options) ? $this->ssl_options['ssl_ca'] : ''; + $ssl_capath = array_key_exists('ssl_capath', $this->ssl_options) ? $this->ssl_options['ssl_capath'] : ''; + $ssl_cipher = array_key_exists('ssl_cipher', $this->ssl_options) ? $this->ssl_options['ssl_cipher'] : ''; + + $mysqli->ssl_set($ssl_key, $ssl_cert, $ssl_ca, $ssl_capath, $ssl_cipher); $client_flags |= MYSQLI_CLIENT_SSL; } -- cgit v1.2.3-24-g4f1b From 69befa92007cfa1c089e6b4478409809ea52faca Mon Sep 17 00:00:00 2001 From: ftwbzhao Date: Sat, 4 Jul 2015 17:42:31 +0800 Subject: fix SQlite3 list_fields --- system/database/drivers/sqlite3/sqlite3_driver.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/database') diff --git a/system/database/drivers/sqlite3/sqlite3_driver.php b/system/database/drivers/sqlite3/sqlite3_driver.php index a7c6420bb..31e37de91 100644 --- a/system/database/drivers/sqlite3/sqlite3_driver.php +++ b/system/database/drivers/sqlite3/sqlite3_driver.php @@ -266,7 +266,7 @@ class CI_DB_sqlite3_driver extends CI_DB { } $this->data_cache['field_names'][$table] = array(); - foreach ($result as $row) + foreach ($result->result_array() as $row) { $this->data_cache['field_names'][$table][] = $row['name']; } -- cgit v1.2.3-24-g4f1b From 820f06f63de3da890a87a88161daea0fd1be8caa Mon Sep 17 00:00:00 2001 From: ftwbzhao Date: Sun, 5 Jul 2015 21:25:32 +0800 Subject: fix pdo/sqlite & update changelog --- system/database/drivers/pdo/subdrivers/pdo_sqlite_driver.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/database') diff --git a/system/database/drivers/pdo/subdrivers/pdo_sqlite_driver.php b/system/database/drivers/pdo/subdrivers/pdo_sqlite_driver.php index d5ca741fd..409e6501b 100644 --- a/system/database/drivers/pdo/subdrivers/pdo_sqlite_driver.php +++ b/system/database/drivers/pdo/subdrivers/pdo_sqlite_driver.php @@ -140,7 +140,7 @@ class CI_DB_pdo_sqlite_driver extends CI_DB_pdo_driver { } $this->data_cache['field_names'][$table] = array(); - foreach ($result as $row) + foreach ($result->result_array() as $row) { $this->data_cache['field_names'][$table][] = $row['name']; } -- cgit v1.2.3-24-g4f1b From 7cc6cea2d421862726081a39e932dbceeefcc775 Mon Sep 17 00:00:00 2001 From: Adrian Voicu Date: Fri, 10 Jul 2015 14:41:25 +0300 Subject: allow add of keys with array This will allow adding multiple keys using array (http://www.codeigniter.com/user_guide/database/forge.html#adding-keys). Only if user wants, he can use the table columns to set a primary key by setting second parameter as TRUE. --- system/database/DB_forge.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/database') diff --git a/system/database/DB_forge.php b/system/database/DB_forge.php index d99fd0024..865498fb5 100644 --- a/system/database/DB_forge.php +++ b/system/database/DB_forge.php @@ -239,7 +239,7 @@ abstract class CI_DB_forge { */ public function add_key($key, $primary = FALSE) { - if ($primary === TRUE && is_array($key)) + if (is_array($key)) { foreach ($key as $one) { -- cgit v1.2.3-24-g4f1b From 76e643e7e3ebff679407255f66eafae790912f31 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 16 Jul 2015 13:14:49 +0300 Subject: Refactor proposed changes from PR #3896 --- system/database/drivers/mysqli/mysqli_driver.php | 72 +++++++++--------------- 1 file changed, 28 insertions(+), 44 deletions(-) (limited to 'system/database') diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index 61a37bd03..82abf4e73 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -86,21 +86,6 @@ class CI_DB_mysqli_driver extends CI_DB { */ public $stricton = FALSE; - /** - * Used to set various SSL options that can be used when making SSL connections. - * - * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi - * - * @var array - */ - public $ssl_options = array( - "ssl_key" => '', // The path name to the key file. - "ssl_cert" => '', // The path name to the certificate file. - "ssl_ca" => '', // The path name to the certificate authority file. - "ssl_capath" => '', // The pathname to a directory that contains trusted SSL CA certificates in PEM format. - "ssl_cipher" => '' // A list of allowable ciphers to use for SSL encryption. - ); - // -------------------------------------------------------------------- /** @@ -117,7 +102,6 @@ class CI_DB_mysqli_driver extends CI_DB { * * @param bool $persistent * @return object - * @todo SSL support */ public function db_connect($persistent = FALSE) { @@ -147,45 +131,45 @@ class CI_DB_mysqli_driver extends CI_DB { $mysqli->options(MYSQLI_INIT_COMMAND, 'SET SESSION sql_mode="STRICT_ALL_TABLES"'); } - if ($this->encrypt === TRUE) + if (is_array($this->encrypt)) { - $ssl_key = array_key_exists('ssl_key', $this->ssl_options) ? $this->ssl_options['ssl_key'] : ''; - $ssl_cert = array_key_exists('ssl_cert', $this->ssl_options) ? $this->ssl_options['ssl_cert'] : ''; - $ssl_ca = array_key_exists('ssl_ca', $this->ssl_options) ? $this->ssl_options['ssl_ca'] : ''; - $ssl_capath = array_key_exists('ssl_capath', $this->ssl_options) ? $this->ssl_options['ssl_capath'] : ''; - $ssl_cipher = array_key_exists('ssl_cipher', $this->ssl_options) ? $this->ssl_options['ssl_cipher'] : ''; - - $mysqli->ssl_set($ssl_key, $ssl_cert, $ssl_ca, $ssl_capath, $ssl_cipher); - $client_flags |= MYSQLI_CLIENT_SSL; + $ssl = array(); + empty($this->encrypt['ssl_key']) OR $ssl['key'] = $this->encrypt['ssl_key']; + empty($this->encrypt['ssl_cert']) OR $ssl['cert'] = $this->encrypt['ssl_cert']; + empty($this->encrypt['ssl_ca']) OR $ssl['ca'] = $this->encrypt['ssl_ca']; + empty($this->encrypt['ssl_capath']) OR $ssl['capath'] = $this->encrypt['ssl_capath']; + empty($this->encrypt['ssl_cipher']) OR $ssl['cipher'] = $this->encrypt['ssl_cipher']; + + if ( ! empty($ssl)) + { + $client_flags |= MYSQLI_CLIENT_SSL; + $mysqli->ssl_set( + isset($ssl['key']) ? $ssl['key'] : NULL, + isset($ssl['cert']) ? $ssl['cert'] : NULL, + isset($ssl['ca']) ? $ssl['ca'] : NULL, + isset($ssl['capath']) ? $ssl['capath'] : NULL, + isset($ssl['cipher']) ? $ssl['cipher'] : NULL + ); + } } - $connected = @$mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, $socket, $client_flags); - - if ($connected) + if ($mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, $socket, $client_flags)) { - // If SSL was requested we want to do some checking and log an error if an SSL connection wasn't established. - if ($this->encrypt === TRUE) + // Prior to version 5.7.3, MySQL silently downgrades to an unencrypted connection if SSL setup fails + if (($client_flags & MYSQLI_CLIENT_SSL) && version_compare($mysqli->client_info, '5.7.3', '<=')) { - $res = $mysqli->query("SHOW STATUS LIKE 'ssl_cipher';"); - $ssl_status = $res->fetch_row(); - - if ($ssl_status[1] == '') + $ssl = $mysqli->query("SHOW STATUS LIKE 'ssl_cipher'")->fetch_row(); + if (empty($ssl[1])) { - log_message('error', - "Problem With MySQLi SSL: An SSL connection was requested but the resulting connection is not using SSL!"); + $mysqli->close(); + $message = 'MySQLi was configured for an SSL connection, but got an unencrypted connection instead!'; + log_message('error', $message); + return ($this->db->db_debug) ? $this->db->display_error($message, '', TRUE) : FALSE; } } return $mysqli; } - else - { - if ($mysqli->connect_errno) - { - log_message('error', - 'msqli connect failed, error: ' . mysqli_connect_error() . " | " . $mysqli->connect_error . " | " . $mysqli->connect_errno); - } - } return FALSE; } -- cgit v1.2.3-24-g4f1b From 9194b492f900b05acd204cb1b4a524149402be75 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 16 Jul 2015 14:23:51 +0300 Subject: Improve the ssl_cipher check for MySQLi Related: #3896 --- system/database/drivers/mysqli/mysqli_driver.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'system/database') diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index 82abf4e73..8d398c866 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -156,16 +156,16 @@ class CI_DB_mysqli_driver extends CI_DB { if ($mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, $socket, $client_flags)) { // Prior to version 5.7.3, MySQL silently downgrades to an unencrypted connection if SSL setup fails - if (($client_flags & MYSQLI_CLIENT_SSL) && version_compare($mysqli->client_info, '5.7.3', '<=')) + if ( + ($client_flags & MYSQLI_CLIENT_SSL) + && version_compare($mysqli->client_info, '5.7.3', '<=') + && empty($mysqli->query("SHOW STATUS LIKE 'ssl_cipher'")->fetch_object()->Value) + ) { - $ssl = $mysqli->query("SHOW STATUS LIKE 'ssl_cipher'")->fetch_row(); - if (empty($ssl[1])) - { - $mysqli->close(); - $message = 'MySQLi was configured for an SSL connection, but got an unencrypted connection instead!'; - log_message('error', $message); - return ($this->db->db_debug) ? $this->db->display_error($message, '', TRUE) : FALSE; - } + $mysqli->close(); + $message = 'MySQLi was configured for an SSL connection, but got an unencrypted connection instead!'; + log_message('error', $message); + return ($this->db->db_debug) ? $this->db->display_error($message, '', TRUE) : FALSE; } return $mysqli; -- cgit v1.2.3-24-g4f1b From a38b0c45c79f7045d8f322d7727226d3b458956e Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 16 Jul 2015 14:25:25 +0300 Subject: Add SSL support for PDO_MYSQL too Related: #3896 --- .../drivers/pdo/subdrivers/pdo_mysql_driver.php | 31 ++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) (limited to 'system/database') diff --git a/system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php b/system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php index 206d83595..e9d25cebc 100644 --- a/system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php +++ b/system/database/drivers/pdo/subdrivers/pdo_mysql_driver.php @@ -119,7 +119,6 @@ class CI_DB_pdo_mysql_driver extends CI_DB_pdo_driver { * * @param bool $persistent * @return object - * @todo SSL support */ public function db_connect($persistent = FALSE) { @@ -151,7 +150,35 @@ class CI_DB_pdo_mysql_driver extends CI_DB_pdo_driver { $this->options[PDO::MYSQL_ATTR_COMPRESS] = TRUE; } - return parent::db_connect($persistent); + // SSL support was added to PDO_MYSQL in PHP 5.3.7 + if (is_array($this->encrypt) && is_php('5.3.7')) + { + $ssl = array(); + empty($this->encrypt['ssl_key']) OR $ssl[PDO::MYSQL_ATTR_SSL_KEY] = $this->encrypt['ssl_key']; + empty($this->encrypt['ssl_cert']) OR $ssl[PDO::MYSQL_ATTR_SSL_CERT] = $this->encrypt['ssl_cert']; + empty($this->encrypt['ssl_ca']) OR $ssl[PDO::MYSQL_ATTR_SSL_CA] = $this->encrypt['ssl_ca']; + empty($this->encrypt['ssl_capath']) OR $ssl[PDO::MYSQL_ATTR_SSL_CAPATH] = $this->encrypt['ssl_capath']; + empty($this->encrypt['ssl_cipher']) OR $ssl[PDO::MYSQL_ATTR_SSL_CIPHER] = $this->encrypt['ssl_cipher']; + + // DO NOT use array_merge() here! + // It re-indexes numeric keys and the PDO_MYSQL_ATTR_SSL_* constants are integers. + empty($ssl) OR $this->options += $ssl; + } + + // Prior to version 5.7.3, MySQL silently downgrades to an unencrypted connection if SSL setup fails + if ( + ($pdo = parent::db_connect($persistent)) !== FALSE + && ! empty($ssl) + && version_compare($pdo->getAttribute(PDO::ATTR_CLIENT_VERSION), '5.7.3', '<=') + && empty($pdo->query("SHOW STATUS LIKE 'ssl_cipher'")->fetchObject()->Value) + ) + { + $message = 'PDO_MYSQL was configured for an SSL connection, but got an unencrypted connection instead!'; + log_message('error', $message); + return ($this->db->db_debug) ? $this->db->display_error($message, '', TRUE) : FALSE; + } + + return $pdo; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From cfc9e77c89ee5377b25e411ef3d8ab43c8900b7e Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 16 Jul 2015 16:17:27 +0300 Subject: Add 'ssl_verify' option for mysqli driver MYSQLI_OPT_SSL_VERIFY_SERVER_CERT is an undocumented option that may not always be available. Reference: http://svn.php.net/viewvc/php/php-src/trunk/ext/mysqli/tests/mysqli_constants.phpt?view=markup&pathrev=302897 --- system/database/drivers/mysqli/mysqli_driver.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'system/database') diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index 8d398c866..dd3cc77c6 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -142,6 +142,11 @@ class CI_DB_mysqli_driver extends CI_DB { if ( ! empty($ssl)) { + if ( ! empty($this->encrypt['ssl_verify']) && defined('MYSQLI_OPT_SSL_VERIFY_SERVER_CERT')) + { + $mysqli->options(MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, TRUE); + } + $client_flags |= MYSQLI_CLIENT_SSL; $mysqli->ssl_set( isset($ssl['key']) ? $ssl['key'] : NULL, -- cgit v1.2.3-24-g4f1b From 611e1fda7318ffefe27f4a002de29b9b88b874ba Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 17 Jul 2015 12:24:29 +0300 Subject: [ci skip] Fix a bug reported via PR #3704 --- system/database/drivers/oci8/oci8_driver.php | 43 +++++++++++++--------------- 1 file changed, 20 insertions(+), 23 deletions(-) (limited to 'system/database') diff --git a/system/database/drivers/oci8/oci8_driver.php b/system/database/drivers/oci8/oci8_driver.php index b5cf26536..3c5777751 100644 --- a/system/database/drivers/oci8/oci8_driver.php +++ b/system/database/drivers/oci8/oci8_driver.php @@ -101,6 +101,14 @@ class CI_DB_oci8_driver extends CI_DB { // -------------------------------------------------------------------- + /** + * Reset $stmt_id flag + * + * Used by stored_procedure() to prevent _execute() from + * re-setting the statement ID. + */ + protected $_reset_stmt_id = TRUE; + /** * List of reserved identifiers * @@ -265,26 +273,13 @@ class CI_DB_oci8_driver extends CI_DB { /* Oracle must parse the query before it is run. All of the actions with * the query are based on the statement id returned by oci_parse(). */ - $this->stmt_id = FALSE; - $this->_set_stmt_id($sql); - oci_set_prefetch($this->stmt_id, 1000); - return oci_execute($this->stmt_id, $this->commit_mode); - } - - // -------------------------------------------------------------------- - - /** - * Generate a statement ID - * - * @param string $sql an SQL query - * @return void - */ - protected function _set_stmt_id($sql) - { - if ( ! is_resource($this->stmt_id)) + if ($this->_reset_stmt_id === TRUE) { $this->stmt_id = oci_parse($this->conn_id, $sql); } + + oci_set_prefetch($this->stmt_id, 1000); + return oci_execute($this->stmt_id, $this->commit_mode); } // -------------------------------------------------------------------- @@ -318,15 +313,15 @@ class CI_DB_oci8_driver extends CI_DB { * type yes the type of the parameter * length yes the max size of the parameter */ - public function stored_procedure($package, $procedure, $params) + public function stored_procedure($package, $procedure, array $params) { - if ($package === '' OR $procedure === '' OR ! is_array($params)) + if ($package === '' OR $procedure === '') { log_message('error', 'Invalid query: '.$package.'.'.$procedure); return ($this->db_debug) ? $this->display_error('db_invalid_query') : FALSE; } - // build the query string + // Build the query string $sql = 'BEGIN '.$package.'.'.$procedure.'('; $have_cursor = FALSE; @@ -341,10 +336,12 @@ class CI_DB_oci8_driver extends CI_DB { } $sql = trim($sql, ',').'); END;'; - $this->stmt_id = FALSE; - $this->_set_stmt_id($sql); + $this->_reset_stmt_id = FALSE; + $this->stmt_id = oci_parse($this->conn_id, $sql); $this->_bind_params($params); - return $this->query($sql, FALSE, $have_cursor); + $result = $this->query($sql, FALSE, $have_cursor); + $this->_reset_stmt_id = TRUE; + return $result; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 43afc71b777b00cfc2638add6fa3c47d333c5e04 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 20 Jul 2015 12:32:02 +0300 Subject: Fix an internal bug in QB where() escaping This is not a supported use case, but if QB escaping is force-disabled, string values passed to where() or having() aren't escaped. That's wrong because escape-disabling should only be possible for identifiers and not values. Reported via the forums: http://forum.codeigniter.com/thread-62478.html --- system/database/DB_query_builder.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'system/database') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index a8b5b3579..8d21c5a1d 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -657,10 +657,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { if ($v !== NULL) { - if ($escape === TRUE) - { - $v = ' '.$this->escape($v); - } + $v = ' '.$this->escape($v); if ( ! $this->_has_operator($k)) { -- cgit v1.2.3-24-g4f1b From 4b9fec6797db2aea3af8ca4080be73e2ff421080 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 20 Jul 2015 17:26:31 +0300 Subject: Fix #3279 --- system/database/DB_query_builder.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'system/database') diff --git a/system/database/DB_query_builder.php b/system/database/DB_query_builder.php index 8d21c5a1d..fc2d5901e 100644 --- a/system/database/DB_query_builder.php +++ b/system/database/DB_query_builder.php @@ -1733,7 +1733,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { return FALSE; } - $sql = $this->_update($this->protect_identifiers($this->qb_from[0], TRUE, NULL, FALSE), $this->qb_set); + $sql = $this->_update($this->qb_from[0], $this->qb_set); if ($reset === TRUE) { @@ -1781,7 +1781,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { $this->limit($limit); } - $sql = $this->_update($this->protect_identifiers($this->qb_from[0], TRUE, NULL, FALSE), $this->qb_set); + $sql = $this->_update($this->qb_from[0], $this->qb_set); $this->_reset_write(); return $this->query($sql); } @@ -1798,7 +1798,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { * @param string the table to update data on * @return bool */ - protected function _validate_update($table = '') + protected function _validate_update($table) { if (count($this->qb_set) === 0) { @@ -1807,7 +1807,7 @@ abstract class CI_DB_query_builder extends CI_DB_driver { if ($table !== '') { - $this->qb_from[0] = $table; + $this->qb_from = array($this->protect_identifiers($table, TRUE, NULL, FALSE)); } elseif ( ! isset($this->qb_from[0])) { -- cgit v1.2.3-24-g4f1b