Tags: wollanup/Propel2
Tags
SQL injection fix: Cast limit to integer when setting via Criteria::s… …etLimit() (propelorm#1465) * Cast limit to integer when setting via Criteria::setLimit() This is a followup to a fix for SQL injections with LIMIT clauses in MySQL [1]. That fix only applied to the MySQL adapter, and other existing or future adapters could still be at risk. By coercing limit inputs to integers upon setting them, we can avoid SQL injection vulnerabilities with `limit()` across all database adapters. The original code comments implied that integer coercion could be problematic with 32-bit integers, but unit tests in this PR prove otherwise. Even 64-bit integers seem to work fine. [1] propelorm#1464 * Add missing tests for setOffset() * Remove note about 32-bit truncation Unit tests show that even 64-bit integers aren't truncated.
Fixes propelorm#1324 - fixed wrong sprintf arguments positioning in g… …etIdentifierPhp() Related to propelorm#1090.
Compatibility of numeric and string keys (propelorm#1279) Compatibility of numeric and string keys
Merge pull request propelorm#923 from SCIF/external-attribute External attribute added
Merge pull request propelorm#611 from marcj/master Fixed propelorm#477, Fixed propelorm#607, Fixed propelorm#604, Fixed propelorm#610