Loading CHANGELOG.txt +3 −0 Original line number Diff line number Diff line Drupal 7.40, xxxx-xx-xx (development version) ----------------------- - Prevented the database API from executing multiple queries at once on MySQL, if the site's PHP version is new enough to do so. This is a secondary defense against SQL injection attacks. - Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused the upgrade to fail when there were multiple file records pointing to the same file. Loading includes/database/mysql/database.inc +9 −2 Original line number Diff line number Diff line Loading @@ -51,6 +51,11 @@ public function __construct(array $connection_options = array()) { // Because MySQL's prepared statements skip the query cache, because it's dumb. PDO::ATTR_EMULATE_PREPARES => TRUE, ); if (defined('PDO::MYSQL_ATTR_MULTI_STATEMENTS')) { // An added connection option in PHP 5.5.21+ to optionally limit SQL to a // single statement like mysqli. $connection_options['pdo'] += array(PDO::MYSQL_ATTR_MULTI_STATEMENTS => FALSE); } parent::__construct($dsn, $connection_options['username'], $connection_options['password'], $connection_options['pdo']); Loading Loading @@ -78,8 +83,10 @@ public function __construct(array $connection_options = array()) { $connection_options['init_commands'] += array( 'sql_mode' => "SET sql_mode = 'ANSI,STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER'", ); // Set connection options. $this->exec(implode('; ', $connection_options['init_commands'])); // Execute initial commands. foreach ($connection_options['init_commands'] as $sql) { $this->exec($sql); } } public function __destruct() { Loading Loading
CHANGELOG.txt +3 −0 Original line number Diff line number Diff line Drupal 7.40, xxxx-xx-xx (development version) ----------------------- - Prevented the database API from executing multiple queries at once on MySQL, if the site's PHP version is new enough to do so. This is a secondary defense against SQL injection attacks. - Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused the upgrade to fail when there were multiple file records pointing to the same file. Loading
includes/database/mysql/database.inc +9 −2 Original line number Diff line number Diff line Loading @@ -51,6 +51,11 @@ public function __construct(array $connection_options = array()) { // Because MySQL's prepared statements skip the query cache, because it's dumb. PDO::ATTR_EMULATE_PREPARES => TRUE, ); if (defined('PDO::MYSQL_ATTR_MULTI_STATEMENTS')) { // An added connection option in PHP 5.5.21+ to optionally limit SQL to a // single statement like mysqli. $connection_options['pdo'] += array(PDO::MYSQL_ATTR_MULTI_STATEMENTS => FALSE); } parent::__construct($dsn, $connection_options['username'], $connection_options['password'], $connection_options['pdo']); Loading Loading @@ -78,8 +83,10 @@ public function __construct(array $connection_options = array()) { $connection_options['init_commands'] += array( 'sql_mode' => "SET sql_mode = 'ANSI,STRICT_TRANS_TABLES,STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER'", ); // Set connection options. $this->exec(implode('; ', $connection_options['init_commands'])); // Execute initial commands. foreach ($connection_options['init_commands'] as $sql) { $this->exec($sql); } } public function __destruct() { Loading
