Potential BC break in 1.12.8

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Potential BC break in 1.12.8

weierophinney
Administrator
Hi all,

With the last release announcement of ZF 1.12.8 we didn't place enough
attention on #418 (https://github.com/zendframework/zf1/pull/418).
This patch can introduce a potential BC break if your code uses complex SQL
statements (for example, using sub-functions or nested functions).

I did this PR to improve the fix introduced with security advisory ZF2014-04 (
http://framework.zend.com/security/advisory/ZF2014-04) after we received
additional information from reeearchers. I changed the regular expression in the
order(), from(), and group() methods to be more restrictive; unfortunately
this change can break some code.

To fix code affected by these changes, you can use  Zend_Db_Expr() in
from(), group(),
or oder() functions.

For instance, this is a case where the PR #418 breaks a SQL statement:

    ORDER BY DATE_FORMAT( FROM_UNIXTIME( u.expires )) ASC

You should use:

    order(new Zend_Db_Expr('DATE_FORMAT( FROM_UNIXTIME( u.expires )) ASC'))

instead of
    order('DATE_FORMAT( FROM_UNIXTIME( u.expires ))').

We have updated the release announcement of 1.12.8 to include this
information:

- http://framework.zend.com/blog/zend-framework-1-12-8-released.html

as well as the release tag on github:

- https://github.com/zendframework/zf1/releases/tag/release-1.12.8

I apologize for this potential BC break  and for drawing more attention to
it during the last release of ZF1.

Regards,
Enrico Zimuel

--
List: [hidden email]
Info: http://framework.zend.com/archives
Unsubscribe: [hidden email]


Loading...