Merge pull request #920 from PrivateBin/mysql_ansi_quotes

Avoid SUPER privilege when setting the sql_mode for MariaDB/MySQL, fixes #919
This commit is contained in:
El RIDO 2022-04-20 19:56:24 +02:00 committed by GitHub
commit d0142c31cc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 1 deletions

View file

@ -1,5 +1,7 @@
# PrivateBin version history
* **1.4.1 (not yet released)**
* CHANGED: Avoid `SUPER` privilege for setting the `sql_mode` for MariaDB/MySQL (#919)
* **1.4 (2022-04-09)**
* ADDED: Translations for Corsican, Estonian, Finnish and Lojban
* ADDED: new HTTP headers improving security (#765)

View file

@ -100,7 +100,7 @@ class Database extends AbstractData
// MySQL uses backticks to quote identifiers by default,
// tell it to expect ANSI SQL double quotes
if (self::$_type === 'mysql' && defined('PDO::MYSQL_ATTR_INIT_COMMAND')) {
$options['opt'][PDO::MYSQL_ATTR_INIT_COMMAND] = "SET sql_mode='ANSI_QUOTES'";
$options['opt'][PDO::MYSQL_ATTR_INIT_COMMAND] = "SET SESSION sql_mode='ANSI_QUOTES'";
}
$tableQuery = self::_getTableQuery(self::$_type);
self::$_db = new PDO(