Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

convert tedious sql strings to safer orm operations #6779

Merged
merged 2 commits into from
Jan 4, 2024
Merged

convert tedious sql strings to safer orm operations #6779

merged 2 commits into from
Jan 4, 2024

Conversation

DAcodedBEAT
Copy link
Contributor

Description & Issue number it closes

working on making the application safer by going through the ORM (which uses prepared statements) rather than manually crafting sql which could become insecure

@DAcodedBEAT DAcodedBEAT added Security Platform: Database Code Smell php Pull requests that update Php code labels Dec 27, 2023
@DAcodedBEAT DAcodedBEAT force-pushed the sql-strings-to-orm branch 2 times, most recently from 4f2e9fa to 932c39a Compare December 29, 2023 21:37
DawoudIO added a commit that referenced this pull request Dec 29, 2023
@DawoudIO
from #6779
701534b
DawoudIO added a commit that referenced this pull request Dec 29, 2023
@DawoudIO
Cleanup Of Bad code
da064ac 
some cleanup from #6779
@DawoudIO DawoudIO mentioned this pull request Dec 29, 2023
Merged
MrClever
MrClever approved these changes Dec 30, 2023
View reviewed changes
Copy link
Collaborator

@MrClever MrClever left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested on my dev machine (VM) and it seems to work fine. Would appreciate some additional confirmation before pulling the trigger :)

Edit: noticed the CI testing is failing on these two tests:

 1) Admin People
       Family Property List:
     AssertionError: Timed out retrying after 60000ms: expected 'http://localhost/PropertyEditor.php?PropertyID=0&Type=f' to include 'PropertyList.php'
      at Context.eval (webpack://churchcrm/./cypress/e2e/ui/admin/admin.people.spec.js:39:17)

  2) Admin People
       Person Property List:
     AssertionError: Timed out retrying after 60000ms: expected 'http://localhost/PropertyEditor.php?PropertyID=0&Type=p' to include 'PropertyList.php'
      at Context.eval (webpack://churchcrm/./cypress/e2e/ui/admin/admin.people.spec.js:52:17)

Not sure if this is a test failure (and we need to update the CI script) or code failure and we're introducing a new failure.

MrClever
MrClever reviewed Dec 30, 2023
View reviewed changes
Copy link
Collaborator

@MrClever MrClever left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See previous comment re CI failures.

@MrClever MrClever self-requested a review December 30, 2023 06:20
@DAcodedBEAT
Copy link
Contributor Author

@MrClever Thanks for doing the once-over! this change is deprioritized until 5.4.1 is out.

I just pushed this up so folks are aware and we avoid potentially duplicated efforts.

@DawoudIO DawoudIO added this to the 5.5.0 milestone Dec 30, 2023
@DAcodedBEAT DAcodedBEAT marked this pull request as ready for review January 4, 2024 03:48
@DAcodedBEAT DAcodedBEAT requested a review from DawoudIO as a code owner January 4, 2024 03:48
@DawoudIO DawoudIO merged commit fdc296e into master Jan 4, 2024
1 check passed
@DawoudIO DawoudIO deleted the sql-strings-to-orm branch January 4, 2024 05:00
@DAcodedBEAT DAcodedBEAT mentioned this pull request Jan 25, 2024
Merged
11 tasks
@DawoudIO DawoudIO mentioned this pull request Apr 17, 2024
Closed
@respencer respencer mentioned this pull request Apr 20, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MrClever MrClever Awaiting requested review from MrClever

@DawoudIO DawoudIO Awaiting requested review from DawoudIO

Assignees
No one assigned
Labels
Code Smell php Pull requests that update Php code Platform: Database Security
Projects
None yet
Milestone
5.5.0
Development

Successfully merging this pull request may close these issues.
3 participants
@DAcodedBEAT @MrClever @DawoudIO