Merged
Conversation
This backports several important bug fixes from recent 5.x PRs: **From PR #1001 (Fix release readiness issues for 5.x):** - Fix copy-paste bug in Migrator::shouldDropTables() using $messages['down'] instead of $messages['missing'] - Fix uninitialized $command property in Migrations.php - Fix weak equality in Table::saveData() (use !== instead of !=) - Replace assert() with explicit RuntimeException in BaseSeed for production safety - Fix DumpCommand using non-existent $io->error() method (should be $io->err()) - Replace unsafe addslashes() with proper driver escaping (schemaValue()) for column comments in MysqlAdapter::getRenameColumnInstructions() **From PR #1002 (Quote database names in PostgreSQL and SQL Server adapters):** - PostgresAdapter: Quote database name and charset in createDatabase() - PostgresAdapter: Quote database name in dropDatabase() - SqlserverAdapter: Use quoteSchemaName() instead of manual brackets in createDatabase() and dropDatabase() - SqlserverAdapter: Fix SQL injection vulnerability in dropDatabase() **From PR #1003 (Improve SQL quoting and fix docblock issues):** - SqlserverAdapter: Use quoteString() for sp_rename parameters in getRenameTableInstructions() and getRenameColumnInstructions() - PostgresAdapter/SqlserverAdapter: Use quoteColumnName() for foreign key column definitions instead of hard-coded double quotes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This backports several important bug fixes from recent 5.x PRs (#1001, #1002, #1003):
From PR #1001 (Fix release readiness issues for 5.x):
Migrator::shouldDropTables()using$messages['down']instead of$messages['missing']$commandproperty inMigrations.phpTable::saveData()(use!==instead of!=)assert()with explicitRuntimeExceptioninBaseSeedfor production safety (assertions can be disabled in production)DumpCommandusing non-existent$io->error()method (should be$io->err())addslashes()with proper driver escaping (schemaValue()) for column comments inMysqlAdapter::getRenameColumnInstructions()From PR #1002 (Quote database names in PostgreSQL and SQL Server adapters):
PostgresAdapter: Quote database name and charset increateDatabase()PostgresAdapter: Quote database name indropDatabase()SqlserverAdapter: UsequoteSchemaName()instead of manual brackets increateDatabase()anddropDatabase()SqlserverAdapter: Fix SQL injection vulnerability indropDatabase()From PR #1003 (Improve SQL quoting and fix docblock issues):
SqlserverAdapter: UsequoteString()forsp_renameparameters ingetRenameTableInstructions()andgetRenameColumnInstructions()PostgresAdapter/SqlserverAdapter: UsequoteColumnName()for foreign key column definitions instead of hard-coded double quotesGiven that 5.x requires Cake5.3+ it seems important to have the gap on bugs a bit smaller between those major versions of migrations.