Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BC Break after removing method \Doctrine\DBAL\Driver\PDOConnection::quote #4281

Closed
Shahelm opened this issue Sep 21, 2020 · 8 comments · Fixed by #4287
Closed

BC Break after removing method \Doctrine\DBAL\Driver\PDOConnection::quote #4281

Shahelm opened this issue Sep 21, 2020 · 8 comments · Fixed by #4287
Labels
BC Break Quoting
Milestone
2.11.1

Comments

@Shahelm
Copy link

Shahelm commented Sep 21, 2020

The problem appeared in releases 2.10.3 commit

The problem is that now, with strict mode enabled, nothing but string cannot be passed to \Doctrine\DBAL\Driver\PDOConnection::quote. These changes break backward compatibility and should not have been recorded as minor changes.
@greg0ire
Copy link
Member

greg0ire commented Sep 22, 2020
edited
Loading

The removed method had an {@inheritdoc} annotation, which means passing something else than a string Doctrine\DBAL\Driver\PDOConnection::quote was a violation. So I'd say this report is invalid, what do you think @morozov ?

See https://www.php.net/manual/en/pdo.quote.php

@Shahelm
Copy link
Author

Shahelm commented Sep 22, 2020

Small digression:
This change can lead to a TypeError where there was none before.

@ekosogin
Copy link

ekosogin commented Sep 22, 2020
edited
Loading

I confirm TypeError. Also backward compatibility was broken

@greg0ire
Copy link
Member

greg0ire commented Sep 22, 2020
edited
Loading

Phpstan says it's an API violation: https://phpstan.org/r/c7f52e44-e49b-4905-b829-df22ff5cd7f9
Psalm is OK with it: https://psalm.dev/r/91ecd537bd

@morozov
Copy link
Member

morozov commented Sep 22, 2020
edited
Loading

In this case, the caller deals with a driver connection which happens to be implemented via PDO but should allow passing anything:

dbal/lib/Doctrine/DBAL/Driver/Connection.php

Lines 31 to 39 in b5e1599

/**
* Quotes a string for use in a query.
*
* @param mixed $value
* @param int $type
*
* @return mixed
*/
public function quote($value, $type = ParameterType::STRING);

While it's technically a BC break, there are a few of circumstances:

  1. With the release of 2.11.0, 2.10.x only accepts security fixes, so we can only fix it in 2.11.x.
  2. The issue is only reproducible in strict mode meaning that the caller opts in passing valid types (well, int is a valid type according to the API).
  3. It's clearly a bug on the calling side. There's no need to quote integers.

Before fixing it in 2.11.x, I'd like to see why the reporters want to be able to quote an integer.

@Shahelm
Copy link
Author

Shahelm commented Sep 22, 2020

There is no reason for quote an integer, just the old api allowed to do it, the problem was discovered by accident during testing after the update.

@morozov
Copy link
Member

morozov commented Sep 22, 2020
edited
Loading

The API still allows it, so it has to be fixed. I'm going to assign this issue to the 2.11.1 milestone. It doesn't look that critical to warrant another 2.10.x release.

@morozov morozov added this to the 2.11.1 milestone Sep 22, 2020
This was referenced Sep 22, 2020
Closed
Merged
@github-actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
BC Break Quoting
Projects
None yet
Milestone
2.11.1
Development

Successfully merging a pull request may close this issue.

Restore PDOStatement::quote() for backward compatibility morozov/dbal
4 participants
@morozov @greg0ire @Shahelm @ekosogin