This patch introduced database transaction support to the Dba driver via
the DbaTransaction class.
The goal of this is to allow the driver control over the creation and
finalization of database transactions.
Until now code that has needed transaction support has done so directly
by issuing "BEGIN", "ROLLBACK" and "COMMIT" commands to the underlying
database directly.
This has several disadvantages:
- We do have no control or knowledge of whether any transactions being
active.
- Since transactions can not be nested, we run the risk of unrelated
code trying to create a transaction when one is already active.
- Code using transactions are not testable, as the test runner wraps
all tests within a transaction to begin with.
This patch should eliminate all these problems.
A transaction is started by instantiating the DbaTransaction class:
$my_transaction = new \DbaTransaction();
The transaction will automatically be _rolled back_ if it has not been
committed before the instance is destroyed. (When the variable holding
it goes out of scope, i.e when the containing function returns.)
A transaction is committed like this:
$my_transaction->commit();
This will immediately commit the changes in the transaction, and the
transaction will be marked as committed, so it will not be attempted to
be rolled back on destruction.
I have chosen to "ignore" the problem of nested transactions by having
the DbaTransaction class _not_ initiate a new transaction if one is
already active. This also makes the rollback and commit actions of the
DbaTransaction class into no-ops.
An alternative would be to simulate nested transactions by using save
points if a transaction is already active. However, I'm unsure about
wether there's any safe way to avoid all potential pitfalls when doing
that.
In any case, nested transactions should preferably be avoided, and
afaict we don't rely on that in any of the existing code. The reason we
need to support it in some way is that it's needed for testing where the
code under test is creating a transaction on it's own. (Since each test
is run within a db transaction to begin with.)
Also, I have taken the liberty to assume a PDO based db driver for this
stuff. I don't think that's going to be a problem, as that's the only
thing supported by the rest of the code in any case.
Moves the logic for unwrapping broken lines in html (and Markdown) to
the node processing, instead of doing it over the full html content.
This allows us to skip if for code blocks (aka `<code>` elements within
`<pre>` elements).
The validate_email function relied on doing an actual domain lookup (on
supported platforms) to validate the domain of the email address. This
does not work too well in testing environments where we may not want to
spam the DNS system, if it at all is available.
Apart from the the function did very little to actually verify that it
was a valid email address.
This patch tries to change that by usng a somewhat stricted regex based
validation. While this may not be perfect, it should be good enough in
the vast majority of cases. For platforms where no validation was
performed with the old version, it will at least be an improvement.
Also, it allows testing without having an external network connection.
Also clarify the doc comment, that it does not actually try to resolve
the email address, just the domain.
The debug log will be stored in the test/results directory, and archived
as part of the artifacts of the CI run. This should make it easier to
get some debugging info out from the CI runs if they fail.
It seems that PostgreSQL will not update the autoincrement index of the
table when inserting rows with an id set. Later inserts without an id
set will then fail, because they get assigned an id that already exists.
MySQL seems to handle this just fine.
Why the id column was added in the first place, one may wonder, but
that's how it were.
In any case, this broke the PostgreSQL tests in the gitlab CI
environment. (While it mysteriously worked in my local ddev
environment.) Anyways, the id column is not needed, and things work
better without them.
As the Symphony\Yaml stuff disappeared with behat, we need another way
to load read the yaml files with database fixtures for the integration
tests.
As the php yaml extension is not distributed with PHP by default, this
creates it as another dev dependency!
This should fix issue #1828.
This patch makes it explicit that we store arrays in the config as json
encoded arrays, while we allow both json encoded and PHP serialized
arrays to be deserialized correctly. Unless it's a brand new install,
the existing data in the database will be PHP serialized.
I've also added a hardening measure in case we fall back to PHP
unserialize, making sure we're not vulnerable to a PHP Object Injection
attack. This means that deserializing arrays containing PHP objects will
no longer work, but afaict we never do that anyways, so I don't think
that should break anything.
Add type annotations for constructor and set* methods, and throw an
exception if the passed in arrays are missing required keys. This means
that both invalid input types and missing keys will throw and exception
rather than just die with a runtime error.
There's not checks to verify that the contents of the required array
keys are valid or make sense, though. They are just assigned, and
returned as is by the get method when requested.
Also, the set_from_array method is not well tested at the moment.
These tests actually tests both the get_tags() function, and the
handle_tags() function. The latter don't work, and should probably be
split into it's own test cases.
There's also some stubs here that we may want to deal with in another
way.
Also removed meaningless "test" of intval() builtin function. It behaves
as documented, no need for us to test it.
The escaping makes the URL safe for display and for use in HTML element
attributes (such as href="..." etc), but does not guarantee that the URL
itself is valid after conversion. This should be good enough for
mitigating XSS issues caused by injecting html or javascript into a URL.
Also probably good enough for _most_ normal URLs, but there may be
devils hidden in the details somewhere.
