diff --git a/DataStorage/Database/Query/Builder.php b/DataStorage/Database/Query/Builder.php index 9766b4412..1ffccdac0 100644 --- a/DataStorage/Database/Query/Builder.php +++ b/DataStorage/Database/Query/Builder.php @@ -356,17 +356,8 @@ class Builder extends BuilderAbstract */ public function raw(string $raw) : Builder { - if ($this->isReadOnly) { - $test = strtolower($raw); - - if (strpos($test, 'insert') !== false - || strpos($test, 'update') !== false - || strpos($test, 'drop') !== false - || strpos($test, 'delete') !== false - || strpos($test, 'create') !== false - || strpos($test, 'alter') !== false) { - throw new \Exception(); - } + if (!$this->isValidReadOnly($raw)) { + throw new \Exception(); } $this->type = QueryType::RAW; @@ -375,6 +366,37 @@ class Builder extends BuilderAbstract return $this; } + /** + * Tests if a string contains a non read only component in case the builder is read only. + * If the builder is not read only it will always return true + * + * @param string $raw Raw query + * + * @return bool + * + * @since 1.0.0 + */ + private function isValidReadOnly($raw) : bool + { + if (!$this->isReadOnly) { + return true; + } + + $test = strtolower($raw); + + if (strpos($test, 'insert') !== false + || strpos($test, 'update') !== false + || strpos($test, 'drop') !== false + || strpos($test, 'delete') !== false + || strpos($test, 'create') !== false + || strpos($test, 'alter') !== false + ) { + return false; + } + + return true; + } + /** * Make raw column selection. * @@ -459,36 +481,31 @@ class Builder extends BuilderAbstract */ public function where($columns, $operator = null, $values = null, $boolean = 'and') : Builder { - // TODO: handle $value is null -> operator NULL if (isset($operator) && !is_array($operator) && !in_array(strtolower($operator), self::OPERATORS)) { throw new \InvalidArgumentException('Unknown operator.'); } - if (is_array($columns)) { - $i = 0; - foreach ($columns as $key => $column) { - if (isset($operator[$i]) && !in_array(strtolower($operator[$i]), self::OPERATORS)) { - throw new \InvalidArgumentException('Unknown operator.'); - } + if (is_string($columns)) { + $colums = [$columns]; + $operator = [$operator]; + $values = [$values]; + $boolean = [$boolean]; + } - $this->wheres[self::getPublicColumnName($column)][] = [ - 'column' => $column, - 'operator' => $operator[$i], - 'value' => $values[$i], - 'boolean' => $boolean[$i], - ]; - - $i++; - } - } elseif (is_string($columns)) { - if (isset($operator) && !in_array(strtolower($operator), self::OPERATORS)) { + $i = 0; + foreach ($columns as $key => $column) { + if (isset($operator[$i]) && !in_array(strtolower($operator[$i]), self::OPERATORS)) { throw new \InvalidArgumentException('Unknown operator.'); } - $this->wheres[self::getPublicColumnName($columns)][] = ['column' => $columns, 'operator' => $operator, 'value' => $values, - 'boolean' => $boolean,]; - } else { - throw new \InvalidArgumentException(); + $this->wheres[self::getPublicColumnName($column)][] = [ + 'column' => $column, + 'operator' => $operator[$i], + 'value' => $values[$i], + 'boolean' => $boolean[$i], + ]; + + $i++; } return $this; diff --git a/Message/Http/Header.php b/Message/Http/Header.php index bebc3c445..131725aca 100644 --- a/Message/Http/Header.php +++ b/Message/Http/Header.php @@ -71,18 +71,18 @@ class Header extends HeaderAbstract throw new LockException('HTTP header'); } + if (self::isSecurityHeader($key) && isset($this->header[$key])) { + throw new \Exception('Cannot change security headers.'); + } + $key = strtolower($key); if (!$overwrite && isset($this->header[$key])) { return false; - } elseif ($overwrite || !isset($this->header[$key])) { - if (self::isSecurityHeader($key) && isset($this->header[$key])) { - throw new \Exception('Cannot change security headers.'); - } - - unset($this->header[$key]); } + unset($this->header[$key]); + if (!isset($this->header[$key])) { $this->header[$key] = []; }