SQLiteStorage: sanitized keys for operator LIKE

dg · dg · commit dc543c20b7e1 · 2017-08-18T17:27:10.000+02:00
diff --git a/src/Caching/Storages/SQLiteStorage.php b/src/Caching/Storages/SQLiteStorage.php
@@ -58,6 +58,7 @@ public function __construct($path)
 	 */
 	public function read(string $key)
 	{
+		$key = self::sanitize($key);
 		$stmt = $this->pdo->prepare('SELECT data, slide FROM cache WHERE key=? AND (expire IS NULL OR expire >= ?)');
 		$stmt->execute([$key, time()]);
 		if ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) {
@@ -75,6 +76,7 @@ public function read(string $key)
 	 */
 	public function bulkRead(array $keys): array
 	{
+		$keys = array_map([self::class, 'sanitize'], $keys);
 		$stmt = $this->pdo->prepare('SELECT key, data, slide FROM cache WHERE key IN (?' . str_repeat(',?', count($keys) - 1) . ') AND (expire IS NULL OR expire >= ?)');
 		$stmt->execute(array_merge($keys, [time()]));
 		$result = [];
@@ -83,7 +85,7 @@ public function bulkRead(array $keys): array
 			if ($row['slide'] !== null) {
 				$updateSlide[] = $row['key'];
 			}
-			$result[$row['key']] = unserialize($row['data']);
+			$result[str_replace("\x01", Cache::NAMESPACE_SEPARATOR, $row['key'])] = unserialize($row['data']);
 		}
 		if (!empty($updateSlide)) {
 			$stmt = $this->pdo->prepare('UPDATE cache SET expire = ? + slide WHERE key IN(?' . str_repeat(',?', count($updateSlide) - 1) . ')');
@@ -106,6 +108,7 @@ public function lock(string $key): void
 	 */
 	public function write(string $key, $data, array $dependencies): void
 	{
+		$key = self::sanitize($key);
 		$expire = isset($dependencies[Cache::EXPIRATION]) ? $dependencies[Cache::EXPIRATION] + time() : null;
 		$slide = isset($dependencies[Cache::SLIDING]) ? $dependencies[Cache::EXPIRATION] : null;
 
@@ -131,7 +134,7 @@ public function write(string $key, $data, array $dependencies): void
 	public function remove(string $key): void
 	{
 		$this->pdo->prepare('DELETE FROM cache WHERE key=?')
-			->execute([$key]);
+			->execute([self::sanitize($key)]);
 	}
 
 
@@ -156,4 +159,10 @@ public function clean(array $conditions): void
 			$this->pdo->prepare($sql)->execute($args);
 		}
 	}
+
+
+	private function sanitize($key)
+	{
+		return str_replace(Cache::NAMESPACE_SEPARATOR, "\x01", $key);
+	}
 }

Original file line number	Diff line number	Diff line change
`@@ -58,6 +58,7 @@ public function __construct($path)`
`58`	`58`	`*/`
`59`	`59`	`public function read(string $key)`
`60`	`60`	`{`
	`61`	`+ $key = self::sanitize($key);`
`61`	`62`	`$stmt = $this->pdo->prepare('SELECT data, slide FROM cache WHERE key=? AND (expire IS NULL OR expire >= ?)');`
`62`	`63`	`$stmt->execute([$key, time()]);`
`63`	`64`	`if ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) {`
`@@ -75,6 +76,7 @@ public function read(string $key)`
`75`	`76`	`*/`
`76`	`77`	`public function bulkRead(array $keys): array`
`77`	`78`	`{`
	`79`	`+ $keys = array_map([self::class, 'sanitize'], $keys);`
`78`	`80`	`$stmt = $this->pdo->prepare('SELECT key, data, slide FROM cache WHERE key IN (?' . str_repeat(',?', count($keys) - 1) . ') AND (expire IS NULL OR expire >= ?)');`
`79`	`81`	`$stmt->execute(array_merge($keys, [time()]));`
`80`	`82`	`$result = [];`
`@@ -83,7 +85,7 @@ public function bulkRead(array $keys): array`
`83`	`85`	`if ($row['slide'] !== null) {`
`84`	`86`	`$updateSlide[] = $row['key'];`
`85`	`87`	`}`
`86`		`- $result[$row['key']] = unserialize($row['data']);`
	`88`	`+ $result[str_replace("\x01", Cache::NAMESPACE_SEPARATOR, $row['key'])] = unserialize($row['data']);`
`87`	`89`	`}`
`88`	`90`	`if (!empty($updateSlide)) {`
`89`	`91`	`$stmt = $this->pdo->prepare('UPDATE cache SET expire = ? + slide WHERE key IN(?' . str_repeat(',?', count($updateSlide) - 1) . ')');`
`@@ -106,6 +108,7 @@ public function lock(string $key): void`
`106`	`108`	`*/`
`107`	`109`	`public function write(string $key, $data, array $dependencies): void`
`108`	`110`	`{`
	`111`	`+ $key = self::sanitize($key);`
`109`	`112`	`$expire = isset($dependencies[Cache::EXPIRATION]) ? $dependencies[Cache::EXPIRATION] + time() : null;`
`110`	`113`	`$slide = isset($dependencies[Cache::SLIDING]) ? $dependencies[Cache::EXPIRATION] : null;`
`111`	`114`
`@@ -131,7 +134,7 @@ public function write(string $key, $data, array $dependencies): void`
`131`	`134`	`public function remove(string $key): void`
`132`	`135`	`{`
`133`	`136`	`$this->pdo->prepare('DELETE FROM cache WHERE key=?')`
`134`		`- ->execute([$key]);`
	`137`	`+ ->execute([self::sanitize($key)]);`
`135`	`138`	`}`
`136`	`139`
`137`	`140`
`@@ -156,4 +159,10 @@ public function clean(array $conditions): void`
`156`	`159`	`$this->pdo->prepare($sql)->execute($args);`
`157`	`160`	`}`
`158`	`161`	`}`
	`162`	`+`
	`163`	`+`
	`164`	`+ private function sanitize($key)`
	`165`	`+ {`
	`166`	`+ return str_replace(Cache::NAMESPACE_SEPARATOR, "\x01", $key);`
	`167`	`+ }`
`159`	`168`	`}`