[development] dba.module ported to 4.7.x -- patches need review

Derek Wright drupal at dwwright.net
Sun Nov 19 11:38:48 UTC 2006 

On Nov 16, 2006, at 11:51 AM, Derek Wright wrote:

> a) submitted patches for those 4.7.x porting issues so we can add a  
> DRUPAL-4-7 branch

i went on a rampage and decided to tackle this.  the interested  
reader is encouraged to review the following 4 issues/patches:

http://drupal.org/node/40661
http://drupal.org/node/40660
http://drupal.org/node/68274
http://drupal.org/node/98457

the only way to get to the UI for #40660 is to either a) know the  
full URLs or b) just apply #40661 (since it fixes the admin/database  
overview page which provides all the links).

all 4 patches apply independently of each other, but if you want a  
fully working 4.7.x port, you need all 4.

i had to do some major surgery for the FAPI conversion.  however, i  
didn't go through the whole module, line by line, to audit for  
problems -- i was just trying to fix the known-bugs.  so, there are  
still some missing t(), some improper theme() related stuff, some  
places it's looking at $_POST directly when it probably shouldn't be,  
and some highly scary direct SQL.  however, all of the scary SQL  
stuff is within the admin interface, and that's all a big UI for  
running queries directly... so the SQL injection the admin could do  
to herself isn't really a threat we have to be worried about on a  
page that lets them type in whatever query they want into a nice  
textfield. ;)  that said, i'd still like to take another look at all  
of this sometime when it's not 3:30am, and any other security-minded  
developers would be welcome to join me in auditing this highly  
powerful (and therefore dangerous) module.

anyway, i believe those 4 patches are all that stands in the way of a  
DRUPAL-4-7 branch for dba.module.  unless there are major objections  
or someone finds problems in my patches in the next 24 hours or so,  
i'm planning to commit everything, add the branch, make a  
DRUPAL-4-7--1-0 release tag, and create a 4.7.x-1.0 release node for it.

thanks,
-derek

More information about the development mailing list