Skip to content

Commit

Permalink
SQLiteStorage: sanitized keys for operator LIKE
Browse files Browse the repository at this point in the history
  • Loading branch information
dg committed Aug 18, 2017
1 parent 13afec7 commit dc543c2
Showing 1 changed file with 11 additions and 2 deletions.
13 changes: 11 additions & 2 deletions src/Caching/Storages/SQLiteStorage.php
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ public function __construct($path)
*/
public function read(string $key)
{
$key = self::sanitize($key);
$stmt = $this->pdo->prepare('SELECT data, slide FROM cache WHERE key=? AND (expire IS NULL OR expire >= ?)');
$stmt->execute([$key, time()]);
if ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) {
Expand All @@ -75,6 +76,7 @@ public function read(string $key)
*/
public function bulkRead(array $keys): array
{
$keys = array_map([self::class, 'sanitize'], $keys);
$stmt = $this->pdo->prepare('SELECT key, data, slide FROM cache WHERE key IN (?' . str_repeat(',?', count($keys) - 1) . ') AND (expire IS NULL OR expire >= ?)');
$stmt->execute(array_merge($keys, [time()]));
$result = [];
Expand All @@ -83,7 +85,7 @@ public function bulkRead(array $keys): array
if ($row['slide'] !== null) {
$updateSlide[] = $row['key'];
}
$result[$row['key']] = unserialize($row['data']);
$result[str_replace("\x01", Cache::NAMESPACE_SEPARATOR, $row['key'])] = unserialize($row['data']);
}
if (!empty($updateSlide)) {
$stmt = $this->pdo->prepare('UPDATE cache SET expire = ? + slide WHERE key IN(?' . str_repeat(',?', count($updateSlide) - 1) . ')');
Expand All @@ -106,6 +108,7 @@ public function lock(string $key): void
*/
public function write(string $key, $data, array $dependencies): void
{
$key = self::sanitize($key);
$expire = isset($dependencies[Cache::EXPIRATION]) ? $dependencies[Cache::EXPIRATION] + time() : null;
$slide = isset($dependencies[Cache::SLIDING]) ? $dependencies[Cache::EXPIRATION] : null;

Expand All @@ -131,7 +134,7 @@ public function write(string $key, $data, array $dependencies): void
public function remove(string $key): void
{
$this->pdo->prepare('DELETE FROM cache WHERE key=?')
->execute([$key]);
->execute([self::sanitize($key)]);
}


Expand All @@ -156,4 +159,10 @@ public function clean(array $conditions): void
$this->pdo->prepare($sql)->execute($args);
}
}


private function sanitize($key)
{
return str_replace(Cache::NAMESPACE_SEPARATOR, "\x01", $key);
}
}

0 comments on commit dc543c2

Please sign in to comment.