[horde] Horde_Db 2.1.0 trashed Installation

Jan Schneider jan at horde.org
Tue Mar 4 13:48:06 UTC 2014 

Zitat von lst_hoe02 at kwsoft.de:

> Zitat von Jan Schneider <jan at horde.org>:
>
>> Zitat von lst_hoe02 at kwsoft.de:
>>
>>> Zitat von Jan Schneider <jan at horde.org>:
>>>
>>>> Zitat von lst_hoe02 at kwsoft.de:
>>>>
>>>>> Hello,
>>>>>
>>>>> after installing the today updates Horde/IMP was not able to  
>>>>> start und logged the following error over and over again:
>>>>>
>>>>> [Tue Mar 04 12:01:56 2014] [error] [client 213.164.67.65] PHP  
>>>>> Fatal error:  Call to a member function quote() on a non-object  
>>>>> in /usr/share/php/Horde/Db/Adapter/Pdo/Base.php on line 304
>>>>>
>>>>> I have reverted to Horde_Db 2.0.4 which fixed the error. Any  
>>>>> idea what went wrong??
>>>>>
>>>>> Regards
>>>>>
>>>>> Andreas
>>>>
>>>> Not without further information, at least a backtrace from debug  
>>>> logs. I assume you've run all migrations.
>>>
>>> I tried, but horde-db-migrate refuses with the very same error  
>>> message. With version 2.0.4 from Horde_Db some migrations are  
>>> done. I could try to now reinstall Horde_Db 2.1.0 but this looks  
>>> like a bad pitfall, no?
>>>
>>> Regards
>>>
>>> Andreas
>>
>> If it would run fine here and on every developer's systems too, it  
>> would have been released, so no.
>
> The new Horde_Db version seem to barff on the following hook from  
> horde/config/prefs.local.php which has worked some years until now:
>
> // user preferred email address for From: line
> // If you lock this preference, you must specify a value or a hook for it in
> // horde/config/hooks.php.
>
> $userId = $registry->getAuth();
> $db = $GLOBALS['injector']->getInstance('Horde_Db_Adapter');
> $db->connect();
> $result = $db->selectAssoc("SELECT alias,alias FROM  
> postfix_virtual_aliases WHERE user_uid='$userId'");
> $db->disconnect();
>
> $_prefs['from_addr'] = array(
>     'value' => '',
>     'type' => 'enum',
>     'enum' => $result,
>     'desc' =>  _("The default e-mail address to use with this identity:")
> );
>
> It is needed to provide the users a list of available mail aliases  
> and prevent from using random addresses as sender address.
>
> Any idea why this is not workign anymore or how to improve this?
>
> Thanks
>
> Andreas

Don't connect or disconnect. And don't add this to prefs.local.php  
file. If you need logic for default values, add a preference hook.

Besides that, you are vulnerable to SQL injection. Use this instead:

$result = $GLOBALS['injector']->getInstance('Horde_Db_Adapter')
     ->selectValue(
         'SELECT alias FROM postfix_virtual_aliases',
         array($GLOBALS['registry']->getAuth())
     );
-- 
Jan Schneider
The Horde Project
http://www.horde.org/
https://www.facebook.com/hordeproject

More information about the horde mailing list