Legacy MySQL Scanner

By gversion - November 1, 2018

Hello,

When I run the Legacy MySQL Scanner on the latest version of cmsb (v3.15 (Build 2209)) I see the following legacy code:

/cmsb/lib/schema_functions.php
mysql_encrypt_column -
/cmsb/lib/mysql_functions.php
mysql_decrypt_addSelectExpr -
mysql_decrypt_column -
mysql_encryptExpr_colsToValues -
mysql_encrypt_column -
mysql_encrypt_listColumns -
mysql_isSupportedColumn -
/cmsb/lib/menus/admin/general.php
mysql_encrypt_listColumns -
/cmsb/lib/menus/default/save.php
mysql_encryptExpr_colsToValues -
/cmsb/lib/menus/database/editField_functions.php
mysql_decrypt_column -
mysql_encrypt_column -
mysql_isSupportedColumn -
/cmsb/lib/upgrade_functions.php
mysql_encrypt_listColumns -
/cmsb/lib/viewer_functions.php
mysql_decrypt_addSelectExpr -

I guess you guys will be updating this in a future release of cmsb? Or is it not necessary to?

Thank you,

Greg

By Dave - November 6, 2018

Hi Greg, 

Thanks for reporting that.  Those are false-positives you can safely ignore those or update /plugins/legacyMySQLScanner.php as follows: 

Replace the $GLOBALS['LMSCANNER_SKIP_SUFFIXES'] = [ line with:

// these are mysql_* suffixes to skip because they're no related to legacy mysql_ functions
$GLOBALS['LMSCANNER_SKIP_SUFFIXES'] = [ 
'count',
'datetime',
'decrypt_addSelectExpr',
'decrypt_column',
'decrypt_getColumnsNamesOrExpr',
'delete',
'do',
'encrypt_column',
'encrypt_listColumns',
'encryptExpr_colsToValues',
'escape',
'escapecsv',
'escapef',
'escapeLikeWildcards',
'fetch',
'get',
'get_lock',
'get_query',
'getcolstovaluesfromrequest',
'getMysqlSetValues',
'getvaluesascsv',
'insert',
'isConnected',
'isSupportedColumn',
'limit',
'query_fetch_all_array',
'query_fetch_all_assoc',
'query_fetch_row_array',
'query_fetch_row_assoc',
'release_lock',
'select',
'select_count_from',
'select_query',
'session_storage',
'set',
'update',
'where',
];

And I'll update that for the next version as well.  Thanks!

Dave Edis - Senior Developer

interactivetools.com