Home Explore Help
Sign In
boarspring
/
repo_zf1
mirror of https://github.com/bluescreen/zf1-php7.2.git
2
0
Fork 1
Files Issues 0 Wiki
Browse Source

[#372] Quote null byte characters

- Implements a patch that ensures that null byte characters are properly quoted
  in the SQL Server adapter.
Matthew Weier O'Phinney 11 years ago
parent
d516863100
commit
a784d7e355
2 changed files with 12 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      library/Zend/Db/Adapter/Sqlsrv.php
  2. 11 0
      tests/Zend/Db/Adapter/SqlsrvTest.php

+ 1 - 0
library/Zend/Db/Adapter/Sqlsrv.php
View File 

@@ -314,6 +314,7 @@ class Zend_Db_Adapter_Sqlsrv extends Zend_Db_Adapter_Abstract
 
             return sprintf('%F', $value);
 
         }
 
 
+        $value = addcslashes($value, "\000\032");
 
         return "'" . str_replace("'", "''", $value) . "'";
 
     }

+ 11 - 0
tests/Zend/Db/Adapter/SqlsrvTest.php
View File 

@@ -558,4 +558,15 @@ class Zend_Db_Adapter_SqlsrvTest extends Zend_Db_Adapter_TestCommon
 
     {
 
         return 'Sqlsrv';
 
     }
 
+
 
+    /**
 
+     * test that quote() escapes null byte character
 
+     * in a string.
 
+     */
 
+    public function testAdapterQuoteNullByteCharacter()
 
+    {
 
+        $string = "1\0";
 
+        $value  = $this->_db->quote($string);
 
+        $this->assertEquals("'1\\000'", $value);
 
+    }
 
 }