vor 9 Jahren · bf3f40605b
--- a/library/Zend/Db/Select.php
+++ b/library/Zend/Db/Select.php
@@ -81,7 +81,9 @@ class Zend_Db_Select
 
				     const SQL_ASC        = 'ASC';
			
 
				     const SQL_DESC       = 'DESC';
			
 
				 
			
 
				-    const REGEX_COLUMN_EXPR = '/^([\w]*\s*\(([^\(\)]|(?1))*\))$/';
			
 
				+    const REGEX_COLUMN_EXPR       = '/^([\w]*\s*\(([^\(\)]|(?1))*\))$/';
			
 
				+    const REGEX_COLUMN_EXPR_ORDER = '/^([\w]+\s*\(([^\(\)]|(?1))*\))$/';
			
 
				+    const REGEX_COLUMN_EXPR_GROUP = '/^([\w]+\s*\(([^\(\)]|(?1))*\))$/';
			
 
				 
			
 
				     /**
			
 
				      * Bind variables for query
			
@@ -511,7 +513,7 @@ class Zend_Db_Select
 
				         }
			
 
				 
			
 
				         foreach ($spec as $val) {
			
 
				-            if (preg_match(self::REGEX_COLUMN_EXPR, (string) $val)) {
			
 
				+            if (preg_match(self::REGEX_COLUMN_EXPR_GROUP, (string) $val)) {
			
 
				                 $val = new Zend_Db_Expr($val);
			
 
				             }
			
 
				             $this->_parts[self::GROUP][] = $val;
			
@@ -603,7 +605,7 @@ class Zend_Db_Select
 
				                     $val = trim($matches[1]);
			
 
				                     $direction = $matches[2];
			
 
				                 }
			
 
				-                if (preg_match(self::REGEX_COLUMN_EXPR, (string) $val)) {
			
 
				+                if (preg_match(self::REGEX_COLUMN_EXPR_ORDER, (string) $val)) {
			
 
				                     $val = new Zend_Db_Expr($val);
			
 
				                 }
			
 
				                 $this->_parts[self::ORDER][] = array($val, $direction);
			
--- a/tests/Zend/Db/Select/StaticTest.php
+++ b/tests/Zend/Db/Select/StaticTest.php
@@ -834,6 +834,10 @@ class Zend_Db_Select_StaticTest extends Zend_Db_Select_TestCommon
 
				         $select = $this->_db->select();
			
 
				         $select->from(array('p' => 'products'))->order('MD5(1);drop table products; -- )');
			
 
				         $this->assertEquals('SELECT "p".* FROM "products" AS "p" ORDER BY "MD5(1);drop table products; -- )" ASC', $select->assemble());
			
 
				+
			
 
				+        $select = $this->_db->select();
			
 
				+        $select->from('p')->order("MD5(\";(\");DELETE FROM p2; SELECT 1 #)");
			
 
				+        $this->assertEquals('SELECT "p".* FROM "p" ORDER BY "MD5("";("");DELETE FROM p2; SELECT 1 #)" ASC', $select->assemble());
			
 
				     }
			
 
				 
			
 
				     public function testSqlInjectionWithGroup()
			
@@ -845,6 +849,10 @@ class Zend_Db_Select_StaticTest extends Zend_Db_Select_TestCommon
 
				         $select = $this->_db->select();
			
 
				         $select->from(array('p' => 'products'))->group('MD5(1); drop table products; -- )');
			
 
				         $this->assertEquals('SELECT "p".* FROM "products" AS "p" GROUP BY "MD5(1); drop table products; -- )"', $select->assemble());
			
 
				+
			
 
				+        $select = $this->_db->select();
			
 
				+        $select->from('p')->group("MD5(\";(\");DELETE FROM p2; SELECT 1 #)");
			
 
				+        $this->assertEquals('SELECT "p".* FROM "p" GROUP BY "MD5("";("");DELETE FROM p2; SELECT 1 #)"', $select->assemble());
			
 
				     }
			
 
				 
			
 
				     public function testSqlInjectionInColumn()