From: Alexander Mashin Date: Sun, 1 Oct 2017 00:46:51 +0000 (+0000) Subject: Ensure only strings are passed to mysql_real_escape_string() X-Git-Tag: 1.31.0-rc.0~1826^2 X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/exercices/modifier.php?a=commitdiff_plain;h=c428c2cf364859a1b17e733f7166f9dac70919da;p=lhc%2Fweb%2Fwiklou.git Ensure only strings are passed to mysql_real_escape_string() Under some conditions (Semantic MediaWiki, Gadgets), an integer is passed to DatabaseMysqli::mysqlRealEscapeString (). This integer is, in turn, passed to mysqli::real_escape_string (), which needs a string. Under HHVM 3.19.1 (at least) this type mismatch causes an exception. A typecast should prevent it. I repeated the patch in other DB drivers where I could find a function that escaped strings for SQL. Bug: T163646 Change-Id: I1b7820bc064dc79498cf9f17747f745990c526b7 --- diff --git a/includes/libs/rdbms/database/DatabaseMssql.php b/includes/libs/rdbms/database/DatabaseMssql.php index 4ebc6233ed..8a69eec428 100644 --- a/includes/libs/rdbms/database/DatabaseMssql.php +++ b/includes/libs/rdbms/database/DatabaseMssql.php @@ -1065,7 +1065,6 @@ class DatabaseMssql extends Database { */ public function strencode( $s ) { // Should not be called by us - return str_replace( "'", "''", $s ); } diff --git a/includes/libs/rdbms/database/DatabaseMysql.php b/includes/libs/rdbms/database/DatabaseMysql.php index d81d9096fd..58b092669b 100644 --- a/includes/libs/rdbms/database/DatabaseMysql.php +++ b/includes/libs/rdbms/database/DatabaseMysql.php @@ -203,7 +203,7 @@ class DatabaseMysql extends DatabaseMysqlBase { protected function mysqlRealEscapeString( $s ) { $conn = $this->getBindingHandle(); - return mysql_real_escape_string( $s, $conn ); + return mysql_real_escape_string( (string)$s, $conn ); } } diff --git a/includes/libs/rdbms/database/DatabaseMysqli.php b/includes/libs/rdbms/database/DatabaseMysqli.php index 4c3cbddf76..c1a56988d5 100644 --- a/includes/libs/rdbms/database/DatabaseMysqli.php +++ b/includes/libs/rdbms/database/DatabaseMysqli.php @@ -316,7 +316,7 @@ class DatabaseMysqli extends DatabaseMysqlBase { protected function mysqlRealEscapeString( $s ) { $conn = $this->getBindingHandle(); - return $conn->real_escape_string( $s ); + return $conn->real_escape_string( (string)$s ); } /** diff --git a/includes/libs/rdbms/database/DatabasePostgres.php b/includes/libs/rdbms/database/DatabasePostgres.php index 5719a1fcea..5a7da4976f 100644 --- a/includes/libs/rdbms/database/DatabasePostgres.php +++ b/includes/libs/rdbms/database/DatabasePostgres.php @@ -1175,7 +1175,7 @@ SQL; public function strencode( $s ) { // Should not be called by us - return pg_escape_string( $this->getBindingHandle(), $s ); + return pg_escape_string( $this->getBindingHandle(), (string)$s ); } public function addQuotes( $s ) { @@ -1196,7 +1196,7 @@ SQL; return 'DEFAULT'; } - return "'" . pg_escape_string( $conn, $s ) . "'"; + return "'" . pg_escape_string( $conn, (string)$s ) . "'"; } /** diff --git a/includes/libs/rdbms/database/DatabaseSqlite.php b/includes/libs/rdbms/database/DatabaseSqlite.php index 870fc3eeca..2b0660707c 100644 --- a/includes/libs/rdbms/database/DatabaseSqlite.php +++ b/includes/libs/rdbms/database/DatabaseSqlite.php @@ -790,7 +790,7 @@ class DatabaseSqlite extends Database { return "x'" . bin2hex( $s->fetch() ) . "'"; } elseif ( is_bool( $s ) ) { return (int)$s; - } elseif ( strpos( $s, "\0" ) !== false ) { + } elseif ( strpos( (string)$s, "\0" ) !== false ) { // SQLite doesn't support \0 in strings, so use the hex representation as a workaround. // This is a known limitation of SQLite's mprintf function which PDO // should work around, but doesn't. I have reported this to php.net as bug #63419: @@ -806,9 +806,9 @@ class DatabaseSqlite extends Database { 'For consistency all binary data should have been ' . 'first processed with self::encodeBlob()' ); - return "x'" . bin2hex( $s ) . "'"; + return "x'" . bin2hex( (string)$s ) . "'"; } else { - return $this->mConn->quote( $s ); + return $this->mConn->quote( (string)$s ); } }