Quote seemingly numeric values in SQL, as they might

actually be strings which may not convert 1:1 if passed
to MySQL as numbers.

fix for Bug 255: Number articles on Special:Newpages
http://bugzilla.wikipedia.org/show_bug.cgi?id=255

diff --git a/includes/Database.php b/includes/Database.php
index acfab2b..b964055 100644 (file)
--- a/includes/Database.php
+++ b/includes/Database.php
@@ -696,7 +696,11 @@ class Database {
        function addQuotes( $s ) {
                if ( is_null( $s ) ) {
                        $s = 'NULL';
-               } else if ( !is_numeric( $s ) ) {
+               } else {
+                       # This will also quote numeric values. This should be harmless,
+                       # and protects against weird problems that occur when they really
+                       # _are_ strings such as article titles and string->number->string
+                       # conversion is not 1:1.
                        $s = "'" . $this->strencode( $s ) . "'";
                } 
                return $s;