From d4a6d3f6c0da784f4a6c927b2b718c6d844ba683 Mon Sep 17 00:00:00 2001 From: mark_story Date: Wed, 14 Jan 2015 22:18:13 -0500 Subject: [PATCH] Fix numeric values not being quoted for MySQL set columns. Set columns should always have their values quoted. Not quoting values makes MySQL do bad things. Refs #5649 --- lib/Cake/Model/Datasource/Database/Mysql.php | 11 ++++++++++ lib/Cake/Model/Datasource/DboSource.php | 6 ++++-- .../Model/Datasource/Database/MysqlTest.php | 21 +++++++++++++++++++ 3 files changed, 36 insertions(+), 2 deletions(-) diff --git a/lib/Cake/Model/Datasource/Database/Mysql.php b/lib/Cake/Model/Datasource/Database/Mysql.php index a18706078..63fda04ab 100644 --- a/lib/Cake/Model/Datasource/Database/Mysql.php +++ b/lib/Cake/Model/Datasource/Database/Mysql.php @@ -795,6 +795,17 @@ class Mysql extends DboSource { return 'text'; } +/** + * {@inheritDoc} + */ + public function value($data, $column = null) { + $value = parent::value($data, $column); + if (is_numeric($value) && substr($column, 0, 3) === 'set') { + return $this->_connection->quote($value); + } + return $value; + } + /** * Gets the schema name * diff --git a/lib/Cake/Model/Datasource/DboSource.php b/lib/Cake/Model/Datasource/DboSource.php index c18f3318a..b94d9eb6c 100644 --- a/lib/Cake/Model/Datasource/DboSource.php +++ b/lib/Cake/Model/Datasource/DboSource.php @@ -354,8 +354,10 @@ class DboSource extends DataSource { return str_replace(',', '.', strval($data)); } if ((is_int($data) || $data === '0') || ( - is_numeric($data) && strpos($data, ',') === false && - $data[0] != '0' && strpos($data, 'e') === false) + is_numeric($data) && + strpos($data, ',') === false && + $data[0] != '0' && + strpos($data, 'e') === false) ) { return $data; } diff --git a/lib/Cake/Test/Case/Model/Datasource/Database/MysqlTest.php b/lib/Cake/Test/Case/Model/Datasource/Database/MysqlTest.php index 994ad75e1..6c52c06d3 100644 --- a/lib/Cake/Test/Case/Model/Datasource/Database/MysqlTest.php +++ b/lib/Cake/Test/Case/Model/Datasource/Database/MysqlTest.php @@ -553,6 +553,10 @@ class MysqlTest extends CakeTestCase { $result = $this->Dbo->column('decimal(14,7) unsigned'); $expected = 'decimal'; $this->assertEquals($expected, $result); + + $result = $this->Dbo->column("set('a','b','c')"); + $expected = "set('a','b','c')"; + $this->assertEquals($expected, $result); } /** @@ -4071,4 +4075,21 @@ SQL; $this->Dbo->useNestedTransactions = $nested; } +/** + * Test that value() quotes set values even when numeric. + * + * @return void + */ + public function testSetValue() { + $column = "set('a','b','c')"; + $result = $this->Dbo->value('1', $column); + $this->assertEquals("'1'", $result); + + $result = $this->Dbo->value(1, $column); + $this->assertEquals("'1'", $result); + + $result = $this->Dbo->value('a', $column); + $this->assertEquals("'a'", $result); + } + }