adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 11:28:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixing vulnerability in field quoting in DboSource

Browse source 
git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@6594 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
nate 2008-03-20 16:40:45 +00:00
parent 47eb421091
commit d60191a1f6
2 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
cake/libs/model/datasources/dbo_source.php
View file

@ -1688,9 +1688,7 @@ class DboSource extends DataSource {
$data = $this->name($key) . ' ' . $match['1'] . ' ' . $match['2'];
} else {
if (!empty($match['2']) && $quoteValues) {
if (!preg_match('/[A-Za-z]+\\([a-z0-9]*\\),?\\x20+/', $match['2'])) {
$match['2'] = $this->value($match['2']);
}
$match['2'] = $this->value($match['2']);
$match['2'] = str_replace(' AND ', "' AND '", $match['2']);
}
$data = $this->__quoteFields($key);

6
cake/tests/cases/libs/model/datasources/dbo_source.test.php
View file

@ -1660,7 +1660,11 @@ class DboSourceTest extends CakeTestCase {
$this->assertPattern('/^\s*WHERE\s+\(\(`Usergroup`\.`permissions`\)\s+& 4\)\s+=\s+4\s*$/', $result);
$result = $this->db->conditions(array('Post.modified' => '>= DATE_SUB(NOW(), INTERVAL 7 DAY)'));
$expected = " WHERE `Post`.`modified` >= DATE_SUB(NOW(), INTERVAL 7 DAY)";
$expected = " WHERE `Post`.`modified` >= 'DATE_SUB(NOW(), INTERVAL 7 DAY)'";
$this->assertEqual($result, $expected);
$result = $this->db->conditions(array('Post.modified >= DATE_SUB(NOW(), INTERVAL 7 DAY)'));
$expected = " WHERE `Post`.`modified` >= DATE_SUB(NOW(), INTERVAL 7 DAY)";
$this->assertEqual($result, $expected);
$result = $this->db->conditions(array(