[ticket/16538] Add identifiers quoting

If reserved word is used as identifier, it must be quoted. If alias is used elsewhere in SQL statement, it must be quoted. PHPBB3-16535 PHPBB3-16538
2025-03-14 20:50:30 +01:00 · 2020-06-27 12:11:48 +07:00 · 2020-06-27 12:11:48 +07:00 · 0bc9d87891
commit 0bc9d87891
parent 3bbe0f1d4e
10 changed files with 62 additions and 6 deletions
--- a/phpBB/includes/functions_posting.php
+++ b/phpBB/includes/functions_posting.php
@ -118,7 +118,7 @@ function generate_smilies($mode, $forum_id)
 				SMILIES_TABLE => 's',
 			],
 			'GROUP_BY'	=> 's.smiley_url, s.smiley_width, s.smiley_height',
-			'ORDER_BY'	=> 'min_smiley_order',
+			'ORDER_BY'	=> $db->sql_quote('min_smiley_order'),
 		];
 	}
 	else
--- a/phpBB/install/convert/convertor.php
+++ b/phpBB/install/convert/convertor.php
@ -1300,7 +1300,7 @@ class convertor
 						else
 						{
 							// No table alias
-							$sql_data['source_tables'][$m[1]] = (empty($convert->src_table_prefix)) ? $m[1] : $convert->src_table_prefix . $m[1] . ' ' . $m[1];
+							$sql_data['source_tables'][$m[1]] = (empty($convert->src_table_prefix)) ? $m[1] : $convert->src_table_prefix . $m[1] . ' ' . $db->sql_quote($m[1]);
 						}
 						$sql_data['select_fields'][$value_1] = $value_1;
@ -1314,7 +1314,7 @@ class convertor
 				{
 					foreach ($m[1] as $value)
 					{
-						$sql_data['source_tables'][$value] = (empty($convert->src_table_prefix)) ? $value : $convert->src_table_prefix . $value . ' ' . $value;
+						$sql_data['source_tables'][$value] = (empty($convert->src_table_prefix)) ? $value : $convert->src_table_prefix . $value . ' ' . $db->sql_quote($value);
 					}
 				}
 			}
@ -1323,7 +1323,7 @@ class convertor
 		// Add the aliases to the list of tables
 		foreach ($aliases as $alias => $table)
 		{
-			$sql_data['source_tables'][$alias] = $convert->src_table_prefix . $table . ' ' . $alias;
+			$sql_data['source_tables'][$alias] = $convert->src_table_prefix . $table . ' ' . $db->sql_quote($alias);
 		}
 		// 'left_join'		=> 'forums LEFT JOIN forum_prune ON forums.forum_id = forum_prune.forum_id',
--- a/phpBB/phpbb/db/driver/driver_interface.php
+++ b/phpBB/phpbb/db/driver/driver_interface.php
@ -464,4 +464,12 @@ interface driver_interface
 	* @return string	A SQL statement like: "IN (1, 2, 3, 4)" or "= 1"
 	*/
 	public function sql_in_set($field, $array, $negate = false, $allow_empty_set = false);
 	/**
 	* Quote identifiers used in sql query
 	*
 	* @param	string	$msg	String to be quoted
 	* @return	string		Quoted version of $msg
 	*/
 	public function sql_quote($msg);
 }
--- a/phpBB/phpbb/db/driver/factory.php
+++ b/phpBB/phpbb/db/driver/factory.php
@ -456,4 +456,12 @@ class factory implements driver_interface
 	{
 		return $this->get_driver()->sql_in_set($field, $array, $negate, $allow_empty_set);
 	}
 	/**
 	* {@inheritdoc}
 	*/
 	public function sql_quote($msg)
 	{
 		return $this->get_driver()->sql_quote($msg);
 	}
 }
--- a/phpBB/phpbb/db/driver/mssql_base.php
+++ b/phpBB/phpbb/db/driver/mssql_base.php
@ -76,4 +76,12 @@ abstract class mssql_base extends \phpbb\db\driver\driver
 	{
 		return $data;
 	}
 	/**
 	* {@inheritDoc}
 	*/
 	function sql_quote($msg)
 	{
 		return '"' . $msg . '"';
 	}
 }
--- a/phpBB/phpbb/db/driver/mysqli.php
+++ b/phpBB/phpbb/db/driver/mysqli.php
@ -489,4 +489,12 @@ class mysqli extends \phpbb\db\driver\mysql_base
 			break;
 		}
 	}
 	/**
 	* {@inheritDoc}
 	*/
 	function sql_quote($msg)
 	{
 		return '`' . $msg . '`';
 	}
 }
--- a/phpBB/phpbb/db/driver/oracle.php
+++ b/phpBB/phpbb/db/driver/oracle.php
@ -818,4 +818,12 @@ class oracle extends \phpbb\db\driver\driver
 			break;
 		}
 	}
 	/**
 	* {@inheritDoc}
 	*/
 	function sql_quote($msg)
 	{
 		return '"' . $msg . '"';
 	}
 }
--- a/phpBB/phpbb/db/driver/postgres.php
+++ b/phpBB/phpbb/db/driver/postgres.php
@ -497,4 +497,12 @@ class postgres extends \phpbb\db\driver\driver
 			break;
 		}
 	}
 	/**
 	* {@inheritDoc}
 	*/
 	function sql_quote($msg)
 	{
 		return '"' . $msg . '"';
 	}
 }
--- a/phpBB/phpbb/db/driver/sqlite3.php
+++ b/phpBB/phpbb/db/driver/sqlite3.php
@ -427,4 +427,12 @@ class sqlite3 extends \phpbb\db\driver\driver
 			break;
 		}
 	}
 	/**
 	* {@inheritDoc}
 	*/
 	function sql_quote($msg)
 	{
 		return '\'' . $msg . '\'';
 	}
 }
--- a/tests/functional/smilies_test.php
+++ b/tests/functional/smilies_test.php
@ -28,7 +28,7 @@ class phpbb_functional_smilies_test extends phpbb_functional_test_case
 				SMILIES_TABLE => 's',
 			],
 			'GROUP_BY'	=> 's.smiley_url, s.smiley_width, s.smiley_height',
-			'ORDER_BY'	=> 'min_smiley_order',
+			'ORDER_BY'	=> $db->sql_quote('min_smiley_order'),
 		];
 		$sql = $db->sql_build_query('SELECT', $sql_ary);
 		$result = $db->sql_query($sql);
@ -39,7 +39,7 @@ class phpbb_functional_smilies_test extends phpbb_functional_test_case
 		$crawler = self::request('GET', 'posting.php?mode=smilies');
 		foreach ($smilies as $index => $smiley)
 		{
-			$this->assertContains($smiley['smiley_url'],
+			$this->assertStringContainsString($smiley['smiley_url'],
 				$crawler->filter('div[class="inner"] > a > img')->eq($index)->attr('src')
 			);
 		}