mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

[Change] Remove NUL-Bytes directly in request_var() for strings and within the custom DBAL sql_escape() functions (MSSQL, Firebird, Oracle) (reported by AdhostMikeSw)

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@8968 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2008-10-02 12:05:13 +00:00
parent 8f2b4562b1
commit 9a7804cb71
6 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/includes/db/firebird.php
View File

@@ -351,7 +351,7 @@ class dbal_firebird extends dbal
*/
function sql_escape($msg)
{
return str_replace("'", "''", $msg);
return str_replace(array("'", "\0"), array("''", ''), $msg);
}
/**

2
phpBB/includes/db/mssql.php
View File

@@ -302,7 +302,7 @@ class dbal_mssql extends dbal
*/
function sql_escape($msg)
{
return str_replace("'", "''", $msg);
return str_replace(array("'", "\0"), array("''", ''), $msg);
}
/**

2
phpBB/includes/db/mssql_odbc.php
View File

@@ -312,7 +312,7 @@ class dbal_mssql_odbc extends dbal
*/
function sql_escape($msg)
{
return str_replace("'", "''", $msg);
return str_replace(array("'", "\0"), array("''", ''), $msg);
}
/**

2
phpBB/includes/db/oracle.php
View File

@@ -515,7 +515,7 @@ class dbal_oracle extends dbal
*/
function sql_escape($msg)
{
return str_replace("'", "''", $msg);
return str_replace(array("'", "\0"), array("''", ''), $msg);
}
/**