mirror of
https://github.com/moodle/moodle.git
synced 2025-04-20 16:04:25 +02:00
MDL-19452 Fix oracle/mssql drivers behaviour when using magic_quotes_sybase leading to wrongly escaped contents. Many thanks to Sam Moffatt! Merged from 19_STABLE
This commit is contained in:
stronk7
parent
a5d75d2af1
commit
3cf4c8fabf
@ -2604,7 +2604,9 @@ http://www.stanford.edu/dept/itss/docs/oracle/10g/server.101/b10759/statements_1
|
||||
// undo magic quotes for "
|
||||
$s = str_replace('\\"','"',$s);
|
||||
|
||||
if ($this->replaceQuote == "\\'") // ' already quoted, no need to change anything
|
||||
// moodle change start - see readme_moodle.txt
|
||||
if ($this->replaceQuote == "\\'" || ini_get('magic_quotes_sybase')) // ' already quoted, no need to change anything
|
||||
// moodle change end - see readme_moodle.txt
|
||||
return $s;
|
||||
else {// change \' to '' for sybase/mssql
|
||||
$s = str_replace('\\\\','\\',$s);
|
||||
@ -2638,7 +2640,9 @@ http://www.stanford.edu/dept/itss/docs/oracle/10g/server.101/b10759/statements_1
|
||||
// undo magic quotes for "
|
||||
$s = str_replace('\\"','"',$s);
|
||||
|
||||
if ($this->replaceQuote == "\\'") // ' already quoted, no need to change anything
|
||||
// moodle change start - see readme_moodle.txt
|
||||
if ($this->replaceQuote == "\\'" || ini_get('magic_quotes_sybase')) // ' already quoted, no need to change anything
|
||||
// moodle change end - see readme_moodle.txt
|
||||
return "'$s'";
|
||||
else {// change \' to '' for sybase/mssql
|
||||
$s = str_replace('\\\\','\\',$s);
|
||||
|
||||
@ -738,6 +738,46 @@ order by constraint_name, referenced_table_name, keyno";
|
||||
}
|
||||
return $rez;
|
||||
}
|
||||
|
||||
// moodle change start - see readme_moodle.txt
|
||||
/**
|
||||
* Correctly quotes a string so that all strings are escaped. We prefix and append
|
||||
* to the string single-quotes.
|
||||
* An example is $db->qstr("Don't bother",magic_quotes_runtime());
|
||||
*
|
||||
* @param s the string to quote
|
||||
* @param [magic_quotes] if $s is GET/POST var, set to get_magic_quotes_gpc().
|
||||
* This undoes the stupidity of magic quotes for GPC.
|
||||
*
|
||||
* @return quoted string to be sent back to database
|
||||
*/
|
||||
function qstr($s,$magic_quotes=false)
|
||||
{
|
||||
if (!$magic_quotes) {
|
||||
|
||||
if ($this->replaceQuote[0] == '\\'){
|
||||
// only since php 4.0.5
|
||||
$s = adodb_str_replace(array('\\',"\0"),array('\\\\',"\\\0"),$s);
|
||||
//$s = str_replace("\0","\\\0", str_replace('\\','\\\\',$s));
|
||||
}
|
||||
return "'".str_replace("'",$this->replaceQuote,$s)."'";
|
||||
}
|
||||
|
||||
// undo magic quotes for " unless sybase is on
|
||||
$sybase = ini_get('magic_quotes_sybase');
|
||||
if (!$sybase) {
|
||||
$s = str_replace('\\"','"',$s);
|
||||
if ($this->replaceQuote == "\\'") // ' already quoted, no need to change anything
|
||||
return "'$s'";
|
||||
else {// change \' to '' for sybase/mssql
|
||||
$s = str_replace('\\\\','\\',$s);
|
||||
return "'".str_replace("\\'",$this->replaceQuote,$s)."'";
|
||||
}
|
||||
} else {
|
||||
return "'".$s."'";
|
||||
}
|
||||
}
|
||||
// moodle change end - see readme_moodle.txt
|
||||
|
||||
// returns true or false
|
||||
function _close()
|
||||
@ -1061,4 +1101,4 @@ order by constraint_name, ordinal_position
|
||||
http://www.databasejournal.com/scripts/article.php/1440551
|
||||
*/
|
||||
|
||||
?>
|
||||
?>
|
||||
|
||||
@ -1282,13 +1282,18 @@ SELECT /*+ RULE */ distinct b.column_name
|
||||
}
|
||||
return "'".str_replace("'",$this->replaceQuote,$s)."'";
|
||||
}
|
||||
// moodle change start - see readme_moodle.txt
|
||||
|
||||
// undo magic quotes for "
|
||||
$s = str_replace('\\"','"',$s);
|
||||
|
||||
$s = str_replace('\\\\','\\',$s);
|
||||
return "'".str_replace("\\'",$this->replaceQuote,$s)."'";
|
||||
|
||||
// undo magic quotes for " unless sybase is on
|
||||
$sybase = ini_get('magic_quotes_sybase');
|
||||
if (!$sybase) {
|
||||
$s = str_replace('\\"','"',$s);
|
||||
$s = str_replace('\\\\','\\',$s);
|
||||
return "'".str_replace("\\'",$this->replaceQuote,$s)."'";
|
||||
} else {
|
||||
return "'".$s."'";
|
||||
}
|
||||
// moodle change end - see readme_moodle.txt
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -18,6 +18,11 @@ Our changes: /// Look for "moodle" in adodb code
|
||||
* adodb-lib.inc.php - modify some debug output to be correct XHTML. MDL-12378.
|
||||
Reported to ADOdb at: http://phplens.com/lens/lensforum/msgs.php?id=17133
|
||||
Once fixed by adodb guys, we'll return to their official distro.
|
||||
* drivers/adodb-mssql.inc.php, drivers/adodb-oci8.inc.php (qstr) and
|
||||
adodb.inc.php (addq and qstr) - fixed wrong "undo magic quotes" that was
|
||||
ignoring "magic_quotes_sybase" and leading to wrongly escaped contents. MDL-19452
|
||||
Reported privately to John Lim, will be added to upstream soon. Once fixed
|
||||
we'll return to their official distro.
|
||||
|
||||
skodak, iarenaza, moodler, stronk7
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user