Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-24 16:56:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix backtick character handling in sql queries (#1490312)

Browse Source
This commit is contained in:
Aleksander Machniak
2015-03-12 09:44:31 +01:00
parent 22409b88c5
commit 496972bf95
4 changed files with 112 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
program/lib/Roundcube/rcube_db.php
View File

@@ -448,10 +448,15 @@ class rcube_db
}
}
// replace escaped '?' back to normal, see self::quote()
$query = str_replace('??', '?', $query);
$query = rtrim($query, " \t\n\r\0\x0B;");
// replace escaped '?' and quotes back to normal, see self::quote()
$query = str_replace(
array('??', self::DEFAULT_QUOTE.self::DEFAULT_QUOTE),
array('?', self::DEFAULT_QUOTE),
$query
);
// log query
$this->debug($query);
@@ -516,9 +521,6 @@ class rcube_db
}
}
// replace escaped quote back to normal, see self::quote()
$query = str_replace($quote.$quote, $quote, $query);
return $query;
}

9
program/lib/Roundcube/rcube_db_oracle.php
View File

@@ -155,10 +155,15 @@ class rcube_db_oracle extends rcube_db
}
}
// replace escaped '?' back to normal, see self::quote()
$query = str_replace('??', '?', $query);
$query = rtrim($query, " \t\n\r\0\x0B;");
// replace escaped '?' and quotes back to normal, see self::quote()
$query = str_replace(
array('??', self::DEFAULT_QUOTE.self::DEFAULT_QUOTE),
array('?', self::DEFAULT_QUOTE),
$query
);
// log query
$this->debug($query);