DBAL-149 - Fixed security issue with quoteIdentifier()

lib/Doctrine/DBAL/Platforms/AbstractPlatform.php

@@ -1002,7 +1002,7 @@ abstract class AbstractPlatform
     {
         $c = $this->getIdentifierQuoteCharacter();
 
-        return $c . $str . $c;
+        return $c . str_replace($c, $c.$c, $str) . $c;
     }
 
     /**

lib/Doctrine/DBAL/Platforms/MsSqlPlatform.php

@@ -786,6 +786,6 @@ class MsSqlPlatform extends AbstractPlatform
      */
     public function quoteIdentifier($str)
     {
-        return "[" . $str . "]";
+        return "[" . str_replace("]", "][", $str) . "]";
     }
 }

tests/Doctrine/Tests/DBAL/Platforms/AbstractPlatformTestCase.php

@@ -16,6 +16,16 @@ abstract class AbstractPlatformTestCase extends \Doctrine\Tests\DbalTestCase
         $this->_platform = $this->createPlatform();
     }
 
+    public function testQuoteIdentifier()
+    {
+        if ($this->_platform->getName() == "mssql") {
+            $this->markTestSkipped('Not working this way on mssql.');
+        }
+
+        $c = $this->_platform->getIdentifierQuoteCharacter();
+        $this->assertEquals(str_repeat($c, 4), $this->_platform->quoteIdentifier($c));
+    }
+
     public function testGetInvalidtForeignKeyReferentialActionSQL()
     {
         $this->setExpectedException('InvalidArgumentException');

tests/Doctrine/Tests/DBAL/Platforms/MsSqlPlatformTest.php

@@ -171,4 +171,8 @@ class MsSqlPlatformTest extends AbstractPlatformTestCase
         $this->assertEquals('SELECT TOP 10 * FROM user ORDER BY username DESC', $sql);
     }
 
+    public function testQuoteIdentifier()
+    {
+        $this->assertEquals('[fo][o]', $this->_platform->quoteIdentifier('fo]o'));
+    }
 }
\ No newline at end of file