Commit 71e4ae50 authored by Benjamin Eberlei's avatar Benjamin Eberlei

DBAL-149 - Fixed security issue with quoteIdentifier()

parent 22f88e0b
...@@ -1002,7 +1002,7 @@ abstract class AbstractPlatform ...@@ -1002,7 +1002,7 @@ abstract class AbstractPlatform
{ {
$c = $this->getIdentifierQuoteCharacter(); $c = $this->getIdentifierQuoteCharacter();
return $c . $str . $c; return $c . str_replace($c, $c.$c, $str) . $c;
} }
/** /**
......
...@@ -786,6 +786,6 @@ class MsSqlPlatform extends AbstractPlatform ...@@ -786,6 +786,6 @@ class MsSqlPlatform extends AbstractPlatform
*/ */
public function quoteIdentifier($str) public function quoteIdentifier($str)
{ {
return "[" . $str . "]"; return "[" . str_replace("]", "][", $str) . "]";
} }
} }
...@@ -16,6 +16,16 @@ abstract class AbstractPlatformTestCase extends \Doctrine\Tests\DbalTestCase ...@@ -16,6 +16,16 @@ abstract class AbstractPlatformTestCase extends \Doctrine\Tests\DbalTestCase
$this->_platform = $this->createPlatform(); $this->_platform = $this->createPlatform();
} }
public function testQuoteIdentifier()
{
if ($this->_platform->getName() == "mssql") {
$this->markTestSkipped('Not working this way on mssql.');
}
$c = $this->_platform->getIdentifierQuoteCharacter();
$this->assertEquals(str_repeat($c, 4), $this->_platform->quoteIdentifier($c));
}
public function testGetInvalidtForeignKeyReferentialActionSQL() public function testGetInvalidtForeignKeyReferentialActionSQL()
{ {
$this->setExpectedException('InvalidArgumentException'); $this->setExpectedException('InvalidArgumentException');
......
...@@ -171,4 +171,8 @@ class MsSqlPlatformTest extends AbstractPlatformTestCase ...@@ -171,4 +171,8 @@ class MsSqlPlatformTest extends AbstractPlatformTestCase
$this->assertEquals('SELECT TOP 10 * FROM user ORDER BY username DESC', $sql); $this->assertEquals('SELECT TOP 10 * FROM user ORDER BY username DESC', $sql);
} }
public function testQuoteIdentifier()
{
$this->assertEquals('[fo][o]', $this->_platform->quoteIdentifier('fo]o'));
}
} }
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment