Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
D
doctrine-dbal
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Tomáš Trávníček
doctrine-dbal
Commits
925b2587
Commit
925b2587
authored
Aug 29, 2011
by
Benjamin Eberlei
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
DBAL-149 - Fixed security issue with quoteIdentifier()
parent
eab4e5a0
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
16 additions
and
3 deletions
+16
-3
AbstractPlatform.php
lib/Doctrine/DBAL/Platforms/AbstractPlatform.php
+1
-1
MsSqlPlatform.php
lib/Doctrine/DBAL/Platforms/MsSqlPlatform.php
+1
-1
AbstractPlatformTestCase.php
...octrine/Tests/DBAL/Platforms/AbstractPlatformTestCase.php
+10
-0
MsSqlPlatformTest.php
tests/Doctrine/Tests/DBAL/Platforms/MsSqlPlatformTest.php
+4
-1
No files found.
lib/Doctrine/DBAL/Platforms/AbstractPlatform.php
View file @
925b2587
...
@@ -1166,7 +1166,7 @@ abstract class AbstractPlatform
...
@@ -1166,7 +1166,7 @@ abstract class AbstractPlatform
{
{
$c
=
$this
->
getIdentifierQuoteCharacter
();
$c
=
$this
->
getIdentifierQuoteCharacter
();
return
$c
.
$str
.
$c
;
return
$c
.
str_replace
(
$c
,
$c
.
$c
,
$str
)
.
$c
;
}
}
/**
/**
...
...
lib/Doctrine/DBAL/Platforms/MsSqlPlatform.php
View file @
925b2587
...
@@ -792,6 +792,6 @@ class MsSqlPlatform extends AbstractPlatform
...
@@ -792,6 +792,6 @@ class MsSqlPlatform extends AbstractPlatform
*/
*/
public
function
quoteIdentifier
(
$str
)
public
function
quoteIdentifier
(
$str
)
{
{
return
"["
.
$str
.
"]"
;
return
"["
.
str_replace
(
"]"
,
"]["
,
$str
)
.
"]"
;
}
}
}
}
tests/Doctrine/Tests/DBAL/Platforms/AbstractPlatformTestCase.php
View file @
925b2587
...
@@ -16,6 +16,16 @@ abstract class AbstractPlatformTestCase extends \Doctrine\Tests\DbalTestCase
...
@@ -16,6 +16,16 @@ abstract class AbstractPlatformTestCase extends \Doctrine\Tests\DbalTestCase
$this
->
_platform
=
$this
->
createPlatform
();
$this
->
_platform
=
$this
->
createPlatform
();
}
}
public
function
testQuoteIdentifier
()
{
if
(
$this
->
_platform
->
getName
()
==
"mssql"
)
{
$this
->
markTestSkipped
(
'Not working this way on mssql.'
);
}
$c
=
$this
->
_platform
->
getIdentifierQuoteCharacter
();
$this
->
assertEquals
(
str_repeat
(
$c
,
4
),
$this
->
_platform
->
quoteIdentifier
(
$c
));
}
public
function
testGetInvalidtForeignKeyReferentialActionSQL
()
public
function
testGetInvalidtForeignKeyReferentialActionSQL
()
{
{
$this
->
setExpectedException
(
'InvalidArgumentException'
);
$this
->
setExpectedException
(
'InvalidArgumentException'
);
...
...
tests/Doctrine/Tests/DBAL/Platforms/MsSqlPlatformTest.php
View file @
925b2587
...
@@ -171,5 +171,8 @@ class MsSqlPlatformTest extends AbstractPlatformTestCase
...
@@ -171,5 +171,8 @@ class MsSqlPlatformTest extends AbstractPlatformTestCase
$this
->
assertEquals
(
'SELECT TOP 10 * FROM user ORDER BY username DESC'
,
$sql
);
$this
->
assertEquals
(
'SELECT TOP 10 * FROM user ORDER BY username DESC'
,
$sql
);
}
}
public
function
testQuoteIdentifier
()
{
$this
->
assertEquals
(
'[fo][o]'
,
$this
->
_platform
->
quoteIdentifier
(
'fo]o'
));
}
}
}
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment