Backported security bugfix for Doctrine OCI8 adapter

97638edc · Benjamin Eberlei · 7090fc50 · 97638edc
Commit 97638edc authored Sep 25, 2011 by Benjamin Eberlei
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 2 deletions

OCI8Connection.php lib/Doctrine/DBAL/Driver/OCI8/OCI8Connection.php +6 -2

No files found.
--- a/lib/Doctrine/DBAL/Driver/OCI8/OCI8Connection.php
+++ b/lib/Doctrine/DBAL/Driver/OCI8/OCI8Connection.php
@@ -81,9 +81,13 @@ class OCI8Connection implements \Doctrine\DBAL\Driver\Connection
     * @param int $type PDO::PARAM* 
     * @return mixed
     */
-    public function quote($input, $type=\PDO::PARAM_STR)
+    public function quote($value, $type=\PDO::PARAM_STR)
    {
-        return is_numeric($input) ? $input : "'$input'";
+        if (is_int($value) || is_float($value)) {
+            return $value;
+        }
+        $value = str_replace("'", "''", $value);
+        return "'" . addcslashes($value, "\000\n\r\\\032") . "'";
    }

    /**