[Security] Fix security problem in AbstractPlatform::modifyLimitQuery

ca360d7a · Benjamin Eberlei · 556351d9 · ca360d7a · ca360d7a · ca360d7a
Commit ca360d7a authored Mar 20, 2011 by Benjamin Eberlei
4 changed files
--- a/lib/Doctrine/DBAL/Platforms/AbstractPlatform.php
+++ b/lib/Doctrine/DBAL/Platforms/AbstractPlatform.php
@@ -1960,13 +1960,40 @@ abstract class AbstractPlatform
        return 'H:i:s';
    }

-    public function modifyLimitQuery($query, $limit, $offset = null)
+    /**
+     * Modify limit query
+     * 
+     * @param string $query
+     * @param int $limit
+     * @param int $offset
+     * @return string
+     */
+    final public function modifyLimitQuery($query, $limit, $offset = null)
+    {
+        if ( $limit !== null) {
+            $limit = (int)$limit;
+        }
+
+        if ( $offset !== null) {
+            $offset = (int)$offset;
+        }
+
+        return $this->doModifyLimitQuery($query, $limit, $offset);
+    }
+
+    /**
+     * @param string $query
+     * @param int $limit
+     * @param int $offset
+     * @return string
+     */
+    protected function doModifyLimitQuery($query, $limit, $offset)
    {
-        if ( ! is_null($limit)) {
+        if ( $limit !== null) {
            $query .= ' LIMIT ' . $limit;
        }

-        if ( ! is_null($offset)) {
+        if ( $offset !== null) {
            $query .= ' OFFSET ' . $offset;
        }


--- a/lib/Doctrine/DBAL/Platforms/DB2Platform.php
+++ b/lib/Doctrine/DBAL/Platforms/DB2Platform.php
@@ -453,7 +453,7 @@ class DB2Platform extends AbstractPlatform
        return "SESSION." . $tableName;
    }

-    public function modifyLimitQuery($query, $limit, $offset = null)
+    protected function doModifyLimitQuery($query, $limit, $offset = null)
    {
        if ($limit === null && $offset === null) {
            return $query;

--- a/lib/Doctrine/DBAL/Platforms/MsSqlPlatform.php
+++ b/lib/Doctrine/DBAL/Platforms/MsSqlPlatform.php
@@ -583,14 +583,14 @@ class MsSqlPlatform extends AbstractPlatform
     * @link http://lists.bestpractical.com/pipermail/rt-devel/2005-June/007339.html
     * @return string
     */
-    public function modifyLimitQuery($query, $limit, $offset = null)
+    protected function doModifyLimitQuery($query, $limit, $offset = null)
    {
        if ($limit > 0) {
            $count = intval($limit);
            $offset = intval($offset);

            if ($offset < 0) {
-                throw new Doctrine_Connection_Exception("LIMIT argument offset=$offset is not valid");
+                throw new DBALException("LIMIT argument offset=$offset is not valid");
            }

            if ($offset == 0) {

--- a/lib/Doctrine/DBAL/Platforms/OraclePlatform.php
+++ b/lib/Doctrine/DBAL/Platforms/OraclePlatform.php
@@ -555,7 +555,7 @@ LEFT JOIN all_cons_columns r_cols
     * @param integer $offset       start reading from given offset
     * @return string               the modified query
     */
-    public function modifyLimitQuery($query, $limit, $offset = null)
+    protected function doModifyLimitQuery($query, $limit, $offset = null)
    {
        $limit = (int) $limit;
        $offset = (int) $offset;