Commit ca360d7a authored by Benjamin Eberlei's avatar Benjamin Eberlei

[Security] Fix security problem in AbstractPlatform::modifyLimitQuery

parent 556351d9
...@@ -1960,13 +1960,40 @@ abstract class AbstractPlatform ...@@ -1960,13 +1960,40 @@ abstract class AbstractPlatform
return 'H:i:s'; return 'H:i:s';
} }
public function modifyLimitQuery($query, $limit, $offset = null) /**
* Modify limit query
*
* @param string $query
* @param int $limit
* @param int $offset
* @return string
*/
final public function modifyLimitQuery($query, $limit, $offset = null)
{
if ( $limit !== null) {
$limit = (int)$limit;
}
if ( $offset !== null) {
$offset = (int)$offset;
}
return $this->doModifyLimitQuery($query, $limit, $offset);
}
/**
* @param string $query
* @param int $limit
* @param int $offset
* @return string
*/
protected function doModifyLimitQuery($query, $limit, $offset)
{ {
if ( ! is_null($limit)) { if ( $limit !== null) {
$query .= ' LIMIT ' . $limit; $query .= ' LIMIT ' . $limit;
} }
if ( ! is_null($offset)) { if ( $offset !== null) {
$query .= ' OFFSET ' . $offset; $query .= ' OFFSET ' . $offset;
} }
......
...@@ -453,7 +453,7 @@ class DB2Platform extends AbstractPlatform ...@@ -453,7 +453,7 @@ class DB2Platform extends AbstractPlatform
return "SESSION." . $tableName; return "SESSION." . $tableName;
} }
public function modifyLimitQuery($query, $limit, $offset = null) protected function doModifyLimitQuery($query, $limit, $offset = null)
{ {
if ($limit === null && $offset === null) { if ($limit === null && $offset === null) {
return $query; return $query;
......
...@@ -583,14 +583,14 @@ class MsSqlPlatform extends AbstractPlatform ...@@ -583,14 +583,14 @@ class MsSqlPlatform extends AbstractPlatform
* @link http://lists.bestpractical.com/pipermail/rt-devel/2005-June/007339.html * @link http://lists.bestpractical.com/pipermail/rt-devel/2005-June/007339.html
* @return string * @return string
*/ */
public function modifyLimitQuery($query, $limit, $offset = null) protected function doModifyLimitQuery($query, $limit, $offset = null)
{ {
if ($limit > 0) { if ($limit > 0) {
$count = intval($limit); $count = intval($limit);
$offset = intval($offset); $offset = intval($offset);
if ($offset < 0) { if ($offset < 0) {
throw new Doctrine_Connection_Exception("LIMIT argument offset=$offset is not valid"); throw new DBALException("LIMIT argument offset=$offset is not valid");
} }
if ($offset == 0) { if ($offset == 0) {
......
...@@ -555,7 +555,7 @@ LEFT JOIN all_cons_columns r_cols ...@@ -555,7 +555,7 @@ LEFT JOIN all_cons_columns r_cols
* @param integer $offset start reading from given offset * @param integer $offset start reading from given offset
* @return string the modified query * @return string the modified query
*/ */
public function modifyLimitQuery($query, $limit, $offset = null) protected function doModifyLimitQuery($query, $limit, $offset = null)
{ {
$limit = (int) $limit; $limit = (int) $limit;
$offset = (int) $offset; $offset = (int) $offset;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment