Moved null-byte fix from lib/Zend to lib/Magento (#2807)

sreichel · web-flow · commit 3bdeef5733da · 2022-12-13T20:18:48.000Z
diff --git a/lib/Magento/Db/Adapter/Pdo/Mysql.php b/lib/Magento/Db/Adapter/Pdo/Mysql.php
@@ -113,7 +113,10 @@ protected function _quote($value)
             $value = $this->_convertFloat($value);
             return $value;
         }
-
+        // Fix for null-byte injection
+        if (is_string($value)) {
+            $value = addcslashes($value, "\000\032");
+        }
         return parent::_quote($value);
     }
 
diff --git a/lib/Zend/Db/Adapter/Pdo/Abstract.php b/lib/Zend/Db/Adapter/Pdo/Abstract.php
@@ -292,10 +292,8 @@ protected function _quote($value)
         if (is_int($value) || is_float($value)) {
             return $value;
         }
-        // Fix for null-byte injection
-        $value = addcslashes($value, "\000\032");
         $this->_connect();
-        return $this->_connection->quote($value);
+        return $this->_connection->quote((string) $value);
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -113,7 +113,10 @@ protected function _quote($value)`
`113`	`113`	`$value = $this->_convertFloat($value);`
`114`	`114`	`return $value;`
`115`	`115`	`}`
`116`		`-`
	`116`	`+ // Fix for null-byte injection`
	`117`	`+ if (is_string($value)) {`
	`118`	`+ $value = addcslashes($value, "\000\032");`
	`119`	`+ }`
`117`	`120`	`return parent::_quote($value);`
`118`	`121`	`}`
`119`	`122`
Original file line number	Diff line number	Diff line change
`@@ -292,10 +292,8 @@ protected function _quote($value)`
`292`	`292`	`if (is_int($value) \|\| is_float($value)) {`
`293`	`293`	`return $value;`
`294`	`294`	`}`
`295`		`- // Fix for null-byte injection`
`296`		`- $value = addcslashes($value, "\000\032");`
`297`	`295`	`$this->_connect();`
`298`		`- return $this->_connection->quote($value);`
	`296`	`+ return $this->_connection->quote((string) $value);`
`299`	`297`	`}`
`300`	`298`
`301`	`299`	`/**`