diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2008-10-02 12:04:12 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2008-10-02 12:04:12 +0000 |
| commit | 2c1d80c75a3f41517090004e59f1e04a21437cc8 (patch) | |
| tree | b8314c50975c595b8f4b4e72211ae8809ccae985 /phpBB/includes/db | |
| parent | ed4797bb4e495d500790f1b21a5fb58b18e8d27d (diff) | |
| download | forums-2c1d80c75a3f41517090004e59f1e04a21437cc8.tar forums-2c1d80c75a3f41517090004e59f1e04a21437cc8.tar.gz forums-2c1d80c75a3f41517090004e59f1e04a21437cc8.tar.bz2 forums-2c1d80c75a3f41517090004e59f1e04a21437cc8.tar.xz forums-2c1d80c75a3f41517090004e59f1e04a21437cc8.zip | |
Remove NUL-Bytes directly in request_var() for strings and within the custom DBAL sql_escape() functions (MSSQL, Firebird, Oracle) (reported by AdhostMikeSw)
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8967 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/db')
| -rw-r--r-- | phpBB/includes/db/firebird.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/db/mssql.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/db/mssql_odbc.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/db/oracle.php | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/phpBB/includes/db/firebird.php b/phpBB/includes/db/firebird.php index 0157238fcd..3b31942a8b 100644 --- a/phpBB/includes/db/firebird.php +++ b/phpBB/includes/db/firebird.php @@ -425,7 +425,7 @@ class dbal_firebird extends dbal */ function sql_escape($msg) { - return str_replace("'", "''", $msg); + return str_replace(array("'", "\0"), array("''", ''), $msg); } /** diff --git a/phpBB/includes/db/mssql.php b/phpBB/includes/db/mssql.php index 4131be2c32..7134574691 100644 --- a/phpBB/includes/db/mssql.php +++ b/phpBB/includes/db/mssql.php @@ -328,7 +328,7 @@ class dbal_mssql extends dbal */ function sql_escape($msg) { - return str_replace("'", "''", $msg); + return str_replace(array("'", "\0"), array("''", ''), $msg); } /** diff --git a/phpBB/includes/db/mssql_odbc.php b/phpBB/includes/db/mssql_odbc.php index a29af45c8f..14c4831010 100644 --- a/phpBB/includes/db/mssql_odbc.php +++ b/phpBB/includes/db/mssql_odbc.php @@ -349,7 +349,7 @@ class dbal_mssql_odbc extends dbal */ function sql_escape($msg) { - return str_replace("'", "''", $msg); + return str_replace(array("'", "\0"), array("''", ''), $msg); } /** diff --git a/phpBB/includes/db/oracle.php b/phpBB/includes/db/oracle.php index 0daddf76cb..8fdb29ce5b 100644 --- a/phpBB/includes/db/oracle.php +++ b/phpBB/includes/db/oracle.php @@ -551,7 +551,7 @@ class dbal_oracle extends dbal */ function sql_escape($msg) { - return str_replace("'", "''", $msg); + return str_replace(array("'", "\0"), array("''", ''), $msg); } /** |