[Change] Remove NUL-Bytes directly in request_var() for strings and within the custom DBAL sql_escape() functions (MSSQL, Firebird, Oracle) (reported by AdhostMikeSw)

git-svn-id: file:///svn/phpbb/trunk@8968 89ea8834-ac86-4346-8a33-228a782c2dd0
author: Meik Sievertsen <acydburn@phpbb.com> 2008-10-02 12:05:13 +0000
committer: Meik Sievertsen <acydburn@phpbb.com> 2008-10-02 12:05:13 +0000
commit: 9a7804cb717850afe209c347b05b957b72d866fb (patch)
tree: cffd399498537ed93d8efe6b2100b8bcfdbefc42 /phpBB/includes/db/mssql.php
parent: 8f2b4562b1523c028781286a63947bfd44f79c7c (diff)
download: forums-9a7804cb717850afe209c347b05b957b72d866fb.tar
forums-9a7804cb717850afe209c347b05b957b72d866fb.tar.gz
forums-9a7804cb717850afe209c347b05b957b72d866fb.tar.bz2
forums-9a7804cb717850afe209c347b05b957b72d866fb.tar.xz
forums-9a7804cb717850afe209c347b05b957b72d866fb.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/phpBB/includes/db/mssql.php b/phpBB/includes/db/mssql.php
index 84e356efdd..32ab1597c7 100644
--- a/phpBB/includes/db/mssql.php
+++ b/phpBB/includes/db/mssql.php
@@ -302,7 +302,7 @@ class dbal_mssql extends dbal
 	*/
 	function sql_escape($msg)
 	{
-		return str_replace("'", "''", $msg);
+		return str_replace(array("'", "\0"), array("''", ''), $msg);
 	}
 
 	/**
author	Meik Sievertsen <acydburn@phpbb.com>	2008-10-02 12:05:13 +0000
committer	Meik Sievertsen <acydburn@phpbb.com>	2008-10-02 12:05:13 +0000
commit	9a7804cb717850afe209c347b05b957b72d866fb (patch)
tree	cffd399498537ed93d8efe6b2100b8bcfdbefc42 /phpBB/includes/db/mssql.php
parent	8f2b4562b1523c028781286a63947bfd44f79c7c (diff)
download	forums-9a7804cb717850afe209c347b05b957b72d866fb.tar forums-9a7804cb717850afe209c347b05b957b72d866fb.tar.gz forums-9a7804cb717850afe209c347b05b957b72d866fb.tar.bz2 forums-9a7804cb717850afe209c347b05b957b72d866fb.tar.xz forums-9a7804cb717850afe209c347b05b957b72d866fb.zip