Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.2
    • Fix Version/s: 2.1.3
    • Component/s: Drivers
    • Security Level: All
    • Labels:
      None
    • Environment:
      OCI8 Driver
      IBMDB" Driver

      Description

      $test = "foo ' bar";
      $quoted = $conn->quote( $test );
      echo $quoted;

      RESULT: 'foo ' bar'
      EXPECTED: 'foo \' bar'

        Activity

        Oliver Mueller created issue -
        Show
        Guilherme Blanco added a comment - Fixed in https://github.com/doctrine/dbal/commit/82cc921447fde697bf3d9f5285d0f0b8587303d8
        Guilherme Blanco made changes -
        Field Original Value New Value
        Status Open [ 1 ] Resolved [ 5 ]
        Assignee Benjamin Eberlei [ beberlei ] Guilherme Blanco [ guilhermeblanco ]
        Fix Version/s 2.1.3 [ 10162 ]
        Resolution Fixed [ 1 ]
        Hide
        Benjamin Eberlei added a comment -

        Backported to 2.0.9

        Show
        Benjamin Eberlei added a comment - Backported to 2.0.9
        Benjamin Eberlei made changes -
        Fix Version/s 2.0.9 [ 10168 ]
        Benjamin Eberlei made changes -
        Security Security Issues [ 10001 ] All [ 10000 ]
        Hide
        Benjamin Eberlei added a comment - - edited

        Fix was modified to use the Zend Framework code for quoting OCI input: https://github.com/doctrine/dbal/commit/97638edc0fef0e08ce7db631eb130fde950844d7

        This code is now in DBAL 2.1.4 and 2.0.9 and i have added some tests to very some simple SQL Injection vectors don't work on any supported platform.

        Show
        Benjamin Eberlei added a comment - - edited Fix was modified to use the Zend Framework code for quoting OCI input: https://github.com/doctrine/dbal/commit/97638edc0fef0e08ce7db631eb130fde950844d7 This code is now in DBAL 2.1.4 and 2.0.9 and i have added some tests to very some simple SQL Injection vectors don't work on any supported platform.
        Benjamin Eberlei made changes -
        Workflow jira [ 13011 ] jira-feedback2 [ 17749 ]
        Benjamin Eberlei made changes -
        Workflow jira-feedback2 [ 17749 ] jira-feedback3 [ 20104 ]
        Guilherme Blanco made changes -
        Fix Version/s 2.0.9 [ 10168 ]

        This list may be incomplete, as errors occurred whilst retrieving source from linked applications:

        • Request to http://www.doctrine-project.org/fisheye/ failed: Error in remote call to 'FishEye 0 (http://www.doctrine-project.org/fisheye/)' (http://www.doctrine-project.org/fisheye) [AbstractRestCommand{path='/rest-service-fe/search-v1/crossRepositoryQuery', params={query=DBAL-164, expand=changesets[0:20].revisions[0:29],reviews}, methodType=GET}] : Received status code 503 (Service Temporarily Unavailable)

          People

          • Assignee:
            Guilherme Blanco
            Reporter:
            Oliver Mueller
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: