diff options
author | webchick <webchick@24967.no-reply.drupal.org> | 2011-05-17 23:57:40 -0500 |
---|---|---|
committer | webchick <webchick@24967.no-reply.drupal.org> | 2011-05-17 23:57:40 -0500 |
commit | e77f87506c0355bb357bf32651148768e4a302b8 (patch) | |
tree | 57ee327a006e415b41612807ebe8468f4b03c68f /includes/database/query.inc | |
parent | e27392c158c328ab3440c634c99212e302ef2f74 (diff) | |
download | brdo-e77f87506c0355bb357bf32651148768e4a302b8.tar.gz brdo-e77f87506c0355bb357bf32651148768e4a302b8.tar.bz2 |
Issue #1105848 by cafuego: Fixed Unsafe query comments possible via UI.
Diffstat (limited to 'includes/database/query.inc')
-rw-r--r-- | includes/database/query.inc | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/includes/database/query.inc b/includes/database/query.inc index 7f3e9ff85..23b652f9b 100644 --- a/includes/database/query.inc +++ b/includes/database/query.inc @@ -361,6 +361,9 @@ abstract class Query implements QueryPlaceholderInterface { * for easier debugging and allows you to more easily find where a query * with a performance problem is being generated. * + * The comment string will be sanitized to remove * / and other characters + * that may terminate the string early so as to avoid SQL injection attacks. + * * @param $comment * The comment string to be inserted into the query. * @@ -623,9 +626,8 @@ class InsertQuery extends Query { * The prepared statement. */ public function __toString() { - - // Create a comments string to prepend to the query. - $comments = (!empty($this->comments)) ? '/* ' . implode('; ', $this->comments) . ' */ ' : ''; + // Create a sanitized comment string to prepend to the query. + $comments = $this->connection->makeComment($this->comments); // Default fields are always placed first for consistency. $insert_fields = array_merge($this->defaultFields, $this->insertFields); @@ -815,9 +817,8 @@ class DeleteQuery extends Query implements QueryConditionInterface { * The prepared statement. */ public function __toString() { - - // Create a comments string to prepend to the query. - $comments = (!empty($this->comments)) ? '/* ' . implode('; ', $this->comments) . ' */ ' : ''; + // Create a sanitized comment string to prepend to the query. + $comments = $this->connection->makeComment($this->comments); $query = $comments . 'DELETE FROM {' . $this->connection->escapeTable($this->table) . '} '; @@ -884,8 +885,8 @@ class TruncateQuery extends Query { * The prepared statement. */ public function __toString() { - // Create a comments string to prepend to the query. - $comments = (!empty($this->comments)) ? '/* ' . implode('; ', $this->comments) . ' */ ' : ''; + // Create a sanitized comment string to prepend to the query. + $comments = $this->connection->makeComment($this->comments); return $comments . 'TRUNCATE {' . $this->connection->escapeTable($this->table) . '} '; } @@ -1111,9 +1112,8 @@ class UpdateQuery extends Query implements QueryConditionInterface { * The prepared statement. */ public function __toString() { - - // Create a comments string to prepend to the query. - $comments = (!empty($this->comments)) ? '/* ' . implode('; ', $this->comments) . ' */ ' : ''; + // Create a sanitized comment string to prepend to the query. + $comments = $this->connection->makeComment($this->comments); // Expressions take priority over literal fields, so we process those first // and remove any literal fields that conflict. |