Moved null-byte fix from lib/Zend to lib/Magento (#2807)

OpenMage · Dec 13, 2022 · 3bdeef5 · 3bdeef5
1 parent f989cf8
commit 3bdeef5
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/lib/Magento/Db/Adapter/Pdo/Mysql.php b/lib/Magento/Db/Adapter/Pdo/Mysql.php
@@ -113,7 +113,10 @@ protected function _quote($value)
             $value = $this->_convertFloat($value);
             return $value;
         }
-
+        // Fix for null-byte injection
+        if (is_string($value)) {
+            $value = addcslashes($value, "\000\032");
+        }
         return parent::_quote($value);
     }
 

diff --git a/lib/Zend/Db/Adapter/Pdo/Abstract.php b/lib/Zend/Db/Adapter/Pdo/Abstract.php
@@ -292,10 +292,8 @@ protected function _quote($value)
         if (is_int($value) || is_float($value)) {
             return $value;
         }
-        // Fix for null-byte injection
-        $value = addcslashes($value, "\000\032");
         $this->_connect();
-        return $this->_connection->quote($value);
+        return $this->_connection->quote((string) $value);
     }
 
     /**