From 0d795c9357fa4439a202386792ca140d68765ff8 Mon Sep 17 00:00:00 2001
From: Sven Reichel <github-sr@hotmail.com>
Date: Tue, 13 Dec 2022 00:37:13 +0100
Subject: [PATCH 1/2] Moved addcslashes() to lib/Magento

---
 lib/Magento/Db/Adapter/Pdo/Mysql.php | 3 ++-
 lib/Zend/Db/Adapter/Pdo/Abstract.php | 2 --
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/Magento/Db/Adapter/Pdo/Mysql.php b/lib/Magento/Db/Adapter/Pdo/Mysql.php
index b4e0e23b834..f00c0cc3ec0 100644
--- a/lib/Magento/Db/Adapter/Pdo/Mysql.php
+++ b/lib/Magento/Db/Adapter/Pdo/Mysql.php
@@ -113,7 +113,8 @@ protected function _quote($value)
             $value = $this->_convertFloat($value);
             return $value;
         }
-
+        // Fix for null-byte injection
+        $value = addcslashes($value, "\000\032");
         return parent::_quote($value);
     }
 
diff --git a/lib/Zend/Db/Adapter/Pdo/Abstract.php b/lib/Zend/Db/Adapter/Pdo/Abstract.php
index 8f36fcdaaa9..0cdd831189c 100644
--- a/lib/Zend/Db/Adapter/Pdo/Abstract.php
+++ b/lib/Zend/Db/Adapter/Pdo/Abstract.php
@@ -292,8 +292,6 @@ protected function _quote($value)
         if (is_int($value) || is_float($value)) {
             return $value;
         }
-        // Fix for null-byte injection
-        $value = addcslashes($value, "\000\032");
         $this->_connect();
         return $this->_connection->quote($value);
     }

From 29a5760a99283ce47a9b4fa9d9f9cdefd461a108 Mon Sep 17 00:00:00 2001
From: Sven Reichel <github-sr@hotmail.com>
Date: Tue, 13 Dec 2022 00:44:28 +0100
Subject: [PATCH 2/2] Fix for PHP 8.1

---
 lib/Magento/Db/Adapter/Pdo/Mysql.php | 4 +++-
 lib/Zend/Db/Adapter/Pdo/Abstract.php | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/Magento/Db/Adapter/Pdo/Mysql.php b/lib/Magento/Db/Adapter/Pdo/Mysql.php
index f00c0cc3ec0..8584348b82c 100644
--- a/lib/Magento/Db/Adapter/Pdo/Mysql.php
+++ b/lib/Magento/Db/Adapter/Pdo/Mysql.php
@@ -114,7 +114,9 @@ protected function _quote($value)
             return $value;
         }
         // Fix for null-byte injection
-        $value = addcslashes($value, "\000\032");
+        if (is_string($value)) {
+            $value = addcslashes($value, "\000\032");
+        }
         return parent::_quote($value);
     }
 
diff --git a/lib/Zend/Db/Adapter/Pdo/Abstract.php b/lib/Zend/Db/Adapter/Pdo/Abstract.php
index 0cdd831189c..2c546949f07 100644
--- a/lib/Zend/Db/Adapter/Pdo/Abstract.php
+++ b/lib/Zend/Db/Adapter/Pdo/Abstract.php
@@ -293,7 +293,7 @@ protected function _quote($value)
             return $value;
         }
         $this->_connect();
-        return $this->_connection->quote($value);
+        return $this->_connection->quote((string) $value);
     }
 
     /**