From 3ea563eac7fe300211e4c1ae41ecbe50301f9959 Mon Sep 17 00:00:00 2001 From: Jared Williams Date: Thu, 4 Oct 2012 02:58:38 +0200 Subject: [PATCH 1/3] quoteIdentifier() & quoteIdentifierChain() bug Identifier escaping is done means of doubling the delimiter character, and not using a backslash. --- library/Zend/Db/Adapter/Platform/Mysql.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/Zend/Db/Adapter/Platform/Mysql.php b/library/Zend/Db/Adapter/Platform/Mysql.php index 6e7752fb85b..4bc6617e53f 100644 --- a/library/Zend/Db/Adapter/Platform/Mysql.php +++ b/library/Zend/Db/Adapter/Platform/Mysql.php @@ -46,7 +46,7 @@ public function getQuoteIdentifierSymbol() */ public function quoteIdentifier($identifier) { - return '`' . str_replace('`', '\\' . '`', $identifier) . '`'; + return '`' . str_replace('`', '``', $identifier) . '`'; } /** @@ -57,7 +57,7 @@ public function quoteIdentifier($identifier) */ public function quoteIdentifierChain($identifierChain) { - $identifierChain = str_replace('`', '\\`', $identifierChain); + $identifierChain = str_replace('`', '``', $identifierChain); if (is_array($identifierChain)) { $identifierChain = implode('`.`', $identifierChain); } From 2008dbace3262b0b893c146b0d77e99f4e06d71f Mon Sep 17 00:00:00 2001 From: Jared Williams Date: Thu, 4 Oct 2012 16:27:58 +0200 Subject: [PATCH 2/3] quoteIdentifierInFragment() also has wrong escaping --- library/Zend/Db/Adapter/Platform/Mysql.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/Zend/Db/Adapter/Platform/Mysql.php b/library/Zend/Db/Adapter/Platform/Mysql.php index 4bc6617e53f..615de8980a9 100644 --- a/library/Zend/Db/Adapter/Platform/Mysql.php +++ b/library/Zend/Db/Adapter/Platform/Mysql.php @@ -134,7 +134,7 @@ public function quoteIdentifierInFragment($identifier, array $safeWords = array( case 'as': break; default: - $parts[$i] = '`' . str_replace('`', '\\' . '`', $part) . '`'; + $parts[$i] = '`' . str_replace('`', '``', $part) . '`'; } } return implode('', $parts); From 066783e3db2c8d0db9c21bcb28a42c6e9acc968b Mon Sep 17 00:00:00 2001 From: Jared Williams Date: Thu, 4 Oct 2012 23:44:35 +0200 Subject: [PATCH 3/3] Added tests for ensuring escaping --- tests/ZendTest/Db/Adapter/Platform/MysqlTest.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/ZendTest/Db/Adapter/Platform/MysqlTest.php b/tests/ZendTest/Db/Adapter/Platform/MysqlTest.php index a2836db4e8a..35e79d04c49 100644 --- a/tests/ZendTest/Db/Adapter/Platform/MysqlTest.php +++ b/tests/ZendTest/Db/Adapter/Platform/MysqlTest.php @@ -50,8 +50,9 @@ public function testGetQuoteIdentifierSymbol() public function testQuoteIdentifier() { $this->assertEquals('`identifier`', $this->platform->quoteIdentifier('identifier')); + $this->assertEquals('`ident``ifier`', $this->platform->quoteIdentifier('ident`ifier')); } - + /** * @covers Zend\Db\Adapter\Platform\Mysql::quoteIdentifierChain */ @@ -60,6 +61,10 @@ public function testQuoteIdentifierChain() $this->assertEquals('`identifier`', $this->platform->quoteIdentifierChain('identifier')); $this->assertEquals('`identifier`', $this->platform->quoteIdentifierChain(array('identifier'))); $this->assertEquals('`schema`.`identifier`', $this->platform->quoteIdentifierChain(array('schema','identifier'))); + + $this->assertEquals('`ident``ifier`', $this->platform->quoteIdentifierChain('ident`ifier')); + $this->assertEquals('`ident``ifier`', $this->platform->quoteIdentifierChain(array('ident`ifier'))); + $this->assertEquals('`schema`.`ident``ifier`', $this->platform->quoteIdentifierChain(array('schema','ident`ifier'))); } /**