[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: quote booleans as string (not integer) in Database...

Anomie (Code Review) Tue, 11 Oct 2016 08:18:13 -0700

Anomie has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/315279


Change subject: SECURITY: quote booleans as string (not integer) in 
DatabaseMysqlBase
......................................................................

SECURITY: quote booleans as string (not integer) in DatabaseMysqlBase

Comparing a string column to 0 will produce spurious matches, and it is easy
to get a false value in unexpected places. Comparing an int column to '0'
does not seem to cause any problems.

Bug: T147537
Change-Id: I5ad547de509b3417b5937be6bdda9befb8aed8b6
---
M includes/libs/rdbms/database/DatabaseMysqlBase.php
1 file changed, 10 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/79/315279/1

diff --git a/includes/libs/rdbms/database/DatabaseMysqlBase.php 
b/includes/libs/rdbms/database/DatabaseMysqlBase.php
index d654429..b1c18b6 100644
--- a/includes/libs/rdbms/database/DatabaseMysqlBase.php
+++ b/includes/libs/rdbms/database/DatabaseMysqlBase.php
@@ -608,6 +608,16 @@
         */
        abstract protected function mysqlRealEscapeString( $s );
 
+       public function addQuotes( $s ) {
+               if ( is_bool( $s ) ) {
+                       // Parent would transform to int, which does not play 
nice with MySQL type juggling.
+                       // When searching for an int in a string column, the 
strings are cast to int, which
+                       // means false would match any string not starting with 
a number.
+                       $s = (string)(int)$s;
+               }
+               return parent::addQuotes( $s );
+       }
+
        /**
         * MySQL uses `backticks` for identifier quoting instead of the sql 
standard "double quotes".
         *

-- 
To view, visit https://gerrit.wikimedia.org/r/315279
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5ad547de509b3417b5937be6bdda9befb8aed8b6
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Anomie <bjor...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: quote booleans as string (not integer) in Database...

Reply via email to