[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: quote booleans as string (not integer) in Database...
jenkins-bot has submitted this change and it was merged.
Change subject: SECURITY: quote booleans as string (not integer) in
DatabaseMysqlBase
..
SECURITY: quote booleans as string (not integer) in DatabaseMysqlBase
Comparing a string column to 0 will produce spurious matches, and it is easy
to get a false value in unexpected places. Comparing an int column to '0'
does not seem to cause any problems.
Bug: T147537
Change-Id: I5ad547de509b3417b5937be6bdda9befb8aed8b6
---
M includes/libs/rdbms/database/DatabaseMysqlBase.php
1 file changed, 10 insertions(+), 0 deletions(-)
Approvals:
Reedy: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/libs/rdbms/database/DatabaseMysqlBase.php
b/includes/libs/rdbms/database/DatabaseMysqlBase.php
index d654429..b1c18b6 100644
--- a/includes/libs/rdbms/database/DatabaseMysqlBase.php
+++ b/includes/libs/rdbms/database/DatabaseMysqlBase.php
@@ -608,6 +608,16 @@
*/
abstract protected function mysqlRealEscapeString( $s );
+ public function addQuotes( $s ) {
+ if ( is_bool( $s ) ) {
+ // Parent would transform to int, which does not play
nice with MySQL type juggling.
+ // When searching for an int in a string column, the
strings are cast to int, which
+ // means false would match any string not starting with
a number.
+ $s = (string)(int)$s;
+ }
+ return parent::addQuotes( $s );
+ }
+
/**
* MySQL uses `backticks` for identifier quoting instead of the sql
standard "double quotes".
*
--
To view, visit https://gerrit.wikimedia.org/r/315279
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I5ad547de509b3417b5937be6bdda9befb8aed8b6
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Anomie
Gerrit-Reviewer: Reedy
Gerrit-Reviewer: jenkins-bot <>
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] mediawiki/core[master]: SECURITY: quote booleans as string (not integer) in Database...
Anomie has uploaded a new change for review.
https://gerrit.wikimedia.org/r/315279
Change subject: SECURITY: quote booleans as string (not integer) in
DatabaseMysqlBase
..
SECURITY: quote booleans as string (not integer) in DatabaseMysqlBase
Comparing a string column to 0 will produce spurious matches, and it is easy
to get a false value in unexpected places. Comparing an int column to '0'
does not seem to cause any problems.
Bug: T147537
Change-Id: I5ad547de509b3417b5937be6bdda9befb8aed8b6
---
M includes/libs/rdbms/database/DatabaseMysqlBase.php
1 file changed, 10 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/79/315279/1
diff --git a/includes/libs/rdbms/database/DatabaseMysqlBase.php
b/includes/libs/rdbms/database/DatabaseMysqlBase.php
index d654429..b1c18b6 100644
--- a/includes/libs/rdbms/database/DatabaseMysqlBase.php
+++ b/includes/libs/rdbms/database/DatabaseMysqlBase.php
@@ -608,6 +608,16 @@
*/
abstract protected function mysqlRealEscapeString( $s );
+ public function addQuotes( $s ) {
+ if ( is_bool( $s ) ) {
+ // Parent would transform to int, which does not play
nice with MySQL type juggling.
+ // When searching for an int in a string column, the
strings are cast to int, which
+ // means false would match any string not starting with
a number.
+ $s = (string)(int)$s;
+ }
+ return parent::addQuotes( $s );
+ }
+
/**
* MySQL uses `backticks` for identifier quoting instead of the sql
standard "double quotes".
*
--
To view, visit https://gerrit.wikimedia.org/r/315279
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I5ad547de509b3417b5937be6bdda9befb8aed8b6
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Anomie
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
