Skip to content

Commit

Permalink
Merge branch 'security/zf2014-06'
Browse files Browse the repository at this point in the history
ZF2014-06 patch

Conflicts:
	README.md
  • Loading branch information
weierophinney committed Sep 16, 2014
2 parents a4222a6 + 7ea22d4 commit ad9deb6
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 1 deletion.
7 changes: 6 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,12 @@ DD MMM YYYY
users of unpatched PHP versions (PHP 5.5 <= 5.5.11, PHP 5.4 <= 5.4.27, all
versions of PHP 5.3 and below). If you use `Zend\Ldap` and are on an affected
version of PHP, we recommend upgrading immediately.

- **ZF2014-06:** A potential SQL injection vector existed when using a SQL
Server adapter to manually quote values due to the fact that it was not
escaping null bytes. Code was added to ensure null bytes are escaped, and
thus mitigate the SQLi vector. We do not recommend manually quoting values,
but if you do, and use the SQL Server adapter without PDO, we recommend
upgrading immediately.

Please see [CHANGELOG.md](CHANGELOG.md).

Expand Down
1 change: 1 addition & 0 deletions library/Zend/Db/Adapter/Platform/SqlServer.php
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,7 @@ public function quoteValue($value)
'Attempting to quote a value in ' . __CLASS__ . ' without extension/driver support '
. 'can introduce security vulnerabilities in a production environment.'
);
$value = addcslashes($value, "\000\032");
return '\'' . str_replace('\'', '\'\'', $value) . '\'';
}

Expand Down
9 changes: 9 additions & 0 deletions tests/ZendTest/Db/Adapter/Platform/SqlServerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -139,4 +139,13 @@ public function testSetDriver()
$driver = new Pdo(array('pdodriver' => 'sqlsrv'));
$this->platform->setDriver($driver);
}

public function testPlatformQuotesNullByteCharacter()
{
$err = set_error_handler(function () {} );
$string = "1\0";
$value = $this->platform->quoteValue($string);
set_error_handler($err);
$this->assertEquals("'1\\000'", $value);
}
}

0 comments on commit ad9deb6

Please sign in to comment.