git.heureux-cyclage.org - lhc/web/wiklou.git/commit

author	Alexander Mashin <alex.mashin@gmail.com>
	Sun, 1 Oct 2017 00:46:51 +0000 (00:46 +0000)
committer	Alexander I. Mashin <alex.mashin@gmail.com>
	Sun, 8 Oct 2017 03:45:12 +0000 (03:45 +0000)
commit	c428c2cf364859a1b17e733f7166f9dac70919da
tree	736a919fb4f458aeeb6daa8f15f336b7b347042f	tree \| snapshot
parent	36c9145c218c6effcfc672b89cc54579a2749cb4	commit \| diff

Ensure only strings are passed to mysql_real_escape_string()

Under some conditions (Semantic MediaWiki, Gadgets), an integer is
passed to DatabaseMysqli::mysqlRealEscapeString (). This integer is, in
turn, passed to mysqli::real_escape_string (), which needs a string.

Under HHVM 3.19.1 (at least) this type mismatch causes an exception.

A typecast should prevent it.

I repeated the patch in other DB drivers where I could find a function
that escaped strings for SQL.

Bug: T163646
Change-Id: I1b7820bc064dc79498cf9f17747f745990c526b7

includes/libs/rdbms/database/DatabaseMssql.php		diff \| blob \| history
includes/libs/rdbms/database/DatabaseMysql.php		diff \| blob \| history
includes/libs/rdbms/database/DatabaseMysqli.php		diff \| blob \| history
includes/libs/rdbms/database/DatabasePostgres.php		diff \| blob \| history
includes/libs/rdbms/database/DatabaseSqlite.php		diff \| blob \| history