From 496972bf95e2ddbf01cb5e50a6a594615744d942 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 12 Mar 2015 04:44:31 -0400
Subject: [PATCH] Fix backtick character handling in sql queries (#1490312)
---
program/lib/Roundcube/rcube_db_oracle.php | 17 +++++++++++------
1 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/program/lib/Roundcube/rcube_db_oracle.php b/program/lib/Roundcube/rcube_db_oracle.php
index 338eb2e..bb03388 100644
--- a/program/lib/Roundcube/rcube_db_oracle.php
+++ b/program/lib/Roundcube/rcube_db_oracle.php
@@ -1,6 +1,6 @@
<?php
-/**
+/*
+-----------------------------------------------------------------------+
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2011-2014, Kolab Systems AG |
@@ -155,9 +155,14 @@
}
}
- // replace escaped '?' back to normal, see self::quote()
- $query = str_replace('??', '?', $query);
$query = rtrim($query, " \t\n\r\0\x0B;");
+
+ // replace escaped '?' and quotes back to normal, see self::quote()
+ $query = str_replace(
+ array('??', self::DEFAULT_QUOTE.self::DEFAULT_QUOTE),
+ array('?', self::DEFAULT_QUOTE),
+ $query
+ );
// log query
$this->debug($query);
@@ -171,7 +176,7 @@
$mode = $this->in_transaction ? OCI_NO_AUTO_COMMIT : OCI_COMMIT_ON_SUCCESS;
if ($result) {
- foreach ($args as $param => $arg) {
+ foreach (array_keys($args) as $param) {
oci_bind_by_name($result, $param, $args[$param], -1, SQLT_LNG);
}
}
@@ -500,7 +505,7 @@
foreach (explode("\n", $sql) as $line) {
$tok = strtolower(trim($line));
- if (preg_match('/^--/', $line) || $tok == '') {
+ if (preg_match('/^--/', $line) || $tok == '' || $tok == '/') {
continue;
}
@@ -587,7 +592,7 @@
$this->debug('ROLLBACK TRANSACTION');
- if ($result = @oci_rollback($this->dbh)) {
+ if (@oci_rollback($this->dbh)) {
$this->in_transaction = false;
}
else {
--
Gitblit v1.9.1