From a6d019553f0f4b794c14c6c555099d0e9c420a9d Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Sun, 29 Jan 2006 22:12:23 +0000 Subject: [PATCH] Added new binary escape methods --- db.php | 58 ++++++++++++++++++++++++++++++++++++----------- db_mysql.php | 41 ++++++++++++++++++++++----------- db_mysqli.php | 43 ++++++++++++++++++++++++----------- db_postgresql.php | 30 +++++++++++++----------- kernel.php | 22 ++++++++++++++---- 5 files changed, 138 insertions(+), 56 deletions(-) diff --git a/db.php b/db.php index e9f45e7..c0bcf7d 100644 --- a/db.php +++ b/db.php @@ -107,19 +107,21 @@ class DB_Abstract * @access protected */ var $commands = array( - 'pconnect' => '%server %user %password %database', - 'connect' => '%server %user %password %database', - 'query' => '%link %query', - 'error_num' => '%link', - 'error_str' => '%link', - 'escape_string' => '%link %string', - 'fetch_assoc' => '%result', - 'fetch_row' => '%result', - 'fetch_object' => '%result', - 'free_result' => '%result', - 'insert_id' => '%link', - 'num_rows' => '%result', - 'affected_rows' => '%result' + 'pconnect' => '%server %user %password %database', + 'connect' => '%server %user %password %database', + 'query' => '%link %query', + 'error_num' => '%link', + 'error_str' => '%link', + 'escape_string' => '%link %string', + 'escape_binary' => '%string', + 'unescape_binary' => '%string', + 'fetch_assoc' => '%result', + 'fetch_row' => '%result', + 'fetch_object' => '%result', + 'free_result' => '%result', + 'insert_id' => '%link', + 'num_rows' => '%result', + 'affected_rows' => '%result' ); // ################################################################### @@ -250,6 +252,36 @@ class DB_Abstract return call_user_func($this->commands['escape_string'], $this->dblink, $string); } + // ################################################################### + /** + * Escapes a binary string for insertion into the database + * + * @access public + * + * @param string Unescaped data + * + * @return string Escaped binary data + */ + function escape_binary($binary) + { + return call_user_func($this->commands['escape_binary'], $binary); + } + + // ################################################################### + /** + * Unescapes a binary string that was fetched from the database + * + * @access public + * + * @param string Escaped data + * + * @return string Unescaped binary data + */ + function unescape_binary($binary) + { + return call_user_func($this->commands['unescape_binary'], $binary); + } + // ################################################################### /** * Fetch the query result as an array diff --git a/db_mysql.php b/db_mysql.php index 47bb605..d5c40b5 100644 --- a/db_mysql.php +++ b/db_mysql.php @@ -48,19 +48,19 @@ class DB_MySQL extends DB_Abstract * @access private */ var $commands = array( - 'pconnect' => '$this->command_mysql_pconnect', - 'connect' => '$this->command_mysql_connect', - 'query' => '$this->command_mysql_query', - 'error_num' => 'mysql_errno', - 'error_str' => 'mysql_error', - 'escape_string' => '$this->command_mysql_escape_string', - 'fetch_assoc' => 'mysql_fetch_assoc', - 'fetch_row' => 'mysql_fetch_row', - 'fetch_object' => 'mysql_fetch_object', - 'free_result' => 'mysql_free_result', - 'insert_id' => 'mysql_insert_id', - 'num_rows' => 'mysql_num_rows', - 'affected_rows' => 'mysql_affected_rows' + 'pconnect' => '$this->command_mysql_pconnect', + 'connect' => '$this->command_mysql_connect', + 'query' => '$this->command_mysql_query', + 'error_num' => 'mysql_errno', + 'error_str' => 'mysql_error', + 'escape_string' => '$this->command_mysql_escape_string', + 'fetch_assoc' => 'mysql_fetch_assoc', + 'fetch_row' => 'mysql_fetch_row', + 'fetch_object' => 'mysql_fetch_object', + 'free_result' => 'mysql_free_result', + 'insert_id' => 'mysql_insert_id', + 'num_rows' => 'mysql_num_rows', + 'affected_rows' => 'mysql_affected_rows' ); // ################################################################### @@ -179,6 +179,21 @@ class DB_MySQL extends DB_Abstract } } + // ################################################################### + /** + * Not supported: unescape binary string + * + * @access protected + * + * @param string Escaped data + * + * @return string Same data + */ + function command_unescape_binary($string) + { + return $string; + } + // ################################################################### /** * Starts a database transaction diff --git a/db_mysqli.php b/db_mysqli.php index c3e1dfb..83f99d9 100644 --- a/db_mysqli.php +++ b/db_mysqli.php @@ -48,19 +48,21 @@ class DB_MySQLi extends DB_Abstract * @access private */ var $commands = array( - 'pconnect' => '$this->command_mysqli_connect', - 'connect' => '$this->command_mysqli_connect', - 'query' => 'mysqli_query', - 'error_num' => 'mysqli_errno', - 'error_str' => 'mysqli_error', - 'escape_string' => 'mysqli_real_escape_string', - 'fetch_assoc' => 'mysqli_fetch_assoc', - 'fetch_row' => 'mysqli_fetch_row', - 'fetch_object' => 'mysqli_fetch_object', - 'free_result' => 'mysqli_free_result', - 'insert_id' => 'mysqli_insert_id', - 'num_rows' => 'mysqli_num_rows', - 'affected_rows' => 'mysqli_affected_rows' + 'pconnect' => '$this->command_mysqli_connect', + 'connect' => '$this->command_mysqli_connect', + 'query' => 'mysqli_query', + 'error_num' => 'mysqli_errno', + 'error_str' => 'mysqli_error', + 'escape_string' => 'mysqli_real_escape_string', + 'escape_binary' => 'mysqli_real_escape_string', + 'unescape_binary' => '$this->command_unescape_binary', + 'fetch_assoc' => 'mysqli_fetch_assoc', + 'fetch_row' => 'mysqli_fetch_row', + 'fetch_object' => 'mysqli_fetch_object', + 'free_result' => 'mysqli_free_result', + 'insert_id' => 'mysqli_insert_id', + 'num_rows' => 'mysqli_num_rows', + 'affected_rows' => 'mysqli_affected_rows' ); // ################################################################### @@ -99,6 +101,21 @@ class DB_MySQLi extends DB_Abstract return mysqli_connect($server, $user, $password, $database); } + // ################################################################### + /** + * Not supported: unescape binary string + * + * @access protected + * + * @param string Escaped data + * + * @return string Same data + */ + function command_unescape_binary($string) + { + return $string; + } + // ################################################################### /** * Starts a database transaction diff --git a/db_postgresql.php b/db_postgresql.php index 3c265ea..c7cf469 100644 --- a/db_postgresql.php +++ b/db_postgresql.php @@ -48,19 +48,23 @@ class DB_PostgreSQL extends DB_Abstract * @access private */ var $commands = array( - 'pconnect' => '$this->command_pg_pconnect', - 'connect' => '$this->command_pg_connect', - 'query' => 'pg_query', - 'error_num' => '$this->command_error_num', - 'error_str' => '$this->command_error_str', - 'escape_string' => '$this->command_pg_escape_string', - 'fetch_assoc' => 'pg_fetch_assoc', - 'fetch_row' => 'pg_fetch_row', - 'fetch_object' => 'pg_fetch_object', - 'free_result' => 'pg_free_result', - 'insert_id' => '%link', // how do we support this...? - 'num_rows' => 'pg_num_rows', - 'affected_rows' => 'pg_affected_rows' + 'pconnect' => '$this->command_pg_pconnect', + 'connect' => '$this->command_pg_connect', + 'query' => 'pg_query', + 'error_num' => '$this->command_error_num', + 'error_str' => '$this->command_error_str', + 'escape_string' => '$this->command_pg_escape_string', + 'escape_binary' => 'mysqli_real_escape_string', + 'unescape_binary' => '$this->command_unescape_binary', + 'escape_binary' => 'pg_escape_bytea', + 'unescape_binary' => 'pg_unescape_bytea', + 'fetch_assoc' => 'pg_fetch_assoc', + 'fetch_row' => 'pg_fetch_row', + 'fetch_object' => 'pg_fetch_object', + 'free_result' => 'pg_free_result', + 'insert_id' => '%link', // how do we support this...? + 'num_rows' => 'pg_num_rows', + 'affected_rows' => 'pg_affected_rows' ); /** diff --git a/kernel.php b/kernel.php index 2d317a6..b91b1b6 100644 --- a/kernel.php +++ b/kernel.php @@ -947,17 +947,31 @@ class ISSO { if ($this->magicquotes AND !$force) { - if (isset($this->modules[ISSO_DB_LAYER]) AND $binary) + if (isset($this->modules[ISSO_DB_LAYER])) { - return $this->modules[ISSO_DB_LAYER]->escape_string(str_replace(array("\'", '\"'), array("'", '"'), $str)); + if ($binary) + { + return $this->modules[ISSO_DB_LAYER]->escape_binary(str_replace(array("\'", '\"'), array("'", '"'), $str)); + } + else + { + return $this->modules[ISSO_DB_LAYER]->escape_string(str_replace(array("\'", '\"'), array("'", '"'), $str)); + } } return $str; } else { - if (isset($this->modules[ISSO_DB_LAYER]) AND $binary) + if (isset($this->modules[ISSO_DB_LAYER])) { - return $this->modules[ISSO_DB_LAYER]->escape_string($str); + if ($binary) + { + return $this->modules[ISSO_DB_LAYER]->escape_binary($str); + } + else + { + return $this->modules[ISSO_DB_LAYER]->escape_string($str); + } } return addslashes($str); } -- 2.43.5