From a6d019553f0f4b794c14c6c555099d0e9c420a9d Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Sun, 29 Jan 2006 22:12:23 +0000
Subject: [PATCH] Added new binary escape methods

---
 db.php            | 58 ++++++++++++++++++++++++++++++++++++-----------
 db_mysql.php      | 41 ++++++++++++++++++++++-----------
 db_mysqli.php     | 43 ++++++++++++++++++++++++-----------
 db_postgresql.php | 30 +++++++++++++-----------
 kernel.php        | 22 ++++++++++++++----
 5 files changed, 138 insertions(+), 56 deletions(-)

diff --git a/db.php b/db.php
index e9f45e7..c0bcf7d 100644
--- a/db.php
+++ b/db.php
@@ -107,19 +107,21 @@ class DB_Abstract
 	* @access	protected
 	*/
 	var $commands = array(
-		'pconnect'		=> '%server %user %password %database',
-		'connect'		=> '%server %user %password %database',
-		'query'			=> '%link %query',
-		'error_num'		=> '%link',
-		'error_str'		=> '%link',
-		'escape_string'	=> '%link %string',
-		'fetch_assoc'	=> '%result',
-		'fetch_row'		=> '%result',
-		'fetch_object'	=> '%result',
-		'free_result'	=> '%result',
-		'insert_id'		=> '%link',
-		'num_rows'		=> '%result',
-		'affected_rows'	=> '%result'
+		'pconnect'			=> '%server %user %password %database',
+		'connect'			=> '%server %user %password %database',
+		'query'				=> '%link %query',
+		'error_num'			=> '%link',
+		'error_str'			=> '%link',
+		'escape_string'		=> '%link %string',
+		'escape_binary'		=> '%string',
+		'unescape_binary' 	=> '%string',
+		'fetch_assoc'		=> '%result',
+		'fetch_row'			=> '%result',
+		'fetch_object'		=> '%result',
+		'free_result'		=> '%result',
+		'insert_id'			=> '%link',
+		'num_rows'			=> '%result',
+		'affected_rows'		=> '%result'
 	);
 	
 	// ###################################################################
@@ -250,6 +252,36 @@ class DB_Abstract
 		return call_user_func($this->commands['escape_string'], $this->dblink, $string);
 	}
 	
+	// ###################################################################
+	/**
+	* Escapes a binary string for insertion into the database
+	*
+	* @access	public
+	*
+	* @param	string	Unescaped data
+	*
+	* @return	string	Escaped binary data
+	*/
+	function escape_binary($binary)
+	{
+		return call_user_func($this->commands['escape_binary'], $binary);
+	}
+	
+	// ###################################################################
+	/**
+	* Unescapes a binary string that was fetched from the database
+	*
+	* @access	public
+	*
+	* @param	string	Escaped data
+	*
+	* @return	string	Unescaped binary data
+	*/
+	function unescape_binary($binary)
+	{
+		return call_user_func($this->commands['unescape_binary'], $binary);
+	}
+	
 	// ###################################################################
 	/**
 	* Fetch the query result as an array
diff --git a/db_mysql.php b/db_mysql.php
index 47bb605..d5c40b5 100644
--- a/db_mysql.php
+++ b/db_mysql.php
@@ -48,19 +48,19 @@ class DB_MySQL extends DB_Abstract
 	* @access	private
 	*/
 	var $commands = array(
-		'pconnect'		=> '$this->command_mysql_pconnect',
-		'connect'		=> '$this->command_mysql_connect',
-		'query'			=> '$this->command_mysql_query',
-		'error_num'		=> 'mysql_errno',
-		'error_str'		=> 'mysql_error',
-		'escape_string'	=> '$this->command_mysql_escape_string',
-		'fetch_assoc'	=> 'mysql_fetch_assoc',
-		'fetch_row'		=> 'mysql_fetch_row',
-		'fetch_object'	=> 'mysql_fetch_object',
-		'free_result'	=> 'mysql_free_result',
-		'insert_id'		=> 'mysql_insert_id',
-		'num_rows'		=> 'mysql_num_rows',
-		'affected_rows'	=> 'mysql_affected_rows'
+		'pconnect'			=> '$this->command_mysql_pconnect',
+		'connect'			=> '$this->command_mysql_connect',
+		'query'				=> '$this->command_mysql_query',
+		'error_num'			=> 'mysql_errno',
+		'error_str'			=> 'mysql_error',
+		'escape_string'		=> '$this->command_mysql_escape_string',
+		'fetch_assoc'		=> 'mysql_fetch_assoc',
+		'fetch_row'			=> 'mysql_fetch_row',
+		'fetch_object'		=> 'mysql_fetch_object',
+		'free_result'		=> 'mysql_free_result',
+		'insert_id'			=> 'mysql_insert_id',
+		'num_rows'			=> 'mysql_num_rows',
+		'affected_rows'		=> 'mysql_affected_rows'
 	);
 	
 	// ###################################################################
@@ -179,6 +179,21 @@ class DB_MySQL extends DB_Abstract
 		}
 	}
 	
+	// ###################################################################
+	/**
+	* Not supported: unescape binary string
+	*
+	* @access	protected
+	*
+	* @param	string	Escaped data
+	*
+	* @return	string	Same data
+	*/
+	function command_unescape_binary($string)
+	{
+		return $string;
+	}
+	
 	// ###################################################################
 	/**
 	* Starts a database transaction
diff --git a/db_mysqli.php b/db_mysqli.php
index c3e1dfb..83f99d9 100644
--- a/db_mysqli.php
+++ b/db_mysqli.php
@@ -48,19 +48,21 @@ class DB_MySQLi extends DB_Abstract
 	* @access	private
 	*/
 	var $commands = array(
-		'pconnect'		=> '$this->command_mysqli_connect',
-		'connect'		=> '$this->command_mysqli_connect',
-		'query'			=> 'mysqli_query',
-		'error_num'		=> 'mysqli_errno',
-		'error_str'		=> 'mysqli_error',
-		'escape_string'	=> 'mysqli_real_escape_string',
-		'fetch_assoc'	=> 'mysqli_fetch_assoc',
-		'fetch_row'		=> 'mysqli_fetch_row',
-		'fetch_object'	=> 'mysqli_fetch_object',
-		'free_result'	=> 'mysqli_free_result',
-		'insert_id'		=> 'mysqli_insert_id',
-		'num_rows'		=> 'mysqli_num_rows',
-		'affected_rows'	=> 'mysqli_affected_rows'
+		'pconnect'			=> '$this->command_mysqli_connect',
+		'connect'			=> '$this->command_mysqli_connect',
+		'query'				=> 'mysqli_query',
+		'error_num'			=> 'mysqli_errno',
+		'error_str'			=> 'mysqli_error',
+		'escape_string'		=> 'mysqli_real_escape_string',
+		'escape_binary'		=> 'mysqli_real_escape_string',
+		'unescape_binary'	=> '$this->command_unescape_binary',
+		'fetch_assoc'		=> 'mysqli_fetch_assoc',
+		'fetch_row'			=> 'mysqli_fetch_row',
+		'fetch_object'		=> 'mysqli_fetch_object',
+		'free_result'		=> 'mysqli_free_result',
+		'insert_id'			=> 'mysqli_insert_id',
+		'num_rows'			=> 'mysqli_num_rows',
+		'affected_rows'		=> 'mysqli_affected_rows'
 	);
 	
 	// ###################################################################
@@ -99,6 +101,21 @@ class DB_MySQLi extends DB_Abstract
 		return mysqli_connect($server, $user, $password, $database);
 	}
 	
+	// ###################################################################
+	/**
+	* Not supported: unescape binary string
+	*
+	* @access	protected
+	*
+	* @param	string	Escaped data
+	*
+	* @return	string	Same data
+	*/
+	function command_unescape_binary($string)
+	{
+		return $string;
+	}
+	
 	// ###################################################################
 	/**
 	* Starts a database transaction
diff --git a/db_postgresql.php b/db_postgresql.php
index 3c265ea..c7cf469 100644
--- a/db_postgresql.php
+++ b/db_postgresql.php
@@ -48,19 +48,23 @@ class DB_PostgreSQL extends DB_Abstract
 	* @access	private
 	*/
 	var $commands = array(
-		'pconnect'		=> '$this->command_pg_pconnect',
-		'connect'		=> '$this->command_pg_connect',
-		'query'			=> 'pg_query',
-		'error_num'		=> '$this->command_error_num',
-		'error_str'		=> '$this->command_error_str',
-		'escape_string'	=> '$this->command_pg_escape_string',
-		'fetch_assoc'	=> 'pg_fetch_assoc',
-		'fetch_row'		=> 'pg_fetch_row',
-		'fetch_object'	=> 'pg_fetch_object',
-		'free_result'	=> 'pg_free_result',
-		'insert_id'		=> '%link', // how do we support this...?
-		'num_rows'		=> 'pg_num_rows',
-		'affected_rows'	=> 'pg_affected_rows'
+		'pconnect'			=> '$this->command_pg_pconnect',
+		'connect'			=> '$this->command_pg_connect',
+		'query'				=> 'pg_query',
+		'error_num'			=> '$this->command_error_num',
+		'error_str'			=> '$this->command_error_str',
+		'escape_string'		=> '$this->command_pg_escape_string',
+		'escape_binary'		=> 'mysqli_real_escape_string',
+		'unescape_binary'	=> '$this->command_unescape_binary',
+		'escape_binary'		=> 'pg_escape_bytea',
+		'unescape_binary'	=> 'pg_unescape_bytea',
+		'fetch_assoc'		=> 'pg_fetch_assoc',
+		'fetch_row'			=> 'pg_fetch_row',
+		'fetch_object'		=> 'pg_fetch_object',
+		'free_result'		=> 'pg_free_result',
+		'insert_id'			=> '%link', // how do we support this...?
+		'num_rows'			=> 'pg_num_rows',
+		'affected_rows'		=> 'pg_affected_rows'
 	);
 	
 	/**
diff --git a/kernel.php b/kernel.php
index 2d317a6..b91b1b6 100644
--- a/kernel.php
+++ b/kernel.php
@@ -947,17 +947,31 @@ class ISSO
 	{
 		if ($this->magicquotes AND !$force)
 		{
-			if (isset($this->modules[ISSO_DB_LAYER]) AND $binary)
+			if (isset($this->modules[ISSO_DB_LAYER]))
 			{
-				return $this->modules[ISSO_DB_LAYER]->escape_string(str_replace(array("\'", '\"'), array("'", '"'), $str));
+				if ($binary)
+				{
+					return $this->modules[ISSO_DB_LAYER]->escape_binary(str_replace(array("\'", '\"'), array("'", '"'), $str));
+				}
+				else
+				{
+					return $this->modules[ISSO_DB_LAYER]->escape_string(str_replace(array("\'", '\"'), array("'", '"'), $str));
+				}
 			}
 			return $str;
 		}
 		else
 		{
-			if (isset($this->modules[ISSO_DB_LAYER]) AND $binary)
+			if (isset($this->modules[ISSO_DB_LAYER]))
 			{
-				return $this->modules[ISSO_DB_LAYER]->escape_string($str);
+				if ($binary)
+				{
+					return $this->modules[ISSO_DB_LAYER]->escape_binary($str);
+				}
+				else
+				{
+					return $this->modules[ISSO_DB_LAYER]->escape_string($str);
+				}
 			}
 			return addslashes($str);
 		}
-- 
2.22.5