// undo magic quotes for "
$s = str_replace('\\"','"',$s);
- if ($this->replaceQuote == "\\'") // ' already quoted, no need to change anything
+ // moodle change start - see readme_moodle.txt
+ if ($this->replaceQuote == "\\'" || ini_get('magic_quotes_sybase')) // ' already quoted, no need to change anything
+ // moodle change end - see readme_moodle.txt
return $s;
else {// change \' to '' for sybase/mssql
$s = str_replace('\\\\','\\',$s);
// undo magic quotes for "
$s = str_replace('\\"','"',$s);
- if ($this->replaceQuote == "\\'") // ' already quoted, no need to change anything
+ // moodle change start - see readme_moodle.txt
+ if ($this->replaceQuote == "\\'" || ini_get('magic_quotes_sybase')) // ' already quoted, no need to change anything
+ // moodle change end - see readme_moodle.txt
return "'$s'";
else {// change \' to '' for sybase/mssql
$s = str_replace('\\\\','\\',$s);
}
return $rez;
}
+
+// moodle change start - see readme_moodle.txt
+ /**
+ * Correctly quotes a string so that all strings are escaped. We prefix and append
+ * to the string single-quotes.
+ * An example is $db->qstr("Don't bother",magic_quotes_runtime());
+ *
+ * @param s the string to quote
+ * @param [magic_quotes] if $s is GET/POST var, set to get_magic_quotes_gpc().
+ * This undoes the stupidity of magic quotes for GPC.
+ *
+ * @return quoted string to be sent back to database
+ */
+ function qstr($s,$magic_quotes=false)
+ {
+ if (!$magic_quotes) {
+
+ if ($this->replaceQuote[0] == '\\'){
+ // only since php 4.0.5
+ $s = adodb_str_replace(array('\\',"\0"),array('\\\\',"\\\0"),$s);
+ //$s = str_replace("\0","\\\0", str_replace('\\','\\\\',$s));
+ }
+ return "'".str_replace("'",$this->replaceQuote,$s)."'";
+ }
+
+ // undo magic quotes for " unless sybase is on
+ $sybase = ini_get('magic_quotes_sybase');
+ if (!$sybase) {
+ $s = str_replace('\\"','"',$s);
+ if ($this->replaceQuote == "\\'") // ' already quoted, no need to change anything
+ return "'$s'";
+ else {// change \' to '' for sybase/mssql
+ $s = str_replace('\\\\','\\',$s);
+ return "'".str_replace("\\'",$this->replaceQuote,$s)."'";
+ }
+ } else {
+ return "'".$s."'";
+ }
+ }
+// moodle change end - see readme_moodle.txt
// returns true or false
function _close()
http://www.databasejournal.com/scripts/article.php/1440551
*/
-?>
\ No newline at end of file
+?>
}
return "'".str_replace("'",$this->replaceQuote,$s)."'";
}
-
- // undo magic quotes for "
- $s = str_replace('\\"','"',$s);
-
- $s = str_replace('\\\\','\\',$s);
- return "'".str_replace("\\'",$this->replaceQuote,$s)."'";
-
+// moodle change start - see readme_moodle.txt
+
+ // undo magic quotes for " unless sybase is on
+ $sybase = ini_get('magic_quotes_sybase');
+ if (!$sybase) {
+ $s = str_replace('\\"','"',$s);
+ $s = str_replace('\\\\','\\',$s);
+ return "'".str_replace("\\'",$this->replaceQuote,$s)."'";
+ } else {
+ return "'".$s."'";
+ }
+// moodle change end - see readme_moodle.txt
}
}
* adodb-lib.inc.php - modify some debug output to be correct XHTML. MDL-12378.
Reported to ADOdb at: http://phplens.com/lens/lensforum/msgs.php?id=17133
Once fixed by adodb guys, we'll return to their official distro.
+ * drivers/adodb-mssql.inc.php, drivers/adodb-oci8.inc.php (qstr) and
+ adodb.inc.php (addq and qstr) - fixed wrong "undo magic quotes" that was
+ ignoring "magic_quotes_sybase" and leading to wrongly escaped contents. MDL-19452
+ Reported privately to John Lim, will be added to upstream soon. Once fixed
+ we'll return to their official distro.
skodak, iarenaza, moodler, stronk7
projects / moodle.git / commitdiff