Fix SQL query quoting/casting when type is passed to where function

lib/Magento/Db/Adapter/Pdo/Mysql.php

@@ -124,9 +124,9 @@ protected function _quote($value)
      * If an array is passed as the value, the array values are quote
      * and then returned as a comma-separated string.
      *
-     * @param mixed $value The value to quote.
-     * @param null $type OPTIONAL the SQL datatype name, or constant, or null.
-     * @return mixed|string An SQL-safe quoted value (or string of separated values).
+     * @param Zend_Db_Select|Zend_Db_Expr|array|null|int|string|float $value OPTIONAL A single value to quote into the condition.
+     * @param null|string|int $type  OPTIONAL The type of the given value e.g. Zend_Db::INT_TYPE, "INT"
+     * @return string An SQL-safe quoted value (or string of separated values).
      */
     public function quote($value, $type = null)
     {

lib/Varien/Db/Adapter/Interface.php

@@ -566,9 +566,9 @@ public function fetchOne($sql, $bind = array());
      * If an array is passed as the value, the array values are quoted
      * and then returned as a comma-separated string.
      *
-     * @param mixed $value The value to quote.
-     * @param mixed $type  OPTIONAL the SQL datatype name, or constant, or null.
-     * @return mixed An SQL-safe quoted value (or string of separated values).
+     * @param Zend_Db_Select|Zend_Db_Expr|array|null|int|string|float $value OPTIONAL A single value to quote into the condition.
+     * @param null|string|int $type  OPTIONAL The type of the given value e.g. Zend_Db::INT_TYPE, "INT"
+     * @return string An SQL-safe quoted value (or string of separated values).
      */
     public function quote($value, $type = null);
 
@@ -586,8 +586,8 @@ public function quote($value, $type = null);
      * </code>
      *
      * @param string  $text  The text with a placeholder.
-     * @param mixed   $value The value to quote.
-     * @param string  $type  OPTIONAL SQL datatype
+     * @param Zend_Db_Select|Zend_Db_Expr|array|null|int|string|float $value OPTIONAL A single value to quote into the condition.
+     * @param null|string|int $type  OPTIONAL The type of the given value e.g. Zend_Db::INT_TYPE, "INT"
      * @param integer $count OPTIONAL count of placeholders to replace
      * @return string An SQL-safe quoted value placed into the original text.
      */

lib/Varien/Db/Adapter/Pdo/Mysql.php

@@ -1506,8 +1506,8 @@ protected function _debugWriteToFile($str)
      * Method revrited for handle empty arrays in value param
      *
      * @param string  $text  The text with a placeholder.
-     * @param mixed   $value The value to quote.
-     * @param string  $type  OPTIONAL SQL datatype
+     * @param Zend_Db_Select|Zend_Db_Expr|array|null|int|string|float $value OPTIONAL A single value to quote into the condition.
+     * @param null|string|int $type  OPTIONAL The type of the given value e.g. Zend_Db::INT_TYPE, "INT"
      * @param integer $count OPTIONAL count of placeholders to replace
      * @return string An SQL-safe quoted value placed into the orignal text.
      */

lib/Varien/Db/Select.php

@@ -101,8 +101,8 @@ public function __construct(Zend_Db_Adapter_Abstract $adapter)
      * </code>
      *
      * @param string   $cond  The WHERE condition.
-     * @param string   $value OPTIONAL A single value to quote into the condition.
-     * @param null|string $type  OPTIONAL The type of the given value
+     * @param Zend_Db_Select|Zend_Db_Expr|array|null|int|string|float $value OPTIONAL A single value to quote into the condition.
+     * @param null|string|int $type  OPTIONAL The type of the given value e.g. Zend_Db::INT_TYPE, "INT"
      * @return Varien_Db_Select This Zend_Db_Select object.
      */
     public function where($cond, $value = null, $type = null)
@@ -112,12 +112,13 @@ public function where($cond, $value = null, $type = null)
         }
         /**
          * Additional internal type used for really null value
+         * cast to string, to prevent false matching 0 == "TYPE_CONDITION"
          */
-        if ($type == self::TYPE_CONDITION) {
+        if ((string)$type === self::TYPE_CONDITION) {
             $type = null;
         }
         if (is_array($value)) {
-            $cond = $this->_adapter->quoteInto($cond, $value);
+            $cond = $this->_adapter->quoteInto($cond, $value, $type);
             $value = null;
         }
         return parent::where($cond, $value, $type);

lib/Zend/Db/Adapter/Abstract.php

@@ -852,9 +852,9 @@ protected function _quote($value)
      * If an array is passed as the value, the array values are quoted
      * and then returned as a comma-separated string.
      *
-     * @param mixed $value The value to quote.
-     * @param mixed $type  OPTIONAL the SQL datatype name, or constant, or null.
-     * @return mixed An SQL-safe quoted value (or string of separated values).
+     * @param Zend_Db_Select|Zend_Db_Expr|array|null|int|string|float $value OPTIONAL A single value to quote into the condition.
+     * @param null|string|int $type  OPTIONAL The type of the given value e.g. Zend_Db::INT_TYPE, "INT"
+     * @return string An SQL-safe quoted value (or string of separated values).
      */
     public function quote($value, $type = null)
     {
@@ -920,8 +920,8 @@ public function quote($value, $type = null)
      * </code>
      *
      * @param string  $text  The text with a placeholder.
-     * @param mixed   $value The value to quote.
-     * @param string  $type  OPTIONAL SQL datatype
+     * @param Zend_Db_Select|Zend_Db_Expr|array|null|int|string|float $value OPTIONAL A single value to quote into the condition.
+     * @param null|string|int $type  OPTIONAL The type of the given value e.g. Zend_Db::INT_TYPE, "INT"
      * @param integer $count OPTIONAL count of placeholders to replace
      * @return string An SQL-safe quoted value placed into the original text.
      */

lib/Zend/Db/Select.php

@@ -468,7 +468,7 @@ public function joinNatural($name, $cols = self::SQL_WILDCARD, $schema = null)
      * </code>
      *
      * @param string   $cond  The WHERE condition.
-     * @param mixed    $value OPTIONAL The value to quote into the condition.
+     * @param Zend_Db_Select|Zend_Db_Expr|array|null|int|string|float $value OPTIONAL The value to quote into the condition.
      * @param int      $type  OPTIONAL The type of the given value
      * @return Zend_Db_Select This Zend_Db_Select object.
      */
@@ -485,7 +485,7 @@ public function where($cond, $value = null, $type = null)
      * Otherwise identical to where().
      *
      * @param string   $cond  The WHERE condition.
-     * @param mixed    $value OPTIONAL The value to quote into the condition.
+     * @param Zend_Db_Select|Zend_Db_Expr|array|null|int|string|float $value OPTIONAL The value to quote into the condition.
      * @param int      $type  OPTIONAL The type of the given value
      * @return Zend_Db_Select This Zend_Db_Select object.
      *
@@ -991,7 +991,7 @@ protected function _tableCols($correlationName, $cols, $afterCorrelationName = n
      * Internal function for creating the where clause
      *
      * @param string   $condition
-     * @param mixed    $value  optional
+     * @param Zend_Db_Select|Zend_Db_Expr|array|null|int|string|float    $value  optional
      * @param string   $type   optional
      * @param boolean  $bool  true = AND, false = OR
      * @return string  clause