From ca7878453f7b30305e0c703f9cdebfe7c04de017 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Thu, 15 Sep 2011 14:39:52 +0200
Subject: [PATCH] SECURITY Backporting MySQLDatabase->addslashes() to use
 mysql_real_escape_string() instead of the non-multibyte-safe addslashes() PHP
 function, and using it in Convert::raw2sql()

---
 core/Convert.php             | 3 +--
 core/model/Database.php      | 8 ++++++++
 core/model/MySQLDatabase.php | 7 +++++++
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/core/Convert.php b/core/Convert.php
index f3c2eead6ce..ef40e00cfc1 100755
--- a/core/Convert.php
+++ b/core/Convert.php
@@ -104,9 +104,8 @@ static function raw2sql($val) {
 		if(is_array($val)) {
 			foreach($val as $k => $v) $val[$k] = self::raw2sql($v);
 			return $val;
-			
 		} else {
-			return addslashes($val);
+			return DB::getConn()->addslashes($val);
 		}
 	}
 
diff --git a/core/model/Database.php b/core/model/Database.php
index bd7f96a163e..a367af82e8f 100755
--- a/core/model/Database.php
+++ b/core/model/Database.php
@@ -111,6 +111,14 @@ protected abstract function fieldList($table);
 	 */
 	protected abstract function tableList();
 	
+	/**
+	 * Returns an escaped string.
+	 *
+	 * @param string
+	 * @return string - escaped string
+	 */
+	abstract function addslashes($val);
+	
 	/**
 	 * The table list, generated by the tableList() function.
 	 * Used by the requireTable() function.
diff --git a/core/model/MySQLDatabase.php b/core/model/MySQLDatabase.php
index 894e4883ece..e0815634ec6 100644
--- a/core/model/MySQLDatabase.php
+++ b/core/model/MySQLDatabase.php
@@ -400,6 +400,13 @@ function databaseError($msg, $errorLevel = E_USER_ERROR) {
 		
 		user_error($msg, $errorLevel);
 	}
+	
+	/*
+	 * This will return text which has been escaped in a database-friendly manner.
+	 */
+	function addslashes($value){
+		return mysql_real_escape_string($value, $this->dbConn);
+	}
 }
 
 /**