Prevent null byte-based SQL injection

- Added code to escape null bytes using addcslashes.
zendframework · Sep 16, 2014 · c72c9d0 · c72c9d0
1 parent 1fdb9e5
commit c72c9d0
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/src/Adapter/Platform/SqlServer.php b/src/Adapter/Platform/SqlServer.php
@@ -117,6 +117,7 @@ public function quoteValue($value)
             'Attempting to quote a value in ' . __CLASS__ . ' without extension/driver support '
                 . 'can introduce security vulnerabilities in a production environment.'
         );
+        $value = addcslashes($value, "\000\032");
         return '\'' . str_replace('\'', '\'\'', $value) . '\'';
     }
 

diff --git a/test/Adapter/Platform/SqlServerTest.php b/test/Adapter/Platform/SqlServerTest.php
@@ -139,4 +139,13 @@ public function testSetDriver()
         $driver = new Pdo(array('pdodriver' => 'sqlsrv'));
         $this->platform->setDriver($driver);
     }
+
+    public function testPlatformQuotesNullByteCharacter()
+    {
+        $err = set_error_handler(function () {} );
+        $string = "1\0";
+        $value = $this->platform->quoteValue($string);
+        set_error_handler($err);
+        $this->assertEquals("'1\\000'", $value);
+    }
 }