diff --git a/phpBB/includes/functions_posting.php b/phpBB/includes/functions_posting.php index c056d93fb4..8544513bc5 100644 --- a/phpBB/includes/functions_posting.php +++ b/phpBB/includes/functions_posting.php @@ -118,7 +118,7 @@ function generate_smilies($mode, $forum_id) SMILIES_TABLE => 's', ], 'GROUP_BY' => 's.smiley_url, s.smiley_width, s.smiley_height', - 'ORDER_BY' => 'min_smiley_order', + 'ORDER_BY' => $db->sql_quote('min_smiley_order'), ]; } else diff --git a/phpBB/install/convert/convertor.php b/phpBB/install/convert/convertor.php index 09088fe824..c1da17ad2b 100644 --- a/phpBB/install/convert/convertor.php +++ b/phpBB/install/convert/convertor.php @@ -1300,7 +1300,7 @@ class convertor else { // No table alias - $sql_data['source_tables'][$m[1]] = (empty($convert->src_table_prefix)) ? $m[1] : $convert->src_table_prefix . $m[1] . ' ' . $m[1]; + $sql_data['source_tables'][$m[1]] = (empty($convert->src_table_prefix)) ? $m[1] : $convert->src_table_prefix . $m[1] . ' ' . $db->sql_quote($m[1]); } $sql_data['select_fields'][$value_1] = $value_1; @@ -1314,7 +1314,7 @@ class convertor { foreach ($m[1] as $value) { - $sql_data['source_tables'][$value] = (empty($convert->src_table_prefix)) ? $value : $convert->src_table_prefix . $value . ' ' . $value; + $sql_data['source_tables'][$value] = (empty($convert->src_table_prefix)) ? $value : $convert->src_table_prefix . $value . ' ' . $db->sql_quote($value); } } } @@ -1323,7 +1323,7 @@ class convertor // Add the aliases to the list of tables foreach ($aliases as $alias => $table) { - $sql_data['source_tables'][$alias] = $convert->src_table_prefix . $table . ' ' . $alias; + $sql_data['source_tables'][$alias] = $convert->src_table_prefix . $table . ' ' . $db->sql_quote($alias); } // 'left_join' => 'forums LEFT JOIN forum_prune ON forums.forum_id = forum_prune.forum_id', diff --git a/phpBB/phpbb/db/driver/driver_interface.php b/phpBB/phpbb/db/driver/driver_interface.php index 05ff5ef066..e269fac585 100644 --- a/phpBB/phpbb/db/driver/driver_interface.php +++ b/phpBB/phpbb/db/driver/driver_interface.php @@ -464,4 +464,12 @@ interface driver_interface * @return string A SQL statement like: "IN (1, 2, 3, 4)" or "= 1" */ public function sql_in_set($field, $array, $negate = false, $allow_empty_set = false); + + /** + * Quote identifiers used in sql query + * + * @param string $msg String to be quoted + * @return string Quoted version of $msg + */ + public function sql_quote($msg); } diff --git a/phpBB/phpbb/db/driver/factory.php b/phpBB/phpbb/db/driver/factory.php index bb6e7a2682..db58897b88 100644 --- a/phpBB/phpbb/db/driver/factory.php +++ b/phpBB/phpbb/db/driver/factory.php @@ -456,4 +456,12 @@ class factory implements driver_interface { return $this->get_driver()->sql_in_set($field, $array, $negate, $allow_empty_set); } + + /** + * {@inheritdoc} + */ + public function sql_quote($msg) + { + return $this->get_driver()->sql_quote($msg); + } } diff --git a/phpBB/phpbb/db/driver/mssql_base.php b/phpBB/phpbb/db/driver/mssql_base.php index 98d16ca7fc..c48f7d42a6 100644 --- a/phpBB/phpbb/db/driver/mssql_base.php +++ b/phpBB/phpbb/db/driver/mssql_base.php @@ -76,4 +76,12 @@ abstract class mssql_base extends \phpbb\db\driver\driver { return $data; } + + /** + * {@inheritDoc} + */ + function sql_quote($msg) + { + return '"' . $msg . '"'; + } } diff --git a/phpBB/phpbb/db/driver/mysqli.php b/phpBB/phpbb/db/driver/mysqli.php index 0c1c063262..826233507f 100644 --- a/phpBB/phpbb/db/driver/mysqli.php +++ b/phpBB/phpbb/db/driver/mysqli.php @@ -489,4 +489,12 @@ class mysqli extends \phpbb\db\driver\mysql_base break; } } + + /** + * {@inheritDoc} + */ + function sql_quote($msg) + { + return '`' . $msg . '`'; + } } diff --git a/phpBB/phpbb/db/driver/oracle.php b/phpBB/phpbb/db/driver/oracle.php index f2a0bb557a..a9137e8463 100644 --- a/phpBB/phpbb/db/driver/oracle.php +++ b/phpBB/phpbb/db/driver/oracle.php @@ -818,4 +818,12 @@ class oracle extends \phpbb\db\driver\driver break; } } + + /** + * {@inheritDoc} + */ + function sql_quote($msg) + { + return '"' . $msg . '"'; + } } diff --git a/phpBB/phpbb/db/driver/postgres.php b/phpBB/phpbb/db/driver/postgres.php index 1a276638d4..52a5b6b546 100644 --- a/phpBB/phpbb/db/driver/postgres.php +++ b/phpBB/phpbb/db/driver/postgres.php @@ -497,4 +497,12 @@ class postgres extends \phpbb\db\driver\driver break; } } + + /** + * {@inheritDoc} + */ + function sql_quote($msg) + { + return '"' . $msg . '"'; + } } diff --git a/phpBB/phpbb/db/driver/sqlite3.php b/phpBB/phpbb/db/driver/sqlite3.php index 43906f1b58..106400bf0a 100644 --- a/phpBB/phpbb/db/driver/sqlite3.php +++ b/phpBB/phpbb/db/driver/sqlite3.php @@ -427,4 +427,12 @@ class sqlite3 extends \phpbb\db\driver\driver break; } } + + /** + * {@inheritDoc} + */ + function sql_quote($msg) + { + return '\'' . $msg . '\''; + } } diff --git a/tests/functional/smilies_test.php b/tests/functional/smilies_test.php index f17171bd1f..4ee45e9bde 100644 --- a/tests/functional/smilies_test.php +++ b/tests/functional/smilies_test.php @@ -28,7 +28,7 @@ class phpbb_functional_smilies_test extends phpbb_functional_test_case SMILIES_TABLE => 's', ], 'GROUP_BY' => 's.smiley_url, s.smiley_width, s.smiley_height', - 'ORDER_BY' => 'min_smiley_order', + 'ORDER_BY' => $db->sql_quote('min_smiley_order'), ]; $sql = $db->sql_build_query('SELECT', $sql_ary); $result = $db->sql_query($sql); @@ -39,7 +39,7 @@ class phpbb_functional_smilies_test extends phpbb_functional_test_case $crawler = self::request('GET', 'posting.php?mode=smilies'); foreach ($smilies as $index => $smiley) { - $this->assertContains($smiley['smiley_url'], + $this->assertStringContainsString($smiley['smiley_url'], $crawler->filter('div[class="inner"] > a > img')->eq($index)->attr('src') ); }