From bbcac37e30ef3f168ca50b345fbe075ba77b2bd1 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 8 Sep 2021 20:24:44 +0200 Subject: [PATCH 1/2] [ticket/16870] Ensure to properly escape values when running db:migrate PHPBB3-16870 --- phpBB/phpbb/config/db.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/phpbb/config/db.php b/phpBB/phpbb/config/db.php index 4efe0d2810..5c20bb5ec9 100644 --- a/phpBB/phpbb/config/db.php +++ b/phpBB/phpbb/config/db.php @@ -170,8 +170,8 @@ class db extends config if (!isset($this->config[$key])) { $sql = 'INSERT INTO ' . $this->table . ' ' . $this->db->sql_build_array('INSERT', array( - 'config_name' => $key, - 'config_value' => $new_value, + 'config_name' => $this->db->sql_escape($key), + 'config_value' => $this->db->sql_escape($new_value), 'is_dynamic' => ($use_cache) ? 0 : 1)); $this->db->sql_query($sql); } From 11563ce971a613e6747b604146415465999c56b8 Mon Sep 17 00:00:00 2001 From: Marc Alexander Date: Wed, 8 Sep 2021 20:42:41 +0200 Subject: [PATCH 2/2] [ticket/16870] Use string representation of float value for treshold PHPBB3-16870 --- phpBB/phpbb/db/migration/data/v33x/google_recaptcha_v3.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/phpbb/db/migration/data/v33x/google_recaptcha_v3.php b/phpBB/phpbb/db/migration/data/v33x/google_recaptcha_v3.php index e1362ed813..854ba0c3a3 100644 --- a/phpBB/phpbb/db/migration/data/v33x/google_recaptcha_v3.php +++ b/phpBB/phpbb/db/migration/data/v33x/google_recaptcha_v3.php @@ -38,7 +38,7 @@ class google_recaptcha_v3 extends \phpbb\db\migration\migration foreach (\phpbb\captcha\plugins\recaptcha_v3::get_actions() as $action) { - $data[] = ['config.add', ["recaptcha_v3_threshold_{$action}", 0.5]]; + $data[] = ['config.add', ["recaptcha_v3_threshold_{$action}", '0.5']]; } return $data;