Commit ca38ade6 authored by alexpott's avatar alexpott

Issue #1201452 by Heine, mgifford: Potential Vulnerability In DatabaseConnection_mysql

parent 616b2ac4
......@@ -61,6 +61,10 @@ public static function open(array &$connection_options = array()) {
// Default to TCP connection on port 3306.
$dsn = 'mysql:host=' . $connection_options['host'] . ';port=' . (empty($connection_options['port']) ? 3306 : $connection_options['port']);
}
// Character set is added to dsn to ensure PDO uses the proper character
// set when escaping. This has security implications. See
// https://www.drupal.org/node/1201452 for further discussion.
$dsn .= ';charset=utf8';
if (!empty($connection_options['database'])) {
$dsn .= ';dbname=' . $connection_options['database'];
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment