Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
project
drupal
Commits
ca38ade6
Commit
ca38ade6
authored
Nov 21, 2014
by
alexpott
Browse files
Issue
#1201452
by Heine, mgifford: Potential Vulnerability In DatabaseConnection_mysql
parent
616b2ac4
Changes
1
Hide whitespace changes
Inline
Side-by-side
core/lib/Drupal/Core/Database/Driver/mysql/Connection.php
View file @
ca38ade6
...
...
@@ -61,6 +61,10 @@ public static function open(array &$connection_options = array()) {
// Default to TCP connection on port 3306.
$dsn
=
'mysql:host='
.
$connection_options
[
'host'
]
.
';port='
.
(
empty
(
$connection_options
[
'port'
])
?
3306
:
$connection_options
[
'port'
]);
}
// Character set is added to dsn to ensure PDO uses the proper character
// set when escaping. This has security implications. See
// https://www.drupal.org/node/1201452 for further discussion.
$dsn
.
=
';charset=utf8'
;
if
(
!
empty
(
$connection_options
[
'database'
]))
{
$dsn
.
=
';dbname='
.
$connection_options
[
'database'
];
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment