0009982: fix Zend_Db_Expr handling in select order clause
authorPhilipp Schüle <p.schuele@metaways.de>
Wed, 11 Jun 2014 11:20:14 +0000 (13:20 +0200)
committerPhilipp Schüle <p.schuele@metaways.de>
Fri, 13 Jun 2014 08:57:06 +0000 (10:57 +0200)
commitbb3a42995f194ba198f44b2061bf9f34a8b78cc8
tree7da39eb6dfbb8b7482668be2e53499f162ab25f8
parent0cd79a610a162c02dff820d13bb678442e8da2b7
0009982: fix Zend_Db_Expr handling in select order clause

* fixes Zend_Db_Expr handling in select order clause as this allows SQL
injections!
* adds test for mysql and pgsql

https://forge.tine20.org/mantisbt/view.php?id=9982
http://framework.zend.com/security/advisory/ZF2014-04

Change-Id: Iba604b922c04a414bf95288c5f906dd87b173d88
Reviewed-on: http://gerrit.tine20.com/customers/753
Tested-by: Jenkins CI (http://ci.tine20.com/)
Reviewed-by: Philipp Schüle <p.schuele@metaways.de>
tests/tine20/Zend/AllTests.php
tests/tine20/Zend/Db/SelectTest.php [new file with mode: 0644]
tine20/Zend/Db/Select.php [new file with mode: 0644]