[BUGFIX] Usage of raw binary characters in SQL Parser

Currently, the SQL Parser uses raw binary characters. In some cases,
this breaks the PHP interpreter. This results in the file
SqlParser.php not being parsed (the PHP interpreter just dumps
"???..." to stdout) and a follow-up fatal error because the class
cannot be found.

This patch replaces the raw binary characters with corresponding
character sequence in double quotes.

Change-Id: I28fb5d0c8401794e8f4bf20e7e2611b4cf7014ae
Fixes: #40932
Relates: #40672
Releases: 6.0
Reviewed-on: http://review.typo3.org/14689
Reviewed-by: Oliver Hader
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

diff --git a/typo3/sysext/core/Classes/Database/SqlParser.php b/typo3/sysext/core/Classes/Database/SqlParser.php
index f4f75c9..6f55913 100644 (file)
--- a/typo3/sysext/core/Classes/Database/SqlParser.php
+++ b/typo3/sysext/core/Classes/Database/SqlParser.php
@@ -1428,9 +1428,9 @@ class SqlParser {
         * @return string Output string
         */
        protected function parseStripslashes($str) {
-               $search = array('\\\\', '\\\'', '\\"', '\\0', '\\n', '\\r', '\\Z');
-               $replace = array('\\', '\'', '"', '\0', '
-', '\r', '\1a');
+               $search = array('\\\\', '\\\'', '\\"', '\0', '\n', '\r', '\Z');
+               $replace = array('\\', '\'', '"', "\x00", "\x0a", "\x0d", "\x1a");
+
                return str_replace($search, $replace, $str);
        }
 
@@ -1442,9 +1442,9 @@ class SqlParser {
         * @return string Output string
         */
        protected function compileAddslashes($str) {
-               $search = array('\\', '\'', '"', '\0', '
-', '\r', '\1a');
-               $replace = array('\\\\', '\\\'', '\\"', '\\0', '\\n', '\\r', '\\Z');
+               $search = array('\\', '\'', '"', "\x00", "\x0a", "\x0d", "\x1a");
+               $replace = array('\\\\', '\\\'', '\\"', '\0', '\n', '\r', '\Z');
+
                return str_replace($search, $replace, $str);
        }
 
@@ -1470,7 +1470,7 @@ class SqlParser {
         * @return string Output string
         */
        protected function trimSQL($str) {
-               return trim(rtrim($str, '; \r
+               return trim(rtrim($str, ';
        ')) . ' ';
        }
 
@@ -1989,16 +1989,17 @@ class SqlParser {
                        $str1 = $str;
                        $str2 = $newStr;
                }
-               // Fixing escaped chars:
-               $search = array('\\0', '\\n', '\\r', '\\Z');
-               $replace = array('\0', '
-', '\r', '\1a');
+
+                       // Fixing escaped chars:
+               $search = array('\0', '\n', '\r', '\Z');
+               $replace = array("\x00", "\x0a", "\x0d", "\x1a");
                $str1 = str_replace($search, $replace, $str1);
                $str2 = str_replace($search, $replace, $str2);
+
                if (strcmp(str_replace(array(' ', TAB, CR, LF), '', $this->trimSQL($str1)), str_replace(array(' ', TAB, CR, LF), '', $this->trimSQL($str2)))) {
                        return array(
                                str_replace(array(' ', TAB, CR, LF), ' ', $str),
-                               str_replace(array(' ', TAB, CR, LF), ' ', $newStr)
+                               str_replace(array(' ', TAB, CR, LF), ' ', $newStr),
                        );
                }
        }