Remove excessive SQL quotes filtering adding risk to queries - refs BT#13285

ywarnier · ywarnier · commit 66003fbca076 · 2017-09-27T00:06:27.000+02:00
diff --git a/main/inc/lib/database.lib.php b/main/inc/lib/database.lib.php
@@ -247,9 +247,7 @@ public static function escape_sql_wildcards($text)
      */
     public static function escape_string($string)
     {
-        $string = self::getManager()->getConnection()->quote($string);
-
-        return trim($string, "'");
+        return self::getManager()->getConnection()->quote($string);
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -247,9 +247,7 @@ public static function escape_sql_wildcards($text)`
`247`	`247`	`*/`
`248`	`248`	`public static function escape_string($string)`
`249`	`249`	`{`
`250`		`- $string = self::getManager()->getConnection()->quote($string);`
`251`		`-`
`252`		`- return trim($string, "'");`
	`250`	`+ return self::getManager()->getConnection()->quote($string);`
`253`	`251`	`}`
`254`	`252`
`255`	`253`	`/**`