Prevent auth bypass with PostgreSQL connections

Thanks to Emmet Leahy of Sorcery Ltd for reporting this vulnerability (CVE-2021-3850). This is a minimalistic approach to patch the issue, to reduce the risk of causing regressions in the legacy stable branch. Fixes #793
ADOdb · Jan 16, 2022 · 952de6c · 952de6c
1 parent 66fb9e5
commit 952de6c
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/drivers/adodb-postgres64.inc.php b/drivers/adodb-postgres64.inc.php
@@ -51,7 +51,6 @@ function adodb_addslashes($s)
 {
 	$len = strlen($s);
 	if ($len == 0) return "''";
-	if (strncmp($s,"'",1) === 0 && substr($s,$len-1) == "'") return $s; // already quoted
 
 	return "'".addslashes($s)."'";
 }