mysql GEOMETRY / GEOGRAPHY injection case (#6305)

Sushant · Mick Hansen
Commit 1b4af001 authored Jul 20, 2016 by Sushant Committed by Mick Hansen Jul 20, 2016
Showing with 16 additions and 4 deletions
lib/data-types.js
test/integration/model/geometry.test.js
--- a/lib/data-types.js
+++ b/lib/data-types.js
@@ -882,8 +882,8 @@ inherits(GEOMETRY, ABSTRACT);
 GEOMETRY.prototype.key = GEOMETRY.key = 'GEOMETRY';
 GEOMETRY.prototype.escape = false;
-GEOMETRY.prototype._stringify = function _stringify(value) {
+GEOMETRY.prototype._stringify = function _stringify(value, options) {
-  return 'GeomFromText(\'' + Wkt.convert(value) + '\')';
+  return 'GeomFromText(' + options.escape(Wkt.convert(value)) + ')';
 };
 /**
@@ -905,8 +905,8 @@ inherits(GEOGRAPHY, ABSTRACT);
 GEOGRAPHY.prototype.key = GEOGRAPHY.key = 'GEOGRAPHY';
 GEOGRAPHY.prototype.escape = false;
-GEOGRAPHY.prototype._stringify = function _stringify(value) {
+GEOGRAPHY.prototype._stringify = function _stringify(value, options) {
-  return 'GeomFromText(\'' + Wkt.convert(value) + '\')';
+  return 'GeomFromText(' + options.escape(Wkt.convert(value)) + ')';
 };
 for (const helper of Object.keys(helpers)) {

--- a/test/integration/model/geometry.test.js
+++ b/test/integration/model/geometry.test.js
@@ -197,6 +197,18 @@ describe(Support.getTestDialectTeaser('Model'), function() {
          }
        });
      });
+      it('should properly escape the single quotes in coordinates', function () {
+        return this.Model.create({
+          location: {
+            type: "Point",
+            properties: {
+              exploit: "'); DELETE YOLO INJECTIONS; -- "
+            },
+            coordinates: [39.807222,"'); DELETE YOLO INJECTIONS; --"]
+          }
+        });
+      });
    });
  }
 });