mysql case for GEOGRAPHY/GEOMETRY sql injection (#6306)

lib/data-types.js

@@ -900,8 +900,8 @@ var GEOMETRY = ABSTRACT.inherits(function(type, srid) {
 GEOMETRY.prototype.key = GEOMETRY.key = 'GEOMETRY';
 
 GEOMETRY.prototype.escape = false;
-GEOMETRY.prototype.$stringify = function (value) {
-  return 'GeomFromText(\'' + Wkt.convert(value) + '\')';
+GEOMETRY.prototype.$stringify = function (value, options) {
+  return 'GeomFromText(' + options.escape(Wkt.convert(value)) + ')';
 };
 
 /**
@@ -925,8 +925,8 @@ var GEOGRAPHY = ABSTRACT.inherits(function(type, srid) {
 GEOGRAPHY.prototype.key = GEOGRAPHY.key = 'GEOGRAPHY';
 
 GEOGRAPHY.prototype.escape = false;
-GEOGRAPHY.prototype.$stringify = function (value) {
-  return 'GeomFromText(\'' + Wkt.convert(value) + '\')';
+GEOGRAPHY.prototype.$stringify = function (value, options) {
+  return 'GeomFromText(' + options.escape(Wkt.convert(value)) + ')';
 };
 
 Object.keys(helpers).forEach(function (helper) {

lib/dialects/postgres/data-types.js

@@ -293,7 +293,7 @@ module.exports = function (BaseTypes) {
     array_oids: []
   };
 
-  GEOGRAPHY.parse = GEOGRAPHY.prototype.parse = function(value, options) {
+  GEOGRAPHY.parse = GEOGRAPHY.prototype.parse = function(value) {
     var b = new Buffer(value, 'hex');
     return wkx.Geometry.parse(b).toGeoJSON();
   };

test/integration/model/geometry.test.js

@@ -197,6 +197,18 @@ describe(Support.getTestDialectTeaser('Model'), function() {
           }
         });
       });
+
+      it('should properly escape the single quotes on coordinates', function () {
+        return this.Model.create({
+          location: {
+            type: "Point",
+            properties: {
+              exploit: "'); DELETE YOLO INJECTIONS; -- "
+            },
+            coordinates: [39.807222,"'); DELETE YOLO INJECTIONS; -- "]
+          }
+        });
+      });
     });
   }
 });