From 916f75240bc9faa5a825a4ee0983e21227dd036b Mon Sep 17 00:00:00 2001
From: Sasha Alex Romanenko <alex@alex-tech-adventures.com>
Date: Sat, 11 Mar 2017 01:36:17 -0500
Subject: [PATCH 1/3] Delegate quoteIdentifier operation to
 quoteIdentifierChain since they produce same result. Enforce usage of
 preconfigured escape tokens.

---
 src/Adapter/Platform/AbstractPlatform.php | 43 ++++++++++++++---------
 src/Adapter/Platform/Mysql.php            |  8 -----
 src/Adapter/Platform/Oracle.php           | 14 +-------
 src/Adapter/Platform/Postgresql.php       |  8 -----
 src/Adapter/Platform/SqlServer.php        |  8 -----
 src/Sql/AbstractSql.php                   |  4 +--
 6 files changed, 30 insertions(+), 55 deletions(-)

diff --git a/src/Adapter/Platform/AbstractPlatform.php b/src/Adapter/Platform/AbstractPlatform.php
index 1857c7ba92..4e543b731f 100644
--- a/src/Adapter/Platform/AbstractPlatform.php
+++ b/src/Adapter/Platform/AbstractPlatform.php
@@ -1,9 +1,11 @@
 <?php
+
 /**
- * Zend Framework (http://framework.zend.com/)
+ * Zend Framework (http://framework.zend.com/).
  *
  * @link      http://github.com/zendframework/zf2 for the canonical source repository
- * @copyright Copyright (c) 2005-2016 Zend Technologies USA Inc. (http://www.zend.com)
+ *
+ * @copyright Copyright (c) 2005-2017 Zend Technologies USA Inc. (http://www.zend.com)
  * @license   http://framework.zend.com/license/new-bsd New BSD License
  */
 
@@ -31,7 +33,7 @@ abstract class AbstractPlatform implements PlatformInterface
      */
     public function quoteIdentifierInFragment($identifier, array $safeWords = [])
     {
-        if (! $this->quoteIdentifiers) {
+        if (!$this->quoteIdentifiers) {
             return $identifier;
         }
 
@@ -54,8 +56,8 @@ public function quoteIdentifierInFragment($identifier, array $safeWords = [])
             $identifier .= isset($safeWordsInt[strtolower($part)])
                 ? $part
                 : $this->quoteIdentifier[0]
-                . str_replace($this->quoteIdentifier[0], $this->quoteIdentifierTo, $part)
-                . $this->quoteIdentifier[1];
+                .str_replace($this->quoteIdentifier[0], $this->quoteIdentifierTo, $part)
+                .$this->quoteIdentifier[1];
         }
 
         return $identifier;
@@ -66,13 +68,7 @@ public function quoteIdentifierInFragment($identifier, array $safeWords = [])
      */
     public function quoteIdentifier($identifier)
     {
-        if (! $this->quoteIdentifiers) {
-            return $identifier;
-        }
-
-        return $this->quoteIdentifier[0]
-            . str_replace($this->quoteIdentifier[0], $this->quoteIdentifierTo, $identifier)
-            . $this->quoteIdentifier[1];
+        return $this->quoteIdentifierChain([$identifier]);
     }
 
     /**
@@ -80,7 +76,21 @@ public function quoteIdentifier($identifier)
      */
     public function quoteIdentifierChain($identifierChain)
     {
-        return '"' . implode('"."', (array) str_replace('"', '\\"', $identifierChain)) . '"';
+        if (is_string($identifierChain)) {
+            $identifierChain = [$identifierChain];
+        }
+
+        if (!$this->quoteIdentifiers) {
+            return implode($this->getIdentifierSeparator(), $identifierChain);
+        }
+
+        /** @var array $identifierChain */
+        foreach ($identifierChain as $key => $identifier) {
+            $identifierChain[$key] = str_replace($this->quoteIdentifier[0], $this->quoteIdentifierTo, $identifier);
+        }
+        $chainGlue = $this->quoteIdentifier[1].$this->getIdentifierSeparator().$this->quoteIdentifier[0];
+
+        return $this->quoteIdentifier[0].implode($chainGlue, $identifierChain).$this->quoteIdentifier[1];
     }
 
     /**
@@ -105,10 +115,11 @@ public function getQuoteValueSymbol()
     public function quoteValue($value)
     {
         trigger_error(
-            'Attempting to quote a value in ' . get_class($this) .
+            'Attempting to quote a value in '.get_class($this).
             ' without extension/driver support can introduce security vulnerabilities in a production environment'
         );
-        return '\'' . addcslashes((string) $value, "\x00\n\r\\'\"\x1a") . '\'';
+
+        return '\''.addcslashes((string) $value, "\x00\n\r\\'\"\x1a").'\'';
     }
 
     /**
@@ -116,7 +127,7 @@ public function quoteValue($value)
      */
     public function quoteTrustedValue($value)
     {
-        return '\'' . addcslashes((string) $value, "\x00\n\r\\'\"\x1a") . '\'';
+        return '\''.addcslashes((string) $value, "\x00\n\r\\'\"\x1a").'\'';
     }
 
     /**
diff --git a/src/Adapter/Platform/Mysql.php b/src/Adapter/Platform/Mysql.php
index f239fd0e4f..dbaeb601ad 100644
--- a/src/Adapter/Platform/Mysql.php
+++ b/src/Adapter/Platform/Mysql.php
@@ -69,14 +69,6 @@ public function getName()
         return 'MySQL';
     }
 
-    /**
-     * {@inheritDoc}
-     */
-    public function quoteIdentifierChain($identifierChain)
-    {
-        return '`' . implode('`.`', (array) str_replace('`', '``', $identifierChain)) . '`';
-    }
-
     /**
      * {@inheritDoc}
      */
diff --git a/src/Adapter/Platform/Oracle.php b/src/Adapter/Platform/Oracle.php
index 7d66f9372b..992025c225 100644
--- a/src/Adapter/Platform/Oracle.php
+++ b/src/Adapter/Platform/Oracle.php
@@ -12,7 +12,7 @@
 use Zend\Db\Adapter\Driver\DriverInterface;
 use Zend\Db\Adapter\Driver\Oci8\Oci8;
 use Zend\Db\Adapter\Driver\Pdo\Pdo;
-use \Zend\Db\Adapter\Exception\InvalidArgumentException;
+use Zend\Db\Adapter\Exception\InvalidArgumentException;
 
 class Oracle extends AbstractPlatform
 {
@@ -78,18 +78,6 @@ public function getName()
         return 'Oracle';
     }
 
-    /**
-     * {@inheritDoc}
-     */
-    public function quoteIdentifierChain($identifierChain)
-    {
-        if ($this->quoteIdentifiers === false) {
-            return implode('.', (array) $identifierChain);
-        }
-
-        return '"' . implode('"."', (array) str_replace('"', '\\"', $identifierChain)) . '"';
-    }
-
     /**
      * {@inheritDoc}
      */
diff --git a/src/Adapter/Platform/Postgresql.php b/src/Adapter/Platform/Postgresql.php
index 8763f4aef7..0ab60c1a18 100644
--- a/src/Adapter/Platform/Postgresql.php
+++ b/src/Adapter/Platform/Postgresql.php
@@ -65,14 +65,6 @@ public function getName()
         return 'PostgreSQL';
     }
 
-    /**
-     * {@inheritDoc}
-     */
-    public function quoteIdentifierChain($identifierChain)
-    {
-        return '"' . implode('"."', (array) str_replace('"', '""', $identifierChain)) . '"';
-    }
-
     /**
      * {@inheritDoc}
      */
diff --git a/src/Adapter/Platform/SqlServer.php b/src/Adapter/Platform/SqlServer.php
index 4584cadc22..2dd08cb2f2 100644
--- a/src/Adapter/Platform/SqlServer.php
+++ b/src/Adapter/Platform/SqlServer.php
@@ -74,14 +74,6 @@ public function getQuoteIdentifierSymbol()
         return $this->quoteIdentifier;
     }
 
-    /**
-     * {@inheritDoc}
-     */
-    public function quoteIdentifierChain($identifierChain)
-    {
-        return '[' . implode('].[', (array) $identifierChain) . ']';
-    }
-
     /**
      * {@inheritDoc}
      */
diff --git a/src/Sql/AbstractSql.php b/src/Sql/AbstractSql.php
index f7d1d42e82..7f7ebbdcef 100644
--- a/src/Sql/AbstractSql.php
+++ b/src/Sql/AbstractSql.php
@@ -12,8 +12,8 @@
 use Zend\Db\Adapter\Driver\DriverInterface;
 use Zend\Db\Adapter\ParameterContainer;
 use Zend\Db\Adapter\Platform\PlatformInterface;
-use Zend\Db\Sql\Platform\PlatformDecoratorInterface;
 use Zend\Db\Adapter\Platform\Sql92 as DefaultAdapterPlatform;
+use Zend\Db\Sql\Platform\PlatformDecoratorInterface;
 
 abstract class AbstractSql implements SqlInterface
 {
@@ -435,7 +435,7 @@ protected function resolveTable(
         }
 
         if ($schema && $table) {
-            $table = $platform->quoteIdentifier($schema) . $platform->getIdentifierSeparator() . $table;
+            $table = $platform->quoteIdentifierChain($schema) . $platform->getIdentifierSeparator() . $table;
         }
         return $table;
     }

From fe973b46509fabdb4ce8e94909725469bd01ae55 Mon Sep 17 00:00:00 2001
From: Sasha Alex Romanenko <alex@alex-tech-adventures.com>
Date: Sat, 11 Mar 2017 03:07:43 -0500
Subject: [PATCH 2/3] Delegate quoteIdentifier operation to
 quoteIdentifierChain since they produce same result. Enforce usage of
 preconfigured escape tokens.

---
 src/Adapter/Platform/AbstractPlatform.php | 29 ++++++++++-------------
 src/Adapter/Platform/Mysql.php            |  8 +++----
 src/Adapter/Platform/Oracle.php           |  8 +++----
 src/Adapter/Platform/Postgresql.php       |  8 +++----
 src/Adapter/Platform/SqlServer.php        |  8 +++----
 src/Sql/AbstractSql.php                   |  8 +++----
 6 files changed, 27 insertions(+), 42 deletions(-)

diff --git a/src/Adapter/Platform/AbstractPlatform.php b/src/Adapter/Platform/AbstractPlatform.php
index 4e543b731f..bdeb397d18 100644
--- a/src/Adapter/Platform/AbstractPlatform.php
+++ b/src/Adapter/Platform/AbstractPlatform.php
@@ -1,12 +1,8 @@
 <?php
-
 /**
- * Zend Framework (http://framework.zend.com/).
- *
- * @link      http://github.com/zendframework/zf2 for the canonical source repository
- *
- * @copyright Copyright (c) 2005-2017 Zend Technologies USA Inc. (http://www.zend.com)
- * @license   http://framework.zend.com/license/new-bsd New BSD License
+ * @see       http://github.com/zendframework/zend-db for the canonical source repository
+ * @copyright Copyright (c) 2015-2017 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://github.com/zendframework/zend-db/blob/master/LICENSE.md New BSD License
  */
 
 namespace Zend\Db\Adapter\Platform;
@@ -33,7 +29,7 @@ abstract class AbstractPlatform implements PlatformInterface
      */
     public function quoteIdentifierInFragment($identifier, array $safeWords = [])
     {
-        if (!$this->quoteIdentifiers) {
+        if (! $this->quoteIdentifiers) {
             return $identifier;
         }
 
@@ -56,8 +52,8 @@ public function quoteIdentifierInFragment($identifier, array $safeWords = [])
             $identifier .= isset($safeWordsInt[strtolower($part)])
                 ? $part
                 : $this->quoteIdentifier[0]
-                .str_replace($this->quoteIdentifier[0], $this->quoteIdentifierTo, $part)
-                .$this->quoteIdentifier[1];
+                . str_replace($this->quoteIdentifier[0], $this->quoteIdentifierTo, $part)
+                . $this->quoteIdentifier[1];
         }
 
         return $identifier;
@@ -80,7 +76,7 @@ public function quoteIdentifierChain($identifierChain)
             $identifierChain = [$identifierChain];
         }
 
-        if (!$this->quoteIdentifiers) {
+        if (! $this->quoteIdentifiers) {
             return implode($this->getIdentifierSeparator(), $identifierChain);
         }
 
@@ -88,9 +84,9 @@ public function quoteIdentifierChain($identifierChain)
         foreach ($identifierChain as $key => $identifier) {
             $identifierChain[$key] = str_replace($this->quoteIdentifier[0], $this->quoteIdentifierTo, $identifier);
         }
-        $chainGlue = $this->quoteIdentifier[1].$this->getIdentifierSeparator().$this->quoteIdentifier[0];
+        $chainGlue = $this->quoteIdentifier[1] . $this->getIdentifierSeparator() . $this->quoteIdentifier[0];
 
-        return $this->quoteIdentifier[0].implode($chainGlue, $identifierChain).$this->quoteIdentifier[1];
+        return $this->quoteIdentifier[0] . implode($chainGlue, $identifierChain) . $this->quoteIdentifier[1];
     }
 
     /**
@@ -115,11 +111,10 @@ public function getQuoteValueSymbol()
     public function quoteValue($value)
     {
         trigger_error(
-            'Attempting to quote a value in '.get_class($this).
+            'Attempting to quote a value in ' . get_class($this) .
             ' without extension/driver support can introduce security vulnerabilities in a production environment'
         );
-
-        return '\''.addcslashes((string) $value, "\x00\n\r\\'\"\x1a").'\'';
+        return '\'' . addcslashes((string) $value, "\x00\n\r\\'\"\x1a") . '\'';
     }
 
     /**
@@ -127,7 +122,7 @@ public function quoteValue($value)
      */
     public function quoteTrustedValue($value)
     {
-        return '\''.addcslashes((string) $value, "\x00\n\r\\'\"\x1a").'\'';
+        return '\'' . addcslashes((string) $value, "\x00\n\r\\'\"\x1a") . '\'';
     }
 
     /**
diff --git a/src/Adapter/Platform/Mysql.php b/src/Adapter/Platform/Mysql.php
index dbaeb601ad..41b63fd3fa 100644
--- a/src/Adapter/Platform/Mysql.php
+++ b/src/Adapter/Platform/Mysql.php
@@ -1,10 +1,8 @@
 <?php
 /**
- * Zend Framework (http://framework.zend.com/)
- *
- * @link      http://github.com/zendframework/zf2 for the canonical source repository
- * @copyright Copyright (c) 2005-2016 Zend Technologies USA Inc. (http://www.zend.com)
- * @license   http://framework.zend.com/license/new-bsd New BSD License
+ * @see       http://github.com/zendframework/zend-db for the canonical source repository
+ * @copyright Copyright (c) 2015-2017 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://github.com/zendframework/zend-db/blob/master/LICENSE.md New BSD License
  */
 
 namespace Zend\Db\Adapter\Platform;
diff --git a/src/Adapter/Platform/Oracle.php b/src/Adapter/Platform/Oracle.php
index 992025c225..9f21aefc15 100644
--- a/src/Adapter/Platform/Oracle.php
+++ b/src/Adapter/Platform/Oracle.php
@@ -1,10 +1,8 @@
 <?php
 /**
- * Zend Framework (http://framework.zend.com/)
- *
- * @link      http://github.com/zendframework/zf2 for the canonical source repository
- * @copyright Copyright (c) 2005-2016 Zend Technologies USA Inc. (http://www.zend.com)
- * @license   http://framework.zend.com/license/new-bsd New BSD License
+ * @see       http://github.com/zendframework/zend-db for the canonical source repository
+ * @copyright Copyright (c) 2015-2017 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://github.com/zendframework/zend-db/blob/master/LICENSE.md New BSD License
  */
 
 namespace Zend\Db\Adapter\Platform;
diff --git a/src/Adapter/Platform/Postgresql.php b/src/Adapter/Platform/Postgresql.php
index 0ab60c1a18..36ff21a325 100644
--- a/src/Adapter/Platform/Postgresql.php
+++ b/src/Adapter/Platform/Postgresql.php
@@ -1,10 +1,8 @@
 <?php
 /**
- * Zend Framework (http://framework.zend.com/)
- *
- * @link      http://github.com/zendframework/zf2 for the canonical source repository
- * @copyright Copyright (c) 2005-2016 Zend Technologies USA Inc. (http://www.zend.com)
- * @license   http://framework.zend.com/license/new-bsd New BSD License
+ * @see       http://github.com/zendframework/zend-db for the canonical source repository
+ * @copyright Copyright (c) 2015-2017 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://github.com/zendframework/zend-db/blob/master/LICENSE.md New BSD License
  */
 
 namespace Zend\Db\Adapter\Platform;
diff --git a/src/Adapter/Platform/SqlServer.php b/src/Adapter/Platform/SqlServer.php
index 2dd08cb2f2..8b5611c7e0 100644
--- a/src/Adapter/Platform/SqlServer.php
+++ b/src/Adapter/Platform/SqlServer.php
@@ -1,10 +1,8 @@
 <?php
 /**
- * Zend Framework (http://framework.zend.com/)
- *
- * @link      http://github.com/zendframework/zf2 for the canonical source repository
- * @copyright Copyright (c) 2005-2016 Zend Technologies USA Inc. (http://www.zend.com)
- * @license   http://framework.zend.com/license/new-bsd New BSD License
+ * @see       http://github.com/zendframework/zend-db for the canonical source repository
+ * @copyright Copyright (c) 2015-2017 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://github.com/zendframework/zend-db/blob/master/LICENSE.md New BSD License
  */
 
 namespace Zend\Db\Adapter\Platform;
diff --git a/src/Sql/AbstractSql.php b/src/Sql/AbstractSql.php
index 7f7ebbdcef..b945a1fb9e 100644
--- a/src/Sql/AbstractSql.php
+++ b/src/Sql/AbstractSql.php
@@ -1,10 +1,8 @@
 <?php
 /**
- * Zend Framework (http://framework.zend.com/)
- *
- * @link      http://github.com/zendframework/zf2 for the canonical source repository
- * @copyright Copyright (c) 2005-2016 Zend Technologies USA Inc. (http://www.zend.com)
- * @license   http://framework.zend.com/license/new-bsd New BSD License
+ * @see       http://github.com/zendframework/zend-db for the canonical source repository
+ * @copyright Copyright (c) 2015-2017 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://github.com/zendframework/zend-db/blob/master/LICENSE.md New BSD License
  */
 
 namespace Zend\Db\Sql;

From 70b37f3002e4349b00cfab411ad50865cbe58961 Mon Sep 17 00:00:00 2001
From: Alexander Romanenko <alex@alex-tech-adventures.com>
Date: Sun, 19 Mar 2017 17:56:00 -0400
Subject: [PATCH 3/3] String formatter instead of concatenation.

---
 src/Adapter/Platform/AbstractPlatform.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/Adapter/Platform/AbstractPlatform.php b/src/Adapter/Platform/AbstractPlatform.php
index bdeb397d18..48c9a97cb0 100644
--- a/src/Adapter/Platform/AbstractPlatform.php
+++ b/src/Adapter/Platform/AbstractPlatform.php
@@ -111,8 +111,11 @@ public function getQuoteValueSymbol()
     public function quoteValue($value)
     {
         trigger_error(
-            'Attempting to quote a value in ' . get_class($this) .
-            ' without extension/driver support can introduce security vulnerabilities in a production environment'
+            sprintf(
+                'Attempting to quote a value in %s without extension/driver support ' .
+                'can introduce security vulnerabilities in a production environment',
+                get_class($this)
+            )
         );
         return '\'' . addcslashes((string) $value, "\x00\n\r\\'\"\x1a") . '\'';
     }