From cfd30d63e8ff768d7f4ee0c3277f25c0738f6bb7 Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Tue, 14 Oct 2014 10:10:12 +0100
Subject: [PATCH] Issue #2232425 followup by danblack, stefan.r: Fixed Database
 Schema field/column default value is not properly quoted via PDO::quote().

---
 .../Core/Database/Driver/mysql/Schema.php       | 17 ++---------------
 .../Core/Database/Driver/pgsql/Schema.php       | 11 +++--------
 core/lib/Drupal/Core/Database/Schema.php        | 17 +++++++++++++++++
 .../system/src/Tests/Database/SchemaTest.php    |  1 +
 4 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/core/lib/Drupal/Core/Database/Driver/mysql/Schema.php b/core/lib/Drupal/Core/Database/Driver/mysql/Schema.php
index 10a01f42d6d..10976b2a1eb 100644
--- a/core/lib/Drupal/Core/Database/Driver/mysql/Schema.php
+++ b/core/lib/Drupal/Core/Database/Driver/mysql/Schema.php
@@ -169,13 +169,7 @@ class Schema extends DatabaseSchema {
 
     // $spec['default'] can be NULL, so we explicitly check for the key here.
     if (array_key_exists('default', $spec)) {
-      if (is_string($spec['default'])) {
-        $spec['default'] = $this->connection->quote($spec['default']);
-      }
-      elseif (!isset($spec['default'])) {
-        $spec['default'] = 'NULL';
-      }
-      $sql .= ' DEFAULT ' . $spec['default'];
+      $sql .= ' DEFAULT ' . $this->escapeDefaultValue($spec['default']);
     }
 
     if (empty($spec['not null']) && !isset($spec['default'])) {
@@ -386,14 +380,7 @@ class Schema extends DatabaseSchema {
       throw new SchemaObjectDoesNotExistException(t("Cannot set default value of field @table.@field: field doesn't exist.", array('@table' => $table, '@field' => $field)));
     }
 
-    if (!isset($default)) {
-      $default = 'NULL';
-    }
-    else {
-      $default = is_string($default) ? "'$default'" : $default;
-    }
-
-    $this->connection->query('ALTER TABLE {' . $table . '} ALTER COLUMN `' . $field . '` SET DEFAULT ' . $default);
+    $this->connection->query('ALTER TABLE {' . $table . '} ALTER COLUMN `' . $field . '` SET DEFAULT ' . $this->escapeDefaultValue($default));
   }
 
   public function fieldSetNoDefault($table, $field) {
diff --git a/core/lib/Drupal/Core/Database/Driver/pgsql/Schema.php b/core/lib/Drupal/Core/Database/Driver/pgsql/Schema.php
index c033568ec5f..49386015b30 100644
--- a/core/lib/Drupal/Core/Database/Driver/pgsql/Schema.php
+++ b/core/lib/Drupal/Core/Database/Driver/pgsql/Schema.php
@@ -272,8 +272,8 @@ class Schema extends DatabaseSchema {
         $sql .= ' NULL';
       }
     }
-    if (isset($spec['default'])) {
-      $default = is_string($spec['default']) ? $this->connection->quote($spec['default']) : $spec['default'];
+    if (array_key_exists('default', $spec)) {
+      $default = $this->escapeDefaultValue($spec['default']);
       $sql .= " default $default";
     }
 
@@ -498,12 +498,7 @@ class Schema extends DatabaseSchema {
       throw new SchemaObjectDoesNotExistException(t("Cannot set default value of field @table.@field: field doesn't exist.", array('@table' => $table, '@field' => $field)));
     }
 
-    if (!isset($default)) {
-      $default = 'NULL';
-    }
-    else {
-      $default = is_string($default) ? $this->connection->quote($default) : $default;
-    }
+    $default = $this->escapeDefaultValue($default);
 
     $this->connection->query('ALTER TABLE {' . $table . '} ALTER COLUMN "' . $field . '" SET DEFAULT ' . $default);
   }
diff --git a/core/lib/Drupal/Core/Database/Schema.php b/core/lib/Drupal/Core/Database/Schema.php
index 6a1b0dd7625..b58875600f7 100644
--- a/core/lib/Drupal/Core/Database/Schema.php
+++ b/core/lib/Drupal/Core/Database/Schema.php
@@ -722,4 +722,21 @@ abstract class Schema implements PlaceholderInterface {
   public function prepareComment($comment, $length = NULL) {
     return $this->connection->quote($comment);
   }
+
+  /**
+   * Return an escaped version of its parameter to be used as a default value
+   * on a column.
+   *
+   * @param mixed $value
+   *   The value to be escaped (int, float, null or string).
+   *
+   * @return string|int|float
+   *   The escaped value.
+   */
+  protected function escapeDefaultValue($value) {
+    if (is_null($value)) {
+      return 'NULL';
+    }
+    return is_string($value) ? $this->connection->quote($value) : $value;
+  }
 }
diff --git a/core/modules/system/src/Tests/Database/SchemaTest.php b/core/modules/system/src/Tests/Database/SchemaTest.php
index 0a443754509..9009e723e9f 100644
--- a/core/modules/system/src/Tests/Database/SchemaTest.php
+++ b/core/modules/system/src/Tests/Database/SchemaTest.php
@@ -292,6 +292,7 @@ class SchemaTest extends KernelTestBase {
         array('not null' => FALSE, 'default' => substr('"thing"', 0, $length)),
         array('not null' => FALSE, 'default' => substr("\"'hing", 0, $length)),
         array('not null' => TRUE, 'initial' => 'd'),
+        array('not null' => FALSE, 'default' => NULL),
         array('not null' => TRUE, 'initial' => 'd', 'default' => '7'),
       );