[DATABASE] Disable 'NULL' strings evaluation as SQL NULLs

Use $object->sqlValue('NULL') (identical to DataObject_Cast'ing) instead and fix related issues like (email|sms)settings considering these NULLs as a false positive for the E-Mail address still being set when it's been removed. There could also be security implications to the now-disabled approach of considering 'NULL' strings as SQL NULLs.
2019-11-02 12:21:43 +03:00
parent fd68965255
commit eab5725698
10 changed files with 89 additions and 24 deletions
--- a/lib/util/default.php
+++ b/lib/util/default.php
@@ -74,6 +74,7 @@ $default =
                'mirror' => null,
                'utf8' => true,
                'db_driver' => 'DB', # XXX: JanRain libs only work with DB
+                'disable_null_strings' => true, // 'NULL' can be harmful
                'quote_identifiers' => true,
                'type' => 'mysql',
                'schemacheck' => 'runtime', // 'runtime' or 'script'