From 0118d484509c06254bbc8f392ab2eb6ca06ea18a Mon Sep 17 00:00:00 2001
From: Tymoteusz Motylewski <t.motylewski@gmail.com>
Date: Fri, 24 Apr 2020 23:14:15 +0200
Subject: [PATCH 1/2] Fix SQL query quoting/casting when type is passed to
 where function

The $type variable can be both string or int, so before comparing it to
'TYPE_CONDITION' string it has to be casted to avoid comparing integer zero
with string (0 == 'TYPE_CONDITION') which will wrongly return true,
and remove the information about type.

Pass type provided to where function down the chain to allow automatic
casting of arrays of values e.g. to int.

This fixes following cases:
1)
->where('attr_table.store_id IN (?)', $storeIds, Zend_Db::INT_TYPE);
2)
->where('attr_table.store_id = ?', $storeId, Zend_Db::INT_TYPE);
In both cases now passed value is correctly casted to int
(either single value, or each value from array)

Co-authored-by: Ihor Sviziev <ihor-sviziev@users.noreply.github.com>
---
 .../Magento/Framework/DB/Adapter/Pdo/Mysql.php        |  7 ++++---
 lib/internal/Magento/Framework/DB/Select.php          | 11 ++++++-----
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/lib/internal/Magento/Framework/DB/Adapter/Pdo/Mysql.php b/lib/internal/Magento/Framework/DB/Adapter/Pdo/Mysql.php
index 7db91c06d9649..e4b2dad4a8108 100644
--- a/lib/internal/Magento/Framework/DB/Adapter/Pdo/Mysql.php
+++ b/lib/internal/Magento/Framework/DB/Adapter/Pdo/Mysql.php
@@ -21,6 +21,7 @@
 use Magento\Framework\DB\Query\Generator as QueryGenerator;
 use Magento\Framework\DB\Select;
 use Magento\Framework\DB\SelectFactory;
+use Magento\Framework\DB\Sql\Expression;
 use Magento\Framework\DB\Statement\Parameter;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Phrase;
@@ -1511,10 +1512,10 @@ public function select()
      * Method revrited for handle empty arrays in value param
      *
      * @param string $text The text with a placeholder.
-     * @param mixed $value The value to quote.
-     * @param string $type OPTIONAL SQL datatype
+     * @param array|null|int|string|float|Expression|Select|\DateTimeInterface $value The value to quote.
+     * @param int|string|null $type OPTIONAL SQL datatype of the given value e.g. Zend_Db::FLOAT_TYPE or "INT"
      * @param integer $count OPTIONAL count of placeholders to replace
-     * @return string An SQL-safe quoted value placed into the orignal text.
+     * @return string An SQL-safe quoted value placed into the original text.
      */
     public function quoteInto($text, $value, $type = null, $count = null)
     {
diff --git a/lib/internal/Magento/Framework/DB/Select.php b/lib/internal/Magento/Framework/DB/Select.php
index 075aa6b24faa7..4f79b0d314f1d 100644
--- a/lib/internal/Magento/Framework/DB/Select.php
+++ b/lib/internal/Magento/Framework/DB/Select.php
@@ -7,6 +7,7 @@
 
 use Magento\Framework\App\ResourceConnection;
 use Magento\Framework\DB\Adapter\AdapterInterface;
+use Magento\Framework\DB\Sql\Expression;
 
 /**
  * Class for SQL SELECT generation and results.
@@ -107,19 +108,19 @@ public function __construct(
      * </code>
      *
      * @param string $cond The WHERE condition.
-     * @param string|array|null $value OPTIONAL An optional single or array value to quote into the condition.
-     * @param string|int|null $type OPTIONAL The type of the given value
-     * @return \Magento\Framework\DB\Select
+     * @param array|null|int|string|float|Expression|Select|\DateTimeInterface $value The value to quote.
+     * @param int|string|null $type OPTIONAL SQL datatype of the given value e.g. Zend_Db::FLOAT_TYPE or "INT"
+     * @return Select
      */
     public function where($cond, $value = null, $type = null)
     {
         if ($value === null && $type === null) {
             $value = '';
-        } elseif ($type == self::TYPE_CONDITION) {
+        } elseif ((string)$type === self::TYPE_CONDITION) {
             $type = null;
         }
         if (is_array($value)) {
-            $cond = $this->getConnection()->quoteInto($cond, $value);
+            $cond = $this->getConnection()->quoteInto($cond, $value, $type);
             $value = null;
         }
         return parent::where($cond, $value, $type);

From a103b640a91c8c232d0950ae7486908f13ecd361 Mon Sep 17 00:00:00 2001
From: "vadim.malesh" <engcom-vendorworker-charlie@adobe.com>
Date: Tue, 22 Sep 2020 12:36:07 +0300
Subject: [PATCH 2/2] revert to full type return

---
 lib/internal/Magento/Framework/DB/Select.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/internal/Magento/Framework/DB/Select.php b/lib/internal/Magento/Framework/DB/Select.php
index c743d8c1821ad..8869c874cd5cb 100644
--- a/lib/internal/Magento/Framework/DB/Select.php
+++ b/lib/internal/Magento/Framework/DB/Select.php
@@ -111,7 +111,7 @@ public function __construct(
      * @param string $cond The WHERE condition.
      * @param array|null|int|string|float|Expression|Select|\DateTimeInterface $value The value to quote.
      * @param int|string|null $type OPTIONAL SQL datatype of the given value e.g. Zend_Db::FLOAT_TYPE or "INT"
-     * @return Select
+     * @return \Magento\Framework\DB\Select
      */
     public function where($cond, $value = null, $type = null)
     {