com php-src: Merge branch 'PHP-5.4' into PHP-5.5: ext/pgsql/pgsql.c

From: Date: Mon, 05 Aug 2013 09:24:07 +0000
Subject: com php-src: Merge branch 'PHP-5.4' into PHP-5.5: ext/pgsql/pgsql.c
Groups: php.cvs 
Request: Send a blank email to [email protected] to get a copy of this message 
Commit:    cb8d1fc7f913085117da109f89a1e5a6cb535c09
Author:    Yasuo Ohgaki <[email protected]>         Mon, 5 Aug 2013 18:24:07 +0900
Parents:   e59143e8966c0b6aa07ca72b6ad27f64baad0a01 f718684a6c1d6221015031d1e72d3eb55ecbb659
Branches:  PHP-5.5

Link:       http://git.php.net/?p=php-src.git;a=commitdiff;h=cb8d1fc7f913085117da109f89a1e5a6cb535c09

Log:
Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4:
  Fixed bug #62978.. pg_select()/etc may allow SQL injection when table name is user parameter,
users are able to control table names.

Bugs:
https://bugs.php.net/62978

Changed paths:
  MM  ext/pgsql/pgsql.c


Diff:
diff --cc ext/pgsql/pgsql.c
index de8bfc8,ded4a62..103a3b8
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@@ -6043,14 -6164,14 +6165,14 @@@ PHP_PGSQL_API int php_pgsql_insert(PGco
  		}
  		var_array = converted;
  	}
- 	
+ 
  	smart_str_appends(&querystr, "INSERT INTO ");
- 	smart_str_appends(&querystr, table);
+ 	build_tablename(&querystr, pg_link, table);
  	smart_str_appends(&querystr, " (");
- 	
+ 
  	zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(var_array), &pos);
  	while ((key_type = zend_hash_get_current_key_ex(Z_ARRVAL_P(var_array), &fld,
 -					&fld_len, &num_idx, 0, &pos)) != HASH_KEY_NON_EXISTANT) {
 +					&fld_len, &num_idx, 0, &pos)) != HASH_KEY_NON_EXISTENT) {
  		if (key_type == HASH_KEY_IS_LONG) {
  			php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Expects associative array for values to be
inserted");
  			goto cleanup;

Thread (1 message)

  • Yasuo Ohgaki
« previous php.cvs (#72833) next »