Merge branch 'PHP-5.4' into PHP-5.5

* PHP-5.4:
  Fixed bug #62978. pg_select()/etc may allow SQL injection when table name is user parameter, users are able to control table names.

diff --cc ext/pgsql/pgsql.c
index de8bfc880d1e9a39c6a2ebd8d1f6fa452827495c,ded4a62c584d1653d753ee35bbcad51532922f2a..103a3b87ca9fbcc6c1c7c5944f0c4b5a1bdd421e
--- 1/ext/pgsql/pgsql.c
--- 2/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@@ -6043,14 -6164,14 +6165,14 @@@ PHP_PGSQL_API int php_pgsql_insert(PGco
                }
                var_array = converted;
        }
-       
+ 
        smart_str_appends(&querystr, "INSERT INTO ");
-       smart_str_appends(&querystr, table);
+       build_tablename(&querystr, pg_link, table);
        smart_str_appends(&querystr, " (");
-       
+ 
        zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(var_array), &pos);
        while ((key_type = zend_hash_get_current_key_ex(Z_ARRVAL_P(var_array), &fld,
 -                                      &fld_len, &num_idx, 0, &pos)) != HASH_KEY_NON_EXISTANT) {
 +                                      &fld_len, &num_idx, 0, &pos)) != HASH_KEY_NON_EXISTENT) {
                if (key_type == HASH_KEY_IS_LONG) {
                        php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Expects associative array for values to be inserted");
                        goto cleanup;