Fixed bug #40417 (Allow multiple instances of the same named PDO token in

prepared statement emulation code).

diff --git a/NEWS b/NEWS
index 1d64a2ae0a96297a475e59f7682c01b00ba74229..d3cfa471dab8813c911d88625fdee4ec8b1223e2 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -52,6 +52,8 @@ PHP                                                                        NEWS
 - Fixed bug #40451 (addAttribute() may crash when used with non-existent child 
   node). (Tony)
 - Fixed bug #40428 (imagepstext() doesn't accept optional parameter). (Pierre)
+- Fixed bug #40417 (Allow multiple instances of the same named PDO token in
+  prepared statement emulation code). (Ilia)
 - Fixed bug #40414 (possible endless fork() loop when running fastcgi).
   (Dmitry)
 - Fixed bug #40410 (ext/posix does not compile on MacOS 10.3.9). (Tony)

diff --git a/ext/pdo/pdo_sql_parser.c b/ext/pdo/pdo_sql_parser.c
index c2b508cd9748bdf4a91beb678cb722bc787b378b..2a8066a0da3edc7f2617540d544002ef67b426b4 100644 (file)
--- a/ext/pdo/pdo_sql_parser.c
+++ b/ext/pdo/pdo_sql_parser.c
@@ -1,4 +1,4 @@
-/* Generated by re2c 0.11.0 on Thu Feb  1 19:01:11 2007 */
+/* Generated by re2c 0.11.0 on Mon Mar  5 19:42:28 2007 */
 #line 1 "ext/pdo/pdo_sql_parser.re"
 /*
   +----------------------------------------------------------------------+
@@ -280,13 +280,25 @@ PDO_API int pdo_parse_params(pdo_stmt_t *stmt, char *inquery, int inquery_len,
        }
 
        if (params && bindno != zend_hash_num_elements(params) && stmt->supports_placeholders == PDO_PLACEHOLDER_NONE) {
+               /* extra bit of validation for instances when same params are bound more then once */
+               if (query_type != PDO_PLACEHOLDER_POSITIONAL && bindno > zend_hash_num_elements(params)) {
+                       int ok = 1;
+                       for (plc = placeholders; plc; plc = plc->next) {
+                               if (zend_hash_find(params, plc->pos, plc->len, (void**) &param) == FAILURE) {
+                                       ok = 0;
+                                       break;
+                               }
+                       }
+                       if (ok) {
+                               goto safe;
+                       }
+               }
                pdo_raise_impl_error(stmt->dbh, stmt, "HY093", "number of bound variables does not match number of tokens" TSRMLS_CC);
                ret = -1;
                goto clean_up;
        }
-
+safe:
        /* what are we going to do ? */
-       
        if (stmt->supports_placeholders == PDO_PLACEHOLDER_NONE) {
                /* query generation */
 

diff --git a/ext/pdo/pdo_sql_parser.re b/ext/pdo/pdo_sql_parser.re
index 59fd5145cf49c48c06986a7fd353cc402463894c..2c393edc610aa570b38bb5c7027257b0efdb3ff4 100644 (file)
--- a/ext/pdo/pdo_sql_parser.re
+++ b/ext/pdo/pdo_sql_parser.re
@@ -155,13 +155,25 @@ PDO_API int pdo_parse_params(pdo_stmt_t *stmt, char *inquery, int inquery_len,
        }
 
        if (params && bindno != zend_hash_num_elements(params) && stmt->supports_placeholders == PDO_PLACEHOLDER_NONE) {
+               /* extra bit of validation for instances when same params are bound more then once */
+               if (query_type != PDO_PLACEHOLDER_POSITIONAL && bindno > zend_hash_num_elements(params)) {
+                       int ok = 1;
+                       for (plc = placeholders; plc; plc = plc->next) {
+                               if (zend_hash_find(params, plc->pos, plc->len, (void**) &param) == FAILURE) {
+                                       ok = 0;
+                                       break;
+                               }
+                       }
+                       if (ok) {
+                               goto safe;
+                       }
+               }
                pdo_raise_impl_error(stmt->dbh, stmt, "HY093", "number of bound variables does not match number of tokens" TSRMLS_CC);
                ret = -1;
                goto clean_up;
        }
-
+safe:
        /* what are we going to do ? */
-       
        if (stmt->supports_placeholders == PDO_PLACEHOLDER_NONE) {
                /* query generation */