From: Matteo Beccati Date: Thu, 11 Jun 2015 22:27:31 +0000 (+0200) Subject: Merge branch 'PHP-5.6' X-Git-Tag: php-7.0.0alpha2~2^2~163 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cd5b7e968801ad2df0576cdc3273d2847590ad30;p=php Merge branch 'PHP-5.6' * PHP-5.6: Fix bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote) Fixed bug #61574 - No MSI Conflicts: ext/pdo_pgsql/pgsql_driver.c win32/install.txt --- cd5b7e968801ad2df0576cdc3273d2847590ad30 diff --cc ext/pdo_pgsql/pgsql_driver.c index 0a7ce6368d,2b05043253..f913eb7c31 --- a/ext/pdo_pgsql/pgsql_driver.c +++ b/ext/pdo_pgsql/pgsql_driver.c @@@ -62,7 -63,18 +63,18 @@@ static char * _pdo_pgsql_trim_message(c return tmp; } -static char * _pdo_pgsql_escape_credentials(char *str TSRMLS_DC) ++static zend_string* _pdo_pgsql_escape_credentials(char *str) + { - int len; - + if (str) { - return php_addcslashes(str, strlen(str), &len, 0, "\\'", sizeof("\\'") TSRMLS_CC); ++ zend_string *tmp = zend_string_init(str, strlen(str), 0); ++ ++ return php_addcslashes(tmp, 1, "\\'", sizeof("\\'")); + } + + return NULL; + } + -int _pdo_pgsql_error(pdo_dbh_t *dbh, pdo_stmt_t *stmt, int errcode, const char *sqlstate, const char *msg, const char *file, int line TSRMLS_DC) /* {{{ */ +int _pdo_pgsql_error(pdo_dbh_t *dbh, pdo_stmt_t *stmt, int errcode, const char *sqlstate, const char *msg, const char *file, int line) /* {{{ */ { pdo_pgsql_db_handle *H = (pdo_pgsql_db_handle *)dbh->driver_data; pdo_error_type *pdo_err = stmt ? &stmt->error_code : &dbh->error_code; @@@ -1179,8 -1190,8 +1191,8 @@@ static int pdo_pgsql_handle_factory(pdo pdo_pgsql_db_handle *H; int ret = 0; char *conn_str, *p, *e; - char *tmp_pass; - char *tmp_user, *tmp_pass; - long connect_timeout = 30; ++ zend_string *tmp_user, *tmp_pass; + zend_long connect_timeout = 30; H = pecalloc(1, sizeof(pdo_pgsql_db_handle), dbh->is_persistent); dbh->driver_data = H; @@@ -1198,46 -1209,31 +1210,31 @@@ } if (driver_options) { - connect_timeout = pdo_attr_lval(driver_options, PDO_ATTR_TIMEOUT, 30 TSRMLS_CC); + connect_timeout = pdo_attr_lval(driver_options, PDO_ATTR_TIMEOUT, 30); } - if (dbh->password) { - if (dbh->password[0] != '\'' && dbh->password[strlen(dbh->password) - 1] != '\'') { - char *pwd = dbh->password; - int pos = 1; - - tmp_pass = safe_emalloc(2, strlen(dbh->password), 3); - tmp_pass[0] = '\''; - - while (*pwd != '\0') { - if (*pwd == '\\' || *pwd == '\'') { - tmp_pass[pos++] = '\\'; - } - - tmp_pass[pos++] = *pwd++; - } - - tmp_pass[pos++] = '\''; - tmp_pass[pos] = '\0'; - } else { - tmp_pass = dbh->password; - } - } + /* escape username and password, if provided */ - tmp_user = _pdo_pgsql_escape_credentials(dbh->username TSRMLS_CC); - tmp_pass = _pdo_pgsql_escape_credentials(dbh->password TSRMLS_CC); ++ tmp_user = _pdo_pgsql_escape_credentials(dbh->username); ++ tmp_pass = _pdo_pgsql_escape_credentials(dbh->password); /* support both full connection string & connection string + login and/or password */ - if (dbh->username && dbh->password) { - spprintf(&conn_str, 0, "%s user=%s password=%s connect_timeout=%pd", dbh->data_source, dbh->username, tmp_pass, connect_timeout); - } else if (dbh->username) { - spprintf(&conn_str, 0, "%s user=%s connect_timeout=%pd", dbh->data_source, dbh->username, connect_timeout); - } else if (dbh->password) { - spprintf(&conn_str, 0, "%s password=%s connect_timeout=%pd", dbh->data_source, tmp_pass, connect_timeout); + if (tmp_user && tmp_pass) { - spprintf(&conn_str, 0, "%s user='%s' password='%s' connect_timeout=%ld", dbh->data_source, tmp_user, tmp_pass, connect_timeout); ++ spprintf(&conn_str, 0, "%s user='%s' password='%s' connect_timeout=%pd", (char *) dbh->data_source, tmp_user->val, tmp_pass->val, connect_timeout); + } else if (tmp_user) { - spprintf(&conn_str, 0, "%s user='%s' connect_timeout=%ld", dbh->data_source, tmp_user, connect_timeout); ++ spprintf(&conn_str, 0, "%s user='%s' connect_timeout=%pd", (char *) dbh->data_source, tmp_user->val, connect_timeout); + } else if (tmp_pass) { - spprintf(&conn_str, 0, "%s password='%s' connect_timeout=%ld", dbh->data_source, tmp_pass, connect_timeout); ++ spprintf(&conn_str, 0, "%s password='%s' connect_timeout=%pd", (char *) dbh->data_source, tmp_pass->val, connect_timeout); } else { - spprintf(&conn_str, 0, "%s connect_timeout=%ld", (char *) dbh->data_source, connect_timeout); + spprintf(&conn_str, 0, "%s connect_timeout=%pd", (char *) dbh->data_source, connect_timeout); } H->server = PQconnectdb(conn_str); - if (dbh->password && tmp_pass != dbh->password) { - efree(tmp_pass); + + if (tmp_user) { - efree(tmp_user); ++ zend_string_release(tmp_user); + } + if (tmp_pass) { - efree(tmp_pass); ++ zend_string_release(tmp_pass); } efree(conn_str);