From 5fe5da90ea7bb3c5f88a9a077f09b18b681371aa Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Sat, 9 Jul 2005 02:53:07 +0000 Subject: [PATCH] Safer way of allowing 'blank' user/pass. # Thanks Wez. --- ext/pdo/pdo_dbh.c | 8 ++++---- ext/pdo/tests/pdo_test.inc | 3 +++ 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c index 12d2a07394..336d620e70 100755 --- a/ext/pdo/pdo_dbh.c +++ b/ext/pdo/pdo_dbh.c @@ -220,7 +220,7 @@ static PHP_FUNCTION(dbh_constructor) char alt_dsn[512]; int call_factory = 1; - if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|ssa!", &data_source, &data_source_len, + if (FAILURE == zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|s!s!a!", &data_source, &data_source_len, &username, &usernamelen, &password, &passwordlen, &options)) { ZVAL_NULL(object); return; @@ -357,12 +357,12 @@ static PHP_FUNCTION(dbh_constructor) dbh->data_source_len = strlen(colon + 1); dbh->data_source = (const char*)pestrdup(colon + 1, is_persistent); - dbh->username = usernamelen ? pestrdup(username, is_persistent) : NULL; - dbh->password = passwordlen ? pestrdup(password, is_persistent) : NULL; + dbh->username = username ? pestrdup(username, is_persistent) : NULL; + dbh->password = password ? pestrdup(password, is_persistent) : NULL; dbh->auto_commit = pdo_attr_lval(options, PDO_ATTR_AUTOCOMMIT, 1 TSRMLS_CC); - if (!dbh->data_source || (usernamelen && !dbh->username) || (passwordlen && !dbh->password)) { + if (!dbh->data_source || (username && !dbh->username) || (password && !dbh->password)) { php_error_docref(NULL TSRMLS_CC, E_ERROR, "out of memory"); } diff --git a/ext/pdo/tests/pdo_test.inc b/ext/pdo/tests/pdo_test.inc index e941dc35ce..13ab1c1d5f 100644 --- a/ext/pdo/tests/pdo_test.inc +++ b/ext/pdo/tests/pdo_test.inc @@ -14,6 +14,9 @@ class PDOTest { } else { $attr = null; } + + if ($user === false) $user = NULL; + if ($pass === false) $pass = NULL; $db = new $classname($dsn, $user, $pass, $attr); -- 2.40.0