archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-16 05:58:45 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Never quote values as raw binary data

Browse source 
This reverts a1a18fca6e which was intended to fix
bug #52885. That commit introduced a BC break which wasn't universally
desirable. The issue of quoting binary data (or NVARCHAR strings, or other
nonstandard types) will have to be addressed separately.
This commit is contained in:
Adam Baratz 2016-09-12 17:32:50 -04:00
parent 82fa85fd08
commit 2302eef5c9
2 changed files with 13 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

48
ext/pdo_dblib/dblib_driver.c
View file

@ -146,55 +146,29 @@ static zend_long dblib_handle_doer(pdo_dbh_t *dbh, const char *sql, size_t sql_l
static int dblib_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype) static int dblib_handle_quoter(pdo_dbh_t *dbh, const char *unquoted, size_t unquotedlen, char **quoted, size_t *quotedlen, enum pdo_param_type paramtype)
{ {
int useBinaryEncoding = 0;
const char * hex = "0123456789abcdef";
size_t i; size_t i;
char * q; char * q;
*quotedlen = 0; *quotedlen = 0;
/* /* Detect quoted length, adding extra char for doubled single quotes */
* Detect quoted length and if we should use binary encoding
*/
for(i=0;i<unquotedlen;i++) { for(i=0;i<unquotedlen;i++) {
if( 32 > unquoted[i] || 127 < unquoted[i] ) {
useBinaryEncoding = 1;
break;
}
if(unquoted[i] == '\'') ++*quotedlen; if(unquoted[i] == '\'') ++*quotedlen;
++*quotedlen; ++*quotedlen;
} }
if(useBinaryEncoding) { *quotedlen += 2; /* +2 for opening, closing quotes */
/* q = *quoted = emalloc(*quotedlen+1); /* Add byte for terminal null */
* Binary safe quoting *q++ = '\'';
* Will implicitly convert for all data types except Text, DateTime & SmallDateTime
*
*/
*quotedlen = (unquotedlen * 2) + 2; /* 2 chars per byte +2 for "0x" prefix */
q = *quoted = emalloc(*quotedlen+1); /* Add byte for terminal null */
*q++ = '0'; for (i=0;i<unquotedlen;i++) {
*q++ = 'x'; if (unquoted[i] == '\'') {
for (i=0;i<unquotedlen;i++) { *q++ = '\'';
*q++ = hex[ (*unquoted>>4)&0xF]; *q++ = '\'';
*q++ = hex[ (*unquoted++)&0xF]; } else {
*q++ = unquoted[i];
} }
} else {
/* Alpha/Numeric Quoting */
*quotedlen += 2; /* +2 for opening, closing quotes */
q = *quoted = emalloc(*quotedlen+1); /* Add byte for terminal null */
*q++ = '\'';
for (i=0;i<unquotedlen;i++) {
if (unquoted[i] == '\'') {
*q++ = '\'';
*q++ = '\'';
} else {
*q++ = unquoted[i];
}
}
*q++ = '\'';
} }
*q++ = '\'';
*q = 0; *q = 0;

2
ext/pdo_dblib/tests/pdo_dblib_quote.phpt
View file

@ -14,6 +14,7 @@ var_dump($db->quote(42, PDO::PARAM_INT));
var_dump($db->quote(null, PDO::PARAM_NULL)); var_dump($db->quote(null, PDO::PARAM_NULL));
var_dump($db->quote('\'', PDO::PARAM_STR)); var_dump($db->quote('\'', PDO::PARAM_STR));
var_dump($db->quote('foo', PDO::PARAM_STR)); var_dump($db->quote('foo', PDO::PARAM_STR));
var_dump($db->quote('über', PDO::PARAM_STR));
?> ?>
--EXPECT-- --EXPECT--
string(3) "'1'" string(3) "'1'"
@ -22,3 +23,4 @@ string(4) "'42'"
string(2) "''" string(2) "''"
string(4) "''''" string(4) "''''"
string(5) "'foo'" string(5) "'foo'"
string(7) "'über'"