archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-17 06:28:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
132452 commits 526 branches 1434 tags 868 MiB
Commit graph

807 commits

Author SHA1 Message Date
Jakub Zelenka
a2cdff5583
Fix GHSA-hrwm-9436-5mv3: pgsql escaping no error checks 
This adds error checks for escape function is pgsql and pdo_pgsql
extensions. It prevents possibility of storing not properly escaped
data which could potentially lead to some security issues.
 2025-07-01 19:46:48 +03:00
Jakub Zelenka
330b26e04c
Revert "Fix GH-13519: PGSQL_CONNECT_FORCE_RENEW with persistent connections." 
This reverts commit b9a9790be0.
 2024-02-27 23:03:28 +00:00
David Carlier
b9a9790be0 Fix GH-13519: PGSQL_CONNECT_FORCE_RENEW with persistent connections. 
persistent connections did not take in account this flag, after the
usual link sanity checks, we remove its entry.

Close GH-13519
 2024-02-27 00:30:48 +00:00
George Barbarosie
452e008f4f Fix GH-13354: ext/pgsql: pg_execute, pg_send_query_params and_send_execute null value by reference. 
For these, when passing null values by refence, queries return erroneous values unlike
pg_query_params behaving as expected.

close GH-13355.
 2024-02-08 22:42:04 +00:00
Niels Dossche
77ac1e8592 Fix GH-12974: Apache crashes on shutdown when using pg_pconnect() 
On ZTS, the global variables are stored in dynamically allocated memory.
When the module gets shut down this memory is released. After the module
is shut down, only then are the persistent resources cleared. Normally
this isn't an issue, but pgsql and odbc refer to the globals to modify
some counters, after the globals have been freed.
Fix this by guarding the modification.

Closes GH-13032.
 2023-12-27 20:14:23 +01:00
David Carlier
d98a45d08c ext/pgsql: pgsql.allow_persistent, no need to use such large type for boolean state. 
also ext/odbc, simplifying odd comparison with non persistent connections.

Close GH-12976
 2023-12-23 17:14:48 +00:00
David Carlier
b12c85293d Merge branch 'PHP-8.1' into PHP-8.2 2023-11-27 18:19:02 +00:00
ddv
3f57bd80f6 Fix phpGH-12763: PGSQL pg_untrace(): Argument #1 ($connection) must be of type resource or null, PgSql\Connection given. 2023-11-27 18:18:46 +00:00
David Carlier
bc45b34b30 Merge branch 'PHP-8.1' into PHP-8.2 2023-06-18 13:45:30 +01:00
David CARLIER
f194cdf852 ext/pgsql: fix PGtrace invalid free issue. 
disable trace when closing the connection, is a no op if there is no stream
attached to it.

Close GH-11403
 2023-06-18 13:44:39 +01:00
Máté Kocsis
a2d90aaef2
Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Fix ZPP of pg_lo_export()
 2023-04-27 18:51:19 +02:00
Máté Kocsis
f0149c5c0b
Fix ZPP of pg_lo_export() 
Closes GH-11132
 2023-04-27 18:50:09 +02:00
David Carlier
892f833807 Merge branch 'PHP-8.1' into PHP-8.2 2023-03-18 07:10:06 +00:00
David CARLIER
5adeed3051 ext/psql: pg_meta_data, extended mode, fix typo for pseudo typtype. 
Closes GH-10865.
 2023-03-18 07:09:13 +00:00
George Peter Banyard
512abc23a4
Merge branch 'PHP-8.1' into PHP-8.2 
* PHP-8.1:
  Fixed bug GH-10270 Unable to return CURL_READFUNC_PAUSE in readfunc callback
  Fix GH-10672 (pg_lo_open segfaults in the strict_types mode)
 2023-02-24 14:33:28 +00:00
George Peter Banyard
5f357f341d
Fix GH-10672 (pg_lo_open segfaults in the strict_types mode) 
We need to use the proper ZPP qualifier for zend_string

Closes GH-10677
 2023-02-24 14:31:23 +00:00
Bob Weinand
a01dd9feda Revert "Port all internally used classes to use default_object_handlers" 
This reverts commit 94ee4f9834.

The commit was a bit too late to be included in PHP 8.2 RC1. Given it's a massive ABI break, we decide to postpone the change to PHP 8.3.
 2022-09-14 11:13:23 +02:00
Bob Weinand
94ee4f9834 Port all internally used classes to use default_object_handlers 
Signed-off-by: Bob Weinand <bobwei9@hotmail.com>
 2022-08-31 16:45:27 +02:00
Máté Kocsis
eae893bd3e
Declare ext/pgsql constants in stubs (#9092) 2022-07-27 07:32:40 +02:00
Stanislav Malyshev
70d03423c7 Merge branch 'PHP-8.1' 2022-06-06 01:11:49 -06:00
Stanislav Malyshev
98e1291b7e Merge branch 'PHP-8.0' into PHP-8.1 2022-06-06 01:11:44 -06:00
Stanislav Malyshev
e864cb61a7 Merge branch 'PHP-7.4' into PHP-8.0 2022-06-06 01:11:13 -06:00
Christoph M. Becker
55f6895f4b Fix #81720: Uninitialized array in pg_query_params() leading to RCE 
We must not free parameters which we haven't initialized yet.

We also fix the not directly related issue, that we checked for the
wrong value being `NULL`, potentially causing a segfault.
 2022-06-06 00:34:23 -06:00
Christoph M. Becker
c9c5ee3f48
Merge branch 'PHP-8.1' 
* PHP-8.1:
  Fix GH-8253: pg_insert() fails for references
 2022-03-29 10:54:32 +02:00
Christoph M. Becker
7e8dcda42c
Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Fix GH-8253: pg_insert() fails for references
 2022-03-29 10:53:56 +02:00
Christoph M. Becker
0e6d6f83cc
Fix GH-8253: pg_insert() fails for references 
We need to deref the values.

Closes GH-8262.
 2022-03-29 10:51:19 +02:00
Christoph M. Becker
072b09fd35
Merge branch 'PHP-8.1' 
* PHP-8.1:
  Fix result_type related stack corruption on LLP64 architectures
 2022-03-28 18:30:05 +02:00
Christoph M. Becker
5f20f9f72d
Merge branch 'PHP-8.0' into PHP-8.1 
* PHP-8.0:
  Fix result_type related stack corruption on LLP64 architectures
 2022-03-28 18:29:38 +02:00
Christoph M. Becker
5a8622fe78
Fix result_type related stack corruption on LLP64 architectures 
Integer parameters are stored in `zend_long` values, which have 64 bits
on LLP64, but `long` has only 32 bits there.

Adding a test might be overkill, because the broken behavior could
already be observed when running pg_select_001.phpt on Windows debug
builds, which report the stack corruption.

Closes GH-8263.
 2022-03-28 18:27:44 +02:00
Máté Kocsis
b245d84ac2
Make it clear that pg_last_notice cannot return false (#7564) 2021-10-07 10:07:48 +02:00
Matteo Beccati
958daa6529 Fix #81509 pg_end_copy still expects a resource 2021-10-05 18:13:50 +02:00
Joe Watkins
570d9b63e9
Not serializable flag permeation 2021-07-20 12:28:35 +02:00
George Peter Banyard
1f42777927 Deprecate using the implicit default PgSQL connection 
The DB connection should be provided in all cases as the first argument.
The overloaded function signatures will be removed in the future.
Warn about this change.

Part of https://wiki.php.net/rfc/deprecations_php_8_1.
 2021-07-09 23:12:37 +02:00
Patrick Allaert
aff365871a Fixed some spaces used instead of tabs 2021-06-29 11:30:26 +02:00
Máté Kocsis
32aff25ceb
Convert resources to objects in ext/pgsql 
Closes GH-6791

Co-authored-by: Nikita Popov <nikita.ppv@gmail.com>
 2021-05-11 00:09:30 +02:00
KsaR
01b3fc03c3
Update http->https in license (#6945) 
1. Update: http://www.php.net/license/3_01.txt to https, as there is anyway server header "Location:" to https.
2. Update few license 3.0 to 3.01 as 3.0 states "php 5.1.1, 4.1.1, and earlier".
3. In some license comments is "at through the world-wide-web" while most is without "at", so deleted.
4. fixed indentation in some files before |
 2021-05-06 12:16:35 +02:00
Nikita Popov
ba337577a8 Use zend_string for pgsql_trim_message 2021-04-26 16:45:38 +02:00
Nikita Popov
f26047fc9b Don't store resolved pgsql field/table oids as resources 
Store these in hash tables indexed by oid. This is simpler and
more efficient, as we don't need to create resources or hash keys.
 2021-04-26 15:24:07 +02:00
Nikita Popov
8a283f7b87 Store pgsql le_string as zend_string 2021-04-26 15:01:44 +02:00
Christoph M. Becker
950bb84c7e
Merge branch 'PHP-8.0' 
* PHP-8.0:
  Fix php_pgsql_fd_cast() wrt. php_stream_can_cast()
 2021-04-20 18:32:05 +02:00
Christoph M. Becker
3c6480552d
Merge branch 'PHP-7.4' into PHP-8.0 
* PHP-7.4:
  Fix php_pgsql_fd_cast() wrt. php_stream_can_cast()
 2021-04-20 18:30:25 +02:00
Christoph M. Becker
1fcea24efb
Fix php_pgsql_fd_cast() wrt. php_stream_can_cast() 
`php_stream_can_cast()` forwards to `_php_stream_cast()` with `ret` set
to `NULL`.  `php_pgsql_fd_cast()` needs to cater to that, because
otherwise the stream would report that it is not castable.

This *might* fix https://bugs.php.net/73903.

Closes GH-6888.
 2021-04-20 18:29:12 +02:00
George Peter Banyard
612609e1bd
Refactor PGSQL extension to use zend_string* 
* Prevents some unnecessary strlen() computation
 * Use interned "NULL"
 * Certain PGSQL_API functions now accept zend_string* instead of char*

Closes GH-6792
 2021-04-19 20:33:40 +01:00
George Peter Banyard
0ffb4a5c9d
Boolify do_exec() 2021-04-19 20:33:05 +01:00
George Peter Banyard
fabcfd6d81
Formalize return type to zend_result for PGSQL_API functions 2021-04-19 20:33:05 +01:00
George Peter Banyard
6eb23e2b83
ValueError if lengths is less than 0 2021-04-19 20:27:34 +01:00
George Peter Banyard
13693aaf7e
Use ZEND_ASSERT() instead of plain assert() 2021-04-19 20:27:34 +01:00
George Peter Banyard
6569aedee3
Use ZEND_NUM_ARGS() explicitly 2021-04-19 20:27:34 +01:00
George Peter Banyard
a5fb43f2b1
Boolify _php_pgsql_link_has_results() 2021-04-19 20:27:34 +01:00
George Peter Banyard
8ae9922348
Boolify _php_pgsql_detect_identifier_escape() and rename it 
New name is  _php_pgsql_identifier_is_escaped()
 2021-04-19 20:27:34 +01:00