This adds error checks for escape function is pgsql and pdo_pgsql
extensions. It prevents possibility of storing not properly escaped
data which could potentially lead to some security issues.
Make Pdo\PgSql accept Pdo::setAttribute(PDO::ATTR_PREFETCH, 0) to enter libpq's single row mode.
This avoids storing the whole result set in memory before being able to call the first fetch().
close GH-15750
PQclosePrepared allows the statement's name to be reused thus allowing
cache solutions to work properly ; whereas, for now, the `DEALLOCATE
<statement>` query is used which free entirely the statement's resources.
close GH-13316
A common convention is to name internal C header files as `*_int.h`.
Since a couple of these are actually installed, we add comments that
this is not supposed to happen, (a) to avoid installing further
internal headers, and (b) to pave the way to fix this in the next major
PHP version.
Somewhat special is php_gmp_int.h, where "int" is meant as abbreviation
for "interface".
Another common convention is appending `_priv` or `_private`, but since
there have not been any issues regarding these headers so far, we
refrain from adding respective comments to these headers.
Anyhow, it might be a good idea to introduce some common naming
convention for such internal/private headers.
This is, as the name and a comment in the header imply, an internal
header which is not supposed to be used by extensions other than PDO
(not even by drivers).
Since there is apparently no need to include this header in the parsers
of the drivers, we remove these includes, and no longer declare the
header to be installed. Given that the header is only exported for a
couple of weeks[1], this is not considered to be a BC break, because
it's unlikely that external drivers have already been adjusted to use
this header, and otherwise they can still be fixed; PHP 8.4 is still in
the pre-release stage.
[1] <https://github.com/php/php-src/pull/14797>
Closes GH-15688.
Currently, internal classes are registered with the following code:
INIT_CLASS_ENTRY(ce, "InternalClass", class_InternalClass_methods);
class_entry = zend_register_internal_class_ex(&ce, NULL);
class_entry->ce_flags |= ...;
This has worked well so far, except if InternalClass is readonly. It is because some inheritance checks are run by zend_register_internal_class_ex before ZEND_ACC_READONLY_CLASS is added to ce_flags.
The issue is fixed by adding a zend_register_internal_class_with_flags() zend API function that stubs can use from now on. This function makes sure to add the flags before running any checks. Since the new API is not available in lower PHP versions, gen_stub.php has to keep support for the existing API for PHP 8.3 and below.
Follow-up of GH-15344 (687eb9125a)
This removes the customized error messages in PDO extensions when PDO is
not enabled (--disable-all or --disable-pdo) in favor of the default
error done by PHP_ADD_EXTENSION_DEP.
* Include from build dir first
This fixes out of tree builds by ensuring that configure artifacts are included
from the build dir.
Before, out of tree builds would preferably include files from the src dir, as
the include path was defined as follows (ignoring includes from ext/ and sapi/) :
-I$(top_builddir)/main
-I$(top_srcdir)
-I$(top_builddir)/TSRM
-I$(top_builddir)/Zend
-I$(top_srcdir)/main
-I$(top_srcdir)/Zend
-I$(top_srcdir)/TSRM
-I$(top_builddir)/
As a result, an out of tree build would include configure artifacts such as
`main/php_config.h` from the src dir.
After this change, the include path is defined as follows:
-I$(top_builddir)/main
-I$(top_builddir)
-I$(top_srcdir)/main
-I$(top_srcdir)
-I$(top_builddir)/TSRM
-I$(top_builddir)/Zend
-I$(top_srcdir)/Zend
-I$(top_srcdir)/TSRM
* Fix extension include path for out of tree builds
* Include config.h with the brackets form
`#include "config.h"` searches in the directory containing the including-file
before any other include path. This can include the wrong config.h when building
out of tree and a config.h exists in the source tree.
Using `#include <config.h>` uses exclusively the include path, and gives
priority to the build dir.
This bumps the libpq client-side PostgreSQL library minimum required
version from 9.1 to 10.0.
- Sanity check: PQlibVersion -> PQencryptPasswordConn (available since
libpq 10.0)
- PQsetErrorContextVisibility (available since libpq 9.6)
- lo_truncate64 (available since libpq 9.3), if 32-bit system doesn't
support lo_*64 functions, error is returned and functions are always
available
Additionally, the conditional functions usages in pdo_pgsql and pgsql
extensions that got piled up are cleaned and synced:
- pg_prepare (PQprepare available since libpq 7.4)
- pg_query_params (PQexecParams available since libpq 7.4)
- pg_result_error_field (PQresultErrorField available since libpq 7.4)
- pg_send_prepare (PQsendPrepare available since libpq 7.4)
- pg_send_query_params (PQsendQueryParams available since libpq 7.4)
- pg_set_error_verbosity (PQsetErrorVerbosity available since libpq 7.4)
- pg_transaction_status (PQtransactionStatus available since libpq 7.4)
The Windows libpq version is currently at version 11.4:
https://github.com/winlibs/postgresql
Discussion: https://news-web.php.net/php.internals/123609
Follow-up of GH-14540
The --no-generation-date flag is a common re2c flag used in all re2c
invocations. This adds the 2nd optional argument to PHP_PROG_RE2C M4
macro in BC manner to set the default re2c command-line options and sets
the default RE2C_FLAGS similarly on Windows.
The pkg-config (libpq.pc file) was added in PostgreSQL 9.3. This adds a
common setup M4 macro PHP_SETUP_PGSQL to find client PostgreSQL library
libpq on the system with pkg-config. If not found, check falls back to
pg_config to find the libpq and its headers in common locations as
before.
The PGSQL_CFLAGS and PGSQL_LIBS environment variables can override the
libpq installation paths:
./configure --with-pgsql --with-pdo-pgsql \
PGSQL_CFLAGS=-I/path/to/libpq \
PGSQL_LIBS="-L/path/to/libpq -lpq"
Passing manual, non-standard PostgreSQL installation path can be done
with configure option arguments:
./configure \
--with-pgsql=/any/path/to/postgresql \
--with-pdo-postgresql=/any/path/to/postgresql
If this DIR argument (PostgreSQL installation directory or path to the
pg_config) is passed, it takes precedence over the pkg-config, when
installed on the system.
This also removes the unused HAVE_LIBPQ symbol and passing the
PGSQL_INCLUDE and PGSQL_LIBDIR environment variable to configure in
favor of PGSQL_CFLAGS and PGSQL_LIBS.
Instead of the obsolete backticks the recommended $(...) is used when
invoking the pg_config.
Follow-up of GH-4235 (Use PKG_CHECK_MODULES to detect the pq library)
Allow "??" in dollar quoted strings for backwards compatibility,
as it was a viable workaround to insert question marks without them
being parsed as placeholders.
Add a deprecation notice to tell that the escape is no longer
necessary within dollar quotes and that its usage is deprecated.
Ref bug #14244
This moves the new method from magically being added to the PDO class from the driver to just be available on the dedicated subclass.
Drive-by fixes to NEWS and UPGRADING
PDO include paths can be simplified and synced as done in other
extensions: either the project root directory or the phpincludedir (for
the system installation). The 'ext' include is automatically appended
when doing phpize build. In php-src it is only present on Windows build.
The PHP_CHECK_PDO_INCLUDES is left intact working as before and checks
if PDO headers are found.
Allows a callback to be triggered on every notice sent by PostgreSQL.
Such notices can be sent with a RAISE NOTICE in PL/pgSQL; in a long running
stored procedure, they prove useful as realtime checkpoint indicators.
close GH-6764
