From 7ce88b2d8a9890dba987259c6bf5c5b8935ffee3 Mon Sep 17 00:00:00 2001 From: Yasuo Ohgaki Date: Sat, 15 Feb 2014 19:20:34 +0900 Subject: [PATCH 1/3] Update NEWS --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index c1026d0f01d..4277e806ca5 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,10 @@ PHP NEWS . Fixed bug #66501 (Add EC key support to php_openssl_is_private_key). (Mark Zedwood) +- Pgsql: + . Added warning for dangerous client encoding with pg_insert()/pg_update() + pg_delete()/pg_select(). (Yasuo) + ?? ??? 2014, PHP 5.4.25 - Core: From fbb1827da840bfeca4f0be87dacc52c7631c0dce Mon Sep 17 00:00:00 2001 From: Yasuo Ohgaki Date: Sat, 15 Feb 2014 19:21:54 +0900 Subject: [PATCH 2/3] Update NEWS --- NEWS | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/NEWS b/NEWS index f1a02eea17c..11f9431daf2 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,11 @@ PHP NEWS - PCRE: . Upgraded to PCRE 8.34. (Anatol) +- Pgsql: + . Added warning for dangerous client encoding with pg_insert()/pg_update() + pg_delete()/pg_select(). (Yasuo) + + 06 Feb 2014, PHP 5.5.9 - Core: From 9d84f6c06ec59e8fc23b715c08fba2eaf451868a Mon Sep 17 00:00:00 2001 From: Felipe Pena Date: Sat, 15 Feb 2014 11:04:49 -0200 Subject: [PATCH 3/3] - Fix ZTS build when HAVE_PQESCAPELITERAL is not set --- ext/pgsql/pgsql.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c index c4632aecbf6..270b7ba8f6d 100644 --- a/ext/pgsql/pgsql.c +++ b/ext/pgsql/pgsql.c @@ -804,6 +804,8 @@ static char* php_pgsql_PQescapeInternal(PGconn *conn, const char *str, size_t le !strncmp(encoding, "GBK", sizeof("GBK")-1) || !strncmp(encoding, "JOHAB", sizeof("JOHAB")-1) || !strncmp(encoding, "UHC", sizeof("UHC")-1) ) { + TSRMLS_FETCH(); + php_error_docref(NULL TSRMLS_CC, E_WARNING, "Unsafe encoding is used. Do not use '%s' encoding or use PostgreSQL 9.0 or later libpq.", encoding); } /* check backslashes */