From ff3e8250834b2118ba259e2791fffffdb855c315 Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Tue, 6 Mar 2007 00:52:55 +0000 Subject: [PATCH] Fixed bug #40417 (Allow multiple instances of the same named PDO token in prepared statement emulation code). --- NEWS | 2 ++ ext/pdo/pdo_sql_parser.c | 18 +++++++++++++++--- ext/pdo/pdo_sql_parser.re | 16 ++++++++++++++-- 3 files changed, 31 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index 1d64a2ae0a9..d3cfa471dab 100644 --- a/NEWS +++ b/NEWS @@ -52,6 +52,8 @@ PHP NEWS - Fixed bug #40451 (addAttribute() may crash when used with non-existent child node). (Tony) - Fixed bug #40428 (imagepstext() doesn't accept optional parameter). (Pierre) +- Fixed bug #40417 (Allow multiple instances of the same named PDO token in + prepared statement emulation code). (Ilia) - Fixed bug #40414 (possible endless fork() loop when running fastcgi). (Dmitry) - Fixed bug #40410 (ext/posix does not compile on MacOS 10.3.9). (Tony) diff --git a/ext/pdo/pdo_sql_parser.c b/ext/pdo/pdo_sql_parser.c index c2b508cd974..2a8066a0da3 100644 --- a/ext/pdo/pdo_sql_parser.c +++ b/ext/pdo/pdo_sql_parser.c @@ -1,4 +1,4 @@ -/* Generated by re2c 0.11.0 on Thu Feb 1 19:01:11 2007 */ +/* Generated by re2c 0.11.0 on Mon Mar 5 19:42:28 2007 */ #line 1 "ext/pdo/pdo_sql_parser.re" /* +----------------------------------------------------------------------+ @@ -280,13 +280,25 @@ PDO_API int pdo_parse_params(pdo_stmt_t *stmt, char *inquery, int inquery_len, } if (params && bindno != zend_hash_num_elements(params) && stmt->supports_placeholders == PDO_PLACEHOLDER_NONE) { + /* extra bit of validation for instances when same params are bound more then once */ + if (query_type != PDO_PLACEHOLDER_POSITIONAL && bindno > zend_hash_num_elements(params)) { + int ok = 1; + for (plc = placeholders; plc; plc = plc->next) { + if (zend_hash_find(params, plc->pos, plc->len, (void**) ¶m) == FAILURE) { + ok = 0; + break; + } + } + if (ok) { + goto safe; + } + } pdo_raise_impl_error(stmt->dbh, stmt, "HY093", "number of bound variables does not match number of tokens" TSRMLS_CC); ret = -1; goto clean_up; } - +safe: /* what are we going to do ? */ - if (stmt->supports_placeholders == PDO_PLACEHOLDER_NONE) { /* query generation */ diff --git a/ext/pdo/pdo_sql_parser.re b/ext/pdo/pdo_sql_parser.re index 59fd5145cf4..2c393edc610 100644 --- a/ext/pdo/pdo_sql_parser.re +++ b/ext/pdo/pdo_sql_parser.re @@ -155,13 +155,25 @@ PDO_API int pdo_parse_params(pdo_stmt_t *stmt, char *inquery, int inquery_len, } if (params && bindno != zend_hash_num_elements(params) && stmt->supports_placeholders == PDO_PLACEHOLDER_NONE) { + /* extra bit of validation for instances when same params are bound more then once */ + if (query_type != PDO_PLACEHOLDER_POSITIONAL && bindno > zend_hash_num_elements(params)) { + int ok = 1; + for (plc = placeholders; plc; plc = plc->next) { + if (zend_hash_find(params, plc->pos, plc->len, (void**) ¶m) == FAILURE) { + ok = 0; + break; + } + } + if (ok) { + goto safe; + } + } pdo_raise_impl_error(stmt->dbh, stmt, "HY093", "number of bound variables does not match number of tokens" TSRMLS_CC); ret = -1; goto clean_up; } - +safe: /* what are we going to do ? */ - if (stmt->supports_placeholders == PDO_PLACEHOLDER_NONE) { /* query generation */