Bug #54674 [Com]: mysqlnd valid_sjis_(head|tail) is using invalid operator and range.

nihen at megabbs dot com Fri, 06 May 2011 05:11:35 -0700

Edit report at http://bugs.php.net/bug.php?id=54674&edit=1


 ID:                 54674
 Comment by:         nihen at megabbs dot com
 Reported by:        nihen at megabbs dot com
 Summary:            mysqlnd valid_sjis_(head|tail) is using invalid
                     operator and range.
 Status:             Open
 Type:               Bug
 Package:            PDO related
 Operating System:   All
 PHP Version:        5.3.6
 Block user comment: N
 Private report:     N

 New Comment:

Original report by Hiroshi Tokumaru.

http://www.tokumaru.org/d/20110322.html#p01

http://www.tokumaru.org/d/20110329.html#p01

(lang:japanese)


Previous Comments:
------------------------------------------------------------------------
[2011-05-06 11:54:38] nihen at megabbs dot com

Description:
------------
impacts to:

1. mysqli->real_escape_string

2. use PDO at PDO::ATTR_EMULATE_PREPARES = true



"real_escape_string" must not escape multi-byte character.

but escape it.



This bug is a SQL-injection may cause.

Test script:
---------------
<?php

$japanese_so = pack('H4', '835c');



$mysql = mysqli_connect('localhost', 'sandbox', 'sandbox');

$mysql->set_charset('sjis');

echo $mysql->real_escape_string($japanese_so) === $japanese_so ? 'ok' :
'ng';

echo "\n";



Expected result:
----------------
echo "ok\n"

Actual result:
--------------
echo "ng\n"


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=54674&edit=1

Bug #54674 [Com]: mysqlnd valid_sjis_(head|tail) is using invalid operator and range.

Reply via email to