Commit: cb8d1fc7f913085117da109f89a1e5a6cb535c09 Author: Yasuo Ohgaki <yohg...@php.net> Mon, 5 Aug 2013 18:24:07 +0900 Parents: e59143e8966c0b6aa07ca72b6ad27f64baad0a01 f718684a6c1d6221015031d1e72d3eb55ecbb659 Branches: PHP-5.5
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=cb8d1fc7f913085117da109f89a1e5a6cb535c09 Log: Merge branch 'PHP-5.4' into PHP-5.5 * PHP-5.4: Fixed bug #62978. pg_select()/etc may allow SQL injection when table name is user parameter, users are able to control table names. Bugs: https://bugs.php.net/62978 Changed paths: MM ext/pgsql/pgsql.c Diff: diff --cc ext/pgsql/pgsql.c index de8bfc8,ded4a62..103a3b8 --- a/ext/pgsql/pgsql.c +++ b/ext/pgsql/pgsql.c @@@ -6043,14 -6164,14 +6165,14 @@@ PHP_PGSQL_API int php_pgsql_insert(PGco } var_array = converted; } - + smart_str_appends(&querystr, "INSERT INTO "); - smart_str_appends(&querystr, table); + build_tablename(&querystr, pg_link, table); smart_str_appends(&querystr, " ("); - + zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(var_array), &pos); while ((key_type = zend_hash_get_current_key_ex(Z_ARRVAL_P(var_array), &fld, - &fld_len, &num_idx, 0, &pos)) != HASH_KEY_NON_EXISTANT) { + &fld_len, &num_idx, 0, &pos)) != HASH_KEY_NON_EXISTENT) { if (key_type == HASH_KEY_IS_LONG) { php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Expects associative array for values to be inserted"); goto cleanup; -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
