tony2001 Mon Oct 10 08:59:47 2005 EDT
Modified files:
/php-src/ext/mysqli mysqli_api.c mysqli_nonapi.c mysqli_warning.c
php_mysqli.h
/php-src/ext/mysqli/tests bug34810.phpt
Log:
MF51: fix #34810 (mysqli::init() and others use wrong $this pointer without
checks)
http://cvs.php.net/diff.php/php-src/ext/mysqli/mysqli_api.c?r1=1.121&r2=1.122&ty=u
Index: php-src/ext/mysqli/mysqli_api.c
diff -u php-src/ext/mysqli/mysqli_api.c:1.121
php-src/ext/mysqli/mysqli_api.c:1.122
--- php-src/ext/mysqli/mysqli_api.c:1.121 Sun Oct 9 13:57:37 2005
+++ php-src/ext/mysqli/mysqli_api.c Mon Oct 10 08:59:47 2005
@@ -15,7 +15,7 @@
| Author: Georg Richter <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
- $Id: mysqli_api.c,v 1.121 2005/10/09 17:57:37 andrey Exp $
+ $Id: mysqli_api.c,v 1.122 2005/10/10 12:59:47 tony2001 Exp $
*/
#ifdef HAVE_CONFIG_H
@@ -1033,7 +1033,7 @@
mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1,
sizeof(MYSQLI_RESOURCE));
mysqli_resource->ptr = (void *)mysql;
- if (!getThis()) {
+ if (!getThis() || !instanceof_function(Z_OBJCE_P(getThis()),
mysqli_link_class_entry TSRMLS_CC)) {
MYSQLI_RETURN_RESOURCE(mysqli_resource,
mysqli_link_class_entry);
} else {
((mysqli_object *) zend_object_store_get_object(getThis()
TSRMLS_CC))->ptr = mysqli_resource;
http://cvs.php.net/diff.php/php-src/ext/mysqli/mysqli_nonapi.c?r1=1.54&r2=1.55&ty=u
Index: php-src/ext/mysqli/mysqli_nonapi.c
diff -u php-src/ext/mysqli/mysqli_nonapi.c:1.54
php-src/ext/mysqli/mysqli_nonapi.c:1.55
--- php-src/ext/mysqli/mysqli_nonapi.c:1.54 Sat Aug 6 12:56:42 2005
+++ php-src/ext/mysqli/mysqli_nonapi.c Mon Oct 10 08:59:47 2005
@@ -15,7 +15,7 @@
| Author: Georg Richter <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
- $Id: mysqli_nonapi.c,v 1.54 2005/08/06 16:56:42 andrey Exp $
+ $Id: mysqli_nonapi.c,v 1.55 2005/10/10 12:59:47 tony2001 Exp $
*/
#ifdef HAVE_CONFIG_H
@@ -112,7 +112,7 @@
mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1,
sizeof(MYSQLI_RESOURCE));
mysqli_resource->ptr = (void *)mysql;
- if (!object) {
+ if (!object || !instanceof_function(Z_OBJCE_P(object),
mysqli_link_class_entry TSRMLS_CC)) {
MYSQLI_RETURN_RESOURCE(mysqli_resource,
mysqli_link_class_entry);
} else {
((mysqli_object *) zend_object_store_get_object(object
TSRMLS_CC))->ptr = mysqli_resource;
http://cvs.php.net/diff.php/php-src/ext/mysqli/mysqli_warning.c?r1=1.5&r2=1.6&ty=u
Index: php-src/ext/mysqli/mysqli_warning.c
diff -u php-src/ext/mysqli/mysqli_warning.c:1.5
php-src/ext/mysqli/mysqli_warning.c:1.6
--- php-src/ext/mysqli/mysqli_warning.c:1.5 Wed Aug 3 10:07:31 2005
+++ php-src/ext/mysqli/mysqli_warning.c Mon Oct 10 08:59:47 2005
@@ -201,8 +201,8 @@
mysqli_resource = (MYSQLI_RESOURCE *)ecalloc (1,
sizeof(MYSQLI_RESOURCE));
mysqli_resource->ptr = mysqli_resource->info = (void *)w;
- if (!getThis()) {
- MYSQLI_RETURN_RESOURCE(mysqli_resource,
mysqli_link_class_entry);
+ if (!getThis() || !instanceof_function(Z_OBJCE_P(getThis()),
mysqli_warning_class_entry TSRMLS_CC)) {
+ MYSQLI_RETURN_RESOURCE(mysqli_resource,
mysqli_warning_class_entry);
} else {
((mysqli_object *) zend_object_store_get_object(getThis()
TSRMLS_CC))->ptr = mysqli_resource;
((mysqli_object *) zend_object_store_get_object(getThis()
TSRMLS_CC))->valid = 1;
http://cvs.php.net/diff.php/php-src/ext/mysqli/php_mysqli.h?r1=1.54&r2=1.55&ty=u
Index: php-src/ext/mysqli/php_mysqli.h
diff -u php-src/ext/mysqli/php_mysqli.h:1.54
php-src/ext/mysqli/php_mysqli.h:1.55
--- php-src/ext/mysqli/php_mysqli.h:1.54 Wed Aug 3 10:07:31 2005
+++ php-src/ext/mysqli/php_mysqli.h Mon Oct 10 08:59:47 2005
@@ -15,7 +15,7 @@
| Author: Georg Richter <[EMAIL PROTECTED]> |
+----------------------------------------------------------------------+
- $Id: php_mysqli.h,v 1.54 2005/08/03 14:07:31 sniper Exp $
+ $Id: php_mysqli.h,v 1.55 2005/10/10 12:59:47 tony2001 Exp $
*/
/* A little hack to prevent build break, when mysql is used together with
@@ -191,7 +191,7 @@
#define MYSQLI_REGISTER_RESOURCE(__ptr, __ce) \
{\
zval *object = getThis();\
- if (!object) {\
+ if (!object || !instanceof_function(Z_OBJCE_P(object),
mysqli_link_class_entry TSRMLS_CC)) {\
object = return_value;\
Z_TYPE_P(object) = IS_OBJECT;\
(object)->value.obj = mysqli_objects_new(__ce TSRMLS_CC);\
http://cvs.php.net/diff.php/php-src/ext/mysqli/tests/bug34810.phpt?r1=1.1&r2=1.2&ty=u
Index: php-src/ext/mysqli/tests/bug34810.phpt
diff -u /dev/null php-src/ext/mysqli/tests/bug34810.phpt:1.2
--- /dev/null Mon Oct 10 08:59:47 2005
+++ php-src/ext/mysqli/tests/bug34810.phpt Mon Oct 10 08:59:47 2005
@@ -0,0 +1,38 @@
+--TEST--
+bug #34810 (mysqli::init() and others use wrong $this pointer without checks)
+--SKIPIF--
+<?php require_once('skipif.inc'); ?>
+--FILE--
+<?php
+
+class DbConnection {
+ public function connect() {
+ include "connect.inc";
+
+ $link = mysqli::connect($host, $user, $passwd);
+ var_dump($link);
+
+ $link = mysqli::init();
+ var_dump($link);
+
+ $mysql = new mysqli($host, $user, $passwd, "test");
+ $mysql->query("DROP TABLE IF EXISTS test_warnings");
+ $mysql->query("CREATE TABLE test_warnings (a int not null)");
+ $mysql->query("INSERT INTO test_warnings VALUES
(1),(2),(NULL)");
+ var_dump(mysqli_warning::__construct($mysql));
+ }
+}
+
+$db = new DbConnection();
+$db->connect();
+
+echo "Done\n";
+?>
+--EXPECTF--
+object(mysqli)#%d (0) {
+}
+object(mysqli)#%d (0) {
+}
+object(mysqli_warning)#%d (0) {
+}
+Done
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
