MFB: Fixed bug #44189 (PDO setAttribute() does not properly validate values

for native numeric options)
author: Ilia Alshanetsky <iliaa@php.net> 2008-02-21 13:37:52 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2008-02-21 13:37:52 +0000
commit: 744d8992b374cf992e972f3d88701e77fc9667e7 (patch)
tree: 9bb7ebc955487ddd26d87c523e1148c7bf2663d1
parent: 4421fc2204e6cc8de4d906501d69d46f6bcd8f8b (diff)
download: php-git-744d8992b374cf992e972f3d88701e77fc9667e7.tar.gz
2 files changed, 16 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 89ddd6314c..3f40181fdb 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,8 @@ PHP                                                                        NEWS
 
 - Fixed bug #44197 (socket array keys lost on socket_select). (Felipe)
 - Fixed bug #44191 (preg_grep messes up array index). (Felipe)
+- Fixed bug #44189 (PDO setAttribute() does not properly validate values for 
+  native numeric options). (Ilia)
 - Fixed bug #44184 (Double free of loop-variable on exception). (Dmitry)
 - Fixed bug #44171 (Invalid FETCH_COLUMN index does not raise an error). (Ilia)
 - Fixed bug #44159 (Crash: $pdo->setAttribute(PDO::STATEMENT_ATTR_CLASS, NULL)).
diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c
index c017fa754e..d8c5034637 100755
--- a/ext/pdo/pdo_dbh.c
+++ b/ext/pdo/pdo_dbh.c
@@ -669,8 +669,17 @@ static PHP_METHOD(PDO, rollBack)
 
 static int pdo_dbh_attribute_set(pdo_dbh_t *dbh, long attr, zval *value TSRMLS_DC) /* {{{ */
 {
+
+#define PDO_LONG_PARAM_CHECK \
+	if (Z_TYPE_P(value) != IS_LONG && Z_TYPE_P(value) != IS_STRING && Z_TYPE_P(value) != IS_BOOL) { \
+		pdo_raise_impl_error(dbh, NULL, "HY000", "attribute value must be an integer" TSRMLS_CC); \
+		PDO_HANDLE_DBH_ERR(); \
+		return FAILURE; \
+	} \
+
 	switch (attr) {
 		case PDO_ATTR_ERRMODE:
+			PDO_LONG_PARAM_CHECK;
 			convert_to_long(value);
 			switch (Z_LVAL_P(value)) {
 				case PDO_ERRMODE_SILENT:
@@ -686,6 +695,7 @@ static int pdo_dbh_attribute_set(pdo_dbh_t *dbh, long attr, zval *value TSRMLS_D
 			return FAILURE;
 
 		case PDO_ATTR_CASE:
+			PDO_LONG_PARAM_CHECK;
 			convert_to_long(value);
 			switch (Z_LVAL_P(value)) {
 				case PDO_CASE_NATURAL:
@@ -701,6 +711,7 @@ static int pdo_dbh_attribute_set(pdo_dbh_t *dbh, long attr, zval *value TSRMLS_D
 			return FAILURE;
 
 		case PDO_ATTR_ORACLE_NULLS:
+			PDO_LONG_PARAM_CHECK;
 			convert_to_long(value);
 			dbh->oracle_nulls = Z_LVAL_P(value);
 			return SUCCESS;
@@ -714,6 +725,8 @@ static int pdo_dbh_attribute_set(pdo_dbh_t *dbh, long attr, zval *value TSRMLS_D
 						return FAILURE;
 					}
 				}
+			} else {
+				PDO_LONG_PARAM_CHECK;
 			}
 			convert_to_long(value);
 			if (Z_LVAL_P(value) == PDO_FETCH_USE_DEFAULT) {
@@ -724,6 +737,7 @@ static int pdo_dbh_attribute_set(pdo_dbh_t *dbh, long attr, zval *value TSRMLS_D
 			return SUCCESS;
 
 		case PDO_ATTR_STRINGIFY_FETCHES:
+			PDO_LONG_PARAM_CHECK;
 			convert_to_long(value);
 			dbh->stringify = Z_LVAL_P(value) ? 1 : 0;
 			return SUCCESS;
author	Ilia Alshanetsky <iliaa@php.net>	2008-02-21 13:37:52 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2008-02-21 13:37:52 +0000
commit	744d8992b374cf992e972f3d88701e77fc9667e7 (patch)
tree	9bb7ebc955487ddd26d87c523e1148c7bf2663d1
parent	4421fc2204e6cc8de4d906501d69d46f6bcd8f8b (diff)
download	php-git-744d8992b374cf992e972f3d88701e77fc9667e7.tar.gz