diff options
author | Ilia Alshanetsky <iliaa@php.net> | 2008-02-21 13:37:52 +0000 |
---|---|---|
committer | Ilia Alshanetsky <iliaa@php.net> | 2008-02-21 13:37:52 +0000 |
commit | 744d8992b374cf992e972f3d88701e77fc9667e7 (patch) | |
tree | 9bb7ebc955487ddd26d87c523e1148c7bf2663d1 | |
parent | 4421fc2204e6cc8de4d906501d69d46f6bcd8f8b (diff) | |
download | php-git-744d8992b374cf992e972f3d88701e77fc9667e7.tar.gz |
MFB: Fixed bug #44189 (PDO setAttribute() does not properly validate values
for native numeric options)
-rw-r--r-- | NEWS | 2 | ||||
-rwxr-xr-x | ext/pdo/pdo_dbh.c | 14 |
2 files changed, 16 insertions, 0 deletions
@@ -13,6 +13,8 @@ PHP NEWS - Fixed bug #44197 (socket array keys lost on socket_select). (Felipe) - Fixed bug #44191 (preg_grep messes up array index). (Felipe) +- Fixed bug #44189 (PDO setAttribute() does not properly validate values for + native numeric options). (Ilia) - Fixed bug #44184 (Double free of loop-variable on exception). (Dmitry) - Fixed bug #44171 (Invalid FETCH_COLUMN index does not raise an error). (Ilia) - Fixed bug #44159 (Crash: $pdo->setAttribute(PDO::STATEMENT_ATTR_CLASS, NULL)). diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c index c017fa754e..d8c5034637 100755 --- a/ext/pdo/pdo_dbh.c +++ b/ext/pdo/pdo_dbh.c @@ -669,8 +669,17 @@ static PHP_METHOD(PDO, rollBack) static int pdo_dbh_attribute_set(pdo_dbh_t *dbh, long attr, zval *value TSRMLS_DC) /* {{{ */ { + +#define PDO_LONG_PARAM_CHECK \ + if (Z_TYPE_P(value) != IS_LONG && Z_TYPE_P(value) != IS_STRING && Z_TYPE_P(value) != IS_BOOL) { \ + pdo_raise_impl_error(dbh, NULL, "HY000", "attribute value must be an integer" TSRMLS_CC); \ + PDO_HANDLE_DBH_ERR(); \ + return FAILURE; \ + } \ + switch (attr) { case PDO_ATTR_ERRMODE: + PDO_LONG_PARAM_CHECK; convert_to_long(value); switch (Z_LVAL_P(value)) { case PDO_ERRMODE_SILENT: @@ -686,6 +695,7 @@ static int pdo_dbh_attribute_set(pdo_dbh_t *dbh, long attr, zval *value TSRMLS_D return FAILURE; case PDO_ATTR_CASE: + PDO_LONG_PARAM_CHECK; convert_to_long(value); switch (Z_LVAL_P(value)) { case PDO_CASE_NATURAL: @@ -701,6 +711,7 @@ static int pdo_dbh_attribute_set(pdo_dbh_t *dbh, long attr, zval *value TSRMLS_D return FAILURE; case PDO_ATTR_ORACLE_NULLS: + PDO_LONG_PARAM_CHECK; convert_to_long(value); dbh->oracle_nulls = Z_LVAL_P(value); return SUCCESS; @@ -714,6 +725,8 @@ static int pdo_dbh_attribute_set(pdo_dbh_t *dbh, long attr, zval *value TSRMLS_D return FAILURE; } } + } else { + PDO_LONG_PARAM_CHECK; } convert_to_long(value); if (Z_LVAL_P(value) == PDO_FETCH_USE_DEFAULT) { @@ -724,6 +737,7 @@ static int pdo_dbh_attribute_set(pdo_dbh_t *dbh, long attr, zval *value TSRMLS_D return SUCCESS; case PDO_ATTR_STRINGIFY_FETCHES: + PDO_LONG_PARAM_CHECK; convert_to_long(value); dbh->stringify = Z_LVAL_P(value) ? 1 : 0; return SUCCESS; |