--- embedaddon/php/ext/pgsql/pgsql.c 2013/07/22 01:31:59 1.1.1.3 +++ embedaddon/php/ext/pgsql/pgsql.c 2013/10/14 08:02:28 1.1.1.4 @@ -20,7 +20,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: pgsql.c,v 1.1.1.3 2013/07/22 01:31:59 misho Exp $ */ +/* $Id: pgsql.c,v 1.1.1.4 2013/10/14 08:02:28 misho Exp $ */ #include @@ -63,6 +63,7 @@ #define PGSQL_MAX_LENGTH_OF_LONG 30 #define PGSQL_MAX_LENGTH_OF_DOUBLE 60 +#if LONG_MAX < UINT_MAX #define PGSQL_RETURN_OID(oid) do { \ if (oid > LONG_MAX) { \ smart_str s = {0}; \ @@ -72,8 +73,10 @@ } \ RETURN_LONG((long)oid); \ } while(0) +#else +#define PGSQL_RETURN_OID(oid) (RETURN_LONG((long)oid)) +#endif - #if HAVE_PQSETNONBLOCKING #define PQ_SETNONBLOCKING(pg_link, flag) PQsetnonblocking(pg_link, flag) #else @@ -914,6 +917,82 @@ static void _free_result(zend_rsrc_list_entry *rsrc TS } /* }}} */ + +static int _php_pgsql_detect_identifier_escape(const char *identifier, size_t len) +{ + size_t i; + + /* Handle edge case. Cannot be a escaped string */ + if (len <= 2) { + return FAILURE; + } + /* Detect double qoutes */ + if (identifier[0] == '"' && identifier[len-1] == '"') { + /* Detect wrong format of " inside of escaped string */ + for (i = 1; i < len-1; i++) { + if (identifier[i] == '"' && (identifier[++i] != '"' || i == len-1)) { + return FAILURE; + } + } + } else { + return FAILURE; + } + /* Escaped properly */ + return SUCCESS; +} + +#if !HAVE_PQESCAPELITERAL +/* {{{ _php_pgsql_escape_identifier + * Since PQescapeIdentifier() is unavailable (PostgreSQL 9.0 <), idenfifers + * should be escaped by pgsql module. + * Note: this function does not care for encoding. Therefore users should not + * use this with SJIS/BIG5 etc. (i.e. Encoding base injection may possible with + * before PostgreSQL 9.0) + */ +static char *_php_pgsql_escape_identifier(const char *field, size_t field_len) +{ + ulong field_escaped_len = field_len*2 + 3; + ulong i, j = 0; + char *field_escaped; + + field_escaped = (char *)malloc(field_escaped_len); + field_escaped[j++] = '"'; + for (i = 0; i < field_len; i++) { + if (field[i] == '"') { + field_escaped[j++] = '"'; + field_escaped[j++] = '"'; + } else { + field_escaped[j++] = field[i]; + } + } + field_escaped[j++] = '"'; + field_escaped[j] = '\0'; + return field_escaped; +} +/* }}} */ +#endif + +/* {{{ _php_pgsql_strndup, no strndup should be used */ +static char *_php_pgsql_strndup(const char *s, size_t len) +{ + char *new; + + if (NULL == s) { + return (char *)NULL; + } + + new = (char *) malloc(len + 1); + + if (NULL == new) { + return (char *)NULL; + } + + new[len] = '\0'; + + return memmove(new, s, len); +} +/* }}} */ + /* {{{ PHP_INI */ PHP_INI_BEGIN() @@ -4076,7 +4155,7 @@ PHP_FUNCTION(pg_escape_bytea) #ifdef HAVE_PQESCAPE_BYTEA_CONN if (pgsql_link != NULL || id != -1) { ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink); - to = (char *)PQescapeByteaConn(pgsql, from, (size_t)from_len, &to_len); + to = (char *)PQescapeByteaConn(pgsql, (unsigned char *)from, (size_t)from_len, &to_len); } else #endif to = (char *)PQescapeBytea((unsigned char*)from, from_len, &to_len); @@ -4270,10 +4349,9 @@ static char* php_pgsql_PQescapeInternal(PGconn *conn, #endif static void php_pgsql_escape_internal(INTERNAL_FUNCTION_PARAMETERS, int escape_literal) { - char *from = NULL, *to = NULL, *tmp = NULL; + char *from = NULL, *to = NULL; zval *pgsql_link = NULL; PGconn *pgsql; - int to_len; int from_len; int id = -1; @@ -4294,26 +4372,32 @@ static void php_pgsql_escape_internal(INTERNAL_FUNCTIO } if (pgsql_link == NULL && id == -1) { + php_error_docref(NULL TSRMLS_CC, E_WARNING,"Cannot get default pgsql link"); RETURN_FALSE; } ZEND_FETCH_RESOURCE2(pgsql, PGconn *, &pgsql_link, id, "PostgreSQL link", le_link, le_plink); if (pgsql == NULL) { - php_error_docref(NULL TSRMLS_CC, E_WARNING,"Cannot get default pgsql link"); + php_error_docref(NULL TSRMLS_CC, E_WARNING,"Cannot get pgsql link"); RETURN_FALSE; } #ifdef HAVE_PQESCAPELITERAL - if (escape_literal) { - tmp = PQescapeLiteral(pgsql, from, (size_t)from_len); - } else { - tmp = PQescapeIdentifier(pgsql, from, (size_t)from_len); + /* Use a block with a local var to avoid unused variable warnings */ + { + char *tmp; + + if (escape_literal) { + tmp = PQescapeLiteral(pgsql, from, (size_t)from_len); + } else { + tmp = PQescapeIdentifier(pgsql, from, (size_t)from_len); + } + if (!tmp) { + php_error_docref(NULL TSRMLS_CC, E_WARNING,"Failed to escape"); + RETURN_FALSE; + } + to = estrdup(tmp); + PQfreemem(tmp); } - if (!tmp) { - php_error_docref(NULL TSRMLS_CC, E_WARNING,"Failed to escape"); - RETURN_FALSE; - } - to = estrdup(tmp); - PQfreemem(tmp); #else to = php_pgsql_PQescapeInternal(pgsql, from, (size_t)from_len, escape_literal); if (!to) { @@ -4573,6 +4657,7 @@ PHP_FUNCTION(pg_send_query) PGconn *pgsql; PGresult *res; int leftover = 0; + int ret; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs", &pgsql_link, &query, &len) == FAILURE) { @@ -4600,6 +4685,14 @@ PHP_FUNCTION(pg_send_query) RETURN_FALSE; } } + /* Wait to finish sending buffer */ + while ((ret = PQflush(pgsql))) { + if (ret == -1) { + php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Could not empty PostgreSQL send buffer"); + break; + } + usleep(10000); + } if (PQ_SETNONBLOCKING(pgsql, 0)) { php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Cannot set connection to blocking mode"); } @@ -4620,6 +4713,7 @@ PHP_FUNCTION(pg_send_query_params) PGconn *pgsql; PGresult *res; int leftover = 0; + int ret; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rsa/", &pgsql_link, &query, &query_len, &pv_param_arr) == FAILURE) { return; @@ -4686,6 +4780,14 @@ PHP_FUNCTION(pg_send_query_params) } } _php_pgsql_free_params(params, num_params); + /* Wait to finish sending buffer */ + while ((ret = PQflush(pgsql))) { + if (ret == -1) { + php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Could not empty PostgreSQL send buffer"); + break; + } + usleep(10000); + } if (PQ_SETNONBLOCKING(pgsql, 0)) { php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Cannot set connection to blocking mode"); } @@ -4705,6 +4807,7 @@ PHP_FUNCTION(pg_send_prepare) PGconn *pgsql; PGresult *res; int leftover = 0; + int ret; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rss", &pgsql_link, &stmtname, &stmtname_len, &query, &query_len) == FAILURE) { return; @@ -4735,6 +4838,14 @@ PHP_FUNCTION(pg_send_prepare) RETURN_FALSE; } } + /* Wait to finish sending buffer */ + while ((ret = PQflush(pgsql))) { + if (ret == -1) { + php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Could not empty postgres send buffer"); + break; + } + usleep(10000); + } if (PQ_SETNONBLOCKING(pgsql, 0)) { php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Cannot set connection to blocking mode"); } @@ -4757,6 +4868,7 @@ PHP_FUNCTION(pg_send_execute) PGconn *pgsql; PGresult *res; int leftover = 0; + int ret; if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rsa", &pgsql_link, &stmtname, &stmtname_len, &pv_param_arr) == FAILURE) { return; @@ -4823,6 +4935,14 @@ PHP_FUNCTION(pg_send_execute) } } _php_pgsql_free_params(params, num_params); + /* Wait to finish sending buffer */ + while ((ret = PQflush(pgsql))) { + if (ret == -1) { + php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Could not empty postgres send buffer"); + break; + } + usleep(10000); + } if (PQ_SETNONBLOCKING(pgsql, 0)) { php_error_docref(NULL TSRMLS_CC, E_NOTICE, "Cannot set connection to blocking mode"); } @@ -4978,8 +5098,9 @@ PHP_PGSQL_API int php_pgsql_meta_data(PGconn *pg_link, { PGresult *pg_result; char *src, *tmp_name, *tmp_name2 = NULL; + char *escaped; smart_str querystr = {0}; - int new_len; + size_t new_len; int i, num_rows; zval *elem; @@ -5001,20 +5122,33 @@ PHP_PGSQL_API int php_pgsql_meta_data(PGconn *pg_link, "SELECT a.attname, a.attnum, t.typname, a.attlen, a.attnotnull, a.atthasdef, a.attndims, t.typtype = 'e' " "FROM pg_class as c, pg_attribute a, pg_type t, pg_namespace n " "WHERE a.attnum > 0 AND a.attrelid = c.oid AND c.relname = '"); - tmp_name2 = php_addslashes(tmp_name2, strlen(tmp_name2), &new_len, 0 TSRMLS_CC); - smart_str_appendl(&querystr, tmp_name2, new_len); - + escaped = (char *)safe_emalloc(strlen(tmp_name2), 2, 1); +#if HAVE_PQESCAPE_CONN + new_len = PQescapeStringConn(pg_link, escaped, tmp_name2, strlen(tmp_name2), NULL); +#else + new_len = PQescapeString(escaped, tmp_name2, strlen(tmp_name2)); +#endif + if (new_len) { + smart_str_appends(&querystr, escaped); + } + efree(escaped); + smart_str_appends(&querystr, "' AND c.relnamespace = n.oid AND n.nspname = '"); - tmp_name = php_addslashes(tmp_name, strlen(tmp_name), &new_len, 0 TSRMLS_CC); - smart_str_appendl(&querystr, tmp_name, new_len); + escaped = (char *)safe_emalloc(strlen(tmp_name), 2, 1); +#if HAVE_PQESCAPE_CONN + new_len = PQescapeStringConn(pg_link, escaped, tmp_name, strlen(tmp_name), NULL); +#else + new_len = PQescapeString(escaped, tmp_name, strlen(tmp_name)); +#endif + if (new_len) { + smart_str_appends(&querystr, escaped); + } + efree(escaped); smart_str_appends(&querystr, "' AND a.atttypid = t.oid ORDER BY a.attnum;"); smart_str_0(&querystr); - - efree(tmp_name2); - efree(tmp_name); - efree(src); - + efree(src); + pg_result = PQexec(pg_link, querystr.c); if (PQresultStatus(pg_result) != PGRES_TUPLES_OK || (num_rows = PQntuples(pg_result)) == 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Table '%s' doesn't exists", table_name); @@ -5237,6 +5371,7 @@ static int php_pgsql_add_quotes(zval *src, zend_bool s assert(Z_TYPE_P(src) == IS_STRING); assert(should_free == 1 || should_free == 0); + smart_str_appendc(&str, 'E'); smart_str_appendc(&str, '\''); smart_str_appendl(&str, Z_STRVAL_P(src), Z_STRLEN_P(src)); smart_str_appendc(&str, '\''); @@ -5277,7 +5412,7 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, c uint field_len = -1; ulong num_idx = -1; zval *meta, **def, **type, **not_null, **has_default, **is_enum, **val, *new_val; - int new_len, key_type, err = 0, skip_field; + int key_type, err = 0, skip_field; php_pgsql_data_type data_type; assert(pg_link != NULL); @@ -5290,6 +5425,8 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, c } MAKE_STD_ZVAL(meta); array_init(meta); + +/* table_name is escaped by php_pgsql_meta_data */ if (php_pgsql_meta_data(pg_link, table_name, meta TSRMLS_CC) == FAILURE) { zval_dtor(meta); FREE_ZVAL(meta); @@ -5502,15 +5639,15 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, c } else { Z_TYPE_P(new_val) = IS_STRING; -#if HAVE_PQESCAPE +#if HAVE_PQESCAPE_CONN { char *tmp; - tmp = (char *)safe_emalloc(Z_STRLEN_PP(val), 2, 1); - Z_STRLEN_P(new_val) = (int)PQescapeString(tmp, Z_STRVAL_PP(val), Z_STRLEN_PP(val)); + tmp = (char *)safe_emalloc(Z_STRLEN_PP(val), 2, 1); + Z_STRLEN_P(new_val) = (int)PQescapeStringConn(pg_link, tmp, Z_STRVAL_PP(val), Z_STRLEN_PP(val), NULL); Z_STRVAL_P(new_val) = tmp; } #else - Z_STRVAL_P(new_val) = php_addslashes(Z_STRVAL_PP(val), Z_STRLEN_PP(val), &Z_STRLEN_P(new_val), 0 TSRMLS_CC); + Z_STRVAL_P(new_val) = (int)PQescapeString(Z_STRVAL_PP(val), Z_STRLEN_PP(val), &Z_STRLEN_P(new_val), 0 TSRMLS_CC); #endif php_pgsql_add_quotes(new_val, 1 TSRMLS_CC); } @@ -5796,10 +5933,11 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, c else { unsigned char *tmp; size_t to_len; + smart_str s = {0}; #ifdef HAVE_PQESCAPE_BYTEA_CONN - tmp = PQescapeByteaConn(pg_link, Z_STRVAL_PP(val), Z_STRLEN_PP(val), &to_len); + tmp = PQescapeByteaConn(pg_link, (unsigned char *)Z_STRVAL_PP(val), Z_STRLEN_PP(val), &to_len); #else - tmp = PQescapeBytea(Z_STRVAL_PP(val), Z_STRLEN_PP(val), &to_len); + tmp = PQescapeBytea(Z_STRVAL_PP(val), (unsigned char *)Z_STRLEN_PP(val), &to_len); #endif Z_TYPE_P(new_val) = IS_STRING; Z_STRLEN_P(new_val) = to_len-1; /* PQescapeBytea's to_len includes additional '\0' */ @@ -5807,7 +5945,11 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, c memcpy(Z_STRVAL_P(new_val), tmp, to_len); PQfreemem(tmp); php_pgsql_add_quotes(new_val, 1 TSRMLS_CC); - + smart_str_appendl(&s, Z_STRVAL_P(new_val), Z_STRLEN_P(new_val)); + smart_str_0(&s); + efree(Z_STRVAL_P(new_val)); + Z_STRVAL_P(new_val) = s.c; + Z_STRLEN_P(new_val) = s.len; } break; @@ -5892,11 +6034,22 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, c FREE_ZVAL(new_val); break; /* break out for() */ } + /* If field is NULL and HAS DEFAULT, should be skipped */ if (!skip_field) { - /* If field is NULL and HAS DEFAULT, should be skipped */ - field = php_addslashes(field, strlen(field), &new_len, 0 TSRMLS_CC); - add_assoc_zval(result, field, new_val); - efree(field); + char *escaped; + size_t field_len = strlen(field); + + if (_php_pgsql_detect_identifier_escape(field, field_len) == SUCCESS) { + escaped = _php_pgsql_strndup(field, field_len); + } else { +#if HAVE_PQESCAPELITERAL + escaped = PQescapeIdentifier(pg_link, field, field_len); +#else + escaped = _php_pgsql_escape_identifier(field, field_len); +#endif + } + add_assoc_zval(result, escaped, new_val); + free(escaped); } } /* for */ zval_dtor(meta); @@ -5971,6 +6124,45 @@ static int do_exec(smart_str *querystr, int expect, PG return -1; } +static inline void build_tablename(smart_str *querystr, PGconn *pg_link, const char *table) +{ + char *table_copy, *escaped, *token, *tmp; + size_t len; + + /* schame.table should be "schame"."table" */ + table_copy = estrdup(table); + token = php_strtok_r(table_copy, ".", &tmp); + len = strlen(token); + if (_php_pgsql_detect_identifier_escape(token, len) == SUCCESS) { + escaped = _php_pgsql_strndup(token, len); + } else { +#if HAVE_PQESCAPELITERAL + escaped = PQescapeIdentifier(pg_link, token, len); +#else + escaped = _php_pgsql_escape_identifier(token, len); +#endif + } + smart_str_appends(querystr, escaped); + free(escaped); + if (tmp && *tmp) { + len = strlen(tmp); + /* "schema"."table" format */ + if (_php_pgsql_detect_identifier_escape(tmp, len) == SUCCESS) { + escaped = _php_pgsql_strndup(tmp, len); + } else { +#if HAVE_PQESCAPELITERAL + escaped = PQescapeIdentifier(pg_link, tmp, len); +#else + escaped = _php_pgsql_escape_identifier(tmp, len); +#endif + } + smart_str_appendc(querystr, '.'); + smart_str_appends(querystr, escaped); + free(escaped); + } + efree(table_copy); +} + /* {{{ php_pgsql_insert */ PHP_PGSQL_API int php_pgsql_insert(PGconn *pg_link, const char *table, zval *var_array, ulong opt, char **sql TSRMLS_DC) @@ -5990,7 +6182,7 @@ PHP_PGSQL_API int php_pgsql_insert(PGconn *pg_link, co if (zend_hash_num_elements(Z_ARRVAL_P(var_array)) == 0) { smart_str_appends(&querystr, "INSERT INTO "); - smart_str_appends(&querystr, table); + build_tablename(&querystr, pg_link, table); smart_str_appends(&querystr, " DEFAULT VALUES"); goto no_values; @@ -6005,11 +6197,11 @@ PHP_PGSQL_API int php_pgsql_insert(PGconn *pg_link, co } var_array = converted; } - + smart_str_appends(&querystr, "INSERT INTO "); - smart_str_appends(&querystr, table); + build_tablename(&querystr, pg_link, table); smart_str_appends(&querystr, " ("); - + zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(var_array), &pos); while ((key_type = zend_hash_get_current_key_ex(Z_ARRVAL_P(var_array), &fld, &fld_len, &num_idx, 0, &pos)) != HASH_KEY_NON_EXISTANT) { @@ -6196,7 +6388,7 @@ PHP_PGSQL_API int php_pgsql_update(PGconn *pg_link, co } smart_str_appends(&querystr, "UPDATE "); - smart_str_appends(&querystr, table); + build_tablename(&querystr, pg_link, table); smart_str_appends(&querystr, " SET "); if (build_assignment_string(&querystr, Z_ARRVAL_P(var_array), 0, ",", 1 TSRMLS_CC)) @@ -6297,7 +6489,7 @@ PHP_PGSQL_API int php_pgsql_delete(PGconn *pg_link, co } smart_str_appends(&querystr, "DELETE FROM "); - smart_str_appends(&querystr, table); + build_tablename(&querystr, pg_link, table); smart_str_appends(&querystr, " WHERE "); if (build_assignment_string(&querystr, Z_ARRVAL_P(ids_array), 1, " AND ", sizeof(" AND ")-1 TSRMLS_CC)) @@ -6433,7 +6625,7 @@ PHP_PGSQL_API int php_pgsql_select(PGconn *pg_link, co } smart_str_appends(&querystr, "SELECT * FROM "); - smart_str_appends(&querystr, table); + build_tablename(&querystr, pg_link, table); smart_str_appends(&querystr, " WHERE "); if (build_assignment_string(&querystr, Z_ARRVAL_P(ids_array), 1, " AND ", sizeof(" AND ")-1 TSRMLS_CC))