Skip to content

Bug #62479 Fix bug where spaces in passwords would fail #199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

Bug #62479 Fix bug where spaces in passwords would fail #199

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
809c3cc
Bug #62479 Fix bug where spaces in passwords would fail
willfitch Sep 20, 2012
b6cf326
Bug #62479 Updated to escape single quotes
willfitch Sep 28, 2012
af1f577
Bug #62479 Added test for passwords with spaces and single quotes
willfitch Sep 28, 2012
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 48 additions & 4 deletions ext/pdo_pgsql/pgsql_driver.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1037,8 +1037,8 @@ static struct pdo_dbh_methods pgsql_methods = {
static int pdo_pgsql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_DC) /* {{{ */
{
pdo_pgsql_db_handle *H;
int ret = 0;
char *conn_str, *p, *e;
int ret = 0, password_len = 0;
char *conn_str, *p, *e, *tmp_pass = NULL;
long connect_timeout = 30;

H = pecalloc(1, sizeof(pdo_pgsql_db_handle), dbh->is_persistent);
Expand All @@ -1056,23 +1056,67 @@ static int pdo_pgsql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
*p = ' ';
}

/* If the password is defined, we need to account for special chars */
if (dbh->password) {
password_len = strlen(dbh->password);

/* If the password isn't already quoted, let's quote it */
if (dbh->password[0] != '\'' && dbh->password[password_len - 1] != '\'') {
char *source, *target, *end;
int new_password_length = 0;
tmp_pass = (char *) safe_emalloc(2, password_len, 1);
source = dbh->password;
end = source + password_len;
target = tmp_pass;
*target++ = '\'';

while (source < end) {
switch (*source) {
case '\'':
*target++ = '\\';
default:
*target++ = *source;
break;
}

source++;
}

*target++ = '\'';
*target++ = 0;
new_password_length = target - tmp_pass;
tmp_pass = (char *) erealloc(tmp_pass, new_password_length);
} else {
/* Our default is to just use what password has been provided -
* assuming it is already surrounded by quotes. This keeps BC for
* users who already use workarounds
*/
tmp_pass = estrdup(dbh->password);
}
}

if (driver_options) {
connect_timeout = pdo_attr_lval(driver_options, PDO_ATTR_TIMEOUT, 30 TSRMLS_CC);
}

/* support both full connection string & connection string + login and/or password */
if (dbh->username && dbh->password) {
spprintf(&conn_str, 0, "%s user=%s password=%s connect_timeout=%ld", dbh->data_source, dbh->username, dbh->password, connect_timeout);
spprintf(&conn_str, 0, "%s user=%s password=%s connect_timeout=%ld", dbh->data_source, dbh->username, tmp_pass, connect_timeout);
} else if (dbh->username) {
spprintf(&conn_str, 0, "%s user=%s connect_timeout=%ld", dbh->data_source, dbh->username, connect_timeout);
} else if (dbh->password) {
spprintf(&conn_str, 0, "%s password=%s connect_timeout=%ld", dbh->data_source, dbh->password, connect_timeout);
spprintf(&conn_str, 0, "%s password=%s connect_timeout=%ld", dbh->data_source, tmp_pass, connect_timeout);
} else {
spprintf(&conn_str, 0, "%s connect_timeout=%ld", (char *) dbh->data_source, connect_timeout);
}

H->server = PQconnectdb(conn_str);

/* Free the tmp password created above */
if (dbh->password) {
efree(tmp_pass);
}

efree(conn_str);

if (PQstatus(H->server) != CONNECTION_OK) {
Expand Down
56 changes: 56 additions & 0 deletions ext/pdo_pgsql/tests/bug62479.phpt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
--TEST--
PDO PgSQL Bug #62479 (PDO-psql cannot connect if password contains spaces)
--SKIPIF--
<?php
if (!extension_loaded('pdo') || !extension_loaded('pdo_pgsql')) die('skip not loaded');
require dirname(__FILE__) . '/config.inc';
require dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc';
PDOTest::skip();
if (!isset($config['ENV']['PDOTEST_DSN'])) die('no dsn found in env');
$db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt');
$rand = rand(5, 5);

// Assume that if we can't create a user, this test needs to be skipped
$testQuery = "CREATE USER pdo_$rand WITH PASSWORD 'testpass'";
$db->query($testQuery);
$testQuery = "DROP USER pdo_$rand";
$db->query($testQuery);
?>
--FILE--
<?php
require dirname(__FILE__) . '/../../../ext/pdo/tests/pdo_test.inc';
$pdo = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt');
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, true);
$rand = rand(5, 5);
$user = "pdo_$rand";
$template = "CREATE USER $user WITH PASSWORD '%s'";
$dropUser = "DROP USER $user";
$testQuery = 'SELECT 1 as verification';

// Create temp user with space in password
$sql = sprintf($template, 'my password');
$pdo->query($sql);

$testConn = new PDO($config['ENV']['PDOTEST_DSN'], $user, "my password");
$result = $testConn->query($testQuery);
var_dump($result->fetch()[0]);

// Remove the user
$pdo->query($dropUser);

// Create a user with a space and single quote
$sql = sprintf($template, "my pass\'word");
$pdo->query($sql);

$testConn = new PDO($config['ENV']['PDOTEST_DSN'], $user, "my pass'word");
$result = $testConn->query($testQuery);
var_dump($result->fetch()[0]);

// Remove the user
$pdo->query($dropUser);

?>
--EXPECTF--
int(1)
int(1)