Skip to content

Commit

Permalink
More tests, more fixes
Browse files Browse the repository at this point in the history 
- Reimplement original `mysql_escape_string()` based on C-code as close as possible
- For some reason `mysql_fetch_object()` has a different error than all the other `mysql_fetch_*()` functions when passed an invalid result. ಠ_ಠ
  • Loading branch information
@dshafik
dshafik committed Dec 7, 2015
1 parent 5f20827 commit 0a6610c
Show file tree
Hide file tree
Showing 2 changed files with 246 additions and 12 deletions.
127 changes: 115 additions & 12 deletions lib/mysql.php
View file
Expand Up @@ -166,7 +166,9 @@ function mysql_list_fields($databaseName, $tableName, \mysqli $link = null)
}

trigger_error("mysql_list_fields(): Unable to save MySQL query result", E_USER_WARNING);
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}

function mysql_list_processes(\mysqli $link = null)
Expand Down Expand Up @@ -194,8 +196,14 @@ function mysql_insert_id($link = null) /*|*/
return mysqli_insert_id(\Dshafik\MySQL::getConnection($link));
}

function mysql_result(\mysqli_result $result, $row, $field = 0)
function mysql_result($result, $row, $field = 0)
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}

if (!mysqli_data_seek($result, $row)) {
trigger_error(
sprintf(
Expand Down Expand Up @@ -244,8 +252,14 @@ function mysql_result(\mysqli_result $result, $row, $field = 0)
// @codeCoverageIgnoreEnd
}

function mysql_num_rows(\mysqli_result $result)
function mysql_num_rows($result)
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}

$previous = error_reporting(0);
$rows = mysqli_num_rows($result);
error_reporting($previous);
Expand All @@ -256,39 +270,49 @@ function mysql_num_rows(\mysqli_result $result)
function mysql_num_fields($result)
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
return mysqli_num_fields($result);
}

function mysql_fetch_row($result) /* : array|null */
function mysql_fetch_row($result)
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
return mysqli_fetch_row($result);
}

function mysql_fetch_array($result) /* : array|null */
function mysql_fetch_array($result)
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
return mysqli_fetch_array($result);
}

function mysql_fetch_assoc($result) /* : array|null */
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
return mysqli_fetch_assoc($result);
}

function mysql_fetch_object($result, $class = null, array $params = []) /* : object|null */
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}

if ($class == null) {
Expand All @@ -301,85 +325,116 @@ function mysql_fetch_object($result, $class = null, array $params = []) /* : obj
function mysql_data_seek($result, $offset)
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
return mysqli_data_seek($result, $offset);
}

function mysql_fetch_lengths($result) /* : array|*/
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
return mysqli_fetch_lengths($result);
}

function mysql_fetch_field($result) /* : object|*/
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
return mysqli_fetch_field($result);
}

function mysql_field_seek($result, $field)
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
return mysqli_field_seek($result, $field);
}

function mysql_free_result($result)
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
return mysqli_free_result($result);
}

function mysql_field_name($result, $field)
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
return \Dshafik\MySQL::mysqlFieldInfo($result, $field, 'name');
}

function mysql_field_table($result, $field)
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
return \Dshafik\MySQL::mysqlFieldInfo($result, $field, 'table');
}

function mysql_field_len($result, $field)
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
return \Dshafik\MySQL::mysqlFieldInfo($result, $field, 'len');
}

function mysql_field_type($result, $field)
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
return \Dshafik\MySQL::mysqlFieldInfo($result, $field, 'type');
}

function mysql_field_flags($result, $field)
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
return \Dshafik\MySQL::mysqlFieldInfo($result, $field, 'flags');
}

function mysql_escape_string($unescapedString)
{
if (\Dshafik\MySQL::$last_connection == null) {
trigger_error(
sprintf(
"%s() is insecure; use mysql_real_escape_string() instead!",
__FUNCTION__
),
E_USER_NOTICE
);

return \Dshafik\MySQL::escapeString($unescapedString);
}
return mysql_real_escape_string($unescapedString, null);
}

Expand Down Expand Up @@ -438,20 +493,28 @@ function mysql_set_charset($charset, \mysqli $link = null)
return mysqli_set_charset(\Dshafik\MySQL::getConnection($link), $charset);
}

function mysql_db_name($result)
function mysql_db_name($result, $row)
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
return mysqli_fetch_row($result)['Database'];

// Alias as per http://lxr.php.net/xref/PHP_5_6/ext/mysql/php_mysql.c#319
return mysql_result($result, $row, 'Database');
}

function mysql_table_name($result)
function mysql_table_name($result, $row)
{
if (\Dshafik\MySQL::checkValidResult($result, __FUNCTION__)) {
// @codeCoverageIgnoreStart
return false;
// @codeCoverageIgnoreEnd
}
return mysqli_fetch_row($result)['Table'];

// Alias as per http://lxr.php.net/xref/PHP_5_6/ext/mysql/php_mysql.c#321
return mysql_result($result, $row, 'Table');
}

/* Aliases */
Expand Down Expand Up @@ -595,12 +658,52 @@ public static function mysqlFieldInfo(\mysqli_result $result, $field, $what)
public static function checkValidResult($result, $function)
{
if (!($result instanceof \mysqli_result)) {
trigger_error(
$function . "() expects parameter 1 to be resource, " . gettype($result) . " given",
E_USER_WARNING
);
if ($function != "mysql_fetch_object") {
trigger_error(
$function . "() expects parameter 1 to be resource, " . strtolower(gettype($result)) . " given",
E_USER_WARNING
);
}

if ($function == "mysql_fetch_object") {
trigger_error(
$function . "(): supplied argument is not a valid MySQL result resource",
E_USER_WARNING
);
}
return false;
}

}

public static function escapeString($unescapedString)
{
$escapedString = "";
for ($i = 0; $i < strlen($unescapedString); $i++) {
switch ($unescapedString{$i}) {
case "\0":
$esc = 0;
break;
case "\n":
$esc = "n";
break;
case "\r":
$esc = "r";
break;
case '\\':
case '\'':
case '"':
$esc = $unescapedString{$i};
break;
case "\032":
$esc = 'Z';
break;
}
$escapedString .= "\\$esc";

}

return $escapedString;
}

protected static function getFieldFlags($what)
Expand Down

0 comments on commit 0a6610c

Please sign in to comment.