Skip to content

Commit

Permalink
Fix #270 - Replace sscanf by equivalent native PHP functions because …
Browse files Browse the repository at this point in the history 
…sscanf can be disabled for security reasons.

Fixes: #270
  • Loading branch information
@niconoe- @williamdes
niconoe- authored and williamdes committed Feb 9, 2020
1 parent c690e1d commit 8ea41bc
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 12 deletions.
11 changes: 5 additions & 6 deletions src/Token.php
View file
Expand Up @@ -258,17 +258,16 @@ public function extract()
if ($this->flags & self::FLAG_NUMBER_HEX) {
if ($this->flags & self::FLAG_NUMBER_NEGATIVE) {
$ret = str_replace('-', '', $this->token);
sscanf($ret, '%x', $ret);
$ret = -$ret;
$ret = -hexdec($ret);
} else {
sscanf($ret, '%x', $ret);
$ret = hexdec($ret);
}
} elseif (($this->flags & self::FLAG_NUMBER_APPROXIMATE)
|| ($this->flags & self::FLAG_NUMBER_FLOAT)
) {
sscanf($ret, '%f', $ret);
} else {
sscanf($ret, '%d', $ret);
$ret = (float) $ret;
} elseif (! ($this->flags & self::FLAG_NUMBER_BINARY)) {
$ret = (int) $ret;
}

return $ret;
Expand Down
2 changes: 1 addition & 1 deletion tests/data/lexer/lexNumber.in
View file
@@ -1,3 +1,3 @@
SELECT 12, 34, 5.67, 0x89, -10, --11, +12, .15, 0xFFa, 0xfFA, 0XFfA, 1e-10, 1e10, .5e10, b'10';
SELECT 12, 34, 5.67, 0x89, -10, --11, +12, .15, 0xFFa, 0xfFA, 0XFfA, -0xFFa, -0xfFA, -0XFfA, 1e-10, 1e10, .5e10, b'10';
-- invalid number
SELECT 12ex10, b'15';

0 comments on commit 8ea41bc

Please sign in to comment.