Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Bug #62479 Fix bug where spaces in passwords would fail

Change-Id: I53679937d69b0a8897961900ebf33d197b8ce018
  • Loading branch information...
commit 809c3cc96f75c2c824f51c4a99bc2f7230854430 1 parent 4b9ed49
Will Fitch authored

Showing 1 changed file with 25 additions and 4 deletions. Show diff stats Hide diff stats

  1. +25 4 ext/pdo_pgsql/pgsql_driver.c
29 ext/pdo_pgsql/pgsql_driver.c
@@ -1037,8 +1037,8 @@ static struct pdo_dbh_methods pgsql_methods = {
1037 1037 static int pdo_pgsql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_DC) /* {{{ */
1038 1038 {
1039 1039 pdo_pgsql_db_handle *H;
1040   - int ret = 0;
1041   - char *conn_str, *p, *e;
  1040 + int ret = 0, password_len = 0;
  1041 + char *conn_str, *p, *e, *tmp_pass = NULL;
1042 1042 long connect_timeout = 30;
1043 1043
1044 1044 H = pecalloc(1, sizeof(pdo_pgsql_db_handle), dbh->is_persistent);
@@ -1056,23 +1056,44 @@ static int pdo_pgsql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
1056 1056 *p = ' ';
1057 1057 }
1058 1058
  1059 + /* If the password is defined, we need to account for special chars */
  1060 + if (dbh->password) {
  1061 + password_len = strlen(dbh->password);
  1062 + /* If the password isn't already quoted, let's quote it */
  1063 + if (dbh->password[0] != '\'' && dbh->password[password_len - 1] != '\'') {
  1064 + tmp_pass = emalloc(sizeof(dbh->password) + 3);
  1065 + snprintf(tmp_pass, sizeof(dbh->password) + 3, "'%s'", dbh->password);
  1066 + } else {
  1067 + /* Our default is to just use what password has been provided -
  1068 + * assuming it is already surrounded by quotes. This keeps BC for
  1069 + * users who already use workarounds
  1070 + */
  1071 + tmp_pass = estrdup(dbh->password);
  1072 + }
  1073 + }
  1074 +
1059 1075 if (driver_options) {
1060 1076 connect_timeout = pdo_attr_lval(driver_options, PDO_ATTR_TIMEOUT, 30 TSRMLS_CC);
1061 1077 }
1062 1078
1063 1079 /* support both full connection string & connection string + login and/or password */
1064 1080 if (dbh->username && dbh->password) {
1065   - spprintf(&conn_str, 0, "%s user=%s password=%s connect_timeout=%ld", dbh->data_source, dbh->username, dbh->password, connect_timeout);
  1081 + spprintf(&conn_str, 0, "%s user=%s password=%s connect_timeout=%ld", dbh->data_source, dbh->username, tmp_pass, connect_timeout);
1066 1082 } else if (dbh->username) {
1067 1083 spprintf(&conn_str, 0, "%s user=%s connect_timeout=%ld", dbh->data_source, dbh->username, connect_timeout);
1068 1084 } else if (dbh->password) {
1069   - spprintf(&conn_str, 0, "%s password=%s connect_timeout=%ld", dbh->data_source, dbh->password, connect_timeout);
  1085 + spprintf(&conn_str, 0, "%s password=%s connect_timeout=%ld", dbh->data_source, tmp_pass, connect_timeout);
1070 1086 } else {
1071 1087 spprintf(&conn_str, 0, "%s connect_timeout=%ld", (char *) dbh->data_source, connect_timeout);
1072 1088 }
1073 1089
1074 1090 H->server = PQconnectdb(conn_str);
1075 1091
  1092 + /* Free the tmp password created above */
  1093 + if (dbh->password) {
  1094 + efree(tmp_pass);
  1095 + }
  1096 +
1076 1097 efree(conn_str);
1077 1098
1078 1099 if (PQstatus(H->server) != CONNECTION_OK) {

0 comments on commit 809c3cc

Please sign in to comment.
Something went wrong with that request. Please try again.