reassign 656442 php-mdb2 thank you Matthias,
I don't think that PEAR is here at fault, the isError routine is fairly simple: function isError($data, $code = null) { if (!is_a($data, 'PEAR_Error')) { return false; } if (is_null($code)) { return true; } elseif (is_string($code)) { return $data->getMessage() == $code; } return $data->getCode() == $code; } Thus is looks like the error is in the returned datatype from escape() function on calls to ->getMessage() and getCode(). I am reassigning the bug to php-mdb2 package since it's probably closer there. Ondrej On Thu, Jan 19, 2012 at 13:30, Matthias Urlichs <matth...@urlichs.de> wrote: > Package: php-pear > Version: 5.3.8.0-1 > Severity: important > > These lines seem fairly inconspicuous. > /usr/share/php/MDB2/Driver/Datatype/Common.php, line 1227 ff.: > > $value = $db->escape($value, $escape_wildcards); > if (PEAR::isError($value)) { > return $value; > } > return "'".$value."'"; > > Interestingly, however, the call to PEAR::isError() causes this to happen: > > 15663 > lstat64("/usr/share/roundcube/program/include/dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJlbl9VUyI7dGFza3xzOjU6ImxvZ2luIjs=.php", > 0xbff58558) = -1 ENOENT (No such file or directory) > 15663 getcwd("/var/lib/roundcube", 4096) = 19 > 15663 time(NULL) = 1326973864 > 15663 > lstat64("/var/lib/roundcube/dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJlbl9VUyI7dGFza3xzOjU6ImxvZ2luIjs=.php", > 0xbff5a608) = -1 ENOENT (No such file or directory) > 15663 > open("/var/lib/roundcube/dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJlbl9VUyI7dGFza3xzOjU6ImxvZ2luIjs=.php", > O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) > 15663 time(NULL) = 1326973864 > 15663 > lstat64("/var/lib/roundcube/program/lib/'dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJlbl9VUyI7dGFza3xzOjU6ImxvZ2luIjs='.php", > 0xbff589f8) = -1 ENOENT (No such file or directory) > 15663 getcwd("/var/lib/roundcube", 4096) = 19 > 15663 time(NULL) = 1326973864 > 15663 > lstat64("/var/lib/roundcube/./'dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJlbl9VUyI7dGFza3xzOjU6ImxvZ2luIjs='.php", > 0xbff589f8) = -1 ENOENT (No such file or directory) > 15663 time(NULL) = 1326973864 > 15663 > lstat64("/usr/share/php/'dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJlbl9VUyI7dGFza3xzOjU6ImxvZ2luIjs='.php", > 0xbff589f8) = -1 ENOENT (No such file or directory) > 15663 time(NULL) = 1326973864 > 15663 > lstat64("/usr/share/pear/'dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJlbl9VUyI7dGFza3xzOjU6ImxvZ2luIjs='.php", > 0xbff589f8) = -1 ENOENT (No such file or directory) > 15663 time(NULL) = 1326973864 > 15663 > lstat64("/usr/share/roundcube/program/include/'dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJlbl9VUyI7dGFza3xzOjU6ImxvZ2luIjs='.php", > 0xbff589f8) = -1 ENOENT (No such file or directory) > 15663 getcwd("/var/lib/roundcube", 4096) = 19 > 15663 time(NULL) = 1326973864 > 15663 > lstat64("/var/lib/roundcube/'dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJlbl9VUyI7dGFza3xzOjU6ImxvZ2luIjs='.php", > 0xbff5aaa8) = -1 ENOENT (No such file or directory) > 15663 > open("/var/lib/roundcube/'dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJlbl9VUyI7dGFza3xzOjU6ImxvZ2luIjs='.php", > O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) > > This also happens for entire SQL commands, e.g.: > 15663 lstat64("/var/lib/roundcube/program/lib/SELECT vars, ip, changed FROM > session WHERE sess_id = ?.php", 0xbff56488) = -1 ENOENT (No such file or > directory) > > Frankly, I could *not* believe my eyes. > > I don't know whether this has any security implications. > If so, I wouldn't be too surprised. > > Anyway, I don't know the reason for this nonsense, but it needs to be stopped. > 30 spurious file system calls for every SQL command is really pushing it. > (Assuming that the typical SQL statement has two string parameters.) > > -- System Information: > Debian Release: wheezy/sid > APT prefers testing > APT policy: (700, 'testing'), (650, 'unstable'), (600, 'stable') > Architecture: i386 (i686) > > Kernel: Linux 3.1.0-1-686-pae (SMP w/4 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages php-mdb2 depends on: > ii php-pear 5.3.8.0-1 > > php-mdb2 recommends no packages. > > php-mdb2 suggests no packages. > > -- no debconf information > > > > _______________________________________________ > pkg-php-maint mailing list > pkg-php-ma...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint -- Ondřej Surý <ond...@sury.org> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org