Edit report at http://bugs.php.net/bug.php?id=54674&edit=1
ID: 54674 Updated by: and...@php.net Reported by: nihen at megabbs dot com Summary: mysqlnd valid_sjis_(head|tail) is using invalid operator and range. -Status: Assigned +Status: Closed Type: Bug Package: PDO related Operating System: All PHP Version: 5.3.6 Assigned To: mysql Block user comment: N Private report: N New Comment: This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Range fixed in SVN. Thanks! Previous Comments: ------------------------------------------------------------------------ [2011-05-10 05:31:23] nihen at megabbs dot com Thank you for "operator" fix. but, it does not fix invalid "range". > #define valid_sjis_tail(c) ((0x40 <= (c) && (c) <= 0x7E) || (0x80 <= (c) && (c) <= 0x7C)) to #define valid_sjis_tail(c) ((0x40 <= (c) && (c) <= 0x7E) || (0x80 <= (c) && (c) <= 0xFC)) is correct. s/7C/FC/ ------------------------------------------------------------------------ [2011-05-09 18:24:18] and...@php.net This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Thanks for the report! ------------------------------------------------------------------------ [2011-05-09 18:20:37] and...@php.net Automatic comment from SVN on behalf of andrey Revision: http://svn.php.net/viewvc/?view=revision&revision=310856 Log: Fix for bug 54674..typo in the check of SJIS ------------------------------------------------------------------------ [2011-05-06 12:11:17] nihen at megabbs dot com Original report by Hiroshi Tokumaru. http://www.tokumaru.org/d/20110322.html#p01 http://www.tokumaru.org/d/20110329.html#p01 (lang:japanese) ------------------------------------------------------------------------ [2011-05-06 11:54:38] nihen at megabbs dot com Description: ------------ impacts to: 1. mysqli->real_escape_string 2. use PDO at PDO::ATTR_EMULATE_PREPARES = true "real_escape_string" must not escape multi-byte character. but escape it. This bug is a SQL-injection may cause. Test script: --------------- <?php $japanese_so = pack('H4', '835c'); $mysql = mysqli_connect('localhost', 'sandbox', 'sandbox'); $mysql->set_charset('sjis'); echo $mysql->real_escape_string($japanese_so) === $japanese_so ? 'ok' : 'ng'; echo "\n"; Expected result: ---------------- echo "ok\n" Actual result: -------------- echo "ng\n" ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=54674&edit=1