From: [EMAIL PROTECTED] Operating system: GNU/Linux PHP version: 4.1.2 PHP Bug Type: PostgreSQL related Bug description: Bad char encoding
Cf http://lists.debian.org/debian-security/2002/debian-security-200204/msg00328.html A bad char encoding between PHP and PostgreSQL (don't know which is guilty here), followed by a bug in SQL queries in PostgreSQL can lead to execute any SQL request. Sample code here: %<---------------------------------------- $conn = pg_connect("dbname=" . BASE_DOC . " port=" . BASE_PORT . " user=" . BASE_USER); $var="é\'; BAD REQUEST"; pg_exec($conn, "SET client_encoding = 'LATIN1'"); $request = "SELECT col FROM tab WHERE col='" . addslashes($var) . "'"; %<---------------------------------------- See Debian-security archive for more details. Already tested on a Debian Woody with PHP-cgi 4.1.2 (+php4-pgsql+php4-pear). -- Edit bug report at http://bugs.php.net/?id=16895&edit=1 -- Fixed in CVS: http://bugs.php.net/fix.php?id=16895&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=16895&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=16895&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=16895&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=16895&r=support Expected behavior: http://bugs.php.net/fix.php?id=16895&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=16895&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=16895&r=submittedtwice