Edit report at http://bugs.php.net/bug.php?id=54674edit=1
ID: 54674
Updated by: and...@php.net
Reported by:nihen at megabbs dot com
Summary:mysqlnd valid_sjis_(head|tail) is using invalid
operator and range.
-Status: Assigned
+Status: Closed
Type: Bug
Package:PDO related
Operating System: All
PHP Version:5.3.6
Assigned To:mysql
Block user comment: N
Private report: N
New Comment:
This bug has been fixed in SVN.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
Thank you for the report, and for helping us make PHP better.
Range fixed in SVN. Thanks!
Previous Comments:
[2011-05-10 05:31:23] nihen at megabbs dot com
Thank you for operator fix.
but, it does not fix invalid range.
#define valid_sjis_tail(c) ((0x40 = (c) (c) = 0x7E) || (0x80 =
(c)
(c) = 0x7C))
to
#define valid_sjis_tail(c) ((0x40 = (c) (c) = 0x7E) || (0x80 =
(c) (c)
= 0xFC))
is correct.
s/7C/FC/
[2011-05-09 18:24:18] and...@php.net
This bug has been fixed in SVN.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
Thank you for the report, and for helping us make PHP better.
Thanks for the report!
[2011-05-09 18:20:37] and...@php.net
Automatic comment from SVN on behalf of andrey
Revision: http://svn.php.net/viewvc/?view=revisionamp;revision=310856
Log: Fix for bug 54674..typo in the check of SJIS
[2011-05-06 12:11:17] nihen at megabbs dot com
Original report by Hiroshi Tokumaru.
http://www.tokumaru.org/d/20110322.html#p01
http://www.tokumaru.org/d/20110329.html#p01
(lang:japanese)
[2011-05-06 11:54:38] nihen at megabbs dot com
Description:
impacts to:
1. mysqli-real_escape_string
2. use PDO at PDO::ATTR_EMULATE_PREPARES = true
real_escape_string must not escape multi-byte character.
but escape it.
This bug is a SQL-injection may cause.
Test script:
---
?php
$japanese_so = pack('H4', '835c');
$mysql = mysqli_connect('localhost', 'sandbox', 'sandbox');
$mysql-set_charset('sjis');
echo $mysql-real_escape_string($japanese_so) === $japanese_so ? 'ok' :
'ng';
echo \n;
Expected result:
echo ok\n
Actual result:
--
echo ng\n
--
Edit this bug report at http://bugs.php.net/bug.php?id=54674edit=1