php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #69362 PDO-pgsql fails to connect if password contains a leading single quote
Submitted: 2015-04-03 00:44 UTC Modified: 2015-06-11 21:52 UTC
From: jon dot dufresne at gmail dot com Assigned: mbeccati
Status: Closed Package: PDO PgSQL
PHP Version: 5.5.23 OS: Linux
Private report: No CVE-ID:
 [2015-04-03 00:44 UTC] jon dot dufresne at gmail dot com
Description:
------------
If a PostgreSQL user's password contains a leading single quote (apostrophe) PDO-pgsql is unable to connect to the database as the user. The script fails with the message:

PHP Fatal error:  Uncaught exception 'PDOException' with message 'SQLSTATE[08006] [7] unterminated quoted string in connection info string'

Test script:
---------------
#!/bin/bash

echo "Trailing quote"
psql postgres -c "DROP DATABASE IF EXISTS testphp"
psql postgres -c "DROP ROLE IF EXISTS testphp"
psql postgres -c "CREATE ROLE testphp PASSWORD 'asdf''' LOGIN"
psql postgres -c "CREATE DATABASE testphp OWNER testphp"
php -r "new PDO(\"pgsql:dbname=testphp\", \"testphp\", \"asdf'\");"

echo "Leading quote"
psql postgres -c "DROP DATABASE IF EXISTS testphp"
psql postgres -c "DROP ROLE IF EXISTS testphp"
psql postgres -c "CREATE ROLE testphp PASSWORD '''asdf' LOGIN"
psql postgres -c "CREATE DATABASE testphp OWNER testphp"
php -r "new PDO(\"pgsql:dbname=testphp\", \"testphp\", \"'asdf\");"


Expected result:
----------------
PHP can connect to the database no problem.

Output from script:

$ bash test.sh
Trailing quote
DROP DATABASE
DROP ROLE
CREATE ROLE
CREATE DATABASE
Leading quote
DROP DATABASE
DROP ROLE
CREATE ROLE
CREATE DATABASE


Actual result:
--------------
$ bash test.sh
Trailing quote
DROP DATABASE
DROP ROLE
CREATE ROLE
CREATE DATABASE
Leading quote
DROP DATABASE
DROP ROLE
CREATE ROLE
CREATE DATABASE
PHP Fatal error:  Uncaught exception 'PDOException' with message 'SQLSTATE[08006] [7] unterminated quoted string in connection info string' in Command line code:1
Stack trace:
#0 Command line code(1): PDO->__construct('pgsql:dbname=te...', 'testphp', ''asdf')
#1 {main}
  thrown in Command line code on line 1


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-06-11 21:52 UTC] mbeccati@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: mbeccati
 [2015-06-11 22:28 UTC] mbeccati@php.net
Automatic comment on behalf of mbeccati
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7c0b8f872e3c15d50b1dc2d35be3674c24f82bf6
Log: Fix bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote)
 [2015-06-11 22:28 UTC] mbeccati@php.net
-Status: Verified +Status: Closed
 [2015-06-11 22:28 UTC] mbeccati@php.net
Automatic comment on behalf of mbeccati
Revision: http://git.php.net/?p=php-src.git;a=commit;h=afa4c3e7c72a616d21780fd39764f7fc03d0a3df
Log: Fix bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote)
 [2015-06-12 00:09 UTC] mbeccati@php.net
Automatic comment on behalf of mbeccati
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7c0b8f872e3c15d50b1dc2d35be3674c24f82bf6
Log: Fix bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote)
 [2015-06-23 18:04 UTC] ab@php.net
Automatic comment on behalf of mbeccati
Revision: http://git.php.net/?p=php-src.git;a=commit;h=afa4c3e7c72a616d21780fd39764f7fc03d0a3df
Log: Fix bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote)
 [2015-06-23 18:04 UTC] ab@php.net
Automatic comment on behalf of mbeccati
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7c0b8f872e3c15d50b1dc2d35be3674c24f82bf6
Log: Fix bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote)
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Wed Jul 26 04:01:41 2017 UTC