php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

Patch PDOPostgreSQLPassword for PDO PgSQL Bug #62479

Patch version 2012-10-31 01:51 UTC

Return to Bug #62479 | Download this patch
Patch Revisions:

Developer: iliaa@php.net

diff --git a/ext/pdo_pgsql/pgsql_driver.c b/ext/pdo_pgsql/pgsql_driver.c
index 1b8e478..df9164c 100644
--- a/ext/pdo_pgsql/pgsql_driver.c
+++ b/ext/pdo_pgsql/pgsql_driver.c
@@ -1029,6 +1029,7 @@ static int pdo_pgsql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
 	pdo_pgsql_db_handle *H;
 	int ret = 0;
 	char *conn_str, *p, *e;
+	char *tmp_pass;
 	long connect_timeout = 30;
 
 	H = pecalloc(1, sizeof(pdo_pgsql_db_handle), dbh->is_persistent);
@@ -1050,19 +1051,41 @@ static int pdo_pgsql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_
 		connect_timeout = pdo_attr_lval(driver_options, PDO_ATTR_TIMEOUT, 30 TSRMLS_CC);
 	}
 
+	if (dbh->password) {
+		if (dbh->password[0] != '\'' && dbh->password[strlen(dbh->password) - 1] != '\'') {
+			char *pwd = dbh->password;
+			int pos = 1;
+
+			tmp_pass = safe_emalloc(2, strlen(dbh->password), 3);
+			tmp_pass[0] = '\'';
+			while (*pwd != '\0') {
+				if (*pwd == '\\' || *pwd == '\'') {
+					tmp_pass[pos++] = '\\';
+				}
+				tmp_pass[pos++] = *pwd++;
+			}
+			tmp_pass[pos++] = '\'';
+			tmp_pass[pos] = '\0';
+		} else {
+			tmp_pass = dbh->password;
+		}
+	}
+
 	/* support both full connection string & connection string + login and/or password */
 	if (dbh->username && dbh->password) {
-		spprintf(&conn_str, 0, "%s user=%s password=%s connect_timeout=%ld", dbh->data_source, dbh->username, dbh->password, connect_timeout);
+		spprintf(&conn_str, 0, "%s user=%s password=%s connect_timeout=%ld", dbh->data_source, dbh->username, tmp_pass, connect_timeout);
 	} else if (dbh->username) {
 		spprintf(&conn_str, 0, "%s user=%s connect_timeout=%ld", dbh->data_source, dbh->username, connect_timeout);
 	} else if (dbh->password) {
-		spprintf(&conn_str, 0, "%s password=%s connect_timeout=%ld", dbh->data_source, dbh->password, connect_timeout);
+		spprintf(&conn_str, 0, "%s password=%s connect_timeout=%ld", dbh->data_source, tmp_pass, connect_timeout);
 	} else {
 		spprintf(&conn_str, 0, "%s connect_timeout=%ld", (char *) dbh->data_source, connect_timeout);
 	}
 
 	H->server = PQconnectdb(conn_str);
-
+	if (dbh->password && tmp_pass != dbh->password) {
+		efree(tmp_pass);
+	}
 	efree(conn_str);
 
 	if (PQstatus(H->server) != CONNECTION_OK) {
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Wed Apr 16 22:02:05 2014 UTC