Fix GH-16131: Prevent mixing PDO sub-classes with different DSN #16167
Conversation
kocsismate
force-pushed
the
fix-gh-16131
branch
3 times, most recently
from
a017be7 to
63e1e32
Compare
|
Should this PR target PHP-8.4? |
Yes, of course, I just always forget to set the target on GitHub :) Thanks for the reminder though! |
|
There appears to be no ABI break. |
Yeah, agreed... Neither I have any better idea which would work... But maybe Ilija will have one if he gets a chance to review the PR. |
|
FWIW, I'm also realizing this approach is going to be annoying for third-party PDO drivers; it'll involve a last-minute addition to UPGRADING.INTERNALS and some ifdef in the stub and a short stub function for the class implementation. |
Yes, agreed... @iluuu1994 if you have capacity... do you by chance have any better approach to fix the issue than what I found? |
|
@kocsismate I can have a look, but please know that I have 0 experience with pdo, both as a user and developer. Maybe there's somebody more qualified, @SakiTakamachi? |
@iluuu1994 I think this problem is more about general OOP behavior than about PDO specific stuff: when instantiating a PDO children, we have to check whether the DSN is appropriate for the called internal PDO subclass (i.e. Pdo\Mysql, Pdo\Pgsql etc.). The problem is that these subclasses can also have children in userland, so we cannot simply use the currently called object, but we have to retrieve the internal driver-specific PDO subclass which is extended. That's why I added a separate constructor for each internal PDO subclass. |
kocsismate
force-pushed
the
fix-gh-16131
branch
from
787c9ce to
c80949e
Compare
Can't we "just" look up the first internal class in the ancestor chain? Might not work if the class is not linked, though. |
In what scenario would it not be linked? |
Yeah, you're right. I had just looked up zend_class_entry, and didn't think about runtime (where linking should have been happened). |
|
I'm going to rewrite my solution with the one suggested by Christoph ASAP |
kocsismate
force-pushed
the
fix-gh-16131
branch
from
c80949e to
89bf97f
Compare
| } | ||
| /* }}} */ | ||
|
|
||
| /* {{{ */ | ||
| PHP_METHOD(PDO, connect) | ||
| { | ||
| internal_construct(INTERNAL_FUNCTION_PARAM_PASSTHRU, Z_OBJ(EX(This)), EX(This).value.ce, return_value); | ||
| php_pdo_internal_construct_driver(INTERNAL_FUNCTION_PARAM_PASSTHRU, NULL, Z_CE_P(ZEND_THIS), return_value); |
There was a problem hiding this comment.
EX(This).value.ce is Z_OBJCE_P(ZEND_THIS) which is different than Z_CE_P(ZEND_THIS). For a static method, the latter is needed to properly support the static return type
| } | ||
| ZEND_ASSERT((driver->driver_name != NULL) && "PDO driver name is null"); | ||
|
|
||
| if (!create_driver_specific_pdo_object(driver, called_scope, new_zval_object)) { |
There was a problem hiding this comment.
create_driver_specific_pdo_object() has to be called for the constructor as well. Previously, only connect() calls eere validated...
| return false; | ||
| } | ||
| } | ||
|
|
||
| /* A non-driver specific PDO subclass is instantiated via the constructor. This results in the legacy behavior. */ |
There was a problem hiding this comment.
Without this, older tests using legacy "quasi classes" would fail, now that constructor calls are also validated.
| @@ -14,4 +14,4 @@ try { | |||
|
|
|||
| ?> | |||
| --EXPECT-- | |||
| Pdo\Pgsql::connect() cannot be called when connecting to the "sqlite" driver, either Pdo\Sqlite::connect() or PDO::connect() must be called instead | |||
| Pdo\Pgsql::connect() cannot be used for connecting to the "sqlite" driver, either call Pdo\Sqlite::connect() or PDO::connect() instead | |||
There was a problem hiding this comment.
The new wording is more clear IMO.
| @@ -694,6 +694,8 @@ PDO_API void php_pdo_dbh_delref(pdo_dbh_t *dbh); | |||
| PDO_API void php_pdo_free_statement(pdo_stmt_t *stmt); | |||
| PDO_API void php_pdo_stmt_set_column_count(pdo_stmt_t *stmt, int new_count); | |||
|
|
|||
| PDO_API void php_pdo_internal_construct_driver(INTERNAL_FUNCTION_PARAMETERS, zend_object *current_object, zend_class_entry *called_scope, zval *new_zval_object); | |||
There was a problem hiding this comment.
I guess it makes sense to expose this function for extensions which override the PDO constructor (?)
There was a problem hiding this comment.
This seems to be a much better solution that minimize impact elsewhere. The only weird part is the stack trace does mention the PDO base class, even if I use a driver subclass instead. i.e.
Fatal error: Uncaught PDOException: Pdo\Mysql::__construct() cannot be used for connecting to the "sqlite" driver, either call Pdo\Sqlite::__construct() or PDO::__construct() instead in /Users/calvin/src/evil.php:2
Stack trace:
#0 /Users/calvin/src/evil.php(2): PDO->__construct('sqlite:test.db')
#1 {main}
thrown in /Users/calvin/src/evil.php on line 2
(where line 2 is $db = new Pdo\Mysql('sqlite:test.db');)
I think we need to fix that somehow (thinking about |
I wasn't 100% sure at first, but It seems like this is a general behavior: https://3v4l.org/aLUDr#v8.3.12 Anyway, I agree that this should be improved. |
|
Since I'm leaving for vacation, I'm merging this. I can do followup changes/fixes if someone reviews it later. |
|
Closing via 5892991 |
No description provided.