Fix #81720: Uninitialized array in pg_query_params() leading to RCE

We must not free parameters which we haven't initialized yet.

We also fix the not directly related issue, that we

Fix #81720: Uninitialized array in pg_query_params() leading to RCE

We must not free parameters which we haven't initialized yet.

We also fix the not directly related issue, that we checked for the
wrong value being `NULL`, potentially causing a segfault.

show more ...

Fix GH-8253: pg_insert() fails for references

We need to deref the values.

Closes GH-8262.

Fix result_type related stack corruption on LLP64 architectures

Integer parameters are stored in `zend_long` values, which have 64 bits
on LLP64, but `long` has only 32 bits there.

Fix result_type related stack corruption on LLP64 architectures

Integer parameters are stored in `zend_long` values, which have 64 bits
on LLP64, but `long` has only 32 bits there.

Adding a test might be overkill, because the broken behavior could
already be observed when running pg_select_001.phpt on Windows debug
builds, which report the stack corruption.

Closes GH-8263.

show more ...

Fix php_pgsql_fd_cast() wrt. php_stream_can_cast()

`php_stream_can_cast()` forwards to `_php_stream_cast()` with `ret` set
to `NULL`. `php_pgsql_fd_cast()` needs to cater to that, becau

Fix php_pgsql_fd_cast() wrt. php_stream_can_cast()

`php_stream_can_cast()` forwards to `_php_stream_cast()` with `ret` set
to `NULL`. `php_pgsql_fd_cast()` needs to cater to that, because
otherwise the stream would report that it is not castable.

This *might* fix https://bugs.php.net/73903.

Closes GH-6888.

show more ...

Fix locale dependent parsing of PostgreSQL version number

Version numbers are not supposed to be localized, so we must not apply
locale dependent parsing with `atof()`.

Using `p

Fix locale dependent parsing of PostgreSQL version number

Version numbers are not supposed to be localized, so we must not apply
locale dependent parsing with `atof()`.

Using `php_version_compare()` might even be better.

Closes GH-6668.

show more ...

Fix default value handling of mysqli_fetch_object()

Make [] acceptable both for classes without constructors and
classes with a constructor that takes no arguments.

Closes GH-63

Fix default value handling of mysqli_fetch_object()

Make [] acceptable both for classes without constructors and
classes with a constructor that takes no arguments.

Closes GH-6336.

show more ...

Don't accept null in pg_unescape_bytea()

This is an error that slipped in via 8d37c37bcdbf6fa99cd275413342457eeb2c664e.
pg_unescape_bytea() did not accept null in PHP 7.4, and it is not

Don't accept null in pg_unescape_bytea()

This is an error that slipped in via 8d37c37bcdbf6fa99cd275413342457eeb2c664e.
pg_unescape_bytea() did not accept null in PHP 7.4, and it is not
meaningful for it to accept null now -- it will always fail, and now
with a misleading OOM message.

show more ...

Use a subrountine to check for valid OID strings

Closes 6260

Promote E_NOTICE to Value/TypeError in PostgreSQL extension

Add some tests to cover related codepaths.
With the small caveat that the ones in build_assignment_string()
still don't se

Promote E_NOTICE to Value/TypeError in PostgreSQL extension

Add some tests to cover related codepaths.
With the small caveat that the ones in build_assignment_string()
still don't seem to be tested as it looks the condtions are checked
beforehand, might need some more investigation.

Closes GH-6226

show more ...

Return empty array for no rows in pg_fetch_all()

This makes it line up with pg_fetch_all_columns(), as well as
similar functions in other exts, such as mysqli_fetch_all().

Promote invalid field to ValueError in pgsql

The same error condition is a ValueError in mysqli, be consistent.

Additionally, do not display the argument name for these errors.

Promote invalid field to ValueError in pgsql

The same error condition is a ValueError in mysqli, be consistent.

Additionally, do not display the argument name for these errors.
As the signatures are overloaded, the argument name may not match
the meaning at all.

show more ...

Remove redundant check

This was already checked directly above.

pg_unescape_bytea() can only fail on OOM

The implementation did not check for PQunescapeBytea failure
correctly, because it checked for a null pointer after estrndup,
which certainly

pg_unescape_bytea() can only fail on OOM

The implementation did not check for PQunescapeBytea failure
correctly, because it checked for a null pointer after estrndup,
which certainly cannot happen. Inspection of the PGunescapeBytea
implementation has shown that this function can only fail on OOM,
so let's check for that explicitly and remove false as a possible
return type.

While we're here, avoid an unnecessary copy of the result.

show more ...

Fix a few UNKNOWN default values in ext/pgsql

Closes GH-6149

Promote warnings to Errors in PostgreSQL extension

Do some drive by indentation fixes
Also fix pg_select() in regards to the $result_type arg which was missing from ZPP

Closes G

Promote warnings to Errors in PostgreSQL extension

Do some drive by indentation fixes
Also fix pg_select() in regards to the $result_type arg which was missing from ZPP

Closes GH-6129

show more ...

Use string|int union types in pgsql

For "field name or field offset" parameters.

Also make $ctor_params an ?array parameter.

Use proper int type for parameter

Use PGSQL_RETURN_OID() in more places

Add stub for pgsql extension

Remove deprecated pgsql signatures

As the comment indicates, these are deprecated in PHP 4.2...

Promote pgsql no link to Error exception

Remove deprecated multi-parameter form of pg_connect()

Drop various unused macros/APIs

Also convert_libmagic_pattern() to return a zend_string*

Closes GH-6029

Use zpp C in pg_fetch_object

Implement named parameters

From an engine perspective, named parameters mainly add three
concepts:

* The SEND_* opcodes now accept a CONST op2, which is the
argument nam

Implement named parameters

From an engine perspective, named parameters mainly add three
concepts:

* The SEND_* opcodes now accept a CONST op2, which is the
argument name. For now, it is looked up by linear scan and
runtime cached.
* This may leave UNDEF arguments on the stack. To avoid having
to deal with them in other places, a CHECK_UNDEF_ARGS opcode
is used to either replace them with defaults, or error.
* For variadic functions, EX(extra_named_params) are collected
and need to be freed based on ZEND_CALL_HAS_EXTRA_NAMED_PARAMS.

RFC: https://wiki.php.net/rfc/named_params

Closes GH-5357.

show more ...