mirror of
https://github.com/php/php-src.git
synced 2026-04-14 19:41:05 +02:00
8ed21a89f3
The arguments 3 to 6 of the authorizer callback may be `NULL`[1], and we have to properly deal with that. Instead of causing a segfault, we deny authorization, which is still better than a crash, and apparently, we cannot do better anyway. [1] <https://www.sqlite.org/c3ref/set_authorizer.html> Closes GH-9040.
29 lines
666 B
PHP
29 lines
666 B
PHP
--TEST--
|
|
SQLite3 authorizer crashes on NULL values
|
|
--SKIPIF--
|
|
<?php
|
|
if (!extension_loaded("sqlite3")) die("skip sqlite3 extension not available");
|
|
?>
|
|
--INI--
|
|
open_basedir=.
|
|
--FILE--
|
|
<?php
|
|
$db = new SQLite3(":memory:");
|
|
$db->enableExceptions(true);
|
|
|
|
$db->exec('attach database \':memory:\' AS "db1"');
|
|
var_dump($db->exec('create table db1.r (id int)'));
|
|
|
|
try {
|
|
$st = $db->prepare('attach database :a AS "db2"');
|
|
$st->bindValue("a", ":memory:");
|
|
$st->execute();
|
|
var_dump($db->exec('create table db2.r (id int)'));
|
|
} catch (Exception $ex) {
|
|
echo $ex->getMessage(), PHP_EOL;
|
|
}
|
|
?>
|
|
--EXPECT--
|
|
bool(true)
|
|
Unable to prepare statement: 23, not authorized
|