Merge branch 'sql'

author: Ben Fuhrmannek 2014-07-14 13:07:38 +0200
committer: Ben Fuhrmannek 2014-07-14 13:07:38 +0200
commit: 1dc59e48642c98e34320f1a31c120fbf290fd509 (patch)
tree: 5126791aac0c7655daa502a00a53d4c2257ced43 /execute.c
parent: 940509ed02db713920612b0994a57d6227c3655c (diff)
parent: aafe0cf82f5fb7220ac6f674bbc1c2091a6a9c4d (diff)
1 files changed, 139 insertions, 70 deletions
diff --git a/execute.c b/execute.c
index 1f7cf15..82a4866 100644
--- a/execute.c
+++ b/execute.c
@@ -24,6 +24,7 @@
 #endif
 #include <fcntl.h>
+#include <fnmatch.h>
 #include "php.h"
 #include "php_ini.h"
 #include "zend_hash.h"
@@ -880,7 +881,7 @@ int ih_querycheck(IH_HANDLER_PARAMS)
                return (0);
        }
    
-        if ((long) ih->arg1) {
+        if ((long) ih->arg2) {
            mysql_extension = 1;
        }
        
@@ -892,6 +893,7 @@ int ih_querycheck(IH_HANDLER_PARAMS)
        }
        len = Z_STRLEN_P(backup);
        query = Z_STRVAL_P(backup);
+        SDEBUG("SQL |%s|", query);
        
        s = query;
        e = s+len;
@@ -1023,29 +1025,16 @@ int ih_fixusername(IH_HANDLER_PARAMS)
        void **p = EG(argument_stack).top_element-2;
 #endif
        unsigned long arg_count;
-        zval **arg;char *prefix, *postfix, *user;
+        zval **arg;
+        char *prefix, *postfix, *user, *user_match, *cp;
        zval *backup, *my_user;
        int prefix_len, postfix_len, len;
        
-        SDEBUG("function: %s", ih->name);
+        SDEBUG("function (fixusername): %s", ih->name);
        
        prefix = SUHOSIN_G(sql_user_prefix);
        postfix = SUHOSIN_G(sql_user_postfix);
-        
+        user_match = SUHOSIN_G(sql_user_match);
-        if ((prefix == NULL || prefix[0] == 0)&& 
-                (postfix == NULL || postfix[0] == 0)) {
-                return (0);
-        }
-        
-        if (prefix == NULL) {
-                prefix = "";
-        }
-        if (postfix == NULL) {
-                postfix = "";
-        }
-        
-        prefix_len = strlen(prefix);
-        postfix_len = strlen(postfix);
        
        arg_count = (unsigned long) *p;
@@ -1064,26 +1053,60 @@ int ih_fixusername(IH_HANDLER_PARAMS)
                user = Z_STRVAL_P(backup);
        }
-        if (prefix_len && prefix_len <= len) {
+        cp = user;
-                if (strncmp(prefix, user, prefix_len)==0) {
+        while (cp < user+len) {
-                        prefix = "";
+                if (*cp < 32) {
-                        len -= prefix_len;
+                        suhosin_log(S_SQL, "SQL username contains invalid characters");
+                        if (!SUHOSIN_G(simulation)) {
+                                RETVAL_FALSE;
+                                return (1);
+                        } else {
+                                break;
+                        }
                }
+                cp++;
        }
-        
-        if (postfix_len && postfix_len <= len) {
+        if ((prefix != NULL && prefix[0]) || (postfix != NULL && postfix[0])) {
-                if (strncmp(postfix, user+len-postfix_len, postfix_len)==0) {
+                if (prefix == NULL) {
+                        prefix = "";
+                }
+                if (postfix == NULL) {
                        postfix = "";
                }
+                prefix_len = strlen(prefix);
+                postfix_len = strlen(postfix);
+                
+                MAKE_STD_ZVAL(my_user);
+                my_user->type = IS_STRING;
+                my_user->value.str.len = spprintf(&my_user->value.str.val, 0, "%s%s%s", prefix, user, postfix);
+        
+                /* XXX: memory_leak? */
+                *arg = my_user; 
+                
+                len = Z_STRLEN_P(my_user);
+                user = Z_STRVAL_P(my_user);
        }
        
-        MAKE_STD_ZVAL(my_user);
+        if (user_match && user_match[0]) {
-        my_user->type = IS_STRING;
+#ifdef HAVE_FNMATCH
-        my_user->value.str.len = spprintf(&my_user->value.str.val, 0, "%s%s%s", prefix, user, postfix);
+                if (fnmatch(user_match, user, 0) != 0) {
+                        suhosin_log(S_SQL, "SQL username ('%s') does not match suhosin.sql.user_match ('%s')", user, user_match);
+                        if (!SUHOSIN_G(simulation)) {
+                                RETVAL_FALSE;
+                                return (1);
+                        }
+                }
+#else
+#warning no support for fnmatch() - setting suhosin.sql.user_match will always fail.
+                suhosin_log(S_SQL, "suhosin.sql.user_match specified, but system does not support fnmatch()");
+                if (!SUHOSIN_G(simulation)) {
+                        RETVAL_FALSE;
+                        return (1);
+                }
+#endif
+        }
        
-        /* XXX: memory_leak? */
-        *arg = my_user; 
-         
        SDEBUG("function: %s - user: %s", ih->name, user);
        return (0);
@@ -1552,9 +1575,9 @@ static int ih_getrandmax(IH_HANDLER_PARAMS)
 }
 internal_function_handler ihandlers[] = {
-    { "preg_replace", ih_preg_replace, NULL, NULL, NULL },
+        { "preg_replace", ih_preg_replace, NULL, NULL, NULL },
-    { "mail", ih_mail, NULL, NULL, NULL },
+        { "mail", ih_mail, NULL, NULL, NULL },
-    { "symlink", ih_symlink, NULL, NULL, NULL },
+        { "symlink", ih_symlink, NULL, NULL, NULL },
        
        { "srand", ih_srand, NULL, NULL, NULL },
        { "mt_srand", ih_mt_srand, NULL, NULL, NULL },
@@ -1563,49 +1586,95 @@ internal_function_handler ihandlers[] = {
        { "getrandmax", ih_getrandmax, NULL, NULL, NULL },
        { "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL },
        
-    { "ocilogon", ih_fixusername, (void *)1, NULL, NULL },
+        { "function_exists", ih_function_exists, NULL, NULL, NULL },
-    { "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
-    { "ocinlogon", ih_fixusername, (void *)1, NULL, NULL },
-    { "oci_connect", ih_fixusername, (void *)1, NULL, NULL },
-    { "oci_pconnect", ih_fixusername, (void *)1, NULL, NULL },
-    { "oci_new_connect", ih_fixusername, (void *)1, NULL, NULL },
        
-    { "fbsql_change_user", ih_fixusername, (void *)1, NULL, NULL },
+        /* Mysqli */
-    { "fbsql_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysqli::mysqli", ih_fixusername, (void *)2, NULL, NULL },
-    { "fbsql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysqli_connect", ih_fixusername, (void *)2, NULL, NULL },
-    
+        { "mysqli::real_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "function_exists", ih_function_exists, NULL, NULL, NULL },
+        { "mysqli_real_connect", ih_fixusername, (void *)3, NULL, NULL },
+        { "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysqli::change_user", ih_fixusername, (void *)1, NULL, NULL },
+        
+        { "mysqli::query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli::multi_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_multi_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli::prepare", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_prepare", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli::real_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_real_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli::send_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_send_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        // removed in PHP 5.3
+        { "mysqli_master_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli_slave_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        // ----
        
-    { "ifx_connect", ih_fixusername, (void *)2, NULL, NULL },
+        /* Mysql API - deprecated in PHP 5.5 */
-    { "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysql_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysql_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysql_db_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysql_unbuffered_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        
+#ifdef SUHOSIN_EXPERIMENTAL
+        /* MaxDB */
+        { "maxdb::maxdb", ih_fixusername, (void *)2, NULL, NULL },
+        { "maxdb_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "maxdb::real_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL },
+        { "maxdb::change_user", ih_fixusername, (void *)1, NULL, NULL },
+        { "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL },
+        
+        { "maxdb_master_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::multi_query", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_multi_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::query", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::real_query", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_real_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::send_query", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_send_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::prepare", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_prepare", ih_querycheck, (void *)2, NULL, NULL },
-    { "ibase_connect", ih_fixusername, (void *)2, NULL, NULL },
+        /* PDO */
-    { "ibase_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+                /* note: mysql conditional comments not supported here */
+        { "pdo::__construct", ih_fixusername, (void *)2, NULL, NULL }, /* note: username may come from dsn (param 1) */
+        { "pdo::query", ih_querycheck, (void *)1, NULL, NULL },
+        { "pdo::prepare", ih_querycheck, (void *)1, NULL, NULL },
+        { "pdo::exec", ih_querycheck, (void *)1, NULL, NULL },
+        
+        /* Oracle OCI8 */
+        { "ocilogon", ih_fixusername, (void *)1, NULL, NULL },
+        { "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
+        { "ocinlogon", ih_fixusername, (void *)1, NULL, NULL },
+        { "oci_connect", ih_fixusername, (void *)1, NULL, NULL },
+        { "oci_pconnect", ih_fixusername, (void *)1, NULL, NULL },
+        { "oci_new_connect", ih_fixusername, (void *)1, NULL, NULL },
-    { "maxdb", ih_fixusername, (void *)2, NULL, NULL },
+        /* FrontBase */
-    { "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL },
+        { "fbsql_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "maxdb_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "fbsql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
-    { "maxdb_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "fbsql_change_user", ih_fixusername, (void *)1, NULL, NULL },
-    { "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL },
+        { "fbsql_username", ih_fixusername, (void *)2, NULL, NULL },
-    { "mssql_connect", ih_fixusername, (void *)2, NULL, NULL },
+        /* Informix */
-    { "mssql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "ifx_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysql_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        /* Firebird/InterBase */
-    { "mysql_db_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "ibase_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysql_unbuffered_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "ibase_pconnect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysqli_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "ibase_service_attach", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysqli_real_query", ih_querycheck, (void *)2, (void *)1, NULL },
-    { "mysqli_send_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        /* Microsoft SQL Server */
-    { "mysqli_master_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mssql_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysqli_slave_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mssql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+#endif
-    { "mysqli", ih_fixusername, (void *)2, NULL, NULL },
+        { NULL, NULL, NULL, NULL, NULL }
-    { "mysql_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysql_real_connect", ih_fixusername, (void *)3, NULL, NULL },
-    { NULL, NULL, NULL, NULL, NULL }
 };
 #define FUNCTION_WARNING() zend_error(E_WARNING, "%s() has been disabled for security reasons", get_active_function_name(TSRMLS_C));
author	Ben Fuhrmannek	2014-07-14 13:07:38 +0200
committer	Ben Fuhrmannek	2014-07-14 13:07:38 +0200
commit	1dc59e48642c98e34320f1a31c120fbf290fd509 (patch)
tree	5126791aac0c7655daa502a00a53d4c2257ced43 /execute.c
parent	940509ed02db713920612b0994a57d6227c3655c (diff)
parent	aafe0cf82f5fb7220ac6f674bbc1c2091a6a9c4d (diff)

diff --git a/execute.c b/execute.c index 1f7cf15..82a4866 100644 --- a/execute.c +++ b/execute.c
@@ -24,6 +24,7 @@
24	#endif	24	#endif
25		25
26	#include <fcntl.h>	26	#include <fcntl.h>
		27	#include <fnmatch.h>
27	#include "php.h"	28	#include "php.h"
28	#include "php_ini.h"	29	#include "php_ini.h"
29	#include "zend_hash.h"	30	#include "zend_hash.h"
@@ -880,7 +881,7 @@ int ih_querycheck(IH_HANDLER_PARAMS)
880	return (0);	881	return (0);
881	}	882	}
882		883
883	if ((long) ih->arg1) {	884	if ((long) ih->arg2) {
884	mysql_extension = 1;	885	mysql_extension = 1;
885	}	886	}
886		887
@@ -892,6 +893,7 @@ int ih_querycheck(IH_HANDLER_PARAMS)
892	}	893	}
893	len = Z_STRLEN_P(backup);	894	len = Z_STRLEN_P(backup);
894	query = Z_STRVAL_P(backup);	895	query = Z_STRVAL_P(backup);
		896	SDEBUG("SQL \|%s\|", query);
895		897
896	s = query;	898	s = query;
897	e = s+len;	899	e = s+len;
@@ -1023,29 +1025,16 @@ int ih_fixusername(IH_HANDLER_PARAMS)
1023	void **p = EG(argument_stack).top_element-2;	1025	void **p = EG(argument_stack).top_element-2;
1024	#endif	1026	#endif
1025	unsigned long arg_count;	1027	unsigned long arg_count;
1026	zval *arg;char prefix, postfix, user;	1028	zval **arg;
		1029	char prefix, postfix, user, user_match, *cp;
1027	zval backup, my_user;	1030	zval backup, my_user;
1028	int prefix_len, postfix_len, len;	1031	int prefix_len, postfix_len, len;
1029		1032
1030	SDEBUG("function: %s", ih->name);	1033	SDEBUG("function (fixusername): %s", ih->name);
1031		1034
1032	prefix = SUHOSIN_G(sql_user_prefix);	1035	prefix = SUHOSIN_G(sql_user_prefix);
1033	postfix = SUHOSIN_G(sql_user_postfix);	1036	postfix = SUHOSIN_G(sql_user_postfix);
1034		1037	user_match = SUHOSIN_G(sql_user_match);
1035	if ((prefix == NULL \|\| prefix[0] == 0)&&
1036	(postfix == NULL \|\| postfix[0] == 0)) {
1037	return (0);
1038	}
1039
1040	if (prefix == NULL) {
1041	prefix = "";
1042	}
1043	if (postfix == NULL) {
1044	postfix = "";
1045	}
1046
1047	prefix_len = strlen(prefix);
1048	postfix_len = strlen(postfix);
1049		1038
1050	arg_count = (unsigned long) *p;	1039	arg_count = (unsigned long) *p;
1051		1040
@@ -1064,26 +1053,60 @@ int ih_fixusername(IH_HANDLER_PARAMS)
1064	user = Z_STRVAL_P(backup);	1053	user = Z_STRVAL_P(backup);
1065	}	1054	}
1066		1055
1067	if (prefix_len && prefix_len <= len) {	1056	cp = user;
1068	if (strncmp(prefix, user, prefix_len)==0) {	1057	while (cp < user+len) {
1069	prefix = "";	1058	if (*cp < 32) {
1070	len -= prefix_len;	1059	suhosin_log(S_SQL, "SQL username contains invalid characters");
		1060	if (!SUHOSIN_G(simulation)) {
		1061	RETVAL_FALSE;
		1062	return (1);
		1063	} else {
		1064	break;
		1065	}
1071	}	1066	}
		1067	cp++;
1072	}	1068	}
1073		1069
1074	if (postfix_len && postfix_len <= len) {	1070	if ((prefix != NULL && prefix[0]) \|\| (postfix != NULL && postfix[0])) {
1075	if (strncmp(postfix, user+len-postfix_len, postfix_len)==0) {	1071	if (prefix == NULL) {
		1072	prefix = "";
		1073	}
		1074	if (postfix == NULL) {
1076	postfix = "";	1075	postfix = "";
1077	}	1076	}
		1077	prefix_len = strlen(prefix);
		1078	postfix_len = strlen(postfix);
		1079
		1080	MAKE_STD_ZVAL(my_user);
		1081	my_user->type = IS_STRING;
		1082	my_user->value.str.len = spprintf(&my_user->value.str.val, 0, "%s%s%s", prefix, user, postfix);
		1083
		1084	/* XXX: memory_leak? */
		1085	*arg = my_user;
		1086
		1087	len = Z_STRLEN_P(my_user);
		1088	user = Z_STRVAL_P(my_user);
1078	}	1089	}
1079		1090
1080	MAKE_STD_ZVAL(my_user);	1091	if (user_match && user_match[0]) {
1081	my_user->type = IS_STRING;	1092	#ifdef HAVE_FNMATCH
1082	my_user->value.str.len = spprintf(&my_user->value.str.val, 0, "%s%s%s", prefix, user, postfix);	1093	if (fnmatch(user_match, user, 0) != 0) {
		1094	suhosin_log(S_SQL, "SQL username ('%s') does not match suhosin.sql.user_match ('%s')", user, user_match);
		1095	if (!SUHOSIN_G(simulation)) {
		1096	RETVAL_FALSE;
		1097	return (1);
		1098	}
		1099	}
		1100	#else
		1101	#warning no support for fnmatch() - setting suhosin.sql.user_match will always fail.
		1102	suhosin_log(S_SQL, "suhosin.sql.user_match specified, but system does not support fnmatch()");
		1103	if (!SUHOSIN_G(simulation)) {
		1104	RETVAL_FALSE;
		1105	return (1);
		1106	}
		1107	#endif
		1108	}
1083		1109
1084	/* XXX: memory_leak? */
1085	*arg = my_user;
1086
1087	SDEBUG("function: %s - user: %s", ih->name, user);	1110	SDEBUG("function: %s - user: %s", ih->name, user);
1088		1111
1089	return (0);	1112	return (0);
@@ -1552,9 +1575,9 @@ static int ih_getrandmax(IH_HANDLER_PARAMS)
1552	}	1575	}
1553		1576
1554	internal_function_handler ihandlers[] = {	1577	internal_function_handler ihandlers[] = {
1555	{ "preg_replace", ih_preg_replace, NULL, NULL, NULL },	1578	{ "preg_replace", ih_preg_replace, NULL, NULL, NULL },
1556	{ "mail", ih_mail, NULL, NULL, NULL },	1579	{ "mail", ih_mail, NULL, NULL, NULL },
1557	{ "symlink", ih_symlink, NULL, NULL, NULL },	1580	{ "symlink", ih_symlink, NULL, NULL, NULL },
1558		1581
1559	{ "srand", ih_srand, NULL, NULL, NULL },	1582	{ "srand", ih_srand, NULL, NULL, NULL },
1560	{ "mt_srand", ih_mt_srand, NULL, NULL, NULL },	1583	{ "mt_srand", ih_mt_srand, NULL, NULL, NULL },
@@ -1563,49 +1586,95 @@ internal_function_handler ihandlers[] = {
1563	{ "getrandmax", ih_getrandmax, NULL, NULL, NULL },	1586	{ "getrandmax", ih_getrandmax, NULL, NULL, NULL },
1564	{ "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL },	1587	{ "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL },
1565		1588
1566	{ "ocilogon", ih_fixusername, (void *)1, NULL, NULL },	1589	{ "function_exists", ih_function_exists, NULL, NULL, NULL },
1567	{ "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
1568	{ "ocinlogon", ih_fixusername, (void *)1, NULL, NULL },
1569	{ "oci_connect", ih_fixusername, (void *)1, NULL, NULL },
1570	{ "oci_pconnect", ih_fixusername, (void *)1, NULL, NULL },
1571	{ "oci_new_connect", ih_fixusername, (void *)1, NULL, NULL },
1572		1590
1573	{ "fbsql_change_user", ih_fixusername, (void *)1, NULL, NULL },	1591	/* Mysqli */
1574	{ "fbsql_connect", ih_fixusername, (void *)2, NULL, NULL },	1592	{ "mysqli::mysqli", ih_fixusername, (void *)2, NULL, NULL },
1575	{ "fbsql_pconnect", ih_fixusername, (void *)2, NULL, NULL },	1593	{ "mysqli_connect", ih_fixusername, (void *)2, NULL, NULL },
1576		1594	{ "mysqli::real_connect", ih_fixusername, (void *)2, NULL, NULL },
1577	{ "function_exists", ih_function_exists, NULL, NULL, NULL },	1595	{ "mysqli_real_connect", ih_fixusername, (void *)3, NULL, NULL },
		1596	{ "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL },
		1597	{ "mysqli::change_user", ih_fixusername, (void *)1, NULL, NULL },
		1598
		1599	{ "mysqli::query", ih_querycheck, (void )1, (void )1, NULL },
		1600	{ "mysqli_query", ih_querycheck, (void )2, (void )1, NULL },
		1601	{ "mysqli::multi_query", ih_querycheck, (void )1, (void )1, NULL },
		1602	{ "mysqli_multi_query", ih_querycheck, (void )2, (void )1, NULL },
		1603	{ "mysqli::prepare", ih_querycheck, (void )1, (void )1, NULL },
		1604	{ "mysqli_prepare", ih_querycheck, (void )2, (void )1, NULL },
		1605	{ "mysqli::real_query", ih_querycheck, (void )1, (void )1, NULL },
		1606	{ "mysqli_real_query", ih_querycheck, (void )2, (void )1, NULL },
		1607	{ "mysqli::send_query", ih_querycheck, (void )1, (void )1, NULL },
		1608	{ "mysqli_send_query", ih_querycheck, (void )2, (void )1, NULL },
		1609	// removed in PHP 5.3
		1610	{ "mysqli_master_query", ih_querycheck, (void )2, (void )1, NULL },
		1611	{ "mysqli_slave_query", ih_querycheck, (void )2, (void )1, NULL },
		1612	// ----
1578		1613
1579	{ "ifx_connect", ih_fixusername, (void *)2, NULL, NULL },	1614	/* Mysql API - deprecated in PHP 5.5 */
1580	{ "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL },	1615	{ "mysql_connect", ih_fixusername, (void *)2, NULL, NULL },
		1616	{ "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
		1617	{ "mysql_query", ih_querycheck, (void )1, (void )1, NULL },
		1618	{ "mysql_db_query", ih_querycheck, (void )2, (void )1, NULL },
		1619	{ "mysql_unbuffered_query", ih_querycheck, (void )1, (void )1, NULL },
		1620
		1621	#ifdef SUHOSIN_EXPERIMENTAL
		1622	/* MaxDB */
		1623	{ "maxdb::maxdb", ih_fixusername, (void *)2, NULL, NULL },
		1624	{ "maxdb_connect", ih_fixusername, (void *)2, NULL, NULL },
		1625	{ "maxdb::real_connect", ih_fixusername, (void *)2, NULL, NULL },
		1626	{ "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL },
		1627	{ "maxdb::change_user", ih_fixusername, (void *)1, NULL, NULL },
		1628	{ "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL },
		1629
		1630	{ "maxdb_master_query", ih_querycheck, (void *)2, NULL, NULL },
		1631	{ "maxdb::multi_query", ih_querycheck, (void *)1, NULL, NULL },
		1632	{ "maxdb_multi_query", ih_querycheck, (void *)2, NULL, NULL },
		1633	{ "maxdb::query", ih_querycheck, (void *)1, NULL, NULL },
		1634	{ "maxdb_query", ih_querycheck, (void *)2, NULL, NULL },
		1635	{ "maxdb::real_query", ih_querycheck, (void *)1, NULL, NULL },
		1636	{ "maxdb_real_query", ih_querycheck, (void *)2, NULL, NULL },
		1637	{ "maxdb::send_query", ih_querycheck, (void *)1, NULL, NULL },
		1638	{ "maxdb_send_query", ih_querycheck, (void *)2, NULL, NULL },
		1639	{ "maxdb::prepare", ih_querycheck, (void *)1, NULL, NULL },
		1640	{ "maxdb_prepare", ih_querycheck, (void *)2, NULL, NULL },
1581		1641
1582	{ "ibase_connect", ih_fixusername, (void *)2, NULL, NULL },	1642	/* PDO */
1583	{ "ibase_pconnect", ih_fixusername, (void *)2, NULL, NULL },	1643	/* note: mysql conditional comments not supported here */
		1644	{ "pdo::__construct", ih_fixusername, (void )2, NULL, NULL }, / note: username may come from dsn (param 1) */
		1645	{ "pdo::query", ih_querycheck, (void *)1, NULL, NULL },
		1646	{ "pdo::prepare", ih_querycheck, (void *)1, NULL, NULL },
		1647	{ "pdo::exec", ih_querycheck, (void *)1, NULL, NULL },
		1648
		1649	/* Oracle OCI8 */
		1650	{ "ocilogon", ih_fixusername, (void *)1, NULL, NULL },
		1651	{ "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
		1652	{ "ocinlogon", ih_fixusername, (void *)1, NULL, NULL },
		1653	{ "oci_connect", ih_fixusername, (void *)1, NULL, NULL },
		1654	{ "oci_pconnect", ih_fixusername, (void *)1, NULL, NULL },
		1655	{ "oci_new_connect", ih_fixusername, (void *)1, NULL, NULL },
1584		1656
1585	{ "maxdb", ih_fixusername, (void *)2, NULL, NULL },	1657	/* FrontBase */
1586	{ "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL },	1658	{ "fbsql_connect", ih_fixusername, (void *)2, NULL, NULL },
1587	{ "maxdb_connect", ih_fixusername, (void *)2, NULL, NULL },	1659	{ "fbsql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
1588	{ "maxdb_pconnect", ih_fixusername, (void *)2, NULL, NULL },	1660	{ "fbsql_change_user", ih_fixusername, (void *)1, NULL, NULL },
1589	{ "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL },	1661	{ "fbsql_username", ih_fixusername, (void *)2, NULL, NULL },
1590		1662
1591	{ "mssql_connect", ih_fixusername, (void *)2, NULL, NULL },	1663	/* Informix */
1592	{ "mssql_pconnect", ih_fixusername, (void *)2, NULL, NULL },	1664	{ "ifx_connect", ih_fixusername, (void *)2, NULL, NULL },
		1665	{ "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL },
1593		1666
1594	{ "mysql_query", ih_querycheck, (void )1, (void )1, NULL },	1667	/* Firebird/InterBase */
1595	{ "mysql_db_query", ih_querycheck, (void )2, (void )1, NULL },	1668	{ "ibase_connect", ih_fixusername, (void *)2, NULL, NULL },
1596	{ "mysql_unbuffered_query", ih_querycheck, (void )1, (void )1, NULL },	1669	{ "ibase_pconnect", ih_fixusername, (void *)2, NULL, NULL },
1597	{ "mysqli_query", ih_querycheck, (void )2, (void )1, NULL },	1670	{ "ibase_service_attach", ih_fixusername, (void *)2, NULL, NULL },
1598	{ "mysqli_real_query", ih_querycheck, (void )2, (void )1, NULL },	1671
1599	{ "mysqli_send_query", ih_querycheck, (void )2, (void )1, NULL },	1672	/* Microsoft SQL Server */
1600	{ "mysqli_master_query", ih_querycheck, (void )2, (void )1, NULL },	1673	{ "mssql_connect", ih_fixusername, (void *)2, NULL, NULL },
1601	{ "mysqli_slave_query", ih_querycheck, (void )2, (void )1, NULL },	1674	{ "mssql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
		1675	#endif
1602		1676
1603	{ "mysqli", ih_fixusername, (void *)2, NULL, NULL },	1677	{ NULL, NULL, NULL, NULL, NULL }
1604	{ "mysql_connect", ih_fixusername, (void *)2, NULL, NULL },
1605	{ "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
1606	{ "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL },
1607	{ "mysql_real_connect", ih_fixusername, (void *)3, NULL, NULL },
1608	{ NULL, NULL, NULL, NULL, NULL }
1609	};	1678	};
1610		1679
1611	#define FUNCTION_WARNING() zend_error(E_WARNING, "%s() has been disabled for security reasons", get_active_function_name(TSRMLS_C));	1680	#define FUNCTION_WARNING() zend_error(E_WARNING, "%s() has been disabled for security reasons", get_active_function_name(TSRMLS_C));