1 files changed, 78 insertions, 40 deletions
diff --git a/execute.c b/execute.c
index 1f7cf15..098b074 100644
--- a/execute.c
+++ b/execute.c
@@ -880,7 +880,7 @@ int ih_querycheck(IH_HANDLER_PARAMS)
                return (0);
        }
    
-        if ((long) ih->arg1) {
+        if ((long) ih->arg2) {
            mysql_extension = 1;
        }
        
@@ -892,6 +892,7 @@ int ih_querycheck(IH_HANDLER_PARAMS)
        }
        len = Z_STRLEN_P(backup);
        query = Z_STRVAL_P(backup);
+        SDEBUG("SQL |%s|", query);
        
        s = query;
        e = s+len;
@@ -1552,9 +1553,9 @@ static int ih_getrandmax(IH_HANDLER_PARAMS)
 }
 internal_function_handler ihandlers[] = {
-    { "preg_replace", ih_preg_replace, NULL, NULL, NULL },
+        { "preg_replace", ih_preg_replace, NULL, NULL, NULL },
-    { "mail", ih_mail, NULL, NULL, NULL },
+        { "mail", ih_mail, NULL, NULL, NULL },
-    { "symlink", ih_symlink, NULL, NULL, NULL },
+        { "symlink", ih_symlink, NULL, NULL, NULL },
        
        { "srand", ih_srand, NULL, NULL, NULL },
        { "mt_srand", ih_mt_srand, NULL, NULL, NULL },
@@ -1563,49 +1564,86 @@ internal_function_handler ihandlers[] = {
        { "getrandmax", ih_getrandmax, NULL, NULL, NULL },
        { "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL },
        
-    { "ocilogon", ih_fixusername, (void *)1, NULL, NULL },
+        { "function_exists", ih_function_exists, NULL, NULL, NULL },
-    { "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
-    { "ocinlogon", ih_fixusername, (void *)1, NULL, NULL },
-    { "oci_connect", ih_fixusername, (void *)1, NULL, NULL },
-    { "oci_pconnect", ih_fixusername, (void *)1, NULL, NULL },
-    { "oci_new_connect", ih_fixusername, (void *)1, NULL, NULL },
        
-    { "fbsql_change_user", ih_fixusername, (void *)1, NULL, NULL },
+        /* Mysqli */
-    { "fbsql_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysqli::mysqli", ih_fixusername, (void *)2, NULL, NULL },
-    { "fbsql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysqli_connect", ih_fixusername, (void *)2, NULL, NULL },
-    
+        { "mysqli::real_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "function_exists", ih_function_exists, NULL, NULL, NULL },
+        { "mysqli_real_connect", ih_fixusername, (void *)3, NULL, NULL },
+        { "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysqli::change_user", ih_fixusername, (void *)1, NULL, NULL },
+        
+        { "mysqli::query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli::multi_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_multi_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli::prepare", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_prepare", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli::real_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_real_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli::send_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_send_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        // removed in PHP 5.3
+        { "mysqli_master_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli_slave_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        // ----
+        
+        /* Mysql API - deprecated in PHP 5.5 */
+        { "mysql_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysql_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysql_db_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysql_unbuffered_query", ih_querycheck, (void *)1, (void *)1, NULL },
        
-    { "ifx_connect", ih_fixusername, (void *)2, NULL, NULL },
+        /* MaxDB */
-    { "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "maxdb::maxdb", ih_fixusername, (void *)2, NULL, NULL },
+        { "maxdb_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "maxdb::real_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL },
+        { "maxdb::change_user", ih_fixusername, (void *)1, NULL, NULL },
+        { "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL },
+        
+        { "maxdb_master_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::multi_query", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_multi_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::query", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::real_query", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_real_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::send_query", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_send_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::prepare", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_prepare", ih_querycheck, (void *)2, NULL, NULL },
-    { "ibase_connect", ih_fixusername, (void *)2, NULL, NULL },
+        /* Oracle OCI8 */
-    { "ibase_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "ocilogon", ih_fixusername, (void *)1, NULL, NULL },
+        { "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
+        { "ocinlogon", ih_fixusername, (void *)1, NULL, NULL },
+        { "oci_connect", ih_fixusername, (void *)1, NULL, NULL },
+        { "oci_pconnect", ih_fixusername, (void *)1, NULL, NULL },
+        { "oci_new_connect", ih_fixusername, (void *)1, NULL, NULL },
-    { "maxdb", ih_fixusername, (void *)2, NULL, NULL },
+        /* FrontBase */
-    { "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL },
+        { "fbsql_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "maxdb_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "fbsql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
-    { "maxdb_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "fbsql_change_user", ih_fixusername, (void *)1, NULL, NULL },
-    { "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL },
+        { "fbsql_username", ih_fixusername, (void *)2, NULL, NULL },
-    { "mssql_connect", ih_fixusername, (void *)2, NULL, NULL },
+        /* Informix */
-    { "mssql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "ifx_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysql_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        /* Firebird/InterBase */
-    { "mysql_db_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "ibase_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysql_unbuffered_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "ibase_pconnect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysqli_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "ibase_service_attach", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysqli_real_query", ih_querycheck, (void *)2, (void *)1, NULL },
-    { "mysqli_send_query", ih_querycheck, (void *)2, (void *)1, NULL },
-    { "mysqli_master_query", ih_querycheck, (void *)2, (void *)1, NULL },
-    { "mysqli_slave_query", ih_querycheck, (void *)2, (void *)1, NULL },
-    { "mysqli", ih_fixusername, (void *)2, NULL, NULL },
+        /* Microsoft SQL Server */
-    { "mysql_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mssql_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mssql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL },
+        
-    { "mysql_real_connect", ih_fixusername, (void *)3, NULL, NULL },
+        { NULL, NULL, NULL, NULL, NULL }
-    { NULL, NULL, NULL, NULL, NULL }
 };
 #define FUNCTION_WARNING() zend_error(E_WARNING, "%s() has been disabled for security reasons", get_active_function_name(TSRMLS_C));

diff --git a/execute.c b/execute.c index 1f7cf15..098b074 100644 --- a/execute.c +++ b/execute.c
@@ -880,7 +880,7 @@ int ih_querycheck(IH_HANDLER_PARAMS)
880	return (0);	880	return (0);
881	}	881	}
882		882
883	if ((long) ih->arg1) {	883	if ((long) ih->arg2) {
884	mysql_extension = 1;	884	mysql_extension = 1;
885	}	885	}
886		886
@@ -892,6 +892,7 @@ int ih_querycheck(IH_HANDLER_PARAMS)
892	}	892	}
893	len = Z_STRLEN_P(backup);	893	len = Z_STRLEN_P(backup);
894	query = Z_STRVAL_P(backup);	894	query = Z_STRVAL_P(backup);
		895	SDEBUG("SQL \|%s\|", query);
895		896
896	s = query;	897	s = query;
897	e = s+len;	898	e = s+len;
@@ -1552,9 +1553,9 @@ static int ih_getrandmax(IH_HANDLER_PARAMS)
1552	}	1553	}
1553		1554
1554	internal_function_handler ihandlers[] = {	1555	internal_function_handler ihandlers[] = {
1555	{ "preg_replace", ih_preg_replace, NULL, NULL, NULL },	1556	{ "preg_replace", ih_preg_replace, NULL, NULL, NULL },
1556	{ "mail", ih_mail, NULL, NULL, NULL },	1557	{ "mail", ih_mail, NULL, NULL, NULL },
1557	{ "symlink", ih_symlink, NULL, NULL, NULL },	1558	{ "symlink", ih_symlink, NULL, NULL, NULL },
1558		1559
1559	{ "srand", ih_srand, NULL, NULL, NULL },	1560	{ "srand", ih_srand, NULL, NULL, NULL },
1560	{ "mt_srand", ih_mt_srand, NULL, NULL, NULL },	1561	{ "mt_srand", ih_mt_srand, NULL, NULL, NULL },
@@ -1563,49 +1564,86 @@ internal_function_handler ihandlers[] = {
1563	{ "getrandmax", ih_getrandmax, NULL, NULL, NULL },	1564	{ "getrandmax", ih_getrandmax, NULL, NULL, NULL },
1564	{ "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL },	1565	{ "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL },
1565		1566
1566	{ "ocilogon", ih_fixusername, (void *)1, NULL, NULL },	1567	{ "function_exists", ih_function_exists, NULL, NULL, NULL },
1567	{ "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
1568	{ "ocinlogon", ih_fixusername, (void *)1, NULL, NULL },
1569	{ "oci_connect", ih_fixusername, (void *)1, NULL, NULL },
1570	{ "oci_pconnect", ih_fixusername, (void *)1, NULL, NULL },
1571	{ "oci_new_connect", ih_fixusername, (void *)1, NULL, NULL },
1572		1568
1573	{ "fbsql_change_user", ih_fixusername, (void *)1, NULL, NULL },	1569	/* Mysqli */
1574	{ "fbsql_connect", ih_fixusername, (void *)2, NULL, NULL },	1570	{ "mysqli::mysqli", ih_fixusername, (void *)2, NULL, NULL },
1575	{ "fbsql_pconnect", ih_fixusername, (void *)2, NULL, NULL },	1571	{ "mysqli_connect", ih_fixusername, (void *)2, NULL, NULL },
1576		1572	{ "mysqli::real_connect", ih_fixusername, (void *)2, NULL, NULL },
1577	{ "function_exists", ih_function_exists, NULL, NULL, NULL },	1573	{ "mysqli_real_connect", ih_fixusername, (void *)3, NULL, NULL },
		1574	{ "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL },
		1575	{ "mysqli::change_user", ih_fixusername, (void *)1, NULL, NULL },
		1576
		1577	{ "mysqli::query", ih_querycheck, (void )1, (void )1, NULL },
		1578	{ "mysqli_query", ih_querycheck, (void )2, (void )1, NULL },
		1579	{ "mysqli::multi_query", ih_querycheck, (void )1, (void )1, NULL },
		1580	{ "mysqli_multi_query", ih_querycheck, (void )2, (void )1, NULL },
		1581	{ "mysqli::prepare", ih_querycheck, (void )1, (void )1, NULL },
		1582	{ "mysqli_prepare", ih_querycheck, (void )2, (void )1, NULL },
		1583	{ "mysqli::real_query", ih_querycheck, (void )1, (void )1, NULL },
		1584	{ "mysqli_real_query", ih_querycheck, (void )2, (void )1, NULL },
		1585	{ "mysqli::send_query", ih_querycheck, (void )1, (void )1, NULL },
		1586	{ "mysqli_send_query", ih_querycheck, (void )2, (void )1, NULL },
		1587	// removed in PHP 5.3
		1588	{ "mysqli_master_query", ih_querycheck, (void )2, (void )1, NULL },
		1589	{ "mysqli_slave_query", ih_querycheck, (void )2, (void )1, NULL },
		1590	// ----
		1591
		1592	/* Mysql API - deprecated in PHP 5.5 */
		1593	{ "mysql_connect", ih_fixusername, (void *)2, NULL, NULL },
		1594	{ "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
		1595	{ "mysql_query", ih_querycheck, (void )1, (void )1, NULL },
		1596	{ "mysql_db_query", ih_querycheck, (void )2, (void )1, NULL },
		1597	{ "mysql_unbuffered_query", ih_querycheck, (void )1, (void )1, NULL },
1578		1598
1579	{ "ifx_connect", ih_fixusername, (void *)2, NULL, NULL },	1599	/* MaxDB */
1580	{ "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL },	1600	{ "maxdb::maxdb", ih_fixusername, (void *)2, NULL, NULL },
		1601	{ "maxdb_connect", ih_fixusername, (void *)2, NULL, NULL },
		1602	{ "maxdb::real_connect", ih_fixusername, (void *)2, NULL, NULL },
		1603	{ "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL },
		1604	{ "maxdb::change_user", ih_fixusername, (void *)1, NULL, NULL },
		1605	{ "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL },
		1606
		1607	{ "maxdb_master_query", ih_querycheck, (void *)2, NULL, NULL },
		1608	{ "maxdb::multi_query", ih_querycheck, (void *)1, NULL, NULL },
		1609	{ "maxdb_multi_query", ih_querycheck, (void *)2, NULL, NULL },
		1610	{ "maxdb::query", ih_querycheck, (void *)1, NULL, NULL },
		1611	{ "maxdb_query", ih_querycheck, (void *)2, NULL, NULL },
		1612	{ "maxdb::real_query", ih_querycheck, (void *)1, NULL, NULL },
		1613	{ "maxdb_real_query", ih_querycheck, (void *)2, NULL, NULL },
		1614	{ "maxdb::send_query", ih_querycheck, (void *)1, NULL, NULL },
		1615	{ "maxdb_send_query", ih_querycheck, (void *)2, NULL, NULL },
		1616	{ "maxdb::prepare", ih_querycheck, (void *)1, NULL, NULL },
		1617	{ "maxdb_prepare", ih_querycheck, (void *)2, NULL, NULL },
1581		1618
1582	{ "ibase_connect", ih_fixusername, (void *)2, NULL, NULL },	1619	/* Oracle OCI8 */
1583	{ "ibase_pconnect", ih_fixusername, (void *)2, NULL, NULL },	1620	{ "ocilogon", ih_fixusername, (void *)1, NULL, NULL },
		1621	{ "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
		1622	{ "ocinlogon", ih_fixusername, (void *)1, NULL, NULL },
		1623	{ "oci_connect", ih_fixusername, (void *)1, NULL, NULL },
		1624	{ "oci_pconnect", ih_fixusername, (void *)1, NULL, NULL },
		1625	{ "oci_new_connect", ih_fixusername, (void *)1, NULL, NULL },
1584		1626
1585	{ "maxdb", ih_fixusername, (void *)2, NULL, NULL },	1627	/* FrontBase */
1586	{ "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL },	1628	{ "fbsql_connect", ih_fixusername, (void *)2, NULL, NULL },
1587	{ "maxdb_connect", ih_fixusername, (void *)2, NULL, NULL },	1629	{ "fbsql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
1588	{ "maxdb_pconnect", ih_fixusername, (void *)2, NULL, NULL },	1630	{ "fbsql_change_user", ih_fixusername, (void *)1, NULL, NULL },
1589	{ "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL },	1631	{ "fbsql_username", ih_fixusername, (void *)2, NULL, NULL },
1590		1632
1591	{ "mssql_connect", ih_fixusername, (void *)2, NULL, NULL },	1633	/* Informix */
1592	{ "mssql_pconnect", ih_fixusername, (void *)2, NULL, NULL },	1634	{ "ifx_connect", ih_fixusername, (void *)2, NULL, NULL },
		1635	{ "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL },
1593		1636
1594	{ "mysql_query", ih_querycheck, (void )1, (void )1, NULL },	1637	/* Firebird/InterBase */
1595	{ "mysql_db_query", ih_querycheck, (void )2, (void )1, NULL },	1638	{ "ibase_connect", ih_fixusername, (void *)2, NULL, NULL },
1596	{ "mysql_unbuffered_query", ih_querycheck, (void )1, (void )1, NULL },	1639	{ "ibase_pconnect", ih_fixusername, (void *)2, NULL, NULL },
1597	{ "mysqli_query", ih_querycheck, (void )2, (void )1, NULL },	1640	{ "ibase_service_attach", ih_fixusername, (void *)2, NULL, NULL },
1598	{ "mysqli_real_query", ih_querycheck, (void )2, (void )1, NULL },
1599	{ "mysqli_send_query", ih_querycheck, (void )2, (void )1, NULL },
1600	{ "mysqli_master_query", ih_querycheck, (void )2, (void )1, NULL },
1601	{ "mysqli_slave_query", ih_querycheck, (void )2, (void )1, NULL },
1602		1641
1603	{ "mysqli", ih_fixusername, (void *)2, NULL, NULL },	1642	/* Microsoft SQL Server */
1604	{ "mysql_connect", ih_fixusername, (void *)2, NULL, NULL },	1643	{ "mssql_connect", ih_fixusername, (void *)2, NULL, NULL },
1605	{ "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL },	1644	{ "mssql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
1606	{ "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL },	1645
1607	{ "mysql_real_connect", ih_fixusername, (void *)3, NULL, NULL },	1646	{ NULL, NULL, NULL, NULL, NULL }
1608	{ NULL, NULL, NULL, NULL, NULL }
1609	};	1647	};
1610		1648
1611	#define FUNCTION_WARNING() zend_error(E_WARNING, "%s() has been disabled for security reasons", get_active_function_name(TSRMLS_C));	1649	#define FUNCTION_WARNING() zend_error(E_WARNING, "%s() has been disabled for security reasons", get_active_function_name(TSRMLS_C));