Skip to content

Commit ccebf37

Browse files
JanJakesJanJakes
committed
Fix unclosed b'...' and x'...' numbers
1 parent 60d995d commit ccebf37

File tree

2 files changed

+20
-2
lines changed

2 files changed

+20
-2
lines changed

tests/mysql/WP_MySQL_Lexer_Tests.php

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -145,14 +145,20 @@ public function data_identifier_or_number(): array {
145145
array( '0b01xyz', array( WP_MySQL_Lexer::IDENTIFIER, WP_MySQL_Lexer::EOF ) ), // identifier
146146
array( '0b', array( WP_MySQL_Lexer::IDENTIFIER, WP_MySQL_Lexer::EOF ) ), // identifier
147147
array( "b'01'", array( WP_MySQL_Lexer::BIN_NUMBER, WP_MySQL_Lexer::EOF ) ),
148-
array( "b'01xyz'", array( WP_MySQL_Lexer::BIN_NUMBER, WP_MySQL_Lexer::IDENTIFIER, WP_MySQL_Lexer::INVALID_INPUT, WP_MySQL_Lexer::EOF ) ),
148+
array( "b'01xyz'", array( WP_MySQL_Lexer::INVALID_INPUT, WP_MySQL_Lexer::IDENTIFIER, WP_MySQL_Lexer::INVALID_INPUT, WP_MySQL_Lexer::EOF ) ),
149+
array( "b''", array( WP_MySQL_Lexer::BIN_NUMBER, WP_MySQL_Lexer::EOF ) ),
150+
array( "b'", array( WP_MySQL_Lexer::INVALID_INPUT, WP_MySQL_Lexer::EOF ) ),
151+
array( "b'01", array( WP_MySQL_Lexer::INVALID_INPUT, WP_MySQL_Lexer::EOF ) ),
149152

150153
// hex
151154
array( '0xab01', array( WP_MySQL_Lexer::HEX_NUMBER, WP_MySQL_Lexer::EOF ) ),
152155
array( '0xab01xyz', array( WP_MySQL_Lexer::IDENTIFIER, WP_MySQL_Lexer::EOF ) ), // identifier
153156
array( '0x', array( WP_MySQL_Lexer::IDENTIFIER, WP_MySQL_Lexer::EOF ) ), // identifier
154157
array( "x'ab01'", array( WP_MySQL_Lexer::HEX_NUMBER, WP_MySQL_Lexer::EOF ) ),
155-
array( "x'ab01xyz'", array( WP_MySQL_Lexer::HEX_NUMBER, WP_MySQL_Lexer::IDENTIFIER, WP_MySQL_Lexer::INVALID_INPUT, WP_MySQL_Lexer::EOF ) ),
158+
array( "x'ab01xyz'", array( WP_MySQL_Lexer::INVALID_INPUT, WP_MySQL_Lexer::IDENTIFIER, WP_MySQL_Lexer::INVALID_INPUT, WP_MySQL_Lexer::EOF ) ),
159+
array( "x''", array( WP_MySQL_Lexer::HEX_NUMBER, WP_MySQL_Lexer::EOF ) ),
160+
array( "x'", array( WP_MySQL_Lexer::INVALID_INPUT, WP_MySQL_Lexer::EOF ) ),
161+
array( "x'ab", array( WP_MySQL_Lexer::INVALID_INPUT, WP_MySQL_Lexer::EOF ) ),
156162

157163
// decimal
158164
array( '123.456', array( WP_MySQL_Lexer::DECIMAL_NUMBER, WP_MySQL_Lexer::EOF ) ),

wp-includes/mysql/class-wp-mysql-lexer.php

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2615,6 +2615,12 @@ private function read_number(): int {
26152615
$this->bytes_already_read += 2; // Consume "0x" or "x'".
26162616
$this->bytes_already_read += strspn( $this->sql, self::HEX_DIGIT_MASK, $this->bytes_already_read );
26172617
if ( $is_quoted ) {
2618+
if (
2619+
$this->bytes_already_read >= strlen( $this->sql )
2620+
|| "'" !== $this->sql[ $this->bytes_already_read ]
2621+
) {
2622+
return self::INVALID_INPUT;
2623+
}
26182624
$this->bytes_already_read += 1; // Consume the "'".
26192625
}
26202626
$type = self::HEX_NUMBER;
@@ -2632,6 +2638,12 @@ private function read_number(): int {
26322638
$this->bytes_already_read += 2; // Consume "0b" or "b'".
26332639
$this->bytes_already_read += strspn( $this->sql, '01', $this->bytes_already_read );
26342640
if ( $is_quoted ) {
2641+
if (
2642+
$this->bytes_already_read >= strlen( $this->sql )
2643+
|| "'" !== $this->sql[ $this->bytes_already_read ]
2644+
) {
2645+
return self::INVALID_INPUT;
2646+
}
26352647
$this->bytes_already_read += 1; // Consume the "'".
26362648
}
26372649
$type = self::BIN_NUMBER;

0 commit comments

Comments
 (0)