diff options
| author | Damien Regad <dregad@mantisbt.org> | 2025-05-01 13:44:06 +0200 |
|---|---|---|
| committer | Damien Regad <dregad@mantisbt.org> | 2025-05-01 13:44:06 +0200 |
| commit | 0774134f3311779495d16f74a35c872e353708c6 (patch) | |
| tree | 36e97de6fffa5c5bf9639a851fbad9ddf646aacc | |
| parent | 8659a3e34b5b144a54c24827e94e94f1ccf9492c (diff) | |
| parent | 99052a92ff40a9bfcc81563cf7c89ee5e3d12d44 (diff) | |
| download | adodb-0774134f3311779495d16f74a35c872e353708c6.tar.gz adodb-0774134f3311779495d16f74a35c872e353708c6.tar.bz2 adodb-0774134f3311779495d16f74a35c872e353708c6.zip | |
Merge branch 'sec-pgsql-sql-injection' into hotfix/5.22
Advisory
https://github.com/ADOdb/ADOdb/security/advisories/GHSA-8x27-jwjr-8545
Fixes #1070
| -rw-r--r-- | docs/changelog.md | 5 | ||||
| -rw-r--r-- | drivers/adodb-postgres64.inc.php | 3 |
2 files changed, 7 insertions, 1 deletions
diff --git a/docs/changelog.md b/docs/changelog.md index 6ef58360..fa2b81ef 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -16,6 +16,11 @@ Older changelogs: ## [5.22.9] - Unreleased +### Security + +- pgsql: SQL injection in pg_insert_id() method (CVE-2025-46337) + [#1070](https://github.com/ADOdb/ADOdb/issues/1070) + ### Fixed - sqlite: Fulfill PRIMARY KEY AUTOINCREMENT requirements diff --git a/drivers/adodb-postgres64.inc.php b/drivers/adodb-postgres64.inc.php index b1d161d7..5cbe77ed 100644 --- a/drivers/adodb-postgres64.inc.php +++ b/drivers/adodb-postgres64.inc.php @@ -138,7 +138,8 @@ class ADODB_postgres64 extends ADOConnection{ // get the last id - never tested function pg_insert_id($tablename,$fieldname) { - $result=pg_query($this->_connectionID, 'SELECT last_value FROM '. $tablename .'_'. $fieldname .'_seq'); + $sequence = pg_escape_identifier($this->_connectionID, $tablename .'_'. $fieldname .'_seq'); + $result = pg_query($this->_connectionID, 'SELECT last_value FROM '. $sequence); if ($result) { $arr = @pg_fetch_row($result,0); pg_free_result($result); |