Skip to content

Commit bedca6a

Browse files
williamdeswilliamdes
committed
Merge #300 - Don't allow numbers with letters
Pull-request: #300 Ref: phpmyadmin/phpmyadmin#16057 Signed-off-by: William Desportes <[email protected]>
2 parents f9dc9d2 + baf83b4 commit bedca6a

2 files changed

Lines changed: 25 additions & 0 deletions

File tree

src/Lexer.php

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -756,6 +756,7 @@ public function parseNumber()
756756
//
757757
// Valid final states are: 2, 3, 4 and 6. Any parsing that finished in a
758758
// state other than these is invalid.
759+
// Also, negative states are invalid states.
759760
$iBak = $this->last;
760761
$token = '';
761762
$flags = 0;
@@ -798,6 +799,10 @@ public function parseNumber()
798799
$state = 4;
799800
} elseif ($this->str[$this->last] === 'e' || $this->str[$this->last] === 'E') {
800801
$state = 5;
802+
} elseif (($this->str[$this->last] >= 'a' && $this->str[$this->last] <= 'z')
803+
|| ($this->str[$this->last] >= 'A' && $this->str[$this->last] <= 'Z')) {
804+
// A number can't be directly followed by a letter
805+
$state = -$state;
801806
} elseif ($this->str[$this->last] < '0' || $this->str[$this->last] > '9') {
802807
// Just digits and `.`, `e` and `E` are valid characters.
803808
break;
@@ -806,6 +811,10 @@ public function parseNumber()
806811
$flags |= Token::FLAG_NUMBER_FLOAT;
807812
if ($this->str[$this->last] === 'e' || $this->str[$this->last] === 'E') {
808813
$state = 5;
814+
} elseif (($this->str[$this->last] >= 'a' && $this->str[$this->last] <= 'z')
815+
|| ($this->str[$this->last] >= 'A' && $this->str[$this->last] <= 'Z')) {
816+
// A number can't be directly followed by a letter
817+
$state = -$state;
809818
} elseif ($this->str[$this->last] < '0' || $this->str[$this->last] > '9') {
810819
// Just digits, `e` and `E` are valid characters.
811820
break;
@@ -816,6 +825,10 @@ public function parseNumber()
816825
|| ($this->str[$this->last] >= '0' && $this->str[$this->last] <= '9')
817826
) {
818827
$state = 6;
828+
} elseif (($this->str[$this->last] >= 'a' && $this->str[$this->last] <= 'z')
829+
|| ($this->str[$this->last] >= 'A' && $this->str[$this->last] <= 'Z')) {
830+
// A number can't be directly followed by a letter
831+
$state = -$state;
819832
} else {
820833
break;
821834
}

tests/Utils/QueryTest.php

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -416,14 +416,26 @@ public function getTablesProvider()
416416
'INSERT INTO tbl(`id`, `name`) VALUES (1, "Name")',
417417
array('`tbl`')
418418
),
419+
array(
420+
'INSERT INTO 0tbl(`id`, `name`) VALUES (1, "Name")',
421+
array('`0tbl`')
422+
),
419423
array(
420424
'UPDATE tbl SET id = 0',
421425
array('`tbl`')
422426
),
427+
array(
428+
'UPDATE 0tbl SET id = 0',
429+
array('`0tbl`')
430+
),
423431
array(
424432
'DELETE FROM tbl WHERE id < 10',
425433
array('`tbl`')
426434
),
435+
array(
436+
'DELETE FROM 0tbl WHERE id < 10',
437+
array('`0tbl`')
438+
),
427439
array(
428440
'TRUNCATE tbl',
429441
array('`tbl`')

0 commit comments

Comments
 (0)