Skip to content

Commit

Permalink
Fix #16057 Don't allow numbers with letters
Browse files Browse the repository at this point in the history
  • Loading branch information
Hugues Peccatte committed Apr 14, 2020
1 parent f9dc9d2 commit baf83b4
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 0 deletions.
13 changes: 13 additions & 0 deletions src/Lexer.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -756,6 +756,7 @@ public function parseNumber()
//
// Valid final states are: 2, 3, 4 and 6. Any parsing that finished in a
// state other than these is invalid.
// Also, negative states are invalid states.
$iBak = $this->last;
$token = '';
$flags = 0;
Expand Down Expand Up @@ -798,6 +799,10 @@ public function parseNumber()
$state = 4;
} elseif ($this->str[$this->last] === 'e' || $this->str[$this->last] === 'E') {
$state = 5;
} elseif (($this->str[$this->last] >= 'a' && $this->str[$this->last] <= 'z')
|| ($this->str[$this->last] >= 'A' && $this->str[$this->last] <= 'Z')) {
// A number can't be directly followed by a letter
$state = -$state;
} elseif ($this->str[$this->last] < '0' || $this->str[$this->last] > '9') {
// Just digits and `.`, `e` and `E` are valid characters.
break;
Expand All @@ -806,6 +811,10 @@ public function parseNumber()
$flags |= Token::FLAG_NUMBER_FLOAT;
if ($this->str[$this->last] === 'e' || $this->str[$this->last] === 'E') {
$state = 5;
} elseif (($this->str[$this->last] >= 'a' && $this->str[$this->last] <= 'z')
|| ($this->str[$this->last] >= 'A' && $this->str[$this->last] <= 'Z')) {
// A number can't be directly followed by a letter
$state = -$state;
} elseif ($this->str[$this->last] < '0' || $this->str[$this->last] > '9') {
// Just digits, `e` and `E` are valid characters.
break;
Expand All @@ -816,6 +825,10 @@ public function parseNumber()
|| ($this->str[$this->last] >= '0' && $this->str[$this->last] <= '9')
) {
$state = 6;
} elseif (($this->str[$this->last] >= 'a' && $this->str[$this->last] <= 'z')
|| ($this->str[$this->last] >= 'A' && $this->str[$this->last] <= 'Z')) {
// A number can't be directly followed by a letter
$state = -$state;
} else {
break;
}
Expand Down
12 changes: 12 additions & 0 deletions tests/Utils/QueryTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -416,14 +416,26 @@ public function getTablesProvider()
'INSERT INTO tbl(`id`, `name`) VALUES (1, "Name")',
array('`tbl`')
),
array(
'INSERT INTO 0tbl(`id`, `name`) VALUES (1, "Name")',
array('`0tbl`')
),
array(
'UPDATE tbl SET id = 0',
array('`tbl`')
),
array(
'UPDATE 0tbl SET id = 0',
array('`0tbl`')
),
array(
'DELETE FROM tbl WHERE id < 10',
array('`tbl`')
),
array(
'DELETE FROM 0tbl WHERE id < 10',
array('`0tbl`')
),
array(
'TRUNCATE tbl',
array('`tbl`')
Expand Down

0 comments on commit baf83b4

Please sign in to comment.