Pg: Be more strict with boolean bind parameters
Reason for this is that, with FU::SQL, it's possible to accidentally introduce a bind parameter when a WHERE clause was intended (i.e. "WHERE $1"). That's pretty bad, but can easily be caught by simply not accepting *every* possible value as boolean.
This commit is contained in:
Yorhel
parent
02b1dcc328
commit
a7868f74bf
3 changed files with 26 additions and 8 deletions
11
c/pgtypes.c
11
c/pgtypes.c
|
|
@ -82,8 +82,15 @@ RECVFN(bool) {
|
|||
}
|
||||
|
||||
SENDFN(bool) {
|
||||
int r = fu_2bool(aTHX_ val); /* So that we also recognize \0 and \1 */
|
||||
fustr_write_ch(out, r < 0 ? SvTRUE(val) : r);
|
||||
int r = fu_2bool(aTHX_ val);
|
||||
if (r < 0) {
|
||||
STRLEN l;
|
||||
const char *x = SvPV(val, l);
|
||||
if (l == 0 || (l == 1 && (*x == '0' || *x == 'f'))) r = 0;
|
||||
else if (l == 1 && (*x == '1' || *x == 't')) r = 1;
|
||||
else SERR("invalid boolean value: %s", x);
|
||||
}
|
||||
fustr_write_ch(out, r);
|
||||
}
|
||||
|
||||
RECVFN(void) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue