Bug with accents for my columns

Question

Bug with accents for my columns

Opened this issue 6 months ago · 2 comments

Bug Report

I am using grocery crud which use laminas-db v2.20. I have bugs when I have accents in my columns that I can correct if I made a change in laminas db and I think it's a bug of laminas db.

The bug come from
laminas-db/src/Adapter/Platform/AbstractPlatform.php function quoteIdentifierInFragment
Line 45:
$parts = preg_split(
$this->quoteIdentifierFragmentPattern,
$identifier,
-1,
PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY
);

If $identifier has accent since $quoteIdentifierFragmentPattern = '/([^0-9,a-z,A-Z$_:])/i';
$identifer is broken done and particularly 2 bytes character are broken down in two.

To correct this it should be $quoteIdentifierFragmentPattern = /([^\p{L}0-9$_\-:])/iu' to include all accentued characters

This correction has also to be made in MySQL.php and i guess in some other files.

Answer 1 · 2024-05-05T10:26:38.000Z

when I have accents in my columns

This may sound harsh, but "play stupid games, win stupid prizes". Who the hell added accents to a column name in a DB schema?!

My endorsement here would be to throw an exception on any non-ASCII sequence passed in.

Answer 2 · 2024-05-05T10:30:14.000Z

throw an exception on any non-ASCII sequence passed in.

BTW, this leads to DoS attacks when user input is passed to these methods, so more reasoning needed around this.