From c51ceb926ec72af6cf0ec8ab4fe7d006711f7f8b Mon Sep 17 00:00:00 2001
From: Clemens Schwaighofer <clemens.schwaighofer@egplusww.com>
Date: Fri, 7 Apr 2023 14:34:13 +0900
Subject: [PATCH] Bug fix for DB\IO params detection

Param detection found too many params, for example '$1'.
Fixed the regex to only allow params that are no preceeded by '
And must start with space/tab, =, (
---
 www/admin/class_test.db.php |  6 +++---
 www/lib/CoreLibs/DB/IO.php  | 16 ++++++++++++++--
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/www/admin/class_test.db.php b/www/admin/class_test.db.php
index afaefc92..d8aebc50 100644
--- a/www/admin/class_test.db.php
+++ b/www/admin/class_test.db.php
@@ -212,11 +212,11 @@ $query = <<<EOM
 INSERT INTO
 	test_foo
 (
-	test
+	test, string_a
 ) VALUES (
-	$1
+	$1, '$2'
 )
-RETURNING test
+RETURNING test, string_a
 EOM;
 $db->dbPrepare("ins_test_foo_eom", $query);
 $status = $db->dbExecute("ins_test_foo_eom", ['EOM BAR TEST ' . time()]);
diff --git a/www/lib/CoreLibs/DB/IO.php b/www/lib/CoreLibs/DB/IO.php
index 6e2b8814..b2b0b8d1 100644
--- a/www/lib/CoreLibs/DB/IO.php
+++ b/www/lib/CoreLibs/DB/IO.php
@@ -279,8 +279,20 @@ class IO
 	public const NO_CACHE = 3;
 	/** @var string default hash type */
 	public const ERROR_HASH_TYPE = 'adler32';
+	/**
+	 * @var string regex for params: only stand alone $number allowed
+	 *             never allowed to start with '
+	 *             must be after space/tab, =, (
+	*/
+	public const REGEX_PARAMS = '/[^\'][\s(=](\$[0-9]{1,})/';
 	/** @var string regex to get returning with matches at position 1 */
 	public const REGEX_RETURNING = '/\s+returning\s+(.+\s*(?:.+\s*)+);?$/i';
+	// REGEX_SELECT
+	// REGEX_UPDATE
+	// REGEX INSERT
+	// REGEX_INSERT_UPDATE_DELETE
+	// REGEX_FROM_TABLE
+	// REGEX_INSERT_UPDATE_DELETE_TABLE
 
 	// recommend to set private/protected and only allow setting via method
 	// can bet set from outside
@@ -1017,7 +1029,7 @@ class IO
 	{
 		// search for $1, $2, in the query and push it into the control array
 		// skip counts for same eg $1, $1, $2 = 2 and not 3
-		preg_match_all('/(\$[0-9]{1,})/', $query, $match);
+		preg_match_all(self::REGEX_PARAMS, $query, $match);
 		$placeholder_count = count(array_unique($match[1]));
 		if ($params_count != $placeholder_count) {
 			$this->__dbError(
@@ -2588,7 +2600,7 @@ class IO
 			$match = [];
 			// search for $1, $2, in the query and push it into the control array
 			// skip counts for same eg $1, $1, $2 = 2 and not 3
-			preg_match_all('/(\$[0-9]{1,})/', $query, $match);
+			preg_match_all(self::REGEX_PARAMS, $query, $match);
 			$this->prepare_cursor[$stm_name]['count'] = count(array_unique($match[1]));
 			$this->prepare_cursor[$stm_name]['query'] = $query;
 			$result = $this->db_functions->__dbPrepare($stm_name, $query);