PHP-1431: Fix database name validation to include '$external', to allow execution of user admin commands

Author: derickr

db.c

@@ -131,12 +131,22 @@ int php_mongo_db_is_valid_dbname(char *dbname, int dbname_len TSRMLS_DC)
 
 	if (
 		memchr(dbname, ' ', dbname_len) != 0 || memchr(dbname, '.', dbname_len) != 0 || memchr(dbname, '\\', dbname_len) != 0 ||
-		memchr(dbname, '/', dbname_len) != 0 || memchr(dbname, '$', dbname_len) != 0
+		memchr(dbname, '/', dbname_len) != 0
 	) {
 		zend_throw_exception_ex(mongo_ce_Exception, 2 TSRMLS_CC, "Database name contains invalid characters: %s", dbname);
 		return 0;
 	}
 
+	/* We allow the special case "$external" as database name (PHP-1431) */
+	if (strcmp("$external", dbname) == 0) {
+		return 1;
+	}
+
+	if (memchr(dbname, '$', dbname_len) != 0) {
+		zend_throw_exception_ex(mongo_ce_Exception, 2 TSRMLS_CC, "Database name contains invalid character '$': %s", dbname);
+		return 0;
+	}
+
 	return 1;
 }
 

tests/generic/database-valid-name.phpt

@@ -6,17 +6,20 @@ Database: valid name checks
 <?php
 require_once "tests/utils/server.inc";
 $a = mongo_standalone();
-$names = array("\\", "\$", "/", "foo.bar");
+$names = array("\\", "\$", "/", "foo.bar", '$external', 'run$fores');
 foreach ($names as $name) {
 	try {
 		$d = new MongoDB($a, $name);
+		echo $name, ": OK\n";
 	} catch (Exception $e) {
 		echo $name, ": ", $e->getMessage(), "\n";
 	}
 }
 ?>
 --EXPECT--
 \: Database name contains invalid characters: \
-$: Database name contains invalid characters: $
+$: Database name contains invalid character '$': $
 /: Database name contains invalid characters: /
 foo.bar: Database name contains invalid characters: foo.bar
+$external: OK
+run$fores: Database name contains invalid character '$': run$fores