PHP-1431: Fix database name validation to include '$external', to allow execution of user admin commands

Author: derickr

db.c

@@ -129,6 +129,11 @@ int php_mongo_db_is_valid_dbname(char *dbname, int dbname_len TSRMLS_DC)
 		return 0;
 	}
 
+	/* We allow the special case "$external" as database name (PHP-1431) */
+	if (strcmp("$external", dbname) == 0) {
+		return 1;
+	}
+
 	if (
 		memchr(dbname, ' ', dbname_len) != 0 || memchr(dbname, '.', dbname_len) != 0 || memchr(dbname, '\\', dbname_len) != 0 ||
 		memchr(dbname, '/', dbname_len) != 0 || memchr(dbname, '$', dbname_len) != 0

tests/generic/database-valid-name.phpt

@@ -6,10 +6,11 @@ Database: valid name checks
 <?php
 require_once "tests/utils/server.inc";
 $a = mongo_standalone();
-$names = array("\\", "\$", "/", "foo.bar");
+$names = array("\\", "\$", "/", "foo.bar", '$external', 'run$fores');
 foreach ($names as $name) {
 	try {
 		$d = new MongoDB($a, $name);
+		echo $name, ": OK\n";
 	} catch (Exception $e) {
 		echo $name, ": ", $e->getMessage(), "\n";
 	}
@@ -20,3 +21,5 @@ foreach ($names as $name) {
 $: Database name contains invalid characters: $
 /: Database name contains invalid characters: /
 foo.bar: Database name contains invalid characters: foo.bar
+$external: OK
+run$fores: Database name contains invalid characters: run$fores