diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ca3fffa..747c551d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,17 +6,20 @@ - Move `Misc::getAliases()` into `SelectStatement::getAliases()` (#454) - Drop `USE_UTF_STRINGS` constant (#471) -# [5.11.0] - YYYY-MM-DD +## [5.11.0] - YYYY-MM-DD ### Added - Add Translator::setLocale() method (#599) -# [5.10.3] - YYYY-MM-DD +## [5.10.4] - YYYY-MM-DD + +## [5.10.3] - 2024-01-18 ### Fixed - Add "RECURSIVE" on build() for "WITH RECURSIVE" on the WithStatement class (#605) +- Fix for quadratic complexity in certain queries, which could have caused long execution times. Thanks to Maximilian Krög (GitHub user MoonE) for this fix to help improve security. ## [5.10.2] - 2024-12-05 @@ -616,6 +619,7 @@ __Breaking changes:__ * First release of this library. +[5.10.3]: https://github.com/phpmyadmin/sql-parser/compare/5.10.2...5.10.3 [5.10.2]: https://github.com/phpmyadmin/sql-parser/compare/5.10.1...5.10.2 [5.10.1]: https://github.com/phpmyadmin/sql-parser/compare/5.10.0...5.10.1 [5.10.0]: https://github.com/phpmyadmin/sql-parser/compare/5.9.1...5.10.0 diff --git a/src/Lexer.php b/src/Lexer.php index 69b33ca3..0c152759 100644 --- a/src/Lexer.php +++ b/src/Lexer.php @@ -779,6 +779,7 @@ public function parseNumber(): Token|null ) { // A number can't be directly followed by a letter $state = -$state; + break; } elseif ($this->str[$this->last] < '0' || $this->str[$this->last] > '9') { // Just digits and `.`, `e` and `E` are valid characters. break; @@ -793,6 +794,7 @@ public function parseNumber(): Token|null ) { // A number can't be directly followed by a letter $state = -$state; + break; } elseif ($this->str[$this->last] < '0' || $this->str[$this->last] > '9') { // Just digits, `e` and `E` are valid characters. break; @@ -810,6 +812,7 @@ public function parseNumber(): Token|null ) { // A number can't be directly followed by a letter $state = -$state; + break; } else { break; }