Only allow list arrays

Author: kamil-tekiela

ext/mysqli/mysqli_api.c

@@ -830,6 +830,11 @@ PHP_FUNCTION(mysqli_stmt_execute)
 		unsigned int param_count;
 		MYSQLND_PARAM_BIND	*params;
 
+		if (!zend_array_is_list(input_params)) {
+			zend_argument_value_error(ERROR_ARG_POS(2), "must be a list array");
+			RETURN_THROWS();
+		}
+
 		hash_num_elements = zend_hash_num_elements(input_params);
 		param_count = mysql_stmt_param_count(stmt->stmt);
 		if (hash_num_elements != param_count) {

ext/mysqli/tests/mysqli_stmt_execute_bind.phpt

@@ -125,10 +125,13 @@ if (!stristr(mysqli_get_client_info(), 'mysqlnd')) {
     assert($stmt->get_result()->fetch_assoc() === ['label'=>'a', 'anon'=>null, 'num' => null]);
     $stmt = null;
 
-    // 12. array keys are ignored. Even numerical indices are not considered (PDO does a weird thing with the numerical indices)
+    // 12. Only list arrays are allowed
     $stmt = $link->prepare('SELECT label, ? AS anon, ? AS num FROM test WHERE id=?');
-    $stmt->execute(['A'=>'abc', 2=>42, null=>$id]);
-    assert($stmt->get_result()->fetch_assoc() === ['label'=>'a', 'anon'=>'abc', 'num' => '42']);
+    try {
+        $stmt->execute(['A'=>'abc', 2=>42, null=>$id]);
+    } catch (ValueError $e) {
+        echo '[008] '.$e->getMessage()."\n";
+    }
     $stmt = null;
 
 
@@ -147,4 +150,5 @@ if (!stristr(mysqli_get_client_info(), 'mysqlnd')) {
 [005] mysqli_stmt::execute(): Argument #1 ($params) must be of type ?array, int given
 [006] mysqli_stmt::execute(): Argument #1 ($params) must be of type ?array, stdClass given
 [007] mysqli_stmt::execute(): Argument #1 ($params) must consist of exactly 3 elements, 0 present
+[008] mysqli_stmt::execute(): Argument #1 ($params) must be a list array
 done!