Fix PDO::PARAM_LOB binding for BYTEA columns in CalDAV and CardDAV#1623
Merged
Conversation
…ckends When using PostgreSQL, the calendardata and carddata columns are of type BYTEA. Without explicit PDO::PARAM_LOB binding, PDO sends the data as a string literal which goes through PostgreSQL's bytea text input parser. This parser interprets backslash sequences (e.g. \, \n) as octal escapes, causing "invalid input syntax for type bytea" errors on valid iCalendar/vCard data containing RFC 5545 TEXT escape sequences. The PropertyStorage backend (propPatch) already handles this correctly by using bindParam() with PDO::PARAM_LOB for the value column. This commit applies the same fix to all write methods in the CalDAV and CardDAV PDO backends, and adds is_resource()/stream_get_contents() handling for read methods since PDO returns BYTEA data as streams. Fixes sabre-io#1587 Fixes sabre-io#917
alecpl
reviewed
Feb 15, 2026
provokateurin
approved these changes
Mar 10, 2026
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #1623 +/- ##
============================================
+ Coverage 97.24% 97.26% +0.02%
- Complexity 2836 2844 +8
============================================
Files 175 175
Lines 8852 8887 +35
============================================
+ Hits 8608 8644 +36
+ Misses 244 243 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #1587 and #917
Problem
On PostgreSQL, inserting iCalendar or vCard data containing backslash escape sequences (e.g.
\,or\n, which are standard RFC 5545 TEXT escapes) into thecalendardataorcarddataBYTEA columns fails with:This happens because PDO binds parameters as
PARAM_STRby default. For BYTEA columns, PostgreSQL's text input parser then interprets backslash sequences as invalid octal escapes.Fix
Bind
calendardata/carddataparameters withPDO::PARAM_LOBin all write methods, consistent with the existing fix inSabre\DAV\PropertyStorage\Backend\PDO::propPatch(). Also switch to named parameters withbindParam()and explicit types for all parameters, matching the PropertyStorage style.Read methods now handle the
is_resource()case since PDO may return BYTEA data as a PHP stream.Test
Added
testCreateCalendarObjectWithIcsEscapesinAbstractPDOTestCase— inserts ICS data with\,and\nescapes, verifies round-trip integrity. Passes on PostgreSQL with the fix, fails without it.I can also confirm this fixes our own codebase where we had large ICS import break 10% of the time because of such characters in events.