From 36a36560890bdce0a321a3ecf7e1559ef2435aa9 Mon Sep 17 00:00:00 2001 From: jakubvrana Date: Mon, 22 Jun 2009 00:53:51 +0000 Subject: [PATCH] Change escape_string to quote git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@747 7c3ca157-0c34-0410-bff1-cbf682f78f5c --- adminer/create.inc.php | 12 +++---- adminer/database.inc.php | 4 +-- adminer/db.inc.php | 2 +- adminer/dump.inc.php | 14 ++++---- adminer/event.inc.php | 14 ++++---- adminer/include/editing.inc.php | 18 +++++----- adminer/include/export.inc.php | 60 +++++++++++++++---------------- adminer/include/functions.inc.php | 2 +- adminer/include/mysql.inc.php | 23 +++++++----- adminer/include/pdo.inc.php | 4 +-- adminer/select.inc.php | 8 ++--- adminer/table.inc.php | 2 +- adminer/trigger.inc.php | 2 +- adminer/user.inc.php | 24 ++++++------- 14 files changed, 97 insertions(+), 92 deletions(-) diff --git a/adminer/create.inc.php b/adminer/create.inc.php index 27892673..0abd497d 100644 --- a/adminer/create.inc.php +++ b/adminer/create.inc.php @@ -32,9 +32,9 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"] $fields[] = "\n" . (!strlen($_GET["create"]) ? " " : (strlen($field["orig"]) ? "CHANGE " . idf_escape($field["orig"]) . " " : "ADD ")) . idf_escape($field["field"]) . process_type($field) . ($field["null"] ? " NULL" : " NOT NULL") // NULL for timestamp - . (strlen($_GET["create"]) && strlen($field["orig"]) && isset($orig_fields[$field["orig"]]["default"]) && $field["type"] != "timestamp" ? " DEFAULT '" . $dbh->escape_string($orig_fields[$field["orig"]]["default"]) . "'" : "") //! timestamp + . (strlen($_GET["create"]) && strlen($field["orig"]) && isset($orig_fields[$field["orig"]]["default"]) && $field["type"] != "timestamp" ? " DEFAULT " . $dbh->quote($orig_fields[$field["orig"]]["default"]) : "") //! timestamp . ($key == $_POST["auto_increment_col"] ? " AUTO_INCREMENT$auto_increment_index" : "") - . " COMMENT '" . $dbh->escape_string($field["comment"]) . "'" + . " COMMENT " . $dbh->quote($field["comment"]) . (strlen($_GET["create"]) ? " $after" : "") ; $after = "AFTER " . idf_escape($field["field"]); @@ -42,10 +42,10 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"] $fields[] = "\nDROP " . idf_escape($field["orig"]); } } - $status = ($_POST["Engine"] ? "ENGINE='" . $dbh->escape_string($_POST["Engine"]) . "'" : "") - . ($_POST["Collation"] ? " COLLATE '" . $dbh->escape_string($_POST["Collation"]) . "'" : "") + $status = ($_POST["Engine"] ? "ENGINE=" . $dbh->quote($_POST["Engine"]) : "") + . ($_POST["Collation"] ? " COLLATE " . $dbh->quote($_POST["Collation"]) : "") . (strlen($_POST["Auto_increment"]) ? " AUTO_INCREMENT=" . intval($_POST["Auto_increment"]) : "") - . " COMMENT='" . $dbh->escape_string($_POST["Comment"]) . "'" + . " COMMENT=" . $dbh->quote($_POST["Comment"]) ; if (in_array($_POST["partition_by"], $partition_by)) { $partitions = array(); @@ -92,7 +92,7 @@ if ($_POST) { $row["name"] = $_GET["create"]; $row["fields"] = array_values($orig_fields); if ($dbh->server_info >= 5.1) { - $from = "FROM information_schema.PARTITIONS WHERE TABLE_SCHEMA = '" . $dbh->escape_string($_GET["db"]) . "' AND TABLE_NAME = '" . $dbh->escape_string($_GET["create"]) . "'"; + $from = "FROM information_schema.PARTITIONS WHERE TABLE_SCHEMA = " . $dbh->quote($_GET["db"]) . " AND TABLE_NAME = " . $dbh->quote($_GET["create"]); $result = $dbh->query("SELECT PARTITION_METHOD, PARTITION_ORDINAL_POSITION, PARTITION_EXPRESSION $from ORDER BY PARTITION_ORDINAL_POSITION DESC LIMIT 1"); list($row["partition_by"], $row["partitions"], $row["partition"]) = $result->fetch_row(); $result->free(); diff --git a/adminer/database.inc.php b/adminer/database.inc.php index ca968472..759c6ea3 100644 --- a/adminer/database.inc.php +++ b/adminer/database.inc.php @@ -10,7 +10,7 @@ if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP c $failed = false; foreach ($dbs as $db) { if (count($dbs) == 1 || strlen($db)) { // ignore empty lines but always try to create single database - if (!queries("CREATE DATABASE " . idf_escape($db) . ($_POST["collation"] ? " COLLATE '" . $dbh->escape_string($_POST["collation"]) . "'" : ""))) { + if (!queries("CREATE DATABASE " . idf_escape($db) . ($_POST["collation"] ? " COLLATE " . $dbh->quote($_POST["collation"]) : ""))) { $failed = true; } $last = $db; @@ -34,7 +34,7 @@ if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP c if (!$_POST["collation"]) { redirect(substr($SELF, 0, -1)); } - query_redirect("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE '" . $dbh->escape_string($_POST["collation"]) . "'", substr($SELF, 0, -1), lang('Database has been altered.')); + query_redirect("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE " . $dbh->quote($_POST["collation"]), substr($SELF, 0, -1), lang('Database has been altered.')); } } page_header(strlen($_GET["db"]) ? lang('Alter database') : lang('Create database'), $error, array(), $_GET["db"]); diff --git a/adminer/db.inc.php b/adminer/db.inc.php index 6b96c5b5..32d9c343 100644 --- a/adminer/db.inc.php +++ b/adminer/db.inc.php @@ -80,7 +80,7 @@ $result->free(); if ($dbh->server_info >= 5) { echo '

' . lang('Create view') . "

\n"; echo "

" . lang('Routines') . "

\n"; - $result = $dbh->query("SELECT * FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA = '" . $dbh->escape_string($_GET["db"]) . "'"); + $result = $dbh->query("SELECT * FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA = " . $dbh->quote($_GET["db"])); if ($result->num_rows) { echo "\n"; while ($row = $result->fetch_assoc()) { diff --git a/adminer/dump.inc.php b/adminer/dump.inc.php index 2ee8c903..e8f53dce 100644 --- a/adminer/dump.inc.php +++ b/adminer/dump.inc.php @@ -12,7 +12,7 @@ function tar_file($filename, $contents) { function dump_triggers($table, $style) { global $dbh; if ($_POST["format"] != "csv" && $style && $dbh->server_info >= 5) { - $result = $dbh->query("SHOW TRIGGERS LIKE '" . $dbh->escape_string(addcslashes($table, "%_")) . "'"); + $result = $dbh->query("SHOW TRIGGERS LIKE " . $dbh->quote(addcslashes($table, "%_"))); if ($result->num_rows) { echo "\nDELIMITER ;;\n"; while ($row = $result->fetch_assoc()) { @@ -30,7 +30,7 @@ if ($_POST) { if ($_POST["format"] != "csv") { echo "SET NAMES utf8;\n"; echo "SET foreign_key_checks = 0;\n"; - echo "SET time_zone = '" . $dbh->escape_string($dbh->result($dbh->query("SELECT @@time_zone"))) . "';\n"; + echo "SET time_zone = " . $dbh->quote($dbh->result($dbh->query("SELECT @@time_zone"))) . ";\n"; echo "\n"; } @@ -50,7 +50,7 @@ if ($_POST) { $out = ""; if ($dbh->server_info >= 5) { foreach (array("FUNCTION", "PROCEDURE") as $routine) { - $result = $dbh->query("SHOW $routine STATUS WHERE Db = '" . $dbh->escape_string($db) . "'"); + $result = $dbh->query("SHOW $routine STATUS WHERE Db = " . $dbh->quote($db)); while ($row = $result->fetch_assoc()) { $out .= ($style != 'DROP+CREATE' ? "DROP $routine IF EXISTS " . idf_escape($row["Name"]) . ";;\n" : "") . $dbh->result($dbh->query("SHOW CREATE $routine " . idf_escape($row["Name"])), 2) . ";;\n\n"; @@ -121,11 +121,11 @@ CREATE PROCEDURE adminer_drop () BEGIN CASE _table_namequery($query); while ($row = $result->fetch_assoc()) { - $comment = $dbh->escape_string($row["ENGINE"] == "InnoDB" ? preg_replace('~(?:(.+); )?InnoDB free: .*~', '\\1', $row["TABLE_COMMENT"]) : $row["TABLE_COMMENT"]); + $comment = $dbh->quote($row["ENGINE"] == "InnoDB" ? preg_replace('~(?:(.+); )?InnoDB free: .*~', '\\1', $row["TABLE_COMMENT"]) : $row["TABLE_COMMENT"]); echo " - WHEN '" . $dbh->escape_string($row["TABLE_NAME"]) . "' THEN - " . (isset($row["ENGINE"]) ? "IF _engine != '$row[ENGINE]' OR _table_collation != '$row[TABLE_COLLATION]' OR _table_comment != '$comment' THEN - ALTER TABLE " . idf_escape($row["TABLE_NAME"]) . " ENGINE=$row[ENGINE] COLLATE=$row[TABLE_COLLATION] COMMENT='$comment'; + WHEN " . $dbh->quote($row["TABLE_NAME"]) . " THEN + " . (isset($row["ENGINE"]) ? "IF _engine != '$row[ENGINE]' OR _table_collation != '$row[TABLE_COLLATION]' OR _table_comment != $comment THEN + ALTER TABLE " . idf_escape($row["TABLE_NAME"]) . " ENGINE=$row[ENGINE] COLLATE=$row[TABLE_COLLATION] COMMENT=$comment; END IF" : "BEGIN END") . ";"; } $result->free(); diff --git a/adminer/event.inc.php b/adminer/event.inc.php index 4eb53b42..25caf3ff 100644 --- a/adminer/event.inc.php +++ b/adminer/event.inc.php @@ -7,18 +7,18 @@ if ($_POST && !$error) { query_redirect("DROP EVENT " . idf_escape($_GET["event"]), substr($SELF, 0, -1), lang('Event has been dropped.')); } elseif (in_array($_POST["INTERVAL_FIELD"], $intervals) && in_array($_POST["STATUS"], $statuses)) { $schedule = "\nON SCHEDULE " . ($_POST["INTERVAL_VALUE"] - ? "EVERY '" . $dbh->escape_string($_POST["INTERVAL_VALUE"]) . "' $_POST[INTERVAL_FIELD]" - . ($_POST["STARTS"] ? " STARTS '" . $dbh->escape_string($_POST["STARTS"]) . "'" : "") - . ($_POST["ENDS"] ? " ENDS '" . $dbh->escape_string($_POST["ENDS"]) . "'" : "") //! ALTER EVENT doesn't drop ENDS - MySQL bug #39173 - : "AT '" . $dbh->escape_string($_POST["STARTS"]) . "'" + ? "EVERY " . $dbh->quote($_POST["INTERVAL_VALUE"]) . " $_POST[INTERVAL_FIELD]" + . ($_POST["STARTS"] ? " STARTS " . $dbh->quote($_POST["STARTS"]) : "") + . ($_POST["ENDS"] ? " ENDS " . $dbh->quote($_POST["ENDS"]) : "") //! ALTER EVENT doesn't drop ENDS - MySQL bug #39173 + : "AT " . $dbh->quote($_POST["STARTS"]) ) . " ON COMPLETION" . ($_POST["ON_COMPLETION"] ? "" : " NOT") . " PRESERVE" ; query_redirect((strlen($_GET["event"]) ? "ALTER EVENT " . idf_escape($_GET["event"]) . $schedule . ($_GET["event"] != $_POST["EVENT_NAME"] ? "\nRENAME TO " . idf_escape($_POST["EVENT_NAME"]) : "") : "CREATE EVENT " . idf_escape($_POST["EVENT_NAME"]) . $schedule - ) . "\n$_POST[STATUS] COMMENT '" . $dbh->escape_string($_POST["EVENT_COMMENT"]) - . "' DO\n$_POST[EVENT_DEFINITION]" + ) . "\n$_POST[STATUS] COMMENT " . $dbh->quote($_POST["EVENT_COMMENT"]) + . " DO\n$_POST[EVENT_DEFINITION]" , substr($SELF, 0, -1), (strlen($_GET["event"]) ? lang('Event has been altered.') : lang('Event has been created.'))); } } @@ -28,7 +28,7 @@ $row = array(); if ($_POST) { $row = $_POST; } elseif (strlen($_GET["event"])) { - $result = $dbh->query("SELECT * FROM information_schema.EVENTS WHERE EVENT_SCHEMA = '" . $dbh->escape_string($_GET["db"]) . "' AND EVENT_NAME = '" . $dbh->escape_string($_GET["event"]) . "'"); + $result = $dbh->query("SELECT * FROM information_schema.EVENTS WHERE EVENT_SCHEMA = " . $dbh->quote($_GET["db"]) . " AND EVENT_NAME = " . $dbh->quote($_GET["event"])); $row = $result->fetch_assoc(); $row["STATUS"] = $statuses[$row["STATUS"]]; $result->free(); diff --git a/adminer/include/editing.inc.php b/adminer/include/editing.inc.php index 72e4268b..1d18dd48 100644 --- a/adminer/include/editing.inc.php +++ b/adminer/include/editing.inc.php @@ -73,29 +73,29 @@ function process_input($name, $field) { } elseif ($field["type"] == "enum" || $field["auto_increment"] ? !strlen($value) : $function == "NULL") { return "NULL"; } elseif ($field["type"] == "enum") { - return (isset($_GET["default"]) ? "'" . $dbh->escape_string($value) . "'" : intval($value)); + return (isset($_GET["default"]) ? $dbh->quote($value) : intval($value)); } elseif ($field["type"] == "set") { - return (isset($_GET["default"]) ? "'" . implode(",", array_map(array($dbh, 'escape_string'), (array) $value)) . "'" : array_sum((array) $value)); + return (isset($_GET["default"]) ? "'" . implode(",", array_map('escape_string', (array) $value)) . "'" : array_sum((array) $value)); } elseif (preg_match('~binary|blob~', $field["type"])) { $file = get_file($idf); if (!is_string($file)) { return false; //! report errors } - return "_binary'" . (is_string($file) ? $dbh->escape_string($file) : "") . "'"; + return "_binary" . (is_string($file) ? $dbh->quote($file) : ""); } elseif ($field["type"] == "timestamp" && $value == "CURRENT_TIMESTAMP") { return $value; } elseif (preg_match('~^(now|uuid)$~', $function)) { return "$function()"; } elseif (preg_match('~^[+-]$~', $function)) { - return idf_escape($name) . " $function '" . $dbh->escape_string($value) . "'"; + return idf_escape($name) . " $function " . $dbh->quote($value); } elseif (preg_match('~^[+-] interval$~', $function)) { - return idf_escape($name) . " $function " . (preg_match("~^([0-9]+|'[0-9.: -]') [A-Z_]+$~i", $value) ? $value : "'" . $dbh->escape_string($value) . "'"); + return idf_escape($name) . " $function " . (preg_match("~^([0-9]+|'[0-9.: -]') [A-Z_]+$~i", $value) ? $value : $dbh->quote($value)); } elseif (preg_match('~^(addtime|subtime)$~', $function)) { - return "$function(" . idf_escape($name) . ", '" . $dbh->escape_string($value) . "')"; + return "$function(" . idf_escape($name) . ", " . $dbh->quote($value) . ")"; } elseif (preg_match('~^(md5|sha1|password)$~', $function)) { - return "$function('" . $dbh->escape_string($value) . "')"; + return "$function(" . $dbh->quote($value) . ")"; } else { - return "'" . $dbh->escape_string($value) . "'"; + return $dbh->quote($value); } } @@ -116,7 +116,7 @@ function process_type($field, $collate = "COLLATE") { return " $field[type]" . ($field["length"] && !preg_match('~^date|time$~', $field["type"]) ? "(" . process_length($field["length"]) . ")" : "") . (preg_match('~int|float|double|decimal~', $field["type"]) && in_array($field["unsigned"], $unsigned) ? " $field[unsigned]" : "") - . (preg_match('~char|text|enum|set~', $field["type"]) && $field["collation"] ? " $collate '" . $dbh->escape_string($field["collation"]) . "'" : "") + . (preg_match('~char|text|enum|set~', $field["type"]) && $field["collation"] ? " $collate " . $dbh->quote($field["collation"]) : "") ; } diff --git a/adminer/include/export.inc.php b/adminer/include/export.inc.php index b747dabb..ffaf7293 100644 --- a/adminer/include/export.inc.php +++ b/adminer/include/export.inc.php @@ -27,7 +27,7 @@ function dump_table($table, $style, $is_view = false) { } if ($style == "CREATE+ALTER" && !$is_view) { // create procedure which iterates over original columns and adds new and removes old - $query = "SELECT COLUMN_NAME, COLUMN_DEFAULT, IS_NULLABLE, COLLATION_NAME, COLUMN_TYPE, EXTRA, COLUMN_COMMENT FROM information_schema.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = '" . $dbh->escape_string($table) . "' ORDER BY ORDINAL_POSITION"; + $query = "SELECT COLUMN_NAME, COLUMN_DEFAULT, IS_NULLABLE, COLLATION_NAME, COLUMN_TYPE, EXTRA, COLUMN_COMMENT FROM information_schema.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = " . $dbh->quote($table) . " ORDER BY ORDINAL_POSITION"; ?> DELIMITER ;; CREATE PROCEDURE adminer_alter () BEGIN @@ -38,27 +38,27 @@ CREATE PROCEDURE adminer_alter () BEGIN DECLARE _column_comment varchar(255); DECLARE done, set_after bool DEFAULT 0; DECLARE add_columns text DEFAULT 'query($query); -$after = ""; -while ($row = $result->fetch_assoc()) { - $row["default"] = (isset($row["COLUMN_DEFAULT"]) ? "'" . $dbh->escape_string($row["COLUMN_DEFAULT"]) . "'" : "NULL"); - $row["after"] = $dbh->escape_string($after); //! rgt AFTER lft, lft AFTER id doesn't work - $row["alter"] = $dbh->escape_string(idf_escape($row["COLUMN_NAME"]) - . " $row[COLUMN_TYPE]" - . ($row["COLLATION_NAME"] ? " COLLATE $row[COLLATION_NAME]" : "") - . (isset($row["COLUMN_DEFAULT"]) ? " DEFAULT $row[default]" : "") - . ($row["IS_NULLABLE"] == "YES" ? "" : " NOT NULL") - . ($row["EXTRA"] ? " $row[EXTRA]" : "") - . ($row["COLUMN_COMMENT"] ? " COMMENT '" . $dbh->escape_string($row["COLUMN_COMMENT"]) . "'" : "") - . ($after ? " AFTER " . idf_escape($after) : " FIRST") - ); - echo ", ADD $row[alter]"; - $fields[] = $row; - $after = $row["COLUMN_NAME"]; -} -$result->free(); -?>'; + $fields = array(); + $result = $dbh->query($query); + $after = ""; + while ($row = $result->fetch_assoc()) { + $row["default"] = (isset($row["COLUMN_DEFAULT"]) ? $dbh->quote($row["COLUMN_DEFAULT"]) : "NULL"); + $row["after"] = $dbh->quote($after); //! rgt AFTER lft, lft AFTER id doesn't work + $row["alter"] = escape_string(idf_escape($row["COLUMN_NAME"]) + . " $row[COLUMN_TYPE]" + . ($row["COLLATION_NAME"] ? " COLLATE $row[COLLATION_NAME]" : "") + . (isset($row["COLUMN_DEFAULT"]) ? " DEFAULT $row[default]" : "") + . ($row["IS_NULLABLE"] == "YES" ? "" : " NOT NULL") + . ($row["EXTRA"] ? " $row[EXTRA]" : "") + . ($row["COLUMN_COMMENT"] ? " COMMENT " . $dbh->quote($row["COLUMN_COMMENT"]) : "") + . ($after ? " AFTER " . idf_escape($after) : " FIRST") + ); + echo ", ADD $row[alter]"; + $fields[] = $row; + $after = $row["COLUMN_NAME"]; + } + $result->free(); + ?>'; DECLARE columns CURSOR FOR ; DECLARE CONTINUE HANDLER FOR NOT FOUND SET done = 1; SET @alter_table = ''; @@ -68,15 +68,15 @@ $result->free(); IF NOT done THEN SET set_after = 1; CASE _column_nameescape_string($row["COLUMN_NAME"]) . "' THEN + foreach ($fields as $row) { + echo " + WHEN " . $dbh->quote($row["COLUMN_NAME"]) . " THEN SET add_columns = REPLACE(add_columns, ', ADD $row[alter]', ''); - IF NOT (_column_default <=> $row[default]) OR _is_nullable != '$row[IS_NULLABLE]' OR _collation_name != '$row[COLLATION_NAME]' OR _column_type != '$row[COLUMN_TYPE]' OR _extra != '$row[EXTRA]' OR _column_comment != '" . $dbh->escape_string($row["COLUMN_COMMENT"]) . "' OR after != '$row[after]' THEN + IF NOT (_column_default <=> $row[default]) OR _is_nullable != '$row[IS_NULLABLE]' OR _collation_name != '$row[COLLATION_NAME]' OR _column_type != '$row[COLUMN_TYPE]' OR _extra != '$row[EXTRA]' OR _column_comment != " . $dbh->quote($row["COLUMN_COMMENT"]) . " OR after != $row[after] THEN SET @alter_table = CONCAT(@alter_table, ', MODIFY $row[alter]'); END IF;"; //! don't replace in comment -} -?> + } + ?> ELSE SET @alter_table = CONCAT(@alter_table, ', DROP ', _column_name); @@ -121,12 +121,12 @@ function dump_data($table, $style, $select = "") { $insert = "INSERT INTO " . idf_escape($table) . " (" . implode(", ", array_map('idf_escape', array_keys($row))) . ") VALUES"; $row2 = array(); foreach ($row as $key => $val) { - $row2[$key] = (isset($val) ? "'" . $dbh->escape_string($val) . "'" : "NULL"); + $row2[$key] = (isset($val) ? $dbh->quote($val) : "NULL"); } if ($style == "INSERT+UPDATE") { $set = array(); foreach ($row as $key => $val) { - $set[] = idf_escape($key) . " = " . (isset($val) ? "'" . $dbh->escape_string($val) . "'" : "NULL"); + $set[] = idf_escape($key) . " = " . (isset($val) ? $dbh->quote($val) : "NULL"); } echo "$insert (" . implode(", ", $row2) . ") ON DUPLICATE KEY UPDATE " . implode(", ", $set) . ";\n"; } else { diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php index f1daceb7..514d1e51 100644 --- a/adminer/include/functions.inc.php +++ b/adminer/include/functions.inc.php @@ -67,7 +67,7 @@ function where($where) { $return = array(); foreach ((array) $where["where"] as $key => $val) { $key = bracket_escape($key, "back"); - $return[] = (preg_match('~^[A-Z0-9_]+\\(`(?:[^`]+|``)+`\\)$~', $key) ? $key : idf_escape($key)) . " = BINARY '" . $dbh->escape_string($val) . "'"; //! enum and set, columns looking like functions + $return[] = (preg_match('~^[A-Z0-9_]+\\(`(?:[^`]+|``)+`\\)$~', $key) ? $key : idf_escape($key)) . " = BINARY " . $dbh->quote($val); //! enum and set, columns looking like functions } foreach ((array) $where["null"] as $key) { $key = bracket_escape($key, "back"); diff --git a/adminer/include/mysql.inc.php b/adminer/include/mysql.inc.php index bc13ba87..cd813764 100644 --- a/adminer/include/mysql.inc.php +++ b/adminer/include/mysql.inc.php @@ -28,6 +28,10 @@ if (extension_loaded("mysqli")) { return $row[$field]; } + function quote($string) { + return "'" . parent::escape_string($string) . "'"; + } + // minification compatibility start function select_db($database) { return parent::select_db($database); @@ -51,10 +55,6 @@ if (extension_loaded("mysqli")) { function next_result() { return parent::next_result(); } - - function escape_string($string) { - return parent::escape_string($string); - } } class Min_Result { @@ -103,6 +103,10 @@ if (extension_loaded("mysqli")) { return (bool) $this->_link; } + function quote($string) { + return "'" . mysql_real_escape_string($string, $this->_link) . "'"; + } + function select_db($database) { return mysql_select_db($database, $this->_link); } @@ -138,10 +142,6 @@ if (extension_loaded("mysqli")) { } return mysql_result($result->_result, 0, $field); } - - function escape_string($string) { - return mysql_real_escape_string($string, $this->_link); - } } class Min_Result { @@ -224,7 +224,7 @@ function get_databases() { function table_status($table) { global $dbh; - $result = $dbh->query("SHOW TABLE STATUS LIKE '" . $dbh->escape_string(addcslashes($table, "%_")) . "'"); + $result = $dbh->query("SHOW TABLE STATUS LIKE " . $dbh->quote(addcslashes($table, "%_"))); $return = $result->fetch_assoc(); // ()-> is not supported in PHP 4 $result->free(); return $return; @@ -320,6 +320,11 @@ function collations() { return $return; } +function escape_string($val) { + global $dbh; + return substr($dbh->quote($val), 1, -1); +} + function table_comment(&$row) { if ($row["Engine"] == "InnoDB") { // ignore internal comment, unnecessary since MySQL 5.1.21 diff --git a/adminer/include/pdo.inc.php b/adminer/include/pdo.inc.php index c3ae935a..b6d1e5c6 100644 --- a/adminer/include/pdo.inc.php +++ b/adminer/include/pdo.inc.php @@ -55,8 +55,8 @@ if (extension_loaded('pdo')) { return $row[$field]; } - function escape_string($string) { - return substr($this->quote($string), 1, -1); + function quote($string) { + return parent::quote($string); } } diff --git a/adminer/select.inc.php b/adminer/select.inc.php index 8b99915c..4afba497 100644 --- a/adminer/select.inc.php +++ b/adminer/select.inc.php @@ -34,16 +34,16 @@ foreach ((array) $_GET["columns"] as $key => $val) { $where = array(); // where expressions - will be joined by AND foreach ($indexes as $i => $index) { if ($index["type"] == "FULLTEXT" && strlen($_GET["fulltext"][$i])) { - $where[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST ('" . $dbh->escape_string($_GET["fulltext"][$i]) . "'" . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")"; + $where[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST (" . $dbh->quote($_GET["fulltext"][$i]) . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")"; } } foreach ((array) $_GET["where"] as $val) { if (strlen("$val[col]$val[val]") && in_array($val["op"], $operators)) { if ($val["op"] == "AGAINST") { - $where[] = "MATCH (" . idf_escape($val["col"]) . ") AGAINST ('" . $dbh->escape_string($val["val"]) . "' IN BOOLEAN MODE)"; + $where[] = "MATCH (" . idf_escape($val["col"]) . ") AGAINST (" . $dbh->quote($val["val"]) . " IN BOOLEAN MODE)"; } else { $in = process_length($val["val"]); - $cond = " $val[op]" . (ereg('NULL$', $val["op"]) ? "" : (ereg('IN$', $val["op"]) ? " (" . (strlen($in) ? $in : "NULL") . ")" : " '" . $dbh->escape_string($val["val"]) . "'")); //! this searches in numeric values too + $cond = " $val[op]" . (ereg('NULL$', $val["op"]) ? "" : (ereg('IN$', $val["op"]) ? " (" . (strlen($in) ? $in : "NULL") . ")" : " " . $dbh->quote($val["val"]))); //! this searches in numeric values too if (strlen($val["col"])) { $where[] = idf_escape($val["col"]) . $cond; } else { @@ -133,7 +133,7 @@ if ($_POST && !$error) { $cols = " (" . implode(", ", array_map('idf_escape', $matches2[1])) . ")"; } else { foreach ($matches2[1] as $col) { - $row[] = (!strlen($col) ? "NULL" : "'" . $dbh->escape_string(str_replace('""', '"', preg_replace('~^".*"$~s', '', $col))) . "'"); + $row[] = (!strlen($col) ? "NULL" : $dbh->quote(str_replace('""', '"', preg_replace('~^".*"$~s', '', $col)))); } $rows[] = "\n(" . implode(", ", $row) . ")"; } diff --git a/adminer/table.inc.php b/adminer/table.inc.php index bdff1b54..229e7e00 100644 --- a/adminer/table.inc.php +++ b/adminer/table.inc.php @@ -63,7 +63,7 @@ if ($result) { if ($dbh->server_info >= 5) { echo "

" . lang('Triggers') . "

\n"; - $result = $dbh->query("SHOW TRIGGERS LIKE '" . $dbh->escape_string(addcslashes($_GET["table"], "%_")) . "'"); + $result = $dbh->query("SHOW TRIGGERS LIKE " . $dbh->quote(addcslashes($_GET["table"], "%_"))); if ($result->num_rows) { echo "
\n"; while ($row = $result->fetch_assoc()) { diff --git a/adminer/trigger.inc.php b/adminer/trigger.inc.php index 60e6c8ed..9085df05 100644 --- a/adminer/trigger.inc.php +++ b/adminer/trigger.inc.php @@ -19,7 +19,7 @@ $row = array("Trigger" => "$_GET[trigger]_bi"); if ($_POST) { $row = $_POST; } elseif (strlen($_GET["name"])) { - $result = $dbh->query("SHOW TRIGGERS WHERE `Trigger` = '" . $dbh->escape_string($_GET["name"]) . "'"); + $result = $dbh->query("SHOW TRIGGERS WHERE `Trigger` = " . $dbh->quote($_GET["name"])); $row = $result->fetch_assoc(); $result->free(); } diff --git a/adminer/user.inc.php b/adminer/user.inc.php index 77d20d15..7141ada1 100644 --- a/adminer/user.inc.php +++ b/adminer/user.inc.php @@ -35,7 +35,7 @@ if ($_POST) { } $grants = array(); $old_pass = ""; -if (isset($_GET["host"]) && ($result = $dbh->query("SHOW GRANTS FOR '" . $dbh->escape_string($_GET["user"]) . "'@'" . $dbh->escape_string($_GET["host"]) . "'"))) { //! Use information_schema for MySQL 5 - column names in column privileges are not escaped +if (isset($_GET["host"]) && ($result = $dbh->query("SHOW GRANTS FOR " . $dbh->quote($_GET["user"]) . "@" . $dbh->quote($_GET["host"])))) { //! Use information_schema for MySQL 5 - column names in column privileges are not escaped while ($row = $result->fetch_row()) { if (preg_match('~GRANT (.*) ON (.*) TO ~', $row[0], $match) && preg_match_all('~ *([^(,]*[^ ,(])( *\\([^)]+\\))?~', $match[1], $matches, PREG_SET_ORDER)) { //! escape the part between ON and TO foreach ($matches as $val) { @@ -53,16 +53,16 @@ if (isset($_GET["host"]) && ($result = $dbh->query("SHOW GRANTS FOR '" . $dbh->e } if ($_POST && !$error) { - $old_user = (isset($_GET["host"]) ? $dbh->escape_string($_GET["user"]) . "'@'" . $dbh->escape_string($_GET["host"]) : ""); - $new_user = $dbh->escape_string($_POST["user"]) . "'@'" . $dbh->escape_string($_POST["host"]); - $pass = $dbh->escape_string($_POST["pass"]); + $old_user = (isset($_GET["host"]) ? $dbh->quote($_GET["user"]) . "@" . $dbh->quote($_GET["host"]) : "''"); + $new_user = $dbh->quote($_POST["user"]) . "@" . $dbh->quote($_POST["host"]); + $pass = $dbh->quote($_POST["pass"]); if ($_POST["drop"]) { - query_redirect("DROP USER '$old_user'", $SELF . "privileges=", lang('User has been dropped.')); + query_redirect("DROP USER $old_user", $SELF . "privileges=", lang('User has been dropped.')); } else { if ($old_user == $new_user) { - queries("SET PASSWORD FOR '$new_user' = " . ($_POST["hashed"] ? "'$pass'" : "PASSWORD('$pass')")); + queries("SET PASSWORD FOR $new_user = " . ($_POST["hashed"] ? $pass : "PASSWORD($pass)")); } else { - $error = !queries(($dbh->server_info < 5 ? "GRANT USAGE ON *.* TO" : "CREATE USER") . " '$new_user' IDENTIFIED BY" . ($_POST["hashed"] ? " PASSWORD" : "") . " '$pass'"); + $error = !queries(($dbh->server_info < 5 ? "GRANT USAGE ON *.* TO" : "CREATE USER") . " $new_user IDENTIFIED BY" . ($_POST["hashed"] ? " PASSWORD" : "") . " $pass"); } if (!$error) { $revoke = array(); @@ -81,8 +81,8 @@ if ($_POST && !$error) { unset($grants[$object]); } if (preg_match('~^(.+)\\s*(\\(.*\\))?$~U', $object, $match) && ( - ($grant && !queries("GRANT " . grant($grant, $match[2]) . " ON $match[1] TO '$new_user'")) //! SQL injection - || ($revoke && !queries("REVOKE " . grant($revoke, $match[2]) . " ON $match[1] FROM '$new_user'")) + ($grant && !queries("GRANT " . grant($grant, $match[2]) . " ON $match[1] TO $new_user")) //! SQL injection + || ($revoke && !queries("REVOKE " . grant($revoke, $match[2]) . " ON $match[1] FROM $new_user")) )) { $error = true; break; @@ -91,18 +91,18 @@ if ($_POST && !$error) { } if (!$error && isset($_GET["host"])) { if ($old_user != $new_user) { - queries("DROP USER '$old_user'"); + queries("DROP USER $old_user"); } elseif (!isset($_GET["grant"])) { foreach ($grants as $object => $revoke) { if (preg_match('~^(.+)(\\(.*\\))?$~U', $object, $match)) { - queries("REVOKE " . grant(array_keys($revoke), $match[2]) . " ON $match[1] FROM '$new_user'"); + queries("REVOKE " . grant(array_keys($revoke), $match[2]) . " ON $match[1] FROM $new_user"); } } } } query_redirect(queries(), $SELF . "privileges=", (isset($_GET["host"]) ? lang('User has been altered.') : lang('User has been created.')), !$error, false, $error); if ($old_user != $new_user) { - $dbh->query("DROP USER '$new_user'"); + $dbh->query("DROP USER $new_user"); } } }