mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-11 09:04:02 +02:00
Code Issues Releases Wiki Activity

Change escape_string to quote

Browse Source 
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@747 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana
2009-06-22 00:53:51 +00:00
parent e905f856aa
commit 36a3656089
14 changed files with 97 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
adminer/create.inc.php
View File

@@ -32,9 +32,9 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"]
$fields[] = "\n" . (!strlen($_GET["create"]) ? " " : (strlen($field["orig"]) ? "CHANGE " . idf_escape($field["orig"]) . " " : "ADD ")) $fields[] = "\n" . (!strlen($_GET["create"]) ? " " : (strlen($field["orig"]) ? "CHANGE " . idf_escape($field["orig"]) . " " : "ADD "))
. idf_escape($field["field"]) . process_type($field) . idf_escape($field["field"]) . process_type($field)
. ($field["null"] ? " NULL" : " NOT NULL") // NULL for timestamp . ($field["null"] ? " NULL" : " NOT NULL") // NULL for timestamp
. (strlen($_GET["create"]) && strlen($field["orig"]) && isset($orig_fields[$field["orig"]]["default"]) && $field["type"] != "timestamp" ? " DEFAULT '" . $dbh->escape_string($orig_fields[$field["orig"]]["default"]) . "'" : "") //! timestamp . (strlen($_GET["create"]) && strlen($field["orig"]) && isset($orig_fields[$field["orig"]]["default"]) && $field["type"] != "timestamp" ? " DEFAULT " . $dbh->quote($orig_fields[$field["orig"]]["default"]) : "") //! timestamp
. ($key == $_POST["auto_increment_col"] ? " AUTO_INCREMENT$auto_increment_index" : "") . ($key == $_POST["auto_increment_col"] ? " AUTO_INCREMENT$auto_increment_index" : "")
. " COMMENT '" . $dbh->escape_string($field["comment"]) . "'" . " COMMENT " . $dbh->quote($field["comment"])
. (strlen($_GET["create"]) ? " $after" : "") . (strlen($_GET["create"]) ? " $after" : "")
; ;
$after = "AFTER " . idf_escape($field["field"]); $after = "AFTER " . idf_escape($field["field"]);
@@ -42,10 +42,10 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"]
$fields[] = "\nDROP " . idf_escape($field["orig"]); $fields[] = "\nDROP " . idf_escape($field["orig"]);
} }
} }
$status = ($_POST["Engine"] ? "ENGINE='" . $dbh->escape_string($_POST["Engine"]) . "'" : "") $status = ($_POST["Engine"] ? "ENGINE=" . $dbh->quote($_POST["Engine"]) : "")
. ($_POST["Collation"] ? " COLLATE '" . $dbh->escape_string($_POST["Collation"]) . "'" : "") . ($_POST["Collation"] ? " COLLATE " . $dbh->quote($_POST["Collation"]) : "")
. (strlen($_POST["Auto_increment"]) ? " AUTO_INCREMENT=" . intval($_POST["Auto_increment"]) : "") . (strlen($_POST["Auto_increment"]) ? " AUTO_INCREMENT=" . intval($_POST["Auto_increment"]) : "")
. " COMMENT='" . $dbh->escape_string($_POST["Comment"]) . "'" . " COMMENT=" . $dbh->quote($_POST["Comment"])
; ;
if (in_array($_POST["partition_by"], $partition_by)) { if (in_array($_POST["partition_by"], $partition_by)) {
$partitions = array(); $partitions = array();
@@ -92,7 +92,7 @@ if ($_POST) {
$row["name"] = $_GET["create"]; $row["name"] = $_GET["create"];
$row["fields"] = array_values($orig_fields); $row["fields"] = array_values($orig_fields);
if ($dbh->server_info >= 5.1) { if ($dbh->server_info >= 5.1) {
$from = "FROM information_schema.PARTITIONS WHERE TABLE_SCHEMA = '" . $dbh->escape_string($_GET["db"]) . "' AND TABLE_NAME = '" . $dbh->escape_string($_GET["create"]) . "'"; $from = "FROM information_schema.PARTITIONS WHERE TABLE_SCHEMA = " . $dbh->quote($_GET["db"]) . " AND TABLE_NAME = " . $dbh->quote($_GET["create"]);
$result = $dbh->query("SELECT PARTITION_METHOD, PARTITION_ORDINAL_POSITION, PARTITION_EXPRESSION $from ORDER BY PARTITION_ORDINAL_POSITION DESC LIMIT 1"); $result = $dbh->query("SELECT PARTITION_METHOD, PARTITION_ORDINAL_POSITION, PARTITION_EXPRESSION $from ORDER BY PARTITION_ORDINAL_POSITION DESC LIMIT 1");
list($row["partition_by"], $row["partitions"], $row["partition"]) = $result->fetch_row(); list($row["partition_by"], $row["partitions"], $row["partition"]) = $result->fetch_row();
$result->free(); $result->free();

4
adminer/database.inc.php
View File

@@ -10,7 +10,7 @@ if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP c
$failed = false; $failed = false;
foreach ($dbs as $db) { foreach ($dbs as $db) {
if (count($dbs) == 1 || strlen($db)) { // ignore empty lines but always try to create single database if (count($dbs) == 1 || strlen($db)) { // ignore empty lines but always try to create single database
if (!queries("CREATE DATABASE " . idf_escape($db) . ($_POST["collation"] ? " COLLATE '" . $dbh->escape_string($_POST["collation"]) . "'" : ""))) { if (!queries("CREATE DATABASE " . idf_escape($db) . ($_POST["collation"] ? " COLLATE " . $dbh->quote($_POST["collation"]) : ""))) {
$failed = true; $failed = true;
} }
$last = $db; $last = $db;
@@ -34,7 +34,7 @@ if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP c
if (!$_POST["collation"]) { if (!$_POST["collation"]) {
redirect(substr($SELF, 0, -1)); redirect(substr($SELF, 0, -1));
} }
query_redirect("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE '" . $dbh->escape_string($_POST["collation"]) . "'", substr($SELF, 0, -1), lang('Database has been altered.')); query_redirect("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE " . $dbh->quote($_POST["collation"]), substr($SELF, 0, -1), lang('Database has been altered.'));
} }
} }
page_header(strlen($_GET["db"]) ? lang('Alter database') : lang('Create database'), $error, array(), $_GET["db"]); page_header(strlen($_GET["db"]) ? lang('Alter database') : lang('Create database'), $error, array(), $_GET["db"]);

2
adminer/db.inc.php
View File

@@ -80,7 +80,7 @@ $result->free();
if ($dbh->server_info >= 5) { if ($dbh->server_info >= 5) {
echo '<p><a href="' . htmlspecialchars($SELF) . 'createv=">' . lang('Create view') . "</a></p>\n"; echo '<p><a href="' . htmlspecialchars($SELF) . 'createv=">' . lang('Create view') . "</a></p>\n";
echo "<h3>" . lang('Routines') . "</h3>\n"; echo "<h3>" . lang('Routines') . "</h3>\n";
$result = $dbh->query("SELECT * FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA = '" . $dbh->escape_string($_GET["db"]) . "'"); $result = $dbh->query("SELECT * FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA = " . $dbh->quote($_GET["db"]));
if ($result->num_rows) { if ($result->num_rows) {
echo "<table cellspacing='0'>\n"; echo "<table cellspacing='0'>\n";
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {

14
adminer/dump.inc.php
View File

@@ -12,7 +12,7 @@ function tar_file($filename, $contents) {
function dump_triggers($table, $style) { function dump_triggers($table, $style) {
global $dbh; global $dbh;
if ($_POST["format"] != "csv" && $style && $dbh->server_info >= 5) { if ($_POST["format"] != "csv" && $style && $dbh->server_info >= 5) {
$result = $dbh->query("SHOW TRIGGERS LIKE '" . $dbh->escape_string(addcslashes($table, "%_")) . "'"); $result = $dbh->query("SHOW TRIGGERS LIKE " . $dbh->quote(addcslashes($table, "%_")));
if ($result->num_rows) { if ($result->num_rows) {
echo "\nDELIMITER ;;\n"; echo "\nDELIMITER ;;\n";
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {
@@ -30,7 +30,7 @@ if ($_POST) {
if ($_POST["format"] != "csv") { if ($_POST["format"] != "csv") {
echo "SET NAMES utf8;\n"; echo "SET NAMES utf8;\n";
echo "SET foreign_key_checks = 0;\n"; echo "SET foreign_key_checks = 0;\n";
echo "SET time_zone = '" . $dbh->escape_string($dbh->result($dbh->query("SELECT @@time_zone"))) . "';\n"; echo "SET time_zone = " . $dbh->quote($dbh->result($dbh->query("SELECT @@time_zone"))) . ";\n";
echo "\n"; echo "\n";
} }
@@ -50,7 +50,7 @@ if ($_POST) {
$out = ""; $out = "";
if ($dbh->server_info >= 5) { if ($dbh->server_info >= 5) {
foreach (array("FUNCTION", "PROCEDURE") as $routine) { foreach (array("FUNCTION", "PROCEDURE") as $routine) {
$result = $dbh->query("SHOW $routine STATUS WHERE Db = '" . $dbh->escape_string($db) . "'"); $result = $dbh->query("SHOW $routine STATUS WHERE Db = " . $dbh->quote($db));
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {
$out .= ($style != 'DROP+CREATE' ? "DROP $routine IF EXISTS " . idf_escape($row["Name"]) . ";;\n" : "") $out .= ($style != 'DROP+CREATE' ? "DROP $routine IF EXISTS " . idf_escape($row["Name"]) . ";;\n" : "")
. $dbh->result($dbh->query("SHOW CREATE $routine " . idf_escape($row["Name"])), 2) . ";;\n\n"; . $dbh->result($dbh->query("SHOW CREATE $routine " . idf_escape($row["Name"])), 2) . ";;\n\n";
@@ -121,11 +121,11 @@ CREATE PROCEDURE adminer_drop () BEGIN
CASE _table_name<?php CASE _table_name<?php
$result = $dbh->query($query); $result = $dbh->query($query);
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {
$comment = $dbh->escape_string($row["ENGINE"] == "InnoDB" ? preg_replace('~(?:(.+); )?InnoDB free: .*~', '\\1', $row["TABLE_COMMENT"]) : $row["TABLE_COMMENT"]); $comment = $dbh->quote($row["ENGINE"] == "InnoDB" ? preg_replace('~(?:(.+); )?InnoDB free: .*~', '\\1', $row["TABLE_COMMENT"]) : $row["TABLE_COMMENT"]);
echo " echo "
WHEN '" . $dbh->escape_string($row["TABLE_NAME"]) . "' THEN WHEN " . $dbh->quote($row["TABLE_NAME"]) . " THEN
" . (isset($row["ENGINE"]) ? "IF _engine != '$row[ENGINE]' OR _table_collation != '$row[TABLE_COLLATION]' OR _table_comment != '$comment' THEN " . (isset($row["ENGINE"]) ? "IF _engine != '$row[ENGINE]' OR _table_collation != '$row[TABLE_COLLATION]' OR _table_comment != $comment THEN
ALTER TABLE " . idf_escape($row["TABLE_NAME"]) . " ENGINE=$row[ENGINE] COLLATE=$row[TABLE_COLLATION] COMMENT='$comment'; ALTER TABLE " . idf_escape($row["TABLE_NAME"]) . " ENGINE=$row[ENGINE] COLLATE=$row[TABLE_COLLATION] COMMENT=$comment;
END IF" : "BEGIN END") . ";"; END IF" : "BEGIN END") . ";";
} }
$result->free(); $result->free();

14
adminer/event.inc.php
View File

@@ -7,18 +7,18 @@ if ($_POST && !$error) {
query_redirect("DROP EVENT " . idf_escape($_GET["event"]), substr($SELF, 0, -1), lang('Event has been dropped.')); query_redirect("DROP EVENT " . idf_escape($_GET["event"]), substr($SELF, 0, -1), lang('Event has been dropped.'));
} elseif (in_array($_POST["INTERVAL_FIELD"], $intervals) && in_array($_POST["STATUS"], $statuses)) { } elseif (in_array($_POST["INTERVAL_FIELD"], $intervals) && in_array($_POST["STATUS"], $statuses)) {
$schedule = "\nON SCHEDULE " . ($_POST["INTERVAL_VALUE"] $schedule = "\nON SCHEDULE " . ($_POST["INTERVAL_VALUE"]
? "EVERY '" . $dbh->escape_string($_POST["INTERVAL_VALUE"]) . "' $_POST[INTERVAL_FIELD]" ? "EVERY " . $dbh->quote($_POST["INTERVAL_VALUE"]) . " $_POST[INTERVAL_FIELD]"
. ($_POST["STARTS"] ? " STARTS '" . $dbh->escape_string($_POST["STARTS"]) . "'" : "") . ($_POST["STARTS"] ? " STARTS " . $dbh->quote($_POST["STARTS"]) : "")
. ($_POST["ENDS"] ? " ENDS '" . $dbh->escape_string($_POST["ENDS"]) . "'" : "") //! ALTER EVENT doesn't drop ENDS - MySQL bug #39173 . ($_POST["ENDS"] ? " ENDS " . $dbh->quote($_POST["ENDS"]) : "") //! ALTER EVENT doesn't drop ENDS - MySQL bug #39173
: "AT '" . $dbh->escape_string($_POST["STARTS"]) . "'" : "AT " . $dbh->quote($_POST["STARTS"])
) . " ON COMPLETION" . ($_POST["ON_COMPLETION"] ? "" : " NOT") . " PRESERVE" ) . " ON COMPLETION" . ($_POST["ON_COMPLETION"] ? "" : " NOT") . " PRESERVE"
; ;
query_redirect((strlen($_GET["event"]) query_redirect((strlen($_GET["event"])
? "ALTER EVENT " . idf_escape($_GET["event"]) . $schedule ? "ALTER EVENT " . idf_escape($_GET["event"]) . $schedule
. ($_GET["event"] != $_POST["EVENT_NAME"] ? "\nRENAME TO " . idf_escape($_POST["EVENT_NAME"]) : "") . ($_GET["event"] != $_POST["EVENT_NAME"] ? "\nRENAME TO " . idf_escape($_POST["EVENT_NAME"]) : "")
: "CREATE EVENT " . idf_escape($_POST["EVENT_NAME"]) . $schedule : "CREATE EVENT " . idf_escape($_POST["EVENT_NAME"]) . $schedule
) . "\n$_POST[STATUS] COMMENT '" . $dbh->escape_string($_POST["EVENT_COMMENT"]) ) . "\n$_POST[STATUS] COMMENT " . $dbh->quote($_POST["EVENT_COMMENT"])
. "' DO\n$_POST[EVENT_DEFINITION]" . " DO\n$_POST[EVENT_DEFINITION]"
, substr($SELF, 0, -1), (strlen($_GET["event"]) ? lang('Event has been altered.') : lang('Event has been created.'))); , substr($SELF, 0, -1), (strlen($_GET["event"]) ? lang('Event has been altered.') : lang('Event has been created.')));
} }
} }
@@ -28,7 +28,7 @@ $row = array();
if ($_POST) { if ($_POST) {
$row = $_POST; $row = $_POST;
} elseif (strlen($_GET["event"])) { } elseif (strlen($_GET["event"])) {
$result = $dbh->query("SELECT * FROM information_schema.EVENTS WHERE EVENT_SCHEMA = '" . $dbh->escape_string($_GET["db"]) . "' AND EVENT_NAME = '" . $dbh->escape_string($_GET["event"]) . "'"); $result = $dbh->query("SELECT * FROM information_schema.EVENTS WHERE EVENT_SCHEMA = " . $dbh->quote($_GET["db"]) . " AND EVENT_NAME = " . $dbh->quote($_GET["event"]));
$row = $result->fetch_assoc(); $row = $result->fetch_assoc();
$row["STATUS"] = $statuses[$row["STATUS"]]; $row["STATUS"] = $statuses[$row["STATUS"]];
$result->free(); $result->free();

18
adminer/include/editing.inc.php
View File

@@ -73,29 +73,29 @@ function process_input($name, $field) {
} elseif ($field["type"] == "enum" || $field["auto_increment"] ? !strlen($value) : $function == "NULL") { } elseif ($field["type"] == "enum" || $field["auto_increment"] ? !strlen($value) : $function == "NULL") {
return "NULL"; return "NULL";
} elseif ($field["type"] == "enum") { } elseif ($field["type"] == "enum") {
return (isset($_GET["default"]) ? "'" . $dbh->escape_string($value) . "'" : intval($value)); return (isset($_GET["default"]) ? $dbh->quote($value) : intval($value));
} elseif ($field["type"] == "set") { } elseif ($field["type"] == "set") {
return (isset($_GET["default"]) ? "'" . implode(",", array_map(array($dbh, 'escape_string'), (array) $value)) . "'" : array_sum((array) $value)); return (isset($_GET["default"]) ? "'" . implode(",", array_map('escape_string', (array) $value)) . "'" : array_sum((array) $value));
} elseif (preg_match('~binary|blob~', $field["type"])) { } elseif (preg_match('~binary|blob~', $field["type"])) {
$file = get_file($idf); $file = get_file($idf);
if (!is_string($file)) { if (!is_string($file)) {
return false; //! report errors return false; //! report errors
} }
return "_binary'" . (is_string($file) ? $dbh->escape_string($file) : "") . "'"; return "_binary" . (is_string($file) ? $dbh->quote($file) : "");
} elseif ($field["type"] == "timestamp" && $value == "CURRENT_TIMESTAMP") { } elseif ($field["type"] == "timestamp" && $value == "CURRENT_TIMESTAMP") {
return $value; return $value;
} elseif (preg_match('~^(now|uuid)$~', $function)) { } elseif (preg_match('~^(now|uuid)$~', $function)) {
return "$function()"; return "$function()";
} elseif (preg_match('~^[+-]$~', $function)) { } elseif (preg_match('~^[+-]$~', $function)) {
return idf_escape($name) . " $function '" . $dbh->escape_string($value) . "'"; return idf_escape($name) . " $function " . $dbh->quote($value);
} elseif (preg_match('~^[+-] interval$~', $function)) { } elseif (preg_match('~^[+-] interval$~', $function)) {
return idf_escape($name) . " $function " . (preg_match("~^([0-9]+|'[0-9.: -]') [A-Z_]+$~i", $value) ? $value : "'" . $dbh->escape_string($value) . "'"); return idf_escape($name) . " $function " . (preg_match("~^([0-9]+|'[0-9.: -]') [A-Z_]+$~i", $value) ? $value : $dbh->quote($value));
} elseif (preg_match('~^(addtime|subtime)$~', $function)) { } elseif (preg_match('~^(addtime|subtime)$~', $function)) {
return "$function(" . idf_escape($name) . ", '" . $dbh->escape_string($value) . "')"; return "$function(" . idf_escape($name) . ", " . $dbh->quote($value) . ")";
} elseif (preg_match('~^(md5|sha1|password)$~', $function)) { } elseif (preg_match('~^(md5|sha1|password)$~', $function)) {
return "$function('" . $dbh->escape_string($value) . "')"; return "$function(" . $dbh->quote($value) . ")";
} else { } else {
return "'" . $dbh->escape_string($value) . "'"; return $dbh->quote($value);
} }
} }
@@ -116,7 +116,7 @@ function process_type($field, $collate = "COLLATE") {
return " $field[type]" return " $field[type]"
. ($field["length"] && !preg_match('~^date|time$~', $field["type"]) ? "(" . process_length($field["length"]) . ")" : "") . ($field["length"] && !preg_match('~^date|time$~', $field["type"]) ? "(" . process_length($field["length"]) . ")" : "")
. (preg_match('~int|float|double|decimal~', $field["type"]) && in_array($field["unsigned"], $unsigned) ? " $field[unsigned]" : "") . (preg_match('~int|float|double|decimal~', $field["type"]) && in_array($field["unsigned"], $unsigned) ? " $field[unsigned]" : "")
. (preg_match('~char|text|enum|set~', $field["type"]) && $field["collation"] ? " $collate '" . $dbh->escape_string($field["collation"]) . "'" : "") . (preg_match('~char|text|enum|set~', $field["type"]) && $field["collation"] ? " $collate " . $dbh->quote($field["collation"]) : "")
; ;
} }

60
adminer/include/export.inc.php
View File

@@ -27,7 +27,7 @@ function dump_table($table, $style, $is_view = false) {
} }
if ($style == "CREATE+ALTER" && !$is_view) { if ($style == "CREATE+ALTER" && !$is_view) {
// create procedure which iterates over original columns and adds new and removes old // create procedure which iterates over original columns and adds new and removes old
$query = "SELECT COLUMN_NAME, COLUMN_DEFAULT, IS_NULLABLE, COLLATION_NAME, COLUMN_TYPE, EXTRA, COLUMN_COMMENT FROM information_schema.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = '" . $dbh->escape_string($table) . "' ORDER BY ORDINAL_POSITION"; $query = "SELECT COLUMN_NAME, COLUMN_DEFAULT, IS_NULLABLE, COLLATION_NAME, COLUMN_TYPE, EXTRA, COLUMN_COMMENT FROM information_schema.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = " . $dbh->quote($table) . " ORDER BY ORDINAL_POSITION";
?> ?>
DELIMITER ;; DELIMITER ;;
CREATE PROCEDURE adminer_alter () BEGIN CREATE PROCEDURE adminer_alter () BEGIN
@@ -38,27 +38,27 @@ CREATE PROCEDURE adminer_alter () BEGIN
DECLARE _column_comment varchar(255); DECLARE _column_comment varchar(255);
DECLARE done, set_after bool DEFAULT 0; DECLARE done, set_after bool DEFAULT 0;
DECLARE add_columns text DEFAULT '<?php DECLARE add_columns text DEFAULT '<?php
$fields = array(); $fields = array();
$result = $dbh->query($query); $result = $dbh->query($query);
$after = ""; $after = "";
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {
$row["default"] = (isset($row["COLUMN_DEFAULT"]) ? "'" . $dbh->escape_string($row["COLUMN_DEFAULT"]) . "'" : "NULL"); $row["default"] = (isset($row["COLUMN_DEFAULT"]) ? $dbh->quote($row["COLUMN_DEFAULT"]) : "NULL");
$row["after"] = $dbh->escape_string($after); //! rgt AFTER lft, lft AFTER id doesn't work $row["after"] = $dbh->quote($after); //! rgt AFTER lft, lft AFTER id doesn't work
$row["alter"] = $dbh->escape_string(idf_escape($row["COLUMN_NAME"]) $row["alter"] = escape_string(idf_escape($row["COLUMN_NAME"])
. " $row[COLUMN_TYPE]" . " $row[COLUMN_TYPE]"
. ($row["COLLATION_NAME"] ? " COLLATE $row[COLLATION_NAME]" : "") . ($row["COLLATION_NAME"] ? " COLLATE $row[COLLATION_NAME]" : "")
. (isset($row["COLUMN_DEFAULT"]) ? " DEFAULT $row[default]" : "") . (isset($row["COLUMN_DEFAULT"]) ? " DEFAULT $row[default]" : "")
. ($row["IS_NULLABLE"] == "YES" ? "" : " NOT NULL") . ($row["IS_NULLABLE"] == "YES" ? "" : " NOT NULL")
. ($row["EXTRA"] ? " $row[EXTRA]" : "") . ($row["EXTRA"] ? " $row[EXTRA]" : "")
. ($row["COLUMN_COMMENT"] ? " COMMENT '" . $dbh->escape_string($row["COLUMN_COMMENT"]) . "'" : "") . ($row["COLUMN_COMMENT"] ? " COMMENT " . $dbh->quote($row["COLUMN_COMMENT"]) : "")
. ($after ? " AFTER " . idf_escape($after) : " FIRST") . ($after ? " AFTER " . idf_escape($after) : " FIRST")
); );
echo ", ADD $row[alter]"; echo ", ADD $row[alter]";
$fields[] = $row; $fields[] = $row;
$after = $row["COLUMN_NAME"]; $after = $row["COLUMN_NAME"];
} }
$result->free(); $result->free();
?>'; ?>';
DECLARE columns CURSOR FOR <?php echo $query; ?>; DECLARE columns CURSOR FOR <?php echo $query; ?>;
DECLARE CONTINUE HANDLER FOR NOT FOUND SET done = 1; DECLARE CONTINUE HANDLER FOR NOT FOUND SET done = 1;
SET @alter_table = ''; SET @alter_table = '';
@@ -68,15 +68,15 @@ $result->free();
IF NOT done THEN IF NOT done THEN
SET set_after = 1; SET set_after = 1;
CASE _column_name<?php CASE _column_name<?php
foreach ($fields as $row) { foreach ($fields as $row) {
echo " echo "
WHEN '" . $dbh->escape_string($row["COLUMN_NAME"]) . "' THEN WHEN " . $dbh->quote($row["COLUMN_NAME"]) . " THEN
SET add_columns = REPLACE(add_columns, ', ADD $row[alter]', ''); SET add_columns = REPLACE(add_columns, ', ADD $row[alter]', '');
IF NOT (_column_default <=> $row[default]) OR _is_nullable != '$row[IS_NULLABLE]' OR _collation_name != '$row[COLLATION_NAME]' OR _column_type != '$row[COLUMN_TYPE]' OR _extra != '$row[EXTRA]' OR _column_comment != '" . $dbh->escape_string($row["COLUMN_COMMENT"]) . "' OR after != '$row[after]' THEN IF NOT (_column_default <=> $row[default]) OR _is_nullable != '$row[IS_NULLABLE]' OR _collation_name != '$row[COLLATION_NAME]' OR _column_type != '$row[COLUMN_TYPE]' OR _extra != '$row[EXTRA]' OR _column_comment != " . $dbh->quote($row["COLUMN_COMMENT"]) . " OR after != $row[after] THEN
SET @alter_table = CONCAT(@alter_table, ', MODIFY $row[alter]'); SET @alter_table = CONCAT(@alter_table, ', MODIFY $row[alter]');
END IF;"; //! don't replace in comment END IF;"; //! don't replace in comment
} }
?> ?>
ELSE ELSE
SET @alter_table = CONCAT(@alter_table, ', DROP ', _column_name); SET @alter_table = CONCAT(@alter_table, ', DROP ', _column_name);
@@ -121,12 +121,12 @@ function dump_data($table, $style, $select = "") {
$insert = "INSERT INTO " . idf_escape($table) . " (" . implode(", ", array_map('idf_escape', array_keys($row))) . ") VALUES"; $insert = "INSERT INTO " . idf_escape($table) . " (" . implode(", ", array_map('idf_escape', array_keys($row))) . ") VALUES";
$row2 = array(); $row2 = array();
foreach ($row as $key => $val) { foreach ($row as $key => $val) {
$row2[$key] = (isset($val) ? "'" . $dbh->escape_string($val) . "'" : "NULL"); $row2[$key] = (isset($val) ? $dbh->quote($val) : "NULL");
} }
if ($style == "INSERT+UPDATE") { if ($style == "INSERT+UPDATE") {
$set = array(); $set = array();
foreach ($row as $key => $val) { foreach ($row as $key => $val) {
$set[] = idf_escape($key) . " = " . (isset($val) ? "'" . $dbh->escape_string($val) . "'" : "NULL"); $set[] = idf_escape($key) . " = " . (isset($val) ? $dbh->quote($val) : "NULL");
} }
echo "$insert (" . implode(", ", $row2) . ") ON DUPLICATE KEY UPDATE " . implode(", ", $set) . ";\n"; echo "$insert (" . implode(", ", $row2) . ") ON DUPLICATE KEY UPDATE " . implode(", ", $set) . ";\n";
} else { } else {

2
adminer/include/functions.inc.php
View File

@@ -67,7 +67,7 @@ function where($where) {
$return = array(); $return = array();
foreach ((array) $where["where"] as $key => $val) { foreach ((array) $where["where"] as $key => $val) {
$key = bracket_escape($key, "back"); $key = bracket_escape($key, "back");
$return[] = (preg_match('~^[A-Z0-9_]+\\(`(?:[^`]+|``)+`\\)$~', $key) ? $key : idf_escape($key)) . " = BINARY '" . $dbh->escape_string($val) . "'"; //! enum and set, columns looking like functions $return[] = (preg_match('~^[A-Z0-9_]+\\(`(?:[^`]+|``)+`\\)$~', $key) ? $key : idf_escape($key)) . " = BINARY " . $dbh->quote($val); //! enum and set, columns looking like functions
} }
foreach ((array) $where["null"] as $key) { foreach ((array) $where["null"] as $key) {
$key = bracket_escape($key, "back"); $key = bracket_escape($key, "back");

23
adminer/include/mysql.inc.php
View File

@@ -28,6 +28,10 @@ if (extension_loaded("mysqli")) {
return $row[$field]; return $row[$field];
} }
function quote($string) {
return "'" . parent::escape_string($string) . "'";
}
// minification compatibility start // minification compatibility start
function select_db($database) { function select_db($database) {
return parent::select_db($database); return parent::select_db($database);
@@ -51,10 +55,6 @@ if (extension_loaded("mysqli")) {
function next_result() { function next_result() {
return parent::next_result(); return parent::next_result();
} }
function escape_string($string) {
return parent::escape_string($string);
}
} }
class Min_Result { class Min_Result {
@@ -103,6 +103,10 @@ if (extension_loaded("mysqli")) {
return (bool) $this->_link; return (bool) $this->_link;
} }
function quote($string) {
return "'" . mysql_real_escape_string($string, $this->_link) . "'";
}
function select_db($database) { function select_db($database) {
return mysql_select_db($database, $this->_link); return mysql_select_db($database, $this->_link);
} }
@@ -138,10 +142,6 @@ if (extension_loaded("mysqli")) {
} }
return mysql_result($result->_result, 0, $field); return mysql_result($result->_result, 0, $field);
} }
function escape_string($string) {
return mysql_real_escape_string($string, $this->_link);
}
} }
class Min_Result { class Min_Result {
@@ -224,7 +224,7 @@ function get_databases() {
function table_status($table) { function table_status($table) {
global $dbh; global $dbh;
$result = $dbh->query("SHOW TABLE STATUS LIKE '" . $dbh->escape_string(addcslashes($table, "%_")) . "'"); $result = $dbh->query("SHOW TABLE STATUS LIKE " . $dbh->quote(addcslashes($table, "%_")));
$return = $result->fetch_assoc(); // ()-> is not supported in PHP 4 $return = $result->fetch_assoc(); // ()-> is not supported in PHP 4
$result->free(); $result->free();
return $return; return $return;
@@ -320,6 +320,11 @@ function collations() {
return $return; return $return;
} }
function escape_string($val) {
global $dbh;
return substr($dbh->quote($val), 1, -1);
}
function table_comment(&$row) { function table_comment(&$row) {
if ($row["Engine"] == "InnoDB") { if ($row["Engine"] == "InnoDB") {
// ignore internal comment, unnecessary since MySQL 5.1.21 // ignore internal comment, unnecessary since MySQL 5.1.21

4
adminer/include/pdo.inc.php
View File

@@ -55,8 +55,8 @@ if (extension_loaded('pdo')) {
return $row[$field]; return $row[$field];
} }
function escape_string($string) { function quote($string) {
return substr($this->quote($string), 1, -1); return parent::quote($string);
} }
} }

8
adminer/select.inc.php
View File

@@ -34,16 +34,16 @@ foreach ((array) $_GET["columns"] as $key => $val) {
$where = array(); // where expressions - will be joined by AND $where = array(); // where expressions - will be joined by AND
foreach ($indexes as $i => $index) { foreach ($indexes as $i => $index) {
if ($index["type"] == "FULLTEXT" && strlen($_GET["fulltext"][$i])) { if ($index["type"] == "FULLTEXT" && strlen($_GET["fulltext"][$i])) {
$where[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST ('" . $dbh->escape_string($_GET["fulltext"][$i]) . "'" . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")"; $where[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST (" . $dbh->quote($_GET["fulltext"][$i]) . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")";
} }
} }
foreach ((array) $_GET["where"] as $val) { foreach ((array) $_GET["where"] as $val) {
if (strlen("$val[col]$val[val]") && in_array($val["op"], $operators)) { if (strlen("$val[col]$val[val]") && in_array($val["op"], $operators)) {
if ($val["op"] == "AGAINST") { if ($val["op"] == "AGAINST") {
$where[] = "MATCH (" . idf_escape($val["col"]) . ") AGAINST ('" . $dbh->escape_string($val["val"]) . "' IN BOOLEAN MODE)"; $where[] = "MATCH (" . idf_escape($val["col"]) . ") AGAINST (" . $dbh->quote($val["val"]) . " IN BOOLEAN MODE)";
} else { } else {
$in = process_length($val["val"]); $in = process_length($val["val"]);
$cond = " $val[op]" . (ereg('NULL$', $val["op"]) ? "" : (ereg('IN$', $val["op"]) ? " (" . (strlen($in) ? $in : "NULL") . ")" : " '" . $dbh->escape_string($val["val"]) . "'")); //! this searches in numeric values too $cond = " $val[op]" . (ereg('NULL$', $val["op"]) ? "" : (ereg('IN$', $val["op"]) ? " (" . (strlen($in) ? $in : "NULL") . ")" : " " . $dbh->quote($val["val"]))); //! this searches in numeric values too
if (strlen($val["col"])) { if (strlen($val["col"])) {
$where[] = idf_escape($val["col"]) . $cond; $where[] = idf_escape($val["col"]) . $cond;
} else { } else {
@@ -133,7 +133,7 @@ if ($_POST && !$error) {
$cols = " (" . implode(", ", array_map('idf_escape', $matches2[1])) . ")"; $cols = " (" . implode(", ", array_map('idf_escape', $matches2[1])) . ")";
} else { } else {
foreach ($matches2[1] as $col) { foreach ($matches2[1] as $col) {
$row[] = (!strlen($col) ? "NULL" : "'" . $dbh->escape_string(str_replace('""', '"', preg_replace('~^".*"$~s', '', $col))) . "'"); $row[] = (!strlen($col) ? "NULL" : $dbh->quote(str_replace('""', '"', preg_replace('~^".*"$~s', '', $col))));
} }
$rows[] = "\n(" . implode(", ", $row) . ")"; $rows[] = "\n(" . implode(", ", $row) . ")";
} }

2
adminer/table.inc.php
View File

@@ -63,7 +63,7 @@ if ($result) {
if ($dbh->server_info >= 5) { if ($dbh->server_info >= 5) {
echo "<h3>" . lang('Triggers') . "</h3>\n"; echo "<h3>" . lang('Triggers') . "</h3>\n";
$result = $dbh->query("SHOW TRIGGERS LIKE '" . $dbh->escape_string(addcslashes($_GET["table"], "%_")) . "'"); $result = $dbh->query("SHOW TRIGGERS LIKE " . $dbh->quote(addcslashes($_GET["table"], "%_")));
if ($result->num_rows) { if ($result->num_rows) {
echo "<table cellspacing='0'>\n"; echo "<table cellspacing='0'>\n";
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {

2
adminer/trigger.inc.php
View File

@@ -19,7 +19,7 @@ $row = array("Trigger" => "$_GET[trigger]_bi");
if ($_POST) { if ($_POST) {
$row = $_POST; $row = $_POST;
} elseif (strlen($_GET["name"])) { } elseif (strlen($_GET["name"])) {
$result = $dbh->query("SHOW TRIGGERS WHERE `Trigger` = '" . $dbh->escape_string($_GET["name"]) . "'"); $result = $dbh->query("SHOW TRIGGERS WHERE `Trigger` = " . $dbh->quote($_GET["name"]));
$row = $result->fetch_assoc(); $row = $result->fetch_assoc();
$result->free(); $result->free();
} }

24
adminer/user.inc.php
View File

@@ -35,7 +35,7 @@ if ($_POST) {
} }
$grants = array(); $grants = array();
$old_pass = ""; $old_pass = "";
if (isset($_GET["host"]) && ($result = $dbh->query("SHOW GRANTS FOR '" . $dbh->escape_string($_GET["user"]) . "'@'" . $dbh->escape_string($_GET["host"]) . "'"))) { //! Use information_schema for MySQL 5 - column names in column privileges are not escaped if (isset($_GET["host"]) && ($result = $dbh->query("SHOW GRANTS FOR " . $dbh->quote($_GET["user"]) . "@" . $dbh->quote($_GET["host"])))) { //! Use information_schema for MySQL 5 - column names in column privileges are not escaped
while ($row = $result->fetch_row()) { while ($row = $result->fetch_row()) {
if (preg_match('~GRANT (.*) ON (.*) TO ~', $row[0], $match) && preg_match_all('~ *([^(,]*[^ ,(])( *\\([^)]+\\))?~', $match[1], $matches, PREG_SET_ORDER)) { //! escape the part between ON and TO if (preg_match('~GRANT (.*) ON (.*) TO ~', $row[0], $match) && preg_match_all('~ *([^(,]*[^ ,(])( *\\([^)]+\\))?~', $match[1], $matches, PREG_SET_ORDER)) { //! escape the part between ON and TO
foreach ($matches as $val) { foreach ($matches as $val) {
@@ -53,16 +53,16 @@ if (isset($_GET["host"]) && ($result = $dbh->query("SHOW GRANTS FOR '" . $dbh->e
} }
if ($_POST && !$error) { if ($_POST && !$error) {
$old_user = (isset($_GET["host"]) ? $dbh->escape_string($_GET["user"]) . "'@'" . $dbh->escape_string($_GET["host"]) : ""); $old_user = (isset($_GET["host"]) ? $dbh->quote($_GET["user"]) . "@" . $dbh->quote($_GET["host"]) : "''");
$new_user = $dbh->escape_string($_POST["user"]) . "'@'" . $dbh->escape_string($_POST["host"]); $new_user = $dbh->quote($_POST["user"]) . "@" . $dbh->quote($_POST["host"]);
$pass = $dbh->escape_string($_POST["pass"]); $pass = $dbh->quote($_POST["pass"]);
if ($_POST["drop"]) { if ($_POST["drop"]) {
query_redirect("DROP USER '$old_user'", $SELF . "privileges=", lang('User has been dropped.')); query_redirect("DROP USER $old_user", $SELF . "privileges=", lang('User has been dropped.'));
} else { } else {
if ($old_user == $new_user) { if ($old_user == $new_user) {
queries("SET PASSWORD FOR '$new_user' = " . ($_POST["hashed"] ? "'$pass'" : "PASSWORD('$pass')")); queries("SET PASSWORD FOR $new_user = " . ($_POST["hashed"] ? $pass : "PASSWORD($pass)"));
} else { } else {
$error = !queries(($dbh->server_info < 5 ? "GRANT USAGE ON *.* TO" : "CREATE USER") . " '$new_user' IDENTIFIED BY" . ($_POST["hashed"] ? " PASSWORD" : "") . " '$pass'"); $error = !queries(($dbh->server_info < 5 ? "GRANT USAGE ON *.* TO" : "CREATE USER") . " $new_user IDENTIFIED BY" . ($_POST["hashed"] ? " PASSWORD" : "") . " $pass");
} }
if (!$error) { if (!$error) {
$revoke = array(); $revoke = array();
@@ -81,8 +81,8 @@ if ($_POST && !$error) {
unset($grants[$object]); unset($grants[$object]);
} }
if (preg_match('~^(.+)\\s*(\\(.*\\))?$~U', $object, $match) && ( if (preg_match('~^(.+)\\s*(\\(.*\\))?$~U', $object, $match) && (
($grant && !queries("GRANT " . grant($grant, $match[2]) . " ON $match[1] TO '$new_user'")) //! SQL injection ($grant && !queries("GRANT " . grant($grant, $match[2]) . " ON $match[1] TO $new_user")) //! SQL injection
|| ($revoke && !queries("REVOKE " . grant($revoke, $match[2]) . " ON $match[1] FROM '$new_user'")) || ($revoke && !queries("REVOKE " . grant($revoke, $match[2]) . " ON $match[1] FROM $new_user"))
)) { )) {
$error = true; $error = true;
break; break;
@@ -91,18 +91,18 @@ if ($_POST && !$error) {
} }
if (!$error && isset($_GET["host"])) { if (!$error && isset($_GET["host"])) {
if ($old_user != $new_user) { if ($old_user != $new_user) {
queries("DROP USER '$old_user'"); queries("DROP USER $old_user");
} elseif (!isset($_GET["grant"])) { } elseif (!isset($_GET["grant"])) {
foreach ($grants as $object => $revoke) { foreach ($grants as $object => $revoke) {
if (preg_match('~^(.+)(\\(.*\\))?$~U', $object, $match)) { if (preg_match('~^(.+)(\\(.*\\))?$~U', $object, $match)) {
queries("REVOKE " . grant(array_keys($revoke), $match[2]) . " ON $match[1] FROM '$new_user'"); queries("REVOKE " . grant(array_keys($revoke), $match[2]) . " ON $match[1] FROM $new_user");
} }
} }
} }
} }
query_redirect(queries(), $SELF . "privileges=", (isset($_GET["host"]) ? lang('User has been altered.') : lang('User has been created.')), !$error, false, $error); query_redirect(queries(), $SELF . "privileges=", (isset($_GET["host"]) ? lang('User has been altered.') : lang('User has been created.')), !$error, false, $error);
if ($old_user != $new_user) { if ($old_user != $new_user) {
$dbh->query("DROP USER '$new_user'"); $dbh->query("DROP USER $new_user");
} }
} }
} }