mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-12 17:44:07 +02:00
Code Issues Releases Wiki Activity

Check collation

Browse Source
This commit is contained in:
Jakub Vrana
2010-10-17 18:45:05 +02:00
parent 53d7f0306d
commit 44ae8c8766
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adminer/database.inc.php
View File

@@ -28,7 +28,7 @@ if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP c
if (!$_POST["collation"]) { if (!$_POST["collation"]) {
redirect(substr(ME, 0, -1)); redirect(substr(ME, 0, -1));
} }
query_redirect("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE $_POST[collation]", substr(ME, 0, -1), lang('Database has been altered.')); //! SQL injection - quotes are not allowed in MS SQL 2005 query_redirect("ALTER DATABASE " . idf_escape($_POST["name"]) . (eregi('^[a-z0-9_]+$', $_POST["collation"]) ? " COLLATE $_POST[collation]" : ""), substr(ME, 0, -1), lang('Database has been altered.')); //! SQL injection - quotes are not allowed in MS SQL 2005
} }
} }

4
adminer/drivers/mssql.inc.php
View File

@@ -383,7 +383,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table)
} }
function create_database($db, $collation) { function create_database($db, $collation) {
return queries("CREATE DATABASE " . idf_escape($db) . ($collation ? " COLLATE $collation" : "")); return queries("CREATE DATABASE " . idf_escape($db) . (eregi('^[a-z0-9_]+$', $collation) ? " COLLATE $collation" : ""));
} }
function drop_databases($databases) { function drop_databases($databases) {
@@ -391,7 +391,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table)
} }
function rename_database($name, $collation) { function rename_database($name, $collation) {
if ($collation) { if (eregi('^[a-z0-9_]+$', $collation)) {
queries("ALTER DATABASE " . idf_escape(DB) . " COLLATE $collation"); queries("ALTER DATABASE " . idf_escape(DB) . " COLLATE $collation");
} }
queries("ALTER DATABASE " . idf_escape(DB) . " MODIFY NAME = " . idf_escape($name)); queries("ALTER DATABASE " . idf_escape(DB) . " MODIFY NAME = " . idf_escape($name));