mirror of
https://github.com/vrana/adminer.git
synced 2025-08-29 17:19:52 +02:00
Merge branch 'editor-search-fix'
This commit is contained in:
Peter Knut
@@ -316,8 +316,8 @@ if (!defined("DRIVER")) {
|
||||
}
|
||||
}
|
||||
|
||||
function convertSearch($idf, $val, $field) {
|
||||
return (preg_match('~char|text|enum|set~', $field["type"]) && !preg_match("~^utf8~", $field["collation"]) && preg_match('~[\x80-\xFF]~', $val['val'])
|
||||
function convertSearch($idf, array $where, array $field) {
|
||||
return (preg_match('~char|text|enum|set~', $field["type"]) && !preg_match("~^utf8~", $field["collation"]) && preg_match('~[\x80-\xFF]~', $where['val'])
|
||||
? "CONVERT($idf USING " . charset($this->_conn) . ")"
|
||||
: $idf
|
||||
);
|
||||
|
||||
@@ -212,9 +212,9 @@ if (isset($_GET["pgsql"])) {
|
||||
return $query;
|
||||
}
|
||||
|
||||
function convertSearch($idf, $val, $field) {
|
||||
function convertSearch($idf, array $where, array $field) {
|
||||
$textTypes = "char|text";
|
||||
if (strpos($val["op"], "LIKE") === false) {
|
||||
if (strpos($where["op"], "LIKE") === false) {
|
||||
$textTypes .= "|date|time(stamp)?|boolean|uuid|inet|cidr|macaddr|" . number_type();
|
||||
}
|
||||
|
||||
|
||||
@@ -537,50 +537,60 @@ class Adminer {
|
||||
* @return array expressions to join by AND
|
||||
*/
|
||||
function selectSearchProcess($fields, $indexes) {
|
||||
global $connection, $driver;
|
||||
$return = array();
|
||||
global $driver;
|
||||
|
||||
$return = [];
|
||||
|
||||
foreach ($indexes as $i => $index) {
|
||||
if ($index["type"] == "FULLTEXT" && $_GET["fulltext"][$i] != "") {
|
||||
$return[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST (" . q($_GET["fulltext"][$i]) . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")";
|
||||
}
|
||||
}
|
||||
foreach ((array) $_GET["where"] as $key => $val) {
|
||||
if ("$val[col]$val[val]" != "" && in_array($val["op"], $this->operators)) {
|
||||
|
||||
foreach ((array) $_GET["where"] as $where) {
|
||||
$col = $where["col"];
|
||||
$op = $where["op"];
|
||||
$val = $where["val"];
|
||||
|
||||
if ("$col$val" != "" && in_array($op, $this->operators)) {
|
||||
$prefix = "";
|
||||
$cond = " $val[op]";
|
||||
if (preg_match('~IN$~', $val["op"])) {
|
||||
$in = process_length($val["val"]);
|
||||
$cond = " $op";
|
||||
|
||||
if (preg_match('~IN$~', $op)) {
|
||||
$in = process_length($val);
|
||||
$cond .= " " . ($in != "" ? $in : "(NULL)");
|
||||
} elseif ($val["op"] == "SQL") {
|
||||
$cond = " $val[val]"; // SQL injection
|
||||
} elseif ($val["op"] == "LIKE %%") {
|
||||
$cond = " LIKE " . $this->processInput($fields[$val["col"]], "%$val[val]%");
|
||||
} elseif ($val["op"] == "ILIKE %%") {
|
||||
$cond = " ILIKE " . $this->processInput($fields[$val["col"]], "%$val[val]%");
|
||||
} elseif ($val["op"] == "FIND_IN_SET") {
|
||||
$prefix = "$val[op](" . q($val["val"]) . ", ";
|
||||
} elseif ($op == "SQL") {
|
||||
$cond = " $val"; // SQL injection
|
||||
} elseif ($op == "LIKE %%") {
|
||||
$cond = " LIKE " . $this->processInput($fields[$col], "%$val%");
|
||||
} elseif ($op == "ILIKE %%") {
|
||||
$cond = " ILIKE " . $this->processInput($fields[$col], "%$val%");
|
||||
} elseif ($op == "FIND_IN_SET") {
|
||||
$prefix = "$op(" . q($val) . ", ";
|
||||
$cond = ")";
|
||||
} elseif (!preg_match('~NULL$~', $val["op"])) {
|
||||
$cond .= " " . $this->processInput($fields[$val["col"]], $val["val"]);
|
||||
} elseif (!preg_match('~NULL$~', $op)) {
|
||||
$cond .= " " . $this->processInput($fields[$col], $val);
|
||||
}
|
||||
if ($val["col"] != "") {
|
||||
$return[] = $prefix . $driver->convertSearch(idf_escape($val["col"]), $val, $fields[$val["col"]]) . $cond;
|
||||
|
||||
if ($col != "") {
|
||||
$return[] = $prefix . $driver->convertSearch(idf_escape($col), $where, $fields[$col]) . $cond;
|
||||
} else {
|
||||
// find anywhere
|
||||
$cols = array();
|
||||
foreach ($fields as $name => $field) {
|
||||
if (isset($field["privileges"]["where"])
|
||||
&& (preg_match('~^[-\d.' . (preg_match('~IN$~', $val["op"]) ? ',' : '') . ']+$~', $val["val"]) || !preg_match('~' . number_type() . '|bit~', $field["type"]))
|
||||
&& (!preg_match("~[\x80-\xFF]~", $val["val"]) || preg_match('~char|text|enum|set~', $field["type"]))
|
||||
&& (!preg_match('~date|timestamp~', $field["type"]) || preg_match('~^\d+-\d+-\d+~', $val["val"]))
|
||||
&& (preg_match('~^[-\d.' . (preg_match('~IN$~', $op) ? ',' : '') . ']+$~', $val) || !preg_match('~' . number_type() . '|bit~', $field["type"]))
|
||||
&& (!preg_match("~[\x80-\xFF]~", $val) || preg_match('~char|text|enum|set~', $field["type"]))
|
||||
&& (!preg_match('~date|timestamp~', $field["type"]) || preg_match('~^\d+-\d+-\d+~', $val))
|
||||
) {
|
||||
$cols[] = $prefix . $driver->convertSearch(idf_escape($name), $val, $field) . $cond;
|
||||
$cols[] = $prefix . $driver->convertSearch(idf_escape($name), $where, $field) . $cond;
|
||||
}
|
||||
}
|
||||
$return[] = ($cols ? "(" . implode(" OR ", $cols) . ")" : "1 = 0");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $return;
|
||||
}
|
||||
|
||||
|
||||
@@ -138,7 +138,7 @@ function add_driver($id, $name) {
|
||||
* @param array
|
||||
* @return string
|
||||
*/
|
||||
function convertSearch($idf, $val, $field) {
|
||||
function convertSearch($idf, array $where, array $field) {
|
||||
return $idf;
|
||||
}
|
||||
|
||||
|
||||
@@ -342,35 +342,44 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
|
||||
|
||||
function selectSearchProcess($fields, $indexes) {
|
||||
global $driver;
|
||||
$return = array();
|
||||
|
||||
$return = [];
|
||||
|
||||
foreach ((array) $_GET["where"] as $key => $where) {
|
||||
$col = $where["col"];
|
||||
$op = $where["op"];
|
||||
$val = $where["val"];
|
||||
|
||||
if (($key < 0 ? "" : $col) . $val != "") {
|
||||
$conds = array();
|
||||
|
||||
foreach (($col != "" ? array($col => $fields[$col]) : $fields) as $name => $field) {
|
||||
if ($col != "" || is_numeric($val) || !preg_match(number_type(), $field["type"])) {
|
||||
$name = idf_escape($name);
|
||||
|
||||
if ($col != "" && $field["type"] == "enum") {
|
||||
$conds[] = (in_array(0, $val) ? "$name IS NULL OR " : "") . "$name IN (" . implode(", ", array_map('intval', $val)) . ")";
|
||||
} else {
|
||||
$text_type = preg_match('~char|text|enum|set~', $field["type"]);
|
||||
$value = $this->processInput($field, (!$op && $text_type && preg_match('~^[^%]+$~', $val) ? "%$val%" : $val));
|
||||
$conds[] = $driver->convertSearch($name, $val, $field) . ($value == "NULL" ? " IS" . ($op == ">=" ? " NOT" : "") . " $value"
|
||||
|
||||
$conds[] = $driver->convertSearch($name, $where, $field) . ($value == "NULL" ? " IS" . ($op == ">=" ? " NOT" : "") . " $value"
|
||||
: (in_array($op, $this->operators) || $op == "=" ? " $op $value"
|
||||
: ($text_type ? " LIKE $value"
|
||||
: " IN (" . str_replace(",", "', '", $value) . ")"
|
||||
)));
|
||||
|
||||
if ($key < 0 && $val == "0") {
|
||||
$conds[] = "$name IS NULL";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$return[] = ($conds ? "(" . implode(" OR ", $conds) . ")" : "1 = 0");
|
||||
}
|
||||
}
|
||||
|
||||
return $return;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user