mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-29 17:19:52 +02:00
Code Issues Releases Wiki Activity

Cleanup the code for searching

Browse Source
This commit is contained in:
Peter Knut
2024-09-17 15:31:15 +02:00
parent 91d0d8538f
commit 7d5077e687
5 changed files with 66 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
adminer/drivers/mysql.inc.php
View File

@@ -316,8 +316,8 @@ if (!defined("DRIVER")) {
} }
} }
function convertSearch($idf, $val, $field) { function convertSearch($idf, array $where, array $field) {
return (preg_match('~char|text|enum|set~', $field["type"]) && !preg_match("~^utf8~", $field["collation"]) && preg_match('~[\x80-\xFF]~', $val['val']) return (preg_match('~char|text|enum|set~', $field["type"]) && !preg_match("~^utf8~", $field["collation"]) && preg_match('~[\x80-\xFF]~', $where['val'])
? "CONVERT($idf USING " . charset($this->_conn) . ")" ? "CONVERT($idf USING " . charset($this->_conn) . ")"
: $idf : $idf
); );

4
adminer/drivers/pgsql.inc.php
View File

@@ -212,9 +212,9 @@ if (isset($_GET["pgsql"])) {
return $query; return $query;
} }
function convertSearch($idf, $val, $field) { function convertSearch($idf, array $where, array $field) {
$textTypes = "char|text"; $textTypes = "char|text";
if (strpos($val["op"], "LIKE") === false) { if (strpos($where["op"], "LIKE") === false) {
$textTypes .= "|date|time(stamp)?|boolean|uuid|inet|cidr|macaddr|" . number_type(); $textTypes .= "|date|time(stamp)?|boolean|uuid|inet|cidr|macaddr|" . number_type();
} }

62
adminer/include/adminer.inc.php
View File

@@ -39,7 +39,7 @@ class Adminer {
function bruteForceKey() { function bruteForceKey() {
return $_SERVER["REMOTE_ADDR"]; return $_SERVER["REMOTE_ADDR"];
} }
/** Get server name displayed in breadcrumbs /** Get server name displayed in breadcrumbs
* @param string * @param string
* @return string HTML code or null * @return string HTML code or null
@@ -128,7 +128,7 @@ class Adminer {
echo "<p><input type='submit' value='" . lang('Login') . "'>\n"; echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n"; echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
} }
/** Get login form field /** Get login form field
* @param string * @param string
* @param string HTML * @param string HTML
@@ -488,7 +488,7 @@ class Adminer {
echo "</script>\n"; echo "</script>\n";
echo "</div></fieldset>\n"; echo "</div></fieldset>\n";
} }
/** Print command box in select /** Print command box in select
* @return bool whether to print default commands * @return bool whether to print default commands
*/ */
@@ -537,50 +537,60 @@ class Adminer {
* @return array expressions to join by AND * @return array expressions to join by AND
*/ */
function selectSearchProcess($fields, $indexes) { function selectSearchProcess($fields, $indexes) {
global $connection, $driver; global $driver;
$return = array();
$return = [];
foreach ($indexes as $i => $index) { foreach ($indexes as $i => $index) {
if ($index["type"] == "FULLTEXT" && $_GET["fulltext"][$i] != "") { if ($index["type"] == "FULLTEXT" && $_GET["fulltext"][$i] != "") {
$return[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST (" . q($_GET["fulltext"][$i]) . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")"; $return[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST (" . q($_GET["fulltext"][$i]) . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")";
} }
} }
foreach ((array) $_GET["where"] as $key => $val) {
if ("$val[col]$val[val]" != "" && in_array($val["op"], $this->operators)) { foreach ((array) $_GET["where"] as $where) {
$col = $where["col"];
$op = $where["op"];
$val = $where["val"];
if ("$col$val" != "" && in_array($op, $this->operators)) {
$prefix = ""; $prefix = "";
$cond = " $val[op]"; $cond = " $op";
if (preg_match('~IN$~', $val["op"])) {
$in = process_length($val["val"]); if (preg_match('~IN$~', $op)) {
$in = process_length($val);
$cond .= " " . ($in != "" ? $in : "(NULL)"); $cond .= " " . ($in != "" ? $in : "(NULL)");
} elseif ($val["op"] == "SQL") { } elseif ($op == "SQL") {
$cond = " $val[val]"; // SQL injection $cond = " $val"; // SQL injection
} elseif ($val["op"] == "LIKE %%") { } elseif ($op == "LIKE %%") {
$cond = " LIKE " . $this->processInput($fields[$val["col"]], "%$val[val]%"); $cond = " LIKE " . $this->processInput($fields[$col], "%$val%");
} elseif ($val["op"] == "ILIKE %%") { } elseif ($op == "ILIKE %%") {
$cond = " ILIKE " . $this->processInput($fields[$val["col"]], "%$val[val]%"); $cond = " ILIKE " . $this->processInput($fields[$col], "%$val%");
} elseif ($val["op"] == "FIND_IN_SET") { } elseif ($op == "FIND_IN_SET") {
$prefix = "$val[op](" . q($val["val"]) . ", "; $prefix = "$op(" . q($val) . ", ";
$cond = ")"; $cond = ")";
} elseif (!preg_match('~NULL$~', $val["op"])) { } elseif (!preg_match('~NULL$~', $op)) {
$cond .= " " . $this->processInput($fields[$val["col"]], $val["val"]); $cond .= " " . $this->processInput($fields[$col], $val);
} }
if ($val["col"] != "") {
$return[] = $prefix . $driver->convertSearch(idf_escape($val["col"]), $val, $fields[$val["col"]]) . $cond; if ($col != "") {
$return[] = $prefix . $driver->convertSearch(idf_escape($col), $where, $fields[$col]) . $cond;
} else { } else {
// find anywhere // find anywhere
$cols = array(); $cols = array();
foreach ($fields as $name => $field) { foreach ($fields as $name => $field) {
if (isset($field["privileges"]["where"]) if (isset($field["privileges"]["where"])
&& (preg_match('~^[-\d.' . (preg_match('~IN$~', $val["op"]) ? ',' : '') . ']+$~', $val["val"]) || !preg_match('~' . number_type() . '|bit~', $field["type"])) && (preg_match('~^[-\d.' . (preg_match('~IN$~', $op) ? ',' : '') . ']+$~', $val) || !preg_match('~' . number_type() . '|bit~', $field["type"]))
&& (!preg_match("~[\x80-\xFF]~", $val["val"]) || preg_match('~char|text|enum|set~', $field["type"])) && (!preg_match("~[\x80-\xFF]~", $val) || preg_match('~char|text|enum|set~', $field["type"]))
&& (!preg_match('~date|timestamp~', $field["type"]) || preg_match('~^\d+-\d+-\d+~', $val["val"])) && (!preg_match('~date|timestamp~', $field["type"]) || preg_match('~^\d+-\d+-\d+~', $val))
) { ) {
$cols[] = $prefix . $driver->convertSearch(idf_escape($name), $val, $field) . $cond; $cols[] = $prefix . $driver->convertSearch(idf_escape($name), $where, $field) . $cond;
} }
} }
$return[] = ($cols ? "(" . implode(" OR ", $cols) . ")" : "1 = 0"); $return[] = ($cols ? "(" . implode(" OR ", $cols) . ")" : "1 = 0");
} }
} }
} }
return $return; return $return;
} }

30
adminer/include/driver.inc.php
View File

@@ -13,14 +13,14 @@ function add_driver($id, $name) {
/*abstract*/ class Min_SQL { /*abstract*/ class Min_SQL {
var $_conn; var $_conn;
/** Create object for performing database operations /** Create object for performing database operations
* @param Min_DB * @param Min_DB
*/ */
function __construct($connection) { function __construct($connection) {
$this->_conn = $connection; $this->_conn = $connection;
} }
/** Select data from table /** Select data from table
* @param string * @param string
* @param array result of $adminer->selectColumnsProcess()[0] * @param array result of $adminer->selectColumnsProcess()[0]
@@ -52,7 +52,7 @@ function add_driver($id, $name) {
} }
return $return; return $return;
} }
/** Delete data from table /** Delete data from table
* @param string * @param string
* @param string " WHERE ..." * @param string " WHERE ..."
@@ -63,7 +63,7 @@ function add_driver($id, $name) {
$query = "FROM " . table($table); $query = "FROM " . table($table);
return queries("DELETE" . ($limit ? limit1($table, $query, $queryWhere) : " $query$queryWhere")); return queries("DELETE" . ($limit ? limit1($table, $query, $queryWhere) : " $query$queryWhere"));
} }
/** Update data in table /** Update data in table
* @param string * @param string
* @param array escaped columns in keys, quoted data in values * @param array escaped columns in keys, quoted data in values
@@ -80,7 +80,7 @@ function add_driver($id, $name) {
$query = table($table) . " SET$separator" . implode(",$separator", $values); $query = table($table) . " SET$separator" . implode(",$separator", $values);
return queries("UPDATE" . ($limit ? limit1($table, $query, $queryWhere, $separator) : " $query$queryWhere")); return queries("UPDATE" . ($limit ? limit1($table, $query, $queryWhere, $separator) : " $query$queryWhere"));
} }
/** Insert data into table /** Insert data into table
* @param string * @param string
* @param array escaped columns in keys, quoted data in values * @param array escaped columns in keys, quoted data in values
@@ -92,7 +92,7 @@ function add_driver($id, $name) {
: " DEFAULT VALUES" : " DEFAULT VALUES"
)); ));
} }
/** Insert or update data in table /** Insert or update data in table
* @param string * @param string
* @param array * @param array
@@ -102,28 +102,28 @@ function add_driver($id, $name) {
/*abstract*/ function insertUpdate($table, $rows, $primary) { /*abstract*/ function insertUpdate($table, $rows, $primary) {
return false; return false;
} }
/** Begin transaction /** Begin transaction
* @return bool * @return bool
*/ */
function begin() { function begin() {
return queries("BEGIN"); return queries("BEGIN");
} }
/** Commit transaction /** Commit transaction
* @return bool * @return bool
*/ */
function commit() { function commit() {
return queries("COMMIT"); return queries("COMMIT");
} }
/** Rollback transaction /** Rollback transaction
* @return bool * @return bool
*/ */
function rollback() { function rollback() {
return queries("ROLLBACK"); return queries("ROLLBACK");
} }
/** Return query with a timeout /** Return query with a timeout
* @param string * @param string
* @param int seconds * @param int seconds
@@ -131,14 +131,14 @@ function add_driver($id, $name) {
*/ */
function slowQuery($query, $timeout) { function slowQuery($query, $timeout) {
} }
/** Convert column to be searchable /** Convert column to be searchable
* @param string escaped column name * @param string escaped column name
* @param array array("op" => , "val" => ) * @param array array("op" => , "val" => )
* @param array * @param array
* @return string * @return string
*/ */
function convertSearch($idf, $val, $field) { function convertSearch($idf, array $where, array $field) {
return $idf; return $idf;
} }
@@ -169,19 +169,19 @@ function add_driver($id, $name) {
function quoteBinary($s) { function quoteBinary($s) {
return q($s); return q($s);
} }
/** Get warnings about the last command /** Get warnings about the last command
* @return string HTML * @return string HTML
*/ */
function warnings() { function warnings() {
return ''; return '';
} }
/** Get help link for table /** Get help link for table
* @param string * @param string
* @return string relative URL or null * @return string relative URL or null
*/ */
function tableHelp($name) { function tableHelp($name) {
} }
} }

13
editor/include/adminer.inc.php
View File

@@ -23,7 +23,7 @@ class Adminer {
function bruteForceKey() { function bruteForceKey() {
return $_SERVER["REMOTE_ADDR"]; return $_SERVER["REMOTE_ADDR"];
} }
function serverName($server) { function serverName($server) {
} }
@@ -342,35 +342,44 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
function selectSearchProcess($fields, $indexes) { function selectSearchProcess($fields, $indexes) {
global $driver; global $driver;
$return = array();
$return = [];
foreach ((array) $_GET["where"] as $key => $where) { foreach ((array) $_GET["where"] as $key => $where) {
$col = $where["col"]; $col = $where["col"];
$op = $where["op"]; $op = $where["op"];
$val = $where["val"]; $val = $where["val"];
if (($key < 0 ? "" : $col) . $val != "") { if (($key < 0 ? "" : $col) . $val != "") {
$conds = array(); $conds = array();
foreach (($col != "" ? array($col => $fields[$col]) : $fields) as $name => $field) { foreach (($col != "" ? array($col => $fields[$col]) : $fields) as $name => $field) {
if ($col != "" || is_numeric($val) || !preg_match(number_type(), $field["type"])) { if ($col != "" || is_numeric($val) || !preg_match(number_type(), $field["type"])) {
$name = idf_escape($name); $name = idf_escape($name);
if ($col != "" && $field["type"] == "enum") { if ($col != "" && $field["type"] == "enum") {
$conds[] = (in_array(0, $val) ? "$name IS NULL OR " : "") . "$name IN (" . implode(", ", array_map('intval', $val)) . ")"; $conds[] = (in_array(0, $val) ? "$name IS NULL OR " : "") . "$name IN (" . implode(", ", array_map('intval', $val)) . ")";
} else { } else {
$text_type = preg_match('~char|text|enum|set~', $field["type"]); $text_type = preg_match('~char|text|enum|set~', $field["type"]);
$value = $this->processInput($field, (!$op && $text_type && preg_match('~^[^%]+$~', $val) ? "%$val%" : $val)); $value = $this->processInput($field, (!$op && $text_type && preg_match('~^[^%]+$~', $val) ? "%$val%" : $val));
$conds[] = $driver->convertSearch($name, $val, $field) . ($value == "NULL" ? " IS" . ($op == ">=" ? " NOT" : "") . " $value" $conds[] = $driver->convertSearch($name, $val, $field) . ($value == "NULL" ? " IS" . ($op == ">=" ? " NOT" : "") . " $value"
: (in_array($op, $this->operators) || $op == "=" ? " $op $value" : (in_array($op, $this->operators) || $op == "=" ? " $op $value"
: ($text_type ? " LIKE $value" : ($text_type ? " LIKE $value"
: " IN (" . str_replace(",", "', '", $value) . ")" : " IN (" . str_replace(",", "', '", $value) . ")"
))); )));
if ($key < 0 && $val == "0") { if ($key < 0 && $val == "0") {
$conds[] = "$name IS NULL"; $conds[] = "$name IS NULL";
} }
} }
} }
} }
$return[] = ($conds ? "(" . implode(" OR ", $conds) . ")" : "1 = 0"); $return[] = ($conds ? "(" . implode(" OR ", $conds) . ")" : "1 = 0");
} }
} }
return $return; return $return;
} }