mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-18 20:31:19 +02:00
Code Issues Releases Wiki Activity

Fix edit by long non-utf8 string (thanks Robert Vlach)

Browse Source
This commit is contained in:
Jakub Vrana
2014-06-26 14:36:47 +02:00
parent 8bd3dca2f7
commit 7e3f2d9b1d
4 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
adminer/include/adminer.inc.php
View File

@@ -443,8 +443,7 @@ username.form['auth[driver]'].onchange();
&& (!preg_match("~[\x80-\xFF]~", $val["val"]) || $is_text)
) {
$name = idf_escape($name);
$charset = charset($connection);
$cols[] = ($jush == "sql" && $is_text && !preg_match("~^$charset" . "_~", $field["collation"]) ? "CONVERT($name USING $charset)" : $name);
$cols[] = ($jush == "sql" && $is_text && !preg_match("~^utf8_~", $field["collation"]) ? "CONVERT($name USING " . charset($connection) . ")" : $name);
}
}
$return[] = ($cols ? "(" . implode("$cond OR ", $cols) . "$cond)" : "0");

16
adminer/include/functions.inc.php
View File

@@ -375,6 +375,17 @@ function unique_array($row, $indexes) {
}
}
/** Escape column key used in where()
* @param string
* @return string
*/
function escape_key($key) {
if (preg_match('(^([\w(]+)(' . str_replace("_", ".*", preg_quote(idf_escape("_"))) . ')([ \w)]+)$)', $key, $match)) { //! columns looking like functions
return $match[1] . idf_escape(idf_unescape($match[2])) . $match[3]; //! SQL injection
}
return idf_escape($key);
}
/** Create SQL condition from parsed query string
* @param array parsed query string
* @param array
@@ -383,10 +394,9 @@ function unique_array($row, $indexes) {
function where($where, $fields = array()) {
global $connection, $jush;
$return = array();
$function_pattern = '(^[\w\(]+(' . str_replace("_", ".*", preg_quote(idf_escape("_"))) . ')?\)+$)'; //! columns looking like functions
foreach ((array) $where["where"] as $key => $val) {
$key = bracket_escape($key, 1); // 1 - back
$column = (preg_match($function_pattern, $key) ? $key : idf_escape($key)); //! SQL injection
$column = escape_key($key);
$return[] = $column
. (($jush == "sql" && preg_match('~^[0-9]*\\.[0-9]*$~', $val)) || $jush == "mssql"
? " LIKE " . q(addcslashes($val, "%_\\"))
@@ -398,7 +408,7 @@ function where($where, $fields = array()) {
}
}
foreach ((array) $where["null"] as $key) {
$return[] = (preg_match($function_pattern, $key) ? $key : idf_escape($key)) . " IS NULL";
$return[] = escape_key($key) . " IS NULL";
}
return implode(" AND ", $return);
}