From 8bce359fae55a753fb4b8b70e4e0f7109c6180e5 Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Tue, 8 Apr 2025 20:35:32 +0200 Subject: [PATCH] Fix search anywhere (fix #1004, regression from 5.1.1) --- CHANGELOG.md | 1 + adminer/include/adminer.inc.php | 64 ++++++++++++++++----------------- 2 files changed, 32 insertions(+), 33 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 24d5ccc0..d9ad0f8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,5 @@ ## Adminer dev +- Fix search anywhere (bug #1004, regression from 5.1.1) ## Adminer 5.2.0 (released 2025-04-08) - Autocomplete SQL commands diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php index ff856830..6bc8714e 100644 --- a/adminer/include/adminer.inc.php +++ b/adminer/include/adminer.inc.php @@ -538,41 +538,39 @@ class Adminer { } } foreach ((array) $_GET["where"] as $key => $val) { - if ("$val[col]$val[val]" != "" && in_array($val["op"], adminer()->operators())) { - $prefix = ""; - $cond = " $val[op]"; - if (preg_match('~IN$~', $val["op"])) { - $in = process_length($val["val"]); - $cond .= " " . ($in != "" ? $in : "(NULL)"); - } elseif ($val["op"] == "SQL") { - $cond = " $val[val]"; // SQL injection - } elseif ($val["op"] == "LIKE %%") { - $cond = " LIKE " . adminer()->processInput(idx($fields, $val["col"], array()), "%$val[val]%"); // this is used by search anywhere which doesn't set $val["col"] - } elseif ($val["op"] == "ILIKE %%") { - $cond = " ILIKE " . adminer()->processInput($fields[$val["col"]], "%$val[val]%"); - } elseif ($val["op"] == "FIND_IN_SET") { - $prefix = "$val[op](" . q($val["val"]) . ", "; - $cond = ")"; - } elseif (!preg_match('~NULL$~', $val["op"])) { - $cond .= " " . adminer()->processInput($fields[$val["col"]], $val["val"]); - } - if ($val["col"] != "") { - $return[] = $prefix . driver()->convertSearch(idf_escape($val["col"]), $val, $fields[$val["col"]]) . $cond; - } else { - // find anywhere - $cols = array(); - foreach ($fields as $name => $field) { - if ( - isset($field["privileges"]["where"]) - && (preg_match('~^[-\d.' . (preg_match('~IN$~', $val["op"]) ? ',' : '') . ']+$~', $val["val"]) || !preg_match('~' . number_type() . '|bit~', $field["type"])) - && (!preg_match("~[\x80-\xFF]~", $val["val"]) || preg_match('~char|text|enum|set~', $field["type"])) - && (!preg_match('~date|timestamp~', $field["type"]) || preg_match('~^\d+-\d+-\d+~', $val["val"])) - ) { - $cols[] = $prefix . driver()->convertSearch(idf_escape($name), $val, $field) . $cond; - } + $col = $val["col"]; + if ("$col$val[val]" != "" && in_array($val["op"], adminer()->operators())) { + $conds = array(); + foreach (($col != "" ? array($col => $fields[$col]) : $fields) as $name => $field) { + $prefix = ""; + $cond = " $val[op]"; + if (preg_match('~IN$~', $val["op"])) { + $in = process_length($val["val"]); + $cond .= " " . ($in != "" ? $in : "(NULL)"); + } elseif ($val["op"] == "SQL") { + $cond = " $val[val]"; // SQL injection + } elseif (preg_match('~^(I?LIKE) %%$~', $val["op"], $match)) { + $cond = " $match[1] " . adminer()->processInput($field, "%$val[val]%"); + } elseif ($val["op"] == "FIND_IN_SET") { + $prefix = "$val[op](" . q($val["val"]) . ", "; + $cond = ")"; + } elseif (!preg_match('~NULL$~', $val["op"])) { + $cond .= " " . adminer()->processInput($field, $val["val"]); + } + if ($col != "" || ( // find anywhere + isset($field["privileges"]["where"]) + && (preg_match('~^[-\d.' . (preg_match('~IN$~', $val["op"]) ? ',' : '') . ']+$~', $val["val"]) || !preg_match('~' . number_type() . '|bit~', $field["type"])) + && (!preg_match("~[\x80-\xFF]~", $val["val"]) || preg_match('~char|text|enum|set~', $field["type"])) + && (!preg_match('~date|timestamp~', $field["type"]) || preg_match('~^\d+-\d+-\d+~', $val["val"])) + )) { + $conds[] = $prefix . driver()->convertSearch(idf_escape($name), $val, $field) . $cond; } - $return[] = ($cols ? "(" . implode(" OR ", $cols) . ")" : "1 = 0"); } + $return[] = + (count($conds) == 1 ? $conds[0] : + ($conds ? "(" . implode(" OR ", $conds) . ")" : + "1 = 0" + )); } } return $return;