From e287642e26cb529977c9b7d9baaba359991cb1f2 Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Fri, 26 Apr 2013 12:04:28 -0700 Subject: [PATCH] Rename empty select operator to SQL --- adminer/drivers/mysql.inc.php | 2 +- adminer/drivers/oracle.inc.php | 2 +- adminer/drivers/pgsql.inc.php | 2 +- adminer/drivers/sqlite.inc.php | 2 +- adminer/include/adminer.inc.php | 4 ++-- adminer/include/pdo.inc.php | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/adminer/drivers/mysql.inc.php b/adminer/drivers/mysql.inc.php index c39e8668..493eee4d 100644 --- a/adminer/drivers/mysql.inc.php +++ b/adminer/drivers/mysql.inc.php @@ -1004,7 +1004,7 @@ if (!defined("DRIVER")) { $structured_types[$key] = array_keys($val); } $unsigned = array("unsigned", "zerofill", "unsigned zerofill"); ///< @var array number variants - $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "REGEXP", "IN", "IS NULL", "NOT LIKE", "NOT REGEXP", "NOT IN", "IS NOT NULL", ""); ///< @var array operators used in select + $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "REGEXP", "IN", "IS NULL", "NOT LIKE", "NOT REGEXP", "NOT IN", "IS NOT NULL", "SQL"); ///< @var array operators used in select $functions = array("char_length", "date", "from_unixtime", "lower", "round", "sec_to_time", "time_to_sec", "upper"); ///< @var array functions used in select $grouping = array("avg", "count", "count distinct", "group_concat", "max", "min", "sum"); ///< @var array grouping functions used in select $edit_functions = array( ///< @var array of array("$type|$type2" => "$function/$function2") functions used in editing, [0] - edit and insert, [1] - edit only diff --git a/adminer/drivers/oracle.inc.php b/adminer/drivers/oracle.inc.php index 85f0089c..ecfdfae9 100644 --- a/adminer/drivers/oracle.inc.php +++ b/adminer/drivers/oracle.inc.php @@ -386,7 +386,7 @@ ORDER BY PROCESS $structured_types[$key] = array_keys($val); } $unsigned = array(); - $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT REGEXP", "NOT IN", "IS NOT NULL", ""); + $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT REGEXP", "NOT IN", "IS NOT NULL", "SQL"); $functions = array("length", "lower", "round", "upper"); $grouping = array("avg", "count", "count distinct", "max", "min", "sum"); $edit_functions = array( diff --git a/adminer/drivers/pgsql.inc.php b/adminer/drivers/pgsql.inc.php index 150c6470..e123311d 100644 --- a/adminer/drivers/pgsql.inc.php +++ b/adminer/drivers/pgsql.inc.php @@ -607,7 +607,7 @@ AND typelem = 0" $structured_types[$key] = array_keys($val); } $unsigned = array(); - $operators = array("=", "<", ">", "<=", ">=", "!=", "~", "!~", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL"); // no "" to avoid SQL injection + $operators = array("=", "<", ">", "<=", ">=", "!=", "~", "!~", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL"); // no "SQL" to avoid SQL injection $functions = array("char_length", "lower", "round", "to_hex", "to_timestamp", "upper"); $grouping = array("avg", "count", "count distinct", "max", "min", "sum"); $edit_functions = array( diff --git a/adminer/drivers/sqlite.inc.php b/adminer/drivers/sqlite.inc.php index f6ac0e1e..b99bc2f7 100644 --- a/adminer/drivers/sqlite.inc.php +++ b/adminer/drivers/sqlite.inc.php @@ -674,7 +674,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) { $types = array("integer" => 0, "real" => 0, "numeric" => 0, "text" => 0, "blob" => 0); $structured_types = array_keys($types); $unsigned = array(); - $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL", ""); // REGEXP can be user defined function + $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL", "SQL"); // REGEXP can be user defined function $functions = array("hex", "length", "lower", "round", "unixepoch", "upper"); $grouping = array("avg", "count", "count distinct", "group_concat", "max", "min", "sum"); $edit_functions = array( diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php index afc2b049..83a7aa92 100644 --- a/adminer/include/adminer.inc.php +++ b/adminer/include/adminer.inc.php @@ -400,8 +400,8 @@ username.form['auth[driver]'].onchange(); if (ereg('IN$', $val["op"])) { $in = process_length($val["val"]); $cond .= " (" . ($in != "" ? $in : "NULL") . ")"; - } elseif (!$val["op"]) { - $cond .= $val["val"]; // SQL injection + } elseif ($val["op"] == "SQL") { + $cond = " $val[val]"; // SQL injection } elseif ($val["op"] == "LIKE %%") { $cond = " LIKE " . $this->processInput($fields[$val["col"]], "%$val[val]%"); } elseif (!ereg('NULL$', $val["op"])) { diff --git a/adminer/include/pdo.inc.php b/adminer/include/pdo.inc.php index 47d26a36..ee2e8396 100644 --- a/adminer/include/pdo.inc.php +++ b/adminer/include/pdo.inc.php @@ -6,7 +6,7 @@ if (extension_loaded('pdo')) { function __construct() { global $adminer; - $pos = array_search("", $adminer->operators); + $pos = array_search("SQL", $adminer->operators); if ($pos !== false) { unset($adminer->operators[$pos]); }