Release

Typo
Reorganize functions
2025-09-03 03:13:00 +02:00 · 2011-07-27 10:16:57 +02:00 · 2011-07-27 09:08:53 +02:00 · 2011-07-27 09:04:43 +02:00 · 2011-07-27 08:58:07 +02:00 · 2011-07-27 08:01:51 +02:00
16 changed files with 189 additions and 88 deletions
--- a/.gitmodules
+++ b/.gitmodules
@@ -13,3 +13,6 @@
 [submodule "jquery-timepicker"]
 	path = externals/jquery-timepicker
 	url = git://github.com/trentrichardson/jQuery-Timepicker-Addon.git
+[submodule "wymeditor"]
+	path = externals/wymeditor
+	url = git://github.com/wymeditor/wymeditor.git
--- a/adminer/drivers/mysql.inc.php
+++ b/adminer/drivers/mysql.inc.php
@@ -902,6 +902,13 @@ if (!defined("DRIVER")) {
 		return get_key_vals("SHOW VARIABLES");
 	}
 	
+	/** Get process list
+	* @return array ($row)
+	*/
+	function process_list() {
+		return get_rows("SHOW FULL PROCESSLIST");
+	}
+	
 	/** Get status variables
 	* @return array ($name => $value)
 	*/
@@ -910,7 +917,7 @@ if (!defined("DRIVER")) {
 	}
 	
 	/** Check whether a feature is supported
-	* @param string "comment", "copy", "drop_col", "dump", "event", "partitioning", "privileges", "procedure", "processlist", "routine", "scheme", "sequence", "status", "trigger", "type", "variables", "view"
+	* @param string "comment", "copy", "drop_col", "dump", "event", "kill", "partitioning", "privileges", "procedure", "processlist", "routine", "scheme", "sequence", "status", "trigger", "type", "variables", "view"
 	* @return bool
 	*/
 	function support($feature) {
--- a/adminer/drivers/pgsql.inc.php
+++ b/adminer/drivers/pgsql.inc.php
@@ -17,10 +17,12 @@ if (isset($_GET["pgsql"])) {
 			}
 			
 			function connect($server, $username, $password) {
+				global $adminer;
+				$db = $adminer->database();
 				set_error_handler(array($this, '_error'));
 				$this->_string = "host='" . str_replace(":", "' port='", addcslashes($server, "'\\")) . "' user='" . addcslashes($username, "'\\") . "' password='" . addcslashes($password, "'\\") . "'";
-				$this->_link = @pg_connect($this->_string . (DB != "" ? " dbname='" . addcslashes(DB, "'\\") . "'" : " dbname='template1'"), PGSQL_CONNECT_FORCE_NEW);
-				if (!$this->_link && DB != "") {
+				$this->_link = @pg_connect($this->_string . ($db != "" ? " dbname='" . addcslashes($db, "'\\") . "'" : " dbname='template1'"), PGSQL_CONNECT_FORCE_NEW);
+				if (!$this->_link && $db != "") {
 					// try to connect directly with database for performance
 					$this->_database = false;
 					$this->_link = @pg_connect("$this->_string dbname='template1'", PGSQL_CONNECT_FORCE_NEW);
@@ -39,7 +41,8 @@ if (isset($_GET["pgsql"])) {
 			}
 			
 			function select_db($database) {
-				if ($database == DB) {
+				global $adminer;
+				if ($database == $adminer->database()) {
 					return $this->_database;
 				}
 				$return = @pg_connect("$this->_string dbname='" . addcslashes($database, "'\\") . "'", PGSQL_CONNECT_FORCE_NEW);
@@ -126,14 +129,17 @@ if (isset($_GET["pgsql"])) {
 			var $extension = "PDO_PgSQL";
 			
 			function connect($server, $username, $password) {
+				global $adminer;
+				$db = $adminer->database();
 				$string = "pgsql:host='" . str_replace(":", "' port='", addcslashes($server, "'\\")) . "' options='-c client_encoding=utf8'";
-				$this->dsn($string . (DB != "" ? " dbname='" . addcslashes(DB, "'\\") . "'" : ""), $username, $password);
+				$this->dsn($string . ($db != "" ? " dbname='" . addcslashes($db, "'\\") . "'" : ""), $username, $password);
 				//! connect without DB in case of an error
 				return true;
 			}
 			
 			function select_db($database) {
-				return (DB == $database);
+				global $adminer;
+				return ($adminer->database() == $database);
 			}
 			
 			function close() {
@@ -235,6 +241,9 @@ ORDER BY a.attnum"
 			$row["null"] = ($row["attnotnull"] == "f");
 			$row["auto_increment"] = eregi("^nextval\\(", $row["default"]);
 			$row["privileges"] = array("insert" => 1, "select" => 1, "update" => 1);
+			if (preg_match('~^(.*)::.+$~', $row["default"], $match)) {
+				$row["default"] = ($match[1][0] == "'" ? idf_unescape($match[1]) : $match[1]);
+			}
 			$return[$row["field"]] = $row;
 		}
 		return $return;
@@ -539,12 +548,16 @@ AND typelem = 0"
 	function show_variables() {
 		return get_key_vals("SHOW ALL");
 	}
+
+	function process_list() {
+		return get_rows("SELECT * FROM pg_stat_activity ORDER BY procpid");
+	}
 	
 	function show_status() {
 	}
 	
 	function support($feature) {
-		return ereg('^(comment|view|scheme|sequence|trigger|type|variables|drop_col)$', $feature); //! routine|
+		return ereg('^(comment|view|scheme|processlist|sequence|trigger|type|variables|drop_col)$', $feature); //! routine|
 	}
 	
 	$jush = "pgsql";
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -798,7 +798,6 @@ DROP PROCEDURE adminer_alter;
 						foreach (array("bac", "bra", "sqlite_quo", "mssql_bra") as $val) {
 							echo "jushLinks.$val = jushLinks.$jush;\n";
 						}
-						echo "var cmComplete = [ '" . implode("', '", array_map('js_escape', array_keys($tables))) . "' ];\n";
 						echo "</script>\n";
 					}
 				}
--- a/adminer/include/bootstrap.inc.php
+++ b/adminer/include/bootstrap.inc.php
@@ -4,8 +4,8 @@ error_reporting(6135); // errors and warnings
 include "../adminer/include/coverage.inc.php";

 // disable filter.default
-$filter = (!ereg('^(unsafe_raw)?$', ini_get("filter.default")) || ini_get("filter.default_flags"));
-if ($filter) {
+$filter = (!ereg('^(unsafe_raw)?$', ini_get("filter.default")));
+if ($filter || ini_get("filter.default_flags")) {
 	foreach (array('_GET', '_POST', '_COOKIE', '_SERVER') as $val) {
 		$unsafe = filter_input_array(constant("INPUT$val"), FILTER_UNSAFE_RAW);
 		if ($unsafe) {
@@ -39,7 +39,7 @@ if (!defined("SID")) {
 }

 // disable magic quotes to be able to use database escaping function
-remove_slashes(array(&$_GET, &$_POST, &$_COOKIE));
+remove_slashes(array(&$_GET, &$_POST, &$_COOKIE), $filter);
 if (function_exists("set_magic_quotes_runtime")) { // removed in PHP 6
 	set_magic_quotes_runtime(false);
 }
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@@ -38,7 +38,7 @@ var areYouSure = '<?php echo lang('Resend POST data?'); ?>';
 <?php } ?>
 <?php } ?>

-<body class="<?php echo lang('ltr'); ?> nojs"<?php echo ($_POST ? "" : " onclick=\"return bodyClick(event, '" . js_escape(DB) . "', '" . js_escape($_GET["ns"]) . "');\""); // avoid re-post confirmation after refreshing the next page in Google Chrome ?> onkeydown="bodyKeydown(event);" onload="bodyLoad('<?php echo (is_object($connection) ? substr($connection->server_info, 0, 3) : ""); ?>');<?php echo (isset($_COOKIE["adminer_version"]) ? "" : " verifyVersion();"); ?>">
+<body class="<?php echo lang('ltr'); ?> nojs"<?php echo ($_POST ? "" : " onclick=\"return bodyClick(event, '" . h(js_escape(DB) . "', '" . js_escape($_GET["ns"])) . "');\""); // avoid re-post confirmation after refreshing the next page in Google Chrome ?> onkeydown="bodyKeydown(event);" onload="bodyLoad('<?php echo (is_object($connection) ? substr($connection->server_info, 0, 3) : ""); ?>');<?php echo (isset($_COOKIE["adminer_version"]) ? "" : " verifyVersion();"); ?>">
 <script type="text/javascript">
 document.body.className = document.body.className.replace(/(^|\s)nojs(\s|$)/, '$1js$2');
 </script>
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -27,9 +27,10 @@ function escape_string($val) {

 /** Disable magic_quotes_gpc
 * @param array e.g. (&$_GET, &$_POST, &$_COOKIE)
+* @param bool whether to leave values as is
 * @return null modified in place
 */
-function remove_slashes($process) {
+function remove_slashes($process, $filter = false) {
 	if (get_magic_quotes_gpc()) {
 		while (list($key, $val) = each($process)) {
 			foreach ($val as $k => $v) {
@@ -92,7 +93,7 @@ function nl_br($string) {
 function checkbox($name, $value, $checked, $label = "", $onclick = "", $jsonly = false) {
 	static $id = 0;
 	$id++;
-	$return = "<input type='checkbox' name='$name' value='" . h($value) . "'" . ($checked ? " checked" : "") . ($onclick ? " onclick=\"$onclick\"" : "") . ($jsonly ? " class='jsonly'" : "") . " id='checkbox-$id'>";
+	$return = "<input type='checkbox' name='$name' value='" . h($value) . "'" . ($checked ? " checked" : "") . ($onclick ? ' onclick="' . h($onclick) . '"' : '') . ($jsonly ? " class='jsonly'" : "") . " id='checkbox-$id'>";
 	return ($label != "" ? "<label for='checkbox-$id'>$return" . h($label) . "</label>" : $return);
 }

@@ -129,7 +130,7 @@ function optionlist($options, $selected = null, $use_keys = false) {
 */
 function html_select($name, $options, $value = "", $onchange = true) {
 	if ($onchange) {
-		return "<select name='" . h($name) . "'" . (is_string($onchange) ? " onchange=\"$onchange\"" : "") . ">" . optionlist($options, $value) . "</select>";
+		return "<select name='" . h($name) . "'" . (is_string($onchange) ? ' onchange="' . h($onchange) . '"' : "") . ">" . optionlist($options, $value) . "</select>";
 	}
 	$return = "";
 	foreach ($options as $key => $val) {
@@ -147,6 +148,37 @@ function confirm($count = "", $stop = false) {
 	return " onclick=\"" . ($stop ? "eventStop(event); " : "") . "return confirm('" . lang('Are you sure?') . ($count ? " (' + $count + ')" : "") . "');\"";
 }

+/** Print header for hidden fieldset (close by </div></fieldset>)
+* @param string
+* @param string
+* @param bool
+* @param string
+* @return null
+*/
+function print_fieldset($id, $legend, $visible = false, $onclick = "") {
+	echo "<fieldset><legend><a href='#fieldset-$id' onclick=\"" . h($onclick) . "return !toggle('fieldset-$id');\">$legend</a></legend><div id='fieldset-$id'" . ($visible ? "" : " class='hidden'") . ">\n";
+}
+
+/** Return class='active' if $bold is true
+* @param bool
+* @return string
+*/
+function bold($bold) {
+	return ($bold ? " class='active'" : "");
+}
+
+/** Generate class for odd rows
+* @param string return this for odd rows, empty to reset counter
+* @return string
+*/
+function odd($return = ' class="odd"') {
+	static $i = 0;
+	if (!$return) { // reset counter
+		$i = -1;
+	}
+	return ($i++ % 2 ? $return : '');
+}
+
 /** Escape string for JavaScript apostrophes
 * @param string
 * @return string
@@ -155,6 +187,25 @@ function js_escape($string) {
 	return addcslashes($string, "\r\n'\\/"); // slash for <script>
 }

+/** Print one row in JSON object
+* @param string or "" to close the object
+* @param string
+* @return null
+*/
+function json_row($key, $val = null) {
+	static $first = true;
+	if ($first) {
+		echo "{";
+	}
+	if ($key != "") {
+		echo ($first ? "" : ",") . "\n\t\"" . addcslashes($key, "\r\n\"\\") . '": ' . (isset($val) ? '"' . addcslashes($val, "\r\n\"\\") . '"' : 'undefined');
+		$first = false;
+	} else {
+		echo "\n}\n";
+		$first = true;
+	}
+}
+
 /** Get INI boolean value
 * @param string
 * @return bool
@@ -516,35 +567,14 @@ function upload_error($error) {
 	return ($error ? lang('Unable to upload a file.') . ($max_size ? " " . lang('Maximum allowed file size is %sB.', $max_size) : "") : lang('File does not exist.'));
 }

-/** Generate class for odd rows
-* @param string return this for odd rows, empty to reset counter
+/** Create repeat pattern for preg
+* @param string
+* @param int
 * @return string
 */
-function odd($return = ' class="odd"') {
-	static $i = 0;
-	if (!$return) { // reset counter
-		$i = -1;
-	}
-	return ($i++ % 2 ? $return : '');
-}
-
-/** Print one row in JSON object
-* @param string or "" to close the object
-* @param string
-* @return null
-*/
-function json_row($key, $val = null) {
-	static $first = true;
-	if ($first) {
-		echo "{";
-	}
-	if ($key != "") {
-		echo ($first ? "" : ",") . "\n\t\"" . addcslashes($key, "\r\n\"\\") . '": ' . (isset($val) ? '"' . addcslashes($val, "\r\n\"\\") . '"' : 'undefined');
-		$first = false;
-	} else {
-		echo "\n}\n";
-		$first = true;
-	}
+function repeat_pattern($pattern, $length) {
+	// fix for Compilation failed: number too big in {} quantifier
+	return str_repeat("$pattern{0,65535}", $length / 65535) . "$pattern{0," . ($length % 65535) . "}"; // can create {0,0} which is OK
 }

 /** Check whether the string is in UTF-8
@@ -556,16 +586,6 @@ function is_utf8($val) {
 	return (preg_match('~~u', $val) && !preg_match('~[\\0-\\x8\\xB\\xC\\xE-\\x1F]~', $val));
 }

-/** Create repeat pattern for preg
-* @param string
-* @param int
-* @return string
-*/
-function repeat_pattern($pattern, $length) {
-	// fix for Compilation failed: number too big in {} quantifier
-	return str_repeat("$pattern{0,65535}", $length / 65535) . "$pattern{0," . ($length % 65535) . "}"; // can create {0,0} which is OK
-}
-
 /** Shorten UTF-8 string
 * @param string
 * @param int
@@ -675,7 +695,7 @@ function input($field, $value, $function) {
 			}
 			$first++;
 		}
-		$onchange = ($first ? " onchange=\"var f = this.form['function[" . js_escape($name) . "]']; if ($first > f.selectedIndex) f.selectedIndex = $first;\"" : "");
+		$onchange = ($first ? " onchange=\"var f = this.form['function[" . h(js_escape(bracket_escape($field["field"]))) . "]']; if ($first > f.selectedIndex) f.selectedIndex = $first;\"" : "");
 		$attrs .= $onchange;
 		echo (count($functions) > 1 ? html_select("function[$name]", $functions, !isset($function) || in_array($function, $functions) || isset($functions[$function]) ? $function : "", "functionChange(this);") : nbsp(reset($functions))) . '<td>';
 		$input = $adminer->editInput($_GET["edit"], $field, $attrs, $value); // usage in call is without a table
@@ -854,22 +874,3 @@ function is_url($string) {
 	$domain = '[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])'; // one domain component //! IDN
 	return (preg_match("~^(https?)://($domain?\\.)+$domain(:\\d+)?(/.*)?(\\?.*)?(#.*)?\$~i", $string, $match) ? strtolower($match[1]) : ""); //! restrict path, query and fragment characters
 }
-
-/** Print header for hidden fieldset (close by </div></fieldset>)
-* @param string
-* @param string
-* @param bool
-* @param string
-* @return null
-*/
-function print_fieldset($id, $legend, $visible = false, $onclick = "") {
-	echo "<fieldset><legend><a href='#fieldset-$id' onclick=\"$onclick" . "return !toggle('fieldset-$id');\">$legend</a></legend><div id='fieldset-$id'" . ($visible ? "" : " class='hidden'") . ">\n";
-}
-
-/** Return class='active' if $bold is true
-* @param bool
-* @return string
-*/
-function bold($bold) {
-	return ($bold ? " class='active'" : "");
-}
--- a/adminer/include/version.inc.php
+++ b/adminer/include/version.inc.php
@@ -1,2 +1,2 @@
 <?php
-$VERSION = "3.3.0";
+$VERSION = "3.3.1";
--- a/adminer/plugin.php
+++ b/adminer/plugin.php
@@ -14,6 +14,7 @@ function adminer_object() {
 		new AdminerDumpXml,
 		//~ new AdminerEditCalendar("<script type='text/javascript' src='../externals/jquery-ui/jquery-1.4.4.js'></script>\n<script type='text/javascript' src='../externals/jquery-ui/ui/jquery.ui.core.js'></script>\n<script type='text/javascript' src='../externals/jquery-ui/ui/jquery.ui.widget.js'></script>\n<script type='text/javascript' src='../externals/jquery-ui/ui/jquery.ui.datepicker.js'></script>\n<script type='text/javascript' src='../externals/jquery-ui/ui/jquery.ui.mouse.js'></script>\n<script type='text/javascript' src='../externals/jquery-ui/ui/jquery.ui.slider.js'></script>\n<script type='text/javascript' src='../externals/jquery-timepicker/jquery-ui-timepicker-addon.js'></script>\n<link rel='stylesheet' href='../externals/jquery-ui/themes/base/jquery.ui.all.css'>\n<style type='text/css'>\n.ui-timepicker-div .ui-widget-header { margin-bottom: 8px; }\n.ui-timepicker-div dl { text-align: left; }\n.ui-timepicker-div dl dt { height: 25px; }\n.ui-timepicker-div dl dd { margin: -25px 0 10px 65px; }\n.ui-timepicker-div td { font-size: 90%; }\n</style>\n", "../externals/jquery-ui/ui/i18n/jquery.ui.datepicker-%s.js"),
 		//~ new AdminerTinymce("../externals/tinymce/jscripts/tiny_mce/tiny_mce_dev.js"),
+		//~ new AdminerWymeditor(array("../externals/wymeditor/src/jquery/jquery.js", "../externals/wymeditor/src/wymeditor/jquery.wymeditor.js", "../externals/wymeditor/src/wymeditor/jquery.wymeditor.explorer.js", "../externals/wymeditor/src/wymeditor/jquery.wymeditor.mozilla.js", "../externals/wymeditor/src/wymeditor/jquery.wymeditor.opera.js", "../externals/wymeditor/src/wymeditor/jquery.wymeditor.safari.js")),
 		new AdminerFileUpload(""),
 		new AdminerSlugify,
 		new AdminerTranslation,
--- a/adminer/processlist.inc.php
+++ b/adminer/processlist.inc.php
@@ -1,5 +1,5 @@
 <?php
-if ($_POST && !$error) {
+if (support("kill") && $_POST && !$error) {
 	$killed = 0;
 	foreach ((array) $_POST["kill"] as $val) {
 		if (queries("KILL " . (+$val))) {
@@ -16,20 +16,24 @@ page_header(lang('Process list'), $error);
 <table cellspacing="0" onclick="tableClick(event);" class="nowrap">
 <?php
 $i = -1;
-foreach (get_rows("SHOW FULL PROCESSLIST") as $i => $row) {
+foreach (process_list() as $i => $row) {
 	if (!$i) {
-		echo "<thead><tr lang='en'><th>&nbsp;<th>" . implode("<th>", array_keys($row)) . "</thead>\n";
+		echo "<thead><tr lang='en'>" . (support("kill") ? "<th>&nbsp;" : "") . "<th>" . implode("<th>", array_keys($row)) . "</thead>\n";
 	}
-	echo "<tr" . odd() . "><td>" . checkbox("kill[]", $row["Id"], 0);
+	echo "<tr" . odd() . ">" . (support("kill") ? "<td>" . checkbox("kill[]", $row["Id"], 0) : "");
 	foreach ($row as $key => $val) {
-		echo "<td>" . ($key == "Info" && $val != "" ? "<code class='jush-$jush'>" . shorten_utf8($val, 100, "</code>") . ' <a href="' . h(ME . ($row["db"] != "" ? "db=" . urlencode($row["db"]) . "&" : "") . "sql=" . urlencode($val)) . '">' . lang('Edit') . '</a>' : nbsp($val));
+		echo "<td>" . (($jush == "sql" ? $key == "Info" && $val != "" : $key == "current_query" && $val != "<IDLE>") ? "<code class='jush-$jush'>" . shorten_utf8($val, 100, "</code>") . ' <a href="' . h(ME . ($row["db"] != "" ? "db=" . urlencode($row["db"]) . "&" : "") . "sql=" . urlencode($val)) . '">' . lang('Edit') . '</a>' : nbsp($val));
 	}
 	echo "\n";
 }
 ?>
 </table>
-<p><?php echo ($i + 1) . "/" . lang('%d in total', $connection->result("SELECT @@max_connections")); ?>
 <p>
-<input type="submit" value="<?php echo lang('Kill'); ?>">
+<?php
+if (support("kill")) {
+	echo ($i + 1) . "/" . lang('%d in total', $connection->result("SELECT @@max_connections"));
+	echo "<p><input type='submit' value='" . lang('Kill') . "'>\n";
+}
+?>
 <input type="hidden" name="token" value="<?php echo $token; ?>">
 </form>
--- a/adminer/sql.inc.php
+++ b/adminer/sql.inc.php
@@ -116,16 +116,16 @@ if (!$error && $_POST) {
 										. html_select("output", $adminer->dumpOutput(), $adminer_export["output"]) . " "
 										. html_select("format", $dump_format, $adminer_export["format"])
 										. "<input type='hidden' name='query' value='" . h($q) . "'>"
-										. " <input type='submit' name='export' value='" . lang('Export') . "' onclick='eventStop(event);'><input type='hidden' name='token' value='$token'></span>"
+										. " <input type='submit' name='export' value='" . lang('Export') . "' onclick='eventStop(event);'><input type='hidden' name='token' value='$token'></span>\n"
 									;
 									if ($connection2 && preg_match("~^($space|\\()*SELECT\\b~isU", $q) && ($explain = explain($connection2, $q))) {
 										$id = "explain-$commands";
-										echo ", <a href='#$id' onclick=\"return !toggle('$id');\">EXPLAIN</a>$export\n";
+										echo ", <a href='#$id' onclick=\"return !toggle('$id');\">EXPLAIN</a>$export";
 										echo "<div id='$id' class='hidden'>\n";
 										select($explain, $connection2, ($jush == "sql" ? "http://dev.mysql.com/doc/refman/" . substr($connection->server_info, 0, 3) . "/en/explain-output.html#explain_" : ""));
 										echo "</div>\n";
 									} else {
-										echo "$export\n";
+										echo $export;
 									}
 									echo "</form>\n";
 								}
--- a/adminer/trigger.inc.php
+++ b/adminer/trigger.inc.php
@@ -30,7 +30,7 @@ if ($_POST) {

 <form action="" method="post" id="form">
 <table cellspacing="0">
-<tr><th><?php echo lang('Time'); ?><td><?php echo html_select("Timing", $trigger_options["Timing"], $row["Timing"], "if (/^" . h(preg_quote($TABLE, "/")) . "_[ba][iud]$/.test(this.form['Trigger'].value)) this.form['Trigger'].value = '" . h(js_escape($TABLE)) . "_' + selectValue(this).charAt(0).toLowerCase() + selectValue(this.form['Event']).charAt(0).toLowerCase();"); ?>
+<tr><th><?php echo lang('Time'); ?><td><?php echo html_select("Timing", $trigger_options["Timing"], $row["Timing"], "if (/^" . preg_quote($TABLE, "/") . "_[ba][iud]$/.test(this.form['Trigger'].value)) this.form['Trigger'].value = '" . js_escape($TABLE) . "_' + selectValue(this).charAt(0).toLowerCase() + selectValue(this.form['Event']).charAt(0).toLowerCase();"); ?>
 <tr><th><?php echo lang('Event'); ?><td><?php echo html_select("Event", $trigger_event, $row["Event"], "this.form['Timing'].onchange();"); ?>
 <tr><th><?php echo lang('Type'); ?><td><?php echo html_select("Type", $trigger_options["Type"], $row["Type"]); ?>
 </table>
--- a/changes.txt
+++ b/changes.txt
@@ -1,3 +1,8 @@
+Adminer 3.3.1 (released 2011-07-27):
+Fix XSS introduced in Adminer 3.2.0
+Fix altering default values (PostgreSQL)
+Process list (PostgreSQL)
+
 Adminer 3.3.0 (released 2011-07-19):
 Use Esc to disable in-place edit
 Shortcut for database privileges
@@ -22,7 +27,7 @@ Display searched columns (Editor)
 Customizable favicon (customization)
 Method name can return a link (customization)
 Easier sending of default headers (customization)
-Romanian translation
+Lithuanian and Romanian translation

 Adminer 3.2.2 (released 2011-03-28):
 Fix AJAX history after reload
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@@ -197,8 +197,8 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
 		$i = 0;
 		$fields = fields($_GET["select"]);
 		foreach ($fields as $name => $field) {
-			if (ereg("enum", $field["type"])) { //! set - uses 1 << $i and FIND_IN_SET()
-				$desc = $columns[$name];
+			$desc = $columns[$name];
+			if (ereg("enum", $field["type"]) && $desc != "") { //! set - uses 1 << $i and FIND_IN_SET()
 				$key = $keys[$name];
 				$i--;
 				echo "<div>" . h($desc) . "<input type='hidden' name='where[$i][col]' value='" . h($name) . "'>:";
--- a/plugins/edit-calendar.php
+++ b/plugins/edit-calendar.php
@@ -36,7 +36,7 @@ class AdminerEditCalendar {
 		if (ereg("date|time", $field["type"])) {
 			$dateFormat = "changeYear: true, dateFormat: 'yy-mm-dd'"; //! yy-mm-dd regional
 			$timeFormat = "showSecond: true, timeFormat: 'hh:mm:ss'";
-			return "<input id='fields-" . h($field["field"]) . "' value='" . h($value) . "'" . ($maxlength ? " maxlength='$maxlength'" : "") . "$attrs><script type='text/javascript'>jQuery(function () { jQuery('#fields-" . js_escape($field["field"]) . "')."
+			return "<input id='fields-" . h($field["field"]) . "' value='" . h($value) . "'" . (+$field["length"] ? " maxlength='" . (+$field["length"]) . "'" : "") . "$attrs><script type='text/javascript'>jQuery(function () { jQuery('#fields-" . js_escape($field["field"]) . "')."
 				. ($field["type"] == "time" ? "timepicker({ $timeFormat })"
 				: (ereg("time", $field["type"]) ? "datetimepicker({ $dateFormat, $timeFormat })"
 				: "datepicker({ $dateFormat })"
--- a/plugins/wymeditor.php
+++ b/plugins/wymeditor.php
@@ -0,0 +1,68 @@
+<?php
+
+/** Edit all fields containing "_html" by HTML editor WYMeditor and display the HTML in select
+* @uses WYMeditor, http://www.wymeditor.org/
+* @author Jakub Vrana, http://www.vrana.cz/
+* @license http://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
+* @license http://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
+*/
+class AdminerWymeditor {
+	/** @var array @access protected */
+	var $scripts;
+	
+	/** @var string @access protected */
+	var $options;
+	
+	/**
+	* @param array
+	* @param string in format "skin: 'custom', preInit: function () { }"
+	*/
+	function AdminerWymeditor($scripts = array("jquery/jquery.js", "wymeditor/jquery.wymeditor.min.js"), $options = "") {
+		$this->scripts = $scripts;
+		$this->options = $options;
+	}
+	
+	function head() {
+		foreach ($this->scripts as $script) {
+			echo "<script type='text/javascript' src='" . h($script) . "'></script>\n";
+		}
+	}
+	
+	function selectVal(&$val, $link, $field) {
+		// copied from tinymce.php
+		if (ereg("_html", $field["field"]) && $val != '&nbsp;') {
+			$shortened = (substr($val, -10) == "<i>...</i>");
+			if ($shortened) {
+				$val = substr($val, 0, -10);
+			}
+			//! shorten with regard to HTML tags - http://php.vrana.cz/zkraceni-textu-s-xhtml-znackami.php
+			$val = preg_replace('~<[^>]*$~', '', html_entity_decode($val, ENT_QUOTES)); // remove ending incomplete tag (text can be shortened)
+			if ($shortened) {
+				$val .= "<i>...</i>";
+			}
+			if (class_exists('DOMDocument')) { // close all opened tags
+				$dom = new DOMDocument;
+				if (@$dom->loadHTML("<meta http-equiv='Content-Type' content='text/html; charset=utf-8'></head>$val")) { // @ - $val can contain errors
+					$val = preg_replace('~.*<body[^>]*>(.*)</body>.*~is', '\\1', $dom->saveHTML());
+				}
+			}
+		}
+	}
+	
+	function editInput($table, $field, $attrs, $value) {
+		static $lang = "";
+		if (!$lang && ereg("text", $field["type"]) && ereg("_html", $field["field"])) {
+			$lang = "en";
+			if (function_exists('get_lang')) { // since Adminer 3.2.0
+				$lang = get_lang();
+				$lang = ($lang == "zh" || $lang == "zh-tw" ? "zh_cn" : $lang);
+			}
+			return "<textarea$attrs id='fields-" . h($field["field"]) . "' rows='12' cols='50'>" . h($value) . "</textarea><script type='text/javascript'>
+jQuery(function () {
+	jQuery('textarea[name*=\"_html\"]').wymeditor({ updateSelector: '#form [type=\"submit\"]', lang: '$lang'" . ($this->options ? ", $this->options" : "") . " });
+});
+</script>";
+		}
+	}
+	
+}
Author	SHA1	Message	Date
Jakub Vrana	f4204386c7	Release	2011-07-27 10:16:57 +02:00
Jakub Vrana	f80e15f987	Typo	2011-07-27 09:08:53 +02:00
Jakub Vrana	4b4055432d	Reorganize functions	2011-07-27 09:04:43 +02:00
Jakub Vrana	be4f2ef76c	More thorough escaping	2011-07-27 08:58:07 +02:00
Jakub Vrana	037c547365	Fix XSS (thanks to Jigal van Hemert)	2011-07-27 08:01:51 +02:00
Jakub Vrana	71efbc545a	Remove CodeMirror	2011-07-26 22:20:26 +02:00
Jakub Vrana	1c415dbcf8	WYMeditor	2011-07-26 22:10:45 +02:00
Jakub Vrana	903a0377af	Lithuanian translation	2011-07-26 19:42:51 +02:00
Jakub Vrana	628a43156d	Hide search for hidden enums (thanks to hever)	2011-07-25 17:20:32 +02:00
Jakub Vrana	6c1598ebaf	Save bytes	2011-07-22 16:27:06 +02:00
Jan Dolecek	cde1d43e89	Fix altering of default values in PostgreSQL	2011-07-22 15:34:35 +02:00
Jan Dolecek	06aa0f842b	Process list for PostgreSQL	2011-07-22 14:32:16 +02:00
Jakub Vrana	7f05e73689	Missing variable (thanks to juzna)	2011-07-22 13:41:05 +02:00
Jakub Vrana	83d82d6eee	Pass $filter to remove_slashes (thanks to juzna)	2011-07-22 13:37:01 +02:00
Jakub Vrana	a3663066b0	Use $adminer->database() instead of DB (thanks to Lubor Bilek)	2011-07-19 17:58:44 +02:00
Jakub Vrana	dc4851dacd	Develop	2011-07-19 15:06:16 +02:00