Release 4.9.4

This solves a situation when enum data type has a foreign key to another table.

adminer/create.inc.php

@@ -82,20 +82,39 @@ if ($_POST && !process_fields($row["fields"]) && !$error) {
 		}
 
 		$partitioning = "";
-		if ($partition_by[$row["partition_by"]]) {
-			$partitions = array();
-			if ($row["partition_by"] == 'RANGE' || $row["partition_by"] == 'LIST') {
-				foreach (array_filter($row["partition_names"]) as $key => $val) {
-					$value = $row["partition_values"][$key];
-					$partitions[] = "\n  PARTITION " . idf_escape($val) . " VALUES " . ($row["partition_by"] == 'RANGE' ? "LESS THAN" : "IN") . ($value != "" ? " ($value)" : " MAXVALUE"); //! SQL injection
+		if (support("partitioning")) {
+			if (isset($partition_by[$row["partition_by"]])) {
+				$params = array_filter($row, function ($key) {
+					return preg_match('~^partition~', $key);
+				}, ARRAY_FILTER_USE_KEY);
+
+				foreach ($params["partition_names"] as $key => $name) {
+					if ($name === "") {
+						unset($params["partition_names"][$key]);
+						unset($params["partition_values"][$key]);
+					}
 				}
+
+				if ($params != get_partitions_info($TABLE)) {
+					$partitions = [];
+					if ($params["partition_by"] == 'RANGE' || $params["partition_by"] == 'LIST') {
+						foreach ($params["partition_names"] as $key => $name) {
+							$value = $params["partition_values"][$key];
+							$partitions[] = "\n  PARTITION " . idf_escape($name) . " VALUES " . ($params["partition_by"] == 'RANGE' ? "LESS THAN" : "IN") . ($value != "" ? " ($value)" : " MAXVALUE"); //! SQL injection
+						}
+					}
+
+					// $params["partition"] can be expression, not only column
+					$partitioning .= "\nPARTITION BY {$params["partition_by"]}({$params["partition"]})";
+					if ($partitions) {
+						$partitioning .= " (" . implode(",", $partitions) . "\n)";
+					} elseif ($params["partitions"]) {
+						$partitioning .= " PARTITIONS " . (int)$params["partitions"];
+					}
+				}
+			} elseif (preg_match("~partitioned~", $table_status["Create_options"])) {
+				$partitioning .= "\nREMOVE PARTITIONING";
 			}
-			$partitioning .= "\nPARTITION BY $row[partition_by]($row[partition])" . ($partitions // $row["partition"] can be expression, not only column
-				? " (" . implode(",", $partitions) . "\n)"
-				: ($row["partitions"] ? " PARTITIONS " . (+$row["partitions"]) : "")
-			);
-		} elseif (support("partitioning") && preg_match("~partitioned~", $table_status["Create_options"])) {
-			$partitioning .= "\nREMOVE PARTITIONING";
 		}
 
 		$message = lang('Table has been altered.');
@@ -141,13 +160,9 @@ if (!$_POST) {
 		}
 
 		if (support("partitioning")) {
-			$from = "FROM information_schema.PARTITIONS WHERE TABLE_SCHEMA = " . q(DB) . " AND TABLE_NAME = " . q($TABLE);
-			$result = $connection->query("SELECT PARTITION_METHOD, PARTITION_ORDINAL_POSITION, PARTITION_EXPRESSION $from ORDER BY PARTITION_ORDINAL_POSITION DESC LIMIT 1");
-			list($row["partition_by"], $row["partitions"], $row["partition"]) = $result->fetch_row();
-			$partitions = get_key_vals("SELECT PARTITION_NAME, PARTITION_DESCRIPTION $from AND PARTITION_NAME != '' ORDER BY PARTITION_ORDINAL_POSITION");
-			$partitions[""] = "";
-			$row["partition_names"] = array_keys($partitions);
-			$row["partition_values"] = array_values($partitions);
+			$row += get_partitions_info($TABLE);
+			$row["partition_names"][] = "";
+			$row["partition_values"][] = "";
 		}
 	}
 }

adminer/drivers/mssql.inc.php

@@ -432,7 +432,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table)
 
 	function error() {
 		global $connection;
-		return nl_br(h(preg_replace('~^(\[[^]]*])+~m', '', $connection->error)));
+		return nl2br(h(preg_replace('~^(\[[^]]*])+~m', '', $connection->error)));
 	}
 
 	function create_database($db, $collation) {
@@ -637,6 +637,10 @@ WHERE sys1.xtype = 'TR' AND sys2.name = " . q($table)
 		return false;
 	}
 
+	function is_c_style_escapes() {
+		return true;
+	}
+
 	function show_status() {
 		return array();
 	}

adminer/drivers/mysql.inc.php

@@ -14,7 +14,7 @@ if (!defined("DRIVER")) {
 
 			function connect($server = "", $username = "", $password = "", $database = null, $port = null, $socket = null) {
 				global $adminer;
-				mysqli_report(MYSQLI_REPORT_OFF); // stays between requests, not required since PHP 5.3.4
+				mysqli_report(MYSQLI_REPORT_OFF);
 				list($host, $port) = explode(":", $server, 2); // part after : is used for port or socket
 
 				$ssl = $adminer->connectSsl();
@@ -34,7 +34,7 @@ if (!defined("DRIVER")) {
 					$database,
 					(is_numeric($port) ? $port : ini_get("mysqli.default_port")),
 					(!is_numeric($port) ? $port : $socket),
-					($ssl ? 64 : 0) // 64 - MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT (not available before PHP 5.6.16)
+					($ssl ? MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT : 0)
 				);
 				$this->options(MYSQLI_OPT_LOCAL_INFILE, false);
 				return $return;
@@ -262,7 +262,7 @@ if (!defined("DRIVER")) {
 			}
 
 			function set_charset($charset) {
-				$this->query("SET NAMES $charset"); // charset in DSN is ignored before PHP 5.3.6
+				$this->query("SET NAMES $charset");
 			}
 
 			function select_db($database) {
@@ -375,7 +375,7 @@ if (!defined("DRIVER")) {
 		$connection = new Min_DB;
 		$credentials = $adminer->credentials();
 		if ($connection->connect($credentials[0], $credentials[1], $credentials[2])) {
-			$connection->set_charset(charset($connection)); // available in MySQLi since PHP 5.0.5
+			$connection->set_charset(charset($connection));
 			$connection->query("SET sql_quote_show_create = 1, autocommit = 1");
 			if (min_version('5.7.8', 10.2, $connection)) {
 				$structured_types[lang('Strings')][] = "json";
@@ -1074,6 +1074,16 @@ if (!defined("DRIVER")) {
 		return $strictMode;
 	}
 
+	function is_c_style_escapes() {
+		static $c_style = null;
+
+		if ($c_style === null) {
+			$c_style = strpos(get_key_vals("SHOW VARIABLES LIKE 'sql_mode'")["sql_mode"], 'NO_BACKSLASH_ESCAPES') === false;
+		}
+
+		return $c_style;
+	}
+
 	/** Get process list
 	* @return array ($row)
 	*/

adminer/drivers/oracle.inc.php

@@ -493,6 +493,10 @@ AND c_src.TABLE_NAME = " . q($table);
 		return false;
 	}
 
+	function is_c_style_escapes() {
+		return true;
+	}
+
 	function process_list() {
 		return get_rows('SELECT sess.process AS "process", sess.username AS "user", sess.schemaname AS "schema", sess.status AS "status", sess.wait_class AS "wait_class", sess.seconds_in_wait AS "seconds_in_wait", sql.sql_text AS "sql_text", sess.machine AS "machine", sess.port AS "port"
 FROM v$session sess LEFT OUTER JOIN v$sql sql

adminer/drivers/pgsql.inc.php

@@ -488,7 +488,7 @@ ORDER BY connamespace, conname") as $row) {
 		if (preg_match('~^(.*\n)?([^\n]*)\n( *)\^(\n.*)?$~s', $return, $match)) {
 			$return = $match[1] . preg_replace('~((?:[^&]|&[^;]*;){' . strlen($match[3]) . '})(.*)~', '\1<b>\2</b>', $match[2]) . $match[4];
 		}
-		return nl_br($return);
+		return nl2br($return);
 	}
 
 	function create_database($db, $collation) {
@@ -885,6 +885,16 @@ AND typelem = 0"
 		return false;
 	}
 
+	function is_c_style_escapes() {
+		static $c_style = null;
+
+		if ($c_style === null) {
+			$c_style = get_vals("SHOW standard_conforming_strings")[0] == "off";
+		}
+
+		return $c_style;
+	}
+
 	function process_list() {
 		return get_rows("SELECT * FROM pg_stat_activity ORDER BY " . (min_version(9.2) ? "pid" : "procpid"));
 	}
@@ -949,6 +959,7 @@ AND typelem = 0"
 					"char|text" => "||",
 				)
 			),
+			'c_style_escapes' => true,
 		);
 	}
 }

adminer/drivers/sqlite.inc.php

@@ -771,6 +771,10 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {
 		return false;
 	}
 
+	function is_c_style_escapes() {
+		return true;
+	}
+
 	function show_status() {
 		$return = array();
 		foreach (get_vals("PRAGMA compile_options") as $option) {

adminer/include/adminer.inc.php

@@ -25,12 +25,16 @@ class Adminer {
 	function connectSsl() {
 	}
 
-	/** Get key used for permanent login
-	* @param bool
-	* @return string cryptic string which gets combined with password or false in case of an error
-	*/
+	/**
+	 * Gets a private key used for permanent login.
+	 *
+	 * @param bool $create
+	 *
+	 * @return string|false Cryptic string which gets combined with password or false in case of an error.
+	 * @throws \Random\RandomException
+	 */
 	function permanentLogin($create = false) {
-		return password_file($create);
+		return get_private_key($create);
 	}
 
 	/** Return key used to group brute force attacks; behind a reverse proxy, you want to return the last part of X-Forwarded-For
@@ -937,9 +941,11 @@ class Adminer {
 		return $ext;
 	}
 
-	/** Set the path of the file for webserver load
-	* @return string path of the sql dump file
-	*/
+	/**
+	 * Gets the path of the file for webserver load.
+	 *
+	 * @return string Path of the sql import file.
+	 */
 	function importServerPath() {
 		return "adminer.sql";
 	}

adminer/include/auth.inc.php

@@ -1,4 +1,5 @@
 <?php
+
 $connection = '';
 
 $has_token = $_SESSION["token"];
@@ -82,11 +83,11 @@ function build_http_url($server, $username, $password, $defaultServer, $defaultP
 
 function add_invalid_login() {
 	global $adminer;
-	$fp = file_open_lock(get_temp_dir() . "/adminer.invalid");
-	if (!$fp) {
+	$file = open_file_with_lock(get_temp_dir() . "/adminer.invalid");
+	if (!$file) {
 		return;
 	}
-	$invalids = unserialize(stream_get_contents($fp));
+	$invalids = unserialize(stream_get_contents($file));
 	$time = time();
 	if ($invalids) {
 		foreach ($invalids as $ip => $val) {
@@ -100,13 +101,16 @@ function add_invalid_login() {
 		$invalid = array($time + 30*60, 0); // active for 30 minutes
 	}
 	$invalid[1]++;
-	file_write_unlock($fp, serialize($invalids));
+	write_and_unlock_file($file, serialize($invalids));
 }
 
 function check_invalid_login() {
 	global $adminer;
-	$invalids = unserialize(@file_get_contents(get_temp_dir() . "/adminer.invalid")); // @ - may not exist
-	$invalid = ($invalids ? $invalids[$adminer->bruteForceKey()] : array());
+
+	$filename = get_temp_dir() . "/adminer.invalid";
+	$invalids = file_exists($filename) ? unserialize(file_get_contents($filename)) : [];
+	$invalid = ($invalids ? $invalids[$adminer->bruteForceKey()] : []);
+
 	$next_attempt = ($invalid[1] > 29 ? $invalid[0] - time() : 0); // allow 30 invalid attempts
 	if ($next_attempt > 0) { //! do the same with permanent login
 		auth_error(lang('Too many unsuccessful logins, try again in %d minute(s).', ceil($next_attempt / 60)));
@@ -168,9 +172,10 @@ function unset_permanent() {
 }
 
 /** Renders an error message and a login form
-* @param string plain text
-* @return null exits
-*/
+ * @param string plain text
+ * @return null exits
+ * @throws \Random\RandomException
+ */
 function auth_error($error) {
 	global $adminer, $has_token;
 	$session_name = session_name();
@@ -195,7 +200,7 @@ function auth_error($error) {
 		$error = lang('Session support must be enabled.');
 	}
 	$params = session_get_cookie_params();
-	cookie("adminer_key", ($_COOKIE["adminer_key"] ? $_COOKIE["adminer_key"] : rand_string()), $params["lifetime"]);
+	cookie("adminer_key", ($_COOKIE["adminer_key"] ?: get_random_string()), $params["lifetime"]);
 	page_header(lang('Login'), $error, null);
 	echo "<form action='' method='post'>\n";
 	echo "<div>";

adminer/include/bootstrap.inc.php

@@ -6,6 +6,7 @@ function adminer_errors($errno, $errstr) {
 error_reporting(6135); // errors and warnings
 set_error_handler('adminer_errors', E_WARNING);
 
+include "../adminer/include/debug.inc.php";
 include "../adminer/include/coverage.inc.php";
 
 // disable filter.default
@@ -31,9 +32,9 @@ if (isset($_GET["file"])) {
 }
 
 if ($_GET["script"] == "version") {
-	$fp = file_open_lock(get_temp_dir() . "/adminer.version");
-	if ($fp) {
-		file_write_unlock($fp, serialize(array("signature" => $_POST["signature"], "version" => $_POST["version"])));
+	$file = open_file_with_lock(get_temp_dir() . "/adminer.version");
+	if ($file) {
+		write_and_unlock_file($file, serialize(["signature" => $_POST["signature"], "version" => $_POST["version"]]));
 	}
 	exit;
 }

adminer/include/debug.inc.php

@@ -0,0 +1,14 @@
+<?php
+
+function dump($value)
+{
+	echo "<pre>";
+	var_export($value);
+	echo "</pre>\n";
+}
+
+function dumpe($value)
+{
+	dump($value);
+	exit;
+}

adminer/include/design.inc.php

@@ -142,14 +142,20 @@ function csp() {
 	);
 }
 
-/** Get a CSP nonce
-* @return string Base64 value
-*/
-function get_nonce() {
+/**
+ * Gets a CSP nonce.
+ *
+ * @return string Base64 value.
+ * @throws \Random\RandomException
+ */
+function get_nonce()
+{
 	static $nonce;
+
 	if (!$nonce) {
-		$nonce = base64_encode(rand_string());
+		$nonce = base64_encode(get_random_string(true));
 	}
+
 	return $nonce;
 }
 

adminer/include/editing.inc.php

@@ -221,12 +221,17 @@ function process_type($field, $collate = "COLLATE") {
 * @return array array("field", "type", "NULL", "DEFAULT", "ON UPDATE", "COMMENT", "AUTO_INCREMENT")
 */
 function process_field($field, $type_field) {
+	// MariaDB exports CURRENT_TIMESTAMP as a function.
+	if ($field["on_update"]) {
+		$field["on_update"] = str_ireplace("current_timestamp()", "CURRENT_TIMESTAMP", $field["on_update"]);
+	}
+
 	return array(
 		idf_escape(trim($field["field"])),
 		process_type($type_field),
 		($field["null"] ? " NULL" : " NOT NULL"), // NULL for timestamp
 		default_value($field),
-		(preg_match('~timestamp|datetime~', $field["type"]) && $field["on_update"] ? " ON UPDATE $field[on_update]" : ""),
+		(preg_match('~timestamp|datetime~', $field["type"]) && $field["on_update"] ? " ON UPDATE " . $field["on_update"] : ""),
 		(support("comment") && $field["comment"] != "" ? " COMMENT " . q($field["comment"]) : ""),
 		($field["auto_increment"] ? auto_increment() : null),
 	);
@@ -240,10 +245,13 @@ function default_value($field) {
 	$default = $field["default"];
 	if ($default === null) return "";
 
-	if (preg_match('~^GENERATED ~i', $default)) {
+	if (stripos($default, "GENERATED ") === 0) {
 		return " $default";
 	}
 
+	// MariaDB exports CURRENT_TIMESTAMP as a function.
+	$default = str_ireplace("current_timestamp()", "CURRENT_TIMESTAMP", $default);
+
 	$quote = preg_match('~char|binary|text|enum|set~', $field["type"]) || preg_match('~^(?![a-z])~i', $default);
 
 	return " DEFAULT " . ($quote ? q($default) : $default);
@@ -376,25 +384,43 @@ function normalize_enum($match) {
 	return "'" . str_replace("'", "''", addcslashes(stripcslashes(str_replace($match[0][0] . $match[0][0], $match[0][0], substr($match[0], 1, -1))), '\\')) . "'";
 }
 
-/** Issue grant or revoke commands
-* @param string GRANT or REVOKE
-* @param array
-* @param string
-* @param string
-* @return bool
-*/
-function grant($grant, $privileges, $columns, $on) {
-	if (!$privileges) {
-		return true;
+/**
+ * Issue grant or revoke commands.
+ *
+ * @param bool $grant
+ * @param array $privileges
+ * @param string $columns
+ * @param string $on
+ * @param string $user
+ *
+ * @return bool
+ */
+function grant($grant, array $privileges, $columns, $on, $user) {
+	if (!$privileges) return true;
+
+	if ($privileges == ["ALL PRIVILEGES", "GRANT OPTION"]) {
+		if ($grant) {
+			return (bool) queries("GRANT ALL PRIVILEGES ON $on TO $user WITH GRANT OPTION");
+		} else {
+			return queries("REVOKE ALL PRIVILEGES ON $on FROM $user") &&
+				queries("REVOKE GRANT OPTION ON $on FROM $user");
+		}
 	}
-	if ($privileges == array("ALL PRIVILEGES", "GRANT OPTION")) {
-		// can't be granted or revoked together
-		return ($grant == "GRANT"
-			? queries("$grant ALL PRIVILEGES$on WITH GRANT OPTION")
-			: queries("$grant ALL PRIVILEGES$on") && queries("$grant GRANT OPTION$on")
-		);
+
+	if ($privileges == ["GRANT OPTION", "PROXY"]) {
+		if ($grant) {
+			return (bool) queries("GRANT PROXY ON $on TO $user WITH GRANT OPTION");
+		} else {
+			return (bool) queries("REVOKE PROXY ON $on FROM $user");
+		}
 	}
-	return queries("$grant " . preg_replace('~(GRANT OPTION)\([^)]*\)~', '\1', implode("$columns, ", $privileges) . $columns) . $on);
+
+	return (bool) queries(
+		($grant ? "GRANT " : "REVOKE ") .
+		preg_replace('~(GRANT OPTION)\([^)]*\)~', '$1', implode("$columns, ", $privileges) . $columns) .
+		" ON $on " .
+		($grant ? "TO " : "FROM ") . $user
+	);
 }
 
 /** Drop old object and create a new one
@@ -523,9 +549,9 @@ function tar_file($filename, $tmp_file) {
 function ini_bytes($ini) {
 	$val = ini_get($ini);
 	switch (strtolower(substr($val, -1))) {
-		case 'g': $val *= 1024; // no break
-		case 'm': $val *= 1024; // no break
-		case 'k': $val *= 1024;
+		case 'g': $val = (int)$val * 1024; // no break
+		case 'm': $val = (int)$val * 1024; // no break
+		case 'k': $val = (int)$val * 1024;
 	}
 	return $val;
 }

adminer/include/functions.inc.php

@@ -1,4 +1,5 @@
 <?php
+
 /** Get database connection
 * @return Min_DB
 */
@@ -157,14 +158,6 @@ function h($string) {
 	return str_replace("\0", "&#0;", htmlspecialchars($string, ENT_QUOTES, 'utf-8'));
 }
 
-/** Convert \n to <br>
-* @param string
-* @return string
-*/
-function nl_br($string) {
-	return str_replace("\n", "<br>", $string); // nl2br() uses XHTML before PHP 5.3
-}
-
 /** Generate HTML checkbox
 * @param string
 * @param string
@@ -477,24 +470,36 @@ function escape_key($key) {
 */
 function where($where, $fields = array()) {
 	global $connection, $jush;
-	$return = array();
+
+	$conditions = [];
+
 	foreach ((array) $where["where"] as $key => $val) {
 		$key = bracket_escape($key, 1); // 1 - back
 		$column = escape_key($key);
-		$return[] = $column
-			. ($jush == "sql" && is_numeric($val) && preg_match('~\.~', $val) ? " LIKE " . q($val) // LIKE because of floats but slow with ints
-				: ($jush == "mssql" ? " LIKE " . q(preg_replace('~[_%[]~', '[\0]', $val)) // LIKE because of text
-				: " = " . unconvert_field($fields[$key], q($val))
-			))
-		; //! enum and set
-		if ($jush == "sql" && preg_match('~char|text~', $fields[$key]["type"]) && preg_match("~[^ -@]~", $val)) { // not just [a-z] to catch non-ASCII characters
-			$return[] = "$column = " . q($val) . " COLLATE " . charset($connection) . "_bin";
+
+		if ($jush == "sql" && $fields[$key]["type"] == "json") {
+			$conditions[] = "$column = CAST(" . q($val) . " AS JSON)";
+		} elseif ($jush == "sql" && is_numeric($val) && strpos($val, ".") !== false) {
+			// LIKE because of floats but slow with ints.
+			$conditions[] = "$column LIKE " . q($val);
+		} elseif ($jush == "mssql") {
+			// LIKE because of text.
+			$conditions[] = "$column LIKE " . q(preg_replace('~[_%[]~', '[\0]', $val));
+		} else {
+			$conditions[] = "$column = " . unconvert_field($fields[$key], q($val));
+		}
+
+		// Not just [a-z] to catch non-ASCII characters.
+		if ($jush == "sql" && preg_match('~char|text~', $fields[$key]["type"]) && preg_match("~[^ -@]~", $val)) {
+			$conditions[] = "$column = " . q($val) . " COLLATE " . charset($connection) . "_bin";
 		}
 	}
+
 	foreach ((array) $where["null"] as $key) {
-		$return[] = escape_key($key) . " IS NULL";
+		$conditions[] = escape_key($key) . " IS NULL";
 	}
-	return implode(" AND ", $return);
+
+	return implode(" AND ", $conditions);
 }
 
 /** Create SQL condition from query string
@@ -935,14 +940,15 @@ function enum_input($type, $attrs, $field, $value, $empty = null) {
 */
 function input($field, $value, $function) {
 	global $types, $adminer, $jush;
+
 	$name = h(bracket_escape($field["field"]));
-	echo "<td class='function'>";
+
 	if (is_array($value) && !$function) {
 		$args = array($value);
 		if (version_compare(PHP_VERSION, 5.4) >= 0) {
 			$args[] = JSON_PRETTY_PRINT;
 		}
-		$value = call_user_func_array('json_encode', $args); //! requires PHP 5.2
+		$value = call_user_func_array('json_encode', $args);
 		$function = "json";
 	}
 	$reset = ($jush == "mssql" && $field["auto_increment"]);
@@ -950,13 +956,18 @@ function input($field, $value, $function) {
 		$function = null;
 	}
 	$functions = (isset($_GET["select"]) || $reset ? array("orig" => lang('original')) : array()) + $adminer->editFunctions($field);
-	$attrs = " name='fields[$name]'";
+
+	$disabled = stripos($field["default"], "GENERATED ALWAYS AS ") === 0 ? " disabled=''" : "";
+	$attrs = " name='fields[$name]' $disabled";
+
+	echo "<td class='function'>";
+
 	if ($field["type"] == "enum") {
 		echo h($functions[""]) . "<td>" . $adminer->editInput($_GET["edit"], $field, $attrs, $value);
 	} else {
 		$has_function = (in_array($function, $functions) || isset($functions[$function]));
 		echo (count($functions) > 1
-			? "<select name='function[$name]'>" . optionlist($functions, $function === null || $has_function ? $function : "") . "</select>"
+			? "<select name='function[$name]' $disabled>" . optionlist($functions, $function === null || $has_function ? $function : "") . "</select>"
 				. on_help("getTarget(event).value.replace(/^SQL\$/, '')", 1)
 				. script("qsl('select').onchange = functionChange;", "")
 			: h(reset($functions))
@@ -1021,6 +1032,11 @@ function input($field, $value, $function) {
 */
 function process_input($field) {
 	global $adminer, $driver;
+
+	if (stripos($field["default"], "GENERATED ALWAYS AS ") === 0) {
+		return null;
+	}
+
 	$idf = bracket_escape($field["field"]);
 	$function = $_POST["function"][$idf];
 	$value = $_POST["fields"][$idf];
@@ -1111,6 +1127,27 @@ function search_tables() {
 	echo ($sep ? "<p class='message'>" . lang('No tables.') : "</ul>") . "\n";
 }
 
+/**
+ * @param string $table
+ * @return array
+ */
+function get_partitions_info($table) {
+	global $connection;
+
+	$from = "FROM information_schema.PARTITIONS WHERE TABLE_SCHEMA = " . q(DB) . " AND TABLE_NAME = " . q($table);
+
+	$result = $connection->query("SELECT PARTITION_METHOD, PARTITION_EXPRESSION, PARTITION_ORDINAL_POSITION $from ORDER BY PARTITION_ORDINAL_POSITION DESC LIMIT 1");
+
+	$info = [];
+	list($info["partition_by"], $info["partition"],  $info["partitions"]) = $result->fetch_row();
+
+	$partitions = get_key_vals("SELECT PARTITION_NAME, PARTITION_DESCRIPTION $from AND PARTITION_NAME != '' ORDER BY PARTITION_ORDINAL_POSITION");
+	$info["partition_names"] = array_keys($partitions);
+	$info["partition_values"] = array_values($partitions);
+
+	return $info;
+}
+
 /** Send headers for export
 * @param string
 * @param bool
@@ -1171,60 +1208,98 @@ function get_temp_dir() {
 	return $return;
 }
 
-/** Open and exclusively lock a file
-* @param string
-* @return resource or null for error
-*/
-function file_open_lock($filename) {
-	$fp = @fopen($filename, "r+"); // @ - may not exist
-	if (!$fp) { // c+ is available since PHP 5.2.6
-		$fp = @fopen($filename, "w"); // @ - may not be writable
-		if (!$fp) {
-			return;
-		}
-		chmod($filename, 0660);
+/**
+ * Opens and exclusively lock a file.
+ *
+ * @param string $filename
+ * @return resource|null
+ */
+function open_file_with_lock($filename)
+{
+	$file = fopen($filename, "c+");
+	if (!$file) {
+		return null;
 	}
-	flock($fp, LOCK_EX);
-	return $fp;
+
+	chmod($filename, 0660);
+
+	if (!flock($file, LOCK_EX)) {
+		fclose($file);
+		return null;
+	}
+
+	return $file;
 }
 
-/** Write and unlock a file
-* @param resource
-* @param string
-*/
-function file_write_unlock($fp, $data) {
-	rewind($fp);
-	fwrite($fp, $data);
-	ftruncate($fp, strlen($data));
-	flock($fp, LOCK_UN);
-	fclose($fp);
+/**
+ * Writes and unlocks a file.
+ *
+ * @param resource $file
+ * @param string $data
+ */
+function write_and_unlock_file($file, $data)
+{
+	rewind($file);
+	fwrite($file, $data);
+	ftruncate($file, strlen($data));
+
+	unlock_file($file);
 }
 
-/** Read password from file adminer.key in temporary directory or create one
-* @param bool
-* @return string or false if the file can not be created
-*/
-function password_file($create) {
+/**
+ * Unlocks and closes the file.
+ *
+ * @param resource $file
+ */
+function unlock_file($file)
+{
+	flock($file, LOCK_UN);
+	fclose($file);
+}
+
+/**
+ * Reads password from file adminer.key in temporary directory or create one.
+ *
+ * @param $create bool
+ * @return string|false Returns false if the file can not be created.
+ * @throws \Random\RandomException
+ */
+function get_private_key($create)
+{
 	$filename = get_temp_dir() . "/adminer.key";
-	$return = @file_get_contents($filename); // @ - may not exist
-	if ($return || !$create) {
-		return $return;
+
+	if (!$create && !file_exists($filename)) {
+		return false;
 	}
-	$fp = @fopen($filename, "w"); // @ - can have insufficient rights //! is not atomic
-	if ($fp) {
-		chmod($filename, 0660);
-		$return = rand_string();
-		fwrite($fp, $return);
-		fclose($fp);
+
+	$file = open_file_with_lock($filename);
+	if (!$file) {
+		return false;
 	}
-	return $return;
+
+	$key = stream_get_contents($file);
+	if (!$key) {
+		$key = get_random_string();
+		write_and_unlock_file($file, $key);
+	} else {
+		unlock_file($file);
+	}
+
+	return $key;
 }
 
-/** Get a random string
-* @return string 32 hexadecimal characters
-*/
-function rand_string() {
-	return md5(uniqid(mt_rand(), true));
+/**
+ * Returns a random 32 characters long string.
+ *
+ * @param $binary bool
+ * @return string
+ * @throws \Random\RandomException
+ */
+function get_random_string($binary = false)
+{
+	$bytes = function_exists('random_bytes') ? random_bytes(32) : uniqid(mt_rand(), true);
+
+	return $binary ? $bytes : md5($bytes);
 }
 
 /** Format value to use in select
@@ -1441,6 +1516,7 @@ function edit_form($table, $fields, $row, $update) {
 	$adminer->editRowPrint($table, $fields, $row, $update);
 	if ($row === false) {
 		echo "<p class='error'>" . lang('No rows.') . "\n";
+		return;
 	}
 	?>
 <form action="" method="post" enctype="multipart/form-data" id="form">

adminer/include/version.inc.php

@@ -1,2 +1,2 @@
 <?php
-$VERSION = "4.9.2";
+$VERSION = "4.9.4";

adminer/select.inc.php

@@ -232,14 +232,16 @@ if (is_ajax()) {
 
 $set = null;
 if (isset($rights["insert"]) || !support("table")) {
-	$set = "";
+	$params = [];
 	foreach ((array) $_GET["where"] as $val) {
-		if ($foreign_keys[$val["col"]] && count($foreign_keys[$val["col"]]) == 1 && ($val["op"] == "="
-			|| (!$val["op"] && !preg_match('~[_%]~', $val["val"])) // LIKE in Editor
+		if (isset($foreign_keys[$val["col"]]) && count($foreign_keys[$val["col"]]) == 1
+			&& ($val["op"] == "=" || (!$val["op"] && (is_array($val["val"]) || !preg_match('~[_%]~', $val["val"]))) // LIKE in Editor
 		)) {
-			$set .= "&set" . urlencode("[" . bracket_escape($val["col"]) . "]") . "=" . urlencode($val["val"]);
+			$params["set" . "[" . bracket_escape($val["col"]) . "]"] = $val["val"];
 		}
 	}
+
+	$set = $params ? "&" . http_build_query($params) : "";
 }
 $adminer->selectLinks($table_status, $set);
 
@@ -446,7 +448,7 @@ if (!$columns && support("table")) {
 								$link .= where_link($i++, $k, $v);
 							}
 						}
-						
+
 						$val = select_value($val, $link, $field, $text_length);
 						$id = h("val[$unique_idf][" . bracket_escape($key) . "]");
 						$value = $_POST["val"][$unique_idf][bracket_escape($key)];
@@ -507,7 +509,7 @@ if (!$columns && support("table")) {
 					echo "\n";
 				}
 			}
-			
+
 			echo "<div class='footer'><div>\n";
 			if ($rows || $page) {
 				if ($pagination) {
@@ -539,7 +541,7 @@ if (!$columns && support("table")) {
 					}
 					echo "</fieldset>\n";
 				}
-				
+
 				echo "<fieldset>";
 				echo "<legend>" . lang('Whole result') . "</legend>";
 				$display_rows = ($exact_count ? "" : "~ ") . $found_rows;

adminer/sql.inc.php

@@ -21,19 +21,25 @@ if (!$error && $_POST) {
 	if (!isset($_GET["import"])) {
 		$query = $_POST["query"];
 	} elseif ($_POST["webfile"]) {
-		$sql_file_path = $adminer->importServerPath();
-		$fp = @fopen((file_exists($sql_file_path)
-			? $sql_file_path
-			: "compress.zlib://$sql_file_path.gz"
-		), "rb");
-		$query = ($fp ? fread($fp, 1e6) : false);
+		$import_file_path = $adminer->importServerPath();
+		if (!$import_file_path) {
+			$fp = false;
+		} elseif (file_exists($import_file_path)) {
+			$fp = fopen($import_file_path, "rb");
+		} elseif (file_exists("$import_file_path.gz")) {
+			$fp = fopen("compress.zlib://$import_file_path.gz", "rb");
+		} else {
+			$fp = false;
+		}
+
+		$query = $fp ? fread($fp, 1e6) : false;
 	} else {
 		$query = get_file("sql_file", true);
 	}
 
 	if (is_string($query)) { // get_file() returns error as number, fread() as false
-		if (function_exists('memory_get_usage')) {
-			@ini_set("memory_limit", max(ini_bytes("memory_limit"), 2 * strlen($query) + memory_get_usage() + 8e6)); // @ - may be disabled, 2 - substr and trim, 8e6 - other variables
+		if (function_exists('memory_get_usage') && ($memory_limit = ini_bytes("memory_limit")) != "-1") {
+			@ini_set("memory_limit", max($memory_limit, 2 * strlen($query) + memory_get_usage() + 8e6)); // @ - may be disabled, 2 - substr and trim, 8e6 - other variables
 		}
 
 		if ($query != "" && strlen($query) < 1e6) { // don't add big queries
@@ -81,7 +87,21 @@ if (!$error && $_POST) {
 					$offset = $pos + strlen($found);
 
 					if ($found && rtrim($found) != $delimiter) { // find matching quote or comment end
-						while (preg_match('(' . ($found == '/*' ? '\*/' : ($found == '[' ? ']' : (preg_match('~^-- |^#~', $found) ? "\n" : preg_quote($found) . "|\\\\."))) . '|$)s', $query, $match, PREG_OFFSET_CAPTURE, $offset)) { //! respect sql_mode NO_BACKSLASH_ESCAPES
+						$c_style_escapes = is_c_style_escapes() || ($jush == "pgsql" && ($pos > 0 && strtolower($query[$pos - 1]) == "e"));
+
+						$pattern = '(';
+						if ($found == '/*') {
+							$pattern .= '\*/';
+						} elseif ($found == '[') {
+							$pattern .= ']';
+						} elseif (preg_match('~^-- |^#~', $found)) {
+							$pattern .= "\n";
+						} else {
+							$pattern .= preg_quote($found) . ($c_style_escapes ? "|\\\\." : "");
+						}
+						$pattern .= '|$)s';
+
+						while (preg_match($pattern, $query, $match, PREG_OFFSET_CAPTURE, $offset)) {
 							$s = $match[0][0];
 							if (!$s && $fp && !feof($fp)) {
 								$query .= fread($fp, 1e5);
@@ -169,7 +189,8 @@ if (!$error && $_POST) {
 											stop_session();
 										}
 										if (!$_POST["only_errors"]) {
-											echo "<p class='message' title='" . h($connection->info) . "'>" . lang('Query executed OK, %d row(s) affected.', $affected) . "$time\n";
+											$title = isset($connection->info) ? "title='" . h($connection->info) . "'" : "";
+											echo "<p class='message' $title>" . lang('Query executed OK, %d row(s) affected.', $affected) . "$time\n";
 										}
 									}
 									echo ($warnings ? "<div id='$warnings_id' class='hidden'>\n$warnings</div>\n" : "");
@@ -234,10 +255,10 @@ if (!isset($_GET["import"])) {
 		: lang('File uploads are disabled.')
 	);
 	echo "</div></fieldset>\n";
-	$importServerPath = $adminer->importServerPath();
-	if ($importServerPath) {
+	$import_file_path = $adminer->importServerPath();
+	if ($import_file_path) {
 		echo "<fieldset><legend>" . lang('From server') . "</legend><div>";
-		echo lang('Webserver file %s', "<code>" . h($importServerPath) . "$gz</code>");
+		echo lang('Webserver file %s', "<code>" . h($import_file_path) . "$gz</code>");
 		echo ' <input type="submit" name="webfile" value="' . lang('Run file') . '">';
 		echo "</div></fieldset>\n";
 	}

adminer/static/default.css

@@ -19,15 +19,19 @@ fieldset { display: inline; vertical-align: top; padding: .5em .8em; margin: .8e
 p { margin: .8em 20px 0 0; }
 img { vertical-align: middle; border: 0; }
 td img { max-width: 200px; max-height: 200px; }
-code { background: #eee; }
 tbody tr:hover td, tbody tr:hover th { background: #eee; }
+code { font-size: 110%; padding: 1px 2px; background: #eee; }
 pre { margin: 1em 0 0; }
-pre, textarea { font: 100%/1.25 monospace; }
+pre code { display: block; font-size: 100%; }
+pre, textarea { font: 110%/1.25 monospace; }
+pre.jush { background: #fff; }
+input, textarea { box-sizing: border-box; }
 input, select { vertical-align: middle; }
 input.default { box-shadow: 1px 1px 1px #777; }
 input.required { box-shadow: 1px 1px 1px red; }
 input.maxlength { box-shadow: 1px 1px 1px red; }
 input.wayoff { left: -1000px; position: absolute; }
+.center { text-align: center; }
 .block { display: block; }
 .version { color: #777; font-size: 67%; }
 .js .hidden, .nojs .jsonly { display: none; }

adminer/static/editing.js

@@ -103,6 +103,11 @@ var dbPrevious = {};
 * @this HTMLSelectElement
 */
 function dbMouseDown(event) {
+	// Firefox: mouse-down event does not contain pressed key information for OPTION.
+	// Chrome: mouse-down event has inherited key information from SELECT.
+	// So we ignore the event for OPTION to work Ctrl+click correctly everywhere.
+	if (event.target.tagName === "OPTION") return;
+
 	dbCtrl = isCtrl(event);
 	if (dbPrevious[this.name] === undefined) {
 		dbPrevious[this.name] = this.value;

adminer/static/functions.js

@@ -211,13 +211,21 @@ function tableCheck() {
 	}
 }
 
-/** Uncheck single element
-* @param string
-*/
+/**
+ * Uncheck single element.
+ */
 function formUncheck(id) {
-	var el = qs('#' + id);
-	el.checked = false;
-	trCheck(el);
+	formUncheckAll("#" + id);
+}
+
+/**
+ * Uncheck elements matched by selector.
+ */
+function formUncheckAll(selector) {
+	for (const element of qsa(selector)) {
+		element.checked = false;
+		trCheck(element);
+	}
 }
 
 /** Get number of checked elements matching given name
@@ -708,9 +716,13 @@ function selectClick(event, text, warning) {
 			td.innerHTML = original;
 		}
 	};
-	var pos = event.rangeOffset;
-	var value = (td.firstChild && td.firstChild.alt) || td.textContent || td.innerText;
-	input.style.width = Math.max(td.clientWidth - 14, 20) + 'px'; // 14 = 2 * (td.border + td.padding + input.border)
+
+	let pos = event.rangeOffset;
+	let value = (td.firstChild && td.firstChild.alt) || td.textContent || td.innerText;
+	const tdStyle = window.getComputedStyle(td, null);
+
+	input.style.width = Math.max(td.clientWidth - parseFloat(tdStyle.paddingLeft) - parseFloat(tdStyle.paddingRight), 20) + 'px';
+
 	if (text) {
 		var rows = 1;
 		value.replace(/\n/g, function () {

adminer/table.inc.php

@@ -7,9 +7,19 @@ if (!$fields) {
 $table_status = table_status1($TABLE, true);
 $name = $adminer->tableName($table_status);
 
+$rights = [];
+foreach ($fields as $key => $field) {
+	$rights += $field["privileges"];
+}
+
 page_header(($fields && is_view($table_status) ? $table_status['Engine'] == 'materialized view' ? lang('Materialized view') : lang('View') : lang('Table')) . ": " . ($name != "" ? $name : h($TABLE)), $error);
 
-$adminer->selectLinks($table_status);
+$set = null;
+if (isset($rights["insert"]) || !support("table")) {
+	$set = "";
+}
+$adminer->selectLinks($table_status, $set);
+
 $comment = $table_status["Comment"];
 if ($comment != "") {
 	echo "<p class='nowrap'>" . lang('Comment') . ": " . h($comment) . "\n";
@@ -28,7 +38,7 @@ if (!is_view($table_status)) {
 		}
 		echo '<p class="links"><a href="' . h(ME) . 'indexes=' . urlencode($TABLE) . '">' . lang('Alter indexes') . "</a>\n";
 	}
-	
+
 	if (fk_support($table_status)) {
 		echo "<h3 id='foreign-keys'>" . lang('Foreign keys') . "</h3>\n";
 		$foreign_keys = foreign_keys($TABLE);

adminer/user.inc.php

@@ -85,8 +85,8 @@ if ($_POST && !$error) {
 					unset($grants[$object]);
 				}
 				if (preg_match('~^(.+)\s*(\(.*\))?$~U', $object, $match) && (
-					!grant("REVOKE", $revoke, $match[2], " ON $match[1] FROM $new_user") //! SQL injection
-					|| !grant("GRANT", $grant, $match[2], " ON $match[1] TO $new_user")
+					!grant(false, $revoke, $match[2], $match[1], $new_user) //! SQL injection
+					|| !grant(true, $grant, $match[2], $match[1], $new_user)
 				)) {
 					$error = true;
 					break;
@@ -100,7 +100,7 @@ if ($_POST && !$error) {
 			} elseif (!isset($_GET["grant"])) {
 				foreach ($grants as $object => $revoke) {
 					if (preg_match('~^(.+)(\(.*\))?$~U', $object, $match)) {
-						grant("REVOKE", array_keys($revoke), $match[2], " ON $match[1] FROM $new_user");
+						grant(false, array_keys($revoke), $match[2], $match[1], $new_user);
 					}
 				}
 			}
@@ -126,7 +126,14 @@ if ($_POST) {
 	if ($old_pass != "") {
 		$row["hashed"] = true;
 	}
-	$grants[(DB == "" || $grants ? "" : idf_escape(addcslashes(DB, "%_\\"))) . ".*"] = array();
+
+	if ($grants) {
+		$grants[".*"] = [];
+	} elseif (DB != "") {
+		$grants[idf_escape(addcslashes(DB, "%_\\")) . ".*"] = [];
+	} else {
+		$grants["*.* "] = []; // Space is added to force editing mode.
+	}
 }
 
 ?>
@@ -142,41 +149,79 @@ if ($_POST) {
 <?php
 //! MAX_* limits, REQUIRE
 echo "<table cellspacing='0'>\n";
-echo "<thead><tr><th colspan='2'>" . lang('Privileges') . doc_link(array('sql' => "grant.html#priv_level"));
+
+echo "<thead><tr><th colspan='2'>" . lang('Privileges') . doc_link(array('sql' => "grant.html#priv_level")) . "</th>";
 $i = 0;
 foreach ($grants as $object => $grant) {
-	echo '<th>' . ($object != "*.*" ? "<input name='objects[$i]' value='" . h($object) . "' size='10' autocapitalize='off'>" : "<input type='hidden' name='objects[$i]' value='*.*' size='10'>*.*"); //! separate db, table, columns, PROCEDURE|FUNCTION, routine
+	echo "<th>";
+	//! separate db, table, columns, PROCEDURE|FUNCTION, routine
+	if ($object == "*.*") {
+		echo "<input type='hidden' name='objects[$i]' value='*.*' size='10'>*.*";
+	} else {
+		echo "<input name='objects[$i]' value='" . h(trim($object)) . "' size='10' autocapitalize='off'>";
+	}
+	echo "</th>";
 	$i++;
 }
-echo "</thead>\n";
+echo "</tr></thead>\n";
 
-foreach (array(
+foreach ([
 	"" => "",
 	"Server Admin" => lang('Server'),
 	"Databases" => lang('Database'),
 	"Tables" => lang('Table'),
 	"Columns" => lang('Column'),
 	"Procedures" => lang('Routine'),
-) as $context => $desc) {
+ ] as $context => $desc) {
 	foreach ((array) $privileges[$context] as $privilege => $comment) {
-		echo "<tr" . odd() . "><td" . ($desc ? ">$desc<td" : " colspan='2'") . ' lang="en" title="' . h($comment) . '">' . h($privilege);
+		echo "<tr" . odd() . ">";
+		if ($desc) {
+			echo "<td>$desc</td>";
+		}
+		echo "<td" . (!$desc ? " colspan='2'" : "") . ' lang="en" title="' . h($comment) . '">' . h($privilege) . "</td>";
+
 		$i = 0;
+
 		foreach ($grants as $object => $grant) {
 			$name = "'grants[$i][" . h(strtoupper($privilege)) . "]'";
 			$value = $grant[strtoupper($privilege)];
-			if ($context == "Server Admin" && $object != (isset($grants["*.*"]) ? "*.*" : ".*")) {
-				echo "<td>";
+
+			$proxiedUser = strpos($object, "@") !== false;
+			$newObject = $object == ".*";
+			$allPrivileges = $privilege == "All privileges";
+			$grantOption = $privilege == "Grant option";
+
+			if ($object == "*.*" && $privilege == "Proxy") {
+				echo "<td></td>";
+			} elseif ($proxiedUser && $privilege != "Proxy" && !$grantOption) {
+				echo "<td></td>";
+			} elseif ($context == "Server Admin" && $object != (isset($grants["*.*"]) ? "*.*" : ".*") && !(($proxiedUser || $newObject) && $privilege == "Proxy")) {
+				echo "<td></td>";
 			} elseif (isset($_GET["grant"])) {
-				echo "<td><select name=$name><option><option value='1'" . ($value ? " selected" : "") . ">" . lang('Grant') . "<option value='0'" . ($value == "0" ? " selected" : "") . ">" . lang('Revoke') . "</select>";
+				echo "<td><select name=$name>" .
+					"<option></option>" .
+					"<option value='1'" . ($value ? " selected" : "") . ">" . lang('Grant') . "</option>" .
+					"<option value='0'" . ($value == "0" ? " selected" : "") . ">" . lang('Revoke') . "</option>" .
+					"</select></td>";
 			} else {
-				echo "<td align='center'><label class='block'>";
-				echo "<input type='checkbox' name=$name value='1'" . ($value ? " checked" : "") . ($privilege == "All privileges"
-					? " id='grants-$i-all'>" //! uncheck all except grant if all is checked
-					: ">" . ($privilege == "Grant option" ? "" : script("qsl('input').onclick = function () { if (this.checked) formUncheck('grants-$i-all'); };")));
+				echo "<td class='center'><label class='block'>";
+				echo "<input type='checkbox' name=$name value='1'" .
+					($value ? " checked" : "") .
+					($allPrivileges ? " id='grants-$i-all'" : (!$grantOption ? " class='grants-$i'" : "")) .
+					">";
+
+				if ($allPrivileges) {
+					echo script("qsl('input').onclick = function () { if (this.checked) formUncheckAll('.grants-$i'); };");
+				} elseif (!$grantOption) {
+					echo script("qsl('input').onclick = function () { if (this.checked) formUncheck('grants-$i-all'); };");
+				}
 				echo "</label>";
 			}
+
 			$i++;
 		}
+
+		echo "</tr>";
 	}
 }
 

changes.txt

@@ -1,3 +1,28 @@
+Adminer 4.9.4 (released 2024-10-09):
+- Fix the width of inline edit field.
+- Unify displaying of 'New item' action based on privileges.
+- Better default value for object definition (*.*) while creating new database user.
+- Firefox: Fix opening a database to the new browser's tab with Ctrl+click.
+- Remove suppressing errors while reading local files.
+- More secure random strings on PHP 7+.
+- Editor: Fix array conversion to string (issue #3).
+- Editor: Fix building links with array parameters.
+- Clean up the code for PHP < 5.6.
+
+Adminer 4.9.3 (released 2024-10-02):
+- MySQL, PostgreSQL: Fix queries splitting and string constants.
+- MySQL: Fix where clause for JSON column.
+- MySQL: Fix editing user's proxy privilege, refactoring.
+- MariaDB: Fix comparing CURRENT_TIMESTAMP definition while altering a table.
+- PostgreSQL: Fix editing record that contains a field with GENERATED ALWAYS default value.
+- Fix using undefined Min_DB::info property.
+- Do not include unchanged PARTITION BY definition into ALTER TABLE query.
+- Do not limit unlimited memory while executing queries.
+- Fix number conversion warning while reading INI settings.
+- Hide invalid edit form if table record is not found.
+- CSS: Fix background color of <pre> used as edit field.
+- CSS: Bigger font size for code blocks.
+
 Adminer 4.9.2 (released 2024-09-18):
 - Fix textarea height for single-line inputs (used typically for SQLite text field).
 - Fix undefined property in error message if driver does not support error number (e.g. PostgreSQL).

editor/include/adminer.inc.php

@@ -16,8 +16,11 @@ class Adminer {
 	function connectSsl() {
 	}
 
+	/**
+	 * @throws \Random\RandomException
+	 */
 	function permanentLogin($create = false) {
-		return password_file($create);
+		return get_private_key($create);
 	}
 
 	function bruteForceKey() {
@@ -350,10 +353,10 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
 			$op = $where["op"];
 			$val = $where["val"];
 
-			if (($key < 0 ? "" : $col) . $val != "") {
-				$conds = array();
+			if (($key >= 0 && $col != "") || $val != "") {
+				$conds = [];
 
-				foreach (($col != "" ? array($col => $fields[$col]) : $fields) as $name => $field) {
+				foreach (($col != "" ? [$col => $fields[$col]] : $fields) as $name => $field) {
 					if ($col != "" || is_numeric($val) || !preg_match(number_type(), $field["type"])) {
 						$name = idf_escape($name);
 
@@ -579,6 +582,7 @@ qsl('div').onclick = whisperClick;", "")
 	}
 
 	function importServerPath() {
+		return null;
 	}
 
 	function homepage() {

editor/include/editing.inc.php

@@ -17,7 +17,7 @@ function email_header($header) {
 * @return bool
 */
 function send_mail($email, $subject, $message, $from = "", $files = array()) {
-	$eol = (DIRECTORY_SEPARATOR == "/" ? "\n" : "\r\n"); // PHP_EOL available since PHP 5.0.2
+	$eol = "\r\n";
 	$message = str_replace("\n", $eol, wordwrap(str_replace("\r", "", "$message\n")));
 	$boundary = uniqid("boundary");
 	$attachments = "";

plugins/drivers/simpledb.php

@@ -272,7 +272,7 @@ if (isset($_GET["simpledb"])) {
 		function rollback() {
 			return false;
 		}
-		
+
 		function slowQuery($query, $timeout) {
 			$this->_conn->timeout = $timeout;
 			return $query;
@@ -437,22 +437,6 @@ if (isset($_GET["simpledb"])) {
 	function last_id() {
 	}
 
-	function hmac($algo, $data, $key, $raw_output = false) {
-		// can use hash_hmac() since PHP 5.1.2
-		$blocksize = 64;
-		if (strlen($key) > $blocksize) {
-			$key = pack("H*", $algo($key));
-		}
-		$key = str_pad($key, $blocksize, "\0");
-		$k_ipad = $key ^ str_repeat("\x36", $blocksize);
-		$k_opad = $key ^ str_repeat("\x5C", $blocksize);
-		$return = $algo($k_opad . pack("H*", $algo($k_ipad . $data)));
-		if ($raw_output) {
-			$return = pack("H*", $return);
-		}
-		return $return;
-	}
-
 	function sdb_request($action, $params = array()) {
 		global $adminer, $connection;
 		list($host, $params['AWSAccessKeyId'], $secret) = $adminer->credentials();
@@ -467,7 +451,7 @@ if (isset($_GET["simpledb"])) {
 			$query .= '&' . rawurlencode($key) . '=' . rawurlencode($val);
 		}
 		$query = str_replace('%7E', '~', substr($query, 1));
-		$query .= "&Signature=" . urlencode(base64_encode(hmac('sha1', "POST\n" . preg_replace('~^https?://~', '', $host) . "\n/\n$query", $secret, true)));
+		$query .= "&Signature=" . urlencode(base64_encode(hash_hmac('sha1', "POST\n" . preg_replace('~^https?://~', '', $host) . "\n/\n$query", $secret, true)));
 		@ini_set('track_errors', 1); // @ - may be disabled
 
 		$file = @file_get_contents($connection->_url, false, stream_context_create(array('http' => array(

plugins/plugin.php

@@ -7,36 +7,31 @@
 * @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
 */
 class AdminerPlugin extends Adminer {
-	/** @access protected */
-	var $plugins;
-	
-	function _findRootClass($class) { // is_subclass_of(string, string) is available since PHP 5.0.3
-		do {
-			$return = $class;
-		} while ($class = get_parent_class($class));
-		return $return;
-	}
-	
-	/** Register plugins
-	* @param array object instances or null to register all classes starting by 'Adminer'
-	*/
-	function __construct($plugins) {
+	protected $plugins;
+
+	/**
+	 * Registers plugins.
+	 * @param array $plugins Object instances or null to register all classes starting by 'Adminer'.
+	 */
+	function __construct(array $plugins = null)
+	{
 		if ($plugins === null) {
-			$plugins = array();
+			$plugins = [];
 			foreach (get_declared_classes() as $class) {
-				if (preg_match('~^Adminer.~i', $class) && strcasecmp($this->_findRootClass($class), 'Adminer')) { //! can use interface
+				if (preg_match('~^Adminer.~i', $class) && !is_subclass_of($class, 'Adminer')) { //! can use interface
 					$plugins[$class] = new $class;
 				}
 			}
 		}
+
 		$this->plugins = $plugins;
 		//! it is possible to use ReflectionObject to find out which plugins defines which methods at once
 	}
-	
+
 	function _callParent($function, $args) {
 		return call_user_func_array(array('parent', $function), $args);
 	}
-	
+
 	function _applyPlugin($function, $args) {
 		foreach ($this->plugins as $plugin) {
 			if (method_exists($plugin, $function)) {
@@ -57,7 +52,7 @@ class AdminerPlugin extends Adminer {
 		}
 		return $this->_callParent($function, $args);
 	}
-	
+
 	function _appendPlugin($function, $args) {
 		$return = $this->_callParent($function, $args);
 		foreach ($this->plugins as $plugin) {
@@ -70,14 +65,14 @@ class AdminerPlugin extends Adminer {
 		}
 		return $return;
 	}
-	
+
 	// appendPlugin
-	
+
 	function dumpFormat() {
 		$args = func_get_args();
 		return $this->_appendPlugin(__FUNCTION__, $args);
 	}
-	
+
 	function dumpOutput() {
 		$args = func_get_args();
 		return $this->_appendPlugin(__FUNCTION__, $args);
@@ -94,7 +89,7 @@ class AdminerPlugin extends Adminer {
 	}
 
 	// applyPlugin
-	
+
 	function name() {
 		$args = func_get_args();
 		return $this->_applyPlugin(__FUNCTION__, $args);