nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow usage of phpMyAdmin from within a nested frameset with recursive JS-DOM calls.

Browse Source
This commit is contained in:
Garvin Hicking
2003-07-08 16:59:26 +00:00
parent 4bfdf320f3
commit 194ca0d563
3 changed files with 36 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@@ -5,6 +5,12 @@ phpMyAdmin - Changelog
$Id$
$Source$
2003-07-08 Garvin Hicking <me@supergarv.de>
* tbl_query_box.php3, footer.inc.php3: Removed any 'top.' DOM reference.
This enables phpMyAdmin to be used within a frameset without trying
to escape out of the security JS-sandbox zone. Tested with IE6, Mozilla
1.4 and IE5.5.
2003-07-08 Marc Delisle <lem9@users.sourceforge.net>
* libraries/sqlparser.lib.php3, sql.php3: bug 762213,
incorrect row count for MySQL 4.1 subqueries;

50
footer.inc.php3
View File

@@ -18,7 +18,7 @@ if ($cfg['QueryFrame'] && $cfg['QueryFrameJS']) {
if ($cfg['QueryFrameDebug']) {
?>
document.writeln("Updating query window. DB: <?php echo (isset($db) ? addslashes($db) : 'FALSE'); ?>, Table: <?php echo (isset($table) ? addslashes($table) : 'FALSE'); ?><br>");
document.writeln("Window: " + top.frames.queryframe.querywindow.location + "<br>");
document.writeln("Window: " + parent.frames.queryframe.querywindow.location + "<br>");
<?php
}
?>
@@ -26,31 +26,31 @@ if ($cfg['QueryFrame'] && $cfg['QueryFrameJS']) {
<?php
if (!isset($error_message) || $error_message == '') {
?>
if (top.frames.queryframe && top.frames.queryframe.document && top.frames.queryframe.document.queryframeform) {
top.frames.queryframe.document.queryframeform.db.value = "<?php echo (isset($db) ? addslashes($db) : ''); ?>";
top.frames.queryframe.document.queryframeform.table.value = "<?php echo (isset($table) ? addslashes($table) : ''); ?>";
if (parent.frames.queryframe && parent.frames.queryframe.document && parent.frames.queryframe.document.queryframeform) {
parent.frames.queryframe.document.queryframeform.db.value = "<?php echo (isset($db) ? addslashes($db) : ''); ?>";
parent.frames.queryframe.document.queryframeform.table.value = "<?php echo (isset($table) ? addslashes($table) : ''); ?>";
}
<?php
}
?>
function reload_querywindow () {
if (top.frames.queryframe && top.frames.queryframe.querywindow && !top.frames.queryframe.querywindow.closed && top.frames.queryframe.querywindow.location) {
<?php echo ($cfg['QueryFrameDebug'] ? 'document.writeln("<a href=\'#\' onClick=\'top.frames.queryframe.querywindow.focus(); return false;\'>Query Window</a> can be updated.<br>");' : ''); ?>
if (parent.frames.queryframe && parent.frames.queryframe.querywindow && !parent.frames.queryframe.querywindow.closed && parent.frames.queryframe.querywindow.location) {
<?php echo ($cfg['QueryFrameDebug'] ? 'document.writeln("<a href=\'#\' onClick=\'parent.frames.queryframe.querywindow.focus(); return false;\'>Query Window</a> can be updated.<br>");' : ''); ?>
<?php
if (!isset($error_message) || $error_message == '') {
?>
if (!top.frames.queryframe.querywindow.document.sqlform.LockFromUpdate.checked) {
top.frames.queryframe.querywindow.document.querywindow.db.value = "<?php echo (isset($db) ? addslashes($db) : '') ?>";
top.frames.queryframe.querywindow.document.querywindow.query_history_latest_db.value = "<?php echo (isset($db) ? addslashes($db) : '') ?>";
top.frames.queryframe.querywindow.document.querywindow.table.value = "<?php echo (isset($table) ? addslashes($table) : '') ?>";
top.frames.queryframe.querywindow.document.querywindow.query_history_latest_table.value = "<?php echo (isset($table) ? addslashes($table) : '') ?>";
if (!parent.frames.queryframe.querywindow.document.sqlform.LockFromUpdate.checked) {
parent.frames.queryframe.querywindow.document.querywindow.db.value = "<?php echo (isset($db) ? addslashes($db) : '') ?>";
parent.frames.queryframe.querywindow.document.querywindow.query_history_latest_db.value = "<?php echo (isset($db) ? addslashes($db) : '') ?>";
parent.frames.queryframe.querywindow.document.querywindow.table.value = "<?php echo (isset($table) ? addslashes($table) : '') ?>";
parent.frames.queryframe.querywindow.document.querywindow.query_history_latest_table.value = "<?php echo (isset($table) ? addslashes($table) : '') ?>";
<?php echo (isset($sql_query) ? 'top.frames.queryframe.querywindow.document.querywindow.query_history_latest.value = "' . urlencode($sql_query) . '";' : '// no sql query update') . "\n"; ?>
<?php echo (isset($sql_query) ? 'parent.frames.queryframe.querywindow.document.querywindow.query_history_latest.value = "' . urlencode($sql_query) . '";' : '// no sql query update') . "\n"; ?>
<?php echo ($cfg['QueryFrameDebug'] ? 'alert(\'Querywindow submits. Last chance to check variables.\');' : '') . "\n"; ?>
top.frames.queryframe.querywindow.document.querywindow.submit();
parent.frames.queryframe.querywindow.document.querywindow.submit();
}
<?php
} else {
@@ -63,23 +63,23 @@ if ($cfg['QueryFrame'] && $cfg['QueryFrameJS']) {
}
function focus_querywindow(sql_query) {
if (top.frames.queryframe && top.frames.queryframe.querywindow && !top.frames.queryframe.querywindow.closed && top.frames.queryframe.querywindow.location) {
if (top.frames.queryframe.querywindow.document.querywindow.querydisplay_tab != 'sql') {
top.frames.queryframe.querywindow.document.querywindow.querydisplay_tab.value = "sql";
top.frames.queryframe.querywindow.document.querywindow.query_history_latest.value = sql_query;
top.frames.queryframe.querywindow.document.querywindow.submit();
top.frames.queryframe.querywindow.focus();
if (parent.frames.queryframe && parent.frames.queryframe.querywindow && !parent.frames.queryframe.querywindow.closed && parent.frames.queryframe.querywindow.location) {
if (parent.frames.queryframe.querywindow.document.querywindow.querydisplay_tab != 'sql') {
parent.frames.queryframe.querywindow.document.querywindow.querydisplay_tab.value = "sql";
parent.frames.queryframe.querywindow.document.querywindow.query_history_latest.value = sql_query;
parent.frames.queryframe.querywindow.document.querywindow.submit();
parent.frames.queryframe.querywindow.focus();
} else {
top.frames.queryframe.querywindow.focus();
parent.frames.queryframe.querywindow.focus();
}
return false;
} else if (top.frames.queryframe) {
} else if (parent.frames.queryframe) {
new_win_url = 'querywindow.php3?sql_query=' + sql_query + '&<?php echo PMA_generate_common_url(isset($db) ? addslashes($db) : '', isset($table) ? addslashes($table) : '', '&'); ?>';
top.frames.queryframe.querywindow=window.open(new_win_url, '','toolbar=0,location=1,directories=0,status=1,menubar=0,scrollbars=yes,resizable=yes,width=<?php echo $cfg['QueryWindowWidth']; ?>,height=<?php echo $cfg['QueryWindowHeight']; ?>');
parent.frames.queryframe.querywindow=window.open(new_win_url, '','toolbar=0,location=1,directories=0,status=1,menubar=0,scrollbars=yes,resizable=yes,width=<?php echo $cfg['QueryWindowWidth']; ?>,height=<?php echo $cfg['QueryWindowHeight']; ?>');
if (!top.frames.queryframe.querywindow.opener) {
top.frames.queryframe.querywindow.opener = top.frames.queryframe;
if (!parent.frames.queryframe.querywindow.opener) {
parent.frames.queryframe.querywindow.opener = parent.frames.queryframe;
}
// reload_querywindow();
@@ -91,7 +91,7 @@ if ($cfg['QueryFrame'] && $cfg['QueryFrameJS']) {
<?php
if (isset($focus_querywindow) && $focus_querywindow == "true") {
?>
if (top.frames.queryframe && top.frames.queryframe.querywindow && !top.frames.queryframe.querywindow.closed && top.frames.queryframe.querywindow.location) {
if (parent.frames.queryframe && parent.frames.queryframe.querywindow && !parent.frames.queryframe.querywindow.closed && parent.frames.queryframe.querywindow.location) {
self.focus();
}
<?php

10
tbl_query_box.php3
View File

@@ -46,7 +46,7 @@ else {
// ($is_upload now defined in common.lib.php3)
if ($cfg['QueryFrame'] && $cfg['QueryFrameJS'] && isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'sql' || $querydisplay_tab == 'full')) {
$locking = 'onKeyPress="this.form.elements[\'LockFromUpdate\'].checked = true;"';
$locking = 'onKeyPress="document.sqlform.elements[\'LockFromUpdate\'].checked = true;"';
} else {
$locking = '';
}
@@ -55,7 +55,7 @@ $auto_sel = ($cfg['TextareaAutoSelect']
// 2003-02-05 rabus: This causes big trouble with Opera 7 for
// Windows, so let's disable it there...
&& !(PMA_USR_OS == 'Win' && PMA_USR_BROWSER_AGENT == 'OPERA' && PMA_USR_BROWSER_VER >= 7))
? "\n" . ' onfocus="if (typeof(document.layers) == \'undefined\' || typeof(textarea_selected) == \'undefined\') {textarea_selected = 1; this.form.elements[\'sql_query\'].select();}"'
? "\n" . ' onfocus="if (typeof(document.layers) == \'undefined\' || typeof(textarea_selected) == \'undefined\') {textarea_selected = 1; document.sqlform.elements[\'sql_query\'].select();}"'
: '';
$auto_sel .= ' ' . $locking;
@@ -90,7 +90,7 @@ if ($cfg['QueryFrame'] && $cfg['QueryFrameJS'] && isset($is_inside_querywindow)
?>
<script type="text/javascript">
<!--
document.writeln('<form method="post" target="phpmain' + <?php echo ((isset($is_inside_querywindow) && $is_inside_querywindow == TRUE) ? 'opener.' : '');?>top.frames.queryframe.document.hashform.hash.value + '" action="read_dump.php3"<?php if ($is_upload) echo ' enctype="multipart/form-data"'; ?> onsubmit="return checkSqlQuery(this)" name="sqlform">');
document.writeln('<form method="post" target="phpmain' + <?php echo ((isset($is_inside_querywindow) && $is_inside_querywindow == TRUE) ? 'opener.' : '');?>parent.frames.queryframe.document.hashform.hash.value + '" action="read_dump.php3"<?php if ($is_upload) echo ' enctype="multipart/form-data"'; ?> onsubmit="return checkSqlQuery(this)" name="sqlform">');
//-->
</script>
<noscript>
@@ -336,7 +336,7 @@ if (!isset($is_inside_querywindow) ||
?>
<script type="text/javascript">
document.writeln('<div style="margin-bottom: 10px"><a href="<?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? '#' : $ldi_target); ?>" <?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? 'onclick="opener.top.frames.phpmain\' + opener.top.frames.queryframe.document.hashform.hash.value + \'.location.href = \\\'' . $ldi_target . '\\\'; return false;"' : ''); ?>><?php echo addslashes($strInsertTextfiles); ?></a></div>');
document.writeln('<div style="margin-bottom: 10px"><a href="<?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? '#' : $ldi_target); ?>" <?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? 'onclick="opener.parent.frames.phpmain\' + opener.parent.frames.queryframe.document.hashform.hash.value + \'.location.href = \\\'' . $ldi_target . '\\\'; return false;"' : ''); ?>><?php echo addslashes($strInsertTextfiles); ?></a></div>');
</script>
<?php
@@ -344,7 +344,7 @@ if (!isset($is_inside_querywindow) ||
?>
<script type="text/javascript">
document.writeln('<div style="margin-bottom: 10px"><a href="<?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? '#' : $ldi_target); ?>" <?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? 'onclick="opener.top.frames.phpmain' . md5($cfg['PmaAbsoluteUri']) . '.location.href = \\\'' . $ldi_target . '\\\'; return false;"' : ''); ?>><?php echo addslashes($strInsertTextfiles); ?></a></div>');
document.writeln('<div style="margin-bottom: 10px"><a href="<?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? '#' : $ldi_target); ?>" <?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? 'onclick="opener.parent.frames.phpmain' . md5($cfg['PmaAbsoluteUri']) . '.location.href = \\\'' . $ldi_target . '\\\'; return false;"' : ''); ?>><?php echo addslashes($strInsertTextfiles); ?></a></div>');
</script>
<?php