If magic_quotes_gpc is enabled, grab_globals calls stripslashes when extracting the arrays $_GET and $_POST.
This commit is contained in:
Alexander M. Turek
17
ChangeLog
17
ChangeLog
@@ -5,6 +5,23 @@ phpMyAdmin - Changelog
|
|||||||
$Id$
|
$Id$
|
||||||
$Source$
|
$Source$
|
||||||
|
|
||||||
|
2003-03-02 Alexander M. Turek <rabus@users.sourceforge.net>
|
||||||
|
* db_details.php3, db_details_qbe.php3, db_search.php3, ldi_check.php3,
|
||||||
|
mult_submits.inc.php3, read_dump.php3, sql.php3, tbl_addfield.php3,
|
||||||
|
tbl_change.php3, tbl_create.php3, tbl_dump.php3, tbl_indexes.php3,
|
||||||
|
tbl_move_copy.php3, tbl_properties.inc.php3,
|
||||||
|
tbl_properties_operations.php3, tbl_properties_options.php3,
|
||||||
|
tbl_query_box.php3, tbl_rename.php3, tbl_replace.php3,
|
||||||
|
tbl_replace_fields.php3, tbl_select.php3, transformation_wrapper.php3,
|
||||||
|
user_password.php3, libraries/build_dump.php3, libraries/common.lib.php3,
|
||||||
|
libraries/display_tbl.lib.php3, libraries/grab_globals.php3:
|
||||||
|
If magic_quotes_gpc is enabled, grab_globals calls stripslashes when
|
||||||
|
extracting the arrays $_GET and $_POST. This should replace a lots of
|
||||||
|
workarounds and avoid present and future problems with magic_quotes_gpc.
|
||||||
|
* server_privileges.php3, libraries/common.lib.php3:
|
||||||
|
- Escape wildcard characters in the database and table dropdown boxes;
|
||||||
|
- CSS fixes.
|
||||||
|
|
||||||
2003-03-01 Marc Delisle <lem9@users.sourceforge.net>
|
2003-03-01 Marc Delisle <lem9@users.sourceforge.net>
|
||||||
* lang/english: typo
|
* lang/english: typo
|
||||||
* tbl_dump.php3: undefined variable $use_comments
|
* tbl_dump.php3: undefined variable $use_comments
|
||||||
|
|||||||
@@ -19,9 +19,6 @@ if (isset($show_query) && $show_query == '1') {
|
|||||||
$query_to_display = $sql_query_cpy;
|
$query_to_display = $sql_query_cpy;
|
||||||
}
|
}
|
||||||
// Other cases
|
// Other cases
|
||||||
else if (get_magic_quotes_gpc()) {
|
|
||||||
$query_to_display = stripslashes($sql_query);
|
|
||||||
}
|
|
||||||
else {
|
else {
|
||||||
$query_to_display = $sql_query;
|
$query_to_display = $sql_query;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -25,9 +25,6 @@ if (isset($submit_sql) && eregi('^SELECT', $encoded_sql_query)) {
|
|||||||
$goto = 'db_details.php3';
|
$goto = 'db_details.php3';
|
||||||
$zero_rows = htmlspecialchars($strSuccess);
|
$zero_rows = htmlspecialchars($strSuccess);
|
||||||
$sql_query = urldecode($encoded_sql_query);
|
$sql_query = urldecode($encoded_sql_query);
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$sql_query = addslashes($sql_query);
|
|
||||||
}
|
|
||||||
include('./sql.php3');
|
include('./sql.php3');
|
||||||
exit();
|
exit();
|
||||||
} else {
|
} else {
|
||||||
@@ -365,12 +362,8 @@ for ($x = 0; $x < $col; $x++) {
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (isset($Criteria[$x])) {
|
if (isset($Criteria[$x])) {
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$stripped_Criteria = stripslashes($Criteria[$x]);
|
|
||||||
} else {
|
|
||||||
$stripped_Criteria = $Criteria[$x];
|
$stripped_Criteria = $Criteria[$x];
|
||||||
}
|
}
|
||||||
}
|
|
||||||
if ((empty($prev_Criteria) || !isset($prev_Criteria[$x]))
|
if ((empty($prev_Criteria) || !isset($prev_Criteria[$x]))
|
||||||
|| urldecode($prev_Criteria[$x]) != htmlspecialchars($stripped_Criteria)) {
|
|| urldecode($prev_Criteria[$x]) != htmlspecialchars($stripped_Criteria)) {
|
||||||
$curCriteria[$z] = $stripped_Criteria;
|
$curCriteria[$z] = $stripped_Criteria;
|
||||||
@@ -534,11 +527,7 @@ for ($y = 0; $y <= $row; $y++) {
|
|||||||
${$or} = '';
|
${$or} = '';
|
||||||
}
|
}
|
||||||
if (!empty(${$or}) && isset(${$or}[$x])) {
|
if (!empty(${$or}) && isset(${$or}[$x])) {
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$stripped_or = stripslashes(${$or}[$x]);
|
|
||||||
} else {
|
|
||||||
$stripped_or = ${$or}[$x];
|
$stripped_or = ${$or}[$x];
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
$stripped_or = '';
|
$stripped_or = '';
|
||||||
}
|
}
|
||||||
@@ -1048,7 +1037,7 @@ for ($y = 0; $y <= $row; $y++) {
|
|||||||
if (!empty($curField[$x]) && !empty(${'curOr' . $y}[$x])) {
|
if (!empty($curField[$x]) && !empty(${'curOr' . $y}[$x])) {
|
||||||
$qry_orwhere .= '(' . $curField[$x]
|
$qry_orwhere .= '(' . $curField[$x]
|
||||||
. ' '
|
. ' '
|
||||||
. (get_magic_quotes_gpc() ? stripslashes(${'curOr' . $y}[$x]) : ${'curOr' . $y}[$x])
|
. ${'curOr' . $y}[$x]
|
||||||
. ')';
|
. ')';
|
||||||
$last_orwhere = $x;
|
$last_orwhere = $x;
|
||||||
$criteria_cnt++;
|
$criteria_cnt++;
|
||||||
|
|||||||
@@ -119,24 +119,6 @@ if (isset($submit_search)) {
|
|||||||
} // end of the "PMA_getSearchSqls()" function
|
} // end of the "PMA_getSearchSqls()" function
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Strip slashes if necessary
|
|
||||||
*/
|
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$search_str = stripslashes($search_str);
|
|
||||||
if (isset($table)) {
|
|
||||||
$table = stripslashes($table);
|
|
||||||
}
|
|
||||||
else if (isset($table_select)) {
|
|
||||||
$table_select_cnt = count($table_select);
|
|
||||||
reset($table_select);
|
|
||||||
for ($i = 0; $i < $table_select_cnt; $i++) {
|
|
||||||
$table_select[$i] = stripslashes($table_select[$i]);
|
|
||||||
} // end for
|
|
||||||
} // end if... else if...
|
|
||||||
} // end if
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Displays the results
|
* Displays the results
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -46,17 +46,9 @@ if (isset($btnLDI) && ($textfile != 'none')) {
|
|||||||
|
|
||||||
// Formats the data posted to this script
|
// Formats the data posted to this script
|
||||||
$textfile = PMA_sqlAddslashes($textfile);
|
$textfile = PMA_sqlAddslashes($textfile);
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$field_terminater = stripslashes($field_terminater);
|
|
||||||
$enclosed = PMA_sqlAddslashes(stripslashes($enclosed));
|
|
||||||
$escaped = PMA_sqlAddslashes(stripslashes($escaped));
|
|
||||||
$line_terminator = stripslashes($line_terminator);
|
|
||||||
$column_name = PMA_sqlAddslashes(stripslashes($column_name));
|
|
||||||
} else {
|
|
||||||
$enclosed = PMA_sqlAddslashes($enclosed);
|
$enclosed = PMA_sqlAddslashes($enclosed);
|
||||||
$escaped = PMA_sqlAddslashes($escaped);
|
$escaped = PMA_sqlAddslashes($escaped);
|
||||||
$column_name = PMA_sqlAddslashes($column_name);
|
$column_name = PMA_sqlAddslashes($column_name);
|
||||||
}
|
|
||||||
|
|
||||||
// (try to) make sure the file is readable:
|
// (try to) make sure the file is readable:
|
||||||
chmod($textfile, 0777);
|
chmod($textfile, 0777);
|
||||||
@@ -125,14 +117,6 @@ if (isset($btnLDI) && ($textfile != 'none')) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Executes the query
|
|
||||||
// sql.php3 will stripslash the query if 'magic_quotes_gpc' is set to on
|
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$sql_query = addslashes($query);
|
|
||||||
} else {
|
|
||||||
$sql_query = $query;
|
|
||||||
}
|
|
||||||
|
|
||||||
// We could rename the ldi* scripts to tbl_properties_ldi* to improve
|
// We could rename the ldi* scripts to tbl_properties_ldi* to improve
|
||||||
// consistency with the other sub-pages.
|
// consistency with the other sub-pages.
|
||||||
//
|
//
|
||||||
|
|||||||
@@ -527,17 +527,12 @@ if (!defined('PMA_BUILD_DUMP_LIB_INCLUDED')){
|
|||||||
} else if (!isset($sep)) {
|
} else if (!isset($sep)) {
|
||||||
$sep = '';
|
$sep = '';
|
||||||
} else {
|
} else {
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$sep = stripslashes($sep);
|
|
||||||
}
|
|
||||||
$sep = str_replace('\\t', "\011", $sep);
|
$sep = str_replace('\\t', "\011", $sep);
|
||||||
}
|
}
|
||||||
if ($what == 'excel') {
|
if ($what == 'excel') {
|
||||||
$enc_by = '"';
|
$enc_by = '"';
|
||||||
} else if (!isset($enc_by)) {
|
} else if (!isset($enc_by)) {
|
||||||
$enc_by = '';
|
$enc_by = '';
|
||||||
} else if (get_magic_quotes_gpc()) {
|
|
||||||
$enc_by = stripslashes($enc_by);
|
|
||||||
}
|
}
|
||||||
if ($what == 'excel'
|
if ($what == 'excel'
|
||||||
|| (empty($esc_by) && $enc_by != '')) {
|
|| (empty($esc_by) && $enc_by != '')) {
|
||||||
@@ -545,8 +540,6 @@ if (!defined('PMA_BUILD_DUMP_LIB_INCLUDED')){
|
|||||||
$esc_by = $enc_by;
|
$esc_by = $enc_by;
|
||||||
} else if (!isset($esc_by)) {
|
} else if (!isset($esc_by)) {
|
||||||
$esc_by = '';
|
$esc_by = '';
|
||||||
} else if (get_magic_quotes_gpc()) {
|
|
||||||
$esc_by = stripslashes($esc_by);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Defines the offsets to use
|
// Defines the offsets to use
|
||||||
|
|||||||
@@ -265,6 +265,26 @@ h1 {font-family: sans-serif; font-size: large; font-weight: bold}
|
|||||||
} // end of the 'PMA_sqlAddslashes()' function
|
} // end of the 'PMA_sqlAddslashes()' function
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Add slashes before "_" and "%" characters for using them in MySQL
|
||||||
|
* database, table and field names.
|
||||||
|
* Note: This function does not escape backslashes!
|
||||||
|
*
|
||||||
|
* @param string the string to escape
|
||||||
|
*
|
||||||
|
* @return string the escaped string
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
*/
|
||||||
|
function PMA_escape_mysql_wildcards($name)
|
||||||
|
{
|
||||||
|
$name = str_replace('_', '\\_', $name);
|
||||||
|
$name = str_replace('%', '\\%', $name);
|
||||||
|
|
||||||
|
return $name;
|
||||||
|
} // end of the 'PMA_escape_mysql_wildcards()' function
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* format sql strings
|
* format sql strings
|
||||||
*
|
*
|
||||||
@@ -1208,7 +1228,7 @@ if (typeof(document.getElementById) != 'undefined'
|
|||||||
<table border="<?php echo $cfg['Border']; ?>" cellpadding="5">
|
<table border="<?php echo $cfg['Border']; ?>" cellpadding="5">
|
||||||
<tr>
|
<tr>
|
||||||
<td bgcolor="<?php echo $cfg['ThBgcolor']; ?>">
|
<td bgcolor="<?php echo $cfg['ThBgcolor']; ?>">
|
||||||
<b><?php echo (get_magic_quotes_gpc()) ? stripslashes($message) : $message; ?></b><br />
|
<b><?php echo $message; ?></b><br />
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
<?php
|
<?php
|
||||||
|
|||||||
@@ -1487,14 +1487,8 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
|
|||||||
}
|
}
|
||||||
} // end if
|
} // end if
|
||||||
|
|
||||||
// 1.3 Urlencodes the query to use in input form fields ($sql_query
|
// 1.3 Urlencodes the query to use in input form fields
|
||||||
// will be stripslashed in 'sql.php3' if the 'magic_quotes_gpc'
|
|
||||||
// directive is set to 'on')
|
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$encoded_sql_query = urlencode(addslashes($sql_query));
|
|
||||||
} else {
|
|
||||||
$encoded_sql_query = urlencode($sql_query);
|
$encoded_sql_query = urlencode($sql_query);
|
||||||
}
|
|
||||||
|
|
||||||
// 2. ----- Displays the top of the page -----
|
// 2. ----- Displays the top of the page -----
|
||||||
|
|
||||||
|
|||||||
@@ -5,24 +5,43 @@
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* This library grabs the names and values of the variables sent or posted to a
|
* This library grabs the names and values of the variables sent or posted to a
|
||||||
* script in the '$HTTP_*_VARS' arrays and sets simple globals variables from
|
* script in the '$HTTP_*_VARS' / $_* arrays and sets simple globals variables
|
||||||
* them. It does the same work for the $PHP_SELF variable.
|
* from them. It does the same work for the $PHP_SELF variable.
|
||||||
*
|
*
|
||||||
* loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
|
* loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
|
||||||
*/
|
*/
|
||||||
if (!defined('PMA_GRAB_GLOBALS_INCLUDED')) {
|
if (!defined('PMA_GRAB_GLOBALS_INCLUDED')) {
|
||||||
define('PMA_GRAB_GLOBALS_INCLUDED', 1);
|
define('PMA_GRAB_GLOBALS_INCLUDED', 1);
|
||||||
|
|
||||||
|
function PMA_gpc_extract($array, &$target) {
|
||||||
|
if (!is_array($array)) {
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
$is_magic_quotes = get_magic_quotes_gpc();
|
||||||
|
reset($array);
|
||||||
|
while (list($key, $value) = each($array)) {
|
||||||
|
if (is_array($value)) {
|
||||||
|
PMA_gpc_extract($value, $target[$key]);
|
||||||
|
} else if ($is_magic_quotes) {
|
||||||
|
$target[$key] = stripslashes($value);
|
||||||
|
} else {
|
||||||
|
$target[$key] = $value;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
reset($array);
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
if (!empty($_GET)) {
|
if (!empty($_GET)) {
|
||||||
extract($_GET, EXTR_OVERWRITE);
|
PMA_gpc_extract($_GET, $GLOBALS);
|
||||||
} else if (!empty($HTTP_GET_VARS)) {
|
} else if (!empty($HTTP_GET_VARS)) {
|
||||||
extract($HTTP_GET_VARS, EXTR_OVERWRITE);
|
PMA_gpc_extract($HTTP_GET_VARS, $GLOBALS);
|
||||||
} // end if
|
} // end if
|
||||||
|
|
||||||
if (!empty($_POST)) {
|
if (!empty($_POST)) {
|
||||||
extract($_POST, EXTR_OVERWRITE);
|
PMA_gpc_extract($_POST, $GLOBALS);
|
||||||
} else if (!empty($HTTP_POST_VARS)) {
|
} else if (!empty($HTTP_POST_VARS)) {
|
||||||
extract($HTTP_POST_VARS, EXTR_OVERWRITE);
|
PMA_gpc_extract($HTTP_POST_VARS, $GLOBALS);
|
||||||
} // end if
|
} // end if
|
||||||
|
|
||||||
if (!empty($_FILES)) {
|
if (!empty($_FILES)) {
|
||||||
@@ -46,15 +65,5 @@ if (!defined('PMA_GRAB_GLOBALS_INCLUDED')) {
|
|||||||
unset($goto);
|
unset($goto);
|
||||||
} // end if
|
} // end if
|
||||||
|
|
||||||
// Strip slahes from $db / $table values
|
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
if (isset($db)) {
|
|
||||||
$db = stripslashes($db);
|
|
||||||
}
|
|
||||||
if (isset($table)) {
|
|
||||||
$table = stripslashes($table);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
} // $__PMA_GRAB_GLOBALS_LIB__
|
} // $__PMA_GRAB_GLOBALS_LIB__
|
||||||
?>
|
?>
|
||||||
|
|||||||
@@ -9,9 +9,6 @@
|
|||||||
if (!empty($submit_mult)
|
if (!empty($submit_mult)
|
||||||
&& (!empty($selected_db) || !empty($selected_tbl) || !empty($selected_fld))) {
|
&& (!empty($selected_db) || !empty($selected_tbl) || !empty($selected_fld))) {
|
||||||
|
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$submit_mult = stripslashes($submit_mult);
|
|
||||||
}
|
|
||||||
if (!empty($selected_db)) {
|
if (!empty($selected_db)) {
|
||||||
$selected = $selected_db;
|
$selected = $selected_db;
|
||||||
$what = 'drop_db';
|
$what = 'drop_db';
|
||||||
@@ -31,12 +28,12 @@ if (!empty($submit_mult)
|
|||||||
case $strOptimizeTable:
|
case $strOptimizeTable:
|
||||||
unset($submit_mult);
|
unset($submit_mult);
|
||||||
$query_type = 'optimize_tbl';
|
$query_type = 'optimize_tbl';
|
||||||
$mult_btn = (get_magic_quotes_gpc() ? addslashes($strYes) : $strYes);
|
$mult_btn = $strYes;
|
||||||
break;
|
break;
|
||||||
case $strRepairTable:
|
case $strRepairTable:
|
||||||
unset($submit_mult);
|
unset($submit_mult);
|
||||||
$query_type = 'repair_tbl';
|
$query_type = 'repair_tbl';
|
||||||
$mult_btn = (get_magic_quotes_gpc() ? addslashes($strYes) : $strYes);
|
$mult_btn = $strYes;
|
||||||
break;
|
break;
|
||||||
} // end switch
|
} // end switch
|
||||||
}
|
}
|
||||||
@@ -133,8 +130,7 @@ if (!empty($submit_mult) && !empty($what)) {
|
|||||||
/**
|
/**
|
||||||
* Executes the query
|
* Executes the query
|
||||||
*/
|
*/
|
||||||
else if ((get_magic_quotes_gpc() && stripslashes($mult_btn) == $strYes)
|
else if ($mult_btn == $strYes) {
|
||||||
|| $mult_btn == $strYes) {
|
|
||||||
|
|
||||||
$sql_query = '';
|
$sql_query = '';
|
||||||
$selected_cnt = count($selected);
|
$selected_cnt = count($selected);
|
||||||
|
|||||||
@@ -307,9 +307,6 @@ if ($sql_file != 'none') {
|
|||||||
}
|
}
|
||||||
} // end uploaded file stuff
|
} // end uploaded file stuff
|
||||||
}
|
}
|
||||||
else if (empty($id_bookmark) && get_magic_quotes_gpc() == 1) {
|
|
||||||
$sql_query = stripslashes($sql_query);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Kanji convert SQL textfile 2002/1/4 by Y.Kawada
|
// Kanji convert SQL textfile 2002/1/4 by Y.Kawada
|
||||||
if (@function_exists('PMA_kanji_str_conv')) {
|
if (@function_exists('PMA_kanji_str_conv')) {
|
||||||
@@ -373,12 +370,7 @@ if ($sql_query != '') {
|
|||||||
if ($view_bookmark == 0) {
|
if ($view_bookmark == 0) {
|
||||||
// Only one query to run
|
// Only one query to run
|
||||||
if ($pieces_count == 1 && !empty($pieces[0])) {
|
if ($pieces_count == 1 && !empty($pieces[0])) {
|
||||||
// sql.php3 will stripslash the query if get_magic_quotes_gpc
|
|
||||||
if (get_magic_quotes_gpc() == 1) {
|
|
||||||
$sql_query = addslashes($pieces[0]);
|
|
||||||
} else {
|
|
||||||
$sql_query = $pieces[0];
|
$sql_query = $pieces[0];
|
||||||
}
|
|
||||||
if (eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $sql_query)) {
|
if (eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $sql_query)) {
|
||||||
$reload = 1;
|
$reload = 1;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -477,7 +477,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0)
|
|||||||
. $spaces . ' </label>' . "\n"
|
. $spaces . ' </label>' . "\n"
|
||||||
. $spaces . ' </td>' . "\n"
|
. $spaces . ' </td>' . "\n"
|
||||||
. $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n"
|
. $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n"
|
||||||
. $spaces . ' <select name="pred_username" id="select_pred_username" title="' . $GLOBALS['strUserName'] . '" class="textfield"' . "\n"
|
. $spaces . ' <select name="pred_username" id="select_pred_username" title="' . $GLOBALS['strUserName'] . '"' . "\n"
|
||||||
. $spaces . ' onchange="if (this.value == \'any\') { username.value = \'\'; } else if (this.value == \'userdefined\') { username.focus(); username.select(); }">' . "\n"
|
. $spaces . ' onchange="if (this.value == \'any\') { username.value = \'\'; } else if (this.value == \'userdefined\') { username.focus(); username.select(); }">' . "\n"
|
||||||
. $spaces . ' <option value="any"' . ((isset($GLOBALS['pred_username']) && $GLOBALS['pred_username'] == 'any') ? ' selected="selected"' : '') . '>' . $GLOBALS['strAnyUser'] . '</option>' . "\n"
|
. $spaces . ' <option value="any"' . ((isset($GLOBALS['pred_username']) && $GLOBALS['pred_username'] == 'any') ? ' selected="selected"' : '') . '>' . $GLOBALS['strAnyUser'] . '</option>' . "\n"
|
||||||
. $spaces . ' <option value="userdefined"' . ((!isset($GLOBALS['pred_username']) || $GLOBALS['pred_username'] == 'userdefined') ? ' selected="selected"' : '') . '>' . $GLOBALS['strUseTextField'] . ':</option>' . "\n"
|
. $spaces . ' <option value="userdefined"' . ((!isset($GLOBALS['pred_username']) || $GLOBALS['pred_username'] == 'userdefined') ? ' selected="selected"' : '') . '>' . $GLOBALS['strUseTextField'] . ':</option>' . "\n"
|
||||||
@@ -494,7 +494,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0)
|
|||||||
. $spaces . ' </label>' . "\n"
|
. $spaces . ' </label>' . "\n"
|
||||||
. $spaces . ' </td>' . "\n"
|
. $spaces . ' </td>' . "\n"
|
||||||
. $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n"
|
. $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n"
|
||||||
. $spaces . ' <select name="pred_hostname" id="select_pred_hostname" title="' . $GLOBALS['strHost'] . '" class="textfield"' . "\n";
|
. $spaces . ' <select name="pred_hostname" id="select_pred_hostname" title="' . $GLOBALS['strHost'] . '"' . "\n";
|
||||||
$res = PMA_mysql_query('SELECT USER();', $userlink);
|
$res = PMA_mysql_query('SELECT USER();', $userlink);
|
||||||
$row = @PMA_mysql_fetch_row($res);
|
$row = @PMA_mysql_fetch_row($res);
|
||||||
@mysql_free_result($res);
|
@mysql_free_result($res);
|
||||||
@@ -529,7 +529,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0)
|
|||||||
. $spaces . ' </label>' . "\n"
|
. $spaces . ' </label>' . "\n"
|
||||||
. $spaces . ' </td>' . "\n"
|
. $spaces . ' </td>' . "\n"
|
||||||
. $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n"
|
. $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n"
|
||||||
. $spaces . ' <select name="pred_password" id="select_pred_password" title="' . $GLOBALS['strPassword'] . '" class="textfield"' . "\n"
|
. $spaces . ' <select name="pred_password" id="select_pred_password" title="' . $GLOBALS['strPassword'] . '"' . "\n"
|
||||||
. $spaces . ' onchange="if (this.value == \'none\') { pma_pw.value = \'\'; pma_pw2.value = \'\'; } else if (this.value == \'userdefined\') { pma_pw.focus(); pma_pw.select(); }">' . "\n"
|
. $spaces . ' onchange="if (this.value == \'none\') { pma_pw.value = \'\'; pma_pw2.value = \'\'; } else if (this.value == \'userdefined\') { pma_pw.focus(); pma_pw.select(); }">' . "\n"
|
||||||
. ($mode == 'change' ? $spaces . ' <option value="keep" selected="selected">' . $GLOBALS['strKeepPass'] . '</option>' . "\n" : '')
|
. ($mode == 'change' ? $spaces . ' <option value="keep" selected="selected">' . $GLOBALS['strKeepPass'] . '</option>' . "\n" : '')
|
||||||
. $spaces . ' <option value="none">' . $GLOBALS['strNoPassword'] . '</option>' . "\n"
|
. $spaces . ' <option value="none">' . $GLOBALS['strNoPassword'] . '</option>' . "\n"
|
||||||
@@ -1218,10 +1218,10 @@ if (empty($adduser) && empty($checkprivs)) {
|
|||||||
unset($res);
|
unset($res);
|
||||||
unset($row);
|
unset($row);
|
||||||
if (!empty($pred_db_array)) {
|
if (!empty($pred_db_array)) {
|
||||||
echo ' <select name="pred_dbname" class="textfield" onchange="this.form.submit();">' . "\n"
|
echo ' <select name="pred_dbname" onchange="this.form.submit();">' . "\n"
|
||||||
. ' <option value="" selected="selected">' . $strUseTextField . ':</option>' . "\n";
|
. ' <option value="" selected="selected">' . $strUseTextField . ':</option>' . "\n";
|
||||||
while (list(, $current_db) = each($pred_db_array)) {
|
while (list(, $current_db) = each($pred_db_array)) {
|
||||||
echo ' <option value="' . htmlspecialchars($current_db) . '">' . htmlspecialchars($current_db) . '</option>' . "\n";
|
echo ' <option value="' . htmlspecialchars(PMA_escape_mysql_wildcards($current_db)) . '">' . htmlspecialchars($current_db) . '</option>' . "\n";
|
||||||
}
|
}
|
||||||
echo ' </select>' . "\n";
|
echo ' </select>' . "\n";
|
||||||
}
|
}
|
||||||
@@ -1240,10 +1240,10 @@ if (empty($adduser) && empty($checkprivs)) {
|
|||||||
unset($res);
|
unset($res);
|
||||||
unset($row);
|
unset($row);
|
||||||
if (!empty($pred_tbl_array)) {
|
if (!empty($pred_tbl_array)) {
|
||||||
echo ' <select name="pred_tablename" class="textfield" onchange="this.form.submit();">' . "\n"
|
echo ' <select name="pred_tablename" onchange="this.form.submit();">' . "\n"
|
||||||
. ' <option value="" selected="selected">' . $strUseTextField . ':</option>' . "\n";
|
. ' <option value="" selected="selected">' . $strUseTextField . ':</option>' . "\n";
|
||||||
while (list(, $current_table) = each($pred_tbl_array)) {
|
while (list(, $current_table) = each($pred_tbl_array)) {
|
||||||
echo ' <option value="' . htmlspecialchars($current_table) . '">' . htmlspecialchars($current_table) . '</option>' . "\n";
|
echo ' <option value="' . htmlspecialchars(PMA_escape_mysql_wildcards($current_table)) . '">' . htmlspecialchars($current_table) . '</option>' . "\n";
|
||||||
}
|
}
|
||||||
echo ' </select>' . "\n";
|
echo ' </select>' . "\n";
|
||||||
}
|
}
|
||||||
|
|||||||
11
sql.php3
11
sql.php3
@@ -61,9 +61,6 @@ if (!defined('PMA_CHK_DROP')
|
|||||||
* Bookmark add
|
* Bookmark add
|
||||||
*/
|
*/
|
||||||
if (isset($store_bkm)) {
|
if (isset($store_bkm)) {
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$fields['label'] = stripslashes($fields['label']);
|
|
||||||
}
|
|
||||||
include('./libraries/bookmark.lib.php3');
|
include('./libraries/bookmark.lib.php3');
|
||||||
PMA_addBookmarks($fields, $cfg['Bookmark']);
|
PMA_addBookmarks($fields, $cfg['Bookmark']);
|
||||||
header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto);
|
header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto);
|
||||||
@@ -83,7 +80,7 @@ if (isset($btnDrop) || isset($navig)) {
|
|||||||
* Reformat the query
|
* Reformat the query
|
||||||
*/
|
*/
|
||||||
|
|
||||||
$parsed_sql = PMA_SQP_parse((get_magic_quotes_gpc() ? stripslashes($sql_query) : $sql_query));
|
$parsed_sql = PMA_SQP_parse($sql_query);
|
||||||
$analyzed_sql = PMA_SQP_analyze($parsed_sql);
|
$analyzed_sql = PMA_SQP_analyze($parsed_sql);
|
||||||
// Bug #641765 - Robbat2 - 12 January 2003, 10:49PM
|
// Bug #641765 - Robbat2 - 12 January 2003, 10:49PM
|
||||||
// Reverted - Robbat2 - 13 January 2003, 2:40PM
|
// Reverted - Robbat2 - 13 January 2003, 2:40PM
|
||||||
@@ -172,8 +169,6 @@ if (!$cfg['Confirm']
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($do_confirm) {
|
if ($do_confirm) {
|
||||||
// already stripped at beginning of script
|
|
||||||
//$stripped_sql_query = (get_magic_quotes_gpc() ? stripslashes($sql_query) : $sql_query);
|
|
||||||
$stripped_sql_query = $sql_query;
|
$stripped_sql_query = $sql_query;
|
||||||
include('./header.inc.php3');
|
include('./header.inc.php3');
|
||||||
echo $strDoYouReally . ' :<br />' . "\n";
|
echo $strDoYouReally . ' :<br />' . "\n";
|
||||||
@@ -202,10 +197,6 @@ else {
|
|||||||
if (!isset($sql_query)) {
|
if (!isset($sql_query)) {
|
||||||
$sql_query = '';
|
$sql_query = '';
|
||||||
}
|
}
|
||||||
// already stripped at beginning of script
|
|
||||||
// else if (get_magic_quotes_gpc()) {
|
|
||||||
// $sql_query = stripslashes($sql_query);
|
|
||||||
//}
|
|
||||||
// Defines some variables
|
// Defines some variables
|
||||||
// loic1: A table has to be created -> left frame should be reloaded
|
// loic1: A table has to be created -> left frame should be reloaded
|
||||||
if ((!isset($reload) || $reload == 0)
|
if ((!isset($reload) || $reload == 0)
|
||||||
|
|||||||
@@ -43,9 +43,6 @@ if (isset($submit)) {
|
|||||||
if (empty($field_name[$i])) {
|
if (empty($field_name[$i])) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$field_name[$i] = stripslashes($field_name[$i]);
|
|
||||||
}
|
|
||||||
if (PMA_MYSQL_INT_VERSION < 32306) {
|
if (PMA_MYSQL_INT_VERSION < 32306) {
|
||||||
PMA_checkReservedWords($field_name[$i], $err_url);
|
PMA_checkReservedWords($field_name[$i], $err_url);
|
||||||
}
|
}
|
||||||
@@ -53,20 +50,14 @@ if (isset($submit)) {
|
|||||||
$query .= PMA_backquote($field_name[$i]) . ' ' . $field_type[$i];
|
$query .= PMA_backquote($field_name[$i]) . ' ' . $field_type[$i];
|
||||||
if ($field_length[$i] != ''
|
if ($field_length[$i] != ''
|
||||||
&& !eregi('^(DATE|DATETIME|TIME|TINYBLOB|TINYTEXT|BLOB|TEXT|MEDIUMBLOB|MEDIUMTEXT|LONGBLOB|LONGTEXT)$', $field_type[$i])) {
|
&& !eregi('^(DATE|DATETIME|TIME|TINYBLOB|TINYTEXT|BLOB|TEXT|MEDIUMBLOB|MEDIUMTEXT|LONGBLOB|LONGTEXT)$', $field_type[$i])) {
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$query .= '(' . stripslashes($field_length[$i]) . ')';
|
|
||||||
} else {
|
|
||||||
$query .= '(' . $field_length[$i] . ')';
|
$query .= '(' . $field_length[$i] . ')';
|
||||||
}
|
}
|
||||||
}
|
|
||||||
if ($field_attribute[$i] != '') {
|
if ($field_attribute[$i] != '') {
|
||||||
$query .= ' ' . $field_attribute[$i];
|
$query .= ' ' . $field_attribute[$i];
|
||||||
}
|
}
|
||||||
if ($field_default[$i] != '') {
|
if ($field_default[$i] != '') {
|
||||||
if (strtoupper($field_default[$i]) == 'NULL') {
|
if (strtoupper($field_default[$i]) == 'NULL') {
|
||||||
$query .= ' DEFAULT NULL';
|
$query .= ' DEFAULT NULL';
|
||||||
} else if (get_magic_quotes_gpc()) {
|
|
||||||
$query .= ' DEFAULT \'' . PMA_sqlAddslashes(stripslashes($field_default[$i])) . '\'';
|
|
||||||
} else {
|
} else {
|
||||||
$query .= ' DEFAULT \'' . PMA_sqlAddslashes($field_default[$i]) . '\'';
|
$query .= ' DEFAULT \'' . PMA_sqlAddslashes($field_default[$i]) . '\'';
|
||||||
}
|
}
|
||||||
@@ -94,21 +85,13 @@ if (isset($submit)) {
|
|||||||
if ($i == 0) {
|
if ($i == 0) {
|
||||||
if ($after_field == '--first--') {
|
if ($after_field == '--first--') {
|
||||||
$query .= ' FIRST';
|
$query .= ' FIRST';
|
||||||
} else {
|
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$query .= ' AFTER ' . PMA_backquote(stripslashes(urldecode($after_field)));
|
|
||||||
} else {
|
} else {
|
||||||
$query .= ' AFTER ' . PMA_backquote(urldecode($after_field));
|
$query .= ' AFTER ' . PMA_backquote(urldecode($after_field));
|
||||||
}
|
}
|
||||||
}
|
|
||||||
} else {
|
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$query .= ' AFTER ' . PMA_backquote(stripslashes($field_name[$i-1]));
|
|
||||||
} else {
|
} else {
|
||||||
$query .= ' AFTER ' . PMA_backquote($field_name[$i-1]);
|
$query .= ' AFTER ' . PMA_backquote($field_name[$i-1]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
$query .= ', ADD ';
|
$query .= ', ADD ';
|
||||||
} // end for
|
} // end for
|
||||||
$query = ereg_replace(', ADD $', '', $query);
|
$query = ereg_replace(', ADD $', '', $query);
|
||||||
|
|||||||
@@ -30,7 +30,7 @@ if (!empty($message)) {
|
|||||||
unset($sql_query);
|
unset($sql_query);
|
||||||
}
|
}
|
||||||
if (isset($disp_query)) {
|
if (isset($disp_query)) {
|
||||||
$sql_query = (get_magic_quotes_gpc() ? stripslashes($disp_query) : $disp_query);
|
$sql_query = $disp_query;
|
||||||
}
|
}
|
||||||
PMA_showMessage($message);
|
PMA_showMessage($message);
|
||||||
if (isset($goto_cpy)) {
|
if (isset($goto_cpy)) {
|
||||||
@@ -42,14 +42,6 @@ if (!empty($message)) {
|
|||||||
unset($sql_query_cpy);
|
unset($sql_query_cpy);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
if (!empty($sql_query)) {
|
|
||||||
$sql_query = stripslashes($sql_query);
|
|
||||||
}
|
|
||||||
if (!empty($primary_key)) {
|
|
||||||
$primary_key = stripslashes($primary_key);
|
|
||||||
}
|
|
||||||
} // end if
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -49,28 +49,19 @@ if (isset($submit)) {
|
|||||||
if (empty($field_name[$i])) {
|
if (empty($field_name[$i])) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$field_name[$i] = stripslashes($field_name[$i]);
|
|
||||||
}
|
|
||||||
if (PMA_MYSQL_INT_VERSION < 32306) {
|
if (PMA_MYSQL_INT_VERSION < 32306) {
|
||||||
PMA_checkReservedWords($field_name[$i], $err_url);
|
PMA_checkReservedWords($field_name[$i], $err_url);
|
||||||
}
|
}
|
||||||
$query = PMA_backquote($field_name[$i]) . ' ' . $field_type[$i];
|
$query = PMA_backquote($field_name[$i]) . ' ' . $field_type[$i];
|
||||||
if ($field_length[$i] != '') {
|
if ($field_length[$i] != '') {
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$query .= '(' . stripslashes($field_length[$i]) . ')';
|
|
||||||
} else {
|
|
||||||
$query .= '(' . $field_length[$i] . ')';
|
$query .= '(' . $field_length[$i] . ')';
|
||||||
}
|
}
|
||||||
}
|
|
||||||
if ($field_attribute[$i] != '') {
|
if ($field_attribute[$i] != '') {
|
||||||
$query .= ' ' . $field_attribute[$i];
|
$query .= ' ' . $field_attribute[$i];
|
||||||
}
|
}
|
||||||
if ($field_default[$i] != '') {
|
if ($field_default[$i] != '') {
|
||||||
if (strtoupper($field_default[$i]) == 'NULL') {
|
if (strtoupper($field_default[$i]) == 'NULL') {
|
||||||
$query .= ' DEFAULT NULL';
|
$query .= ' DEFAULT NULL';
|
||||||
} else if (get_magic_quotes_gpc()) {
|
|
||||||
$query .= ' DEFAULT \'' . PMA_sqlAddslashes(stripslashes($field_default[$i])) . '\'';
|
|
||||||
} else {
|
} else {
|
||||||
$query .= ' DEFAULT \'' . PMA_sqlAddslashes($field_default[$i]) . '\'';
|
$query .= ' DEFAULT \'' . PMA_sqlAddslashes($field_default[$i]) . '\'';
|
||||||
}
|
}
|
||||||
@@ -96,9 +87,6 @@ if (isset($submit)) {
|
|||||||
for ($i = 0; $i < $primary_cnt; $i++) {
|
for ($i = 0; $i < $primary_cnt; $i++) {
|
||||||
$j = $field_primary[$i];
|
$j = $field_primary[$i];
|
||||||
if (!empty($field_name[$j])) {
|
if (!empty($field_name[$j])) {
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$field_name[$j] = stripslashes($field_name[$j]);
|
|
||||||
}
|
|
||||||
$primary .= PMA_backquote($field_name[$j]) . ', ';
|
$primary .= PMA_backquote($field_name[$j]) . ', ';
|
||||||
}
|
}
|
||||||
} // end for
|
} // end for
|
||||||
@@ -116,9 +104,6 @@ if (isset($submit)) {
|
|||||||
for ($i = 0;$i < $index_cnt; $i++) {
|
for ($i = 0;$i < $index_cnt; $i++) {
|
||||||
$j = $field_index[$i];
|
$j = $field_index[$i];
|
||||||
if (!empty($field_name[$j])) {
|
if (!empty($field_name[$j])) {
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$field_name[$j] = stripslashes($field_name[$j]);
|
|
||||||
}
|
|
||||||
$index .= PMA_backquote($field_name[$j]) . ', ';
|
$index .= PMA_backquote($field_name[$j]) . ', ';
|
||||||
}
|
}
|
||||||
} // end for
|
} // end for
|
||||||
@@ -136,9 +121,6 @@ if (isset($submit)) {
|
|||||||
for ($i = 0; $i < $unique_cnt; $i++) {
|
for ($i = 0; $i < $unique_cnt; $i++) {
|
||||||
$j = $field_unique[$i];
|
$j = $field_unique[$i];
|
||||||
if (!empty($field_name[$j])) {
|
if (!empty($field_name[$j])) {
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$field_name[$j] = stripslashes($field_name[$j]);
|
|
||||||
}
|
|
||||||
$unique .= PMA_backquote($field_name[$j]) . ', ';
|
$unique .= PMA_backquote($field_name[$j]) . ', ';
|
||||||
}
|
}
|
||||||
} // end for
|
} // end for
|
||||||
@@ -156,9 +138,6 @@ if (isset($submit)) {
|
|||||||
for ($i = 0; $i < $fulltext_cnt; $i++) {
|
for ($i = 0; $i < $fulltext_cnt; $i++) {
|
||||||
$j = $field_fulltext[$i];
|
$j = $field_fulltext[$i];
|
||||||
if (!empty($field_name[$j])) {
|
if (!empty($field_name[$j])) {
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$field_name[$j] = stripslashes($field_name[$j]);
|
|
||||||
}
|
|
||||||
$fulltext .= PMA_backquote($field_name[$j]) . ', ';
|
$fulltext .= PMA_backquote($field_name[$j]) . ', ';
|
||||||
}
|
}
|
||||||
} // end for
|
} // end for
|
||||||
@@ -180,9 +159,6 @@ if (isset($submit)) {
|
|||||||
$query_cpy .= ' TYPE = ' . $tbl_type;
|
$query_cpy .= ' TYPE = ' . $tbl_type;
|
||||||
}
|
}
|
||||||
if (PMA_MYSQL_INT_VERSION >= 32300 && !empty($comment)) {
|
if (PMA_MYSQL_INT_VERSION >= 32300 && !empty($comment)) {
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$comment = stripslashes($comment);
|
|
||||||
}
|
|
||||||
$sql_query .= ' COMMENT = \'' . PMA_sqlAddslashes($comment) . '\'';
|
$sql_query .= ' COMMENT = \'' . PMA_sqlAddslashes($comment) . '\'';
|
||||||
$query_cpy .= "\n" . 'COMMENT = \'' . PMA_sqlAddslashes($comment) . '\'';
|
$query_cpy .= "\n" . 'COMMENT = \'' . PMA_sqlAddslashes($comment) . '\'';
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -343,9 +343,6 @@ else {
|
|||||||
} else if (empty($add_character)) {
|
} else if (empty($add_character)) {
|
||||||
$add_character = $GLOBALS['crlf'];
|
$add_character = $GLOBALS['crlf'];
|
||||||
} else {
|
} else {
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$add_character = stripslashes($add_character);
|
|
||||||
}
|
|
||||||
$add_character = str_replace('\\r', "\015", $add_character);
|
$add_character = str_replace('\\r', "\015", $add_character);
|
||||||
$add_character = str_replace('\\n', "\012", $add_character);
|
$add_character = str_replace('\\n', "\012", $add_character);
|
||||||
$add_character = str_replace('\\t', "\011", $add_character);
|
$add_character = str_replace('\\t', "\011", $add_character);
|
||||||
|
|||||||
@@ -143,19 +143,6 @@ if ($fields_rs) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Stipslashes some variables if required
|
|
||||||
*/
|
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
if (isset($index)) {
|
|
||||||
$index = stripslashes($index);
|
|
||||||
}
|
|
||||||
if (isset($old_index)) {
|
|
||||||
$old_index = stripslashes($old_index);
|
|
||||||
}
|
|
||||||
} // end if
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Do run the query to build the new index and moves back to
|
* Do run the query to build the new index and moves back to
|
||||||
* "tbl_properties.php3"
|
* "tbl_properties.php3"
|
||||||
@@ -212,7 +199,7 @@ if (!defined('PMA_IDX_INCLUDED')
|
|||||||
while (list($i, $name) = each($column)) {
|
while (list($i, $name) = each($column)) {
|
||||||
if ($name != '--ignore--') {
|
if ($name != '--ignore--') {
|
||||||
$index_fields .= (empty($index_fields) ? '' : ',')
|
$index_fields .= (empty($index_fields) ? '' : ',')
|
||||||
. PMA_backquote(get_magic_quotes_gpc() ? stripslashes($name) : $name)
|
. PMA_backquote($name)
|
||||||
. (empty($sub_part[$i]) ? '' : '(' . $sub_part[$i] . ')');
|
. (empty($sub_part[$i]) ? '' : '(' . $sub_part[$i] . ')');
|
||||||
}
|
}
|
||||||
} // end while
|
} // end while
|
||||||
|
|||||||
@@ -50,15 +50,6 @@ if (isset($new_name) && trim($new_name) != '') {
|
|||||||
$use_backquotes = 1;
|
$use_backquotes = 1;
|
||||||
$asfile = 1;
|
$asfile = 1;
|
||||||
|
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
if (!empty($target_db)) {
|
|
||||||
$target_db = stripslashes($target_db);
|
|
||||||
} else {
|
|
||||||
$target_db = stripslashes($db);
|
|
||||||
}
|
|
||||||
$new_name = stripslashes($new_name);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Ensure the target is valid
|
// Ensure the target is valid
|
||||||
if (count($dblist) > 0 &&
|
if (count($dblist) > 0 &&
|
||||||
(PMA_isInto($db, $dblist) == -1 || PMA_isInto($target_db, $dblist) == -1)) {
|
(PMA_isInto($db, $dblist) == -1 || PMA_isInto($target_db, $dblist) == -1)) {
|
||||||
|
|||||||
@@ -97,9 +97,6 @@ for ($i = 0 ; $i < $num_fields; $i++) {
|
|||||||
$row['Type'] = '';
|
$row['Type'] = '';
|
||||||
$type = '';
|
$type = '';
|
||||||
}
|
}
|
||||||
else if (get_magic_quotes_gpc()) {
|
|
||||||
$type = stripslashes($row['Type']);
|
|
||||||
}
|
|
||||||
else {
|
else {
|
||||||
$type = $row['Type'];
|
$type = $row['Type'];
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ if (isset($submitorderby) && !empty($order_field)) {
|
|||||||
$sql_query = 'ALTER TABLE ' . PMA_backquote($table)
|
$sql_query = 'ALTER TABLE ' . PMA_backquote($table)
|
||||||
. ' ORDER BY ' . PMA_backquote(urldecode($order_field));
|
. ' ORDER BY ' . PMA_backquote(urldecode($order_field));
|
||||||
$result = PMA_mysql_query($sql_query) or PMA_mysqlDie('', $sql_query, '', $err_url);
|
$result = PMA_mysql_query($sql_query) or PMA_mysqlDie('', $sql_query, '', $err_url);
|
||||||
PMA_showMessage((get_magic_quotes_gpc()) ? addslashes($strSuccess) : $strSuccess);
|
PMA_showMessage($strSuccess);
|
||||||
} // end if
|
} // end if
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -14,9 +14,6 @@ $url_query .= '&goto=tbl_properties_options.php3&back=tbl_properties_opt
|
|||||||
* Updates table comment, type and options if required
|
* Updates table comment, type and options if required
|
||||||
*/
|
*/
|
||||||
if (isset($submitcomment)) {
|
if (isset($submitcomment)) {
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$comment = stripslashes($comment);
|
|
||||||
}
|
|
||||||
if (empty($prev_comment) || urldecode($prev_comment) != $comment) {
|
if (empty($prev_comment) || urldecode($prev_comment) != $comment) {
|
||||||
$sql_query = 'ALTER TABLE ' . PMA_backquote($table) . ' COMMENT = \'' . PMA_sqlAddslashes($comment) . '\'';
|
$sql_query = 'ALTER TABLE ' . PMA_backquote($table) . ' COMMENT = \'' . PMA_sqlAddslashes($comment) . '\'';
|
||||||
$result = PMA_mysql_query($sql_query) or PMA_mysqlDie('', $sql_query, '', $err_url);
|
$result = PMA_mysql_query($sql_query) or PMA_mysqlDie('', $sql_query, '', $err_url);
|
||||||
@@ -39,7 +36,7 @@ if (isset($submitoptions)) {
|
|||||||
|
|
||||||
// Displays a message if a query had been submitted
|
// Displays a message if a query had been submitted
|
||||||
if (isset($message)) {
|
if (isset($message)) {
|
||||||
PMA_showMessage((get_magic_quotes_gpc()) ? addslashes($message) : $message);
|
PMA_showMessage($message);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -12,9 +12,6 @@ if (isset($show_query) && $show_query == '1') {
|
|||||||
$query_to_display = $sql_query_cpy;
|
$query_to_display = $sql_query_cpy;
|
||||||
}
|
}
|
||||||
// Other cases
|
// Other cases
|
||||||
else if (get_magic_quotes_gpc()) {
|
|
||||||
$query_to_display = stripslashes($sql_query);
|
|
||||||
}
|
|
||||||
else {
|
else {
|
||||||
$query_to_display = $sql_query;
|
$query_to_display = $sql_query;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -23,9 +23,6 @@ $err_url = 'tbl_properties.php3?' . PMA_generate_common_url($db, $table);
|
|||||||
if (isset($new_name) && trim($new_name) != '') {
|
if (isset($new_name) && trim($new_name) != '') {
|
||||||
$old_name = $table;
|
$old_name = $table;
|
||||||
$table = $new_name;
|
$table = $new_name;
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$new_name = stripslashes($new_name);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Ensure the target is valid
|
// Ensure the target is valid
|
||||||
if (count($dblist) > 0 && PMA_isInto($db, $dblist) == -1) {
|
if (count($dblist) > 0 && PMA_isInto($db, $dblist) == -1) {
|
||||||
|
|||||||
@@ -66,9 +66,6 @@ if (isset($funcs)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Misc
|
// Misc
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$submit_type = stripslashes($submit_type);
|
|
||||||
}
|
|
||||||
$seen_binary = FALSE;
|
$seen_binary = FALSE;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -117,11 +117,7 @@
|
|||||||
|
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$val = "'" . str_replace('\\"', '"', $val) . "'";
|
|
||||||
} else {
|
|
||||||
$val = "'" . PMA_sqlAddslashes($val) . "'";
|
$val = "'" . PMA_sqlAddslashes($val) . "'";
|
||||||
}
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|||||||
@@ -227,7 +227,7 @@ else {
|
|||||||
$sql_query .= ' FROM ' . PMA_backquote($table);
|
$sql_query .= ' FROM ' . PMA_backquote($table);
|
||||||
// The where clause
|
// The where clause
|
||||||
if ($where != '') {
|
if ($where != '') {
|
||||||
$sql_query .= ' WHERE ' . ((get_magic_quotes_gpc()) ? stripslashes($where) : $where);
|
$sql_query .= ' WHERE ' . $where;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$sql_query .= ' WHERE 1';
|
$sql_query .= ' WHERE 1';
|
||||||
@@ -251,12 +251,7 @@ else {
|
|||||||
$sql_query .= ' ORDER BY ' . PMA_backquote(urldecode($orderField)) . ' ' . $order;
|
$sql_query .= ' ORDER BY ' . PMA_backquote(urldecode($orderField)) . ' ' . $order;
|
||||||
} // end if
|
} // end if
|
||||||
|
|
||||||
// The query will be stripslashed in sql.php3 if "magic_quotes_gpc" is on
|
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
$sql_query = addslashes($sql_query);
|
|
||||||
}
|
|
||||||
include('./sql.php3');
|
include('./sql.php3');
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ if (!empty($message)) {
|
|||||||
unset($sql_query);
|
unset($sql_query);
|
||||||
}
|
}
|
||||||
if (isset($disp_query)) {
|
if (isset($disp_query)) {
|
||||||
$sql_query = (get_magic_quotes_gpc() ? stripslashes($disp_query) : $disp_query);
|
$sql_query = $disp_query;
|
||||||
}
|
}
|
||||||
PMA_showMessage($message);
|
PMA_showMessage($message);
|
||||||
if (isset($goto_cpy)) {
|
if (isset($goto_cpy)) {
|
||||||
@@ -52,14 +52,6 @@ if (!empty($message)) {
|
|||||||
unset($sql_query_cpy);
|
unset($sql_query_cpy);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (get_magic_quotes_gpc()) {
|
|
||||||
if (!empty($sql_query)) {
|
|
||||||
$sql_query = stripslashes($sql_query);
|
|
||||||
}
|
|
||||||
if (!empty($primary_key)) {
|
|
||||||
$primary_key = stripslashes($primary_key);
|
|
||||||
}
|
|
||||||
} // end if
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -45,10 +45,6 @@ if (isset($nopass)) {
|
|||||||
// here $nopass could be == 1
|
// here $nopass could be == 1
|
||||||
if (empty($error_msg)) {
|
if (empty($error_msg)) {
|
||||||
|
|
||||||
if (get_magic_quotes_gpc() && $pma_pw != '') {
|
|
||||||
$pma_pw = stripslashes($pma_pw);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Defines the url to return to in case of error in the sql statement
|
// Defines the url to return to in case of error in the sql statement
|
||||||
$common_url_query = PMA_generate_common_url();
|
$common_url_query = PMA_generate_common_url();
|
||||||
|
|
||||||
@@ -72,7 +68,7 @@ if (isset($nopass)) {
|
|||||||
include('./header.inc.php3');
|
include('./header.inc.php3');
|
||||||
echo '<h1>' . $strChangePassword . '</h1>' . "\n\n";
|
echo '<h1>' . $strChangePassword . '</h1>' . "\n\n";
|
||||||
$show_query = 'y';
|
$show_query = 'y';
|
||||||
PMA_showMessage(get_magic_quotes_gpc() ? addslashes($strUpdateProfileMessage) : $strUpdateProfileMessage);
|
PMA_showMessage($strUpdateProfileMessage);
|
||||||
?>
|
?>
|
||||||
<a href="index.php3?<?php echo $common_url_query . $http_logout; ?>" target="_parent">
|
<a href="index.php3?<?php echo $common_url_query . $http_logout; ?>" target="_parent">
|
||||||
<b><?php echo $strBack; ?></b></a>
|
<b><?php echo $strBack; ?></b></a>
|
||||||
|
|||||||
Reference in New Issue
Block a user