nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

If magic_quotes_gpc is enabled, grab_globals calls stripslashes when extracting the arrays $_GET and $_POST.

Browse Source
This commit is contained in:
Alexander M. Turek
2003-03-02 17:26:41 +00:00
parent d5a2bef78d
commit 2183740b05
29 changed files with 149 additions and 295 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ChangeLog
View File

@@ -5,10 +5,27 @@ phpMyAdmin - Changelog
$Id$ $Id$
$Source$ $Source$
2003-03-02 Alexander M. Turek <rabus@users.sourceforge.net>
* db_details.php3, db_details_qbe.php3, db_search.php3, ldi_check.php3,
mult_submits.inc.php3, read_dump.php3, sql.php3, tbl_addfield.php3,
tbl_change.php3, tbl_create.php3, tbl_dump.php3, tbl_indexes.php3,
tbl_move_copy.php3, tbl_properties.inc.php3,
tbl_properties_operations.php3, tbl_properties_options.php3,
tbl_query_box.php3, tbl_rename.php3, tbl_replace.php3,
tbl_replace_fields.php3, tbl_select.php3, transformation_wrapper.php3,
user_password.php3, libraries/build_dump.php3, libraries/common.lib.php3,
libraries/display_tbl.lib.php3, libraries/grab_globals.php3:
If magic_quotes_gpc is enabled, grab_globals calls stripslashes when
extracting the arrays $_GET and $_POST. This should replace a lots of
workarounds and avoid present and future problems with magic_quotes_gpc.
* server_privileges.php3, libraries/common.lib.php3:
- Escape wildcard characters in the database and table dropdown boxes;
- CSS fixes.
2003-03-01 Marc Delisle <lem9@users.sourceforge.net> 2003-03-01 Marc Delisle <lem9@users.sourceforge.net>
* lang/english: typo * lang/english: typo
* tbl_dump.php3: undefined variable $use_comments * tbl_dump.php3: undefined variable $use_comments
* tbl_properties_export.php3: bug 692143: now we remove the * tbl_properties_export.php3: bug 692143: now we remove the
LIMIT clause from the original query to use the limits entered LIMIT clause from the original query to use the limits entered
on the export form on the export form
* pdf_schema.php3: better header/footer for long pages, * pdf_schema.php3: better header/footer for long pages,
@@ -19,9 +36,9 @@ $Source$
index. index.
2003-03-01 Robin Johnson <robbat2@users.sourceforge.net> 2003-03-01 Robin Johnson <robbat2@users.sourceforge.net>
* libraries/xpath/XPath.class.php, libraries/xpath/: * libraries/xpath/XPath.class.php, libraries/xpath/:
- Removed (was part of the early DB config prototype) - Removed (was part of the early DB config prototype)
* lang/translatecount.sh: * lang/translatecount.sh:
- Counts just how out of date the translations are! - Counts just how out of date the translations are!
2003-02-28 Michal Cihar <nijel@users.sourceforge.net> 2003-02-28 Michal Cihar <nijel@users.sourceforge.net>

3
db_details.php3
View File

@@ -19,9 +19,6 @@ if (isset($show_query) && $show_query == '1') {
$query_to_display = $sql_query_cpy; $query_to_display = $sql_query_cpy;
} }
// Other cases // Other cases
else if (get_magic_quotes_gpc()) {
$query_to_display = stripslashes($sql_query);
}
else { else {
$query_to_display = $sql_query; $query_to_display = $sql_query;
} }

19
db_details_qbe.php3
View File

@@ -25,9 +25,6 @@ if (isset($submit_sql) && eregi('^SELECT', $encoded_sql_query)) {
$goto = 'db_details.php3'; $goto = 'db_details.php3';
$zero_rows = htmlspecialchars($strSuccess); $zero_rows = htmlspecialchars($strSuccess);
$sql_query = urldecode($encoded_sql_query); $sql_query = urldecode($encoded_sql_query);
if (get_magic_quotes_gpc()) {
$sql_query = addslashes($sql_query);
}
include('./sql.php3'); include('./sql.php3');
exit(); exit();
} else { } else {
@@ -365,11 +362,7 @@ for ($x = 0; $x < $col; $x++) {
continue; continue;
} }
if (isset($Criteria[$x])) { if (isset($Criteria[$x])) {
if (get_magic_quotes_gpc()) { $stripped_Criteria = $Criteria[$x];
$stripped_Criteria = stripslashes($Criteria[$x]);
} else {
$stripped_Criteria = $Criteria[$x];
}
} }
if ((empty($prev_Criteria) || !isset($prev_Criteria[$x])) if ((empty($prev_Criteria) || !isset($prev_Criteria[$x]))
|| urldecode($prev_Criteria[$x]) != htmlspecialchars($stripped_Criteria)) { || urldecode($prev_Criteria[$x]) != htmlspecialchars($stripped_Criteria)) {
@@ -534,11 +527,7 @@ for ($y = 0; $y <= $row; $y++) {
${$or} = ''; ${$or} = '';
} }
if (!empty(${$or}) && isset(${$or}[$x])) { if (!empty(${$or}) && isset(${$or}[$x])) {
if (get_magic_quotes_gpc()) { $stripped_or = ${$or}[$x];
$stripped_or = stripslashes(${$or}[$x]);
} else {
$stripped_or = ${$or}[$x];
}
} else { } else {
$stripped_or = ''; $stripped_or = '';
} }
@@ -893,7 +882,7 @@ if (isset($Field) && count($Field) > 0) {
} else { } else {
//$master = $col_cand[0]; //$master = $col_cand[0];
reset($col_cand); reset($col_cand);
$master = current($col_cand); $master = current($col_cand);
//echo 'master ist der einzige Kandidat: ' . $master . "\n"; //echo 'master ist der einzige Kandidat: ' . $master . "\n";
} }
} // end if (exactly one where clause) } // end if (exactly one where clause)
@@ -1048,7 +1037,7 @@ for ($y = 0; $y <= $row; $y++) {
if (!empty($curField[$x]) && !empty(${'curOr' . $y}[$x])) { if (!empty($curField[$x]) && !empty(${'curOr' . $y}[$x])) {
$qry_orwhere .= '(' . $curField[$x] $qry_orwhere .= '(' . $curField[$x]
. ' ' . ' '
. (get_magic_quotes_gpc() ? stripslashes(${'curOr' . $y}[$x]) : ${'curOr' . $y}[$x]) . ${'curOr' . $y}[$x]
. ')'; . ')';
$last_orwhere = $x; $last_orwhere = $x;
$criteria_cnt++; $criteria_cnt++;

28
db_search.php3
View File

@@ -93,7 +93,7 @@ if (isset($submit_search)) {
for ($j = 0; $j < $tblfields_cnt; $j++) { for ($j = 0; $j < $tblfields_cnt; $j++) {
$thefieldlikevalue[] = $tblfields[$j] $thefieldlikevalue[] = $tblfields[$j]
. ' ' . $like_or_regex . ' ' . $like_or_regex
. ' \'' . ' \''
. $automatic_wildcard . $automatic_wildcard
. $search_words[$i] . $search_words[$i]
. $automatic_wildcard . '\''; . $automatic_wildcard . '\'';
@@ -119,24 +119,6 @@ if (isset($submit_search)) {
} // end of the "PMA_getSearchSqls()" function } // end of the "PMA_getSearchSqls()" function
/**
* Strip slashes if necessary
*/
if (get_magic_quotes_gpc()) {
$search_str = stripslashes($search_str);
if (isset($table)) {
$table = stripslashes($table);
}
else if (isset($table_select)) {
$table_select_cnt = count($table_select);
reset($table_select);
for ($i = 0; $i < $table_select_cnt; $i++) {
$table_select[$i] = stripslashes($table_select[$i]);
} // end for
} // end if... else if...
} // end if
/** /**
* Displays the results * Displays the results
*/ */
@@ -220,11 +202,11 @@ if (isset($submit_search)) {
. ' <table><tr><td>' . sprintf($strNumSearchResultsInTable, $res_cnt, htmlspecialchars($onetable)) . "</td>\n"; . ' <table><tr><td>' . sprintf($strNumSearchResultsInTable, $res_cnt, htmlspecialchars($onetable)) . "</td>\n";
if ($res_cnt > 0) { if ($res_cnt > 0) {
echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query
. '&amp;sql_query=' .urlencode($newsearchsqls['select_fields']), . '&amp;sql_query=' .urlencode($newsearchsqls['select_fields']),
$strBrowse, '') . "</td>\n"; $strBrowse, '') . "</td>\n";
echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query
. '&amp;sql_query=' .urlencode($newsearchsqls['delete']), . '&amp;sql_query=' .urlencode($newsearchsqls['delete']),
$strDelete, $newsearchsqls['delete']) . "</td>\n"; $strDelete, $newsearchsqls['delete']) . "</td>\n";
@@ -259,11 +241,11 @@ if (isset($submit_search)) {
. ' <table><tr><td>' . sprintf($strNumSearchResultsInTable, $res_cnt, htmlspecialchars($table_select[$i])) . "</td>\n"; . ' <table><tr><td>' . sprintf($strNumSearchResultsInTable, $res_cnt, htmlspecialchars($table_select[$i])) . "</td>\n";
if ($res_cnt > 0) { if ($res_cnt > 0) {
echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query
. '&amp;sql_query=' .urlencode($newsearchsqls['select_fields']), . '&amp;sql_query=' .urlencode($newsearchsqls['select_fields']),
$strBrowse, '') . "</td>\n"; $strBrowse, '') . "</td>\n";
echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query
. '&amp;sql_query=' .urlencode($newsearchsqls['delete']), . '&amp;sql_query=' .urlencode($newsearchsqls['delete']),
$strDelete, $newsearchsqls['delete']) . "</td>\n"; $strDelete, $newsearchsqls['delete']) . "</td>\n";

22
ldi_check.php3
View File

@@ -46,17 +46,9 @@ if (isset($btnLDI) && ($textfile != 'none')) {
// Formats the data posted to this script // Formats the data posted to this script
$textfile = PMA_sqlAddslashes($textfile); $textfile = PMA_sqlAddslashes($textfile);
if (get_magic_quotes_gpc()) { $enclosed = PMA_sqlAddslashes($enclosed);
$field_terminater = stripslashes($field_terminater); $escaped = PMA_sqlAddslashes($escaped);
$enclosed = PMA_sqlAddslashes(stripslashes($enclosed)); $column_name = PMA_sqlAddslashes($column_name);
$escaped = PMA_sqlAddslashes(stripslashes($escaped));
$line_terminator = stripslashes($line_terminator);
$column_name = PMA_sqlAddslashes(stripslashes($column_name));
} else {
$enclosed = PMA_sqlAddslashes($enclosed);
$escaped = PMA_sqlAddslashes($escaped);
$column_name = PMA_sqlAddslashes($column_name);
}
// (try to) make sure the file is readable: // (try to) make sure the file is readable:
chmod($textfile, 0777); chmod($textfile, 0777);
@@ -125,14 +117,6 @@ if (isset($btnLDI) && ($textfile != 'none')) {
} }
} }
// Executes the query
// sql.php3 will stripslash the query if 'magic_quotes_gpc' is set to on
if (get_magic_quotes_gpc()) {
$sql_query = addslashes($query);
} else {
$sql_query = $query;
}
// We could rename the ldi* scripts to tbl_properties_ldi* to improve // We could rename the ldi* scripts to tbl_properties_ldi* to improve
// consistency with the other sub-pages. // consistency with the other sub-pages.
// //

9
libraries/build_dump.lib.php3
View File

@@ -508,7 +508,7 @@ if (!defined('PMA_BUILD_DUMP_LIB_INCLUDED')){
* @param string the handler (function) to call. It must accept one * @param string the handler (function) to call. It must accept one
* parameter ($sql_insert) * parameter ($sql_insert)
* @param string the url to go back in case of error * @param string the url to go back in case of error
* @param string sql query (optional) * @param string sql query (optional)
* *
* @global string whether to obtain an excel compatible csv format or a * @global string whether to obtain an excel compatible csv format or a
* simple csv one * simple csv one
@@ -527,17 +527,12 @@ if (!defined('PMA_BUILD_DUMP_LIB_INCLUDED')){
} else if (!isset($sep)) { } else if (!isset($sep)) {
$sep = ''; $sep = '';
} else { } else {
if (get_magic_quotes_gpc()) {
$sep = stripslashes($sep);
}
$sep = str_replace('\\t', "\011", $sep); $sep = str_replace('\\t', "\011", $sep);
} }
if ($what == 'excel') { if ($what == 'excel') {
$enc_by = '"'; $enc_by = '"';
} else if (!isset($enc_by)) { } else if (!isset($enc_by)) {
$enc_by = ''; $enc_by = '';
} else if (get_magic_quotes_gpc()) {
$enc_by = stripslashes($enc_by);
} }
if ($what == 'excel' if ($what == 'excel'
|| (empty($esc_by) && $enc_by != '')) { || (empty($esc_by) && $enc_by != '')) {
@@ -545,8 +540,6 @@ if (!defined('PMA_BUILD_DUMP_LIB_INCLUDED')){
$esc_by = $enc_by; $esc_by = $enc_by;
} else if (!isset($esc_by)) { } else if (!isset($esc_by)) {
$esc_by = ''; $esc_by = '';
} else if (get_magic_quotes_gpc()) {
$esc_by = stripslashes($esc_by);
} }
// Defines the offsets to use // Defines the offsets to use

22
libraries/common.lib.php3
View File

@@ -265,6 +265,26 @@ h1 {font-family: sans-serif; font-size: large; font-weight: bold}
} // end of the 'PMA_sqlAddslashes()' function } // end of the 'PMA_sqlAddslashes()' function
/**
* Add slashes before "_" and "%" characters for using them in MySQL
* database, table and field names.
* Note: This function does not escape backslashes!
*
* @param string the string to escape
*
* @return string the escaped string
*
* @access public
*/
function PMA_escape_mysql_wildcards($name)
{
$name = str_replace('_', '\\_', $name);
$name = str_replace('%', '\\%', $name);
return $name;
} // end of the 'PMA_escape_mysql_wildcards()' function
/** /**
* format sql strings * format sql strings
* *
@@ -1208,7 +1228,7 @@ if (typeof(document.getElementById) != 'undefined'
<table border="<?php echo $cfg['Border']; ?>" cellpadding="5"> <table border="<?php echo $cfg['Border']; ?>" cellpadding="5">
<tr> <tr>
<td bgcolor="<?php echo $cfg['ThBgcolor']; ?>"> <td bgcolor="<?php echo $cfg['ThBgcolor']; ?>">
<b><?php echo (get_magic_quotes_gpc()) ? stripslashes($message) : $message; ?></b><br /> <b><?php echo $message; ?></b><br />
</td> </td>
</tr> </tr>
<?php <?php

26
libraries/display_tbl.lib.php3
View File

@@ -526,7 +526,7 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
} else { } else {
$comments_map = array(); $comments_map = array();
} }
if ($GLOBALS['cfgRelation']['commwork'] && $GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) { if ($GLOBALS['cfgRelation']['commwork'] && $GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) {
require('./libraries/transformations.lib.php3'); require('./libraries/transformations.lib.php3');
$GLOBALS['mime_map'] = PMA_getMIME($db, $table); $GLOBALS['mime_map'] = PMA_getMIME($db, $table);
@@ -1000,7 +1000,7 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
$default_function = 'htmlspecialchars'; // default_function $default_function = 'htmlspecialchars'; // default_function
$transform_function = $default_function; $transform_function = $default_function;
$transform_options = array(); $transform_options = array();
if ($GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) { if ($GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) {
if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) && isset($GLOBALS['mime_map'][$meta->name]['transformation'])) { if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) && isset($GLOBALS['mime_map'][$meta->name]['transformation'])) {
@@ -1019,7 +1019,7 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
} }
} }
} }
$transform_options['wrapper_link'] = '?' $transform_options['wrapper_link'] = '?'
@@ -1110,10 +1110,10 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
$blobtext .= ' - '. $blob_size [0] . ' ' . $blob_size[1]; $blobtext .= ' - '. $blob_size [0] . ' ' . $blob_size[1];
unset($blob_size); unset($blob_size);
} }
$blobtext .= ']'; $blobtext .= ']';
$blobtext = ($default_function != $transform_function ? $transform_function($blobtext, $transform_options) : $default_function($blobtext)); $blobtext = ($default_function != $transform_function ? $transform_function($blobtext, $transform_options) : $default_function($blobtext));
$vertical_display['data'][$row_no][$i] = ' <td align="center" valign="top" bgcolor="' . $bgcolor . '">' . $blobtext . '</td>'; $vertical_display['data'][$row_no][$i] = ' <td align="center" valign="top" bgcolor="' . $bgcolor . '">' . $blobtext . '</td>';
} else { } else {
//if (!isset($row[$meta->name]) //if (!isset($row[$meta->name])
@@ -1127,11 +1127,11 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
} }
// loic1: displays all space characters, 4 space // loic1: displays all space characters, 4 space
// characters for tabulations and <cr>/<lf> // characters for tabulations and <cr>/<lf>
$row[$pointer] = ($default_function != $transform_function ? $transform_function('BLOB', $transform_options) : $default_function($row[$pointer])); $row[$pointer] = ($default_function != $transform_function ? $transform_function('BLOB', $transform_options) : $default_function($row[$pointer]));
$row[$pointer] = str_replace("\011", ' &nbsp;&nbsp;&nbsp;', str_replace(' ', ' &nbsp;', $row[$pointer])); $row[$pointer] = str_replace("\011", ' &nbsp;&nbsp;&nbsp;', str_replace(' ', ' &nbsp;', $row[$pointer]));
$row[$pointer] = ereg_replace("((\015\012)|(\015)|(\012))", '<br />', $row[$pointer]); $row[$pointer] = ereg_replace("((\015\012)|(\015)|(\012))", '<br />', $row[$pointer]);
$vertical_display['data'][$row_no][$i] = ' <td valign="top" bgcolor="' . $bgcolor . '">' . $row[$pointer] . '</td>' . "\n"; $vertical_display['data'][$row_no][$i] = ' <td valign="top" bgcolor="' . $bgcolor . '">' . $row[$pointer] . '</td>' . "\n";
} else { } else {
$vertical_display['data'][$row_no][$i] = ' <td valign="top" bgcolor="' . $bgcolor . '">&nbsp;</td>' . "\n"; $vertical_display['data'][$row_no][$i] = ' <td valign="top" bgcolor="' . $bgcolor . '">&nbsp;</td>' . "\n";
@@ -1169,7 +1169,7 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
$row[$pointer] = str_replace("\011", ' &nbsp;&nbsp;&nbsp;', str_replace(' ', ' &nbsp;', $row[$pointer])); $row[$pointer] = str_replace("\011", ' &nbsp;&nbsp;&nbsp;', str_replace(' ', ' &nbsp;', $row[$pointer]));
$row[$pointer] = ereg_replace("((\015\012)|(\015)|(\012))", '<br />', $row[$pointer]); $row[$pointer] = ereg_replace("((\015\012)|(\015)|(\012))", '<br />', $row[$pointer]);
} }
// loic1: do not wrap if date field type // loic1: do not wrap if date field type
$nowrap = (eregi('DATE|TIME', $meta->type) ? ' nowrap="nowrap"' : ''); $nowrap = (eregi('DATE|TIME', $meta->type) ? ' nowrap="nowrap"' : '');
$vertical_display['data'][$row_no][$i] = ' <td valign="top" bgcolor="' . $bgcolor . '"' . $nowrap . '>'; $vertical_display['data'][$row_no][$i] = ' <td valign="top" bgcolor="' . $bgcolor . '"' . $nowrap . '>';
@@ -1487,14 +1487,8 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
} }
} // end if } // end if
// 1.3 Urlencodes the query to use in input form fields ($sql_query // 1.3 Urlencodes the query to use in input form fields
// will be stripslashed in 'sql.php3' if the 'magic_quotes_gpc' $encoded_sql_query = urlencode($sql_query);
// directive is set to 'on')
if (get_magic_quotes_gpc()) {
$encoded_sql_query = urlencode(addslashes($sql_query));
} else {
$encoded_sql_query = urlencode($sql_query);
}
// 2. ----- Displays the top of the page ----- // 2. ----- Displays the top of the page -----

41
libraries/grab_globals.lib.php3
View File

@@ -5,24 +5,43 @@
/** /**
* This library grabs the names and values of the variables sent or posted to a * This library grabs the names and values of the variables sent or posted to a
* script in the '$HTTP_*_VARS' arrays and sets simple globals variables from * script in the '$HTTP_*_VARS' / $_* arrays and sets simple globals variables
* them. It does the same work for the $PHP_SELF variable. * from them. It does the same work for the $PHP_SELF variable.
* *
* loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+ * loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
*/ */
if (!defined('PMA_GRAB_GLOBALS_INCLUDED')) { if (!defined('PMA_GRAB_GLOBALS_INCLUDED')) {
define('PMA_GRAB_GLOBALS_INCLUDED', 1); define('PMA_GRAB_GLOBALS_INCLUDED', 1);
function PMA_gpc_extract($array, &$target) {
if (!is_array($array)) {
return FALSE;
}
$is_magic_quotes = get_magic_quotes_gpc();
reset($array);
while (list($key, $value) = each($array)) {
if (is_array($value)) {
PMA_gpc_extract($value, $target[$key]);
} else if ($is_magic_quotes) {
$target[$key] = stripslashes($value);
} else {
$target[$key] = $value;
}
}
reset($array);
return TRUE;
}
if (!empty($_GET)) { if (!empty($_GET)) {
extract($_GET, EXTR_OVERWRITE); PMA_gpc_extract($_GET, $GLOBALS);
} else if (!empty($HTTP_GET_VARS)) { } else if (!empty($HTTP_GET_VARS)) {
extract($HTTP_GET_VARS, EXTR_OVERWRITE); PMA_gpc_extract($HTTP_GET_VARS, $GLOBALS);
} // end if } // end if
if (!empty($_POST)) { if (!empty($_POST)) {
extract($_POST, EXTR_OVERWRITE); PMA_gpc_extract($_POST, $GLOBALS);
} else if (!empty($HTTP_POST_VARS)) { } else if (!empty($HTTP_POST_VARS)) {
extract($HTTP_POST_VARS, EXTR_OVERWRITE); PMA_gpc_extract($HTTP_POST_VARS, $GLOBALS);
} // end if } // end if
if (!empty($_FILES)) { if (!empty($_FILES)) {
@@ -46,15 +65,5 @@ if (!defined('PMA_GRAB_GLOBALS_INCLUDED')) {
unset($goto); unset($goto);
} // end if } // end if
// Strip slahes from $db / $table values
if (get_magic_quotes_gpc()) {
if (isset($db)) {
$db = stripslashes($db);
}
if (isset($table)) {
$table = stripslashes($table);
}
}
} // $__PMA_GRAB_GLOBALS_LIB__ } // $__PMA_GRAB_GLOBALS_LIB__
?> ?>

10
mult_submits.inc.php3
View File

@@ -9,9 +9,6 @@
if (!empty($submit_mult) if (!empty($submit_mult)
&& (!empty($selected_db) || !empty($selected_tbl) || !empty($selected_fld))) { && (!empty($selected_db) || !empty($selected_tbl) || !empty($selected_fld))) {
if (get_magic_quotes_gpc()) {
$submit_mult = stripslashes($submit_mult);
}
if (!empty($selected_db)) { if (!empty($selected_db)) {
$selected = $selected_db; $selected = $selected_db;
$what = 'drop_db'; $what = 'drop_db';
@@ -31,12 +28,12 @@ if (!empty($submit_mult)
case $strOptimizeTable: case $strOptimizeTable:
unset($submit_mult); unset($submit_mult);
$query_type = 'optimize_tbl'; $query_type = 'optimize_tbl';
$mult_btn = (get_magic_quotes_gpc() ? addslashes($strYes) : $strYes); $mult_btn = $strYes;
break; break;
case $strRepairTable: case $strRepairTable:
unset($submit_mult); unset($submit_mult);
$query_type = 'repair_tbl'; $query_type = 'repair_tbl';
$mult_btn = (get_magic_quotes_gpc() ? addslashes($strYes) : $strYes); $mult_btn = $strYes;
break; break;
} // end switch } // end switch
} }
@@ -133,8 +130,7 @@ if (!empty($submit_mult) && !empty($what)) {
/** /**
* Executes the query * Executes the query
*/ */
else if ((get_magic_quotes_gpc() && stripslashes($mult_btn) == $strYes) else if ($mult_btn == $strYes) {
|| $mult_btn == $strYes) {
$sql_query = ''; $sql_query = '';
$selected_cnt = count($selected); $selected_cnt = count($selected);

10
read_dump.php3
View File

@@ -307,9 +307,6 @@ if ($sql_file != 'none') {
} }
} // end uploaded file stuff } // end uploaded file stuff
} }
else if (empty($id_bookmark) && get_magic_quotes_gpc() == 1) {
$sql_query = stripslashes($sql_query);
}
// Kanji convert SQL textfile 2002/1/4 by Y.Kawada // Kanji convert SQL textfile 2002/1/4 by Y.Kawada
if (@function_exists('PMA_kanji_str_conv')) { if (@function_exists('PMA_kanji_str_conv')) {
@@ -373,12 +370,7 @@ if ($sql_query != '') {
if ($view_bookmark == 0) { if ($view_bookmark == 0) {
// Only one query to run // Only one query to run
if ($pieces_count == 1 && !empty($pieces[0])) { if ($pieces_count == 1 && !empty($pieces[0])) {
// sql.php3 will stripslash the query if get_magic_quotes_gpc $sql_query = $pieces[0];
if (get_magic_quotes_gpc() == 1) {
$sql_query = addslashes($pieces[0]);
} else {
$sql_query = $pieces[0];
}
if (eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $sql_query)) { if (eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $sql_query)) {
$reload = 1; $reload = 1;
} }

14
server_privileges.php3
View File

@@ -477,7 +477,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0)
. $spaces . ' </label>' . "\n" . $spaces . ' </label>' . "\n"
. $spaces . ' </td>' . "\n" . $spaces . ' </td>' . "\n"
. $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n"
. $spaces . ' <select name="pred_username" id="select_pred_username" title="' . $GLOBALS['strUserName'] . '" class="textfield"' . "\n" . $spaces . ' <select name="pred_username" id="select_pred_username" title="' . $GLOBALS['strUserName'] . '"' . "\n"
. $spaces . ' onchange="if (this.value == \'any\') { username.value = \'\'; } else if (this.value == \'userdefined\') { username.focus(); username.select(); }">' . "\n" . $spaces . ' onchange="if (this.value == \'any\') { username.value = \'\'; } else if (this.value == \'userdefined\') { username.focus(); username.select(); }">' . "\n"
. $spaces . ' <option value="any"' . ((isset($GLOBALS['pred_username']) && $GLOBALS['pred_username'] == 'any') ? ' selected="selected"' : '') . '>' . $GLOBALS['strAnyUser'] . '</option>' . "\n" . $spaces . ' <option value="any"' . ((isset($GLOBALS['pred_username']) && $GLOBALS['pred_username'] == 'any') ? ' selected="selected"' : '') . '>' . $GLOBALS['strAnyUser'] . '</option>' . "\n"
. $spaces . ' <option value="userdefined"' . ((!isset($GLOBALS['pred_username']) || $GLOBALS['pred_username'] == 'userdefined') ? ' selected="selected"' : '') . '>' . $GLOBALS['strUseTextField'] . ':</option>' . "\n" . $spaces . ' <option value="userdefined"' . ((!isset($GLOBALS['pred_username']) || $GLOBALS['pred_username'] == 'userdefined') ? ' selected="selected"' : '') . '>' . $GLOBALS['strUseTextField'] . ':</option>' . "\n"
@@ -494,7 +494,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0)
. $spaces . ' </label>' . "\n" . $spaces . ' </label>' . "\n"
. $spaces . ' </td>' . "\n" . $spaces . ' </td>' . "\n"
. $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n"
. $spaces . ' <select name="pred_hostname" id="select_pred_hostname" title="' . $GLOBALS['strHost'] . '" class="textfield"' . "\n"; . $spaces . ' <select name="pred_hostname" id="select_pred_hostname" title="' . $GLOBALS['strHost'] . '"' . "\n";
$res = PMA_mysql_query('SELECT USER();', $userlink); $res = PMA_mysql_query('SELECT USER();', $userlink);
$row = @PMA_mysql_fetch_row($res); $row = @PMA_mysql_fetch_row($res);
@mysql_free_result($res); @mysql_free_result($res);
@@ -529,7 +529,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0)
. $spaces . ' </label>' . "\n" . $spaces . ' </label>' . "\n"
. $spaces . ' </td>' . "\n" . $spaces . ' </td>' . "\n"
. $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n" . $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n"
. $spaces . ' <select name="pred_password" id="select_pred_password" title="' . $GLOBALS['strPassword'] . '" class="textfield"' . "\n" . $spaces . ' <select name="pred_password" id="select_pred_password" title="' . $GLOBALS['strPassword'] . '"' . "\n"
. $spaces . ' onchange="if (this.value == \'none\') { pma_pw.value = \'\'; pma_pw2.value = \'\'; } else if (this.value == \'userdefined\') { pma_pw.focus(); pma_pw.select(); }">' . "\n" . $spaces . ' onchange="if (this.value == \'none\') { pma_pw.value = \'\'; pma_pw2.value = \'\'; } else if (this.value == \'userdefined\') { pma_pw.focus(); pma_pw.select(); }">' . "\n"
. ($mode == 'change' ? $spaces . ' <option value="keep" selected="selected">' . $GLOBALS['strKeepPass'] . '</option>' . "\n" : '') . ($mode == 'change' ? $spaces . ' <option value="keep" selected="selected">' . $GLOBALS['strKeepPass'] . '</option>' . "\n" : '')
. $spaces . ' <option value="none">' . $GLOBALS['strNoPassword'] . '</option>' . "\n" . $spaces . ' <option value="none">' . $GLOBALS['strNoPassword'] . '</option>' . "\n"
@@ -1218,10 +1218,10 @@ if (empty($adduser) && empty($checkprivs)) {
unset($res); unset($res);
unset($row); unset($row);
if (!empty($pred_db_array)) { if (!empty($pred_db_array)) {
echo ' <select name="pred_dbname" class="textfield" onchange="this.form.submit();">' . "\n" echo ' <select name="pred_dbname" onchange="this.form.submit();">' . "\n"
. ' <option value="" selected="selected">' . $strUseTextField . ':</option>' . "\n"; . ' <option value="" selected="selected">' . $strUseTextField . ':</option>' . "\n";
while (list(, $current_db) = each($pred_db_array)) { while (list(, $current_db) = each($pred_db_array)) {
echo ' <option value="' . htmlspecialchars($current_db) . '">' . htmlspecialchars($current_db) . '</option>' . "\n"; echo ' <option value="' . htmlspecialchars(PMA_escape_mysql_wildcards($current_db)) . '">' . htmlspecialchars($current_db) . '</option>' . "\n";
} }
echo ' </select>' . "\n"; echo ' </select>' . "\n";
} }
@@ -1240,10 +1240,10 @@ if (empty($adduser) && empty($checkprivs)) {
unset($res); unset($res);
unset($row); unset($row);
if (!empty($pred_tbl_array)) { if (!empty($pred_tbl_array)) {
echo ' <select name="pred_tablename" class="textfield" onchange="this.form.submit();">' . "\n" echo ' <select name="pred_tablename" onchange="this.form.submit();">' . "\n"
. ' <option value="" selected="selected">' . $strUseTextField . ':</option>' . "\n"; . ' <option value="" selected="selected">' . $strUseTextField . ':</option>' . "\n";
while (list(, $current_table) = each($pred_tbl_array)) { while (list(, $current_table) = each($pred_tbl_array)) {
echo ' <option value="' . htmlspecialchars($current_table) . '">' . htmlspecialchars($current_table) . '</option>' . "\n"; echo ' <option value="' . htmlspecialchars(PMA_escape_mysql_wildcards($current_table)) . '">' . htmlspecialchars($current_table) . '</option>' . "\n";
} }
echo ' </select>' . "\n"; echo ' </select>' . "\n";
} }

11
sql.php3
View File

@@ -61,9 +61,6 @@ if (!defined('PMA_CHK_DROP')
* Bookmark add * Bookmark add
*/ */
if (isset($store_bkm)) { if (isset($store_bkm)) {
if (get_magic_quotes_gpc()) {
$fields['label'] = stripslashes($fields['label']);
}
include('./libraries/bookmark.lib.php3'); include('./libraries/bookmark.lib.php3');
PMA_addBookmarks($fields, $cfg['Bookmark']); PMA_addBookmarks($fields, $cfg['Bookmark']);
header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto); header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto);
@@ -83,7 +80,7 @@ if (isset($btnDrop) || isset($navig)) {
* Reformat the query * Reformat the query
*/ */
$parsed_sql = PMA_SQP_parse((get_magic_quotes_gpc() ? stripslashes($sql_query) : $sql_query)); $parsed_sql = PMA_SQP_parse($sql_query);
$analyzed_sql = PMA_SQP_analyze($parsed_sql); $analyzed_sql = PMA_SQP_analyze($parsed_sql);
// Bug #641765 - Robbat2 - 12 January 2003, 10:49PM // Bug #641765 - Robbat2 - 12 January 2003, 10:49PM
// Reverted - Robbat2 - 13 January 2003, 2:40PM // Reverted - Robbat2 - 13 January 2003, 2:40PM
@@ -172,8 +169,6 @@ if (!$cfg['Confirm']
} }
if ($do_confirm) { if ($do_confirm) {
// already stripped at beginning of script
//$stripped_sql_query = (get_magic_quotes_gpc() ? stripslashes($sql_query) : $sql_query);
$stripped_sql_query = $sql_query; $stripped_sql_query = $sql_query;
include('./header.inc.php3'); include('./header.inc.php3');
echo $strDoYouReally . '&nbsp;:<br />' . "\n"; echo $strDoYouReally . '&nbsp;:<br />' . "\n";
@@ -202,10 +197,6 @@ else {
if (!isset($sql_query)) { if (!isset($sql_query)) {
$sql_query = ''; $sql_query = '';
} }
// already stripped at beginning of script
// else if (get_magic_quotes_gpc()) {
// $sql_query = stripslashes($sql_query);
//}
// Defines some variables // Defines some variables
// loic1: A table has to be created -> left frame should be reloaded // loic1: A table has to be created -> left frame should be reloaded
if ((!isset($reload) || $reload == 0) if ((!isset($reload) || $reload == 0)

25
tbl_addfield.php3
View File

@@ -43,9 +43,6 @@ if (isset($submit)) {
if (empty($field_name[$i])) { if (empty($field_name[$i])) {
continue; continue;
} }
if (get_magic_quotes_gpc()) {
$field_name[$i] = stripslashes($field_name[$i]);
}
if (PMA_MYSQL_INT_VERSION < 32306) { if (PMA_MYSQL_INT_VERSION < 32306) {
PMA_checkReservedWords($field_name[$i], $err_url); PMA_checkReservedWords($field_name[$i], $err_url);
} }
@@ -53,11 +50,7 @@ if (isset($submit)) {
$query .= PMA_backquote($field_name[$i]) . ' ' . $field_type[$i]; $query .= PMA_backquote($field_name[$i]) . ' ' . $field_type[$i];
if ($field_length[$i] != '' if ($field_length[$i] != ''
&& !eregi('^(DATE|DATETIME|TIME|TINYBLOB|TINYTEXT|BLOB|TEXT|MEDIUMBLOB|MEDIUMTEXT|LONGBLOB|LONGTEXT)$', $field_type[$i])) { && !eregi('^(DATE|DATETIME|TIME|TINYBLOB|TINYTEXT|BLOB|TEXT|MEDIUMBLOB|MEDIUMTEXT|LONGBLOB|LONGTEXT)$', $field_type[$i])) {
if (get_magic_quotes_gpc()) { $query .= '(' . $field_length[$i] . ')';
$query .= '(' . stripslashes($field_length[$i]) . ')';
} else {
$query .= '(' . $field_length[$i] . ')';
}
} }
if ($field_attribute[$i] != '') { if ($field_attribute[$i] != '') {
$query .= ' ' . $field_attribute[$i]; $query .= ' ' . $field_attribute[$i];
@@ -65,8 +58,6 @@ if (isset($submit)) {
if ($field_default[$i] != '') { if ($field_default[$i] != '') {
if (strtoupper($field_default[$i]) == 'NULL') { if (strtoupper($field_default[$i]) == 'NULL') {
$query .= ' DEFAULT NULL'; $query .= ' DEFAULT NULL';
} else if (get_magic_quotes_gpc()) {
$query .= ' DEFAULT \'' . PMA_sqlAddslashes(stripslashes($field_default[$i])) . '\'';
} else { } else {
$query .= ' DEFAULT \'' . PMA_sqlAddslashes($field_default[$i]) . '\''; $query .= ' DEFAULT \'' . PMA_sqlAddslashes($field_default[$i]) . '\'';
} }
@@ -95,18 +86,10 @@ if (isset($submit)) {
if ($after_field == '--first--') { if ($after_field == '--first--') {
$query .= ' FIRST'; $query .= ' FIRST';
} else { } else {
if (get_magic_quotes_gpc()) { $query .= ' AFTER ' . PMA_backquote(urldecode($after_field));
$query .= ' AFTER ' . PMA_backquote(stripslashes(urldecode($after_field)));
} else {
$query .= ' AFTER ' . PMA_backquote(urldecode($after_field));
}
} }
} else { } else {
if (get_magic_quotes_gpc()) { $query .= ' AFTER ' . PMA_backquote($field_name[$i-1]);
$query .= ' AFTER ' . PMA_backquote(stripslashes($field_name[$i-1]));
} else {
$query .= ' AFTER ' . PMA_backquote($field_name[$i-1]);
}
} }
} }
$query .= ', ADD '; $query .= ', ADD ';
@@ -205,7 +188,7 @@ if (isset($submit)) {
PMA_setComment($db, $table, $field_name[$fieldindex], $fieldcomment); PMA_setComment($db, $table, $field_name[$fieldindex], $fieldcomment);
} }
} }
// garvin: Update comment table for mime types [MIME] // garvin: Update comment table for mime types [MIME]
if (isset($field_mimetype) && is_array($field_mimetype) && $cfgRelation['commwork'] && $cfgRelation['mimework'] && $cfg['BrowseMIME']) { if (isset($field_mimetype) && is_array($field_mimetype) && $cfgRelation['commwork'] && $cfgRelation['mimework'] && $cfg['BrowseMIME']) {
@reset($field_mimetype); @reset($field_mimetype);

16
tbl_change.php3
View File

@@ -18,7 +18,7 @@ require('./libraries/relation.lib.php3'); // foreign keys
if (!empty($message)) { if (!empty($message)) {
if (isset($goto)) { if (isset($goto)) {
$goto_cpy = $goto; $goto_cpy = $goto;
$goto = 'tbl_properties.php3?' $goto = 'tbl_properties.php3?'
. PMA_generate_common_url($db, $table) . PMA_generate_common_url($db, $table)
. '&amp;$show_query=1' . '&amp;$show_query=1'
. '&amp;sql_query=' . urlencode($disp_query); . '&amp;sql_query=' . urlencode($disp_query);
@@ -30,7 +30,7 @@ if (!empty($message)) {
unset($sql_query); unset($sql_query);
} }
if (isset($disp_query)) { if (isset($disp_query)) {
$sql_query = (get_magic_quotes_gpc() ? stripslashes($disp_query) : $disp_query); $sql_query = $disp_query;
} }
PMA_showMessage($message); PMA_showMessage($message);
if (isset($goto_cpy)) { if (isset($goto_cpy)) {
@@ -42,14 +42,6 @@ if (!empty($message)) {
unset($sql_query_cpy); unset($sql_query_cpy);
} }
} }
if (get_magic_quotes_gpc()) {
if (!empty($sql_query)) {
$sql_query = stripslashes($sql_query);
}
if (!empty($primary_key)) {
$primary_key = stripslashes($primary_key);
}
} // end if
/** /**
@@ -528,7 +520,7 @@ for ($i = 0; $i < $fields_cnt; $i++) {
echo "\n"; echo "\n";
?> ?>
<td align="center" bgcolor="<?php echo $bgcolor; ?>"> <td align="center" bgcolor="<?php echo $bgcolor; ?>">
<?php <?php
echo $strBinaryDoNotEdit; echo $strBinaryDoNotEdit;
if (isset($data)) { if (isset($data)) {
$data_size = PMA_formatByteDown(strlen(stripslashes($data)), 3, 1); $data_size = PMA_formatByteDown(strlen(stripslashes($data)), 3, 1);
@@ -572,7 +564,7 @@ for ($i = 0; $i < $fields_cnt; $i++) {
echo '<input type="file" name="fields_upload_' . urlencode($field) . '" class="textfield" id="field_' . $i . '_3" />'; echo '<input type="file" name="fields_upload_' . urlencode($field) . '" class="textfield" id="field_' . $i . '_3" />';
} }
echo '</td>'; echo '</td>';
} // end else if ( binary or blob) } // end else if ( binary or blob)
else { else {
// For char or varchar, respect the maximum length (M); for other // For char or varchar, respect the maximum length (M); for other

26
tbl_create.php3
View File

@@ -49,19 +49,12 @@ if (isset($submit)) {
if (empty($field_name[$i])) { if (empty($field_name[$i])) {
continue; continue;
} }
if (get_magic_quotes_gpc()) {
$field_name[$i] = stripslashes($field_name[$i]);
}
if (PMA_MYSQL_INT_VERSION < 32306) { if (PMA_MYSQL_INT_VERSION < 32306) {
PMA_checkReservedWords($field_name[$i], $err_url); PMA_checkReservedWords($field_name[$i], $err_url);
} }
$query = PMA_backquote($field_name[$i]) . ' ' . $field_type[$i]; $query = PMA_backquote($field_name[$i]) . ' ' . $field_type[$i];
if ($field_length[$i] != '') { if ($field_length[$i] != '') {
if (get_magic_quotes_gpc()) { $query .= '(' . $field_length[$i] . ')';
$query .= '(' . stripslashes($field_length[$i]) . ')';
} else {
$query .= '(' . $field_length[$i] . ')';
}
} }
if ($field_attribute[$i] != '') { if ($field_attribute[$i] != '') {
$query .= ' ' . $field_attribute[$i]; $query .= ' ' . $field_attribute[$i];
@@ -69,8 +62,6 @@ if (isset($submit)) {
if ($field_default[$i] != '') { if ($field_default[$i] != '') {
if (strtoupper($field_default[$i]) == 'NULL') { if (strtoupper($field_default[$i]) == 'NULL') {
$query .= ' DEFAULT NULL'; $query .= ' DEFAULT NULL';
} else if (get_magic_quotes_gpc()) {
$query .= ' DEFAULT \'' . PMA_sqlAddslashes(stripslashes($field_default[$i])) . '\'';
} else { } else {
$query .= ' DEFAULT \'' . PMA_sqlAddslashes($field_default[$i]) . '\''; $query .= ' DEFAULT \'' . PMA_sqlAddslashes($field_default[$i]) . '\'';
} }
@@ -96,9 +87,6 @@ if (isset($submit)) {
for ($i = 0; $i < $primary_cnt; $i++) { for ($i = 0; $i < $primary_cnt; $i++) {
$j = $field_primary[$i]; $j = $field_primary[$i];
if (!empty($field_name[$j])) { if (!empty($field_name[$j])) {
if (get_magic_quotes_gpc()) {
$field_name[$j] = stripslashes($field_name[$j]);
}
$primary .= PMA_backquote($field_name[$j]) . ', '; $primary .= PMA_backquote($field_name[$j]) . ', ';
} }
} // end for } // end for
@@ -116,9 +104,6 @@ if (isset($submit)) {
for ($i = 0;$i < $index_cnt; $i++) { for ($i = 0;$i < $index_cnt; $i++) {
$j = $field_index[$i]; $j = $field_index[$i];
if (!empty($field_name[$j])) { if (!empty($field_name[$j])) {
if (get_magic_quotes_gpc()) {
$field_name[$j] = stripslashes($field_name[$j]);
}
$index .= PMA_backquote($field_name[$j]) . ', '; $index .= PMA_backquote($field_name[$j]) . ', ';
} }
} // end for } // end for
@@ -136,9 +121,6 @@ if (isset($submit)) {
for ($i = 0; $i < $unique_cnt; $i++) { for ($i = 0; $i < $unique_cnt; $i++) {
$j = $field_unique[$i]; $j = $field_unique[$i];
if (!empty($field_name[$j])) { if (!empty($field_name[$j])) {
if (get_magic_quotes_gpc()) {
$field_name[$j] = stripslashes($field_name[$j]);
}
$unique .= PMA_backquote($field_name[$j]) . ', '; $unique .= PMA_backquote($field_name[$j]) . ', ';
} }
} // end for } // end for
@@ -156,9 +138,6 @@ if (isset($submit)) {
for ($i = 0; $i < $fulltext_cnt; $i++) { for ($i = 0; $i < $fulltext_cnt; $i++) {
$j = $field_fulltext[$i]; $j = $field_fulltext[$i];
if (!empty($field_name[$j])) { if (!empty($field_name[$j])) {
if (get_magic_quotes_gpc()) {
$field_name[$j] = stripslashes($field_name[$j]);
}
$fulltext .= PMA_backquote($field_name[$j]) . ', '; $fulltext .= PMA_backquote($field_name[$j]) . ', ';
} }
} // end for } // end for
@@ -180,9 +159,6 @@ if (isset($submit)) {
$query_cpy .= ' TYPE = ' . $tbl_type; $query_cpy .= ' TYPE = ' . $tbl_type;
} }
if (PMA_MYSQL_INT_VERSION >= 32300 && !empty($comment)) { if (PMA_MYSQL_INT_VERSION >= 32300 && !empty($comment)) {
if (get_magic_quotes_gpc()) {
$comment = stripslashes($comment);
}
$sql_query .= ' COMMENT = \'' . PMA_sqlAddslashes($comment) . '\''; $sql_query .= ' COMMENT = \'' . PMA_sqlAddslashes($comment) . '\'';
$query_cpy .= "\n" . 'COMMENT = \'' . PMA_sqlAddslashes($comment) . '\''; $query_cpy .= "\n" . 'COMMENT = \'' . PMA_sqlAddslashes($comment) . '\'';
} }

7
tbl_dump.php3
View File

@@ -289,7 +289,7 @@ else {
} }
if ((isset($tmp_select) && strpos(' ' . $tmp_select, '|' . $table . '|')) if ((isset($tmp_select) && strpos(' ' . $tmp_select, '|' . $table . '|'))
|| (!isset($tmp_select) && !empty($table))) { || (!isset($tmp_select) && !empty($table))) {
$dump_buffer .= PMA_getTableXML($db, $table, $limit_from, $limit_to, $crlf, $err_url, $dump_buffer .= PMA_getTableXML($db, $table, $limit_from, $limit_to, $crlf, $err_url,
(isset($sql_query)?urldecode($sql_query):'')); (isset($sql_query)?urldecode($sql_query):''));
} }
$i++; $i++;
@@ -327,7 +327,7 @@ else {
|| (!isset($tmp_select) && !empty($table))) { || (!isset($tmp_select) && !empty($table))) {
// to do: add option for the formatting ( c, l, r, p) // to do: add option for the formatting ( c, l, r, p)
$dump_buffer .= PMA_getTableLatex($db, $table, $environment, $limit_from, $limit_to, $crlf, $err_url, $dump_buffer .= PMA_getTableLatex($db, $table, $environment, $limit_from, $limit_to, $crlf, $err_url,
(isset($sql_query)?urldecode($sql_query):'')); (isset($sql_query)?urldecode($sql_query):''));
} }
$i++; $i++;
@@ -343,9 +343,6 @@ else {
} else if (empty($add_character)) { } else if (empty($add_character)) {
$add_character = $GLOBALS['crlf']; $add_character = $GLOBALS['crlf'];
} else { } else {
if (get_magic_quotes_gpc()) {
$add_character = stripslashes($add_character);
}
$add_character = str_replace('\\r', "\015", $add_character); $add_character = str_replace('\\r', "\015", $add_character);
$add_character = str_replace('\\n', "\012", $add_character); $add_character = str_replace('\\n', "\012", $add_character);
$add_character = str_replace('\\t', "\011", $add_character); $add_character = str_replace('\\t', "\011", $add_character);

15
tbl_indexes.php3
View File

@@ -143,19 +143,6 @@ if ($fields_rs) {
} }
/**
* Stipslashes some variables if required
*/
if (get_magic_quotes_gpc()) {
if (isset($index)) {
$index = stripslashes($index);
}
if (isset($old_index)) {
$old_index = stripslashes($old_index);
}
} // end if
/** /**
* Do run the query to build the new index and moves back to * Do run the query to build the new index and moves back to
* "tbl_properties.php3" * "tbl_properties.php3"
@@ -212,7 +199,7 @@ if (!defined('PMA_IDX_INCLUDED')
while (list($i, $name) = each($column)) { while (list($i, $name) = each($column)) {
if ($name != '--ignore--') { if ($name != '--ignore--') {
$index_fields .= (empty($index_fields) ? '' : ',') $index_fields .= (empty($index_fields) ? '' : ',')
. PMA_backquote(get_magic_quotes_gpc() ? stripslashes($name) : $name) . PMA_backquote($name)
. (empty($sub_part[$i]) ? '' : '(' . $sub_part[$i] . ')'); . (empty($sub_part[$i]) ? '' : '(' . $sub_part[$i] . ')');
} }
} // end while } // end while

9
tbl_move_copy.php3
View File

@@ -50,15 +50,6 @@ if (isset($new_name) && trim($new_name) != '') {
$use_backquotes = 1; $use_backquotes = 1;
$asfile = 1; $asfile = 1;
if (get_magic_quotes_gpc()) {
if (!empty($target_db)) {
$target_db = stripslashes($target_db);
} else {
$target_db = stripslashes($db);
}
$new_name = stripslashes($new_name);
}
// Ensure the target is valid // Ensure the target is valid
if (count($dblist) > 0 && if (count($dblist) > 0 &&
(PMA_isInto($db, $dblist) == -1 || PMA_isInto($target_db, $dblist) == -1)) { (PMA_isInto($db, $dblist) == -1 || PMA_isInto($target_db, $dblist) == -1)) {

43
tbl_properties.inc.php3
View File

@@ -82,13 +82,13 @@ for ($i = 0 ; $i < $num_fields; $i++) {
// Cell index: If certain fields get left out, the counter shouldn't chage. // Cell index: If certain fields get left out, the counter shouldn't chage.
$ci = 0; $ci = 0;
if ($is_backup) { if ($is_backup) {
$content_cells[$i][$ci] = "\n" . '<input type="hidden" name="field_orig[]" value="' . (isset($row) && isset($row['Field']) ? urlencode($row['Field']) : '') . '" />' . "\n"; $content_cells[$i][$ci] = "\n" . '<input type="hidden" name="field_orig[]" value="' . (isset($row) && isset($row['Field']) ? urlencode($row['Field']) : '') . '" />' . "\n";
} else { } else {
$content_cells[$i][$ci] = ''; $content_cells[$i][$ci] = '';
} }
$content_cells[$i][$ci] .= "\n" . '<input id="field_' . $i . '_1" type="text" name="field_name[]" size="10" maxlength="64" value="' . (isset($row) && isset($row['Field']) ? str_replace('"', '&quot;', $row['Field']) : '') . '" class="textfield" />'; $content_cells[$i][$ci] .= "\n" . '<input id="field_' . $i . '_1" type="text" name="field_name[]" size="10" maxlength="64" value="' . (isset($row) && isset($row['Field']) ? str_replace('"', '&quot;', $row['Field']) : '') . '" class="textfield" />';
$ci++; $ci++;
$content_cells[$i][$ci] = '<select name="field_type[]" id="field_' . $i . '_2">' . "\n"; $content_cells[$i][$ci] = '<select name="field_type[]" id="field_' . $i . '_2">' . "\n";
@@ -97,9 +97,6 @@ for ($i = 0 ; $i < $num_fields; $i++) {
$row['Type'] = ''; $row['Type'] = '';
$type = ''; $type = '';
} }
else if (get_magic_quotes_gpc()) {
$type = stripslashes($row['Type']);
}
else { else {
$type = $row['Type']; $type = $row['Type'];
} }
@@ -130,19 +127,19 @@ for ($i = 0 ; $i < $num_fields; $i++) {
} }
$content_cells[$i][$ci] .= '>' . $cfg['ColumnTypes'][$j] . '</option>' . "\n"; $content_cells[$i][$ci] .= '>' . $cfg['ColumnTypes'][$j] . '</option>' . "\n";
} // end for } // end for
$content_cells[$i][$ci] .= ' </select>'; $content_cells[$i][$ci] .= ' </select>';
$ci++; $ci++;
if ($is_backup) { if ($is_backup) {
$content_cells[$i][$ci] = "\n" . '<input type="hidden" name="field_length_orig[]" value="' . urlencode($length) . '" />'; $content_cells[$i][$ci] = "\n" . '<input type="hidden" name="field_length_orig[]" value="' . urlencode($length) . '" />';
} else { } else {
$content_cells[$i][$ci] = ''; $content_cells[$i][$ci] = '';
} }
$content_cells[$i][$ci] .= "\n" . '<input id="field_' . $i . '_3" type="text" name="field_length[]" size="8" value="' . str_replace('"', '&quot;', $length) . '" class="textfield" />' . "\n"; $content_cells[$i][$ci] .= "\n" . '<input id="field_' . $i . '_3" type="text" name="field_length[]" size="8" value="' . str_replace('"', '&quot;', $length) . '" class="textfield" />' . "\n";
$ci++; $ci++;
$content_cells[$i][$ci] = '<select name="field_attribute[]" id="field_' . $i . '_4">' . "\n"; $content_cells[$i][$ci] = '<select name="field_attribute[]" id="field_' . $i . '_4">' . "\n";
if (eregi('^(set|enum)$', $type)) { if (eregi('^(set|enum)$', $type)) {
@@ -171,10 +168,10 @@ for ($i = 0 ; $i < $num_fields; $i++) {
} }
$content_cells[$i][3] .= '>' . $cfg['AttributeTypes'][$j] . '</option>' . "\n"; $content_cells[$i][3] .= '>' . $cfg['AttributeTypes'][$j] . '</option>' . "\n";
} }
$content_cells[$i][$ci] .= '</select>'; $content_cells[$i][$ci] .= '</select>';
$ci++; $ci++;
$content_cells[$i][$ci] = '<select name="field_null[]" id="field_' . $i . '_5">'; $content_cells[$i][$ci] = '<select name="field_null[]" id="field_' . $i . '_5">';
if (!isset($row) || empty($row['Null'])) { if (!isset($row) || empty($row['Null'])) {
@@ -189,7 +186,7 @@ for ($i = 0 ; $i < $num_fields; $i++) {
$content_cells[$i][$ci] .= "\n" . '</select>'; $content_cells[$i][$ci] .= "\n" . '</select>';
$ci++; $ci++;
if (isset($row) if (isset($row)
&& !isset($row['Default']) && !empty($row['Null'])) { && !isset($row['Default']) && !empty($row['Null'])) {
$row['Default'] = 'NULL'; $row['Default'] = 'NULL';
@@ -200,10 +197,10 @@ for ($i = 0 ; $i < $num_fields; $i++) {
} else { } else {
$content_cells[$i][5] = "\n"; $content_cells[$i][5] = "\n";
} }
$content_cells[$i][$ci] .= '<input id="field_' . $i . '_6" type="text" name="field_default[]" size="8" value="' . (isset($row) && isset($row['Default']) ? str_replace('"', '&quot;', $row['Default']) : '') . '" class="textfield" />'; $content_cells[$i][$ci] .= '<input id="field_' . $i . '_6" type="text" name="field_default[]" size="8" value="' . (isset($row) && isset($row['Default']) ? str_replace('"', '&quot;', $row['Default']) : '') . '" class="textfield" />';
$ci++; $ci++;
$content_cells[$i][$ci] = '<select name="field_extra[]" id="field_' . $i . '_7">'; $content_cells[$i][$ci] = '<select name="field_extra[]" id="field_' . $i . '_7">';
if(!isset($row) || empty($row['Extra'])) { if(!isset($row) || empty($row['Extra'])) {
@@ -215,7 +212,7 @@ for ($i = 0 ; $i < $num_fields; $i++) {
$content_cells[$i][$ci] .= '<option value="AUTO_INCREMENT">auto_increment</option>' . "\n"; $content_cells[$i][$ci] .= '<option value="AUTO_INCREMENT">auto_increment</option>' . "\n";
$content_cells[$i][$ci] .= '<option value=""></option>' . "\n"; $content_cells[$i][$ci] .= '<option value=""></option>' . "\n";
} }
$content_cells[$i][$ci] .= "\n" . '</select>'; $content_cells[$i][$ci] .= "\n" . '</select>';
$ci++; $ci++;
@@ -238,7 +235,7 @@ for ($i = 0 ; $i < $num_fields; $i++) {
$content_cells[$i][$ci] .= ' <option value="' . str_replace('/', '_', $mimetype) . '" ' . $checked . '>' . htmlspecialchars($mimetype) . '</option>'; $content_cells[$i][$ci] .= ' <option value="' . str_replace('/', '_', $mimetype) . '" ' . $checked . '>' . htmlspecialchars($mimetype) . '</option>';
} }
} }
$content_cells[$i][$ci] .= '</select>'; $content_cells[$i][$ci] .= '</select>';
$ci++; $ci++;
@@ -251,7 +248,7 @@ for ($i = 0 ; $i < $num_fields; $i++) {
$content_cells[$i][$ci] .= '<option value="' . $available_mime['transformation_file'][$mimekey] . '" ' . $checked . '>' . htmlspecialchars($transform) . '</option>' . "\n"; $content_cells[$i][$ci] .= '<option value="' . $available_mime['transformation_file'][$mimekey] . '" ' . $checked . '>' . htmlspecialchars($transform) . '</option>' . "\n";
} }
} }
$content_cells[$i][$ci] .= '</select>'; $content_cells[$i][$ci] .= '</select>';
$ci++; $ci++;
@@ -287,19 +284,19 @@ for ($i = 0 ; $i < $num_fields; $i++) {
} else { } else {
$checked_fulltext = ''; $checked_fulltext = '';
} }
$content_cells[$i][$ci] = "\n" . '<input type="radio" name="field_key_' . $i . '" value="primary_' . $i . '"' . $checked_primary . ' />'; $content_cells[$i][$ci] = "\n" . '<input type="radio" name="field_key_' . $i . '" value="primary_' . $i . '"' . $checked_primary . ' />';
$ci++; $ci++;
$content_cells[$i][$ci] = "\n" . '<input type="radio" name="field_key_' . $i . '" value="index_' . $i . '"' . $checked_index . ' />'; $content_cells[$i][$ci] = "\n" . '<input type="radio" name="field_key_' . $i . '" value="index_' . $i . '"' . $checked_index . ' />';
$ci++; $ci++;
$content_cells[$i][$ci] = "\n" . '<input type="radio" name="field_key_' . $i . '" value="unique_' . $i . '"' . $checked_unique . ' />'; $content_cells[$i][$ci] = "\n" . '<input type="radio" name="field_key_' . $i . '" value="unique_' . $i . '"' . $checked_unique . ' />';
$ci++; $ci++;
$content_cells[$i][$ci] = "\n" . '<input type="radio" name="field_key_' . $i . '" value="none_' . $i . '"' . $checked_none . ' />'; $content_cells[$i][$ci] = "\n" . '<input type="radio" name="field_key_' . $i . '" value="none_' . $i . '"' . $checked_none . ' />';
$ci++; $ci++;
if (PMA_MYSQL_INT_VERSION >= 32323) { if (PMA_MYSQL_INT_VERSION >= 32323) {
$content_cells[$i][$ci] = '<input type="checkbox" name="field_fulltext[]" value="' . $i . '"' . $checked_fulltext . ' />'; $content_cells[$i][$ci] = '<input type="checkbox" name="field_fulltext[]" value="' . $i . '"' . $checked_fulltext . ' />';
} // end if (PMA_MYSQL_INT_VERSION >= 32323) } // end if (PMA_MYSQL_INT_VERSION >= 32323)
@@ -327,7 +324,7 @@ while(@list($content_nr, $content_row) = @each($content_cells)) {
echo "\n" . '<tr>' . "\n"; echo "\n" . '<tr>' . "\n";
$bgcolor = ($i % 2) ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']; $bgcolor = ($i % 2) ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo'];
while(list($content_row_nr, $content_row_val) = @each($content_row)) { while(list($content_row_nr, $content_row_val) = @each($content_row)) {
?> ?>
<td bgcolor="<?php echo $bgcolor; ?>"><?php echo $content_row_val; ?></td> <td bgcolor="<?php echo $bgcolor; ?>"><?php echo $content_row_val; ?></td>

2
tbl_properties_operations.php3
View File

@@ -25,7 +25,7 @@ if (isset($submitorderby) && !empty($order_field)) {
$sql_query = 'ALTER TABLE ' . PMA_backquote($table) $sql_query = 'ALTER TABLE ' . PMA_backquote($table)
. ' ORDER BY ' . PMA_backquote(urldecode($order_field)); . ' ORDER BY ' . PMA_backquote(urldecode($order_field));
$result = PMA_mysql_query($sql_query) or PMA_mysqlDie('', $sql_query, '', $err_url); $result = PMA_mysql_query($sql_query) or PMA_mysqlDie('', $sql_query, '', $err_url);
PMA_showMessage((get_magic_quotes_gpc()) ? addslashes($strSuccess) : $strSuccess); PMA_showMessage($strSuccess);
} // end if } // end if

5
tbl_properties_options.php3
View File

@@ -14,9 +14,6 @@ $url_query .= '&amp;goto=tbl_properties_options.php3&amp;back=tbl_properties_opt
* Updates table comment, type and options if required * Updates table comment, type and options if required
*/ */
if (isset($submitcomment)) { if (isset($submitcomment)) {
if (get_magic_quotes_gpc()) {
$comment = stripslashes($comment);
}
if (empty($prev_comment) || urldecode($prev_comment) != $comment) { if (empty($prev_comment) || urldecode($prev_comment) != $comment) {
$sql_query = 'ALTER TABLE ' . PMA_backquote($table) . ' COMMENT = \'' . PMA_sqlAddslashes($comment) . '\''; $sql_query = 'ALTER TABLE ' . PMA_backquote($table) . ' COMMENT = \'' . PMA_sqlAddslashes($comment) . '\'';
$result = PMA_mysql_query($sql_query) or PMA_mysqlDie('', $sql_query, '', $err_url); $result = PMA_mysql_query($sql_query) or PMA_mysqlDie('', $sql_query, '', $err_url);
@@ -39,7 +36,7 @@ if (isset($submitoptions)) {
// Displays a message if a query had been submitted // Displays a message if a query had been submitted
if (isset($message)) { if (isset($message)) {
PMA_showMessage((get_magic_quotes_gpc()) ? addslashes($message) : $message); PMA_showMessage($message);
} }

11
tbl_query_box.php3
View File

@@ -12,9 +12,6 @@ if (isset($show_query) && $show_query == '1') {
$query_to_display = $sql_query_cpy; $query_to_display = $sql_query_cpy;
} }
// Other cases // Other cases
else if (get_magic_quotes_gpc()) {
$query_to_display = stripslashes($sql_query);
}
else { else {
$query_to_display = $sql_query; $query_to_display = $sql_query;
} }
@@ -67,7 +64,7 @@ if ($cfg['QueryFrame'] && (!$cfg['QueryFrameJS'] || ($cfg['QueryFrameJS'] && !$d
} else { } else {
$num_dbs = 0; $num_dbs = 0;
} }
if ($num_dbs > 0) { if ($num_dbs > 0) {
$queryframe_db_list = '<select size=1 name="db">'; $queryframe_db_list = '<select size=1 name="db">';
for ($i = 0; $i < $num_dbs; $i++) { for ($i = 0; $i < $num_dbs; $i++) {
@@ -217,10 +214,10 @@ if (!isset($is_inside_querywindow) || (isset($is_inside_querywindow) && $is_insi
if (!isset($is_inside_querywindow) || if (!isset($is_inside_querywindow) ||
(isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full'))) { (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full'))) {
// loic1: displays import dump feature only if file upload available // loic1: displays import dump feature only if file upload available
$ldi_target = 'ldi_table.php3?' . $url_query; $ldi_target = 'ldi_table.php3?' . $url_query;
if ($is_upload && isset($db) && isset($table)) { if ($is_upload && isset($db) && isset($table)) {
?> ?>
<!-- Insert a text file --> <!-- Insert a text file -->
@@ -233,4 +230,4 @@ if (!isset($is_inside_querywindow) ||
} }
echo "\n"; echo "\n";
?> ?>
</form> </form>

3
tbl_rename.php3
View File

@@ -23,9 +23,6 @@ $err_url = 'tbl_properties.php3?' . PMA_generate_common_url($db, $table);
if (isset($new_name) && trim($new_name) != '') { if (isset($new_name) && trim($new_name) != '') {
$old_name = $table; $old_name = $table;
$table = $new_name; $table = $new_name;
if (get_magic_quotes_gpc()) {
$new_name = stripslashes($new_name);
}
// Ensure the target is valid // Ensure the target is valid
if (count($dblist) > 0 && PMA_isInto($db, $dblist) == -1) { if (count($dblist) > 0 && PMA_isInto($db, $dblist) == -1) {

3
tbl_replace.php3
View File

@@ -66,9 +66,6 @@ if (isset($funcs)) {
} }
// Misc // Misc
if (get_magic_quotes_gpc()) {
$submit_type = stripslashes($submit_type);
}
$seen_binary = FALSE; $seen_binary = FALSE;
/** /**

16
tbl_replace_fields.php3
View File

@@ -8,14 +8,14 @@
// f i e l d u p l o a d e d f r o m a f i l e // f i e l d u p l o a d e d f r o m a f i l e
// garvin: original if-clause checked, whether input was stored in a possible fields_upload_XX var. // garvin: original if-clause checked, whether input was stored in a possible fields_upload_XX var.
// Now check, if the field is set. If it is empty or a malicious file, do not alter fields contents. // Now check, if the field is set. If it is empty or a malicious file, do not alter fields contents.
// If an empty or invalid file is specified, the binary data gets deleter. Maybe a nice // If an empty or invalid file is specified, the binary data gets deleter. Maybe a nice
// new text-variable is appropriate to document this behaviour. // new text-variable is appropriate to document this behaviour.
// garvin: security cautions! You could trick the form and submit any file the webserver has access to // garvin: security cautions! You could trick the form and submit any file the webserver has access to
// for upload to a binary field. Shouldn't be that easy! ;) // for upload to a binary field. Shouldn't be that easy! ;)
// garvin: default is to advance to the field-value parsing. Will only be set to true when a // garvin: default is to advance to the field-value parsing. Will only be set to true when a
// binary file is uploaded, thus bypassing further manipulation of $val. // binary file is uploaded, thus bypassing further manipulation of $val.
$check_stop = false; $check_stop = false;
@@ -34,7 +34,7 @@
// nijel: This is probably the best way how to put binary data // nijel: This is probably the best way how to put binary data
// into MySQL and it also allow not to care about charset // into MySQL and it also allow not to care about charset
// conversion that would otherwise corrupt the data. // conversion that would otherwise corrupt the data.
if (!empty($val)) { if (!empty($val)) {
// garvin: The upload was valid. Check in new blob-field's contents. // garvin: The upload was valid. Check in new blob-field's contents.
$val = '0x' . bin2hex($val); $val = '0x' . bin2hex($val);
@@ -117,11 +117,7 @@
break; break;
default: default:
if (get_magic_quotes_gpc()) { $val = "'" . PMA_sqlAddslashes($val) . "'";
$val = "'" . str_replace('\\"', '"', $val) . "'";
} else {
$val = "'" . PMA_sqlAddslashes($val) . "'";
}
break; break;
} }
break; break;

7
tbl_select.php3
View File

@@ -227,7 +227,7 @@ else {
$sql_query .= ' FROM ' . PMA_backquote($table); $sql_query .= ' FROM ' . PMA_backquote($table);
// The where clause // The where clause
if ($where != '') { if ($where != '') {
$sql_query .= ' WHERE ' . ((get_magic_quotes_gpc()) ? stripslashes($where) : $where); $sql_query .= ' WHERE ' . $where;
} }
else { else {
$sql_query .= ' WHERE 1'; $sql_query .= ' WHERE 1';
@@ -251,12 +251,7 @@ else {
$sql_query .= ' ORDER BY ' . PMA_backquote(urldecode($orderField)) . ' ' . $order; $sql_query .= ' ORDER BY ' . PMA_backquote(urldecode($orderField)) . ' ' . $order;
} // end if } // end if
// The query will be stripslashed in sql.php3 if "magic_quotes_gpc" is on
if (get_magic_quotes_gpc()) {
$sql_query = addslashes($sql_query);
}
include('./sql.php3'); include('./sql.php3');
} }
?> ?>

12
transformation_wrapper.php3
View File

@@ -28,7 +28,7 @@ $cfgRelation = PMA_getRelationsParam();
if (!empty($message)) { if (!empty($message)) {
if (isset($goto)) { if (isset($goto)) {
$goto_cpy = $goto; $goto_cpy = $goto;
$goto = 'tbl_properties.php3?' $goto = 'tbl_properties.php3?'
. PMA_generate_common_url($db, $table) . PMA_generate_common_url($db, $table)
. '&amp;$show_query=1' . '&amp;$show_query=1'
. '&amp;sql_query=' . urlencode($disp_query); . '&amp;sql_query=' . urlencode($disp_query);
@@ -40,7 +40,7 @@ if (!empty($message)) {
unset($sql_query); unset($sql_query);
} }
if (isset($disp_query)) { if (isset($disp_query)) {
$sql_query = (get_magic_quotes_gpc() ? stripslashes($disp_query) : $disp_query); $sql_query = $disp_query;
} }
PMA_showMessage($message); PMA_showMessage($message);
if (isset($goto_cpy)) { if (isset($goto_cpy)) {
@@ -52,14 +52,6 @@ if (!empty($message)) {
unset($sql_query_cpy); unset($sql_query_cpy);
} }
} }
if (get_magic_quotes_gpc()) {
if (!empty($sql_query)) {
$sql_query = stripslashes($sql_query);
}
if (!empty($primary_key)) {
$primary_key = stripslashes($primary_key);
}
} // end if
/** /**

6
user_password.php3
View File

@@ -45,10 +45,6 @@ if (isset($nopass)) {
// here $nopass could be == 1 // here $nopass could be == 1
if (empty($error_msg)) { if (empty($error_msg)) {
if (get_magic_quotes_gpc() && $pma_pw != '') {
$pma_pw = stripslashes($pma_pw);
}
// Defines the url to return to in case of error in the sql statement // Defines the url to return to in case of error in the sql statement
$common_url_query = PMA_generate_common_url(); $common_url_query = PMA_generate_common_url();
@@ -72,7 +68,7 @@ if (isset($nopass)) {
include('./header.inc.php3'); include('./header.inc.php3');
echo '<h1>' . $strChangePassword . '</h1>' . "\n\n"; echo '<h1>' . $strChangePassword . '</h1>' . "\n\n";
$show_query = 'y'; $show_query = 'y';
PMA_showMessage(get_magic_quotes_gpc() ? addslashes($strUpdateProfileMessage) : $strUpdateProfileMessage); PMA_showMessage($strUpdateProfileMessage);
?> ?>
<a href="index.php3?<?php echo $common_url_query . $http_logout; ?>" target="_parent"> <a href="index.php3?<?php echo $common_url_query . $http_logout; ?>" target="_parent">
<b><?php echo $strBack; ?></b></a> <b><?php echo $strBack; ?></b></a>