nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

If magic_quotes_gpc is enabled, grab_globals calls stripslashes when extracting the arrays $_GET and $_POST.

Browse Source
This commit is contained in:
Alexander M. Turek
2003-03-02 17:26:41 +00:00
parent d5a2bef78d
commit 2183740b05
29 changed files with 149 additions and 295 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
ChangeLog
View File

@@ -5,6 +5,23 @@ phpMyAdmin - Changelog
$Id$
$Source$
2003-03-02 Alexander M. Turek <rabus@users.sourceforge.net>
* db_details.php3, db_details_qbe.php3, db_search.php3, ldi_check.php3,
mult_submits.inc.php3, read_dump.php3, sql.php3, tbl_addfield.php3,
tbl_change.php3, tbl_create.php3, tbl_dump.php3, tbl_indexes.php3,
tbl_move_copy.php3, tbl_properties.inc.php3,
tbl_properties_operations.php3, tbl_properties_options.php3,
tbl_query_box.php3, tbl_rename.php3, tbl_replace.php3,
tbl_replace_fields.php3, tbl_select.php3, transformation_wrapper.php3,
user_password.php3, libraries/build_dump.php3, libraries/common.lib.php3,
libraries/display_tbl.lib.php3, libraries/grab_globals.php3:
If magic_quotes_gpc is enabled, grab_globals calls stripslashes when
extracting the arrays $_GET and $_POST. This should replace a lots of
workarounds and avoid present and future problems with magic_quotes_gpc.
* server_privileges.php3, libraries/common.lib.php3:
- Escape wildcard characters in the database and table dropdown boxes;
- CSS fixes.
2003-03-01 Marc Delisle <lem9@users.sourceforge.net>
* lang/english: typo
* tbl_dump.php3: undefined variable $use_comments

3
db_details.php3
View File

@@ -19,9 +19,6 @@ if (isset($show_query) && $show_query == '1') {
$query_to_display = $sql_query_cpy;
}
// Other cases
else if (get_magic_quotes_gpc()) {
$query_to_display = stripslashes($sql_query);
}
else {
$query_to_display = $sql_query;
}

13
db_details_qbe.php3
View File

@@ -25,9 +25,6 @@ if (isset($submit_sql) && eregi('^SELECT', $encoded_sql_query)) {
$goto = 'db_details.php3';
$zero_rows = htmlspecialchars($strSuccess);
$sql_query = urldecode($encoded_sql_query);
if (get_magic_quotes_gpc()) {
$sql_query = addslashes($sql_query);
}
include('./sql.php3');
exit();
} else {
@@ -365,12 +362,8 @@ for ($x = 0; $x < $col; $x++) {
continue;
}
if (isset($Criteria[$x])) {
if (get_magic_quotes_gpc()) {
$stripped_Criteria = stripslashes($Criteria[$x]);
} else {
$stripped_Criteria = $Criteria[$x];
}
}
if ((empty($prev_Criteria) || !isset($prev_Criteria[$x]))
|| urldecode($prev_Criteria[$x]) != htmlspecialchars($stripped_Criteria)) {
$curCriteria[$z] = $stripped_Criteria;
@@ -534,11 +527,7 @@ for ($y = 0; $y <= $row; $y++) {
${$or} = '';
}
if (!empty(${$or}) && isset(${$or}[$x])) {
if (get_magic_quotes_gpc()) {
$stripped_or = stripslashes(${$or}[$x]);
} else {
$stripped_or = ${$or}[$x];
}
} else {
$stripped_or = '';
}
@@ -1048,7 +1037,7 @@ for ($y = 0; $y <= $row; $y++) {
if (!empty($curField[$x]) && !empty(${'curOr' . $y}[$x])) {
$qry_orwhere .= '(' . $curField[$x]
. ' '
. (get_magic_quotes_gpc() ? stripslashes(${'curOr' . $y}[$x]) : ${'curOr' . $y}[$x])
. ${'curOr' . $y}[$x]
. ')';
$last_orwhere = $x;
$criteria_cnt++;

18
db_search.php3
View File

@@ -119,24 +119,6 @@ if (isset($submit_search)) {
} // end of the "PMA_getSearchSqls()" function
/**
* Strip slashes if necessary
*/
if (get_magic_quotes_gpc()) {
$search_str = stripslashes($search_str);
if (isset($table)) {
$table = stripslashes($table);
}
else if (isset($table_select)) {
$table_select_cnt = count($table_select);
reset($table_select);
for ($i = 0; $i < $table_select_cnt; $i++) {
$table_select[$i] = stripslashes($table_select[$i]);
} // end for
} // end if... else if...
} // end if
/**
* Displays the results
*/

16
ldi_check.php3
View File

@@ -46,17 +46,9 @@ if (isset($btnLDI) && ($textfile != 'none')) {
// Formats the data posted to this script
$textfile = PMA_sqlAddslashes($textfile);
if (get_magic_quotes_gpc()) {
$field_terminater = stripslashes($field_terminater);
$enclosed = PMA_sqlAddslashes(stripslashes($enclosed));
$escaped = PMA_sqlAddslashes(stripslashes($escaped));
$line_terminator = stripslashes($line_terminator);
$column_name = PMA_sqlAddslashes(stripslashes($column_name));
} else {
$enclosed = PMA_sqlAddslashes($enclosed);
$escaped = PMA_sqlAddslashes($escaped);
$column_name = PMA_sqlAddslashes($column_name);
}
// (try to) make sure the file is readable:
chmod($textfile, 0777);
@@ -125,14 +117,6 @@ if (isset($btnLDI) && ($textfile != 'none')) {
}
}
// Executes the query
// sql.php3 will stripslash the query if 'magic_quotes_gpc' is set to on
if (get_magic_quotes_gpc()) {
$sql_query = addslashes($query);
} else {
$sql_query = $query;
}
// We could rename the ldi* scripts to tbl_properties_ldi* to improve
// consistency with the other sub-pages.
//

7
libraries/build_dump.lib.php3
View File

@@ -527,17 +527,12 @@ if (!defined('PMA_BUILD_DUMP_LIB_INCLUDED')){
} else if (!isset($sep)) {
$sep = '';
} else {
if (get_magic_quotes_gpc()) {
$sep = stripslashes($sep);
}
$sep = str_replace('\\t', "\011", $sep);
}
if ($what == 'excel') {
$enc_by = '"';
} else if (!isset($enc_by)) {
$enc_by = '';
} else if (get_magic_quotes_gpc()) {
$enc_by = stripslashes($enc_by);
}
if ($what == 'excel'
|| (empty($esc_by) && $enc_by != '')) {
@@ -545,8 +540,6 @@ if (!defined('PMA_BUILD_DUMP_LIB_INCLUDED')){
$esc_by = $enc_by;
} else if (!isset($esc_by)) {
$esc_by = '';
} else if (get_magic_quotes_gpc()) {
$esc_by = stripslashes($esc_by);
}
// Defines the offsets to use

22
libraries/common.lib.php3
View File

@@ -265,6 +265,26 @@ h1 {font-family: sans-serif; font-size: large; font-weight: bold}
} // end of the 'PMA_sqlAddslashes()' function
/**
* Add slashes before "_" and "%" characters for using them in MySQL
* database, table and field names.
* Note: This function does not escape backslashes!
*
* @param string the string to escape
*
* @return string the escaped string
*
* @access public
*/
function PMA_escape_mysql_wildcards($name)
{
$name = str_replace('_', '\\_', $name);
$name = str_replace('%', '\\%', $name);
return $name;
} // end of the 'PMA_escape_mysql_wildcards()' function
/**
* format sql strings
*
@@ -1208,7 +1228,7 @@ if (typeof(document.getElementById) != 'undefined'
<table border="<?php echo $cfg['Border']; ?>" cellpadding="5">
<tr>
<td bgcolor="<?php echo $cfg['ThBgcolor']; ?>">
<b><?php echo (get_magic_quotes_gpc()) ? stripslashes($message) : $message; ?></b><br />
<b><?php echo $message; ?></b><br />
</td>
</tr>
<?php

8
libraries/display_tbl.lib.php3
View File

@@ -1487,14 +1487,8 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
}
} // end if
// 1.3 Urlencodes the query to use in input form fields ($sql_query
// will be stripslashed in 'sql.php3' if the 'magic_quotes_gpc'
// directive is set to 'on')
if (get_magic_quotes_gpc()) {
$encoded_sql_query = urlencode(addslashes($sql_query));
} else {
// 1.3 Urlencodes the query to use in input form fields
$encoded_sql_query = urlencode($sql_query);
}
// 2. ----- Displays the top of the page -----

41
libraries/grab_globals.lib.php3
View File

@@ -5,24 +5,43 @@
/**
* This library grabs the names and values of the variables sent or posted to a
* script in the '$HTTP_*_VARS' arrays and sets simple globals variables from
* them. It does the same work for the $PHP_SELF variable.
* script in the '$HTTP_*_VARS' / $_* arrays and sets simple globals variables
* from them. It does the same work for the $PHP_SELF variable.
*
* loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
*/
if (!defined('PMA_GRAB_GLOBALS_INCLUDED')) {
define('PMA_GRAB_GLOBALS_INCLUDED', 1);
function PMA_gpc_extract($array, &$target) {
if (!is_array($array)) {
return FALSE;
}
$is_magic_quotes = get_magic_quotes_gpc();
reset($array);
while (list($key, $value) = each($array)) {
if (is_array($value)) {
PMA_gpc_extract($value, $target[$key]);
} else if ($is_magic_quotes) {
$target[$key] = stripslashes($value);
} else {
$target[$key] = $value;
}
}
reset($array);
return TRUE;
}
if (!empty($_GET)) {
extract($_GET, EXTR_OVERWRITE);
PMA_gpc_extract($_GET, $GLOBALS);
} else if (!empty($HTTP_GET_VARS)) {
extract($HTTP_GET_VARS, EXTR_OVERWRITE);
PMA_gpc_extract($HTTP_GET_VARS, $GLOBALS);
} // end if
if (!empty($_POST)) {
extract($_POST, EXTR_OVERWRITE);
PMA_gpc_extract($_POST, $GLOBALS);
} else if (!empty($HTTP_POST_VARS)) {
extract($HTTP_POST_VARS, EXTR_OVERWRITE);
PMA_gpc_extract($HTTP_POST_VARS, $GLOBALS);
} // end if
if (!empty($_FILES)) {
@@ -46,15 +65,5 @@ if (!defined('PMA_GRAB_GLOBALS_INCLUDED')) {
unset($goto);
} // end if
// Strip slahes from $db / $table values
if (get_magic_quotes_gpc()) {
if (isset($db)) {
$db = stripslashes($db);
}
if (isset($table)) {
$table = stripslashes($table);
}
}
} // $__PMA_GRAB_GLOBALS_LIB__
?>

10
mult_submits.inc.php3
View File

@@ -9,9 +9,6 @@
if (!empty($submit_mult)
&& (!empty($selected_db) || !empty($selected_tbl) || !empty($selected_fld))) {
if (get_magic_quotes_gpc()) {
$submit_mult = stripslashes($submit_mult);
}
if (!empty($selected_db)) {
$selected = $selected_db;
$what = 'drop_db';
@@ -31,12 +28,12 @@ if (!empty($submit_mult)
case $strOptimizeTable:
unset($submit_mult);
$query_type = 'optimize_tbl';
$mult_btn = (get_magic_quotes_gpc() ? addslashes($strYes) : $strYes);
$mult_btn = $strYes;
break;
case $strRepairTable:
unset($submit_mult);
$query_type = 'repair_tbl';
$mult_btn = (get_magic_quotes_gpc() ? addslashes($strYes) : $strYes);
$mult_btn = $strYes;
break;
} // end switch
}
@@ -133,8 +130,7 @@ if (!empty($submit_mult) && !empty($what)) {
/**
* Executes the query
*/
else if ((get_magic_quotes_gpc() && stripslashes($mult_btn) == $strYes)
|| $mult_btn == $strYes) {
else if ($mult_btn == $strYes) {
$sql_query = '';
$selected_cnt = count($selected);

8
read_dump.php3
View File

@@ -307,9 +307,6 @@ if ($sql_file != 'none') {
}
} // end uploaded file stuff
}
else if (empty($id_bookmark) && get_magic_quotes_gpc() == 1) {
$sql_query = stripslashes($sql_query);
}
// Kanji convert SQL textfile 2002/1/4 by Y.Kawada
if (@function_exists('PMA_kanji_str_conv')) {
@@ -373,12 +370,7 @@ if ($sql_query != '') {
if ($view_bookmark == 0) {
// Only one query to run
if ($pieces_count == 1 && !empty($pieces[0])) {
// sql.php3 will stripslash the query if get_magic_quotes_gpc
if (get_magic_quotes_gpc() == 1) {
$sql_query = addslashes($pieces[0]);
} else {
$sql_query = $pieces[0];
}
if (eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $sql_query)) {
$reload = 1;
}

14
server_privileges.php3
View File

@@ -477,7 +477,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0)
. $spaces . ' </label>' . "\n"
. $spaces . ' </td>' . "\n"
. $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n"
. $spaces . ' <select name="pred_username" id="select_pred_username" title="' . $GLOBALS['strUserName'] . '" class="textfield"' . "\n"
. $spaces . ' <select name="pred_username" id="select_pred_username" title="' . $GLOBALS['strUserName'] . '"' . "\n"
. $spaces . ' onchange="if (this.value == \'any\') { username.value = \'\'; } else if (this.value == \'userdefined\') { username.focus(); username.select(); }">' . "\n"
. $spaces . ' <option value="any"' . ((isset($GLOBALS['pred_username']) && $GLOBALS['pred_username'] == 'any') ? ' selected="selected"' : '') . '>' . $GLOBALS['strAnyUser'] . '</option>' . "\n"
. $spaces . ' <option value="userdefined"' . ((!isset($GLOBALS['pred_username']) || $GLOBALS['pred_username'] == 'userdefined') ? ' selected="selected"' : '') . '>' . $GLOBALS['strUseTextField'] . ':</option>' . "\n"
@@ -494,7 +494,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0)
. $spaces . ' </label>' . "\n"
. $spaces . ' </td>' . "\n"
. $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n"
. $spaces . ' <select name="pred_hostname" id="select_pred_hostname" title="' . $GLOBALS['strHost'] . '" class="textfield"' . "\n";
. $spaces . ' <select name="pred_hostname" id="select_pred_hostname" title="' . $GLOBALS['strHost'] . '"' . "\n";
$res = PMA_mysql_query('SELECT USER();', $userlink);
$row = @PMA_mysql_fetch_row($res);
@mysql_free_result($res);
@@ -529,7 +529,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0)
. $spaces . ' </label>' . "\n"
. $spaces . ' </td>' . "\n"
. $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n"
. $spaces . ' <select name="pred_password" id="select_pred_password" title="' . $GLOBALS['strPassword'] . '" class="textfield"' . "\n"
. $spaces . ' <select name="pred_password" id="select_pred_password" title="' . $GLOBALS['strPassword'] . '"' . "\n"
. $spaces . ' onchange="if (this.value == \'none\') { pma_pw.value = \'\'; pma_pw2.value = \'\'; } else if (this.value == \'userdefined\') { pma_pw.focus(); pma_pw.select(); }">' . "\n"
. ($mode == 'change' ? $spaces . ' <option value="keep" selected="selected">' . $GLOBALS['strKeepPass'] . '</option>' . "\n" : '')
. $spaces . ' <option value="none">' . $GLOBALS['strNoPassword'] . '</option>' . "\n"
@@ -1218,10 +1218,10 @@ if (empty($adduser) && empty($checkprivs)) {
unset($res);
unset($row);
if (!empty($pred_db_array)) {
echo ' <select name="pred_dbname" class="textfield" onchange="this.form.submit();">' . "\n"
echo ' <select name="pred_dbname" onchange="this.form.submit();">' . "\n"
. ' <option value="" selected="selected">' . $strUseTextField . ':</option>' . "\n";
while (list(, $current_db) = each($pred_db_array)) {
echo ' <option value="' . htmlspecialchars($current_db) . '">' . htmlspecialchars($current_db) . '</option>' . "\n";
echo ' <option value="' . htmlspecialchars(PMA_escape_mysql_wildcards($current_db)) . '">' . htmlspecialchars($current_db) . '</option>' . "\n";
}
echo ' </select>' . "\n";
}
@@ -1240,10 +1240,10 @@ if (empty($adduser) && empty($checkprivs)) {
unset($res);
unset($row);
if (!empty($pred_tbl_array)) {
echo ' <select name="pred_tablename" class="textfield" onchange="this.form.submit();">' . "\n"
echo ' <select name="pred_tablename" onchange="this.form.submit();">' . "\n"
. ' <option value="" selected="selected">' . $strUseTextField . ':</option>' . "\n";
while (list(, $current_table) = each($pred_tbl_array)) {
echo ' <option value="' . htmlspecialchars($current_table) . '">' . htmlspecialchars($current_table) . '</option>' . "\n";
echo ' <option value="' . htmlspecialchars(PMA_escape_mysql_wildcards($current_table)) . '">' . htmlspecialchars($current_table) . '</option>' . "\n";
}
echo ' </select>' . "\n";
}

11
sql.php3
View File

@@ -61,9 +61,6 @@ if (!defined('PMA_CHK_DROP')
* Bookmark add
*/
if (isset($store_bkm)) {
if (get_magic_quotes_gpc()) {
$fields['label'] = stripslashes($fields['label']);
}
include('./libraries/bookmark.lib.php3');
PMA_addBookmarks($fields, $cfg['Bookmark']);
header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto);
@@ -83,7 +80,7 @@ if (isset($btnDrop) || isset($navig)) {
* Reformat the query
*/
$parsed_sql = PMA_SQP_parse((get_magic_quotes_gpc() ? stripslashes($sql_query) : $sql_query));
$parsed_sql = PMA_SQP_parse($sql_query);
$analyzed_sql = PMA_SQP_analyze($parsed_sql);
// Bug #641765 - Robbat2 - 12 January 2003, 10:49PM
// Reverted - Robbat2 - 13 January 2003, 2:40PM
@@ -172,8 +169,6 @@ if (!$cfg['Confirm']
}
if ($do_confirm) {
// already stripped at beginning of script
//$stripped_sql_query = (get_magic_quotes_gpc() ? stripslashes($sql_query) : $sql_query);
$stripped_sql_query = $sql_query;
include('./header.inc.php3');
echo $strDoYouReally . '&nbsp;:<br />' . "\n";
@@ -202,10 +197,6 @@ else {
if (!isset($sql_query)) {
$sql_query = '';
}
// already stripped at beginning of script
// else if (get_magic_quotes_gpc()) {
// $sql_query = stripslashes($sql_query);
//}
// Defines some variables
// loic1: A table has to be created -> left frame should be reloaded
if ((!isset($reload) || $reload == 0)

17
tbl_addfield.php3
View File

@@ -43,9 +43,6 @@ if (isset($submit)) {
if (empty($field_name[$i])) {
continue;
}
if (get_magic_quotes_gpc()) {
$field_name[$i] = stripslashes($field_name[$i]);
}
if (PMA_MYSQL_INT_VERSION < 32306) {
PMA_checkReservedWords($field_name[$i], $err_url);
}
@@ -53,20 +50,14 @@ if (isset($submit)) {
$query .= PMA_backquote($field_name[$i]) . ' ' . $field_type[$i];
if ($field_length[$i] != ''
&& !eregi('^(DATE|DATETIME|TIME|TINYBLOB|TINYTEXT|BLOB|TEXT|MEDIUMBLOB|MEDIUMTEXT|LONGBLOB|LONGTEXT)$', $field_type[$i])) {
if (get_magic_quotes_gpc()) {
$query .= '(' . stripslashes($field_length[$i]) . ')';
} else {
$query .= '(' . $field_length[$i] . ')';
}
}
if ($field_attribute[$i] != '') {
$query .= ' ' . $field_attribute[$i];
}
if ($field_default[$i] != '') {
if (strtoupper($field_default[$i]) == 'NULL') {
$query .= ' DEFAULT NULL';
} else if (get_magic_quotes_gpc()) {
$query .= ' DEFAULT \'' . PMA_sqlAddslashes(stripslashes($field_default[$i])) . '\'';
} else {
$query .= ' DEFAULT \'' . PMA_sqlAddslashes($field_default[$i]) . '\'';
}
@@ -94,21 +85,13 @@ if (isset($submit)) {
if ($i == 0) {
if ($after_field == '--first--') {
$query .= ' FIRST';
} else {
if (get_magic_quotes_gpc()) {
$query .= ' AFTER ' . PMA_backquote(stripslashes(urldecode($after_field)));
} else {
$query .= ' AFTER ' . PMA_backquote(urldecode($after_field));
}
}
} else {
if (get_magic_quotes_gpc()) {
$query .= ' AFTER ' . PMA_backquote(stripslashes($field_name[$i-1]));
} else {
$query .= ' AFTER ' . PMA_backquote($field_name[$i-1]);
}
}
}
$query .= ', ADD ';
} // end for
$query = ereg_replace(', ADD $', '', $query);

10
tbl_change.php3
View File

@@ -30,7 +30,7 @@ if (!empty($message)) {
unset($sql_query);
}
if (isset($disp_query)) {
$sql_query = (get_magic_quotes_gpc() ? stripslashes($disp_query) : $disp_query);
$sql_query = $disp_query;
}
PMA_showMessage($message);
if (isset($goto_cpy)) {
@@ -42,14 +42,6 @@ if (!empty($message)) {
unset($sql_query_cpy);
}
}
if (get_magic_quotes_gpc()) {
if (!empty($sql_query)) {
$sql_query = stripslashes($sql_query);
}
if (!empty($primary_key)) {
$primary_key = stripslashes($primary_key);
}
} // end if
/**

24
tbl_create.php3
View File

@@ -49,28 +49,19 @@ if (isset($submit)) {
if (empty($field_name[$i])) {
continue;
}
if (get_magic_quotes_gpc()) {
$field_name[$i] = stripslashes($field_name[$i]);
}
if (PMA_MYSQL_INT_VERSION < 32306) {
PMA_checkReservedWords($field_name[$i], $err_url);
}
$query = PMA_backquote($field_name[$i]) . ' ' . $field_type[$i];
if ($field_length[$i] != '') {
if (get_magic_quotes_gpc()) {
$query .= '(' . stripslashes($field_length[$i]) . ')';
} else {
$query .= '(' . $field_length[$i] . ')';
}
}
if ($field_attribute[$i] != '') {
$query .= ' ' . $field_attribute[$i];
}
if ($field_default[$i] != '') {
if (strtoupper($field_default[$i]) == 'NULL') {
$query .= ' DEFAULT NULL';
} else if (get_magic_quotes_gpc()) {
$query .= ' DEFAULT \'' . PMA_sqlAddslashes(stripslashes($field_default[$i])) . '\'';
} else {
$query .= ' DEFAULT \'' . PMA_sqlAddslashes($field_default[$i]) . '\'';
}
@@ -96,9 +87,6 @@ if (isset($submit)) {
for ($i = 0; $i < $primary_cnt; $i++) {
$j = $field_primary[$i];
if (!empty($field_name[$j])) {
if (get_magic_quotes_gpc()) {
$field_name[$j] = stripslashes($field_name[$j]);
}
$primary .= PMA_backquote($field_name[$j]) . ', ';
}
} // end for
@@ -116,9 +104,6 @@ if (isset($submit)) {
for ($i = 0;$i < $index_cnt; $i++) {
$j = $field_index[$i];
if (!empty($field_name[$j])) {
if (get_magic_quotes_gpc()) {
$field_name[$j] = stripslashes($field_name[$j]);
}
$index .= PMA_backquote($field_name[$j]) . ', ';
}
} // end for
@@ -136,9 +121,6 @@ if (isset($submit)) {
for ($i = 0; $i < $unique_cnt; $i++) {
$j = $field_unique[$i];
if (!empty($field_name[$j])) {
if (get_magic_quotes_gpc()) {
$field_name[$j] = stripslashes($field_name[$j]);
}
$unique .= PMA_backquote($field_name[$j]) . ', ';
}
} // end for
@@ -156,9 +138,6 @@ if (isset($submit)) {
for ($i = 0; $i < $fulltext_cnt; $i++) {
$j = $field_fulltext[$i];
if (!empty($field_name[$j])) {
if (get_magic_quotes_gpc()) {
$field_name[$j] = stripslashes($field_name[$j]);
}
$fulltext .= PMA_backquote($field_name[$j]) . ', ';
}
} // end for
@@ -180,9 +159,6 @@ if (isset($submit)) {
$query_cpy .= ' TYPE = ' . $tbl_type;
}
if (PMA_MYSQL_INT_VERSION >= 32300 && !empty($comment)) {
if (get_magic_quotes_gpc()) {
$comment = stripslashes($comment);
}
$sql_query .= ' COMMENT = \'' . PMA_sqlAddslashes($comment) . '\'';
$query_cpy .= "\n" . 'COMMENT = \'' . PMA_sqlAddslashes($comment) . '\'';
}

3
tbl_dump.php3
View File

@@ -343,9 +343,6 @@ else {
} else if (empty($add_character)) {
$add_character = $GLOBALS['crlf'];
} else {
if (get_magic_quotes_gpc()) {
$add_character = stripslashes($add_character);
}
$add_character = str_replace('\\r', "\015", $add_character);
$add_character = str_replace('\\n', "\012", $add_character);
$add_character = str_replace('\\t', "\011", $add_character);

15
tbl_indexes.php3
View File

@@ -143,19 +143,6 @@ if ($fields_rs) {
}
/**
* Stipslashes some variables if required
*/
if (get_magic_quotes_gpc()) {
if (isset($index)) {
$index = stripslashes($index);
}
if (isset($old_index)) {
$old_index = stripslashes($old_index);
}
} // end if
/**
* Do run the query to build the new index and moves back to
* "tbl_properties.php3"
@@ -212,7 +199,7 @@ if (!defined('PMA_IDX_INCLUDED')
while (list($i, $name) = each($column)) {
if ($name != '--ignore--') {
$index_fields .= (empty($index_fields) ? '' : ',')
. PMA_backquote(get_magic_quotes_gpc() ? stripslashes($name) : $name)
. PMA_backquote($name)
. (empty($sub_part[$i]) ? '' : '(' . $sub_part[$i] . ')');
}
} // end while

9
tbl_move_copy.php3
View File

@@ -50,15 +50,6 @@ if (isset($new_name) && trim($new_name) != '') {
$use_backquotes = 1;
$asfile = 1;
if (get_magic_quotes_gpc()) {
if (!empty($target_db)) {
$target_db = stripslashes($target_db);
} else {
$target_db = stripslashes($db);
}
$new_name = stripslashes($new_name);
}
// Ensure the target is valid
if (count($dblist) > 0 &&
(PMA_isInto($db, $dblist) == -1 || PMA_isInto($target_db, $dblist) == -1)) {

3
tbl_properties.inc.php3
View File

@@ -97,9 +97,6 @@ for ($i = 0 ; $i < $num_fields; $i++) {
$row['Type'] = '';
$type = '';
}
else if (get_magic_quotes_gpc()) {
$type = stripslashes($row['Type']);
}
else {
$type = $row['Type'];
}

2
tbl_properties_operations.php3
View File

@@ -25,7 +25,7 @@ if (isset($submitorderby) && !empty($order_field)) {
$sql_query = 'ALTER TABLE ' . PMA_backquote($table)
. ' ORDER BY ' . PMA_backquote(urldecode($order_field));
$result = PMA_mysql_query($sql_query) or PMA_mysqlDie('', $sql_query, '', $err_url);
PMA_showMessage((get_magic_quotes_gpc()) ? addslashes($strSuccess) : $strSuccess);
PMA_showMessage($strSuccess);
} // end if

5
tbl_properties_options.php3
View File

@@ -14,9 +14,6 @@ $url_query .= '&amp;goto=tbl_properties_options.php3&amp;back=tbl_properties_opt
* Updates table comment, type and options if required
*/
if (isset($submitcomment)) {
if (get_magic_quotes_gpc()) {
$comment = stripslashes($comment);
}
if (empty($prev_comment) || urldecode($prev_comment) != $comment) {
$sql_query = 'ALTER TABLE ' . PMA_backquote($table) . ' COMMENT = \'' . PMA_sqlAddslashes($comment) . '\'';
$result = PMA_mysql_query($sql_query) or PMA_mysqlDie('', $sql_query, '', $err_url);
@@ -39,7 +36,7 @@ if (isset($submitoptions)) {
// Displays a message if a query had been submitted
if (isset($message)) {
PMA_showMessage((get_magic_quotes_gpc()) ? addslashes($message) : $message);
PMA_showMessage($message);
}

3
tbl_query_box.php3
View File

@@ -12,9 +12,6 @@ if (isset($show_query) && $show_query == '1') {
$query_to_display = $sql_query_cpy;
}
// Other cases
else if (get_magic_quotes_gpc()) {
$query_to_display = stripslashes($sql_query);
}
else {
$query_to_display = $sql_query;
}

3
tbl_rename.php3
View File

@@ -23,9 +23,6 @@ $err_url = 'tbl_properties.php3?' . PMA_generate_common_url($db, $table);
if (isset($new_name) && trim($new_name) != '') {
$old_name = $table;
$table = $new_name;
if (get_magic_quotes_gpc()) {
$new_name = stripslashes($new_name);
}
// Ensure the target is valid
if (count($dblist) > 0 && PMA_isInto($db, $dblist) == -1) {

3
tbl_replace.php3
View File

@@ -66,9 +66,6 @@ if (isset($funcs)) {
}
// Misc
if (get_magic_quotes_gpc()) {
$submit_type = stripslashes($submit_type);
}
$seen_binary = FALSE;
/**

4
tbl_replace_fields.php3
View File

@@ -117,11 +117,7 @@
break;
default:
if (get_magic_quotes_gpc()) {
$val = "'" . str_replace('\\"', '"', $val) . "'";
} else {
$val = "'" . PMA_sqlAddslashes($val) . "'";
}
break;
}
break;

7
tbl_select.php3
View File

@@ -227,7 +227,7 @@ else {
$sql_query .= ' FROM ' . PMA_backquote($table);
// The where clause
if ($where != '') {
$sql_query .= ' WHERE ' . ((get_magic_quotes_gpc()) ? stripslashes($where) : $where);
$sql_query .= ' WHERE ' . $where;
}
else {
$sql_query .= ' WHERE 1';
@@ -251,12 +251,7 @@ else {
$sql_query .= ' ORDER BY ' . PMA_backquote(urldecode($orderField)) . ' ' . $order;
} // end if
// The query will be stripslashed in sql.php3 if "magic_quotes_gpc" is on
if (get_magic_quotes_gpc()) {
$sql_query = addslashes($sql_query);
}
include('./sql.php3');
}
?>

10
transformation_wrapper.php3
View File

@@ -40,7 +40,7 @@ if (!empty($message)) {
unset($sql_query);
}
if (isset($disp_query)) {
$sql_query = (get_magic_quotes_gpc() ? stripslashes($disp_query) : $disp_query);
$sql_query = $disp_query;
}
PMA_showMessage($message);
if (isset($goto_cpy)) {
@@ -52,14 +52,6 @@ if (!empty($message)) {
unset($sql_query_cpy);
}
}
if (get_magic_quotes_gpc()) {
if (!empty($sql_query)) {
$sql_query = stripslashes($sql_query);
}
if (!empty($primary_key)) {
$primary_key = stripslashes($primary_key);
}
} // end if
/**

6
user_password.php3
View File

@@ -45,10 +45,6 @@ if (isset($nopass)) {
// here $nopass could be == 1
if (empty($error_msg)) {
if (get_magic_quotes_gpc() && $pma_pw != '') {
$pma_pw = stripslashes($pma_pw);
}
// Defines the url to return to in case of error in the sql statement
$common_url_query = PMA_generate_common_url();
@@ -72,7 +68,7 @@ if (isset($nopass)) {
include('./header.inc.php3');
echo '<h1>' . $strChangePassword . '</h1>' . "\n\n";
$show_query = 'y';
PMA_showMessage(get_magic_quotes_gpc() ? addslashes($strUpdateProfileMessage) : $strUpdateProfileMessage);
PMA_showMessage($strUpdateProfileMessage);
?>
<a href="index.php3?<?php echo $common_url_query . $http_logout; ?>" target="_parent">
<b><?php echo $strBack; ?></b></a>