nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

If magic_quotes_gpc is enabled, grab_globals calls stripslashes when extracting the arrays $_GET and $_POST.

Browse Source
This commit is contained in:
Alexander M. Turek
2003-03-02 17:26:41 +00:00
parent d5a2bef78d
commit 2183740b05
29 changed files with 149 additions and 295 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ChangeLog
View File

@@ -5,10 +5,27 @@ phpMyAdmin - Changelog
$Id$
$Source$
2003-03-02 Alexander M. Turek <rabus@users.sourceforge.net>
* db_details.php3, db_details_qbe.php3, db_search.php3, ldi_check.php3,
mult_submits.inc.php3, read_dump.php3, sql.php3, tbl_addfield.php3,
tbl_change.php3, tbl_create.php3, tbl_dump.php3, tbl_indexes.php3,
tbl_move_copy.php3, tbl_properties.inc.php3,
tbl_properties_operations.php3, tbl_properties_options.php3,
tbl_query_box.php3, tbl_rename.php3, tbl_replace.php3,
tbl_replace_fields.php3, tbl_select.php3, transformation_wrapper.php3,
user_password.php3, libraries/build_dump.php3, libraries/common.lib.php3,
libraries/display_tbl.lib.php3, libraries/grab_globals.php3:
If magic_quotes_gpc is enabled, grab_globals calls stripslashes when
extracting the arrays $_GET and $_POST. This should replace a lots of
workarounds and avoid present and future problems with magic_quotes_gpc.
* server_privileges.php3, libraries/common.lib.php3:
- Escape wildcard characters in the database and table dropdown boxes;
- CSS fixes.
2003-03-01 Marc Delisle <lem9@users.sourceforge.net>
* lang/english: typo
* tbl_dump.php3: undefined variable $use_comments
* tbl_properties_export.php3: bug 692143: now we remove the
* tbl_properties_export.php3: bug 692143: now we remove the
LIMIT clause from the original query to use the limits entered
on the export form
* pdf_schema.php3: better header/footer for long pages,
@@ -19,9 +36,9 @@ $Source$
index.
2003-03-01 Robin Johnson <robbat2@users.sourceforge.net>
* libraries/xpath/XPath.class.php, libraries/xpath/:
* libraries/xpath/XPath.class.php, libraries/xpath/:
- Removed (was part of the early DB config prototype)
* lang/translatecount.sh:
* lang/translatecount.sh:
- Counts just how out of date the translations are!
2003-02-28 Michal Cihar <nijel@users.sourceforge.net>

3
db_details.php3
View File

@@ -19,9 +19,6 @@ if (isset($show_query) && $show_query == '1') {
$query_to_display = $sql_query_cpy;
}
// Other cases
else if (get_magic_quotes_gpc()) {
$query_to_display = stripslashes($sql_query);
}
else {
$query_to_display = $sql_query;
}

19
db_details_qbe.php3
View File

@@ -25,9 +25,6 @@ if (isset($submit_sql) && eregi('^SELECT', $encoded_sql_query)) {
$goto = 'db_details.php3';
$zero_rows = htmlspecialchars($strSuccess);
$sql_query = urldecode($encoded_sql_query);
if (get_magic_quotes_gpc()) {
$sql_query = addslashes($sql_query);
}
include('./sql.php3');
exit();
} else {
@@ -365,11 +362,7 @@ for ($x = 0; $x < $col; $x++) {
continue;
}
if (isset($Criteria[$x])) {
if (get_magic_quotes_gpc()) {
$stripped_Criteria = stripslashes($Criteria[$x]);
} else {
$stripped_Criteria = $Criteria[$x];
}
$stripped_Criteria = $Criteria[$x];
}
if ((empty($prev_Criteria) || !isset($prev_Criteria[$x]))
|| urldecode($prev_Criteria[$x]) != htmlspecialchars($stripped_Criteria)) {
@@ -534,11 +527,7 @@ for ($y = 0; $y <= $row; $y++) {
${$or} = '';
}
if (!empty(${$or}) && isset(${$or}[$x])) {
if (get_magic_quotes_gpc()) {
$stripped_or = stripslashes(${$or}[$x]);
} else {
$stripped_or = ${$or}[$x];
}
$stripped_or = ${$or}[$x];
} else {
$stripped_or = '';
}
@@ -893,7 +882,7 @@ if (isset($Field) && count($Field) > 0) {
} else {
//$master = $col_cand[0];
reset($col_cand);
$master = current($col_cand);
$master = current($col_cand);
//echo 'master ist der einzige Kandidat: ' . $master . "\n";
}
} // end if (exactly one where clause)
@@ -1048,7 +1037,7 @@ for ($y = 0; $y <= $row; $y++) {
if (!empty($curField[$x]) && !empty(${'curOr' . $y}[$x])) {
$qry_orwhere .= '(' . $curField[$x]
. ' '
. (get_magic_quotes_gpc() ? stripslashes(${'curOr' . $y}[$x]) : ${'curOr' . $y}[$x])
. ${'curOr' . $y}[$x]
. ')';
$last_orwhere = $x;
$criteria_cnt++;

28
db_search.php3
View File

@@ -93,7 +93,7 @@ if (isset($submit_search)) {
for ($j = 0; $j < $tblfields_cnt; $j++) {
$thefieldlikevalue[] = $tblfields[$j]
. ' ' . $like_or_regex
. ' \''
. ' \''
. $automatic_wildcard
. $search_words[$i]
. $automatic_wildcard . '\'';
@@ -119,24 +119,6 @@ if (isset($submit_search)) {
} // end of the "PMA_getSearchSqls()" function
/**
* Strip slashes if necessary
*/
if (get_magic_quotes_gpc()) {
$search_str = stripslashes($search_str);
if (isset($table)) {
$table = stripslashes($table);
}
else if (isset($table_select)) {
$table_select_cnt = count($table_select);
reset($table_select);
for ($i = 0; $i < $table_select_cnt; $i++) {
$table_select[$i] = stripslashes($table_select[$i]);
} // end for
} // end if... else if...
} // end if
/**
* Displays the results
*/
@@ -220,11 +202,11 @@ if (isset($submit_search)) {
. ' <table><tr><td>' . sprintf($strNumSearchResultsInTable, $res_cnt, htmlspecialchars($onetable)) . "</td>\n";
if ($res_cnt > 0) {
echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query
echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query
. '&amp;sql_query=' .urlencode($newsearchsqls['select_fields']),
$strBrowse, '') . "</td>\n";
echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query
echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query
. '&amp;sql_query=' .urlencode($newsearchsqls['delete']),
$strDelete, $newsearchsqls['delete']) . "</td>\n";
@@ -259,11 +241,11 @@ if (isset($submit_search)) {
. ' <table><tr><td>' . sprintf($strNumSearchResultsInTable, $res_cnt, htmlspecialchars($table_select[$i])) . "</td>\n";
if ($res_cnt > 0) {
echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query
echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query
. '&amp;sql_query=' .urlencode($newsearchsqls['select_fields']),
$strBrowse, '') . "</td>\n";
echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query
echo '<td>' . PMA_linkOrButton('sql.php3?' . $url_sql_query
. '&amp;sql_query=' .urlencode($newsearchsqls['delete']),
$strDelete, $newsearchsqls['delete']) . "</td>\n";

22
ldi_check.php3
View File

@@ -46,17 +46,9 @@ if (isset($btnLDI) && ($textfile != 'none')) {
// Formats the data posted to this script
$textfile = PMA_sqlAddslashes($textfile);
if (get_magic_quotes_gpc()) {
$field_terminater = stripslashes($field_terminater);
$enclosed = PMA_sqlAddslashes(stripslashes($enclosed));
$escaped = PMA_sqlAddslashes(stripslashes($escaped));
$line_terminator = stripslashes($line_terminator);
$column_name = PMA_sqlAddslashes(stripslashes($column_name));
} else {
$enclosed = PMA_sqlAddslashes($enclosed);
$escaped = PMA_sqlAddslashes($escaped);
$column_name = PMA_sqlAddslashes($column_name);
}
$enclosed = PMA_sqlAddslashes($enclosed);
$escaped = PMA_sqlAddslashes($escaped);
$column_name = PMA_sqlAddslashes($column_name);
// (try to) make sure the file is readable:
chmod($textfile, 0777);
@@ -125,14 +117,6 @@ if (isset($btnLDI) && ($textfile != 'none')) {
}
}
// Executes the query
// sql.php3 will stripslash the query if 'magic_quotes_gpc' is set to on
if (get_magic_quotes_gpc()) {
$sql_query = addslashes($query);
} else {
$sql_query = $query;
}
// We could rename the ldi* scripts to tbl_properties_ldi* to improve
// consistency with the other sub-pages.
//

9
libraries/build_dump.lib.php3
View File

@@ -508,7 +508,7 @@ if (!defined('PMA_BUILD_DUMP_LIB_INCLUDED')){
* @param string the handler (function) to call. It must accept one
* parameter ($sql_insert)
* @param string the url to go back in case of error
* @param string sql query (optional)
* @param string sql query (optional)
*
* @global string whether to obtain an excel compatible csv format or a
* simple csv one
@@ -527,17 +527,12 @@ if (!defined('PMA_BUILD_DUMP_LIB_INCLUDED')){
} else if (!isset($sep)) {
$sep = '';
} else {
if (get_magic_quotes_gpc()) {
$sep = stripslashes($sep);
}
$sep = str_replace('\\t', "\011", $sep);
}
if ($what == 'excel') {
$enc_by = '"';
} else if (!isset($enc_by)) {
$enc_by = '';
} else if (get_magic_quotes_gpc()) {
$enc_by = stripslashes($enc_by);
}
if ($what == 'excel'
|| (empty($esc_by) && $enc_by != '')) {
@@ -545,8 +540,6 @@ if (!defined('PMA_BUILD_DUMP_LIB_INCLUDED')){
$esc_by = $enc_by;
} else if (!isset($esc_by)) {
$esc_by = '';
} else if (get_magic_quotes_gpc()) {
$esc_by = stripslashes($esc_by);
}
// Defines the offsets to use

22
libraries/common.lib.php3
View File

@@ -265,6 +265,26 @@ h1 {font-family: sans-serif; font-size: large; font-weight: bold}
} // end of the 'PMA_sqlAddslashes()' function
/**
* Add slashes before "_" and "%" characters for using them in MySQL
* database, table and field names.
* Note: This function does not escape backslashes!
*
* @param string the string to escape
*
* @return string the escaped string
*
* @access public
*/
function PMA_escape_mysql_wildcards($name)
{
$name = str_replace('_', '\\_', $name);
$name = str_replace('%', '\\%', $name);
return $name;
} // end of the 'PMA_escape_mysql_wildcards()' function
/**
* format sql strings
*
@@ -1208,7 +1228,7 @@ if (typeof(document.getElementById) != 'undefined'
<table border="<?php echo $cfg['Border']; ?>" cellpadding="5">
<tr>
<td bgcolor="<?php echo $cfg['ThBgcolor']; ?>">
<b><?php echo (get_magic_quotes_gpc()) ? stripslashes($message) : $message; ?></b><br />
<b><?php echo $message; ?></b><br />
</td>
</tr>
<?php

26
libraries/display_tbl.lib.php3
View File

@@ -526,7 +526,7 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
} else {
$comments_map = array();
}
if ($GLOBALS['cfgRelation']['commwork'] && $GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) {
require('./libraries/transformations.lib.php3');
$GLOBALS['mime_map'] = PMA_getMIME($db, $table);
@@ -1000,7 +1000,7 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
$default_function = 'htmlspecialchars'; // default_function
$transform_function = $default_function;
$transform_options = array();
if ($GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) {
if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) && isset($GLOBALS['mime_map'][$meta->name]['transformation'])) {
@@ -1019,7 +1019,7 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
}
}
}
$transform_options['wrapper_link'] = '?'
@@ -1110,10 +1110,10 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
$blobtext .= ' - '. $blob_size [0] . ' ' . $blob_size[1];
unset($blob_size);
}
$blobtext .= ']';
$blobtext = ($default_function != $transform_function ? $transform_function($blobtext, $transform_options) : $default_function($blobtext));
$vertical_display['data'][$row_no][$i] = ' <td align="center" valign="top" bgcolor="' . $bgcolor . '">' . $blobtext . '</td>';
} else {
//if (!isset($row[$meta->name])
@@ -1127,11 +1127,11 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
}
// loic1: displays all space characters, 4 space
// characters for tabulations and <cr>/<lf>
$row[$pointer] = ($default_function != $transform_function ? $transform_function('BLOB', $transform_options) : $default_function($row[$pointer]));
$row[$pointer] = str_replace("\011", ' &nbsp;&nbsp;&nbsp;', str_replace(' ', ' &nbsp;', $row[$pointer]));
$row[$pointer] = ereg_replace("((\015\012)|(\015)|(\012))", '<br />', $row[$pointer]);
$vertical_display['data'][$row_no][$i] = ' <td valign="top" bgcolor="' . $bgcolor . '">' . $row[$pointer] . '</td>' . "\n";
} else {
$vertical_display['data'][$row_no][$i] = ' <td valign="top" bgcolor="' . $bgcolor . '">&nbsp;</td>' . "\n";
@@ -1169,7 +1169,7 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
$row[$pointer] = str_replace("\011", ' &nbsp;&nbsp;&nbsp;', str_replace(' ', ' &nbsp;', $row[$pointer]));
$row[$pointer] = ereg_replace("((\015\012)|(\015)|(\012))", '<br />', $row[$pointer]);
}
// loic1: do not wrap if date field type
$nowrap = (eregi('DATE|TIME', $meta->type) ? ' nowrap="nowrap"' : '');
$vertical_display['data'][$row_no][$i] = ' <td valign="top" bgcolor="' . $bgcolor . '"' . $nowrap . '>';
@@ -1487,14 +1487,8 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
}
} // end if
// 1.3 Urlencodes the query to use in input form fields ($sql_query
// will be stripslashed in 'sql.php3' if the 'magic_quotes_gpc'
// directive is set to 'on')
if (get_magic_quotes_gpc()) {
$encoded_sql_query = urlencode(addslashes($sql_query));
} else {
$encoded_sql_query = urlencode($sql_query);
}
// 1.3 Urlencodes the query to use in input form fields
$encoded_sql_query = urlencode($sql_query);
// 2. ----- Displays the top of the page -----

41
libraries/grab_globals.lib.php3
View File

@@ -5,24 +5,43 @@
/**
* This library grabs the names and values of the variables sent or posted to a
* script in the '$HTTP_*_VARS' arrays and sets simple globals variables from
* them. It does the same work for the $PHP_SELF variable.
* script in the '$HTTP_*_VARS' / $_* arrays and sets simple globals variables
* from them. It does the same work for the $PHP_SELF variable.
*
* loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
*/
if (!defined('PMA_GRAB_GLOBALS_INCLUDED')) {
define('PMA_GRAB_GLOBALS_INCLUDED', 1);
function PMA_gpc_extract($array, &$target) {
if (!is_array($array)) {
return FALSE;
}
$is_magic_quotes = get_magic_quotes_gpc();
reset($array);
while (list($key, $value) = each($array)) {
if (is_array($value)) {
PMA_gpc_extract($value, $target[$key]);
} else if ($is_magic_quotes) {
$target[$key] = stripslashes($value);
} else {
$target[$key] = $value;
}
}
reset($array);
return TRUE;
}
if (!empty($_GET)) {
extract($_GET, EXTR_OVERWRITE);
PMA_gpc_extract($_GET, $GLOBALS);
} else if (!empty($HTTP_GET_VARS)) {
extract($HTTP_GET_VARS, EXTR_OVERWRITE);
PMA_gpc_extract($HTTP_GET_VARS, $GLOBALS);
} // end if
if (!empty($_POST)) {
extract($_POST, EXTR_OVERWRITE);
PMA_gpc_extract($_POST, $GLOBALS);
} else if (!empty($HTTP_POST_VARS)) {
extract($HTTP_POST_VARS, EXTR_OVERWRITE);
PMA_gpc_extract($HTTP_POST_VARS, $GLOBALS);
} // end if
if (!empty($_FILES)) {
@@ -46,15 +65,5 @@ if (!defined('PMA_GRAB_GLOBALS_INCLUDED')) {
unset($goto);
} // end if
// Strip slahes from $db / $table values
if (get_magic_quotes_gpc()) {
if (isset($db)) {
$db = stripslashes($db);
}
if (isset($table)) {
$table = stripslashes($table);
}
}
} // $__PMA_GRAB_GLOBALS_LIB__
?>

10
mult_submits.inc.php3
View File

@@ -9,9 +9,6 @@
if (!empty($submit_mult)
&& (!empty($selected_db) || !empty($selected_tbl) || !empty($selected_fld))) {
if (get_magic_quotes_gpc()) {
$submit_mult = stripslashes($submit_mult);
}
if (!empty($selected_db)) {
$selected = $selected_db;
$what = 'drop_db';
@@ -31,12 +28,12 @@ if (!empty($submit_mult)
case $strOptimizeTable:
unset($submit_mult);
$query_type = 'optimize_tbl';
$mult_btn = (get_magic_quotes_gpc() ? addslashes($strYes) : $strYes);
$mult_btn = $strYes;
break;
case $strRepairTable:
unset($submit_mult);
$query_type = 'repair_tbl';
$mult_btn = (get_magic_quotes_gpc() ? addslashes($strYes) : $strYes);
$mult_btn = $strYes;
break;
} // end switch
}
@@ -133,8 +130,7 @@ if (!empty($submit_mult) && !empty($what)) {
/**
* Executes the query
*/
else if ((get_magic_quotes_gpc() && stripslashes($mult_btn) == $strYes)
|| $mult_btn == $strYes) {
else if ($mult_btn == $strYes) {
$sql_query = '';
$selected_cnt = count($selected);

10
read_dump.php3
View File

@@ -307,9 +307,6 @@ if ($sql_file != 'none') {
}
} // end uploaded file stuff
}
else if (empty($id_bookmark) && get_magic_quotes_gpc() == 1) {
$sql_query = stripslashes($sql_query);
}
// Kanji convert SQL textfile 2002/1/4 by Y.Kawada
if (@function_exists('PMA_kanji_str_conv')) {
@@ -373,12 +370,7 @@ if ($sql_query != '') {
if ($view_bookmark == 0) {
// Only one query to run
if ($pieces_count == 1 && !empty($pieces[0])) {
// sql.php3 will stripslash the query if get_magic_quotes_gpc
if (get_magic_quotes_gpc() == 1) {
$sql_query = addslashes($pieces[0]);
} else {
$sql_query = $pieces[0];
}
$sql_query = $pieces[0];
if (eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $sql_query)) {
$reload = 1;
}

14
server_privileges.php3
View File

@@ -477,7 +477,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0)
. $spaces . ' </label>' . "\n"
. $spaces . ' </td>' . "\n"
. $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n"
. $spaces . ' <select name="pred_username" id="select_pred_username" title="' . $GLOBALS['strUserName'] . '" class="textfield"' . "\n"
. $spaces . ' <select name="pred_username" id="select_pred_username" title="' . $GLOBALS['strUserName'] . '"' . "\n"
. $spaces . ' onchange="if (this.value == \'any\') { username.value = \'\'; } else if (this.value == \'userdefined\') { username.focus(); username.select(); }">' . "\n"
. $spaces . ' <option value="any"' . ((isset($GLOBALS['pred_username']) && $GLOBALS['pred_username'] == 'any') ? ' selected="selected"' : '') . '>' . $GLOBALS['strAnyUser'] . '</option>' . "\n"
. $spaces . ' <option value="userdefined"' . ((!isset($GLOBALS['pred_username']) || $GLOBALS['pred_username'] == 'userdefined') ? ' selected="selected"' : '') . '>' . $GLOBALS['strUseTextField'] . ':</option>' . "\n"
@@ -494,7 +494,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0)
. $spaces . ' </label>' . "\n"
. $spaces . ' </td>' . "\n"
. $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n"
. $spaces . ' <select name="pred_hostname" id="select_pred_hostname" title="' . $GLOBALS['strHost'] . '" class="textfield"' . "\n";
. $spaces . ' <select name="pred_hostname" id="select_pred_hostname" title="' . $GLOBALS['strHost'] . '"' . "\n";
$res = PMA_mysql_query('SELECT USER();', $userlink);
$row = @PMA_mysql_fetch_row($res);
@mysql_free_result($res);
@@ -529,7 +529,7 @@ function PMA_displayLoginInformationFields($mode = 'new', $indent = 0)
. $spaces . ' </label>' . "\n"
. $spaces . ' </td>' . "\n"
. $spaces . ' <td bgcolor="' . $cfg['BgcolorTwo'] . '">' . "\n"
. $spaces . ' <select name="pred_password" id="select_pred_password" title="' . $GLOBALS['strPassword'] . '" class="textfield"' . "\n"
. $spaces . ' <select name="pred_password" id="select_pred_password" title="' . $GLOBALS['strPassword'] . '"' . "\n"
. $spaces . ' onchange="if (this.value == \'none\') { pma_pw.value = \'\'; pma_pw2.value = \'\'; } else if (this.value == \'userdefined\') { pma_pw.focus(); pma_pw.select(); }">' . "\n"
. ($mode == 'change' ? $spaces . ' <option value="keep" selected="selected">' . $GLOBALS['strKeepPass'] . '</option>' . "\n" : '')
. $spaces . ' <option value="none">' . $GLOBALS['strNoPassword'] . '</option>' . "\n"
@@ -1218,10 +1218,10 @@ if (empty($adduser) && empty($checkprivs)) {
unset($res);
unset($row);
if (!empty($pred_db_array)) {
echo ' <select name="pred_dbname" class="textfield" onchange="this.form.submit();">' . "\n"
echo ' <select name="pred_dbname" onchange="this.form.submit();">' . "\n"
. ' <option value="" selected="selected">' . $strUseTextField . ':</option>' . "\n";
while (list(, $current_db) = each($pred_db_array)) {
echo ' <option value="' . htmlspecialchars($current_db) . '">' . htmlspecialchars($current_db) . '</option>' . "\n";
echo ' <option value="' . htmlspecialchars(PMA_escape_mysql_wildcards($current_db)) . '">' . htmlspecialchars($current_db) . '</option>' . "\n";
}
echo ' </select>' . "\n";
}
@@ -1240,10 +1240,10 @@ if (empty($adduser) && empty($checkprivs)) {
unset($res);
unset($row);
if (!empty($pred_tbl_array)) {
echo ' <select name="pred_tablename" class="textfield" onchange="this.form.submit();">' . "\n"
echo ' <select name="pred_tablename" onchange="this.form.submit();">' . "\n"
. ' <option value="" selected="selected">' . $strUseTextField . ':</option>' . "\n";
while (list(, $current_table) = each($pred_tbl_array)) {
echo ' <option value="' . htmlspecialchars($current_table) . '">' . htmlspecialchars($current_table) . '</option>' . "\n";
echo ' <option value="' . htmlspecialchars(PMA_escape_mysql_wildcards($current_table)) . '">' . htmlspecialchars($current_table) . '</option>' . "\n";
}
echo ' </select>' . "\n";
}

11
sql.php3
View File

@@ -61,9 +61,6 @@ if (!defined('PMA_CHK_DROP')
* Bookmark add
*/
if (isset($store_bkm)) {
if (get_magic_quotes_gpc()) {
$fields['label'] = stripslashes($fields['label']);
}
include('./libraries/bookmark.lib.php3');
PMA_addBookmarks($fields, $cfg['Bookmark']);
header('Location: ' . $cfg['PmaAbsoluteUri'] . $goto);
@@ -83,7 +80,7 @@ if (isset($btnDrop) || isset($navig)) {
* Reformat the query
*/
$parsed_sql = PMA_SQP_parse((get_magic_quotes_gpc() ? stripslashes($sql_query) : $sql_query));
$parsed_sql = PMA_SQP_parse($sql_query);
$analyzed_sql = PMA_SQP_analyze($parsed_sql);
// Bug #641765 - Robbat2 - 12 January 2003, 10:49PM
// Reverted - Robbat2 - 13 January 2003, 2:40PM
@@ -172,8 +169,6 @@ if (!$cfg['Confirm']
}
if ($do_confirm) {
// already stripped at beginning of script
//$stripped_sql_query = (get_magic_quotes_gpc() ? stripslashes($sql_query) : $sql_query);
$stripped_sql_query = $sql_query;
include('./header.inc.php3');
echo $strDoYouReally . '&nbsp;:<br />' . "\n";
@@ -202,10 +197,6 @@ else {
if (!isset($sql_query)) {
$sql_query = '';
}
// already stripped at beginning of script
// else if (get_magic_quotes_gpc()) {
// $sql_query = stripslashes($sql_query);
//}
// Defines some variables
// loic1: A table has to be created -> left frame should be reloaded
if ((!isset($reload) || $reload == 0)

25
tbl_addfield.php3
View File

@@ -43,9 +43,6 @@ if (isset($submit)) {
if (empty($field_name[$i])) {
continue;
}
if (get_magic_quotes_gpc()) {
$field_name[$i] = stripslashes($field_name[$i]);
}
if (PMA_MYSQL_INT_VERSION < 32306) {
PMA_checkReservedWords($field_name[$i], $err_url);
}
@@ -53,11 +50,7 @@ if (isset($submit)) {
$query .= PMA_backquote($field_name[$i]) . ' ' . $field_type[$i];
if ($field_length[$i] != ''
&& !eregi('^(DATE|DATETIME|TIME|TINYBLOB|TINYTEXT|BLOB|TEXT|MEDIUMBLOB|MEDIUMTEXT|LONGBLOB|LONGTEXT)$', $field_type[$i])) {
if (get_magic_quotes_gpc()) {
$query .= '(' . stripslashes($field_length[$i]) . ')';
} else {
$query .= '(' . $field_length[$i] . ')';
}
$query .= '(' . $field_length[$i] . ')';
}
if ($field_attribute[$i] != '') {
$query .= ' ' . $field_attribute[$i];
@@ -65,8 +58,6 @@ if (isset($submit)) {
if ($field_default[$i] != '') {
if (strtoupper($field_default[$i]) == 'NULL') {
$query .= ' DEFAULT NULL';
} else if (get_magic_quotes_gpc()) {
$query .= ' DEFAULT \'' . PMA_sqlAddslashes(stripslashes($field_default[$i])) . '\'';
} else {
$query .= ' DEFAULT \'' . PMA_sqlAddslashes($field_default[$i]) . '\'';
}
@@ -95,18 +86,10 @@ if (isset($submit)) {
if ($after_field == '--first--') {
$query .= ' FIRST';
} else {
if (get_magic_quotes_gpc()) {
$query .= ' AFTER ' . PMA_backquote(stripslashes(urldecode($after_field)));
} else {
$query .= ' AFTER ' . PMA_backquote(urldecode($after_field));
}
$query .= ' AFTER ' . PMA_backquote(urldecode($after_field));
}
} else {
if (get_magic_quotes_gpc()) {
$query .= ' AFTER ' . PMA_backquote(stripslashes($field_name[$i-1]));
} else {
$query .= ' AFTER ' . PMA_backquote($field_name[$i-1]);
}
$query .= ' AFTER ' . PMA_backquote($field_name[$i-1]);
}
}
$query .= ', ADD ';
@@ -205,7 +188,7 @@ if (isset($submit)) {
PMA_setComment($db, $table, $field_name[$fieldindex], $fieldcomment);
}
}
// garvin: Update comment table for mime types [MIME]
if (isset($field_mimetype) && is_array($field_mimetype) && $cfgRelation['commwork'] && $cfgRelation['mimework'] && $cfg['BrowseMIME']) {
@reset($field_mimetype);

16
tbl_change.php3
View File

@@ -18,7 +18,7 @@ require('./libraries/relation.lib.php3'); // foreign keys
if (!empty($message)) {
if (isset($goto)) {
$goto_cpy = $goto;
$goto = 'tbl_properties.php3?'
$goto = 'tbl_properties.php3?'
. PMA_generate_common_url($db, $table)
. '&amp;$show_query=1'
. '&amp;sql_query=' . urlencode($disp_query);
@@ -30,7 +30,7 @@ if (!empty($message)) {
unset($sql_query);
}
if (isset($disp_query)) {
$sql_query = (get_magic_quotes_gpc() ? stripslashes($disp_query) : $disp_query);
$sql_query = $disp_query;
}
PMA_showMessage($message);
if (isset($goto_cpy)) {
@@ -42,14 +42,6 @@ if (!empty($message)) {
unset($sql_query_cpy);
}
}
if (get_magic_quotes_gpc()) {
if (!empty($sql_query)) {
$sql_query = stripslashes($sql_query);
}
if (!empty($primary_key)) {
$primary_key = stripslashes($primary_key);
}
} // end if
/**
@@ -528,7 +520,7 @@ for ($i = 0; $i < $fields_cnt; $i++) {
echo "\n";
?>
<td align="center" bgcolor="<?php echo $bgcolor; ?>">
<?php
<?php
echo $strBinaryDoNotEdit;
if (isset($data)) {
$data_size = PMA_formatByteDown(strlen(stripslashes($data)), 3, 1);
@@ -572,7 +564,7 @@ for ($i = 0; $i < $fields_cnt; $i++) {
echo '<input type="file" name="fields_upload_' . urlencode($field) . '" class="textfield" id="field_' . $i . '_3" />';
}
echo '</td>';
} // end else if ( binary or blob)
else {
// For char or varchar, respect the maximum length (M); for other

26
tbl_create.php3
View File

@@ -49,19 +49,12 @@ if (isset($submit)) {
if (empty($field_name[$i])) {
continue;
}
if (get_magic_quotes_gpc()) {
$field_name[$i] = stripslashes($field_name[$i]);
}
if (PMA_MYSQL_INT_VERSION < 32306) {
PMA_checkReservedWords($field_name[$i], $err_url);
}
$query = PMA_backquote($field_name[$i]) . ' ' . $field_type[$i];
if ($field_length[$i] != '') {
if (get_magic_quotes_gpc()) {
$query .= '(' . stripslashes($field_length[$i]) . ')';
} else {
$query .= '(' . $field_length[$i] . ')';
}
$query .= '(' . $field_length[$i] . ')';
}
if ($field_attribute[$i] != '') {
$query .= ' ' . $field_attribute[$i];
@@ -69,8 +62,6 @@ if (isset($submit)) {
if ($field_default[$i] != '') {
if (strtoupper($field_default[$i]) == 'NULL') {
$query .= ' DEFAULT NULL';
} else if (get_magic_quotes_gpc()) {
$query .= ' DEFAULT \'' . PMA_sqlAddslashes(stripslashes($field_default[$i])) . '\'';
} else {
$query .= ' DEFAULT \'' . PMA_sqlAddslashes($field_default[$i]) . '\'';
}
@@ -96,9 +87,6 @@ if (isset($submit)) {
for ($i = 0; $i < $primary_cnt; $i++) {
$j = $field_primary[$i];
if (!empty($field_name[$j])) {
if (get_magic_quotes_gpc()) {
$field_name[$j] = stripslashes($field_name[$j]);
}
$primary .= PMA_backquote($field_name[$j]) . ', ';
}
} // end for
@@ -116,9 +104,6 @@ if (isset($submit)) {
for ($i = 0;$i < $index_cnt; $i++) {
$j = $field_index[$i];
if (!empty($field_name[$j])) {
if (get_magic_quotes_gpc()) {
$field_name[$j] = stripslashes($field_name[$j]);
}
$index .= PMA_backquote($field_name[$j]) . ', ';
}
} // end for
@@ -136,9 +121,6 @@ if (isset($submit)) {
for ($i = 0; $i < $unique_cnt; $i++) {
$j = $field_unique[$i];
if (!empty($field_name[$j])) {
if (get_magic_quotes_gpc()) {
$field_name[$j] = stripslashes($field_name[$j]);
}
$unique .= PMA_backquote($field_name[$j]) . ', ';
}
} // end for
@@ -156,9 +138,6 @@ if (isset($submit)) {
for ($i = 0; $i < $fulltext_cnt; $i++) {
$j = $field_fulltext[$i];
if (!empty($field_name[$j])) {
if (get_magic_quotes_gpc()) {
$field_name[$j] = stripslashes($field_name[$j]);
}
$fulltext .= PMA_backquote($field_name[$j]) . ', ';
}
} // end for
@@ -180,9 +159,6 @@ if (isset($submit)) {
$query_cpy .= ' TYPE = ' . $tbl_type;
}
if (PMA_MYSQL_INT_VERSION >= 32300 && !empty($comment)) {
if (get_magic_quotes_gpc()) {
$comment = stripslashes($comment);
}
$sql_query .= ' COMMENT = \'' . PMA_sqlAddslashes($comment) . '\'';
$query_cpy .= "\n" . 'COMMENT = \'' . PMA_sqlAddslashes($comment) . '\'';
}

7
tbl_dump.php3
View File

@@ -289,7 +289,7 @@ else {
}
if ((isset($tmp_select) && strpos(' ' . $tmp_select, '|' . $table . '|'))
|| (!isset($tmp_select) && !empty($table))) {
$dump_buffer .= PMA_getTableXML($db, $table, $limit_from, $limit_to, $crlf, $err_url,
$dump_buffer .= PMA_getTableXML($db, $table, $limit_from, $limit_to, $crlf, $err_url,
(isset($sql_query)?urldecode($sql_query):''));
}
$i++;
@@ -327,7 +327,7 @@ else {
|| (!isset($tmp_select) && !empty($table))) {
// to do: add option for the formatting ( c, l, r, p)
$dump_buffer .= PMA_getTableLatex($db, $table, $environment, $limit_from, $limit_to, $crlf, $err_url,
$dump_buffer .= PMA_getTableLatex($db, $table, $environment, $limit_from, $limit_to, $crlf, $err_url,
(isset($sql_query)?urldecode($sql_query):''));
}
$i++;
@@ -343,9 +343,6 @@ else {
} else if (empty($add_character)) {
$add_character = $GLOBALS['crlf'];
} else {
if (get_magic_quotes_gpc()) {
$add_character = stripslashes($add_character);
}
$add_character = str_replace('\\r', "\015", $add_character);
$add_character = str_replace('\\n', "\012", $add_character);
$add_character = str_replace('\\t', "\011", $add_character);

15
tbl_indexes.php3
View File

@@ -143,19 +143,6 @@ if ($fields_rs) {
}
/**
* Stipslashes some variables if required
*/
if (get_magic_quotes_gpc()) {
if (isset($index)) {
$index = stripslashes($index);
}
if (isset($old_index)) {
$old_index = stripslashes($old_index);
}
} // end if
/**
* Do run the query to build the new index and moves back to
* "tbl_properties.php3"
@@ -212,7 +199,7 @@ if (!defined('PMA_IDX_INCLUDED')
while (list($i, $name) = each($column)) {
if ($name != '--ignore--') {
$index_fields .= (empty($index_fields) ? '' : ',')
. PMA_backquote(get_magic_quotes_gpc() ? stripslashes($name) : $name)
. PMA_backquote($name)
. (empty($sub_part[$i]) ? '' : '(' . $sub_part[$i] . ')');
}
} // end while

9
tbl_move_copy.php3
View File

@@ -50,15 +50,6 @@ if (isset($new_name) && trim($new_name) != '') {
$use_backquotes = 1;
$asfile = 1;
if (get_magic_quotes_gpc()) {
if (!empty($target_db)) {
$target_db = stripslashes($target_db);
} else {
$target_db = stripslashes($db);
}
$new_name = stripslashes($new_name);
}
// Ensure the target is valid
if (count($dblist) > 0 &&
(PMA_isInto($db, $dblist) == -1 || PMA_isInto($target_db, $dblist) == -1)) {

43
tbl_properties.inc.php3
View File

@@ -82,13 +82,13 @@ for ($i = 0 ; $i < $num_fields; $i++) {
// Cell index: If certain fields get left out, the counter shouldn't chage.
$ci = 0;
if ($is_backup) {
$content_cells[$i][$ci] = "\n" . '<input type="hidden" name="field_orig[]" value="' . (isset($row) && isset($row['Field']) ? urlencode($row['Field']) : '') . '" />' . "\n";
} else {
$content_cells[$i][$ci] = '';
}
$content_cells[$i][$ci] .= "\n" . '<input id="field_' . $i . '_1" type="text" name="field_name[]" size="10" maxlength="64" value="' . (isset($row) && isset($row['Field']) ? str_replace('"', '&quot;', $row['Field']) : '') . '" class="textfield" />';
$ci++;
$content_cells[$i][$ci] = '<select name="field_type[]" id="field_' . $i . '_2">' . "\n";
@@ -97,9 +97,6 @@ for ($i = 0 ; $i < $num_fields; $i++) {
$row['Type'] = '';
$type = '';
}
else if (get_magic_quotes_gpc()) {
$type = stripslashes($row['Type']);
}
else {
$type = $row['Type'];
}
@@ -130,19 +127,19 @@ for ($i = 0 ; $i < $num_fields; $i++) {
}
$content_cells[$i][$ci] .= '>' . $cfg['ColumnTypes'][$j] . '</option>' . "\n";
} // end for
$content_cells[$i][$ci] .= ' </select>';
$ci++;
if ($is_backup) {
$content_cells[$i][$ci] = "\n" . '<input type="hidden" name="field_length_orig[]" value="' . urlencode($length) . '" />';
} else {
$content_cells[$i][$ci] = '';
}
$content_cells[$i][$ci] .= "\n" . '<input id="field_' . $i . '_3" type="text" name="field_length[]" size="8" value="' . str_replace('"', '&quot;', $length) . '" class="textfield" />' . "\n";
$ci++;
$content_cells[$i][$ci] = '<select name="field_attribute[]" id="field_' . $i . '_4">' . "\n";
if (eregi('^(set|enum)$', $type)) {
@@ -171,10 +168,10 @@ for ($i = 0 ; $i < $num_fields; $i++) {
}
$content_cells[$i][3] .= '>' . $cfg['AttributeTypes'][$j] . '</option>' . "\n";
}
$content_cells[$i][$ci] .= '</select>';
$ci++;
$content_cells[$i][$ci] = '<select name="field_null[]" id="field_' . $i . '_5">';
if (!isset($row) || empty($row['Null'])) {
@@ -189,7 +186,7 @@ for ($i = 0 ; $i < $num_fields; $i++) {
$content_cells[$i][$ci] .= "\n" . '</select>';
$ci++;
if (isset($row)
&& !isset($row['Default']) && !empty($row['Null'])) {
$row['Default'] = 'NULL';
@@ -200,10 +197,10 @@ for ($i = 0 ; $i < $num_fields; $i++) {
} else {
$content_cells[$i][5] = "\n";
}
$content_cells[$i][$ci] .= '<input id="field_' . $i . '_6" type="text" name="field_default[]" size="8" value="' . (isset($row) && isset($row['Default']) ? str_replace('"', '&quot;', $row['Default']) : '') . '" class="textfield" />';
$ci++;
$content_cells[$i][$ci] = '<select name="field_extra[]" id="field_' . $i . '_7">';
if(!isset($row) || empty($row['Extra'])) {
@@ -215,7 +212,7 @@ for ($i = 0 ; $i < $num_fields; $i++) {
$content_cells[$i][$ci] .= '<option value="AUTO_INCREMENT">auto_increment</option>' . "\n";
$content_cells[$i][$ci] .= '<option value=""></option>' . "\n";
}
$content_cells[$i][$ci] .= "\n" . '</select>';
$ci++;
@@ -238,7 +235,7 @@ for ($i = 0 ; $i < $num_fields; $i++) {
$content_cells[$i][$ci] .= ' <option value="' . str_replace('/', '_', $mimetype) . '" ' . $checked . '>' . htmlspecialchars($mimetype) . '</option>';
}
}
$content_cells[$i][$ci] .= '</select>';
$ci++;
@@ -251,7 +248,7 @@ for ($i = 0 ; $i < $num_fields; $i++) {
$content_cells[$i][$ci] .= '<option value="' . $available_mime['transformation_file'][$mimekey] . '" ' . $checked . '>' . htmlspecialchars($transform) . '</option>' . "\n";
}
}
$content_cells[$i][$ci] .= '</select>';
$ci++;
@@ -287,19 +284,19 @@ for ($i = 0 ; $i < $num_fields; $i++) {
} else {
$checked_fulltext = '';
}
$content_cells[$i][$ci] = "\n" . '<input type="radio" name="field_key_' . $i . '" value="primary_' . $i . '"' . $checked_primary . ' />';
$ci++;
$content_cells[$i][$ci] = "\n" . '<input type="radio" name="field_key_' . $i . '" value="index_' . $i . '"' . $checked_index . ' />';
$ci++;
$content_cells[$i][$ci] = "\n" . '<input type="radio" name="field_key_' . $i . '" value="unique_' . $i . '"' . $checked_unique . ' />';
$ci++;
$content_cells[$i][$ci] = "\n" . '<input type="radio" name="field_key_' . $i . '" value="none_' . $i . '"' . $checked_none . ' />';
$ci++;
if (PMA_MYSQL_INT_VERSION >= 32323) {
$content_cells[$i][$ci] = '<input type="checkbox" name="field_fulltext[]" value="' . $i . '"' . $checked_fulltext . ' />';
} // end if (PMA_MYSQL_INT_VERSION >= 32323)
@@ -327,7 +324,7 @@ while(@list($content_nr, $content_row) = @each($content_cells)) {
echo "\n" . '<tr>' . "\n";
$bgcolor = ($i % 2) ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo'];
while(list($content_row_nr, $content_row_val) = @each($content_row)) {
?>
<td bgcolor="<?php echo $bgcolor; ?>"><?php echo $content_row_val; ?></td>

2
tbl_properties_operations.php3
View File

@@ -25,7 +25,7 @@ if (isset($submitorderby) && !empty($order_field)) {
$sql_query = 'ALTER TABLE ' . PMA_backquote($table)
. ' ORDER BY ' . PMA_backquote(urldecode($order_field));
$result = PMA_mysql_query($sql_query) or PMA_mysqlDie('', $sql_query, '', $err_url);
PMA_showMessage((get_magic_quotes_gpc()) ? addslashes($strSuccess) : $strSuccess);
PMA_showMessage($strSuccess);
} // end if

5
tbl_properties_options.php3
View File

@@ -14,9 +14,6 @@ $url_query .= '&amp;goto=tbl_properties_options.php3&amp;back=tbl_properties_opt
* Updates table comment, type and options if required
*/
if (isset($submitcomment)) {
if (get_magic_quotes_gpc()) {
$comment = stripslashes($comment);
}
if (empty($prev_comment) || urldecode($prev_comment) != $comment) {
$sql_query = 'ALTER TABLE ' . PMA_backquote($table) . ' COMMENT = \'' . PMA_sqlAddslashes($comment) . '\'';
$result = PMA_mysql_query($sql_query) or PMA_mysqlDie('', $sql_query, '', $err_url);
@@ -39,7 +36,7 @@ if (isset($submitoptions)) {
// Displays a message if a query had been submitted
if (isset($message)) {
PMA_showMessage((get_magic_quotes_gpc()) ? addslashes($message) : $message);
PMA_showMessage($message);
}

11
tbl_query_box.php3
View File

@@ -12,9 +12,6 @@ if (isset($show_query) && $show_query == '1') {
$query_to_display = $sql_query_cpy;
}
// Other cases
else if (get_magic_quotes_gpc()) {
$query_to_display = stripslashes($sql_query);
}
else {
$query_to_display = $sql_query;
}
@@ -67,7 +64,7 @@ if ($cfg['QueryFrame'] && (!$cfg['QueryFrameJS'] || ($cfg['QueryFrameJS'] && !$d
} else {
$num_dbs = 0;
}
if ($num_dbs > 0) {
$queryframe_db_list = '<select size=1 name="db">';
for ($i = 0; $i < $num_dbs; $i++) {
@@ -217,10 +214,10 @@ if (!isset($is_inside_querywindow) || (isset($is_inside_querywindow) && $is_insi
if (!isset($is_inside_querywindow) ||
(isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full'))) {
// loic1: displays import dump feature only if file upload available
$ldi_target = 'ldi_table.php3?' . $url_query;
if ($is_upload && isset($db) && isset($table)) {
?>
<!-- Insert a text file -->
@@ -233,4 +230,4 @@ if (!isset($is_inside_querywindow) ||
}
echo "\n";
?>
</form>
</form>

3
tbl_rename.php3
View File

@@ -23,9 +23,6 @@ $err_url = 'tbl_properties.php3?' . PMA_generate_common_url($db, $table);
if (isset($new_name) && trim($new_name) != '') {
$old_name = $table;
$table = $new_name;
if (get_magic_quotes_gpc()) {
$new_name = stripslashes($new_name);
}
// Ensure the target is valid
if (count($dblist) > 0 && PMA_isInto($db, $dblist) == -1) {

3
tbl_replace.php3
View File

@@ -66,9 +66,6 @@ if (isset($funcs)) {
}
// Misc
if (get_magic_quotes_gpc()) {
$submit_type = stripslashes($submit_type);
}
$seen_binary = FALSE;
/**

16
tbl_replace_fields.php3
View File

@@ -8,14 +8,14 @@
// f i e l d u p l o a d e d f r o m a f i l e
// garvin: original if-clause checked, whether input was stored in a possible fields_upload_XX var.
// Now check, if the field is set. If it is empty or a malicious file, do not alter fields contents.
// Now check, if the field is set. If it is empty or a malicious file, do not alter fields contents.
// If an empty or invalid file is specified, the binary data gets deleter. Maybe a nice
// new text-variable is appropriate to document this behaviour.
// garvin: security cautions! You could trick the form and submit any file the webserver has access to
// for upload to a binary field. Shouldn't be that easy! ;)
// garvin: default is to advance to the field-value parsing. Will only be set to true when a
// garvin: default is to advance to the field-value parsing. Will only be set to true when a
// binary file is uploaded, thus bypassing further manipulation of $val.
$check_stop = false;
@@ -34,7 +34,7 @@
// nijel: This is probably the best way how to put binary data
// into MySQL and it also allow not to care about charset
// conversion that would otherwise corrupt the data.
if (!empty($val)) {
// garvin: The upload was valid. Check in new blob-field's contents.
$val = '0x' . bin2hex($val);
@@ -117,11 +117,7 @@
break;
default:
if (get_magic_quotes_gpc()) {
$val = "'" . str_replace('\\"', '"', $val) . "'";
} else {
$val = "'" . PMA_sqlAddslashes($val) . "'";
}
$val = "'" . PMA_sqlAddslashes($val) . "'";
break;
}
break;

7
tbl_select.php3
View File

@@ -227,7 +227,7 @@ else {
$sql_query .= ' FROM ' . PMA_backquote($table);
// The where clause
if ($where != '') {
$sql_query .= ' WHERE ' . ((get_magic_quotes_gpc()) ? stripslashes($where) : $where);
$sql_query .= ' WHERE ' . $where;
}
else {
$sql_query .= ' WHERE 1';
@@ -251,12 +251,7 @@ else {
$sql_query .= ' ORDER BY ' . PMA_backquote(urldecode($orderField)) . ' ' . $order;
} // end if
// The query will be stripslashed in sql.php3 if "magic_quotes_gpc" is on
if (get_magic_quotes_gpc()) {
$sql_query = addslashes($sql_query);
}
include('./sql.php3');
}
?>

12
transformation_wrapper.php3
View File

@@ -28,7 +28,7 @@ $cfgRelation = PMA_getRelationsParam();
if (!empty($message)) {
if (isset($goto)) {
$goto_cpy = $goto;
$goto = 'tbl_properties.php3?'
$goto = 'tbl_properties.php3?'
. PMA_generate_common_url($db, $table)
. '&amp;$show_query=1'
. '&amp;sql_query=' . urlencode($disp_query);
@@ -40,7 +40,7 @@ if (!empty($message)) {
unset($sql_query);
}
if (isset($disp_query)) {
$sql_query = (get_magic_quotes_gpc() ? stripslashes($disp_query) : $disp_query);
$sql_query = $disp_query;
}
PMA_showMessage($message);
if (isset($goto_cpy)) {
@@ -52,14 +52,6 @@ if (!empty($message)) {
unset($sql_query_cpy);
}
}
if (get_magic_quotes_gpc()) {
if (!empty($sql_query)) {
$sql_query = stripslashes($sql_query);
}
if (!empty($primary_key)) {
$primary_key = stripslashes($primary_key);
}
} // end if
/**

6
user_password.php3
View File

@@ -45,10 +45,6 @@ if (isset($nopass)) {
// here $nopass could be == 1
if (empty($error_msg)) {
if (get_magic_quotes_gpc() && $pma_pw != '') {
$pma_pw = stripslashes($pma_pw);
}
// Defines the url to return to in case of error in the sql statement
$common_url_query = PMA_generate_common_url();
@@ -72,7 +68,7 @@ if (isset($nopass)) {
include('./header.inc.php3');
echo '<h1>' . $strChangePassword . '</h1>' . "\n\n";
$show_query = 'y';
PMA_showMessage(get_magic_quotes_gpc() ? addslashes($strUpdateProfileMessage) : $strUpdateProfileMessage);
PMA_showMessage($strUpdateProfileMessage);
?>
<a href="index.php3?<?php echo $common_url_query . $http_logout; ?>" target="_parent">
<b><?php echo $strBack; ?></b></a>