nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed bug #1433882 html special chars not escaped in query in querybox

Browse Source
This commit is contained in:
Sebastian Mendel
2006-02-18 13:51:11 +00:00
parent 29b387b350
commit 2433c3f2af
2 changed files with 56 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@@ -5,6 +5,9 @@ phpMyAdmin - Changelog
$Id$ $Id$
$Source$ $Source$
2006-02-17 Sebastian Mendel <cybot_tm@users.sourceforge.net>
* libraries/sql_query_form.lib.php:
fixed bug #1433882 html special chars not escaped in query in querybox
2006-02-17 Marc Delisle <lem9@users.sourceforge.net> 2006-02-17 Marc Delisle <lem9@users.sourceforge.net>
* lang/*, db_details_structure.php: * lang/*, db_details_structure.php:
bug #1431352, no %d in strViewMaxExactCount bug #1431352, no %d in strViewMaxExactCount

106
libraries/sql_query_form.lib.php
View File

@@ -3,7 +3,7 @@
// vim: expandtab sw=4 ts=4 sts=4: // vim: expandtab sw=4 ts=4 sts=4:
/** /**
* functions for displaying the sql query form * functions for displaying the sql query form
* *
* @usedby server_sql.php * @usedby server_sql.php
* @usedby db_details.php * @usedby db_details.php
* @usedby tbl_properties.php * @usedby tbl_properties.php
@@ -11,12 +11,12 @@
* @usedby querywindow.php * @usedby querywindow.php
*/ */
require_once('./libraries/file_listing.php'); // used for file listing require_once './libraries/file_listing.php'; // used for file listing
require_once('./libraries/bookmark.lib.php'); // used for file listing require_once './libraries/bookmark.lib.php'; // used for file listing
/** /**
* prints the sql query boxes * prints the sql query boxes
* *
* @usedby server_sql.php * @usedby server_sql.php
* @usedby db_details.php * @usedby db_details.php
* @usedby tbl_properties.php * @usedby tbl_properties.php
@@ -55,7 +55,7 @@ require_once('./libraries/bookmark.lib.php'); // used for file listing
* @param boolean|string $query query to display in the textarea * @param boolean|string $query query to display in the textarea
* or true to display last executed * or true to display last executed
* @param boolean|string $display_tab sql|files|history|full|FALSE * @param boolean|string $display_tab sql|files|history|full|FALSE
* what part to display * what part to display
* false if not inside querywindow * false if not inside querywindow
*/ */
function PMA_sqlQueryForm($query = true, $display_tab = false) function PMA_sqlQueryForm($query = true, $display_tab = false)
@@ -67,38 +67,38 @@ function PMA_sqlQueryForm($query = true, $display_tab = false)
} else { } else {
$is_querywindow = true; $is_querywindow = true;
} }
// query to show // query to show
if (true === $query) { if (true === $query) {
$query = empty($GLOBALS['sql_query']) ? '' : $GLOBALS['sql_query']; $query = empty($GLOBALS['sql_query']) ? '' : $GLOBALS['sql_query'];
} }
// set enctype to multipart for file uploads // set enctype to multipart for file uploads
if ($GLOBALS['is_upload']) { if ($GLOBALS['is_upload']) {
$enctype = ' enctype="multipart/form-data"'; $enctype = ' enctype="multipart/form-data"';
} else { } else {
$enctype = ''; $enctype = '';
} }
$table = ''; $table = '';
$db = ''; $db = '';
if (! isset($GLOBALS['db']) || ! strlen($GLOBALS['db'])) { if (! isset($GLOBALS['db']) || ! strlen($GLOBALS['db'])) {
// prepare for server related // prepare for server related
$goto = empty($GLOBALS['goto']) ? $goto = empty($GLOBALS['goto']) ?
'server_sql.php' : $GLOBALS['goto']; 'server_sql.php' : $GLOBALS['goto'];
} elseif (! isset($GLOBALS['table']) || ! strlen($GLOBALS['table'])) { } elseif (! isset($GLOBALS['table']) || ! strlen($GLOBALS['table'])) {
// prepare for db related // prepare for db related
$db = $GLOBALS['db']; $db = $GLOBALS['db'];
$goto = empty($GLOBALS['goto']) ? $goto = empty($GLOBALS['goto']) ?
'db_details.php' : $GLOBALS['goto']; 'db_details.php' : $GLOBALS['goto'];
} else { } else {
$table = $GLOBALS['table']; $table = $GLOBALS['table'];
$db = $GLOBALS['db']; $db = $GLOBALS['db'];
$goto = empty($GLOBALS['goto']) ? $goto = empty($GLOBALS['goto']) ?
'tbl_properties.php' : $GLOBALS['goto']; 'tbl_properties.php' : $GLOBALS['goto'];
} }
// start output // start output
if ($is_querywindow) { if ($is_querywindow) {
?> ?>
@@ -113,7 +113,7 @@ function PMA_sqlQueryForm($query = true, $display_tab = false)
echo '<form method="post" action="import.php" ' . $enctype . ' id="sqlqueryform"' echo '<form method="post" action="import.php" ' . $enctype . ' id="sqlqueryform"'
.' onsubmit="return checkSqlQuery(this)" name="sqlform">' . "\n"; .' onsubmit="return checkSqlQuery(this)" name="sqlform">' . "\n";
} }
if ($is_querywindow) { if ($is_querywindow) {
echo '<input type="hidden" name="focus_querywindow" value="true" />' echo '<input type="hidden" name="focus_querywindow" value="true" />'
."\n"; ."\n";
@@ -125,23 +125,23 @@ function PMA_sqlQueryForm($query = true, $display_tab = false)
echo '<input type="hidden" name="is_js_confirmed" value="0" />' . "\n" echo '<input type="hidden" name="is_js_confirmed" value="0" />' . "\n"
.PMA_generate_common_hidden_inputs($db, $table) . "\n" .PMA_generate_common_hidden_inputs($db, $table) . "\n"
.'<input type="hidden" name="pos" value="0" />' . "\n" .'<input type="hidden" name="pos" value="0" />' . "\n"
.'<input type="hidden" name="goto" value="' .'<input type="hidden" name="goto" value="'
.htmlspecialchars($goto) . '" />' . "\n" .htmlspecialchars($goto) . '" />' . "\n"
.'<input type="hidden" name="zero_rows" value="' .'<input type="hidden" name="zero_rows" value="'
. htmlspecialchars($GLOBALS['strSuccess']) . '" />' . "\n" . htmlspecialchars($GLOBALS['strSuccess']) . '" />' . "\n"
.'<input type="hidden" name="prev_sql_query" value="' .'<input type="hidden" name="prev_sql_query" value="'
. htmlspecialchars($query) . '" />' . "\n"; . htmlspecialchars($query) . '" />' . "\n";
// display querybox // display querybox
if ($display_tab === 'full' || $display_tab === 'sql') { if ($display_tab === 'full' || $display_tab === 'sql') {
PMA_sqlQueryFormInsert($query, $is_querywindow); PMA_sqlQueryFormInsert($query, $is_querywindow);
} }
// display uploads // display uploads
if ($display_tab === 'files' && $GLOBALS['is_upload']) { if ($display_tab === 'files' && $GLOBALS['is_upload']) {
PMA_sqlQueryFormUpload(); PMA_sqlQueryFormUpload();
} }
// Bookmark Support // Bookmark Support
if ($display_tab === 'full' || $display_tab === 'history') { if ($display_tab === 'full' || $display_tab === 'history') {
if (! empty( $GLOBALS['cfg']['Bookmark']) if (! empty( $GLOBALS['cfg']['Bookmark'])
@@ -150,19 +150,19 @@ function PMA_sqlQueryForm($query = true, $display_tab = false)
PMA_sqlQueryFormBookmark(); PMA_sqlQueryFormBookmark();
} }
} }
// Encoding setting form appended by Y.Kawada // Encoding setting form appended by Y.Kawada
if (function_exists('PMA_set_enc_form')) { if (function_exists('PMA_set_enc_form')) {
echo PMA_set_enc_form(' '); echo PMA_set_enc_form(' ');
} }
echo '</form>' . "\n"; echo '</form>' . "\n";
} }
/** /**
* prints querybox fieldset * prints querybox fieldset
* *
* @usedby PMA_sqlQueryForm() * @usedby PMA_sqlQueryForm()
* @uses $GLOBALS['text_dir'] * @uses $GLOBALS['text_dir']
* @uses $GLOBALS['cfg']['TextareaAutoSelect'] * @uses $GLOBALS['cfg']['TextareaAutoSelect']
* @uses $GLOBALS['cfg']['TextareaCols'] * @uses $GLOBALS['cfg']['TextareaCols']
@@ -180,14 +180,14 @@ function PMA_sqlQueryForm($query = true, $display_tab = false)
*/ */
function PMA_sqlQueryFormInsert($query = '', $is_querywindow = false) function PMA_sqlQueryFormInsert($query = '', $is_querywindow = false)
{ {
// enable auto select text in textarea // enable auto select text in textarea
if ($GLOBALS['cfg']['TextareaAutoSelect']) { if ($GLOBALS['cfg']['TextareaAutoSelect']) {
$auto_sel = ' onfocus="selectContent( this, sql_box_locked, true )"'; $auto_sel = ' onfocus="selectContent( this, sql_box_locked, true )"';
} else { } else {
$auto_sel = ''; $auto_sel = '';
} }
// enable locking if inside query window // enable locking if inside query window
if ($is_querywindow) { if ($is_querywindow) {
$locking = ' onkeypress="document.sqlform.elements[\'LockFromUpdate\'].' $locking = ' onkeypress="document.sqlform.elements[\'LockFromUpdate\'].'
@@ -195,7 +195,7 @@ function PMA_sqlQueryFormInsert($query = '', $is_querywindow = false)
} else { } else {
$locking = ''; $locking = '';
} }
$table = ''; $table = '';
$db = ''; $db = '';
$fields_list = array(); $fields_list = array();
@@ -208,7 +208,7 @@ function PMA_sqlQueryFormInsert($query = '', $is_querywindow = false)
// prepare for db related // prepare for db related
$db = $GLOBALS['db']; $db = $GLOBALS['db'];
// if you want navigation: // if you want navigation:
$strDBLink = '<a href="' . $GLOBALS['cfg']['DefaultTabDatabase'] $strDBLink = '<a href="' . $GLOBALS['cfg']['DefaultTabDatabase']
. '?' . PMA_generate_common_url($db) . '"'; . '?' . PMA_generate_common_url($db) . '"';
if ($is_querywindow) { if ($is_querywindow) {
$strDBLink .= ' target="_self"' $strDBLink .= ' target="_self"'
@@ -220,7 +220,7 @@ function PMA_sqlQueryFormInsert($query = '', $is_querywindow = false)
// $strDBLink = htmlspecialchars($db); // $strDBLink = htmlspecialchars($db);
$legend = sprintf($GLOBALS['strRunSQLQuery'], $strDBLink); $legend = sprintf($GLOBALS['strRunSQLQuery'], $strDBLink);
if (empty($query)) { if (empty($query)) {
$query = str_replace('%d', $query = str_replace('%d',
PMA_backquote($db), $GLOBALS['cfg']['DefaultQueryDatabase']); PMA_backquote($db), $GLOBALS['cfg']['DefaultQueryDatabase']);
} }
} else { } else {
@@ -229,11 +229,11 @@ function PMA_sqlQueryFormInsert($query = '', $is_querywindow = false)
// Get the list and number of fields // Get the list and number of fields
// we do a try_query here, because we could be in the query window, // we do a try_query here, because we could be in the query window,
// trying to synchonize and the table has not yet been created // trying to synchonize and the table has not yet been created
$fields_list = PMA_DBI_fetch_result( $fields_list = PMA_DBI_fetch_result(
'SHOW FULL COLUMNS FROM ' . PMA_backquote($db) 'SHOW FULL COLUMNS FROM ' . PMA_backquote($db)
. '.' . PMA_backquote($GLOBALS['table'])); . '.' . PMA_backquote($GLOBALS['table']));
$strDBLink = '<a href="' . $GLOBALS['cfg']['DefaultTabDatabase'] $strDBLink = '<a href="' . $GLOBALS['cfg']['DefaultTabDatabase']
. '?' . PMA_generate_common_url($db) . '"'; . '?' . PMA_generate_common_url($db) . '"';
if ($is_querywindow) { if ($is_querywindow) {
$strDBLink .= ' target="_self"' $strDBLink .= ' target="_self"'
@@ -265,7 +265,7 @@ function PMA_sqlQueryFormInsert($query = '', $is_querywindow = false)
} else { } else {
$sqlquerycontainer_id = 'sqlquerycontainerfull'; $sqlquerycontainer_id = 'sqlquerycontainerfull';
} }
echo '<a name="querybox"></a>' . "\n" echo '<a name="querybox"></a>' . "\n"
.'<div id="queryboxcontainer">' . "\n" .'<div id="queryboxcontainer">' . "\n"
.'<fieldset id="querybox">' . "\n"; .'<fieldset id="querybox">' . "\n";
@@ -273,12 +273,12 @@ function PMA_sqlQueryFormInsert($query = '', $is_querywindow = false)
echo '<div id="queryfieldscontainer">' . "\n"; echo '<div id="queryfieldscontainer">' . "\n";
echo '<div id="' . $sqlquerycontainer_id . '">' . "\n" echo '<div id="' . $sqlquerycontainer_id . '">' . "\n"
.'<textarea name="sql_query" id="sqlquery"' .'<textarea name="sql_query" id="sqlquery"'
.' cols="' . $GLOBALS['cfg']['TextareaCols'] . '"' .' cols="' . $GLOBALS['cfg']['TextareaCols'] . '"'
.' rows="' . $GLOBALS['cfg']['TextareaRows'] . '"' .' rows="' . $GLOBALS['cfg']['TextareaRows'] . '"'
.' dir="' . $GLOBALS['text_dir'] . '"' .' dir="' . $GLOBALS['text_dir'] . '"'
.$auto_sel . $locking . '>' . $query . '</textarea>' . "\n"; .$auto_sel . $locking . '>' . htmlspecialchars($query) . '</textarea>' . "\n";
echo '</div>' . "\n"; echo '</div>' . "\n";
if (count($fields_list)) { if (count($fields_list)) {
echo '<div id="tablefieldscontainer">' . "\n" echo '<div id="tablefieldscontainer">' . "\n"
.'<label>' . $GLOBALS['strFields'] . '</label>' . "\n" .'<label>' . $GLOBALS['strFields'] . '</label>' . "\n"
@@ -286,7 +286,7 @@ function PMA_sqlQueryFormInsert($query = '', $is_querywindow = false)
.'size="' . ($GLOBALS['cfg']['TextareaRows'] - 2) . '" ' .'size="' . ($GLOBALS['cfg']['TextareaRows'] - 2) . '" '
.'multiple="multiple" ondblclick="insertValueQuery()">' . "\n"; .'multiple="multiple" ondblclick="insertValueQuery()">' . "\n";
foreach ($fields_list as $field) { foreach ($fields_list as $field) {
echo '<option value="' echo '<option value="'
.PMA_backquote(htmlspecialchars($field['Field'])) . '"'; .PMA_backquote(htmlspecialchars($field['Field'])) . '"';
if (isset($field['Field']) && strlen($field['Field']) && isset($field['Comment'])) { if (isset($field['Field']) && strlen($field['Field']) && isset($field['Comment'])) {
echo ' title="' . htmlspecialchars($field['Comment']) . '"'; echo ' title="' . htmlspecialchars($field['Comment']) . '"';
@@ -307,10 +307,10 @@ function PMA_sqlQueryFormInsert($query = '', $is_querywindow = false)
echo '</div>' . "\n" echo '</div>' . "\n"
.'</div>' . "\n"; .'</div>' . "\n";
} }
echo '<div class="clearfloat"></div>' . "\n"; echo '<div class="clearfloat"></div>' . "\n";
echo '</div>' . "\n"; echo '</div>' . "\n";
if (! empty($GLOBALS['cfg']['Bookmark']) if (! empty($GLOBALS['cfg']['Bookmark'])
&& $GLOBALS['cfg']['Bookmark']['db'] && $GLOBALS['cfg']['Bookmark']['db']
&& $GLOBALS['cfg']['Bookmark']['table']) { && $GLOBALS['cfg']['Bookmark']['table']) {
@@ -322,13 +322,13 @@ function PMA_sqlQueryFormInsert($query = '', $is_querywindow = false)
<input type="text" name="bkm_label" id="bkm_label" value="" /> <input type="text" name="bkm_label" id="bkm_label" value="" />
</div> </div>
<div class="formelement"> <div class="formelement">
<input type="checkbox" name="bkm_all_users" id="id_bkm_all_users" <input type="checkbox" name="bkm_all_users" id="id_bkm_all_users"
value="true" /> value="true" />
<label for="id_bkm_all_users"> <label for="id_bkm_all_users">
<?php echo $GLOBALS['strBookmarkAllUsers']; ?></label> <?php echo $GLOBALS['strBookmarkAllUsers']; ?></label>
</div> </div>
<div class="formelement"> <div class="formelement">
<input type="checkbox" name="bkm_replace" id="id_bkm_replace" <input type="checkbox" name="bkm_replace" id="id_bkm_replace"
value="true" /> value="true" />
<label for="id_bkm_replace"> <label for="id_bkm_replace">
<?php echo $GLOBALS['strBookmarkReplace']; ?></label> <?php echo $GLOBALS['strBookmarkReplace']; ?></label>
@@ -336,11 +336,11 @@ function PMA_sqlQueryFormInsert($query = '', $is_querywindow = false)
</div> </div>
<?php <?php
} }
echo '<div class="clearfloat"></div>' . "\n"; echo '<div class="clearfloat"></div>' . "\n";
echo '</fieldset>' . "\n" echo '</fieldset>' . "\n"
.'</div>' . "\n"; .'</div>' . "\n";
echo '<fieldset id="queryboxfooter" class="tblFooters">' . "\n"; echo '<fieldset id="queryboxfooter" class="tblFooters">' . "\n";
echo '<div class="formelement">' . "\n"; echo '<div class="formelement">' . "\n";
if ($is_querywindow) { if ($is_querywindow) {
@@ -356,7 +356,7 @@ function PMA_sqlQueryFormInsert($query = '', $is_querywindow = false)
echo '<div class="formelement">' . "\n"; echo '<div class="formelement">' . "\n";
echo '<input type="checkbox" name="show_query" value="1" ' echo '<input type="checkbox" name="show_query" value="1" '
.'id="checkbox_show_query" checked="checked" />' . "\n" .'id="checkbox_show_query" checked="checked" />' . "\n"
.'<label for="checkbox_show_query">' . $GLOBALS['strShowThisQuery'] .'<label for="checkbox_show_query">' . $GLOBALS['strShowThisQuery']
.'</label>' . "\n"; .'</label>' . "\n";
echo '</div>' . "\n"; echo '</div>' . "\n";
echo '<input type="submit" name="SQL" value="' . $GLOBALS['strGo'] . '" />' echo '<input type="submit" name="SQL" value="' . $GLOBALS['strGo'] . '" />'
@@ -367,7 +367,7 @@ function PMA_sqlQueryFormInsert($query = '', $is_querywindow = false)
/** /**
* prints bookmark fieldset * prints bookmark fieldset
* *
* @usedby PMA_sqlQueryForm() * @usedby PMA_sqlQueryForm()
* @uses PMA_listBookmarks() * @uses PMA_listBookmarks()
* @uses $GLOBALS['db'] * @uses $GLOBALS['db']
@@ -390,7 +390,7 @@ function PMA_sqlQueryFormBookmark()
if (! $bookmark_list || count($bookmark_list) < 1) { if (! $bookmark_list || count($bookmark_list) < 1) {
return; return;
} }
echo '<fieldset id="bookmarkoptions">'; echo '<fieldset id="bookmarkoptions">';
echo '<legend>'; echo '<legend>';
echo $GLOBALS['strBookmarkQuery'] . '</legend>' . "\n"; echo $GLOBALS['strBookmarkQuery'] . '</legend>' . "\n";
@@ -398,7 +398,7 @@ function PMA_sqlQueryFormBookmark()
echo '<select name="id_bookmark">' . "\n"; echo '<select name="id_bookmark">' . "\n";
echo '<option value=""></option>' . "\n"; echo '<option value=""></option>' . "\n";
foreach ($bookmark_list as $key => $value) { foreach ($bookmark_list as $key => $value) {
echo '<option value="' . htmlspecialchars($key) . '">' echo '<option value="' . htmlspecialchars($key) . '">'
.htmlspecialchars($value) . '</option>' . "\n"; .htmlspecialchars($value) . '</option>' . "\n";
} }
// &nbsp; is required for correct display with styles/line height // &nbsp; is required for correct display with styles/line height
@@ -416,7 +416,7 @@ function PMA_sqlQueryFormBookmark()
echo ' (<a href="./Documentation.html#faqbookmark"' echo ' (<a href="./Documentation.html#faqbookmark"'
.' target="documentation">' . $GLOBALS['strDocu'] . '</a>): '; .' target="documentation">' . $GLOBALS['strDocu'] . '</a>): ';
} }
echo '<input type="text" name="bookmark_variable" class="textfield"' echo '<input type="text" name="bookmark_variable" class="textfield"'
.' size="10" />' . "\n"; .' size="10" />' . "\n";
echo '</div>' . "\n"; echo '</div>' . "\n";
echo '<div class="formelement">' . "\n"; echo '<div class="formelement">' . "\n";
@@ -435,7 +435,7 @@ function PMA_sqlQueryFormBookmark()
echo '</div>' . "\n"; echo '</div>' . "\n";
echo '<div class="clearfloat"></div>' . "\n"; echo '<div class="clearfloat"></div>' . "\n";
echo '</fieldset>' . "\n"; echo '</fieldset>' . "\n";
echo '<fieldset id="bookmarkoptionsfooter" class="tblFooters">' . "\n"; echo '<fieldset id="bookmarkoptionsfooter" class="tblFooters">' . "\n";
echo '<input type="submit" name="SQL" value="' . $GLOBALS['strGo'] . '" />'; echo '<input type="submit" name="SQL" value="' . $GLOBALS['strGo'] . '" />';
echo '<div class="clearfloat"></div>' . "\n"; echo '<div class="clearfloat"></div>' . "\n";
@@ -444,7 +444,7 @@ function PMA_sqlQueryFormBookmark()
/** /**
* prints bookmark fieldset * prints bookmark fieldset
* *
* @usedby PMA_sqlQueryForm() * @usedby PMA_sqlQueryForm()
* @uses $GLOBALS['cfg']['GZipDump'] * @uses $GLOBALS['cfg']['GZipDump']
* @uses $GLOBALS['cfg']['BZipDump'] * @uses $GLOBALS['cfg']['BZipDump']
@@ -494,7 +494,7 @@ function PMA_sqlQueryFormUpload(){
// some browsers should respect this :) // some browsers should respect this :)
echo PMA_generateHiddenMaxFileSize($GLOBALS['max_upload_size']) . "\n"; echo PMA_generateHiddenMaxFileSize($GLOBALS['max_upload_size']) . "\n";
echo '</div>'; echo '</div>';
if ($files === FALSE) { if ($files === FALSE) {
$errors[$GLOBALS['strError']] = $GLOBALS['strWebServerUploadDirectoryError']; $errors[$GLOBALS['strError']] = $GLOBALS['strWebServerUploadDirectoryError'];
} elseif (!empty($files)) { } elseif (!empty($files)) {
@@ -534,7 +534,7 @@ function PMA_sqlQueryFormUpload(){
.'" />' . "\n"; .'" />' . "\n";
echo '<div class="clearfloat"></div>' . "\n"; echo '<div class="clearfloat"></div>' . "\n";
echo '</fieldset>'; echo '</fieldset>';
foreach ( $errors as $error => $message ) { foreach ( $errors as $error => $message ) {
echo '<div>' . $error . '</div>'; echo '<div>' . $error . '</div>';
echo '<div>' . $message . '</div>'; echo '<div>' . $message . '</div>';