bug #2724844 Add Fields: Add index is missing quotes

2009-04-09 10:03:03 +00:00
parent 2e8bff71ea
commit 316c5b6565
2 changed files with 15 additions and 5 deletions
--- a/2
+++ b/2
@@ -70,6 +70,8 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - patch #2715417 [interface] Fixed truncation of enum/set values containing parenthesis
  thanks to Marco Moreno - mmoreno
 + [lang] Spanish update, thanks to Daniel Hinostroza
+- bug #2724844 Add Fields: Add index is missing quotes
+  thanks to Luke Armstrong

 3.1.3.1 (2009-03-24)
 - [security] HTTP Response Splitting and file inclusion vulnerabilities 
--- a/tbl_addfield.php
+++ b/tbl_addfield.php
@@ -54,6 +54,7 @@ if (isset($_REQUEST['do_save_data'])) {
    $field_primary  = array();
    $field_index    = array();
    $field_unique   = array();
+    $field_fulltext = array();
    for ($i = 0; $i < $field_cnt; ++$i) {
        if (isset($_REQUEST['field_key'][$i])
         && strlen($_REQUEST['field_name'][$i])) {
@@ -66,6 +67,9 @@ if (isset($_REQUEST['do_save_data'])) {
            if ($_REQUEST['field_key'][$i] == 'unique_' . $i) {
                $field_unique[]  = $i;
            }
+            if ($_REQUEST['field_key'][$i] == 'fulltext_' . $i) {
+                $field_fulltext[]  = $i;
+            }
        } // end if
    } // end for

@@ -118,36 +122,40 @@ if (isset($_REQUEST['do_save_data'])) {
    if (count($field_primary)) {
        $fields = array();
        foreach ($field_primary as $field_nr) {
-            $fields[] = $_REQUEST['field_name'][$field_nr];
+            $fields[] = PMA_backquote($_REQUEST['field_name'][$field_nr]);
        }
        $definitions[] = ' ADD PRIMARY KEY (' . implode(', ', $fields) . ') ';
+        unset($fields);
    }

    // Builds the indexes statements and updates the table
    if (count($field_index)) {
        $fields = array();
        foreach ($field_index as $field_nr) {
-            $fields[] = $_REQUEST['field_name'][$field_nr];
+            $fields[] = PMA_backquote($_REQUEST['field_name'][$field_nr]);
        }
        $definitions[] = ' ADD INDEX (' . implode(', ', $fields) . ') ';
+        unset($fields);
    }

    // Builds the uniques statements and updates the table
    if (count($field_unique)) {
        $fields = array();
        foreach ($field_unique as $field_nr) {
-            $fields[] = $_REQUEST['field_name'][$field_nr];
+            $fields[] = PMA_backquote($_REQUEST['field_name'][$field_nr]);
        }
        $definitions[] = ' ADD UNIQUE (' . implode(', ', $fields) . ') ';
+        unset($fields);
    }

    // Builds the fulltext statements and updates the table
-    if (isset($field_fulltext) && count($field_fulltext)) {
+    if (count($field_fulltext)) {
        $fields = array();
        foreach ($field_fulltext as $field_nr) {
-            $fields[] = $_REQUEST['field_name'][$field_nr];
+            $fields[] = PMA_backquote($_REQUEST['field_name'][$field_nr]);
        }
        $definitions[] = ' ADD FULLTEXT (' . implode(', ', $fields) . ') ';
+        unset($fields);
    }

    // To allow replication, we first select the db to use and then run queries