From 3258795c5bac90f90ad771be731bdec28d21265c Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Tue, 4 Dec 2007 18:07:16 +0000 Subject: [PATCH] bug #1807816 [search] regular expression search does not work with backslashes --- ChangeLog | 2 ++ db_search.php | 23 ++++++++++++++--------- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index f67621f16..baa2af4af 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,8 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA 2.11.4.0 (not yet released) - bug #1843428 [GUI] Space issue with DROP/DELETE/ALTER TABLE +- bug #1807816 [search] regular expression search doesn't work with + backslashes 2.11.3.0 (not yet released) - patch #1818389 to remove a notice (failed to flush buffer), thanks to diff --git a/db_search.php b/db_search.php index ba8f8b968..2c7873bc6 100644 --- a/db_search.php +++ b/db_search.php @@ -82,14 +82,6 @@ $search_options = array( '4' => $GLOBALS['strSearchOption4'], ); -if (empty($_REQUEST['search_str']) || ! is_string($_REQUEST['search_str'])) { - unset($_REQUEST['submit_search']); - $searched = ''; -} else { - $searched = htmlspecialchars($_REQUEST['search_str']); - $search_str = PMA_sqlAddslashes($_REQUEST['search_str'], true); -} - if (empty($_REQUEST['search_option']) || ! is_string($_REQUEST['search_option']) || ! array_key_exists($_REQUEST['search_option'], $search_options)) { $search_option = 1; @@ -99,6 +91,20 @@ if (empty($_REQUEST['search_option']) || ! is_string($_REQUEST['search_option']) $option_str = $search_options[$_REQUEST['search_option']]; } +if (empty($_REQUEST['search_str']) || ! is_string($_REQUEST['search_str'])) { + unset($_REQUEST['submit_search']); + $searched = ''; +} else { + $searched = htmlspecialchars($_REQUEST['search_str']); + // For "as regular expression" (search option 4), we should not treat + // this as an expression that contains a LIKE (second parameter of + // PMA_sqlAddslashes()). + // + // Usage example: If user is seaching for a literal $ in a regexp search, + // he should enter \$ as the value. + $search_str = PMA_sqlAddslashes($_REQUEST['search_str'], ($search_option == 4 ? false : true)); +} + $tables_selected = array(); if (empty($_REQUEST['table_select']) || ! is_array($_REQUEST['table_select'])) { unset($_REQUEST['submit_search']); @@ -219,7 +225,6 @@ if (isset($_REQUEST['submit_search'])) { // VIEWs, anyway we have a WHERE clause that should limit results $sql['select_count'] = $sqlstr_select . ' COUNT(*) AS `count`' . $sqlstr_from . $sqlstr_where; $sql['delete'] = $sqlstr_delete . $sqlstr_from . $sqlstr_where; - return $sql; } // end of the "PMA_getSearchSqls()" function