nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #1179241 escaping apostrophe in generated PHP code

Browse Source
This commit is contained in:
Marc Delisle
2005-04-25 20:24:35 +00:00
parent 10204fcf49
commit 450f13064c
2 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@@ -13,6 +13,8 @@ $Source$
as a table/column name, but others (like Storage) are allowed. as a table/column name, but others (like Storage) are allowed.
Now the query works. TODO: do not pretty print in color, Now the query works. TODO: do not pretty print in color,
in this case in this case
* libraries/common.lib.php: bug #1179241, wrong escaping of
apostrophe in generated PHP code
2005-04-25 Michal Čihař <michal@cihar.com> 2005-04-25 Michal Čihař <michal@cihar.com>
* lang/czech: Update. * lang/czech: Update.

15
libraries/common.lib.php
View File

@@ -406,11 +406,14 @@ if ($is_minimum_common == FALSE) {
* @param boolean whether to treat cr/lfs as escape-worthy entities * @param boolean whether to treat cr/lfs as escape-worthy entities
* (converts \n to \\n, \r to \\r) * (converts \n to \\n, \r to \\r)
* *
* @param boolean whether this function is used as part of the
* "Create PHP code" dialog
*
* @return string the slashed string * @return string the slashed string
* *
* @access public * @access public
*/ */
function PMA_sqlAddslashes($a_string = '', $is_like = FALSE, $crlf = FALSE) function PMA_sqlAddslashes($a_string = '', $is_like = FALSE, $crlf = FALSE, $php_code = FALSE)
{ {
if ($is_like) { if ($is_like) {
$a_string = str_replace('\\', '\\\\\\\\', $a_string); $a_string = str_replace('\\', '\\\\\\\\', $a_string);
@@ -424,7 +427,11 @@ if ($is_minimum_common == FALSE) {
$a_string = str_replace("\t", '\t', $a_string); $a_string = str_replace("\t", '\t', $a_string);
} }
$a_string = str_replace('\'', '\'\'', $a_string); if ($php_code) {
$a_string = str_replace('\'', '\\\'', $a_string);
} else {
$a_string = str_replace('\'', '\'\'', $a_string);
}
return $a_string; return $a_string;
} // end of the 'PMA_sqlAddslashes()' function } // end of the 'PMA_sqlAddslashes()' function
@@ -1717,13 +1724,13 @@ if (typeof(document.getElementById) != 'undefined'
// xhtml1.0 statement before php4.0.5 ("<br>" and not "<br />") // xhtml1.0 statement before php4.0.5 ("<br>" and not "<br />")
// If we want to show some sql code it is easiest to create it here // If we want to show some sql code it is easiest to create it here
/* SQL-Parser-Analyzer */ /* SQL-Parser-Analyzer */
$sqlnr = 1;
if (!empty($GLOBALS['show_as_php'])) { if (!empty($GLOBALS['show_as_php'])) {
$new_line = '\'<br />' . "\n" . '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;. \' '; $new_line = '\'<br />' . "\n" . '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;. \' ';
} }
if (isset($new_line)) { if (isset($new_line)) {
/* SQL-Parser-Analyzer */ /* SQL-Parser-Analyzer */
$query_base = PMA_sqlAddslashes(htmlspecialchars($local_query)); $query_base = PMA_sqlAddslashes(htmlspecialchars($local_query), FALSE, FALSE, TRUE);
/* SQL-Parser-Analyzer */ /* SQL-Parser-Analyzer */
$query_base = preg_replace("@((\015\012)|(\015)|(\012))+@", $new_line, $query_base); $query_base = preg_replace("@((\015\012)|(\015)|(\012))+@", $new_line, $query_base);
} else { } else {