nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug #839630: Safer checks for array existence.

Browse Source
This commit is contained in:
Garvin Hicking
2003-11-11 10:09:29 +00:00
parent 45b59e49ce
commit 4fa3369d85
2 changed files with 47 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -5,6 +5,10 @@ phpMyAdmin - Changelog
$Id$ $Id$
$Source$ $Source$
2003-11-11 Garvin Hicking <antikarneval@supergarv.de>
* libraries/display_tbl.lib.php3: Added more secure checks
for each'ing on arrays built by the query analyzer. (Bug #839630)
2003-11-10 Marc Delisle <lem9@users.sourceforge.net> 2003-11-10 Marc Delisle <lem9@users.sourceforge.net>
* scripts/extchg.sh: bug 839081: generator.sh was not converted * scripts/extchg.sh: bug 839081: generator.sh was not converted

12
libraries/display_tbl.lib.php3
View File

@@ -718,11 +718,13 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
isset($analyzed_sql[0]['where_clause_identifiers'])) { isset($analyzed_sql[0]['where_clause_identifiers'])) {
$wi = 0; $wi = 0;
@reset($analyzed_sql[0]['where_clause_identifiers']); if (isset($analyzed_sql[0]['where_clause_identifiers']) && is_array($analyzed_sql[0]['where_clause_identifiers'])) {
reset($analyzed_sql[0]['where_clause_identifiers']);
while(list($wci_nr, $wci) = each($analyzed_sql[0]['where_clause_identifiers'])) { while(list($wci_nr, $wci) = each($analyzed_sql[0]['where_clause_identifiers'])) {
$highlight_columns[$wci] = 'true'; $highlight_columns[$wci] = 'true';
} }
} }
}
for ($i = 0; $i < $fields_cnt; $i++) { for ($i = 0; $i < $fields_cnt; $i++) {
// garvin: See if this column should get highlight because it's used in the // garvin: See if this column should get highlight because it's used in the
// where-query. // where-query.
@@ -1035,6 +1037,7 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
// do not use an alias in a condition // do not use an alias in a condition
$column_for_condition = $meta->name; $column_for_condition = $meta->name;
if (isset($analyzed_sql[0]['select_expr']) && is_array($analyzed_sql[0]['select_expr'])) {
reset($analyzed_sql[0]['select_expr']); reset($analyzed_sql[0]['select_expr']);
while (list ($select_expr_position, $select_expr) = each ($analyzed_sql[0]['select_expr'])) { while (list ($select_expr_position, $select_expr) = each ($analyzed_sql[0]['select_expr'])) {
$alias = $analyzed_sql[0]['select_expr'][$select_expr_position]['alias']; $alias = $analyzed_sql[0]['select_expr'][$select_expr_position]['alias'];
@@ -1045,6 +1048,7 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
} // end if } // end if
} // end if } // end if
} // end while } // end while
}
// to fix the bug where float fields (primary or not) // to fix the bug where float fields (primary or not)
// can't be matched because of the imprecision of // can't be matched because of the imprecision of
@@ -1280,6 +1284,7 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
} else if ($row[$pointer] != '') { } else if ($row[$pointer] != '') {
$vertical_display['data'][$row_no][$i] = ' <td align="right" valign="top" ' . $column_style . ' bgcolor="' . $bgcolor . '" nowrap="nowrap">'; $vertical_display['data'][$row_no][$i] = ' <td align="right" valign="top" ' . $column_style . ' bgcolor="' . $bgcolor . '" nowrap="nowrap">';
if (isset($analyzed_sql[0]['select_expr']) && is_array($analyzed_sql[0]['select_expr'])) {
reset($analyzed_sql[0]['select_expr']); reset($analyzed_sql[0]['select_expr']);
while (list ($select_expr_position, $select_expr) = each ($analyzed_sql[0]['select_expr'])) { while (list ($select_expr_position, $select_expr) = each ($analyzed_sql[0]['select_expr'])) {
$alias = $analyzed_sql[0]['select_expr'][$select_expr_position]['alias']; $alias = $analyzed_sql[0]['select_expr'][$select_expr_position]['alias'];
@@ -1290,6 +1295,7 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
} // end if } // end if
} // end if } // end if
} // end while } // end while
}
if (isset($map[$meta->name])) { if (isset($map[$meta->name])) {
// Field to display from the foreign table? // Field to display from the foreign table?
@@ -1406,6 +1412,7 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
$nowrap = ((eregi('DATE|TIME', $meta->type) || $bool_nowrap) ? ' nowrap="nowrap"' : ''); $nowrap = ((eregi('DATE|TIME', $meta->type) || $bool_nowrap) ? ' nowrap="nowrap"' : '');
$vertical_display['data'][$row_no][$i] = ' <td valign="top" ' . $column_style . ' bgcolor="' . $bgcolor . '"' . $nowrap . '>'; $vertical_display['data'][$row_no][$i] = ' <td valign="top" ' . $column_style . ' bgcolor="' . $bgcolor . '"' . $nowrap . '>';
if (isset($analyzed_sql[0]['select_expr']) && is_array($analyzed_sql[0]['select_expr'])) {
reset($analyzed_sql[0]['select_expr']); reset($analyzed_sql[0]['select_expr']);
while (list ($select_expr_position, $select_expr) = each ($analyzed_sql[0]['select_expr'])) { while (list ($select_expr_position, $select_expr) = each ($analyzed_sql[0]['select_expr'])) {
$alias = $analyzed_sql[0]['select_expr'][$select_expr_position]['alias']; $alias = $analyzed_sql[0]['select_expr'][$select_expr_position]['alias'];
@@ -1416,6 +1423,7 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
} // end if } // end if
} // end if } // end if
} // end while } // end while
}
if (isset($map[$meta->name])) { if (isset($map[$meta->name])) {
// Field to display from the foreign table? // Field to display from the foreign table?
@@ -1808,10 +1816,12 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
// find tables // find tables
$target=array(); $target=array();
if (isset($analyzed_sql[0]['table_ref']) && is_array($analyzed_sql[0]['table_ref'])) {
reset($analyzed_sql[0]['table_ref']); reset($analyzed_sql[0]['table_ref']);
while (list ($table_ref_position, $table_ref) = each ($analyzed_sql[0]['table_ref'])) { while (list ($table_ref_position, $table_ref) = each ($analyzed_sql[0]['table_ref'])) {
$target[] = $analyzed_sql[0]['table_ref'][$table_ref_position]['table_true_name']; $target[] = $analyzed_sql[0]['table_ref'][$table_ref_position]['table_true_name'];
} }
}
$tabs = '(\'' . join('\',\'', $target) . '\')'; $tabs = '(\'' . join('\',\'', $target) . '\')';
if ($cfgRelation['displaywork']) { if ($cfgRelation['displaywork']) {