nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bug #839630: Safer checks for array existence.

Browse Source
This commit is contained in:
Garvin Hicking
2003-11-11 10:09:29 +00:00
parent 45b59e49ce
commit 4fa3369d85
2 changed files with 47 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -5,6 +5,10 @@ phpMyAdmin - Changelog
$Id$ $Id$
$Source$ $Source$
2003-11-11 Garvin Hicking <antikarneval@supergarv.de>
* libraries/display_tbl.lib.php3: Added more secure checks
for each'ing on arrays built by the query analyzer. (Bug #839630)
2003-11-10 Marc Delisle <lem9@users.sourceforge.net> 2003-11-10 Marc Delisle <lem9@users.sourceforge.net>
* scripts/extchg.sh: bug 839081: generator.sh was not converted * scripts/extchg.sh: bug 839081: generator.sh was not converted

76
libraries/display_tbl.lib.php3
View File

@@ -718,9 +718,11 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
isset($analyzed_sql[0]['where_clause_identifiers'])) { isset($analyzed_sql[0]['where_clause_identifiers'])) {
$wi = 0; $wi = 0;
@reset($analyzed_sql[0]['where_clause_identifiers']); if (isset($analyzed_sql[0]['where_clause_identifiers']) && is_array($analyzed_sql[0]['where_clause_identifiers'])) {
while(list($wci_nr, $wci) = each($analyzed_sql[0]['where_clause_identifiers'])) { reset($analyzed_sql[0]['where_clause_identifiers']);
$highlight_columns[$wci] = 'true'; while(list($wci_nr, $wci) = each($analyzed_sql[0]['where_clause_identifiers'])) {
$highlight_columns[$wci] = 'true';
}
} }
} }
for ($i = 0; $i < $fields_cnt; $i++) { for ($i = 0; $i < $fields_cnt; $i++) {
@@ -1035,16 +1037,18 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
// do not use an alias in a condition // do not use an alias in a condition
$column_for_condition = $meta->name; $column_for_condition = $meta->name;
reset($analyzed_sql[0]['select_expr']); if (isset($analyzed_sql[0]['select_expr']) && is_array($analyzed_sql[0]['select_expr'])) {
while (list ($select_expr_position, $select_expr) = each ($analyzed_sql[0]['select_expr'])) { reset($analyzed_sql[0]['select_expr']);
$alias = $analyzed_sql[0]['select_expr'][$select_expr_position]['alias']; while (list ($select_expr_position, $select_expr) = each ($analyzed_sql[0]['select_expr'])) {
if (!empty($alias)) { $alias = $analyzed_sql[0]['select_expr'][$select_expr_position]['alias'];
$true_column = $analyzed_sql[0]['select_expr'][$select_expr_position]['column']; if (!empty($alias)) {
if ($alias == $meta->name) { $true_column = $analyzed_sql[0]['select_expr'][$select_expr_position]['column'];
$column_for_condition = $true_column; if ($alias == $meta->name) {
$column_for_condition = $true_column;
} // end if
} // end if } // end if
} // end if } // end while
} // end while }
// to fix the bug where float fields (primary or not) // to fix the bug where float fields (primary or not)
// can't be matched because of the imprecision of // can't be matched because of the imprecision of
@@ -1280,16 +1284,18 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
} else if ($row[$pointer] != '') { } else if ($row[$pointer] != '') {
$vertical_display['data'][$row_no][$i] = ' <td align="right" valign="top" ' . $column_style . ' bgcolor="' . $bgcolor . '" nowrap="nowrap">'; $vertical_display['data'][$row_no][$i] = ' <td align="right" valign="top" ' . $column_style . ' bgcolor="' . $bgcolor . '" nowrap="nowrap">';
reset($analyzed_sql[0]['select_expr']); if (isset($analyzed_sql[0]['select_expr']) && is_array($analyzed_sql[0]['select_expr'])) {
while (list ($select_expr_position, $select_expr) = each ($analyzed_sql[0]['select_expr'])) { reset($analyzed_sql[0]['select_expr']);
$alias = $analyzed_sql[0]['select_expr'][$select_expr_position]['alias']; while (list ($select_expr_position, $select_expr) = each ($analyzed_sql[0]['select_expr'])) {
if (!empty($alias)) { $alias = $analyzed_sql[0]['select_expr'][$select_expr_position]['alias'];
$true_column = $analyzed_sql[0]['select_expr'][$select_expr_position]['column']; if (!empty($alias)) {
if ($alias == $meta->name) { $true_column = $analyzed_sql[0]['select_expr'][$select_expr_position]['column'];
$meta->name = $true_column; if ($alias == $meta->name) {
$meta->name = $true_column;
} // end if
} // end if } // end if
} // end if } // end while
} // end while }
if (isset($map[$meta->name])) { if (isset($map[$meta->name])) {
// Field to display from the foreign table? // Field to display from the foreign table?
@@ -1406,16 +1412,18 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
$nowrap = ((eregi('DATE|TIME', $meta->type) || $bool_nowrap) ? ' nowrap="nowrap"' : ''); $nowrap = ((eregi('DATE|TIME', $meta->type) || $bool_nowrap) ? ' nowrap="nowrap"' : '');
$vertical_display['data'][$row_no][$i] = ' <td valign="top" ' . $column_style . ' bgcolor="' . $bgcolor . '"' . $nowrap . '>'; $vertical_display['data'][$row_no][$i] = ' <td valign="top" ' . $column_style . ' bgcolor="' . $bgcolor . '"' . $nowrap . '>';
reset($analyzed_sql[0]['select_expr']); if (isset($analyzed_sql[0]['select_expr']) && is_array($analyzed_sql[0]['select_expr'])) {
while (list ($select_expr_position, $select_expr) = each ($analyzed_sql[0]['select_expr'])) { reset($analyzed_sql[0]['select_expr']);
$alias = $analyzed_sql[0]['select_expr'][$select_expr_position]['alias']; while (list ($select_expr_position, $select_expr) = each ($analyzed_sql[0]['select_expr'])) {
if (!empty($alias)) { $alias = $analyzed_sql[0]['select_expr'][$select_expr_position]['alias'];
$true_column = $analyzed_sql[0]['select_expr'][$select_expr_position]['column']; if (!empty($alias)) {
if ($alias == $meta->name) { $true_column = $analyzed_sql[0]['select_expr'][$select_expr_position]['column'];
$meta->name = $true_column; if ($alias == $meta->name) {
$meta->name = $true_column;
} // end if
} // end if } // end if
} // end if } // end while
} // end while }
if (isset($map[$meta->name])) { if (isset($map[$meta->name])) {
// Field to display from the foreign table? // Field to display from the foreign table?
@@ -1808,9 +1816,11 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
// find tables // find tables
$target=array(); $target=array();
reset($analyzed_sql[0]['table_ref']); if (isset($analyzed_sql[0]['table_ref']) && is_array($analyzed_sql[0]['table_ref'])) {
while (list ($table_ref_position, $table_ref) = each ($analyzed_sql[0]['table_ref'])) { reset($analyzed_sql[0]['table_ref']);
$target[] = $analyzed_sql[0]['table_ref'][$table_ref_position]['table_true_name']; while (list ($table_ref_position, $table_ref) = each ($analyzed_sql[0]['table_ref'])) {
$target[] = $analyzed_sql[0]['table_ref'][$table_ref_position]['table_true_name'];
}
} }
$tabs = '(\'' . join('\',\'', $target) . '\')'; $tabs = '(\'' . join('\',\'', $target) . '\')';