fixed a slashes bug

2001-08-07 17:08:20 +00:00
parent d71e1be842
commit 705045e87f
2 changed files with 12 additions and 12 deletions
--- a/db_details.php3
+++ b/db_details.php3
@@ -169,7 +169,7 @@ else if (MYSQL_MAJOR_VERSION >= 3.23 && isset($tbl_cache)) {
            ?>
    <td align="right">
            <?php
-            echo "\n";
+            echo "\n" . '        ';
            if ($mergetable == TRUE) {
                echo '<i>' . number_format($sts_data['Rows'], 0, $number_decimal_separator, $number_thousands_separator) . '</i>' . "\n";
            } else {
@@ -289,10 +289,9 @@ $url_query = 'lang=' . $lang
           . '&db=' . urlencode($db)
           . '&goto=db_details.php3';
 if (isset($show_query)) {
-    // loic1: Not required since already done in db_readdump.php3 (see lines 72 & 117)
-    // if (get_magic_quotes_gpc()) {
-    //     $sql_query = stripslashes($sql_query);
-    // }
+    if (get_magic_quotes_gpc()) {
+        $sql_query = stripslashes($sql_query);
+    }
    $query_to_display = (($show_query == 'y') ? $sql_query : '');
 }
 ?>
@@ -443,10 +442,8 @@ if ($num_tables > 0) {
    <?php
    // gzip and bzip2 encode features
    if (PMA_INT_VERSION >= 40004) {
-        $is_gzip = (isset($cfgGZipDump) &&
-		$cfgGZipDump && @function_exists('gzencode'));
-        $is_bzip = (isset($cfgBZipDump) &&
-		$cfgBZipDump && @function_exists('bzcompress'));
+        $is_gzip = (isset($cfgGZipDump) && $cfgGZipDump && @function_exists('gzencode'));
+        $is_bzip = (isset($cfgBZipDump) && $cfgBZipDump && @function_exists('bzcompress'));
        if ($is_gzip || $is_bzip) {
            echo "\n" . '                (';
            if ($is_gzip) {
--- a/db_readdump.php3
+++ b/db_readdump.php3
@@ -64,7 +64,7 @@ $sql_query = trim($sql_query);
 if (!empty($prev_sql_query)) {
    $prev_sql_query = urldecode($prev_sql_query);
    if ($sql_query == trim(htmlspecialchars($prev_sql_query))) {
-        $sql_query = $prev_sql_query;
+        $sql_query  = $prev_sql_query;
    }
 }

@@ -113,8 +113,11 @@ if ($sql_query != '') {
 /**
 * Go back to db_details.php3
 */
-// Copy the original query back for display purposes
-$sql_query = $sql_query_cpy;
+// Copy the original query back for display purposes (we add slashes because
+// stripslashes is used in db_details.php3, line 294)
+$sql_query = (get_magic_quotes_gpc())
+           ? addslashes($sql_query_cpy)
+           : $sql_query_cpy;
 include('./header.inc.php3');
 if (isset($my_die)) {
    mysql_die('', $my_die);