nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #3034026 [confirmation] TRUNCATE queries get no confirmation request

Browse Source
This commit is contained in:
Marc Delisle
2010-07-31 14:54:05 -04:00
parent 4317af25ef
commit 7951b2bacc
2 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -9,6 +9,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- bug #3033063 [core] Navi gets wrong db name - bug #3033063 [core] Navi gets wrong db name
- bug #3031705 [core] Fix generating condition for real numbers by comparing - bug #3031705 [core] Fix generating condition for real numbers by comparing
them to string. them to string.
- bug #3034026 [confirmation] TRUNCATE queries get no confirmation request
3.3.5.0 (2010-07-26) 3.3.5.0 (2010-07-26)
- patch #2932113 [information_schema] Slow export when having lots of - patch #2932113 [information_schema] Slow export when having lots of

12
js/functions.js
View File

@@ -152,7 +152,7 @@ function confirmQuery(theForm1, sqlQuery1)
} // end if } // end if
} // end if } // end if
// Confirms a "DROP/DELETE/ALTER" statement // Confirms a "DROP/DELETE/ALTER/TRUNCATE" statement
// //
// TODO: find a way (if possible) to use the parser-analyser // TODO: find a way (if possible) to use the parser-analyser
// for this kind of verification // for this kind of verification
@@ -162,22 +162,24 @@ function confirmQuery(theForm1, sqlQuery1)
var do_confirm_re_0 = new RegExp('^\\s*DROP\\s+(IF EXISTS\\s+)?(TABLE|DATABASE|PROCEDURE)\\s', 'i'); var do_confirm_re_0 = new RegExp('^\\s*DROP\\s+(IF EXISTS\\s+)?(TABLE|DATABASE|PROCEDURE)\\s', 'i');
var do_confirm_re_1 = new RegExp('^\\s*ALTER\\s+TABLE\\s+((`[^`]+`)|([A-Za-z0-9_$]+))\\s+DROP\\s', 'i'); var do_confirm_re_1 = new RegExp('^\\s*ALTER\\s+TABLE\\s+((`[^`]+`)|([A-Za-z0-9_$]+))\\s+DROP\\s', 'i');
var do_confirm_re_2 = new RegExp('^\\s*DELETE\\s+FROM\\s', 'i'); var do_confirm_re_2 = new RegExp('^\\s*DELETE\\s+FROM\\s', 'i');
var do_confirm_re_3 = new RegExp('^\\s*TRUNCATE\\s', 'i');
if (do_confirm_re_0.test(sqlQuery1.value) if (do_confirm_re_0.test(sqlQuery1.value)
|| do_confirm_re_1.test(sqlQuery1.value) || do_confirm_re_1.test(sqlQuery1.value)
|| do_confirm_re_2.test(sqlQuery1.value)) { || do_confirm_re_2.test(sqlQuery1.value)
|| do_confirm_re_3.test(sqlQuery1.value)) {
var message = (sqlQuery1.value.length > 100) var message = (sqlQuery1.value.length > 100)
? sqlQuery1.value.substr(0, 100) + '\n ...' ? sqlQuery1.value.substr(0, 100) + '\n ...'
: sqlQuery1.value; : sqlQuery1.value;
var is_confirmed = confirm(PMA_messages['strDoYouReally'] + ' :\n' + message); var is_confirmed = confirm(PMA_messages['strDoYouReally'] + ' :\n' + message);
// drop/delete/alter statement is confirmed -> update the // statement is confirmed -> update the
// "is_js_confirmed" form field so the confirm test won't be // "is_js_confirmed" form field so the confirm test won't be
// run on the server side and allows to submit the form // run on the server side and allows to submit the form
if (is_confirmed) { if (is_confirmed) {
theForm1.elements['is_js_confirmed'].value = 1; theForm1.elements['is_js_confirmed'].value = 1;
return true; return true;
} }
// "DROP/DELETE/ALTER" statement is rejected -> do not submit // statement is rejected -> do not submit the form
// the form
else { else {
window.focus(); window.focus();
sqlQuery1.focus(); sqlQuery1.focus();