bug #3034026 [confirmation] TRUNCATE queries get no confirmation request

2010-07-31 14:54:05 -04:00
parent 4317af25ef
commit 7951b2bacc
2 changed files with 8 additions and 5 deletions
--- a/1
+++ b/1
@@ -9,6 +9,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - bug #3033063 [core] Navi gets wrong db name
 - bug #3031705 [core] Fix generating condition for real numbers by comparing
  them to string.
+- bug #3034026 [confirmation] TRUNCATE queries get no confirmation request

 3.3.5.0 (2010-07-26)
 - patch #2932113 [information_schema] Slow export when having lots of
--- a/js/functions.js
+++ b/js/functions.js
@@ -152,7 +152,7 @@ function confirmQuery(theForm1, sqlQuery1)
            } // end if
        } // end if

-        // Confirms a "DROP/DELETE/ALTER" statement
+        // Confirms a "DROP/DELETE/ALTER/TRUNCATE" statement
        //
        // TODO: find a way (if possible) to use the parser-analyser
        // for this kind of verification
@@ -162,22 +162,24 @@ function confirmQuery(theForm1, sqlQuery1)
        var do_confirm_re_0 = new RegExp('^\\s*DROP\\s+(IF EXISTS\\s+)?(TABLE|DATABASE|PROCEDURE)\\s', 'i');
        var do_confirm_re_1 = new RegExp('^\\s*ALTER\\s+TABLE\\s+((`[^`]+`)|([A-Za-z0-9_$]+))\\s+DROP\\s', 'i');
        var do_confirm_re_2 = new RegExp('^\\s*DELETE\\s+FROM\\s', 'i');
+        var do_confirm_re_3 = new RegExp('^\\s*TRUNCATE\\s', 'i');
+
        if (do_confirm_re_0.test(sqlQuery1.value)
            || do_confirm_re_1.test(sqlQuery1.value)
-            || do_confirm_re_2.test(sqlQuery1.value)) {
+            || do_confirm_re_2.test(sqlQuery1.value)
+            || do_confirm_re_3.test(sqlQuery1.value)) {
            var message      = (sqlQuery1.value.length > 100)
                             ? sqlQuery1.value.substr(0, 100) + '\n    ...'
                             : sqlQuery1.value;
            var is_confirmed = confirm(PMA_messages['strDoYouReally'] + ' :\n' + message);
-            // drop/delete/alter statement is confirmed -> update the
+            // statement is confirmed -> update the
            // "is_js_confirmed" form field so the confirm test won't be
            // run on the server side and allows to submit the form
            if (is_confirmed) {
                theForm1.elements['is_js_confirmed'].value = 1;
                return true;
            }
-            // "DROP/DELETE/ALTER" statement is rejected -> do not submit
-            // the form
+            // statement is rejected -> do not submit the form
            else {
                window.focus();
                sqlQuery1.focus();