$_REQUEST variables are ALWAYS already url decoded
This commit is contained in:
Sebastian Mendel
@@ -132,7 +132,7 @@ function PMA_addBookmarks($fields, $cfgBookmark, $all_users = false)
|
|||||||
global $controllink;
|
global $controllink;
|
||||||
|
|
||||||
$query = 'INSERT INTO ' . PMA_backquote($cfgBookmark['db']) . '.' . PMA_backquote($cfgBookmark['table'])
|
$query = 'INSERT INTO ' . PMA_backquote($cfgBookmark['db']) . '.' . PMA_backquote($cfgBookmark['table'])
|
||||||
. ' (id, dbase, user, query, label) VALUES (NULL, \'' . PMA_sqlAddslashes($fields['dbase']) . '\', \'' . ($all_users ? '' : PMA_sqlAddslashes($fields['user'])) . '\', \'' . PMA_sqlAddslashes(urldecode($fields['query'])) . '\', \'' . PMA_sqlAddslashes($fields['label']) . '\')';
|
. ' (id, dbase, user, query, label) VALUES (NULL, \'' . PMA_sqlAddslashes($fields['dbase']) . '\', \'' . ($all_users ? '' : PMA_sqlAddslashes($fields['user'])) . '\', \'' . PMA_sqlAddslashes($fields['query']) . '\', \'' . PMA_sqlAddslashes($fields['label']) . '\')';
|
||||||
$result = PMA_DBI_query($query, $controllink);
|
$result = PMA_DBI_query($query, $controllink);
|
||||||
|
|
||||||
return TRUE;
|
return TRUE;
|
||||||
|
|||||||
@@ -146,7 +146,7 @@ if (!empty($submit_mult) && !empty($what)) {
|
|||||||
foreach ($selected AS $idx => $sval) {
|
foreach ($selected AS $idx => $sval) {
|
||||||
switch ($what) {
|
switch ($what) {
|
||||||
case 'row_delete':
|
case 'row_delete':
|
||||||
$full_query .= htmlspecialchars(urldecode($sval))
|
$full_query .= htmlspecialchars($sval)
|
||||||
. ';<br />';
|
. ';<br />';
|
||||||
break;
|
break;
|
||||||
case 'drop_db':
|
case 'drop_db':
|
||||||
@@ -157,7 +157,7 @@ if (!empty($submit_mult) && !empty($what)) {
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case 'drop_tbl':
|
case 'drop_tbl':
|
||||||
$current = urldecode($sval);
|
$current = $sval;
|
||||||
if (!empty($views) && in_array($current, $views)) {
|
if (!empty($views) && in_array($current, $views)) {
|
||||||
$full_query_views .= (empty($full_query_views) ? 'DROP VIEW ' : ', ')
|
$full_query_views .= (empty($full_query_views) ? 'DROP VIEW ' : ', ')
|
||||||
. PMA_backquote(htmlspecialchars($current));
|
. PMA_backquote(htmlspecialchars($current));
|
||||||
@@ -169,7 +169,7 @@ if (!empty($submit_mult) && !empty($what)) {
|
|||||||
|
|
||||||
case 'empty_tbl':
|
case 'empty_tbl':
|
||||||
$full_query .= 'TRUNCATE ';
|
$full_query .= 'TRUNCATE ';
|
||||||
$full_query .= PMA_backquote(htmlspecialchars(urldecode($sval)))
|
$full_query .= PMA_backquote(htmlspecialchars($sval))
|
||||||
. ';<br />';
|
. ';<br />';
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@@ -180,11 +180,11 @@ if (!empty($submit_mult) && !empty($what)) {
|
|||||||
. '<br /> DROP PRIMARY KEY,'
|
. '<br /> DROP PRIMARY KEY,'
|
||||||
. '<br /> ADD PRIMARY KEY('
|
. '<br /> ADD PRIMARY KEY('
|
||||||
. '<br /> '
|
. '<br /> '
|
||||||
. PMA_backquote(htmlspecialchars(urldecode($sval)))
|
. PMA_backquote(htmlspecialchars($sval))
|
||||||
. ',';
|
. ',';
|
||||||
} else {
|
} else {
|
||||||
$full_query .= '<br /> '
|
$full_query .= '<br /> '
|
||||||
. PMA_backquote(htmlspecialchars(urldecode($sval)))
|
. PMA_backquote(htmlspecialchars($sval))
|
||||||
. ',';
|
. ',';
|
||||||
}
|
}
|
||||||
if ($i == $selected_cnt-1) {
|
if ($i == $selected_cnt-1) {
|
||||||
@@ -198,7 +198,7 @@ if (!empty($submit_mult) && !empty($what)) {
|
|||||||
. PMA_backquote(htmlspecialchars($table));
|
. PMA_backquote(htmlspecialchars($table));
|
||||||
}
|
}
|
||||||
$full_query .= '<br /> DROP '
|
$full_query .= '<br /> DROP '
|
||||||
. PMA_backquote(htmlspecialchars(urldecode($sval)))
|
. PMA_backquote(htmlspecialchars($sval))
|
||||||
. ',';
|
. ',';
|
||||||
if ($i == $selected_cnt - 1) {
|
if ($i == $selected_cnt - 1) {
|
||||||
$full_query = preg_replace('@,$@', ';<br />', $full_query);
|
$full_query = preg_replace('@,$@', ';<br />', $full_query);
|
||||||
@@ -294,7 +294,7 @@ elseif ($mult_btn == $strYes) {
|
|||||||
for ($i = 0; $i < $selected_cnt; $i++) {
|
for ($i = 0; $i < $selected_cnt; $i++) {
|
||||||
switch ($query_type) {
|
switch ($query_type) {
|
||||||
case 'row_delete':
|
case 'row_delete':
|
||||||
$a_query = urldecode($selected[$i]);
|
$a_query = $selected[$i];
|
||||||
$run_parts = TRUE;
|
$run_parts = TRUE;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@@ -309,7 +309,7 @@ elseif ($mult_btn == $strYes) {
|
|||||||
|
|
||||||
case 'drop_tbl':
|
case 'drop_tbl':
|
||||||
PMA_relationsCleanupTable($db, $selected[$i]);
|
PMA_relationsCleanupTable($db, $selected[$i]);
|
||||||
$current = urldecode($selected[$i]);
|
$current = $selected[$i];
|
||||||
if (!empty($views) && in_array($current, $views)) {
|
if (!empty($views) && in_array($current, $views)) {
|
||||||
$sql_query_views .= (empty($sql_query_views) ? 'DROP VIEW ' : ', ')
|
$sql_query_views .= (empty($sql_query_views) ? 'DROP VIEW ' : ', ')
|
||||||
. PMA_backquote($current);
|
. PMA_backquote($current);
|
||||||
@@ -322,62 +322,62 @@ elseif ($mult_btn == $strYes) {
|
|||||||
|
|
||||||
case 'check_tbl':
|
case 'check_tbl':
|
||||||
$sql_query .= (empty($sql_query) ? 'CHECK TABLE ' : ', ')
|
$sql_query .= (empty($sql_query) ? 'CHECK TABLE ' : ', ')
|
||||||
. PMA_backquote(urldecode($selected[$i]));
|
. PMA_backquote($selected[$i]);
|
||||||
$use_sql = TRUE;
|
$use_sql = TRUE;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'optimize_tbl':
|
case 'optimize_tbl':
|
||||||
$sql_query .= (empty($sql_query) ? 'OPTIMIZE TABLE ' : ', ')
|
$sql_query .= (empty($sql_query) ? 'OPTIMIZE TABLE ' : ', ')
|
||||||
. PMA_backquote(urldecode($selected[$i]));
|
. PMA_backquote($selected[$i]);
|
||||||
$use_sql = TRUE;
|
$use_sql = TRUE;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'analyze_tbl':
|
case 'analyze_tbl':
|
||||||
$sql_query .= (empty($sql_query) ? 'ANALYZE TABLE ' : ', ')
|
$sql_query .= (empty($sql_query) ? 'ANALYZE TABLE ' : ', ')
|
||||||
. PMA_backquote(urldecode($selected[$i]));
|
. PMA_backquote($selected[$i]);
|
||||||
$use_sql = TRUE;
|
$use_sql = TRUE;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'repair_tbl':
|
case 'repair_tbl':
|
||||||
$sql_query .= (empty($sql_query) ? 'REPAIR TABLE ' : ', ')
|
$sql_query .= (empty($sql_query) ? 'REPAIR TABLE ' : ', ')
|
||||||
. PMA_backquote(urldecode($selected[$i]));
|
. PMA_backquote($selected[$i]);
|
||||||
$use_sql = TRUE;
|
$use_sql = TRUE;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'empty_tbl':
|
case 'empty_tbl':
|
||||||
$a_query = 'TRUNCATE ';
|
$a_query = 'TRUNCATE ';
|
||||||
$a_query .= PMA_backquote(htmlspecialchars(urldecode($selected[$i])));
|
$a_query .= PMA_backquote(htmlspecialchars($selected[$i]));
|
||||||
$run_parts = TRUE;
|
$run_parts = TRUE;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'drop_fld':
|
case 'drop_fld':
|
||||||
PMA_relationsCleanupColumn($db, $table, $selected[$i]);
|
PMA_relationsCleanupColumn($db, $table, $selected[$i]);
|
||||||
$sql_query .= (empty($sql_query) ? 'ALTER TABLE ' . PMA_backquote($table) : ',')
|
$sql_query .= (empty($sql_query) ? 'ALTER TABLE ' . PMA_backquote($table) : ',')
|
||||||
. ' DROP ' . PMA_backquote(urldecode($selected[$i]))
|
. ' DROP ' . PMA_backquote($selected[$i])
|
||||||
. (($i == $selected_cnt-1) ? ';' : '');
|
. (($i == $selected_cnt-1) ? ';' : '');
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'primary_fld':
|
case 'primary_fld':
|
||||||
$sql_query .= (empty($sql_query) ? 'ALTER TABLE ' . PMA_backquote($table) . (empty($primary) ? '' : ' DROP PRIMARY KEY,') . ' ADD PRIMARY KEY( ' : ', ')
|
$sql_query .= (empty($sql_query) ? 'ALTER TABLE ' . PMA_backquote($table) . (empty($primary) ? '' : ' DROP PRIMARY KEY,') . ' ADD PRIMARY KEY( ' : ', ')
|
||||||
. PMA_backquote(urldecode($selected[$i]))
|
. PMA_backquote($selected[$i])
|
||||||
. (($i == $selected_cnt-1) ? ');' : '');
|
. (($i == $selected_cnt-1) ? ');' : '');
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'index_fld':
|
case 'index_fld':
|
||||||
$sql_query .= (empty($sql_query) ? 'ALTER TABLE ' . PMA_backquote($table) . ' ADD INDEX( ' : ', ')
|
$sql_query .= (empty($sql_query) ? 'ALTER TABLE ' . PMA_backquote($table) . ' ADD INDEX( ' : ', ')
|
||||||
. PMA_backquote(urldecode($selected[$i]))
|
. PMA_backquote($selected[$i])
|
||||||
. (($i == $selected_cnt-1) ? ');' : '');
|
. (($i == $selected_cnt-1) ? ');' : '');
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'unique_fld':
|
case 'unique_fld':
|
||||||
$sql_query .= (empty($sql_query) ? 'ALTER TABLE ' . PMA_backquote($table) . ' ADD UNIQUE( ' : ', ')
|
$sql_query .= (empty($sql_query) ? 'ALTER TABLE ' . PMA_backquote($table) . ' ADD UNIQUE( ' : ', ')
|
||||||
. PMA_backquote(urldecode($selected[$i]))
|
. PMA_backquote($selected[$i])
|
||||||
. (($i == $selected_cnt-1) ? ');' : '');
|
. (($i == $selected_cnt-1) ? ');' : '');
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'fulltext_fld':
|
case 'fulltext_fld':
|
||||||
$sql_query .= (empty($sql_query) ? 'ALTER TABLE ' . PMA_backquote($table) . ' ADD FULLTEXT( ' : ', ')
|
$sql_query .= (empty($sql_query) ? 'ALTER TABLE ' . PMA_backquote($table) . ' ADD FULLTEXT( ' : ', ')
|
||||||
. PMA_backquote(urldecode($selected[$i]))
|
. PMA_backquote($selected[$i])
|
||||||
. (($i == $selected_cnt-1) ? ');' : '');
|
. (($i == $selected_cnt-1) ? ');' : '');
|
||||||
break;
|
break;
|
||||||
} // end switch
|
} // end switch
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ function PMA_relationsCleanupColumn($db, $table, $column) {
|
|||||||
$remove_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['column_info'])
|
$remove_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['column_info'])
|
||||||
. ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
|
. ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
|
||||||
. ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\''
|
. ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\''
|
||||||
. ' AND column_name = \'' . PMA_sqlAddslashes(urldecode($column)) . '\'';
|
. ' AND column_name = \'' . PMA_sqlAddslashes($column) . '\'';
|
||||||
$rmv_rs = PMA_query_as_cu($remove_query);
|
$rmv_rs = PMA_query_as_cu($remove_query);
|
||||||
unset($remove_query);
|
unset($remove_query);
|
||||||
}
|
}
|
||||||
@@ -27,7 +27,7 @@ function PMA_relationsCleanupColumn($db, $table, $column) {
|
|||||||
$remove_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
|
$remove_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['table_info'])
|
||||||
. ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
|
. ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
|
||||||
. ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\''
|
. ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\''
|
||||||
. ' AND display_field = \'' . PMA_sqlAddslashes(urldecode($column)) . '\'';
|
. ' AND display_field = \'' . PMA_sqlAddslashes($column) . '\'';
|
||||||
$rmv_rs = PMA_query_as_cu($remove_query);
|
$rmv_rs = PMA_query_as_cu($remove_query);
|
||||||
unset($remove_query);
|
unset($remove_query);
|
||||||
}
|
}
|
||||||
@@ -36,14 +36,14 @@ function PMA_relationsCleanupColumn($db, $table, $column) {
|
|||||||
$remove_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['relation'])
|
$remove_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['relation'])
|
||||||
. ' WHERE master_db = \'' . PMA_sqlAddslashes($db) . '\''
|
. ' WHERE master_db = \'' . PMA_sqlAddslashes($db) . '\''
|
||||||
. ' AND master_table = \'' . PMA_sqlAddslashes($table) . '\''
|
. ' AND master_table = \'' . PMA_sqlAddslashes($table) . '\''
|
||||||
. ' AND master_field = \'' . PMA_sqlAddslashes(urldecode($column)) . '\'';
|
. ' AND master_field = \'' . PMA_sqlAddslashes($column) . '\'';
|
||||||
$rmv_rs = PMA_query_as_cu($remove_query);
|
$rmv_rs = PMA_query_as_cu($remove_query);
|
||||||
unset($remove_query);
|
unset($remove_query);
|
||||||
|
|
||||||
$remove_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['relation'])
|
$remove_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['relation'])
|
||||||
. ' WHERE foreign_db = \'' . PMA_sqlAddslashes($db) . '\''
|
. ' WHERE foreign_db = \'' . PMA_sqlAddslashes($db) . '\''
|
||||||
. ' AND foreign_table = \'' . PMA_sqlAddslashes($table) . '\''
|
. ' AND foreign_table = \'' . PMA_sqlAddslashes($table) . '\''
|
||||||
. ' AND foreign_field = \'' . PMA_sqlAddslashes(urldecode($column)) . '\'';
|
. ' AND foreign_field = \'' . PMA_sqlAddslashes($column) . '\'';
|
||||||
$rmv_rs = PMA_query_as_cu($remove_query);
|
$rmv_rs = PMA_query_as_cu($remove_query);
|
||||||
unset($remove_query);
|
unset($remove_query);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -69,7 +69,7 @@ if ($multi_tables) {
|
|||||||
$tbl_list = '';
|
$tbl_list = '';
|
||||||
foreach ($the_tables as $key => $table) {
|
foreach ($the_tables as $key => $table) {
|
||||||
$tbl_list .= (empty($tbl_list) ? '' : ', ')
|
$tbl_list .= (empty($tbl_list) ? '' : ', ')
|
||||||
. PMA_backquote(urldecode($table));
|
. PMA_backquote($table);
|
||||||
}
|
}
|
||||||
echo '<b>'. $strShowTables . ': ' . $tbl_list . '</b>' . "\n";
|
echo '<b>'. $strShowTables . ': ' . $tbl_list . '</b>' . "\n";
|
||||||
echo '<hr />' . "\n";
|
echo '<hr />' . "\n";
|
||||||
@@ -79,7 +79,6 @@ $tables_cnt = count($the_tables);
|
|||||||
$counter = 0;
|
$counter = 0;
|
||||||
|
|
||||||
foreach ($the_tables as $key => $table) {
|
foreach ($the_tables as $key => $table) {
|
||||||
$table = urldecode($table);
|
|
||||||
if ($counter + 1 >= $tables_cnt) {
|
if ($counter + 1 >= $tables_cnt) {
|
||||||
$breakstyle = '';
|
$breakstyle = '';
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@@ -46,7 +46,7 @@ $default_ct = 'application/octet-stream';
|
|||||||
|
|
||||||
if ($cfgRelation['commwork'] && $cfgRelation['mimework']) {
|
if ($cfgRelation['commwork'] && $cfgRelation['mimework']) {
|
||||||
$mime_map = PMA_getMime($db, $table);
|
$mime_map = PMA_getMime($db, $table);
|
||||||
$mime_options = PMA_transformation_getOptions((isset($mime_map[urldecode($transform_key)]['transformation_options']) ? $mime_map[urldecode($transform_key)]['transformation_options'] : ''));
|
$mime_options = PMA_transformation_getOptions((isset($mime_map[$transform_key]['transformation_options']) ? $mime_map[$transform_key]['transformation_options'] : ''));
|
||||||
|
|
||||||
foreach ($mime_options AS $key => $option) {
|
foreach ($mime_options AS $key => $option) {
|
||||||
if (substr($option, 0, 10) == '; charset=') {
|
if (substr($option, 0, 10) == '; charset=') {
|
||||||
@@ -62,23 +62,23 @@ if ($cfgRelation['commwork'] && $cfgRelation['mimework']) {
|
|||||||
require_once './libraries/header_http.inc.php';
|
require_once './libraries/header_http.inc.php';
|
||||||
// [MIME]
|
// [MIME]
|
||||||
if (isset($ct) && !empty($ct)) {
|
if (isset($ct) && !empty($ct)) {
|
||||||
$content_type = 'Content-Type: ' . urldecode($ct);
|
$content_type = 'Content-Type: ' . $ct;
|
||||||
} else {
|
} else {
|
||||||
$content_type = 'Content-Type: ' . (isset($mime_map[urldecode($transform_key)]['mimetype']) ? str_replace('_', '/', $mime_map[urldecode($transform_key)]['mimetype']) : $default_ct) . (isset($mime_options['charset']) ? $mime_options['charset'] : '');
|
$content_type = 'Content-Type: ' . (isset($mime_map[$transform_key]['mimetype']) ? str_replace('_', '/', $mime_map[$transform_key]['mimetype']) : $default_ct) . (isset($mime_options['charset']) ? $mime_options['charset'] : '');
|
||||||
}
|
}
|
||||||
header($content_type);
|
header($content_type);
|
||||||
|
|
||||||
if (isset($cn) && !empty($cn)) {
|
if (isset($cn) && !empty($cn)) {
|
||||||
header('Content-Disposition: attachment; filename=' . urldecode($cn));
|
header('Content-Disposition: attachment; filename=' . $cn);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!isset($resize)) {
|
if (!isset($resize)) {
|
||||||
echo $row[urldecode($transform_key)];
|
echo $row[$transform_key];
|
||||||
} else {
|
} else {
|
||||||
// if image_*__inline.inc.php finds that we can resize,
|
// if image_*__inline.inc.php finds that we can resize,
|
||||||
// it sets $resize to jpeg or png
|
// it sets $resize to jpeg or png
|
||||||
|
|
||||||
$srcImage = imagecreatefromstring($row[urldecode($transform_key)]);
|
$srcImage = imagecreatefromstring($row[$transform_key]);
|
||||||
$srcWidth = ImageSX($srcImage);
|
$srcWidth = ImageSX($srcImage);
|
||||||
$srcHeight = ImageSY($srcImage);
|
$srcHeight = ImageSY($srcImage);
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user