it should not be possible to move or copy a table to information_schema

This commit is contained in:
Marc Delisle
2007-10-14 12:23:22 +00:00
parent ac69f1cad1
commit 95e7183664
3 changed files with 10 additions and 5 deletions

View File

@@ -28,6 +28,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
+ [lang] Croatian update, thanks to Renato Pavicic + [lang] Croatian update, thanks to Renato Pavicic
- patch #1807615 [GUI] Display patch for column rights in Opera - patch #1807615 [GUI] Display patch for column rights in Opera
- bug #1811519 Can't delete user with a german umlaut. - bug #1811519 Can't delete user with a german umlaut.
- it should not be possible to move or copy a table to information_schema
2.11.1.1 (not yet released) 2.11.1.1 (not yet released)
- bug #1810629 [setup] XSS in setup.php, thanks to Omer Singer, The DigiTrust Group - bug #1810629 [setup] XSS in setup.php, thanks to Omer Singer, The DigiTrust Group

View File

@@ -113,12 +113,13 @@
* returns HTML <option>-tags to be used inside <select></select> * returns HTML <option>-tags to be used inside <select></select>
* *
* @uses PMA_List::$items to build up the option items * @uses PMA_List::$items to build up the option items
* @uses PMA_List::getDefault() to mark this as sleected if requested * @uses PMA_List::getDefault() to mark this as selected if requested
* @uses htmlspecialchars() to escape items * @uses htmlspecialchars() to escape items
* @param mixed $selected the selected db or true for selecting current db * @param mixed $selected the selected db or true for selecting current db
* @param boolean $include_information_schema
* @return string HTML option tags * @return string HTML option tags
*/ */
function getHtmlOptions($selected = '') function getHtmlOptions($selected = '', $include_information_schema = true)
{ {
if (true === $selected) { if (true === $selected) {
$selected = $this->getDefault(); $selected = $this->getDefault();
@@ -126,6 +127,9 @@
$options = ''; $options = '';
foreach ($this->items as $each_db) { foreach ($this->items as $each_db) {
if (false === $include_information_schema && 'information_schema' === $each_db) {
continue;
}
$options .= '<option value="' . htmlspecialchars($each_db) . '"'; $options .= '<option value="' . htmlspecialchars($each_db) . '"';
if ($selected === $each_db) { if ($selected === $each_db) {
$options .= ' selected="selected"'; $options .= ' selected="selected"';
@@ -154,4 +158,4 @@
*/ */
/* abstract public */ function build() {} /* abstract public */ function build() {}
} }
?> ?>

View File

@@ -197,7 +197,7 @@ unset($columns);
<fieldset id="fieldset_table_rename"> <fieldset id="fieldset_table_rename">
<legend><?php echo $strMoveTable; ?></legend> <legend><?php echo $strMoveTable; ?></legend>
<select name="target_db"> <select name="target_db">
<?php echo $GLOBALS['PMA_List_Database']->getHtmlOptions(); ?> <?php echo $GLOBALS['PMA_List_Database']->getHtmlOptions(true, false); ?>
</select> </select>
&nbsp;<b>.</b>&nbsp; &nbsp;<b>.</b>&nbsp;
<input type="text" size="20" name="new_name" onfocus="this.select()" <input type="text" size="20" name="new_name" onfocus="this.select()"
@@ -347,7 +347,7 @@ if (isset($auto_increment) && strlen($auto_increment) > 0
<fieldset> <fieldset>
<legend><?php echo $strCopyTable; ?></legend> <legend><?php echo $strCopyTable; ?></legend>
<select name="target_db"> <select name="target_db">
<?php echo $GLOBALS['PMA_List_Database']->getHtmlOptions(true); ?> <?php echo $GLOBALS['PMA_List_Database']->getHtmlOptions(true, false); ?>
</select> </select>
&nbsp;<b>.</b>&nbsp; &nbsp;<b>.</b>&nbsp;
<input type="text" size="20" name="new_name" onfocus="this.select()" /><br /> <input type="text" size="20" name="new_name" onfocus="this.select()" /><br />