nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Handle better escaping.

Browse Source
This commit is contained in:
Michal Čihař
2004-10-12 12:30:45 +00:00
parent 1d170eefbf
commit 9ab1eb5a2d
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
libraries/transformations/text_plain__external.inc.php
View File

@@ -10,17 +10,22 @@ function PMA_SecureShellArgs($s) {
$len = strlen($s); $len = strlen($s);
$inside_single = FALSE; $inside_single = FALSE;
$inside_double = FALSE; $inside_double = FALSE;
$is_escaped = FALSE;
for($i = 0; $i < $len; $i++) { for($i = 0; $i < $len; $i++) {
if (!$inside_double && $s[$i] == '\'' && ($i == 0 || $s[$i -1] != '\\')) { if (!$inside_single && $s[$i] == '\\') {
$is_escaped = ! $is_escaped;
continue;
}
if (!$inside_double && !$is_escaped && $s[$i] == '\'') {
$inside_single = ! $inside_single; $inside_single = ! $inside_single;
continue; continue;
} }
if (!$inside_single && $s[$i] == '"' && ($i == 0 || $s[$i -1] != '\\')) { if (!$inside_single && !$is_escaped && $s[$i] == '"') {
$inside_double = ! $inside_double; $inside_double = ! $inside_double;
continue; continue;
} }
// escape shell special chars in we're not inside quotes // escape shell special chars in we're not inside quotes
if (!$inside_single && !$inside_double && ($i == 0 || $s[$i -1] != '\\')) { if (!$inside_single && !$is_escaped && !$inside_double) {
if (strstr('><$`|;&', $s[$i])) { if (strstr('><$`|;&', $s[$i])) {
$s = substr($s, 0, $i) . '\\' . substr($s, $i); $s = substr($s, 0, $i) . '\\' . substr($s, $i);
$i++; $i++;
@@ -28,7 +33,7 @@ function PMA_SecureShellArgs($s) {
} }
} }
// in double quotes we need to escape more // in double quotes we need to escape more
if ($inside_double) { if ($inside_double && !$is_escaped) {
if (strstr('$`', $s[$i])) { if (strstr('$`', $s[$i])) {
$s = substr($s, 0, $i) . '\\' . substr($s, $i); $s = substr($s, 0, $i) . '\\' . substr($s, $i);
$i++; $i++;