nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed bug #3323101 - Invalid escape sequence in SQL parser

Browse Source
This commit is contained in:
Rouslan Placella
2011-06-21 20:38:42 +01:00
parent c2dd99965d
commit 9e224184d7
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -18,6 +18,7 @@ phpMyAdmin - ChangeLog
- bug #3319466 [interface] Inline query edit does not escape special characters - bug #3319466 [interface] Inline query edit does not escape special characters
- minor XSS (require a valid token) - minor XSS (require a valid token)
- bug #3323060 [parser] SQL parser breaks AJAX requests if query has unclosed quotes - bug #3323060 [parser] SQL parser breaks AJAX requests if query has unclosed quotes
- bug #3323101 [parser] Invalid escape sequence in SQL parser
3.4.2.0 (2011-06-07) 3.4.2.0 (2011-06-07)
- bug #3301249 [interface] Iconic table operations does not remove inline edit label - bug #3301249 [interface] Iconic table operations does not remove inline edit label

2
libraries/sqlparser.lib.php
View File

@@ -379,7 +379,7 @@ if (! defined('PMA_MINIMUM_COMMON')) {
// Checks for MySQL escaping using a \ // Checks for MySQL escaping using a \
// And checks for ANSI escaping using the $quotetype character // And checks for ANSI escaping using the $quotetype character
if (($pos < $len) && PMA_STR_charIsEscaped($sql, $pos)) { if (($pos < $len) && PMA_STR_charIsEscaped($sql, $pos) && $c != '`') {
$pos ++; $pos ++;
continue; continue;
} elseif (($pos + 1 < $len) && ($GLOBALS['PMA_substr']($sql, $pos, 1) == $quotetype) && ($GLOBALS['PMA_substr']($sql, $pos + 1, 1) == $quotetype)) { } elseif (($pos + 1 < $len) && ($GLOBALS['PMA_substr']($sql, $pos, 1) == $quotetype) && ($GLOBALS['PMA_substr']($sql, $pos + 1, 1) == $quotetype)) {