nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #2826128 [display] Inverting sort order when expression contains a function name

Browse Source
This commit is contained in:
Marc Delisle
2009-10-24 12:07:35 +00:00
parent 1a401ee65d
commit b4169d1747
2 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -58,6 +58,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- bug #2879909 [interface] Removed double htmlspecialchars when editing enum column - bug #2879909 [interface] Removed double htmlspecialchars when editing enum column
- bug #2868328 [relations] Adding foreign key when table name contains a dot - bug #2868328 [relations] Adding foreign key when table name contains a dot
- bug #2883381 [doc] Side effects of MemoryLimit setting - bug #2883381 [doc] Side effects of MemoryLimit setting
- bug #2826128 [display] Inverting sort order when expression contains a function name
3.2.2.1 (2009-10-12) 3.2.2.1 (2009-10-12)
- [security] XSS and SQL injection, thanks to Herman van Rink - [security] XSS and SQL injection, thanks to Herman van Rink

15
libraries/display_tbl.lib.php
View File

@@ -786,13 +786,16 @@ function PMA_displayTableHeaders(&$is_display, &$fields_meta, $fields_cnt = 0, $
if (empty($sort_expression)) { if (empty($sort_expression)) {
$is_in_sort = false; $is_in_sort = false;
} else { } else {
// field name may be preceded by a space, or any number // Field name may be preceded by a space, or any number
// of characters followed by a dot (tablename.fieldname) // of characters followed by a dot (tablename.fieldname)
// so do a direct comparison // so do a direct comparison for the sort expression;
// for the sort expression (avoids problems with queries // this avoids problems with queries like
// like "SELECT id, count(id)..." and clicking to sort // "SELECT id, count(id)..." and clicking to sort
// on id or on count(id)) // on id or on count(id).
if (strpos($sort_expression_nodirection, $sort_tbl) === false) { // Another query to test this:
// SELECT p.*, FROM_UNIXTIME(p.temps) FROM mytable AS p
// (and try clicking on each column's header twice)
if (strpos($sort_expression_nodirection, $sort_tbl) === false && strpos($sort_expression_nodirection, '(') === false) {
$sort_expression_nodirection = $sort_tbl . $sort_expression_nodirection; $sort_expression_nodirection = $sort_tbl . $sort_expression_nodirection;
} }
$is_in_sort = (str_replace('`', '', $sort_tbl) . $name_to_use_in_sort == str_replace('`', '', $sort_expression_nodirection) ? true : false); $is_in_sort = (str_replace('`', '', $sort_tbl) . $name_to_use_in_sort == str_replace('`', '', $sort_expression_nodirection) ? true : false);