nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve functionality of limiting DROP DATABASE (bug #1456082).

Browse Source
This commit is contained in:
Michal Čihař
2006-04-27 11:35:54 +00:00
parent 4a4baf3a88
commit bfec931486
7 changed files with 88 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@@ -24,6 +24,9 @@ $Source$
* Documentation.html: Various fixes in documentation, mostly grammmar * Documentation.html: Various fixes in documentation, mostly grammmar
(patch #1453198, thanks to Isaac Bennetch - ibennetch). (patch #1453198, thanks to Isaac Bennetch - ibennetch).
* lang/*: Remove *font_family. * lang/*: Remove *font_family.
* Documentation.html, import.php, querywindow.php, js/functions.js,
libraries/header.inc.php, libraries/import.lib.php: Improve
functionality of limiting DROP DATABASE (bug #1456082).
2006-04-26 Michal Čihař <michal@cihar.com> 2006-04-26 Michal Čihař <michal@cihar.com>
* libraries/plugin_interface.lib.php: * libraries/plugin_interface.lib.php:

8
Documentation.html
View File

@@ -1028,7 +1028,13 @@ ALTER TABLE `pma_column_comments`
delete their own database or not. If set as FALSE, the link &quot;Drop delete their own database or not. If set as FALSE, the link &quot;Drop
Database&quot; will not be shown, and even a &quot;DROP DATABASE Database&quot; will not be shown, and even a &quot;DROP DATABASE
mydatabase&quot; will be rejected. Quite practical for mydatabase&quot; will be rejected. Quite practical for
<abbr title="Internet service provider">ISP</abbr>'s with many customers.</dd> <abbr title="Internet service provider">ISP</abbr>'s with many
customers.<br />
Please note that this limitation of SQL queries is not as strict as
when using MySQL privileges. This is due to nature of SQL queries
which might be quite complicated. So this choice should be viewed as
help to avoid accidental dropping rather than strict privilege
limitation.</dd>
<dt id="cfg_Confirm">$cfg[Confirm] boolean</dt> <dt id="cfg_Confirm">$cfg[Confirm] boolean</dt>
<dd>Whether a warning (&quot;Are your really sure...&quot;) should be <dd>Whether a warning (&quot;Are your really sure...&quot;) should be

2
js/functions.js
View File

@@ -138,7 +138,7 @@ function confirmQuery(theForm1, sqlQuery1)
else { else {
// "DROP DATABASE" statement isn't allowed // "DROP DATABASE" statement isn't allowed
if (noDropDbMsg != '') { if (noDropDbMsg != '') {
var drop_re = new RegExp('DROP\\s+(IF EXISTS\\s+)?DATABASE\\s', 'i'); var drop_re = new RegExp('(^|;)\\s*DROP\\s+(IF EXISTS\\s+)?DATABASE\\s', 'i');
if (drop_re.test(sqlQuery1.value)) { if (drop_re.test(sqlQuery1.value)) {
alert(noDropDbMsg); alert(noDropDbMsg);
theForm1.reset(); theForm1.reset();

3
libraries/header.inc.php
View File

@@ -66,7 +66,8 @@ if (empty($GLOBALS['is_header_sent'])) {
// js form validation stuff // js form validation stuff
var errorMsg0 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strFormEmpty']); ?>'; var errorMsg0 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strFormEmpty']); ?>';
var errorMsg1 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strNotNumber']); ?>'; var errorMsg1 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strNotNumber']); ?>';
var noDropDbMsg = '<?php echo((!$GLOBALS['cfg']['AllowUserDropDatabase']) ? str_replace('\'', '\\\'', $GLOBALS['strNoDropDatabases']) : ''); ?>'; var noDropDbMsg = '<?php echo (!$is_superuser && !$GLOBALS['cfg']['AllowUserDropDatabase'])
? str_replace('\'', '\\\'', $GLOBALS['strNoDropDatabases']) : ''; ?>';
var confirmMsg = '<?php echo(($GLOBALS['cfg']['Confirm']) ? str_replace('\'', '\\\'', $GLOBALS['strDoYouReally']) : ''); ?>'; var confirmMsg = '<?php echo(($GLOBALS['cfg']['Confirm']) ? str_replace('\'', '\\\'', $GLOBALS['strDoYouReally']) : ''); ?>';
var confirmMsgDropDB = '<?php echo(($GLOBALS['cfg']['Confirm']) ? str_replace('\'', '\\\'', $GLOBALS['strDropDatabaseStrongWarning']) : ''); ?>'; var confirmMsgDropDB = '<?php echo(($GLOBALS['cfg']['Confirm']) ? str_replace('\'', '\\\'', $GLOBALS['strDropDatabaseStrongWarning']) : ''); ?>';
//--> //-->

18
libraries/import.lib.php
View File

@@ -68,7 +68,7 @@ function PMA_detectCompression($filepath)
*/ */
function PMA_importRunQuery($sql = '', $full = '') function PMA_importRunQuery($sql = '', $full = '')
{ {
global $import_run_buffer, $go_sql, $complete_query, $display_query, $sql_query, $cfg, $my_die, $error, $reload, $finished, $timeout_passed, $skip_queries, $executed_queries, $max_sql_len, $read_multiply, $cfg, $sql_query_disabled, $db, $run_query, $is_superuser; global $import_run_buffer, $go_sql, $complete_query, $display_query, $sql_query, $cfg, $my_die, $error, $reload, $finished, $timeout_passed, $skip_queries, $executed_queries, $max_sql_len, $read_multiply, $cfg, $sql_query_disabled, $db, $run_query, $is_superuser, $message, $show_error_header;
$read_multiply = 1; $read_multiply = 1;
if (isset($import_run_buffer)) { if (isset($import_run_buffer)) {
// Should we skip something? // Should we skip something?
@@ -76,18 +76,17 @@ function PMA_importRunQuery($sql = '', $full = '')
$skip_queries--; $skip_queries--;
} else { } else {
if (!empty($import_run_buffer['sql']) && trim($import_run_buffer['sql']) != '') { if (!empty($import_run_buffer['sql']) && trim($import_run_buffer['sql']) != '') {
if (!$cfg['AllowUserDropDatabase']
&& !$is_superuser
&& preg_match('@DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE @i', $import_run_buffer['sql'])) {
$message = $GLOBALS['strNoDropDatabases'];
$show_error_header = TRUE;
$error = TRUE;
return;
}
$max_sql_len = max($max_sql_len, strlen($import_run_buffer['sql'])); $max_sql_len = max($max_sql_len, strlen($import_run_buffer['sql']));
if (!$sql_query_disabled) { if (!$sql_query_disabled) {
$sql_query .= $import_run_buffer['full']; $sql_query .= $import_run_buffer['full'];
} }
if (!$cfg['AllowUserDropDatabase']
&& !$is_superuser
&& preg_match('@^[[:space:]]*DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE @i', $import_run_buffer['sql'])) {
$message = $GLOBALS['strNoDropDatabases'];
$show_error_header = TRUE;
$error = TRUE;
} else {
$executed_queries++; $executed_queries++;
if ($run_query && $finished && empty($sql) && !$error && ( if ($run_query && $finished && empty($sql) && !$error && (
(!empty($import_run_buffer['sql']) && preg_match('/^[\s]*(SELECT|SHOW)/i', $import_run_buffer['sql'])) || (!empty($import_run_buffer['sql']) && preg_match('/^[\s]*(SELECT|SHOW)/i', $import_run_buffer['sql'])) ||
@@ -145,6 +144,7 @@ function PMA_importRunQuery($sql = '', $full = '')
$reload = TRUE; $reload = TRUE;
} }
} // end run query } // end run query
} // end if not DROP DATABASE
} // end non empty query } // end non empty query
elseif (!empty($import_run_buffer['full'])) { elseif (!empty($import_run_buffer['full'])) {
if ($go_sql) { if ($go_sql) {

2
querywindow.php
View File

@@ -69,7 +69,7 @@ function query_tab_commit(tab) {
/**/ /**/
var errorMsg0 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strFormEmpty']); ?>'; var errorMsg0 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strFormEmpty']); ?>';
var errorMsg1 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strNotNumber']); ?>'; var errorMsg1 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strNotNumber']); ?>';
var noDropDbMsg = '<?php echo !$GLOBALS['cfg']['AllowUserDropDatabase'] var noDropDbMsg = '<?php echo (!$is_superuser && !$GLOBALS['cfg']['AllowUserDropDatabase'])
? str_replace('\'', '\\\'', $GLOBALS['strNoDropDatabases']) : ''; ?>'; ? str_replace('\'', '\\\'', $GLOBALS['strNoDropDatabases']) : ''; ?>';
var confirmMsg = '<?php echo $GLOBALS['cfg']['Confirm'] var confirmMsg = '<?php echo $GLOBALS['cfg']['Confirm']
? str_replace('\'', '\\\'', $GLOBALS['strDoYouReally']) : ''; ?>'; ? str_replace('\'', '\\\'', $GLOBALS['strDoYouReally']) : ''; ?>';