Improve functionality of limiting DROP DATABASE (bug #1456082).
This commit is contained in:
@@ -24,6 +24,9 @@ $Source$
|
|||||||
* Documentation.html: Various fixes in documentation, mostly grammmar
|
* Documentation.html: Various fixes in documentation, mostly grammmar
|
||||||
(patch #1453198, thanks to Isaac Bennetch - ibennetch).
|
(patch #1453198, thanks to Isaac Bennetch - ibennetch).
|
||||||
* lang/*: Remove *font_family.
|
* lang/*: Remove *font_family.
|
||||||
|
* Documentation.html, import.php, querywindow.php, js/functions.js,
|
||||||
|
libraries/header.inc.php, libraries/import.lib.php: Improve
|
||||||
|
functionality of limiting DROP DATABASE (bug #1456082).
|
||||||
|
|
||||||
2006-04-26 Michal Čihař <michal@cihar.com>
|
2006-04-26 Michal Čihař <michal@cihar.com>
|
||||||
* libraries/plugin_interface.lib.php:
|
* libraries/plugin_interface.lib.php:
|
||||||
|
@@ -1028,7 +1028,13 @@ ALTER TABLE `pma_column_comments`
|
|||||||
delete their own database or not. If set as FALSE, the link "Drop
|
delete their own database or not. If set as FALSE, the link "Drop
|
||||||
Database" will not be shown, and even a "DROP DATABASE
|
Database" will not be shown, and even a "DROP DATABASE
|
||||||
mydatabase" will be rejected. Quite practical for
|
mydatabase" will be rejected. Quite practical for
|
||||||
<abbr title="Internet service provider">ISP</abbr>'s with many customers.</dd>
|
<abbr title="Internet service provider">ISP</abbr>'s with many
|
||||||
|
customers.<br />
|
||||||
|
Please note that this limitation of SQL queries is not as strict as
|
||||||
|
when using MySQL privileges. This is due to nature of SQL queries
|
||||||
|
which might be quite complicated. So this choice should be viewed as
|
||||||
|
help to avoid accidental dropping rather than strict privilege
|
||||||
|
limitation.</dd>
|
||||||
|
|
||||||
<dt id="cfg_Confirm">$cfg[Confirm] boolean</dt>
|
<dt id="cfg_Confirm">$cfg[Confirm] boolean</dt>
|
||||||
<dd>Whether a warning ("Are your really sure...") should be
|
<dd>Whether a warning ("Are your really sure...") should be
|
||||||
|
14
import.php
14
import.php
@@ -19,12 +19,12 @@ if (!empty($sql_query)) {
|
|||||||
$import_text = $sql_query;
|
$import_text = $sql_query;
|
||||||
$import_type = 'query';
|
$import_type = 'query';
|
||||||
$format = 'sql';
|
$format = 'sql';
|
||||||
|
|
||||||
// refresh left frame on changes in table or db structure
|
// refresh left frame on changes in table or db structure
|
||||||
if (preg_match('/^(CREATE|ALTER|DROP)\s+(VIEW|TABLE|DATABASE|SCHEMA)\s+/i', $sql_query)) {
|
if (preg_match('/^(CREATE|ALTER|DROP)\s+(VIEW|TABLE|DATABASE|SCHEMA)\s+/i', $sql_query)) {
|
||||||
$GLOBALS['reload'] = true;
|
$GLOBALS['reload'] = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
unset($sql_query);
|
unset($sql_query);
|
||||||
} elseif (!empty($sql_localfile)) {
|
} elseif (!empty($sql_localfile)) {
|
||||||
// run SQL file on server
|
// run SQL file on server
|
||||||
@@ -44,7 +44,7 @@ if (!empty($sql_query)) {
|
|||||||
$format = 'sql';
|
$format = 'sql';
|
||||||
}
|
}
|
||||||
|
|
||||||
// If we didn't get any parameters, either user called this directly, or
|
// If we didn't get any parameters, either user called this directly, or
|
||||||
// upload limit has been reached, let's assume the second possibility.
|
// upload limit has been reached, let's assume the second possibility.
|
||||||
if ($_POST == array() && $_GET == array()) {
|
if ($_POST == array() && $_GET == array()) {
|
||||||
require_once('./libraries/header.inc.php');
|
require_once('./libraries/header.inc.php');
|
||||||
@@ -137,12 +137,12 @@ if (!empty($id_bookmark)) {
|
|||||||
if (isset($bookmark_variable) && !empty($bookmark_variable)) {
|
if (isset($bookmark_variable) && !empty($bookmark_variable)) {
|
||||||
$import_text = preg_replace('|/\*(.*)\[VARIABLE\](.*)\*/|imsU', '${1}' . PMA_sqlAddslashes($bookmark_variable) . '${2}', $import_text);
|
$import_text = preg_replace('|/\*(.*)\[VARIABLE\](.*)\*/|imsU', '${1}' . PMA_sqlAddslashes($bookmark_variable) . '${2}', $import_text);
|
||||||
}
|
}
|
||||||
|
|
||||||
// refresh left frame on changes in table or db structure
|
// refresh left frame on changes in table or db structure
|
||||||
if (preg_match('/^(CREATE|ALTER|DROP)\s+(VIEW|TABLE|DATABASE|SCHEMA)\s+/i', $import_text)) {
|
if (preg_match('/^(CREATE|ALTER|DROP)\s+(VIEW|TABLE|DATABASE|SCHEMA)\s+/i', $import_text)) {
|
||||||
$GLOBALS['reload'] = true;
|
$GLOBALS['reload'] = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
case 1: // bookmarked query that have to be displayed
|
case 1: // bookmarked query that have to be displayed
|
||||||
$import_text = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
|
$import_text = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
|
||||||
@@ -178,7 +178,7 @@ if (!empty($bkm_label) && !empty($import_text)) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
PMA_addBookmarks($bfields, $cfg['Bookmark'], isset($bkm_all_users));
|
PMA_addBookmarks($bfields, $cfg['Bookmark'], isset($bkm_all_users));
|
||||||
|
|
||||||
$bookmark_created = TRUE;
|
$bookmark_created = TRUE;
|
||||||
} // end store bookmarks
|
} // end store bookmarks
|
||||||
|
|
||||||
@@ -239,7 +239,7 @@ if ($import_file != 'none' && !$error) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Handle file compression
|
// Handle file compression
|
||||||
$compression = PMA_detectCompression($import_file);
|
$compression = PMA_detectCompression($import_file);
|
||||||
if ($compression === FALSE) {
|
if ($compression === FALSE) {
|
||||||
|
@@ -138,7 +138,7 @@ function confirmQuery(theForm1, sqlQuery1)
|
|||||||
else {
|
else {
|
||||||
// "DROP DATABASE" statement isn't allowed
|
// "DROP DATABASE" statement isn't allowed
|
||||||
if (noDropDbMsg != '') {
|
if (noDropDbMsg != '') {
|
||||||
var drop_re = new RegExp('DROP\\s+(IF EXISTS\\s+)?DATABASE\\s', 'i');
|
var drop_re = new RegExp('(^|;)\\s*DROP\\s+(IF EXISTS\\s+)?DATABASE\\s', 'i');
|
||||||
if (drop_re.test(sqlQuery1.value)) {
|
if (drop_re.test(sqlQuery1.value)) {
|
||||||
alert(noDropDbMsg);
|
alert(noDropDbMsg);
|
||||||
theForm1.reset();
|
theForm1.reset();
|
||||||
|
@@ -66,7 +66,8 @@ if (empty($GLOBALS['is_header_sent'])) {
|
|||||||
// js form validation stuff
|
// js form validation stuff
|
||||||
var errorMsg0 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strFormEmpty']); ?>';
|
var errorMsg0 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strFormEmpty']); ?>';
|
||||||
var errorMsg1 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strNotNumber']); ?>';
|
var errorMsg1 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strNotNumber']); ?>';
|
||||||
var noDropDbMsg = '<?php echo((!$GLOBALS['cfg']['AllowUserDropDatabase']) ? str_replace('\'', '\\\'', $GLOBALS['strNoDropDatabases']) : ''); ?>';
|
var noDropDbMsg = '<?php echo (!$is_superuser && !$GLOBALS['cfg']['AllowUserDropDatabase'])
|
||||||
|
? str_replace('\'', '\\\'', $GLOBALS['strNoDropDatabases']) : ''; ?>';
|
||||||
var confirmMsg = '<?php echo(($GLOBALS['cfg']['Confirm']) ? str_replace('\'', '\\\'', $GLOBALS['strDoYouReally']) : ''); ?>';
|
var confirmMsg = '<?php echo(($GLOBALS['cfg']['Confirm']) ? str_replace('\'', '\\\'', $GLOBALS['strDoYouReally']) : ''); ?>';
|
||||||
var confirmMsgDropDB = '<?php echo(($GLOBALS['cfg']['Confirm']) ? str_replace('\'', '\\\'', $GLOBALS['strDropDatabaseStrongWarning']) : ''); ?>';
|
var confirmMsgDropDB = '<?php echo(($GLOBALS['cfg']['Confirm']) ? str_replace('\'', '\\\'', $GLOBALS['strDropDatabaseStrongWarning']) : ''); ?>';
|
||||||
//-->
|
//-->
|
||||||
|
@@ -68,7 +68,7 @@ function PMA_detectCompression($filepath)
|
|||||||
*/
|
*/
|
||||||
function PMA_importRunQuery($sql = '', $full = '')
|
function PMA_importRunQuery($sql = '', $full = '')
|
||||||
{
|
{
|
||||||
global $import_run_buffer, $go_sql, $complete_query, $display_query, $sql_query, $cfg, $my_die, $error, $reload, $finished, $timeout_passed, $skip_queries, $executed_queries, $max_sql_len, $read_multiply, $cfg, $sql_query_disabled, $db, $run_query, $is_superuser;
|
global $import_run_buffer, $go_sql, $complete_query, $display_query, $sql_query, $cfg, $my_die, $error, $reload, $finished, $timeout_passed, $skip_queries, $executed_queries, $max_sql_len, $read_multiply, $cfg, $sql_query_disabled, $db, $run_query, $is_superuser, $message, $show_error_header;
|
||||||
$read_multiply = 1;
|
$read_multiply = 1;
|
||||||
if (isset($import_run_buffer)) {
|
if (isset($import_run_buffer)) {
|
||||||
// Should we skip something?
|
// Should we skip something?
|
||||||
@@ -76,75 +76,75 @@ function PMA_importRunQuery($sql = '', $full = '')
|
|||||||
$skip_queries--;
|
$skip_queries--;
|
||||||
} else {
|
} else {
|
||||||
if (!empty($import_run_buffer['sql']) && trim($import_run_buffer['sql']) != '') {
|
if (!empty($import_run_buffer['sql']) && trim($import_run_buffer['sql']) != '') {
|
||||||
if (!$cfg['AllowUserDropDatabase']
|
|
||||||
&& !$is_superuser
|
|
||||||
&& preg_match('@DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE @i', $import_run_buffer['sql'])) {
|
|
||||||
$message = $GLOBALS['strNoDropDatabases'];
|
|
||||||
$show_error_header = TRUE;
|
|
||||||
$error = TRUE;
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
$max_sql_len = max($max_sql_len, strlen($import_run_buffer['sql']));
|
$max_sql_len = max($max_sql_len, strlen($import_run_buffer['sql']));
|
||||||
if (!$sql_query_disabled) {
|
if (!$sql_query_disabled) {
|
||||||
$sql_query .= $import_run_buffer['full'];
|
$sql_query .= $import_run_buffer['full'];
|
||||||
}
|
}
|
||||||
$executed_queries++;
|
if (!$cfg['AllowUserDropDatabase']
|
||||||
if ($run_query && $finished && empty($sql) && !$error && (
|
&& !$is_superuser
|
||||||
(!empty($import_run_buffer['sql']) && preg_match('/^[\s]*(SELECT|SHOW)/i', $import_run_buffer['sql'])) ||
|
&& preg_match('@^[[:space:]]*DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE @i', $import_run_buffer['sql'])) {
|
||||||
($executed_queries == 1)
|
$message = $GLOBALS['strNoDropDatabases'];
|
||||||
)) {
|
$show_error_header = TRUE;
|
||||||
$go_sql = TRUE;
|
$error = TRUE;
|
||||||
if (!$sql_query_disabled) {
|
} else {
|
||||||
$complete_query = $sql_query;
|
$executed_queries++;
|
||||||
$display_query = $sql_query;
|
if ($run_query && $finished && empty($sql) && !$error && (
|
||||||
} else {
|
(!empty($import_run_buffer['sql']) && preg_match('/^[\s]*(SELECT|SHOW)/i', $import_run_buffer['sql'])) ||
|
||||||
$complete_query = '';
|
($executed_queries == 1)
|
||||||
$display_query = '';
|
)) {
|
||||||
}
|
$go_sql = TRUE;
|
||||||
$sql_query = $import_run_buffer['sql'];
|
if (!$sql_query_disabled) {
|
||||||
} elseif ($run_query) {
|
$complete_query = $sql_query;
|
||||||
$result = PMA_DBI_try_query($import_run_buffer['sql']);
|
$display_query = $sql_query;
|
||||||
$msg = '# ';
|
|
||||||
if ($result === FALSE) { // execution failed
|
|
||||||
if (!isset($my_die)) {
|
|
||||||
$my_die = array();
|
|
||||||
}
|
|
||||||
$my_die[] = array('sql' => $import_run_buffer['full'], 'error' => PMA_DBI_getError());
|
|
||||||
|
|
||||||
if ($cfg['VerboseMultiSubmit']) {
|
|
||||||
$msg .= $GLOBALS['strError'];
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!$cfg['IgnoreMultiSubmitErrors']) {
|
|
||||||
$error = TRUE;
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
} elseif ($cfg['VerboseMultiSubmit']) {
|
|
||||||
$a_num_rows = (int)@PMA_DBI_num_rows($result);
|
|
||||||
$a_aff_rows = (int)@PMA_DBI_affected_rows();
|
|
||||||
if ($a_num_rows > 0) {
|
|
||||||
$msg .= $GLOBALS['strRows'] . ': ' . $a_num_rows;
|
|
||||||
} elseif ($a_aff_rows > 0) {
|
|
||||||
$a_rows =
|
|
||||||
$msg .= $GLOBALS['strAffectedRows'] . ' ' . $a_aff_rows;
|
|
||||||
} else {
|
} else {
|
||||||
$msg .= $GLOBALS['strEmptyResultSet'];
|
$complete_query = '';
|
||||||
|
$display_query = '';
|
||||||
}
|
}
|
||||||
}
|
$sql_query = $import_run_buffer['sql'];
|
||||||
if (!$sql_query_disabled) {
|
} elseif ($run_query) {
|
||||||
$sql_query .= $msg . "\n";
|
$result = PMA_DBI_try_query($import_run_buffer['sql']);
|
||||||
}
|
$msg = '# ';
|
||||||
|
if ($result === FALSE) { // execution failed
|
||||||
|
if (!isset($my_die)) {
|
||||||
|
$my_die = array();
|
||||||
|
}
|
||||||
|
$my_die[] = array('sql' => $import_run_buffer['full'], 'error' => PMA_DBI_getError());
|
||||||
|
|
||||||
// If a 'USE <db>' SQL-clause was found and the query succeeded, set our current $db to the new one
|
if ($cfg['VerboseMultiSubmit']) {
|
||||||
if ($result != FALSE && preg_match('@^[\s]*USE[[:space:]]*([\S]+)@i', $import_run_buffer['sql'], $match)) {
|
$msg .= $GLOBALS['strError'];
|
||||||
$db = trim($match[1]);
|
}
|
||||||
$reload = TRUE;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($result != FALSE && preg_match('@^[\s]*(DROP|CREATE)[\s]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)@im', $import_run_buffer['sql'])) {
|
if (!$cfg['IgnoreMultiSubmitErrors']) {
|
||||||
$reload = TRUE;
|
$error = TRUE;
|
||||||
}
|
return;
|
||||||
} // end run query
|
}
|
||||||
|
} elseif ($cfg['VerboseMultiSubmit']) {
|
||||||
|
$a_num_rows = (int)@PMA_DBI_num_rows($result);
|
||||||
|
$a_aff_rows = (int)@PMA_DBI_affected_rows();
|
||||||
|
if ($a_num_rows > 0) {
|
||||||
|
$msg .= $GLOBALS['strRows'] . ': ' . $a_num_rows;
|
||||||
|
} elseif ($a_aff_rows > 0) {
|
||||||
|
$a_rows =
|
||||||
|
$msg .= $GLOBALS['strAffectedRows'] . ' ' . $a_aff_rows;
|
||||||
|
} else {
|
||||||
|
$msg .= $GLOBALS['strEmptyResultSet'];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!$sql_query_disabled) {
|
||||||
|
$sql_query .= $msg . "\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
// If a 'USE <db>' SQL-clause was found and the query succeeded, set our current $db to the new one
|
||||||
|
if ($result != FALSE && preg_match('@^[\s]*USE[[:space:]]*([\S]+)@i', $import_run_buffer['sql'], $match)) {
|
||||||
|
$db = trim($match[1]);
|
||||||
|
$reload = TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($result != FALSE && preg_match('@^[\s]*(DROP|CREATE)[\s]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)@im', $import_run_buffer['sql'])) {
|
||||||
|
$reload = TRUE;
|
||||||
|
}
|
||||||
|
} // end run query
|
||||||
|
} // end if not DROP DATABASE
|
||||||
} // end non empty query
|
} // end non empty query
|
||||||
elseif (!empty($import_run_buffer['full'])) {
|
elseif (!empty($import_run_buffer['full'])) {
|
||||||
if ($go_sql) {
|
if ($go_sql) {
|
||||||
@@ -172,7 +172,7 @@ function PMA_importRunQuery($sql = '', $full = '')
|
|||||||
}
|
}
|
||||||
} // end do query (no skip)
|
} // end do query (no skip)
|
||||||
} // end buffer exists
|
} // end buffer exists
|
||||||
|
|
||||||
// Do we have something to push into buffer?
|
// Do we have something to push into buffer?
|
||||||
if (!empty($sql) || !empty($full)) {
|
if (!empty($sql) || !empty($full)) {
|
||||||
$import_run_buffer = array('sql' => $sql, 'full' => $full);
|
$import_run_buffer = array('sql' => $sql, 'full' => $full);
|
||||||
@@ -193,7 +193,7 @@ function PMA_importRunQuery($sql = '', $full = '')
|
|||||||
function PMA_importGetNextChunk($size = 32768)
|
function PMA_importGetNextChunk($size = 32768)
|
||||||
{
|
{
|
||||||
global $import_file, $import_text, $finished, $compression, $import_handle, $offset, $charset_conversion, $charset_of_file, $charset, $read_multiply, $read_limit;
|
global $import_file, $import_text, $finished, $compression, $import_handle, $offset, $charset_conversion, $charset_of_file, $charset, $read_multiply, $read_limit;
|
||||||
|
|
||||||
// Add some progression while reading large amount of data
|
// Add some progression while reading large amount of data
|
||||||
if ($read_multiply <= 8) {
|
if ($read_multiply <= 8) {
|
||||||
$size *= $read_multiply;
|
$size *= $read_multiply;
|
||||||
@@ -226,7 +226,7 @@ function PMA_importGetNextChunk($size = 32768)
|
|||||||
return $r;
|
return $r;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
switch ($compression) {
|
switch ($compression) {
|
||||||
case 'application/bzip2':
|
case 'application/bzip2':
|
||||||
$result = bzread($import_handle, $size);
|
$result = bzread($import_handle, $size);
|
||||||
@@ -247,7 +247,7 @@ function PMA_importGetNextChunk($size = 32768)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
$offset += $size;
|
$offset += $size;
|
||||||
|
|
||||||
if ($charset_conversion) {
|
if ($charset_conversion) {
|
||||||
return PMA_convert_string($charset_of_file, $charset, $result);
|
return PMA_convert_string($charset_of_file, $charset, $result);
|
||||||
} else {
|
} else {
|
||||||
@@ -264,7 +264,7 @@ function PMA_importGetNextChunk($size = 32768)
|
|||||||
$result = substr($result, 2);
|
$result = substr($result, 2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@@ -69,7 +69,7 @@ function query_tab_commit(tab) {
|
|||||||
/**/
|
/**/
|
||||||
var errorMsg0 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strFormEmpty']); ?>';
|
var errorMsg0 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strFormEmpty']); ?>';
|
||||||
var errorMsg1 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strNotNumber']); ?>';
|
var errorMsg1 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strNotNumber']); ?>';
|
||||||
var noDropDbMsg = '<?php echo !$GLOBALS['cfg']['AllowUserDropDatabase']
|
var noDropDbMsg = '<?php echo (!$is_superuser && !$GLOBALS['cfg']['AllowUserDropDatabase'])
|
||||||
? str_replace('\'', '\\\'', $GLOBALS['strNoDropDatabases']) : ''; ?>';
|
? str_replace('\'', '\\\'', $GLOBALS['strNoDropDatabases']) : ''; ?>';
|
||||||
var confirmMsg = '<?php echo $GLOBALS['cfg']['Confirm']
|
var confirmMsg = '<?php echo $GLOBALS['cfg']['Confirm']
|
||||||
? str_replace('\'', '\\\'', $GLOBALS['strDoYouReally']) : ''; ?>';
|
? str_replace('\'', '\\\'', $GLOBALS['strDoYouReally']) : ''; ?>';
|
||||||
|
Reference in New Issue
Block a user