Improve functionality of limiting DROP DATABASE (bug #1456082).
This commit is contained in:
@@ -24,6 +24,9 @@ $Source$
|
||||
* Documentation.html: Various fixes in documentation, mostly grammmar
|
||||
(patch #1453198, thanks to Isaac Bennetch - ibennetch).
|
||||
* lang/*: Remove *font_family.
|
||||
* Documentation.html, import.php, querywindow.php, js/functions.js,
|
||||
libraries/header.inc.php, libraries/import.lib.php: Improve
|
||||
functionality of limiting DROP DATABASE (bug #1456082).
|
||||
|
||||
2006-04-26 Michal Čihař <michal@cihar.com>
|
||||
* libraries/plugin_interface.lib.php:
|
||||
|
@@ -1028,7 +1028,13 @@ ALTER TABLE `pma_column_comments`
|
||||
delete their own database or not. If set as FALSE, the link "Drop
|
||||
Database" will not be shown, and even a "DROP DATABASE
|
||||
mydatabase" will be rejected. Quite practical for
|
||||
<abbr title="Internet service provider">ISP</abbr>'s with many customers.</dd>
|
||||
<abbr title="Internet service provider">ISP</abbr>'s with many
|
||||
customers.<br />
|
||||
Please note that this limitation of SQL queries is not as strict as
|
||||
when using MySQL privileges. This is due to nature of SQL queries
|
||||
which might be quite complicated. So this choice should be viewed as
|
||||
help to avoid accidental dropping rather than strict privilege
|
||||
limitation.</dd>
|
||||
|
||||
<dt id="cfg_Confirm">$cfg[Confirm] boolean</dt>
|
||||
<dd>Whether a warning ("Are your really sure...") should be
|
||||
|
@@ -138,7 +138,7 @@ function confirmQuery(theForm1, sqlQuery1)
|
||||
else {
|
||||
// "DROP DATABASE" statement isn't allowed
|
||||
if (noDropDbMsg != '') {
|
||||
var drop_re = new RegExp('DROP\\s+(IF EXISTS\\s+)?DATABASE\\s', 'i');
|
||||
var drop_re = new RegExp('(^|;)\\s*DROP\\s+(IF EXISTS\\s+)?DATABASE\\s', 'i');
|
||||
if (drop_re.test(sqlQuery1.value)) {
|
||||
alert(noDropDbMsg);
|
||||
theForm1.reset();
|
||||
|
@@ -66,7 +66,8 @@ if (empty($GLOBALS['is_header_sent'])) {
|
||||
// js form validation stuff
|
||||
var errorMsg0 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strFormEmpty']); ?>';
|
||||
var errorMsg1 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strNotNumber']); ?>';
|
||||
var noDropDbMsg = '<?php echo((!$GLOBALS['cfg']['AllowUserDropDatabase']) ? str_replace('\'', '\\\'', $GLOBALS['strNoDropDatabases']) : ''); ?>';
|
||||
var noDropDbMsg = '<?php echo (!$is_superuser && !$GLOBALS['cfg']['AllowUserDropDatabase'])
|
||||
? str_replace('\'', '\\\'', $GLOBALS['strNoDropDatabases']) : ''; ?>';
|
||||
var confirmMsg = '<?php echo(($GLOBALS['cfg']['Confirm']) ? str_replace('\'', '\\\'', $GLOBALS['strDoYouReally']) : ''); ?>';
|
||||
var confirmMsgDropDB = '<?php echo(($GLOBALS['cfg']['Confirm']) ? str_replace('\'', '\\\'', $GLOBALS['strDropDatabaseStrongWarning']) : ''); ?>';
|
||||
//-->
|
||||
|
@@ -68,7 +68,7 @@ function PMA_detectCompression($filepath)
|
||||
*/
|
||||
function PMA_importRunQuery($sql = '', $full = '')
|
||||
{
|
||||
global $import_run_buffer, $go_sql, $complete_query, $display_query, $sql_query, $cfg, $my_die, $error, $reload, $finished, $timeout_passed, $skip_queries, $executed_queries, $max_sql_len, $read_multiply, $cfg, $sql_query_disabled, $db, $run_query, $is_superuser;
|
||||
global $import_run_buffer, $go_sql, $complete_query, $display_query, $sql_query, $cfg, $my_die, $error, $reload, $finished, $timeout_passed, $skip_queries, $executed_queries, $max_sql_len, $read_multiply, $cfg, $sql_query_disabled, $db, $run_query, $is_superuser, $message, $show_error_header;
|
||||
$read_multiply = 1;
|
||||
if (isset($import_run_buffer)) {
|
||||
// Should we skip something?
|
||||
@@ -76,18 +76,17 @@ function PMA_importRunQuery($sql = '', $full = '')
|
||||
$skip_queries--;
|
||||
} else {
|
||||
if (!empty($import_run_buffer['sql']) && trim($import_run_buffer['sql']) != '') {
|
||||
if (!$cfg['AllowUserDropDatabase']
|
||||
&& !$is_superuser
|
||||
&& preg_match('@DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE @i', $import_run_buffer['sql'])) {
|
||||
$message = $GLOBALS['strNoDropDatabases'];
|
||||
$show_error_header = TRUE;
|
||||
$error = TRUE;
|
||||
return;
|
||||
}
|
||||
$max_sql_len = max($max_sql_len, strlen($import_run_buffer['sql']));
|
||||
if (!$sql_query_disabled) {
|
||||
$sql_query .= $import_run_buffer['full'];
|
||||
}
|
||||
if (!$cfg['AllowUserDropDatabase']
|
||||
&& !$is_superuser
|
||||
&& preg_match('@^[[:space:]]*DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE @i', $import_run_buffer['sql'])) {
|
||||
$message = $GLOBALS['strNoDropDatabases'];
|
||||
$show_error_header = TRUE;
|
||||
$error = TRUE;
|
||||
} else {
|
||||
$executed_queries++;
|
||||
if ($run_query && $finished && empty($sql) && !$error && (
|
||||
(!empty($import_run_buffer['sql']) && preg_match('/^[\s]*(SELECT|SHOW)/i', $import_run_buffer['sql'])) ||
|
||||
@@ -145,6 +144,7 @@ function PMA_importRunQuery($sql = '', $full = '')
|
||||
$reload = TRUE;
|
||||
}
|
||||
} // end run query
|
||||
} // end if not DROP DATABASE
|
||||
} // end non empty query
|
||||
elseif (!empty($import_run_buffer['full'])) {
|
||||
if ($go_sql) {
|
||||
|
@@ -69,7 +69,7 @@ function query_tab_commit(tab) {
|
||||
/**/
|
||||
var errorMsg0 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strFormEmpty']); ?>';
|
||||
var errorMsg1 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strNotNumber']); ?>';
|
||||
var noDropDbMsg = '<?php echo !$GLOBALS['cfg']['AllowUserDropDatabase']
|
||||
var noDropDbMsg = '<?php echo (!$is_superuser && !$GLOBALS['cfg']['AllowUserDropDatabase'])
|
||||
? str_replace('\'', '\\\'', $GLOBALS['strNoDropDatabases']) : ''; ?>';
|
||||
var confirmMsg = '<?php echo $GLOBALS['cfg']['Confirm']
|
||||
? str_replace('\'', '\\\'', $GLOBALS['strDoYouReally']) : ''; ?>';
|
||||
|
Reference in New Issue
Block a user