patch #455752 - Check forbidden words thanks to Dell'Aiera Pol & Olivier Blin

badwords.txt

@@ -0,0 +1,232 @@
+action
+add
+aggregate
+all
+alter
+after
+and
+as
+asc
+avg
+avg_row_length
+auto_increment
+between
+bigint
+bit
+binary
+blob
+bool
+both
+by
+cascade
+case
+char
+character
+change
+check
+checksum
+column
+columns
+comment
+constraint
+create
+cross
+current_date
+current_time
+current_timestamp
+data
+database
+databases
+date
+datetime
+day
+day_hour
+day_minute
+day_second
+dayofmonth
+dayofweek
+dayofyear
+dec
+decimal
+default
+delayed
+delay_key_write
+delete
+desc
+describe
+distinct
+distinctrow
+double
+drop
+end
+else
+escape
+escaped
+enclosed
+enum
+explain
+exists
+fields
+file
+first
+float
+float4
+float8
+flush
+foreign
+from
+for
+full
+function
+global
+grant
+grants
+group
+having
+heap
+high_priority
+hour
+hour_minute
+hour_second
+hosts
+identified
+ignore
+in
+index
+infile
+inner
+insert
+insert_id
+int
+integer
+interval
+int1
+int2
+int3
+int4
+int8
+into
+if
+is
+isam
+join
+key
+keys
+kill
+last_insert_id
+leading
+left
+length
+like
+lines
+limit
+load
+local
+lock
+logs
+long
+longblob
+longtext
+low_priority
+max
+max_rows
+match
+mediumblob
+mediumtext
+mediumint
+middleint
+min_rows
+minute
+minute_second
+modify
+month
+monthname
+myisam
+natural
+numeric
+no
+not
+null
+on
+optimize
+option
+optionally
+or
+order
+outer
+outfile
+pack_keys
+partial
+pasword
+precision
+primary
+procedure
+process
+processlist
+privileges
+read
+real
+references
+reload
+regexp
+rename
+replace
+restrict
+returns
+revoke
+rlike
+row
+rows
+second
+select
+set
+show
+shutdown
+smallint
+soname
+sql_big_tables
+sql_big_selects
+sql_low_priority_updates
+sql_log_off
+sql_log_update
+sql_select_limit
+sql_small_result
+sql_big_result
+sql_warnings
+straight_join
+starting
+status
+string
+table
+tables
+temporary
+terminated
+text
+then
+time
+timestamp
+tinyblob
+tinytext
+tinyint
+trailing
+to
+type
+use
+using
+unique
+unlock
+unsigned
+update
+usage
+values
+varchar
+variables
+varying
+varbinary
+with
+write
+when
+where
+year
+year_month
+zerofill

db_create.php3

@@ -9,6 +9,17 @@ require('./grab_globals.inc.php3');
 require('./header.inc.php3');
 
 
+/**
+ * Ensures the db name is valid
+ */
+if (get_magic_quotes_gpc()) {
+    $db = stripslashes($db);
+}
+if (MYSQL_INT_VERSION < 32306) {
+    check_reserved_words($db);
+}
+
+
 /**
  * Executes the db creation sql query
  */

lib.inc.php3

@@ -704,6 +704,44 @@ window.parent.frames['nav'].location.replace('<?php echo $reload_url; ?>');
     } // end of the 'format_byte_down' function
 
 
+    /**
+     * Ensures a database/table/field's name is not a reserved word (for MySQL
+     * releases < 3.23.6) 
+     *
+     * @param    string   the name to check
+     *
+     * @return   boolean  true if the name is valid (no return else)
+     *
+     * @author   Dell'Aiera Pol; Olivier Blin
+     */
+    function check_reserved_words($the_name)
+    {
+        // The name contains caracters <> a-z, A-Z and "_" -> not a reserved
+        // word
+        if (!ereg('^[a-zA-Z_]+$', $the_name)) {
+            return true;
+        }
+        
+        // Else do the work
+        $filename = 'badwords.txt';
+        if (file_exists($filename)) {
+            // Builds the reserved words array
+            $fd        = fopen($filename, 'r');
+            $contents  = fread($fd, filesize($filename) - 1);
+            fclose ($fd);
+            $word_list = explode("\n", $contents);
+
+            // Do the checking
+            $word_cnt  = count($word_list);
+            for ($i = 0; $i < $word_cnt; $i++) {
+                if (strtolower($the_name) == $word_list[$i]) {
+                    mysql_die(sprintf($GLOBALS['strInvalidName'], $the_name), '', FALSE, TRUE);
+                } // end if
+            } // end for
+        } // end if
+    } // end of the 'check_reserved_words' function
+
+
 
     /* ----- Functions used to display records returned by a sql query ----- */
 

tbl_addfield.php3

@@ -17,6 +17,13 @@ if (isset($submit)) {
 
     // Builds the field creation statement and alters the table
     for ($i = 0; $i < count($field_name); ++$i) {
+        if (get_magic_quotes_gpc()) {
+            $field_name[$i] = stripslashes($field_name[$i]);
+        }
+        if (MYSQL_INT_VERSION < 32306) {
+            check_reserved_words($field_name[$i]);
+        }
+
         $query .= backquote($field_name[$i]) . ' ' . $field_type[$i];
         if ($field_length[$i] != ''
             && !eregi('^(DATE|DATETIME|TIME|TINYBLOB|TINYTEXT|BLOB|TEXT|MEDIUMBLOB|MEDIUMTEXT|LONGBLOB|LONGTEXT)$', $field_type[$i])) {

tbl_alter.php3

@@ -19,6 +19,10 @@ if (isset($submit)) {
         $field_length[0]  = stripslashes($field_length[0]);
     }
 
+    if (MYSQL_INT_VERSION < 32306) {
+        check_reserved_words($field_name[0]);
+    }
+
     // Some fields have been urlencoded or double quotes have been translated
     // to "&quot;" in tbl_properties.php3
     $field_orig[0]     = urldecode($field_orig[0]);

tbl_create.php3

@@ -28,6 +28,12 @@ if (isset($submit)) {
         if (empty($field_name[$i])) {
             continue;
         }
+        if (get_magic_quotes_gpc()) {
+            $field_name[$i] = stripslashes($field_name[$i]);
+        }
+        if (MYSQL_INT_VERSION < 32306) {
+            check_reserved_words($field_name[$i]);
+        }
         $query .= backquote($field_name[$i]) . ' ' . $field_type[$i];
         if ($field_length[$i] != '') {
             if (get_magic_quotes_gpc()) {
@@ -69,6 +75,9 @@ if (isset($submit)) {
     for ($i = 0; $i < count($field_primary); $i++) {
         $j = $field_primary[$i];
         if (!empty($field_name[$j])) {
+            if (get_magic_quotes_gpc()) {
+                $field_name[$j] = stripslashes($field_name[$j]);
+            }
             $primary .= backquote($field_name[$j]) . ', ';
         }
     } // end for
@@ -87,6 +96,9 @@ if (isset($submit)) {
     for ($i = 0;$i < count($field_index); $i++) {
         $j = $field_index[$i];
         if (!empty($field_name[$j])) {
+            if (get_magic_quotes_gpc()) {
+                $field_name[$j] = stripslashes($field_name[$j]);
+            }
            $index .= backquote($field_name[$j]) . ', ';
         }
     } // end for
@@ -105,6 +117,9 @@ if (isset($submit)) {
     for ($i = 0; $i < count($field_unique); $i++) {
         $j = $field_unique[$i];
         if (!empty($field_name[$j])) {
+            if (get_magic_quotes_gpc()) {
+                $field_name[$j] = stripslashes($field_name[$j]);
+            }
            $unique .= backquote($field_name[$j]) . ', ';
         }
     } // end for
@@ -124,6 +139,9 @@ if (isset($submit)) {
         $sql_query .= ' TYPE = ' . $tbl_type;
     }
     if (MYSQL_INT_VERSION >= 32300 && !empty($comment)) {
+        if (get_magic_quotes_gpc()) {
+            $comment = stripslashes($comment);
+        }
         $sql_query .= ' comment = \'' . sql_addslashes($comment) . '\'';
     }
 
@@ -152,6 +170,14 @@ else {
     }
     // Table name and number of fields are valid -> show the form
     else {
+        // Ensures the table name is valid
+        if (get_magic_quotes_gpc()) {
+            $table = stripslashes($table);
+        }
+        if (MYSQL_INT_VERSION < 32306) {
+            check_reserved_words($table);
+        }
+
         $action = 'tbl_create.php3';
         include('./tbl_properties.inc.php3');
         // Diplays the footer