Fixed transformation system now accepting '.php3' files and using the '.php' pendants. Make use of 's' RegEx pattern modifier. Fixed small (but impacting) typo.
This commit is contained in:
Garvin Hicking
10
ChangeLog
10
ChangeLog
@@ -5,7 +5,7 @@ phpMyAdmin - Changelog
|
||||
$Id$
|
||||
$Source$
|
||||
|
||||
2003-11-24 Garvin Hicking <phpmyadminismyaeroplane@supergarv.de>
|
||||
2003-11-25 Garvin Hicking <phpmyadminismyaeroplane@supergarv.de>
|
||||
* db_details_qbe.php, left.php, main.php, pdf_pages.php, server_collations.php,
|
||||
tbl_change.php, tbl_indexes.php, tbl_move_copy.php, tbl_relation.php,
|
||||
tbl_replace.php, libraries/common.lib.php, libraries/db_config.lib.php,
|
||||
@@ -15,7 +15,15 @@ $Source$
|
||||
Reverted some obfuscated regular expressions to their working eregi-versions
|
||||
to not break stuff. Removed unneccessary reset() calls, replaced some more
|
||||
while(list()) constructs.
|
||||
* libraries/transformations/overview.php, libraries/transformations/global.inc.php,
|
||||
libraries/common.lib.php, libraries/display_tbl.lib.php,
|
||||
libraries/transformations.lib.php3, user_password.php, tbl_change.php, sql.php,
|
||||
ldi_check.php, tbl_properties.inc.php, db_details_importdocsql.php:
|
||||
|
||||
- When stored transformations have '.php3' ending, automagically assume '.php' now.
|
||||
- Use 's' RegEx Pattern modifier for certain situations where '.' should also include
|
||||
linebreaks.
|
||||
|
||||
2003-11-24 Alexander M. Turek <bloodsugarsexmagik@derrabus.de>
|
||||
* lang/german-*.inc.php: Updates.
|
||||
* lang/english-*.inc.php: Sortation.
|
||||
|
||||
@@ -47,7 +47,7 @@ if (isset($cfg['docSQLDir']) && !empty($cfg['docSQLDir'])) {
|
||||
global $GLOBALS;
|
||||
|
||||
if (preg_match('@^(.*)_field_comment\.(txt|zip|bz2|bzip).*$@i', $filename)) {
|
||||
$tab = preg_replace('@^(.*)_field_comment\.(txt|zip|bz2|bzip).*@i', '\1', $filename);
|
||||
$tab = preg_replace('@^(.*)_field_comment\.(txt|zip|bz2|bzip).*@si', '\1', $filename);
|
||||
//echo '<h1>Working on Table ' . $_tab . '</h1>';
|
||||
if ($content == 'none') {
|
||||
$lines = array();
|
||||
|
||||
@@ -48,7 +48,7 @@ if (isset($btnLDI) && isset($local_textfile) && $local_textfile != '') {
|
||||
if (substr($cfg['UploadDir'], -1) != '/') {
|
||||
$cfg['UploadDir'] .= '/';
|
||||
}
|
||||
$textfile = $DOCUMENT_ROOT . dirname($PHP_SELF) . '/' . preg_replace('@^./@', '', $cfg['UploadDir']) . preg_replace('@\.\.*@', '.', $local_textfile);
|
||||
$textfile = $DOCUMENT_ROOT . dirname($PHP_SELF) . '/' . preg_replace('@^./@s', '', $cfg['UploadDir']) . preg_replace('@\.\.*@', '.', $local_textfile);
|
||||
if (file_exists($textfile)) {
|
||||
$open_basedir = @ini_get('open_basedir');
|
||||
|
||||
|
||||
@@ -1799,8 +1799,8 @@ h1 {font-family: sans-serif; font-size: large; font-weight: bold}
|
||||
} // end while
|
||||
|
||||
if (stristr($message, '<img')) {
|
||||
$link_or_button .= ' <input type="image" src="' . preg_replace('@^.*src="(.*)".*$@i', '\1', $message) . '" value="'
|
||||
. htmlspecialchars(preg_replace('@^.*alt="(.*)".*$@i', '\1', $message)) . '" />' . "\n" . '</form>' . "\n";
|
||||
$link_or_button .= ' <input type="image" src="' . preg_replace('@^.*src="(.*)".*$@si', '\1', $message) . '" value="'
|
||||
. htmlspecialchars(preg_replace('@^.*alt="(.*)".*$@si', '\1', $message)) . '" />' . "\n" . '</form>' . "\n";
|
||||
} else {
|
||||
$link_or_button .= ' <input type="submit" value="'
|
||||
. htmlspecialchars($message) . '" />' . "\n" . '</form>' . "\n";
|
||||
|
||||
@@ -460,22 +460,22 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
|
||||
// Defines the url used to append/modify a sorting order
|
||||
// Nijel: This was originally done inside loop below, but I see
|
||||
// no reason to do this for each column.
|
||||
if (preg_match('@(.*)([[:space:]]ORDER[[:space:]]*BY[[:space:]](.*))@i', $sql_query, $regs1)) {
|
||||
if (preg_match('@((.*)([[:space:]]ASC|[[:space:]]DESC)([[:space:]]|$))(.*)@i', $regs1[2], $regs2)) {
|
||||
if (preg_match('@(.*)([[:space:]]ORDER[[:space:]]*BY[[:space:]](.*))@si', $sql_query, $regs1)) {
|
||||
if (preg_match('@((.*)([[:space:]]ASC|[[:space:]]DESC)([[:space:]]|$))(.*)@si', $regs1[2], $regs2)) {
|
||||
$unsorted_sql_query = trim($regs1[1] . ' ' . $regs2[5]);
|
||||
$sql_order = trim($regs2[1]);
|
||||
preg_match('@(ORDER[[:space:]]*BY[[:space:]]*)(.*)([[:space:]]*ASC|[[:space:]]*DESC)@i',$sql_order,$after_order);
|
||||
preg_match('@(ORDER[[:space:]]*BY[[:space:]]*)(.*)([[:space:]]*ASC|[[:space:]]*DESC)@si',$sql_order,$after_order);
|
||||
$sort_expression = trim($after_order[2]);
|
||||
}
|
||||
else if (preg_match('@((.*))[[:space:]]+(LIMIT (.*)|PROCEDURE (.*)|FOR UPDATE|LOCK IN SHARE MODE)@i', $regs1[2], $regs3)) {
|
||||
else if (preg_match('@((.*))[[:space:]]+(LIMIT (.*)|PROCEDURE (.*)|FOR UPDATE|LOCK IN SHARE MODE)@si', $regs1[2], $regs3)) {
|
||||
$unsorted_sql_query = trim($regs1[1] . ' ' . $regs3[3]);
|
||||
$sql_order = trim($regs3[1]) . ' ASC';
|
||||
preg_match('@(ORDER[[:space:]]*BY[[:space:]]*)(.*)([[:space:]]*ASC|[[:space:]]*DESC)@i',$sql_order,$after_order);
|
||||
preg_match('@(ORDER[[:space:]]*BY[[:space:]]*)(.*)([[:space:]]*ASC|[[:space:]]*DESC)@si',$sql_order,$after_order);
|
||||
$sort_expression = trim($after_order[2]);
|
||||
} else {
|
||||
$unsorted_sql_query = trim($regs1[1]);
|
||||
$sql_order = trim($regs1[2]) . ' ASC';
|
||||
preg_match('@(ORDER[[:space:]]*BY[[:space:]]*)(.*)([[:space:]]*ASC|[[:space:]]*DESC)@i',$sql_order,$after_order);
|
||||
preg_match('@(ORDER[[:space:]]*BY[[:space:]]*)(.*)([[:space:]]*ASC|[[:space:]]*DESC)@si',$sql_order,$after_order);
|
||||
$sort_expression = trim($after_order[2]);
|
||||
}
|
||||
} else {
|
||||
@@ -1237,10 +1237,10 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) {
|
||||
if ($GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) {
|
||||
|
||||
if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) && isset($GLOBALS['mime_map'][$meta->name]['transformation']) && !empty($GLOBALS['mime_map'][$meta->name]['transformation'])) {
|
||||
// garvin: for security, never allow to break out from transformations directory
|
||||
$include_file = preg_replace('@\.\.*@', '.', $GLOBALS['mime_map'][$meta->name]['transformation']);
|
||||
$include_file = PMA_sanitizeTransformationFile($GLOBALS['mime_map'][$meta->name]['transformation']);
|
||||
|
||||
if (file_exists('./libraries/transformations/' . $include_file)) {
|
||||
$transformfunction_name = str_replace('.inc.php', '', $GLOBALS['mime_map'][$meta->name]['transformation']);
|
||||
$transformfunction_name = preg_replace('@(\.inc\.php3?)$@i', '', $GLOBALS['mime_map'][$meta->name]['transformation']);
|
||||
|
||||
include('./libraries/transformations/' . $include_file);
|
||||
|
||||
|
||||
@@ -49,9 +49,9 @@ if (!defined('PMA_TRANSFORMATION_LIB_INCLUDED')){
|
||||
@ksort($filestack);
|
||||
foreach($filestack AS $key => $file) {
|
||||
|
||||
if (preg_match('|^.*__.*\.inc\.php$|', trim($file))) {
|
||||
if (preg_match('|^.*__.*\.inc\.php(3?)$|', trim($file), $match)) {
|
||||
// File contains transformation functions.
|
||||
$base = explode('__', str_replace('.inc.php', '', $file));
|
||||
$base = explode('__', str_replace('.inc.php' . $match[1], '', $file));
|
||||
|
||||
$mimetype = str_replace('_', '/', $base[0]);
|
||||
$stack['mimetype'][$mimetype] = $mimetype;
|
||||
@@ -59,9 +59,9 @@ if (!defined('PMA_TRANSFORMATION_LIB_INCLUDED')){
|
||||
$stack['transformation'][] = $mimetype . ': ' . $base[1];
|
||||
$stack['transformation_file'][] = $file;
|
||||
|
||||
} else if (preg_match('|^.*\.inc\.php$|', trim($file))) {
|
||||
} else if (preg_match('|^.*\.inc\.php(3?)$|', trim($file), $match)) {
|
||||
// File is a plain mimetype, no functions.
|
||||
$base = str_replace('.inc.php', '', $file);
|
||||
$base = str_replace('.inc.php' . $match[1], '', $file);
|
||||
|
||||
if ($base != 'global') {
|
||||
$mimetype = str_replace('_', '/', $base);
|
||||
@@ -177,5 +177,29 @@ if (!defined('PMA_TRANSFORMATION_LIB_INCLUDED')){
|
||||
return false;
|
||||
}
|
||||
} // end of 'PMA_setMIME()' function
|
||||
|
||||
/**
|
||||
* Returns the real filename of a configured transformation
|
||||
*
|
||||
* @param string the current filename
|
||||
*
|
||||
* @return string the new filename
|
||||
*
|
||||
* @access public
|
||||
*/
|
||||
function PMA_sanitizeTransformationFile(&$filename) {
|
||||
// garvin: for security, never allow to break out from transformations directory
|
||||
|
||||
$include_file = preg_replace('@\.\.*@', '.', $filename);
|
||||
|
||||
// This value can also contain a 'php3' value, in which case we map this filename to our new 'php' variant
|
||||
$testfile = preg_replace('@\.inc\.php3$@', '.inc.php', $include_file);
|
||||
if ($include_file{strlen($include_file)-1} == '3' && file_exists('./libraries/transformations/' . $testfile)) {
|
||||
$include_file = $testfile;
|
||||
$filename = $testfile; // Corrects the referenced variable for further actions on the filename;
|
||||
}
|
||||
|
||||
return $include_file;
|
||||
} // end of 'PMA_sanitizeTransformationFile()' function
|
||||
} // $__PMA_TRANSFORMATION_LIB__
|
||||
?>
|
||||
@@ -40,7 +40,7 @@ if (!defined('PMA_TRANSFORMATION_LIB_GLOBAL')){
|
||||
}
|
||||
|
||||
if (isset($options['regex']) && isset($options['regex_replace'])) {
|
||||
$buffer = preg_replace('@' . str_replace('@', '\@', $options['regex']) . '@i', $options['regex_replace'], $buffer);
|
||||
$buffer = preg_replace('@' . str_replace('@', '\@', $options['regex']) . '@si', $options['regex_replace'], $buffer);
|
||||
}
|
||||
|
||||
// Replace occurences of [__BUFFER__] with actual text
|
||||
|
||||
@@ -62,7 +62,7 @@ foreach($types['mimetype'] AS $key => $mimetype) {
|
||||
$i = 0;
|
||||
foreach($types['transformation'] AS $key => $transform) {
|
||||
$i++;
|
||||
$func = strtolower(str_replace('.inc.php', '', $types['transformation_file'][$key]));
|
||||
$func = strtolower(preg_replace('@(\.inc\.php3?)$@i', '', $types['transformation_file'][$key]));
|
||||
$desc = 'strTransformation_' . $func;
|
||||
?>
|
||||
<tr bgcolor="<?php echo ($i % 2 ? $cfg['BgcolorOne'] : $cfg['BgcolorTwo']); ?>">
|
||||
|
||||
2
sql.php
2
sql.php
@@ -14,7 +14,7 @@ require('./libraries/common.lib.php');
|
||||
*/
|
||||
// Security checkings
|
||||
if (!empty($goto)) {
|
||||
$is_gotofile = preg_replace('@^([^?]+).*$@', '\\1', $goto);
|
||||
$is_gotofile = preg_replace('@^([^?]+).*$@s', '\\1', $goto);
|
||||
if (!@file_exists('./' . $is_gotofile)) {
|
||||
unset($goto);
|
||||
} else {
|
||||
|
||||
@@ -220,7 +220,7 @@ for ($i = 0; $i < $fields_cnt; $i++) {
|
||||
echo "\n";
|
||||
|
||||
$row_table_def = PMA_mysql_fetch_array($table_def);
|
||||
$row_table_def['True_Type'] = preg_replace('@\(.*@', '', $row_table_def['Type']);
|
||||
$row_table_def['True_Type'] = preg_replace('@\(.*@s', '', $row_table_def['Type']);
|
||||
|
||||
$field = $row_table_def['Field'];
|
||||
|
||||
@@ -266,7 +266,7 @@ for ($i = 0; $i < $fields_cnt; $i++) {
|
||||
// The type column
|
||||
$is_binary = stristr($row_table_def['Type'], ' binary');
|
||||
$is_blob = stristr($row_table_def['Type'], 'blob');
|
||||
$is_char = stristr($row_table_def['Type'], 'car');
|
||||
$is_char = stristr($row_table_def['Type'], 'char');
|
||||
switch ($row_table_def['True_Type']) {
|
||||
case 'set':
|
||||
$type = 'set';
|
||||
|
||||
@@ -404,10 +404,10 @@ for ($i = 0 ; $i < $num_fields; $i++) {
|
||||
$content_cells[$i][$ci] .= ' <option value="" title="' . $strNone . '"></option>' . "\n";
|
||||
if (is_array($available_mime['transformation'])) {
|
||||
foreach($available_mime['transformation'] AS $mimekey => $transform) {
|
||||
$checked = (isset($row) && isset($row['Field']) && isset($mime_map[$row['Field']]['transformation']) && ($mime_map[$row['Field']]['transformation'] == $available_mime['transformation_file'][$mimekey]) ? 'selected ' : '');
|
||||
$tooltip = 'strTransformation_' . strtolower(str_replace('.inc.php', '', $available_mime['transformation_file'][$mimekey]));
|
||||
$checked = (isset($row) && isset($row['Field']) && isset($mime_map[$row['Field']]['transformation']) && (preg_match('@' . preg_quote($available_mime['transformation_file'][$mimekey]) . '3?@i', $mime_map[$row['Field']]['transformation'])) ? 'selected ' : '');
|
||||
$tooltip = 'strTransformation_' . strtolower(preg_replace('@(\.inc\.php3?)$@', '', $available_mime['transformation_file'][$mimekey]));
|
||||
$tooltip = isset($$tooltip) ? $$tooltip : sprintf(str_replace('<br />', ' ', $strMIME_nodescription), 'PMA_transformation_' . $tooltip . '()');
|
||||
$content_cells[$i][$ci] .= '<option value="' . $available_mime['transformation_file'][$mimekey] . '" ' . $checked . ' title="' . $tooltip . '">' . htmlspecialchars($transform) . '</option>' . "\n";
|
||||
$content_cells[$i][$ci] .= '<option value="' . $available_mime['transformation_file'][$mimekey] . '" ' . $checked . ' title="' . htmlspecialchars($tooltip) . '">' . htmlspecialchars($transform) . '</option>' . "\n";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ if (isset($nopass)) {
|
||||
|
||||
$err_url = 'user_password.php?' . $common_url_query;
|
||||
|
||||
$sql_query = 'SET password = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . preg_replace('@.@', '*', $pma_pw) . '\')');
|
||||
$sql_query = 'SET password = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . preg_replace('@.@s', '*', $pma_pw) . '\')');
|
||||
$local_query = 'SET password = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($pma_pw) . '\')');
|
||||
$result = @PMA_mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user