From ca7836a684195346ad40cae3f923a9ec02ccecb2 Mon Sep 17 00:00:00 2001 From: Garvin Hicking Date: Tue, 25 Nov 2003 20:30:12 +0000 Subject: [PATCH] Fixed transformation system now accepting '.php3' files and using the '.php' pendants. Make use of 's' RegEx pattern modifier. Fixed small (but impacting) typo. --- ChangeLog | 10 +++++++- db_details_importdocsql.php | 2 +- ldi_check.php | 2 +- libraries/common.lib.php | 4 +-- libraries/display_tbl.lib.php | 18 ++++++------- libraries/transformations.lib.php | 32 +++++++++++++++++++++--- libraries/transformations/global.inc.php | 2 +- libraries/transformations/overview.php | 2 +- sql.php | 2 +- tbl_change.php | 4 +-- tbl_properties.inc.php | 6 ++--- user_password.php | 2 +- 12 files changed, 59 insertions(+), 27 deletions(-) diff --git a/ChangeLog b/ChangeLog index b59bef8ad..a673e6330 100755 --- a/ChangeLog +++ b/ChangeLog @@ -5,7 +5,7 @@ phpMyAdmin - Changelog $Id$ $Source$ -2003-11-24 Garvin Hicking +2003-11-25 Garvin Hicking * db_details_qbe.php, left.php, main.php, pdf_pages.php, server_collations.php, tbl_change.php, tbl_indexes.php, tbl_move_copy.php, tbl_relation.php, tbl_replace.php, libraries/common.lib.php, libraries/db_config.lib.php, @@ -15,7 +15,15 @@ $Source$ Reverted some obfuscated regular expressions to their working eregi-versions to not break stuff. Removed unneccessary reset() calls, replaced some more while(list()) constructs. + * libraries/transformations/overview.php, libraries/transformations/global.inc.php, + libraries/common.lib.php, libraries/display_tbl.lib.php, + libraries/transformations.lib.php3, user_password.php, tbl_change.php, sql.php, + ldi_check.php, tbl_properties.inc.php, db_details_importdocsql.php: + - When stored transformations have '.php3' ending, automagically assume '.php' now. + - Use 's' RegEx Pattern modifier for certain situations where '.' should also include + linebreaks. + 2003-11-24 Alexander M. Turek * lang/german-*.inc.php: Updates. * lang/english-*.inc.php: Sortation. diff --git a/db_details_importdocsql.php b/db_details_importdocsql.php index bc54ad1d2..5d3398690 100644 --- a/db_details_importdocsql.php +++ b/db_details_importdocsql.php @@ -47,7 +47,7 @@ if (isset($cfg['docSQLDir']) && !empty($cfg['docSQLDir'])) { global $GLOBALS; if (preg_match('@^(.*)_field_comment\.(txt|zip|bz2|bzip).*$@i', $filename)) { - $tab = preg_replace('@^(.*)_field_comment\.(txt|zip|bz2|bzip).*@i', '\1', $filename); + $tab = preg_replace('@^(.*)_field_comment\.(txt|zip|bz2|bzip).*@si', '\1', $filename); //echo '

Working on Table ' . $_tab . '

'; if ($content == 'none') { $lines = array(); diff --git a/ldi_check.php b/ldi_check.php index 70d4c5ccc..f63b20501 100644 --- a/ldi_check.php +++ b/ldi_check.php @@ -48,7 +48,7 @@ if (isset($btnLDI) && isset($local_textfile) && $local_textfile != '') { if (substr($cfg['UploadDir'], -1) != '/') { $cfg['UploadDir'] .= '/'; } - $textfile = $DOCUMENT_ROOT . dirname($PHP_SELF) . '/' . preg_replace('@^./@', '', $cfg['UploadDir']) . preg_replace('@\.\.*@', '.', $local_textfile); + $textfile = $DOCUMENT_ROOT . dirname($PHP_SELF) . '/' . preg_replace('@^./@s', '', $cfg['UploadDir']) . preg_replace('@\.\.*@', '.', $local_textfile); if (file_exists($textfile)) { $open_basedir = @ini_get('open_basedir'); diff --git a/libraries/common.lib.php b/libraries/common.lib.php index 9f0c61d9b..4e92edf66 100644 --- a/libraries/common.lib.php +++ b/libraries/common.lib.php @@ -1799,8 +1799,8 @@ h1 {font-family: sans-serif; font-size: large; font-weight: bold} } // end while if (stristr($message, '' . "\n" . '' . "\n"; + $link_or_button .= ' ' . "\n" . '' . "\n"; } else { $link_or_button .= ' ' . "\n" . '' . "\n"; diff --git a/libraries/display_tbl.lib.php b/libraries/display_tbl.lib.php index 20b57868d..d75218361 100644 --- a/libraries/display_tbl.lib.php +++ b/libraries/display_tbl.lib.php @@ -460,22 +460,22 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) { // Defines the url used to append/modify a sorting order // Nijel: This was originally done inside loop below, but I see // no reason to do this for each column. - if (preg_match('@(.*)([[:space:]]ORDER[[:space:]]*BY[[:space:]](.*))@i', $sql_query, $regs1)) { - if (preg_match('@((.*)([[:space:]]ASC|[[:space:]]DESC)([[:space:]]|$))(.*)@i', $regs1[2], $regs2)) { + if (preg_match('@(.*)([[:space:]]ORDER[[:space:]]*BY[[:space:]](.*))@si', $sql_query, $regs1)) { + if (preg_match('@((.*)([[:space:]]ASC|[[:space:]]DESC)([[:space:]]|$))(.*)@si', $regs1[2], $regs2)) { $unsorted_sql_query = trim($regs1[1] . ' ' . $regs2[5]); $sql_order = trim($regs2[1]); - preg_match('@(ORDER[[:space:]]*BY[[:space:]]*)(.*)([[:space:]]*ASC|[[:space:]]*DESC)@i',$sql_order,$after_order); + preg_match('@(ORDER[[:space:]]*BY[[:space:]]*)(.*)([[:space:]]*ASC|[[:space:]]*DESC)@si',$sql_order,$after_order); $sort_expression = trim($after_order[2]); } - else if (preg_match('@((.*))[[:space:]]+(LIMIT (.*)|PROCEDURE (.*)|FOR UPDATE|LOCK IN SHARE MODE)@i', $regs1[2], $regs3)) { + else if (preg_match('@((.*))[[:space:]]+(LIMIT (.*)|PROCEDURE (.*)|FOR UPDATE|LOCK IN SHARE MODE)@si', $regs1[2], $regs3)) { $unsorted_sql_query = trim($regs1[1] . ' ' . $regs3[3]); $sql_order = trim($regs3[1]) . ' ASC'; - preg_match('@(ORDER[[:space:]]*BY[[:space:]]*)(.*)([[:space:]]*ASC|[[:space:]]*DESC)@i',$sql_order,$after_order); + preg_match('@(ORDER[[:space:]]*BY[[:space:]]*)(.*)([[:space:]]*ASC|[[:space:]]*DESC)@si',$sql_order,$after_order); $sort_expression = trim($after_order[2]); } else { $unsorted_sql_query = trim($regs1[1]); $sql_order = trim($regs1[2]) . ' ASC'; - preg_match('@(ORDER[[:space:]]*BY[[:space:]]*)(.*)([[:space:]]*ASC|[[:space:]]*DESC)@i',$sql_order,$after_order); + preg_match('@(ORDER[[:space:]]*BY[[:space:]]*)(.*)([[:space:]]*ASC|[[:space:]]*DESC)@si',$sql_order,$after_order); $sort_expression = trim($after_order[2]); } } else { @@ -1237,10 +1237,10 @@ if (!defined('PMA_DISPLAY_TBL_LIB_INCLUDED')) { if ($GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) { if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) && isset($GLOBALS['mime_map'][$meta->name]['transformation']) && !empty($GLOBALS['mime_map'][$meta->name]['transformation'])) { - // garvin: for security, never allow to break out from transformations directory - $include_file = preg_replace('@\.\.*@', '.', $GLOBALS['mime_map'][$meta->name]['transformation']); + $include_file = PMA_sanitizeTransformationFile($GLOBALS['mime_map'][$meta->name]['transformation']); + if (file_exists('./libraries/transformations/' . $include_file)) { - $transformfunction_name = str_replace('.inc.php', '', $GLOBALS['mime_map'][$meta->name]['transformation']); + $transformfunction_name = preg_replace('@(\.inc\.php3?)$@i', '', $GLOBALS['mime_map'][$meta->name]['transformation']); include('./libraries/transformations/' . $include_file); diff --git a/libraries/transformations.lib.php b/libraries/transformations.lib.php index b3d7de65b..a42392531 100644 --- a/libraries/transformations.lib.php +++ b/libraries/transformations.lib.php @@ -49,9 +49,9 @@ if (!defined('PMA_TRANSFORMATION_LIB_INCLUDED')){ @ksort($filestack); foreach($filestack AS $key => $file) { - if (preg_match('|^.*__.*\.inc\.php$|', trim($file))) { + if (preg_match('|^.*__.*\.inc\.php(3?)$|', trim($file), $match)) { // File contains transformation functions. - $base = explode('__', str_replace('.inc.php', '', $file)); + $base = explode('__', str_replace('.inc.php' . $match[1], '', $file)); $mimetype = str_replace('_', '/', $base[0]); $stack['mimetype'][$mimetype] = $mimetype; @@ -59,9 +59,9 @@ if (!defined('PMA_TRANSFORMATION_LIB_INCLUDED')){ $stack['transformation'][] = $mimetype . ': ' . $base[1]; $stack['transformation_file'][] = $file; - } else if (preg_match('|^.*\.inc\.php$|', trim($file))) { + } else if (preg_match('|^.*\.inc\.php(3?)$|', trim($file), $match)) { // File is a plain mimetype, no functions. - $base = str_replace('.inc.php', '', $file); + $base = str_replace('.inc.php' . $match[1], '', $file); if ($base != 'global') { $mimetype = str_replace('_', '/', $base); @@ -177,5 +177,29 @@ if (!defined('PMA_TRANSFORMATION_LIB_INCLUDED')){ return false; } } // end of 'PMA_setMIME()' function + + /** + * Returns the real filename of a configured transformation + * + * @param string the current filename + * + * @return string the new filename + * + * @access public + */ + function PMA_sanitizeTransformationFile(&$filename) { + // garvin: for security, never allow to break out from transformations directory + + $include_file = preg_replace('@\.\.*@', '.', $filename); + + // This value can also contain a 'php3' value, in which case we map this filename to our new 'php' variant + $testfile = preg_replace('@\.inc\.php3$@', '.inc.php', $include_file); + if ($include_file{strlen($include_file)-1} == '3' && file_exists('./libraries/transformations/' . $testfile)) { + $include_file = $testfile; + $filename = $testfile; // Corrects the referenced variable for further actions on the filename; + } + + return $include_file; + } // end of 'PMA_sanitizeTransformationFile()' function } // $__PMA_TRANSFORMATION_LIB__ ?> \ No newline at end of file diff --git a/libraries/transformations/global.inc.php b/libraries/transformations/global.inc.php index ad2b66b30..ddd226779 100644 --- a/libraries/transformations/global.inc.php +++ b/libraries/transformations/global.inc.php @@ -40,7 +40,7 @@ if (!defined('PMA_TRANSFORMATION_LIB_GLOBAL')){ } if (isset($options['regex']) && isset($options['regex_replace'])) { - $buffer = preg_replace('@' . str_replace('@', '\@', $options['regex']) . '@i', $options['regex_replace'], $buffer); + $buffer = preg_replace('@' . str_replace('@', '\@', $options['regex']) . '@si', $options['regex_replace'], $buffer); } // Replace occurences of [__BUFFER__] with actual text diff --git a/libraries/transformations/overview.php b/libraries/transformations/overview.php index 206f50aac..323a70866 100644 --- a/libraries/transformations/overview.php +++ b/libraries/transformations/overview.php @@ -62,7 +62,7 @@ foreach($types['mimetype'] AS $key => $mimetype) { $i = 0; foreach($types['transformation'] AS $key => $transform) { $i++; - $func = strtolower(str_replace('.inc.php', '', $types['transformation_file'][$key])); + $func = strtolower(preg_replace('@(\.inc\.php3?)$@i', '', $types['transformation_file'][$key])); $desc = 'strTransformation_' . $func; ?> diff --git a/sql.php b/sql.php index 25de6afc9..f7d1d80b2 100644 --- a/sql.php +++ b/sql.php @@ -14,7 +14,7 @@ require('./libraries/common.lib.php'); */ // Security checkings if (!empty($goto)) { - $is_gotofile = preg_replace('@^([^?]+).*$@', '\\1', $goto); + $is_gotofile = preg_replace('@^([^?]+).*$@s', '\\1', $goto); if (!@file_exists('./' . $is_gotofile)) { unset($goto); } else { diff --git a/tbl_change.php b/tbl_change.php index c1e063489..52b24f120 100644 --- a/tbl_change.php +++ b/tbl_change.php @@ -220,7 +220,7 @@ for ($i = 0; $i < $fields_cnt; $i++) { echo "\n"; $row_table_def = PMA_mysql_fetch_array($table_def); - $row_table_def['True_Type'] = preg_replace('@\(.*@', '', $row_table_def['Type']); + $row_table_def['True_Type'] = preg_replace('@\(.*@s', '', $row_table_def['Type']); $field = $row_table_def['Field']; @@ -266,7 +266,7 @@ for ($i = 0; $i < $fields_cnt; $i++) { // The type column $is_binary = stristr($row_table_def['Type'], ' binary'); $is_blob = stristr($row_table_def['Type'], 'blob'); - $is_char = stristr($row_table_def['Type'], 'car'); + $is_char = stristr($row_table_def['Type'], 'char'); switch ($row_table_def['True_Type']) { case 'set': $type = 'set'; diff --git a/tbl_properties.inc.php b/tbl_properties.inc.php index 6931ecc51..5b56193e2 100644 --- a/tbl_properties.inc.php +++ b/tbl_properties.inc.php @@ -404,10 +404,10 @@ for ($i = 0 ; $i < $num_fields; $i++) { $content_cells[$i][$ci] .= ' ' . "\n"; if (is_array($available_mime['transformation'])) { foreach($available_mime['transformation'] AS $mimekey => $transform) { - $checked = (isset($row) && isset($row['Field']) && isset($mime_map[$row['Field']]['transformation']) && ($mime_map[$row['Field']]['transformation'] == $available_mime['transformation_file'][$mimekey]) ? 'selected ' : ''); - $tooltip = 'strTransformation_' . strtolower(str_replace('.inc.php', '', $available_mime['transformation_file'][$mimekey])); + $checked = (isset($row) && isset($row['Field']) && isset($mime_map[$row['Field']]['transformation']) && (preg_match('@' . preg_quote($available_mime['transformation_file'][$mimekey]) . '3?@i', $mime_map[$row['Field']]['transformation'])) ? 'selected ' : ''); + $tooltip = 'strTransformation_' . strtolower(preg_replace('@(\.inc\.php3?)$@', '', $available_mime['transformation_file'][$mimekey])); $tooltip = isset($$tooltip) ? $$tooltip : sprintf(str_replace('
', ' ', $strMIME_nodescription), 'PMA_transformation_' . $tooltip . '()'); - $content_cells[$i][$ci] .= '' . "\n"; + $content_cells[$i][$ci] .= '' . "\n"; } } diff --git a/user_password.php b/user_password.php index cb6950673..eff3c7a9c 100644 --- a/user_password.php +++ b/user_password.php @@ -49,7 +49,7 @@ if (isset($nopass)) { $err_url = 'user_password.php?' . $common_url_query; - $sql_query = 'SET password = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . preg_replace('@.@', '*', $pma_pw) . '\')'); + $sql_query = 'SET password = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . preg_replace('@.@s', '*', $pma_pw) . '\')'); $local_query = 'SET password = ' . (($pma_pw == '') ? '\'\'' : 'PASSWORD(\'' . PMA_sqlAddslashes($pma_pw) . '\')'); $result = @PMA_mysql_query($local_query) or PMA_mysqlDie('', '', FALSE, $err_url);