diff --git a/ChangeLog b/ChangeLog index eeb2eec2d..646e4623f 100755 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ $Id$ $Source$ 2002-04-20 Loļc Chapeaux + * sql.php3; libraries/functions.js: improved regexp used to find some + statements in order to "fix" an error reported by + Max in the "Open Discussion" forum. * lang/latvian.inc.php3: updated thanks to Sandis Jērics. 2002-04-20 Alexander M. Turek diff --git a/libraries/functions.js b/libraries/functions.js index 018eb507a..e41df0f13 100644 --- a/libraries/functions.js +++ b/libraries/functions.js @@ -54,8 +54,8 @@ function confirmQuery(theForm1, sqlQuery1) // js1.2+ -> validation with regular expressions else { // "DROP DATABASE" statement isn't allowed - if (noDropDbMsg) { - var drop_re = new RegExp('DROP\\s+(IF EXISTS\\s+)?DATABASE', 'i'); + if (noDropDbMsg != '') { + var drop_re = new RegExp('DROP\\s+(IF EXISTS\\s+)?DATABASE\\s', 'i'); if (drop_re.test(sqlQuery1.value)) { alert(noDropDbMsg); theForm1.reset(); @@ -65,9 +65,9 @@ function confirmQuery(theForm1, sqlQuery1) } // end if // Confirms a "DROP/DELETE/ALTER" statement - var do_confirm_re_0 = new RegExp('DROP\\s+(IF EXISTS\\s+)?(TABLE|DATABASE)', 'i'); - var do_confirm_re_1 = new RegExp('ALTER TABLE\\s+((`[^`]+`)|([A-Za-z0-9_$]+))\\s+DROP', 'i'); - var do_confirm_re_2 = new RegExp('DELETE FROM', 'i'); + var do_confirm_re_0 = new RegExp('DROP\\s+(IF EXISTS\\s+)?(TABLE|DATABASE)\\s', 'i'); + var do_confirm_re_1 = new RegExp('ALTER\\s+TABLE\\s+((`[^`]+`)|([A-Za-z0-9_$]+))\\s+DROP\\s', 'i'); + var do_confirm_re_2 = new RegExp('DELETE\\s+FROM\\s', 'i'); if (do_confirm_re_0.test(sqlQuery1.value) || do_confirm_re_1.test(sqlQuery1.value) || do_confirm_re_2.test(sqlQuery1.value)) { diff --git a/sql.php3 b/sql.php3 index cfe00e42b..754e81e14 100755 --- a/sql.php3 +++ b/sql.php3 @@ -33,7 +33,7 @@ if (!isset($err_url)) { */ if (!defined('PMA_CHK_DROP') && !$cfgAllowUserDropDatabase - && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) { + && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE[[:space:]]', $sql_query)) { // Checks if the user is a Superuser // TODO: set a global variable with this information // loic1: optimized query @@ -134,7 +134,7 @@ if (!$cfgConfirm || isset($btnDrop)) { $do_confirm = FALSE; } else { - $do_confirm = (eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)|ALTER TABLE[[:space:]]+((`[^`]+`)|([A-Za-z0-9_$]+))[[:space:]]+DROP|DELETE FROM', $sql_query)); + $do_confirm = (eregi('DROP[[:space:]]+(IF[[:space:]]+EXISTS[[:space:]]+)?(TABLE|DATABASE[[:space:]])|ALTER[[:space:]]+TABLE[[:space:]]+((`[^`]+`)|([A-Za-z0-9_$]+))[[:space:]]+DROP[[:space:]]|DELETE[[:space:]]+FROM[[:space:]]', $sql_query)); } if ($do_confirm) { @@ -198,13 +198,13 @@ else { $is_explain = $is_count = $is_export = $is_delete = $is_insert = $is_affected = $is_show = $is_maint = FALSE; if ($is_select) { // see line 76 $is_count = (eregi('^SELECT[[:space:]]+COUNT\((.*\.+)?.*\)', $sql_query)); - $is_export = (eregi('[[:space:]]+INTO OUTFILE[[:space:]]+', $sql_query)); + $is_export = (eregi('[[:space:]]+INTO[[:space:]]+OUTFILE[[:space:]]+', $sql_query)); } else if (eregi('^EXPLAIN[[:space:]]+', $sql_query)) { $is_explain = TRUE; } else if (eregi('^DELETE[[:space:]]+', $sql_query)) { $is_delete = TRUE; $is_affected = TRUE; - } else if (eregi('^(INSERT|LOAD DATA|REPLACE)[[:space:]]+', $sql_query)) { + } else if (eregi('^(INSERT|LOAD[[:space:]]+DATA|REPLACE)[[:space:]]+', $sql_query)) { $is_insert = TRUE; $is_affected = TRUE; } else if (eregi('^UPDATE[[:space:]]+', $sql_query)) { @@ -224,7 +224,7 @@ else { && !eregi('[[:space:]]LIMIT[[:space:]0-9,]+$', $sql_query)) { $sql_limit_to_append = " LIMIT $pos, $cfgMaxRows"; - if (eregi('(.*)([[:space:]](PROCEDURE[[:space:]](.*)|FOR UPDATE|LOCK IN SHARE MODE))$', $sql_query, $regs)) { + if (eregi('(.*)([[:space:]](PROCEDURE[[:space:]](.*)|FOR[[:space:]]+UPDATE|LOCK[[:space:]]+IN[[:space:]]+SHARE[[:space:]]+MODE))$', $sql_query, $regs)) { $full_sql_query = $regs[1] . $sql_limit_to_append . $regs[2]; } else { $full_sql_query = $sql_query . $sql_limit_to_append;