Improved regexp to "fix" an error reported by "Max" in the "Open Discussion" forum

ChangeLog

@@ -6,6 +6,9 @@ $Id$
 $Source$
 
 2002-04-20 Lo<4C>c Chapeaux  <lolo@phpheaven.net>
+	* sql.php3; libraries/functions.js: improved regexp used to find some
+	  statements in order to "fix" an error reported by
+	  Max <max at softportal.com> in the "Open Discussion" forum.
 	* lang/latvian.inc.php3: updated thanks to Sandis J<>rics.
 
 2002-04-20 Alexander M. Turek  <rabus@users.sourceforge.net>

libraries/functions.js

@@ -54,8 +54,8 @@ function confirmQuery(theForm1, sqlQuery1)
     // js1.2+ -> validation with regular expressions
     else {
         // "DROP DATABASE" statement isn't allowed
-        if (noDropDbMsg) {
+        if (noDropDbMsg != '') {
-            var drop_re = new RegExp('DROP\\s+(IF EXISTS\\s+)?DATABASE', 'i');
+            var drop_re = new RegExp('DROP\\s+(IF EXISTS\\s+)?DATABASE\\s', 'i');
             if (drop_re.test(sqlQuery1.value)) {
                 alert(noDropDbMsg);
                 theForm1.reset();
@@ -65,9 +65,9 @@ function confirmQuery(theForm1, sqlQuery1)
         } // end if
 
         // Confirms a "DROP/DELETE/ALTER" statement
-        var do_confirm_re_0 = new RegExp('DROP\\s+(IF EXISTS\\s+)?(TABLE|DATABASE)', 'i');
+        var do_confirm_re_0 = new RegExp('DROP\\s+(IF EXISTS\\s+)?(TABLE|DATABASE)\\s', 'i');
-        var do_confirm_re_1 = new RegExp('ALTER TABLE\\s+((`[^`]+`)|([A-Za-z0-9_$]+))\\s+DROP', 'i');
+        var do_confirm_re_1 = new RegExp('ALTER\\s+TABLE\\s+((`[^`]+`)|([A-Za-z0-9_$]+))\\s+DROP\\s', 'i');
-        var do_confirm_re_2 = new RegExp('DELETE FROM', 'i');
+        var do_confirm_re_2 = new RegExp('DELETE\\s+FROM\\s', 'i');
         if (do_confirm_re_0.test(sqlQuery1.value)
             || do_confirm_re_1.test(sqlQuery1.value)
             || do_confirm_re_2.test(sqlQuery1.value)) {

sql.php3

@@ -33,7 +33,7 @@ if (!isset($err_url)) {
  */
 if (!defined('PMA_CHK_DROP')
     && !$cfgAllowUserDropDatabase
-    && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) {
+    && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE[[:space:]]', $sql_query)) {
     // Checks if the user is a Superuser
     // TODO: set a global variable with this information
     // loic1: optimized query
@@ -134,7 +134,7 @@ if (!$cfgConfirm
     || isset($btnDrop)) {
     $do_confirm = FALSE;
 } else {
-    $do_confirm = (eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)|ALTER TABLE[[:space:]]+((`[^`]+`)|([A-Za-z0-9_$]+))[[:space:]]+DROP|DELETE FROM', $sql_query));
+    $do_confirm = (eregi('DROP[[:space:]]+(IF[[:space:]]+EXISTS[[:space:]]+)?(TABLE|DATABASE[[:space:]])|ALTER[[:space:]]+TABLE[[:space:]]+((`[^`]+`)|([A-Za-z0-9_$]+))[[:space:]]+DROP[[:space:]]|DELETE[[:space:]]+FROM[[:space:]]', $sql_query));
 }
 
 if ($do_confirm) {
@@ -198,13 +198,13 @@ else {
     $is_explain = $is_count = $is_export = $is_delete = $is_insert = $is_affected = $is_show = $is_maint = FALSE;
     if ($is_select) { // see line 76
         $is_count    = (eregi('^SELECT[[:space:]]+COUNT\((.*\.+)?.*\)', $sql_query));
-        $is_export   = (eregi('[[:space:]]+INTO OUTFILE[[:space:]]+', $sql_query));
+        $is_export   = (eregi('[[:space:]]+INTO[[:space:]]+OUTFILE[[:space:]]+', $sql_query));
     } else if (eregi('^EXPLAIN[[:space:]]+', $sql_query)) {
         $is_explain  = TRUE;
     } else if (eregi('^DELETE[[:space:]]+', $sql_query)) {
         $is_delete   = TRUE;
         $is_affected = TRUE;
-    } else if (eregi('^(INSERT|LOAD DATA|REPLACE)[[:space:]]+', $sql_query)) {
+    } else if (eregi('^(INSERT|LOAD[[:space:]]+DATA|REPLACE)[[:space:]]+', $sql_query)) {
         $is_insert   = TRUE;
         $is_affected = TRUE;
     } else if (eregi('^UPDATE[[:space:]]+', $sql_query)) {
@@ -224,7 +224,7 @@ else {
         && !eregi('[[:space:]]LIMIT[[:space:]0-9,]+$', $sql_query)) {
 
         $sql_limit_to_append = " LIMIT $pos, $cfgMaxRows";
-        if (eregi('(.*)([[:space:]](PROCEDURE[[:space:]](.*)|FOR UPDATE|LOCK IN SHARE MODE))$', $sql_query, $regs)) {
+        if (eregi('(.*)([[:space:]](PROCEDURE[[:space:]](.*)|FOR[[:space:]]+UPDATE|LOCK[[:space:]]+IN[[:space:]]+SHARE[[:space:]]+MODE))$', $sql_query, $regs)) {
             $full_sql_query  = $regs[1] . $sql_limit_to_append . $regs[2];
         } else {
             $full_sql_query  = $sql_query . $sql_limit_to_append;