nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* added some js stuff to checks for "DROP/DELETE/ALTER" statements

Browse Source 
* all js libraries are now loaded in the header part of the xhtml generated pages
This commit is contained in:
Loïc Chapeaux
2001-08-31 15:36:24 +00:00
parent 43caa593e2
commit e04d3c81f3
6 changed files with 144 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
db_details.php3
View File

@@ -7,6 +7,7 @@
*/ */
require('./grab_globals.inc.php3'); require('./grab_globals.inc.php3');
if (!isset($message)) { if (!isset($message)) {
$js_to_run = 'functions.js';
include('./header.inc.php3'); include('./header.inc.php3');
// Reloads the navigation frame via JavaScript if required // Reloads the navigation frame via JavaScript if required
if (!empty($reload) && $reload == 'true') { if (!empty($reload) && $reload == 'true') {
@@ -325,15 +326,6 @@ if (isset($show_query) && $show_query == 'y') {
} }
?> ?>
<!-- DATABASE WORK --> <!-- DATABASE WORK -->
<script type="text/javascript" language="javascript">
<!--
var errorMsg0 = '<?php echo(str_replace('\'', '\\\'', $strFormEmpty)); ?>';
var errorMsg1 = '<?php echo(str_replace('\'', '\\\'', $strNotNumber)); ?>';
var errorMsg2 = '<?php echo(str_replace('\'', '\\\'', $strNotValidNumber)); ?>';
//-->
</script>
<script src="functions.js" type="text/javascript" language="javascript"></script>
<ul> <ul>
<?php <?php
if ($num_tables > 0) { if ($num_tables > 0) {
@@ -349,7 +341,8 @@ if ($num_tables > 0) {
<!-- Query box, sql file loader and bookmark support --> <!-- Query box, sql file loader and bookmark support -->
<li> <li>
<form method="post" action="db_readdump.php3" enctype="multipart/form-data" <form method="post" action="db_readdump.php3" enctype="multipart/form-data"
onsubmit="return emptySqlQuery(this)"> onsubmit="return checkSqlQuery(this)">
<input type="hidden" name="is_js_confirmed" value="0" />
<input type="hidden" name="server" value="<?php echo $server; ?>" /> <input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" /> <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="pos" value="0" /> <input type="hidden" name="pos" value="0" />
@@ -525,7 +518,7 @@ if ($num_tables > 0) {
<!-- Create a new table --> <!-- Create a new table -->
<li> <li>
<form method="post" action="tbl_create.php3" <form method="post" action="tbl_create.php3"
onsubmit="return (emptyFormElements(this, 'table') && checkFormElementInRange(this, 'num_fields', 1, 1000))"> onsubmit="return (emptyFormElements(this, 'table') && checkFormElementInRange(this, 'num_fields', 1))">
<input type="hidden" name="server" value="<?php echo $server; ?>" /> <input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" /> <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" /> <input type="hidden" name="db" value="<?php echo $db; ?>" />

102
functions.js
View File

@@ -1,38 +1,106 @@
/* $Id$ */ /* $Id$ */
/**
* Displays an error message if a "DROP DATABASE" statement is submitted
* while it isn't allowed, else confirms a "DROP/DELETE/ALTER" query before
* sumitting it if required.
* This function is called by the 'checkSqlQuery()' js function.
*
* @param object the form
* @param object the sql query textarea
*
* @return boolean whether to run the query or not
*
* @see checkSqlQuery()
*/
function confirmQuery(theForm1, sqlQuery1)
{
// The replace function (js1.2) isn't supported
if (typeof(sqlQuery1.value.replace) == 'undefined') {
return true;
}
// js1.2+ -> validation with regular expressions
else {
// "DROP DATABASE" statement isn't allowed
if (noDropDbMsg) {
var drop_re = new RegExp('DROP\\s+(IF EXISTS\\s+)?DATABASE', 'i');
if (drop_re.test(sqlQuery1.value)) {
alert(noDropDbMsg);
theForm1.reset();
sqlQuery1.focus();
return false;
} // end if
} // end if
// Confirms a "DROP/DELETE/ALTER" statement
var do_confirm_re_0 = new RegExp('DROP\\s+(IF EXISTS\\s+)?(TABLE|DATABASE)', 'i');
var do_confirm_re_1 = new RegExp('ALTER TABLE\\s+((`[^`]+`)|([A-Za-z0-9_$]+))\\s+DROP', 'i');
var do_confirm_re_2 = new RegExp('DELETE FROM', 'i');
if (do_confirm_re_0.test(sqlQuery1.value)
|| do_confirm_re_1.test(sqlQuery1.value)
|| do_confirm_re_2.test(sqlQuery1.value)) {
var is_confirmed = confirm(confirmMsg + ' :\n' + sqlQuery1.value);
// drop/delete/alter statement is confirmed -> update the
// "is_js_confirmed" form field so the confirm test won't be
// run on the server side and allows to submit the form
if (is_confirmed) {
theForm1.elements['is_js_confirmed'].value = 1;
return true;
}
// "DROP/DELETE/ALTER" statement is rejected -> do not submit
// the form
else {
window.focus();
sqlQuery1.focus();
return false;
} // end if (handle confirm box result)
} // end if (display confirm box)
} // end confirmation stuff
return true;
} // end of the 'confirmQuery()' function
/** /**
* Displays an error message if the user submitted the sql query form with no * Displays an error message if the user submitted the sql query form with no
* sql query * sql query else checks for "DROP/DELETE/ALTER" statements
* *
* @param object the form * @param object the form
* *
* @return boolean always false * @return boolean always false
*
* @see confirmQuery()
*/ */
function emptySqlQuery(theForm) function checkSqlQuery(theForm)
{ {
var sqlQuery1 = theForm.elements['sql_query']; var sqlQuery = theForm.elements['sql_query'];
var isRegExp = (typeof(sqlQuery1.value.replace) != 'undefined');
// The replace function (js1.2) isn't supported -> basic tests // The replace function (js1.2) isn't supported -> basic tests
if (!isRegExp) { if (typeof(sqlQuery.value.replace) == 'undefined') {
var isEmpty = (sqlQuery1.value == '') ? 1 : 0; var isEmpty = (sqlQuery.value == '') ? 1 : 0;
if (isEmpty && typeof(theForm.elements['sql_file']) != 'undefined') { if (isEmpty && typeof(theForm.elements['sql_file']) != 'undefined') {
isEmpty = (theForm.elements['sql_file'].value == '') ? 1 : 0; isEmpty = (theForm.elements['sql_file'].value == '') ? 1 : 0;
} }
if (isEmpty && typeof(theForm.elements['id_bookmark']) != 'undefined') { if (isEmpty && typeof(theForm.elements['id_bookmark']) != 'undefined') {
isEmpty = (theForm.elements['id_bookmark'].value == '') ? 1 : 0; isEmpty = (theForm.elements['id_bookmark'].value == null || theForm.elements['id_bookmark'].value == '');
} }
} }
// js1.2+ -> validation with regular expressions // js1.2+ -> validation with regular expressions
else { else {
var space_re = new RegExp('\\s+'); var space_re = new RegExp('\\s+');
var isEmpty = (sqlQuery1.value.replace(space_re, '') == '') ? 1 : 0; var isEmpty = (sqlQuery.value.replace(space_re, '') == '') ? 1 : 0;
// Checks for "DROP/DELETE/ALTER" statements
if (!isEmpty && !confirmQuery(theForm, sqlQuery)) {
return false;
}
if (isEmpty && typeof(theForm.elements['sql_file']) != 'undefined') { if (isEmpty && typeof(theForm.elements['sql_file']) != 'undefined') {
isEmpty = (theForm.elements['sql_file'].value.replace(space_re, '') == '') ? 1 : 0; isEmpty = (theForm.elements['sql_file'].value.replace(space_re, '') == '') ? 1 : 0;
} }
if (isEmpty && typeof(theForm.elements['id_bookmark']) != 'undefined') { if (isEmpty && typeof(theForm.elements['id_bookmark']) != 'undefined') {
isEmpty = (theForm.elements['id_bookmark'].value == '') ? 1 : 0; isEmpty = (theForm.elements['id_bookmark'].value == null || theForm.elements['id_bookmark'].value == '');
isEmpty = (theForm.elements['id_bookmark'].selectedIndex == 0);
} }
if (isEmpty) { if (isEmpty) {
theForm.reset(); theForm.reset();
@@ -40,14 +108,14 @@ function emptySqlQuery(theForm)
} }
if (isEmpty) { if (isEmpty) {
sqlQuery1.select(); sqlQuery.select();
alert(errorMsg0); alert(errorMsg0);
sqlQuery1.focus(); sqlQuery.focus();
return false; return false;
} }
return true; return true;
} // end of the 'emptySqlQuery()' function } // end of the 'checkSqlQuery()' function
/** /**
@@ -97,7 +165,13 @@ function checkFormElementInRange(theForm, theFieldName, min, max)
{ {
var theField = theForm.elements[theFieldName]; var theField = theForm.elements[theFieldName];
var val = parseInt(theField.value); var val = parseInt(theField.value);
var isRange = (typeof(min) != 'undefined' && typeof(max) != 'undefined');
if (typeof(min) == 'undefined') {
min = 0;
}
if (typeof(max) == 'undefined') {
max = Number.MAX_VALUE;
}
// It's not a number // It's not a number
if (isNaN(val)) { if (isNaN(val)) {
@@ -107,7 +181,7 @@ function checkFormElementInRange(theForm, theFieldName, min, max)
return false; return false;
} }
// It's a number but it is not between min and max // It's a number but it is not between min and max
else if (isRange && (val < min || val > max)) { else if (val < min || val > max) {
theField.select(); theField.select();
alert(val + errorMsg2); alert(val + errorMsg2);
theField.focus(); theField.focus();

20
header.inc.php3
View File

@@ -54,6 +54,26 @@ A:hover.nav {font-family: <?php echo $right_font_family; ?>; color: #FF0000}
.nav {font-family: <?php echo $right_font_family; ?>; color: #000000} .nav {font-family: <?php echo $right_font_family; ?>; color: #000000}
//--> //-->
</style> </style>
<?php
// Add some javascript instructions if required
if (isset($js_to_run) && $js_to_run == 'functions.js') {
echo "\n";
?>
<!-- js form validation stuff -->
<script type="text/javascript" language="javascript">
<!--
var errorMsg0 = '<?php echo str_replace('\'', '\\\'', $strFormEmpty); ?>';
var errorMsg1 = '<?php echo str_replace('\'', '\\\'', $strNotNumber); ?>';
var errorMsg2 = '<?php echo str_replace('\'', '\\\'', $strNotValidNumber); ?>';
var noDropDbMsg = '<?php echo((!$cfgAllowUserDropDatabase) ? str_replace('\'', '\\\'', $strNoDropDatabases) : ''); ?>';
var confirmMsg = '<?php echo str_replace('\'', '\\\'', $strDoYouReally); ?>';
//-->
</script>
<script src="functions.js" type="text/javascript" language="javascript"></script>
<?php
}
echo "\n";
?>
</head> </head>
<body bgcolor="#F5F5F5" text="#000000" background="images/bkg.gif"> <body bgcolor="#F5F5F5" text="#000000" background="images/bkg.gif">

20
lib.inc.php3
View File

@@ -172,7 +172,7 @@ if (!defined('__LIB_INC__')){
echo '</p>' . "\n"; echo '</p>' . "\n";
if ($is_back_link) { if ($is_back_link) {
$hist = (isset($GLOBALS['btnDrop'])) ? -2 : -1; $hist = (isset($GLOBALS['btnDrop'])) ? -2 : -1;
echo '<a href="javascript:window.history.go(' . $hist . ')">' . $GLOBALS['strBack'] . '</a>'; echo '<a href="#" onclick="window.history.go(' . $hist . '); return false">' . $GLOBALS['strBack'] . '</a>';
} }
echo "\n"; echo "\n";
@@ -786,7 +786,7 @@ window.parent.frames['nav'].location.replace('<?php echo $reload_url; ?>');
</td> </td>
<td> <td>
<form action="sql.php3" method="post" <form action="sql.php3" method="post"
onsubmit="return (checkFormElementInRange(this, 'pos', 0, <?php echo $SelectNumRows-1; ?>) && checkFormElementInRange(this, 'sessionMaxRows'))"> onsubmit="return (checkFormElementInRange(this, 'sessionMaxRows', 1) && checkFormElementInRange(this, 'pos', 0, <?php echo $SelectNumRows-1; ?>))">
<input type="hidden" name="lang" value="<?php echo $lang; ?>" /> <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="server" value="<?php echo $server; ?>" /> <input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" /> <input type="hidden" name="db" value="<?php echo $db; ?>" />
@@ -924,20 +924,6 @@ window.parent.frames['nav'].location.replace('<?php echo $reload_url; ?>');
$GLOBALS['sessionMaxRows'] = $GLOBALS['cfgMaxRows']; $GLOBALS['sessionMaxRows'] = $GLOBALS['cfgMaxRows'];
} }
// Loads a javascript library that does quick validations
?>
<script type="text/javascript" language="javascript">
<!--
var errorMsg1 = '<?php echo(str_replace('\'', '\\\'', $GLOBALS['strNotNumber'])); ?>';
var errorMsg2 = '<?php echo(str_replace('\'', '\\\'', $GLOBALS['strNotValidNumber'])); ?>';
//-->
</script>
<script src="functions.js" type="text/javascript" language="javascript"></script>
<?php
echo "\n";
// Counts the number of rows in the table if required // Counts the number of rows in the table if required
if (isset($SelectNumRows) && $SelectNumRows != '') { if (isset($SelectNumRows) && $SelectNumRows != '') {
$total = $SelectNumRows; $total = $SelectNumRows;
@@ -980,7 +966,7 @@ var errorMsg2 = '<?php echo(str_replace('\'', '\\\'', $GLOBALS['strNotValidNumbe
$table = $field->table; $table = $field->table;
} }
mysql_field_seek($dt_result, 0); mysql_field_seek($dt_result, 0);
if (!$is_simple if (!$is_simple
&& (!isset($SelectNumRows) || $SelectNumRows > 1)) { && (!isset($SelectNumRows) || $SelectNumRows > 1)) {
show_table_navigation($pos_next, $pos_prev, $dt_result); show_table_navigation($pos_next, $pos_prev, $dt_result);
} else { } else {

33
sql.php3
View File

@@ -10,8 +10,12 @@ require('./lib.inc.php3');
/** /**
* Check rights in case of DROP DATABASE * Check rights in case of DROP DATABASE
*/ *
* This test may be bypassed if $is_js_confirmed = 1 (already checked with js)
* but since a malicious user may pass this variable by url/form, we don't take
* into account this case.
*/
if (!defined('PMA_CHK_DROP') if (!defined('PMA_CHK_DROP')
&& !$cfgAllowUserDropDatabase && !$cfgAllowUserDropDatabase
&& eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) { && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) {
@@ -85,10 +89,19 @@ if (isset($btnDrop) && $btnDrop == $strNo) {
/** /**
* Displays the confirm page if required * Displays the confirm page if required
*
* This part of the script is bypassed if $is_js_confirmed = 1 (already checked
* with js) because possible security issue is not so important here: at most,
* the confirm message isn't displayed.
*/ */
$do_confirm = ($cfgConfirm if (!$cfgConfirm
&& !isset($btnDrop) || (isset($is_js_confirmed) && $is_js_confirmed)
&& eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)|ALTER TABLE +[[:alnum:]_`]* +DROP|DELETE FROM', $sql_query)); || isset($btnDrop)) {
$do_confirm = FALSE;
} else {
$do_confirm = (eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)|ALTER TABLE +((`[^`]+`)|([A-Za-z0-9_$]+)) +DROP|DELETE FROM', $sql_query));
}
if ($do_confirm) { if ($do_confirm) {
if (get_magic_quotes_gpc()) { if (get_magic_quotes_gpc()) {
$stripped_sql_query = stripslashes($sql_query); $stripped_sql_query = stripslashes($sql_query);
@@ -240,12 +253,15 @@ else {
$message = $strEmptyResultSet; $message = $strEmptyResultSet;
} }
$goto = ereg_replace('\.\.*', '.', $goto); $goto = ereg_replace('\.\.*', '.', $goto);
if ($goto != 'main.php3') {
include('./header.inc.php3');
}
if ($goto == 'db_details.php3' && !empty($table)) { if ($goto == 'db_details.php3' && !empty($table)) {
unset($table); unset($table);
} }
if ($goto == 'db_details.php3' || $goto == 'tbl_properties.php3') {
$js_to_run = 'functions.js';
}
if ($goto != 'main.php3') {
include('./header.inc.php3');
}
include('./' . $goto); include('./' . $goto);
} // end if file_exist } // end if file_exist
else { else {
@@ -261,6 +277,7 @@ else {
if (isset($show_query)) { if (isset($show_query)) {
unset($show_query); unset($show_query);
} }
$js_to_run = 'functions.js';
include('./header.inc.php3'); include('./header.inc.php3');
// Defines the display mode if it wasn't passed by url // Defines the display mode if it wasn't passed by url
if ($is_count) { if ($is_count) {

15
tbl_properties.php3
View File

@@ -8,6 +8,7 @@
require('./grab_globals.inc.php3'); require('./grab_globals.inc.php3');
require('./lib.inc.php3'); require('./lib.inc.php3');
if (!isset($message)) { if (!isset($message)) {
$js_to_run = 'functions.js';
include('./header.inc.php3'); include('./header.inc.php3');
} else { } else {
show_message($message); show_message($message);
@@ -541,15 +542,6 @@ echo "\n";
*/ */
?> ?>
<!-- TABLE WORK --> <!-- TABLE WORK -->
<script type="text/javascript" language="javascript">
<!--
var errorMsg0 = '<?php echo(str_replace('\'', '\\\'', $strFormEmpty)); ?>';
var errorMsg1 = '<?php echo(str_replace('\'', '\\\'', $strNotNumber)); ?>';
var errorMsg2 = '<?php echo(str_replace('\'', '\\\'', $strNotValidNumber)); ?>';
//-->
</script>
<script src="functions.js" type="text/javascript" language="javascript"></script>
<ul> <ul>
<!-- Printable view of the table --> <!-- Printable view of the table -->
@@ -560,7 +552,8 @@ var errorMsg2 = '<?php echo(str_replace('\'', '\\\'', $strNotValidNumber)); ?>';
<!-- Query box and bookmark support --> <!-- Query box and bookmark support -->
<li> <li>
<form method="post" action="db_readdump.php3" <form method="post" action="db_readdump.php3"
onsubmit="return emptySqlQuery(this)"> onsubmit="return checkSqlQuery(this)">
<input type="hidden" name="is_js_confirmed" value="0" />
<input type="hidden" name="server" value="<?php echo $server; ?>" /> <input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" /> <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="pos" value="0" /> <input type="hidden" name="pos" value="0" />
@@ -619,7 +612,7 @@ if ($cfgBookmark['db'] && $cfgBookmark['table']) {
<!-- Add some new fields --> <!-- Add some new fields -->
<li> <li>
<form method="post" action="tbl_addfield.php3" <form method="post" action="tbl_addfield.php3"
onsubmit="return checkFormElementInRange(this, 'num_fields', 1, 99)"> onsubmit="return checkFormElementInRange(this, 'num_fields', 1)">
<input type="hidden" name="server" value="<?php echo $server; ?>" /> <input type="hidden" name="server" value="<?php echo $server; ?>" />
<input type="hidden" name="lang" value="<?php echo $lang; ?>" /> <input type="hidden" name="lang" value="<?php echo $lang; ?>" />
<input type="hidden" name="db" value="<?php echo $db; ?>" /> <input type="hidden" name="db" value="<?php echo $db; ?>" />