nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

do not urlencode form data (browser is responsible for doing required stuff)

Browse Source
This commit is contained in:
Sebastian Mendel
2007-09-27 07:37:42 +00:00
parent 3d74bf27a7
commit e0b45f38e8
2 changed files with 18 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
libraries/display_tbl.lib.php
View File

@@ -1058,7 +1058,10 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
* with only one field and it's a BLOB; in this case, * with only one field and it's a BLOB; in this case,
* avoid to display the delete and edit links * avoid to display the delete and edit links
*/ */
$unique_condition = urlencode(PMA_getUniqueCondition($dt_result, $fields_cnt, $fields_meta, $row)); //$unique_condition = urlencode(PMA_getUniqueCondition($dt_result, $fields_cnt, $fields_meta, $row));
$unique_condition = PMA_getUniqueCondition($dt_result, $fields_cnt, $fields_meta, $row);
$unique_condition_url = urlencode($unique_condition);
$unique_condition_html = htmlspecialchars($unique_condition);
// 1.2 Defines the URLs for the modify/delete link(s) // 1.2 Defines the URLs for the modify/delete link(s)
$url_query = PMA_generate_common_url($db, $table); $url_query = PMA_generate_common_url($db, $table);
@@ -1078,7 +1081,7 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
$edit_url = 'tbl_change.php' $edit_url = 'tbl_change.php'
. '?' . $url_query . '?' . $url_query
. '&primary_key=' . $unique_condition . '&primary_key=' . $unique_condition_url
. '&sql_query=' . urlencode($url_sql_query) . '&sql_query=' . urlencode($url_sql_query)
. '&goto=' . urlencode($lnk_goto); . '&goto=' . urlencode($lnk_goto);
if ($GLOBALS['cfg']['PropertiesIconic'] === false) { if ($GLOBALS['cfg']['PropertiesIconic'] === false) {
@@ -1121,14 +1124,14 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
. '&sql_query=' . urlencode($url_sql_query) . '&sql_query=' . urlencode($url_sql_query)
. '&zero_rows=' . urlencode(htmlspecialchars($GLOBALS['strDeleted'])) . '&zero_rows=' . urlencode(htmlspecialchars($GLOBALS['strDeleted']))
. '&goto=' . (empty($goto) ? 'tbl_sql.php' : $goto); . '&goto=' . (empty($goto) ? 'tbl_sql.php' : $goto);
$del_query = urlencode('DELETE FROM ' . PMA_backquote($table) . ' WHERE') . $unique_condition . '+LIMIT+1'; $del_query = 'DELETE FROM ' . PMA_backquote($table) . ' WHERE' . $unique_condition . ' LIMIT 1';
$del_url = 'sql.php' $del_url = 'sql.php'
. '?' . $url_query . '?' . $url_query
. '&sql_query=' . $del_query . '&sql_query=' . urlencode($del_query)
. '&zero_rows=' . urlencode(htmlspecialchars($GLOBALS['strDeleted'])) . '&zero_rows=' . urlencode(htmlspecialchars($GLOBALS['strDeleted']))
. '&goto=' . urlencode($lnk_goto); . '&goto=' . urlencode($lnk_goto);
$js_conf = 'DELETE FROM ' . PMA_jsFormat($table) $js_conf = 'DELETE FROM ' . PMA_jsFormat($table)
. ' WHERE ' . trim(PMA_jsFormat(urldecode($unique_condition), false)) . ' WHERE ' . trim(PMA_jsFormat($unique_condition, false))
. ' LIMIT 1'; . ' LIMIT 1';
if ($GLOBALS['cfg']['PropertiesIconic'] === false) { if ($GLOBALS['cfg']['PropertiesIconic'] === false) {
$del_str = $GLOBALS['strDelete']; $del_str = $GLOBALS['strDelete'];
@@ -1147,7 +1150,7 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
. PMA_generate_common_url('mysql') . PMA_generate_common_url('mysql')
. '&sql_query=' . urlencode('KILL ' . $row[0]) . '&sql_query=' . urlencode('KILL ' . $row[0])
. '&goto=' . urlencode($lnk_goto); . '&goto=' . urlencode($lnk_goto);
$del_query = urlencode('KILL ' . $row[0]); $del_query = 'KILL ' . $row[0];
$js_conf = 'KILL ' . $row[0]; $js_conf = 'KILL ' . $row[0];
if ($GLOBALS['cfg']['PropertiesIconic'] === false) { if ($GLOBALS['cfg']['PropertiesIconic'] === false) {
$del_str = $GLOBALS['strKill']; $del_str = $GLOBALS['strKill'];
@@ -1222,7 +1225,7 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
$transform_options['wrapper_link'] = '?' $transform_options['wrapper_link'] = '?'
. (isset($url_query) ? $url_query : '') . (isset($url_query) ? $url_query : '')
. '&primary_key=' . (isset($unique_condition) ? $unique_condition : '') . '&primary_key=' . (isset($unique_condition_url) ? $unique_condition_url : '')
. '&sql_query=' . (empty($sql_query) ? '' : urlencode($url_sql_query)) . '&sql_query=' . (empty($sql_query) ? '' : urlencode($url_sql_query))
. '&goto=' . (isset($sql_goto) ? urlencode($lnk_goto) : '') . '&goto=' . (isset($sql_goto) ? urlencode($lnk_goto) : '')
. '&transform_key=' . urlencode($meta->name); . '&transform_key=' . urlencode($meta->name);
@@ -1481,9 +1484,9 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
if (!empty($del_url) && $is_display['del_lnk'] != 'kp') { if (!empty($del_url) && $is_display['del_lnk'] != 'kp') {
$vertical_display['row_delete'][$row_no] .= ' <td align="center" class="' . $class . '" ' . $column_style_vertical . '>' . "\n" $vertical_display['row_delete'][$row_no] .= ' <td align="center" class="' . $class . '" ' . $column_style_vertical . '>' . "\n"
. ' <input type="checkbox" id="id_rows_to_delete' . $row_no . '[%_PMA_CHECKBOX_DIR_%]" name="rows_to_delete[' . $unique_condition . ']"' . ' <input type="checkbox" id="id_rows_to_delete' . $row_no . '[%_PMA_CHECKBOX_DIR_%]" name="rows_to_delete[' . $unique_condition_html . ']"'
. ' onclick="' . $column_marker_vertical . 'copyCheckboxesRange(\'rowsDeleteForm\', \'id_rows_to_delete' . $row_no . '\',\'[%_PMA_CHECKBOX_DIR_%]\');"' . ' onclick="' . $column_marker_vertical . 'copyCheckboxesRange(\'rowsDeleteForm\', \'id_rows_to_delete' . $row_no . '\',\'[%_PMA_CHECKBOX_DIR_%]\');"'
. ' value="' . $del_query . '" ' . (isset($GLOBALS['checkall']) ? 'checked="checked"' : '') . ' />' . "\n" . ' value="' . htmlspecialchars($del_query) . '" ' . (isset($GLOBALS['checkall']) ? 'checked="checked"' : '') . ' />' . "\n"
. ' </td>' . "\n"; . ' </td>' . "\n";
} else { } else {
unset($vertical_display['row_delete'][$row_no]); unset($vertical_display['row_delete'][$row_no]);

8
libraries/display_tbl_links.lib.php
View File

@@ -17,9 +17,9 @@ if ($doWriteModifyAt == 'left') {
if (!empty($del_url) && $is_display['del_lnk'] != 'kp') { if (!empty($del_url) && $is_display['del_lnk'] != 'kp') {
echo ' <td align="center">' . "\n" echo ' <td align="center">' . "\n"
. ' <input type="checkbox" id="id_rows_to_delete' . $row_no . '" name="rows_to_delete[' . $unique_condition . ']"' . ' <input type="checkbox" id="id_rows_to_delete' . $row_no . '" name="rows_to_delete[' . $unique_condition_html . ']"'
. ' onclick="copyCheckboxesRange(\'rowsDeleteForm\', \'id_rows_to_delete' . $row_no . '\',\'l\');"' . ' onclick="copyCheckboxesRange(\'rowsDeleteForm\', \'id_rows_to_delete' . $row_no . '\',\'l\');"'
. ' value="' . $del_query . '" ' . (isset($GLOBALS['checkall']) ? 'checked="checked"' : '') . ' />' . "\n" . ' value="' . htmlspecialchars($del_query) . '" ' . (isset($GLOBALS['checkall']) ? 'checked="checked"' : '') . ' />' . "\n"
. ' </td>' . "\n"; . ' </td>' . "\n";
} }
if (!empty($edit_url)) { if (!empty($edit_url)) {
@@ -47,9 +47,9 @@ if ($doWriteModifyAt == 'left') {
} }
if (!empty($del_url) && $is_display['del_lnk'] != 'kp') { if (!empty($del_url) && $is_display['del_lnk'] != 'kp') {
echo ' <td align="center">' . "\n" echo ' <td align="center">' . "\n"
. ' <input type="checkbox" id="id_rows_to_delete' . $row_no . 'r" name="rows_to_delete[' . $unique_condition . ']"' . ' <input type="checkbox" id="id_rows_to_delete' . $row_no . 'r" name="rows_to_delete[' . $unique_condition_html . ']"'
. ' onclick="copyCheckboxesRange(\'rowsDeleteForm\', \'id_rows_to_delete' . $row_no . '\',\'r\');"' . ' onclick="copyCheckboxesRange(\'rowsDeleteForm\', \'id_rows_to_delete' . $row_no . '\',\'r\');"'
. ' value="' . $del_query . '" ' . (isset($GLOBALS['checkall']) ? 'checked="checked"' : '') . ' />' . "\n" . ' value="' . htmlspecialchars($del_query) . '" ' . (isset($GLOBALS['checkall']) ? 'checked="checked"' : '') . ' />' . "\n"
. ' </td>' . "\n"; . ' </td>' . "\n";
} }
} }