nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #1153079

Browse Source
This commit is contained in:
Alexander M. Turek
2005-03-03 20:32:45 +00:00
parent de484bfce1
commit e2a387ea5c
2 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -5,6 +5,10 @@ phpMyAdmin - Changelog
$Id$ $Id$
$Source$ $Source$
2005-03-03 Alexander M. Turek <me@derrabus.de>
* libraries/grab_globals.lib.php: Bug #1153079 (Updating columns starting
with "str").
2005-03-02 Michal Čihař <michal@cihar.com> 2005-03-02 Michal Čihař <michal@cihar.com>
* libraries/export/sql.php, libraries/display_export.lib.php: Do not offer * libraries/export/sql.php, libraries/display_export.lib.php: Do not offer
modes not available in current MySQL version, do not fail on error when modes not available in current MySQL version, do not fail on error when

6
libraries/grab_globals.lib.php
View File

@@ -12,7 +12,7 @@
* loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+ * loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
*/ */
function PMA_gpc_extract($array, &$target) { function PMA_gpc_extract($array, &$target, $sanitize = TRUE) {
if (!is_array($array)) { if (!is_array($array)) {
return FALSE; return FALSE;
} }
@@ -30,7 +30,7 @@ function PMA_gpc_extract($array, &$target) {
* Warning: this also affects array keys: * Warning: this also affects array keys:
* Variables like $_GET['harmless']['cfg'] will also be rejected! * Variables like $_GET['harmless']['cfg'] will also be rejected!
*/ */
if (is_string($key) && ( if ($sanitize && is_string($key) && (
$key == 'cfg' $key == 'cfg'
|| $key == 'GLOBALS' || $key == 'GLOBALS'
|| substr($key, 0, 3) == 'str' || substr($key, 0, 3) == 'str'
@@ -43,7 +43,7 @@ function PMA_gpc_extract($array, &$target) {
// another application, with the same name as this array // another application, with the same name as this array
unset($target[$key]); unset($target[$key]);
PMA_gpc_extract($value, $target[$key]); PMA_gpc_extract($value, $target[$key], FALSE);
} else if ($is_magic_quotes) { } else if ($is_magic_quotes) {
$target[$key] = stripslashes($value); $target[$key] = stripslashes($value);
} else { } else {