nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug 580920

Browse Source
This commit is contained in:
Marc Delisle
2002-07-13 21:00:55 +00:00
parent 638b1844b0
commit e48b01dea3
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -9,6 +9,7 @@ $Source$
* libraries/common.lib.php3: bug 580929: do not EXPLAIN if this is * libraries/common.lib.php3: bug 580929: do not EXPLAIN if this is
not a SELECT not a SELECT
* sql.php3: better way to show php code * sql.php3: better way to show php code
* sql.php3: bug 580920: do not display the confirm dialog
2002-07-13 Alexander M. Turek <rabus@users.sourceforge.net> 2002-07-13 Alexander M. Turek <rabus@users.sourceforge.net>
* Documentation.html: News about bug #540671. * Documentation.html: News about bug #540671.

6
sql.php3
View File

@@ -194,10 +194,13 @@ if (isset($btnDrop) && $btnDrop == $strNo) {
* This part of the script is bypassed if $is_js_confirmed = 1 (already checked * This part of the script is bypassed if $is_js_confirmed = 1 (already checked
* with js) because possible security issue is not so important here: at most, * with js) because possible security issue is not so important here: at most,
* the confirm message isn't displayed. * the confirm message isn't displayed.
*
* Also bypassed if only showing php code.
*/ */
if (!$cfg['Confirm'] if (!$cfg['Confirm']
|| (isset($is_js_confirmed) && $is_js_confirmed) || (isset($is_js_confirmed) && $is_js_confirmed)
|| isset($btnDrop)) { || isset($btnDrop)
|| !empty($GLOBALS['show_as_php'])) {
$do_confirm = FALSE; $do_confirm = FALSE;
} else { } else {
$do_confirm = (eregi('DROP[[:space:]]+(IF[[:space:]]+EXISTS[[:space:]]+)?(TABLE|DATABASE[[:space:]])|ALTER[[:space:]]+TABLE[[:space:]]+((`[^`]+`)|([A-Za-z0-9_$]+))[[:space:]]+DROP[[:space:]]|DELETE[[:space:]]+FROM[[:space:]]', $sql_query)); $do_confirm = (eregi('DROP[[:space:]]+(IF[[:space:]]+EXISTS[[:space:]]+)?(TABLE|DATABASE[[:space:]])|ALTER[[:space:]]+TABLE[[:space:]]+((`[^`]+`)|([A-Za-z0-9_$]+))[[:space:]]+DROP[[:space:]]|DELETE[[:space:]]+FROM[[:space:]]', $sql_query));
@@ -324,7 +327,6 @@ else {
$num_rows = 0; $num_rows = 0;
} }
} }
// Executes the query // Executes the query
// only if we didn't ask to see the php code (mikebeck) // only if we didn't ask to see the php code (mikebeck)
if (!empty($GLOBALS['show_as_php'])){ if (!empty($GLOBALS['show_as_php'])){