From e6396b014a8c508c110b972c9fda63517ea72524 Mon Sep 17 00:00:00 2001 From: "Alexander M. Turek" Date: Tue, 19 Nov 2002 14:09:39 +0000 Subject: [PATCH] bug #640055 --- ChangeLog | 11 +++++++++++ db_create.php3 | 3 --- db_datadict.php3 | 6 +++--- db_details.php3 | 2 +- db_details_export.php3 | 4 ++-- db_details_importdocsql.php3 | 2 +- db_details_qbe.php3 | 2 +- db_details_structure.php3 | 8 ++++---- db_stats.php3 | 2 +- header.inc.php3 | 2 +- ldi_table.php3 | 6 +++--- left.php3 | 30 +++++++++++++++--------------- mult_submits.inc.php3 | 8 ++++---- pdf_pages.php3 | 14 +++++++------- sql.php3 | 8 ++++---- tbl_change.php3 | 2 +- tbl_create.php3 | 4 ---- tbl_indexes.php3 | 8 ++++---- tbl_properties.inc.php3 | 4 ++-- tbl_properties_export.php3 | 4 ++-- tbl_properties_operations.php3 | 16 ++++++++-------- tbl_properties_options.php3 | 12 ++++++------ tbl_properties_structure.php3 | 10 +++++----- tbl_query_box.php3 | 4 ++-- tbl_relation.php3 | 16 ++++++---------- tbl_select.php3 | 4 ++-- 26 files changed, 96 insertions(+), 96 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8909a794f..d620b1cae 100755 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,17 @@ phpMyAdmin - Changelog $Id$ $Source$ +2002-11-19 Alexander M. Turek + * db_create.php3, db_datadict.php3, db_details.php3, db_details_export.php3, + db_details_import.php3, db_details_qbe.php3, db_details_structure.php3, + db_stats.php3, header.inc.php3, ldi_table.php3, left.php3, + mult_submits.php3, pdf_pages.php3, sql.php3, tbl_change.php3, + tbl_create.php3, tbl_indexes.php3, tbl_properties.inc.php3, + tbl_properties_export.php3, tbl_properties_operations.php3, + tbl_properties_options.php3, tbl_properties_structure.php3, + tbl_query_box.php3, tbl_relation.php3, tbl_select.php3: + Fixed bug #640055 (HTML entities in db / table name) partly. + 2002-11-19 Marc Delisle ### 2.3.3-rc1 released diff --git a/db_create.php3 b/db_create.php3 index 41d227cd0..82fd5132f 100755 --- a/db_create.php3 +++ b/db_create.php3 @@ -23,9 +23,6 @@ $err_url = 'main.php3' /** * Ensures the db name is valid */ -if (get_magic_quotes_gpc()) { - $db = stripslashes($db); -} if (PMA_MYSQL_INT_VERSION < 32306) { PMA_checkReservedWords($db, $err_url); } diff --git a/db_datadict.php3 b/db_datadict.php3 index 497d78573..6ed18c764 100644 --- a/db_datadict.php3 +++ b/db_datadict.php3 @@ -45,10 +45,10 @@ $rowset = mysql_query($sql); $count = 0; while ($row = mysql_fetch_array($rowset)) { if (PMA_MYSQL_INT_VERSION >= 32303) { - $myfieldname = 'Tables_in_' . $db; + $myfieldname = 'Tables_in_' . htmlspecialchars($db); } else { - $myfieldname = 'Tables in ' . $db; + $myfieldname = 'Tables in ' . htmlspecialchars($db); } $table = $row[$myfieldname]; $cfgRelation = PMA_getRelationsParam(); @@ -273,7 +273,7 @@ while ($row = mysql_fetch_array($rowset)) { ' . "\n"; - $count++; + $count++; } //ends main while diff --git a/db_details.php3 b/db_details.php3 index 4b2e49d0a..fa2e9cf32 100755 --- a/db_details.php3 +++ b/db_details.php3 @@ -60,7 +60,7 @@ $auto_sel = ($cfg['TextareaAutoSelect']) - + diff --git a/db_details_export.php3 b/db_details_export.php3 index 8fc8c5b21..4ff180df7 100644 --- a/db_details_export.php3 +++ b/db_details_export.php3 @@ -60,7 +60,7 @@ if ($num_tables > 1) { . '?lang=' . $lang . '&convcharset=' . $convcharset . '&server=' . $server - . '&db=' . $db + . '&db=' . urlencode($db) . '&goto=db_details_export.php3'; ?>
@@ -181,7 +181,7 @@ if (function_exists('PMA_set_enc_form')) { - + diff --git a/db_details_importdocsql.php3 b/db_details_importdocsql.php3 index cf25ccf55..a34970079 100644 --- a/db_details_importdocsql.php3 +++ b/db_details_importdocsql.php3 @@ -125,7 +125,7 @@ if (empty($DOCUMENT_ROOT)) {
- + Please enter absolute path on webserver to docSQL Directory: diff --git a/db_details_qbe.php3 b/db_details_qbe.php3 index 4cf1348e5..48cf9f8ed 100755 --- a/db_details_qbe.php3 +++ b/db_details_qbe.php3 @@ -649,7 +649,7 @@ while (list($key, $val) = each($tbl_names)) { - + = 32303) { - + @@ -329,7 +329,7 @@ else { - +
@@ -451,7 +451,7 @@ if ($num_tables > 0) { - + ' . "\n"; echo ' ' . $strName . ' : ' . "\n"; @@ -499,7 +499,7 @@ if ($cfgRelation['pdfwork'] && $num_tables > 0) { - +  :
  ' . "\n"; - echo ' ' . "\n"; + echo ' ' . "\n"; echo ' ' . "\n"; echo ' ' . "\n"; echo ' ' . "\n"; diff --git a/header.inc.php3 b/header.inc.php3 index 4c51e39d8..7f286487a 100755 --- a/header.inc.php3 +++ b/header.inc.php3 @@ -233,7 +233,7 @@ if (isset($GLOBALS['db'])) { if (!empty($GLOBALS['table'])) { echo ' - ' . $GLOBALS['strTable'] . ' ' . htmlspecialchars($GLOBALS['table']) . '' . "\n"; } - echo ' ' . sprintf($GLOBALS['strRunning'], ' ' . (($GLOBALS['cfg']['Server']['verbose']) ? $GLOBALS['cfg']['Server']['verbose'] : $GLOBALS['cfg']['Server']['host']) . '') . "\n"; + echo ' ' . sprintf($GLOBALS['strRunning'], ' ' . (($GLOBALS['cfg']['Server']['verbose']) ? htmlspecialchars($GLOBALS['cfg']['Server']['verbose']) : $GLOBALS['cfg']['Server']['host']) . '') . "\n"; echo '' . "\n"; } echo "\n"; diff --git a/ldi_table.php3 b/ldi_table.php3 index 57e3efc59..bf27af4a7 100755 --- a/ldi_table.php3 +++ b/ldi_table.php3 @@ -105,12 +105,12 @@ if (function_exists('PMA_set_enc_form')) { - - + + - +    diff --git a/left.php3 b/left.php3 index 9670aa63c..29a33ac6a 100755 --- a/left.php3 +++ b/left.php3 @@ -265,7 +265,7 @@ if ($num_dbs > 1) { echo "\n"; ?> -   () +   ()
> @@ -275,15 +275,15 @@ if ($num_dbs > 1) { for ($t = 0; $t < $num_tables; $t++) { $table = PMA_mysql_tablename($tables, $t); $url_title = (!empty($tooltip) && isset($tooltip[$table])) - ? str_replace('"', '"', $tooltip[$table]) + ? htmlspecialchars($tooltip[$table]) : ''; echo "\n"; ?> - - <?php echo " title="" />  + + <?php echo $strBrowse . ': ' . htmlspecialchars($table); ?>  -
+
1) { ? str_replace('"', '"', $tooltip[$table]) : ''; $table_list .= ' ' . "\n"; - $table_list .= ' ' . $strBrowse . ': ' . $table . ' ' . "\n"; + $table_list .= ' ' . $strBrowse . ': ' . $table . ' ' . "\n"; if (PMA_USR_BROWSER_AGENT == 'IE') { - $table_list .= ' ' . $table . '
' . "\n"; + $table_list .= ' ' . htmlspecialchars($table) . '
' . "\n"; } else { - $table_list .= ' ' . $table . '
' . "\n"; + $table_list .= ' ' . htmlspecialchars($table) . '
' . "\n"; } } // end for $t (tables list) @@ -323,15 +323,15 @@ if ($num_dbs > 1) { $selected = ' selected="selected"'; $table_list_header .= ' ' . "\n"; - $table_list_header .= ' ' . $db . '  
' . "\n\n"; + $table_list_header .= ' ' . htmlspecialchars($db) . '  
' . "\n\n"; } else { $selected = ''; } // end if... else... if (!empty($num_tables)) { - echo ' ' . "\n"; + echo ' ' . "\n"; } else { - echo ' ' . "\n"; + echo ' ' . "\n"; } // end if... else... } // end if (light mode) @@ -411,7 +411,7 @@ else if ($num_dbs == 1) { ?>
-   () +   ()
- - <?php echo " title="" />  + + <?php echo $strBrowse . ': ' . htmlspecialchars($table); ?>  -
+
' . "\n"; + echo ' ' . "\n"; } else if (strpos(' ' . $action, 'tbl_properties') == 1) { - echo ' ' . "\n"; - echo ' ' . "\n"; + echo ' ' . "\n"; + echo ' ' . "\n"; } for ($i = 0; $i < $selected_cnt; $i++) { - echo ' ' . "\n"; + echo ' ' . "\n"; } ?> diff --git a/pdf_pages.php3 b/pdf_pages.php3 index ad369e104..bd1e795d5 100755 --- a/pdf_pages.php3 +++ b/pdf_pages.php3 @@ -120,11 +120,11 @@ if ($cfgRelation['pdfwork']) { ?> - + - + - - + + @@ -171,8 +171,8 @@ if ($cfgRelation['pdfwork']) { - - + +
' . "\n"; echo '   ' . "\n"; echo '  ' . $db_name . '  ' . htmlspecialchars($db_name) . '  ' . $dbs_array[$db_name][0] . '  ' . $data_size . ' ' . $data_unit . '  ' . $idx_size . ' ' . $idx_unit . ' 
@@ -264,7 +264,7 @@ if ($cfgRelation['pdfwork']) { - +  :
diff --git a/sql.php3 b/sql.php3 index 502c3bd79..72d032e59 100755 --- a/sql.php3 +++ b/sql.php3 @@ -178,8 +178,8 @@ if ($do_confirm) { - - + + @@ -303,7 +303,7 @@ else { : $err_url; PMA_mysqlDie($error, $full_sql_query, '', $full_err_url); } - + // Checks if the current database has changed // This could happen if the user sends a query like "USE `database`;" $res = PMA_mysql_query('SELECT DATABASE() AS "db";'); @@ -580,7 +580,7 @@ else {  : - + diff --git a/tbl_change.php3 b/tbl_change.php3 index 071a6decb..84a9f0c0b 100755 --- a/tbl_change.php3 +++ b/tbl_change.php3 @@ -160,7 +160,7 @@ $chg_evt_handler = (PMA_USR_BROWSER_AGENT == 'IE' && PMA_USR_BROWSER_VER >= 5) - + diff --git a/tbl_create.php3 b/tbl_create.php3 index 9ac21d94a..341b92edd 100755 --- a/tbl_create.php3 +++ b/tbl_create.php3 @@ -221,10 +221,6 @@ else { } // Table name and number of fields are valid -> show the form else { - // Ensures the table name is valid - if (get_magic_quotes_gpc()) { - $table = stripslashes($table); - } if (PMA_MYSQL_INT_VERSION < 32306) { PMA_checkReservedWords($table, $err_url); } diff --git a/tbl_indexes.php3 b/tbl_indexes.php3 index b8efd3038..ce948ca23 100644 --- a/tbl_indexes.php3 +++ b/tbl_indexes.php3 @@ -309,8 +309,8 @@ else if (!defined('PMA_IDX_INCLUDED') - - + + '; @@ -427,8 +427,8 @@ else if (!defined('PMA_IDX_INCLUDED') - - + + " /> - - + + diff --git a/tbl_properties_export.php3 b/tbl_properties_export.php3 index ccb1d74d6..1bbfae851 100755 --- a/tbl_properties_export.php3 +++ b/tbl_properties_export.php3 @@ -20,8 +20,8 @@ require('./tbl_properties_table_info.php3'); - - + +
diff --git a/tbl_properties_operations.php3 b/tbl_properties_operations.php3 index c2939aaa4..42028f963 100755 --- a/tbl_properties_operations.php3 +++ b/tbl_properties_operations.php3 @@ -61,8 +61,8 @@ if (PMA_MYSQL_INT_VERSION >= 32334) { - - + +  : - - + +  :   @@ -112,8 +112,8 @@ echo "\n"; - - + +
@@ -155,8 +155,8 @@ for ($i = 0; $i < $num_dbs; $i++) { - - + +
diff --git a/tbl_properties_options.php3 b/tbl_properties_options.php3 index 36cdaf9a3..2858b2ee5 100755 --- a/tbl_properties_options.php3 +++ b/tbl_properties_options.php3 @@ -61,8 +61,8 @@ if (PMA_MYSQL_INT_VERSION >= 32322) { - - + +  :      @@ -111,8 +111,8 @@ if (PMA_MYSQL_INT_VERSION >= 32322) { - - + +  :  - - + +
diff --git a/tbl_properties_structure.php3 b/tbl_properties_structure.php3 index df9c794ff..ca45df5b5 100755 --- a/tbl_properties_structure.php3 +++ b/tbl_properties_structure.php3 @@ -60,8 +60,8 @@ $fields_cnt = mysql_num_rows($fields_rs); - - + +
@@ -294,7 +294,7 @@ require ('./tbl_indexes.php3'); // statistics whatever is the table type if ($cfg['ShowStats']) { $nonisam = FALSE; - $is_innodb = (isset($showtable['Type']) && $showtable['Type'] == 'InnoDB'); + $is_innodb = (isset($showtable['Type']) && $showtable['Type'] == 'InnoDB'); if (isset($showtable['Type']) && !eregi('ISAM|HEAP', $showtable['Type'])) { $nonisam = TRUE; } @@ -506,8 +506,8 @@ echo "\n"; onsubmit="return checkFormElementInRange(this, 'num_fields', 1)"> - - + +  : - - + + diff --git a/tbl_relation.php3 b/tbl_relation.php3 index 2b776f967..73e895a76 100644 --- a/tbl_relation.php3 +++ b/tbl_relation.php3 @@ -37,10 +37,6 @@ function PMA_handleSlashes($val) { /** * Updates */ -if (get_magic_quotes_gpc()) { - $db = stripslashes($db); - $table = stripslashes($table); -} if ($cfgRelation['relwork']) { $existrel = PMA_getForeigners($db, $table); @@ -220,8 +216,8 @@ if ($col_rs && mysql_num_rows($col_rs) > 0) { - - + +
@@ -283,8 +279,8 @@ if ($col_rs && mysql_num_rows($col_rs) > 0) { - - + +

@@ -320,8 +316,8 @@ if ($col_rs && mysql_num_rows($col_rs) > 0) { - - + +
diff --git a/tbl_select.php3 b/tbl_select.php3 index 616d535da..68024dc1b 100755 --- a/tbl_select.php3 +++ b/tbl_select.php3 @@ -74,8 +74,8 @@ if (!isset($param) || $param[0] == '') { - - + +