bug #1748633 Incorrect parameter validation for VIEWs

2007-07-10 15:01:45 +00:00
parent 2d9613dfea
commit f90b0f3f24
2 changed files with 6 additions and 1 deletions
--- a/1
+++ b/1
@@ -88,6 +88,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - bug #1745257 Invalid DB name is still displayed
 - bug #1730367 Calendar "Go" has no effect
 - patch #1750500 Smaller file for favicon.ico, thanks to Thijs Kinkhorst
+- bug #1748633 Incorrect parameter validation for VIEWs

 2.10.2.0 (2007-06-15)

--- a/libraries/display_tbl.lib.php
+++ b/libraries/display_tbl.lib.php
@@ -275,8 +275,12 @@ function PMA_displayTableNavigation($pos_next, $pos_prev, $sql_query)
    &nbsp;&nbsp;&nbsp;
 </td>
 <td align="center">
+<?php // if displaying a VIEW, $unlim_num_rows could be zero because
+      // of $cfg['MaxExactCountViews']; in this case, avoid passing
+      // the 5th parameter to checkFormElementInRange() 
+      // (this means we can't validate the upper limit ?>
    <form action="sql.php" method="post"
-        onsubmit="return (checkFormElementInRange(this, 'session_max_rows', '<?php echo str_replace('\'', '\\\'', $GLOBALS['strInvalidRowNumber']); ?>', 1) &amp;&amp; checkFormElementInRange(this, 'pos', '<?php echo str_replace('\'', '\\\'', $GLOBALS['strInvalidRowNumber']); ?>', 0, <?php echo $unlim_num_rows - 1; ?>))">
+onsubmit="return (checkFormElementInRange(this, 'session_max_rows', '<?php echo str_replace('\'', '\\\'', $GLOBALS['strInvalidRowNumber']); ?>', 1) &amp;&amp; checkFormElementInRange(this, 'pos', '<?php echo str_replace('\'', '\\\'', $GLOBALS['strInvalidRowNumber']); ?>', 0<?php echo $unlim_num_rows > 0 ? ',' . $unlim_num_rows - 1 : ''; ?>))">
        <?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
        <input type="hidden" name="sql_query" value="<?php echo $html_sql_query; ?>" />
        <input type="hidden" name="goto" value="<?php echo $goto; ?>" />