Hi Michal, what kind of problems what this fix for? (More specifically the last part of the fix at line 1575)
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_9/phpM...
It introduced a bug https://sourceforge.net/tracker/index.php?func=detail&aid=1603660&gr...
Marc
Hi
On Tue, 28 Nov 2006 03:21:15 -0500 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
what kind of problems what this fix for? (More specifically the last part of the fix at line 1575)
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_9/phpM...
When there was long query from import, it has not been escaped. Maybe PMA_showMessage was not correct place to escape it...
Michal Čihař a écrit :
Hi
On Tue, 28 Nov 2006 03:21:15 -0500 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
what kind of problems what this fix for? (More specifically the last part of the fix at line 1575)
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_9/phpM...
When there was long query from import, it has not been escaped. Maybe PMA_showMessage was not correct place to escape it...
Yes, maybe in libraries/import.lib.php would be better. I looked at this code:
// check length of query unless we decided to pass it to sql.php if (!$go_sql) { if ($cfg['VerboseMultiSubmit'] && !empty($sql_query)) { if (strlen($sql_query) > 50000 || $executed_queries > 50 || $max_sql_len > 1000) { $sql_query = ''; $sql_query_disabled = TRUE; } } else { if (strlen($sql_query) > 10000 || $executed_queries > 10 || $max_sql_len > 500) { $sql_query = ''; $sql_query_disabled = TRUE; } } }
I think that the best place would be at the end of this code, when $sql_query is still not empty. Assuming that the check on VerboseMultiSubmit is correct (why is that check there?), I suggest
Index: import.lib.php =================================================================== --- import.lib.php (revision 9763) +++ import.lib.php (working copy) @@ -171,6 +171,9 @@ $sql_query_disabled = TRUE; } } + if (! empty($sql_query)) { + $sql_query = htmlspecialchars($sql_query); + } } } // end do query (no skip) } // end buffer exists
Of course I don't like the output, see https://sourceforge.net/tracker/index.php?func=detail&aid=1547370&gr...
Marc