The branch, master has been updated via bce8eaf40a42b4982f4125e23f4ab988ed8e113b (commit) via 059ddeb79788a969c94c7817f0ccab4686511a73 (commit) via 590059cc30038d60e9c5ad11b2cb369c9ebc14fc (commit) from 151799f17f63f1329b381f61f0bf0e238565842b (commit)
- Log ----------------------------------------------------------------- commit bce8eaf40a42b4982f4125e23f4ab988ed8e113b Author: Piotr Przybylski piotrprz@gmail.com Date: Thu Jul 14 01:44:41 2011 +0200
JSON export plugin: fix syntax for empty table, better data escaping
commit 059ddeb79788a969c94c7817f0ccab4686511a73 Author: Piotr Przybylski piotrprz@gmail.com Date: Thu Jul 14 01:43:30 2011 +0200
Better db and table name escaping in codegen and htmlword export plugins
commit 590059cc30038d60e9c5ad11b2cb369c9ebc14fc Author: Piotr Przybylski piotrprz@gmail.com Date: Thu Jul 14 01:30:25 2011 +0200
Fix db/table name escaping in UI preferences
-----------------------------------------------------------------------
Summary of changes: libraries/Table.class.php | 9 +++++---- libraries/export/codegen.php | 4 ++-- libraries/export/htmlword.php | 6 +++--- libraries/export/json.php | 14 ++++++++------ 4 files changed, 18 insertions(+), 15 deletions(-)
diff --git a/libraries/Table.class.php b/libraries/Table.class.php index 9a15c48..83e67fd 100644 --- a/libraries/Table.class.php +++ b/libraries/Table.class.php @@ -1240,8 +1240,8 @@ class PMA_Table $sql_query = " SELECT `prefs` FROM " . $pma_table . " WHERE `username` = '" . $GLOBALS['cfg']['Server']['user'] . "'" . - " AND `db_name` = '" . $this->db_name . "'" . - " AND `table_name` = '" . $this->name . "'"; + " AND `db_name` = '" . PMA_sqlAddSlashes($this->db_name) . "'" . + " AND `table_name` = '" . PMA_sqlAddSlashes($this->name) . "'";
$row = PMA_DBI_fetch_array(PMA_query_as_controluser($sql_query)); if (isset($row[0])) { @@ -1264,8 +1264,9 @@ class PMA_Table $username = $GLOBALS['cfg']['Server']['user']; $sql_query = " REPLACE INTO " . $pma_table . - " VALUES ('" . $username . "', '" . $this->db_name . "', '" . - $this->name . "', '" . PMA_sqlAddSlashes(json_encode($this->uiprefs)) . "')"; + " VALUES ('" . $username . "', '" . PMA_sqlAddSlashes($this->db_name) . "', '" . + PMA_sqlAddSlashes($this->name) . "', '" . + PMA_sqlAddSlashes(json_encode($this->uiprefs)) . "')";
$success = PMA_DBI_try_query($sql_query, $GLOBALS['controllink']);
diff --git a/libraries/export/codegen.php b/libraries/export/codegen.php index d60785c..fb81cf9 100644 --- a/libraries/export/codegen.php +++ b/libraries/export/codegen.php @@ -268,8 +268,8 @@ class TableProperty { $lines=array(); $lines[] = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>"; - $lines[] = "<hibernate-mapping xmlns="urn:nhibernate-mapping-2.2" namespace="".ucfirst($db)."" assembly="".ucfirst($db)."">"; - $lines[] = " <class name="".ucfirst($table)."" table="".$table."">"; + $lines[] = "<hibernate-mapping xmlns="urn:nhibernate-mapping-2.2" namespace="".ucfirst(htmlspecialchars($db, ENT_COMPAT, 'UTF-8'))."" assembly="".ucfirst(htmlspecialchars($db, ENT_COMPAT, 'UTF-8'))."">"; + $lines[] = " <class name="".ucfirst(htmlspecialchars($table, ENT_COMPAT, 'UTF-8'))."" table="".htmlspecialchars($table, ENT_COMPAT, 'UTF-8')."">"; $result = PMA_DBI_query(sprintf("DESC %s.%s", PMA_backquote($db), PMA_backquote($table))); if ($result) { diff --git a/libraries/export/htmlword.php b/libraries/export/htmlword.php index c840e93..a97aab2 100644 --- a/libraries/export/htmlword.php +++ b/libraries/export/htmlword.php @@ -75,7 +75,7 @@ xmlns="http://www.w3.org/TR/REC-html40%22%3E * @access public */ function PMA_exportDBHeader($db) { - return PMA_exportOutputHandler('<h1>' . __('Database') . ' ' . $db . '</h1>'); + return PMA_exportOutputHandler('<h1>' . __('Database') . ' ' . htmlspecialchars($db) . '</h1>'); }
/** @@ -118,7 +118,7 @@ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query) { global $what;
- if (! PMA_exportOutputHandler('<h2>' . __('Dumping data for table') . ' ' . $table . '</h2>')) { + if (! PMA_exportOutputHandler('<h2>' . __('Dumping data for table') . ' ' . htmlspecialchars($table) . '</h2>')) { return false; } if (! PMA_exportOutputHandler('<table class="width100" cellspacing="1">')) { @@ -192,7 +192,7 @@ function PMA_exportStructure($db, $table, $crlf, $error_url, $do_relation = fals { global $cfgRelation;
- if (! PMA_exportOutputHandler('<h2>' . __('Table structure for table') . ' ' .$table . '</h2>')) { + if (! PMA_exportOutputHandler('<h2>' . __('Table structure for table') . ' ' . htmlspecialchars($table) . '</h2>')) { return false; }
diff --git a/libraries/export/json.php b/libraries/export/json.php index 86e2e89..989ef88 100644 --- a/libraries/export/json.php +++ b/libraries/export/json.php @@ -74,7 +74,7 @@ function PMA_exportHeader() */ function PMA_exportDBHeader($db) { - PMA_exportOutputHandler('/* Database '' . $db . '' */ ' . $GLOBALS['crlf'] ); + PMA_exportOutputHandler('// Database '' . $db . ''' . $GLOBALS['crlf'] ); return true; }
@@ -134,7 +134,7 @@ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query)
// Output table name as comment if this is the first record of the table if ($record_cnt == 1) { - $buffer .= '/* ' . $db . '.' . $table . ' */' . $crlf . $crlf; + $buffer .= '// ' . $db . '.' . $table . $crlf . $crlf; $buffer .= '[{'; } else { $buffer .= ', {'; @@ -147,18 +147,20 @@ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query) $column = $columns[$i];
if (is_null($record[$i])) { - $buffer .= '"' . $column . '": null' . (! $isLastLine ? ',' : ''); + $buffer .= '"' . addslashes($column) . '": null' . (! $isLastLine ? ',' : ''); } elseif (is_numeric($record[$i])) { - $buffer .= '"' . $column . '": ' . $record[$i] . (! $isLastLine ? ',' : ''); + $buffer .= '"' . addslashes($column) . '": ' . $record[$i] . (! $isLastLine ? ',' : ''); } else { - $buffer .= '"' . $column . '": "' . addslashes($record[$i]) . '"' . (! $isLastLine ? ',' : ''); + $buffer .= '"' . addslashes($column) . '": "' . addslashes($record[$i]) . '"' . (! $isLastLine ? ',' : ''); } }
$buffer .= '}'; }
- $buffer .= ']'; + if ($record_cnt) { + $buffer .= ']'; + } if (! PMA_exportOutputHandler($buffer)) { return false; }
hooks/post-receive