The branch, master has been updated via d84d51c77552bd166c03dcb6a1623f93952ad058 (commit) via 667cf67954c44facf978660f5fa7b9ed5c2b1b89 (commit) via 09e74a94150d84ba0014f7455446383311c6d190 (commit) from f57faf6b58702ad09e6c333fd927778fb6af1e41 (commit)
- Log ----------------------------------------------------------------- commit d84d51c77552bd166c03dcb6a1623f93952ad058 Author: Piotr Przybylski piotrprz@gmail.com Date: Thu Jul 14 00:05:58 2011 +0200
Fix XML export so it actually can export table structure More escaping fixes
commit 667cf67954c44facf978660f5fa7b9ed5c2b1b89 Author: Piotr Przybylski piotrprz@gmail.com Date: Wed Jul 13 23:42:29 2011 +0200
Better escaping in XML export Note: it's still incorrect
commit 09e74a94150d84ba0014f7455446383311c6d190 Author: Piotr Przybylski piotrprz@gmail.com Date: Wed Jul 13 23:40:58 2011 +0200
Improve readability of XML export code
-----------------------------------------------------------------------
Summary of changes: libraries/export/xml.php | 42 ++++++++++++++++++++---------------------- 1 files changed, 20 insertions(+), 22 deletions(-)
diff --git a/libraries/export/xml.php b/libraries/export/xml.php index 2665051..85bab5f 100644 --- a/libraries/export/xml.php +++ b/libraries/export/xml.php @@ -71,13 +71,14 @@ function PMA_exportFooter() { function PMA_exportHeader() { global $crlf; global $cfg; - global $what; global $db; global $table; global $tables;
- $export_struct = isset($GLOBALS[$what . '_export_struc']) ? true : false; - $export_data = isset($GLOBALS[$what . '_export_contents']) ? true : false; + $export_struct = isset($GLOBALS['xml_export_functions']) || isset($GLOBALS['xml_export_procedures']) + || isset($GLOBALS['xml_export_tables']) || isset($GLOBALS['xml_export_triggers']) + || isset($GLOBALS['xml_export_views']); + $export_data = isset($GLOBALS['xml_export_contents']) ? true : false;
if ($GLOBALS['output_charset_conversion']) { $charset = $GLOBALS['charset_of_file']; @@ -112,7 +113,7 @@ function PMA_exportHeader() { $head .= ' - Structure schemas' . $crlf; $head .= ' -->' . $crlf; $head .= ' pma:structure_schemas' . $crlf; - $head .= ' <pma:database name="' . $db . '" collation="' . $db_collation . '" charset="' . $db_charset . '">' . $crlf; + $head .= ' <pma:database name="' . htmlspecialchars($db) . '" collation="' . $db_collation . '" charset="' . $db_charset . '">' . $crlf;
if (count($tables) == 0) { $tables[] = $table; @@ -131,23 +132,23 @@ function PMA_exportHeader() { $type = 'table'; }
- if ($is_view && ! isset($GLOBALS[$what . '_export_views'])) { + if ($is_view && ! isset($GLOBALS['xml_export_views'])) { continue; }
- if (! $is_view && ! isset($GLOBALS[$what . '_export_tables'])) { + if (! $is_view && ! isset($GLOBALS['xml_export_tables'])) { continue; }
$head .= ' <pma:' . $type . ' name="' . $table . '">' . $crlf;
- $tbl = " " . $tbl; + $tbl = " " . htmlspecialchars($tbl); $tbl = str_replace("\n", "\n ", $tbl);
$head .= $tbl . ';' . $crlf; $head .= ' </pma:' . $type . '>' . $crlf;
- if (isset($GLOBALS[$what . '_export_triggers']) && $GLOBALS[$what . '_export_triggers']) { + if (isset($GLOBALS['xml_export_triggers']) && $GLOBALS['xml_export_triggers']) { // Export triggers $triggers = PMA_DBI_get_triggers($db, $table); if ($triggers) { @@ -157,7 +158,7 @@ function PMA_exportHeader() {
// Do some formatting $code = substr(rtrim($code), 0, -3); - $code = " " . $code; + $code = " " . htmlspecialchars($code); $code = str_replace("\n", "\n ", $code);
$head .= $code . $crlf; @@ -170,7 +171,7 @@ function PMA_exportHeader() { } }
- if (isset($GLOBALS[$what . '_export_functions']) && $GLOBALS[$what . '_export_functions']) { + if (isset($GLOBALS['xml_export_functions']) && $GLOBALS['xml_export_functions']) { // Export functions $functions = PMA_DBI_get_procedures_or_functions($db, 'FUNCTION'); if ($functions) { @@ -180,7 +181,7 @@ function PMA_exportHeader() { // Do some formatting $sql = PMA_DBI_get_definition($db, 'FUNCTION', $function); $sql = rtrim($sql); - $sql = " " . $sql; + $sql = " " . htmlspecialchars($sql); $sql = str_replace("\n", "\n ", $sql);
$head .= $sql . $crlf; @@ -193,7 +194,7 @@ function PMA_exportHeader() { } }
- if (isset($GLOBALS[$what . '_export_procedures']) && $GLOBALS[$what . '_export_procedures']) { + if (isset($GLOBALS['xml_export_procedures']) && $GLOBALS['xml_export_procedures']) { // Export procedures $procedures = PMA_DBI_get_procedures_or_functions($db, 'PROCEDURE'); if ($procedures) { @@ -203,7 +204,7 @@ function PMA_exportHeader() { // Do some formatting $sql = PMA_DBI_get_definition($db, 'PROCEDURE', $procedure); $sql = rtrim($sql); - $sql = " " . $sql; + $sql = " " . htmlspecialchars($sql); $sql = str_replace("\n", "\n ", $sql);
$head .= $sql . $crlf; @@ -239,13 +240,12 @@ function PMA_exportHeader() { */ function PMA_exportDBHeader($db) { global $crlf; - global $what;
- if (isset($GLOBALS[$what . '_export_contents']) && $GLOBALS[$what . '_export_contents']) { + if (isset($GLOBALS['xml_export_contents']) && $GLOBALS['xml_export_contents']) { $head = ' <!--' . $crlf . ' - ' . __('Database') . ': ' . (isset($GLOBALS['use_backquotes']) ? PMA_backquote($db) : '\'' . $db . '\''). $crlf . ' -->' . $crlf - . ' <database name="' . $db . '">' . $crlf; + . ' <database name="' . htmlspecialchars($db) . '">' . $crlf;
return PMA_exportOutputHandler($head); } @@ -265,9 +265,8 @@ function PMA_exportDBHeader($db) { */ function PMA_exportDBFooter($db) { global $crlf; - global $what;
- if (isset($GLOBALS[$what . '_export_contents']) && $GLOBALS[$what . '_export_contents']) { + if (isset($GLOBALS['xml_export_contents']) && $GLOBALS['xml_export_contents']) { return PMA_exportOutputHandler(' </database>' . $crlf); } else @@ -301,12 +300,11 @@ function PMA_exportDBCreate($db) { * @access public */ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query) { - global $what; - - if (isset($GLOBALS[$what . '_export_contents']) && $GLOBALS[$what . '_export_contents']) { + if (isset($GLOBALS['xml_export_contents']) && $GLOBALS['xml_export_contents']) { $result = PMA_DBI_query($sql_query, null, PMA_DBI_QUERY_UNBUFFERED);
$columns_cnt = PMA_DBI_num_fields($result); + $columns = array(); for ($i = 0; $i < $columns_cnt; $i++) { $columns[$i] = stripslashes(str_replace(' ', '_', PMA_DBI_field_name($result, $i))); } @@ -324,7 +322,7 @@ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query) { if (!isset($record[$i]) || is_null($record[$i])) { $record[$i] = 'NULL'; } - $buffer .= ' <column name="' . $columns[$i] . '">' . htmlspecialchars((string)$record[$i]) + $buffer .= ' <column name="' . htmlspecialchars($columns[$i]) . '">' . htmlspecialchars((string)$record[$i]) . '</column>' . $crlf; } $buffer .= ' </table>' . $crlf;
hooks/post-receive