The branch, QA_3_4 has been updated via 9e224184d786068317b801291c8f960109f0bdc5 (commit) via c2dd99965dea7756e9de5a58100c1c701ef83de3 (commit) from 341dc1296f8e3fe6b80a9b5f5e752cfd868bdb10 (commit) - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: ChangeLog | 2 ++ libraries/sqlparser.lib.php | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9bb28a8..e12b271 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,8 @@ phpMyAdmin - ChangeLog - bug #3317293 [edit] Inline edit places HTML line breaks in edit area - bug #3319466 [interface] Inline query edit does not escape special characters - minor XSS (require a valid token) +- bug #3323060 [parser] SQL parser breaks AJAX requests if query has unclosed quotes +- bug #3323101 [parser] Invalid escape sequence in SQL parser 3.4.2.0 (2011-06-07) - bug #3301249 [interface] Iconic table operations does not remove inline edit label diff --git a/libraries/sqlparser.lib.php b/libraries/sqlparser.lib.php index 2171560..0c13187 100644 --- a/libraries/sqlparser.lib.php +++ b/libraries/sqlparser.lib.php @@ -360,7 +360,7 @@ if (! defined('PMA_MINIMUM_COMMON')) { $sql_array['raw'] = $sql; $pos = $pos_quote_separator; } - if (class_exists('PMA_Message')) { + if (class_exists('PMA_Message') && $GLOBALS['is_ajax_request'] != true) { PMA_Message::notice(__('Automatically appended backtick to the end of query!'))->display(); } } else { @@ -379,7 +379,7 @@ if (! defined('PMA_MINIMUM_COMMON')) { // Checks for MySQL escaping using a \ // And checks for ANSI escaping using the $quotetype character - if (($pos < $len) && PMA_STR_charIsEscaped($sql, $pos)) { + if (($pos < $len) && PMA_STR_charIsEscaped($sql, $pos) && $c != '`') { $pos ++; continue; } elseif (($pos + 1 < $len) && ($GLOBALS['PMA_substr']($sql, $pos, 1) == $quotetype) && ($GLOBALS['PMA_substr']($sql, $pos + 1, 1) == $quotetype)) { hooks/post-receive -- phpMyAdmin