[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3RC1-4521-gc6ec739 - Git

21 Jun 2011

The branch, master has been updated
       via  c6ec73963fb8d62c6bc060933ca21ee978d29a38 (commit)
      from  18527251e7036e340d5f0be1fa6122ef3d1081d3 (commit)
- Log -----------------------------------------------------------------
commit c6ec73963fb8d62c6bc060933ca21ee978d29a38
Author: Michal Čihař mcihar@suse.cz
Date:   Tue Jun 21 17:41:47 2011 +0200
Use PMA_sqlAddSlashes for database queries instead of addslashes.
Should fix bug#3323066
-----------------------------------------------------------------------
Summary of changes:
 db_printview.php                     |    2 +-
 db_routines.php                      |    2 +-
 libraries/database_interface.lib.php |   16 ++++++++--------
 libraries/db_info.inc.php            |    4 ++--
 libraries/import/csv.php             |    2 +-
 tbl_create.php                       |    2 +-
 6 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/db_printview.php b/db_printview.php
index 7e3c709..3b02b86 100644
--- a/db_printview.php
+++ b/db_printview.php
@@ -53,7 +53,7 @@ if ($cfg['SkipLockedTables'] == true) {
             if ($result != false && PMA_DBI_num_rows($result) > 0) {
                 while ($tmp = PMA_DBI_fetch_row($result)) {
                     if (! isset($sot_cache[$tmp[0]])) {
-                        $sts_result  = PMA_DBI_query('SHOW TABLE STATUS FROM ' . PMA_backquote($db) . ' LIKE '' . addslashes($tmp[0]) . '';');
+                        $sts_result  = PMA_DBI_query('SHOW TABLE STATUS FROM ' . PMA_backquote($db) . ' LIKE '' . PMA_sqlAddSlashes($tmp[0]) . '';');
                         $sts_tmp     = PMA_DBI_fetch_assoc($sts_result);
                         $tables[]    = $sts_tmp;
                     } else { // table in use
diff --git a/db_routines.php b/db_routines.php
index 1d9523e..ac65af3 100644
--- a/db_routines.php
+++ b/db_routines.php
@@ -97,7 +97,7 @@ if (! empty($_REQUEST['execute_routine']) && ! empty($_REQUEST['routine_name']))
                 if (is_array($value)) { // is SET type
                     $value = implode(',', $value);
                 }
-                $value = PMA_sqladdslashes($value);
+                $value = PMA_sqlAddSlashes($value);
                 if (! empty($_REQUEST['funcs'][$routine['param_name'][$i]])
                       && in_array($_REQUEST['funcs'][$routine['param_name'][$i]], $cfg['Functions'])) {
                     $queries[] = "SET @p$i={$_REQUEST['funcs'][$routine['param_name'][$i]]}('$value');\n";
diff --git a/libraries/database_interface.lib.php b/libraries/database_interface.lib.php
index 5e61ef8..326ab0c 100644
--- a/libraries/database_interface.lib.php
+++ b/libraries/database_interface.lib.php
@@ -317,12 +317,12 @@ function PMA_DBI_get_tables_full($database, $table = false, $tbl_is_group = fals
         if ($table) {
             if (true === $tbl_is_group) {
                 $sql_where_table = 'AND `TABLE_NAME` LIKE ''
-                  . PMA_escape_mysql_wildcards(addslashes($table)) . '%'';
+                  . PMA_escape_mysql_wildcards(PMA_sqlAddSlashes($table)) . '%'';
             } elseif ('comment' === $tbl_is_group) {
                 $sql_where_table = 'AND `TABLE_COMMENT` LIKE ''
-                  . PMA_escape_mysql_wildcards(addslashes($table)) . '%'';
+                  . PMA_escape_mysql_wildcards(PMA_sqlAddSlashes($table)) . '%'';
             } else {
-                $sql_where_table = 'AND `TABLE_NAME` = '' . addslashes($table) . ''';
+                $sql_where_table = 'AND `TABLE_NAME` = '' . PMA_sqlAddSlashes($table) . ''';
             }
         } else {
             $sql_where_table = '';
@@ -395,7 +395,7 @@ function PMA_DBI_get_tables_full($database, $table = false, $tbl_is_group = fals
             if ($table || (true === $tbl_is_group)) {
                 $sql = 'SHOW TABLE STATUS FROM '
                     . PMA_backquote($each_database)
-                    .' LIKE '' . PMA_escape_mysql_wildcards(addslashes($table)) . '%'';
+                    .' LIKE '' . PMA_escape_mysql_wildcards(PMA_sqlAddSlashes($table)) . '%'';
             } else {
                 $sql = 'SHOW TABLE STATUS FROM '
                     . PMA_backquote($each_database);
@@ -579,7 +579,7 @@ function PMA_DBI_get_databases_full($database = null, $force_stats = false,
         // get table information from information_schema
         if ($database) {
             $sql_where_schema = 'WHERE `SCHEMA_NAME` LIKE ''
-                . addslashes($database) . ''';
+                . PMA_sqlAddSlashes($database) . ''';
         } else {
             $sql_where_schema = '';
         }
@@ -727,17 +727,17 @@ function PMA_DBI_get_columns_full($database = null, $table = null,
// get columns information from information_schema
         if (null !== $database) {
-            $sql_wheres[] = '`TABLE_SCHEMA` = '' . addslashes($database) . '' ';
+            $sql_wheres[] = '`TABLE_SCHEMA` = '' . PMA_sqlAddSlashes($database) . '' ';
         } else {
             $array_keys[] = 'TABLE_SCHEMA';
         }
         if (null !== $table) {
-            $sql_wheres[] = '`TABLE_NAME` = '' . addslashes($table) . '' ';
+            $sql_wheres[] = '`TABLE_NAME` = '' . PMA_sqlAddSlashes($table) . '' ';
         } else {
             $array_keys[] = 'TABLE_NAME';
         }
         if (null !== $column) {
-            $sql_wheres[] = '`COLUMN_NAME` = '' . addslashes($column) . '' ';
+            $sql_wheres[] = '`COLUMN_NAME` = '' . PMA_sqlAddSlashes($column) . '' ';
         } else {
             $array_keys[] = 'COLUMN_NAME';
         }
diff --git a/libraries/db_info.inc.php b/libraries/db_info.inc.php
index f8bb5a0..b657c6a 100644
--- a/libraries/db_info.inc.php
+++ b/libraries/db_info.inc.php
@@ -30,7 +30,7 @@
  * @uses    uksort()
  * @uses    strnatcasecmp()
  * @uses    count()
- * @uses    addslashes()
+ * @uses    PMA_sqlAddSlashes()
  * @package phpMyAdmin
  */
 if (! defined('PHPMYADMIN')) {
@@ -155,7 +155,7 @@ if (true === $cfg['SkipLockedTables']) {
                     if (! isset($sot_cache[$tmp[0]])) {
                         $sts_result  = PMA_DBI_query(
                             'SHOW TABLE STATUS FROM ' . PMA_backquote($db)
-                             . ' LIKE '' . addslashes($tmp[0]) . '';');
+                             . ' LIKE '' . PMA_sqlAddSlashes($tmp[0]) . '';');
                         $sts_tmp     = PMA_DBI_fetch_assoc($sts_result);
                         PMA_DBI_free_result($sts_result);
                         unset($sts_result);
diff --git a/libraries/import/csv.php b/libraries/import/csv.php
index 49cff44..7735598 100644
--- a/libraries/import/csv.php
+++ b/libraries/import/csv.php
@@ -338,7 +338,7 @@ while (!($finished && $i >= $len) && !$error && !$timeout_passed) {
                     if ($val === null) {
                         $sql .= 'NULL';
                     } else {
-                        $sql .= ''' . addslashes($val) . ''';
+                        $sql .= ''' . PMA_sqlAddSlashes($val) . ''';
                     }
$first = false;
diff --git a/tbl_create.php b/tbl_create.php
index 4d3171a..fd21c8b 100644
--- a/tbl_create.php
+++ b/tbl_create.php
@@ -257,7 +257,7 @@ if (isset($_REQUEST['do_save_data'])) {
             $is_show_stats = $cfg['ShowStats'];
$tbl_stats_result = PMA_DBI_query('SHOW TABLE STATUS FROM '
-                    . PMA_backquote($db) . ' LIKE '' . addslashes($table) . '';');
+                    . PMA_backquote($db) . ' LIKE '' . PMA_sqlAddSlashes($table) . '';');
             $tbl_stats = PMA_DBI_fetch_assoc($tbl_stats_result);
             PMA_DBI_free_result($tbl_stats_result);
             unset($tbl_stats_result);
hooks/post-receive
-- 
phpMyAdmin


    