[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_3_4, updated. RELEASE_3_4_3_1-29-g2cc22c8 - Git

14 Jul 2011

The branch, QA_3_4 has been updated
       via  2cc22c8aba33ad12b3d98905d6dfc29f7c878837 (commit)
       via  70083ad58346ff7190bcd8e56b63ab92f6abfa40 (commit)
       via  65d962d39703b412dc482be47e092f97933eb8e0 (commit)
       via  6d0f28b425dc9f975543301c4b194dd6fbdd494d (commit)
      from  ed88c4a7b68c8efd764a364d1a9579aa762ebdaa (commit)
- Log -----------------------------------------------------------------
commit 2cc22c8aba33ad12b3d98905d6dfc29f7c878837
Author: Piotr Przybylski piotrprz@gmail.com
Date:   Thu Jul 14 21:28:41 2011 +0200
Fix CodeGen export
commit 70083ad58346ff7190bcd8e56b63ab92f6abfa40
Author: Piotr Przybylski piotrprz@gmail.com
Date:   Thu Jul 14 00:05:58 2011 +0200
Fix XML export so it actually can export table structure
    More escaping fixes
commit 65d962d39703b412dc482be47e092f97933eb8e0
Author: Piotr Przybylski piotrprz@gmail.com
Date:   Wed Jul 13 23:42:29 2011 +0200
Better escaping in XML export
    Note: it's still incorrect
commit 6d0f28b425dc9f975543301c4b194dd6fbdd494d
Author: Piotr Przybylski piotrprz@gmail.com
Date:   Wed Jul 13 23:40:58 2011 +0200
Improve readability of XML export code
-----------------------------------------------------------------------
Summary of changes:
 libraries/export/codegen.php |   76 +++++++++++++++++++++++++++---------------
 libraries/export/xml.php     |   43 +++++++++++------------
 2 files changed, 70 insertions(+), 49 deletions(-)

diff --git a/libraries/export/codegen.php b/libraries/export/codegen.php
index 8e36f40..7160122 100644
--- a/libraries/export/codegen.php
+++ b/libraries/export/codegen.php
@@ -138,12 +138,12 @@ function PMA_exportDBCreate($db)
  */
 function PMA_exportData($db, $table, $crlf, $error_url, $sql_query)
 {
-	global $CG_FORMATS, $CG_HANDLERS;
-	$format = cgGetOption("format");
-	$index = array_search($format, $CG_FORMATS);
-	if ($index >= 0)
-		return PMA_exportOutputHandler($CG_HANDLERS[$index]($db, $table, $crlf));
-	return PMA_exportOutputHandler(sprintf("%s is not supported.", $format));
+    global $CG_FORMATS, $CG_HANDLERS;
+    $format = cgGetOption("format");
+    if (isset($CG_FORMATS[$format])) {
+        return PMA_exportOutputHandler($CG_HANDLERS[$format]($db, $table, $crlf));
+    }
+    return PMA_exportOutputHandler(sprintf("%s is not supported.", $format));
 }
/**
@@ -209,28 +209,50 @@ class TableProperty
    function getIndexName()
    {
    	if (strlen($this->key)>0)
-			return "index="" . $this->name . """;
+			return "index="" . htmlspecialchars($this->name, ENT_COMPAT, 'UTF-8') . """;
    	return "";
    }
    function isPK()
    {
    	return $this->key=="PRI";
    }
-	function format($pattern)
+    function formatCs($text)
+    {
+        $text=str_replace("#name#", cgMakeIdentifier($this->name, false), $text);
+        return $this->format($text);
+    }
+    function formatXml($text)
+    {
+        $text=str_replace("#name#", htmlspecialchars($this->name, ENT_COMPAT, 'UTF-8'), $text);
+        $text=str_replace("#indexName#", $this->getIndexName(), $text);
+        return $this->format($text);
+    }
+	function format($text)
    {
-		$text=$pattern;
-		$text=str_replace("#name#", $this->name, $text);
+        $text=str_replace("#ucfirstName#", cgMakeIdentifier($this->name), $text);
+        $text=str_replace("#dotNetPrimitiveType#", $this->getDotNetPrimitiveType(), $text);
+        $text=str_replace("#dotNetObjectType#", $this->getDotNetObjectType(), $text);
    	$text=str_replace("#type#", $this->getPureType(), $text);
    	$text=str_replace("#notNull#", $this->isNotNull(), $text);
    	$text=str_replace("#unique#", $this->isUnique(), $text);
-		$text=str_replace("#ucfirstName#", ucfirst($this->name), $text);
-		$text=str_replace("#dotNetPrimitiveType#", $this->getDotNetPrimitiveType(), $text);
-		$text=str_replace("#dotNetObjectType#", $this->getDotNetObjectType(), $text);
-		$text=str_replace("#indexName#", $this->getIndexName(), $text);
    	return $text;
    }
 }
+    function cgMakeIdentifier($str, $ucfirst = true)
+    {
+        // remove unsafe characters
+        $str = preg_replace('/[^\p{L}\p{Nl}_]/u', '', $str);
+        // make sure first character is a letter or _
+        if (!preg_match('/^\pL/u', $str)) {
+            $str = '_' . $str;
+        }
+        if ($ucfirst) {
+            $str = ucfirst($str);
+        }
+        return $str;
+    }
+
    function handleNHibernateCSBody($db, $table, $crlf)
    {
    	$lines=array();
@@ -244,31 +266,31 @@ class TableProperty
    		$lines[] = "using System.Collections;";
    		$lines[] = "using System.Collections.Generic;";
    		$lines[] = "using System.Text;";
-			$lines[] = "namespace ".ucfirst($db);
+			$lines[] = "namespace ".cgMakeIdentifier($db);
    		$lines[] = "{";
-			$lines[] = "	#region ".ucfirst($table);
-			$lines[] = "	public class ".ucfirst($table);
+			$lines[] = "	#region ".cgMakeIdentifier($table);
+			$lines[] = "	public class ".cgMakeIdentifier($table);
    		$lines[] = "	{";
    		$lines[] = "		#region Member Variables";
    		foreach ($tableProperties as $tablePropertie)
-				$lines[] = $tablePropertie->format("		protected #dotNetPrimitiveType# _#name#;");
+				$lines[] = $tablePropertie->formatCs("		protected #dotNetPrimitiveType# _#name#;");
    		$lines[] = "		#endregion";
    		$lines[] = "		#region Constructors";
-			$lines[] = "		public ".ucfirst($table)."() { }";
+			$lines[] = "		public ".cgMakeIdentifier($table)."() { }";
    		$temp = array();
    		foreach ($tableProperties as $tablePropertie)
    			if (! $tablePropertie->isPK())
-					$temp[] = $tablePropertie->format("#dotNetPrimitiveType# #name#");
-			$lines[] = "		public ".ucfirst($table)."(".implode(", ", $temp).")";
+					$temp[] = $tablePropertie->formatCs("#dotNetPrimitiveType# #name#");
+			$lines[] = "		public ".cgMakeIdentifier($table)."(".implode(", ", $temp).")";
    		$lines[] = "		{";
    		foreach ($tableProperties as $tablePropertie)
    			if (! $tablePropertie->isPK())
-					$lines[] = $tablePropertie->format("			this._#name#=#name#;");
+					$lines[] = $tablePropertie->formatCs("			this._#name#=#name#;");
    		$lines[] = "		}";
    		$lines[] = "		#endregion";
    		$lines[] = "		#region Public Properties";
    		foreach ($tableProperties as $tablePropertie)
-				$lines[] = $tablePropertie->format("		public virtual #dotNetPrimitiveType# _#ucfirstName#\n		{\n			get {return _#name#;}\n			set {_#name#=value;}\n		}");
+				$lines[] = $tablePropertie->formatCs("		public virtual #dotNetPrimitiveType# #ucfirstName#\n		{\n			get {return _#name#;}\n			set {_#name#=value;}\n		}");
    		$lines[] = "		#endregion";
    		$lines[] = "	}";
    		$lines[] = "	#endregion";
@@ -282,8 +304,8 @@ class TableProperty
    {
    	$lines=array();
    	$lines[] = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>";
-		$lines[] = "<hibernate-mapping xmlns="urn:nhibernate-mapping-2.2" namespace="".ucfirst($db)."" assembly="".ucfirst($db)."">";
-		$lines[] = "	<class name="".ucfirst($table)."" table="".$table."">";
+		$lines[] = "<hibernate-mapping xmlns="urn:nhibernate-mapping-2.2" namespace="".cgMakeIdentifier($db)."" assembly="".cgMakeIdentifier($db)."">";
+		$lines[] = "	<class name="".cgMakeIdentifier($table)."" table="".cgMakeIdentifier($table)."">";
    	$result = PMA_DBI_query(sprintf("DESC %s.%s", PMA_backquote($db), PMA_backquote($table)));
    	if ($result)
    	{
@@ -293,9 +315,9 @@ class TableProperty
    		foreach ($tableProperties as $tablePropertie)
    		{
    			if ($tablePropertie->isPK())
-					$lines[] = $tablePropertie->format("		<id name="#ucfirstName#" type="#dotNetObjectType#" unsaved-value="0">\n			<column name="#name#" sql-type="#type#" not-null="#notNull#" unique="#unique#" index="PRIMARY"/>\n			<generator class="native" />\n		</id>");
+					$lines[] = $tablePropertie->formatXml("		<id name="#ucfirstName#" type="#dotNetObjectType#" unsaved-value="0">\n			<column name="#name#" sql-type="#type#" not-null="#notNull#" unique="#unique#" index="PRIMARY"/>\n			<generator class="native" />\n		</id>");
    			else
-					$lines[] = $tablePropertie->format("		<property name="#ucfirstName#" type="#dotNetObjectType#">\n			<column name="#name#" sql-type="#type#" not-null="#notNull#" #indexName#/>\n		</property>");
+					$lines[] = $tablePropertie->formatXml("		<property name="#ucfirstName#" type="#dotNetObjectType#">\n			<column name="#name#" sql-type="#type#" not-null="#notNull#" #indexName#/>\n		</property>");
    		}
    		PMA_DBI_free_result($result);
    	}
diff --git a/libraries/export/xml.php b/libraries/export/xml.php
index 9bafb09..83b51ee 100644
--- a/libraries/export/xml.php
+++ b/libraries/export/xml.php
@@ -82,13 +82,14 @@ function PMA_exportFooter() {
 function PMA_exportHeader() {
     global $crlf;
     global $cfg;
-    global $what;
     global $db;
     global $table;
     global $tables;
-    $export_struct = isset($GLOBALS[$what . '_export_struc']) ? true : false;
-    $export_data = isset($GLOBALS[$what . '_export_contents']) ? true : false;
+    $export_struct = isset($GLOBALS['xml_export_functions']) || isset($GLOBALS['xml_export_procedures'])
+        || isset($GLOBALS['xml_export_tables']) || isset($GLOBALS['xml_export_triggers'])
+        || isset($GLOBALS['xml_export_views']);
+    $export_data = isset($GLOBALS['xml_export_contents']) ? true : false;
if ($GLOBALS['output_charset_conversion']) {
         $charset = $GLOBALS['charset_of_file'];
@@ -123,7 +124,7 @@ function PMA_exportHeader() {
         $head .= '    - Structure schemas' . $crlf;
         $head .= '    -->' . $crlf;
         $head .= '    pma:structure_schemas' . $crlf;
-        $head .= '        <pma:database name="' . $db . '" collation="' . $db_collation . '" charset="' . $db_charset . '">' . $crlf;
+        $head .= '        <pma:database name="' . htmlspecialchars($db) . '" collation="' . $db_collation . '" charset="' . $db_charset . '">' . $crlf;
if (count($tables) == 0) {
             $tables[] = $table;
@@ -142,23 +143,23 @@ function PMA_exportHeader() {
                 $type = 'table';
             }
-            if ($is_view && ! isset($GLOBALS[$what . '_export_views'])) {
+            if ($is_view && ! isset($GLOBALS['xml_export_views'])) {
                 continue;
             }
-            if (! $is_view && ! isset($GLOBALS[$what . '_export_tables'])) {
+            if (! $is_view && ! isset($GLOBALS['xml_export_tables'])) {
                 continue;
             }
$head .= '            <pma:' . $type . ' name="' . $table . '">' . $crlf;
-            $tbl = "                " . $tbl;
+            $tbl = "                " . htmlspecialchars($tbl);
             $tbl = str_replace("\n", "\n                ", $tbl);
$head .= $tbl . ';' . $crlf;
             $head .= '            </pma:' . $type . '>' . $crlf;
-            if (isset($GLOBALS[$what . '_export_triggers']) && $GLOBALS[$what . '_export_triggers']) {
+            if (isset($GLOBALS['xml_export_triggers']) && $GLOBALS['xml_export_triggers']) {
                 // Export triggers
                 $triggers = PMA_DBI_get_triggers($db, $table);
                 if ($triggers) {
@@ -168,7 +169,7 @@ function PMA_exportHeader() {
// Do some formatting
                         $code = substr(rtrim($code), 0, -3);
-                        $code = "                " . $code;
+                        $code = "                " . htmlspecialchars($code);
                         $code = str_replace("\n", "\n                ", $code);
$head .= $code . $crlf;
@@ -181,7 +182,7 @@ function PMA_exportHeader() {
             }
         }
-        if (isset($GLOBALS[$what . '_export_functions']) && $GLOBALS[$what . '_export_functions']) {
+        if (isset($GLOBALS['xml_export_functions']) && $GLOBALS['xml_export_functions']) {
             // Export functions
             $functions = PMA_DBI_get_procedures_or_functions($db, 'FUNCTION');
             if ($functions) {
@@ -191,7 +192,7 @@ function PMA_exportHeader() {
                     // Do some formatting
                     $sql = PMA_DBI_get_definition($db, 'FUNCTION', $function);
                     $sql = rtrim($sql);
-                    $sql = "                " . $sql;
+                    $sql = "                " . htmlspecialchars($sql);
                     $sql = str_replace("\n", "\n                ", $sql);
$head .= $sql . $crlf;
@@ -204,7 +205,7 @@ function PMA_exportHeader() {
             }
         }
-        if (isset($GLOBALS[$what . '_export_procedures']) && $GLOBALS[$what . '_export_procedures']) {
+        if (isset($GLOBALS['xml_export_procedures']) && $GLOBALS['xml_export_procedures']) {
             // Export procedures
             $procedures = PMA_DBI_get_procedures_or_functions($db, 'PROCEDURE');
             if ($procedures) {
@@ -214,7 +215,7 @@ function PMA_exportHeader() {
                     // Do some formatting
                     $sql = PMA_DBI_get_definition($db, 'PROCEDURE', $procedure);
                     $sql = rtrim($sql);
-                    $sql = "                " . $sql;
+                    $sql = "                " . htmlspecialchars($sql);
                     $sql = str_replace("\n", "\n                ", $sql);
$head .= $sql . $crlf;
@@ -251,13 +252,12 @@ function PMA_exportHeader() {
  */
 function PMA_exportDBHeader($db) {
     global $crlf;
-    global $what;
-    if (isset($GLOBALS[$what . '_export_contents']) && $GLOBALS[$what . '_export_contents']) {
+    if (isset($GLOBALS['xml_export_contents']) && $GLOBALS['xml_export_contents']) {
         $head = '    <!--' . $crlf
               . '    - ' . __('Database') . ': ' . (isset($GLOBALS['use_backquotes']) ? PMA_backquote($db) : '\'' . $db . '\''). $crlf
               . '    -->' . $crlf
-              . '    <database name="' . $db . '">' . $crlf;
+              . '    <database name="' . htmlspecialchars($db) . '">' . $crlf;
return PMA_exportOutputHandler($head);
     }
@@ -278,9 +278,8 @@ function PMA_exportDBHeader($db) {
  */
 function PMA_exportDBFooter($db) {
     global $crlf;
-    global $what;
-    if (isset($GLOBALS[$what . '_export_contents']) && $GLOBALS[$what . '_export_contents']) {
+    if (isset($GLOBALS['xml_export_contents']) && $GLOBALS['xml_export_contents']) {
         return PMA_exportOutputHandler('    </database>' . $crlf);
     }
     else
@@ -317,12 +316,12 @@ function PMA_exportDBCreate($db) {
  * @access  public
  */
 function PMA_exportData($db, $table, $crlf, $error_url, $sql_query) {
-    global $what;
-    
-    if (isset($GLOBALS[$what . '_export_contents']) && $GLOBALS[$what . '_export_contents']) {
+
+    if (isset($GLOBALS['xml_export_contents']) && $GLOBALS['xml_export_contents']) {
         $result      = PMA_DBI_query($sql_query, null, PMA_DBI_QUERY_UNBUFFERED);
$columns_cnt = PMA_DBI_num_fields($result);
+        $columns = array();
         for ($i = 0; $i < $columns_cnt; $i++) {
             $columns[$i] = stripslashes(str_replace(' ', '_', PMA_DBI_field_name($result, $i)));
         }
@@ -340,7 +339,7 @@ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query) {
                 if (!isset($record[$i]) || is_null($record[$i])) {
                     $record[$i] = 'NULL';
                 }
-                $buffer .= '            <column name="' . $columns[$i] . '">' . htmlspecialchars((string)$record[$i])
+                $buffer .= '            <column name="' . htmlspecialchars($columns[$i]) . '">' . htmlspecialchars((string)$record[$i])
                         .  '</column>' . $crlf;
             }
             $buffer         .= '        </table>' . $crlf;
hooks/post-receive
-- 
phpMyAdmin


    