The branch, QA_3_4 has been updated via 2cc22c8aba33ad12b3d98905d6dfc29f7c878837 (commit) via 70083ad58346ff7190bcd8e56b63ab92f6abfa40 (commit) via 65d962d39703b412dc482be47e092f97933eb8e0 (commit) via 6d0f28b425dc9f975543301c4b194dd6fbdd494d (commit) from ed88c4a7b68c8efd764a364d1a9579aa762ebdaa (commit) - Log ----------------------------------------------------------------- commit 2cc22c8aba33ad12b3d98905d6dfc29f7c878837 Author: Piotr Przybylski <piotrprz@gmail.com> Date: Thu Jul 14 21:28:41 2011 +0200 Fix CodeGen export commit 70083ad58346ff7190bcd8e56b63ab92f6abfa40 Author: Piotr Przybylski <piotrprz@gmail.com> Date: Thu Jul 14 00:05:58 2011 +0200 Fix XML export so it actually can export table structure More escaping fixes commit 65d962d39703b412dc482be47e092f97933eb8e0 Author: Piotr Przybylski <piotrprz@gmail.com> Date: Wed Jul 13 23:42:29 2011 +0200 Better escaping in XML export Note: it's still incorrect commit 6d0f28b425dc9f975543301c4b194dd6fbdd494d Author: Piotr Przybylski <piotrprz@gmail.com> Date: Wed Jul 13 23:40:58 2011 +0200 Improve readability of XML export code ----------------------------------------------------------------------- Summary of changes: libraries/export/codegen.php | 76 +++++++++++++++++++++++++++--------------- libraries/export/xml.php | 43 +++++++++++------------ 2 files changed, 70 insertions(+), 49 deletions(-) diff --git a/libraries/export/codegen.php b/libraries/export/codegen.php index 8e36f40..7160122 100644 --- a/libraries/export/codegen.php +++ b/libraries/export/codegen.php @@ -138,12 +138,12 @@ function PMA_exportDBCreate($db) */ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query) { - global $CG_FORMATS, $CG_HANDLERS; - $format = cgGetOption("format"); - $index = array_search($format, $CG_FORMATS); - if ($index >= 0) - return PMA_exportOutputHandler($CG_HANDLERS[$index]($db, $table, $crlf)); - return PMA_exportOutputHandler(sprintf("%s is not supported.", $format)); + global $CG_FORMATS, $CG_HANDLERS; + $format = cgGetOption("format"); + if (isset($CG_FORMATS[$format])) { + return PMA_exportOutputHandler($CG_HANDLERS[$format]($db, $table, $crlf)); + } + return PMA_exportOutputHandler(sprintf("%s is not supported.", $format)); } /** @@ -209,28 +209,50 @@ class TableProperty function getIndexName() { if (strlen($this->key)>0) - return "index=\"" . $this->name . "\""; + return "index=\"" . htmlspecialchars($this->name, ENT_COMPAT, 'UTF-8') . "\""; return ""; } function isPK() { return $this->key=="PRI"; } - function format($pattern) + function formatCs($text) + { + $text=str_replace("#name#", cgMakeIdentifier($this->name, false), $text); + return $this->format($text); + } + function formatXml($text) + { + $text=str_replace("#name#", htmlspecialchars($this->name, ENT_COMPAT, 'UTF-8'), $text); + $text=str_replace("#indexName#", $this->getIndexName(), $text); + return $this->format($text); + } + function format($text) { - $text=$pattern; - $text=str_replace("#name#", $this->name, $text); + $text=str_replace("#ucfirstName#", cgMakeIdentifier($this->name), $text); + $text=str_replace("#dotNetPrimitiveType#", $this->getDotNetPrimitiveType(), $text); + $text=str_replace("#dotNetObjectType#", $this->getDotNetObjectType(), $text); $text=str_replace("#type#", $this->getPureType(), $text); $text=str_replace("#notNull#", $this->isNotNull(), $text); $text=str_replace("#unique#", $this->isUnique(), $text); - $text=str_replace("#ucfirstName#", ucfirst($this->name), $text); - $text=str_replace("#dotNetPrimitiveType#", $this->getDotNetPrimitiveType(), $text); - $text=str_replace("#dotNetObjectType#", $this->getDotNetObjectType(), $text); - $text=str_replace("#indexName#", $this->getIndexName(), $text); return $text; } } + function cgMakeIdentifier($str, $ucfirst = true) + { + // remove unsafe characters + $str = preg_replace('/[^\p{L}\p{Nl}_]/u', '', $str); + // make sure first character is a letter or _ + if (!preg_match('/^\pL/u', $str)) { + $str = '_' . $str; + } + if ($ucfirst) { + $str = ucfirst($str); + } + return $str; + } + function handleNHibernateCSBody($db, $table, $crlf) { $lines=array(); @@ -244,31 +266,31 @@ class TableProperty $lines[] = "using System.Collections;"; $lines[] = "using System.Collections.Generic;"; $lines[] = "using System.Text;"; - $lines[] = "namespace ".ucfirst($db); + $lines[] = "namespace ".cgMakeIdentifier($db); $lines[] = "{"; - $lines[] = " #region ".ucfirst($table); - $lines[] = " public class ".ucfirst($table); + $lines[] = " #region ".cgMakeIdentifier($table); + $lines[] = " public class ".cgMakeIdentifier($table); $lines[] = " {"; $lines[] = " #region Member Variables"; foreach ($tableProperties as $tablePropertie) - $lines[] = $tablePropertie->format(" protected #dotNetPrimitiveType# _#name#;"); + $lines[] = $tablePropertie->formatCs(" protected #dotNetPrimitiveType# _#name#;"); $lines[] = " #endregion"; $lines[] = " #region Constructors"; - $lines[] = " public ".ucfirst($table)."() { }"; + $lines[] = " public ".cgMakeIdentifier($table)."() { }"; $temp = array(); foreach ($tableProperties as $tablePropertie) if (! $tablePropertie->isPK()) - $temp[] = $tablePropertie->format("#dotNetPrimitiveType# #name#"); - $lines[] = " public ".ucfirst($table)."(".implode(", ", $temp).")"; + $temp[] = $tablePropertie->formatCs("#dotNetPrimitiveType# #name#"); + $lines[] = " public ".cgMakeIdentifier($table)."(".implode(", ", $temp).")"; $lines[] = " {"; foreach ($tableProperties as $tablePropertie) if (! $tablePropertie->isPK()) - $lines[] = $tablePropertie->format(" this._#name#=#name#;"); + $lines[] = $tablePropertie->formatCs(" this._#name#=#name#;"); $lines[] = " }"; $lines[] = " #endregion"; $lines[] = " #region Public Properties"; foreach ($tableProperties as $tablePropertie) - $lines[] = $tablePropertie->format(" public virtual #dotNetPrimitiveType# _#ucfirstName#\n {\n get {return _#name#;}\n set {_#name#=value;}\n }"); + $lines[] = $tablePropertie->formatCs(" public virtual #dotNetPrimitiveType# #ucfirstName#\n {\n get {return _#name#;}\n set {_#name#=value;}\n }"); $lines[] = " #endregion"; $lines[] = " }"; $lines[] = " #endregion"; @@ -282,8 +304,8 @@ class TableProperty { $lines=array(); $lines[] = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>"; - $lines[] = "<hibernate-mapping xmlns=\"urn:nhibernate-mapping-2.2\" namespace=\"".ucfirst($db)."\" assembly=\"".ucfirst($db)."\">"; - $lines[] = " <class name=\"".ucfirst($table)."\" table=\"".$table."\">"; + $lines[] = "<hibernate-mapping xmlns=\"urn:nhibernate-mapping-2.2\" namespace=\"".cgMakeIdentifier($db)."\" assembly=\"".cgMakeIdentifier($db)."\">"; + $lines[] = " <class name=\"".cgMakeIdentifier($table)."\" table=\"".cgMakeIdentifier($table)."\">"; $result = PMA_DBI_query(sprintf("DESC %s.%s", PMA_backquote($db), PMA_backquote($table))); if ($result) { @@ -293,9 +315,9 @@ class TableProperty foreach ($tableProperties as $tablePropertie) { if ($tablePropertie->isPK()) - $lines[] = $tablePropertie->format(" <id name=\"#ucfirstName#\" type=\"#dotNetObjectType#\" unsaved-value=\"0\">\n <column name=\"#name#\" sql-type=\"#type#\" not-null=\"#notNull#\" unique=\"#unique#\" index=\"PRIMARY\"/>\n <generator class=\"native\" />\n </id>"); + $lines[] = $tablePropertie->formatXml(" <id name=\"#ucfirstName#\" type=\"#dotNetObjectType#\" unsaved-value=\"0\">\n <column name=\"#name#\" sql-type=\"#type#\" not-null=\"#notNull#\" unique=\"#unique#\" index=\"PRIMARY\"/>\n <generator class=\"native\" />\n </id>"); else - $lines[] = $tablePropertie->format(" <property name=\"#ucfirstName#\" type=\"#dotNetObjectType#\">\n <column name=\"#name#\" sql-type=\"#type#\" not-null=\"#notNull#\" #indexName#/>\n </property>"); + $lines[] = $tablePropertie->formatXml(" <property name=\"#ucfirstName#\" type=\"#dotNetObjectType#\">\n <column name=\"#name#\" sql-type=\"#type#\" not-null=\"#notNull#\" #indexName#/>\n </property>"); } PMA_DBI_free_result($result); } diff --git a/libraries/export/xml.php b/libraries/export/xml.php index 9bafb09..83b51ee 100644 --- a/libraries/export/xml.php +++ b/libraries/export/xml.php @@ -82,13 +82,14 @@ function PMA_exportFooter() { function PMA_exportHeader() { global $crlf; global $cfg; - global $what; global $db; global $table; global $tables; - $export_struct = isset($GLOBALS[$what . '_export_struc']) ? true : false; - $export_data = isset($GLOBALS[$what . '_export_contents']) ? true : false; + $export_struct = isset($GLOBALS['xml_export_functions']) || isset($GLOBALS['xml_export_procedures']) + || isset($GLOBALS['xml_export_tables']) || isset($GLOBALS['xml_export_triggers']) + || isset($GLOBALS['xml_export_views']); + $export_data = isset($GLOBALS['xml_export_contents']) ? true : false; if ($GLOBALS['output_charset_conversion']) { $charset = $GLOBALS['charset_of_file']; @@ -123,7 +124,7 @@ function PMA_exportHeader() { $head .= ' - Structure schemas' . $crlf; $head .= ' -->' . $crlf; $head .= ' <pma:structure_schemas>' . $crlf; - $head .= ' <pma:database name="' . $db . '" collation="' . $db_collation . '" charset="' . $db_charset . '">' . $crlf; + $head .= ' <pma:database name="' . htmlspecialchars($db) . '" collation="' . $db_collation . '" charset="' . $db_charset . '">' . $crlf; if (count($tables) == 0) { $tables[] = $table; @@ -142,23 +143,23 @@ function PMA_exportHeader() { $type = 'table'; } - if ($is_view && ! isset($GLOBALS[$what . '_export_views'])) { + if ($is_view && ! isset($GLOBALS['xml_export_views'])) { continue; } - if (! $is_view && ! isset($GLOBALS[$what . '_export_tables'])) { + if (! $is_view && ! isset($GLOBALS['xml_export_tables'])) { continue; } $head .= ' <pma:' . $type . ' name="' . $table . '">' . $crlf; - $tbl = " " . $tbl; + $tbl = " " . htmlspecialchars($tbl); $tbl = str_replace("\n", "\n ", $tbl); $head .= $tbl . ';' . $crlf; $head .= ' </pma:' . $type . '>' . $crlf; - if (isset($GLOBALS[$what . '_export_triggers']) && $GLOBALS[$what . '_export_triggers']) { + if (isset($GLOBALS['xml_export_triggers']) && $GLOBALS['xml_export_triggers']) { // Export triggers $triggers = PMA_DBI_get_triggers($db, $table); if ($triggers) { @@ -168,7 +169,7 @@ function PMA_exportHeader() { // Do some formatting $code = substr(rtrim($code), 0, -3); - $code = " " . $code; + $code = " " . htmlspecialchars($code); $code = str_replace("\n", "\n ", $code); $head .= $code . $crlf; @@ -181,7 +182,7 @@ function PMA_exportHeader() { } } - if (isset($GLOBALS[$what . '_export_functions']) && $GLOBALS[$what . '_export_functions']) { + if (isset($GLOBALS['xml_export_functions']) && $GLOBALS['xml_export_functions']) { // Export functions $functions = PMA_DBI_get_procedures_or_functions($db, 'FUNCTION'); if ($functions) { @@ -191,7 +192,7 @@ function PMA_exportHeader() { // Do some formatting $sql = PMA_DBI_get_definition($db, 'FUNCTION', $function); $sql = rtrim($sql); - $sql = " " . $sql; + $sql = " " . htmlspecialchars($sql); $sql = str_replace("\n", "\n ", $sql); $head .= $sql . $crlf; @@ -204,7 +205,7 @@ function PMA_exportHeader() { } } - if (isset($GLOBALS[$what . '_export_procedures']) && $GLOBALS[$what . '_export_procedures']) { + if (isset($GLOBALS['xml_export_procedures']) && $GLOBALS['xml_export_procedures']) { // Export procedures $procedures = PMA_DBI_get_procedures_or_functions($db, 'PROCEDURE'); if ($procedures) { @@ -214,7 +215,7 @@ function PMA_exportHeader() { // Do some formatting $sql = PMA_DBI_get_definition($db, 'PROCEDURE', $procedure); $sql = rtrim($sql); - $sql = " " . $sql; + $sql = " " . htmlspecialchars($sql); $sql = str_replace("\n", "\n ", $sql); $head .= $sql . $crlf; @@ -251,13 +252,12 @@ function PMA_exportHeader() { */ function PMA_exportDBHeader($db) { global $crlf; - global $what; - if (isset($GLOBALS[$what . '_export_contents']) && $GLOBALS[$what . '_export_contents']) { + if (isset($GLOBALS['xml_export_contents']) && $GLOBALS['xml_export_contents']) { $head = ' <!--' . $crlf . ' - ' . __('Database') . ': ' . (isset($GLOBALS['use_backquotes']) ? PMA_backquote($db) : '\'' . $db . '\''). $crlf . ' -->' . $crlf - . ' <database name="' . $db . '">' . $crlf; + . ' <database name="' . htmlspecialchars($db) . '">' . $crlf; return PMA_exportOutputHandler($head); } @@ -278,9 +278,8 @@ function PMA_exportDBHeader($db) { */ function PMA_exportDBFooter($db) { global $crlf; - global $what; - if (isset($GLOBALS[$what . '_export_contents']) && $GLOBALS[$what . '_export_contents']) { + if (isset($GLOBALS['xml_export_contents']) && $GLOBALS['xml_export_contents']) { return PMA_exportOutputHandler(' </database>' . $crlf); } else @@ -317,12 +316,12 @@ function PMA_exportDBCreate($db) { * @access public */ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query) { - global $what; - - if (isset($GLOBALS[$what . '_export_contents']) && $GLOBALS[$what . '_export_contents']) { + + if (isset($GLOBALS['xml_export_contents']) && $GLOBALS['xml_export_contents']) { $result = PMA_DBI_query($sql_query, null, PMA_DBI_QUERY_UNBUFFERED); $columns_cnt = PMA_DBI_num_fields($result); + $columns = array(); for ($i = 0; $i < $columns_cnt; $i++) { $columns[$i] = stripslashes(str_replace(' ', '_', PMA_DBI_field_name($result, $i))); } @@ -340,7 +339,7 @@ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query) { if (!isset($record[$i]) || is_null($record[$i])) { $record[$i] = 'NULL'; } - $buffer .= ' <column name="' . $columns[$i] . '">' . htmlspecialchars((string)$record[$i]) + $buffer .= ' <column name="' . htmlspecialchars($columns[$i]) . '">' . htmlspecialchars((string)$record[$i]) . '</column>' . $crlf; } $buffer .= ' </table>' . $crlf; hooks/post-receive -- phpMyAdmin