[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3_1-8285-gbce8eaf
Piotr Przybylski
crackpl at users.sourceforge.net
Thu Jul 14 01:45:05 CEST 2011
The branch, master has been updated
via bce8eaf40a42b4982f4125e23f4ab988ed8e113b (commit)
via 059ddeb79788a969c94c7817f0ccab4686511a73 (commit)
via 590059cc30038d60e9c5ad11b2cb369c9ebc14fc (commit)
from 151799f17f63f1329b381f61f0bf0e238565842b (commit)
- Log -----------------------------------------------------------------
commit bce8eaf40a42b4982f4125e23f4ab988ed8e113b
Author: Piotr Przybylski <piotrprz at gmail.com>
Date: Thu Jul 14 01:44:41 2011 +0200
JSON export plugin: fix syntax for empty table, better data escaping
commit 059ddeb79788a969c94c7817f0ccab4686511a73
Author: Piotr Przybylski <piotrprz at gmail.com>
Date: Thu Jul 14 01:43:30 2011 +0200
Better db and table name escaping in codegen and htmlword export plugins
commit 590059cc30038d60e9c5ad11b2cb369c9ebc14fc
Author: Piotr Przybylski <piotrprz at gmail.com>
Date: Thu Jul 14 01:30:25 2011 +0200
Fix db/table name escaping in UI preferences
-----------------------------------------------------------------------
Summary of changes:
libraries/Table.class.php | 9 +++++----
libraries/export/codegen.php | 4 ++--
libraries/export/htmlword.php | 6 +++---
libraries/export/json.php | 14 ++++++++------
4 files changed, 18 insertions(+), 15 deletions(-)
diff --git a/libraries/Table.class.php b/libraries/Table.class.php
index 9a15c48..83e67fd 100644
--- a/libraries/Table.class.php
+++ b/libraries/Table.class.php
@@ -1240,8 +1240,8 @@ class PMA_Table
$sql_query =
" SELECT `prefs` FROM " . $pma_table .
" WHERE `username` = '" . $GLOBALS['cfg']['Server']['user'] . "'" .
- " AND `db_name` = '" . $this->db_name . "'" .
- " AND `table_name` = '" . $this->name . "'";
+ " AND `db_name` = '" . PMA_sqlAddSlashes($this->db_name) . "'" .
+ " AND `table_name` = '" . PMA_sqlAddSlashes($this->name) . "'";
$row = PMA_DBI_fetch_array(PMA_query_as_controluser($sql_query));
if (isset($row[0])) {
@@ -1264,8 +1264,9 @@ class PMA_Table
$username = $GLOBALS['cfg']['Server']['user'];
$sql_query =
" REPLACE INTO " . $pma_table .
- " VALUES ('" . $username . "', '" . $this->db_name . "', '" .
- $this->name . "', '" . PMA_sqlAddSlashes(json_encode($this->uiprefs)) . "')";
+ " VALUES ('" . $username . "', '" . PMA_sqlAddSlashes($this->db_name) . "', '" .
+ PMA_sqlAddSlashes($this->name) . "', '" .
+ PMA_sqlAddSlashes(json_encode($this->uiprefs)) . "')";
$success = PMA_DBI_try_query($sql_query, $GLOBALS['controllink']);
diff --git a/libraries/export/codegen.php b/libraries/export/codegen.php
index d60785c..fb81cf9 100644
--- a/libraries/export/codegen.php
+++ b/libraries/export/codegen.php
@@ -268,8 +268,8 @@ class TableProperty
{
$lines=array();
$lines[] = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>";
- $lines[] = "<hibernate-mapping xmlns=\"urn:nhibernate-mapping-2.2\" namespace=\"".ucfirst($db)."\" assembly=\"".ucfirst($db)."\">";
- $lines[] = " <class name=\"".ucfirst($table)."\" table=\"".$table."\">";
+ $lines[] = "<hibernate-mapping xmlns=\"urn:nhibernate-mapping-2.2\" namespace=\"".ucfirst(htmlspecialchars($db, ENT_COMPAT, 'UTF-8'))."\" assembly=\"".ucfirst(htmlspecialchars($db, ENT_COMPAT, 'UTF-8'))."\">";
+ $lines[] = " <class name=\"".ucfirst(htmlspecialchars($table, ENT_COMPAT, 'UTF-8'))."\" table=\"".htmlspecialchars($table, ENT_COMPAT, 'UTF-8')."\">";
$result = PMA_DBI_query(sprintf("DESC %s.%s", PMA_backquote($db), PMA_backquote($table)));
if ($result)
{
diff --git a/libraries/export/htmlword.php b/libraries/export/htmlword.php
index c840e93..a97aab2 100644
--- a/libraries/export/htmlword.php
+++ b/libraries/export/htmlword.php
@@ -75,7 +75,7 @@ xmlns="http://www.w3.org/TR/REC-html40">
* @access public
*/
function PMA_exportDBHeader($db) {
- return PMA_exportOutputHandler('<h1>' . __('Database') . ' ' . $db . '</h1>');
+ return PMA_exportOutputHandler('<h1>' . __('Database') . ' ' . htmlspecialchars($db) . '</h1>');
}
/**
@@ -118,7 +118,7 @@ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query)
{
global $what;
- if (! PMA_exportOutputHandler('<h2>' . __('Dumping data for table') . ' ' . $table . '</h2>')) {
+ if (! PMA_exportOutputHandler('<h2>' . __('Dumping data for table') . ' ' . htmlspecialchars($table) . '</h2>')) {
return false;
}
if (! PMA_exportOutputHandler('<table class="width100" cellspacing="1">')) {
@@ -192,7 +192,7 @@ function PMA_exportStructure($db, $table, $crlf, $error_url, $do_relation = fals
{
global $cfgRelation;
- if (! PMA_exportOutputHandler('<h2>' . __('Table structure for table') . ' ' .$table . '</h2>')) {
+ if (! PMA_exportOutputHandler('<h2>' . __('Table structure for table') . ' ' . htmlspecialchars($table) . '</h2>')) {
return false;
}
diff --git a/libraries/export/json.php b/libraries/export/json.php
index 86e2e89..989ef88 100644
--- a/libraries/export/json.php
+++ b/libraries/export/json.php
@@ -74,7 +74,7 @@ function PMA_exportHeader()
*/
function PMA_exportDBHeader($db)
{
- PMA_exportOutputHandler('/* Database \'' . $db . '\' */ ' . $GLOBALS['crlf'] );
+ PMA_exportOutputHandler('// Database \'' . $db . '\'' . $GLOBALS['crlf'] );
return true;
}
@@ -134,7 +134,7 @@ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query)
// Output table name as comment if this is the first record of the table
if ($record_cnt == 1) {
- $buffer .= '/* ' . $db . '.' . $table . ' */' . $crlf . $crlf;
+ $buffer .= '// ' . $db . '.' . $table . $crlf . $crlf;
$buffer .= '[{';
} else {
$buffer .= ', {';
@@ -147,18 +147,20 @@ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query)
$column = $columns[$i];
if (is_null($record[$i])) {
- $buffer .= '"' . $column . '": null' . (! $isLastLine ? ',' : '');
+ $buffer .= '"' . addslashes($column) . '": null' . (! $isLastLine ? ',' : '');
} elseif (is_numeric($record[$i])) {
- $buffer .= '"' . $column . '": ' . $record[$i] . (! $isLastLine ? ',' : '');
+ $buffer .= '"' . addslashes($column) . '": ' . $record[$i] . (! $isLastLine ? ',' : '');
} else {
- $buffer .= '"' . $column . '": "' . addslashes($record[$i]) . '"' . (! $isLastLine ? ',' : '');
+ $buffer .= '"' . addslashes($column) . '": "' . addslashes($record[$i]) . '"' . (! $isLastLine ? ',' : '');
}
}
$buffer .= '}';
}
- $buffer .= ']';
+ if ($record_cnt) {
+ $buffer .= ']';
+ }
if (! PMA_exportOutputHandler($buffer)) {
return false;
}
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list