[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3_1-8285-gbce8eaf

Piotr Przybylski crackpl at users.sourceforge.net
Thu Jul 14 01:45:05 CEST 2011 

The branch, master has been updated
       via  bce8eaf40a42b4982f4125e23f4ab988ed8e113b (commit)
       via  059ddeb79788a969c94c7817f0ccab4686511a73 (commit)
       via  590059cc30038d60e9c5ad11b2cb369c9ebc14fc (commit)
      from  151799f17f63f1329b381f61f0bf0e238565842b (commit)


- Log -----------------------------------------------------------------
commit bce8eaf40a42b4982f4125e23f4ab988ed8e113b
Author: Piotr Przybylski <piotrprz at gmail.com>
Date:   Thu Jul 14 01:44:41 2011 +0200

    JSON export plugin: fix syntax for empty table, better data escaping

commit 059ddeb79788a969c94c7817f0ccab4686511a73
Author: Piotr Przybylski <piotrprz at gmail.com>
Date:   Thu Jul 14 01:43:30 2011 +0200

    Better db and table name escaping in codegen and htmlword export plugins

commit 590059cc30038d60e9c5ad11b2cb369c9ebc14fc
Author: Piotr Przybylski <piotrprz at gmail.com>
Date:   Thu Jul 14 01:30:25 2011 +0200

    Fix db/table name escaping in UI preferences

-----------------------------------------------------------------------

Summary of changes:
 libraries/Table.class.php     |    9 +++++----
 libraries/export/codegen.php  |    4 ++--
 libraries/export/htmlword.php |    6 +++---
 libraries/export/json.php     |   14 ++++++++------
 4 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/libraries/Table.class.php b/libraries/Table.class.php
index 9a15c48..83e67fd 100644
--- a/libraries/Table.class.php
+++ b/libraries/Table.class.php
@@ -1240,8 +1240,8 @@ class PMA_Table
         $sql_query =
         " SELECT `prefs` FROM " . $pma_table .
         " WHERE `username` = '" . $GLOBALS['cfg']['Server']['user'] . "'" .
-        " AND `db_name` = '" . $this->db_name . "'" .
-        " AND `table_name` = '" . $this->name . "'";
+        " AND `db_name` = '" . PMA_sqlAddSlashes($this->db_name) . "'" .
+        " AND `table_name` = '" . PMA_sqlAddSlashes($this->name) . "'";
 
         $row = PMA_DBI_fetch_array(PMA_query_as_controluser($sql_query));
         if (isset($row[0])) {
@@ -1264,8 +1264,9 @@ class PMA_Table
         $username = $GLOBALS['cfg']['Server']['user'];
         $sql_query =
         " REPLACE INTO " . $pma_table .
-        " VALUES ('" . $username . "', '" . $this->db_name . "', '" .
-                       $this->name . "', '" . PMA_sqlAddSlashes(json_encode($this->uiprefs)) . "')";
+        " VALUES ('" . $username . "', '" . PMA_sqlAddSlashes($this->db_name) . "', '" .
+                       PMA_sqlAddSlashes($this->name) . "', '" .
+                       PMA_sqlAddSlashes(json_encode($this->uiprefs)) . "')";
 
         $success = PMA_DBI_try_query($sql_query, $GLOBALS['controllink']);
 
diff --git a/libraries/export/codegen.php b/libraries/export/codegen.php
index d60785c..fb81cf9 100644
--- a/libraries/export/codegen.php
+++ b/libraries/export/codegen.php
@@ -268,8 +268,8 @@ class TableProperty
 	{
 		$lines=array();
 		$lines[] = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>";
-		$lines[] = "<hibernate-mapping xmlns=\"urn:nhibernate-mapping-2.2\" namespace=\"".ucfirst($db)."\" assembly=\"".ucfirst($db)."\">";
-		$lines[] = "	<class name=\"".ucfirst($table)."\" table=\"".$table."\">";
+		$lines[] = "<hibernate-mapping xmlns=\"urn:nhibernate-mapping-2.2\" namespace=\"".ucfirst(htmlspecialchars($db, ENT_COMPAT, 'UTF-8'))."\" assembly=\"".ucfirst(htmlspecialchars($db, ENT_COMPAT, 'UTF-8'))."\">";
+		$lines[] = "	<class name=\"".ucfirst(htmlspecialchars($table, ENT_COMPAT, 'UTF-8'))."\" table=\"".htmlspecialchars($table, ENT_COMPAT, 'UTF-8')."\">";
 		$result = PMA_DBI_query(sprintf("DESC %s.%s", PMA_backquote($db), PMA_backquote($table)));
 		if ($result)
 		{
diff --git a/libraries/export/htmlword.php b/libraries/export/htmlword.php
index c840e93..a97aab2 100644
--- a/libraries/export/htmlword.php
+++ b/libraries/export/htmlword.php
@@ -75,7 +75,7 @@ xmlns="http://www.w3.org/TR/REC-html40">
  * @access  public
  */
 function PMA_exportDBHeader($db) {
-    return PMA_exportOutputHandler('<h1>' . __('Database') . ' ' . $db . '</h1>');
+    return PMA_exportOutputHandler('<h1>' . __('Database') . ' ' . htmlspecialchars($db) . '</h1>');
 }
 
 /**
@@ -118,7 +118,7 @@ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query)
 {
     global $what;
 
-    if (! PMA_exportOutputHandler('<h2>' . __('Dumping data for table') . ' ' . $table . '</h2>')) {
+    if (! PMA_exportOutputHandler('<h2>' . __('Dumping data for table') . ' ' . htmlspecialchars($table) . '</h2>')) {
         return false;
     }
     if (! PMA_exportOutputHandler('<table class="width100" cellspacing="1">')) {
@@ -192,7 +192,7 @@ function PMA_exportStructure($db, $table, $crlf, $error_url, $do_relation = fals
 {
     global $cfgRelation;
 
-    if (! PMA_exportOutputHandler('<h2>' . __('Table structure for table') . ' ' .$table . '</h2>')) {
+    if (! PMA_exportOutputHandler('<h2>' . __('Table structure for table') . ' ' . htmlspecialchars($table) . '</h2>')) {
         return false;
     }
 
diff --git a/libraries/export/json.php b/libraries/export/json.php
index 86e2e89..989ef88 100644
--- a/libraries/export/json.php
+++ b/libraries/export/json.php
@@ -74,7 +74,7 @@ function PMA_exportHeader()
  */
 function PMA_exportDBHeader($db)
 {
-    PMA_exportOutputHandler('/* Database \'' . $db . '\' */ ' . $GLOBALS['crlf'] );
+    PMA_exportOutputHandler('// Database \'' . $db . '\'' . $GLOBALS['crlf'] );
     return true;
 }
 
@@ -134,7 +134,7 @@ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query)
 
         // Output table name as comment if this is the first record of the table
         if ($record_cnt == 1) {
-            $buffer .= '/* ' . $db . '.' . $table . ' */' . $crlf . $crlf;
+            $buffer .= '// ' . $db . '.' . $table . $crlf . $crlf;
             $buffer .= '[{';
         } else {
             $buffer .= ', {';
@@ -147,18 +147,20 @@ function PMA_exportData($db, $table, $crlf, $error_url, $sql_query)
             $column = $columns[$i];
 
             if (is_null($record[$i])) {
-                $buffer .= '"' . $column . '": null' . (! $isLastLine ? ',' : '');
+                $buffer .= '"' . addslashes($column) . '": null' . (! $isLastLine ? ',' : '');
             } elseif (is_numeric($record[$i])) {
-                $buffer .= '"' . $column . '": ' . $record[$i] . (! $isLastLine ? ',' : '');
+                $buffer .= '"' . addslashes($column) . '": ' . $record[$i] . (! $isLastLine ? ',' : '');
             } else {
-                $buffer .= '"' . $column . '": "' . addslashes($record[$i]) . '"' . (! $isLastLine ? ',' : '');
+                $buffer .= '"' . addslashes($column) . '": "' . addslashes($record[$i]) . '"' . (! $isLastLine ? ',' : '');
             }
         }
 
         $buffer .= '}';
     }
 
-    $buffer .=  ']';
+    if ($record_cnt) {
+        $buffer .=  ']';
+    }
     if (! PMA_exportOutputHandler($buffer)) {
         return false;
     }


hooks/post-receive
-- 
phpMyAdmin

More information about the Git mailing list