[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3RC1-4521-gc6ec739
Michal Čihař
nijel at users.sourceforge.net
Tue Jun 21 18:01:25 CEST 2011
The branch, master has been updated
via c6ec73963fb8d62c6bc060933ca21ee978d29a38 (commit)
from 18527251e7036e340d5f0be1fa6122ef3d1081d3 (commit)
- Log -----------------------------------------------------------------
commit c6ec73963fb8d62c6bc060933ca21ee978d29a38
Author: Michal Čihař <mcihar at suse.cz>
Date: Tue Jun 21 17:41:47 2011 +0200
Use PMA_sqlAddSlashes for database queries instead of addslashes.
Should fix bug#3323066
-----------------------------------------------------------------------
Summary of changes:
db_printview.php | 2 +-
db_routines.php | 2 +-
libraries/database_interface.lib.php | 16 ++++++++--------
libraries/db_info.inc.php | 4 ++--
libraries/import/csv.php | 2 +-
tbl_create.php | 2 +-
6 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/db_printview.php b/db_printview.php
index 7e3c709..3b02b86 100644
--- a/db_printview.php
+++ b/db_printview.php
@@ -53,7 +53,7 @@ if ($cfg['SkipLockedTables'] == true) {
if ($result != false && PMA_DBI_num_rows($result) > 0) {
while ($tmp = PMA_DBI_fetch_row($result)) {
if (! isset($sot_cache[$tmp[0]])) {
- $sts_result = PMA_DBI_query('SHOW TABLE STATUS FROM ' . PMA_backquote($db) . ' LIKE \'' . addslashes($tmp[0]) . '\';');
+ $sts_result = PMA_DBI_query('SHOW TABLE STATUS FROM ' . PMA_backquote($db) . ' LIKE \'' . PMA_sqlAddSlashes($tmp[0]) . '\';');
$sts_tmp = PMA_DBI_fetch_assoc($sts_result);
$tables[] = $sts_tmp;
} else { // table in use
diff --git a/db_routines.php b/db_routines.php
index 1d9523e..ac65af3 100644
--- a/db_routines.php
+++ b/db_routines.php
@@ -97,7 +97,7 @@ if (! empty($_REQUEST['execute_routine']) && ! empty($_REQUEST['routine_name']))
if (is_array($value)) { // is SET type
$value = implode(',', $value);
}
- $value = PMA_sqladdslashes($value);
+ $value = PMA_sqlAddSlashes($value);
if (! empty($_REQUEST['funcs'][$routine['param_name'][$i]])
&& in_array($_REQUEST['funcs'][$routine['param_name'][$i]], $cfg['Functions'])) {
$queries[] = "SET @p$i={$_REQUEST['funcs'][$routine['param_name'][$i]]}('$value');\n";
diff --git a/libraries/database_interface.lib.php b/libraries/database_interface.lib.php
index 5e61ef8..326ab0c 100644
--- a/libraries/database_interface.lib.php
+++ b/libraries/database_interface.lib.php
@@ -317,12 +317,12 @@ function PMA_DBI_get_tables_full($database, $table = false, $tbl_is_group = fals
if ($table) {
if (true === $tbl_is_group) {
$sql_where_table = 'AND `TABLE_NAME` LIKE \''
- . PMA_escape_mysql_wildcards(addslashes($table)) . '%\'';
+ . PMA_escape_mysql_wildcards(PMA_sqlAddSlashes($table)) . '%\'';
} elseif ('comment' === $tbl_is_group) {
$sql_where_table = 'AND `TABLE_COMMENT` LIKE \''
- . PMA_escape_mysql_wildcards(addslashes($table)) . '%\'';
+ . PMA_escape_mysql_wildcards(PMA_sqlAddSlashes($table)) . '%\'';
} else {
- $sql_where_table = 'AND `TABLE_NAME` = \'' . addslashes($table) . '\'';
+ $sql_where_table = 'AND `TABLE_NAME` = \'' . PMA_sqlAddSlashes($table) . '\'';
}
} else {
$sql_where_table = '';
@@ -395,7 +395,7 @@ function PMA_DBI_get_tables_full($database, $table = false, $tbl_is_group = fals
if ($table || (true === $tbl_is_group)) {
$sql = 'SHOW TABLE STATUS FROM '
. PMA_backquote($each_database)
- .' LIKE \'' . PMA_escape_mysql_wildcards(addslashes($table)) . '%\'';
+ .' LIKE \'' . PMA_escape_mysql_wildcards(PMA_sqlAddSlashes($table)) . '%\'';
} else {
$sql = 'SHOW TABLE STATUS FROM '
. PMA_backquote($each_database);
@@ -579,7 +579,7 @@ function PMA_DBI_get_databases_full($database = null, $force_stats = false,
// get table information from information_schema
if ($database) {
$sql_where_schema = 'WHERE `SCHEMA_NAME` LIKE \''
- . addslashes($database) . '\'';
+ . PMA_sqlAddSlashes($database) . '\'';
} else {
$sql_where_schema = '';
}
@@ -727,17 +727,17 @@ function PMA_DBI_get_columns_full($database = null, $table = null,
// get columns information from information_schema
if (null !== $database) {
- $sql_wheres[] = '`TABLE_SCHEMA` = \'' . addslashes($database) . '\' ';
+ $sql_wheres[] = '`TABLE_SCHEMA` = \'' . PMA_sqlAddSlashes($database) . '\' ';
} else {
$array_keys[] = 'TABLE_SCHEMA';
}
if (null !== $table) {
- $sql_wheres[] = '`TABLE_NAME` = \'' . addslashes($table) . '\' ';
+ $sql_wheres[] = '`TABLE_NAME` = \'' . PMA_sqlAddSlashes($table) . '\' ';
} else {
$array_keys[] = 'TABLE_NAME';
}
if (null !== $column) {
- $sql_wheres[] = '`COLUMN_NAME` = \'' . addslashes($column) . '\' ';
+ $sql_wheres[] = '`COLUMN_NAME` = \'' . PMA_sqlAddSlashes($column) . '\' ';
} else {
$array_keys[] = 'COLUMN_NAME';
}
diff --git a/libraries/db_info.inc.php b/libraries/db_info.inc.php
index f8bb5a0..b657c6a 100644
--- a/libraries/db_info.inc.php
+++ b/libraries/db_info.inc.php
@@ -30,7 +30,7 @@
* @uses uksort()
* @uses strnatcasecmp()
* @uses count()
- * @uses addslashes()
+ * @uses PMA_sqlAddSlashes()
* @package phpMyAdmin
*/
if (! defined('PHPMYADMIN')) {
@@ -155,7 +155,7 @@ if (true === $cfg['SkipLockedTables']) {
if (! isset($sot_cache[$tmp[0]])) {
$sts_result = PMA_DBI_query(
'SHOW TABLE STATUS FROM ' . PMA_backquote($db)
- . ' LIKE \'' . addslashes($tmp[0]) . '\';');
+ . ' LIKE \'' . PMA_sqlAddSlashes($tmp[0]) . '\';');
$sts_tmp = PMA_DBI_fetch_assoc($sts_result);
PMA_DBI_free_result($sts_result);
unset($sts_result);
diff --git a/libraries/import/csv.php b/libraries/import/csv.php
index 49cff44..7735598 100644
--- a/libraries/import/csv.php
+++ b/libraries/import/csv.php
@@ -338,7 +338,7 @@ while (!($finished && $i >= $len) && !$error && !$timeout_passed) {
if ($val === null) {
$sql .= 'NULL';
} else {
- $sql .= '\'' . addslashes($val) . '\'';
+ $sql .= '\'' . PMA_sqlAddSlashes($val) . '\'';
}
$first = false;
diff --git a/tbl_create.php b/tbl_create.php
index 4d3171a..fd21c8b 100644
--- a/tbl_create.php
+++ b/tbl_create.php
@@ -257,7 +257,7 @@ if (isset($_REQUEST['do_save_data'])) {
$is_show_stats = $cfg['ShowStats'];
$tbl_stats_result = PMA_DBI_query('SHOW TABLE STATUS FROM '
- . PMA_backquote($db) . ' LIKE \'' . addslashes($table) . '\';');
+ . PMA_backquote($db) . ' LIKE \'' . PMA_sqlAddSlashes($table) . '\';');
$tbl_stats = PMA_DBI_fetch_assoc($tbl_stats_result);
PMA_DBI_free_result($tbl_stats_result);
unset($tbl_stats_result);
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list