Hello community, here is the log from the commit of package phpPgAdmin for openSUSE:Factory checked in at 2012-03-30 14:20:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/phpPgAdmin (Old) and /work/SRC/openSUSE:Factory/.phpPgAdmin.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "phpPgAdmin", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/phpPgAdmin/phpPgAdmin.changes 2011-10-21 16:34:34.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.phpPgAdmin.new/phpPgAdmin.changes 2012-03-30 14:20:24.000000000 +0200 @@ -1,0 +2,21 @@ +Thu Mar 29 10:59:18 UTC 2012 - [email protected] + +- update to 5.0.4 + - Released: 22th March 2012 + - Bug fixes. + * Fix #3468882 "UPDATE single row with varchar key: empty where + clause", reported by "Dirk Kraemer" + * Fix XSS in function.php, reported by Mateusz Goik + * Fix bug where renaming a tablespace was leading to an error + * Fix a bug where clicking to "Show all schemas" on schema + privilege page leads back to the latest tab used in database level + * Fix a bug when executing a query from the history + * Fix bad confirmation message when droping an autovacuum table setup + * Fix bug #3429633 '"Back" link from "Browse" leads to error' + * Fix a PHP warning when Slony conf parameters are not set + * Show cancel/kill actions in process page only if role is a superuser + * Some more small code cleanup and fixes. +- fix for bnc#754694 (CVE-2012-1600) + * https://bugzilla.novell.com/show_bug.cgi?id=754694 + +------------------------------------------------------------------- Old: ---- phpPgAdmin-5.0.3.tar.bz2 New: ---- phpPgAdmin-5.0.4.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ phpPgAdmin.spec ++++++ --- /var/tmp/diff_new_pack.oqr3sX/_old 2012-03-30 14:20:26.000000000 +0200 +++ /var/tmp/diff_new_pack.oqr3sX/_new 2012-03-30 14:20:26.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package phpPgAdmin # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,7 +16,6 @@ # - Name: phpPgAdmin %define apxs %{_sbindir}/apxs2 @@ -26,10 +25,10 @@ %define ppa_config %{_sysconfdir}/%{name}/config.inc.php Summary: Administration of PostgreSQL over the web -Version: 5.0.3 -Release: 1 License: GPL-2.0+ Group: Productivity/Databases/Tools +Version: 5.0.4 +Release: 0 Url: http://phppgadmin.sourceforge.net Source0: %{name}-%{version}.tar.bz2 Source1: %{name}.http @@ -37,7 +36,8 @@ BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: apache2-devel -Requires: mod_php_any php-pgsql +Requires: mod_php_any +Requires: php-pgsql %description phpPgAdmin is a web-based administration tool for PostgreSQL. It is ++++++ phpPgAdmin-5.0.3.tar.bz2 -> phpPgAdmin-5.0.4.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/HISTORY new/phpPgAdmin-5.0.4/HISTORY --- old/phpPgAdmin-5.0.3/HISTORY 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/HISTORY 2012-03-22 14:35:22.000000000 +0100 @@ -2,6 +2,24 @@ ------------------ +Version 5.0.4 +------------- + +Released: 22th March 2012 + +Bug fixes. + +* Fix #3468882 "UPDATE single row with varchar key: empty where clause", reported by "Dirk Kraemer" +* Fix XSS in function.php, reported by Mateusz Goik +* Fix bug where renaming a tablespace was leading to an error +* Fix a bug where clicking to "Show all schemas" on schema privilege page leads back to the latest tab used in database level +* Fix a bug when executing a query from the history +* Fix bad confirmation message when droping an autovacuum table setup +* Fix bug #3429633 '"Back" link from "Browse" leads to error' +* Fix a PHP warning when Slony conf parameters are not set +* Show cancel/kill actions in process page only if role is a superuser +* Some more small code cleanup and fixes. + Version 5.0.3 ------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/admin.php new/phpPgAdmin-5.0.4/admin.php --- old/phpPgAdmin-5.0.3/admin.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/admin.php 2012-03-22 14:35:22.000000000 +0100 @@ -427,7 +427,7 @@ $script = ($type == 'database')? 'database.php' : 'tables.php'; printf("<p>{$lang['strdelvacuumtable']}</p>\n", - $misc->printVal("\"{$_GET['schema']}"."{$_GET['table']}\"")); + $misc->printVal("\"{$_GET['schema']}\".\"{$_GET['table']}\"")); echo "<form style=\"float: left\" action=\"{$script}\" method=\"post\">\n"; echo "<input type=\"hidden\" name=\"action\" value=\"delautovac\" />\n"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/classes/Misc.php new/phpPgAdmin-5.0.4/classes/Misc.php --- old/phpPgAdmin-5.0.3/classes/Misc.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/classes/Misc.php 2012-03-22 14:35:22.000000000 +0100 @@ -40,13 +40,173 @@ if (isset($_REQUEST['server']) && $exclude_from != 'server') { $href .= 'server=' . urlencode($_REQUEST['server']); if (isset($_REQUEST['database']) && $exclude_from != 'database') { - $href .= '&database=' . urlencode($_REQUEST['database']); + $href .= '&database=' . urlencode($_REQUEST['database']); if (isset($_REQUEST['schema']) && $exclude_from != 'schema') { - $href .= '&schema=' . urlencode($_REQUEST['schema']); + $href .= '&schema=' . urlencode($_REQUEST['schema']); } } } - return $href; + return htmlentities($href); + } + + function getHREFSubject($subject) { + + $vars = array(); + + switch($subject) { + case 'root': + return 'redirect.php?subject=root'; + break; + case 'server': + $vars = array ( + 'server' => $_REQUEST['server'], + 'subject' => 'server' + ); + break; + case 'report': + return 'reports.php?'. http_build_query(array( + 'server' => $_REQUEST['server'], + 'subject' => 'report', + 'report' => $_REQUEST['report'] + ), '', '&'); + break; + case 'role': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'role', + 'action' => 'properties', + 'rolename' => $_REQUEST['rolename'] + ); + break; + case 'database': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'database', + 'database' => $_REQUEST['database'], + ); + break; + case 'schema': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'schema', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'] + ); + break; + case 'slony_cluster': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'slony_cluster', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'slony_cluster' => $_REQUEST['slony_cluster'] + ); + break; + case 'table': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'table', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'table' => $_REQUEST['table'] + ); + break; + case 'selectrows': + return 'tables.php?'. http_build_query(array( + 'server' => $_REQUEST['server'], + 'subject' => 'table', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'table' => $_REQUEST['table'], + 'action' => 'confselectrows' + ), '', '&'); + break; + case 'view': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'view', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'view' => $_REQUEST['view'] + ); + break; + case 'fulltext': + case 'ftscfg': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'fulltext', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'action' => 'viewconfig', + 'ftscfg' => $_REQUEST['ftscfg'] + ); + break; + case 'function': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'function', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'function' => $_REQUEST['function'], + 'function_oid' => $_REQUEST['function_oid'] + ); + break; + case 'aggregate': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'aggregate', + 'action' => 'properties', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'aggrname' => $_REQUEST['aggrname'], + 'aggrtype' => $_REQUEST['aggrtype'] + ); + break; + case 'slony_node': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'slony_cluster', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'no_id' => $_REQUEST['no_id'], + 'no_name' => $_REQUEST['no_name'] + ); + break; + case 'slony_set': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'slony_set', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'slony_set_id' => $_REQUEST['slony_set'], + 'slony_set' => $_REQUEST['slony_set'] + ); + break; + case 'column': + if (isset($_REQUEST['table'])) + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'column', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'table' => $_REQUEST['table'], + 'column' => $_REQUEST['column'] + ); + else + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'column', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'view' => $_REQUEST['view'], + 'column' => $_REQUEST['column'] + ); + break; + default: + return false; + } + + return 'redirect.php?'. http_build_query($vars, '', '&'); } /** @@ -1192,7 +1352,7 @@ $crumblink = "<a"; if (isset($crumb['url'])) - $crumblink .= ' href="' . $this->printVal($crumb['url'], 'nbsp') . '"'; + $crumblink .= " href=\"{$crumb['url']}\""; if (isset($crumb['title'])) $crumblink .= " title=\"{$crumb['title']}\""; @@ -1241,12 +1401,11 @@ if ($subject == 'root') $done = true; if (!$done) { - $vars = 'server='.urlencode($_REQUEST['server']).'&'; $server_info = $this->getServerInfo(); $trail['server'] = array( 'title' => $lang['strserver'], 'text' => $server_info['desc'], - 'url' => "redirect.php?subject=server&{$vars}", + 'url' => $this->getHREFSubject('server'), 'help' => 'pg.server', 'icon' => 'Server' ); @@ -1254,30 +1413,27 @@ if ($subject == 'server') $done = true; if (isset($_REQUEST['report']) && !$done) { - $vars .= 'report='.urlencode($_REQUEST['report']).'&'; $trail['report'] = array( 'title' => $lang['strreport'], 'text' => $_REQUEST['report'], - 'url' => "reports.php?subject=report&{$vars}", + 'url' => $this->getHREFSubject('report'), 'icon' => 'Report' ); } if (isset($_REQUEST['database']) && !$done) { - $vars .= 'database='.urlencode($_REQUEST['database']).'&'; $trail['database'] = array( 'title' => $lang['strdatabase'], 'text' => $_REQUEST['database'], - 'url' => "redirect.php?subject=database&{$vars}", + 'url' => $this->getHREFSubject('database'), 'help' => 'pg.database', 'icon' => 'Database' ); } elseif (isset($_REQUEST['rolename']) && !$done) { - $vars .= "subject=role&action=properties&rolename=".urlencode($_REQUEST['rolename']); $trail['role'] = array( 'title' => $lang['strrole'], 'text' => $_REQUEST['rolename'], - 'url' => "redirect.php?{$vars}", + 'url' => $this->getHREFSubject('role'), 'help' => 'pg.role', 'icon' => 'Roles' ); @@ -1285,11 +1441,10 @@ if ($subject == 'database' || $subject == 'role' || $subject == 'report') $done = true; if (isset($_REQUEST['schema']) && !$done) { - $vars .= 'schema='.urlencode($_REQUEST['schema']).'&'; $trail['schema'] = array( 'title' => $lang['strschema'], 'text' => $_REQUEST['schema'], - 'url' => "redirect.php?subject=schema&{$vars}", + 'url' => $this->getHREFSubject('schema'), 'help' => 'pg.schema', 'icon' => 'Schema' ); @@ -1297,11 +1452,10 @@ if ($subject == 'schema') $done = true; if (isset($_REQUEST['slony_cluster']) && !$done) { - $vars .= 'slony_cluster='.urlencode($_REQUEST['slony_cluster']).'&'; $trail['slony_cluster'] = array( 'title' => 'Slony Cluster', 'text' => $_REQUEST['slony_cluster'], - 'url' => "redirect.php?subject=slony_cluster&{$vars}", + 'url' => $this->getHREFSubject('slony_cluster'), 'help' => 'sl.cluster', 'icon' => 'Cluster' ); @@ -1309,29 +1463,26 @@ if ($subject == 'slony_cluster') $done = true; if (isset($_REQUEST['table']) && !$done) { - $vars .= "table=".urlencode($_REQUEST['table']); $trail['table'] = array( 'title' => $lang['strtable'], 'text' => $_REQUEST['table'], - 'url' => "redirect.php?subject=table&{$vars}", + 'url' => $this->getHREFSubject('table'), 'help' => 'pg.table', 'icon' => 'Table' ); } elseif (isset($_REQUEST['view']) && !$done) { - $vars .= "view=".urlencode($_REQUEST['view']); $trail['view'] = array( 'title' => $lang['strview'], 'text' => $_REQUEST['view'], - 'url' => "redirect.php?subject=view&{$vars}", + 'url' => $this->getHREFSubject('view'), 'help' => 'pg.view', 'icon' => 'View' ); } elseif (isset($_REQUEST['ftscfg']) && !$done) { - $vars .= "action=viewconfig&ftscfg=".urlencode($_REQUEST['ftscfg']); $trail['ftscfg'] = array( 'title' => $lang['strftsconfig'], 'text' => $_REQUEST['ftscfg'], - 'url' => "fulltext.php?{$vars}", + 'url' => $this->getHREFSubject('ftscfg'), 'help' => 'pg.ftscfg.example', 'icon' => 'Fts' ); @@ -1341,55 +1492,45 @@ if (!$done && !is_null($subject)) { switch ($subject) { case 'function': - $vars .= "{$subject}_oid=".urlencode($_REQUEST[$subject.'_oid']).'&'; - $vars .= "subject={$subject}&{$subject}=".urlencode($_REQUEST[$subject]); $trail[$subject] = array( 'title' => $lang['str'.$subject], 'text' => $_REQUEST[$subject], - 'url' => "redirect.php?{$vars}", + 'url' => $this->getHREFSubject('function'), 'help' => 'pg.function', 'icon' => 'Function' ); break; case 'aggregate': - $vars .= "subject=aggregate&action=properties&aggrname=".urlencode($_REQUEST['aggrname']); - $vars .= "&aggrtype=".urlencode($_REQUEST['aggrtype']); $trail[$subject] = array( 'title' => $lang['straggregate'], 'text' => $_REQUEST['aggrname'], - 'url' => "redirect.php?{$vars}", + 'url' => $this->getHREFSubject('aggregate'), 'help' => 'pg.aggregate', 'icon' => 'Aggregate' ); break; case 'slony_node': - $vars .= 'no_id='.urlencode($_REQUEST['no_id']).'&no_name='.urlencode($_REQUEST['no_name']); $trail[$subject] = array( 'title' => 'Slony Node', 'text' => $_REQUEST['no_name'], - 'url' => "redirect.php?{$vars}", 'help' => 'sl.'.$subject, 'icon' => 'Node' ); break; case 'slony_set': - $vars .= "{$subject}_id=".urlencode($_REQUEST[$subject]).'&'; - $vars .= "subject={$subject}&{$subject}=".urlencode($_REQUEST[$subject]); $trail[$subject] = array( 'title' => $lang['str'.$subject], 'text' => $_REQUEST[$subject], - 'url' => "redirect.php?{$vars}", 'help' => 'sl.'.$subject, 'icon' => 'AvailableReplicationSet' ); break; case 'column': - $vars .= "&column=". urlencode($_REQUEST['column']) ."&subject=column"; $trail['column'] = array ( 'title' => $lang['strcolumn'], 'text' => $_REQUEST['column'], 'icon' => 'Column', - 'url' => "redirect.php?{$vars}" + 'url' => $this->getHREFSubject('column') ); break; default: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/classes/database/Postgres.php new/phpPgAdmin-5.0.4/classes/database/Postgres.php --- old/phpPgAdmin-5.0.3/classes/database/Postgres.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/classes/database/Postgres.php 2012-03-22 14:35:22.000000000 +0100 @@ -7058,10 +7058,12 @@ if ($name != $spcname) { $sql = "ALTER TABLESPACE \"{$spcname}\" RENAME TO \"{$name}\""; $status = $this->execute($sql); - if ($status != 0) { - $this->rollbackTransaction(); - return -3; - } + if ($status != 0) { + $this->rollbackTransaction(); + return -3; + } + + $spcname = $name; } // Set comment if it has changed diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/colproperties.php new/phpPgAdmin-5.0.4/colproperties.php --- old/phpPgAdmin-5.0.3/colproperties.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/colproperties.php 2012-03-22 14:35:22.000000000 +0100 @@ -240,30 +240,27 @@ $query_url = urlencode("SELECT \"{$f_attname}\", count(*) AS \"count\" FROM \"{$f_schema}\".\"{$f_table}\" GROUP BY \"{$f_attname}\" ORDER BY \"{$f_attname}\"") ; if ($isTable) { - $return_url = urlencode("colproperties.php?{$misc->href}&table=". urlencode($tableName) - ."&column=". urlencode($_REQUEST['column'])); - /* Browse link */ /* FIXME browsing a col should somehow be a action so we don't * send an ugly SQL in the URL */ echo "\t<li><a href=\"display.php?{$misc->href}&subject=column&table=", urlencode($_REQUEST['table']), "&column=", urlencode($_REQUEST['column']), - "&return_url={$return_url}&return_desc=", urlencode($lang['strback']), + "&return=column", "&query={$query_url}\">{$lang['strbrowse']}</a></li>\n"; /* Edit link */ echo "\t<li><a href=\"colproperties.php?action=properties&{$misc->href}&table=", urlencode($tableName), "&column=", urlencode($_REQUEST['column']) . "\">{$lang['stralter']}</a></li>\n"; - echo "\t<li><a href=\"tblproperties.php?action=confirm_drop&{$misc->href}&table=", urlencode($tableName), - "&column=" . urlencode($_REQUEST['column']) . "\">{$lang['strdrop']}</a></li>\n"; + echo "\t<li><a href=\"tblproperties.php?action=confirm_drop&{$misc->href}&table=", urlencode($tableName), + "&column=" . urlencode($_REQUEST['column']) . "\">{$lang['strdrop']}</a></li>\n"; } else { - $return_url = urlencode("colproperties.php?{$misc->href}&view=". urlencode($tableName) - ."&column=". urlencode($_REQUEST['column'])); /* Browse link */ - echo "\t<li><a href=\"display.php?{$misc->href}&subject=column&column=", - urlencode($_REQUEST['column']), "&return_url={$return_url}&return_desc=", urlencode($lang['strback']), + echo "\t<li><a href=\"display.php?{$misc->href}&subject=column&view=", + urlencode($_REQUEST['view']), + "&column=", urlencode($_REQUEST['column']), + "&return=column", "&query={$query_url}\">{$lang['strbrowse']}</a></li>\n"; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/database.php new/phpPgAdmin-5.0.4/database.php --- old/phpPgAdmin-5.0.3/database.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/database.php 2012-03-22 14:35:22.000000000 +0100 @@ -457,23 +457,26 @@ // Build possible actions for our process list $columns['actions'] = array('title' => $lang['stractions']); - - $actions = array( - 'cancel' => array( - 'title' => $lang['strcancel'], - 'url' => "database.php?action=signal&signal=CANCEL&{$misc->href}&", - 'vars' => array('procpid' => 'procpid') - ), - 'kill' => array( - 'title' => $lang['strkill'], - 'url' => "database.php?action=signal&signal=KILL&{$misc->href}&", - 'vars' => array('procpid' => 'procpid') - ) - ); + + $actions = array(); + if ($data->isSuperUser()) { + $actions = array( + 'cancel' => array( + 'title' => $lang['strcancel'], + 'url' => "database.php?action=signal&signal=CANCEL&{$misc->href}&", + 'vars' => array('procpid' => 'procpid') + ), + 'kill' => array( + 'title' => $lang['strkill'], + 'url' => "database.php?action=signal&signal=KILL&{$misc->href}&", + 'vars' => array('procpid' => 'procpid') + ) + ); - // Remove actions where not supported - if (!$data->hasQueryKill()) unset($actions['kill']); - if (!$data->hasQueryCancel()) unset($actions['cancel']); + // Remove actions where not supported + if (!$data->hasQueryKill()) unset($actions['kill']); + if (!$data->hasQueryCancel()) unset($actions['cancel']); + } if (count($actions) == 0) unset($columns['actions']); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/display.php new/phpPgAdmin-5.0.4/display.php --- old/phpPgAdmin-5.0.3/display.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/display.php 2012-03-22 14:35:22.000000000 +0100 @@ -5,8 +5,7 @@ * tables, reports, arbitrary queries, etc. to avoid code duplication. * @param $query The SQL SELECT string to execute * @param $count The same SQL query, but only retrieves the count of the rows (AS total) - * @param $return_url The return URL - * @param $return_desc The return link name + * @param $return The return section * @param $page The current page * * $Id: display.php,v 1.68 2008/04/14 12:44:27 ioguix Exp $ @@ -32,7 +31,7 @@ if (is_array($_REQUEST['key'])) $key = $_REQUEST['key']; else - $key = unserialize($_REQUEST['key']); + $key = unserialize(urldecode($_REQUEST['key'])); if ($confirm) { $misc->printTrail($_REQUEST['subject']); @@ -143,15 +142,13 @@ echo "<input type=\"hidden\" name=\"query\" value=\"", htmlspecialchars($_REQUEST['query']), "\" />\n"; if (isset($_REQUEST['count'])) echo "<input type=\"hidden\" name=\"count\" value=\"", htmlspecialchars($_REQUEST['count']), "\" />\n"; - if (isset($_REQUEST['return_url'])) - echo "<input type=\"hidden\" name=\"return_url\" value=\"", htmlspecialchars($_REQUEST['return_url']), "\" />\n"; - if (isset($_REQUEST['return_desc'])) - echo "<input type=\"hidden\" name=\"return_desc\" value=\"", htmlspecialchars($_REQUEST['return_desc']), "\" />\n"; + if (isset($_REQUEST['return'])) + echo "<input type=\"hidden\" name=\"return\" value=\"", htmlspecialchars($_REQUEST['return']), "\" />\n"; echo "<input type=\"hidden\" name=\"page\" value=\"", htmlspecialchars($_REQUEST['page']), "\" />\n"; echo "<input type=\"hidden\" name=\"sortkey\" value=\"", htmlspecialchars($_REQUEST['sortkey']), "\" />\n"; echo "<input type=\"hidden\" name=\"sortdir\" value=\"", htmlspecialchars($_REQUEST['sortdir']), "\" />\n"; echo "<input type=\"hidden\" name=\"strings\" value=\"", htmlspecialchars($_REQUEST['strings']), "\" />\n"; - echo "<input type=\"hidden\" name=\"key\" value=\"", htmlspecialchars(serialize($key)), "\" />\n"; + echo "<input type=\"hidden\" name=\"key\" value=\"", htmlspecialchars(urlencode(serialize($key))), "\" />\n"; echo "<p>"; if (!$error) echo "<input type=\"submit\" name=\"save\" value=\"{$lang['strsave']}\" />\n"; echo "<input type=\"submit\" name=\"cancel\" value=\"{$lang['strcancel']}\" />\n"; @@ -171,7 +168,7 @@ if (!isset($_POST['nulls'])) $_POST['nulls'] = array(); $status = $data->editRow($_POST['table'], $_POST['values'], $_POST['nulls'], - $_POST['format'], $_POST['types'], unserialize($_POST['key'])); + $_POST['format'], $_POST['types'], $key); if ($status == 0) doBrowse($lang['strrowupdated']); elseif ($status == -2) @@ -206,21 +203,19 @@ echo "<input type=\"hidden\" name=\"query\" value=\"", htmlspecialchars($_REQUEST['query']), "\" />\n"; if (isset($_REQUEST['count'])) echo "<input type=\"hidden\" name=\"count\" value=\"", htmlspecialchars($_REQUEST['count']), "\" />\n"; - if (isset($_REQUEST['return_url'])) - echo "<input type=\"hidden\" name=\"return_url\" value=\"", htmlspecialchars($_REQUEST['return_url']), "\" />\n"; - if (isset($_REQUEST['return_desc'])) - echo "<input type=\"hidden\" name=\"return_desc\" value=\"", htmlspecialchars($_REQUEST['return_desc']), "\" />\n"; + if (isset($_REQUEST['return'])) + echo "<input type=\"hidden\" name=\"return\" value=\"", htmlspecialchars($_REQUEST['return']), "\" />\n"; echo "<input type=\"hidden\" name=\"page\" value=\"", htmlspecialchars($_REQUEST['page']), "\" />\n"; echo "<input type=\"hidden\" name=\"sortkey\" value=\"", htmlspecialchars($_REQUEST['sortkey']), "\" />\n"; echo "<input type=\"hidden\" name=\"sortdir\" value=\"", htmlspecialchars($_REQUEST['sortdir']), "\" />\n"; echo "<input type=\"hidden\" name=\"strings\" value=\"", htmlspecialchars($_REQUEST['strings']), "\" />\n"; - echo "<input type=\"hidden\" name=\"key\" value=\"", htmlspecialchars(serialize($_REQUEST['key'])), "\" />\n"; + echo "<input type=\"hidden\" name=\"key\" value=\"", htmlspecialchars(urlencode(serialize($_REQUEST['key']))), "\" />\n"; echo "<input type=\"submit\" name=\"yes\" value=\"{$lang['stryes']}\" />\n"; echo "<input type=\"submit\" name=\"no\" value=\"{$lang['strno']}\" />\n"; echo "</form>\n"; } else { - $status = $data->deleteRow($_POST['table'], unserialize($_POST['key'])); + $status = $data->deleteRow($_POST['table'], unserialize(urldecode($_POST['key']))); if ($status == 0) doBrowse($lang['strrowdeleted']); elseif ($status == -2) @@ -243,16 +238,7 @@ $constraints = $data->getConstraintsWithFields($_REQUEST['table']); if ($constraints->recordCount() > 0) { - /* build the common parts of the url for the FK */ - $fk_return_url = "{$misc->href}&subject=table&table=". urlencode($_REQUEST['table']); - if (isset($_REQUEST['page'])) $fk_return_url .= "&page=" . urlencode($_REQUEST['page']); - if (isset($_REQUEST['query'])) $fk_return_url .= "&query=" . urlencode($_REQUEST['query']); - if (isset($_REQUEST['search_path'])) $fk_return_url .= "&search_path=" . urlencode($_REQUEST['search_path']); - - /* yes, we double urlencode fk_return_url so parameters here don't - * overwrite real one when included in the final url */ - $fkey_information['common_url'] = $misc->getHREF('schema') .'&subject=table&return_url=display.php?' - . urlencode($fk_return_url) .'&return_desc='. urlencode($lang['strback']); + $fkey_information['common_url'] = $misc->getHREF('schema') .'&subject=table'; /* build the FK constraints data structure */ while (!$constraints->EOF) { @@ -492,8 +478,7 @@ if (isset($_REQUEST['query'])) $gets .= "&query=" . urlencode($_REQUEST['query']); if (isset($_REQUEST['report'])) $gets .= "&report=" . urlencode($_REQUEST['report']); if (isset($_REQUEST['count'])) $gets .= "&count=" . urlencode($_REQUEST['count']); - if (isset($_REQUEST['return_url'])) $gets .= "&return_url=" . urlencode($_REQUEST['return_url']); - if (isset($_REQUEST['return_desc'])) $gets .= "&return_desc=" . urlencode($_REQUEST['return_desc']); + if (isset($_REQUEST['return'])) $gets .= "&return=" . urlencode($_REQUEST['return']); if (isset($_REQUEST['search_path'])) $gets .= "&search_path=" . urlencode($_REQUEST['search_path']); if (isset($_REQUEST['table'])) $gets .= "&table=" . urlencode($_REQUEST['table']); @@ -577,8 +562,12 @@ echo "<ul class=\"navlink\">\n"; // Return - if (isset($_REQUEST['return_url']) && isset($_REQUEST['return_desc'])) - echo "\t<li><a href=\"". htmlspecialchars($_REQUEST['return_url']) ."\">". htmlspecialchars($_REQUEST['return_desc']) ."</a></li>\n"; + if (isset($_REQUEST['return'])) { + $return_url = $misc->getHREFSubject($_REQUEST['return']); + + if ($return_url) + echo "\t<li><a href=\"{$return_url}\">{$lang['strback']}</a></li>\n"; + } // Edit SQL link if (isset($_REQUEST['query'])) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/functions.php new/phpPgAdmin-5.0.4/functions.php --- old/phpPgAdmin-5.0.3/functions.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/functions.php 2012-03-22 14:35:22.000000000 +0100 @@ -41,8 +41,7 @@ // and reload the browser frame. if (!empty($_POST['formFuncSchema']) && ($_POST['formFuncSchema'] != $_POST['original_schema'])) { // Jump them to the new function schema - $_REQUEST['schema'] = $_POST['formFuncSchema']; - $misc->href = "server={$_REQUEST['server']}&database={$_REQUEST['database']}&schema={$_REQUEST['schema']}"; + $misc->setCurrentSchema($_POST['formFuncSchema']); // Force a browser reload $_reload_browser = true; } @@ -774,14 +773,12 @@ 'function' => array( 'title' => $lang['strfunction'], 'field' => field('proproto'), - 'type' => 'verbatim', 'url' => "redirect.php?subject=function&action=properties&{$misc->href}&", 'vars' => array('function' => 'proproto', 'function_oid' => 'prooid'), ), 'returns' => array( 'title' => $lang['strreturns'], 'field' => field('proreturns'), - 'type' => 'verbatim', ), 'owner' => array( 'title' => $lang['strowner'], diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/history.php new/phpPgAdmin-5.0.4/history.php --- old/phpPgAdmin-5.0.3/history.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/history.php 2012-03-22 14:35:22.000000000 +0100 @@ -53,8 +53,8 @@ $actions = array( 'run' => array( 'title' => $lang['strexecute'], - 'url' => "sql.php?{$misc->href}&nohistory=t&", - 'vars' => array('query' => 'query', 'paginate' => 'paginate'), + 'url' => "sql.php?{$misc->href}&nohistory=t&subject=history&", + 'vars' => array('queryid' => 'queryid', 'paginate' => 'paginate'), 'target' => 'detail', ), 'remove' => array( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/lang/french.php new/phpPgAdmin-5.0.4/lang/french.php --- old/phpPgAdmin-5.0.3/lang/french.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/lang/french.php 2012-03-22 14:35:22.000000000 +0100 @@ -144,7 +144,7 @@ $lang['strunselectall'] = 'Des�lectionner tout'; $lang['strlocale'] = 'Locale'; $lang['strcollation'] = 'Tri'; - $lang['strctype'] = 'Type de cartact�re'; + $lang['strctype'] = 'Type de caract�re'; $lang['strdefaultvalues'] = 'Valeurs par d�faut'; $lang['strnewvalues'] = 'Nouvelles valeurs'; $lang['strstart'] = 'D�marrer'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/lang/recoded/french.php new/phpPgAdmin-5.0.4/lang/recoded/french.php --- old/phpPgAdmin-5.0.3/lang/recoded/french.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/lang/recoded/french.php 2012-03-22 14:35:22.000000000 +0100 @@ -144,7 +144,7 @@ $lang['strunselectall'] = 'Desélectionner tout'; $lang['strlocale'] = 'Locale'; $lang['strcollation'] = 'Tri'; - $lang['strctype'] = 'Type de cartactère'; + $lang['strctype'] = 'Type de caractère'; $lang['strdefaultvalues'] = 'Valeurs par défaut'; $lang['strnewvalues'] = 'Nouvelles valeurs'; $lang['strstart'] = 'Démarrer'; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/libraries/lib.inc.php new/phpPgAdmin-5.0.4/libraries/lib.inc.php --- old/phpPgAdmin-5.0.3/libraries/lib.inc.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/libraries/lib.inc.php 2012-03-22 14:35:22.000000000 +0100 @@ -16,7 +16,7 @@ $appName = 'phpPgAdmin'; // Application version - $appVersion = '5.0.3'; + $appVersion = '5.0.4'; // PostgreSQL and PHP minimum version $postgresqlMinVer = '7.4'; @@ -249,7 +249,7 @@ // Load Slony if required - if ($_server_info['slony_support']) { + if (isset($_server_info['slony_support'])) { include('./classes/plugins/Slony.php'); $slony = new Slony(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/privileges.php new/phpPgAdmin-5.0.4/privileges.php --- old/phpPgAdmin-5.0.3/privileges.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/privileges.php 2012-03-22 14:35:22.000000000 +0100 @@ -236,7 +236,7 @@ $alltxt = $lang["strshowall{$_REQUEST['subject']}s"]; break; case 'schema': - $allurl = "database.php"; + $allurl = "schemas.php"; $alltxt = $lang["strshowallschemas"]; break; case 'database': diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/reports.php new/phpPgAdmin-5.0.4/reports.php --- old/phpPgAdmin-5.0.3/reports.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/reports.php 2012-03-22 14:35:22.000000000 +0100 @@ -275,12 +275,10 @@ ), ); - $return_url = urlencode("reports.php?{$misc->href}"); - $actions = array( 'run' => array( 'title' => $lang['strexecute'], - 'url' => "sql.php?subject=report&{$misc->href}&return_url={$return_url}&return_desc=".urlencode($lang['strback'])."&", + 'url' => "sql.php?subject=report&{$misc->href}&return=report&", 'vars' => array('report' => 'report_name', 'database' => 'db_name', 'reportid' => 'report_id', 'paginate' => 'paginate'), ), 'edit' => array( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/schemas.php new/phpPgAdmin-5.0.4/schemas.php --- old/phpPgAdmin-5.0.3/schemas.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/schemas.php 2012-03-22 14:35:22.000000000 +0100 @@ -192,7 +192,7 @@ echo "\t<tr>\n"; echo "\t\t<th class=\"data\">{$lang['strcomment']}</th>\n"; - echo "\t\t<td class=\"data1\"><textarea cols=\"32\" rows=\"3\"name=\"comment\">", htmlspecialchars($_POST['comment']), "</textarea></td>\n"; + echo "\t\t<td class=\"data1\"><textarea cols=\"32\" rows=\"3\" name=\"comment\">", htmlspecialchars($_POST['comment']), "</textarea></td>\n"; echo "\t</tr>\n"; echo "</table>\n"; echo "<p><input type=\"hidden\" name=\"action\" value=\"alter\" />\n"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/sql.php new/phpPgAdmin-5.0.4/sql.php --- old/phpPgAdmin-5.0.3/sql.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/sql.php 2012-03-22 14:35:22.000000000 +0100 @@ -80,10 +80,15 @@ $report = $reportsdb->getReport($_REQUEST['reportid']); $_SESSION['sqlquery'] = $report->fields['report_sql']; } + elseif (isset($_REQUEST['subject']) && $_REQUEST['subject'] == 'history') { + // Or maybe we came from the history popup + $_SESSION['sqlquery'] = $_SESSION['history'][$_REQUEST['server']][$_REQUEST['database']][$_GET['queryid']]['query']; + } elseif (isset($_POST['query'])) { // Or maybe we came from an sql form $_SESSION['sqlquery'] = $_POST['query']; - } else { + } + else { echo "could not find the query!!"; } @@ -194,8 +199,10 @@ echo "<ul class=\"navlink\">\n"; // Return - if (isset($_REQUEST['return_url']) && isset($_REQUEST['return_desc'])) - echo "\t<li><a href=\"{$_REQUEST['return_url']}\">{$_REQUEST['return_desc']}</a></li>\n"; + if (isset($_REQUEST['return'])) { + $return_url = $misc->getHREFSubject($_REQUEST['return']); + echo "\t<li><a href=\"{$return_url}\">{$lang['strback']}</a></li>\n"; + } // Edit echo "\t<li><a href=\"database.php?database=", urlencode($_REQUEST['database']), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/tables.php new/phpPgAdmin-5.0.4/tables.php --- old/phpPgAdmin-5.0.3/tables.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/tables.php 2012-03-22 14:35:22.000000000 +0100 @@ -438,8 +438,7 @@ $query = $data->getSelectSQL($_REQUEST['table'], array_keys($_POST['show']), $_POST['values'], $_POST['ops']); $_REQUEST['query'] = $query; - $_REQUEST['return_url'] = "tables.php?action=confselectrows&{$misc->href}&table={$_REQUEST['table']}"; - $_REQUEST['return_desc'] = $lang['strback']; + $_REQUEST['return'] = 'selectrows'; $_no_output = true; include('./display.php'); @@ -772,7 +771,7 @@ ), 'browse' => array( 'title' => $lang['strbrowse'], - 'url' => "display.php?{$misc->href}&subject=table&return_url=".urlencode("tables.php?{$misc->href}")."&return_desc=".urlencode($lang['strback'])."&", + 'url' => "display.php?{$misc->href}&subject=table&return=schema&", 'vars' => array('table' => 'relname'), ), 'select' => array( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/tblproperties.php new/phpPgAdmin-5.0.4/tblproperties.php --- old/phpPgAdmin-5.0.3/tblproperties.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/tblproperties.php 2012-03-22 14:35:22.000000000 +0100 @@ -541,12 +541,10 @@ return $str; } - $return_url = urlencode("tblproperties.php?{$misc->href}&table=". urlencode($_REQUEST['table'])); - $actions = array( 'browse' => array( 'title' => $lang['strbrowse'], - 'url' => "display.php?{$misc->href}&subject=column&return_url={$return_url}&table=".urlencode($_REQUEST['table'])."&return_desc=" . urlencode($lang['strback']) . '&', + 'url' => "display.php?{$misc->href}&subject=column&return=table&table=".urlencode($_REQUEST['table']).'&', 'vars' => array('column' => 'attname'), ), 'alter' => array( @@ -569,8 +567,7 @@ $misc->printTable($attrs, $columns, $actions, null, 'attPre'); echo "<ul class=\"navlink\">\n"; - echo "\t<li><a href=\"display.php?{$misc->href}&table=", urlencode($_REQUEST['table']), "&subject=table&return_url={$return_url}&return_desc=", - urlencode($lang['strback']), "\">{$lang['strbrowse']}</a></li>\n"; + echo "\t<li><a href=\"display.php?{$misc->href}&table=", urlencode($_REQUEST['table']), "&subject=table&return=table\">{$lang['strbrowse']}</a></li>\n"; echo "\t<li><a href=\"tables.php?action=confselectrows&{$misc->href}&table=", urlencode($_REQUEST['table']),"\">{$lang['strselect']}</a></li>\n"; echo "\t<li><a href=\"tables.php?action=confinsertrow&{$misc->href}&table=", urlencode($_REQUEST['table']),"\">{$lang['strinsert']}</a></li>\n"; echo "\t<li><a href=\"tables.php?action=confirm_empty&{$misc->href}&table=", urlencode($_REQUEST['table']),"\">{$lang['strempty']}</a></li>\n"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/viewproperties.php new/phpPgAdmin-5.0.4/viewproperties.php --- old/phpPgAdmin-5.0.3/viewproperties.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/viewproperties.php 2012-03-22 14:35:22.000000000 +0100 @@ -431,9 +431,7 @@ echo "<br />\n"; echo "<ul class=\"navlink\">\n"; - $return_url = urlencode("viewproperties.php?{$misc->href}&view=" . urlencode($_REQUEST['view'])); - echo "\t<li><a href=\"display.php?{$misc->href}&view=", urlencode($_REQUEST['view']), "&subject=view&return_url={$return_url}&return_desc=", - urlencode($lang['strback']), "\">{$lang['strbrowse']}</a></li>\n"; + echo "\t<li><a href=\"display.php?{$misc->href}&view=", urlencode($_REQUEST['view']), "&subject=view&return=view\">{$lang['strbrowse']}</a></li>\n"; echo "\t<li><a href=\"views.php?action=confselectrows&{$misc->href}&view=", urlencode($_REQUEST['view']),"\">{$lang['strselect']}</a></li>\n"; echo "\t<li><a href=\"views.php?action=confirm_drop&{$misc->href}&view=", urlencode($_REQUEST['view']),"\">{$lang['strdrop']}</a></li>\n"; echo "\t<li><a href=\"viewproperties.php?action=confirm_alter&{$misc->href}&view=", urlencode($_REQUEST['view']),"\">{$lang['stralter']}</a></li>\n"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/phpPgAdmin-5.0.3/views.php new/phpPgAdmin-5.0.4/views.php --- old/phpPgAdmin-5.0.3/views.php 2011-10-03 09:37:22.000000000 +0200 +++ new/phpPgAdmin-5.0.4/views.php 2012-03-22 14:35:22.000000000 +0100 @@ -109,12 +109,10 @@ else { // Generate query SQL $query = $data->getSelectSQL($_REQUEST['view'], array_keys($_POST['show']), - $_POST['values'], $_POST['ops']); + $_POST['values'], $_POST['ops']); $_REQUEST['query'] = $query; - $_REQUEST['return_url'] = "views.php?action=confselectrows&{$misc->href}&view=". urlencode($_REQUEST['view']); - $_REQUEST['return_desc'] = $lang['strback']; - - $_no_output = true; + $_REQUEST['return'] = "schema"; + $_no_output = true; include('./display.php'); exit; } @@ -588,7 +586,7 @@ ), 'browse' => array( 'title' => $lang['strbrowse'], - 'url' => "display.php?{$misc->href}&subject=view&return_url=".urlencode("views.php?{$misc->href}")."&return_desc=".urlencode($lang['strback'])."&", + 'url' => "display.php?{$misc->href}&subject=view&return=schema&", 'vars' => array('view' => 'relname'), ), 'select' => array( -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
