The branch, master has been updated
via bce8eaf40a42b4982f4125e23f4ab988ed8e113b (commit)
via 059ddeb79788a969c94c7817f0ccab4686511a73 (commit)
via 590059cc30038d60e9c5ad11b2cb369c9ebc14fc (commit)
from 151799f17f63f1329b381f61f0bf0e238565842b (commit)
- Log -----------------------------------------------------------------
commit bce8eaf40a42b4982f4125e23f4ab988ed8e113b
Author: Piotr Przybylski <[email protected]>
Date: Thu Jul 14 01:44:41 2011 +0200
JSON export plugin: fix syntax for empty table, better data escaping
commit 059ddeb79788a969c94c7817f0ccab4686511a73
Author: Piotr Przybylski <[email protected]>
Date: Thu Jul 14 01:43:30 2011 +0200
Better db and table name escaping in codegen and htmlword export plugins
commit 590059cc30038d60e9c5ad11b2cb369c9ebc14fc
Author: Piotr Przybylski <[email protected]>
Date: Thu Jul 14 01:30:25 2011 +0200
Fix db/table name escaping in UI preferences
-----------------------------------------------------------------------
Summary of changes:
libraries/Table.class.php | 9 +++++----
libraries/export/codegen.php | 4 ++--
libraries/export/htmlword.php | 6 +++---
libraries/export/json.php | 14 ++++++++------
4 files changed, 18 insertions(+), 15 deletions(-)
diff --git a/libraries/Table.class.php b/libraries/Table.class.php
index 9a15c48..83e67fd 100644
--- a/libraries/Table.class.php
+++ b/libraries/Table.class.php
@@ -1240,8 +1240,8 @@ class PMA_Table
$sql_query =
" SELECT `prefs` FROM " . $pma_table .
" WHERE `username` = '" . $GLOBALS['cfg']['Server']['user'] . "'" .
- " AND `db_name` = '" . $this->db_name . "'" .
- " AND `table_name` = '" . $this->name . "'";
+ " AND `db_name` = '" . PMA_sqlAddSlashes($this->db_name) . "'" .
+ " AND `table_name` = '" . PMA_sqlAddSlashes($this->name) . "'";
$row = PMA_DBI_fetch_array(PMA_query_as_controluser($sql_query));
if (isset($row[0])) {
@@ -1264,8 +1264,9 @@ class PMA_Table
$username = $GLOBALS['cfg']['Server']['user'];
$sql_query =
" REPLACE INTO " . $pma_table .
- " VALUES ('" . $username . "', '" . $this->db_name . "', '" .
- $this->name . "', '" .
PMA_sqlAddSlashes(json_encode($this->uiprefs)) . "')";
+ " VALUES ('" . $username . "', '" . PMA_sqlAddSlashes($this->db_name)
. "', '" .
+ PMA_sqlAddSlashes($this->name) . "', '" .
+ PMA_sqlAddSlashes(json_encode($this->uiprefs)) . "')";
$success = PMA_DBI_try_query($sql_query, $GLOBALS['controllink']);
diff --git a/libraries/export/codegen.php b/libraries/export/codegen.php
index d60785c..fb81cf9 100644
--- a/libraries/export/codegen.php
+++ b/libraries/export/codegen.php
@@ -268,8 +268,8 @@ class TableProperty
{
$lines=array();
$lines[] = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>";
- $lines[] = "<hibernate-mapping
xmlns=\"urn:nhibernate-mapping-2.2\" namespace=\"".ucfirst($db)."\"
assembly=\"".ucfirst($db)."\">";
- $lines[] = " <class name=\"".ucfirst($table)."\"
table=\"".$table."\">";
+ $lines[] = "<hibernate-mapping
xmlns=\"urn:nhibernate-mapping-2.2\"
namespace=\"".ucfirst(htmlspecialchars($db, ENT_COMPAT, 'UTF-8'))."\"
assembly=\"".ucfirst(htmlspecialchars($db, ENT_COMPAT, 'UTF-8'))."\">";
+ $lines[] = " <class
name=\"".ucfirst(htmlspecialchars($table, ENT_COMPAT, 'UTF-8'))."\"
table=\"".htmlspecialchars($table, ENT_COMPAT, 'UTF-8')."\">";
$result = PMA_DBI_query(sprintf("DESC %s.%s",
PMA_backquote($db), PMA_backquote($table)));
if ($result)
{
diff --git a/libraries/export/htmlword.php b/libraries/export/htmlword.php
index c840e93..a97aab2 100644
--- a/libraries/export/htmlword.php
+++ b/libraries/export/htmlword.php
@@ -75,7 +75,7 @@ xmlns="http://www.w3.org/TR/REC-html40";>
* @access public
*/
function PMA_exportDBHeader($db) {
- return PMA_exportOutputHandler('<h1>' . __('Database') . ' ' . $db .
'</h1>');
+ return PMA_exportOutputHandler('<h1>' . __('Database') . ' ' .
htmlspecialchars($db) . '</h1>');
}
/**
@@ -118,7 +118,7 @@ function PMA_exportData($db, $table, $crlf, $error_url,
$sql_query)
{
global $what;
- if (! PMA_exportOutputHandler('<h2>' . __('Dumping data for table') . ' '
. $table . '</h2>')) {
+ if (! PMA_exportOutputHandler('<h2>' . __('Dumping data for table') . ' '
. htmlspecialchars($table) . '</h2>')) {
return false;
}
if (! PMA_exportOutputHandler('<table class="width100" cellspacing="1">'))
{
@@ -192,7 +192,7 @@ function PMA_exportStructure($db, $table, $crlf,
$error_url, $do_relation = fals
{
global $cfgRelation;
- if (! PMA_exportOutputHandler('<h2>' . __('Table structure for table') . '
' .$table . '</h2>')) {
+ if (! PMA_exportOutputHandler('<h2>' . __('Table structure for table') . '
' . htmlspecialchars($table) . '</h2>')) {
return false;
}
diff --git a/libraries/export/json.php b/libraries/export/json.php
index 86e2e89..989ef88 100644
--- a/libraries/export/json.php
+++ b/libraries/export/json.php
@@ -74,7 +74,7 @@ function PMA_exportHeader()
*/
function PMA_exportDBHeader($db)
{
- PMA_exportOutputHandler('/* Database \'' . $db . '\' */ ' .
$GLOBALS['crlf'] );
+ PMA_exportOutputHandler('// Database \'' . $db . '\'' . $GLOBALS['crlf'] );
return true;
}
@@ -134,7 +134,7 @@ function PMA_exportData($db, $table, $crlf, $error_url,
$sql_query)
// Output table name as comment if this is the first record of the
table
if ($record_cnt == 1) {
- $buffer .= '/* ' . $db . '.' . $table . ' */' . $crlf . $crlf;
+ $buffer .= '// ' . $db . '.' . $table . $crlf . $crlf;
$buffer .= '[{';
} else {
$buffer .= ', {';
@@ -147,18 +147,20 @@ function PMA_exportData($db, $table, $crlf, $error_url,
$sql_query)
$column = $columns[$i];
if (is_null($record[$i])) {
- $buffer .= '"' . $column . '": null' . (! $isLastLine ? ',' :
'');
+ $buffer .= '"' . addslashes($column) . '": null' . (!
$isLastLine ? ',' : '');
} elseif (is_numeric($record[$i])) {
- $buffer .= '"' . $column . '": ' . $record[$i] . (!
$isLastLine ? ',' : '');
+ $buffer .= '"' . addslashes($column) . '": ' . $record[$i] .
(! $isLastLine ? ',' : '');
} else {
- $buffer .= '"' . $column . '": "' . addslashes($record[$i]) .
'"' . (! $isLastLine ? ',' : '');
+ $buffer .= '"' . addslashes($column) . '": "' .
addslashes($record[$i]) . '"' . (! $isLastLine ? ',' : '');
}
}
$buffer .= '}';
}
- $buffer .= ']';
+ if ($record_cnt) {
+ $buffer .= ']';
+ }
if (! PMA_exportOutputHandler($buffer)) {
return false;
}
hooks/post-receive
--
phpMyAdmin
------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric
Ries, the creator of the Lean Startup Methodology on "Lean Startup
Secrets Revealed." This video shows you how to validate your ideas,
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________
Phpmyadmin-git mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git
