The branch, QA_3_4 has been updated
via 2cc22c8aba33ad12b3d98905d6dfc29f7c878837 (commit)
via 70083ad58346ff7190bcd8e56b63ab92f6abfa40 (commit)
via 65d962d39703b412dc482be47e092f97933eb8e0 (commit)
via 6d0f28b425dc9f975543301c4b194dd6fbdd494d (commit)
from ed88c4a7b68c8efd764a364d1a9579aa762ebdaa (commit)
- Log -----------------------------------------------------------------
commit 2cc22c8aba33ad12b3d98905d6dfc29f7c878837
Author: Piotr Przybylski <[email protected]>
Date: Thu Jul 14 21:28:41 2011 +0200
Fix CodeGen export
commit 70083ad58346ff7190bcd8e56b63ab92f6abfa40
Author: Piotr Przybylski <[email protected]>
Date: Thu Jul 14 00:05:58 2011 +0200
Fix XML export so it actually can export table structure
More escaping fixes
commit 65d962d39703b412dc482be47e092f97933eb8e0
Author: Piotr Przybylski <[email protected]>
Date: Wed Jul 13 23:42:29 2011 +0200
Better escaping in XML export
Note: it's still incorrect
commit 6d0f28b425dc9f975543301c4b194dd6fbdd494d
Author: Piotr Przybylski <[email protected]>
Date: Wed Jul 13 23:40:58 2011 +0200
Improve readability of XML export code
-----------------------------------------------------------------------
Summary of changes:
libraries/export/codegen.php | 76 +++++++++++++++++++++++++++---------------
libraries/export/xml.php | 43 +++++++++++------------
2 files changed, 70 insertions(+), 49 deletions(-)
diff --git a/libraries/export/codegen.php b/libraries/export/codegen.php
index 8e36f40..7160122 100644
--- a/libraries/export/codegen.php
+++ b/libraries/export/codegen.php
@@ -138,12 +138,12 @@ function PMA_exportDBCreate($db)
*/
function PMA_exportData($db, $table, $crlf, $error_url, $sql_query)
{
- global $CG_FORMATS, $CG_HANDLERS;
- $format = cgGetOption("format");
- $index = array_search($format, $CG_FORMATS);
- if ($index >= 0)
- return PMA_exportOutputHandler($CG_HANDLERS[$index]($db,
$table, $crlf));
- return PMA_exportOutputHandler(sprintf("%s is not supported.",
$format));
+ global $CG_FORMATS, $CG_HANDLERS;
+ $format = cgGetOption("format");
+ if (isset($CG_FORMATS[$format])) {
+ return PMA_exportOutputHandler($CG_HANDLERS[$format]($db, $table,
$crlf));
+ }
+ return PMA_exportOutputHandler(sprintf("%s is not supported.", $format));
}
/**
@@ -209,28 +209,50 @@ class TableProperty
function getIndexName()
{
if (strlen($this->key)>0)
- return "index=\"" . $this->name . "\"";
+ return "index=\"" . htmlspecialchars($this->name,
ENT_COMPAT, 'UTF-8') . "\"";
return "";
}
function isPK()
{
return $this->key=="PRI";
}
- function format($pattern)
+ function formatCs($text)
+ {
+ $text=str_replace("#name#", cgMakeIdentifier($this->name, false),
$text);
+ return $this->format($text);
+ }
+ function formatXml($text)
+ {
+ $text=str_replace("#name#", htmlspecialchars($this->name, ENT_COMPAT,
'UTF-8'), $text);
+ $text=str_replace("#indexName#", $this->getIndexName(), $text);
+ return $this->format($text);
+ }
+ function format($text)
{
- $text=$pattern;
- $text=str_replace("#name#", $this->name, $text);
+ $text=str_replace("#ucfirstName#", cgMakeIdentifier($this->name),
$text);
+ $text=str_replace("#dotNetPrimitiveType#",
$this->getDotNetPrimitiveType(), $text);
+ $text=str_replace("#dotNetObjectType#", $this->getDotNetObjectType(),
$text);
$text=str_replace("#type#", $this->getPureType(), $text);
$text=str_replace("#notNull#", $this->isNotNull(), $text);
$text=str_replace("#unique#", $this->isUnique(), $text);
- $text=str_replace("#ucfirstName#", ucfirst($this->name), $text);
- $text=str_replace("#dotNetPrimitiveType#",
$this->getDotNetPrimitiveType(), $text);
- $text=str_replace("#dotNetObjectType#",
$this->getDotNetObjectType(), $text);
- $text=str_replace("#indexName#", $this->getIndexName(), $text);
return $text;
}
}
+ function cgMakeIdentifier($str, $ucfirst = true)
+ {
+ // remove unsafe characters
+ $str = preg_replace('/[^\p{L}\p{Nl}_]/u', '', $str);
+ // make sure first character is a letter or _
+ if (!preg_match('/^\pL/u', $str)) {
+ $str = '_' . $str;
+ }
+ if ($ucfirst) {
+ $str = ucfirst($str);
+ }
+ return $str;
+ }
+
function handleNHibernateCSBody($db, $table, $crlf)
{
$lines=array();
@@ -244,31 +266,31 @@ class TableProperty
$lines[] = "using System.Collections;";
$lines[] = "using System.Collections.Generic;";
$lines[] = "using System.Text;";
- $lines[] = "namespace ".ucfirst($db);
+ $lines[] = "namespace ".cgMakeIdentifier($db);
$lines[] = "{";
- $lines[] = " #region ".ucfirst($table);
- $lines[] = " public class ".ucfirst($table);
+ $lines[] = " #region ".cgMakeIdentifier($table);
+ $lines[] = " public class ".cgMakeIdentifier($table);
$lines[] = " {";
$lines[] = " #region Member Variables";
foreach ($tableProperties as $tablePropertie)
- $lines[] = $tablePropertie->format("
protected #dotNetPrimitiveType# _#name#;");
+ $lines[] = $tablePropertie->formatCs("
protected #dotNetPrimitiveType# _#name#;");
$lines[] = " #endregion";
$lines[] = " #region Constructors";
- $lines[] = " public ".ucfirst($table)."() {
}";
+ $lines[] = " public
".cgMakeIdentifier($table)."() { }";
$temp = array();
foreach ($tableProperties as $tablePropertie)
if (! $tablePropertie->isPK())
- $temp[] =
$tablePropertie->format("#dotNetPrimitiveType# #name#");
- $lines[] = " public
".ucfirst($table)."(".implode(", ", $temp).")";
+ $temp[] =
$tablePropertie->formatCs("#dotNetPrimitiveType# #name#");
+ $lines[] = " public
".cgMakeIdentifier($table)."(".implode(", ", $temp).")";
$lines[] = " {";
foreach ($tableProperties as $tablePropertie)
if (! $tablePropertie->isPK())
- $lines[] = $tablePropertie->format("
this._#name#=#name#;");
+ $lines[] = $tablePropertie->formatCs("
this._#name#=#name#;");
$lines[] = " }";
$lines[] = " #endregion";
$lines[] = " #region Public Properties";
foreach ($tableProperties as $tablePropertie)
- $lines[] = $tablePropertie->format("
public virtual #dotNetPrimitiveType# _#ucfirstName#\n {\n
get {return _#name#;}\n set {_#name#=value;}\n
}");
+ $lines[] = $tablePropertie->formatCs("
public virtual #dotNetPrimitiveType# #ucfirstName#\n {\n
get {return _#name#;}\n set {_#name#=value;}\n
}");
$lines[] = " #endregion";
$lines[] = " }";
$lines[] = " #endregion";
@@ -282,8 +304,8 @@ class TableProperty
{
$lines=array();
$lines[] = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>";
- $lines[] = "<hibernate-mapping
xmlns=\"urn:nhibernate-mapping-2.2\" namespace=\"".ucfirst($db)."\"
assembly=\"".ucfirst($db)."\">";
- $lines[] = " <class name=\"".ucfirst($table)."\"
table=\"".$table."\">";
+ $lines[] = "<hibernate-mapping
xmlns=\"urn:nhibernate-mapping-2.2\" namespace=\"".cgMakeIdentifier($db)."\"
assembly=\"".cgMakeIdentifier($db)."\">";
+ $lines[] = " <class name=\"".cgMakeIdentifier($table)."\"
table=\"".cgMakeIdentifier($table)."\">";
$result = PMA_DBI_query(sprintf("DESC %s.%s",
PMA_backquote($db), PMA_backquote($table)));
if ($result)
{
@@ -293,9 +315,9 @@ class TableProperty
foreach ($tableProperties as $tablePropertie)
{
if ($tablePropertie->isPK())
- $lines[] = $tablePropertie->format("
<id name=\"#ucfirstName#\" type=\"#dotNetObjectType#\"
unsaved-value=\"0\">\n <column name=\"#name#\"
sql-type=\"#type#\" not-null=\"#notNull#\" unique=\"#unique#\"
index=\"PRIMARY\"/>\n <generator class=\"native\" />\n
</id>");
+ $lines[] = $tablePropertie->formatXml("
<id name=\"#ucfirstName#\" type=\"#dotNetObjectType#\"
unsaved-value=\"0\">\n <column name=\"#name#\"
sql-type=\"#type#\" not-null=\"#notNull#\" unique=\"#unique#\"
index=\"PRIMARY\"/>\n <generator class=\"native\" />\n
</id>");
else
- $lines[] = $tablePropertie->format("
<property name=\"#ucfirstName#\" type=\"#dotNetObjectType#\">\n
<column name=\"#name#\" sql-type=\"#type#\" not-null=\"#notNull#\"
#indexName#/>\n </property>");
+ $lines[] = $tablePropertie->formatXml("
<property name=\"#ucfirstName#\" type=\"#dotNetObjectType#\">\n
<column name=\"#name#\" sql-type=\"#type#\" not-null=\"#notNull#\"
#indexName#/>\n </property>");
}
PMA_DBI_free_result($result);
}
diff --git a/libraries/export/xml.php b/libraries/export/xml.php
index 9bafb09..83b51ee 100644
--- a/libraries/export/xml.php
+++ b/libraries/export/xml.php
@@ -82,13 +82,14 @@ function PMA_exportFooter() {
function PMA_exportHeader() {
global $crlf;
global $cfg;
- global $what;
global $db;
global $table;
global $tables;
- $export_struct = isset($GLOBALS[$what . '_export_struc']) ? true : false;
- $export_data = isset($GLOBALS[$what . '_export_contents']) ? true : false;
+ $export_struct = isset($GLOBALS['xml_export_functions']) ||
isset($GLOBALS['xml_export_procedures'])
+ || isset($GLOBALS['xml_export_tables']) ||
isset($GLOBALS['xml_export_triggers'])
+ || isset($GLOBALS['xml_export_views']);
+ $export_data = isset($GLOBALS['xml_export_contents']) ? true : false;
if ($GLOBALS['output_charset_conversion']) {
$charset = $GLOBALS['charset_of_file'];
@@ -123,7 +124,7 @@ function PMA_exportHeader() {
$head .= ' - Structure schemas' . $crlf;
$head .= ' -->' . $crlf;
$head .= ' <pma:structure_schemas>' . $crlf;
- $head .= ' <pma:database name="' . $db . '" collation="' .
$db_collation . '" charset="' . $db_charset . '">' . $crlf;
+ $head .= ' <pma:database name="' . htmlspecialchars($db) . '"
collation="' . $db_collation . '" charset="' . $db_charset . '">' . $crlf;
if (count($tables) == 0) {
$tables[] = $table;
@@ -142,23 +143,23 @@ function PMA_exportHeader() {
$type = 'table';
}
- if ($is_view && ! isset($GLOBALS[$what . '_export_views'])) {
+ if ($is_view && ! isset($GLOBALS['xml_export_views'])) {
continue;
}
- if (! $is_view && ! isset($GLOBALS[$what . '_export_tables'])) {
+ if (! $is_view && ! isset($GLOBALS['xml_export_tables'])) {
continue;
}
$head .= ' <pma:' . $type . ' name="' . $table . '">' .
$crlf;
- $tbl = " " . $tbl;
+ $tbl = " " . htmlspecialchars($tbl);
$tbl = str_replace("\n", "\n ", $tbl);
$head .= $tbl . ';' . $crlf;
$head .= ' </pma:' . $type . '>' . $crlf;
- if (isset($GLOBALS[$what . '_export_triggers']) && $GLOBALS[$what
. '_export_triggers']) {
+ if (isset($GLOBALS['xml_export_triggers']) &&
$GLOBALS['xml_export_triggers']) {
// Export triggers
$triggers = PMA_DBI_get_triggers($db, $table);
if ($triggers) {
@@ -168,7 +169,7 @@ function PMA_exportHeader() {
// Do some formatting
$code = substr(rtrim($code), 0, -3);
- $code = " " . $code;
+ $code = " " . htmlspecialchars($code);
$code = str_replace("\n", "\n ", $code);
$head .= $code . $crlf;
@@ -181,7 +182,7 @@ function PMA_exportHeader() {
}
}
- if (isset($GLOBALS[$what . '_export_functions']) && $GLOBALS[$what .
'_export_functions']) {
+ if (isset($GLOBALS['xml_export_functions']) &&
$GLOBALS['xml_export_functions']) {
// Export functions
$functions = PMA_DBI_get_procedures_or_functions($db, 'FUNCTION');
if ($functions) {
@@ -191,7 +192,7 @@ function PMA_exportHeader() {
// Do some formatting
$sql = PMA_DBI_get_definition($db, 'FUNCTION', $function);
$sql = rtrim($sql);
- $sql = " " . $sql;
+ $sql = " " . htmlspecialchars($sql);
$sql = str_replace("\n", "\n ", $sql);
$head .= $sql . $crlf;
@@ -204,7 +205,7 @@ function PMA_exportHeader() {
}
}
- if (isset($GLOBALS[$what . '_export_procedures']) && $GLOBALS[$what .
'_export_procedures']) {
+ if (isset($GLOBALS['xml_export_procedures']) &&
$GLOBALS['xml_export_procedures']) {
// Export procedures
$procedures = PMA_DBI_get_procedures_or_functions($db,
'PROCEDURE');
if ($procedures) {
@@ -214,7 +215,7 @@ function PMA_exportHeader() {
// Do some formatting
$sql = PMA_DBI_get_definition($db, 'PROCEDURE',
$procedure);
$sql = rtrim($sql);
- $sql = " " . $sql;
+ $sql = " " . htmlspecialchars($sql);
$sql = str_replace("\n", "\n ", $sql);
$head .= $sql . $crlf;
@@ -251,13 +252,12 @@ function PMA_exportHeader() {
*/
function PMA_exportDBHeader($db) {
global $crlf;
- global $what;
- if (isset($GLOBALS[$what . '_export_contents']) && $GLOBALS[$what .
'_export_contents']) {
+ if (isset($GLOBALS['xml_export_contents']) &&
$GLOBALS['xml_export_contents']) {
$head = ' <!--' . $crlf
. ' - ' . __('Database') . ': ' .
(isset($GLOBALS['use_backquotes']) ? PMA_backquote($db) : '\'' . $db . '\'').
$crlf
. ' -->' . $crlf
- . ' <database name="' . $db . '">' . $crlf;
+ . ' <database name="' . htmlspecialchars($db) . '">' . $crlf;
return PMA_exportOutputHandler($head);
}
@@ -278,9 +278,8 @@ function PMA_exportDBHeader($db) {
*/
function PMA_exportDBFooter($db) {
global $crlf;
- global $what;
- if (isset($GLOBALS[$what . '_export_contents']) && $GLOBALS[$what .
'_export_contents']) {
+ if (isset($GLOBALS['xml_export_contents']) &&
$GLOBALS['xml_export_contents']) {
return PMA_exportOutputHandler(' </database>' . $crlf);
}
else
@@ -317,12 +316,12 @@ function PMA_exportDBCreate($db) {
* @access public
*/
function PMA_exportData($db, $table, $crlf, $error_url, $sql_query) {
- global $what;
-
- if (isset($GLOBALS[$what . '_export_contents']) && $GLOBALS[$what .
'_export_contents']) {
+
+ if (isset($GLOBALS['xml_export_contents']) &&
$GLOBALS['xml_export_contents']) {
$result = PMA_DBI_query($sql_query, null,
PMA_DBI_QUERY_UNBUFFERED);
$columns_cnt = PMA_DBI_num_fields($result);
+ $columns = array();
for ($i = 0; $i < $columns_cnt; $i++) {
$columns[$i] = stripslashes(str_replace(' ', '_',
PMA_DBI_field_name($result, $i)));
}
@@ -340,7 +339,7 @@ function PMA_exportData($db, $table, $crlf, $error_url,
$sql_query) {
if (!isset($record[$i]) || is_null($record[$i])) {
$record[$i] = 'NULL';
}
- $buffer .= ' <column name="' . $columns[$i] . '">'
. htmlspecialchars((string)$record[$i])
+ $buffer .= ' <column name="' .
htmlspecialchars($columns[$i]) . '">' . htmlspecialchars((string)$record[$i])
. '</column>' . $crlf;
}
$buffer .= ' </table>' . $crlf;
hooks/post-receive
--
phpMyAdmin
------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric
Ries, the creator of the Lean Startup Methodology on "Lean Startup
Secrets Revealed." This video shows you how to validate your ideas,
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________
Phpmyadmin-git mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git
