Permalink
Browse files

Coding style, documentation

  • Loading branch information...
1 parent b7c1742 commit 999e85b505b57c58e397ea967e4333f6fa38b57a @nijel nijel committed Oct 25, 2011
Showing with 24 additions and 8 deletions.
  1. +24 −8 libraries/database_interface.lib.php
@@ -10,13 +10,20 @@
}
/**
- *
+ * Force STORE_RESULT method, ignored by classic MySQL.
+ */
+define('PMA_DBI_QUERY_STORE', 1);
+/**
+ * Do not read whole query.
+ */
+define('PMA_DBI_QUERY_UNBUFFERED', 2);
+/**
+ * Get session variable.
*/
-// PMA_DBI_try_query()
-define('PMA_DBI_QUERY_STORE', 1); // Force STORE_RESULT method, ignored by classic MySQL.
-define('PMA_DBI_QUERY_UNBUFFERED', 2); // Do not read whole query
-// PMA_DBI_get_variable()
define('PMA_DBI_GETVAR_SESSION', 1);
+/**
+ * Get global variable.
+ */
define('PMA_DBI_GETVAR_GLOBAL', 2);
/**
@@ -48,7 +55,11 @@ function PMA_DBI_checkDbExtension($extension = 'mysql')
* @todo add different messages for alternative extension
* and complete fail (no alternative extension too)
*/
- PMA_warnMissingExtension($GLOBALS['cfg']['Server']['extension'], false, PMA_showDocu('faqmysql'));
+ PMA_warnMissingExtension(
+ $GLOBALS['cfg']['Server']['extension'],
+ false,
+ PMA_showDocu('faqmysql')
@lem9

lem9 Jan 13, 2013

Contributor

Michal,
I am working on https://sourceforge.net/tracker/index.php?func=detail&aid=3599362&group_id=23067&atid=377408. PMA_warnMissingExtension() uses trigger_error() which calls handleError() in libraries/Error_Handler.class.php. This function calls PMA_Error() by applying htmlspecialchars() to the error string, which mangles the HTML added by PMA_showDocu('faqmysql');

Removing the call to htmlspecialchars() solves this bug but I have a big doubt about removing this protection for all error messages (which might include a db or table name in them).

@nijel

nijel Jan 14, 2013

Owner

The escaping definitely needs to stay there - the error messages can come from PHP as well, where we have no control about their content.

Maybe it would be better not to use trigger_error, but directly add errors using Error_Handler class, where would be able to ensure safe content.

+ );
if ($GLOBALS['cfg']['Server']['extension'] === 'mysql') {
$alternativ_extension = 'mysqli';
@@ -58,7 +69,11 @@ function PMA_DBI_checkDbExtension($extension = 'mysql')
if (! PMA_DBI_checkDbExtension($alternativ_extension)) {
// if alternative fails too ...
- PMA_warnMissingExtension($GLOBALS['cfg']['Server']['extension'], true, PMA_showDocu('faqmysql'));
+ PMA_warnMissingExtension(
+ $GLOBALS['cfg']['Server']['extension'],
+ true,
+ PMA_showDocu('faqmysql')
+ );
}
$GLOBALS['cfg']['Server']['extension'] = $alternativ_extension;
@@ -68,7 +83,8 @@ function PMA_DBI_checkDbExtension($extension = 'mysql')
/**
* Including The DBI Plugin
*/
-require_once './libraries/dbi/' . $GLOBALS['cfg']['Server']['extension'] . '.dbi.lib.php';
+require_once './libraries/dbi/'
+ . $GLOBALS['cfg']['Server']['extension'] . '.dbi.lib.php';
/**
* runs a query

0 comments on commit 999e85b

Please sign in to comment.