Permalink
Browse files

Fixed bug #3534311 - Grid editing incorrectly parses ENUM/SET values

  • Loading branch information...
1 parent b1855ec commit ddd1eac48069ebd0d66acaea802cdcb3ee0fdeac @roccivic roccivic committed Jun 11, 2012
Showing with 51 additions and 39 deletions.
  1. +1 −0 ChangeLog
  2. +2 −32 enum_editor.php
  3. +44 −0 libraries/common.lib.php
  4. +4 −7 sql.php
View
@@ -14,6 +14,7 @@ phpMyAdmin - ChangeLog
- bug #3531585 [interface] Broken password validation in copy user form
- bug #3531586 [unterface] Add user form prints JSON when user presses enter
- bug #3534121 [config] duplicate line in config.sample.inc.php
+- bug #3534311 [interface] Grid editing incorrectly parses ENUM/SET values
3.5.1.0 (2012-05-03)
- bug #3510784 [edit] Limit clause ignored when sort order is remembered
View
@@ -43,39 +43,9 @@
foreach ($values as $key => $value) {
$values[$key] = htmlentities($value);
}
- // If the values are in a string
} elseif (isset($_GET['values']) && is_string($_GET['values'])) {
- // then this page was called via a link from some external page
- $values_string = htmlentities($_GET['values']);
- // There is a JS port of the below parser in functions.js
- // If you are fixing something here,
- // you need to also update the JS port.
- $values = array();
- $in_string = false;
- $buffer = '';
- for ($i=0; $i<strlen($values_string); $i++) {
- $curr = $values_string[$i];
- $next = $i == strlen($values_string)-1 ? '' : $values_string[$i+1];
- if (! $in_string && $curr == "'") {
- $in_string = true;
- } else if ($in_string && $curr == "\\" && $next == "\\") {
- $buffer .= "&#92;";
- $i++;
- } else if ($in_string && $next == "'" && ($curr == "'" || $curr == "\\")) {
- $buffer .= "&#39;";
- $i++;
- } else if ($in_string && $curr == "'") {
- $in_string = false;
- $values[] = $buffer;
- $buffer = '';
- } else if ($in_string) {
- $buffer .= $curr;
- }
- }
- if (strlen($buffer) > 0) {
- // The leftovers in the buffer are the last value (if any)
- $values[] = $buffer;
- }
+ // Parse the values from a string
+ $values = PMA_parseEnumSetValues($_GET['values']);
}
// Escape double quotes
foreach ($values as $key => $value) {
View
@@ -3839,4 +3839,48 @@ function PMA_printButton()
echo '<input type="button" id="print" value="' . __('Print') . '" />';
echo '</p>';
}
+
+/**
+ * Parses ENUM/SET values
+ *
+ * @param string $definition The definition of the column
+ * for which to parse the values
+ *
+ * @return array
+ */
+function PMA_parseEnumSetValues($definition)
+{
+ $values_string = htmlentities($definition);
@lem9

lem9 Mar 1, 2013

Contributor

Rouslan,
why htmlentities() ? See #188

@roccivic

roccivic Mar 1, 2013

Contributor

the output of this function is printed inside html code, see below in this commit.
so we need to make sure that double quotes are escaped to &quot;

+ // There is a JS port of the below parser in functions.js
+ // If you are fixing something here,
+ // you need to also update the JS port.
+ $values = array();
+ $in_string = false;
+ $buffer = '';
+ for ($i=0; $i<strlen($values_string); $i++) {
+ $curr = $values_string[$i];
+ $next = $i == strlen($values_string)-1 ? '' : $values_string[$i+1];
+ if (! $in_string && $curr == "'") {
+ $in_string = true;
+ } else if ($in_string && $curr == "\\" && $next == "\\") {
+ $buffer .= "&#92;";
+ $i++;
+ } else if ($in_string && $next == "'" && ($curr == "'" || $curr == "\\")) {
+ $buffer .= "&#39;";
+ $i++;
+ } else if ($in_string && $curr == "'") {
+ $in_string = false;
+ $values[] = $buffer;
+ $buffer = '';
+ } else if ($in_string) {
+ $buffer .= $curr;
+ }
+ }
+ if (strlen($buffer) > 0) {
+ // The leftovers in the buffer are the last value (if any)
+ $values[] = $buffer;
+ }
+ return $values;
+}
+
?>
View
11 sql.php
@@ -125,13 +125,11 @@
$field_info_result = PMA_DBI_fetch_result($field_info_query, null, null, null, PMA_DBI_QUERY_STORE);
- $search = array('enum', '(', ')', "'");
-
- $values = explode(',', str_replace($search, '', $field_info_result[0]['Type']));
+ $values = PMA_parseEnumSetValues($field_info_result[0]['Type']);
$dropdown = '<option value="">&nbsp;</option>';
foreach ($values as $value) {
- $dropdown .= '<option value="' . htmlspecialchars($value) . '"';
+ $dropdown .= '<option value="' . $value . '"';
if ($value == $_REQUEST['curr_value']) {
$dropdown .= ' selected="selected"';
}
@@ -154,12 +152,11 @@
$selected_values = explode(',', $_REQUEST['curr_value']);
- $search = array('set', '(', ')', "'");
- $values = explode(',', str_replace($search, '', $field_info_result[0]['Type']));
+ $values = PMA_parseEnumSetValues($field_info_result[0]['Type']);
$select = '';
foreach ($values as $value) {
- $select .= '<option value="' . htmlspecialchars($value) . '"';
+ $select .= '<option value="' . $value . '"';
if (in_array($value, $selected_values, true)) {
$select .= ' selected="selected"';
}

0 comments on commit ddd1eac

Please sign in to comment.