Fixed bug #3534311 - Grid editing incorrectly parses ENUM/SET values

phpmyadmin · Jun 11, 2012 · ddd1eac · lem9 · Mar 1, 2013 · roccivic
1 parent b1855ec
commit ddd1eac
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 39 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -14,6 +14,7 @@ phpMyAdmin - ChangeLog
 - bug #3531585 [interface] Broken password validation in copy user form
 - bug #3531586 [unterface] Add user form prints JSON when user presses enter
 - bug #3534121 [config] duplicate line in config.sample.inc.php
+- bug #3534311 [interface] Grid editing incorrectly parses ENUM/SET values
 
 3.5.1.0 (2012-05-03)
 - bug #3510784 [edit] Limit clause ignored when sort order is remembered

diff --git a/enum_editor.php b/enum_editor.php
@@ -43,39 +43,9 @@
                     foreach ($values as $key => $value) {
                         $values[$key] = htmlentities($value);
                     }
-                    // If the values are in a string
                 } elseif (isset($_GET['values']) && is_string($_GET['values'])) {
-                    // then this page was called via a link from some external page
+                    // Parse the values from a string
-                    $values_string = htmlentities($_GET['values']);
+                    $values = PMA_parseEnumSetValues($_GET['values']);
-                    // There is a JS port of the below parser in functions.js
-                    // If you are fixing something here,
-                    // you need to also update the JS port.
-                    $values = array();
-                    $in_string = false;
-                    $buffer = '';
-                    for ($i=0; $i<strlen($values_string); $i++) {
-                        $curr = $values_string[$i];
-                        $next = $i == strlen($values_string)-1 ? '' : $values_string[$i+1];
-                        if (! $in_string && $curr == "'") {
-                            $in_string = true;
-                        } else if ($in_string && $curr == "\\" && $next == "\\") {
-                            $buffer .= "&#92;";
-                            $i++;
-                        } else if ($in_string && $next == "'" && ($curr == "'" || $curr == "\\")) {
-                            $buffer .= "&#39;";
-                            $i++;
-                        } else if ($in_string && $curr == "'") {
-                            $in_string = false;
-                            $values[] = $buffer;
-                            $buffer = '';
-                        } else if ($in_string) {
-                             $buffer .= $curr;
-                        }
-                    }
-                    if (strlen($buffer) > 0) {
-                        // The leftovers in the buffer are the last value (if any)
-                        $values[] = $buffer;
-                    }
                 }
                 // Escape double quotes
                 foreach ($values as $key => $value) {

diff --git a/libraries/common.lib.php b/libraries/common.lib.php
@@ -3839,4 +3839,48 @@ function PMA_printButton()
     echo '<input type="button" id="print" value="' . __('Print') . '" />';
     echo '</p>';
 }
+
+/**
+ * Parses ENUM/SET values
+ *
+ * @param string $definition The definition of the column
+ *                           for which to parse the values
+ *
+ * @return array
+ */
+function PMA_parseEnumSetValues($definition)
+{
+    $values_string = htmlentities($definition);
+    // There is a JS port of the below parser in functions.js
+    // If you are fixing something here,
+    // you need to also update the JS port.
+    $values = array();
+    $in_string = false;
+    $buffer = '';
+    for ($i=0; $i<strlen($values_string); $i++) {
+        $curr = $values_string[$i];
+        $next = $i == strlen($values_string)-1 ? '' : $values_string[$i+1];
+        if (! $in_string && $curr == "'") {
+            $in_string = true;
+        } else if ($in_string && $curr == "\\" && $next == "\\") {
+            $buffer .= "&#92;";
+            $i++;
+        } else if ($in_string && $next == "'" && ($curr == "'" || $curr == "\\")) {
+            $buffer .= "&#39;";
+            $i++;
+        } else if ($in_string && $curr == "'") {
+            $in_string = false;
+            $values[] = $buffer;
+            $buffer = '';
+        } else if ($in_string) {
+             $buffer .= $curr;
+        }
+    }
+    if (strlen($buffer) > 0) {
+        // The leftovers in the buffer are the last value (if any)
+        $values[] = $buffer;
+    }
+    return $values;
+}
+
 ?>
diff --git a/sql.php b/sql.php
@@ -125,13 +125,11 @@
 
     $field_info_result = PMA_DBI_fetch_result($field_info_query, null, null, null, PMA_DBI_QUERY_STORE);
 
-    $search = array('enum', '(', ')', "'");
+    $values = PMA_parseEnumSetValues($field_info_result[0]['Type']);
-
-    $values = explode(',', str_replace($search, '', $field_info_result[0]['Type']));
 
     $dropdown = '<option value="">&nbsp;</option>';
     foreach ($values as $value) {
-        $dropdown .= '<option value="' . htmlspecialchars($value) . '"';
+        $dropdown .= '<option value="' . $value . '"';
         if ($value == $_REQUEST['curr_value']) {
             $dropdown .= ' selected="selected"';
         }
@@ -154,12 +152,11 @@
 
     $selected_values = explode(',', $_REQUEST['curr_value']);
 
-    $search = array('set', '(', ')', "'");
+    $values = PMA_parseEnumSetValues($field_info_result[0]['Type']);
-    $values = explode(',', str_replace($search, '', $field_info_result[0]['Type']));
 
     $select = '';
     foreach ($values as $value) {
-        $select .= '<option value="' . htmlspecialchars($value) . '"';
+        $select .= '<option value="' . $value . '"';
         if (in_array($value, $selected_values, true)) {
             $select .= ' selected="selected"';
         }