Permalink
Browse files

Properly escape database name in central column queries

Signed-off-by: Michal Čihař <michal@cihar.com>
  • Loading branch information...
nijel committed Jun 15, 2016
1 parent 79a34ff commit ef6c66dca1b0cb0a1a482477938cfc859d2baee3
Showing with 8 additions and 8 deletions.
  1. +8 −8 libraries/central_columns.lib.php
@@ -60,10 +60,10 @@ function PMA_getColumnsList($db, $from=0, $num=25)
//get current values of $db from central column list
if ($num == 0) {
$query = 'SELECT * FROM ' . Util::backquote($central_list_table) . ' '
. 'WHERE db_name = \'' . $db . '\';';
. 'WHERE db_name = \'' . Util::sqlAddSlashes($db) . '\';';
} else {
$query = 'SELECT * FROM ' . Util::backquote($central_list_table) . ' '
. 'WHERE db_name = \'' . $db . '\' '
. 'WHERE db_name = \'' . Util::sqlAddSlashes($db) . '\' '
. 'LIMIT ' . $from . ', ' . $num . ';';
}
$has_list = (array) $GLOBALS['dbi']->fetchResult(
@@ -91,7 +91,7 @@ function PMA_getCentralColumnsCount($db)
$central_list_table = $cfgCentralColumns['table'];
$query = 'SELECT count(db_name) FROM ' .
Util::backquote($central_list_table) . ' '
. 'WHERE db_name = \'' . $db . '\';';
. 'WHERE db_name = \'' . Util::sqlAddSlashes($db) . '\';';
$res = $GLOBALS['dbi']->fetchResult(
$query, null, null, $GLOBALS['controllink']
);
@@ -122,15 +122,15 @@ function PMA_findExistingColNames($db, $cols, $allFields=false)
$central_list_table = $cfgCentralColumns['table'];
if ($allFields) {
$query = 'SELECT * FROM ' . Util::backquote($central_list_table) . ' '
. 'WHERE db_name = \'' . $db . '\' AND col_name IN (' . $cols . ');';
. 'WHERE db_name = \'' . Util::sqlAddSlashes($db) . '\' AND col_name IN (' . $cols . ');';
$has_list = (array) $GLOBALS['dbi']->fetchResult(
$query, null, null, $GLOBALS['controllink']
);
PMA_handleColumnExtra($has_list);
} else {
$query = 'SELECT col_name FROM '
. Util::backquote($central_list_table) . ' '
. 'WHERE db_name = \'' . $db . '\' AND col_name IN (' . $cols . ');';
. 'WHERE db_name = \'' . Util::sqlAddSlashes($db) . '\' AND col_name IN (' . $cols . ');';
$has_list = (array) $GLOBALS['dbi']->fetchResult(
$query, null, null, $GLOBALS['controllink']
);
@@ -376,7 +376,7 @@ function PMA_deleteColumnsFromList($field_select, $isTable=true)
$GLOBALS['dbi']->selectDb($pmadb, $GLOBALS['controllink']);
$query = 'DELETE FROM ' . Util::backquote($central_list_table) . ' '
. 'WHERE db_name = \'' . $db . '\' AND col_name IN (' . $cols . ');';
. 'WHERE db_name = \'' . Util::sqlAddSlashes($db) . '\' AND col_name IN (' . $cols . ');';
if (!$GLOBALS['dbi']->tryQuery($query, $GLOBALS['controllink'])) {
$message = Message::error(__('Could not remove columns!'));
@@ -1147,7 +1147,7 @@ function PMA_getCentralColumnsListRaw($db, $table)
$centralTable = $cfgCentralColumns['table'];
if (empty($table) || $table == '') {
$query = 'SELECT * FROM ' . Util::backquote($centralTable) . ' '
. 'WHERE db_name = \'' . $db . '\';';
. 'WHERE db_name = \'' . Util::sqlAddSlashes($db) . '\';';
} else {
$GLOBALS['dbi']->selectDb($db, $GLOBALS['userlink']);
$columns = (array) $GLOBALS['dbi']->getColumnNames(
@@ -1159,7 +1159,7 @@ function PMA_getCentralColumnsListRaw($db, $table)
}
$cols = trim($cols, ',');
$query = 'SELECT * FROM ' . Util::backquote($centralTable) . ' '
. 'WHERE db_name = \'' . $db . '\'';
. 'WHERE db_name = \'' . Util::sqlAddSlashes($db) . '\'';
if ($cols) {
$query .= ' AND col_name NOT IN (' . $cols . ')';
}

0 comments on commit ef6c66d

Please sign in to comment.