Permalink
Browse files

Ability to save expression in edit

  • Loading branch information...
1 parent c708fa1 commit 327b56bcdf46d5eb423557da83a276a9a280858b @vrana committed Mar 15, 2011
Showing with 8 additions and 0 deletions.
  1. +6 −0 adminer/include/adminer.inc.php
  2. +2 −0 changes.txt
@@ -429,6 +429,9 @@ function editFunctions($field) {
$return .= "/$val";
}
}
+ if ($key) {
+ $return .= "/=";
+ }
}
}
return explode("/", $return);
@@ -458,6 +461,9 @@ function editInput($table, $field, $attrs, $value) {
* @return string expression to use in a query
*/
function processInput($field, $value, $function = "") {
+ if ($function == "=") {
+ return $value; // SQL injection
+ }
$name = $field["field"];
$return = ($field["type"] == "bit" && ereg('^[0-9]+$', $value) ? $value : q($value));
if (ereg('^(now|getdate|uuid)$', $function)) {
View
@@ -1,4 +1,5 @@
Adminer 3.2.1-dev:
+Ability to save expression in edit
Respect default database collation (bug #3191489)
Don't export triggers without table (bug #3193489)
Esc to focus next field in Tab textarea (thanks to David Grudl)
@@ -9,6 +10,7 @@ Use DELIMITER in history
Show databases even with skip_show_database in MySQL 5 (thanks to Radoslaw Kowalewski)
Set MySQL time zone by PHP setting
Better placement of AJAX icon
+Table header in CSV export (Editor)
Polish translation
Adminer 3.2.0 (released 2011-02-24):

0 comments on commit 327b56b

Please sign in to comment.