Permalink
Browse files

Comments

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@729 7c3ca157-0c34-0410-bff1-cbf682f78f5c
  • Loading branch information...
jakubvrana
jakubvrana committed Jun 21, 2009
1 parent 5d311ef commit 64ba92421bdb5a9a5360ca0857e7b282051c9172
View
@@ -10,6 +10,7 @@
query_redirect("DROP TABLE " . idf_escape($_GET["create"]), substr($SELF, 0, -1), lang('Table has been dropped.'));
} else {
$auto_increment_index = " PRIMARY KEY";
+ // don't overwrite primary key by auto_increment
if (strlen($_GET["create"]) && strlen($_POST["fields"][$_POST["auto_increment_col"]]["orig"])) {
foreach (indexes($_GET["create"]) as $index) {
foreach ($index["columns"] as $column) {
View
@@ -24,7 +24,7 @@
<p><textarea name="select" rows="10" cols="80" style="width: 98%;"><?php echo htmlspecialchars($row["select"]); ?></textarea></p>
<p>
<input type="hidden" name="token" value="<?php echo $token; ?>" />
-<?php if ($dropped) { ?><input type="hidden" name="dropped" value="1" /><?php } ?>
+<?php if ($dropped) { // old view was dropped but new wasn't created ?><input type="hidden" name="dropped" value="1" /><?php } ?>
<?php echo lang('Name'); ?>: <input name="name" value="<?php echo htmlspecialchars($row["name"]); ?>" maxlength="64" />
<input type="submit" value="<?php echo lang('Save'); ?>" />
<?php if (strlen($_GET["createv"])) { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo $confirm; ?> /><?php } ?>
View
@@ -1,14 +1,15 @@
<?php
-if ($_POST && !$error && !$_POST["add_x"]) {
+if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP changes add.x to add_x
if ($_POST["drop"]) {
unset($_SESSION["databases"][$_GET["server"]]);
query_redirect("DROP DATABASE " . idf_escape($_GET["db"]), substr(preg_replace('~db=[^&]*&~', '', $SELF), 0, -1), lang('Database has been dropped.'));
} elseif ($_GET["db"] !== $_POST["name"]) {
- unset($_SESSION["databases"][$_GET["server"]]);
+ // create or rename database
+ unset($_SESSION["databases"][$_GET["server"]]); // clear cache
$dbs = explode("\n", str_replace("\r", "", $_POST["name"]));
$failed = false;
foreach ($dbs as $db) {
- if (count($dbs) == 1 || strlen($db)) {
+ if (count($dbs) == 1 || strlen($db)) { // ignore empty lines but always try to create single database
if (!queries("CREATE DATABASE " . idf_escape($db) . ($_POST["collation"] ? " COLLATE '" . $dbh->escape_string($_POST["collation"]) . "'" : ""))) {
$failed = true;
}
@@ -29,6 +30,7 @@
query_redirect(queries(), preg_replace('~db=[^&]*&~', '', $SELF) . "db=" . urlencode($_POST["name"]), lang('Database has been renamed.'), !$row, false, $row);
}
} else {
+ // alter database
if (!$_POST["collation"]) {
redirect(substr($SELF, 0, -1));
}
@@ -43,25 +45,25 @@
if ($_POST) {
$name = $_POST["name"];
$collate = $_POST["collation"];
-} else {
- if (!strlen($_GET["db"])) {
- $result = $dbh->query("SHOW GRANTS");
- while ($row = $result->fetch_row()) {
- if (preg_match('~ ON (`(([^\\\\`]+|``|\\\\.)*)%`\\.\\*)?~', $row[0], $match) && $match[1]) {
- $name = stripcslashes(idf_unescape($match[2]));
- break;
- }
+} elseif (!strlen($_GET["db"])) {
+ // propose database name with limited privileges
+ $result = $dbh->query("SHOW GRANTS");
+ while ($row = $result->fetch_row()) {
+ if (preg_match('~ ON (`(([^\\\\`]+|``|\\\\.)*)%`\\.\\*)?~', $row[0], $match) && $match[1]) {
+ $name = stripcslashes(idf_unescape($match[2]));
+ break;
}
- $result->free();
- } elseif (($result = $dbh->query("SHOW CREATE DATABASE " . idf_escape($_GET["db"])))) {
- $create = $dbh->result($result, 1);
- if (preg_match('~ COLLATE ([^ ]+)~', $create, $match)) {
- $collate = $match[1];
- } elseif (preg_match('~ CHARACTER SET ([^ ]+)~', $create, $match)) {
- $collate = $collations[$match[1]][0];
- }
- $result->free();
}
+ $result->free();
+} elseif (($result = $dbh->query("SHOW CREATE DATABASE " . idf_escape($_GET["db"])))) {
+ $create = $dbh->result($result, 1);
+ if (preg_match('~ COLLATE ([^ ]+)~', $create, $match)) {
+ $collate = $match[1];
+ } elseif (preg_match('~ CHARACTER SET ([^ ]+)~', $create, $match)) {
+ // default collation
+ $collate = $collations[$match[1]][0];
+ }
+ $result->free();
}
?>
View
@@ -4,7 +4,7 @@
if ($tables_views && !$error) {
$result = true;
$message = "";
- $dbh->query("SET foreign_key_checks = 0");
+ $dbh->query("SET foreign_key_checks = 0"); // allows to truncate or drop several tables at once
if (isset($_POST["truncate"])) {
if ($_POST["tables"]) {
foreach ($_POST["tables"] as $table) {
View
@@ -104,6 +104,7 @@ function dump_triggers($table, $style) {
}
if ($style == "CREATE+ALTER" && $_POST["format"] != "csv") {
+ // drop old tables
$query = "SELECT TABLE_NAME, ENGINE, TABLE_COLLATION, TABLE_COMMENT FROM information_schema.TABLES WHERE TABLE_SCHEMA = DATABASE()";
?>
DELIMITER ;;
View
@@ -8,7 +8,7 @@
}
}
if ($_POST && !$error && !isset($_GET["select"])) {
- $location = ($_POST["insert"] ? $_SERVER["REQUEST_URI"] : $SELF . (isset($_GET["default"]) ? "table=" : "select=") . urlencode($_GET["edit"]));
+ $location = ($_POST["insert"] ? $_SERVER["REQUEST_URI"] : $SELF . (isset($_GET["default"]) ? "table=" : "select=") . urlencode($_GET["edit"])); // "insert" to continue edit or insert
if (isset($_POST["delete"])) {
query_redirect("DELETE FROM " . idf_escape($_GET["edit"]) . " WHERE " . implode(" AND ", $where) . " LIMIT 1", $location, lang('Item has been deleted.'));
} else {
View
@@ -4,7 +4,7 @@
query_redirect("ALTER TABLE " . idf_escape($_GET["foreign"]) . "\nDROP FOREIGN KEY " . idf_escape($_GET["name"]), $SELF . "table=" . urlencode($_GET["foreign"]), lang('Foreign key has been dropped.'));
} else {
$source = array_filter($_POST["source"], 'strlen');
- ksort($source);
+ ksort($source); // enforce input order
$target = array();
foreach ($source as $key => $val) {
$target[$key] = $_POST["target"][$key];
@@ -6,10 +6,10 @@
}
if (isset($_POST["server"])) {
if (isset($_COOKIE[$session_name]) || isset($_POST[$session_name])) {
- session_regenerate_id();
+ session_regenerate_id(); // defense against session fixation
$_SESSION["usernames"][$_POST["server"]] = $_POST["username"];
$_SESSION["passwords"][$_POST["server"]] = $_POST["password"];
- $_SESSION["tokens"][$_POST["server"]] = rand(1, 1e6);
+ $_SESSION["tokens"][$_POST["server"]] = rand(1, 1e6); // defense against cross-site request forgery
if (count($_POST) == count($ignore)) {
$location = ((string) $_GET["server"] === $_POST["server"] ? remove_from_uri() : preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . (strlen($_POST["server"]) ? '?server=' . urlencode($_POST["server"]) : ''));
if (!isset($_COOKIE[$session_name])) {
@@ -66,7 +66,7 @@ function auth_error($exception = null) {
$username = &$_SESSION["usernames"][$_GET["server"]];
if (!isset($username)) {
- $username = $_GET["username"];
+ $username = $_GET["username"]; // default username can be passed in URL
}
$dbh = (isset($username) ? connect() : '');
unset($username);
@@ -20,7 +20,7 @@ function connect_error() {
if (strlen($_GET["db"])) {
unset($_SESSION["databases"][$_GET["server"]]);
}
- connect_error();
+ connect_error(); // separate function to catch SQLite error
exit;
}
$dbh->query("SET CHARACTER SET utf8");
@@ -47,6 +47,7 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
$databases = null;
}
if (isset($databases) && !isset($_GET["sql"]) && !isset($_SESSION["coverage"])) {
+ // improves concurrency if a user opens several pages at once
session_write_close();
}
if ($error) {
@@ -55,7 +56,7 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
}
function page_footer($missing = false) {
- global $SELF, $dbh, $VERSION;
+ global $SELF, $VERSION, $dbh;
?>
</div>
@@ -26,6 +26,7 @@ function input($name, $field, $value, $separator = "</td><td>") { //! pass empty
$options = (preg_match('~char~', $field["type"]) ? array("", "md5", "sha1", "password", "uuid") : array("", "now"));
}
if (!isset($_GET["call"]) && (isset($_GET["select"]) || where($_GET))) {
+ // relative functions
if (preg_match('~int|float|double|decimal~', $field["type"])) {
$options = array("", "+", "-");
}
@@ -55,6 +56,7 @@ function input($name, $field, $value, $separator = "</td><td>") { //! pass empty
} elseif (preg_match('~binary|blob~', $field["type"])) {
echo (ini_get("file_uploads") ? '<input type="file" name="' . $name . '"' . $onchange . ' />' : lang('File uploads are disabled.') . ' ');
} else {
+ // int(3) is only a display hint
$maxlength = (!ereg('int', $field["type"]) && preg_match('~^([0-9]+)(,([0-9]+))?$~', $field["length"], $match) ? ($match[1] + ($match[3] ? 1 : 0) + ($match[2] && !$field["unsigned"] ? 1 : 0)) : ($types[$field["type"]] ? $types[$field["type"]] + ($field["unsigned"] ? 0 : 1) : 0));
echo '<input name="fields[' . $name . ']" value="' . htmlspecialchars($value) . '"' . ($maxlength ? " maxlength='$maxlength'" : "") . $onchange . ' />';
}
@@ -87,7 +89,7 @@ function process_input($name, $field) {
} elseif (preg_match('~^[+-]$~', $function)) {
return idf_escape($name) . " $function '" . $dbh->escape_string($value) . "'";
} elseif (preg_match('~^[+-] interval$~', $function)) {
- return idf_escape($name) . " $function " . (preg_match("~^([0-9]+|'[0-9.: -]') [A-Z_]+$~i", $value) ? $value : "'" . $dbh->escape_string($value) . "'") . "";
+ return idf_escape($name) . " $function " . (preg_match("~^([0-9]+|'[0-9.: -]') [A-Z_]+$~i", $value) ? $value : "'" . $dbh->escape_string($value) . "'");
} elseif (preg_match('~^(addtime|subtime)$~', $function)) {
return "$function(" . idf_escape($name) . ", '" . $dbh->escape_string($value) . "')";
} elseif (preg_match('~^(md5|sha1|password)$~', $function)) {
@@ -11,7 +11,7 @@ function dump_csv($row) {
function dump_table($table, $style, $is_view = false) {
global $dbh;
if ($_POST["format"] == "csv") {
- echo "\xef\xbb\xbf";
+ echo "\xef\xbb\xbf"; // UTF-8 byte order mark
if ($style) {
dump_csv(array_keys(fields($table)));
}
@@ -26,6 +26,7 @@ function dump_table($table, $style, $is_view = false) {
echo ($style != "CREATE+ALTER" ? $create : ($is_view ? substr_replace($create, " OR REPLACE", 6, 0) : substr_replace($create, " IF NOT EXISTS", 12, 0))) . ";\n\n";
}
if ($style == "CREATE+ALTER" && !$is_view) {
+ // create procedure which iterates over original columns and adds new and removes old
$query = "SELECT COLUMN_NAME, COLUMN_DEFAULT, IS_NULLABLE, COLLATION_NAME, COLUMN_TYPE, EXTRA, COLUMN_COMMENT FROM information_schema.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = '" . $dbh->escape_string($table) . "' ORDER BY ORDINAL_POSITION";
?>
DELIMITER ;;
@@ -131,7 +132,7 @@ function dump_data($table, $style, $select = "") {
} else {
$s = "\n(" . implode(", ", $row2) . ")";
if (!$length) {
- echo $insert, $s;
+ echo $insert, $s; // comma used to save memory
$length = strlen($insert) + strlen($s);
} else {
$length += 2 + strlen($s);
@@ -155,7 +156,7 @@ function dump_data($table, $style, $select = "") {
function dump_headers($identifier, $multi_table = false) {
$filename = (strlen($identifier) ? friendly_url($identifier) : "dump");
- $ext = ($_POST["format"] == "sql" ? "sql" : ($multi_table ? "tar" : "csv"));
+ $ext = ($_POST["format"] == "sql" ? "sql" : ($multi_table ? "tar" : "csv")); // multiple CSV packed to TAR
header("Content-Type: " . ($ext == "tar" ? "application/x-tar" : ($ext == "sql" || $_POST["output"] != "file" ? "text/plain" : "text/csv")) . "; charset=utf-8");
if ($_POST["output"] == "file") {
header("Content-Disposition: attachment; filename=$filename.$ext");
@@ -8,6 +8,7 @@ function idf_unescape($idf) {
}
function bracket_escape($idf, $back = false) {
+ // escape brackets inside name="x[]"
static $trans = array(':' => ':1', ']' => ':2', '[' => ':3');
return strtr($idf, ($back ? array_flip($trans) : $trans));
}
@@ -46,7 +47,7 @@ function unique_idf($row, $indexes) {
if ($index["type"] == "PRIMARY" || $index["type"] == "UNIQUE") {
$return = array();
foreach ($index["columns"] as $key) {
- if (!isset($row[$key])) {
+ if (!isset($row[$key])) { // NULL is ambiguous
continue 2;
}
$return[] = urlencode("where[" . bracket_escape($key) . "]") . "=" . urlencode($row[$key]);
@@ -90,6 +91,7 @@ function redirect($location, $message = null) {
$_SESSION["messages"][] = $message;
}
if (strlen(SID)) {
+ // append SID if session cookies are disabled
$location .= (strpos($location, "?") === false ? "?" : "&") . SID;
}
header("Location: " . (strlen($location) ? $location : "."));
@@ -121,6 +123,7 @@ function queries($query = null) {
global $dbh;
static $queries = array();
if (!isset($query)) {
+ // return executed queries without parameter
return implode(";\n", $queries);
}
$queries[] = $query;
@@ -137,7 +140,9 @@ function print_page($page) {
}
function get_file($key) {
+ // returns int for error, string otherwise
if (isset($_POST["files"][$key])) {
+ // get the file from hidden field if the user was logged out
$length = strlen($_POST["files"][$key]);
return ($length && $length < 4 ? intval($_POST["files"][$key]) : base64_decode($_POST["files"][$key]));
}
@@ -158,19 +163,20 @@ function select($result, $dbh2 = null) {
echo "<p class='message'>" . lang('No rows.') . "</p>\n";
} else {
echo "<table cellspacing='0' class='nowrap'>\n";
- $links = array();
- $indexes = array();
- $columns = array();
- $blobs = array();
- $types = array();
- odd('');
+ $links = array(); // colno => orgtable - create links from these columns
+ $indexes = array(); // orgtable => array(column => colno) - primary keys
+ $columns = array(); // orgtable => array(column => ) - not selected columns in primary key
+ $blobs = array(); // colno => bool - display bytes for blobs
+ $types = array(); // colno => type - display char in <code>
+ odd(''); // reset odd for each result
for ($i=0; $row = $result->fetch_row(); $i++) {
if (!$i) {
echo "<thead><tr>";
for ($j=0; $j < count($row); $j++) {
$field = $result->fetch_field();
if (strlen($field->orgtable)) {
if (!isset($indexes[$field->orgtable])) {
+ // find primary key in each table
$indexes[$field->orgtable] = array();
foreach (indexes($field->orgtable, $dbh2) as $index) {
if ($index["type"] == "PRIMARY") {
@@ -202,7 +208,7 @@ function select($result, $dbh2 = null) {
if ($blobs[$key] && !is_utf8($val)) {
$val = "<i>" . lang('%d byte(s)', strlen($val)) . "</i>"; //! link to download
} elseif (!strlen(trim($val))) {
- $val = "&nbsp;";
+ $val = "&nbsp;"; // some content to print a border
} else {
$val = nl2br(htmlspecialchars($val));
if ($types[$key] == 254) {
@@ -227,6 +233,7 @@ function select($result, $dbh2 = null) {
}
function is_utf8($val) {
+ // don't print control chars except \t\r\n
return (preg_match('~~u', $val) && !preg_match('~[\\0-\\x8\\xB\\xC\\xE-\\x1F]~', $val));
}
@@ -236,6 +243,7 @@ function shorten_utf8($string, $length = 80, $suffix = "") {
}
function friendly_url($val) {
+ // used for blobs and export
return preg_replace('~[^a-z0-9_]~i', '-', $val);
}
@@ -1,4 +1,6 @@
<?php
+// not used in single language version
+
$langs = array(
'en' => 'English', // Jakub Vrána - http://php.vrana.cz
'cs' => 'Čeština', // Jakub Vrána - http://php.vrana.cz
@@ -17,7 +19,7 @@ function lang($idf, $number = null) {
global $LANG, $translations;
$translation = $translations[$idf];
if (is_array($translation) && $translation) {
- $pos = ($number == 1 ? 0 : ((!$number || $number >= 5) && ereg('cs|sk|ru', $LANG) ? 2 : 1));
+ $pos = ($number == 1 ? 0 : ((!$number || $number >= 5) && ereg('cs|sk|ru', $LANG) ? 2 : 1)); // Slavic languages use different form for 2, 3, 4
$translation = $translation[$pos];
}
$args = func_get_args();
@@ -38,7 +40,7 @@ function switch_lang() {
if (isset($_GET["lang"])) {
$_COOKIE["lang"] = $_GET["lang"];
- $_SESSION["lang"] = $_GET["lang"];
+ $_SESSION["lang"] = $_GET["lang"]; // cookies may be disabled
}
$LANG = "en";
Oops, something went wrong.

0 comments on commit 64ba924

Please sign in to comment.