Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Ability to search by expression in select (bug #3158017)

  • Loading branch information...
commit 675ac01cc1962ba5341333c649c55eb074e6ac43 1 parent ae84525
@vrana authored
View
2  adminer/drivers/mssql.inc.php
@@ -603,7 +603,7 @@ function support($feature) {
$structured_types[$key] = array_keys($val);
}
$unsigned = array();
- $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL");
+ $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL", "");
$functions = array("len", "lower", "round", "upper");
$grouping = array("avg", "count", "count distinct", "max", "min", "sum");
$edit_functions = array(
View
2  adminer/drivers/mysql.inc.php
@@ -887,7 +887,7 @@ function support($feature) {
$structured_types[$key] = array_keys($val);
}
$unsigned = array("unsigned", "zerofill", "unsigned zerofill"); ///< @var array number variants
- $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "REGEXP", "IN", "IS NULL", "NOT LIKE", "NOT REGEXP", "NOT IN", "IS NOT NULL"); ///< @var array operators used in select
+ $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "REGEXP", "IN", "IS NULL", "NOT LIKE", "NOT REGEXP", "NOT IN", "IS NOT NULL", ""); ///< @var array operators used in select
$functions = array("char_length", "date", "from_unixtime", "hex", "lower", "round", "sec_to_time", "time_to_sec", "upper"); ///< @var array functions used in select
$grouping = array("avg", "count", "count distinct", "group_concat", "max", "min", "sum"); ///< @var array grouping functions used in select
$edit_functions = array( ///< @var array of array("$type|$type2" => "$function/$function2") functions used in editing, [0] - edit and insert, [1] - edit only
View
2  adminer/drivers/oracle.inc.php
@@ -350,7 +350,7 @@ function support($feature) {
$structured_types[$key] = array_keys($val);
}
$unsigned = array();
- $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT REGEXP", "NOT IN", "IS NOT NULL");
+ $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT REGEXP", "NOT IN", "IS NOT NULL", "");
$functions = array("length", "lower", "round", "upper");
$grouping = array("avg", "count", "count distinct", "max", "min", "sum");
$edit_functions = array(
View
2  adminer/drivers/pgsql.inc.php
@@ -533,7 +533,7 @@ function support($feature) {
$structured_types[$key] = array_keys($val);
}
$unsigned = array();
- $operators = array("=", "<", ">", "<=", ">=", "!=", "~", "!~", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL");
+ $operators = array("=", "<", ">", "<=", ">=", "!=", "~", "!~", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL", "");
$functions = array("char_length", "lower", "round", "to_hex", "to_timestamp", "upper");
$grouping = array("avg", "count", "count distinct", "max", "min", "sum");
$edit_functions = array(
View
2  adminer/drivers/sqlite.inc.php
@@ -554,7 +554,7 @@ function support($feature) {
$types = array("integer" => 0, "real" => 0, "numeric" => 0, "text" => 0, "blob" => 0);
$structured_types = array_keys($types);
$unsigned = array();
- $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL"); // REGEXP can be user defined function
+ $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL", ""); // REGEXP can be user defined function
$functions = array("hex", "length", "lower", "round", "unixepoch", "upper");
$grouping = array("avg", "count", "count distinct", "group_concat", "max", "min", "sum");
$edit_functions = array(
View
4 adminer/include/adminer.inc.php
@@ -229,7 +229,7 @@ function selectSearchPrint($where, $columns, $indexes) {
}
}
echo "<div><select name='where[$i][col]' onchange='selectAddRow(this);'><option value=''>(" . lang('anywhere') . ")" . optionlist($columns, null, true) . "</select>";
- echo html_select("where[$i][op]", $this->operators);
+ echo html_select("where[$i][op]", $this->operators, "=");
echo "<input name='where[$i][val]'></div>\n";
echo "</div></fieldset>\n";
}
@@ -333,6 +333,8 @@ function selectSearchProcess($fields, $indexes) {
if (ereg('IN$', $val["op"])) {
$in = process_length($val["val"]);
$cond .= " (" . ($in != "" ? $in : "NULL") . ")";
+ } elseif (!$val["op"]) {
+ $cond .= $val["val"]; // SQL injection
} elseif ($val["op"] == "LIKE %%") {
$cond = " LIKE " . $this->processInput($fields[$val["col"]], "%$val[val]%");
} elseif (!ereg('NULL$', $val["op"])) {
View
1  changes.txt
@@ -1,6 +1,7 @@
Adminer 3.2.0-dev:
Get long texts and slow information by AJAX
All links and some forms by AJAX in browsers with support for history.pushState
+Ability to search by expression in select
Permanent link in schema
Display total time in show only errors mode in SQL command
History: edit all
Please sign in to comment.
Something went wrong with that request. Please try again.