Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Trim identifiers (bug #3405309)

  • Loading branch information...
commit ef867e6bd1277a7bdf5709ab5626f2aa9e1d7db7 1 parent bed3856
@vrana authored
View
5 adminer/create.inc.php
@@ -78,9 +78,10 @@
cookie("adminer_engine", $_POST["Engine"]);
$message = lang('Table has been created.');
}
- queries_redirect(ME . "table=" . urlencode($_POST["name"]), $message, alter_table(
+ $name = trim($_POST["name"]);
+ queries_redirect(ME . "table=" . urlencode($name), $message, alter_table(
$TABLE,
- $_POST["name"],
+ $name,
$fields,
$foreign,
$_POST["Comment"],
View
11 adminer/database.inc.php
@@ -1,16 +1,17 @@
<?php
if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP changes add.x to add_x
restart_session();
+ $name = trim($_POST["name"]);
if ($_POST["drop"]) {
$_GET["db"] = ""; // to save in global history
queries_redirect(remove_from_uri("db|database"), lang('Database has been dropped.'), drop_databases(array(DB)));
- } elseif (DB !== $_POST["name"]) {
+ } elseif (DB !== $name) {
// create or rename database
if (DB != "") {
- $_GET["db"] = $_POST["name"];
- queries_redirect(preg_replace('~db=[^&]*&~', '', ME) . "db=" . urlencode($_POST["name"]), lang('Database has been renamed.'), rename_database($_POST["name"], $_POST["collation"]));
+ $_GET["db"] = $name;
+ queries_redirect(preg_replace('~db=[^&]*&~', '', ME) . "db=" . urlencode($name), lang('Database has been renamed.'), rename_database($name, $_POST["collation"]));
} else {
- $databases = explode("\n", str_replace("\r", "", $_POST["name"]));
+ $databases = explode("\n", str_replace("\r", "", $name));
$success = true;
$last = "";
foreach ($databases as $db) {
@@ -28,7 +29,7 @@
if (!$_POST["collation"]) {
redirect(substr(ME, 0, -1));
}
- query_redirect("ALTER DATABASE " . idf_escape($_POST["name"]) . (eregi('^[a-z0-9_]+$', $_POST["collation"]) ? " COLLATE $_POST[collation]" : ""), substr(ME, 0, -1), lang('Database has been altered.'));
+ query_redirect("ALTER DATABASE " . idf_escape($name) . (eregi('^[a-z0-9_]+$', $_POST["collation"]) ? " COLLATE $_POST[collation]" : ""), substr(ME, 0, -1), lang('Database has been altered.'));
}
}
View
2  adminer/include/editing.inc.php
@@ -178,7 +178,7 @@ function process_type($field, $collate = "COLLATE") {
*/
function process_field($field, $type_field) {
return array(
- idf_escape($field["field"]),
+ idf_escape(trim($field["field"])),
process_type($type_field),
($field["null"] ? " NULL" : " NOT NULL"), // NULL for timestamp
(isset($field["default"]) ? " DEFAULT " . (($field["type"] == "timestamp" && eregi('^CURRENT_TIMESTAMP$', $field["default"])) || ($field["type"] == "bit" && ereg("^([0-9]+|b'[0-1]+')\$", $field["default"])) ? $field["default"] : q($field["default"])) : ""),
View
2  adminer/procedure.inc.php
@@ -15,7 +15,7 @@
}
$dropped = drop_create(
"DROP $routine " . idf_escape($PROCEDURE),
- "CREATE $routine " . idf_escape($_POST["name"]) . " (" . implode(", ", $set) . ")" . (isset($_GET["function"]) ? " RETURNS" . process_type($_POST["returns"], "CHARACTER SET") : "") . (in_array($_POST["language"], $routine_languages) ? " LANGUAGE $_POST[language]" : "") . rtrim("\n$_POST[definition]", ";") . ";",
+ "CREATE $routine " . idf_escape(trim($_POST["name"])) . " (" . implode(", ", $set) . ")" . (isset($_GET["function"]) ? " RETURNS" . process_type($_POST["returns"], "CHARACTER SET") : "") . (in_array($_POST["language"], $routine_languages) ? " LANGUAGE $_POST[language]" : "") . rtrim("\n$_POST[definition]", ";") . ";",
substr(ME, 0, -1),
lang('Routine has been dropped.'),
lang('Routine has been altered.'),
View
9 adminer/scheme.inc.php
@@ -4,11 +4,12 @@
if ($_POST["drop"]) {
query_redirect("DROP SCHEMA " . idf_escape($_GET["ns"]), $link, lang('Schema has been dropped.'));
} else {
- $link .= urlencode($_POST["name"]);
+ $name = trim($_POST["name"]);
+ $link .= urlencode($name);
if ($_GET["ns"] == "") {
- query_redirect("CREATE SCHEMA " . idf_escape($_POST["name"]), $link, lang('Schema has been created.'));
- } elseif ($_GET["ns"] != $_POST["name"]) {
- query_redirect("ALTER SCHEMA " . idf_escape($_GET["ns"]) . " RENAME TO " . idf_escape($_POST["name"]), $link, lang('Schema has been altered.')); //! sp_rename in MS SQL
+ query_redirect("CREATE SCHEMA " . idf_escape($name), $link, lang('Schema has been created.'));
+ } elseif ($_GET["ns"] != $name) {
+ query_redirect("ALTER SCHEMA " . idf_escape($_GET["ns"]) . " RENAME TO " . idf_escape($name), $link, lang('Schema has been altered.')); //! sp_rename in MS SQL
} else {
redirect($link);
}
View
7 adminer/sequence.inc.php
@@ -3,12 +3,13 @@
if ($_POST && !$error) {
$link = substr(ME, 0, -1);
+ $name = trim($_POST["name"]);
if ($_POST["drop"]) {
query_redirect("DROP SEQUENCE " . idf_escape($SEQUENCE), $link, lang('Sequence has been dropped.'));
} elseif ($SEQUENCE == "") {
- query_redirect("CREATE SEQUENCE " . idf_escape($_POST["name"]), $link, lang('Sequence has been created.'));
- } elseif ($SEQUENCE != $_POST["name"]) {
- query_redirect("ALTER SEQUENCE " . idf_escape($SEQUENCE) . " RENAME TO " . idf_escape($_POST["name"]), $link, lang('Sequence has been altered.'));
+ query_redirect("CREATE SEQUENCE " . idf_escape($name), $link, lang('Sequence has been created.'));
+ } elseif ($SEQUENCE != $name) {
+ query_redirect("ALTER SEQUENCE " . idf_escape($SEQUENCE) . " RENAME TO " . idf_escape($name), $link, lang('Sequence has been altered.'));
} else {
redirect($link);
}
View
2  adminer/type.inc.php
@@ -6,7 +6,7 @@
if ($_POST["drop"]) {
query_redirect("DROP TYPE " . idf_escape($TYPE), $link, lang('Type has been dropped.'));
} else {
- query_redirect("CREATE TYPE " . idf_escape($_POST["name"]) . " $_POST[as]", $link, lang('Type has been created.'));
+ query_redirect("CREATE TYPE " . idf_escape(trim($_POST["name"])) . " $_POST[as]", $link, lang('Type has been created.'));
}
}
View
5 adminer/view.inc.php
@@ -2,10 +2,11 @@
$TABLE = $_GET["view"];
$dropped = false;
if ($_POST && !$error) {
+ $name = trim($_POST["name"]);
$dropped = drop_create(
"DROP VIEW " . table($TABLE),
- "CREATE VIEW " . table($_POST["name"]) . " AS\n$_POST[select]",
- ($_POST["drop"] ? substr(ME, 0, -1) : ME . "table=" . urlencode($_POST["name"])),
+ "CREATE VIEW " . table($name) . " AS\n$_POST[select]",
+ ($_POST["drop"] ? substr(ME, 0, -1) : ME . "table=" . urlencode($name)),
lang('View has been dropped.'),
lang('View has been altered.'),
lang('View has been created.'),
View
3  changes.txt
@@ -2,8 +2,9 @@ Adminer 3.3.4-dev:
Foreign keys default actions (bug #3397606)
Fix minor parser bug in SQL command with webserver file
Ctrl+click on button opens form to blank window
-PostgreSQL: fix alter foreign key
SET DEFAULT foreign key action
+Trim table and column names (bug #3405309)
+PostgreSQL: fix alter foreign key
PostgreSQL over PDO: connect if the eponymous database does not exist (bug #3391619)
Boolean search (Editor)
Persian translation
Please sign in to comment.
Something went wrong with that request. Please try again.