beenull/adminerevo
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Restrict editing rows without unique identifier to search results

Browse source
This commit is contained in:
Jakub Vrana 2013-05-11 12:47:04 -07:00
parent b7e0f1d81c
commit 2f996ba014
2 changed files with 9 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
adminer/select.inc.php
View file

@ -45,7 +45,11 @@ if ($_GET["val"] && is_ajax()) {
}
if ($_POST && !$error) {
$where_check = "(" . implode(") OR (", array_map('where_check', (array) $_POST["check"])) . ")";
$where_check = $where;
if (is_array($_POST["check"])) {
$where_check[] = "((" . implode(") OR (", array_map('where_check', $_POST["check"])) . "))";
}
$where_check = ($where_check ? "\nWHERE " . implode(" AND ", $where_check) : "");
$primary = $unselected = null;
foreach ($indexes as $index) {
if ($index["type"] == "PRIMARY") {
@ -65,11 +69,7 @@ if ($_POST && !$error) {
dump_headers($TABLE);
$adminer->dumpTable($TABLE, "");
if (!is_array($_POST["check"]) || $unselected === array()) {
$where2 = $where;
if (is_array($_POST["check"])) {
$where2[] = "($where_check)";
}
$query = "SELECT $from" . ($where2 ? "\nWHERE " . implode(" AND ", $where2) : "") . $group_by;
$query = "SELECT $from$where_check$group_by";
} else {
$union = array();
foreach ($_POST["check"] as $val) {
@ -112,12 +112,12 @@ if ($_POST && !$error) {
$query = "INTO $query";
}
if ($_POST["all"] || ($unselected === array() && $_POST["check"]) || $is_group) {
$result = queries("$command $query" . ($_POST["all"] ? ($where ? "\nWHERE " . implode(" AND ", $where) : "") : "\nWHERE $where_check"));
$result = queries("$command $query$where_check");
$affected = $connection->affected_rows;
} else {
foreach ((array) $_POST["check"] as $val) {
// where is not unique so OR can't be used
$result = queries($command . limit1($query, "\nWHERE " . where_check($val, $fields)));
$result = queries($command . limit1($query, "\nWHERE " . ($where ? implode(" AND ", $where) . " AND " : "") . where_check($val, $fields)));
if (!$result) {
break;
}

1
changes.txt
View file

@ -9,6 +9,7 @@ Remove bzip2 compression support
Constraint memory used in TAR export
Allow exporting views dependent on each other (bug #3459151)
Fix resetting search (bug #3612507)
Restrict editing rows without unique identifier to search results
Display navigation bellow main content on mobile browsers
MySQL: Optimize create table page and Editor navigation
MySQL: Display bit type as binary number