Ability to save expression in edit

2011-03-15 17:34:25 +01:00 · 2011-03-15 17:34:25 +01:00 · 327b56bcdf
parent c708fa1c69
commit 327b56bcdf
2 changed files with 8 additions and 0 deletions
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@ -429,6 +429,9 @@ username.form['driver'].onchange();
 						$return .= "/$val";
 					}
 				}
+				if ($key) {
+					$return .= "/=";
+				}
 			}
 		}
 		return explode("/", $return);
@ -458,6 +461,9 @@ username.form['driver'].onchange();
 	* @return string expression to use in a query
 	*/
 	function processInput($field, $value, $function = "") {
+		if ($function == "=") {
+			return $value; // SQL injection
+		}
 		$name = $field["field"];
 		$return = ($field["type"] == "bit" && ereg('^[0-9]+$', $value) ? $value : q($value));
 		if (ereg('^(now|getdate|uuid)$', $function)) {
--- a/changes.txt
+++ b/changes.txt
@ -1,4 +1,5 @@
 Adminer 3.2.1-dev:
+Ability to save expression in edit
 Respect default database collation (bug #3191489)
 Don't export triggers without table (bug #3193489)
 Esc to focus next field in Tab textarea (thanks to David Grudl)
@ -9,6 +10,7 @@ Use DELIMITER in history
 Show databases even with skip_show_database in MySQL 5 (thanks to Radoslaw Kowalewski)
 Set MySQL time zone by PHP setting
 Better placement of AJAX icon
+Table header in CSV export (Editor)
 Polish translation

 Adminer 3.2.0 (released 2011-02-24):