From 327b56bcdf46d5eb423557da83a276a9a280858b Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Tue, 15 Mar 2011 17:34:25 +0100 Subject: [PATCH] Ability to save expression in edit --- adminer/include/adminer.inc.php | 6 ++++++ changes.txt | 2 ++ 2 files changed, 8 insertions(+) diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php index 38479b4b..ed39faf4 100644 --- a/adminer/include/adminer.inc.php +++ b/adminer/include/adminer.inc.php @@ -429,6 +429,9 @@ username.form['driver'].onchange(); $return .= "/$val"; } } + if ($key) { + $return .= "/="; + } } } return explode("/", $return); @@ -458,6 +461,9 @@ username.form['driver'].onchange(); * @return string expression to use in a query */ function processInput($field, $value, $function = "") { + if ($function == "=") { + return $value; // SQL injection + } $name = $field["field"]; $return = ($field["type"] == "bit" && ereg('^[0-9]+$', $value) ? $value : q($value)); if (ereg('^(now|getdate|uuid)$', $function)) { diff --git a/changes.txt b/changes.txt index 27cd211d..934aa203 100644 --- a/changes.txt +++ b/changes.txt @@ -1,4 +1,5 @@ Adminer 3.2.1-dev: +Ability to save expression in edit Respect default database collation (bug #3191489) Don't export triggers without table (bug #3193489) Esc to focus next field in Tab textarea (thanks to David Grudl) @@ -9,6 +10,7 @@ Use DELIMITER in history Show databases even with skip_show_database in MySQL 5 (thanks to Radoslaw Kowalewski) Set MySQL time zone by PHP setting Better placement of AJAX icon +Table header in CSV export (Editor) Polish translation Adminer 3.2.0 (released 2011-02-24):