Disable creating SQLite databases with extension other than db, sdb, sqlite
This commit is contained in:
Jakub Vrana
parent
644c355d94
commit
51e609c461
|
|
@ -344,13 +344,27 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {
|
||||||
function exact_value($val) {
|
function exact_value($val) {
|
||||||
return q($val);
|
return q($val);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function check_sqlite_name($name) {
|
||||||
|
// avoid creating PHP files on unsecured servers
|
||||||
|
global $connection;
|
||||||
|
$extensions = "db|sdb|sqlite";
|
||||||
|
if (!preg_match("~^[^\\0]*\\.($extensions)\$~", $name)) {
|
||||||
|
$connection->error = lang('Please use one of the extensions %s.', str_replace("|", ", ", $extensions));
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
function create_database($db, $collation) {
|
function create_database($db, $collation) {
|
||||||
global $connection;
|
global $connection;
|
||||||
if (file_exists($db)) {
|
if (file_exists($db)) {
|
||||||
$connection->error = lang('File exists.');
|
$connection->error = lang('File exists.');
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
if (!check_sqlite_name($db)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
$link = new Min_SQLite($db); //! exception handler
|
$link = new Min_SQLite($db); //! exception handler
|
||||||
$link->query('PRAGMA encoding = "UTF-8"');
|
$link->query('PRAGMA encoding = "UTF-8"');
|
||||||
$link->query('CREATE TABLE adminer (i)'); // otherwise creates empty file
|
$link->query('CREATE TABLE adminer (i)'); // otherwise creates empty file
|
||||||
|
|
@ -372,6 +386,9 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {
|
||||||
|
|
||||||
function rename_database($name, $collation) {
|
function rename_database($name, $collation) {
|
||||||
global $connection;
|
global $connection;
|
||||||
|
if (!check_sqlite_name($name)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
$connection->Min_SQLite(":memory:");
|
$connection->Min_SQLite(":memory:");
|
||||||
$connection->error = lang('File exists.');
|
$connection->error = lang('File exists.');
|
||||||
return @rename(DB, $name);
|
return @rename(DB, $name);
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
Adminer 3.0.1-dev:
|
Adminer 3.0.1-dev:
|
||||||
Send the form by Ctrl+Enter in all textareas
|
Send the form by Ctrl+Enter in all textareas
|
||||||
|
Disable creating SQLite databases with extension other than db, sdb, sqlite
|
||||||
Catalan translation
|
Catalan translation
|
||||||
|
|
||||||
Adminer 3.0.0 (released 2010-10-15):
|
Adminer 3.0.0 (released 2010-10-15):
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue