diff --git a/adminer/create.inc.php b/adminer/create.inc.php index d813dbb6..7af80dd8 100644 --- a/adminer/create.inc.php +++ b/adminer/create.inc.php @@ -110,7 +110,7 @@ if ($_POST && !process_fields($row["fields"]) && !$error) { ($row["Comment"] != $table_status["Comment"] ? $row["Comment"] : null), ($row["Engine"] && $row["Engine"] != $table_status["Engine"] ? $row["Engine"] : ""), ($row["Collation"] && $row["Collation"] != $table_status["Collation"] ? $row["Collation"] : ""), - ($row["Auto_increment"] != "" ? +$row["Auto_increment"] : ""), + ($row["Auto_increment"] != "" ? number($row["Auto_increment"]) : ""), $partitioning )); } diff --git a/adminer/drivers/mssql.inc.php b/adminer/drivers/mssql.inc.php index 423855e0..8a8f6206 100644 --- a/adminer/drivers/mssql.inc.php +++ b/adminer/drivers/mssql.inc.php @@ -430,7 +430,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table) } function auto_increment() { - return " IDENTITY" . ($_POST["Auto_increment"] != "" ? "(" . (+$_POST["Auto_increment"]) . ",1)" : "") . " PRIMARY KEY"; + return " IDENTITY" . ($_POST["Auto_increment"] != "" ? "(" . number($_POST["Auto_increment"]) . ",1)" : "") . " PRIMARY KEY"; } function alter_table($table, $name, $fields, $foreign, $comment, $engine, $collation, $auto_increment, $partitioning) { diff --git a/adminer/drivers/mysql.inc.php b/adminer/drivers/mysql.inc.php index 9add20c8..a16c02a8 100644 --- a/adminer/drivers/mysql.inc.php +++ b/adminer/drivers/mysql.inc.php @@ -649,7 +649,7 @@ if (!defined("DRIVER")) { * @param string * @param string * @param string - * @param int + * @param string number * @param string * @return bool */ diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php index 05ff0936..384534b3 100644 --- a/adminer/include/functions.inc.php +++ b/adminer/include/functions.inc.php @@ -33,6 +33,14 @@ function escape_string($val) { return substr(q($val), 1, -1); } +/** Remove non-digits from a string +* @param string +* @return string +*/ +function number($val) { + return preg_replace('~[^0-9]+~', '', $val); +} + /** Disable magic_quotes_gpc * @param array e.g. (&$_GET, &$_POST, &$_COOKIE) * @param bool whether to leave values as is diff --git a/adminer/processlist.inc.php b/adminer/processlist.inc.php index d6e660a9..ce60bcfc 100644 --- a/adminer/processlist.inc.php +++ b/adminer/processlist.inc.php @@ -2,7 +2,7 @@ if (support("kill") && $_POST && !$error) { $killed = 0; foreach ((array) $_POST["kill"] as $val) { - if (queries("KILL " . (+$val))) { + if (queries("KILL " . number($val))) { $killed++; } } diff --git a/adminer/script.inc.php b/adminer/script.inc.php index 617ac114..62df6eae 100644 --- a/adminer/script.inc.php +++ b/adminer/script.inc.php @@ -33,7 +33,7 @@ if ($_GET["script"] == "db") { json_row(""); } elseif ($_GET["script"] == "kill") { - $connection->query("KILL " . (+$_POST["kill"])); + $connection->query("KILL " . number($_POST["kill"])); } else { // connect foreach (count_tables($adminer->databases()) as $db => $val) { diff --git a/changes.txt b/changes.txt index fce223da..37ac5e9e 100644 --- a/changes.txt +++ b/changes.txt @@ -9,6 +9,7 @@ Send 403 for auth error Report offline and other AJAX errors (bug #419) Don't alter table comment if not changed Add links to documentation on table status page +Fix handling of 64 bit numbers in auto_increment MySQL: Use utf8mb4 if available MySQL: Support foreign keys in NDB storage PostgreSQL: Materialized views diff --git a/editor/script.inc.php b/editor/script.inc.php index f7b1991b..db57165c 100644 --- a/editor/script.inc.php +++ b/editor/script.inc.php @@ -1,6 +1,6 @@ query("KILL " . (+$_POST["kill"])); + $connection->query("KILL " . number($_POST["kill"])); } elseif (list($table, $id, $name) = $adminer->_foreignColumn(column_foreign_keys($_GET["source"]), $_GET["field"])) { $limit = 11;