beenull/adminerevo
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Simplify initializing post variables

Browse source
This commit is contained in:
Jakub Vrana 2013-05-08 08:43:15 -07:00
parent e99463b295
commit a09916737e
8 changed files with 93 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
adminer/create.inc.php
View file

@ -14,9 +14,9 @@ if ($TABLE != "") {
$orig_fields = fields($TABLE);
$orig_status = table_status($TABLE);
}
if ($_POST && !$_POST["fields"]) {
$_POST["fields"] = array();
}
$row = $_POST;
$row["fields"] = (array) $row["fields"];
if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"] && !$_POST["down"]) {
if ($_POST["drop"]) {
@ -26,18 +26,18 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"]
$all_fields = array();
$use_all_fields = false;
$foreign = array();
ksort($_POST["fields"]);
ksort($row["fields"]);
$orig_field = reset($orig_fields);
$after = " FIRST";
foreach ($_POST["fields"] as $key => $field) {
foreach ($row["fields"] as $key => $field) {
$foreign_key = $foreign_keys[$field["type"]];
$type_field = ($foreign_key !== null ? $referencable_primary[$foreign_key] : $field); //! can collide with user defined type
if ($field["field"] != "") {
if (!$field["has_default"]) {
$field["default"] = null;
}
if ($key == $_POST["auto_increment_col"]) {
if ($key == $row["auto_increment_col"]) {
$field["auto_increment"] = true;
}
$process_field = process_field($field, $type_field);
@ -65,17 +65,17 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"]
}
$partitioning = "";
if (in_array($_POST["partition_by"], $partition_by)) {
if (in_array($row["partition_by"], $partition_by)) {
$partitions = array();
if ($_POST["partition_by"] == 'RANGE' || $_POST["partition_by"] == 'LIST') {
foreach (array_filter($_POST["partition_names"]) as $key => $val) {
$value = $_POST["partition_values"][$key];
$partitions[] = "\nPARTITION " . idf_escape($val) . " VALUES " . ($_POST["partition_by"] == 'RANGE' ? "LESS THAN" : "IN") . ($value != "" ? " ($value)" : " MAXVALUE"); //! SQL injection
if ($row["partition_by"] == 'RANGE' || $row["partition_by"] == 'LIST') {
foreach (array_filter($row["partition_names"]) as $key => $val) {
$value = $row["partition_values"][$key];
$partitions[] = "\nPARTITION " . idf_escape($val) . " VALUES " . ($row["partition_by"] == 'RANGE' ? "LESS THAN" : "IN") . ($value != "" ? " ($value)" : " MAXVALUE"); //! SQL injection
}
}
$partitioning .= "\nPARTITION BY $_POST[partition_by]($_POST[partition])" . ($partitions // $_POST["partition"] can be expression, not only column
$partitioning .= "\nPARTITION BY $row[partition_by]($row[partition])" . ($partitions // $row["partition"] can be expression, not only column
? " (" . implode(",", $partitions) . "\n)"
: ($_POST["partitions"] ? " PARTITIONS " . (+$_POST["partitions"]) : "")
: ($row["partitions"] ? " PARTITIONS " . (+$row["partitions"]) : "")
);
} elseif (support("partitioning") && ereg("partitioned", $orig_status["Create_options"])) {
$partitioning .= "\nREMOVE PARTITIONING";
@ -83,20 +83,20 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"]
$message = lang('Table has been altered.');
if ($TABLE == "") {
cookie("adminer_engine", $_POST["Engine"]);
cookie("adminer_engine", $row["Engine"]);
$message = lang('Table has been created.');
}
$name = trim($_POST["name"]);
$name = trim($row["name"]);
queries_redirect(ME . "table=" . urlencode($name), $message, alter_table(
$TABLE,
$name,
($jush == "sqlite" && ($use_all_fields || $foreign) ? $all_fields : $fields),
$foreign,
$_POST["Comment"],
($_POST["Engine"] && $_POST["Engine"] != $orig_status["Engine"] ? $_POST["Engine"] : ""),
($_POST["Collation"] && $_POST["Collation"] != $orig_status["Collation"] ? $_POST["Collation"] : ""),
($_POST["Auto_increment"] != "" ? +$_POST["Auto_increment"] : ""),
$row["Comment"],
($row["Engine"] && $row["Engine"] != $orig_status["Engine"] ? $row["Engine"] : ""),
($row["Collation"] && $row["Collation"] != $orig_status["Collation"] ? $row["Collation"] : ""),
($row["Auto_increment"] != "" ? +$row["Auto_increment"] : ""),
$partitioning
));
}
@ -104,14 +104,7 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"]
page_header(($TABLE != "" ? lang('Alter table') : lang('Create table')), $error, array("table" => $TABLE), $TABLE);
$row = array(
"Engine" => $_COOKIE["adminer_engine"],
"fields" => array(array("field" => "", "type" => (isset($types["int"]) ? "int" : (isset($types["integer"]) ? "integer" : "")))),
"partition_names" => array(""),
);
if ($_POST) {
$row = $_POST;
if ($row["auto_increment_col"]) {
$row["fields"][$row["auto_increment_col"]]["auto_increment"] = true;
}
@ -141,6 +134,13 @@ if ($_POST) {
}
$row["partition_names"][] = "";
}
} else {
$row = array(
"Engine" => $_COOKIE["adminer_engine"],
"fields" => array(array("field" => "", "type" => (isset($types["int"]) ? "int" : (isset($types["integer"]) ? "integer" : "")))),
"partition_names" => array(""),
);
}
$collations = collations();

20
adminer/database.inc.php
View file

@ -1,7 +1,9 @@
<?php
$row = $_POST;
if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP changes add.x to add_x
restart_session();
$name = trim($_POST["name"]);
$name = trim($row["name"]);
if ($_POST["drop"]) {
$_GET["db"] = ""; // to save in global history
queries_redirect(remove_from_uri("db|database"), lang('Database has been dropped.'), drop_databases(array(DB)));
@ -9,14 +11,14 @@ if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP c
// create or rename database
if (DB != "") {
$_GET["db"] = $name;
queries_redirect(preg_replace('~db=[^&]*&~', '', ME) . "db=" . urlencode($name), lang('Database has been renamed.'), rename_database($name, $_POST["collation"]));
queries_redirect(preg_replace('~db=[^&]*&~', '', ME) . "db=" . urlencode($name), lang('Database has been renamed.'), rename_database($name, $row["collation"]));
} else {
$databases = explode("\n", str_replace("\r", "", $name));
$success = true;
$last = "";
foreach ($databases as $db) {
if (count($databases) == 1 || $db != "") { // ignore empty lines but always try to create single database
if (!create_database($db, $_POST["collation"])) {
if (!create_database($db, $row["collation"])) {
$success = false;
}
$last = $db;
@ -26,10 +28,10 @@ if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP c
}
} else {
// alter database
if (!$_POST["collation"]) {
if (!$row["collation"]) {
redirect(substr(ME, 0, -1));
}
query_redirect("ALTER DATABASE " . idf_escape($name) . (eregi('^[a-z0-9_]+$', $_POST["collation"]) ? " COLLATE $_POST[collation]" : ""), substr(ME, 0, -1), lang('Database has been altered.'));
query_redirect("ALTER DATABASE " . idf_escape($name) . (eregi('^[a-z0-9_]+$', $row["collation"]) ? " COLLATE $row[collation]" : ""), substr(ME, 0, -1), lang('Database has been altered.'));
}
}
@ -37,12 +39,10 @@ page_header(DB != "" ? lang('Alter database') : lang('Create database'), $error,
$collations = collations();
$name = DB;
$collate = null;
if ($_POST) {
$name = $_POST["name"];
$collate = $_POST["collation"];
$name = $row["name"];
} elseif (DB != "") {
$collate = db_collation(DB, $collations);
$row["collation"] = db_collation(DB, $collations);
} elseif ($jush == "sql") {
// propose database name with limited privileges
foreach (get_vals("SHOW GRANTS") as $grant) {
@ -60,7 +60,7 @@ if ($_POST) {
echo ($_POST["add_x"] || strpos($name, "\n")
? '<textarea id="name" name="name" rows="10" cols="40">' . h($name) . '</textarea><br>'
: '<input name="name" id="name" value="' . h($name) . '" maxlength="64" autocapitalize="off">'
) . "\n" . ($collations ? html_select("collation", array("" => "(" . lang('collation') . ")") + $collations, $collate) : "");
) . "\n" . ($collations ? html_select("collation", array("" => "(" . lang('collation') . ")") + $collations, $row["collation"]) : "");
?>
<script type='text/javascript'>focus(document.getElementById('name'));</script>
<input type="submit" value="<?php echo lang('Save'); ?>">

24
adminer/event.inc.php
View file

@ -2,32 +2,32 @@
$EVENT = $_GET["event"];
$intervals = array("YEAR", "QUARTER", "MONTH", "DAY", "HOUR", "MINUTE", "WEEK", "SECOND", "YEAR_MONTH", "DAY_HOUR", "DAY_MINUTE", "DAY_SECOND", "HOUR_MINUTE", "HOUR_SECOND", "MINUTE_SECOND");
$statuses = array("ENABLED" => "ENABLE", "DISABLED" => "DISABLE", "SLAVESIDE_DISABLED" => "DISABLE ON SLAVE");
$row = $_POST;
if ($_POST && !$error) {
if ($_POST["drop"]) {
query_redirect("DROP EVENT " . idf_escape($EVENT), substr(ME, 0, -1), lang('Event has been dropped.'));
} elseif (in_array($_POST["INTERVAL_FIELD"], $intervals) && isset($statuses[$_POST["STATUS"]])) {
$schedule = "\nON SCHEDULE " . ($_POST["INTERVAL_VALUE"]
? "EVERY " . q($_POST["INTERVAL_VALUE"]) . " $_POST[INTERVAL_FIELD]"
. ($_POST["STARTS"] ? " STARTS " . q($_POST["STARTS"]) : "")
. ($_POST["ENDS"] ? " ENDS " . q($_POST["ENDS"]) : "") //! ALTER EVENT doesn't drop ENDS - MySQL bug #39173
: "AT " . q($_POST["STARTS"])
) . " ON COMPLETION" . ($_POST["ON_COMPLETION"] ? "" : " NOT") . " PRESERVE"
} elseif (in_array($row["INTERVAL_FIELD"], $intervals) && isset($statuses[$row["STATUS"]])) {
$schedule = "\nON SCHEDULE " . ($row["INTERVAL_VALUE"]
? "EVERY " . q($row["INTERVAL_VALUE"]) . " $row[INTERVAL_FIELD]"
. ($row["STARTS"] ? " STARTS " . q($row["STARTS"]) : "")
. ($row["ENDS"] ? " ENDS " . q($row["ENDS"]) : "") //! ALTER EVENT doesn't drop ENDS - MySQL bug #39173
: "AT " . q($row["STARTS"])
) . " ON COMPLETION" . ($row["ON_COMPLETION"] ? "" : " NOT") . " PRESERVE"
;
queries_redirect(substr(ME, 0, -1), ($EVENT != "" ? lang('Event has been altered.') : lang('Event has been created.')), queries(($EVENT != ""
? "ALTER EVENT " . idf_escape($EVENT) . $schedule
. ($EVENT != $_POST["EVENT_NAME"] ? "\nRENAME TO " . idf_escape($_POST["EVENT_NAME"]) : "")
: "CREATE EVENT " . idf_escape($_POST["EVENT_NAME"]) . $schedule
) . "\n" . $statuses[$_POST["STATUS"]] . " COMMENT " . q($_POST["EVENT_COMMENT"])
. rtrim(" DO\n$_POST[EVENT_DEFINITION]", ";") . ";"
. ($EVENT != $row["EVENT_NAME"] ? "\nRENAME TO " . idf_escape($row["EVENT_NAME"]) : "")
: "CREATE EVENT " . idf_escape($row["EVENT_NAME"]) . $schedule
) . "\n" . $statuses[$row["STATUS"]] . " COMMENT " . q($row["EVENT_COMMENT"])
. rtrim(" DO\n$row[EVENT_DEFINITION]", ";") . ";"
));
}
}
page_header(($EVENT != "" ? lang('Alter event') . ": " . h($EVENT) : lang('Create event')), $error);
$row = $_POST;
if (!$row && $EVENT != "") {
$rows = get_rows("SELECT * FROM information_schema.EVENTS WHERE EVENT_SCHEMA = " . q(DB) . " AND EVENT_NAME = " . q($EVENT));
$row = reset($rows);

30
adminer/foreign.inc.php
View file

@ -1,41 +1,45 @@
<?php
$TABLE = $_GET["foreign"];
$name = $_GET["name"];
$row = $_POST;
if ($_POST && !$error && !$_POST["add"] && !$_POST["change"] && !$_POST["change-js"]) {
if ($_POST["drop"]) {
query_redirect("ALTER TABLE " . table($TABLE) . "\nDROP " . ($jush == "sql" ? "FOREIGN KEY " : "CONSTRAINT ") . idf_escape($_GET["name"]), ME . "table=" . urlencode($TABLE), lang('Foreign key has been dropped.'));
query_redirect("ALTER TABLE " . table($TABLE) . "\nDROP " . ($jush == "sql" ? "FOREIGN KEY " : "CONSTRAINT ") . idf_escape($name), ME . "table=" . urlencode($TABLE), lang('Foreign key has been dropped.'));
} else {
$source = array_filter($_POST["source"], 'strlen');
$source = array_filter($row["source"], 'strlen');
ksort($source); // enforce input order
$target = array();
foreach ($source as $key => $val) {
$target[$key] = $_POST["target"][$key];
$target[$key] = $row["target"][$key];
}
query_redirect("ALTER TABLE " . table($TABLE)
. ($_GET["name"] != "" ? "\nDROP " . ($jush == "sql" ? "FOREIGN KEY " : "CONSTRAINT ") . idf_escape($_GET["name"]) . "," : "")
. "\nADD FOREIGN KEY (" . implode(", ", array_map('idf_escape', $source)) . ") REFERENCES " . table($_POST["table"]) . " (" . implode(", ", array_map('idf_escape', $target)) . ")" //! reuse $_GET["name"] - check in older MySQL versions
. (ereg("^($on_actions)\$", $_POST["on_delete"]) ? " ON DELETE $_POST[on_delete]" : "")
. (ereg("^($on_actions)\$", $_POST["on_update"]) ? " ON UPDATE $_POST[on_update]" : "")
, ME . "table=" . urlencode($TABLE), ($_GET["name"] != "" ? lang('Foreign key has been altered.') : lang('Foreign key has been created.')));
. ($name != "" ? "\nDROP " . ($jush == "sql" ? "FOREIGN KEY " : "CONSTRAINT ") . idf_escape($name) . "," : "")
. "\nADD FOREIGN KEY (" . implode(", ", array_map('idf_escape', $source)) . ") REFERENCES " . table($row["table"]) . " (" . implode(", ", array_map('idf_escape', $target)) . ")" //! reuse $name - check in older MySQL versions
. (ereg("^($on_actions)\$", $row["on_delete"]) ? " ON DELETE $row[on_delete]" : "")
. (ereg("^($on_actions)\$", $row["on_update"]) ? " ON UPDATE $row[on_update]" : "")
, ME . "table=" . urlencode($TABLE), ($name != "" ? lang('Foreign key has been altered.') : lang('Foreign key has been created.')));
$error = lang('Source and target columns must have the same data type, there must be an index on the target columns and referenced data must exist.') . "<br>$error"; //! no partitioning
}
}
page_header(lang('Foreign key'), $error, array("table" => $TABLE), $TABLE);
$row = array("table" => $TABLE, "source" => array(""));
if ($_POST) {
$row = $_POST;
ksort($row["source"]);
if ($_POST["add"]) {
$row["source"][] = "";
} elseif ($_POST["change"] || $_POST["change-js"]) {
$row["target"] = array();
}
} elseif ($_GET["name"] != "") {
} elseif ($name != "") {
$foreign_keys = foreign_keys($TABLE);
$row = $foreign_keys[$_GET["name"]];
$row = $foreign_keys[$name];
$row["source"][] = "";
} else {
$row["table"] = $TABLE;
$row["source"] = array("");
}
$source = array_keys(fields($TABLE)); //! no text and blob
@ -69,6 +73,6 @@ foreach ($row["source"] as $key => $val) {
<input type="submit" value="<?php echo lang('Save'); ?>">
<noscript><p><input type="submit" name="add" value="<?php echo lang('Add column'); ?>"></noscript>
<?php } ?>
<?php if ($_GET["name"] != "") { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo confirm(); ?>><?php } ?>
<?php if ($name != "") { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo confirm(); ?>><?php } ?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

37
adminer/indexes.inc.php
View file

@ -10,10 +10,11 @@ if ($jush == "sqlite") { // doesn't support primary key
unset($index_types[0]);
unset($indexes[""]);
}
$row = $_POST;
if ($_POST && !$error && !$_POST["add"]) {
$alter = array();
foreach ($_POST["indexes"] as $index) {
foreach ($row["indexes"] as $index) {
$name = $index["name"];
if (in_array($index["type"], $index_types)) {
$columns = array();
@ -58,26 +59,24 @@ if ($_POST && !$error && !$_POST["add"]) {
page_header(lang('Indexes'), $error, array("table" => $TABLE), $TABLE);
$fields = array_keys(fields($TABLE));
$row = array("indexes" => $indexes);
if ($_POST) {
$row = $_POST;
if ($_POST["add"]) {
foreach ($row["indexes"] as $key => $index) {
if ($index["columns"][count($index["columns"])] != "") {
$row["indexes"][$key]["columns"][] = "";
}
}
$index = end($row["indexes"]);
if ($index["type"] || array_filter($index["columns"], 'strlen') || array_filter($index["lengths"], 'strlen')) {
$row["indexes"][] = array("columns" => array(1 => ""));
}
}
} else {
if ($_POST["add"]) {
foreach ($row["indexes"] as $key => $index) {
$row["indexes"][$key]["name"] = $key;
$row["indexes"][$key]["columns"][] = "";
if ($index["columns"][count($index["columns"])] != "") {
$row["indexes"][$key]["columns"][] = "";
}
}
$row["indexes"][] = array("columns" => array(1 => ""));
$index = end($row["indexes"]);
if ($index["type"] || array_filter($index["columns"], 'strlen') || array_filter($index["lengths"], 'strlen')) {
$row["indexes"][] = array("columns" => array(1 => ""));
}
}
if (!$row) {
foreach ($indexes as $key => $index) {
$indexes[$key]["name"] = $key;
$indexes[$key]["columns"][] = "";
}
$indexes[] = array("columns" => array(1 => ""));
$row["indexes"] = $indexes;
}
?>

7
adminer/scheme.inc.php
View file

@ -1,10 +1,12 @@
<?php
$row = $_POST;
if ($_POST && !$error) {
$link = preg_replace('~ns=[^&]*&~', '', ME) . "ns=";
if ($_POST["drop"]) {
query_redirect("DROP SCHEMA " . idf_escape($_GET["ns"]), $link, lang('Schema has been dropped.'));
} else {
$name = trim($_POST["name"]);
$name = trim($row["name"]);
$link .= urlencode($name);
if ($_GET["ns"] == "") {
query_redirect("CREATE SCHEMA " . idf_escape($name), $link, lang('Schema has been created.'));
@ -18,9 +20,8 @@ if ($_POST && !$error) {
page_header($_GET["ns"] != "" ? lang('Alter schema') : lang('Create schema'), $error);
$row = $_POST;
if (!$row) {
$row = array("name" => $_GET["ns"]);
$row["name"] = $_GET["ns"];
}
?>

6
adminer/sequence.inc.php
View file

@ -1,9 +1,10 @@
<?php
$SEQUENCE = $_GET["sequence"];
$row = $_POST;
if ($_POST && !$error) {
$link = substr(ME, 0, -1);
$name = trim($_POST["name"]);
$name = trim($row["name"]);
if ($_POST["drop"]) {
query_redirect("DROP SEQUENCE " . idf_escape($SEQUENCE), $link, lang('Sequence has been dropped.'));
} elseif ($SEQUENCE == "") {
@ -17,9 +18,8 @@ if ($_POST && !$error) {
page_header($SEQUENCE != "" ? lang('Alter sequence') . ": " . h($SEQUENCE) : lang('Create sequence'), $error);
$row = $_POST;
if (!$row) {
$row = array("name" => $SEQUENCE);
$row["name"] = $SEQUENCE;
}
?>

6
adminer/type.inc.php
View file

@ -1,20 +1,20 @@
<?php
$TYPE = $_GET["type"];
$row = $_POST;
if ($_POST && !$error) {
$link = substr(ME, 0, -1);
if ($_POST["drop"]) {
query_redirect("DROP TYPE " . idf_escape($TYPE), $link, lang('Type has been dropped.'));
} else {
query_redirect("CREATE TYPE " . idf_escape(trim($_POST["name"])) . " $_POST[as]", $link, lang('Type has been created.'));
query_redirect("CREATE TYPE " . idf_escape(trim($row["name"])) . " $row[as]", $link, lang('Type has been created.'));
}
}
page_header($TYPE != "" ? lang('Alter type') . ": " . h($TYPE) : lang('Create type'), $error);
$row = $_POST;
if (!$row) {
$row = array("as" => "AS ");
$row["as"] = "AS ";
}
?>