Fix remote execution in SQLite query (thanks to Vincent Waart)
This commit is contained in:
parent
63f2a041ed
commit
a5b65fba5b
|
@ -45,7 +45,7 @@ if (!$error && $_POST) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$space = "(?:\\s|/\\*.*\\*/|(?:#|-- )[^\n]*\n|--\r?\n)";
|
$space = "(?:\\s|/\\*[\s\S]*?\\*/|(?:#|-- )[^\n]*\n?|--\r?\n)";
|
||||||
$delimiter = ";";
|
$delimiter = ";";
|
||||||
$offset = 0;
|
$offset = 0;
|
||||||
$empty = true;
|
$empty = true;
|
||||||
|
@ -62,7 +62,7 @@ if (!$error && $_POST) {
|
||||||
unset($dump_format["sql"]);
|
unset($dump_format["sql"]);
|
||||||
|
|
||||||
while ($query != "") {
|
while ($query != "") {
|
||||||
if (!$offset && preg_match("~^$space*DELIMITER\\s+(\\S+)~i", $query, $match)) {
|
if (!$offset && preg_match("~^$space*+DELIMITER\\s+(\\S+)~i", $query, $match)) {
|
||||||
$delimiter = $match[1];
|
$delimiter = $match[1];
|
||||||
$query = substr($query, strlen($match[0]));
|
$query = substr($query, strlen($match[0]));
|
||||||
} else {
|
} else {
|
||||||
|
@ -94,7 +94,7 @@ if (!$error && $_POST) {
|
||||||
$q = substr($query, 0, $pos);
|
$q = substr($query, 0, $pos);
|
||||||
$commands++;
|
$commands++;
|
||||||
$print = "<pre id='sql-$commands'><code class='jush-$jush'>" . shorten_utf8(trim($q), 1000) . "</code></pre>\n";
|
$print = "<pre id='sql-$commands'><code class='jush-$jush'>" . shorten_utf8(trim($q), 1000) . "</code></pre>\n";
|
||||||
if ($jush == "sqlite" && preg_match("~^$space*ATTACH\b~i", $q, $match)) {
|
if ($jush == "sqlite" && preg_match("~^$space*+ATTACH\\b~i", $q, $match)) {
|
||||||
// PHP doesn't support setting SQLITE_LIMIT_ATTACHED
|
// PHP doesn't support setting SQLITE_LIMIT_ATTACHED
|
||||||
echo $print;
|
echo $print;
|
||||||
echo "<p class='error'>" . lang('ATTACH queries are not supported.') . "\n";
|
echo "<p class='error'>" . lang('ATTACH queries are not supported.') . "\n";
|
||||||
|
@ -110,7 +110,7 @@ if (!$error && $_POST) {
|
||||||
}
|
}
|
||||||
$start = microtime(true);
|
$start = microtime(true);
|
||||||
//! don't allow changing of character_set_results, convert encoding of displayed query
|
//! don't allow changing of character_set_results, convert encoding of displayed query
|
||||||
if ($connection->multi_query($q) && is_object($connection2) && preg_match("~^$space*USE\\b~isU", $q)) {
|
if ($connection->multi_query($q) && is_object($connection2) && preg_match("~^$space*+USE\\b~i", $q)) {
|
||||||
$connection2->query($q);
|
$connection2->query($q);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -143,7 +143,7 @@ if (!$error && $_POST) {
|
||||||
. "<input type='hidden' name='query' value='" . h($q) . "'>"
|
. "<input type='hidden' name='query' value='" . h($q) . "'>"
|
||||||
. " <input type='submit' name='export' value='" . lang('Export') . "'><input type='hidden' name='token' value='$token'></span>\n"
|
. " <input type='submit' name='export' value='" . lang('Export') . "'><input type='hidden' name='token' value='$token'></span>\n"
|
||||||
;
|
;
|
||||||
if ($connection2 && preg_match("~^($space|\\()*SELECT\\b~isU", $q) && ($explain = explain($connection2, $q))) {
|
if ($connection2 && preg_match("~^($space|\\()*+SELECT\\b~i", $q) && ($explain = explain($connection2, $q))) {
|
||||||
$id = "explain-$commands";
|
$id = "explain-$commands";
|
||||||
echo ", <a href='#$id' onclick=\"return !toggle('$id');\">EXPLAIN</a>$export";
|
echo ", <a href='#$id' onclick=\"return !toggle('$id');\">EXPLAIN</a>$export";
|
||||||
echo "<div id='$id' class='hidden'>\n";
|
echo "<div id='$id' class='hidden'>\n";
|
||||||
|
@ -156,7 +156,7 @@ if (!$error && $_POST) {
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
if (preg_match("~^$space*(CREATE|DROP|ALTER)$space+(DATABASE|SCHEMA)\\b~isU", $q)) {
|
if (preg_match("~^$space*+(CREATE|DROP|ALTER)$space++(DATABASE|SCHEMA)\\b~i", $q)) {
|
||||||
restart_session();
|
restart_session();
|
||||||
set_session("dbs", null); // clear cache
|
set_session("dbs", null); // clear cache
|
||||||
stop_session();
|
stop_session();
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
Adminer 4.2.5-dev:
|
Adminer 4.2.5-dev:
|
||||||
|
Fix remote execution in SQLite query
|
||||||
PostgreSQL: Support KILL
|
PostgreSQL: Support KILL
|
||||||
|
|
||||||
Adminer 4.2.4 (released 2016-02-06):
|
Adminer 4.2.4 (released 2016-02-06):
|
||||||
|
|
Loading…
Reference in a new issue