Use single \ in ' strings
This commit is contained in:
parent
2021ea8fd7
commit
b4392b3f91
|
@ -47,7 +47,7 @@ if ($_POST) {
|
|||
} elseif ($jush == "sql") {
|
||||
// propose database name with limited privileges
|
||||
foreach (get_vals("SHOW GRANTS") as $grant) {
|
||||
if (preg_match('~ ON (`(([^\\\\`]|``|\\\\.)*)%`\\.\\*)?~', $grant, $match) && $match[1]) {
|
||||
if (preg_match('~ ON (`(([^\\\\`]|``|\\\\.)*)%`\.\*)?~', $grant, $match) && $match[1]) {
|
||||
$name = stripcslashes(idf_unescape("`$match[2]`"));
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -239,7 +239,7 @@ if (isset($_GET["mssql"])) {
|
|||
var $extension = "PDO_DBLIB";
|
||||
|
||||
function connect($server, $username, $password) {
|
||||
$this->dsn("dblib:charset=utf8;host=" . str_replace(":", ";unix_socket=", preg_replace('~:(\\d)~', ';port=\\1', $server)), $username, $password);
|
||||
$this->dsn("dblib:charset=utf8;host=" . str_replace(":", ";unix_socket=", preg_replace('~:(\d)~', ';port=\1', $server)), $username, $password);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -406,7 +406,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table)
|
|||
|
||||
function view($name) {
|
||||
global $connection;
|
||||
return array("select" => preg_replace('~^(?:[^[]|\\[[^]]*])*\\s+AS\\s+~isU', '', $connection->result("SELECT VIEW_DEFINITION FROM INFORMATION_SCHEMA.VIEWS WHERE TABLE_SCHEMA = SCHEMA_NAME() AND TABLE_NAME = " . q($name))));
|
||||
return array("select" => preg_replace('~^(?:[^[]|\[[^]]*])*\s+AS\s+~isU', '', $connection->result("SELECT VIEW_DEFINITION FROM INFORMATION_SCHEMA.VIEWS WHERE TABLE_SCHEMA = SCHEMA_NAME() AND TABLE_NAME = " . q($name))));
|
||||
}
|
||||
|
||||
function collations() {
|
||||
|
@ -423,7 +423,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table)
|
|||
|
||||
function error() {
|
||||
global $connection;
|
||||
return nl_br(h(preg_replace('~^(\\[[^]]*])+~m', '', $connection->error)));
|
||||
return nl_br(h(preg_replace('~^(\[[^]]*])+~m', '', $connection->error)));
|
||||
}
|
||||
|
||||
function create_database($db, $collation) {
|
||||
|
@ -454,7 +454,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table)
|
|||
if (!$val) {
|
||||
$alter["DROP"][] = " COLUMN $column";
|
||||
} else {
|
||||
$val[1] = preg_replace("~( COLLATE )'(\\w+)'~", "\\1\\2", $val[1]);
|
||||
$val[1] = preg_replace("~( COLLATE )'(\\w+)'~", '\1\2', $val[1]);
|
||||
if ($field[0] == "") {
|
||||
$alter["ADD"][] = "\n " . implode("", $val) . ($table == "" ? substr($foreign[$val[0]], 16 + strlen($val[0])) : ""); // 16 - strlen(" FOREIGN KEY ()")
|
||||
} else {
|
||||
|
@ -561,7 +561,7 @@ WHERE s.xtype = 'TR' AND s.name = " . q($name)
|
|||
); // triggers are not schema-scoped
|
||||
$return = reset($rows);
|
||||
if ($return) {
|
||||
$return["Statement"] = preg_replace('~^.+\\s+AS\\s+~isU', '', $return["text"]); //! identifiers, comments
|
||||
$return["Statement"] = preg_replace('~^.+\s+AS\s+~isU', '', $return["text"]); //! identifiers, comments
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
|
|
|
@ -240,7 +240,7 @@ if (!defined("DRIVER")) {
|
|||
);
|
||||
}
|
||||
$this->dsn(
|
||||
"mysql:charset=utf8;host=" . str_replace(":", ";unix_socket=", preg_replace('~:(\\d)~', ';port=\\1', $server)),
|
||||
"mysql:charset=utf8;host=" . str_replace(":", ";unix_socket=", preg_replace('~:(\d)~', ';port=\1', $server)),
|
||||
$username,
|
||||
$password,
|
||||
$options
|
||||
|
@ -484,7 +484,7 @@ if (!defined("DRIVER")) {
|
|||
) as $row) {
|
||||
if ($row["Engine"] == "InnoDB") {
|
||||
// ignore internal comment, unnecessary since MySQL 5.1.21
|
||||
$row["Comment"] = preg_replace('~(?:(.+); )?InnoDB free: .*~', '\\1', $row["Comment"]);
|
||||
$row["Comment"] = preg_replace('~(?:(.+); )?InnoDB free: .*~', '\1', $row["Comment"]);
|
||||
}
|
||||
if (!isset($row["Engine"])) {
|
||||
$row["Comment"] = "";
|
||||
|
@ -521,7 +521,7 @@ if (!defined("DRIVER")) {
|
|||
function fields($table) {
|
||||
$return = array();
|
||||
foreach (get_rows("SHOW FULL COLUMNS FROM " . table($table)) as $row) {
|
||||
preg_match('~^([^( ]+)(?:\\((.+)\\))?( unsigned)?( zerofill)?$~', $row["Type"], $match);
|
||||
preg_match('~^([^( ]+)(?:\((.+)\))?( unsigned)?( zerofill)?$~', $row["Type"], $match);
|
||||
$return[$row["Field"]] = array(
|
||||
"field" => $row["Field"],
|
||||
"full_type" => $row["Type"],
|
||||
|
@ -591,7 +591,7 @@ if (!defined("DRIVER")) {
|
|||
*/
|
||||
function view($name) {
|
||||
global $connection;
|
||||
return array("select" => preg_replace('~^(?:[^`]|`[^`]*`)*\\s+AS\\s+~isU', '', $connection->result("SHOW CREATE VIEW " . table($name), 1)));
|
||||
return array("select" => preg_replace('~^(?:[^`]|`[^`]*`)*\s+AS\s+~isU', '', $connection->result("SHOW CREATE VIEW " . table($name), 1)));
|
||||
}
|
||||
|
||||
/** Get sorted grouped list of collations
|
||||
|
@ -870,7 +870,7 @@ if (!defined("DRIVER")) {
|
|||
"field" => $name,
|
||||
"type" => strtolower($param[5]),
|
||||
"length" => preg_replace_callback("~$enum_length~s", 'normalize_enum', $param[6]),
|
||||
"unsigned" => strtolower(preg_replace('~\\s+~', ' ', trim("$param[8] $param[7]"))),
|
||||
"unsigned" => strtolower(preg_replace('~\s+~', ' ', trim("$param[8] $param[7]"))),
|
||||
"null" => 1,
|
||||
"full_type" => $param[4],
|
||||
"inout" => strtoupper($param[1]),
|
||||
|
@ -976,7 +976,7 @@ if (!defined("DRIVER")) {
|
|||
global $connection;
|
||||
$return = $connection->result("SHOW CREATE TABLE " . table($table), 1);
|
||||
if (!$auto_increment) {
|
||||
$return = preg_replace('~ AUTO_INCREMENT=\\d+~', '', $return); //! skip comments
|
||||
$return = preg_replace('~ AUTO_INCREMENT=\d+~', '', $return); //! skip comments
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
|
|
|
@ -358,7 +358,7 @@ ORDER BY a.attnum"
|
|||
$row["full_type"] = $row["type"] . $length . $addon . $array;
|
||||
}
|
||||
$row["null"] = !$row["attnotnull"];
|
||||
$row["auto_increment"] = preg_match('~^nextval\\(~i', $row["default"]);
|
||||
$row["auto_increment"] = preg_match('~^nextval\(~i', $row["default"]);
|
||||
$row["privileges"] = array("insert" => 1, "select" => 1, "update" => 1);
|
||||
if (preg_match('~(.+)::[^)]+(.*)~', $row["default"], $match)) {
|
||||
$row["default"] = ($match[1] == "NULL" ? null : (($match[1][0] == "'" ? idf_unescape($match[1]) : $match[1]) . $match[2]));
|
||||
|
@ -434,8 +434,8 @@ WHERE table_schema = current_schema() AND table_name = " . q($name))));
|
|||
function error() {
|
||||
global $connection;
|
||||
$return = h($connection->error);
|
||||
if (preg_match('~^(.*\\n)?([^\\n]*)\\n( *)\\^(\\n.*)?$~s', $return, $match)) {
|
||||
$return = $match[1] . preg_replace('~((?:[^&]|&[^;]*;){' . strlen($match[3]) . '})(.*)~', '\\1<b>\\2</b>', $match[2]) . $match[4];
|
||||
if (preg_match('~^(.*\n)?([^\n]*)\n( *)\^(\n.*)?$~s', $return, $match)) {
|
||||
$return = $match[1] . preg_replace('~((?:[^&]|&[^;]*;){' . strlen($match[3]) . '})(.*)~', '\1<b>\2</b>', $match[2]) . $match[4];
|
||||
}
|
||||
return nl_br($return);
|
||||
}
|
||||
|
|
|
@ -152,7 +152,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {
|
|||
|
||||
function fetch_field() {
|
||||
$name = $this->_result->fieldName($this->_offset++);
|
||||
$pattern = '(\\[.*]|"(?:[^"]|"")*"|(.+))';
|
||||
$pattern = '(\[.*]|"(?:[^"]|"")*"|(.+))';
|
||||
if (preg_match("~^($pattern\\.)?$pattern\$~", $name, $match)) {
|
||||
$table = ($match[3] != "" ? $match[3] : idf_unescape($match[2]));
|
||||
$name = ($match[5] != "" ? $match[5] : idf_unescape($match[4]));
|
||||
|
@ -402,7 +402,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {
|
|||
|
||||
function view($name) {
|
||||
global $connection;
|
||||
return array("select" => preg_replace('~^(?:[^`"[]+|`[^`]*`|"[^"]*")* AS\\s+~iU', '', $connection->result("SELECT sql FROM sqlite_master WHERE name = " . q($name)))); //! identifiers may be inside []
|
||||
return array("select" => preg_replace('~^(?:[^`"[]+|`[^`]*`|"[^"]*")* AS\s+~iU', '', $connection->result("SELECT sql FROM sqlite_master WHERE name = " . q($name)))); //! identifiers may be inside []
|
||||
}
|
||||
|
||||
function collations() {
|
||||
|
@ -649,7 +649,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {
|
|||
if ($name == "") {
|
||||
return array("Statement" => "BEGIN\n\t;\nEND");
|
||||
}
|
||||
$idf = '(?:[^`"\\s]+|`[^`]*`|"[^"]*")+';
|
||||
$idf = '(?:[^`"\s]+|`[^`]*`|"[^"]*")+';
|
||||
$trigger_options = trigger_options();
|
||||
preg_match(
|
||||
"~^CREATE\\s+TRIGGER\\s*$idf\\s*(" . implode("|", $trigger_options["Timing"]) . ")\\s+([a-z]+)(?:\\s+OF\\s+($idf))?\\s+ON\\s*$idf\\s*(?:FOR\\s+EACH\\s+ROW\\s)?(.*)~is",
|
||||
|
@ -670,7 +670,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {
|
|||
$return = array();
|
||||
$trigger_options = trigger_options();
|
||||
foreach (get_rows("SELECT * FROM sqlite_master WHERE type = 'trigger' AND tbl_name = " . q($table)) as $row) {
|
||||
preg_match('~^CREATE\\s+TRIGGER\\s*(?:[^`"\\s]+|`[^`]*`|"[^"]*")+\\s*(' . implode("|", $trigger_options["Timing"]) . ')\\s*(.*)\\s+ON\\b~iU', $row["sql"], $match);
|
||||
preg_match('~^CREATE\s+TRIGGER\s*(?:[^`"\s]+|`[^`]*`|"[^"]*")+\s*(' . implode("|", $trigger_options["Timing"]) . ')\s*(.*)\s+ON\b~iU', $row["sql"], $match);
|
||||
$return[$row["name"]] = array($match[1], $match[2]);
|
||||
}
|
||||
return $return;
|
||||
|
|
|
@ -575,7 +575,7 @@ class Adminer {
|
|||
$return = array();
|
||||
foreach ((array) $_GET["order"] as $key => $val) {
|
||||
if ($val != "") {
|
||||
$return[] = (preg_match('~^((COUNT\\(DISTINCT |[A-Z0-9_]+\\()(`(?:[^`]|``)+`|"(?:[^"]|"")+")\\)|COUNT\\(\\*\\))$~', $val) ? $val : idf_escape($val)) //! MS SQL uses []
|
||||
$return[] = (preg_match('~^((COUNT\(DISTINCT |[A-Z0-9_]+\()(`(?:[^`]|``)+`|"(?:[^"]|"")+")\)|COUNT\(\*\))$~', $val) ? $val : idf_escape($val)) //! MS SQL uses []
|
||||
. (isset($_GET["desc"][$key]) ? " DESC" : "")
|
||||
;
|
||||
}
|
||||
|
@ -718,7 +718,7 @@ class Adminer {
|
|||
$return = "$function()";
|
||||
} elseif (preg_match('~^current_(date|timestamp)$~', $function)) {
|
||||
$return = $function;
|
||||
} elseif (preg_match('~^([+-]|\\|\\|)$~', $function)) {
|
||||
} elseif (preg_match('~^([+-]|\|\|)$~', $function)) {
|
||||
$return = idf_escape($name) . " $function $return";
|
||||
} elseif (preg_match('~^[+-] interval$~', $function)) {
|
||||
$return = idf_escape($name) . " $function " . (preg_match("~^(\\d+|'[0-9.: -]') [A-Z_]+\$~i", $value) ? $value : $return);
|
||||
|
@ -962,7 +962,7 @@ class Adminer {
|
|||
}
|
||||
$server_info = $connection->server_info;
|
||||
?>
|
||||
bodyLoad('<?php echo (is_object($connection) ? preg_replace('~^(\\d\\.?\\d).*~s', '\\1', $server_info) : ""); ?>'<?php echo (preg_match('~MariaDB~', $server_info) ? ", true" : ""); ?>);
|
||||
bodyLoad('<?php echo (is_object($connection) ? preg_replace('~^(\d\.?\d).*~s', '\1', $server_info) : ""); ?>'<?php echo (preg_match('~MariaDB~', $server_info) ? ", true" : ""); ?>);
|
||||
</script>
|
||||
<?php
|
||||
}
|
||||
|
|
|
@ -50,7 +50,7 @@ $HTTPS = $_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off");
|
|||
if (!defined("SID")) {
|
||||
session_cache_limiter(""); // to allow restarting session
|
||||
session_name("adminer_sid"); // use specific session name to get own namespace
|
||||
$params = array(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", $HTTPS);
|
||||
$params = array(0, preg_replace('~\?.*~', '', $_SERVER["REQUEST_URI"]), "", $HTTPS);
|
||||
if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
|
||||
$params[] = true; // HttpOnly
|
||||
}
|
||||
|
@ -83,7 +83,7 @@ include "../adminer/drivers/mysql.inc.php"; // must be included as last driver
|
|||
|
||||
define("SERVER", $_GET[DRIVER]); // read from pgsql=localhost
|
||||
define("DB", $_GET["db"]); // for the sake of speed and size
|
||||
define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?'
|
||||
define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\1', $_SERVER["REQUEST_URI"]) . '?'
|
||||
. (sid() ? SID . '&' : '')
|
||||
. (SERVER !== null ? DRIVER . "=" . urlencode(SERVER) . '&' : '')
|
||||
. (isset($_GET["username"]) ? "username=" . urlencode($_GET["username"]) . '&' : '')
|
||||
|
|
|
@ -358,7 +358,7 @@ function grant($grant, $privileges, $columns, $on) {
|
|||
: queries("$grant ALL PRIVILEGES$on") && queries("$grant GRANT OPTION$on")
|
||||
);
|
||||
}
|
||||
return queries("$grant " . preg_replace('~(GRANT OPTION)\\([^)]*\\)~', '\\1', implode("$columns, ", $privileges) . $columns) . $on);
|
||||
return queries("$grant " . preg_replace('~(GRANT OPTION)\([^)]*\)~', '\1', implode("$columns, ", $privileges) . $columns) . $on);
|
||||
}
|
||||
|
||||
/** Drop old object and create a new one
|
||||
|
@ -441,7 +441,7 @@ function create_routine($routine, $row) {
|
|||
* @return string
|
||||
*/
|
||||
function remove_definer($query) {
|
||||
return preg_replace('~^([A-Z =]+) DEFINER=`' . preg_replace('~@(.*)~', '`@`(%|\\1)', logged_user()) . '`~', '\\1', $query); //! proper escaping of user
|
||||
return preg_replace('~^([A-Z =]+) DEFINER=`' . preg_replace('~@(.*)~', '`@`(%|\1)', logged_user()) . '`~', '\1', $query); //! proper escaping of user
|
||||
}
|
||||
|
||||
/** Format foreign key to use in SQL query
|
||||
|
@ -497,7 +497,7 @@ function ini_bytes($ini) {
|
|||
function doc_link($paths, $text = "<sup>?</sup>") {
|
||||
global $jush, $connection;
|
||||
$server_info = $connection->server_info;
|
||||
$version = preg_replace('~^(\\d\\.?\\d).*~s', '\\1', $server_info); // two most significant digits
|
||||
$version = preg_replace('~^(\d\.?\d).*~s', '\1', $server_info); // two most significant digits
|
||||
$urls = array(
|
||||
'sql' => "https://dev.mysql.com/doc/refman/$version/en/",
|
||||
'sqlite' => "https://www.sqlite.org/",
|
||||
|
|
|
@ -482,7 +482,7 @@ function where($where, $fields = array()) {
|
|||
$key = bracket_escape($key, 1); // 1 - back
|
||||
$column = escape_key($key);
|
||||
$return[] = $column
|
||||
. ($jush == "sql" && preg_match('~^[0-9]*\\.[0-9]*$~', $val) ? " LIKE " . q(addcslashes($val, "%_\\"))
|
||||
. ($jush == "sql" && preg_match('~^[0-9]*\.[0-9]*$~', $val) ? " LIKE " . q(addcslashes($val, "%_\\"))
|
||||
: ($jush == "mssql" ? " LIKE " . q(preg_replace('~[_%[]~', '[\0]', $val))
|
||||
: " = " . unconvert_field($fields[$key], q($val))
|
||||
)) // LIKE because of floats but slow with ints, in MS SQL because of text
|
||||
|
@ -549,7 +549,7 @@ function cookie($name, $value, $lifetime = 2592000) { // 2592000 - 30 days
|
|||
global $HTTPS;
|
||||
return header("Set-Cookie: $name=" . urlencode($value)
|
||||
. ($lifetime ? "; expires=" . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT" : "")
|
||||
. "; path=" . preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"])
|
||||
. "; path=" . preg_replace('~\?.*~', '', $_SERVER["REQUEST_URI"])
|
||||
. ($HTTPS ? "; secure" : "")
|
||||
. "; HttpOnly; SameSite=lax",
|
||||
false);
|
||||
|
@ -599,7 +599,7 @@ function set_session($key, $val) {
|
|||
*/
|
||||
function auth_url($vendor, $server, $username, $db = null) {
|
||||
global $drivers;
|
||||
preg_match('~([^?]*)\\??(.*)~', remove_from_uri(implode("|", array_keys($drivers)) . "|username|" . ($db !== null ? "db|" : "") . session_name()), $match);
|
||||
preg_match('~([^?]*)\??(.*)~', remove_from_uri(implode("|", array_keys($drivers)) . "|username|" . ($db !== null ? "db|" : "") . session_name()), $match);
|
||||
return "$match[1]?"
|
||||
. (sid() ? SID . "&" : "")
|
||||
. ($vendor != "server" || $server != "" ? urlencode($vendor) . "=" . urlencode($server) . "&" : "")
|
||||
|
@ -759,7 +759,7 @@ function get_file($key, $decompress = false) {
|
|||
}
|
||||
$name = $file["name"][$key];
|
||||
$tmp_name = $file["tmp_name"][$key];
|
||||
$content = file_get_contents($decompress && preg_match('~\\.gz$~', $name)
|
||||
$content = file_get_contents($decompress && preg_match('~\.gz$~', $name)
|
||||
? "compress.zlib://$tmp_name"
|
||||
: $tmp_name
|
||||
); //! may not be reachable because of open_basedir
|
||||
|
@ -804,7 +804,7 @@ function repeat_pattern($pattern, $length) {
|
|||
*/
|
||||
function is_utf8($val) {
|
||||
// don't print control chars except \t\r\n
|
||||
return (preg_match('~~u', $val) && !preg_match('~[\\0-\\x8\\xB\\xC\\xE-\\x1F]~', $val));
|
||||
return (preg_match('~~u', $val) && !preg_match('~[\0-\x8\xB\xC\xE-\x1F]~', $val));
|
||||
}
|
||||
|
||||
/** Shorten UTF-8 string
|
||||
|
@ -974,7 +974,7 @@ function input($field, $value, $function) {
|
|||
echo "<textarea$attrs cols='50' rows='12' class='jush-js'>" . h($value) . '</textarea>';
|
||||
} else {
|
||||
// int(3) is only a display hint
|
||||
$maxlength = (!preg_match('~int~', $field["type"]) && preg_match('~^(\\d+)(,(\\d+))?$~', $field["length"], $match) ? ((preg_match("~binary~", $field["type"]) ? 2 : 1) * $match[1] + ($match[3] ? 1 : 0) + ($match[2] && !$field["unsigned"] ? 1 : 0)) : ($types[$field["type"]] ? $types[$field["type"]] + ($field["unsigned"] ? 0 : 1) : 0));
|
||||
$maxlength = (!preg_match('~int~', $field["type"]) && preg_match('~^(\d+)(,(\d+))?$~', $field["length"], $match) ? ((preg_match("~binary~", $field["type"]) ? 2 : 1) * $match[1] + ($match[3] ? 1 : 0) + ($match[2] && !$field["unsigned"] ? 1 : 0)) : ($types[$field["type"]] ? $types[$field["type"]] + ($field["unsigned"] ? 0 : 1) : 0));
|
||||
if ($jush == 'sql' && min_version(5.6) && preg_match('~time~', $field["type"])) {
|
||||
$maxlength += 7; // microtime
|
||||
}
|
||||
|
|
|
@ -184,7 +184,7 @@ if ($_POST && !$error) {
|
|||
cookie("adminer_import", "output=" . urlencode($adminer_import["output"]) . "&format=" . urlencode($_POST["separator"]));
|
||||
$result = true;
|
||||
$cols = array_keys($fields);
|
||||
preg_match_all('~(?>"[^"]*"|[^"\\r\\n]+)+~', $file, $matches);
|
||||
preg_match_all('~(?>"[^"]*"|[^"\r\n]+)+~', $file, $matches);
|
||||
$affected = count($matches[0]);
|
||||
$driver->begin();
|
||||
$separator = ($_POST["separator"] == "csv" ? "," : ($_POST["separator"] == "tsv" ? "\t" : ";"));
|
||||
|
@ -369,7 +369,7 @@ if (!$columns && support("table")) {
|
|||
if (!$unique_array) {
|
||||
$unique_array = array();
|
||||
foreach ($rows[$n] as $key => $val) {
|
||||
if (!preg_match('~^(COUNT\\((\\*|(DISTINCT )?`(?:[^`]|``)+`)\\)|(AVG|GROUP_CONCAT|MAX|MIN|SUM)\\(`(?:[^`]|``)+`\\))$~', $key)) { //! columns looking like functions
|
||||
if (!preg_match('~^(COUNT\((\*|(DISTINCT )?`(?:[^`]|``)+`)\)|(AVG|GROUP_CONCAT|MAX|MIN|SUM)\(`(?:[^`]|``)+`\))$~', $key)) { //! columns looking like functions
|
||||
$unique_array[$key] = $val;
|
||||
}
|
||||
}
|
||||
|
@ -407,9 +407,9 @@ if (!$columns && support("table")) {
|
|||
foreach ($foreign_key["source"] as $i => $source) {
|
||||
$link .= where_link($i, $foreign_key["target"][$i], $rows[$n][$source]);
|
||||
}
|
||||
$link = ($foreign_key["db"] != "" ? preg_replace('~([?&]db=)[^&]+~', '\\1' . urlencode($foreign_key["db"]), ME) : ME) . 'select=' . urlencode($foreign_key["table"]) . $link; // InnoDB supports non-UNIQUE keys
|
||||
$link = ($foreign_key["db"] != "" ? preg_replace('~([?&]db=)[^&]+~', '\1' . urlencode($foreign_key["db"]), ME) : ME) . 'select=' . urlencode($foreign_key["table"]) . $link; // InnoDB supports non-UNIQUE keys
|
||||
if ($foreign_key["ns"]) {
|
||||
$link = preg_replace('~([?&]ns=)[^&]+~', '\\1' . urlencode($foreign_key["ns"]), $link);
|
||||
$link = preg_replace('~([?&]ns=)[^&]+~', '\1' . urlencode($foreign_key["ns"]), $link);
|
||||
}
|
||||
if (count($foreign_key["source"]) == 1) {
|
||||
break;
|
||||
|
|
|
@ -56,7 +56,7 @@ if (!$error && $_POST) {
|
|||
}
|
||||
$commands = 0;
|
||||
$errors = array();
|
||||
$parse = '[\'"' . ($jush == "sql" ? '`#' : ($jush == "sqlite" ? '`[' : ($jush == "mssql" ? '[' : ''))) . ']|/\\*|-- |$' . ($jush == "pgsql" ? '|\\$[^$]*\\$' : '');
|
||||
$parse = '[\'"' . ($jush == "sql" ? '`#' : ($jush == "sqlite" ? '`[' : ($jush == "mssql" ? '[' : ''))) . ']|/\*|-- |$' . ($jush == "pgsql" ? '|\$[^$]*\$' : '');
|
||||
$total_start = microtime(true);
|
||||
parse_str($_COOKIE["adminer_export"], $adminer_export);
|
||||
$dump_format = $adminer->dumpFormat();
|
||||
|
@ -78,7 +78,7 @@ if (!$error && $_POST) {
|
|||
$offset = $pos + strlen($found);
|
||||
|
||||
if ($found && rtrim($found) != $delimiter) { // find matching quote or comment end
|
||||
while (preg_match('(' . ($found == '/*' ? '\\*/' : ($found == '[' ? ']' : (preg_match('~^-- |^#~', $found) ? "\n" : preg_quote($found) . "|\\\\."))) . '|$)s', $query, $match, PREG_OFFSET_CAPTURE, $offset)) { //! respect sql_mode NO_BACKSLASH_ESCAPES
|
||||
while (preg_match('(' . ($found == '/*' ? '\*/' : ($found == '[' ? ']' : (preg_match('~^-- |^#~', $found) ? "\n" : preg_quote($found) . "|\\\\."))) . '|$)s', $query, $match, PREG_OFFSET_CAPTURE, $offset)) { //! respect sql_mode NO_BACKSLASH_ESCAPES
|
||||
$s = $match[0][0];
|
||||
if (!$s && $fp && !feof($fp)) {
|
||||
$query .= fread($fp, 1e5);
|
||||
|
|
|
@ -29,7 +29,7 @@ $old_pass = "";
|
|||
|
||||
if (isset($_GET["host"]) && ($result = $connection->query("SHOW GRANTS FOR " . q($USER) . "@" . q($_GET["host"])))) { //! use information_schema for MySQL 5 - column names in column privileges are not escaped
|
||||
while ($row = $result->fetch_row()) {
|
||||
if (preg_match('~GRANT (.*) ON (.*) TO ~', $row[0], $match) && preg_match_all('~ *([^(,]*[^ ,(])( *\\([^)]+\\))?~', $match[1], $matches, PREG_SET_ORDER)) { //! escape the part between ON and TO
|
||||
if (preg_match('~GRANT (.*) ON (.*) TO ~', $row[0], $match) && preg_match_all('~ *([^(,]*[^ ,(])( *\([^)]+\))?~', $match[1], $matches, PREG_SET_ORDER)) { //! escape the part between ON and TO
|
||||
foreach ($matches as $val) {
|
||||
if ($val[1] != "USAGE") {
|
||||
$grants["$match[2]$val[2]"][$val[1]] = true;
|
||||
|
@ -84,7 +84,7 @@ if ($_POST && !$error) {
|
|||
$grant = array_diff($grant, $old_grant);
|
||||
unset($grants[$object]);
|
||||
}
|
||||
if (preg_match('~^(.+)\\s*(\\(.*\\))?$~U', $object, $match) && (
|
||||
if (preg_match('~^(.+)\s*(\(.*\))?$~U', $object, $match) && (
|
||||
!grant("REVOKE", $revoke, $match[2], " ON $match[1] FROM $new_user") //! SQL injection
|
||||
|| !grant("GRANT", $grant, $match[2], " ON $match[1] TO $new_user")
|
||||
)) {
|
||||
|
@ -99,7 +99,7 @@ if ($_POST && !$error) {
|
|||
queries("DROP USER $old_user");
|
||||
} elseif (!isset($_GET["grant"])) {
|
||||
foreach ($grants as $object => $revoke) {
|
||||
if (preg_match('~^(.+)(\\(.*\\))?$~U', $object, $match)) {
|
||||
if (preg_match('~^(.+)(\(.*\))?$~U', $object, $match)) {
|
||||
grant("REVOKE", array_keys($revoke), $match[2], " ON $match[1] FROM $new_user");
|
||||
}
|
||||
}
|
||||
|
|
24
compile.php
24
compile.php
|
@ -57,7 +57,7 @@ function put_file($match) {
|
|||
}
|
||||
$tokens = token_get_all($return); // to find out the last token
|
||||
return "?>\n$return" . (in_array($tokens[count($tokens) - 1][0], array(T_CLOSE_TAG, T_INLINE_HTML), true) ? "<?php" : "");
|
||||
} elseif (preg_match('~\\s*(\\$pos = (.+\n).+;)~sU', $return, $match2)) {
|
||||
} elseif (preg_match('~\s*(\$pos = (.+\n).+;)~sU', $return, $match2)) {
|
||||
// single language lang() is used for plural
|
||||
return "function get_lang() {
|
||||
return '$_SESSION[lang]';
|
||||
|
@ -275,7 +275,7 @@ function php_shrink($input) {
|
|||
}
|
||||
|
||||
function minify_css($file) {
|
||||
return lzw_compress(preg_replace('~\\s*([:;{},])\\s*~', '\\1', preg_replace('~/\\*.*\\*/~sU', '', $file)));
|
||||
return lzw_compress(preg_replace('~\s*([:;{},])\s*~', '\1', preg_replace('~/\*.*\*/~sU', '', $file)));
|
||||
}
|
||||
|
||||
function minify_js($file) {
|
||||
|
@ -337,7 +337,7 @@ if ($_SERVER["argv"][1]) {
|
|||
// check function definition in drivers
|
||||
$file = file_get_contents(dirname(__FILE__) . "/adminer/drivers/mysql.inc.php");
|
||||
$file = preg_replace('~class Min_Driver.*\n\t}~sU', '', $file);
|
||||
preg_match_all('~\\bfunction ([^(]+)~', $file, $matches); //! respect context (extension, class)
|
||||
preg_match_all('~\bfunction ([^(]+)~', $file, $matches); //! respect context (extension, class)
|
||||
$functions = array_combine($matches[1], $matches[0]);
|
||||
//! do not warn about functions without declared support()
|
||||
unset($functions["__construct"], $functions["__destruct"], $functions["set_charset"]);
|
||||
|
@ -372,12 +372,12 @@ if ($driver) {
|
|||
$file = str_replace("if (isset(\$_GET[\"callf\"])) {\n\t\$_GET[\"call\"] = \$_GET[\"callf\"];\n}\nif (isset(\$_GET[\"function\"])) {\n\t\$_GET[\"procedure\"] = \$_GET[\"function\"];\n}\n", "", $file);
|
||||
}
|
||||
}
|
||||
$file = preg_replace_callback('~\\b(include|require) "([^"]*)";~', 'put_file', $file);
|
||||
$file = preg_replace_callback('~\b(include|require) "([^"]*)";~', 'put_file', $file);
|
||||
$file = str_replace('include "../adminer/include/coverage.inc.php";', '', $file);
|
||||
if ($driver) {
|
||||
$file = preg_replace('(include "../adminer/drivers/(?!' . preg_quote($driver) . '\.).*\\s*)', '', $file);
|
||||
$file = preg_replace('(include "../adminer/drivers/(?!' . preg_quote($driver) . '\.).*\s*)', '', $file);
|
||||
}
|
||||
$file = preg_replace_callback('~\\b(include|require) "([^"]*)";~', 'put_file', $file); // bootstrap.inc.php
|
||||
$file = preg_replace_callback('~\b(include|require) "([^"]*)";~', 'put_file', $file); // bootstrap.inc.php
|
||||
if ($driver) {
|
||||
foreach ($features as $feature) {
|
||||
if (!support($feature)) {
|
||||
|
@ -394,7 +394,7 @@ if ($project == "editor") {
|
|||
$file = preg_replace('~;?../externals/jush/modules/jush[^.]*.js~', '', $file);
|
||||
}
|
||||
$file = preg_replace_callback("~lang\\('((?:[^\\\\']+|\\\\.)*)'([,)])~s", 'lang_ids', $file);
|
||||
$file = preg_replace_callback('~\\b(include|require) "([^"]*\\$LANG.inc.php)";~', 'put_file_lang', $file);
|
||||
$file = preg_replace_callback('~\b(include|require) "([^"]*\$LANG.inc.php)";~', 'put_file_lang', $file);
|
||||
$file = str_replace("\r", "", $file);
|
||||
if ($_SESSION["lang"]) {
|
||||
// single language version
|
||||
|
@ -403,14 +403,14 @@ if ($_SESSION["lang"]) {
|
|||
$file = str_replace('<?php echo $LANG; ?>', $_SESSION["lang"], $file);
|
||||
}
|
||||
$file = str_replace('<?php echo script_src("static/editing.js"); ?>' . "\n", "", $file);
|
||||
$file = preg_replace('~\\s+echo script_src\\("\\.\\./externals/jush/modules/jush-(textarea|txt|js|\\$jush)\\.js"\\);~', '', $file);
|
||||
$file = preg_replace('~\s+echo script_src\("\.\./externals/jush/modules/jush-(textarea|txt|js|\$jush)\.js"\);~', '', $file);
|
||||
$file = str_replace('<link rel="stylesheet" type="text/css" href="../externals/jush/jush.css">' . "\n", "", $file);
|
||||
$file = preg_replace_callback("~compile_file\\('([^']+)'(?:, '([^']*)')?\\)~", 'compile_file', $file); // integrate static files
|
||||
$replace = 'preg_replace("~\\\\\\\\?.*~", "", ME) . "?file=\\1&version=' . $VERSION . ($driver ? '&driver=' . $driver : '') . '"';
|
||||
$file = preg_replace('~\\.\\./adminer/static/(default\\.css|favicon\\.ico)~', '<?php echo h(' . $replace . '); ?>', $file);
|
||||
$file = preg_replace('~"\\.\\./adminer/static/(functions\\.js)"~', $replace, $file);
|
||||
$file = preg_replace('~\\.\\./adminer/static/([^\'"]*)~', '" . h(' . $replace . ') . "', $file);
|
||||
$file = preg_replace('~"\\.\\./externals/jush/modules/(jush\\.js)"~', $replace, $file);
|
||||
$file = preg_replace('~\.\./adminer/static/(default\.css|favicon\.ico)~', '<?php echo h(' . $replace . '); ?>', $file);
|
||||
$file = preg_replace('~"\.\./adminer/static/(functions\.js)"~', $replace, $file);
|
||||
$file = preg_replace('~\.\./adminer/static/([^\'"]*)~', '" . h(' . $replace . ') . "', $file);
|
||||
$file = preg_replace('~"\.\./externals/jush/modules/(jush\.js)"~', $replace, $file);
|
||||
$file = preg_replace("~<\\?php\\s*\\?>\n?|\\?>\n?<\\?php~", '', $file);
|
||||
$file = php_shrink($file);
|
||||
|
||||
|
|
|
@ -213,7 +213,7 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
|
|||
|
||||
function editVal($val, $field) {
|
||||
if (preg_match('~date|timestamp~', $field["type"]) && $val !== null) {
|
||||
return preg_replace('~^(\\d{2}(\\d+))-(0?(\\d+))-(0?(\\d+))~', lang('$1-$3-$5'), $val);
|
||||
return preg_replace('~^(\d{2}(\d+))-(0?(\d+))-(0?(\d+))~', lang('$1-$3-$5'), $val);
|
||||
}
|
||||
return $val;
|
||||
}
|
||||
|
@ -418,7 +418,7 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
|
|||
$field = idf_escape($_POST["email_field"]);
|
||||
$subject = $_POST["email_subject"];
|
||||
$message = $_POST["email_message"];
|
||||
preg_match_all('~\\{\\$([a-z0-9_]+)\\}~i', "$subject.$message", $matches); // allows {$name} in subject or message
|
||||
preg_match_all('~\{\$([a-z0-9_]+)\}~i', "$subject.$message", $matches); // allows {$name} in subject or message
|
||||
$rows = get_rows("SELECT DISTINCT $field" . ($matches[1] ? ", " . implode(", ", array_map('idf_escape', array_unique($matches[1]))) : "") . " FROM " . table($_GET["select"])
|
||||
. " WHERE $field IS NOT NULL AND $field != ''"
|
||||
. ($where ? " AND " . implode(" AND ", $where) : "")
|
||||
|
@ -511,7 +511,7 @@ qsl('div').onclick = whisperClick;", "")
|
|||
return "$function()";
|
||||
}
|
||||
$return = $value;
|
||||
if (preg_match('~date|timestamp~', $field["type"]) && preg_match('(^' . str_replace('\\$1', '(?P<p1>\\d*)', preg_replace('~(\\\\\\$([2-6]))~', '(?P<p\\2>\\d{1,2})', preg_quote(lang('$1-$3-$5')))) . '(.*))', $value, $match)) {
|
||||
if (preg_match('~date|timestamp~', $field["type"]) && preg_match('(^' . str_replace('\$1', '(?P<p1>\d*)', preg_replace('~(\\\\\\$([2-6]))~', '(?P<p\2>\d{1,2})', preg_quote(lang('$1-$3-$5')))) . '(.*))', $value, $match)) {
|
||||
$return = ($match["p1"] != "" ? $match["p1"] : ($match["p2"] != "" ? ($match["p2"] < 70 ? 20 : 19) . $match["p2"] : gmdate("Y"))) . "-$match[p3]$match[p4]-$match[p5]$match[p6]" . end($match);
|
||||
}
|
||||
$return = ($field["type"] == "bit" && preg_match('~^[0-9]+$~', $value) ? $return : q($return));
|
||||
|
|
|
@ -25,7 +25,7 @@ function send_mail($email, $subject, $message, $from = "", $files = array()) {
|
|||
if (!$val) {
|
||||
$attachments .= "--$boundary$eol"
|
||||
. "Content-Type: " . str_replace("\n", "", $files["type"][$key]) . $eol
|
||||
. "Content-Disposition: attachment; filename=\"" . preg_replace('~["\\n]~', '', $files["name"][$key]) . "\"$eol"
|
||||
. "Content-Disposition: attachment; filename=\"" . preg_replace('~["\n]~', '', $files["name"][$key]) . "\"$eol"
|
||||
. "Content-Transfer-Encoding: base64$eol$eol"
|
||||
. chunk_split(base64_encode(file_get_contents($files["tmp_name"][$key])), 76, $eol) . $eol
|
||||
;
|
||||
|
|
|
@ -30,7 +30,7 @@ CREATE PROCEDURE adminer_alter (INOUT alter_command text) BEGIN
|
|||
IF NOT done THEN
|
||||
CASE _table_name";
|
||||
foreach (get_rows($query) as $row) {
|
||||
$comment = q($row["ENGINE"] == "InnoDB" ? preg_replace('~(?:(.+); )?InnoDB free: .*~', '\\1', $row["TABLE_COMMENT"]) : $row["TABLE_COMMENT"]);
|
||||
$comment = q($row["ENGINE"] == "InnoDB" ? preg_replace('~(?:(.+); )?InnoDB free: .*~', '\1', $row["TABLE_COMMENT"]) : $row["TABLE_COMMENT"]);
|
||||
echo "
|
||||
WHEN " . q($row["TABLE_NAME"]) . " THEN
|
||||
" . (isset($row["ENGINE"]) ? "IF _engine != '$row[ENGINE]' OR _table_collation != '$row[TABLE_COLLATION]' OR _table_comment != $comment THEN
|
||||
|
|
|
@ -52,7 +52,7 @@ tinyMCE.init({
|
|||
if (class_exists('DOMDocument')) { // close all opened tags
|
||||
$dom = new DOMDocument;
|
||||
if (@$dom->loadHTML("<meta http-equiv='Content-Type' content='text/html; charset=utf-8'></head>$val")) { // @ - $val can contain errors
|
||||
$val = preg_replace('~.*<body[^>]*>(.*)</body>.*~is', '\\1', $dom->saveHTML());
|
||||
$val = preg_replace('~.*<body[^>]*>(.*)</body>.*~is', '\1', $dom->saveHTML());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -41,7 +41,7 @@ class AdminerWymeditor {
|
|||
if (class_exists('DOMDocument')) { // close all opened tags
|
||||
$dom = new DOMDocument;
|
||||
if (@$dom->loadHTML("<meta http-equiv='Content-Type' content='text/html; charset=utf-8'></head>$val")) { // @ - $val can contain errors
|
||||
$val = preg_replace('~.*<body[^>]*>(.*)</body>.*~is', '\\1', $dom->saveHTML());
|
||||
$val = preg_replace('~.*<body[^>]*>(.*)</body>.*~is', '\1', $dom->saveHTML());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue