beenull/adminerevo
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Use single \ in ' strings

Browse source
This commit is contained in:
Jakub Vrana 2018-02-20 16:27:40 +01:00
parent 2021ea8fd7
commit b4392b3f91
18 changed files with 61 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
adminer/database.inc.php
View file

@ -47,7 +47,7 @@ if ($_POST) {
} elseif ($jush == "sql") { } elseif ($jush == "sql") {
// propose database name with limited privileges // propose database name with limited privileges
foreach (get_vals("SHOW GRANTS") as $grant) { foreach (get_vals("SHOW GRANTS") as $grant) {
if (preg_match('~ ON (`(([^\\\\`]|``|\\\\.)*)%`\\.\\*)?~', $grant, $match) && $match[1]) { if (preg_match('~ ON (`(([^\\\\`]|``|\\\\.)*)%`\.\*)?~', $grant, $match) && $match[1]) {
$name = stripcslashes(idf_unescape("`$match[2]`")); $name = stripcslashes(idf_unescape("`$match[2]`"));
break; break;
} }

10
adminer/drivers/mssql.inc.php
View file

@ -239,7 +239,7 @@ if (isset($_GET["mssql"])) {
var $extension = "PDO_DBLIB"; var $extension = "PDO_DBLIB";
function connect($server, $username, $password) { function connect($server, $username, $password) {
$this->dsn("dblib:charset=utf8;host=" . str_replace(":", ";unix_socket=", preg_replace('~:(\\d)~', ';port=\\1', $server)), $username, $password); $this->dsn("dblib:charset=utf8;host=" . str_replace(":", ";unix_socket=", preg_replace('~:(\d)~', ';port=\1', $server)), $username, $password);
return true; return true;
} }
@ -406,7 +406,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table)
function view($name) { function view($name) {
global $connection; global $connection;
return array("select" => preg_replace('~^(?:[^[]|\\[[^]]*])*\\s+AS\\s+~isU', '', $connection->result("SELECT VIEW_DEFINITION FROM INFORMATION_SCHEMA.VIEWS WHERE TABLE_SCHEMA = SCHEMA_NAME() AND TABLE_NAME = " . q($name)))); return array("select" => preg_replace('~^(?:[^[]|\[[^]]*])*\s+AS\s+~isU', '', $connection->result("SELECT VIEW_DEFINITION FROM INFORMATION_SCHEMA.VIEWS WHERE TABLE_SCHEMA = SCHEMA_NAME() AND TABLE_NAME = " . q($name))));
} }
function collations() { function collations() {
@ -423,7 +423,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table)
function error() { function error() {
global $connection; global $connection;
return nl_br(h(preg_replace('~^(\\[[^]]*])+~m', '', $connection->error))); return nl_br(h(preg_replace('~^(\[[^]]*])+~m', '', $connection->error)));
} }
function create_database($db, $collation) { function create_database($db, $collation) {
@ -454,7 +454,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table)
if (!$val) { if (!$val) {
$alter["DROP"][] = " COLUMN $column"; $alter["DROP"][] = " COLUMN $column";
} else { } else {
$val[1] = preg_replace("~( COLLATE )'(\\w+)'~", "\\1\\2", $val[1]); $val[1] = preg_replace("~( COLLATE )'(\\w+)'~", '\1\2', $val[1]);
if ($field[0] == "") { if ($field[0] == "") {
$alter["ADD"][] = "\n " . implode("", $val) . ($table == "" ? substr($foreign[$val[0]], 16 + strlen($val[0])) : ""); // 16 - strlen(" FOREIGN KEY ()") $alter["ADD"][] = "\n " . implode("", $val) . ($table == "" ? substr($foreign[$val[0]], 16 + strlen($val[0])) : ""); // 16 - strlen(" FOREIGN KEY ()")
} else { } else {
@ -561,7 +561,7 @@ WHERE s.xtype = 'TR' AND s.name = " . q($name)
); // triggers are not schema-scoped ); // triggers are not schema-scoped
$return = reset($rows); $return = reset($rows);
if ($return) { if ($return) {
$return["Statement"] = preg_replace('~^.+\\s+AS\\s+~isU', '', $return["text"]); //! identifiers, comments $return["Statement"] = preg_replace('~^.+\s+AS\s+~isU', '', $return["text"]); //! identifiers, comments
} }
return $return; return $return;
} }

12
adminer/drivers/mysql.inc.php
View file

@ -240,7 +240,7 @@ if (!defined("DRIVER")) {
); );
} }
$this->dsn( $this->dsn(
"mysql:charset=utf8;host=" . str_replace(":", ";unix_socket=", preg_replace('~:(\\d)~', ';port=\\1', $server)), "mysql:charset=utf8;host=" . str_replace(":", ";unix_socket=", preg_replace('~:(\d)~', ';port=\1', $server)),
$username, $username,
$password, $password,
$options $options
@ -484,7 +484,7 @@ if (!defined("DRIVER")) {
) as $row) { ) as $row) {
if ($row["Engine"] == "InnoDB") { if ($row["Engine"] == "InnoDB") {
// ignore internal comment, unnecessary since MySQL 5.1.21 // ignore internal comment, unnecessary since MySQL 5.1.21
$row["Comment"] = preg_replace('~(?:(.+); )?InnoDB free: .*~', '\\1', $row["Comment"]); $row["Comment"] = preg_replace('~(?:(.+); )?InnoDB free: .*~', '\1', $row["Comment"]);
} }
if (!isset($row["Engine"])) { if (!isset($row["Engine"])) {
$row["Comment"] = ""; $row["Comment"] = "";
@ -521,7 +521,7 @@ if (!defined("DRIVER")) {
function fields($table) { function fields($table) {
$return = array(); $return = array();
foreach (get_rows("SHOW FULL COLUMNS FROM " . table($table)) as $row) { foreach (get_rows("SHOW FULL COLUMNS FROM " . table($table)) as $row) {
preg_match('~^([^( ]+)(?:\\((.+)\\))?( unsigned)?( zerofill)?$~', $row["Type"], $match); preg_match('~^([^( ]+)(?:\((.+)\))?( unsigned)?( zerofill)?$~', $row["Type"], $match);
$return[$row["Field"]] = array( $return[$row["Field"]] = array(
"field" => $row["Field"], "field" => $row["Field"],
"full_type" => $row["Type"], "full_type" => $row["Type"],
@ -591,7 +591,7 @@ if (!defined("DRIVER")) {
*/ */
function view($name) { function view($name) {
global $connection; global $connection;
return array("select" => preg_replace('~^(?:[^`]|`[^`]*`)*\\s+AS\\s+~isU', '', $connection->result("SHOW CREATE VIEW " . table($name), 1))); return array("select" => preg_replace('~^(?:[^`]|`[^`]*`)*\s+AS\s+~isU', '', $connection->result("SHOW CREATE VIEW " . table($name), 1)));
} }
/** Get sorted grouped list of collations /** Get sorted grouped list of collations
@ -870,7 +870,7 @@ if (!defined("DRIVER")) {
"field" => $name, "field" => $name,
"type" => strtolower($param[5]), "type" => strtolower($param[5]),
"length" => preg_replace_callback("~$enum_length~s", 'normalize_enum', $param[6]), "length" => preg_replace_callback("~$enum_length~s", 'normalize_enum', $param[6]),
"unsigned" => strtolower(preg_replace('~\\s+~', ' ', trim("$param[8] $param[7]"))), "unsigned" => strtolower(preg_replace('~\s+~', ' ', trim("$param[8] $param[7]"))),
"null" => 1, "null" => 1,
"full_type" => $param[4], "full_type" => $param[4],
"inout" => strtoupper($param[1]), "inout" => strtoupper($param[1]),
@ -976,7 +976,7 @@ if (!defined("DRIVER")) {
global $connection; global $connection;
$return = $connection->result("SHOW CREATE TABLE " . table($table), 1); $return = $connection->result("SHOW CREATE TABLE " . table($table), 1);
if (!$auto_increment) { if (!$auto_increment) {
$return = preg_replace('~ AUTO_INCREMENT=\\d+~', '', $return); //! skip comments $return = preg_replace('~ AUTO_INCREMENT=\d+~', '', $return); //! skip comments
} }
return $return; return $return;
} }

6
adminer/drivers/pgsql.inc.php
View file

@ -358,7 +358,7 @@ ORDER BY a.attnum"
$row["full_type"] = $row["type"] . $length . $addon . $array; $row["full_type"] = $row["type"] . $length . $addon . $array;
} }
$row["null"] = !$row["attnotnull"]; $row["null"] = !$row["attnotnull"];
$row["auto_increment"] = preg_match('~^nextval\\(~i', $row["default"]); $row["auto_increment"] = preg_match('~^nextval\(~i', $row["default"]);
$row["privileges"] = array("insert" => 1, "select" => 1, "update" => 1); $row["privileges"] = array("insert" => 1, "select" => 1, "update" => 1);
if (preg_match('~(.+)::[^)]+(.*)~', $row["default"], $match)) { if (preg_match('~(.+)::[^)]+(.*)~', $row["default"], $match)) {
$row["default"] = ($match[1] == "NULL" ? null : (($match[1][0] == "'" ? idf_unescape($match[1]) : $match[1]) . $match[2])); $row["default"] = ($match[1] == "NULL" ? null : (($match[1][0] == "'" ? idf_unescape($match[1]) : $match[1]) . $match[2]));
@ -434,8 +434,8 @@ WHERE table_schema = current_schema() AND table_name = " . q($name))));
function error() { function error() {
global $connection; global $connection;
$return = h($connection->error); $return = h($connection->error);
if (preg_match('~^(.*\\n)?([^\\n]*)\\n( *)\\^(\\n.*)?$~s', $return, $match)) { if (preg_match('~^(.*\n)?([^\n]*)\n( *)\^(\n.*)?$~s', $return, $match)) {
$return = $match[1] . preg_replace('~((?:[^&]|&[^;]*;){' . strlen($match[3]) . '})(.*)~', '\\1<b>\\2</b>', $match[2]) . $match[4]; $return = $match[1] . preg_replace('~((?:[^&]|&[^;]*;){' . strlen($match[3]) . '})(.*)~', '\1<b>\2</b>', $match[2]) . $match[4];
} }
return nl_br($return); return nl_br($return);
} }

8
adminer/drivers/sqlite.inc.php
View file

@ -152,7 +152,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {
function fetch_field() { function fetch_field() {
$name = $this->_result->fieldName($this->_offset++); $name = $this->_result->fieldName($this->_offset++);
$pattern = '(\\[.*]|"(?:[^"]|"")*"|(.+))'; $pattern = '(\[.*]|"(?:[^"]|"")*"|(.+))';
if (preg_match("~^($pattern\\.)?$pattern\$~", $name, $match)) { if (preg_match("~^($pattern\\.)?$pattern\$~", $name, $match)) {
$table = ($match[3] != "" ? $match[3] : idf_unescape($match[2])); $table = ($match[3] != "" ? $match[3] : idf_unescape($match[2]));
$name = ($match[5] != "" ? $match[5] : idf_unescape($match[4])); $name = ($match[5] != "" ? $match[5] : idf_unescape($match[4]));
@ -402,7 +402,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {
function view($name) { function view($name) {
global $connection; global $connection;
return array("select" => preg_replace('~^(?:[^`"[]+|`[^`]*`|"[^"]*")* AS\\s+~iU', '', $connection->result("SELECT sql FROM sqlite_master WHERE name = " . q($name)))); //! identifiers may be inside [] return array("select" => preg_replace('~^(?:[^`"[]+|`[^`]*`|"[^"]*")* AS\s+~iU', '', $connection->result("SELECT sql FROM sqlite_master WHERE name = " . q($name)))); //! identifiers may be inside []
} }
function collations() { function collations() {
@ -649,7 +649,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {
if ($name == "") { if ($name == "") {
return array("Statement" => "BEGIN\n\t;\nEND"); return array("Statement" => "BEGIN\n\t;\nEND");
} }
$idf = '(?:[^`"\\s]+|`[^`]*`|"[^"]*")+'; $idf = '(?:[^`"\s]+|`[^`]*`|"[^"]*")+';
$trigger_options = trigger_options(); $trigger_options = trigger_options();
preg_match( preg_match(
"~^CREATE\\s+TRIGGER\\s*$idf\\s*(" . implode("|", $trigger_options["Timing"]) . ")\\s+([a-z]+)(?:\\s+OF\\s+($idf))?\\s+ON\\s*$idf\\s*(?:FOR\\s+EACH\\s+ROW\\s)?(.*)~is", "~^CREATE\\s+TRIGGER\\s*$idf\\s*(" . implode("|", $trigger_options["Timing"]) . ")\\s+([a-z]+)(?:\\s+OF\\s+($idf))?\\s+ON\\s*$idf\\s*(?:FOR\\s+EACH\\s+ROW\\s)?(.*)~is",
@ -670,7 +670,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {
$return = array(); $return = array();
$trigger_options = trigger_options(); $trigger_options = trigger_options();
foreach (get_rows("SELECT * FROM sqlite_master WHERE type = 'trigger' AND tbl_name = " . q($table)) as $row) { foreach (get_rows("SELECT * FROM sqlite_master WHERE type = 'trigger' AND tbl_name = " . q($table)) as $row) {
preg_match('~^CREATE\\s+TRIGGER\\s*(?:[^`"\\s]+|`[^`]*`|"[^"]*")+\\s*(' . implode("|", $trigger_options["Timing"]) . ')\\s*(.*)\\s+ON\\b~iU', $row["sql"], $match); preg_match('~^CREATE\s+TRIGGER\s*(?:[^`"\s]+|`[^`]*`|"[^"]*")+\s*(' . implode("|", $trigger_options["Timing"]) . ')\s*(.*)\s+ON\b~iU', $row["sql"], $match);
$return[$row["name"]] = array($match[1], $match[2]); $return[$row["name"]] = array($match[1], $match[2]);
} }
return $return; return $return;

6
adminer/include/adminer.inc.php
View file

@ -575,7 +575,7 @@ class Adminer {
$return = array(); $return = array();
foreach ((array) $_GET["order"] as $key => $val) { foreach ((array) $_GET["order"] as $key => $val) {
if ($val != "") { if ($val != "") {
$return[] = (preg_match('~^((COUNT\\(DISTINCT |[A-Z0-9_]+\\()(`(?:[^`]|``)+`|"(?:[^"]|"")+")\\)|COUNT\\(\\*\\))$~', $val) ? $val : idf_escape($val)) //! MS SQL uses [] $return[] = (preg_match('~^((COUNT\(DISTINCT |[A-Z0-9_]+\()(`(?:[^`]|``)+`|"(?:[^"]|"")+")\)|COUNT\(\*\))$~', $val) ? $val : idf_escape($val)) //! MS SQL uses []
. (isset($_GET["desc"][$key]) ? " DESC" : "") . (isset($_GET["desc"][$key]) ? " DESC" : "")
; ;
} }
@ -718,7 +718,7 @@ class Adminer {
$return = "$function()"; $return = "$function()";
} elseif (preg_match('~^current_(date|timestamp)$~', $function)) { } elseif (preg_match('~^current_(date|timestamp)$~', $function)) {
$return = $function; $return = $function;
} elseif (preg_match('~^([+-]|\\|\\|)$~', $function)) { } elseif (preg_match('~^([+-]|\|\|)$~', $function)) {
$return = idf_escape($name) . " $function $return"; $return = idf_escape($name) . " $function $return";
} elseif (preg_match('~^[+-] interval$~', $function)) { } elseif (preg_match('~^[+-] interval$~', $function)) {
$return = idf_escape($name) . " $function " . (preg_match("~^(\\d+|'[0-9.: -]') [A-Z_]+\$~i", $value) ? $value : $return); $return = idf_escape($name) . " $function " . (preg_match("~^(\\d+|'[0-9.: -]') [A-Z_]+\$~i", $value) ? $value : $return);
@ -962,7 +962,7 @@ class Adminer {
} }
$server_info = $connection->server_info; $server_info = $connection->server_info;
?> ?>
bodyLoad('<?php echo (is_object($connection) ? preg_replace('~^(\\d\\.?\\d).*~s', '\\1', $server_info) : ""); ?>'<?php echo (preg_match('~MariaDB~', $server_info) ? ", true" : ""); ?>); bodyLoad('<?php echo (is_object($connection) ? preg_replace('~^(\d\.?\d).*~s', '\1', $server_info) : ""); ?>'<?php echo (preg_match('~MariaDB~', $server_info) ? ", true" : ""); ?>);
</script> </script>
<?php <?php
} }

4
adminer/include/bootstrap.inc.php
View file

@ -50,7 +50,7 @@ $HTTPS = $_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off");
if (!defined("SID")) { if (!defined("SID")) {
session_cache_limiter(""); // to allow restarting session session_cache_limiter(""); // to allow restarting session
session_name("adminer_sid"); // use specific session name to get own namespace session_name("adminer_sid"); // use specific session name to get own namespace
$params = array(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", $HTTPS); $params = array(0, preg_replace('~\?.*~', '', $_SERVER["REQUEST_URI"]), "", $HTTPS);
if (version_compare(PHP_VERSION, '5.2.0') >= 0) { if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
$params[] = true; // HttpOnly $params[] = true; // HttpOnly
} }
@ -83,7 +83,7 @@ include "../adminer/drivers/mysql.inc.php"; // must be included as last driver
define("SERVER", $_GET[DRIVER]); // read from pgsql=localhost define("SERVER", $_GET[DRIVER]); // read from pgsql=localhost
define("DB", $_GET["db"]); // for the sake of speed and size define("DB", $_GET["db"]); // for the sake of speed and size
define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?' define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\1', $_SERVER["REQUEST_URI"]) . '?'
. (sid() ? SID . '&' : '') . (sid() ? SID . '&' : '')
. (SERVER !== null ? DRIVER . "=" . urlencode(SERVER) . '&' : '') . (SERVER !== null ? DRIVER . "=" . urlencode(SERVER) . '&' : '')
. (isset($_GET["username"]) ? "username=" . urlencode($_GET["username"]) . '&' : '') . (isset($_GET["username"]) ? "username=" . urlencode($_GET["username"]) . '&' : '')

6
adminer/include/editing.inc.php
View file

@ -358,7 +358,7 @@ function grant($grant, $privileges, $columns, $on) {
: queries("$grant ALL PRIVILEGES$on") && queries("$grant GRANT OPTION$on") : queries("$grant ALL PRIVILEGES$on") && queries("$grant GRANT OPTION$on")
); );
} }
return queries("$grant " . preg_replace('~(GRANT OPTION)\\([^)]*\\)~', '\\1', implode("$columns, ", $privileges) . $columns) . $on); return queries("$grant " . preg_replace('~(GRANT OPTION)\([^)]*\)~', '\1', implode("$columns, ", $privileges) . $columns) . $on);
} }
/** Drop old object and create a new one /** Drop old object and create a new one
@ -441,7 +441,7 @@ function create_routine($routine, $row) {
* @return string * @return string
*/ */
function remove_definer($query) { function remove_definer($query) {
return preg_replace('~^([A-Z =]+) DEFINER=`' . preg_replace('~@(.*)~', '`@`(%|\\1)', logged_user()) . '`~', '\\1', $query); //! proper escaping of user return preg_replace('~^([A-Z =]+) DEFINER=`' . preg_replace('~@(.*)~', '`@`(%|\1)', logged_user()) . '`~', '\1', $query); //! proper escaping of user
} }
/** Format foreign key to use in SQL query /** Format foreign key to use in SQL query
@ -497,7 +497,7 @@ function ini_bytes($ini) {
function doc_link($paths, $text = "<sup>?</sup>") { function doc_link($paths, $text = "<sup>?</sup>") {
global $jush, $connection; global $jush, $connection;
$server_info = $connection->server_info; $server_info = $connection->server_info;
$version = preg_replace('~^(\\d\\.?\\d).*~s', '\\1', $server_info); // two most significant digits $version = preg_replace('~^(\d\.?\d).*~s', '\1', $server_info); // two most significant digits
$urls = array( $urls = array(
'sql' => "https://dev.mysql.com/doc/refman/$version/en/", 'sql' => "https://dev.mysql.com/doc/refman/$version/en/",
'sqlite' => "https://www.sqlite.org/", 'sqlite' => "https://www.sqlite.org/",

12
adminer/include/functions.inc.php
View file

@ -482,7 +482,7 @@ function where($where, $fields = array()) {
$key = bracket_escape($key, 1); // 1 - back $key = bracket_escape($key, 1); // 1 - back
$column = escape_key($key); $column = escape_key($key);
$return[] = $column $return[] = $column
. ($jush == "sql" && preg_match('~^[0-9]*\\.[0-9]*$~', $val) ? " LIKE " . q(addcslashes($val, "%_\\")) . ($jush == "sql" && preg_match('~^[0-9]*\.[0-9]*$~', $val) ? " LIKE " . q(addcslashes($val, "%_\\"))
: ($jush == "mssql" ? " LIKE " . q(preg_replace('~[_%[]~', '[\0]', $val)) : ($jush == "mssql" ? " LIKE " . q(preg_replace('~[_%[]~', '[\0]', $val))
: " = " . unconvert_field($fields[$key], q($val)) : " = " . unconvert_field($fields[$key], q($val))
)) // LIKE because of floats but slow with ints, in MS SQL because of text )) // LIKE because of floats but slow with ints, in MS SQL because of text
@ -549,7 +549,7 @@ function cookie($name, $value, $lifetime = 2592000) { // 2592000 - 30 days
global $HTTPS; global $HTTPS;
return header("Set-Cookie: $name=" . urlencode($value) return header("Set-Cookie: $name=" . urlencode($value)
. ($lifetime ? "; expires=" . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT" : "") . ($lifetime ? "; expires=" . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT" : "")
. "; path=" . preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]) . "; path=" . preg_replace('~\?.*~', '', $_SERVER["REQUEST_URI"])
. ($HTTPS ? "; secure" : "") . ($HTTPS ? "; secure" : "")
. "; HttpOnly; SameSite=lax", . "; HttpOnly; SameSite=lax",
false); false);
@ -599,7 +599,7 @@ function set_session($key, $val) {
*/ */
function auth_url($vendor, $server, $username, $db = null) { function auth_url($vendor, $server, $username, $db = null) {
global $drivers; global $drivers;
preg_match('~([^?]*)\\??(.*)~', remove_from_uri(implode("|", array_keys($drivers)) . "|username|" . ($db !== null ? "db|" : "") . session_name()), $match); preg_match('~([^?]*)\??(.*)~', remove_from_uri(implode("|", array_keys($drivers)) . "|username|" . ($db !== null ? "db|" : "") . session_name()), $match);
return "$match[1]?" return "$match[1]?"
. (sid() ? SID . "&" : "") . (sid() ? SID . "&" : "")
. ($vendor != "server" || $server != "" ? urlencode($vendor) . "=" . urlencode($server) . "&" : "") . ($vendor != "server" || $server != "" ? urlencode($vendor) . "=" . urlencode($server) . "&" : "")
@ -759,7 +759,7 @@ function get_file($key, $decompress = false) {
} }
$name = $file["name"][$key]; $name = $file["name"][$key];
$tmp_name = $file["tmp_name"][$key]; $tmp_name = $file["tmp_name"][$key];
$content = file_get_contents($decompress && preg_match('~\\.gz$~', $name) $content = file_get_contents($decompress && preg_match('~\.gz$~', $name)
? "compress.zlib://$tmp_name" ? "compress.zlib://$tmp_name"
: $tmp_name : $tmp_name
); //! may not be reachable because of open_basedir ); //! may not be reachable because of open_basedir
@ -804,7 +804,7 @@ function repeat_pattern($pattern, $length) {
*/ */
function is_utf8($val) { function is_utf8($val) {
// don't print control chars except \t\r\n // don't print control chars except \t\r\n
return (preg_match('~~u', $val) && !preg_match('~[\\0-\\x8\\xB\\xC\\xE-\\x1F]~', $val)); return (preg_match('~~u', $val) && !preg_match('~[\0-\x8\xB\xC\xE-\x1F]~', $val));
} }
/** Shorten UTF-8 string /** Shorten UTF-8 string
@ -974,7 +974,7 @@ function input($field, $value, $function) {
echo "<textarea$attrs cols='50' rows='12' class='jush-js'>" . h($value) . '</textarea>'; echo "<textarea$attrs cols='50' rows='12' class='jush-js'>" . h($value) . '</textarea>';
} else { } else {
// int(3) is only a display hint // int(3) is only a display hint
$maxlength = (!preg_match('~int~', $field["type"]) && preg_match('~^(\\d+)(,(\\d+))?$~', $field["length"], $match) ? ((preg_match("~binary~", $field["type"]) ? 2 : 1) * $match[1] + ($match[3] ? 1 : 0) + ($match[2] && !$field["unsigned"] ? 1 : 0)) : ($types[$field["type"]] ? $types[$field["type"]] + ($field["unsigned"] ? 0 : 1) : 0)); $maxlength = (!preg_match('~int~', $field["type"]) && preg_match('~^(\d+)(,(\d+))?$~', $field["length"], $match) ? ((preg_match("~binary~", $field["type"]) ? 2 : 1) * $match[1] + ($match[3] ? 1 : 0) + ($match[2] && !$field["unsigned"] ? 1 : 0)) : ($types[$field["type"]] ? $types[$field["type"]] + ($field["unsigned"] ? 0 : 1) : 0));
if ($jush == 'sql' && min_version(5.6) && preg_match('~time~', $field["type"])) { if ($jush == 'sql' && min_version(5.6) && preg_match('~time~', $field["type"])) {
$maxlength += 7; // microtime $maxlength += 7; // microtime
} }

8
adminer/select.inc.php
View file

@ -184,7 +184,7 @@ if ($_POST && !$error) {
cookie("adminer_import", "output=" . urlencode($adminer_import["output"]) . "&format=" . urlencode($_POST["separator"])); cookie("adminer_import", "output=" . urlencode($adminer_import["output"]) . "&format=" . urlencode($_POST["separator"]));
$result = true; $result = true;
$cols = array_keys($fields); $cols = array_keys($fields);
preg_match_all('~(?>"[^"]*"|[^"\\r\\n]+)+~', $file, $matches); preg_match_all('~(?>"[^"]*"|[^"\r\n]+)+~', $file, $matches);
$affected = count($matches[0]); $affected = count($matches[0]);
$driver->begin(); $driver->begin();
$separator = ($_POST["separator"] == "csv" ? "," : ($_POST["separator"] == "tsv" ? "\t" : ";")); $separator = ($_POST["separator"] == "csv" ? "," : ($_POST["separator"] == "tsv" ? "\t" : ";"));
@ -369,7 +369,7 @@ if (!$columns && support("table")) {
if (!$unique_array) { if (!$unique_array) {
$unique_array = array(); $unique_array = array();
foreach ($rows[$n] as $key => $val) { foreach ($rows[$n] as $key => $val) {
if (!preg_match('~^(COUNT\\((\\*|(DISTINCT )?`(?:[^`]|``)+`)\\)|(AVG|GROUP_CONCAT|MAX|MIN|SUM)\\(`(?:[^`]|``)+`\\))$~', $key)) { //! columns looking like functions if (!preg_match('~^(COUNT\((\*|(DISTINCT )?`(?:[^`]|``)+`)\)|(AVG|GROUP_CONCAT|MAX|MIN|SUM)\(`(?:[^`]|``)+`\))$~', $key)) { //! columns looking like functions
$unique_array[$key] = $val; $unique_array[$key] = $val;
} }
} }
@ -407,9 +407,9 @@ if (!$columns && support("table")) {
foreach ($foreign_key["source"] as $i => $source) { foreach ($foreign_key["source"] as $i => $source) {
$link .= where_link($i, $foreign_key["target"][$i], $rows[$n][$source]); $link .= where_link($i, $foreign_key["target"][$i], $rows[$n][$source]);
} }
$link = ($foreign_key["db"] != "" ? preg_replace('~([?&]db=)[^&]+~', '\\1' . urlencode($foreign_key["db"]), ME) : ME) . 'select=' . urlencode($foreign_key["table"]) . $link; // InnoDB supports non-UNIQUE keys $link = ($foreign_key["db"] != "" ? preg_replace('~([?&]db=)[^&]+~', '\1' . urlencode($foreign_key["db"]), ME) : ME) . 'select=' . urlencode($foreign_key["table"]) . $link; // InnoDB supports non-UNIQUE keys
if ($foreign_key["ns"]) { if ($foreign_key["ns"]) {
$link = preg_replace('~([?&]ns=)[^&]+~', '\\1' . urlencode($foreign_key["ns"]), $link); $link = preg_replace('~([?&]ns=)[^&]+~', '\1' . urlencode($foreign_key["ns"]), $link);
} }
if (count($foreign_key["source"]) == 1) { if (count($foreign_key["source"]) == 1) {
break; break;

4
adminer/sql.inc.php
View file

@ -56,7 +56,7 @@ if (!$error && $_POST) {
} }
$commands = 0; $commands = 0;
$errors = array(); $errors = array();
$parse = '[\'"' . ($jush == "sql" ? '`#' : ($jush == "sqlite" ? '`[' : ($jush == "mssql" ? '[' : ''))) . ']|/\\*|-- |$' . ($jush == "pgsql" ? '|\\$[^$]*\\$' : ''); $parse = '[\'"' . ($jush == "sql" ? '`#' : ($jush == "sqlite" ? '`[' : ($jush == "mssql" ? '[' : ''))) . ']|/\*|-- |$' . ($jush == "pgsql" ? '|\$[^$]*\$' : '');
$total_start = microtime(true); $total_start = microtime(true);
parse_str($_COOKIE["adminer_export"], $adminer_export); parse_str($_COOKIE["adminer_export"], $adminer_export);
$dump_format = $adminer->dumpFormat(); $dump_format = $adminer->dumpFormat();
@ -78,7 +78,7 @@ if (!$error && $_POST) {
$offset = $pos + strlen($found); $offset = $pos + strlen($found);
if ($found && rtrim($found) != $delimiter) { // find matching quote or comment end if ($found && rtrim($found) != $delimiter) { // find matching quote or comment end
while (preg_match('(' . ($found == '/*' ? '\\*/' : ($found == '[' ? ']' : (preg_match('~^-- |^#~', $found) ? "\n" : preg_quote($found) . "|\\\\."))) . '|$)s', $query, $match, PREG_OFFSET_CAPTURE, $offset)) { //! respect sql_mode NO_BACKSLASH_ESCAPES while (preg_match('(' . ($found == '/*' ? '\*/' : ($found == '[' ? ']' : (preg_match('~^-- |^#~', $found) ? "\n" : preg_quote($found) . "|\\\\."))) . '|$)s', $query, $match, PREG_OFFSET_CAPTURE, $offset)) { //! respect sql_mode NO_BACKSLASH_ESCAPES
$s = $match[0][0]; $s = $match[0][0];
if (!$s && $fp && !feof($fp)) { if (!$s && $fp && !feof($fp)) {
$query .= fread($fp, 1e5); $query .= fread($fp, 1e5);

6
adminer/user.inc.php
View file

@ -29,7 +29,7 @@ $old_pass = "";
if (isset($_GET["host"]) && ($result = $connection->query("SHOW GRANTS FOR " . q($USER) . "@" . q($_GET["host"])))) { //! use information_schema for MySQL 5 - column names in column privileges are not escaped if (isset($_GET["host"]) && ($result = $connection->query("SHOW GRANTS FOR " . q($USER) . "@" . q($_GET["host"])))) { //! use information_schema for MySQL 5 - column names in column privileges are not escaped
while ($row = $result->fetch_row()) { while ($row = $result->fetch_row()) {
if (preg_match('~GRANT (.*) ON (.*) TO ~', $row[0], $match) && preg_match_all('~ *([^(,]*[^ ,(])( *\\([^)]+\\))?~', $match[1], $matches, PREG_SET_ORDER)) { //! escape the part between ON and TO if (preg_match('~GRANT (.*) ON (.*) TO ~', $row[0], $match) && preg_match_all('~ *([^(,]*[^ ,(])( *\([^)]+\))?~', $match[1], $matches, PREG_SET_ORDER)) { //! escape the part between ON and TO
foreach ($matches as $val) { foreach ($matches as $val) {
if ($val[1] != "USAGE") { if ($val[1] != "USAGE") {
$grants["$match[2]$val[2]"][$val[1]] = true; $grants["$match[2]$val[2]"][$val[1]] = true;
@ -84,7 +84,7 @@ if ($_POST && !$error) {
$grant = array_diff($grant, $old_grant); $grant = array_diff($grant, $old_grant);
unset($grants[$object]); unset($grants[$object]);
} }
if (preg_match('~^(.+)\\s*(\\(.*\\))?$~U', $object, $match) && ( if (preg_match('~^(.+)\s*(\(.*\))?$~U', $object, $match) && (
!grant("REVOKE", $revoke, $match[2], " ON $match[1] FROM $new_user") //! SQL injection !grant("REVOKE", $revoke, $match[2], " ON $match[1] FROM $new_user") //! SQL injection
|| !grant("GRANT", $grant, $match[2], " ON $match[1] TO $new_user") || !grant("GRANT", $grant, $match[2], " ON $match[1] TO $new_user")
)) { )) {
@ -99,7 +99,7 @@ if ($_POST && !$error) {
queries("DROP USER $old_user"); queries("DROP USER $old_user");
} elseif (!isset($_GET["grant"])) { } elseif (!isset($_GET["grant"])) {
foreach ($grants as $object => $revoke) { foreach ($grants as $object => $revoke) {
if (preg_match('~^(.+)(\\(.*\\))?$~U', $object, $match)) { if (preg_match('~^(.+)(\(.*\))?$~U', $object, $match)) {
grant("REVOKE", array_keys($revoke), $match[2], " ON $match[1] FROM $new_user"); grant("REVOKE", array_keys($revoke), $match[2], " ON $match[1] FROM $new_user");
} }
} }

24
compile.php
View file

@ -57,7 +57,7 @@ function put_file($match) {
} }
$tokens = token_get_all($return); // to find out the last token $tokens = token_get_all($return); // to find out the last token
return "?>\n$return" . (in_array($tokens[count($tokens) - 1][0], array(T_CLOSE_TAG, T_INLINE_HTML), true) ? "<?php" : ""); return "?>\n$return" . (in_array($tokens[count($tokens) - 1][0], array(T_CLOSE_TAG, T_INLINE_HTML), true) ? "<?php" : "");
} elseif (preg_match('~\\s*(\\$pos = (.+\n).+;)~sU', $return, $match2)) { } elseif (preg_match('~\s*(\$pos = (.+\n).+;)~sU', $return, $match2)) {
// single language lang() is used for plural // single language lang() is used for plural
return "function get_lang() { return "function get_lang() {
return '$_SESSION[lang]'; return '$_SESSION[lang]';
@ -275,7 +275,7 @@ function php_shrink($input) {
} }
function minify_css($file) { function minify_css($file) {
return lzw_compress(preg_replace('~\\s*([:;{},])\\s*~', '\\1', preg_replace('~/\\*.*\\*/~sU', '', $file))); return lzw_compress(preg_replace('~\s*([:;{},])\s*~', '\1', preg_replace('~/\*.*\*/~sU', '', $file)));
} }
function minify_js($file) { function minify_js($file) {
@ -337,7 +337,7 @@ if ($_SERVER["argv"][1]) {
// check function definition in drivers // check function definition in drivers
$file = file_get_contents(dirname(__FILE__) . "/adminer/drivers/mysql.inc.php"); $file = file_get_contents(dirname(__FILE__) . "/adminer/drivers/mysql.inc.php");
$file = preg_replace('~class Min_Driver.*\n\t}~sU', '', $file); $file = preg_replace('~class Min_Driver.*\n\t}~sU', '', $file);
preg_match_all('~\\bfunction ([^(]+)~', $file, $matches); //! respect context (extension, class) preg_match_all('~\bfunction ([^(]+)~', $file, $matches); //! respect context (extension, class)
$functions = array_combine($matches[1], $matches[0]); $functions = array_combine($matches[1], $matches[0]);
//! do not warn about functions without declared support() //! do not warn about functions without declared support()
unset($functions["__construct"], $functions["__destruct"], $functions["set_charset"]); unset($functions["__construct"], $functions["__destruct"], $functions["set_charset"]);
@ -372,12 +372,12 @@ if ($driver) {
$file = str_replace("if (isset(\$_GET[\"callf\"])) {\n\t\$_GET[\"call\"] = \$_GET[\"callf\"];\n}\nif (isset(\$_GET[\"function\"])) {\n\t\$_GET[\"procedure\"] = \$_GET[\"function\"];\n}\n", "", $file); $file = str_replace("if (isset(\$_GET[\"callf\"])) {\n\t\$_GET[\"call\"] = \$_GET[\"callf\"];\n}\nif (isset(\$_GET[\"function\"])) {\n\t\$_GET[\"procedure\"] = \$_GET[\"function\"];\n}\n", "", $file);
} }
} }
$file = preg_replace_callback('~\\b(include|require) "([^"]*)";~', 'put_file', $file); $file = preg_replace_callback('~\b(include|require) "([^"]*)";~', 'put_file', $file);
$file = str_replace('include "../adminer/include/coverage.inc.php";', '', $file); $file = str_replace('include "../adminer/include/coverage.inc.php";', '', $file);
if ($driver) { if ($driver) {
$file = preg_replace('(include "../adminer/drivers/(?!' . preg_quote($driver) . '\.).*\\s*)', '', $file); $file = preg_replace('(include "../adminer/drivers/(?!' . preg_quote($driver) . '\.).*\s*)', '', $file);
} }
$file = preg_replace_callback('~\\b(include|require) "([^"]*)";~', 'put_file', $file); // bootstrap.inc.php $file = preg_replace_callback('~\b(include|require) "([^"]*)";~', 'put_file', $file); // bootstrap.inc.php
if ($driver) { if ($driver) {
foreach ($features as $feature) { foreach ($features as $feature) {
if (!support($feature)) { if (!support($feature)) {
@ -394,7 +394,7 @@ if ($project == "editor") {
$file = preg_replace('~;?../externals/jush/modules/jush[^.]*.js~', '', $file); $file = preg_replace('~;?../externals/jush/modules/jush[^.]*.js~', '', $file);
} }
$file = preg_replace_callback("~lang\\('((?:[^\\\\']+|\\\\.)*)'([,)])~s", 'lang_ids', $file); $file = preg_replace_callback("~lang\\('((?:[^\\\\']+|\\\\.)*)'([,)])~s", 'lang_ids', $file);
$file = preg_replace_callback('~\\b(include|require) "([^"]*\\$LANG.inc.php)";~', 'put_file_lang', $file); $file = preg_replace_callback('~\b(include|require) "([^"]*\$LANG.inc.php)";~', 'put_file_lang', $file);
$file = str_replace("\r", "", $file); $file = str_replace("\r", "", $file);
if ($_SESSION["lang"]) { if ($_SESSION["lang"]) {
// single language version // single language version
@ -403,14 +403,14 @@ if ($_SESSION["lang"]) {
$file = str_replace('<?php echo $LANG; ?>', $_SESSION["lang"], $file); $file = str_replace('<?php echo $LANG; ?>', $_SESSION["lang"], $file);
} }
$file = str_replace('<?php echo script_src("static/editing.js"); ?>' . "\n", "", $file); $file = str_replace('<?php echo script_src("static/editing.js"); ?>' . "\n", "", $file);
$file = preg_replace('~\\s+echo script_src\\("\\.\\./externals/jush/modules/jush-(textarea|txt|js|\\$jush)\\.js"\\);~', '', $file); $file = preg_replace('~\s+echo script_src\("\.\./externals/jush/modules/jush-(textarea|txt|js|\$jush)\.js"\);~', '', $file);
$file = str_replace('<link rel="stylesheet" type="text/css" href="../externals/jush/jush.css">' . "\n", "", $file); $file = str_replace('<link rel="stylesheet" type="text/css" href="../externals/jush/jush.css">' . "\n", "", $file);
$file = preg_replace_callback("~compile_file\\('([^']+)'(?:, '([^']*)')?\\)~", 'compile_file', $file); // integrate static files $file = preg_replace_callback("~compile_file\\('([^']+)'(?:, '([^']*)')?\\)~", 'compile_file', $file); // integrate static files
$replace = 'preg_replace("~\\\\\\\\?.*~", "", ME) . "?file=\\1&version=' . $VERSION . ($driver ? '&driver=' . $driver : '') . '"'; $replace = 'preg_replace("~\\\\\\\\?.*~", "", ME) . "?file=\\1&version=' . $VERSION . ($driver ? '&driver=' . $driver : '') . '"';
$file = preg_replace('~\\.\\./adminer/static/(default\\.css|favicon\\.ico)~', '<?php echo h(' . $replace . '); ?>', $file); $file = preg_replace('~\.\./adminer/static/(default\.css|favicon\.ico)~', '<?php echo h(' . $replace . '); ?>', $file);
$file = preg_replace('~"\\.\\./adminer/static/(functions\\.js)"~', $replace, $file); $file = preg_replace('~"\.\./adminer/static/(functions\.js)"~', $replace, $file);
$file = preg_replace('~\\.\\./adminer/static/([^\'"]*)~', '" . h(' . $replace . ') . "', $file); $file = preg_replace('~\.\./adminer/static/([^\'"]*)~', '" . h(' . $replace . ') . "', $file);
$file = preg_replace('~"\\.\\./externals/jush/modules/(jush\\.js)"~', $replace, $file); $file = preg_replace('~"\.\./externals/jush/modules/(jush\.js)"~', $replace, $file);
$file = preg_replace("~<\\?php\\s*\\?>\n?|\\?>\n?<\\?php~", '', $file); $file = preg_replace("~<\\?php\\s*\\?>\n?|\\?>\n?<\\?php~", '', $file);
$file = php_shrink($file); $file = php_shrink($file);

6
editor/include/adminer.inc.php
View file

@ -213,7 +213,7 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
function editVal($val, $field) { function editVal($val, $field) {
if (preg_match('~date|timestamp~', $field["type"]) && $val !== null) { if (preg_match('~date|timestamp~', $field["type"]) && $val !== null) {
return preg_replace('~^(\\d{2}(\\d+))-(0?(\\d+))-(0?(\\d+))~', lang('$1-$3-$5'), $val); return preg_replace('~^(\d{2}(\d+))-(0?(\d+))-(0?(\d+))~', lang('$1-$3-$5'), $val);
} }
return $val; return $val;
} }
@ -418,7 +418,7 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
$field = idf_escape($_POST["email_field"]); $field = idf_escape($_POST["email_field"]);
$subject = $_POST["email_subject"]; $subject = $_POST["email_subject"];
$message = $_POST["email_message"]; $message = $_POST["email_message"];
preg_match_all('~\\{\\$([a-z0-9_]+)\\}~i', "$subject.$message", $matches); // allows {$name} in subject or message preg_match_all('~\{\$([a-z0-9_]+)\}~i', "$subject.$message", $matches); // allows {$name} in subject or message
$rows = get_rows("SELECT DISTINCT $field" . ($matches[1] ? ", " . implode(", ", array_map('idf_escape', array_unique($matches[1]))) : "") . " FROM " . table($_GET["select"]) $rows = get_rows("SELECT DISTINCT $field" . ($matches[1] ? ", " . implode(", ", array_map('idf_escape', array_unique($matches[1]))) : "") . " FROM " . table($_GET["select"])
. " WHERE $field IS NOT NULL AND $field != ''" . " WHERE $field IS NOT NULL AND $field != ''"
. ($where ? " AND " . implode(" AND ", $where) : "") . ($where ? " AND " . implode(" AND ", $where) : "")
@ -511,7 +511,7 @@ qsl('div').onclick = whisperClick;", "")
return "$function()"; return "$function()";
} }
$return = $value; $return = $value;
if (preg_match('~date|timestamp~', $field["type"]) && preg_match('(^' . str_replace('\\$1', '(?P<p1>\\d*)', preg_replace('~(\\\\\\$([2-6]))~', '(?P<p\\2>\\d{1,2})', preg_quote(lang('$1-$3-$5')))) . '(.*))', $value, $match)) { if (preg_match('~date|timestamp~', $field["type"]) && preg_match('(^' . str_replace('\$1', '(?P<p1>\d*)', preg_replace('~(\\\\\\$([2-6]))~', '(?P<p\2>\d{1,2})', preg_quote(lang('$1-$3-$5')))) . '(.*))', $value, $match)) {
$return = ($match["p1"] != "" ? $match["p1"] : ($match["p2"] != "" ? ($match["p2"] < 70 ? 20 : 19) . $match["p2"] : gmdate("Y"))) . "-$match[p3]$match[p4]-$match[p5]$match[p6]" . end($match); $return = ($match["p1"] != "" ? $match["p1"] : ($match["p2"] != "" ? ($match["p2"] < 70 ? 20 : 19) . $match["p2"] : gmdate("Y"))) . "-$match[p3]$match[p4]-$match[p5]$match[p6]" . end($match);
} }
$return = ($field["type"] == "bit" && preg_match('~^[0-9]+$~', $value) ? $return : q($return)); $return = ($field["type"] == "bit" && preg_match('~^[0-9]+$~', $value) ? $return : q($return));

2
editor/include/editing.inc.php
View file

@ -25,7 +25,7 @@ function send_mail($email, $subject, $message, $from = "", $files = array()) {
if (!$val) { if (!$val) {
$attachments .= "--$boundary$eol" $attachments .= "--$boundary$eol"
. "Content-Type: " . str_replace("\n", "", $files["type"][$key]) . $eol . "Content-Type: " . str_replace("\n", "", $files["type"][$key]) . $eol
. "Content-Disposition: attachment; filename=\"" . preg_replace('~["\\n]~', '', $files["name"][$key]) . "\"$eol" . "Content-Disposition: attachment; filename=\"" . preg_replace('~["\n]~', '', $files["name"][$key]) . "\"$eol"
. "Content-Transfer-Encoding: base64$eol$eol" . "Content-Transfer-Encoding: base64$eol$eol"
. chunk_split(base64_encode(file_get_contents($files["tmp_name"][$key])), 76, $eol) . $eol . chunk_split(base64_encode(file_get_contents($files["tmp_name"][$key])), 76, $eol) . $eol
; ;

2
plugins/dump-alter.php
View file

@ -30,7 +30,7 @@ CREATE PROCEDURE adminer_alter (INOUT alter_command text) BEGIN
IF NOT done THEN IF NOT done THEN
CASE _table_name"; CASE _table_name";
foreach (get_rows($query) as $row) { foreach (get_rows($query) as $row) {
$comment = q($row["ENGINE"] == "InnoDB" ? preg_replace('~(?:(.+); )?InnoDB free: .*~', '\\1', $row["TABLE_COMMENT"]) : $row["TABLE_COMMENT"]); $comment = q($row["ENGINE"] == "InnoDB" ? preg_replace('~(?:(.+); )?InnoDB free: .*~', '\1', $row["TABLE_COMMENT"]) : $row["TABLE_COMMENT"]);
echo " echo "
WHEN " . q($row["TABLE_NAME"]) . " THEN WHEN " . q($row["TABLE_NAME"]) . " THEN
" . (isset($row["ENGINE"]) ? "IF _engine != '$row[ENGINE]' OR _table_collation != '$row[TABLE_COLLATION]' OR _table_comment != $comment THEN " . (isset($row["ENGINE"]) ? "IF _engine != '$row[ENGINE]' OR _table_collation != '$row[TABLE_COLLATION]' OR _table_comment != $comment THEN

2
plugins/tinymce.php
View file

@ -52,7 +52,7 @@ tinyMCE.init({
if (class_exists('DOMDocument')) { // close all opened tags if (class_exists('DOMDocument')) { // close all opened tags
$dom = new DOMDocument; $dom = new DOMDocument;
if (@$dom->loadHTML("<meta http-equiv='Content-Type' content='text/html; charset=utf-8'></head>$val")) { // @ - $val can contain errors if (@$dom->loadHTML("<meta http-equiv='Content-Type' content='text/html; charset=utf-8'></head>$val")) { // @ - $val can contain errors
$val = preg_replace('~.*<body[^>]*>(.*)</body>.*~is', '\\1', $dom->saveHTML()); $val = preg_replace('~.*<body[^>]*>(.*)</body>.*~is', '\1', $dom->saveHTML());
} }
} }
} }

2
plugins/wymeditor.php
View file

@ -41,7 +41,7 @@ class AdminerWymeditor {
if (class_exists('DOMDocument')) { // close all opened tags if (class_exists('DOMDocument')) { // close all opened tags
$dom = new DOMDocument; $dom = new DOMDocument;
if (@$dom->loadHTML("<meta http-equiv='Content-Type' content='text/html; charset=utf-8'></head>$val")) { // @ - $val can contain errors if (@$dom->loadHTML("<meta http-equiv='Content-Type' content='text/html; charset=utf-8'></head>$val")) { // @ - $val can contain errors
$val = preg_replace('~.*<body[^>]*>(.*)</body>.*~is', '\\1', $dom->saveHTML()); $val = preg_replace('~.*<body[^>]*>(.*)</body>.*~is', '\1', $dom->saveHTML());
} }
} }
} }