From d06a9ada4c2ea1e18afe16a1fe3885b80ee74fb7 Mon Sep 17 00:00:00 2001 From: jakubvrana Date: Thu, 2 Oct 2008 15:23:30 +0000 Subject: [PATCH] Escape delimiter in right place (thanks to Peter R) set_time_limit() and flush() Allow comments before CREATE|DROP DATABASE git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@512 7c3ca157-0c34-0410-bff1-cbf682f78f5c --- sql.inc.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/sql.inc.php b/sql.inc.php index abaea3af..a5d949c7 100644 --- a/sql.inc.php +++ b/sql.inc.php @@ -7,14 +7,16 @@ page_header(lang('SQL command'), $error); if (!$error && $_POST) { if (is_string($query = (isset($_POST["query"]) ? $_POST["query"] : get_file("sql_file")))) { + @set_time_limit(0); $delimiter = ";"; $offset = 0; $empty = true; + $space = "(\\s+|/\\*.*\\*/|(#|-- )[^\n]*\n|--\n)"; while (rtrim($query)) { if (!$offset && preg_match('~^\\s*DELIMITER\\s+(.+)~i', $query, $match)) { - $delimiter = preg_quote($match[1], '~'); + $delimiter = $match[1]; $query = substr($query, strlen($match[0])); - } elseif (preg_match("~$delimiter|['`\"]|/\\*|-- |#|\$~", $query, $match, PREG_OFFSET_CAPTURE, $offset)) { + } elseif (preg_match('(' . preg_quote($delimiter) . '|[\'`"]|/\\*|-- |#|$)', $query, $match, PREG_OFFSET_CAPTURE, $offset)) { if ($match[0][0] && $match[0][0] != $delimiter) { $pattern = ($match[0][0] == "-- " || $match[0][0] == "#" ? '~.*~' : ($match[0][0] == "/*" ? '~.*\\*/~sU' : '~\\G([^\\\\' . $match[0][0] . ']+|\\\\.)*(' . $match[0][0] . '|$)~s')); preg_match($pattern, $query, $match, PREG_OFFSET_CAPTURE, $match[0][1] + 1); @@ -22,6 +24,7 @@ if (!$error && $_POST) { } else { $empty = false; echo "
" . htmlspecialchars(substr($query, 0, $match[0][1])) . "
\n"; + flush(); //! don't allow changing of character_set_results, convert encoding of displayed query if (!$mysql->multi_query(substr($query, 0, $match[0][1]))) { echo "

" . lang('Error in query') . ": " . htmlspecialchars($mysql->error) . "

\n"; @@ -31,7 +34,7 @@ if (!$error && $_POST) { if (is_object($result)) { select($result); } else { - if (preg_match("~^\\s*(CREATE|DROP)(\\s+|/\\*.*\\*/|(#|-- )[^\n]*\n)+(DATABASE|SCHEMA)\\b~isU", $query)) { + if (preg_match("~^$space*(CREATE|DROP)$space+(DATABASE|SCHEMA)\\b~isU", $query)) { unset($_SESSION["databases"][$_GET["server"]]); } echo "

" . lang('Query executed OK, %d row(s) affected.', $mysql->affected_rows) . "

\n";