Escape delimiter in right place (thanks to Peter R)
set_time_limit() and flush() Allow comments before CREATE|DROP DATABASE git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@512 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
parent
a31a3228d6
commit
d06a9ada4c
|
@ -7,14 +7,16 @@ page_header(lang('SQL command'), $error);
|
||||||
|
|
||||||
if (!$error && $_POST) {
|
if (!$error && $_POST) {
|
||||||
if (is_string($query = (isset($_POST["query"]) ? $_POST["query"] : get_file("sql_file")))) {
|
if (is_string($query = (isset($_POST["query"]) ? $_POST["query"] : get_file("sql_file")))) {
|
||||||
|
@set_time_limit(0);
|
||||||
$delimiter = ";";
|
$delimiter = ";";
|
||||||
$offset = 0;
|
$offset = 0;
|
||||||
$empty = true;
|
$empty = true;
|
||||||
|
$space = "(\\s+|/\\*.*\\*/|(#|-- )[^\n]*\n|--\n)";
|
||||||
while (rtrim($query)) {
|
while (rtrim($query)) {
|
||||||
if (!$offset && preg_match('~^\\s*DELIMITER\\s+(.+)~i', $query, $match)) {
|
if (!$offset && preg_match('~^\\s*DELIMITER\\s+(.+)~i', $query, $match)) {
|
||||||
$delimiter = preg_quote($match[1], '~');
|
$delimiter = $match[1];
|
||||||
$query = substr($query, strlen($match[0]));
|
$query = substr($query, strlen($match[0]));
|
||||||
} elseif (preg_match("~$delimiter|['`\"]|/\\*|-- |#|\$~", $query, $match, PREG_OFFSET_CAPTURE, $offset)) {
|
} elseif (preg_match('(' . preg_quote($delimiter) . '|[\'`"]|/\\*|-- |#|$)', $query, $match, PREG_OFFSET_CAPTURE, $offset)) {
|
||||||
if ($match[0][0] && $match[0][0] != $delimiter) {
|
if ($match[0][0] && $match[0][0] != $delimiter) {
|
||||||
$pattern = ($match[0][0] == "-- " || $match[0][0] == "#" ? '~.*~' : ($match[0][0] == "/*" ? '~.*\\*/~sU' : '~\\G([^\\\\' . $match[0][0] . ']+|\\\\.)*(' . $match[0][0] . '|$)~s'));
|
$pattern = ($match[0][0] == "-- " || $match[0][0] == "#" ? '~.*~' : ($match[0][0] == "/*" ? '~.*\\*/~sU' : '~\\G([^\\\\' . $match[0][0] . ']+|\\\\.)*(' . $match[0][0] . '|$)~s'));
|
||||||
preg_match($pattern, $query, $match, PREG_OFFSET_CAPTURE, $match[0][1] + 1);
|
preg_match($pattern, $query, $match, PREG_OFFSET_CAPTURE, $match[0][1] + 1);
|
||||||
|
@ -22,6 +24,7 @@ if (!$error && $_POST) {
|
||||||
} else {
|
} else {
|
||||||
$empty = false;
|
$empty = false;
|
||||||
echo "<pre class='jush-sql'>" . htmlspecialchars(substr($query, 0, $match[0][1])) . "</pre>\n";
|
echo "<pre class='jush-sql'>" . htmlspecialchars(substr($query, 0, $match[0][1])) . "</pre>\n";
|
||||||
|
flush();
|
||||||
//! don't allow changing of character_set_results, convert encoding of displayed query
|
//! don't allow changing of character_set_results, convert encoding of displayed query
|
||||||
if (!$mysql->multi_query(substr($query, 0, $match[0][1]))) {
|
if (!$mysql->multi_query(substr($query, 0, $match[0][1]))) {
|
||||||
echo "<p class='error'>" . lang('Error in query') . ": " . htmlspecialchars($mysql->error) . "</p>\n";
|
echo "<p class='error'>" . lang('Error in query') . ": " . htmlspecialchars($mysql->error) . "</p>\n";
|
||||||
|
@ -31,7 +34,7 @@ if (!$error && $_POST) {
|
||||||
if (is_object($result)) {
|
if (is_object($result)) {
|
||||||
select($result);
|
select($result);
|
||||||
} else {
|
} else {
|
||||||
if (preg_match("~^\\s*(CREATE|DROP)(\\s+|/\\*.*\\*/|(#|-- )[^\n]*\n)+(DATABASE|SCHEMA)\\b~isU", $query)) {
|
if (preg_match("~^$space*(CREATE|DROP)$space+(DATABASE|SCHEMA)\\b~isU", $query)) {
|
||||||
unset($_SESSION["databases"][$_GET["server"]]);
|
unset($_SESSION["databases"][$_GET["server"]]);
|
||||||
}
|
}
|
||||||
echo "<p class='message'>" . lang('Query executed OK, %d row(s) affected.', $mysql->affected_rows) . "</p>\n";
|
echo "<p class='message'>" . lang('Query executed OK, %d row(s) affected.', $mysql->affected_rows) . "</p>\n";
|
||||||
|
|
Loading…
Reference in a new issue