Fix remote execution in SQLite query (discovered by 庞申杰(千霄))
This commit is contained in:
parent
0bb5a52dc4
commit
e5352cc5ac
|
@ -49,6 +49,7 @@ $translations = array(
|
|||
'Query executed OK, %d row(s) affected.' => array('Příkaz proběhl v pořádku, byl změněn %d záznam.', 'Příkaz proběhl v pořádku, byly změněny %d záznamy.', 'Příkaz proběhl v pořádku, bylo změněno %d záznamů.'),
|
||||
'No commands to execute.' => 'Žádné příkazy k vykonání.',
|
||||
'Error in query' => 'Chyba v dotazu',
|
||||
'ATTACH queries are not supported.' => 'Dotazy ATTACH nejsou podporované.',
|
||||
'Execute' => 'Provést',
|
||||
'Stop on error' => 'Zastavit při chybě',
|
||||
'Show only errors' => 'Zobrazit pouze chyby',
|
||||
|
|
|
@ -49,6 +49,7 @@ $translations = array(
|
|||
'Query executed OK, %d row(s) affected.' => array('Xx.', 'Xx.'),
|
||||
'No commands to execute.' => 'Xx.',
|
||||
'Error in query' => 'Xx',
|
||||
'ATTACH queries are not supported.' => 'Xx.',
|
||||
'Execute' => 'Xx',
|
||||
'Stop on error' => 'Xx',
|
||||
'Show only errors' => 'Xx',
|
||||
|
|
|
@ -94,71 +94,81 @@ if (!$error && $_POST) {
|
|||
$q = substr($query, 0, $pos);
|
||||
$commands++;
|
||||
$print = "<pre id='sql-$commands'><code class='jush-$jush'>" . shorten_utf8(trim($q), 1000) . "</code></pre>\n";
|
||||
if (!$_POST["only_errors"]) {
|
||||
if ($jush == "sqlite" && preg_match("~^$space*ATTACH\b~i", $q, $match)) {
|
||||
// PHP doesn't support setting SQLITE_LIMIT_ATTACHED
|
||||
echo $print;
|
||||
ob_flush();
|
||||
flush(); // can take a long time - show the running query
|
||||
}
|
||||
$start = microtime(true);
|
||||
//! don't allow changing of character_set_results, convert encoding of displayed query
|
||||
if ($connection->multi_query($q) && is_object($connection2) && preg_match("~^$space*USE\\b~isU", $q)) {
|
||||
$connection2->query($q);
|
||||
}
|
||||
|
||||
do {
|
||||
$result = $connection->store_result();
|
||||
$time = " <span class='time'>(" . format_time($start) . ")</span>"
|
||||
. (strlen($q) < 1000 ? " <a href='" . h(ME) . "sql=" . urlencode(trim($q)) . "'>" . lang('Edit') . "</a>" : "") // 1000 - maximum length of encoded URL in IE is 2083 characters
|
||||
;
|
||||
|
||||
if ($connection->error) {
|
||||
echo ($_POST["only_errors"] ? $print : "");
|
||||
echo "<p class='error'>" . lang('Error in query') . ($connection->errno ? " ($connection->errno)" : "") . ": " . error() . "\n";
|
||||
$errors[] = " <a href='#sql-$commands'>$commands</a>";
|
||||
if ($_POST["error_stops"]) {
|
||||
break 2;
|
||||
}
|
||||
|
||||
} elseif (is_object($result)) {
|
||||
$limit = $_POST["limit"];
|
||||
$orgtables = select($result, $connection2, array(), $limit);
|
||||
if (!$_POST["only_errors"]) {
|
||||
echo "<form action='' method='post'>\n";
|
||||
$num_rows = $result->num_rows;
|
||||
echo "<p>" . ($num_rows ? ($limit && $num_rows > $limit ? lang('%d / ', $limit) : "") . lang('%d row(s)', $num_rows) : "");
|
||||
echo $time;
|
||||
$id = "export-$commands";
|
||||
$export = ", <a href='#$id' onclick=\"return !toggle('$id');\">" . lang('Export') . "</a><span id='$id' class='hidden'>: "
|
||||
. html_select("output", $adminer->dumpOutput(), $adminer_export["output"]) . " "
|
||||
. html_select("format", $dump_format, $adminer_export["format"])
|
||||
. "<input type='hidden' name='query' value='" . h($q) . "'>"
|
||||
. " <input type='submit' name='export' value='" . lang('Export') . "'><input type='hidden' name='token' value='$token'></span>\n"
|
||||
;
|
||||
if ($connection2 && preg_match("~^($space|\\()*SELECT\\b~isU", $q) && ($explain = explain($connection2, $q))) {
|
||||
$id = "explain-$commands";
|
||||
echo ", <a href='#$id' onclick=\"return !toggle('$id');\">EXPLAIN</a>$export";
|
||||
echo "<div id='$id' class='hidden'>\n";
|
||||
select($explain, $connection2, $orgtables);
|
||||
echo "</div>\n";
|
||||
} else {
|
||||
echo $export;
|
||||
}
|
||||
echo "</form>\n";
|
||||
}
|
||||
|
||||
} else {
|
||||
if (preg_match("~^$space*(CREATE|DROP|ALTER)$space+(DATABASE|SCHEMA)\\b~isU", $q)) {
|
||||
restart_session();
|
||||
set_session("dbs", null); // clear cache
|
||||
stop_session();
|
||||
}
|
||||
if (!$_POST["only_errors"]) {
|
||||
echo "<p class='message' title='" . h($connection->info) . "'>" . lang('Query executed OK, %d row(s) affected.', $connection->affected_rows) . "$time\n";
|
||||
}
|
||||
echo "<p class='error'>" . lang('ATTACH queries are not supported.') . "\n";
|
||||
$errors[] = " <a href='#sql-$commands'>$commands</a>";
|
||||
if ($_POST["error_stops"]) {
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
if (!$_POST["only_errors"]) {
|
||||
echo $print;
|
||||
ob_flush();
|
||||
flush(); // can take a long time - show the running query
|
||||
}
|
||||
$start = microtime(true);
|
||||
//! don't allow changing of character_set_results, convert encoding of displayed query
|
||||
if ($connection->multi_query($q) && is_object($connection2) && preg_match("~^$space*USE\\b~isU", $q)) {
|
||||
$connection2->query($q);
|
||||
}
|
||||
|
||||
$start = microtime(true);
|
||||
} while ($connection->next_result());
|
||||
do {
|
||||
$result = $connection->store_result();
|
||||
$time = " <span class='time'>(" . format_time($start) . ")</span>"
|
||||
. (strlen($q) < 1000 ? " <a href='" . h(ME) . "sql=" . urlencode(trim($q)) . "'>" . lang('Edit') . "</a>" : "") // 1000 - maximum length of encoded URL in IE is 2083 characters
|
||||
;
|
||||
|
||||
if ($connection->error) {
|
||||
echo ($_POST["only_errors"] ? $print : "");
|
||||
echo "<p class='error'>" . lang('Error in query') . ($connection->errno ? " ($connection->errno)" : "") . ": " . error() . "\n";
|
||||
$errors[] = " <a href='#sql-$commands'>$commands</a>";
|
||||
if ($_POST["error_stops"]) {
|
||||
break 2;
|
||||
}
|
||||
|
||||
} elseif (is_object($result)) {
|
||||
$limit = $_POST["limit"];
|
||||
$orgtables = select($result, $connection2, array(), $limit);
|
||||
if (!$_POST["only_errors"]) {
|
||||
echo "<form action='' method='post'>\n";
|
||||
$num_rows = $result->num_rows;
|
||||
echo "<p>" . ($num_rows ? ($limit && $num_rows > $limit ? lang('%d / ', $limit) : "") . lang('%d row(s)', $num_rows) : "");
|
||||
echo $time;
|
||||
$id = "export-$commands";
|
||||
$export = ", <a href='#$id' onclick=\"return !toggle('$id');\">" . lang('Export') . "</a><span id='$id' class='hidden'>: "
|
||||
. html_select("output", $adminer->dumpOutput(), $adminer_export["output"]) . " "
|
||||
. html_select("format", $dump_format, $adminer_export["format"])
|
||||
. "<input type='hidden' name='query' value='" . h($q) . "'>"
|
||||
. " <input type='submit' name='export' value='" . lang('Export') . "'><input type='hidden' name='token' value='$token'></span>\n"
|
||||
;
|
||||
if ($connection2 && preg_match("~^($space|\\()*SELECT\\b~isU", $q) && ($explain = explain($connection2, $q))) {
|
||||
$id = "explain-$commands";
|
||||
echo ", <a href='#$id' onclick=\"return !toggle('$id');\">EXPLAIN</a>$export";
|
||||
echo "<div id='$id' class='hidden'>\n";
|
||||
select($explain, $connection2, $orgtables);
|
||||
echo "</div>\n";
|
||||
} else {
|
||||
echo $export;
|
||||
}
|
||||
echo "</form>\n";
|
||||
}
|
||||
|
||||
} else {
|
||||
if (preg_match("~^$space*(CREATE|DROP|ALTER)$space+(DATABASE|SCHEMA)\\b~isU", $q)) {
|
||||
restart_session();
|
||||
set_session("dbs", null); // clear cache
|
||||
stop_session();
|
||||
}
|
||||
if (!$_POST["only_errors"]) {
|
||||
echo "<p class='message' title='" . h($connection->info) . "'>" . lang('Query executed OK, %d row(s) affected.', $connection->affected_rows) . "$time\n";
|
||||
}
|
||||
}
|
||||
|
||||
$start = microtime(true);
|
||||
} while ($connection->next_result());
|
||||
}
|
||||
|
||||
$query = substr($query, $offset);
|
||||
$offset = 0;
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
Adminer 4.2.4-dev:
|
||||
Fix remote execution in SQLite query
|
||||
MySQL: Support PHP 7
|
||||
Bosnian translation
|
||||
Finnish translation
|
||||
|
|
Loading…
Reference in a new issue