Fix remote execution in SQLite query (discovered by 庞申杰(千霄))
This commit is contained in:
parent
0bb5a52dc4
commit
e5352cc5ac
|
@ -49,6 +49,7 @@ $translations = array(
|
||||||
'Query executed OK, %d row(s) affected.' => array('Příkaz proběhl v pořádku, byl změněn %d záznam.', 'Příkaz proběhl v pořádku, byly změněny %d záznamy.', 'Příkaz proběhl v pořádku, bylo změněno %d záznamů.'),
|
'Query executed OK, %d row(s) affected.' => array('Příkaz proběhl v pořádku, byl změněn %d záznam.', 'Příkaz proběhl v pořádku, byly změněny %d záznamy.', 'Příkaz proběhl v pořádku, bylo změněno %d záznamů.'),
|
||||||
'No commands to execute.' => 'Žádné příkazy k vykonání.',
|
'No commands to execute.' => 'Žádné příkazy k vykonání.',
|
||||||
'Error in query' => 'Chyba v dotazu',
|
'Error in query' => 'Chyba v dotazu',
|
||||||
|
'ATTACH queries are not supported.' => 'Dotazy ATTACH nejsou podporované.',
|
||||||
'Execute' => 'Provést',
|
'Execute' => 'Provést',
|
||||||
'Stop on error' => 'Zastavit při chybě',
|
'Stop on error' => 'Zastavit při chybě',
|
||||||
'Show only errors' => 'Zobrazit pouze chyby',
|
'Show only errors' => 'Zobrazit pouze chyby',
|
||||||
|
|
|
@ -49,6 +49,7 @@ $translations = array(
|
||||||
'Query executed OK, %d row(s) affected.' => array('Xx.', 'Xx.'),
|
'Query executed OK, %d row(s) affected.' => array('Xx.', 'Xx.'),
|
||||||
'No commands to execute.' => 'Xx.',
|
'No commands to execute.' => 'Xx.',
|
||||||
'Error in query' => 'Xx',
|
'Error in query' => 'Xx',
|
||||||
|
'ATTACH queries are not supported.' => 'Xx.',
|
||||||
'Execute' => 'Xx',
|
'Execute' => 'Xx',
|
||||||
'Stop on error' => 'Xx',
|
'Stop on error' => 'Xx',
|
||||||
'Show only errors' => 'Xx',
|
'Show only errors' => 'Xx',
|
||||||
|
|
|
@ -94,71 +94,81 @@ if (!$error && $_POST) {
|
||||||
$q = substr($query, 0, $pos);
|
$q = substr($query, 0, $pos);
|
||||||
$commands++;
|
$commands++;
|
||||||
$print = "<pre id='sql-$commands'><code class='jush-$jush'>" . shorten_utf8(trim($q), 1000) . "</code></pre>\n";
|
$print = "<pre id='sql-$commands'><code class='jush-$jush'>" . shorten_utf8(trim($q), 1000) . "</code></pre>\n";
|
||||||
if (!$_POST["only_errors"]) {
|
if ($jush == "sqlite" && preg_match("~^$space*ATTACH\b~i", $q, $match)) {
|
||||||
|
// PHP doesn't support setting SQLITE_LIMIT_ATTACHED
|
||||||
echo $print;
|
echo $print;
|
||||||
ob_flush();
|
echo "<p class='error'>" . lang('ATTACH queries are not supported.') . "\n";
|
||||||
flush(); // can take a long time - show the running query
|
$errors[] = " <a href='#sql-$commands'>$commands</a>";
|
||||||
}
|
if ($_POST["error_stops"]) {
|
||||||
$start = microtime(true);
|
break;
|
||||||
//! don't allow changing of character_set_results, convert encoding of displayed query
|
}
|
||||||
if ($connection->multi_query($q) && is_object($connection2) && preg_match("~^$space*USE\\b~isU", $q)) {
|
} else {
|
||||||
$connection2->query($q);
|
if (!$_POST["only_errors"]) {
|
||||||
}
|
echo $print;
|
||||||
|
ob_flush();
|
||||||
do {
|
flush(); // can take a long time - show the running query
|
||||||
$result = $connection->store_result();
|
}
|
||||||
$time = " <span class='time'>(" . format_time($start) . ")</span>"
|
$start = microtime(true);
|
||||||
. (strlen($q) < 1000 ? " <a href='" . h(ME) . "sql=" . urlencode(trim($q)) . "'>" . lang('Edit') . "</a>" : "") // 1000 - maximum length of encoded URL in IE is 2083 characters
|
//! don't allow changing of character_set_results, convert encoding of displayed query
|
||||||
;
|
if ($connection->multi_query($q) && is_object($connection2) && preg_match("~^$space*USE\\b~isU", $q)) {
|
||||||
|
$connection2->query($q);
|
||||||
if ($connection->error) {
|
|
||||||
echo ($_POST["only_errors"] ? $print : "");
|
|
||||||
echo "<p class='error'>" . lang('Error in query') . ($connection->errno ? " ($connection->errno)" : "") . ": " . error() . "\n";
|
|
||||||
$errors[] = " <a href='#sql-$commands'>$commands</a>";
|
|
||||||
if ($_POST["error_stops"]) {
|
|
||||||
break 2;
|
|
||||||
}
|
|
||||||
|
|
||||||
} elseif (is_object($result)) {
|
|
||||||
$limit = $_POST["limit"];
|
|
||||||
$orgtables = select($result, $connection2, array(), $limit);
|
|
||||||
if (!$_POST["only_errors"]) {
|
|
||||||
echo "<form action='' method='post'>\n";
|
|
||||||
$num_rows = $result->num_rows;
|
|
||||||
echo "<p>" . ($num_rows ? ($limit && $num_rows > $limit ? lang('%d / ', $limit) : "") . lang('%d row(s)', $num_rows) : "");
|
|
||||||
echo $time;
|
|
||||||
$id = "export-$commands";
|
|
||||||
$export = ", <a href='#$id' onclick=\"return !toggle('$id');\">" . lang('Export') . "</a><span id='$id' class='hidden'>: "
|
|
||||||
. html_select("output", $adminer->dumpOutput(), $adminer_export["output"]) . " "
|
|
||||||
. html_select("format", $dump_format, $adminer_export["format"])
|
|
||||||
. "<input type='hidden' name='query' value='" . h($q) . "'>"
|
|
||||||
. " <input type='submit' name='export' value='" . lang('Export') . "'><input type='hidden' name='token' value='$token'></span>\n"
|
|
||||||
;
|
|
||||||
if ($connection2 && preg_match("~^($space|\\()*SELECT\\b~isU", $q) && ($explain = explain($connection2, $q))) {
|
|
||||||
$id = "explain-$commands";
|
|
||||||
echo ", <a href='#$id' onclick=\"return !toggle('$id');\">EXPLAIN</a>$export";
|
|
||||||
echo "<div id='$id' class='hidden'>\n";
|
|
||||||
select($explain, $connection2, $orgtables);
|
|
||||||
echo "</div>\n";
|
|
||||||
} else {
|
|
||||||
echo $export;
|
|
||||||
}
|
|
||||||
echo "</form>\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
} else {
|
|
||||||
if (preg_match("~^$space*(CREATE|DROP|ALTER)$space+(DATABASE|SCHEMA)\\b~isU", $q)) {
|
|
||||||
restart_session();
|
|
||||||
set_session("dbs", null); // clear cache
|
|
||||||
stop_session();
|
|
||||||
}
|
|
||||||
if (!$_POST["only_errors"]) {
|
|
||||||
echo "<p class='message' title='" . h($connection->info) . "'>" . lang('Query executed OK, %d row(s) affected.', $connection->affected_rows) . "$time\n";
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$start = microtime(true);
|
do {
|
||||||
} while ($connection->next_result());
|
$result = $connection->store_result();
|
||||||
|
$time = " <span class='time'>(" . format_time($start) . ")</span>"
|
||||||
|
. (strlen($q) < 1000 ? " <a href='" . h(ME) . "sql=" . urlencode(trim($q)) . "'>" . lang('Edit') . "</a>" : "") // 1000 - maximum length of encoded URL in IE is 2083 characters
|
||||||
|
;
|
||||||
|
|
||||||
|
if ($connection->error) {
|
||||||
|
echo ($_POST["only_errors"] ? $print : "");
|
||||||
|
echo "<p class='error'>" . lang('Error in query') . ($connection->errno ? " ($connection->errno)" : "") . ": " . error() . "\n";
|
||||||
|
$errors[] = " <a href='#sql-$commands'>$commands</a>";
|
||||||
|
if ($_POST["error_stops"]) {
|
||||||
|
break 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
} elseif (is_object($result)) {
|
||||||
|
$limit = $_POST["limit"];
|
||||||
|
$orgtables = select($result, $connection2, array(), $limit);
|
||||||
|
if (!$_POST["only_errors"]) {
|
||||||
|
echo "<form action='' method='post'>\n";
|
||||||
|
$num_rows = $result->num_rows;
|
||||||
|
echo "<p>" . ($num_rows ? ($limit && $num_rows > $limit ? lang('%d / ', $limit) : "") . lang('%d row(s)', $num_rows) : "");
|
||||||
|
echo $time;
|
||||||
|
$id = "export-$commands";
|
||||||
|
$export = ", <a href='#$id' onclick=\"return !toggle('$id');\">" . lang('Export') . "</a><span id='$id' class='hidden'>: "
|
||||||
|
. html_select("output", $adminer->dumpOutput(), $adminer_export["output"]) . " "
|
||||||
|
. html_select("format", $dump_format, $adminer_export["format"])
|
||||||
|
. "<input type='hidden' name='query' value='" . h($q) . "'>"
|
||||||
|
. " <input type='submit' name='export' value='" . lang('Export') . "'><input type='hidden' name='token' value='$token'></span>\n"
|
||||||
|
;
|
||||||
|
if ($connection2 && preg_match("~^($space|\\()*SELECT\\b~isU", $q) && ($explain = explain($connection2, $q))) {
|
||||||
|
$id = "explain-$commands";
|
||||||
|
echo ", <a href='#$id' onclick=\"return !toggle('$id');\">EXPLAIN</a>$export";
|
||||||
|
echo "<div id='$id' class='hidden'>\n";
|
||||||
|
select($explain, $connection2, $orgtables);
|
||||||
|
echo "</div>\n";
|
||||||
|
} else {
|
||||||
|
echo $export;
|
||||||
|
}
|
||||||
|
echo "</form>\n";
|
||||||
|
}
|
||||||
|
|
||||||
|
} else {
|
||||||
|
if (preg_match("~^$space*(CREATE|DROP|ALTER)$space+(DATABASE|SCHEMA)\\b~isU", $q)) {
|
||||||
|
restart_session();
|
||||||
|
set_session("dbs", null); // clear cache
|
||||||
|
stop_session();
|
||||||
|
}
|
||||||
|
if (!$_POST["only_errors"]) {
|
||||||
|
echo "<p class='message' title='" . h($connection->info) . "'>" . lang('Query executed OK, %d row(s) affected.', $connection->affected_rows) . "$time\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$start = microtime(true);
|
||||||
|
} while ($connection->next_result());
|
||||||
|
}
|
||||||
|
|
||||||
$query = substr($query, $offset);
|
$query = substr($query, $offset);
|
||||||
$offset = 0;
|
$offset = 0;
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
Adminer 4.2.4-dev:
|
Adminer 4.2.4-dev:
|
||||||
|
Fix remote execution in SQLite query
|
||||||
MySQL: Support PHP 7
|
MySQL: Support PHP 7
|
||||||
Bosnian translation
|
Bosnian translation
|
||||||
Finnish translation
|
Finnish translation
|
||||||
|
|
Loading…
Reference in a new issue