Fix remote execution in SQLite query (discovered by 庞申杰(千霄))
This commit is contained in:
parent
0bb5a52dc4
commit
e5352cc5ac
|
@ -49,6 +49,7 @@ $translations = array(
|
|||
'Query executed OK, %d row(s) affected.' => array('Příkaz proběhl v pořádku, byl změněn %d záznam.', 'Příkaz proběhl v pořádku, byly změněny %d záznamy.', 'Příkaz proběhl v pořádku, bylo změněno %d záznamů.'),
|
||||
'No commands to execute.' => 'Žádné příkazy k vykonání.',
|
||||
'Error in query' => 'Chyba v dotazu',
|
||||
'ATTACH queries are not supported.' => 'Dotazy ATTACH nejsou podporované.',
|
||||
'Execute' => 'Provést',
|
||||
'Stop on error' => 'Zastavit při chybě',
|
||||
'Show only errors' => 'Zobrazit pouze chyby',
|
||||
|
|
|
@ -49,6 +49,7 @@ $translations = array(
|
|||
'Query executed OK, %d row(s) affected.' => array('Xx.', 'Xx.'),
|
||||
'No commands to execute.' => 'Xx.',
|
||||
'Error in query' => 'Xx',
|
||||
'ATTACH queries are not supported.' => 'Xx.',
|
||||
'Execute' => 'Xx',
|
||||
'Stop on error' => 'Xx',
|
||||
'Show only errors' => 'Xx',
|
||||
|
|
|
@ -94,6 +94,15 @@ if (!$error && $_POST) {
|
|||
$q = substr($query, 0, $pos);
|
||||
$commands++;
|
||||
$print = "<pre id='sql-$commands'><code class='jush-$jush'>" . shorten_utf8(trim($q), 1000) . "</code></pre>\n";
|
||||
if ($jush == "sqlite" && preg_match("~^$space*ATTACH\b~i", $q, $match)) {
|
||||
// PHP doesn't support setting SQLITE_LIMIT_ATTACHED
|
||||
echo $print;
|
||||
echo "<p class='error'>" . lang('ATTACH queries are not supported.') . "\n";
|
||||
$errors[] = " <a href='#sql-$commands'>$commands</a>";
|
||||
if ($_POST["error_stops"]) {
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
if (!$_POST["only_errors"]) {
|
||||
echo $print;
|
||||
ob_flush();
|
||||
|
@ -159,6 +168,7 @@ if (!$error && $_POST) {
|
|||
|
||||
$start = microtime(true);
|
||||
} while ($connection->next_result());
|
||||
}
|
||||
|
||||
$query = substr($query, $offset);
|
||||
$offset = 0;
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
Adminer 4.2.4-dev:
|
||||
Fix remote execution in SQLite query
|
||||
MySQL: Support PHP 7
|
||||
Bosnian translation
|
||||
Finnish translation
|
||||
|
|
Loading…
Reference in a new issue