diff options
| author | ioguix | 2010-07-22 00:23:39 +0000 |
|---|---|---|
| committer | ioguix | 2010-07-22 00:23:39 +0000 |
| commit | d837ee88785e1cf4c72d8a209d49e94453fae951 (patch) | |
| tree | 655b155496bba76048ec3212de17d7aab7f049d7 | |
| parent | c212f0a763382c0b1b8568299ee175c3804b86f4 (diff) | |
Some bad escaped variables found on my way
| -rw-r--r-- | classes/Misc.php | 19 | ||||
| -rwxr-xr-x | classes/database/Postgres.php | 12 | ||||
| -rw-r--r-- | colproperties.php | 32 | ||||
| -rw-r--r-- | privileges.php | 2 | ||||
| -rw-r--r-- | tblproperties.php | 18 | ||||
| -rw-r--r-- | views.php | 2 |
6 files changed, 59 insertions, 26 deletions
diff --git a/classes/Misc.php b/classes/Misc.php index 1d459fa2..d5e78bd8 100644 --- a/classes/Misc.php +++ b/classes/Misc.php @@ -277,6 +277,15 @@ if (is_array($var)) { foreach($var as $k => $v) { $this->stripVar($var[$k]); + + /* magic_quotes_gpc escape keys as well ...*/ + if (is_string($k)) { + $ek = stripslashes($k); + if ($ek !== $k) { + $var[$ek] = $var[$k]; + unset($var[$k]); + } + } } } else @@ -1299,20 +1308,20 @@ if ($subject == 'slony_cluster') $done = true; if (isset($_REQUEST['table']) && !$done) { - $vars .= "subject=table&table=".urlencode($_REQUEST['table']); + $vars .= "table=".urlencode($_REQUEST['table']); $trail['table'] = array( 'title' => $lang['strtable'], 'text' => $_REQUEST['table'], - 'url' => "redirect.php?{$vars}", + 'url' => "redirect.php?subject=table&{$vars}", 'help' => 'pg.table', 'icon' => 'Table' ); } elseif (isset($_REQUEST['view']) && !$done) { - $vars .= "subject=view&view=".urlencode($_REQUEST['view']); + $vars .= "view=".urlencode($_REQUEST['view']); $trail['view'] = array( 'title' => $lang['strview'], 'text' => $_REQUEST['view'], - 'url' => "redirect.php?{$vars}", + 'url' => "redirect.php?subject=view&{$vars}", 'help' => 'pg.view', 'icon' => 'View' ); @@ -1374,7 +1383,7 @@ ); break; case 'column': - $vars .= "&column={$_REQUEST['column']}&subject=column"; + $vars .= "&column=". urlencode($_REQUEST['column']) ."&subject=column"; $trail['column'] = array ( 'title' => $lang['strcolumn'], 'text' => $_REQUEST['column'], diff --git a/classes/database/Postgres.php b/classes/database/Postgres.php index 29f07afc..14c52e97 100755 --- a/classes/database/Postgres.php +++ b/classes/database/Postgres.php @@ -3199,7 +3199,6 @@ class Postgres extends ADODB_base { */ function alterView($view, $name, $owner, $schema, $comment) { - $this->fieldClean($view); $data = $this->getView($view); if ($data->recordCount() != 1) return -2; @@ -3718,16 +3717,20 @@ class Postgres extends ADODB_base { function getLinkingKeys($tables) { if (!is_array($tables)) return -1; + $this->clean($tables[0]['tablename']); + $this->clean($tables[0]['schemaname']); $tables_list = "'{$tables[0]['tablename']}'"; $schema_list = "'{$tables[0]['schemaname']}'"; $schema_tables_list = "'{$tables[0]['schemaname']}.{$tables[0]['tablename']}'"; for ($i = 1; $i < sizeof($tables); $i++) { + $this->clean($tables[$i]['tablename']); + $this->clean($tables[$i]['schemaname']); $tables_list .= ", '{$tables[$i]['tablename']}'"; $schema_list .= ", '{$tables[$i]['schemaname']}'"; $schema_tables_list .= ", '{$tables[$i]['schemaname']}.{$tables[$i]['tablename']}'"; } - echo "<pre>", print_r(array($tables_list, $schema_list), 1), "</pre>"; + $maxDimension = 1; $sql = " @@ -7631,8 +7634,9 @@ class Postgres extends ADODB_base { $this->fieldClean($table); if (isset($_REQUEST['schema'])) { - $this->fieldClean($_REQUEST['schema']); - $sql .= "\"{$_REQUEST['schema']}\"."; + $f_schema = $_REQUEST['schema']; + $this->fieldClean($f_schema); + $sql .= "\"{$f_schema}\"."; } $sql .= "\"{$table}\""; diff --git a/colproperties.php b/colproperties.php index 00ce9d12..9aa7f729 100644 --- a/colproperties.php +++ b/colproperties.php @@ -231,26 +231,40 @@ echo "<br />\n"; echo "<ul class=\"navlink\">\n"; + $f_attname = $_REQUEST['column']; + $f_table = $tableName; + $f_schema = $data->_schema; + $data->fieldClean($f_attname); + $data->fieldClean($f_table); + $data->fieldClean($f_schema); + $query_url = urlencode("SELECT \"{$f_attname}\", count(*) AS \"count\" FROM \"{$f_schema}\".\"{$f_table}\" GROUP BY \"{$f_attname}\" ORDER BY \"{$f_attname}\"") ; + if ($isTable) { - $return_url = urlencode("colproperties.php?{$misc->href}&table=$tableName&column={$_REQUEST['column']}"); + $return_url = urlencode("colproperties.php?{$misc->href}&table=". urlencode($tableName) + ."&column=". urlencode($_REQUEST['column'])); /* Browse link */ - echo "\t<li><a href=\"display.php?{$misc->href}&subject=column&table=", urlencode($_REQUEST['table']), "&column=", - urlencode($_REQUEST['column']), "&return_url={$return_url}&return_desc=", urlencode($lang['strback']), "&query=", - urlencode("SELECT \"{$_REQUEST['column']}\", count(*) AS \"count\" FROM \"{$data->_schema}\".\"$tableName\" GROUP BY \"{$_REQUEST['column']}\" ORDER BY \"{$_REQUEST['column']}\"") , "\">{$lang['strbrowse']}</a></li>\n"; + /* FIXME browsing a col should somehow be a action so we don't + * send an ugly SQL in the URL */ + echo "\t<li><a href=\"display.php?{$misc->href}&subject=column&table=", + urlencode($_REQUEST['table']), + "&column=", urlencode($_REQUEST['column']), + "&return_url={$return_url}&return_desc=", urlencode($lang['strback']), + "&query={$query_url}\">{$lang['strbrowse']}</a></li>\n"; /* Edit link */ - echo "\t<li><a href=\"colproperties.php?action=properties&{$misc->href}&table=", urlencode($_REQUEST['table']), + echo "\t<li><a href=\"colproperties.php?action=properties&{$misc->href}&table=", urlencode($tableName), "&column=", urlencode($_REQUEST['column']) . "\">{$lang['stralter']}</a></li>\n"; - echo "\t<li><a href=\"tblproperties.php?action=confirm_drop&{$misc->href}&table=", urlencode($_REQUEST['table']), + echo "\t<li><a href=\"tblproperties.php?action=confirm_drop&{$misc->href}&table=", urlencode($tableName), "&column=" . urlencode($_REQUEST['column']) . "\">{$lang['strdrop']}</a></li>\n"; } else { - $return_url = urlencode("colproperties.php?{$misc->href}&view=$tableName&column={$_REQUEST['column']}"); + $return_url = urlencode("colproperties.php?{$misc->href}&view=". urlencode($tableName) + ."&column=". urlencode($_REQUEST['column'])); /* Browse link */ echo "\t<li><a href=\"display.php?{$misc->href}&subject=column&column=", - urlencode($_REQUEST['column']), "&return_url={$return_url}&return_desc=", urlencode($lang['strback']), "&query=", - urlencode("SELECT \"{$_REQUEST['column']}\", count(*) AS \"count\" FROM \"$tableName\" GROUP BY \"{$_REQUEST['column']}\" ORDER BY \"{$_REQUEST['column']}\"") , "\">{$lang['strbrowse']}</a></li>\n"; + urlencode($_REQUEST['column']), "&return_url={$return_url}&return_desc=", urlencode($lang['strback']), + "&query={$query_url}\">{$lang['strbrowse']}</a></li>\n"; } echo "</ul>\n"; diff --git a/privileges.php b/privileges.php index d703907a..451bb2dc 100644 --- a/privileges.php +++ b/privileges.php @@ -250,7 +250,7 @@ if ($_REQUEST['subject'] == 'function') { $objectoid = $_REQUEST[$_REQUEST['subject'].'_oid']; - $alterurl = "privileges.php?action=alter&{$misc->href}&{$subject}={$object}&{$subject}_oid=$objectoid&subject={$subject}&mode="; + $alterurl = "privileges.php?action=alter&{$misc->href}&{$subject}={$object}&{$subject}_oid={$objectoid}&subject={$subject}&mode="; } else if ($_REQUEST['subject'] == 'column') { $alterurl = "privileges.php?action=alter&{$misc->href}&{$subject}={$object}" diff --git a/tblproperties.php b/tblproperties.php index 2136a7d0..2b98efc8 100644 --- a/tblproperties.php +++ b/tblproperties.php @@ -443,7 +443,13 @@ function attPre(&$rowdata, $actions) { global $data; $rowdata->fields['+type'] = $data->formatType($rowdata->fields['type'], $rowdata->fields['atttypmod']); - $actions['browse']['url'] .= 'query=' . urlencode("SELECT \"{$rowdata->fields['attname']}\", count(*) AS \"count\" FROM \"{$_REQUEST['table']}\" GROUP BY \"{$rowdata->fields['attname']}\" ORDER BY \"{$rowdata->fields['attname']}\"") . '&'; + $attname = $rowdata->fields['attname']; + $table = $_REQUEST['table']; + $data->fieldClean($attname); + $data->fieldClean($table); + + $actions['browse']['url'] .= 'query=' . urlencode("SELECT \"{$attname}\", count(*) AS \"count\" + FROM \"{$table}\" GROUP BY \"{$attname}\" ORDER BY \"{$attname}\"") . '&'; return $actions; } @@ -515,19 +521,19 @@ if ($c['p_field'] == $s) switch ($c['contype']) { case 'p': - $str .= '<a href="constraints.php?'. $misc->href ."&table={$c['p_table']}&schema={$c['p_schema']}\"><img src=\"". + $str .= '<a href="constraints.php?'. $misc->href ."&table=". urlencode($c['p_table']) ."&schema=". urlencode($c['p_schema']) ."\"><img src=\"". $misc->icon('PrimaryKey') .'" alt="[pk]" title="'. htmlentities($c['consrc']) .'" /></a>'; break; case 'f': - $str .= '<a href="tblproperties.php?'. $misc->href ."&table={$c['f_table']}&schema={$c['f_schema']}\"><img src=\"". + $str .= '<a href="tblproperties.php?'. $misc->href ."&table=". urlencode($c['f_table']) ."&schema=". urlencode($c['f_schema']) ."\"><img src=\"". $misc->icon('ForeignKey') .'" alt="[fk]" title="'. htmlentities($c['consrc']) .'" /></a>'; break; case 'u': - $str .= '<a href="constraints.php?'. $misc->href ."&table={$c['p_table']}&schema={$c['p_schema']}\"><img src=\"". + $str .= '<a href="constraints.php?'. $misc->href ."&table=". urlencode($c['p_table']) ."&schema=". urlencode($c['p_schema']) ."\"><img src=\"". $misc->icon('UniqueConstraint') .'" alt="[uniq]" title="'. htmlentities($c['consrc']) .'" /></a>'; break; case 'c': - $str .= '<a href="constraints.php?'. $misc->href ."&table={$c['p_table']}&schema={$c['p_schema']}\"><img src=\"". + $str .= '<a href="constraints.php?'. $misc->href ."&table=". urlencode($c['p_table']) ."&schema=". urlencode($c['p_schema']) ."\"><img src=\"". $misc->icon('CheckConstraint') .'" alt="[check]" title="'. htmlentities($c['consrc']) .'" /></a>'; } } @@ -535,7 +541,7 @@ return $str; } - $return_url = urlencode("tblproperties.php?{$misc->href}&table={$_REQUEST['table']}"); + $return_url = urlencode("tblproperties.php?{$misc->href}&table=". urlencode($_REQUEST['table'])); $actions = array( 'browse' => array( @@ -111,7 +111,7 @@ $query = $data->getSelectSQL($_REQUEST['view'], array_keys($_POST['show']), $_POST['values'], $_POST['ops']); $_REQUEST['query'] = $query; - $_REQUEST['return_url'] = "views.php?action=confselectrows&{$misc->href}&view={$_REQUEST['view']}"; + $_REQUEST['return_url'] = "views.php?action=confselectrows&{$misc->href}&view=". urlencode($_REQUEST['view']); $_REQUEST['return_desc'] = $lang['strback']; $_no_output = true; |