if (is_array($var)) {
foreach($var as $k => $v) {
$this->stripVar($var[$k]);
+
+ /* magic_quotes_gpc escape keys as well ...*/
+ if (is_string($k)) {
+ $ek = stripslashes($k);
+ if ($ek !== $k) {
+ $var[$ek] = $var[$k];
+ unset($var[$k]);
+ }
+ }
}
}
else
if ($subject == 'slony_cluster') $done = true;
if (isset($_REQUEST['table']) && !$done) {
- $vars .= "subject=table&table=".urlencode($_REQUEST['table']);
+ $vars .= "table=".urlencode($_REQUEST['table']);
$trail['table'] = array(
'title' => $lang['strtable'],
'text' => $_REQUEST['table'],
- 'url' => "redirect.php?{$vars}",
+ 'url' => "redirect.php?subject=table&{$vars}",
'help' => 'pg.table',
'icon' => 'Table'
);
} elseif (isset($_REQUEST['view']) && !$done) {
- $vars .= "subject=view&view=".urlencode($_REQUEST['view']);
+ $vars .= "view=".urlencode($_REQUEST['view']);
$trail['view'] = array(
'title' => $lang['strview'],
'text' => $_REQUEST['view'],
- 'url' => "redirect.php?{$vars}",
+ 'url' => "redirect.php?subject=view&{$vars}",
'help' => 'pg.view',
'icon' => 'View'
);
);
break;
case 'column':
- $vars .= "&column={$_REQUEST['column']}&subject=column";
+ $vars .= "&column=". urlencode($_REQUEST['column']) ."&subject=column";
$trail['column'] = array (
'title' => $lang['strcolumn'],
'text' => $_REQUEST['column'],
*/
function alterView($view, $name, $owner, $schema, $comment) {
- $this->fieldClean($view);
$data = $this->getView($view);
if ($data->recordCount() != 1)
return -2;
function getLinkingKeys($tables) {
if (!is_array($tables)) return -1;
+ $this->clean($tables[0]['tablename']);
+ $this->clean($tables[0]['schemaname']);
$tables_list = "'{$tables[0]['tablename']}'";
$schema_list = "'{$tables[0]['schemaname']}'";
$schema_tables_list = "'{$tables[0]['schemaname']}.{$tables[0]['tablename']}'";
for ($i = 1; $i < sizeof($tables); $i++) {
+ $this->clean($tables[$i]['tablename']);
+ $this->clean($tables[$i]['schemaname']);
$tables_list .= ", '{$tables[$i]['tablename']}'";
$schema_list .= ", '{$tables[$i]['schemaname']}'";
$schema_tables_list .= ", '{$tables[$i]['schemaname']}.{$tables[$i]['tablename']}'";
}
- echo "<pre>", print_r(array($tables_list, $schema_list), 1), "</pre>";
+
$maxDimension = 1;
$sql = "
$this->fieldClean($table);
if (isset($_REQUEST['schema'])) {
- $this->fieldClean($_REQUEST['schema']);
- $sql .= "\"{$_REQUEST['schema']}\".";
+ $f_schema = $_REQUEST['schema'];
+ $this->fieldClean($f_schema);
+ $sql .= "\"{$f_schema}\".";
}
$sql .= "\"{$table}\"";
echo "<br />\n";
echo "<ul class=\"navlink\">\n";
+ $f_attname = $_REQUEST['column'];
+ $f_table = $tableName;
+ $f_schema = $data->_schema;
+ $data->fieldClean($f_attname);
+ $data->fieldClean($f_table);
+ $data->fieldClean($f_schema);
+ $query_url = urlencode("SELECT \"{$f_attname}\", count(*) AS \"count\" FROM \"{$f_schema}\".\"{$f_table}\" GROUP BY \"{$f_attname}\" ORDER BY \"{$f_attname}\"") ;
+
if ($isTable) {
- $return_url = urlencode("colproperties.php?{$misc->href}&table=$tableName&column={$_REQUEST['column']}");
+ $return_url = urlencode("colproperties.php?{$misc->href}&table=". urlencode($tableName)
+ ."&column=". urlencode($_REQUEST['column']));
/* Browse link */
- echo "\t<li><a href=\"display.php?{$misc->href}&subject=column&table=", urlencode($_REQUEST['table']), "&column=",
- urlencode($_REQUEST['column']), "&return_url={$return_url}&return_desc=", urlencode($lang['strback']), "&query=",
- urlencode("SELECT \"{$_REQUEST['column']}\", count(*) AS \"count\" FROM \"{$data->_schema}\".\"$tableName\" GROUP BY \"{$_REQUEST['column']}\" ORDER BY \"{$_REQUEST['column']}\"") , "\">{$lang['strbrowse']}</a></li>\n";
+ /* FIXME browsing a col should somehow be a action so we don't
+ * send an ugly SQL in the URL */
+ echo "\t<li><a href=\"display.php?{$misc->href}&subject=column&table=",
+ urlencode($_REQUEST['table']),
+ "&column=", urlencode($_REQUEST['column']),
+ "&return_url={$return_url}&return_desc=", urlencode($lang['strback']),
+ "&query={$query_url}\">{$lang['strbrowse']}</a></li>\n";
/* Edit link */
- echo "\t<li><a href=\"colproperties.php?action=properties&{$misc->href}&table=", urlencode($_REQUEST['table']),
+ echo "\t<li><a href=\"colproperties.php?action=properties&{$misc->href}&table=", urlencode($tableName),
"&column=", urlencode($_REQUEST['column']) . "\">{$lang['stralter']}</a></li>\n";
- echo "\t<li><a href=\"tblproperties.php?action=confirm_drop&{$misc->href}&table=", urlencode($_REQUEST['table']),
+ echo "\t<li><a href=\"tblproperties.php?action=confirm_drop&{$misc->href}&table=", urlencode($tableName),
"&column=" . urlencode($_REQUEST['column']) . "\">{$lang['strdrop']}</a></li>\n";
} else {
- $return_url = urlencode("colproperties.php?{$misc->href}&view=$tableName&column={$_REQUEST['column']}");
+ $return_url = urlencode("colproperties.php?{$misc->href}&view=". urlencode($tableName)
+ ."&column=". urlencode($_REQUEST['column']));
/* Browse link */
echo "\t<li><a href=\"display.php?{$misc->href}&subject=column&column=",
- urlencode($_REQUEST['column']), "&return_url={$return_url}&return_desc=", urlencode($lang['strback']), "&query=",
- urlencode("SELECT \"{$_REQUEST['column']}\", count(*) AS \"count\" FROM \"$tableName\" GROUP BY \"{$_REQUEST['column']}\" ORDER BY \"{$_REQUEST['column']}\"") , "\">{$lang['strbrowse']}</a></li>\n";
+ urlencode($_REQUEST['column']), "&return_url={$return_url}&return_desc=", urlencode($lang['strback']),
+ "&query={$query_url}\">{$lang['strbrowse']}</a></li>\n";
}
echo "</ul>\n";
if ($_REQUEST['subject'] == 'function') {
$objectoid = $_REQUEST[$_REQUEST['subject'].'_oid'];
- $alterurl = "privileges.php?action=alter&{$misc->href}&{$subject}={$object}&{$subject}_oid=$objectoid&subject={$subject}&mode=";
+ $alterurl = "privileges.php?action=alter&{$misc->href}&{$subject}={$object}&{$subject}_oid={$objectoid}&subject={$subject}&mode=";
}
else if ($_REQUEST['subject'] == 'column') {
$alterurl = "privileges.php?action=alter&{$misc->href}&{$subject}={$object}"
function attPre(&$rowdata, $actions) {
global $data;
$rowdata->fields['+type'] = $data->formatType($rowdata->fields['type'], $rowdata->fields['atttypmod']);
- $actions['browse']['url'] .= 'query=' . urlencode("SELECT \"{$rowdata->fields['attname']}\", count(*) AS \"count\" FROM \"{$_REQUEST['table']}\" GROUP BY \"{$rowdata->fields['attname']}\" ORDER BY \"{$rowdata->fields['attname']}\"") . '&';
+ $attname = $rowdata->fields['attname'];
+ $table = $_REQUEST['table'];
+ $data->fieldClean($attname);
+ $data->fieldClean($table);
+
+ $actions['browse']['url'] .= 'query=' . urlencode("SELECT \"{$attname}\", count(*) AS \"count\"
+ FROM \"{$table}\" GROUP BY \"{$attname}\" ORDER BY \"{$attname}\"") . '&';
return $actions;
}
if ($c['p_field'] == $s)
switch ($c['contype']) {
case 'p':
- $str .= '<a href="constraints.php?'. $misc->href ."&table=
{$c['p_table']}&schema={$c['p_schema']}\"><img src=\"".
+ $str .= '<a href="constraints.php?'. $misc->href ."&table=
". urlencode($c['p_table']) ."&schema=". urlencode($c['p_schema']) ."\"><img src=\"".
$misc->icon('PrimaryKey') .'" alt="[pk]" title="'. htmlentities($c['consrc']) .'" /></a>';
break;
case 'f':
- $str .= '<a href="tblproperties.php?'. $misc->href ."&table=
{$c['f_table']}&schema={$c['f_schema']}\"><img src=\"".
+ $str .= '<a href="tblproperties.php?'. $misc->href ."&table=
". urlencode($c['f_table']) ."&schema=". urlencode($c['f_schema']) ."\"><img src=\"".
$misc->icon('ForeignKey') .'" alt="[fk]" title="'. htmlentities($c['consrc']) .'" /></a>';
break;
case 'u':
- $str .= '<a href="constraints.php?'. $misc->href ."&table=
{$c['p_table']}&schema={$c['p_schema']}\"><img src=\"".
+ $str .= '<a href="constraints.php?'. $misc->href ."&table=
". urlencode($c['p_table']) ."&schema=". urlencode($c['p_schema']) ."\"><img src=\"".
$misc->icon('UniqueConstraint') .'" alt="[uniq]" title="'. htmlentities($c['consrc']) .'" /></a>';
break;
case 'c':
- $str .= '<a href="constraints.php?'. $misc->href ."&table=
{$c['p_table']}&schema={$c['p_schema']}\"><img src=\"".
+ $str .= '<a href="constraints.php?'. $misc->href ."&table=
". urlencode($c['p_table']) ."&schema=". urlencode($c['p_schema']) ."\"><img src=\"".
$misc->icon('CheckConstraint') .'" alt="[check]" title="'. htmlentities($c['consrc']) .'" /></a>';
}
}
return $str;
}
- $return_url = urlencode("tblproperties.php?{$misc->href}&table={$_REQUEST['table']}");
+ $return_url = urlencode("tblproperties.php?{$misc->href}&table=". urlencode($_REQUEST['table']));
$actions = array(
'browse' => array(
$query = $data->getSelectSQL($_REQUEST['view'], array_keys($_POST['show']),
$_POST['values'], $_POST['ops']);
$_REQUEST['query'] = $query;
- $_REQUEST['return_url'] = "views.php?action=confselectrows&{$misc->href}&view={$_REQUEST['view']}";
+ $_REQUEST['return_url'] = "views.php?action=confselectrows&{$misc->href}&view=". urlencode($_REQUEST['view']);
$_REQUEST['return_desc'] = $lang['strback'];
$_no_output = true;
projects / phppgadmin.git / commitdiff