From 2d864d7fe234719071ee421b401e891f5ab9a758 Mon Sep 17 00:00:00 2001 From: chriskl Date: Wed, 19 Nov 2003 02:12:47 +0000 Subject: [PATCH] fix nasty bug in escaping pg_ in internal queries --- HISTORY | 1 + classes/database/Postgres.php | 20 ++++++++++---------- classes/database/Postgres73.php | 16 ++++++++-------- classes/database/Postgres74.php | 4 ++-- 4 files changed, 21 insertions(+), 20 deletions(-) diff --git a/HISTORY b/HISTORY index b98f3cc6..507a0256 100644 --- a/HISTORY +++ b/HISTORY @@ -43,6 +43,7 @@ Bugs in PostgreSQL 7.0.x * Resetting sequence on 7.1+ now restarts at 1, not 2 * Remove deprecated column default 'now' from SQL script +* Properly escape pg_ in internal queries Translations * Afrikaans from Petri Jooste diff --git a/classes/database/Postgres.php b/classes/database/Postgres.php index 3badcf10..74ebe2d4 100755 --- a/classes/database/Postgres.php +++ b/classes/database/Postgres.php @@ -4,7 +4,7 @@ * A class that implements the DB interface for Postgres * Note: This class uses ADODB and returns RecordSets. * - * $Id: Postgres.php,v 1.163 2003/11/15 10:40:25 chriskl Exp $ + * $Id: Postgres.php,v 1.164 2003/11/19 02:12:47 chriskl Exp $ */ // @@@ THOUGHT: What about inherits? ie. use of ONLY??? @@ -988,7 +988,7 @@ class Postgres extends BaseDB { */ function &getTables($all = false) { global $conf; - if (!$conf['show_system'] || $all) $where = "WHERE tablename NOT LIKE 'pg_%' "; + if (!$conf['show_system'] || $all) $where = "WHERE tablename NOT LIKE 'pg\\\\_%' "; else $where = ''; $sql = "SELECT NULL AS schemaname, tablename, tableowner FROM pg_tables {$where}ORDER BY tablename"; return $this->selectSet($sql); @@ -1995,7 +1995,7 @@ class Postgres extends BaseDB { function &getViews() { global $conf; if (!$conf['show_system']) - $where = "WHERE viewname NOT LIKE 'pg_%'"; + $where = "WHERE viewname NOT LIKE 'pg\\\\_%'"; else $where = ''; $sql = "SELECT viewname, viewowner FROM pg_views {$where} ORDER BY viewname"; @@ -2102,7 +2102,7 @@ class Postgres extends BaseDB { SELECT CASE WHEN relkind='r' THEN 'TABLE'::VARCHAR WHEN relkind='v' THEN 'VIEW'::VARCHAR WHEN relkind='S' THEN 'SEQUENCE'::VARCHAR END AS type, pc.oid, NULL::VARCHAR AS schemaname, NULL::VARCHAR AS relname, pc.relname AS name FROM pg_class pc WHERE relkind IN ('r', 'v', 'S') AND relname ~* '.*{$term}.*'"; - if (!$conf['show_system']) $sql .= " AND pc.relname NOT LIKE 'pg_%'"; + if (!$conf['show_system']) $sql .= " AND pc.relname NOT LIKE 'pg\\\\_%'"; // Columns $sql .= " @@ -2110,7 +2110,7 @@ class Postgres extends BaseDB { SELECT 'COLUMN', NULL, NULL, pc.relname, pa.attname FROM pg_class pc, pg_attribute pa WHERE pc.oid=pa.attrelid AND pa.attname ~* '.*{$term}.*' AND pa.attnum > 0 AND pc.relkind IN ('r', 'v')"; - if (!$conf['show_system']) $sql .= " AND pc.relname NOT LIKE 'pg_%'"; + if (!$conf['show_system']) $sql .= " AND pc.relname NOT LIKE 'pg\\\\_%'"; // Functions $sql .= " @@ -2126,7 +2126,7 @@ class Postgres extends BaseDB { pg_index pi, pg_class pc2 WHERE pc.oid=pi.indrelid AND pi.indexrelid=pc2.oid AND pc2.relname ~* '.*{$term}.*' AND NOT pi.indisprimary AND NOT pi.indisunique"; - if (!$conf['show_system']) $sql .= " AND pc2.relname NOT LIKE 'pg_%'"; + if (!$conf['show_system']) $sql .= " AND pc2.relname NOT LIKE 'pg\\\\_%'"; // Check Constraints $sql .= " @@ -2134,7 +2134,7 @@ class Postgres extends BaseDB { SELECT 'CONSTRAINT', NULL, NULL, pc.relname, pr.rcname FROM pg_class pc, pg_relcheck pr WHERE pc.oid=pr.rcrelid AND pr.rcname ~* '.*{$term}.*'"; - if (!$conf['show_system']) $sql .= " AND pc.relname NOT LIKE 'pg_%'"; + if (!$conf['show_system']) $sql .= " AND pc.relname NOT LIKE 'pg\\\\_%'"; // Unique and Primary Key Constraints $sql .= " UNION ALL @@ -2142,7 +2142,7 @@ class Postgres extends BaseDB { pg_index pi, pg_class pc2 WHERE pc.oid=pi.indrelid AND pi.indexrelid=pc2.oid AND pc2.relname ~* '.*{$term}.*' AND (pi.indisprimary OR pi.indisunique)"; - if (!$conf['show_system']) $sql .= " AND pc2.relname NOT LIKE 'pg_%'"; + if (!$conf['show_system']) $sql .= " AND pc2.relname NOT LIKE 'pg\\\\_%'"; // Triggers $sql .= " @@ -2150,14 +2150,14 @@ class Postgres extends BaseDB { SELECT 'TRIGGER', NULL, NULL, pc.relname, pt.tgname FROM pg_class pc, pg_trigger pt WHERE pc.oid=pt.tgrelid AND pt.tgname ~* '.*{$term}.*'"; - if (!$conf['show_system']) $sql .= " AND pc.relname NOT LIKE 'pg_%'"; + if (!$conf['show_system']) $sql .= " AND pc.relname NOT LIKE 'pg\\\\_%'"; // Rules $sql .= " UNION ALL SELECT 'RULE', NULL, NULL, tablename, rulename FROM pg_rules WHERE rulename ~* '.*{$term}.*'"; - if (!$conf['show_system']) $sql .= " AND tablename NOT LIKE 'pg_%'"; + if (!$conf['show_system']) $sql .= " AND tablename NOT LIKE 'pg\\\\_%'"; // Advanced Objects if ($conf['show_advanced']) { diff --git a/classes/database/Postgres73.php b/classes/database/Postgres73.php index 04cfcb00..0e541cee 100644 --- a/classes/database/Postgres73.php +++ b/classes/database/Postgres73.php @@ -4,7 +4,7 @@ * A class that implements the DB interface for Postgres * Note: This class uses ADODB and returns RecordSets. * - * $Id: Postgres73.php,v 1.78 2003/11/08 10:33:57 chriskl Exp $ + * $Id: Postgres73.php,v 1.79 2003/11/19 02:12:48 chriskl Exp $ */ // @@@ THOUGHT: What about inherits? ie. use of ONLY??? @@ -99,8 +99,8 @@ class Postgres73 extends Postgres72 { */ function &getSchemas() { global $conf; - - if (!$conf['show_system']) $and = "AND nspname NOT LIKE 'pg_%'"; + + if (!$conf['show_system']) $and = "AND nspname NOT LIKE 'pg\\\\_%'"; else $and = ''; $sql = "SELECT pn.nspname, pu.usename AS nspowner FROM pg_catalog.pg_namespace pn, pg_catalog.pg_user pu WHERE pn.nspowner = pu.usesysid @@ -1152,9 +1152,9 @@ class Postgres73 extends Postgres72 { // Exclude system relations if necessary if (!$conf['show_system']) { - $where = " AND pn.nspname NOT LIKE 'pg_%'"; + $where = " AND pn.nspname NOT LIKE 'pg\\\\_%'"; $lan_where = "AND pl.lanispl"; - $rule_where = " AND schemaname NOT LIKE 'pg_%'"; + $rule_where = " AND schemaname NOT LIKE 'pg\\\\_%'"; } else { $where = ''; @@ -1304,9 +1304,9 @@ class Postgres73 extends Postgres72 { $where = ''; else $where = " - AND n1.nspname NOT LIKE 'pg_%' - AND n2.nspname NOT LIKE 'pg_%' - AND n3.nspname NOT LIKE 'pg_%' + AND n1.nspname NOT LIKE 'pg\\\\_%' + AND n2.nspname NOT LIKE 'pg\\\\_%' + AND n3.nspname NOT LIKE 'pg\\\\_%' "; $sql = " diff --git a/classes/database/Postgres74.php b/classes/database/Postgres74.php index 9b876ce7..b87b6d37 100644 --- a/classes/database/Postgres74.php +++ b/classes/database/Postgres74.php @@ -4,7 +4,7 @@ * A class that implements the DB interface for Postgres * Note: This class uses ADODB and returns RecordSets. * - * $Id: Postgres74.php,v 1.18 2003/10/12 05:46:32 chriskl Exp $ + * $Id: Postgres74.php,v 1.19 2003/11/19 02:12:48 chriskl Exp $ */ include_once('classes/database/Postgres73.php'); @@ -122,7 +122,7 @@ class Postgres74 extends Postgres73 { function &getSchemas() { global $conf; - if (!$conf['show_system']) $and = "AND nspname NOT LIKE 'pg_%' AND nspname != 'information_schema'"; + if (!$conf['show_system']) $and = "AND nspname NOT LIKE 'pg\\\\_%' AND nspname != 'information_schema'"; else $and = ''; $sql = "SELECT pn.nspname, pu.usename AS nspowner FROM pg_catalog.pg_namespace pn, pg_catalog.pg_user pu WHERE pn.nspowner = pu.usesysid -- 2.39.5