Ability to search by expression in select (bug #3158017)

author Jakub Vrana <jakub@vrana.cz>

Sun, 30 Jan 2011 01:07:27 +0000 (02:07 +0100)

committer Jakub Vrana <jakub@vrana.cz>

Sun, 30 Jan 2011 01:12:06 +0000 (02:12 +0100)
author Jakub Vrana <jakub@vrana.cz>
Sun, 30 Jan 2011 01:07:27 +0000 (02:07 +0100)
committer Jakub Vrana <jakub@vrana.cz>
Sun, 30 Jan 2011 01:12:06 +0000 (02:12 +0100)
diff --git a/adminer/drivers/mssql.inc.php b/adminer/drivers/mssql.inc.php

index 41b094e06e66c5d62ed4274e8485542278c6eebf..e779addae9ad2484f036ab3aa06fcbcfd4142efb 100644 (file)
--- a/adminer/drivers/mssql.inc.php
+++ b/adminer/drivers/mssql.inc.php
@@ -603,7 +603,7 @@ WHERE sys1.xtype = 'TR' AND sys2.name = " . q($table)
                 $structured_types[$key] = array_keys($val);
         }
         $unsigned = array();
-       $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL");
+       $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL", "");
         $functions = array("len", "lower", "round", "upper");
         $grouping = array("avg", "count", "count distinct", "max", "min", "sum");
         $edit_functions = array(
diff --git a/adminer/drivers/mysql.inc.php b/adminer/drivers/mysql.inc.php

index 24967642b0d7635e2499d5c8109a9073026c41c5..6b258491fd4b295353adb183a46a68f6cc39e5ab 100644 (file)
--- a/adminer/drivers/mysql.inc.php
+++ b/adminer/drivers/mysql.inc.php
@@ -887,7 +887,7 @@ if (!defined("DRIVER")) {
                 $structured_types[$key] = array_keys($val);
         }
         $unsigned = array("unsigned", "zerofill", "unsigned zerofill"); ///< @var array number variants
-       $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "REGEXP", "IN", "IS NULL", "NOT LIKE", "NOT REGEXP", "NOT IN", "IS NOT NULL"); ///< @var array operators used in select
+       $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "REGEXP", "IN", "IS NULL", "NOT LIKE", "NOT REGEXP", "NOT IN", "IS NOT NULL", ""); ///< @var array operators used in select
         $functions = array("char_length", "date", "from_unixtime", "hex", "lower", "round", "sec_to_time", "time_to_sec", "upper"); ///< @var array functions used in select
         $grouping = array("avg", "count", "count distinct", "group_concat", "max", "min", "sum"); ///< @var array grouping functions used in select
         $edit_functions = array( ///< @var array of array("$type|$type2" => "$function/$function2") functions used in editing, [0] - edit and insert, [1] - edit only
diff --git a/adminer/drivers/oracle.inc.php b/adminer/drivers/oracle.inc.php

index 05d3bebe44b0e4f5f7bb8c43f7ef1260663138fe..75bc96138fc2909a5eecc95cb969f026d9535e05 100644 (file)
--- a/adminer/drivers/oracle.inc.php
+++ b/adminer/drivers/oracle.inc.php
@@ -350,7 +350,7 @@ UNION SELECT view_name, 'view' FROM user_views" . ($name != "" ? " WHERE view_na
                 $structured_types[$key] = array_keys($val);
         }
         $unsigned = array();
-       $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT REGEXP", "NOT IN", "IS NOT NULL");
+       $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT REGEXP", "NOT IN", "IS NOT NULL", "");
         $functions = array("length", "lower", "round", "upper");
         $grouping = array("avg", "count", "count distinct", "max", "min", "sum");
         $edit_functions = array(
diff --git a/adminer/drivers/pgsql.inc.php b/adminer/drivers/pgsql.inc.php

index 6f3211b4ce2e0f4189a45063a078e862dbce6362..30a25218da531ab44b1d6e8421b83ee260afad39 100644 (file)
--- a/adminer/drivers/pgsql.inc.php
+++ b/adminer/drivers/pgsql.inc.php
@@ -533,7 +533,7 @@ AND typelem = 0"
                 $structured_types[$key] = array_keys($val);
         }
         $unsigned = array();
-       $operators = array("=", "<", ">", "<=", ">=", "!=", "~", "!~", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL");
+       $operators = array("=", "<", ">", "<=", ">=", "!=", "~", "!~", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL", "");
         $functions = array("char_length", "lower", "round", "to_hex", "to_timestamp", "upper");
         $grouping = array("avg", "count", "count distinct", "max", "min", "sum");
         $edit_functions = array(
diff --git a/adminer/drivers/sqlite.inc.php b/adminer/drivers/sqlite.inc.php

index d075988228c36e8b0e21a8247dbd2ca2ac375dc5..25a69a142606920020b7f7fd142457ed0a30f705 100644 (file)
--- a/adminer/drivers/sqlite.inc.php
+++ b/adminer/drivers/sqlite.inc.php
@@ -554,7 +554,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {
         $types = array("integer" => 0, "real" => 0, "numeric" => 0, "text" => 0, "blob" => 0);
         $structured_types = array_keys($types);
         $unsigned = array();
-       $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL"); // REGEXP can be user defined function
+       $operators = array("=", "<", ">", "<=", ">=", "!=", "LIKE", "LIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL", ""); // REGEXP can be user defined function
         $functions = array("hex", "length", "lower", "round", "unixepoch", "upper");
         $grouping = array("avg", "count", "count distinct", "group_concat", "max", "min", "sum");
         $edit_functions = array(
diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php

index ae9a136485903ce5840f4c44074125c098463fd0..77081eb299b55bacd08f966d34a35c1251e9cdfa 100644 (file)
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -229,7 +229,7 @@ document.getElementById('username').focus();
                         }
                 }
                 echo "<div><select name='where[$i][col]' onchange='selectAddRow(this);'><option value=''>(" . lang('anywhere') . ")" . optionlist($columns, null, true) . "</select>";
-               echo html_select("where[$i][op]", $this->operators);
+               echo html_select("where[$i][op]", $this->operators, "=");
                 echo "<input name='where[$i][val]'></div>\n";
                 echo "</div></fieldset>\n";
         }
@@ -333,6 +333,8 @@ document.getElementById('username').focus();
                                 if (ereg('IN$', $val["op"])) {
                                         $in = process_length($val["val"]);
                                         $cond .= " (" . ($in != "" ? $in : "NULL") . ")";
+                               } elseif (!$val["op"]) {
+                                       $cond .= $val["val"]; // SQL injection
                                 } elseif ($val["op"] == "LIKE %%") {
                                         $cond = " LIKE " . $this->processInput($fields[$val["col"]], "%$val[val]%");
                                 } elseif (!ereg('NULL$', $val["op"])) {
diff --git a/changes.txt b/changes.txt

index a29ec7e4bdf5acbbc57016f409df4e0ebbf00cff..835f57943a15b01671be6e4147de5d6c43e5e9ef 100644 (file)
--- a/changes.txt
+++ b/changes.txt
@@ -1,6 +1,7 @@
  Adminer 3.2.0-dev:
  Get long texts and slow information by AJAX
  All links and some forms by AJAX in browsers with support for history.pushState
+Ability to search by expression in select
  Permanent link in schema
  Display total time in show only errors mode in SQL command
  History: edit all
author	Jakub Vrana <jakub@vrana.cz>
	Sun, 30 Jan 2011 01:07:27 +0000 (02:07 +0100)
committer	Jakub Vrana <jakub@vrana.cz>
	Sun, 30 Jan 2011 01:12:06 +0000 (02:12 +0100)
adminer/drivers/mssql.inc.php		patch \| blob \| history
adminer/drivers/mysql.inc.php		patch \| blob \| history
adminer/drivers/oracle.inc.php		patch \| blob \| history
adminer/drivers/pgsql.inc.php		patch \| blob \| history
adminer/drivers/sqlite.inc.php		patch \| blob \| history
adminer/include/adminer.inc.php		patch \| blob \| history
changes.txt		patch \| blob \| history