]> git.joonet.de Git - adminer.git/commitdiff
projects / adminer.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 63f2a04)
Fix remote execution in SQLite query (thanks to Vincent Waart)
authorJakub Vrana <jakub@vrana.cz>
Wed, 1 Jun 2016 16:05:16 +0000 (09:05 -0700)
committerJakub Vrana <jakub@vrana.cz>
Wed, 1 Jun 2016 16:56:40 +0000 (09:56 -0700)
adminer/sql.inc.php patch | blob | history
changes.txt patch | blob | history

diff --git a/adminer/sql.inc.php b/adminer/sql.inc.php
index 6e3665024366e2b754b634dac760cdbb12e17903..fbecbfb2268ff69d333a03d72804d2ba3d3f174f 100644 (file)
--- a/adminer/sql.inc.php
+++ b/adminer/sql.inc.php
@@ -45,7 +45,7 @@ if (!$error && $_POST) {
                        }
                }
 
-               $space = "(?:\\s|/\\*.*\\*/|(?:#|-- )[^\n]*\n|--\r?\n)";
+               $space = "(?:\\s|/\\*[\s\S]*?\\*/|(?:#|-- )[^\n]*\n?|--\r?\n)";
                $delimiter = ";";
                $offset = 0;
                $empty = true;
@@ -62,7 +62,7 @@ if (!$error && $_POST) {
                unset($dump_format["sql"]);
 
                while ($query != "") {
-                       if (!$offset && preg_match("~^$space*DELIMITER\\s+(\\S+)~i", $query, $match)) {
+                       if (!$offset && preg_match("~^$space*+DELIMITER\\s+(\\S+)~i", $query, $match)) {
                                $delimiter = $match[1];
                                $query = substr($query, strlen($match[0]));
                        } else {
@@ -94,7 +94,7 @@ if (!$error && $_POST) {
                                                $q = substr($query, 0, $pos);
                                                $commands++;
                                                $print = "<pre id='sql-$commands'><code class='jush-$jush'>" . shorten_utf8(trim($q), 1000) . "</code></pre>\n";
-                                               if ($jush == "sqlite" && preg_match("~^$space*ATTACH\b~i", $q, $match)) {
+                                               if ($jush == "sqlite" && preg_match("~^$space*+ATTACH\\b~i", $q, $match)) {
                                                        // PHP doesn't support setting SQLITE_LIMIT_ATTACHED
                                                        echo $print;
                                                        echo "<p class='error'>" . lang('ATTACH queries are not supported.') . "\n";
@@ -110,7 +110,7 @@ if (!$error && $_POST) {
                                                        }
                                                        $start = microtime(true);
                                                        //! don't allow changing of character_set_results, convert encoding of displayed query
-                                                       if ($connection->multi_query($q) && is_object($connection2) && preg_match("~^$space*USE\\b~isU", $q)) {
+                                                       if ($connection->multi_query($q) && is_object($connection2) && preg_match("~^$space*+USE\\b~i", $q)) {
                                                                $connection2->query($q);
                                                        }
 
@@ -143,7 +143,7 @@ if (!$error && $_POST) {
                                                                                        . "<input type='hidden' name='query' value='" . h($q) . "'>"
                                                                                        . " <input type='submit' name='export' value='" . lang('Export') . "'><input type='hidden' name='token' value='$token'></span>\n"
                                                                                ;
-                                                                               if ($connection2 && preg_match("~^($space|\\()*SELECT\\b~isU", $q) && ($explain = explain($connection2, $q))) {
+                                                                               if ($connection2 && preg_match("~^($space|\\()*+SELECT\\b~i", $q) && ($explain = explain($connection2, $q))) {
                                                                                        $id = "explain-$commands";
                                                                                        echo ", <a href='#$id' onclick=\"return !toggle('$id');\">EXPLAIN</a>$export";
                                                                                        echo "<div id='$id' class='hidden'>\n";
@@ -156,7 +156,7 @@ if (!$error && $_POST) {
                                                                        }
 
                                                                } else {
-                                                                       if (preg_match("~^$space*(CREATE|DROP|ALTER)$space+(DATABASE|SCHEMA)\\b~isU", $q)) {
+                                                                       if (preg_match("~^$space*+(CREATE|DROP|ALTER)$space++(DATABASE|SCHEMA)\\b~i", $q)) {
                                                                                restart_session();
                                                                                set_session("dbs", null); // clear cache
                                                                                stop_session();
diff --git a/changes.txt b/changes.txt
index 986015f91bc3781798d579e020fe8631eb3d98bb..a073a70a257f7c3c8f12d9d567e391e224b904ca 100644 (file)
--- a/changes.txt
+++ b/changes.txt
@@ -1,4 +1,5 @@
 Adminer 4.2.5-dev:
+Fix remote execution in SQLite query
 PostgreSQL: Support KILL
 
 Adminer 4.2.4 (released 2016-02-06):
Sources of adminer, a webclient for database management systems.