Process only enabled columns

author jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>

Wed, 22 Jul 2009 13:36:39 +0000 (13:36 +0000)

committer jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>

Wed, 22 Jul 2009 13:36:39 +0000 (13:36 +0000)
author jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Wed, 22 Jul 2009 13:36:39 +0000 (13:36 +0000)
committer jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Wed, 22 Jul 2009 13:36:39 +0000 (13:36 +0000)
diff --git a/adminer/select.inc.php b/adminer/select.inc.php

index 9a029b21b47ad80f882ad8c3fe113ea1a9ada113..98ef9e8150f22c15b8027ec63ee2e0860889462c 100644 (file)
--- a/adminer/select.inc.php
+++ b/adminer/select.inc.php
@@ -119,8 +119,8 @@ if ($_POST && !$error) {
                 $command = ($_POST["delete"] ? ($_POST["all"] && !$where ? "TRUNCATE " : "DELETE FROM ") : ($_POST["clone"] ? "INSERT INTO " : "UPDATE ")) . idf_escape($_GET["select"]);
                 if (!$_POST["delete"]) {
                         $set = array();
-                       foreach ($fields as $name => $field) {
-                               $val = process_input($name, $field);
+                       foreach ($columns as $name => $val) { //! should check also for edit or insert privileges
+                               $val = process_input($name, $fields[$name]);
                                 if ($_POST["clone"]) {
                                         $set[] = ($val !== false ? $val : idf_escape($name));
                                 } elseif ($val !== false) {
author	jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
	Wed, 22 Jul 2009 13:36:39 +0000 (13:36 +0000)
committer	jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
	Wed, 22 Jul 2009 13:36:39 +0000 (13:36 +0000)