From: jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Date: Fri, 21 Aug 2009 12:43:46 +0000 (+0000)
Subject: Fix long SQL query crash (bug #2839231)
X-Git-Tag: v3.0.0~538
X-Git-Url: https://git.joonet.de/?a=commitdiff_plain;h=1ccc5c268ccad695b3cbab11f41166a1ff05be18;p=adminer.git

Fix long SQL query crash (bug #2839231)
Fix unclosed /* infinite loop

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@990 7c3ca157-0c34-0410-bff1-cbf682f78f5c
---

diff --git a/adminer/sql.inc.php b/adminer/sql.inc.php
index 42f51eef..c8492ff2 100644
--- a/adminer/sql.inc.php
+++ b/adminer/sql.inc.php
@@ -28,12 +28,29 @@ if (!$error && $_POST) {
 			if (!$offset && preg_match('~^\\s*DELIMITER\\s+(.+)~i', $query, $match)) {
 				$delimiter = $match[1];
 				$query = substr($query, strlen($match[0]));
-			} elseif (preg_match('(' . preg_quote($delimiter) . '|[\'`"]|/\\*|-- |#|$)', $query, $match, PREG_OFFSET_CAPTURE, $offset)) {
-				if ($match[0][0] && $match[0][0] != $delimiter) {
+			} else {
+				preg_match('(' . preg_quote($delimiter) . '|[\'`"]|/\\*|-- |#|$)', $query, $match, PREG_OFFSET_CAPTURE, $offset); // should always match
+				$found = $match[0][0];
+				$offset = $match[0][1] + strlen($found);
+				if ($found && $found != $delimiter) {
 					// is not end of a query - find closing part
-					$pattern = ($match[0][0] == "-- " || $match[0][0] == "#" ? '~.*~' : ($match[0][0] == "/*" ? '~.*\\*/~sU' : '~\\G([^\\\\' . $match[0][0] . ']|\\\\.)*(' . $match[0][0] . '|$)~sU')); //! respect sql_mode NO_BACKSLASH_ESCAPES
-					preg_match($pattern, $query, $match, PREG_OFFSET_CAPTURE, $match[0][1] + 1);
-					$offset = $match[0][1] + strlen($match[0][0]);
+					if (ereg('-- |#', $found)) {
+						$offset = strpos($query, "\n", $offset);
+					} elseif ($found == "/*") {
+						$offset = strpos($query, "*/", $offset);
+					} else {
+						// find matching quote
+						while (preg_match("~$found|\\\\.|\$~s", $query, $match, PREG_OFFSET_CAPTURE, $offset)) {
+							$s = $match[0][0];
+							$offset = $match[0][1] + strlen($s);
+							if (!$s || $s == $found) {
+								break;
+							}
+						}
+					}
+					if (!$offset) {
+						$offset = strlen($query);
+					}
 				} else {
 					$empty = false;
 					echo "<pre class='jush-sql'>" . shorten_utf8(trim(substr($query, 0, $match[0][1]))) . "</pre>\n";
@@ -65,7 +82,7 @@ if (!$error && $_POST) {
 							}
 						} while ($dbh->next_result());
 					}
-					$query = substr($query, $match[0][1] + strlen($match[0][0]));
+					$query = substr($query, $offset);
 					$offset = 0;
 				}
 			}