} else { // Now we can check the parameters PMA_Util::checkParameters(array('sql_query')); } /** * Parse and analyze the query */ require_once 'libraries/parse_analyze.inc.php'; /** * Check rights in case of DROP DATABASE * * This test may be bypassed if $is_js_confirmed = 1 (already checked with js) * but since a malicious user may pass this variable by url/form, we don't take * into account this case. */ if (PMA_hasNoRightsToDropDatabase($analyzed_sql_results, $cfg['AllowUserDropDatabase'], $is_superuser)) { PMA_Util::mysqlDie(__('"DROP DATABASE" statements are disabled.'), '', '', $err_url); } // end if /** * Need to find the real end of rows? */ if (isset($find_real_end) && $find_real_end) { $unlim_num_rows = PMA_findRealEndOfRows($db, $table); } /** * Bookmark add */ if (isset($_POST['store_bkm'])) { PMA_addBookmark($cfg['PmaAbsoluteUri'], $goto); // script has exited at this point
/** * Test PMA_hasNoRightsToDropDatabase * * @return void */ public function testHasNoRightsToDropDatabase() { $this->assertEquals(!defined('PMA_CHK_DROP'), PMA_hasNoRightsToDropDatabase(PMA_parseAndAnalyze('DROP DATABASE db'), false, false)); $this->assertEquals(!defined('PMA_CHK_DROP'), PMA_hasNoRightsToDropDatabase(PMA_parseAndAnalyze('DROP TABLE tbl'), false, false)); $this->assertEquals(!defined('PMA_CHK_DROP'), PMA_hasNoRightsToDropDatabase(PMA_parseAndAnalyze('SELECT * from tbl'), false, false)); }