+[% last_sql %] ++
+[% sql_output %] ++
Please use only single-quotes (') in your statements for now!!
+ + +[% PROCESS global/footer.html.tmpl %] --- editsql.cgi~ 1969-12-31 16:00:00.000000000 -0800 +++ editsql.cgi 2010-10-07 17:32:14.000000000 -0700 @@ -0,0 +1,118 @@ +#!__PERL_BINARY__ -wT +# -*- Mode: perl; indent-tabs-mode: nil -*- + +use strict; +use lib qw(. lib); + +use Bugzilla; +use Bugzilla::Constants; +use Bugzilla::Error; +use Bugzilla::Util; +use Bugzilla::Field; +use Bugzilla::Token; + +my $cgi = Bugzilla->cgi; +my $template = Bugzilla->template; +my $vars = {}; + +# Make sure the user is logged in and is an administrator. +my $user = Bugzilla->login(LOGIN_REQUIRED); +$user->in_group('admin') + || ThrowUserError('auth_failure', {group => 'admin', + action => 'run', + object => 'administrative_pages'}); + +my $action = trim($cgi->param('action') || ''); +my $token = $cgi->param('token'); + +print $cgi->header(); + +# Show an index page +if (!$action) { + $vars->{'token'} = issue_session_token('sql_form'); + + $template->process('admin/sql/index.html.tmpl', $vars) + || ThrowTemplateError($template->error()); +} +# Submit a sql fragment and return the output. +elsif ($action eq 'execute') { + check_token_data($token, 'sql_form'); + + $vars->{'last_sql'} = $cgi->param('sql_input'); + $vars->{'sql_output'} = _execute($cgi->param('sql_input')); + + $vars->{'token'} = issue_session_token('sql_form'); + + $template->process('admin/sql/index.html.tmpl', $vars) + || ThrowTemplateError($template->error()); +} +else { + ThrowUserError('no_valid_action', {'field' => 'sql'}); +} + +sub _execute() { + my $sql_input = shift; + + chomp($sql_input); + + return "Empty statement!" unless ($sql_input && length($sql_input) > 0); + + my $lc = Bugzilla->localconfig; + + return "This works currently only for MySQL!!" unless (lc($lc->{db_driver}) eq 'mysql'); + + my ($host, $port, $user, $password, $database, $execute); + + if ($lc->{db_sock}) { + $host = "--socket=" . $lc->{db_sock}; + } + elsif ($lc->{db_host}) { + $host = "--host=" . $lc->{db_host}; + } + else { + $host = "--host=localhost"; + } + + if ($host =~ m/^--host/ && $lc->{db_port}) { + $port = "--port=" . $lc->{db_port}; + } + + if ($lc->{db_user}) { + $user = "--user=" . $lc->{db_user}; + } + + if ($lc->{db_pass}) { + $password = "--password=" . $lc->{db_pass}; + } + + if ($lc->{db_name}) { + $database = "--database=" . $lc->{db_name}; + } + + $sql_input =~ s/\n//gs; + if ($sql_input =~ m/^([^\\"]+)$/) { + $sql_input = $1; + } + else { + return "String not understood:-("; + } + + $execute = "--execute=\"" . $sql_input . "\""; + + print STDERR "execute: /usr/bin/mysql $host $port $user $password $database $execute 2>&1\n"; + + my $output = `/usr/bin/mysql --table $host $port $user $password $database $execute 2>&1`; + my $ret_code = $? >> 8; + my $ret_comment = "\nOK\n"; + + $ret_comment = "\nCommand failed!!\n" if ($ret_code != 0); + + if ($output) { + $output .= $ret_comment; + } + else { + $output = $ret_comment; + } + + return $output; +}