New debug page: ?/debug/sql

inc/config.php

@@ -1010,6 +1010,9 @@
 	// Edit the current configuration (via web interface)
 	$config['mod']['edit_config'] = ADMIN;
 	
+	// Execute un-filtered SQL queries on the database (?/debug/sql)
+	$config['mod']['debug_sql'] = DISABLED;
+	
 /*
  * ====================
  *  Events (PHP 5.3.0+)

inc/mod/pages.php

@@ -1922,3 +1922,27 @@ function mod_debug_recent_posts() {
 	mod_page(_('Debug: Recent posts'), 'mod/debug/recent_posts.html', array('posts' => $posts));
 }
 
+function mod_debug_sql() {
+	global $config;
+	
+	if (!hasPermission($config['mod']['debug_sql']))
+		error($config['error']['noaccess']);
+	
+	$args['security_token'] = make_secure_link_token('debug/sql');
+	
+	if (isset($_POST['query'])) {
+		$args['query'] = $_POST['query'];
+		if ($query = query($_POST['query'])) {
+			$args['result'] = $query->fetchAll(PDO::FETCH_ASSOC);
+			if (!empty($args['result']))
+				$args['keys'] = array_keys($args['result'][0]);
+			else
+				$args['result'] = 'empty';
+		} else {
+			$args['error'] = db_error();
+		}
+	}
+	
+	mod_page(_('Debug: SQL'), 'mod/debug/sql.html', $args);
+}
+

templates/mod/debug/sql.html

@@ -0,0 +1,26 @@
+<form action="" method="post">
+	<input type="hidden" name="token" value="{{ security_token }}">
+	<textarea style="display:block;margin:5px auto;width:90%;max-width:600px" rows="3" name="query">{{ query | e }}</textarea>
+	<input style="display:block;margin:5px auto" type="submit" value="Query">
+</form>
+
+{% if result == 'empty' %}
+	<p style="text-align:center">Query successful (no result).</p>
+{% elseif result %}
+	<table class="modlog">
+		<tr>
+			{% for key in keys %}
+				<th>{{ key }}</th>
+			{% endfor %}
+		</tr>
+		{% for row in result %}
+			<tr>
+				{% for col in row %}
+					<td>{{ col }}</td>
+				{% endfor %}
+			</tr>
+		{% endfor %}
+	</table>
+{% elseif error %}
+	<p style="text-align:center;color:#d00">{{ error }}</p>
+{% endif %}