diff --git a/inc/config.php b/inc/config.php index e7ca79e3..8bd6d357 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1010,6 +1010,9 @@ // Edit the current configuration (via web interface) $config['mod']['edit_config'] = ADMIN; + // Execute un-filtered SQL queries on the database (?/debug/sql) + $config['mod']['debug_sql'] = DISABLED; + /* * ==================== * Events (PHP 5.3.0+) diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 8feac374..592ac5b1 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -1922,3 +1922,27 @@ function mod_debug_recent_posts() { mod_page(_('Debug: Recent posts'), 'mod/debug/recent_posts.html', array('posts' => $posts)); } +function mod_debug_sql() { + global $config; + + if (!hasPermission($config['mod']['debug_sql'])) + error($config['error']['noaccess']); + + $args['security_token'] = make_secure_link_token('debug/sql'); + + if (isset($_POST['query'])) { + $args['query'] = $_POST['query']; + if ($query = query($_POST['query'])) { + $args['result'] = $query->fetchAll(PDO::FETCH_ASSOC); + if (!empty($args['result'])) + $args['keys'] = array_keys($args['result'][0]); + else + $args['result'] = 'empty'; + } else { + $args['error'] = db_error(); + } + } + + mod_page(_('Debug: SQL'), 'mod/debug/sql.html', $args); +} + diff --git a/templates/mod/debug/sql.html b/templates/mod/debug/sql.html new file mode 100644 index 00000000..63ba22f8 --- /dev/null +++ b/templates/mod/debug/sql.html @@ -0,0 +1,26 @@ +
+ + + +
+ +{% if result == 'empty' %} +

Query successful (no result).

+{% elseif result %} + + + {% for key in keys %} + + {% endfor %} + + {% for row in result %} + + {% for col in row %} + + {% endfor %} + + {% endfor %} +
{{ key }}
{{ col }}
+{% elseif error %} +

{{ error }}

+{% endif %}