$max_field_sizes = array('tinyblob' => '256', 'blob' => '65536', 'mediumblob' => '16777216', 'longblob' => '4294967296');
// yeah, really
$this_field_max_size = $max_upload_size;
// from PHP max
if ($this_field_max_size > $max_field_sizes[$field['pma_type']]) {
$this_field_max_size = $max_field_sizes[$field['pma_type']];
}
echo PMA_displayMaximumUploadSize($this_field_max_size) . "\n";
// do not generate here the MAX_FILE_SIZE, because we should
// put only one in the form to accommodate the biggest field
if ($this_field_max_size > $biggest_max_file_size) {
$biggest_max_file_size = $this_field_max_size;
}
}
if (!empty($cfg['UploadDir'])) {
$files = PMA_getFileSelectOptions(PMA_userDir($cfg['UploadDir']));
if ($files === FALSE) {
echo ' <font color="red">' . $strError . '</font><br />' . "\n";
echo ' ' . $strWebServerUploadDirectoryError . "\n";
} elseif (!empty($files)) {
echo "<br />\n";
echo ' <i>' . $strOr . '</i>' . ' ' . $strWebServerUploadDirectory . ':<br />' . "\n";
echo ' <select size="1" name="fields_uploadlocal_' . $field['Field_md5'] . $vkey . '">' . "\n";
echo ' <option value="" selected="selected"></option>' . "\n";
echo $files;
echo ' </select>' . "\n";
}
}
// end if (web-server upload directory)
} elseif ('geometry' == $field['pma_type']) {
// ignore this column to avoid changing it
</label>
</legend>
<?php
if (isset($cfg['SaveDir']) && !empty($cfg['SaveDir'])) {
?>
<input type="checkbox" name="onserver" value="saveit"
id="checkbox_dump_onserver"
onclick="document.getElementById('checkbox_dump_asfile').checked = true;"
<?php
PMA_exportCheckboxCheck('onserver');
?>
/>
<label for="checkbox_dump_onserver">
<?php
echo sprintf($strSaveOnServer, htmlspecialchars(PMA_userDir($cfg['SaveDir'])));
?>
</label>,<br />
<input type="checkbox" name="onserverover" value="saveitover"
id="checkbox_dump_onserverover"
onclick="document.getElementById('checkbox_dump_onserver').checked = true;
document.getElementById('checkbox_dump_asfile').checked = true;"
<?php
PMA_exportCheckboxCheck('onserver_overwrite');
?>
/>
<label for="checkbox_dump_onserverover">
<?php
echo $strOverwriteExisting;
?>
</label>
/**
* Display the form used to select a file to import from the server upload directory
*
* @param array $import_list array of import types
* @param string $uploaddir upload directory
*
* @return nothing
*/
function PMA_selectUploadFile($import_list, $uploaddir)
{
echo '<label for="radio_local_import_file">' . sprintf(__("Select from the web server upload directory <b>%s</b>:"), htmlspecialchars(PMA_userDir($uploaddir))) . '</label>';
$extensions = '';
foreach ($import_list as $key => $val) {
if (!empty($extensions)) {
$extensions .= '|';
}
$extensions .= $val['extension'];
}
$matcher = '@\\.(' . $extensions . ')(\\.(' . PMA_supportedDecompressions() . '))?$@';
$active = isset($timeout_passed) && $timeout_passed && isset($local_import_file) ? $local_import_file : '';
$files = PMA_getFileSelectOptions(PMA_userDir($uploaddir), $matcher, $active);
if ($files === false) {
PMA_Message::error(__('The directory you set for upload work cannot be reached'))->display();
} elseif (!empty($files)) {
echo "\n";
echo ' <select style="margin: 5px" size="1" name="local_import_file" id="select_local_import_file">' . "\n";
echo ' <option value=""> </option>' . "\n";
echo $files;
echo ' </select>' . "\n";
} elseif (empty($files)) {
echo '<i>' . __('There are no files to upload') . '</i>';
}
}
/**
* prints bookmark fieldset
*
* @usedby PMA_sqlQueryForm()
* @uses $GLOBALS['cfg']['GZipDump']
* @uses $GLOBALS['cfg']['BZipDump']
* @uses $GLOBALS['cfg']['UploadDir']
* @uses $GLOBALS['cfg']['AvailableCharsets']
* @uses $GLOBALS['cfg']['AllowAnywhereRecoding']
* @uses $GLOBALS['strAutodetect']
* @uses $GLOBALS['strBzip']
* @uses $GLOBALS['strCharsetOfFile']
* @uses $GLOBALS['strCompression']
* @uses $GLOBALS['strError']
* @uses $GLOBALS['strGo']
* @uses $GLOBALS['strGzip']
* @uses $GLOBALS['strLocationTextfile']
* @uses $GLOBALS['strWebServerUploadDirectory']
* @uses $GLOBALS['strWebServerUploadDirectoryError']
* @uses $GLOBALS['allow_recoding']
* @uses $GLOBALS['charset']
* @uses $GLOBALS['max_upload_size']
* @uses PMA_supportedDecompressions()
* @uses PMA_getFileSelectOptions()
* @uses PMA_displayMaximumUploadSize()
* @uses PMA_generateCharsetDropdownBox()
* @uses PMA_generateHiddenMaxFileSize()
* @uses PMA_MYSQL_INT_VERSION
* @uses PMA_CSDROPDOWN_CHARSET
* @uses empty()
*/
function PMA_sqlQueryFormUpload()
{
$errors = array();
$matcher = '@\\.sql(\\.(' . PMA_supportedDecompressions() . '))?$@';
// we allow only SQL here
if (!empty($GLOBALS['cfg']['UploadDir'])) {
$files = PMA_getFileSelectOptions(PMA_userDir($GLOBALS['cfg']['UploadDir']), $matcher, isset($timeout_passed) && $timeout_passed && isset($local_import_file) ? $local_import_file : '');
} else {
$files = '';
}
// start output
echo '<fieldset id="">';
echo '<legend>';
echo $GLOBALS['strLocationTextfile'] . '</legend>';
echo '<div class="formelement">';
echo '<input type="file" name="sql_file" class="textfield" /> ';
echo PMA_displayMaximumUploadSize($GLOBALS['max_upload_size']);
// some browsers should respect this :)
echo PMA_generateHiddenMaxFileSize($GLOBALS['max_upload_size']) . "\n";
echo '</div>';
if ($files === FALSE) {
$errors[$GLOBALS['strError']] = $GLOBALS['strWebServerUploadDirectoryError'];
} elseif (!empty($files)) {
echo '<div class="formelement">';
echo '<strong>' . $GLOBALS['strWebServerUploadDirectory'] . ':</strong>' . "\n";
echo '<select size="1" name="sql_localfile">' . "\n";
echo '<option value="" selected="selected"></option>' . "\n";
echo $files;
echo '</select>' . "\n";
echo '</div>';
}
echo '<div class="clearfloat"></div>' . "\n";
echo '</fieldset>';
echo '<fieldset id="" class="tblFooters">';
if (PMA_MYSQL_INT_VERSION < 40100 && $GLOBALS['cfg']['AllowAnywhereRecoding'] && $GLOBALS['allow_recoding']) {
echo $GLOBALS['strCharsetOfFile'] . "\n" . '<select name="charset_of_file" size="1">' . "\n";
foreach ($GLOBALS['cfg']['AvailableCharsets'] as $temp_charset) {
echo '<option value="' . $temp_charset . '"';
if ($temp_charset == $GLOBALS['charset']) {
echo ' selected="selected"';
}
echo '>' . $temp_charset . '</option>' . "\n";
}
echo '</select>' . "\n";
} elseif (PMA_MYSQL_INT_VERSION >= 40100) {
echo $GLOBALS['strCharsetOfFile'] . "\n";
echo PMA_generateCharsetDropdownBox(PMA_CSDROPDOWN_CHARSET, 'charset_of_file', null, 'utf8', FALSE);
}
// end if (recoding)
echo '<input type="submit" name="SQL" value="' . $GLOBALS['strGo'] . '" />' . "\n";
echo '<div class="clearfloat"></div>' . "\n";
echo '</fieldset>';
foreach ($errors as $error => $message) {
echo '<div>' . $error . '</div>';
echo '<div>' . $message . '</div>';
}
}
if (strtolower(substr($memory_limit, -1)) == 'm') {
$memory_limit = (int) substr($memory_limit, 0, -1) * 1024 * 1024;
} elseif (strtolower(substr($memory_limit, -1)) == 'k') {
$memory_limit = (int) substr($memory_limit, 0, -1) * 1024;
} elseif (strtolower(substr($memory_limit, -1)) == 'g') {
$memory_limit = (int) substr($memory_limit, 0, -1) * 1024 * 1024 * 1024;
} else {
$memory_limit = (int) $memory_limit;
}
$read_limit = $memory_limit / 8;
// Just to be sure, there might be lot of memory needed for uncompression
// handle filenames
if (!empty($local_import_file) && !empty($cfg['UploadDir'])) {
// sanitize $local_import_file as it comes from a POST
$local_import_file = PMA_securePath($local_import_file);
$import_file = PMA_userDir($cfg['UploadDir']) . $local_import_file;
} elseif (empty($import_file) || !is_uploaded_file($import_file)) {
$import_file = 'none';
}
// Do we have file to import?
if ($import_file != 'none' && !$error) {
// work around open_basedir and other limitations
$open_basedir = @ini_get('open_basedir');
// If we are on a server with open_basedir, we must move the file
// before opening it. The doc explains how to create the "./tmp"
// directory
if (!empty($open_basedir)) {
$tmp_subdir = PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/';
if (is_writable($tmp_subdir)) {
$import_file_new = $tmp_subdir . basename($import_file);
if (move_uploaded_file($import_file, $import_file_new)) {
/**
*
* @access public
* @uses $GLOBALS['strFileCouldNotBeRead']
* @uses PMA_File::setName()
* @uses PMA_securePath()
* @uses PMA_userDir()
* @uses $GLOBALS['cfg']['UploadDir']
* @param string $name
* @return boolean success
*/
function setLocalSelectedFile($name)
{
if (empty($GLOBALS['cfg']['UploadDir'])) return false;
$this->setName(PMA_userDir($GLOBALS['cfg']['UploadDir']) . PMA_securePath($name));
if (! $this->isReadable()) {
$this->_error_message = $GLOBALS['strFileCouldNotBeRead'];
$this->setName(null);
return false;
}
return true;
}
// If dump is going to be compressed, set correct mime_type and add
// compression to extension
if ($compression == 'bzip') {
$filename .= '.bz2';
$mime_type = 'application/x-bzip2';
} elseif ($compression == 'gzip') {
$filename .= '.gz';
$mime_type = 'application/x-gzip';
} elseif ($compression == 'zip') {
$filename .= '.zip';
$mime_type = 'application/zip';
}
}
// Open file on server if needed
if ($save_on_server) {
$save_filename = PMA_userDir($cfg['SaveDir']) . preg_replace('@[/\\\\]@', '_', $filename);
unset($message);
if (file_exists($save_filename) && empty($onserverover)) {
$message = PMA_Message::error('strFileAlreadyExists');
$message->addParam($save_filename);
} else {
if (is_file($save_filename) && !is_writable($save_filename)) {
$message = PMA_Message::error('strNoPermission');
$message->addParam($save_filename);
} else {
if (!($file_handle = @fopen($save_filename, 'w'))) {
$message = PMA_Message::error('strNoPermission');
$message->addParam($save_filename);
}
}
}
?>
</label>
<ul id="ul_save_asfile">
<?php
if (isset($cfg['SaveDir']) && !empty($cfg['SaveDir'])) {
?>
<li>
<input type="checkbox" name="onserver" value="saveit"
id="checkbox_dump_onserver"
<?php
PMA_exportCheckboxCheck('onserver');
?>
/>
<label for="checkbox_dump_onserver">
<?php
echo sprintf(__('Save on server in the directory <b>%s</b>'), htmlspecialchars(PMA_userDir($cfg['SaveDir'])));
?>
</label>
</li>
<li>
<input type="checkbox" name="onserverover" value="saveitover"
id="checkbox_dump_onserverover"
<?php
PMA_exportCheckboxCheck('onserver_overwrite');
?>
/>
<label for="checkbox_dump_onserverover"><?php
echo __('Overwrite existing file(s)');
?>
</label>
</li>
/**
* prints bookmark fieldset
*
* @usedby PMA_sqlQueryForm()
*/
function PMA_sqlQueryFormUpload()
{
$errors = array();
$matcher = '@\\.sql(\\.(' . PMA_supportedDecompressions() . '))?$@';
// we allow only SQL here
if (!empty($GLOBALS['cfg']['UploadDir'])) {
$files = PMA_getFileSelectOptions(PMA_userDir($GLOBALS['cfg']['UploadDir']), $matcher, isset($timeout_passed) && $timeout_passed && isset($local_import_file) ? $local_import_file : '');
} else {
$files = '';
}
// start output
echo '<fieldset id="">';
echo '<legend>';
echo __('Browse your computer:') . '</legend>';
echo '<div class="formelement">';
echo '<input type="file" name="sql_file" class="textfield" /> ';
echo PMA_displayMaximumUploadSize($GLOBALS['max_upload_size']);
// some browsers should respect this :)
echo PMA_generateHiddenMaxFileSize($GLOBALS['max_upload_size']) . "\n";
echo '</div>';
if ($files === false) {
$errors[] = PMA_Message::error(__('The directory you set for upload work cannot be reached'));
} elseif (!empty($files)) {
echo '<div class="formelement">';
echo '<strong>' . __('web server upload directory') . ':</strong>' . "\n";
echo '<select size="1" name="sql_localfile">' . "\n";
echo '<option value="" selected="selected"></option>' . "\n";
echo $files;
echo '</select>' . "\n";
echo '</div>';
}
echo '<div class="clearfloat"></div>' . "\n";
echo '</fieldset>';
echo '<fieldset id="" class="tblFooters">';
echo __('Character set of the file:') . "\n";
echo PMA_generateCharsetDropdownBox(PMA_CSDROPDOWN_CHARSET, 'charset_of_file', null, 'utf8', false);
echo '<input type="submit" name="SQL" value="' . __('Go') . '" />' . "\n";
echo '<div class="clearfloat"></div>' . "\n";
echo '</fieldset>';
foreach ($errors as $error) {
$error->display();
}
}
}
if (!is_writable($tmp_subdir)) {
// if we cannot move the file don't change blob fields
$file_to_insert = false;
} else {
$new_file_to_upload = $tmp_subdir . basename($file_to_insert);
move_uploaded_file($file_to_insert, $new_file_to_upload);
$file_to_insert = $new_file_to_upload;
$unlink = true;
unset($new_file_to_upload);
}
unset($tmp_subdir);
}
} elseif (!empty($me_fields_uploadlocal)) {
// ... or selected file from $cfg['UploadDir']
$file_to_insert = PMA_userDir($GLOBALS['cfg']['UploadDir']) . preg_replace('@\\.\\.*@', '.', $me_fields_uploadlocal);
if (!is_readable($file_to_insert)) {
$file_to_insert = false;
}
}
// garvin: else: Post-field contains no data. Blob-fields are preserved, see below. ($protected$)
if ($file_to_insert) {
$val = '';
// check if file is not empty
if (function_exists('file_get_contents')) {
$val = file_get_contents($file_to_insert);
} elseif ($file_to_insert_size = filesize($file_to_insert)) {
$val = fread(fopen($file_to_insert, 'rb'), $file_to_insert_size);
}
if (!empty($val)) {
$val = '0x' . bin2hex($val);
// into MySQL and it also allow not to care about charset
// conversion that would otherwise corrupt the data.
if (!empty($val)) {
// garvin: The upload was valid. Check in new blob-field's contents.
$val = '0x' . bin2hex($val);
$seen_binary = TRUE;
$check_stop = TRUE;
}
// garvin: ELSE: an empty file was uploaded. Remove blob-field's contents.
// Blob-fields are preserved, see below. ($protected$)
} else {
// garvin: Danger, will robinson. File is malicious. Blob-fields are preserved, see below. ($protected$)
// void
}
} elseif (!empty(${'me_fields_uploadlocal_' . $encoded_key})) {
$file_to_upload = PMA_userDir($cfg['UploadDir']) . preg_replace('@\\.\\.*@', '.', ${'me_fields_uploadlocal_' . $encoded_key});
// A local file will be uploaded.
$open_basedir = @ini_get('open_basedir');
// If we are on a server with open_basedir, we must move the file
// before opening it. The doc explains how to create the "./tmp"
// directory
$unlink = false;
if (!empty($open_basedir)) {
$tmp_subdir = PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/';
// function is_writeable() is valid on PHP3 and 4
if (!is_writeable($tmp_subdir)) {
// if we cannot move the file don't change blob fields
$file_to_upload = '';
} else {
$new_file_to_upload = $tmp_subdir . basename($file_to_upload);
move_uploaded_file($file_to_upload, $new_file_to_upload);
echo '<div class="warning">' . "\n";
echo $strUploadsNotAllowed . "\n";
}
?>
</div>
<?php
if (!empty($cfg['UploadDir'])) {
$extensions = '';
foreach ($import_list as $key => $val) {
if (!empty($extensions)) {
$extensions .= '|';
}
$extensions .= $val['extension'];
}
$matcher = '@\\.(' . $extensions . ')(\\.(' . PMA_supportedDecompressions() . '))?$@';
$files = PMA_getFileSelectOptions(PMA_userDir($cfg['UploadDir']), $matcher, isset($timeout_passed) && $timeout_passed && isset($local_import_file) ? $local_import_file : '');
echo '<div class="formelementrow">' . "\n";
if ($files === FALSE) {
echo ' <div class="warning">' . "\n";
echo ' <strong>' . $strError . '</strong>: ' . "\n";
echo ' ' . $strWebServerUploadDirectoryError . "\n";
echo ' </div>' . "\n";
} elseif (!empty($files)) {
echo "\n";
echo ' <i>' . $strOr . '</i><br/><label for="select_local_import_file">' . $strWebServerUploadDirectory . '</label> : ' . "\n";
echo ' <select style="margin: 5px" size="1" name="local_import_file" onchange="match_file(this.value)" id="select_local_import_file">' . "\n";
echo ' <option value=""></option>' . "\n";
echo $files;
echo ' </select>' . "\n";
}
echo '</div>' . "\n";
/**
*
* @access public
* @uses PMA_File::setName()
* @uses PMA_securePath()
* @uses PMA_userDir()
* @uses $GLOBALS['cfg']['UploadDir']
* @param string $name
* @return boolean success
*/
function setLocalSelectedFile($name)
{
if (empty($GLOBALS['cfg']['UploadDir'])) {
return false;
}
$this->setName(PMA_userDir($GLOBALS['cfg']['UploadDir']) . PMA_securePath($name));
if (!$this->isReadable()) {
$this->_error_message = __('File could not be read');
$this->setName(null);
return false;
}
return true;
}
/**
* test of generating user dir, globals are defined
* @dataProvider userDirDataProvider
*/
public function testUserDirString($a, $e)
{
$GLOBALS['cfg']['Server']['user'] = '******';
$this->assertEquals($e, PMA_userDir($a));
}
