$max_field_sizes = array('tinyblob' => '256', 'blob' => '65536', 'mediumblob' => '16777216', 'longblob' => '4294967296'); // yeah, really $this_field_max_size = $max_upload_size; // from PHP max if ($this_field_max_size > $max_field_sizes[$field['pma_type']]) { $this_field_max_size = $max_field_sizes[$field['pma_type']]; } echo PMA_displayMaximumUploadSize($this_field_max_size) . "\n"; // do not generate here the MAX_FILE_SIZE, because we should // put only one in the form to accommodate the biggest field if ($this_field_max_size > $biggest_max_file_size) { $biggest_max_file_size = $this_field_max_size; } } if (!empty($cfg['UploadDir'])) { $files = PMA_getFileSelectOptions(PMA_userDir($cfg['UploadDir'])); if ($files === FALSE) { echo ' <font color="red">' . $strError . '</font><br />' . "\n"; echo ' ' . $strWebServerUploadDirectoryError . "\n"; } elseif (!empty($files)) { echo "<br />\n"; echo ' <i>' . $strOr . '</i>' . ' ' . $strWebServerUploadDirectory . ':<br />' . "\n"; echo ' <select size="1" name="fields_uploadlocal_' . $field['Field_md5'] . $vkey . '">' . "\n"; echo ' <option value="" selected="selected"></option>' . "\n"; echo $files; echo ' </select>' . "\n"; } } // end if (web-server upload directory) } elseif ('geometry' == $field['pma_type']) { // ignore this column to avoid changing it
</label> </legend> <?php if (isset($cfg['SaveDir']) && !empty($cfg['SaveDir'])) { ?> <input type="checkbox" name="onserver" value="saveit" id="checkbox_dump_onserver" onclick="document.getElementById('checkbox_dump_asfile').checked = true;" <?php PMA_exportCheckboxCheck('onserver'); ?> /> <label for="checkbox_dump_onserver"> <?php echo sprintf($strSaveOnServer, htmlspecialchars(PMA_userDir($cfg['SaveDir']))); ?> </label>,<br /> <input type="checkbox" name="onserverover" value="saveitover" id="checkbox_dump_onserverover" onclick="document.getElementById('checkbox_dump_onserver').checked = true; document.getElementById('checkbox_dump_asfile').checked = true;" <?php PMA_exportCheckboxCheck('onserver_overwrite'); ?> /> <label for="checkbox_dump_onserverover"> <?php echo $strOverwriteExisting; ?> </label>
/** * Display the form used to select a file to import from the server upload directory * * @param array $import_list array of import types * @param string $uploaddir upload directory * * @return nothing */ function PMA_selectUploadFile($import_list, $uploaddir) { echo '<label for="radio_local_import_file">' . sprintf(__("Select from the web server upload directory <b>%s</b>:"), htmlspecialchars(PMA_userDir($uploaddir))) . '</label>'; $extensions = ''; foreach ($import_list as $key => $val) { if (!empty($extensions)) { $extensions .= '|'; } $extensions .= $val['extension']; } $matcher = '@\\.(' . $extensions . ')(\\.(' . PMA_supportedDecompressions() . '))?$@'; $active = isset($timeout_passed) && $timeout_passed && isset($local_import_file) ? $local_import_file : ''; $files = PMA_getFileSelectOptions(PMA_userDir($uploaddir), $matcher, $active); if ($files === false) { PMA_Message::error(__('The directory you set for upload work cannot be reached'))->display(); } elseif (!empty($files)) { echo "\n"; echo ' <select style="margin: 5px" size="1" name="local_import_file" id="select_local_import_file">' . "\n"; echo ' <option value=""> </option>' . "\n"; echo $files; echo ' </select>' . "\n"; } elseif (empty($files)) { echo '<i>' . __('There are no files to upload') . '</i>'; } }
/** * prints bookmark fieldset * * @usedby PMA_sqlQueryForm() * @uses $GLOBALS['cfg']['GZipDump'] * @uses $GLOBALS['cfg']['BZipDump'] * @uses $GLOBALS['cfg']['UploadDir'] * @uses $GLOBALS['cfg']['AvailableCharsets'] * @uses $GLOBALS['cfg']['AllowAnywhereRecoding'] * @uses $GLOBALS['strAutodetect'] * @uses $GLOBALS['strBzip'] * @uses $GLOBALS['strCharsetOfFile'] * @uses $GLOBALS['strCompression'] * @uses $GLOBALS['strError'] * @uses $GLOBALS['strGo'] * @uses $GLOBALS['strGzip'] * @uses $GLOBALS['strLocationTextfile'] * @uses $GLOBALS['strWebServerUploadDirectory'] * @uses $GLOBALS['strWebServerUploadDirectoryError'] * @uses $GLOBALS['allow_recoding'] * @uses $GLOBALS['charset'] * @uses $GLOBALS['max_upload_size'] * @uses PMA_supportedDecompressions() * @uses PMA_getFileSelectOptions() * @uses PMA_displayMaximumUploadSize() * @uses PMA_generateCharsetDropdownBox() * @uses PMA_generateHiddenMaxFileSize() * @uses PMA_MYSQL_INT_VERSION * @uses PMA_CSDROPDOWN_CHARSET * @uses empty() */ function PMA_sqlQueryFormUpload() { $errors = array(); $matcher = '@\\.sql(\\.(' . PMA_supportedDecompressions() . '))?$@'; // we allow only SQL here if (!empty($GLOBALS['cfg']['UploadDir'])) { $files = PMA_getFileSelectOptions(PMA_userDir($GLOBALS['cfg']['UploadDir']), $matcher, isset($timeout_passed) && $timeout_passed && isset($local_import_file) ? $local_import_file : ''); } else { $files = ''; } // start output echo '<fieldset id="">'; echo '<legend>'; echo $GLOBALS['strLocationTextfile'] . '</legend>'; echo '<div class="formelement">'; echo '<input type="file" name="sql_file" class="textfield" /> '; echo PMA_displayMaximumUploadSize($GLOBALS['max_upload_size']); // some browsers should respect this :) echo PMA_generateHiddenMaxFileSize($GLOBALS['max_upload_size']) . "\n"; echo '</div>'; if ($files === FALSE) { $errors[$GLOBALS['strError']] = $GLOBALS['strWebServerUploadDirectoryError']; } elseif (!empty($files)) { echo '<div class="formelement">'; echo '<strong>' . $GLOBALS['strWebServerUploadDirectory'] . ':</strong>' . "\n"; echo '<select size="1" name="sql_localfile">' . "\n"; echo '<option value="" selected="selected"></option>' . "\n"; echo $files; echo '</select>' . "\n"; echo '</div>'; } echo '<div class="clearfloat"></div>' . "\n"; echo '</fieldset>'; echo '<fieldset id="" class="tblFooters">'; if (PMA_MYSQL_INT_VERSION < 40100 && $GLOBALS['cfg']['AllowAnywhereRecoding'] && $GLOBALS['allow_recoding']) { echo $GLOBALS['strCharsetOfFile'] . "\n" . '<select name="charset_of_file" size="1">' . "\n"; foreach ($GLOBALS['cfg']['AvailableCharsets'] as $temp_charset) { echo '<option value="' . $temp_charset . '"'; if ($temp_charset == $GLOBALS['charset']) { echo ' selected="selected"'; } echo '>' . $temp_charset . '</option>' . "\n"; } echo '</select>' . "\n"; } elseif (PMA_MYSQL_INT_VERSION >= 40100) { echo $GLOBALS['strCharsetOfFile'] . "\n"; echo PMA_generateCharsetDropdownBox(PMA_CSDROPDOWN_CHARSET, 'charset_of_file', null, 'utf8', FALSE); } // end if (recoding) echo '<input type="submit" name="SQL" value="' . $GLOBALS['strGo'] . '" />' . "\n"; echo '<div class="clearfloat"></div>' . "\n"; echo '</fieldset>'; foreach ($errors as $error => $message) { echo '<div>' . $error . '</div>'; echo '<div>' . $message . '</div>'; } }
if (strtolower(substr($memory_limit, -1)) == 'm') { $memory_limit = (int) substr($memory_limit, 0, -1) * 1024 * 1024; } elseif (strtolower(substr($memory_limit, -1)) == 'k') { $memory_limit = (int) substr($memory_limit, 0, -1) * 1024; } elseif (strtolower(substr($memory_limit, -1)) == 'g') { $memory_limit = (int) substr($memory_limit, 0, -1) * 1024 * 1024 * 1024; } else { $memory_limit = (int) $memory_limit; } $read_limit = $memory_limit / 8; // Just to be sure, there might be lot of memory needed for uncompression // handle filenames if (!empty($local_import_file) && !empty($cfg['UploadDir'])) { // sanitize $local_import_file as it comes from a POST $local_import_file = PMA_securePath($local_import_file); $import_file = PMA_userDir($cfg['UploadDir']) . $local_import_file; } elseif (empty($import_file) || !is_uploaded_file($import_file)) { $import_file = 'none'; } // Do we have file to import? if ($import_file != 'none' && !$error) { // work around open_basedir and other limitations $open_basedir = @ini_get('open_basedir'); // If we are on a server with open_basedir, we must move the file // before opening it. The doc explains how to create the "./tmp" // directory if (!empty($open_basedir)) { $tmp_subdir = PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/'; if (is_writable($tmp_subdir)) { $import_file_new = $tmp_subdir . basename($import_file); if (move_uploaded_file($import_file, $import_file_new)) {
/** * * @access public * @uses $GLOBALS['strFileCouldNotBeRead'] * @uses PMA_File::setName() * @uses PMA_securePath() * @uses PMA_userDir() * @uses $GLOBALS['cfg']['UploadDir'] * @param string $name * @return boolean success */ function setLocalSelectedFile($name) { if (empty($GLOBALS['cfg']['UploadDir'])) return false; $this->setName(PMA_userDir($GLOBALS['cfg']['UploadDir']) . PMA_securePath($name)); if (! $this->isReadable()) { $this->_error_message = $GLOBALS['strFileCouldNotBeRead']; $this->setName(null); return false; } return true; }
// If dump is going to be compressed, set correct mime_type and add // compression to extension if ($compression == 'bzip') { $filename .= '.bz2'; $mime_type = 'application/x-bzip2'; } elseif ($compression == 'gzip') { $filename .= '.gz'; $mime_type = 'application/x-gzip'; } elseif ($compression == 'zip') { $filename .= '.zip'; $mime_type = 'application/zip'; } } // Open file on server if needed if ($save_on_server) { $save_filename = PMA_userDir($cfg['SaveDir']) . preg_replace('@[/\\\\]@', '_', $filename); unset($message); if (file_exists($save_filename) && empty($onserverover)) { $message = PMA_Message::error('strFileAlreadyExists'); $message->addParam($save_filename); } else { if (is_file($save_filename) && !is_writable($save_filename)) { $message = PMA_Message::error('strNoPermission'); $message->addParam($save_filename); } else { if (!($file_handle = @fopen($save_filename, 'w'))) { $message = PMA_Message::error('strNoPermission'); $message->addParam($save_filename); } } }
?> </label> <ul id="ul_save_asfile"> <?php if (isset($cfg['SaveDir']) && !empty($cfg['SaveDir'])) { ?> <li> <input type="checkbox" name="onserver" value="saveit" id="checkbox_dump_onserver" <?php PMA_exportCheckboxCheck('onserver'); ?> /> <label for="checkbox_dump_onserver"> <?php echo sprintf(__('Save on server in the directory <b>%s</b>'), htmlspecialchars(PMA_userDir($cfg['SaveDir']))); ?> </label> </li> <li> <input type="checkbox" name="onserverover" value="saveitover" id="checkbox_dump_onserverover" <?php PMA_exportCheckboxCheck('onserver_overwrite'); ?> /> <label for="checkbox_dump_onserverover"><?php echo __('Overwrite existing file(s)'); ?> </label> </li>
/** * prints bookmark fieldset * * @usedby PMA_sqlQueryForm() */ function PMA_sqlQueryFormUpload() { $errors = array(); $matcher = '@\\.sql(\\.(' . PMA_supportedDecompressions() . '))?$@'; // we allow only SQL here if (!empty($GLOBALS['cfg']['UploadDir'])) { $files = PMA_getFileSelectOptions(PMA_userDir($GLOBALS['cfg']['UploadDir']), $matcher, isset($timeout_passed) && $timeout_passed && isset($local_import_file) ? $local_import_file : ''); } else { $files = ''; } // start output echo '<fieldset id="">'; echo '<legend>'; echo __('Browse your computer:') . '</legend>'; echo '<div class="formelement">'; echo '<input type="file" name="sql_file" class="textfield" /> '; echo PMA_displayMaximumUploadSize($GLOBALS['max_upload_size']); // some browsers should respect this :) echo PMA_generateHiddenMaxFileSize($GLOBALS['max_upload_size']) . "\n"; echo '</div>'; if ($files === false) { $errors[] = PMA_Message::error(__('The directory you set for upload work cannot be reached')); } elseif (!empty($files)) { echo '<div class="formelement">'; echo '<strong>' . __('web server upload directory') . ':</strong>' . "\n"; echo '<select size="1" name="sql_localfile">' . "\n"; echo '<option value="" selected="selected"></option>' . "\n"; echo $files; echo '</select>' . "\n"; echo '</div>'; } echo '<div class="clearfloat"></div>' . "\n"; echo '</fieldset>'; echo '<fieldset id="" class="tblFooters">'; echo __('Character set of the file:') . "\n"; echo PMA_generateCharsetDropdownBox(PMA_CSDROPDOWN_CHARSET, 'charset_of_file', null, 'utf8', false); echo '<input type="submit" name="SQL" value="' . __('Go') . '" />' . "\n"; echo '<div class="clearfloat"></div>' . "\n"; echo '</fieldset>'; foreach ($errors as $error) { $error->display(); } }
} if (!is_writable($tmp_subdir)) { // if we cannot move the file don't change blob fields $file_to_insert = false; } else { $new_file_to_upload = $tmp_subdir . basename($file_to_insert); move_uploaded_file($file_to_insert, $new_file_to_upload); $file_to_insert = $new_file_to_upload; $unlink = true; unset($new_file_to_upload); } unset($tmp_subdir); } } elseif (!empty($me_fields_uploadlocal)) { // ... or selected file from $cfg['UploadDir'] $file_to_insert = PMA_userDir($GLOBALS['cfg']['UploadDir']) . preg_replace('@\\.\\.*@', '.', $me_fields_uploadlocal); if (!is_readable($file_to_insert)) { $file_to_insert = false; } } // garvin: else: Post-field contains no data. Blob-fields are preserved, see below. ($protected$) if ($file_to_insert) { $val = ''; // check if file is not empty if (function_exists('file_get_contents')) { $val = file_get_contents($file_to_insert); } elseif ($file_to_insert_size = filesize($file_to_insert)) { $val = fread(fopen($file_to_insert, 'rb'), $file_to_insert_size); } if (!empty($val)) { $val = '0x' . bin2hex($val);
// into MySQL and it also allow not to care about charset // conversion that would otherwise corrupt the data. if (!empty($val)) { // garvin: The upload was valid. Check in new blob-field's contents. $val = '0x' . bin2hex($val); $seen_binary = TRUE; $check_stop = TRUE; } // garvin: ELSE: an empty file was uploaded. Remove blob-field's contents. // Blob-fields are preserved, see below. ($protected$) } else { // garvin: Danger, will robinson. File is malicious. Blob-fields are preserved, see below. ($protected$) // void } } elseif (!empty(${'me_fields_uploadlocal_' . $encoded_key})) { $file_to_upload = PMA_userDir($cfg['UploadDir']) . preg_replace('@\\.\\.*@', '.', ${'me_fields_uploadlocal_' . $encoded_key}); // A local file will be uploaded. $open_basedir = @ini_get('open_basedir'); // If we are on a server with open_basedir, we must move the file // before opening it. The doc explains how to create the "./tmp" // directory $unlink = false; if (!empty($open_basedir)) { $tmp_subdir = PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/'; // function is_writeable() is valid on PHP3 and 4 if (!is_writeable($tmp_subdir)) { // if we cannot move the file don't change blob fields $file_to_upload = ''; } else { $new_file_to_upload = $tmp_subdir . basename($file_to_upload); move_uploaded_file($file_to_upload, $new_file_to_upload);
echo '<div class="warning">' . "\n"; echo $strUploadsNotAllowed . "\n"; } ?> </div> <?php if (!empty($cfg['UploadDir'])) { $extensions = ''; foreach ($import_list as $key => $val) { if (!empty($extensions)) { $extensions .= '|'; } $extensions .= $val['extension']; } $matcher = '@\\.(' . $extensions . ')(\\.(' . PMA_supportedDecompressions() . '))?$@'; $files = PMA_getFileSelectOptions(PMA_userDir($cfg['UploadDir']), $matcher, isset($timeout_passed) && $timeout_passed && isset($local_import_file) ? $local_import_file : ''); echo '<div class="formelementrow">' . "\n"; if ($files === FALSE) { echo ' <div class="warning">' . "\n"; echo ' <strong>' . $strError . '</strong>: ' . "\n"; echo ' ' . $strWebServerUploadDirectoryError . "\n"; echo ' </div>' . "\n"; } elseif (!empty($files)) { echo "\n"; echo ' <i>' . $strOr . '</i><br/><label for="select_local_import_file">' . $strWebServerUploadDirectory . '</label> : ' . "\n"; echo ' <select style="margin: 5px" size="1" name="local_import_file" onchange="match_file(this.value)" id="select_local_import_file">' . "\n"; echo ' <option value=""></option>' . "\n"; echo $files; echo ' </select>' . "\n"; } echo '</div>' . "\n";
/** * * @access public * @uses PMA_File::setName() * @uses PMA_securePath() * @uses PMA_userDir() * @uses $GLOBALS['cfg']['UploadDir'] * @param string $name * @return boolean success */ function setLocalSelectedFile($name) { if (empty($GLOBALS['cfg']['UploadDir'])) { return false; } $this->setName(PMA_userDir($GLOBALS['cfg']['UploadDir']) . PMA_securePath($name)); if (!$this->isReadable()) { $this->_error_message = __('File could not be read'); $this->setName(null); return false; } return true; }
/** * test of generating user dir, globals are defined * @dataProvider userDirDataProvider */ public function testUserDirString($a, $e) { $GLOBALS['cfg']['Server']['user'] = '******'; $this->assertEquals($e, PMA_userDir($a)); }