Ejemplo n.º 1
0
    /**
     * Displays a message at the top of the "main" (right) frame
     *
     * @param   string  the message to display
     *
     * @global  array   the configuration array
     *
     * @access  public
     */
    function PMA_showMessage($message)
    {
        global $cfg;
        // Sanitizes $message
        $message = PMA_sanitize($message);
        // Corrects the tooltip text via JS if required
        if (!empty($GLOBALS['table']) && $cfg['ShowTooltip']) {
            $result = PMA_DBI_try_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], TRUE) . '\'');
            if ($result) {
                $tbl_status = PMA_DBI_fetch_assoc($result);
                $tooltip = empty($tbl_status['Comment']) ? '' : $tbl_status['Comment'] . ' ';
                $tooltip .= '(' . $tbl_status['Rows'] . ' ' . $GLOBALS['strRows'] . ')';
                PMA_DBI_free_result($result);
                $md5_tbl = md5($GLOBALS['table']);
                echo "\n";
                ?>
<script type="text/javascript" language="javascript1.2">
<!--
if (typeof(document.getElementById) != 'undefined'
    && typeof(window.parent.frames['nav']) != 'undefined'
    && typeof(window.parent.frames['nav'].document) != 'undefined' && typeof(window.parent.frames['nav'].document) != 'unknown'
    && (window.parent.frames['nav'].document.getElementById('<?php 
                echo 'tbl_' . $md5_tbl;
                ?>
'))
    && typeof(window.parent.frames['nav'].document.getElementById('<?php 
                echo 'tbl_' . $md5_tbl;
                ?>
')) != 'undefined'
    && typeof(window.parent.frames['nav'].document.getElementById('<?php 
                echo 'tbl_' . $md5_tbl;
                ?>
').title) == 'string') {
    window.parent.frames['nav'].document.getElementById('<?php 
                echo 'tbl_' . $md5_tbl;
                ?>
').title = '<?php 
                echo PMA_jsFormat($tooltip, FALSE);
                ?>
';
}
//-->
</script>
                <?php 
            }
            // end if
        }
        // end if... else if
        // Checks if the table needs to be repaired after a TRUNCATE query.
        if (isset($GLOBALS['table']) && isset($GLOBALS['sql_query']) && $GLOBALS['sql_query'] == 'TRUNCATE TABLE ' . PMA_backquote($GLOBALS['table'])) {
            if (!isset($tbl_status)) {
                $result = @PMA_DBI_try_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], TRUE) . '\'');
                if ($result) {
                    $tbl_status = PMA_DBI_fetch_assoc($result);
                    PMA_DBI_free_result($result);
                }
            }
            if (isset($tbl_status) && (int) $tbl_status['Index_length'] > 1024) {
                PMA_DBI_try_query('REPAIR TABLE ' . PMA_backquote($GLOBALS['table']));
            }
        }
        unset($tbl_status);
        echo "\n";
        ?>
<br />
<div align="<?php 
        echo $GLOBALS['cell_align_left'];
        ?>
">
    <table border="<?php 
        echo $cfg['Border'];
        ?>
" cellpadding="5" cellspacing="1">
    <tr>
        <th<?php 
        echo $GLOBALS['theme'] != 'original' ? ' class="tblHeaders"' : ' bgcolor="' . $cfg['ThBgcolor'] . '"';
        ?>
>
            <b><?php 
        echo $message;
        ?>
</b>
        </th>
    </tr>
        <?php 
        if ($cfg['ShowSQL'] == TRUE && (!empty($GLOBALS['sql_query']) || !empty($GLOBALS['display_query']))) {
            $local_query = !empty($GLOBALS['display_query']) ? $GLOBALS['display_query'] : ($cfg['SQP']['fmtType'] == 'none' && isset($GLOBALS['unparsed_sql']) && $GLOBALS['unparsed_sql'] != '' ? $GLOBALS['unparsed_sql'] : $GLOBALS['sql_query']);
            // Basic url query part
            $url_qpart = '?' . PMA_generate_common_url(isset($GLOBALS['db']) ? $GLOBALS['db'] : '', isset($GLOBALS['table']) ? $GLOBALS['table'] : '');
            echo "\n";
            ?>
    <tr>
        <td bgcolor="<?php 
            echo $cfg['BgcolorOne'];
            ?>
">
            <?php 
            echo "\n";
            // Html format the query to be displayed
            // The nl2br function isn't used because its result isn't a valid
            // xhtml1.0 statement before php4.0.5 ("<br>" and not "<br />")
            // If we want to show some sql code it is easiest to create it here
            /* SQL-Parser-Analyzer */
            $sqlnr = 1;
            if (!empty($GLOBALS['show_as_php'])) {
                $new_line = '\'<br />' . "\n" . '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;. \' ';
            }
            if (isset($new_line)) {
                /* SQL-Parser-Analyzer */
                $query_base = PMA_sqlAddslashes(htmlspecialchars($local_query));
                /* SQL-Parser-Analyzer */
                $query_base = preg_replace("@((\r\n)|(\r)|(\n))+@", $new_line, $query_base);
            } else {
                $query_base = $local_query;
            }
            // Here we append the LIMIT added for navigation, to
            // enable its display. Adding it higher in the code
            // to $local_query would create a problem when
            // using the Refresh or Edit links.
            // Only append it on SELECTs.
            // FIXME: what would be the best to do when someone
            // hits Refresh: use the current LIMITs ?
            // TODO: use the parser instead of preg_match()
            if (preg_match('@^SELECT[[:space:]]+@i', $query_base) && isset($GLOBALS['sql_limit_to_append'])) {
                $query_base .= $GLOBALS['sql_limit_to_append'];
            }
            if (!empty($GLOBALS['show_as_php'])) {
                $query_base = '$sql  = \'' . $query_base;
            } else {
                if (!empty($GLOBALS['validatequery'])) {
                    $query_base = PMA_validateSQL($query_base);
                } else {
                    // avoid reparsing query:
                    if (isset($GLOBALS['parsed_sql']) && $query_base == $GLOBALS['parsed_sql']['raw']) {
                        $parsed_sql = $GLOBALS['parsed_sql'];
                    } else {
                        $parsed_sql = PMA_SQP_parse($query_base);
                    }
                    $query_base = PMA_formatSql($parsed_sql, $query_base);
                }
            }
            // Prepares links that may be displayed to edit/explain the query
            // (don't go to default pages, we must go to the page
            // where the query box is available)
            // (also, I don't see why we should check the goto variable)
            //if (!isset($GLOBALS['goto'])) {
            //$edit_target = (isset($GLOBALS['table'])) ? $cfg['DefaultTabTable'] : $cfg['DefaultTabDatabase'];
            $edit_target = isset($GLOBALS['db']) ? isset($GLOBALS['table']) ? 'tbl_properties.php' : 'db_details.php' : '';
            //} else if ($GLOBALS['goto'] != 'main.php') {
            //    $edit_target = $GLOBALS['goto'];
            //} else {
            //    $edit_target = '';
            //}
            if (isset($cfg['SQLQuery']['Edit']) && $cfg['SQLQuery']['Edit'] == TRUE && !empty($edit_target)) {
                $onclick = '';
                if ($cfg['QueryFrameJS'] && $cfg['QueryFrame']) {
                    $onclick = 'onclick="focus_querywindow(\'' . urlencode($local_query) . '\'); return false;"';
                }
                $edit_link = '&nbsp;[<a href="' . $edit_target . $url_qpart . '&amp;sql_query=' . urlencode($local_query) . '&amp;show_query=1#querybox" ' . $onclick . '>' . $GLOBALS['strEdit'] . '</a>]';
            } else {
                $edit_link = '';
            }
            // Want to have the query explained (Mike Beck 2002-05-22)
            // but only explain a SELECT (that has not been explained)
            /* SQL-Parser-Analyzer */
            if (isset($cfg['SQLQuery']['Explain']) && $cfg['SQLQuery']['Explain'] == TRUE) {
                // Detect if we are validating as well
                // To preserve the validate uRL data
                if (!empty($GLOBALS['validatequery'])) {
                    $explain_link_validate = '&amp;validatequery=1';
                } else {
                    $explain_link_validate = '';
                }
                $explain_link = '&nbsp;[<a href="read_dump.php' . $url_qpart . $explain_link_validate . '&amp;sql_query=';
                if (preg_match('@^SELECT[[:space:]]+@i', $local_query)) {
                    $explain_link .= urlencode('EXPLAIN ' . $local_query) . '">' . $GLOBALS['strExplain'];
                } else {
                    if (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $local_query)) {
                        $explain_link .= urlencode(substr($local_query, 8)) . '">' . $GLOBALS['strNoExplain'];
                    } else {
                        $explain_link = '';
                    }
                }
                if (!empty($explain_link)) {
                    $explain_link .= '</a>]';
                }
            } else {
                $explain_link = '';
            }
            //show explain
            // Also we would like to get the SQL formed in some nice
            // php-code (Mike Beck 2002-05-22)
            if (isset($cfg['SQLQuery']['ShowAsPHP']) && $cfg['SQLQuery']['ShowAsPHP'] == TRUE) {
                $php_link = '&nbsp;[<a href="read_dump.php' . $url_qpart . '&amp;show_query=1' . '&amp;sql_query=' . urlencode($local_query) . '&amp;show_as_php=';
                if (!empty($GLOBALS['show_as_php'])) {
                    $php_link .= '0">' . $GLOBALS['strNoPhp'];
                } else {
                    $php_link .= '1">' . $GLOBALS['strPhp'];
                }
                $php_link .= '</a>]';
                if (isset($GLOBALS['show_as_php']) && $GLOBALS['show_as_php'] == '1') {
                    $php_link .= '&nbsp;[<a href="read_dump.php' . $url_qpart . '&amp;show_query=1' . '&amp;sql_query=' . urlencode($local_query) . '">' . $GLOBALS['strRunQuery'] . '</a>]';
                }
            } else {
                $php_link = '';
            }
            //show as php
            // Refresh query
            if (isset($cfg['SQLQuery']['Refresh']) && $cfg['SQLQuery']['Refresh'] && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $local_query)) {
                $refresh_link = '&nbsp;[<a href="read_dump.php' . $url_qpart . '&amp;show_query=1' . '&amp;sql_query=' . urlencode($local_query) . '">';
                $refresh_link .= $GLOBALS['strRefresh'];
                $refresh_link .= '</a>]';
            } else {
                $refresh_link = '';
            }
            //show as php
            if (isset($cfg['SQLValidator']['use']) && $cfg['SQLValidator']['use'] == TRUE && isset($cfg['SQLQuery']['Validate']) && $cfg['SQLQuery']['Validate'] == TRUE) {
                $validate_link = '&nbsp;[<a href="read_dump.php' . $url_qpart . '&amp;show_query=1' . '&amp;sql_query=' . urlencode($local_query) . '&amp;validatequery=';
                if (!empty($GLOBALS['validatequery'])) {
                    $validate_link .= '0">' . $GLOBALS['strNoValidateSQL'];
                } else {
                    $validate_link .= '1">' . $GLOBALS['strValidateSQL'];
                }
                $validate_link .= '</a>]';
            } else {
                $validate_link = '';
            }
            //validator
            // Displays the message
            echo '            <b>' . $GLOBALS['strSQLQuery'] . ':</b>&nbsp;';
            echo '<br />' . "\n";
            echo '            ' . $query_base;
            unset($local_query);
            //Clean up the end of the PHP
            if (!empty($GLOBALS['show_as_php'])) {
                echo '\';';
            }
            echo "\n";
            ?>
        </td>
    </tr>
    <?php 
            if (!empty($edit_target)) {
                echo '<tr><td bgcolor="' . $cfg['BgcolorOne'] . '" align="center">';
                echo $edit_link . $explain_link . $php_link . $refresh_link . $validate_link;
                echo '</td></tr>' . "\n";
            }
        }
        echo "\n";
        ?>
    </table>
</div><br />
        <?php 
    }
Ejemplo n.º 2
0
/**
 * displays the message and the query
 * usually the message is the result of the query executed
 *
 * @param   string  $message    the message to display
 * @param   string  $sql_query  the query to display
 * @param   string  $type       the type (level) of the message
 * @global  array   the configuration array
 * @uses    $cfg
 * @access  public
 */
function PMA_showMessage($message, $sql_query = null, $type = 'notice')
{
    global $cfg;
    if (null === $sql_query) {
        if (!empty($GLOBALS['display_query'])) {
            $sql_query = $GLOBALS['display_query'];
        } elseif ($cfg['SQP']['fmtType'] == 'none' && !empty($GLOBALS['unparsed_sql'])) {
            $sql_query = $GLOBALS['unparsed_sql'];
        } elseif (!empty($GLOBALS['sql_query'])) {
            $sql_query = $GLOBALS['sql_query'];
        } else {
            $sql_query = '';
        }
    }
    // Corrects the tooltip text via JS if required
    // @todo this is REALLY the wrong place to do this - very unexpected here
    if (strlen($GLOBALS['table']) && $cfg['ShowTooltip']) {
        $tooltip = PMA_Table::sGetToolTip($GLOBALS['db'], $GLOBALS['table']);
        $uni_tbl = PMA_jsFormat($GLOBALS['db'] . '.' . $GLOBALS['table'], false);
        echo "\n";
        echo '<script type="text/javascript">' . "\n";
        echo '//<![CDATA[' . "\n";
        echo "if (window.parent.updateTableTitle) window.parent.updateTableTitle('" . $uni_tbl . "', '" . PMA_jsFormat($tooltip, false) . "');" . "\n";
        echo '//]]>' . "\n";
        echo '</script>' . "\n";
    }
    // end if ... elseif
    // Checks if the table needs to be repaired after a TRUNCATE query.
    // @todo what about $GLOBALS['display_query']???
    // @todo this is REALLY the wrong place to do this - very unexpected here
    if (strlen($GLOBALS['table']) && $GLOBALS['sql_query'] == 'TRUNCATE TABLE ' . PMA_backquote($GLOBALS['table'])) {
        if (PMA_Table::sGetStatusInfo($GLOBALS['db'], $GLOBALS['table'], 'Index_length') > 1024) {
            PMA_DBI_try_query('REPAIR TABLE ' . PMA_backquote($GLOBALS['table']));
        }
    }
    unset($tbl_status);
    echo '<div align="' . $GLOBALS['cell_align_left'] . '">' . "\n";
    if ($message instanceof PMA_Message) {
        if (isset($GLOBALS['special_message'])) {
            $message->addMessage($GLOBALS['special_message']);
            unset($GLOBALS['special_message']);
        }
        $message->display();
        $type = $message->getLevel();
    } else {
        echo '<div class="' . $type . '">';
        echo PMA_sanitize($message);
        if (isset($GLOBALS['special_message'])) {
            echo PMA_sanitize($GLOBALS['special_message']);
            unset($GLOBALS['special_message']);
        }
        echo '</div>';
    }
    if ($cfg['ShowSQL'] == true && !empty($sql_query)) {
        // Html format the query to be displayed
        // If we want to show some sql code it is easiest to create it here
        /* SQL-Parser-Analyzer */
        if (!empty($GLOBALS['show_as_php'])) {
            $new_line = '\\n"<br />' . "\n" . '&nbsp;&nbsp;&nbsp;&nbsp;. "';
            $query_base = htmlspecialchars(addslashes($sql_query));
            $query_base = preg_replace('/((\\015\\012)|(\\015)|(\\012))/', $new_line, $query_base);
        } else {
            $query_base = $sql_query;
        }
        $query_too_big = false;
        if (strlen($query_base) > $cfg['MaxCharactersInDisplayedSQL']) {
            // when the query is large (for example an INSERT of binary
            // data), the parser chokes; so avoid parsing the query
            $query_too_big = true;
            $shortened_query_base = nl2br(htmlspecialchars(substr($sql_query, 0, $cfg['MaxCharactersInDisplayedSQL']) . '[...]'));
        } elseif (!empty($GLOBALS['parsed_sql']) && $query_base == $GLOBALS['parsed_sql']['raw']) {
            // (here, use "! empty" because when deleting a bookmark,
            // $GLOBALS['parsed_sql'] is set but empty
            $parsed_sql = $GLOBALS['parsed_sql'];
        } else {
            // Parse SQL if needed
            $parsed_sql = PMA_SQP_parse($query_base);
        }
        // Analyze it
        if (isset($parsed_sql)) {
            $analyzed_display_query = PMA_SQP_analyze($parsed_sql);
            // Here we append the LIMIT added for navigation, to
            // enable its display. Adding it higher in the code
            // to $sql_query would create a problem when
            // using the Refresh or Edit links.
            // Only append it on SELECTs.
            /**
             * @todo what would be the best to do when someone hits Refresh:
             * use the current LIMITs ?
             */
            if (isset($analyzed_display_query[0]['queryflags']['select_from']) && isset($GLOBALS['sql_limit_to_append'])) {
                $query_base = $analyzed_display_query[0]['section_before_limit'] . "\n" . $GLOBALS['sql_limit_to_append'] . $analyzed_display_query[0]['section_after_limit'];
                // Need to reparse query
                $parsed_sql = PMA_SQP_parse($query_base);
            }
        }
        if (!empty($GLOBALS['show_as_php'])) {
            $query_base = '$sql  = "' . $query_base;
        } elseif (!empty($GLOBALS['validatequery'])) {
            $query_base = PMA_validateSQL($query_base);
        } elseif (isset($parsed_sql)) {
            $query_base = PMA_formatSql($parsed_sql, $query_base);
        }
        // Prepares links that may be displayed to edit/explain the query
        // (don't go to default pages, we must go to the page
        // where the query box is available)
        // Basic url query part
        $url_params = array();
        if (strlen($GLOBALS['db'])) {
            $url_params['db'] = $GLOBALS['db'];
            if (strlen($GLOBALS['table'])) {
                $url_params['table'] = $GLOBALS['table'];
                $edit_link = 'tbl_sql.php';
            } else {
                $edit_link = 'db_sql.php';
            }
        } else {
            $edit_link = 'server_sql.php';
        }
        // Want to have the query explained (Mike Beck 2002-05-22)
        // but only explain a SELECT (that has not been explained)
        /* SQL-Parser-Analyzer */
        $explain_link = '';
        if (!empty($cfg['SQLQuery']['Explain']) && !$query_too_big) {
            $explain_params = $url_params;
            // Detect if we are validating as well
            // To preserve the validate uRL data
            if (!empty($GLOBALS['validatequery'])) {
                $explain_params['validatequery'] = 1;
            }
            if (preg_match('@^SELECT[[:space:]]+@i', $sql_query)) {
                $explain_params['sql_query'] = 'EXPLAIN ' . $sql_query;
                $_message = $GLOBALS['strExplain'];
            } elseif (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $sql_query)) {
                $explain_params['sql_query'] = substr($sql_query, 8);
                $_message = $GLOBALS['strNoExplain'];
            }
            if (isset($explain_params['sql_query'])) {
                $explain_link = 'import.php' . PMA_generate_common_url($explain_params);
                $explain_link = ' [' . PMA_linkOrButton($explain_link, $_message) . ']';
            }
        }
        //show explain
        $url_params['sql_query'] = $sql_query;
        $url_params['show_query'] = 1;
        if (!empty($cfg['SQLQuery']['Edit']) && !$query_too_big) {
            if ($cfg['EditInWindow'] == true) {
                $onclick = 'window.parent.focus_querywindow(\'' . PMA_jsFormat($sql_query, false) . '\'); return false;';
            } else {
                $onclick = '';
            }
            $edit_link .= PMA_generate_common_url($url_params) . '#querybox';
            $edit_link = ' [' . PMA_linkOrButton($edit_link, $GLOBALS['strEdit'], array('onclick' => $onclick)) . ']';
        } else {
            $edit_link = '';
        }
        $url_qpart = PMA_generate_common_url($url_params);
        // Also we would like to get the SQL formed in some nice
        // php-code (Mike Beck 2002-05-22)
        if (!empty($cfg['SQLQuery']['ShowAsPHP']) && !$query_too_big) {
            $php_params = $url_params;
            if (!empty($GLOBALS['show_as_php'])) {
                $_message = $GLOBALS['strNoPhp'];
            } else {
                $php_params['show_as_php'] = 1;
                $_message = $GLOBALS['strPhp'];
            }
            $php_link = 'import.php' . PMA_generate_common_url($php_params);
            $php_link = ' [' . PMA_linkOrButton($php_link, $_message) . ']';
            if (isset($GLOBALS['show_as_php'])) {
                $runquery_link = 'import.php' . PMA_generate_common_url($url_params);
                $php_link .= ' [' . PMA_linkOrButton($runquery_link, $GLOBALS['strRunQuery']) . ']';
            }
        } else {
            $php_link = '';
        }
        //show as php
        // Refresh query
        if (!empty($cfg['SQLQuery']['Refresh']) && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $sql_query)) {
            $refresh_link = 'import.php' . PMA_generate_common_url($url_params);
            $refresh_link = ' [' . PMA_linkOrButton($refresh_link, $GLOBALS['strRefresh']) . ']';
        } else {
            $refresh_link = '';
        }
        //show as php
        if (!empty($cfg['SQLValidator']['use']) && !empty($cfg['SQLQuery']['Validate'])) {
            $validate_params = $url_params;
            if (!empty($GLOBALS['validatequery'])) {
                $validate_message = $GLOBALS['strNoValidateSQL'];
            } else {
                $validate_params['validatequery'] = 1;
                $validate_message = $GLOBALS['strValidateSQL'];
            }
            $validate_link = 'import.php' . PMA_generate_common_url($validate_params);
            $validate_link = ' [' . PMA_linkOrButton($validate_link, $validate_message) . ']';
        } else {
            $validate_link = '';
        }
        //validator
        echo '<code class="sql">';
        if ($query_too_big) {
            echo $shortened_query_base;
        } else {
            echo $query_base;
        }
        //Clean up the end of the PHP
        if (!empty($GLOBALS['show_as_php'])) {
            echo '";';
        }
        echo '</code>';
        echo '<div class="tools">';
        // avoid displaying a Profiling checkbox that could
        // be checked, which would reexecute an INSERT, for example
        if (!empty($refresh_link)) {
            PMA_profilingCheckbox($sql_query);
        }
        echo $edit_link . $explain_link . $php_link . $refresh_link . $validate_link;
        echo '</div>';
    }
    echo '</div><br />' . "\n";
}
Ejemplo n.º 3
0
/**
 * displays the message and the query
 * usually the message is the result of the query executed
 *
 * @param string  $message   the message to display
 * @param string  $sql_query the query to display
 * @param string  $type      the type (level) of the message
 * @param boolean $is_view   is this a message after a VIEW operation?
 *
 * @return  string
 *
 * @access  public
 */
function PMA_showMessage($message, $sql_query = null, $type = 'notice', $is_view = false)
{
    /*
     * PMA_ajaxResponse uses this function to collect the string of HTML generated
     * for showing the message.  Use output buffering to collect it and return it
     * in a string.  In some special cases on sql.php, buffering has to be disabled
     * and hence we check with $GLOBALS['buffer_message']
     */
    if ($GLOBALS['is_ajax_request'] == true && !isset($GLOBALS['buffer_message'])) {
        ob_start();
    }
    global $cfg;
    if (null === $sql_query) {
        if (!empty($GLOBALS['display_query'])) {
            $sql_query = $GLOBALS['display_query'];
        } elseif ($cfg['SQP']['fmtType'] == 'none' && !empty($GLOBALS['unparsed_sql'])) {
            $sql_query = $GLOBALS['unparsed_sql'];
        } elseif (!empty($GLOBALS['sql_query'])) {
            $sql_query = $GLOBALS['sql_query'];
        } else {
            $sql_query = '';
        }
    }
    if (isset($GLOBALS['using_bookmark_message'])) {
        $GLOBALS['using_bookmark_message']->display();
        unset($GLOBALS['using_bookmark_message']);
    }
    // Corrects the tooltip text via JS if required
    // @todo this is REALLY the wrong place to do this - very unexpected here
    if (!$is_view && strlen($GLOBALS['table']) && $cfg['ShowTooltip']) {
        $tooltip = PMA_Table::sGetToolTip($GLOBALS['db'], $GLOBALS['table']);
        $uni_tbl = PMA_jsFormat($GLOBALS['db'] . '.' . $GLOBALS['table'], false);
        echo "\n";
        echo '<script type="text/javascript">' . "\n";
        echo '//<![CDATA[' . "\n";
        echo "if (window.parent.updateTableTitle) window.parent.updateTableTitle('" . $uni_tbl . "', '" . PMA_jsFormat($tooltip, false) . "');" . "\n";
        echo '//]]>' . "\n";
        echo '</script>' . "\n";
    }
    // end if ... elseif
    // Checks if the table needs to be repaired after a TRUNCATE query.
    // @todo what about $GLOBALS['display_query']???
    // @todo this is REALLY the wrong place to do this - very unexpected here
    if (strlen($GLOBALS['table']) && $GLOBALS['sql_query'] == 'TRUNCATE TABLE ' . PMA_backquote($GLOBALS['table'])) {
        if (PMA_Table::sGetStatusInfo($GLOBALS['db'], $GLOBALS['table'], 'Index_length') > 1024 && !PMA_DRIZZLE) {
            PMA_DBI_try_query('REPAIR TABLE ' . PMA_backquote($GLOBALS['table']));
        }
    }
    unset($tbl_status);
    // In an Ajax request, $GLOBALS['cell_align_left'] may not be defined. Hence,
    // check for it's presence before using it
    echo '<div id="result_query" align="' . (isset($GLOBALS['cell_align_left']) ? $GLOBALS['cell_align_left'] : '') . '">' . "\n";
    if ($message instanceof PMA_Message) {
        if (isset($GLOBALS['special_message'])) {
            $message->addMessage($GLOBALS['special_message']);
            unset($GLOBALS['special_message']);
        }
        $message->display();
        $type = $message->getLevel();
    } else {
        echo '<div class="' . $type . '">';
        echo PMA_sanitize($message);
        if (isset($GLOBALS['special_message'])) {
            echo PMA_sanitize($GLOBALS['special_message']);
            unset($GLOBALS['special_message']);
        }
        echo '</div>';
    }
    if ($cfg['ShowSQL'] == true && !empty($sql_query)) {
        // Html format the query to be displayed
        // If we want to show some sql code it is easiest to create it here
        /* SQL-Parser-Analyzer */
        if (!empty($GLOBALS['show_as_php'])) {
            $new_line = '\\n"<br />' . "\n" . '&nbsp;&nbsp;&nbsp;&nbsp;. "';
            $query_base = htmlspecialchars(addslashes($sql_query));
            $query_base = preg_replace('/((\\015\\012)|(\\015)|(\\012))/', $new_line, $query_base);
        } else {
            $query_base = $sql_query;
        }
        $query_too_big = false;
        if (strlen($query_base) > $cfg['MaxCharactersInDisplayedSQL']) {
            // when the query is large (for example an INSERT of binary
            // data), the parser chokes; so avoid parsing the query
            $query_too_big = true;
            $shortened_query_base = nl2br(htmlspecialchars(substr($sql_query, 0, $cfg['MaxCharactersInDisplayedSQL']) . '[...]'));
        } elseif (!empty($GLOBALS['parsed_sql']) && $query_base == $GLOBALS['parsed_sql']['raw']) {
            // (here, use "! empty" because when deleting a bookmark,
            // $GLOBALS['parsed_sql'] is set but empty
            $parsed_sql = $GLOBALS['parsed_sql'];
        } else {
            // Parse SQL if needed
            $parsed_sql = PMA_SQP_parse($query_base);
        }
        // Analyze it
        if (isset($parsed_sql) && !PMA_SQP_isError()) {
            $analyzed_display_query = PMA_SQP_analyze($parsed_sql);
            // Same as below (append LIMIT), append the remembered ORDER BY
            if ($GLOBALS['cfg']['RememberSorting'] && isset($analyzed_display_query[0]['queryflags']['select_from']) && isset($GLOBALS['sql_order_to_append'])) {
                $query_base = $analyzed_display_query[0]['section_before_limit'] . "\n" . $GLOBALS['sql_order_to_append'] . $analyzed_display_query[0]['limit_clause'] . ' ' . $analyzed_display_query[0]['section_after_limit'];
                // Need to reparse query
                $parsed_sql = PMA_SQP_parse($query_base);
                // update the $analyzed_display_query
                $analyzed_display_query[0]['section_before_limit'] .= $GLOBALS['sql_order_to_append'];
                $analyzed_display_query[0]['order_by_clause'] = $GLOBALS['sorted_col'];
            }
            // Here we append the LIMIT added for navigation, to
            // enable its display. Adding it higher in the code
            // to $sql_query would create a problem when
            // using the Refresh or Edit links.
            // Only append it on SELECTs.
            /**
             * @todo what would be the best to do when someone hits Refresh:
             * use the current LIMITs ?
             */
            if (isset($analyzed_display_query[0]['queryflags']['select_from']) && isset($GLOBALS['sql_limit_to_append'])) {
                $query_base = $analyzed_display_query[0]['section_before_limit'] . "\n" . $GLOBALS['sql_limit_to_append'] . $analyzed_display_query[0]['section_after_limit'];
                // Need to reparse query
                $parsed_sql = PMA_SQP_parse($query_base);
            }
        }
        if (!empty($GLOBALS['show_as_php'])) {
            $query_base = '$sql  = "' . $query_base;
        } elseif (!empty($GLOBALS['validatequery'])) {
            try {
                $query_base = PMA_validateSQL($query_base);
            } catch (Exception $e) {
                PMA_Message::error(__('Failed to connect to SQL validator!'))->display();
            }
        } elseif (isset($parsed_sql)) {
            $query_base = PMA_formatSql($parsed_sql, $query_base);
        }
        // Prepares links that may be displayed to edit/explain the query
        // (don't go to default pages, we must go to the page
        // where the query box is available)
        // Basic url query part
        $url_params = array();
        if (!isset($GLOBALS['db'])) {
            $GLOBALS['db'] = '';
        }
        if (strlen($GLOBALS['db'])) {
            $url_params['db'] = $GLOBALS['db'];
            if (strlen($GLOBALS['table'])) {
                $url_params['table'] = $GLOBALS['table'];
                $edit_link = 'tbl_sql.php';
            } else {
                $edit_link = 'db_sql.php';
            }
        } else {
            $edit_link = 'server_sql.php';
        }
        // Want to have the query explained
        // but only explain a SELECT (that has not been explained)
        /* SQL-Parser-Analyzer */
        $explain_link = '';
        $is_select = false;
        if (!empty($cfg['SQLQuery']['Explain']) && !$query_too_big) {
            $explain_params = $url_params;
            // Detect if we are validating as well
            // To preserve the validate uRL data
            if (!empty($GLOBALS['validatequery'])) {
                $explain_params['validatequery'] = 1;
            }
            if (preg_match('@^SELECT[[:space:]]+@i', $sql_query)) {
                $explain_params['sql_query'] = 'EXPLAIN ' . $sql_query;
                $_message = __('Explain SQL');
                $is_select = true;
            } elseif (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $sql_query)) {
                $explain_params['sql_query'] = substr($sql_query, 8);
                $_message = __('Skip Explain SQL');
            }
            if (isset($explain_params['sql_query'])) {
                $explain_link = 'import.php' . PMA_generate_common_url($explain_params);
                $explain_link = ' [' . PMA_linkOrButton($explain_link, $_message) . ']';
            }
        }
        //show explain
        $url_params['sql_query'] = $sql_query;
        $url_params['show_query'] = 1;
        // even if the query is big and was truncated, offer the chance
        // to edit it (unless it's enormous, see PMA_linkOrButton() )
        if (!empty($cfg['SQLQuery']['Edit'])) {
            if ($cfg['EditInWindow'] == true) {
                $onclick = 'window.parent.focus_querywindow(\'' . PMA_jsFormat($sql_query, false) . '\'); return false;';
            } else {
                $onclick = '';
            }
            $edit_link .= PMA_generate_common_url($url_params) . '#querybox';
            $edit_link = ' [' . PMA_linkOrButton($edit_link, __('Edit'), array('onclick' => $onclick)) . ']';
        } else {
            $edit_link = '';
        }
        $url_qpart = PMA_generate_common_url($url_params);
        // Also we would like to get the SQL formed in some nice
        // php-code
        if (!empty($cfg['SQLQuery']['ShowAsPHP']) && !$query_too_big) {
            $php_params = $url_params;
            if (!empty($GLOBALS['show_as_php'])) {
                $_message = __('Without PHP Code');
            } else {
                $php_params['show_as_php'] = 1;
                $_message = __('Create PHP Code');
            }
            $php_link = 'import.php' . PMA_generate_common_url($php_params);
            $php_link = ' [' . PMA_linkOrButton($php_link, $_message) . ']';
            if (isset($GLOBALS['show_as_php'])) {
                $runquery_link = 'import.php' . PMA_generate_common_url($url_params);
                $php_link .= ' [' . PMA_linkOrButton($runquery_link, __('Submit Query')) . ']';
            }
        } else {
            $php_link = '';
        }
        //show as php
        // Refresh query
        if (!empty($cfg['SQLQuery']['Refresh']) && !isset($GLOBALS['show_as_php']) && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $sql_query)) {
            $refresh_link = 'import.php' . PMA_generate_common_url($url_params);
            $refresh_link = ' [' . PMA_linkOrButton($refresh_link, __('Refresh')) . ']';
        } else {
            $refresh_link = '';
        }
        //refresh
        if (!empty($cfg['SQLValidator']['use']) && !empty($cfg['SQLQuery']['Validate'])) {
            $validate_params = $url_params;
            if (!empty($GLOBALS['validatequery'])) {
                $validate_message = __('Skip Validate SQL');
            } else {
                $validate_params['validatequery'] = 1;
                $validate_message = __('Validate SQL');
            }
            $validate_link = 'import.php' . PMA_generate_common_url($validate_params);
            $validate_link = ' [' . PMA_linkOrButton($validate_link, $validate_message) . ']';
        } else {
            $validate_link = '';
        }
        //validator
        if (!empty($GLOBALS['validatequery'])) {
            echo '<div class="sqlvalidate">';
        } else {
            echo '<code class="sql">';
        }
        if ($query_too_big) {
            echo $shortened_query_base;
        } else {
            echo $query_base;
        }
        //Clean up the end of the PHP
        if (!empty($GLOBALS['show_as_php'])) {
            echo '";';
        }
        if (!empty($GLOBALS['validatequery'])) {
            echo '</div>';
        } else {
            echo '</code>';
        }
        echo '<div class="tools">';
        // avoid displaying a Profiling checkbox that could
        // be checked, which would reexecute an INSERT, for example
        if (!empty($refresh_link)) {
            PMA_profilingCheckbox($sql_query);
        }
        // if needed, generate an invisible form that contains controls for the
        // Inline link; this way, the behavior of the Inline link does not
        // depend on the profiling support or on the refresh link
        if (empty($refresh_link) || !PMA_profilingSupported()) {
            echo '<form action="sql.php" method="post">';
            echo PMA_generate_common_hidden_inputs($GLOBALS['db'], $GLOBALS['table']);
            echo '<input type="hidden" name="sql_query" value="' . htmlspecialchars($sql_query) . '" />';
            echo '</form>';
        }
        // in the tools div, only display the Inline link when not in ajax
        // mode because 1) it currently does not work and 2) we would
        // have two similar mechanisms on the page for the same goal
        if ($is_select || $GLOBALS['is_ajax_request'] === false && !$query_too_big) {
            // see in js/functions.js the jQuery code attached to id inline_edit
            // document.write conflicts with jQuery, hence used $().append()
            echo "<script type=\"text/javascript\">\n" . "//<![CDATA[\n" . "\$('.tools form').last().after('[<a href=\"#\" title=\"" . PMA_escapeJsString(__('Inline edit of this query')) . "\" class=\"inline_edit_sql\">" . PMA_escapeJsString(_pgettext('Inline edit query', 'Inline')) . "</a>]');\n" . "//]]>\n" . "</script>";
        }
        echo $edit_link . $explain_link . $php_link . $refresh_link . $validate_link;
        echo '</div>';
    }
    echo '</div>';
    if ($GLOBALS['is_ajax_request'] === false) {
        echo '<br class="clearfloat" />';
    }
    // If we are in an Ajax request, we have most probably been called in
    // PMA_ajaxResponse().  Hence, collect the buffer contents and return it
    // to PMA_ajaxResponse(), which will encode it for JSON.
    if ($GLOBALS['is_ajax_request'] == true && !isset($GLOBALS['buffer_message'])) {
        $buffer_contents = ob_get_contents();
        ob_end_clean();
        return $buffer_contents;
    }
    return null;
}
Ejemplo n.º 4
0
/**
 * displays the message and the query
 * usually the message is the result of the query executed
 *
 * @param   string  $message    the message to display
 * @param   string  $sql_query  the query to display
 * @global  array   the configuration array
 * @uses    $cfg
 * @access  public
 */
function PMA_showMessage($message, $sql_query = null)
{
    global $cfg;
    $query_too_big = false;
    if (null === $sql_query) {
        if (!empty($GLOBALS['display_query'])) {
            $sql_query = $GLOBALS['display_query'];
        } elseif ($cfg['SQP']['fmtType'] == 'none' && !empty($GLOBALS['unparsed_sql'])) {
            $sql_query = $GLOBALS['unparsed_sql'];
        } elseif (!empty($GLOBALS['sql_query'])) {
            $sql_query = $GLOBALS['sql_query'];
        } else {
            $sql_query = '';
        }
    }
    // Corrects the tooltip text via JS if required
    // @todo this is REALLY the wrong place to do this - very unexpected here
    if (strlen($GLOBALS['table']) && $cfg['ShowTooltip']) {
        $result = PMA_DBI_try_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], true) . '\'');
        if ($result) {
            $tbl_status = PMA_DBI_fetch_assoc($result);
            $tooltip = empty($tbl_status['Comment']) ? '' : $tbl_status['Comment'] . ' ';
            $tooltip .= '(' . PMA_formatNumber($tbl_status['Rows'], 0) . ' ' . $GLOBALS['strRows'] . ')';
            PMA_DBI_free_result($result);
            $uni_tbl = PMA_jsFormat($GLOBALS['db'] . '.' . $GLOBALS['table'], false);
            echo "\n";
            echo '<script type="text/javascript">' . "\n";
            echo '//<![CDATA[' . "\n";
            echo "window.parent.updateTableTitle('" . $uni_tbl . "', '" . PMA_jsFormat($tooltip, false) . "');" . "\n";
            echo '//]]>' . "\n";
            echo '</script>' . "\n";
        }
        // end if
    }
    // end if ... elseif
    // Checks if the table needs to be repaired after a TRUNCATE query.
    // @todo what about $GLOBALS['display_query']???
    // @todo this is REALLY the wrong place to do this - very unexpected here
    if (strlen($GLOBALS['table']) && $GLOBALS['sql_query'] == 'TRUNCATE TABLE ' . PMA_backquote($GLOBALS['table'])) {
        if (!isset($tbl_status)) {
            $result = @PMA_DBI_try_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], true) . '\'');
            if ($result) {
                $tbl_status = PMA_DBI_fetch_assoc($result);
                PMA_DBI_free_result($result);
            }
        }
        if (isset($tbl_status) && (int) $tbl_status['Index_length'] > 1024) {
            PMA_DBI_try_query('REPAIR TABLE ' . PMA_backquote($GLOBALS['table']));
        }
    }
    unset($tbl_status);
    echo '<br />' . "\n";
    echo '<div align="' . $GLOBALS['cell_align_left'] . '">' . "\n";
    if (!empty($GLOBALS['show_error_header'])) {
        echo '<div class="error">' . "\n";
        echo '<h1>' . $GLOBALS['strError'] . '</h1>' . "\n";
    }
    echo '<div class="notice">';
    echo PMA_sanitize($message);
    if (isset($GLOBALS['special_message'])) {
        echo PMA_sanitize($GLOBALS['special_message']);
        unset($GLOBALS['special_message']);
    }
    echo '</div>';
    if (!empty($GLOBALS['show_error_header'])) {
        echo '</div>';
    }
    if ($cfg['ShowSQL'] == true && !empty($sql_query)) {
        // Basic url query part
        $url_qpart = '?' . PMA_generate_common_url($GLOBALS['db'], $GLOBALS['table']);
        // Html format the query to be displayed
        // The nl2br function isn't used because its result isn't a valid
        // xhtml1.0 statement before php4.0.5 ("<br>" and not "<br />")
        // If we want to show some sql code it is easiest to create it here
        /* SQL-Parser-Analyzer */
        if (!empty($GLOBALS['show_as_php'])) {
            $new_line = '\'<br />' . "\n" . '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;. \' ';
        }
        if (isset($new_line)) {
            /* SQL-Parser-Analyzer */
            $query_base = PMA_sqlAddslashes(htmlspecialchars($sql_query), false, false, true);
            /* SQL-Parser-Analyzer */
            $query_base = preg_replace("@((\r\n)|(\r)|(\n))+@", $new_line, $query_base);
        } else {
            $query_base = $sql_query;
        }
        if (strlen($query_base) > $cfg['MaxCharactersInDisplayedSQL']) {
            $query_too_big = true;
            $query_base = nl2br(htmlspecialchars($sql_query));
            unset($GLOBALS['parsed_sql']);
        }
        // Parse SQL if needed
        // (here, use "! empty" because when deleting a bookmark,
        // $GLOBALS['parsed_sql'] is set but empty
        if (!empty($GLOBALS['parsed_sql']) && $query_base == $GLOBALS['parsed_sql']['raw']) {
            $parsed_sql = $GLOBALS['parsed_sql'];
        } else {
            // when the query is large (for example an INSERT of binary
            // data), the parser chokes; so avoid parsing the query
            if (!$query_too_big) {
                $parsed_sql = PMA_SQP_parse($query_base);
            }
        }
        // Analyze it
        if (isset($parsed_sql)) {
            $analyzed_display_query = PMA_SQP_analyze($parsed_sql);
        }
        // Here we append the LIMIT added for navigation, to
        // enable its display. Adding it higher in the code
        // to $sql_query would create a problem when
        // using the Refresh or Edit links.
        // Only append it on SELECTs.
        /**
         * @todo what would be the best to do when someone hits Refresh:
         * use the current LIMITs ?
         */
        if (isset($analyzed_display_query[0]['queryflags']['select_from']) && isset($GLOBALS['sql_limit_to_append'])) {
            $query_base = $analyzed_display_query[0]['section_before_limit'] . "\n" . $GLOBALS['sql_limit_to_append'] . $analyzed_display_query[0]['section_after_limit'];
            // Need to reparse query
            $parsed_sql = PMA_SQP_parse($query_base);
        }
        if (!empty($GLOBALS['show_as_php'])) {
            $query_base = '$sql  = \'' . $query_base;
        } elseif (!empty($GLOBALS['validatequery'])) {
            $query_base = PMA_validateSQL($query_base);
        } else {
            if (isset($parsed_sql)) {
                $query_base = PMA_formatSql($parsed_sql, $query_base);
            }
        }
        // Prepares links that may be displayed to edit/explain the query
        // (don't go to default pages, we must go to the page
        // where the query box is available)
        $edit_target = strlen($GLOBALS['db']) ? strlen($GLOBALS['table']) ? 'tbl_sql.php' : 'db_sql.php' : 'server_sql.php';
        if (isset($cfg['SQLQuery']['Edit']) && $cfg['SQLQuery']['Edit'] == true && !empty($edit_target) && !$query_too_big) {
            if ($cfg['EditInWindow'] == true) {
                $onclick = 'window.parent.focus_querywindow(\'' . PMA_jsFormat($sql_query, false) . '\'); return false;';
            } else {
                $onclick = '';
            }
            $edit_link = $edit_target . $url_qpart . '&amp;sql_query=' . urlencode($sql_query) . '&amp;show_query=1#querybox';
            $edit_link = ' [' . PMA_linkOrButton($edit_link, $GLOBALS['strEdit'], array('onclick' => $onclick)) . ']';
        } else {
            $edit_link = '';
        }
        // Want to have the query explained (Mike Beck 2002-05-22)
        // but only explain a SELECT (that has not been explained)
        /* SQL-Parser-Analyzer */
        if (isset($cfg['SQLQuery']['Explain']) && $cfg['SQLQuery']['Explain'] == true && !$query_too_big) {
            // Detect if we are validating as well
            // To preserve the validate uRL data
            if (!empty($GLOBALS['validatequery'])) {
                $explain_link_validate = '&amp;validatequery=1';
            } else {
                $explain_link_validate = '';
            }
            $explain_link = 'import.php' . $url_qpart . $explain_link_validate . '&amp;sql_query=';
            if (preg_match('@^SELECT[[:space:]]+@i', $sql_query)) {
                $explain_link .= urlencode('EXPLAIN ' . $sql_query);
                $message = $GLOBALS['strExplain'];
            } elseif (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $sql_query)) {
                $explain_link .= urlencode(substr($sql_query, 8));
                $message = $GLOBALS['strNoExplain'];
            } else {
                $explain_link = '';
            }
            if (!empty($explain_link)) {
                $explain_link = ' [' . PMA_linkOrButton($explain_link, $message) . ']';
            }
        } else {
            $explain_link = '';
        }
        //show explain
        // Also we would like to get the SQL formed in some nice
        // php-code (Mike Beck 2002-05-22)
        if (isset($cfg['SQLQuery']['ShowAsPHP']) && $cfg['SQLQuery']['ShowAsPHP'] == true && !$query_too_big) {
            $php_link = 'import.php' . $url_qpart . '&amp;show_query=1' . '&amp;sql_query=' . urlencode($sql_query) . '&amp;show_as_php=';
            if (!empty($GLOBALS['show_as_php'])) {
                $php_link .= '0';
                $message = $GLOBALS['strNoPhp'];
            } else {
                $php_link .= '1';
                $message = $GLOBALS['strPhp'];
            }
            $php_link = ' [' . PMA_linkOrButton($php_link, $message) . ']';
            if (isset($GLOBALS['show_as_php'])) {
                $runquery_link = 'import.php' . $url_qpart . '&amp;show_query=1' . '&amp;sql_query=' . urlencode($sql_query);
                $php_link .= ' [' . PMA_linkOrButton($runquery_link, $GLOBALS['strRunQuery']) . ']';
            }
        } else {
            $php_link = '';
        }
        //show as php
        // Refresh query
        if (isset($cfg['SQLQuery']['Refresh']) && $cfg['SQLQuery']['Refresh'] && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $sql_query)) {
            $refresh_link = 'import.php' . $url_qpart . '&amp;show_query=1' . '&amp;sql_query=' . urlencode($sql_query);
            $refresh_link = ' [' . PMA_linkOrButton($refresh_link, $GLOBALS['strRefresh']) . ']';
        } else {
            $refresh_link = '';
        }
        //show as php
        if (isset($cfg['SQLValidator']['use']) && $cfg['SQLValidator']['use'] == true && isset($cfg['SQLQuery']['Validate']) && $cfg['SQLQuery']['Validate'] == true) {
            $validate_link = 'import.php' . $url_qpart . '&amp;show_query=1' . '&amp;sql_query=' . urlencode($sql_query) . '&amp;validatequery=';
            if (!empty($GLOBALS['validatequery'])) {
                $validate_link .= '0';
                $validate_message = $GLOBALS['strNoValidateSQL'];
            } else {
                $validate_link .= '1';
                $validate_message = $GLOBALS['strValidateSQL'];
            }
            $validate_link = ' [' . PMA_linkOrButton($validate_link, $validate_message) . ']';
        } else {
            $validate_link = '';
        }
        //validator
        // why this?
        //unset($sql_query);
        // Displays the message
        echo '<fieldset class="">' . "\n";
        echo '    <legend>' . $GLOBALS['strSQLQuery'] . ':</legend>';
        echo '    <div>';
        // when uploading a 700 Kio binary file into a LONGBLOB,
        // I get a white page, strlen($query_base) is 2 x 700 Kio
        // so put a hard limit here (let's say 1000)
        if ($query_too_big) {
            echo '    ' . substr($query_base, 0, $cfg['MaxCharactersInDisplayedSQL']) . '[...]';
        } else {
            echo '    ' . $query_base;
        }
        //Clean up the end of the PHP
        if (!empty($GLOBALS['show_as_php'])) {
            echo '\';';
        }
        echo '    </div>';
        echo '</fieldset>' . "\n";
        if (!empty($edit_target)) {
            echo '<fieldset class="tblFooters">';
            // avoid displaying a Profiling checkbox that could
            // be checked, which would reexecute an INSERT, for example
            if (!empty($refresh_link)) {
                PMA_profilingCheckbox($sql_query);
            }
            echo $edit_link . $explain_link . $php_link . $refresh_link . $validate_link;
            echo '</fieldset>';
        }
    }
    echo '</div><br />' . "\n";
}
Ejemplo n.º 5
0
    /**
     * Displays a message at the top of the "main" (right) frame
     *
     * @param   string  the message to display
     *
     * @global  array   the configuration array
     *
     * @access  public
     */
    function PMA_showMessage($message)
    {
        global $cfg;
        // Sanitizes $message
        $message = PMA_sanitize($message);
        // Corrects the tooltip text via JS if required
        if (isset($GLOBALS['table']) && strlen($GLOBALS['table']) && $cfg['ShowTooltip']) {
            $result = PMA_DBI_try_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], true) . '\'');
            if ($result) {
                $tbl_status = PMA_DBI_fetch_assoc($result);
                $tooltip = empty($tbl_status['Comment']) ? '' : $tbl_status['Comment'] . ' ';
                $tooltip .= '(' . PMA_formatNumber($tbl_status['Rows'], 0) . ' ' . $GLOBALS['strRows'] . ')';
                PMA_DBI_free_result($result);
                $uni_tbl = PMA_jsFormat($GLOBALS['db'] . '.' . $GLOBALS['table'], false);
                echo "\n";
                ?>
<script type="text/javascript" language="javascript">
//<![CDATA[
window.parent.updateTableTitle('<?php 
                echo $uni_tbl;
                ?>
', '<?php 
                echo PMA_jsFormat($tooltip, false);
                ?>
');
//]]>
</script>
                <?php 
            }
            // end if
        }
        // end if ... elseif
        // Checks if the table needs to be repaired after a TRUNCATE query.
        if (isset($GLOBALS['table']) && isset($GLOBALS['sql_query']) && $GLOBALS['sql_query'] == 'TRUNCATE TABLE ' . PMA_backquote($GLOBALS['table'])) {
            if (!isset($tbl_status)) {
                $result = @PMA_DBI_try_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], true) . '\'');
                if ($result) {
                    $tbl_status = PMA_DBI_fetch_assoc($result);
                    PMA_DBI_free_result($result);
                }
            }
            if (isset($tbl_status) && (int) $tbl_status['Index_length'] > 1024) {
                PMA_DBI_try_query('REPAIR TABLE ' . PMA_backquote($GLOBALS['table']));
            }
        }
        unset($tbl_status);
        ?>
<br />
<div align="<?php 
        echo $GLOBALS['cell_align_left'];
        ?>
">
        <?php 
        if (!empty($GLOBALS['show_error_header'])) {
            ?>
    <div class="error">
        <h1><?php 
            echo $GLOBALS['strError'];
            ?>
</h1>
            <?php 
        }
        echo $message;
        if (isset($GLOBALS['special_message'])) {
            echo PMA_sanitize($GLOBALS['special_message']);
            unset($GLOBALS['special_message']);
        }
        if (!empty($GLOBALS['show_error_header'])) {
            echo '</div>';
        }
        if ($cfg['ShowSQL'] == true && (!empty($GLOBALS['sql_query']) || !empty($GLOBALS['display_query']))) {
            $local_query = !empty($GLOBALS['display_query']) ? $GLOBALS['display_query'] : ($cfg['SQP']['fmtType'] == 'none' && isset($GLOBALS['unparsed_sql']) && $GLOBALS['unparsed_sql'] != '' ? $GLOBALS['unparsed_sql'] : $GLOBALS['sql_query']);
            // Basic url query part
            $url_qpart = '?' . PMA_generate_common_url(isset($GLOBALS['db']) ? $GLOBALS['db'] : '', isset($GLOBALS['table']) ? $GLOBALS['table'] : '');
            // Html format the query to be displayed
            // The nl2br function isn't used because its result isn't a valid
            // xhtml1.0 statement before php4.0.5 ("<br>" and not "<br />")
            // If we want to show some sql code it is easiest to create it here
            /* SQL-Parser-Analyzer */
            if (!empty($GLOBALS['show_as_php'])) {
                $new_line = '\'<br />' . "\n" . '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;. \' ';
            }
            if (isset($new_line)) {
                /* SQL-Parser-Analyzer */
                $query_base = PMA_sqlAddslashes(htmlspecialchars($local_query), false, false, true);
                /* SQL-Parser-Analyzer */
                $query_base = preg_replace("@((\r\n)|(\r)|(\n))+@", $new_line, $query_base);
            } else {
                $query_base = $local_query;
            }
            // Parse SQL if needed
            if (isset($GLOBALS['parsed_sql']) && $query_base == $GLOBALS['parsed_sql']['raw']) {
                $parsed_sql = $GLOBALS['parsed_sql'];
            } else {
                // when the query is large (for example an INSERT of binary
                // data), the parser chokes; so avoid parsing the query
                if (strlen($query_base) < 1000) {
                    $parsed_sql = PMA_SQP_parse($query_base);
                }
            }
            // Analyze it
            if (isset($parsed_sql)) {
                $analyzed_display_query = PMA_SQP_analyze($parsed_sql);
            }
            // Here we append the LIMIT added for navigation, to
            // enable its display. Adding it higher in the code
            // to $local_query would create a problem when
            // using the Refresh or Edit links.
            // Only append it on SELECTs.
            // FIXME: what would be the best to do when someone
            // hits Refresh: use the current LIMITs ?
            if (isset($analyzed_display_query[0]['queryflags']['select_from']) && isset($GLOBALS['sql_limit_to_append'])) {
                $query_base = $analyzed_display_query[0]['section_before_limit'] . "\n" . $GLOBALS['sql_limit_to_append'] . $analyzed_display_query[0]['section_after_limit'];
                // Need to reparse query
                $parsed_sql = PMA_SQP_parse($query_base);
            }
            if (!empty($GLOBALS['show_as_php'])) {
                $query_base = '$sql  = \'' . $query_base;
            } elseif (!empty($GLOBALS['validatequery'])) {
                $query_base = PMA_validateSQL($query_base);
            } else {
                if (isset($parsed_sql)) {
                    $query_base = PMA_formatSql($parsed_sql, $query_base);
                }
            }
            // Prepares links that may be displayed to edit/explain the query
            // (don't go to default pages, we must go to the page
            // where the query box is available)
            // (also, I don't see why we should check the goto variable)
            //if (!isset($GLOBALS['goto'])) {
            //$edit_target = (isset($GLOBALS['table'])) ? $cfg['DefaultTabTable'] : $cfg['DefaultTabDatabase'];
            $edit_target = isset($GLOBALS['db']) ? isset($GLOBALS['table']) ? 'tbl_properties.php' : 'db_details.php' : 'server_sql.php';
            //} elseif ($GLOBALS['goto'] != 'main.php') {
            //    $edit_target = $GLOBALS['goto'];
            //} else {
            //    $edit_target = '';
            //}
            if (isset($cfg['SQLQuery']['Edit']) && $cfg['SQLQuery']['Edit'] == true && !empty($edit_target)) {
                if ($cfg['EditInWindow'] == true) {
                    $onclick = 'window.parent.focus_querywindow(\'' . PMA_jsFormat($local_query, false) . '\'); return false;';
                } else {
                    $onclick = '';
                }
                $edit_link = $edit_target . $url_qpart . '&amp;sql_query=' . urlencode($local_query) . '&amp;show_query=1#querybox';
                $edit_link = ' [' . PMA_linkOrButton($edit_link, $GLOBALS['strEdit'], array('onclick' => $onclick)) . ']';
            } else {
                $edit_link = '';
            }
            // Want to have the query explained (Mike Beck 2002-05-22)
            // but only explain a SELECT (that has not been explained)
            /* SQL-Parser-Analyzer */
            if (isset($cfg['SQLQuery']['Explain']) && $cfg['SQLQuery']['Explain'] == true) {
                // Detect if we are validating as well
                // To preserve the validate uRL data
                if (!empty($GLOBALS['validatequery'])) {
                    $explain_link_validate = '&amp;validatequery=1';
                } else {
                    $explain_link_validate = '';
                }
                $explain_link = 'import.php' . $url_qpart . $explain_link_validate . '&amp;sql_query=';
                if (preg_match('@^SELECT[[:space:]]+@i', $local_query)) {
                    $explain_link .= urlencode('EXPLAIN ' . $local_query);
                    $message = $GLOBALS['strExplain'];
                } elseif (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $local_query)) {
                    $explain_link .= urlencode(substr($local_query, 8));
                    $message = $GLOBALS['strNoExplain'];
                } else {
                    $explain_link = '';
                }
                if (!empty($explain_link)) {
                    $explain_link = ' [' . PMA_linkOrButton($explain_link, $message) . ']';
                }
            } else {
                $explain_link = '';
            }
            //show explain
            // Also we would like to get the SQL formed in some nice
            // php-code (Mike Beck 2002-05-22)
            if (isset($cfg['SQLQuery']['ShowAsPHP']) && $cfg['SQLQuery']['ShowAsPHP'] == true) {
                $php_link = 'import.php' . $url_qpart . '&amp;show_query=1' . '&amp;sql_query=' . urlencode($local_query) . '&amp;show_as_php=';
                if (!empty($GLOBALS['show_as_php'])) {
                    $php_link .= '0';
                    $message = $GLOBALS['strNoPhp'];
                } else {
                    $php_link .= '1';
                    $message = $GLOBALS['strPhp'];
                }
                $php_link = ' [' . PMA_linkOrButton($php_link, $message) . ']';
                if (isset($GLOBALS['show_as_php']) && $GLOBALS['show_as_php'] == '1') {
                    $runquery_link = 'import.php' . $url_qpart . '&amp;show_query=1' . '&amp;sql_query=' . urlencode($local_query);
                    $php_link .= ' [' . PMA_linkOrButton($runquery_link, $GLOBALS['strRunQuery']) . ']';
                }
            } else {
                $php_link = '';
            }
            //show as php
            // Refresh query
            if (isset($cfg['SQLQuery']['Refresh']) && $cfg['SQLQuery']['Refresh'] && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $local_query)) {
                $refresh_link = 'import.php' . $url_qpart . '&amp;show_query=1' . (isset($_GET['pos']) ? '&amp;pos=' . $_GET['pos'] : '') . '&amp;sql_query=' . urlencode($local_query);
                $refresh_link = ' [' . PMA_linkOrButton($refresh_link, $GLOBALS['strRefresh']) . ']';
            } else {
                $refresh_link = '';
            }
            //show as php
            if (isset($cfg['SQLValidator']['use']) && $cfg['SQLValidator']['use'] == true && isset($cfg['SQLQuery']['Validate']) && $cfg['SQLQuery']['Validate'] == true) {
                $validate_link = 'import.php' . $url_qpart . '&amp;show_query=1' . '&amp;sql_query=' . urlencode($local_query) . '&amp;validatequery=';
                if (!empty($GLOBALS['validatequery'])) {
                    $validate_link .= '0';
                    $validate_message = $GLOBALS['strNoValidateSQL'];
                } else {
                    $validate_link .= '1';
                    $validate_message = $GLOBALS['strValidateSQL'];
                }
                $validate_link = ' [' . PMA_linkOrButton($validate_link, $validate_message) . ']';
            } else {
                $validate_link = '';
            }
            //validator
            unset($local_query);
            // Displays the message
            echo '<fieldset class="">' . "\n";
            echo '    <legend>' . $GLOBALS['strSQLQuery'] . ':</legend>';
            echo '    ' . $query_base;
            //Clean up the end of the PHP
            if (!empty($GLOBALS['show_as_php'])) {
                echo '\';';
            }
            echo '</fieldset>' . "\n";
            if (!empty($edit_target)) {
                echo '<fieldset class="tblFooters">';
                echo $edit_link . $explain_link . $php_link . $refresh_link . $validate_link;
                echo '</fieldset>';
            }
        }
        ?>
</div><br />
        <?php 
    }
Ejemplo n.º 6
0
 /**
  * Prepare the message and the query
  * usually the message is the result of the query executed
  *
  * @param string  $message   the message to display
  * @param string  $sql_query the query to display
  * @param string  $type      the type (level) of the message
  * @param boolean $is_view   is this a message after a VIEW operation?
  *
  * @return string
  *
  * @access  public
  */
 public static function getMessage($message, $sql_query = null, $type = 'notice', $is_view = false)
 {
     global $cfg;
     $retval = '';
     if (null === $sql_query) {
         if (!empty($GLOBALS['display_query'])) {
             $sql_query = $GLOBALS['display_query'];
         } elseif (!empty($GLOBALS['unparsed_sql'])) {
             $sql_query = $GLOBALS['unparsed_sql'];
         } elseif (!empty($GLOBALS['sql_query'])) {
             $sql_query = $GLOBALS['sql_query'];
         } else {
             $sql_query = '';
         }
     }
     if (isset($GLOBALS['using_bookmark_message'])) {
         $retval .= $GLOBALS['using_bookmark_message']->getDisplay();
         unset($GLOBALS['using_bookmark_message']);
     }
     // In an Ajax request, $GLOBALS['cell_align_left'] may not be defined. Hence,
     // check for it's presence before using it
     $retval .= '<div id="result_query"' . (isset($GLOBALS['cell_align_left']) ? ' style="text-align: ' . $GLOBALS['cell_align_left'] . '"' : '') . '>' . "\n";
     if ($message instanceof PMA_Message) {
         if (isset($GLOBALS['special_message'])) {
             $message->addMessage($GLOBALS['special_message']);
             unset($GLOBALS['special_message']);
         }
         $retval .= $message->getDisplay();
     } else {
         $retval .= '<div class="' . $type . '">';
         $retval .= PMA_sanitize($message);
         if (isset($GLOBALS['special_message'])) {
             $retval .= PMA_sanitize($GLOBALS['special_message']);
             unset($GLOBALS['special_message']);
         }
         $retval .= '</div>';
     }
     if ($cfg['ShowSQL'] == true && !empty($sql_query)) {
         // Html format the query to be displayed
         // If we want to show some sql code it is easiest to create it here
         /* SQL-Parser-Analyzer */
         if (!empty($GLOBALS['show_as_php'])) {
             $new_line = '\\n"<br />' . "\n" . '&nbsp;&nbsp;&nbsp;&nbsp;. "';
             $query_base = htmlspecialchars(addslashes($sql_query));
             $query_base = preg_replace('/((\\015\\012)|(\\015)|(\\012))/', $new_line, $query_base);
         } else {
             $query_base = $sql_query;
         }
         $query_too_big = false;
         if (strlen($query_base) > $cfg['MaxCharactersInDisplayedSQL']) {
             // when the query is large (for example an INSERT of binary
             // data), the parser chokes; so avoid parsing the query
             $query_too_big = true;
             $shortened_query_base = nl2br(htmlspecialchars(substr($sql_query, 0, $cfg['MaxCharactersInDisplayedSQL']) . '[...]'));
         } elseif (!empty($GLOBALS['parsed_sql']) && $query_base == $GLOBALS['parsed_sql']['raw']) {
             // (here, use "! empty" because when deleting a bookmark,
             // $GLOBALS['parsed_sql'] is set but empty
             $parsed_sql = $GLOBALS['parsed_sql'];
         } else {
             // Parse SQL if needed
             $parsed_sql = PMA_SQP_parse($query_base);
         }
         // Analyze it
         if (isset($parsed_sql) && !PMA_SQP_isError()) {
             $analyzed_display_query = PMA_SQP_analyze($parsed_sql);
             // Same as below (append LIMIT), append the remembered ORDER BY
             if ($GLOBALS['cfg']['RememberSorting'] && isset($analyzed_display_query[0]['queryflags']['select_from']) && isset($GLOBALS['sql_order_to_append'])) {
                 $query_base = $analyzed_display_query[0]['section_before_limit'] . "\n" . $GLOBALS['sql_order_to_append'] . $analyzed_display_query[0]['limit_clause'] . ' ' . $analyzed_display_query[0]['section_after_limit'];
                 // Need to reparse query
                 $parsed_sql = PMA_SQP_parse($query_base);
                 // update the $analyzed_display_query
                 $analyzed_display_query[0]['section_before_limit'] .= $GLOBALS['sql_order_to_append'];
                 $analyzed_display_query[0]['order_by_clause'] = $GLOBALS['sorted_col'];
             }
             // Here we append the LIMIT added for navigation, to
             // enable its display. Adding it higher in the code
             // to $sql_query would create a problem when
             // using the Refresh or Edit links.
             // Only append it on SELECTs.
             /**
              * @todo what would be the best to do when someone hits Refresh:
              * use the current LIMITs ?
              */
             if (isset($analyzed_display_query[0]['queryflags']['select_from']) && !empty($GLOBALS['sql_limit_to_append'])) {
                 $query_base = $analyzed_display_query[0]['section_before_limit'] . "\n" . $GLOBALS['sql_limit_to_append'] . $analyzed_display_query[0]['section_after_limit'];
                 // Need to reparse query
                 $parsed_sql = PMA_SQP_parse($query_base);
             }
         }
         if (!empty($GLOBALS['show_as_php'])) {
             $query_base = '$sql  = "' . $query_base;
         } elseif (!empty($GLOBALS['validatequery'])) {
             try {
                 $query_base = PMA_validateSQL($query_base);
             } catch (Exception $e) {
                 $retval .= PMA_Message::error(__('Failed to connect to SQL validator!'))->getDisplay();
             }
         } elseif (isset($query_base)) {
             $query_base = self::formatSql($query_base);
         }
         // Prepares links that may be displayed to edit/explain the query
         // (don't go to default pages, we must go to the page
         // where the query box is available)
         // Basic url query part
         $url_params = array();
         if (!isset($GLOBALS['db'])) {
             $GLOBALS['db'] = '';
         }
         if (strlen($GLOBALS['db'])) {
             $url_params['db'] = $GLOBALS['db'];
             if (strlen($GLOBALS['table'])) {
                 $url_params['table'] = $GLOBALS['table'];
                 $edit_link = 'tbl_sql.php';
             } else {
                 $edit_link = 'db_sql.php';
             }
         } else {
             $edit_link = 'server_sql.php';
         }
         // Want to have the query explained
         // but only explain a SELECT (that has not been explained)
         /* SQL-Parser-Analyzer */
         $explain_link = '';
         $is_select = preg_match('@^SELECT[[:space:]]+@i', $sql_query);
         if (!empty($cfg['SQLQuery']['Explain']) && !$query_too_big) {
             $explain_params = $url_params;
             // Detect if we are validating as well
             // To preserve the validate uRL data
             if (!empty($GLOBALS['validatequery'])) {
                 $explain_params['validatequery'] = 1;
             }
             if ($is_select) {
                 $explain_params['sql_query'] = 'EXPLAIN ' . $sql_query;
                 $_message = __('Explain SQL');
             } elseif (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $sql_query)) {
                 $explain_params['sql_query'] = substr($sql_query, 8);
                 $_message = __('Skip Explain SQL');
             }
             if (isset($explain_params['sql_query'])) {
                 $explain_link = 'import.php' . PMA_URL_getCommon($explain_params);
                 $explain_link = ' [' . self::linkOrButton($explain_link, $_message) . ']';
             }
         }
         //show explain
         $url_params['sql_query'] = $sql_query;
         $url_params['show_query'] = 1;
         // even if the query is big and was truncated, offer the chance
         // to edit it (unless it's enormous, see linkOrButton() )
         if (!empty($cfg['SQLQuery']['Edit'])) {
             if ($cfg['EditInWindow'] == true) {
                 $onclick = 'PMA_querywindow.focus(\'' . PMA_jsFormat($sql_query, false) . '\'); return false;';
             } else {
                 $onclick = '';
             }
             $edit_link .= PMA_URL_getCommon($url_params) . '#querybox';
             $edit_link = ' [' . self::linkOrButton($edit_link, __('Edit'), array('onclick' => $onclick, 'class' => 'disableAjax')) . ']';
         } else {
             $edit_link = '';
         }
         // Also we would like to get the SQL formed in some nice
         // php-code
         if (!empty($cfg['SQLQuery']['ShowAsPHP']) && !$query_too_big) {
             $php_params = $url_params;
             if (!empty($GLOBALS['show_as_php'])) {
                 $_message = __('Without PHP Code');
             } else {
                 $php_params['show_as_php'] = 1;
                 $_message = __('Create PHP Code');
             }
             $php_link = 'import.php' . PMA_URL_getCommon($php_params);
             $php_link = ' [' . self::linkOrButton($php_link, $_message) . ']';
             if (isset($GLOBALS['show_as_php'])) {
                 $runquery_link = 'import.php' . PMA_URL_getCommon($url_params);
                 $php_link .= ' [' . self::linkOrButton($runquery_link, __('Submit Query')) . ']';
             }
         } else {
             $php_link = '';
         }
         //show as php
         // Refresh query
         if (!empty($cfg['SQLQuery']['Refresh']) && !isset($GLOBALS['show_as_php']) && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $sql_query)) {
             $refresh_link = 'import.php' . PMA_URL_getCommon($url_params);
             $refresh_link = ' [' . self::linkOrButton($refresh_link, __('Refresh')) . ']';
         } else {
             $refresh_link = '';
         }
         //refresh
         if (!empty($cfg['SQLValidator']['use']) && !empty($cfg['SQLQuery']['Validate'])) {
             $validate_params = $url_params;
             if (!empty($GLOBALS['validatequery'])) {
                 $validate_message = __('Skip Validate SQL');
             } else {
                 $validate_params['validatequery'] = 1;
                 $validate_message = __('Validate SQL');
             }
             $validate_link = 'import.php' . PMA_URL_getCommon($validate_params);
             $validate_link = ' [' . self::linkOrButton($validate_link, $validate_message) . ']';
         } else {
             $validate_link = '';
         }
         //validator
         if (!empty($GLOBALS['validatequery'])) {
             $retval .= '<div class="sqlvalidate">';
         } else {
             $retval .= '<div class="sqlOuter">';
         }
         if ($query_too_big) {
             $retval .= $shortened_query_base;
         } else {
             $retval .= $query_base;
         }
         //Clean up the end of the PHP
         if (!empty($GLOBALS['show_as_php'])) {
             $retval .= '";';
         }
         $retval .= '</div>';
         $retval .= '<div class="tools">';
         $retval .= '<form action="sql.php" method="post">';
         $retval .= PMA_URL_getHiddenInputs($GLOBALS['db'], $GLOBALS['table']);
         $retval .= '<input type="hidden" name="sql_query" value="' . htmlspecialchars($sql_query) . '" />';
         // avoid displaying a Profiling checkbox that could
         // be checked, which would reexecute an INSERT, for example
         if (!empty($refresh_link) && self::profilingSupported()) {
             $retval .= '<input type="hidden" name="profiling_form" value="1" />';
             $retval .= self::getCheckbox('profiling', __('Profiling'), isset($_SESSION['profiling']), true);
         }
         $retval .= '</form>';
         /**
          * TODO: Should we have $cfg['SQLQuery']['InlineEdit']?
          */
         if (!empty($cfg['SQLQuery']['Edit']) && !$query_too_big) {
             $inline_edit_link = ' [' . self::linkOrButton('#', _pgettext('Inline edit query', 'Inline'), array('class' => 'inline_edit_sql')) . ']';
         } else {
             $inline_edit_link = '';
         }
         $retval .= $inline_edit_link . $edit_link . $explain_link . $php_link . $refresh_link . $validate_link;
         $retval .= '</div>';
     }
     $retval .= '</div>';
     if ($GLOBALS['is_ajax_request'] === false) {
         $retval .= '<br class="clearfloat" />';
     }
     return $retval;
 }
Ejemplo n.º 7
0
    /**
     * Tests for PMA_validateSQL SOAP
     *
     * @return void
     */
    public function testPMA_validateSQL_SOAP()
    {
        $sql_pass = "******";
        $sql_fail = "select * PMA_test";

        //the sql validatior is loaded correctly
        //follow need SOAP
        $GLOBALS['cfg']['SQLValidator']['use'] = true;
        $GLOBALS['sqlvalidator_soap'] = 'PEAR';
        $GLOBALS['sqlvalidator_error'] = false;

        //validate that the result is the same as SOAP_Client return
        //SOAP_Client is mocked with simple logic
        $this->assertTrue(
            PMA_validateSQL($sql_pass)
        );
        $this->assertFalse(
            PMA_validateSQL($sql_fail)
        );
    }
Ejemplo n.º 8
0
    /**
     * Displays a message at the top of the "main" (right) frame
     *
     * @param   string  the message to display
     *
     * @global  array   the configuration array
     *
     * @access  public
     */
    function PMA_showMessage($message)
    {
        global $cfg;
        require_once './header.inc.php';
        // Reloads the navigation frame via JavaScript if required
        if (isset($GLOBALS['reload']) && $GLOBALS['reload']) {
            echo "\n";
            $reload_url = './left.php?' . PMA_generate_common_url(isset($GLOBALS['db']) ? $GLOBALS['db'] : '', '', '&');
            ?>
<script type="text/javascript" language="javascript1.2">
<!--
if (typeof(window.parent) != 'undefined'
    && typeof(window.parent.frames['nav']) != 'undefined') {
    window.parent.frames['nav'].location.replace('<?php 
            echo $reload_url;
            ?>
&hash=' + <?php 
            echo $cfg['QueryFrame'] && $cfg['QueryFrameJS'] ? 'window.parent.frames[\'queryframe\'].document.hashform.hash.value' : "'" . md5($cfg['PmaAbsoluteUri']) . "'";
            ?>
);
}
//-->
</script>
            <?php 
            unset($GLOBALS['reload']);
        } else {
            if (!empty($GLOBALS['table']) && $cfg['ShowTooltip']) {
                $result = @PMA_mysql_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], TRUE) . '\'');
                if ($result) {
                    $tbl_status = PMA_mysql_fetch_array($result, MYSQL_ASSOC);
                    $tooltip = empty($tbl_status['Comment']) ? '' : $tbl_status['Comment'] . ' ';
                    $tooltip .= '(' . $tbl_status['Rows'] . ' ' . $GLOBALS['strRows'] . ')';
                    mysql_free_result($result);
                    $md5_tbl = md5($GLOBALS['table']);
                    echo "\n";
                    ?>
<script type="text/javascript" language="javascript1.2">
<!--
if (typeof(document.getElementById) != 'undefined'
    && typeof(window.parent.frames['nav']) != 'undefined'
    && typeof(window.parent.frames['nav'].document) != 'undefined' && typeof(window.parent.frames['nav'].document) != 'unknown'
    && (window.parent.frames['nav'].document.getElementById('<?php 
                    echo 'tbl_' . $md5_tbl;
                    ?>
'))
    && typeof(window.parent.frames['nav'].document.getElementById('<?php 
                    echo 'tbl_' . $md5_tbl;
                    ?>
')) != 'undefined'
    && typeof(window.parent.frames['nav'].document.getElementById('<?php 
                    echo 'tbl_' . $md5_tbl;
                    ?>
').title) == 'string') {
    window.parent.frames['nav'].document.getElementById('<?php 
                    echo 'tbl_' . $md5_tbl;
                    ?>
').title = '<?php 
                    echo PMA_jsFormat($tooltip, FALSE);
                    ?>
';
}
//-->
</script>
                <?php 
                }
                // end if
            }
        }
        // end if... else if
        // Checks if the table needs to be repaired after a TRUNCATE query.
        if (isset($GLOBALS['table']) && isset($GLOBALS['sql_query']) && $GLOBALS['sql_query'] == 'TRUNCATE TABLE ' . PMA_backquote($GLOBALS['table'])) {
            if (!isset($tbl_status)) {
                $result = @PMA_mysql_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], TRUE) . '\'');
                if ($result) {
                    $tbl_status = PMA_mysql_fetch_array($result, MYSQL_ASSOC);
                    mysql_free_result($result);
                }
            }
            if (isset($tbl_status) && (int) $tbl_status['Index_length'] > 1024) {
                @PMA_mysql_query('REPAIR TABLE ' . PMA_backquote($GLOBALS['table']));
            }
        }
        unset($tbl_status);
        echo "\n";
        ?>
<div align="<?php 
        echo $GLOBALS['cell_align_left'];
        ?>
">
    <table border="<?php 
        echo $cfg['Border'];
        ?>
" cellpadding="5">
    <tr>
        <td bgcolor="<?php 
        echo $cfg['ThBgcolor'];
        ?>
">
            <b><?php 
        echo $message;
        ?>
</b><br />
        </td>
    </tr>
        <?php 
        if ($cfg['ShowSQL'] == TRUE && (!empty($GLOBALS['sql_query']) || !empty($GLOBALS['display_query']))) {
            $local_query = !empty($GLOBALS['display_query']) ? $GLOBALS['display_query'] : ($cfg['SQP']['fmtType'] == 'none' && $GLOBALS['unparsed_sql'] != '' ? $GLOBALS['unparsed_sql'] : $GLOBALS['sql_query']);
            // Basic url query part
            $url_qpart = '?' . PMA_generate_common_url(isset($GLOBALS['db']) ? $GLOBALS['db'] : '', isset($GLOBALS['table']) ? $GLOBALS['table'] : '');
            echo "\n";
            ?>
    <tr>
        <td bgcolor="<?php 
            echo $cfg['BgcolorOne'];
            ?>
">
            <?php 
            echo "\n";
            // Html format the query to be displayed
            // The nl2br function isn't used because its result isn't a valid
            // xhtml1.0 statement before php4.0.5 ("<br>" and not "<br />")
            // If we want to show some sql code it is easiest to create it here
            /* SQL-Parser-Analyzer */
            $sqlnr = 1;
            if (!empty($GLOBALS['show_as_php'])) {
                $new_line = '\'<br />' . "\n" . '&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;. \' ';
            }
            if (isset($new_line)) {
                /* SQL-Parser-Analyzer */
                $query_base = PMA_sqlAddslashes(htmlspecialchars($local_query));
                /* SQL-Parser-Analyzer */
                $query_base = preg_replace("@((\r\n)|(\r)|(\n))+@", $new_line, $query_base);
            } else {
                $query_base = $local_query;
            }
            if (!empty($GLOBALS['show_as_php'])) {
                $query_base = '$sql  = \'' . $query_base;
            } else {
                if (!empty($GLOBALS['validatequery'])) {
                    $query_base = PMA_validateSQL($query_base);
                } else {
                    $parsed_sql = PMA_SQP_parse($query_base);
                    $query_base = PMA_formatSql($parsed_sql, $query_base);
                }
            }
            // Prepares links that may be displayed to edit/explain the query
            // (don't go to default pages, we must go to the page
            // where the query box is available)
            // (also, I don't see why we should check the goto variable)
            //if (!isset($GLOBALS['goto'])) {
            //$edit_target = (isset($GLOBALS['table'])) ? $cfg['DefaultTabTable'] : $cfg['DefaultTabDatabase'];
            $edit_target = isset($GLOBALS['db']) ? isset($GLOBALS['table']) ? 'tbl_properties.php' : 'db_details.php' : '';
            //} else if ($GLOBALS['goto'] != 'main.php') {
            //    $edit_target = $GLOBALS['goto'];
            //} else {
            //    $edit_target = '';
            //}
            if (isset($cfg['SQLQuery']['Edit']) && $cfg['SQLQuery']['Edit'] == TRUE && !empty($edit_target)) {
                $onclick = '';
                if ($cfg['QueryFrameJS'] && $cfg['QueryFrame']) {
                    $onclick = 'onclick="focus_querywindow(\'' . urlencode($local_query) . '\'); return false;"';
                }
                $edit_link = '&nbsp;[<a href="' . $edit_target . $url_qpart . '&amp;sql_query=' . urlencode($local_query) . '&amp;show_query=1#querybox" ' . $onclick . '>' . $GLOBALS['strEdit'] . '</a>]';
            } else {
                $edit_link = '';
            }
            // Want to have the query explained (Mike Beck 2002-05-22)
            // but only explain a SELECT (that has not been explained)
            /* SQL-Parser-Analyzer */
            if (isset($cfg['SQLQuery']['Explain']) && $cfg['SQLQuery']['Explain'] == TRUE) {
                // Detect if we are validating as well
                // To preserve the validate uRL data
                if (!empty($GLOBALS['validatequery'])) {
                    $explain_link_validate = '&amp;validatequery=1';
                } else {
                    $explain_link_validate = '';
                }
                $explain_link = '&nbsp;[<a href="sql.php' . $url_qpart . $explain_link_validate . '&amp;sql_query=';
                if (preg_match('@^SELECT[[:space:]]+@i', $local_query)) {
                    $explain_link .= urlencode('EXPLAIN ' . $local_query) . '">' . $GLOBALS['strExplain'];
                } else {
                    if (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $local_query)) {
                        $explain_link .= urlencode(substr($local_query, 8)) . '">' . $GLOBALS['strNoExplain'];
                    } else {
                        $explain_link = '';
                    }
                }
                if (!empty($explain_link)) {
                    $explain_link .= '</a>]';
                }
            } else {
                $explain_link = '';
            }
            //show explain
            // Also we would like to get the SQL formed in some nice
            // php-code (Mike Beck 2002-05-22)
            if (isset($cfg['SQLQuery']['ShowAsPHP']) && $cfg['SQLQuery']['ShowAsPHP'] == TRUE) {
                $php_link = '&nbsp;[<a href="sql.php' . $url_qpart . '&amp;show_query=1' . '&amp;sql_query=' . urlencode($local_query) . '&amp;show_as_php=';
                if (!empty($GLOBALS['show_as_php'])) {
                    $php_link .= '0">' . $GLOBALS['strNoPhp'];
                } else {
                    $php_link .= '1">' . $GLOBALS['strPhp'];
                }
                $php_link .= '</a>]';
                if (isset($GLOBALS['show_as_php']) && $GLOBALS['show_as_php'] == '1') {
                    $php_link .= '&nbsp;[<a href="sql.php' . $url_qpart . '&amp;show_query=1' . '&amp;sql_query=' . urlencode($local_query) . '">' . $GLOBALS['strRunQuery'] . '</a>]';
                }
            } else {
                $php_link = '';
            }
            //show as php
            if (isset($cfg['SQLValidator']['use']) && $cfg['SQLValidator']['use'] == TRUE && isset($cfg['SQLQuery']['Validate']) && $cfg['SQLQuery']['Validate'] == TRUE) {
                $validate_link = '&nbsp;[<a href="sql.php' . $url_qpart . '&amp;show_query=1' . '&amp;sql_query=' . urlencode($local_query) . '&amp;validatequery=';
                if (!empty($GLOBALS['validatequery'])) {
                    $validate_link .= '0">' . $GLOBALS['strNoValidateSQL'];
                } else {
                    $validate_link .= '1">' . $GLOBALS['strValidateSQL'];
                }
                $validate_link .= '</a>]';
            } else {
                $validate_link = '';
            }
            //validator
            // Displays the message
            echo '            ' . $GLOBALS['strSQLQuery'] . '&nbsp;:';
            if (!empty($edit_target)) {
                echo $edit_link . $explain_link . $php_link . $validate_link;
            }
            echo '<br />' . "\n";
            echo '            ' . $query_base;
            // If a 'LIMIT' clause has been programatically added to the query
            // displays it
            if (!empty($GLOBALS['sql_limit_to_append'])) {
                if (!empty($GLOBALS['show_as_php'])) {
                    echo $GLOBALS['sql_limit_to_append'];
                } else {
                    if (!empty($GLOBALS['validatequery'])) {
                        // skip the extra bit here
                    } else {
                        echo '&nbsp;' . PMA_formatSql(PMA_SQP_parse($GLOBALS['sql_limit_to_append'], $GLOBALS['sql_limit_to_append']));
                    }
                }
            }
            unset($local_query);
            //Clean up the end of the PHP
            if (!empty($GLOBALS['show_as_php'])) {
                echo '\';';
            }
            echo "\n";
            ?>
        </td>
    </tr>
           <?php 
        }
        echo "\n";
        ?>
    </table>
</div><br />
        <?php 
    }