/**
* Test for checkParameters
*
* @return void
*/
function testCheckParameter()
{
$GLOBALS['PMA_PHP_SELF'] = PMA_getenv('PHP_SELF');
$GLOBALS['pmaThemePath'] = $_SESSION['PMA_Theme']->getPath();
$GLOBALS['db'] = "dbDatabase";
$GLOBALS['table'] = "tblTable";
$GLOBALS['field'] = "test_field";
$GLOBALS['sql_query'] = "SELECT * FROM tblTable;";
$this->expectOutputString("");
PMA_Util::checkParameters(array('db', 'table', 'field', 'sql_query'));
}
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Display form for changing/adding table fields/columns.
* Included by tbl_addfield.php and tbl_create.php
*
* @package PhpMyAdmin
*/
if (!defined('PHPMYADMIN')) {
exit;
}
/**
* Check parameters
*/
require_once './libraries/Util.class.php';
PMA_Util::checkParameters(array('server', 'db', 'table', 'action', 'num_fields'));
/**
* Initialize to avoid code execution path warnings
*/
if (!isset($num_fields)) {
$num_fields = 0;
}
if (!isset($mime_map)) {
$mime_map = null;
}
if (!isset($columnMeta)) {
$columnMeta = array();
}
if (!isset($content_cells)) {
$content_cells = array();
}
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Common includes for the table level views
*
* @package PhpMyAdmin
*/
if (!defined('PHPMYADMIN')) {
exit;
}
/**
* Gets some core libraries
*/
require_once './libraries/bookmark.lib.php';
// Check parameters
PMA_Util::checkParameters(array('db', 'table'));
$db_is_system_schema = $GLOBALS['dbi']->isSystemSchema($db);
/**
* Set parameters for links
* @deprecated
*/
$url_query = PMA_URL_getCommon(array('db' => $db, 'table' => $table));
/**
* Set parameters for links
*/
$url_params = array();
$url_params['db'] = $db;
$url_params['table'] = $table;
/**
* Defines the urls to return to in case of error in a sql statement
*/
/**
* Check ajax request to set the column order and visibility
*/
if (isset($_REQUEST['set_col_prefs']) && $_REQUEST['set_col_prefs'] == true) {
PMA_setColumnOrderOrVisibility($table, $db);
// script has exited at this point
}
// Default to browse if no query set and we have table
// (needed for browsing from DefaultTabTable)
if (empty($sql_query) && strlen($table) && strlen($db)) {
$sql_query = PMA_getDefaultSqlQueryForBrowse($db, $table);
// set $goto to what will be displayed if query returns 0 rows
$goto = '';
} else {
// Now we can check the parameters
PMA_Util::checkParameters(array('sql_query'));
}
/**
* Parse and analyze the query
*/
require_once 'libraries/parse_analyze.inc.php';
/**
* Check rights in case of DROP DATABASE
*
* This test may be bypassed if $is_js_confirmed = 1 (already checked with js)
* but since a malicious user may pass this variable by url/form, we don't take
* into account this case.
*/
if (PMA_hasNoRightsToDropDatabase($analyzed_sql_results, $cfg['AllowUserDropDatabase'], $is_superuser)) {
PMA_Util::mysqlDie(__('"DROP DATABASE" statements are disabled.'), '', '', $err_url);
}
/**
* Get the HTML for the header of the page in print view if print view is selected.
* Otherwise returns null.
*
* @param string $db current database
* @param string $sql_query current sql query
* @param int $num_rows the number of rows in result
*
* @return string $header html for the header
*/
function PMA_getHtmlForPrintViewHeader($db, $sql_query, $num_rows)
{
$response = PMA_Response::getInstance();
$header = $response->getHeader();
if (isset($_REQUEST['printview']) && $_REQUEST['printview'] == '1') {
PMA_Util::checkParameters(array('db', 'sql_query'));
$header->enablePrintView();
if ($GLOBALS['cfg']['Server']['verbose']) {
$hostname = $GLOBALS['cfg']['Server']['verbose'];
} else {
$hostname = $GLOBALS['cfg']['Server']['host'];
if (!empty($GLOBALS['cfg']['Server']['port'])) {
$hostname .= $GLOBALS['cfg']['Server']['port'];
}
}
$versions = "phpMyAdmin " . PMA_VERSION;
$versions .= " / ";
$versions .= "MySQL " . PMA_MYSQL_STR_VERSION;
$print_view_header = '';
$print_view_header .= "<h1>" . __('SQL result') . "</h1>";
$print_view_header .= "<p>";
$print_view_header .= "<strong>" . __('Host:') . "</strong> {$hostname}<br />";
$print_view_header .= "<strong>" . __('Database:') . "</strong> " . htmlspecialchars($db) . "<br />";
$print_view_header .= "<strong>" . __('Generation Time:') . "</strong> " . PMA_Util::localisedDate() . "<br />";
$print_view_header .= "<strong>" . __('Generated by:') . "</strong> {$versions}<br />";
$print_view_header .= "<strong>" . __('SQL query:') . "</strong> " . htmlspecialchars($sql_query) . ";";
if (isset($num_rows)) {
$print_view_header .= "<br />";
$print_view_header .= "<strong>" . __('Rows:') . "</strong> {$num_rows}";
}
$print_view_header .= "</p>";
} else {
$print_view_header = null;
}
return $print_view_header;
}
*/
if (!in_array($format, array('csv', 'ldi', 'mediawiki', 'ods', 'shp', 'sql', 'xml'))) {
// this should not happen for a normal user
// but only during an attack
PMA_fatalError('Incorrect format parameter');
}
$post_patterns = array('/^force_file_/', '/^' . $format . '_/');
foreach (array_keys($_POST) as $post_key) {
foreach ($post_patterns as $one_post_pattern) {
if (preg_match($one_post_pattern, $post_key)) {
$GLOBALS[$post_key] = $_POST[$post_key];
}
}
}
// Check needed parameters
PMA_Util::checkParameters(array('import_type', 'format'));
// We don't want anything special in format
$format = PMA_securePath($format);
// Import functions
require_once 'libraries/import.lib.php';
// Create error and goto url
if ($import_type == 'table') {
$err_url = 'tbl_import.php?' . PMA_URL_getCommon($db, $table);
$_SESSION['Import_message']['go_back_url'] = $err_url;
$goto = 'tbl_import.php';
} elseif ($import_type == 'database') {
$err_url = 'db_import.php?' . PMA_URL_getCommon($db);
$_SESSION['Import_message']['go_back_url'] = $err_url;
$goto = 'db_import.php';
} elseif ($import_type == 'server') {
$err_url = 'server_import.php?' . PMA_URL_getCommon();
/**
* Sets globals from $_POST
*
* - Please keep the parameters in order of their appearance in the form
* - Some of these parameters are not used, as the code below directly
* verifies from the superglobal $_POST or $_REQUEST
*/
$post_params = array('db', 'table', 'single_table', 'export_type', 'export_method', 'quick_or_custom', 'db_select', 'table_select', 'limit_to', 'limit_from', 'allrows', 'output_format', 'filename_template', 'maxsize', 'remember_template', 'charset_of_file', 'compression', 'what', 'knjenc', 'xkana', 'htmlword_structure_or_data', 'htmlword_null', 'htmlword_columns', 'mediawiki_headers', 'mediawiki_structure_or_data', 'mediawiki_caption', 'pdf_structure_or_data', 'odt_structure_or_data', 'odt_relation', 'odt_comments', 'odt_mime', 'odt_columns', 'odt_null', 'codegen_structure_or_data', 'codegen_format', 'excel_null', 'excel_removeCRLF', 'excel_columns', 'excel_edition', 'excel_structure_or_data', 'yaml_structure_or_data', 'ods_null', 'ods_structure_or_data', 'ods_columns', 'json_structure_or_data', 'xml_structure_or_data', 'xml_export_events', 'xml_export_functions', 'xml_export_procedures', 'xml_export_tables', 'xml_export_triggers', 'xml_export_views', 'xml_export_contents', 'texytext_structure_or_data', 'texytext_columns', 'texytext_null', 'phparray_structure_or_data', 'sql_include_comments', 'sql_header_comment', 'sql_dates', 'sql_relation', 'sql_mime', 'sql_use_transaction', 'sql_disable_fk', 'sql_compatibility', 'sql_structure_or_data', 'sql_create_database', 'sql_drop_table', 'sql_procedure_function', 'sql_create_table_statements', 'sql_create_table', 'sql_create_view', 'sql_create_trigger', 'sql_if_not_exists', 'sql_auto_increment', 'sql_backquotes', 'sql_truncate', 'sql_delayed', 'sql_ignore', 'sql_type', 'sql_insert_syntax', 'sql_max_query_size', 'sql_hex_for_binary', 'sql_utc_time', 'sql_drop_database', 'sql_views_as_tables', 'csv_separator', 'csv_enclosed', 'csv_escaped', 'csv_terminated', 'csv_null', 'csv_removeCRLF', 'csv_columns', 'csv_structure_or_data', 'latex_caption', 'latex_structure_or_data', 'latex_structure_caption', 'latex_structure_continued_caption', 'latex_structure_label', 'latex_relation', 'latex_comments', 'latex_mime', 'latex_columns', 'latex_data_caption', 'latex_data_continued_caption', 'latex_data_label', 'latex_null');
foreach ($post_params as $one_post_param) {
if (isset($_POST[$one_post_param])) {
$GLOBALS[$one_post_param] = $_POST[$one_post_param];
}
}
// sanitize this parameter which will be used below in a file inclusion
$what = PMA_securePath($what);
PMA_Util::checkParameters(array('what', 'export_type'));
// export class instance, not array of properties, as before
$export_plugin = PMA_getPlugin("export", $what, 'libraries/plugins/export/', array('export_type' => $export_type, 'single_table' => isset($single_table)));
// Backward compatibility
$type = $what;
// Check export type
if (!isset($export_plugin)) {
PMA_fatalError(__('Bad type!'));
}
/**
* valid compression methods
*/
$compression_methods = array('zip', 'gzip');
/**
* init and variable checking
*/
*/
if (!defined('PHPMYADMIN')) {
exit;
}
/**
* limits for table list
*/
if (!isset($_SESSION['tmp_user_values']['table_limit_offset']) || $_SESSION['tmp_user_values']['table_limit_offset_db'] != $db) {
$_SESSION['tmp_user_values']['table_limit_offset'] = 0;
$_SESSION['tmp_user_values']['table_limit_offset_db'] = $db;
}
if (isset($_REQUEST['pos'])) {
$_SESSION['tmp_user_values']['table_limit_offset'] = (int) $_REQUEST['pos'];
}
$pos = $_SESSION['tmp_user_values']['table_limit_offset'];
PMA_Util::checkParameters(array('db'));
/**
* @global bool whether to display extended stats
*/
$is_show_stats = $cfg['ShowStats'];
/**
* @global bool whether selected db is information_schema
*/
$db_is_information_schema = false;
if (PMA_is_system_schema($db)) {
$is_show_stats = false;
$db_is_information_schema = true;
}
/**
* @global array information about tables in db
*/
/**
* Handles some variables that may have been sent by the calling script
* Note: this can be called also from the db panel to get the privileges of
* a db, in which case we want to keep displaying the tabs of
* the Database panel
*/
if (empty($viewing_mode)) {
$db = $table = '';
}
/**
* Set parameters for links
*/
$url_query = PMA_generate_common_url($db);
/**
* Defines the urls to return to in case of error in a sql statement
*/
$err_url = 'index.php' . $url_query;
/**
* @global boolean Checks for superuser privileges
*/
$is_superuser = PMA_isSuperuser();
// now, select the mysql db
if ($is_superuser && !PMA_DRIZZLE) {
PMA_DBI_select_db('mysql', $userlink);
}
/**
* @global array binary log files
*/
$binary_logs = PMA_DRIZZLE ? null : PMA_DBI_fetch_result('SHOW MASTER LOGS', 'Log_name', null, null, PMA_DBI_QUERY_STORE);
PMA_Util::checkParameters(array('is_superuser', 'url_query'), false);
if (isset($_REQUEST['orig_field'])) {
$_REQUEST['field'] = $_REQUEST['orig_field'];
}
$regenerate = true;
}
}
/**
* No modifications yet required -> displays the table fields
*
* $selected comes from multi_submits.inc.php
*/
if ($abort == false) {
if (! isset($selected)) {
PMA_Util::checkParameters(array('field'));
$selected[] = $_REQUEST['field'];
$selected_cnt = 1;
} else { // from a multiple submit
$selected_cnt = count($selected);
}
/**
* @todo optimize in case of multiple fields to modify
*/
for ($i = 0; $i < $selected_cnt; $i++) {
$fields_meta[] = PMA_DBI_get_columns($db, $table, $selected[$i], true);
}
$num_fields = count($fields_meta);
$action = 'tbl_alter.php';
if (!empty($sql_data) && $sql_data['valid_queries'] > 1) {
$_SESSION['is_multi_query'] = true;
echo getTableHtmlForMultipleQueries($displayResultsObject, $db, $sql_data, $goto, $pmaThemeImage, $text_dir, $printview, $url_query, $disp_mode, $sql_limit_to_append, false);
} else {
$_SESSION['is_multi_query'] = false;
$displayResultsObject->setProperties($unlim_num_rows, $fields_meta, $is_count, $is_export, $is_func, $is_analyse, $num_rows, $fields_cnt, $querytime, $pmaThemeImage, $text_dir, $is_maint, $is_explain, $is_show, $showtable, $printview, $url_query, false);
echo $displayResultsObject->getTable($result, $disp_mode, $analyzed_sql);
exit;
}
}
// Displays the headers
if (isset($show_query)) {
unset($show_query);
}
if (isset($printview) && $printview == '1') {
PMA_Util::checkParameters(array('db', 'full_sql_query'));
$response = PMA_Response::getInstance();
$header = $response->getHeader();
$header->enablePrintView();
$hostname = '';
if ($cfg['Server']['verbose']) {
$hostname = $cfg['Server']['verbose'];
} else {
$hostname = $cfg['Server']['host'];
if (!empty($cfg['Server']['port'])) {
$hostname .= $cfg['Server']['port'];
}
}
$versions = "phpMyAdmin " . PMA_VERSION;
$versions .= " / ";
$versions .= "MySQL " . PMA_MYSQL_STR_VERSION;
/**
* Common functions.
*/
require_once 'libraries/common.inc.php';
require_once 'libraries/mime.lib.php';
/**
* Sets globals from $_GET
*/
$get_params = array('where_clause', 'transform_key');
foreach ($get_params as $one_get_param) {
if (isset($_GET[$one_get_param])) {
$GLOBALS[$one_get_param] = $_GET[$one_get_param];
}
}
/* Check parameters */
PMA_Util::checkParameters(array('db', 'table', 'where_clause', 'transform_key'));
/* Select database */
if (!PMA_DBI_select_db($db)) {
PMA_Util::mysqlDie(sprintf(__('\'%s\' database does not exist.'), htmlspecialchars($db)), '', '');
}
/* Check if table exists */
if (!PMA_DBI_get_columns($db, $table)) {
PMA_Util::mysqlDie(__('Invalid table name'));
}
/* Grab data */
$sql = 'SELECT ' . PMA_Util::backquote($transform_key) . ' FROM ' . PMA_Util::backquote($table) . ' WHERE ' . $where_clause . ';';
$result = PMA_DBI_fetch_value($sql);
/* Check return code */
if ($result === false) {
PMA_Util::mysqlDie(__('MySQL returned an empty result set (i.e. zero rows).'), $sql);
}
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Display form for changing/adding table fields/columns.
* Included by tbl_addfield.php and tbl_create.php
*
* @package PhpMyAdmin
*/
if (!defined('PHPMYADMIN')) {
exit;
}
/**
* Check parameters
*/
require_once './libraries/Util.class.php';
PMA_Util::checkParameters(['db', 'table', 'action', 'num_fields']);
// Get available character sets and storage engines
require_once './libraries/mysql_charsets.lib.php';
require_once './libraries/StorageEngine.class.php';
/**
* Class for partition management
*/
require_once './libraries/Partition.class.php';
/**
* We are in transition between old-style echo and new-style PMA_Response
* so this script generates $html and at the bottom, either echos it
* or uses addHTML on it.
*
* Initialize $html in case this variable was used by a caller
* (yes, this script should be refactored into functions)
*/
include 'libraries/db_common.inc.php';
include 'libraries/db_info.inc.php';
}
$response = PMA_Response::getInstance();
$header = $response->getHeader();
$header->enablePrintView();
/**
* Gets the relations settings
*/
$cfgRelation = PMA_getRelationsParam();
require_once 'libraries/transformations.lib.php';
require_once 'libraries/Index.class.php';
/**
* Check parameters
*/
PMA_Util::checkParameters(['db']);
/**
* Defines the url to return to in case of error in a sql statement
*/
if (strlen($table)) {
$err_url = 'tbl_sql.php?' . PMA_generate_common_url($db, $table);
} else {
$err_url = 'db_sql.php?' . PMA_generate_common_url($db);
}
if ($cfgRelation['commwork']) {
$comment = PMA_getDbComment($db);
/**
* Displays DB comment
*/
if ($comment) {
echo '<p>' . __('Database comment: ') . '<i>' . htmlspecialchars($comment) . '</i></p>';
