function testCheckParameter() { $GLOBALS['PMA_PHP_SELF'] = PMA_getenv('PHP_SELF'); $GLOBALS['pmaThemePath'] = $_SESSION['PMA_Theme']->getPath(); $GLOBALS['db'] = "dbDatabase"; $GLOBALS['table'] = "tblTable"; $GLOBALS['field'] = "test_field"; $GLOBALS['sql_query'] = "SELECT * FROM tblTable;"; $this->expectOutputString(""); PMA_checkParameters(array('db', 'table', 'field', 'sql_query'), false); }
} // If we didn't get any parameters, either user called this directly, or // upload limit has been reached, let's assume the second possibility. if ($_POST == array() && $_GET == array()) { require_once './libraries/header.inc.php'; $message = PMA_Message::error(__('You probably tried to upload too large file. Please refer to %sdocumentation%s for ways to workaround this limit.')); $message->addParam('[a@./Documentation.html#faq1_16@_blank]'); $message->addParam('[/a]'); // so we can obtain the message $_SESSION['Import_message']['message'] = $message->getDisplay(); $_SESSION['Import_message']['go_back_url'] = $goto; $message->display(); require './libraries/footer.inc.php'; } // Check needed parameters PMA_checkParameters(array('import_type', 'format')); // We don't want anything special in format $format = PMA_securePath($format); // Import functions require_once './libraries/import.lib.php'; // Create error and goto url if ($import_type == 'table') { $err_url = 'tbl_import.php?' . PMA_generate_common_url($db, $table); $_SESSION['Import_message']['go_back_url'] = $err_url; $goto = 'tbl_import.php'; } elseif ($import_type == 'database') { $err_url = 'db_import.php?' . PMA_generate_common_url($db); $_SESSION['Import_message']['go_back_url'] = $err_url; $goto = 'db_import.php'; } elseif ($import_type == 'server') { $err_url = 'server_import.php?' . PMA_generate_common_url();
<?php /* vim: set expandtab sw=4 ts=4 sts=4: */ /** * display selection for relational field values * * @package PhpMyAdmin */ /** * Gets a core script and starts output buffering work */ require_once './libraries/common.inc.php'; PMA_checkParameters(array('db', 'table', 'field')); require_once './libraries/ob.lib.php'; PMA_outBufferPre(); require_once './libraries/header_http.inc.php'; /** * Displays the frame */ require_once './libraries/transformations.lib.php'; // Transformations $cfgRelation = PMA_getRelationsParam(); $foreigners = $cfgRelation['relwork'] ? PMA_getForeigners($db, $table) : false; $override_total = true; if (!isset($pos)) { $pos = 0; } $foreign_limit = 'LIMIT ' . $pos . ', ' . $GLOBALS['cfg']['MaxRows'] . ' '; if (isset($foreign_navig) && $foreign_navig == __('Show all')) { unset($foreign_limit); }
<?php /* vim: set expandtab sw=4 ts=4 sts=4: */ /** * * @version $Id: db_create.php 11982 2008-11-24 10:32:56Z nijel $ * @package phpMyAdmin */ /** * Gets some core libraries */ require_once './libraries/common.inc.php'; $GLOBALS['js_include'][] = 'functions.js'; require_once './libraries/mysql_charsets.lib.php'; PMA_checkParameters(array('new_db')); /** * Defines the url to return to in case of error in a sql statement */ $err_url = 'main.php?' . PMA_generate_common_url(); /** * Builds and executes the db creation sql query */ $sql_query = 'CREATE DATABASE ' . PMA_backquote($new_db); if (!empty($db_collation)) { list($db_charset) = explode('_', $db_collation); if (in_array($db_charset, $mysql_charsets) && in_array($db_collation, $mysql_collations[$db_charset])) { $sql_query .= ' DEFAULT' . PMA_generateCharsetQueryPart($db_collation); } unset($db_charset, $db_collation); } $sql_query .= ';';
<?php /* vim: set expandtab sw=4 ts=4 sts=4: */ /** * @todo too much die here, or? * @version $Id: export.php 12897 2009-08-30 12:43:07Z lem9 $ * @package phpMyAdmin */ /** * Get the variables sent or posted to this script and a core script */ require_once './libraries/common.inc.php'; require_once './libraries/zip.lib.php'; require_once './libraries/plugin_interface.lib.php'; PMA_checkParameters(array('what', 'export_type')); // Scan plugins $export_list = PMA_getPlugins('./libraries/export/', array('export_type' => $export_type, 'single_table' => isset($single_table))); // Backward compatbility $type = $what; // Check export type if (!isset($export_list[$type])) { die('Bad type!'); } /** * valid compression methods */ $compression_methods = array('zip', 'gzip', 'bzip'); /** * init and variable checking */ $compression = false;
if (! empty($book_sql_query)) { $GLOBALS['using_bookmark_message'] = PMA_message::notice(__('Using bookmark "%s" as default browse query.')); $GLOBALS['using_bookmark_message']->addParam($table); $GLOBALS['using_bookmark_message']->addMessage(PMA_showDocu('faq6_22')); $sql_query = $book_sql_query; } else { $sql_query = 'SELECT * FROM ' . PMA_backquote($table); } unset($book_sql_query); // set $goto to what will be displayed if query returns 0 rows $goto = 'tbl_structure.php'; } else { // Now we can check the parameters PMA_checkParameters(array('sql_query')); } // instead of doing the test twice $is_drop_database = preg_match( '/DROP[[:space:]]+(DATABASE|SCHEMA)[[:space:]]+/i', $sql_query ); /** * Check rights in case of DROP DATABASE * * This test may be bypassed if $is_js_confirmed = 1 (already checked with js) * but since a malicious user may pass this variable by url/form, we don't take * into account this case. */
<?php /* vim: set expandtab sw=4 ts=4 sts=4: */ /** * * @package PhpMyAdmin */ if (!defined('PHPMYADMIN')) { exit; } /** * Check parameters */ require_once './libraries/common.inc.php'; require_once './libraries/server_common.inc.php'; PMA_checkParameters(array('is_superuser', 'url_query'), true, false); // Don't print all these links if in an Ajax request if (!$GLOBALS['is_ajax_request']) { /** * Counts amount of navigation tabs */ $server_links_count_tabs = 0; /** * Put something in $sub_part */ if (!isset($sub_part)) { $sub_part = ''; } /** * Displays tab links * Put the links we assume are used less, towards the end
<?php /* $Id: tbl_replace.php 9497 2006-10-04 12:59:10Z nijel $ */ // vim: expandtab sw=4 ts=4 sts=4: /** * Gets some core libraries */ require_once './libraries/common.lib.php'; // Check parameters PMA_checkParameters(array('db', 'table', 'goto')); PMA_DBI_select_db($db); /** * Initializes some variables */ // Defines the url to return in case of success of the query if (isset($sql_query)) { $sql_query = urldecode($sql_query); } if (!isset($dontlimitchars)) { $dontlimitchars = 0; } if (!isset($pos)) { $pos = 0; } $is_gotofile = FALSE; if (isset($after_insert) && $after_insert == 'new_insert') { $goto = 'tbl_change.php?' . PMA_generate_common_url($db, $table, '&') . '&goto=' . urlencode($goto) . '&pos=' . $pos . '&session_max_rows=' . $session_max_rows . '&disp_direction=' . $disp_direction . '&repeat_cells=' . $repeat_cells . '&dontlimitchars=' . $dontlimitchars . '&after_insert=' . $after_insert . (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query)); } elseif (isset($after_insert) && $after_insert == 'same_insert') { $goto = 'tbl_change.php?' . PMA_generate_common_url($db, $table, '&') . '&goto=' . urlencode($goto) . '&pos=' . $pos . '&session_max_rows=' . $session_max_rows . '&disp_direction=' . $disp_direction . '&repeat_cells=' . $repeat_cells . '&dontlimitchars=' . $dontlimitchars . '&after_insert=' . $after_insert . (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query)); if (isset($primary_key)) { foreach ($primary_key as $pk) {
<?php /* vim: set expandtab sw=4 ts=4 sts=4: */ /** * Provides download to a given field defined in parameters. * @package phpMyAdmin */ /** * Common functions. */ require_once './libraries/common.inc.php'; require_once './libraries/mime.lib.php'; /* Check parameters */ PMA_checkParameters(array('db', 'table', 'where_clause', 'transform_key')); /* Select database */ if (!PMA_DBI_select_db($db)) { PMA_mysqlDie(sprintf(__('\'%s\' database does not exist.'), htmlspecialchars($db)), '', ''); } /* Check if table exists */ if (!PMA_DBI_get_columns($db, $table)) { PMA_mysqlDie(__('Invalid table name')); } /* Grab data */ $sql = 'SELECT ' . PMA_backquote($transform_key) . ' FROM ' . PMA_backquote($table) . ' WHERE ' . $where_clause . ';'; $result = PMA_DBI_fetch_value($sql); /* Check return code */ if ($result === false) { PMA_mysqlDie(__('MySQL returned an empty result set (i.e. zero rows).'), $sql); } /* Avoid corrupting data */ @ini_set('url_rewriter.tags', '');
/* vim: set expandtab sw=4 ts=4 sts=4: */ /** * * @version $Id: server_links.inc.php 12952 2009-09-12 11:17:56Z lem9 $ * @package phpMyAdmin */ if (!defined('PHPMYADMIN')) { exit; } /** * Check parameters */ require_once './libraries/common.inc.php'; require_once './libraries/server_common.inc.php'; PMA_checkParameters(array('is_superuser', 'url_query'), TRUE, FALSE); /** * Counts amount of navigation tabs */ $server_links_count_tabs = 0; /** * Put something in $sub_part */ if (!isset($sub_part)) { $sub_part = ''; } /** * Displays tab links */ $tabs = array(); $tabs['databases']['icon'] = 's_db.png';
<?php /* $Id: tbl_replace_fields.inc.php 8301 2006-01-17 17:03:02Z cybot_tm $ */ // vim: expandtab sw=4 ts=4 sts=4: // note: grab_globals has extracted the fields from _FILES // or HTTP_POST_FILES // Check parameters require_once './libraries/common.lib.php'; PMA_checkParameters(array('db', 'encoded_key')); // f i e l d u p l o a d e d f r o m a f i l e // garvin: original if-clause checked, whether input was stored in a possible fields_upload_XX var. // Now check, if the field is set. If it is empty or a malicious file, do not alter fields contents. // If an empty or invalid file is specified, the binary data gets deleter. Maybe a nice // new text-variable is appropriate to document this behaviour. // garvin: security cautions! You could trick the form and submit any file the webserver has access to // for upload to a binary field. Shouldn't be that easy! ;) // garvin: default is to advance to the field-value parsing. Will only be set to true when a // binary file is uploaded, thus bypassing further manipulation of $val. $check_stop = false; // Check if a multi-edit row was found ${'me_fields_upload_' . $encoded_key} = isset($enc_primary_key) && isset(${'fields_upload_' . $encoded_key}['multi_edit']) ? ${'fields_upload_' . $encoded_key}['multi_edit'][$enc_primary_key] : (isset(${'fields_upload_' . $encoded_key}) ? ${'fields_upload_' . $encoded_key} : null); ${'me_fields_uploadlocal_' . $encoded_key} = isset($enc_primary_key) && isset(${'fields_uploadlocal_' . $encoded_key}['multi_edit']) ? ${'fields_uploadlocal_' . $encoded_key}['multi_edit'][$enc_primary_key] : (isset(${'fields_uploadlocal_' . $encoded_key}) ? ${'fields_uploadlocal_' . $encoded_key} : null); if (isset(${'me_fields_upload_' . $encoded_key}) && ${'me_fields_upload_' . $encoded_key} != 'none') { // garvin: This fields content is a blob-file upload. if (!empty(${'me_fields_upload_' . $encoded_key})) { // garvin: The blob-field is not empty. Check what we have there. $data_file = ${'me_fields_upload_' . $encoded_key}; if (is_uploaded_file($data_file)) { // garvin: A valid uploaded file is found. Look into the file... $val = fread(fopen($data_file, 'rb'), filesize($data_file)); // nijel: This is probably the best way how to put binary data
<?php /* $Id: tbl_query_box.php,v 2.29.2.1 2005/01/24 00:23:19 lem9 Exp $ */ // vim: expandtab sw=4 ts=4 sts=4: // Check parameters require_once './libraries/common.lib.php'; require_once './libraries/bookmark.lib.php'; $upload_dir_error = ''; // I don't see the purpose of the first 2 conditions //if (!($cfg['QueryFrame'] && $cfg['QueryFrameJS'] && isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'sql' || $querydisplay_tab == 'full'))) { if (!(isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'sql' || $querydisplay_tab == 'full'))) { PMA_checkParameters(array('db', 'table', 'url_query')); } /** * Defines the query to be displayed in the query textarea */ if (isset($show_query) && $show_query == '1') { // This script has been called by read_dump.php if (isset($sql_query_cpy)) { $query_to_display = $sql_query_cpy; } else { $query_to_display = $sql_query; } } else { $query_to_display = ''; } unset($sql_query); /** * Get the list and number of fields */ $fields_cnt = 0;
* @version 1.0 * @package BLOBStreaming */ /** * Core library. */ require_once './libraries/common.inc.php'; // load PMA configuration $PMA_Config = $_SESSION['PMA_Config']; // retrieve BS server variables from PMA configuration $bs_server = $PMA_Config->get('BLOBSTREAMING_SERVER'); if (empty($bs_server)) { die('No blob streaming server configured!'); } // Check URL parameters PMA_checkParameters(array('reference', 'c_type')); // Increase time limit, because fetching blob might take some time set_time_limit(0); $reference = $_REQUEST['reference']; /* * FIXME: Maybe it would be better to check MIME type against whitelist as * this code sems to support only few MIME types (check * function PMA_BS_CreateReferenceLink in libraries/blobstreaming.lib.php). */ $c_type = preg_replace('/[^A-Za-z0-9/_-]/', '_', $_REQUEST['c_type']); $filename = 'http://' . $bs_server . '/' . $reference; $hdrs = get_headers($filename, 1); if ($hdrs === FALSE) { die('Failed to fetch headers'); } $fHnd = fopen($filename, "rb");
<?php /* $Id: server_links.inc.php,v 2.2 2003/11/26 22:52:24 rabus Exp $ */ // vim: expandtab sw=4 ts=4 sts=4: // Check parameters require_once './libraries/common.lib.php'; PMA_checkParameters(array('is_superuser', 'url_query')); /** * Counts amount of navigation tabs */ $server_links_count_tabs = 0; /** * Put something in $sub_part */ if (!isset($sub_part)) { $sub_part = ''; } /** * Prepares links */ if ($is_superuser) { $cfg['ShowMysqlInfo'] = TRUE; $cfg['ShowMysqlVars'] = TRUE; } /** * Displays a message */ if (!empty($message)) { PMA_showMessage($message); } /**
/* vim: set expandtab sw=4 ts=4 sts=4: */ /** * * @version $Id: header_printview.inc.php 11378 2008-07-09 15:24:44Z lem9 $ */ if (!defined('PHPMYADMIN')) { exit; } /** * Gets a core script and starts output buffering work */ require_once './libraries/common.inc.php'; require_once './libraries/ob.lib.php'; PMA_outBufferPre(); // Check parameters PMA_checkParameters(array('db', 'full_sql_query')); // garvin: For re-usability, moved http-headers // to a seperate file. It can now be included by libraries/header.inc.php, // querywindow.php. require_once './libraries/header_http.inc.php'; /** * Sends the beginning of the html page then returns to the calling script */ // Defines the cell alignment values depending on text direction if ($text_dir == 'ltr') { $cell_align_left = 'left'; $cell_align_right = 'right'; } else { $cell_align_left = 'right'; $cell_align_right = 'left'; }
/* vim: set expandtab sw=4 ts=4 sts=4: */ /** * Display form for changing/adding table fields/columns * * included by tbl_addfield.php, -_alter.php, -_create.php * @package phpMyAdmin */ if (!defined('PHPMYADMIN')) { exit; } /** * Check parameters */ require_once './libraries/common.inc.php'; PMA_checkParameters(array('db', 'table', 'action', 'num_fields')); // Get available character sets and storage engines require_once './libraries/mysql_charsets.lib.php'; require_once './libraries/StorageEngine.class.php'; /** * Class for partition management */ require_once './libraries/Partition.class.php'; if (is_int($cfg['DefaultPropDisplay'])) { if ($num_fields <= $cfg['DefaultPropDisplay']) { $display_type = 'vertical'; } else { $display_type = 'horizontal'; } } else { $display_type = $cfg['DefaultPropDisplay'];
PMA_mysqlDie('', '', '', $err_url, FALSE); // garvin: An error happened while inserting/updating a table definition. // to prevent total loss of that data, we embed the form once again. // The variable $regenerate will be used to restore data in tbl_properties.inc.php if (isset($orig_field)) { $field = $orig_field; } $regenerate = true; } } /** * No modifications yet required -> displays the table fields */ if ($abort == FALSE) { if (!isset($selected)) { PMA_checkParameters(array('field')); $selected[] = $field; $selected_cnt = 1; } else { // from a multiple submit $selected_cnt = count($selected); } // TODO: optimize in case of multiple fields to modify for ($i = 0; $i < $selected_cnt; $i++) { if (!empty($submit_mult)) { $field = PMA_sqlAddslashes(urldecode($selected[$i]), TRUE); } else { $field = PMA_sqlAddslashes($selected[$i], TRUE); } $result = PMA_DBI_query('SHOW FULL FIELDS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($db) . ' LIKE \'' . $field . '\';'); $fields_meta[] = PMA_DBI_fetch_assoc($result);
$tooltip_aliasname[$table['Name']] = $table['Name']; } else { $tooltip_truename[$table['Name']] = $table['Name']; $tooltip_aliasname[$table['Name']] = $table['Comment']; } if (isset($table['Create_time']) && !empty($table['Create_time'])) { $tooltip_aliasname[$table['Name']] .= ', ' . $GLOBALS['strStatCreateTime'] . ': ' . PMA_localisedDate(strtotime($table['Create_time'])); } if (!empty($table['Update_time'])) { $tooltip_aliasname[$table['Name']] .= ', ' . $GLOBALS['strStatUpdateTime'] . ': ' . PMA_localisedDate(strtotime($table['Update_time'])); } if (!empty($table['Check_time'])) { $tooltip_aliasname[$table['Name']] .= ', ' . $GLOBALS['strStatCheckTime'] . ': ' . PMA_localisedDate(strtotime($table['Check_time'])); } } PMA_checkParameters(array('db')); /** * @global bool whether to display extended stats */ $is_show_stats = $cfg['ShowStats']; /** * @global bool whether selected db is information_schema */ $db_is_information_schema = false; if ($db == 'information_schema') { $is_show_stats = false; $db_is_information_schema = true; } /** * @global array information about tables in db */
<?php /* $Id: export.php,v 2.18.2.1 2005/01/23 23:23:57 nijel Exp $ */ // vim: expandtab sw=4 ts=4 sts=4: /** * Get the variables sent or posted to this script and a core script */ require_once './libraries/grab_globals.lib.php'; require_once './libraries/common.lib.php'; require_once './libraries/zip.lib.php'; PMA_checkParameters(array('what')); // What type of export are we doing? if ($what == 'excel') { $type = 'csv'; } else { $type = $what; } // Get the functions specific to the export type require './libraries/export/' . PMA_securePath($type) . '.php'; // Generate error url if ($export_type == 'server') { $err_url = 'server_export.php?' . PMA_generate_common_url(); } elseif ($export_type == 'database') { $err_url = 'db_details_export.php?' . PMA_generate_common_url($db); } else { $err_url = 'tbl_properties_export.php?' . PMA_generate_common_url($db, $table); } /** * Increase time limit for script execution and initializes some variables */ @set_time_limit($cfg['ExecTimeLimit']);