function testCheckParameter()
{
$GLOBALS['PMA_PHP_SELF'] = PMA_getenv('PHP_SELF');
$GLOBALS['pmaThemePath'] = $_SESSION['PMA_Theme']->getPath();
$GLOBALS['db'] = "dbDatabase";
$GLOBALS['table'] = "tblTable";
$GLOBALS['field'] = "test_field";
$GLOBALS['sql_query'] = "SELECT * FROM tblTable;";
$this->expectOutputString("");
PMA_checkParameters(array('db', 'table', 'field', 'sql_query'), false);
}
}
// If we didn't get any parameters, either user called this directly, or
// upload limit has been reached, let's assume the second possibility.
if ($_POST == array() && $_GET == array()) {
require_once './libraries/header.inc.php';
$message = PMA_Message::error(__('You probably tried to upload too large file. Please refer to %sdocumentation%s for ways to workaround this limit.'));
$message->addParam('[a@./Documentation.html#faq1_16@_blank]');
$message->addParam('[/a]');
// so we can obtain the message
$_SESSION['Import_message']['message'] = $message->getDisplay();
$_SESSION['Import_message']['go_back_url'] = $goto;
$message->display();
require './libraries/footer.inc.php';
}
// Check needed parameters
PMA_checkParameters(array('import_type', 'format'));
// We don't want anything special in format
$format = PMA_securePath($format);
// Import functions
require_once './libraries/import.lib.php';
// Create error and goto url
if ($import_type == 'table') {
$err_url = 'tbl_import.php?' . PMA_generate_common_url($db, $table);
$_SESSION['Import_message']['go_back_url'] = $err_url;
$goto = 'tbl_import.php';
} elseif ($import_type == 'database') {
$err_url = 'db_import.php?' . PMA_generate_common_url($db);
$_SESSION['Import_message']['go_back_url'] = $err_url;
$goto = 'db_import.php';
} elseif ($import_type == 'server') {
$err_url = 'server_import.php?' . PMA_generate_common_url();
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* display selection for relational field values
*
* @package PhpMyAdmin
*/
/**
* Gets a core script and starts output buffering work
*/
require_once './libraries/common.inc.php';
PMA_checkParameters(array('db', 'table', 'field'));
require_once './libraries/ob.lib.php';
PMA_outBufferPre();
require_once './libraries/header_http.inc.php';
/**
* Displays the frame
*/
require_once './libraries/transformations.lib.php';
// Transformations
$cfgRelation = PMA_getRelationsParam();
$foreigners = $cfgRelation['relwork'] ? PMA_getForeigners($db, $table) : false;
$override_total = true;
if (!isset($pos)) {
$pos = 0;
}
$foreign_limit = 'LIMIT ' . $pos . ', ' . $GLOBALS['cfg']['MaxRows'] . ' ';
if (isset($foreign_navig) && $foreign_navig == __('Show all')) {
unset($foreign_limit);
}
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
*
* @version $Id: db_create.php 11982 2008-11-24 10:32:56Z nijel $
* @package phpMyAdmin
*/
/**
* Gets some core libraries
*/
require_once './libraries/common.inc.php';
$GLOBALS['js_include'][] = 'functions.js';
require_once './libraries/mysql_charsets.lib.php';
PMA_checkParameters(array('new_db'));
/**
* Defines the url to return to in case of error in a sql statement
*/
$err_url = 'main.php?' . PMA_generate_common_url();
/**
* Builds and executes the db creation sql query
*/
$sql_query = 'CREATE DATABASE ' . PMA_backquote($new_db);
if (!empty($db_collation)) {
list($db_charset) = explode('_', $db_collation);
if (in_array($db_charset, $mysql_charsets) && in_array($db_collation, $mysql_collations[$db_charset])) {
$sql_query .= ' DEFAULT' . PMA_generateCharsetQueryPart($db_collation);
}
unset($db_charset, $db_collation);
}
$sql_query .= ';';
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* @todo too much die here, or?
* @version $Id: export.php 12897 2009-08-30 12:43:07Z lem9 $
* @package phpMyAdmin
*/
/**
* Get the variables sent or posted to this script and a core script
*/
require_once './libraries/common.inc.php';
require_once './libraries/zip.lib.php';
require_once './libraries/plugin_interface.lib.php';
PMA_checkParameters(array('what', 'export_type'));
// Scan plugins
$export_list = PMA_getPlugins('./libraries/export/', array('export_type' => $export_type, 'single_table' => isset($single_table)));
// Backward compatbility
$type = $what;
// Check export type
if (!isset($export_list[$type])) {
die('Bad type!');
}
/**
* valid compression methods
*/
$compression_methods = array('zip', 'gzip', 'bzip');
/**
* init and variable checking
*/
$compression = false;
if (! empty($book_sql_query)) {
$GLOBALS['using_bookmark_message'] = PMA_message::notice(__('Using bookmark "%s" as default browse query.'));
$GLOBALS['using_bookmark_message']->addParam($table);
$GLOBALS['using_bookmark_message']->addMessage(PMA_showDocu('faq6_22'));
$sql_query = $book_sql_query;
} else {
$sql_query = 'SELECT * FROM ' . PMA_backquote($table);
}
unset($book_sql_query);
// set $goto to what will be displayed if query returns 0 rows
$goto = 'tbl_structure.php';
} else {
// Now we can check the parameters
PMA_checkParameters(array('sql_query'));
}
// instead of doing the test twice
$is_drop_database = preg_match(
'/DROP[[:space:]]+(DATABASE|SCHEMA)[[:space:]]+/i',
$sql_query
);
/**
* Check rights in case of DROP DATABASE
*
* This test may be bypassed if $is_js_confirmed = 1 (already checked with js)
* but since a malicious user may pass this variable by url/form, we don't take
* into account this case.
*/
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
*
* @package PhpMyAdmin
*/
if (!defined('PHPMYADMIN')) {
exit;
}
/**
* Check parameters
*/
require_once './libraries/common.inc.php';
require_once './libraries/server_common.inc.php';
PMA_checkParameters(array('is_superuser', 'url_query'), true, false);
// Don't print all these links if in an Ajax request
if (!$GLOBALS['is_ajax_request']) {
/**
* Counts amount of navigation tabs
*/
$server_links_count_tabs = 0;
/**
* Put something in $sub_part
*/
if (!isset($sub_part)) {
$sub_part = '';
}
/**
* Displays tab links
* Put the links we assume are used less, towards the end
<?php
/* $Id: tbl_replace.php 9497 2006-10-04 12:59:10Z nijel $ */
// vim: expandtab sw=4 ts=4 sts=4:
/**
* Gets some core libraries
*/
require_once './libraries/common.lib.php';
// Check parameters
PMA_checkParameters(array('db', 'table', 'goto'));
PMA_DBI_select_db($db);
/**
* Initializes some variables
*/
// Defines the url to return in case of success of the query
if (isset($sql_query)) {
$sql_query = urldecode($sql_query);
}
if (!isset($dontlimitchars)) {
$dontlimitchars = 0;
}
if (!isset($pos)) {
$pos = 0;
}
$is_gotofile = FALSE;
if (isset($after_insert) && $after_insert == 'new_insert') {
$goto = 'tbl_change.php?' . PMA_generate_common_url($db, $table, '&') . '&goto=' . urlencode($goto) . '&pos=' . $pos . '&session_max_rows=' . $session_max_rows . '&disp_direction=' . $disp_direction . '&repeat_cells=' . $repeat_cells . '&dontlimitchars=' . $dontlimitchars . '&after_insert=' . $after_insert . (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
} elseif (isset($after_insert) && $after_insert == 'same_insert') {
$goto = 'tbl_change.php?' . PMA_generate_common_url($db, $table, '&') . '&goto=' . urlencode($goto) . '&pos=' . $pos . '&session_max_rows=' . $session_max_rows . '&disp_direction=' . $disp_direction . '&repeat_cells=' . $repeat_cells . '&dontlimitchars=' . $dontlimitchars . '&after_insert=' . $after_insert . (empty($sql_query) ? '' : '&sql_query=' . urlencode($sql_query));
if (isset($primary_key)) {
foreach ($primary_key as $pk) {
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Provides download to a given field defined in parameters.
* @package phpMyAdmin
*/
/**
* Common functions.
*/
require_once './libraries/common.inc.php';
require_once './libraries/mime.lib.php';
/* Check parameters */
PMA_checkParameters(array('db', 'table', 'where_clause', 'transform_key'));
/* Select database */
if (!PMA_DBI_select_db($db)) {
PMA_mysqlDie(sprintf(__('\'%s\' database does not exist.'), htmlspecialchars($db)), '', '');
}
/* Check if table exists */
if (!PMA_DBI_get_columns($db, $table)) {
PMA_mysqlDie(__('Invalid table name'));
}
/* Grab data */
$sql = 'SELECT ' . PMA_backquote($transform_key) . ' FROM ' . PMA_backquote($table) . ' WHERE ' . $where_clause . ';';
$result = PMA_DBI_fetch_value($sql);
/* Check return code */
if ($result === false) {
PMA_mysqlDie(__('MySQL returned an empty result set (i.e. zero rows).'), $sql);
}
/* Avoid corrupting data */
@ini_set('url_rewriter.tags', '');
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
*
* @version $Id: server_links.inc.php 12952 2009-09-12 11:17:56Z lem9 $
* @package phpMyAdmin
*/
if (!defined('PHPMYADMIN')) {
exit;
}
/**
* Check parameters
*/
require_once './libraries/common.inc.php';
require_once './libraries/server_common.inc.php';
PMA_checkParameters(array('is_superuser', 'url_query'), TRUE, FALSE);
/**
* Counts amount of navigation tabs
*/
$server_links_count_tabs = 0;
/**
* Put something in $sub_part
*/
if (!isset($sub_part)) {
$sub_part = '';
}
/**
* Displays tab links
*/
$tabs = array();
$tabs['databases']['icon'] = 's_db.png';
<?php
/* $Id: tbl_replace_fields.inc.php 8301 2006-01-17 17:03:02Z cybot_tm $ */
// vim: expandtab sw=4 ts=4 sts=4:
// note: grab_globals has extracted the fields from _FILES
// or HTTP_POST_FILES
// Check parameters
require_once './libraries/common.lib.php';
PMA_checkParameters(array('db', 'encoded_key'));
// f i e l d u p l o a d e d f r o m a f i l e
// garvin: original if-clause checked, whether input was stored in a possible fields_upload_XX var.
// Now check, if the field is set. If it is empty or a malicious file, do not alter fields contents.
// If an empty or invalid file is specified, the binary data gets deleter. Maybe a nice
// new text-variable is appropriate to document this behaviour.
// garvin: security cautions! You could trick the form and submit any file the webserver has access to
// for upload to a binary field. Shouldn't be that easy! ;)
// garvin: default is to advance to the field-value parsing. Will only be set to true when a
// binary file is uploaded, thus bypassing further manipulation of $val.
$check_stop = false;
// Check if a multi-edit row was found
${'me_fields_upload_' . $encoded_key} = isset($enc_primary_key) && isset(${'fields_upload_' . $encoded_key}['multi_edit']) ? ${'fields_upload_' . $encoded_key}['multi_edit'][$enc_primary_key] : (isset(${'fields_upload_' . $encoded_key}) ? ${'fields_upload_' . $encoded_key} : null);
${'me_fields_uploadlocal_' . $encoded_key} = isset($enc_primary_key) && isset(${'fields_uploadlocal_' . $encoded_key}['multi_edit']) ? ${'fields_uploadlocal_' . $encoded_key}['multi_edit'][$enc_primary_key] : (isset(${'fields_uploadlocal_' . $encoded_key}) ? ${'fields_uploadlocal_' . $encoded_key} : null);
if (isset(${'me_fields_upload_' . $encoded_key}) && ${'me_fields_upload_' . $encoded_key} != 'none') {
// garvin: This fields content is a blob-file upload.
if (!empty(${'me_fields_upload_' . $encoded_key})) {
// garvin: The blob-field is not empty. Check what we have there.
$data_file = ${'me_fields_upload_' . $encoded_key};
if (is_uploaded_file($data_file)) {
// garvin: A valid uploaded file is found. Look into the file...
$val = fread(fopen($data_file, 'rb'), filesize($data_file));
// nijel: This is probably the best way how to put binary data
<?php
/* $Id: tbl_query_box.php,v 2.29.2.1 2005/01/24 00:23:19 lem9 Exp $ */
// vim: expandtab sw=4 ts=4 sts=4:
// Check parameters
require_once './libraries/common.lib.php';
require_once './libraries/bookmark.lib.php';
$upload_dir_error = '';
// I don't see the purpose of the first 2 conditions
//if (!($cfg['QueryFrame'] && $cfg['QueryFrameJS'] && isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'sql' || $querydisplay_tab == 'full'))) {
if (!(isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'sql' || $querydisplay_tab == 'full'))) {
PMA_checkParameters(array('db', 'table', 'url_query'));
}
/**
* Defines the query to be displayed in the query textarea
*/
if (isset($show_query) && $show_query == '1') {
// This script has been called by read_dump.php
if (isset($sql_query_cpy)) {
$query_to_display = $sql_query_cpy;
} else {
$query_to_display = $sql_query;
}
} else {
$query_to_display = '';
}
unset($sql_query);
/**
* Get the list and number of fields
*/
$fields_cnt = 0;
* @version 1.0
* @package BLOBStreaming
*/
/**
* Core library.
*/
require_once './libraries/common.inc.php';
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
// retrieve BS server variables from PMA configuration
$bs_server = $PMA_Config->get('BLOBSTREAMING_SERVER');
if (empty($bs_server)) {
die('No blob streaming server configured!');
}
// Check URL parameters
PMA_checkParameters(array('reference', 'c_type'));
// Increase time limit, because fetching blob might take some time
set_time_limit(0);
$reference = $_REQUEST['reference'];
/*
* FIXME: Maybe it would be better to check MIME type against whitelist as
* this code sems to support only few MIME types (check
* function PMA_BS_CreateReferenceLink in libraries/blobstreaming.lib.php).
*/
$c_type = preg_replace('/[^A-Za-z0-9/_-]/', '_', $_REQUEST['c_type']);
$filename = 'http://' . $bs_server . '/' . $reference;
$hdrs = get_headers($filename, 1);
if ($hdrs === FALSE) {
die('Failed to fetch headers');
}
$fHnd = fopen($filename, "rb");
<?php
/* $Id: server_links.inc.php,v 2.2 2003/11/26 22:52:24 rabus Exp $ */
// vim: expandtab sw=4 ts=4 sts=4:
// Check parameters
require_once './libraries/common.lib.php';
PMA_checkParameters(array('is_superuser', 'url_query'));
/**
* Counts amount of navigation tabs
*/
$server_links_count_tabs = 0;
/**
* Put something in $sub_part
*/
if (!isset($sub_part)) {
$sub_part = '';
}
/**
* Prepares links
*/
if ($is_superuser) {
$cfg['ShowMysqlInfo'] = TRUE;
$cfg['ShowMysqlVars'] = TRUE;
}
/**
* Displays a message
*/
if (!empty($message)) {
PMA_showMessage($message);
}
/**
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
*
* @version $Id: header_printview.inc.php 11378 2008-07-09 15:24:44Z lem9 $
*/
if (!defined('PHPMYADMIN')) {
exit;
}
/**
* Gets a core script and starts output buffering work
*/
require_once './libraries/common.inc.php';
require_once './libraries/ob.lib.php';
PMA_outBufferPre();
// Check parameters
PMA_checkParameters(array('db', 'full_sql_query'));
// garvin: For re-usability, moved http-headers
// to a seperate file. It can now be included by libraries/header.inc.php,
// querywindow.php.
require_once './libraries/header_http.inc.php';
/**
* Sends the beginning of the html page then returns to the calling script
*/
// Defines the cell alignment values depending on text direction
if ($text_dir == 'ltr') {
$cell_align_left = 'left';
$cell_align_right = 'right';
} else {
$cell_align_left = 'right';
$cell_align_right = 'left';
}
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Display form for changing/adding table fields/columns
*
* included by tbl_addfield.php, -_alter.php, -_create.php
* @package phpMyAdmin
*/
if (!defined('PHPMYADMIN')) {
exit;
}
/**
* Check parameters
*/
require_once './libraries/common.inc.php';
PMA_checkParameters(array('db', 'table', 'action', 'num_fields'));
// Get available character sets and storage engines
require_once './libraries/mysql_charsets.lib.php';
require_once './libraries/StorageEngine.class.php';
/**
* Class for partition management
*/
require_once './libraries/Partition.class.php';
if (is_int($cfg['DefaultPropDisplay'])) {
if ($num_fields <= $cfg['DefaultPropDisplay']) {
$display_type = 'vertical';
} else {
$display_type = 'horizontal';
}
} else {
$display_type = $cfg['DefaultPropDisplay'];
PMA_mysqlDie('', '', '', $err_url, FALSE);
// garvin: An error happened while inserting/updating a table definition.
// to prevent total loss of that data, we embed the form once again.
// The variable $regenerate will be used to restore data in tbl_properties.inc.php
if (isset($orig_field)) {
$field = $orig_field;
}
$regenerate = true;
}
}
/**
* No modifications yet required -> displays the table fields
*/
if ($abort == FALSE) {
if (!isset($selected)) {
PMA_checkParameters(array('field'));
$selected[] = $field;
$selected_cnt = 1;
} else {
// from a multiple submit
$selected_cnt = count($selected);
}
// TODO: optimize in case of multiple fields to modify
for ($i = 0; $i < $selected_cnt; $i++) {
if (!empty($submit_mult)) {
$field = PMA_sqlAddslashes(urldecode($selected[$i]), TRUE);
} else {
$field = PMA_sqlAddslashes($selected[$i], TRUE);
}
$result = PMA_DBI_query('SHOW FULL FIELDS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($db) . ' LIKE \'' . $field . '\';');
$fields_meta[] = PMA_DBI_fetch_assoc($result);
$tooltip_aliasname[$table['Name']] = $table['Name'];
} else {
$tooltip_truename[$table['Name']] = $table['Name'];
$tooltip_aliasname[$table['Name']] = $table['Comment'];
}
if (isset($table['Create_time']) && !empty($table['Create_time'])) {
$tooltip_aliasname[$table['Name']] .= ', ' . $GLOBALS['strStatCreateTime'] . ': ' . PMA_localisedDate(strtotime($table['Create_time']));
}
if (!empty($table['Update_time'])) {
$tooltip_aliasname[$table['Name']] .= ', ' . $GLOBALS['strStatUpdateTime'] . ': ' . PMA_localisedDate(strtotime($table['Update_time']));
}
if (!empty($table['Check_time'])) {
$tooltip_aliasname[$table['Name']] .= ', ' . $GLOBALS['strStatCheckTime'] . ': ' . PMA_localisedDate(strtotime($table['Check_time']));
}
}
PMA_checkParameters(array('db'));
/**
* @global bool whether to display extended stats
*/
$is_show_stats = $cfg['ShowStats'];
/**
* @global bool whether selected db is information_schema
*/
$db_is_information_schema = false;
if ($db == 'information_schema') {
$is_show_stats = false;
$db_is_information_schema = true;
}
/**
* @global array information about tables in db
*/
<?php
/* $Id: export.php,v 2.18.2.1 2005/01/23 23:23:57 nijel Exp $ */
// vim: expandtab sw=4 ts=4 sts=4:
/**
* Get the variables sent or posted to this script and a core script
*/
require_once './libraries/grab_globals.lib.php';
require_once './libraries/common.lib.php';
require_once './libraries/zip.lib.php';
PMA_checkParameters(array('what'));
// What type of export are we doing?
if ($what == 'excel') {
$type = 'csv';
} else {
$type = $what;
}
// Get the functions specific to the export type
require './libraries/export/' . PMA_securePath($type) . '.php';
// Generate error url
if ($export_type == 'server') {
$err_url = 'server_export.php?' . PMA_generate_common_url();
} elseif ($export_type == 'database') {
$err_url = 'db_details_export.php?' . PMA_generate_common_url($db);
} else {
$err_url = 'tbl_properties_export.php?' . PMA_generate_common_url($db, $table);
}
/**
* Increase time limit for script execution and initializes some variables
*/
@set_time_limit($cfg['ExecTimeLimit']);
