/**
* Wraps link in <a> tags and replaces argument separator in internal links
* to the one returned by PMA_get_arg_separator()
*
* @param string $link
* @param string $text
* @return string
*/
function PMA_lang_link_replace($link, $text)
{
static $separator;
if (!isset($separator)) {
$separator = PMA_get_arg_separator('html');
}
if (!preg_match('#^https?://#', $link)) {
$link = str_replace('&', $separator, $link);
} else {
$link = PMA_linkURL($link);
}
return '<a href="' . $link . '">' . $text . '</a>';
}
/**
* Processes forms registered in $form_display, handles error correction
*
* @param FormDisplay $form_display
*/
function process_formset(FormDisplay $form_display)
{
if (filter_input(INPUT_GET, 'mode') == 'revert') {
// revert erroneous fields to their default values
$form_display->fixErrors();
// drop post data
header('HTTP/1.1 303 See Other');
header('Location: index.php');
exit;
}
if (!$form_display->process(false)) {
// handle form view and failed POST
$form_display->display(true, true);
} else {
// check for form errors
if ($form_display->hasErrors()) {
// form has errors, show warning
$separator = PMA_get_arg_separator('html');
$page = filter_input(INPUT_GET, 'page');
$formset = filter_input(INPUT_GET, 'formset');
$formset = $formset ? "{$separator}formset=$formset" : '';
$id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);
if ($id === null && $page == 'servers') {
// we've just added a new server, get it's id
$id = ConfigFile::getInstance()->getServerCount();
}
$id = $id ? "{$separator}id=$id" : '';
?>
<div class="error">
<h4><?php echo __('Warning') ?></h4>
<?php echo __('Submitted form contains errors') ?><br />
<a href="?page=<?php echo $page . $formset . $id . $separator ?>mode=revert"><?php echo __('Try to revert erroneous fields to their default values') ?></a>
</div>
<?php $form_display->displayErrors() ?>
<a class="btn" href="index.php"><?php echo __('Ignore errors') ?></a>
<a class="btn" href="?page=<?php echo $page . $formset . $id . $separator ?>mode=edit"><?php echo __('Show form') ?></a>
<?php
} else {
// drop post data
header('HTTP/1.1 303 See Other');
header('Location: index.php');
exit;
}
}
}
exit;
}
/**
* Core libraries.
*/
require_once './libraries/display_select_lang.lib.php';
require_once './libraries/config/FormDisplay.class.php';
require_once './setup/lib/index.lib.php';
// prepare unfiltered language list
$all_languages = PMA_langList();
uasort($all_languages, 'PMA_language_cmp');
$cf = ConfigFile::getInstance();
$separator = PMA_get_arg_separator('html');
// message handling
messages_begin();
//
// Check phpMyAdmin version
//
if (isset($_GET['version_check'])) {
PMA_version_check();
}
//
// Perform various security, compatibility and consistency checks
//
perform_config_checks();
/**
* Generates text with URL parameters.
*
* <code>
* // note the ?
* echo 'script.php?' . PMA_generate_common_url('mysql', 'rights');
* // produces with cookies enabled:
* // script.php?db=mysql&table=rights
* // with cookies disabled:
* // script.php?server=1&lang=en-utf-8&db=mysql&table=rights
*
* $params['myparam'] = 'myvalue';
* $params['db'] = 'mysql';
* $params['table'] = 'rights';
* // note the missing ?
* echo 'script.php' . PMA_generate_common_url($params);
* // produces with cookies enabled:
* // script.php?myparam=myvalue&db=mysql&table=rights
* // with cookies disabled:
* // script.php?server=1&lang=en-utf-8&myparam=myvalue&db=mysql&table=rights
*
* // note the missing ?
* echo 'script.php' . PMA_generate_common_url();
* // produces with cookies enabled:
* // script.php
* // with cookies disabled:
* // script.php?server=1&lang=en-utf-8
* </code>
*
* @param mixed assoc. array with url params or optional string with database name
* if first param is an array there is also an ? prefixed to the url
* @param string optional table name only if first param is array
* @param string character to use instead of '&' for deviding
* multiple URL parameters from each other
*
* @return string string with URL parameters
*
* @global string the current language
* @global string the current conversion charset
* @global string the current connection collation
* @global string the current server
* @global array the configuration array
* @global boolean whether recoding is allowed or not
*
* @access public
*
* @author nijel
*/
function PMA_generate_common_url($db = '', $table = '', $delim = '&')
{
if (is_array($db)) {
$params =& $db;
$delim = empty($table) ? $delim : $table;
$questionmark = '?';
} else {
$params = array();
if (strlen($db)) {
$params['db'] = $db;
}
if (strlen($table)) {
$params['table'] = $table;
}
$questionmark = '';
}
// use seperators defined by php, but prefer ';'
// as recommended by W3C
$separator = PMA_get_arg_separator();
// check wether to htmlentity the separator or not
if ($delim === '&') {
$delim = htmlentities($separator);
} else {
$delim = $separator;
}
if (isset($GLOBALS['server']) && $GLOBALS['server'] != $GLOBALS['cfg']['ServerDefault']) {
$params['server'] = $GLOBALS['server'];
}
if (empty($_COOKIE['pma_lang']) && !empty($GLOBALS['lang'])) {
$params['lang'] = $GLOBALS['lang'];
}
if (empty($_COOKIE['pma_charset']) && !empty($GLOBALS['convcharset'])) {
$params['convcharset'] = $GLOBALS['convcharset'];
}
if (empty($_COOKIE['pma_collation_connection']) && !empty($GLOBALS['collation_connection'])) {
$params['collation_connection'] = $GLOBALS['collation_connection'];
}
$params['token'] = $_SESSION[' PMA_token '];
$param_strings = array();
foreach ($params as $key => $val) {
/* We ignore arrays as we don't use them! */
if (!is_array($val)) {
$param_strings[] = urlencode($key) . '=' . urlencode($val);
}
}
if (empty($param_strings)) {
return '';
}
return $questionmark . implode($delim, $param_strings);
}
/**
* Splits a URL string by parameter
*
* @param string $url the URL
*
* @return array the parameter/value pairs, for example [0] db=sakila
*/
function PMA_splitURLQuery($url)
{
// decode encoded url separators
$separator = PMA_get_arg_separator();
// on most places separator is still hard coded ...
if ($separator !== '&') {
// ... so always replace & with $separator
$url = str_replace(htmlentities('&'), $separator, $url);
$url = str_replace('&', $separator, $url);
}
$url = str_replace(htmlentities($separator), $separator, $url);
// end decode
$url_parts = parse_url($url);
return explode($separator, $url_parts['query']);
}
/**
* Displays a navigation bar to browse among the results of a SQL query
*
* @uses $_SESSION['tmp_user_values']['disp_direction']
* @uses $_SESSION['tmp_user_values']['repeat_cells']
* @uses $_SESSION['tmp_user_values']['max_rows']
* @uses $_SESSION['tmp_user_values']['pos']
* @param integer the offset for the "next" page
* @param integer the offset for the "previous" page
* @param string the URL-encoded query
* @param string the id for the direction dropdown
*
* @global string $db the database name
* @global string $table the table name
* @global string $goto the URL to go back in case of errors
* @global integer $num_rows the total number of rows returned by the
* SQL query
* @global integer $unlim_num_rows the total number of rows returned by the
* SQL any programmatically appended "LIMIT" clause
* @global boolean $is_innodb whether its InnoDB or not
* @global array $showtable table definitions
*
* @access private
*
* @see PMA_displayTable()
*/
function PMA_displayTableNavigation($pos_next, $pos_prev, $sql_query, $id_for_direction_dropdown)
{
global $db, $table, $goto;
global $num_rows, $unlim_num_rows;
global $is_innodb;
global $showtable;
// here, using htmlentities() would cause problems if the query
// contains accented characters
$html_sql_query = htmlspecialchars($sql_query);
/**
* @todo move this to a central place
* @todo for other future table types
*/
$is_innodb = isset($showtable['Type']) && $showtable['Type'] == 'InnoDB';
?>
<!-- Navigation bar -->
<table border="0" cellpadding="2" cellspacing="0">
<tr>
<?php
// Move to the beginning or to the previous page
if ($_SESSION['tmp_user_values']['pos'] && $_SESSION['tmp_user_values']['max_rows'] != 'all') {
PMA_displayTableNavigationOneButton('<<', $GLOBALS['strPos1'], 0, $html_sql_query);
PMA_displayTableNavigationOneButton('<', $GLOBALS['strPrevious'], $pos_prev, $html_sql_query);
}
// end move back
?>
<td>
</td>
<td align="center">
<?php
// if displaying a VIEW, $unlim_num_rows could be zero because
// of $cfg['MaxExactCountViews']; in this case, avoid passing
// the 5th parameter to checkFormElementInRange()
// (this means we can't validate the upper limit
?>
<form action="sql.php" method="post"
onsubmit="return (checkFormElementInRange(this, 'session_max_rows', '<?php
echo str_replace('\'', '\\\'', $GLOBALS['strInvalidRowNumber']);
?>
', 1) && checkFormElementInRange(this, 'pos', '<?php
echo str_replace('\'', '\\\'', $GLOBALS['strInvalidRowNumber']);
?>
', 0<?php
echo $unlim_num_rows > 0 ? ',' . $unlim_num_rows - 1 : '';
?>
))">
<?php
echo PMA_generate_common_hidden_inputs($db, $table);
?>
<input type="hidden" name="sql_query" value="<?php
echo $html_sql_query;
?>
" />
<input type="hidden" name="goto" value="<?php
echo $goto;
?>
" />
<input type="submit" name="navig" value="<?php
echo $GLOBALS['strShow'];
?>
:" />
<input type="text" name="session_max_rows" size="3" value="<?php
echo $_SESSION['tmp_user_values']['max_rows'] != 'all' ? $_SESSION['tmp_user_values']['max_rows'] : $GLOBALS['cfg']['MaxRows'];
?>
" class="textfield" onfocus="this.select()" />
<?php
echo $GLOBALS['strRowsFrom'] . "\n";
?>
<input type="text" name="pos" size="6" value="<?php
echo $pos_next >= $unlim_num_rows ? 0 : $pos_next;
?>
" class="textfield" onfocus="this.select()" />
<br />
<?php
// Display mode (horizontal/vertical and repeat headers)
$choices = array('horizontal' => $GLOBALS['strRowsModeHorizontal'], 'horizontalflipped' => $GLOBALS['strRowsModeFlippedHorizontal'], 'vertical' => $GLOBALS['strRowsModeVertical']);
$param1 = PMA_generate_html_dropdown('disp_direction', $choices, $_SESSION['tmp_user_values']['disp_direction'], $id_for_direction_dropdown);
unset($choices);
$param2 = ' <input type="text" size="3" name="repeat_cells" value="' . $_SESSION['tmp_user_values']['repeat_cells'] . '" class="textfield" />' . "\n" . ' ';
echo ' ' . sprintf($GLOBALS['strRowsModeOptions'], "\n" . $param1, "\n" . $param2) . "\n";
?>
</form>
</td>
<td>
</td>
<?php
// Move to the next page or to the last one
if ($_SESSION['tmp_user_values']['pos'] + $_SESSION['tmp_user_values']['max_rows'] < $unlim_num_rows && $num_rows >= $_SESSION['tmp_user_values']['max_rows'] && $_SESSION['tmp_user_values']['max_rows'] != 'all') {
// display the Next button
PMA_displayTableNavigationOneButton('>', $GLOBALS['strNext'], $pos_next, $html_sql_query);
// prepare some options for the End button
if ($is_innodb && $unlim_num_rows > $GLOBALS['cfg']['MaxExactCount']) {
$input_for_real_end = '<input type="hidden" name="find_real_end" value="1" />';
// no backquote around this message
$onclick = ' onclick="return confirmAction(\'' . PMA_jsFormat($GLOBALS['strLongOperation'], false) . '\')"';
} else {
$input_for_real_end = $onclick = '';
}
// display the End button
PMA_displayTableNavigationOneButton('>>', $GLOBALS['strEnd'], @((ceil($unlim_num_rows / $_SESSION['tmp_user_values']['max_rows']) - 1) * $_SESSION['tmp_user_values']['max_rows']), $html_sql_query, 'onsubmit="return ' . ($_SESSION['tmp_user_values']['pos'] + $_SESSION['tmp_user_values']['max_rows'] < $unlim_num_rows && $num_rows >= $_SESSION['tmp_user_values']['max_rows'] ? 'true' : 'false') . '"', $input_for_real_end, $onclick);
}
// end move toward
//page redirection
// (unless we are showing all records)
if ('all' != $_SESSION['tmp_user_values']['max_rows']) {
//if1
$pageNow = @floor($_SESSION['tmp_user_values']['pos'] / $_SESSION['tmp_user_values']['max_rows']) + 1;
$nbTotalPage = @ceil($unlim_num_rows / $_SESSION['tmp_user_values']['max_rows']);
if ($nbTotalPage > 1) {
//if2
?>
<td>
</td>
<td>
<?php
//<form> for keep the form alignment of button < and <<
?>
<form action="none">
<?php
$_url_params = array('db' => $db, 'table' => $table, 'sql_query' => $sql_query, 'goto' => $goto);
echo PMA_pageselector('sql.php' . PMA_generate_common_url($_url_params) . PMA_get_arg_separator('js'), $_SESSION['tmp_user_values']['max_rows'], $pageNow, $nbTotalPage, 200, 5, 5, 20, 10, $GLOBALS['strPageNumber']);
?>
</form>
</td>
<?php
}
//_if2
}
//_if1
// Display the "Show all" button if allowed
if ($GLOBALS['cfg']['ShowAll'] && $num_rows < $unlim_num_rows) {
echo "\n";
?>
<td>
</td>
<td>
<form action="sql.php" method="post">
<?php
echo PMA_generate_common_hidden_inputs($db, $table);
?>
<input type="hidden" name="sql_query" value="<?php
echo $html_sql_query;
?>
" />
<input type="hidden" name="pos" value="0" />
<input type="hidden" name="session_max_rows" value="all" />
<input type="hidden" name="goto" value="<?php
echo $goto;
?>
" />
<input type="submit" name="navig" value="<?php
echo $GLOBALS['strShowAll'];
?>
" />
</form>
</td>
<?php
}
// end show all
echo "\n";
?>
</tr>
</table>
<?php
}
/**
* Send HTTP header, taking IIS limits into account (600 seems ok)
*
* @param string $uri the header to send
* @param bool $use_refresh whether to use Refresh: header when running on IIS
*
* @return boolean always true
*/
function PMA_sendHeaderLocation($uri, $use_refresh = false)
{
if (PMA_IS_IIS && strlen($uri) > 600) {
include_once './libraries/js_escape.lib.php';
PMA_Response::getInstance()->disable();
echo '<html><head><title>- - -</title>' . "\n";
echo '<meta http-equiv="expires" content="0">' . "\n";
echo '<meta http-equiv="Pragma" content="no-cache">' . "\n";
echo '<meta http-equiv="Cache-Control" content="no-cache">' . "\n";
echo '<meta http-equiv="Refresh" content="0;url=' . htmlspecialchars($uri) . '">' . "\n";
echo '<script type="text/javascript">' . "\n";
echo '//<![CDATA[' . "\n";
echo 'setTimeout("window.location = unescape(\'"' . PMA_escapeJsString($uri) . '"\')", 2000);' . "\n";
echo '//]]>' . "\n";
echo '</script>' . "\n";
echo '</head>' . "\n";
echo '<body>' . "\n";
echo '<script type="text/javascript">' . "\n";
echo '//<![CDATA[' . "\n";
echo 'document.write(\'<p><a href="' . htmlspecialchars($uri) . '">' . __('Go') . '</a></p>\');' . "\n";
echo '//]]>' . "\n";
echo '</script></body></html>' . "\n";
} else {
if (SID) {
if (strpos($uri, '?') === false) {
header('Location: ' . $uri . '?' . SID);
} else {
$separator = PMA_get_arg_separator();
header('Location: ' . $uri . $separator . SID);
}
} else {
session_write_close();
if (headers_sent()) {
if (function_exists('debug_print_backtrace')) {
echo '<pre>';
debug_print_backtrace();
echo '</pre>';
}
trigger_error('PMA_sendHeaderLocation called when headers are already sent!', E_USER_ERROR);
}
// bug #1523784: IE6 does not like 'Refresh: 0', it
// results in a blank page
// but we need it when coming from the cookie login panel)
if (PMA_IS_IIS && $use_refresh) {
header('Refresh: 0; ' . $uri);
} else {
header('Location: ' . $uri);
}
}
}
}
/**
* Displays a link, or a button if the link's URL is too large, to
* accommodate some browsers' limitations
*
* @param string the URL
* @param string the link message
* @param mixed $tag_params string: js confirmation
* array: additional tag params (f.e. style="")
* @param boolean $new_form we set this to false when we are already in
* a form, to avoid generating nested forms
*
* @return string the results to be echoed or saved in an array
*/
function PMA_linkOrButton($url, $message, $tag_params = array(), $new_form = true, $strip_img = false, $target = '')
{
$url_length = strlen($url);
// with this we should be able to catch case of image upload
// into a (MEDIUM) BLOB; not worth generating even a form for these
if ($url_length > $GLOBALS['cfg']['LinkLengthLimit'] * 100) {
return '';
}
if (!is_array($tag_params)) {
$tmp = $tag_params;
$tag_params = array();
if (!empty($tmp)) {
$tag_params['onclick'] = 'return confirmLink(this, \'' . PMA_escapeJsString($tmp) . '\')';
}
unset($tmp);
}
if (!empty($target)) {
$tag_params['target'] = htmlentities($target);
}
$tag_params_strings = array();
foreach ($tag_params as $par_name => $par_value) {
// htmlspecialchars() only on non javascript
$par_value = substr($par_name, 0, 2) == 'on' ? $par_value : htmlspecialchars($par_value);
$tag_params_strings[] = $par_name . '="' . $par_value . '"';
}
if ($url_length <= $GLOBALS['cfg']['LinkLengthLimit']) {
// no whitespace within an <a> else Safari will make it part of the link
$ret = "\n" . '<a href="' . $url . '" ' . implode(' ', $tag_params_strings) . '>' . $message . '</a>' . "\n";
} else {
// no spaces (linebreaks) at all
// or after the hidden fields
// IE will display them all
// add class=link to submit button
if (empty($tag_params['class'])) {
$tag_params['class'] = 'link';
}
// decode encoded url separators
$separator = PMA_get_arg_separator();
// on most places separator is still hard coded ...
if ($separator !== '&') {
// ... so always replace & with $separator
$url = str_replace(htmlentities('&'), $separator, $url);
$url = str_replace('&', $separator, $url);
}
$url = str_replace(htmlentities($separator), $separator, $url);
// end decode
$url_parts = parse_url($url);
$query_parts = explode($separator, $url_parts['query']);
if ($new_form) {
$ret = '<form action="' . $url_parts['path'] . '" class="link"' . ' method="post"' . $target . ' style="display: inline;">';
$subname_open = '';
$subname_close = '';
$submit_name = '';
} else {
$query_parts[] = 'redirect=' . $url_parts['path'];
if (empty($GLOBALS['subform_counter'])) {
$GLOBALS['subform_counter'] = 0;
}
$GLOBALS['subform_counter']++;
$ret = '';
$subname_open = 'subform[' . $GLOBALS['subform_counter'] . '][';
$subname_close = ']';
$submit_name = ' name="usesubform[' . $GLOBALS['subform_counter'] . ']"';
}
foreach ($query_parts as $query_pair) {
list($eachvar, $eachval) = explode('=', $query_pair);
$ret .= '<input type="hidden" name="' . $subname_open . $eachvar . $subname_close . '" value="' . htmlspecialchars(urldecode($eachval)) . '" />';
}
// end while
if (stristr($message, '<img')) {
if ($strip_img) {
$message = trim(strip_tags($message));
$ret .= '<input type="submit"' . $submit_name . ' ' . implode(' ', $tag_params_strings) . ' value="' . htmlspecialchars($message) . '" />';
} else {
$displayed_message = htmlspecialchars(preg_replace('/^.*\\salt="([^"]*)".*$/si', '\\1', $message));
$ret .= '<input type="image"' . $submit_name . ' ' . implode(' ', $tag_params_strings) . ' src="' . preg_replace('/^.*\\ssrc="([^"]*)".*$/si', '\\1', $message) . '"' . ' value="' . $displayed_message . '" title="' . $displayed_message . '" />';
// Here we cannot obey PropertiesIconic completely as a
// generated link would have a length over LinkLengthLimit
// but we can at least show the message.
// If PropertiesIconic is false or 'both'
if ($GLOBALS['cfg']['PropertiesIconic'] !== true) {
$ret .= ' <span class="clickprevimage">' . $displayed_message . '</span>';
}
}
} else {
$message = trim(strip_tags($message));
$ret .= '<input type="submit"' . $submit_name . ' ' . implode(' ', $tag_params_strings) . ' value="' . htmlspecialchars($message) . '" />';
}
if ($new_form) {
$ret .= '</form>';
}
}
// end if... else...
return $ret;
}
public function testSendHeaderLocationWithoutSidWithIis()
{
if ($this->runkitExt && $this->apdExt) {
runkit_constant_redefine('PMA_IS_IIS', true);
$testUri = 'http://testurl.com/test.php';
$separator = PMA_get_arg_separator();
$header = 'Refresh: 0; ' . $testUri;
PMA_sendHeaderLocation($testUri); // sets $GLOBALS['header']
$this->assertEquals($header, $GLOBALS['header']);
} else {
$this->markTestSkipped('Cannot redefine constant/function - missing APD or/and runkit extension');
}
}
/**
* Generates text with URL parameters.
*
* <code>
* // OLD (deprecated) style
* // note the ?
* echo 'script.php?' . PMA_generate_common_url('mysql', 'rights');
* // produces with cookies enabled:
* // script.php?db=mysql&table=rights
* // with cookies disabled:
* // script.php?server=1&lang=en&db=mysql&table=rights
*
* // NEW style
* $params['myparam'] = 'myvalue';
* $params['db'] = 'mysql';
* $params['table'] = 'rights';
* // note the missing ?
* echo 'script.php' . PMA_generate_common_url($params);
* // produces with cookies enabled:
* // script.php?myparam=myvalue&db=mysql&table=rights
* // with cookies disabled:
* // script.php?server=1&lang=en&myparam=myvalue&db=mysql&table=rights
*
* // note the missing ?
* echo 'script.php' . PMA_generate_common_url();
* // produces with cookies enabled:
* // script.php
* // with cookies disabled:
* // script.php?server=1&lang=en
* </code>
*
* @param mixed assoc. array with url params or optional string with database name
* if first param is an array there is also an ? prefixed to the url
*
* @param string - if first param is array: 'html' to use htmlspecialchars()
* on the resulting URL (for a normal URL displayed in HTML)
* or something else to avoid using htmlspecialchars() (for
* a URL sent via a header); if not set,'html' is assumed
* - if first param is not array: optional table name
*
* @param string - if first param is array: optional character to
* use instead of '?'
* - if first param is not array: optional character to use
* instead of '&' for dividing URL parameters
*
* @return string string with URL parameters
* @access public
*/
function PMA_generate_common_url()
{
$args = func_get_args();
if (isset($args[0]) && is_array($args[0])) {
// new style
$params = $args[0];
if (isset($args[1])) {
$encode = $args[1];
} else {
$encode = 'html';
}
if (isset($args[2])) {
$questionmark = $args[2];
} else {
$questionmark = '?';
}
} else {
// old style
if (PMA_isValid($args[0])) {
$params['db'] = $args[0];
}
if (PMA_isValid($args[1])) {
$params['table'] = $args[1];
}
if (isset($args[2]) && $args[2] !== '&') {
$encode = 'text';
} else {
$encode = 'html';
}
$questionmark = '';
}
$separator = PMA_get_arg_separator();
// avoid overwriting when creating navi panel links to servers
if (isset($GLOBALS['server']) && $GLOBALS['server'] != $GLOBALS['cfg']['ServerDefault'] && !isset($params['server'])) {
$params['server'] = $GLOBALS['server'];
}
if (empty($_COOKIE['pma_lang']) && !empty($GLOBALS['lang'])) {
$params['lang'] = $GLOBALS['lang'];
}
if (empty($_COOKIE['pma_collation_connection']) && !empty($GLOBALS['collation_connection'])) {
$params['collation_connection'] = $GLOBALS['collation_connection'];
}
if (isset($_SESSION[' PMA_token '])) {
$params['token'] = $_SESSION[' PMA_token '];
}
if (empty($params)) {
return '';
}
$query = $questionmark . http_build_query($params, null, $separator);
if ($encode === 'html') {
$query = htmlspecialchars($query);
}
return $query;
}
$tab_designer['link'] = $tab_designer['link'] . PMA_generate_common_url($url_params);
if (!empty($tab_designer['args'])) {
foreach ($tab_designer['args'] as $param => $value) {
$tab_designer['link'] .= PMA_get_arg_separator('html') . urlencode($param) . '=' . urlencode($value);
}
}
}
if (!empty($tab['fragment'])) {
$tab['link'] .= $tab['fragment'];
}
if (isset($tab_designer['link'])) {
?>
<div id="visual_builder_anchor" class="notice hide">
<span id="footnote_1">
<?php
echo __('Switch to') . ' <a href="' . $tab_designer['link'] . PMA_get_arg_separator('html') . 'query=1">' . __('visual builder') . '</a>';
?>
</span>
</div>
<?php
}
?>
<form action="db_qbe.php" method="post">
<fieldset>
<table class="data" style="width: 100%;">
<tr class="odd noclick">
<th><?php
echo __('Column');
?>
:</th>
<?php
/**
* Displays a link, or a button if the link's URL is too large, to
* accommodate some browsers' limitations
*
* @param string the URL
* @param string the link message
* @param mixed $tag_params string: js confirmation
* array: additional tag params (f.e. style="")
* @param boolean $new_form we set this to false when we are already in
* a form, to avoid generating nested forms
*
* @return string the results to be echoed or saved in an array
*/
function PMA_linkOrButton($url, $message, $tag_params = array(), $new_form = true, $strip_img = false, $target = '')
{
if (!is_array($tag_params)) {
$tmp = $tag_params;
$tag_params = array();
if (!empty($tmp)) {
$tag_params['onclick'] = 'return confirmLink(this, \'' . $tmp . '\')';
}
unset($tmp);
}
if (!empty($target)) {
$tag_params['target'] = htmlentities($target);
}
$tag_params_strings = array();
foreach ($tag_params as $par_name => $par_value) {
// htmlspecialchars() only on non javascript
$par_value = substr($par_name, 0, 2) == 'on' ? $par_value : htmlspecialchars($par_value);
$tag_params_strings[] = $par_name . '="' . $par_value . '"';
}
// previously the limit was set to 2047, it seems 1000 is better
if (strlen($url) <= 1000) {
// no whitespace within an <a> else Safari will make it part of the link
$ret = "\n" . '<a href="' . $url . '" ' . implode(' ', $tag_params_strings) . '>' . $message . '</a>' . "\n";
} else {
// no spaces (linebreaks) at all
// or after the hidden fields
// IE will display them all
// add class=link to submit button
if (empty($tag_params['class'])) {
$tag_params['class'] = 'link';
}
// decode encoded url separators
$separator = PMA_get_arg_separator();
// on most places separator is still hard coded ...
if ($separator !== '&') {
// ... so always replace & with $separator
$url = str_replace(htmlentities('&'), $separator, $url);
$url = str_replace('&', $separator, $url);
}
$url = str_replace(htmlentities($separator), $separator, $url);
// end decode
$url_parts = parse_url($url);
$query_parts = explode($separator, $url_parts['query']);
if ($new_form) {
$ret = '<form action="' . $url_parts['path'] . '" class="link"' . ' method="post"' . $target . ' style="display: inline;">';
$subname_open = '';
$subname_close = '';
$submit_name = '';
} else {
$query_parts[] = 'redirect=' . $url_parts['path'];
if (empty($GLOBALS['subform_counter'])) {
$GLOBALS['subform_counter'] = 0;
}
$GLOBALS['subform_counter']++;
$ret = '';
$subname_open = 'subform[' . $GLOBALS['subform_counter'] . '][';
$subname_close = ']';
$submit_name = ' name="usesubform[' . $GLOBALS['subform_counter'] . ']"';
}
foreach ($query_parts as $query_pair) {
list($eachvar, $eachval) = explode('=', $query_pair);
$ret .= '<input type="hidden" name="' . $subname_open . $eachvar . $subname_close . '" value="' . htmlspecialchars(urldecode($eachval)) . '" />';
}
// end while
if (stristr($message, '<img')) {
if ($strip_img) {
$message = trim(strip_tags($message));
$ret .= '<input type="submit"' . $submit_name . ' ' . implode(' ', $tag_params_strings) . ' value="' . htmlspecialchars($message) . '" />';
} else {
$ret .= '<input type="image"' . $submit_name . ' ' . implode(' ', $tag_params_strings) . ' src="' . preg_replace('/^.*\\ssrc="([^"]*)".*$/si', '\\1', $message) . '"' . ' value="' . htmlspecialchars(preg_replace('/^.*\\salt="([^"]*)".*$/si', '\\1', $message)) . '" />';
}
} else {
$message = trim(strip_tags($message));
$ret .= '<input type="submit"' . $submit_name . ' ' . implode(' ', $tag_params_strings) . ' value="' . htmlspecialchars($message) . '" />';
}
if ($new_form) {
$ret .= '</form>';
}
}
// end if... else...
return $ret;
}
$tab_designer['link'] = $tab_designer['link'] . PMA_generate_common_url($url_params);
if (!empty($tab_designer['args'])) {
foreach ($tab_designer['args'] as $param => $value) {
$tab_designer['link'] .= PMA_get_arg_separator('html') . urlencode($param) . '=' . urlencode($value);
}
}
}
if (!empty($tab['fragment'])) {
$tab['link'] .= $tab['fragment'];
}
if (isset($tab_designer['link'])) {
?>
<div id="visual_builder_anchor" class="notice hide">
<span id="footnote_1">
<?php
printf(__('Switch to %svisual builder%s'), ' <a href="' . $tab_designer['link'] . PMA_get_arg_separator('html') . 'query=1">', '</a>');
?>
</span>
</div>
<?php
}
?>
<form action="db_qbe.php" method="post">
<fieldset>
<table class="data" style="width: 100%;">
<tr class="odd noclick">
<th><?php
echo __('Column');
?>
:</th>
<?php
/**
* Processes forms registered in $form_display, handles error correction
*
* @param FormDisplay $form_display
*
* @return void
*/
function process_formset(FormDisplay $form_display)
{
if (isset($_GET['mode']) && $_GET['mode'] == 'revert') {
// revert erroneous fields to their default values
$form_display->fixErrors();
// drop post data
header('HTTP/1.1 303 See Other');
header('Location: index.php');
exit;
}
if (!$form_display->process(false)) {
// handle form view and failed POST
$form_display->display(true, true);
} else {
// check for form errors
if ($form_display->hasErrors()) {
// form has errors, show warning
$separator = PMA_get_arg_separator('html');
$page = isset($_GET['page']) ? $_GET['page'] : null;
$formset = isset($_GET['formset']) ? $_GET['formset'] : null;
$formset = $formset ? "{$separator}formset={$formset}" : '';
$id = PMA_isValid($_GET['id'], 'numeric') ? $_GET['id'] : null;
if ($id === null && $page == 'servers') {
// we've just added a new server, get it's id
$id = ConfigFile::getInstance()->getServerCount();
}
$id = $id ? "{$separator}id={$id}" : '';
?>
<div class="error">
<h4><?php
echo __('Warning');
?>
</h4>
<?php
echo __('Submitted form contains errors');
?>
<br />
<a href="?page=<?php
echo $page . $formset . $id . $separator . PMA_generate_common_url() . $separator;
?>
mode=revert"><?php
echo __('Try to revert erroneous fields to their default values');
?>
</a>
</div>
<?php
$form_display->displayErrors();
?>
<a class="btn" href="index.php?<?php
echo PMA_generate_common_url();
?>
"><?php
echo __('Ignore errors');
?>
</a>
<a class="btn" href="?page=<?php
echo $page . $formset . $id . $separator . PMA_generate_common_url() . $separator;
?>
mode=edit"><?php
echo __('Show form');
?>
</a>
<?php
} else {
// drop post data
header('HTTP/1.1 303 See Other');
header('Location: index.php');
exit;
}
}
}
public function testDefault()
{
$GLOBALS['server'] = 'x';
$GLOBALS['lang'] = 'x';
$GLOBALS['collation_connection'] = 'x';
$_SESSION[' PMA_token '] = 'x';
$GLOBALS['cfg']['ServerDefault'] = 'y';
$separator = PMA_get_arg_separator();
$expected = 'server=x' . htmlentities($separator) . 'lang=x' . htmlentities($separator) . 'collation_connection=x' . htmlentities($separator) . 'token=x';
$this->assertEquals($expected, PMA_generate_common_url());
}
