/**
 * get all the export options and verify
 * call and include the appropriate Schema Class depending on $export_type
 *
 * @param string $export_type format of the export
 *
 * @return void
 */
function PMA_processExportSchema($export_type)
{
    /**
     * default is PDF, otherwise validate it's only letters a-z
     */
    if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) {
        $export_type = 'pdf';
    }
    // sanitize this parameter which will be used below in a file inclusion
    $export_type = PMA_securePath($export_type);
    // get the specific plugin
    $export_plugin = PMA_getPlugin("schema", $export_type, 'libraries/plugins/schema/');
    // Check schema export type
    if (!isset($export_plugin)) {
        PMA_fatalError(__('Bad type!'));
    }
    $GLOBALS['dbi']->selectDb($GLOBALS['db']);
    $export_plugin->exportSchema($GLOBALS['db']);
}
Example #2
0
    $err_url = 'server_export.php?' . PMA_generate_common_url();
} elseif ($export_type == 'database' && strlen($db)) {
    $err_url = 'db_export.php?' . PMA_generate_common_url($db);
    // Check if we have something to export
    if (isset($table_select)) {
        $tables = $table_select;
    } else {
        $tables = array();
    }
} elseif ($export_type == 'table' && strlen($db) && strlen($table)) {
    $err_url = 'tbl_export.php?' . PMA_generate_common_url($db, $table);
} else {
    die('Bad parameters!');
}
// Get the functions specific to the export type
require './libraries/export/' . PMA_securePath($type) . '.php';
/**
 * Increase time limit for script execution and initializes some variables
 */
@set_time_limit($cfg['ExecTimeLimit']);
if (!empty($cfg['MemoryLimit'])) {
    @ini_set('memory_limit', $cfg['MemoryLimit']);
}
// Start with empty buffer
$dump_buffer = '';
$dump_buffer_len = 0;
// We send fake headers to avoid browser timeout when buffering
$time_start = time();
/**
 * Output handler for all exports, if needed buffering, it stores data into
 * $dump_buffer, otherwise it prints thems out.
    /**
     *
     * @access  public
     * @uses    $GLOBALS['strFileCouldNotBeRead']
     * @uses    PMA_File::setName()
     * @uses    PMA_securePath()
     * @uses    PMA_userDir()
     * @uses    $GLOBALS['cfg']['UploadDir']
     * @param   string  $name
     * @return  boolean success
     */
    function setLocalSelectedFile($name)
    {
        if (empty($GLOBALS['cfg']['UploadDir'])) return false;

        $this->setName(PMA_userDir($GLOBALS['cfg']['UploadDir']) . PMA_securePath($name));
        if (! $this->isReadable()) {
            $this->_error_message = $GLOBALS['strFileCouldNotBeRead'];
            $this->setName(null);
            return false;
        }

        return true;
    }
Example #4
0
 }
 /**
  * Sets globals from $_POST
  *
  * - Please keep the parameters in order of their appearance in the form
  * - Some of these parameters are not used, as the code below directly
  *   verifies from the superglobal $_POST or $_REQUEST
  */
 $post_params = array('db', 'table', 'single_table', 'export_type', 'export_method', 'quick_or_custom', 'db_select', 'table_select', 'limit_to', 'limit_from', 'allrows', 'output_format', 'filename_template', 'maxsize', 'remember_template', 'charset_of_file', 'compression', 'what', 'knjenc', 'xkana', 'htmlword_structure_or_data', 'htmlword_null', 'htmlword_columns', 'mediawiki_headers', 'mediawiki_structure_or_data', 'mediawiki_caption', 'pdf_structure_or_data', 'odt_structure_or_data', 'odt_relation', 'odt_comments', 'odt_mime', 'odt_columns', 'odt_null', 'codegen_structure_or_data', 'codegen_format', 'excel_null', 'excel_removeCRLF', 'excel_columns', 'excel_edition', 'excel_structure_or_data', 'yaml_structure_or_data', 'ods_null', 'ods_structure_or_data', 'ods_columns', 'json_structure_or_data', 'xml_structure_or_data', 'xml_export_events', 'xml_export_functions', 'xml_export_procedures', 'xml_export_tables', 'xml_export_triggers', 'xml_export_views', 'xml_export_contents', 'texytext_structure_or_data', 'texytext_columns', 'texytext_null', 'phparray_structure_or_data', 'sql_include_comments', 'sql_header_comment', 'sql_dates', 'sql_relation', 'sql_mime', 'sql_use_transaction', 'sql_disable_fk', 'sql_compatibility', 'sql_structure_or_data', 'sql_create_database', 'sql_drop_table', 'sql_procedure_function', 'sql_create_table_statements', 'sql_create_table', 'sql_create_view', 'sql_create_trigger', 'sql_if_not_exists', 'sql_auto_increment', 'sql_backquotes', 'sql_truncate', 'sql_delayed', 'sql_ignore', 'sql_type', 'sql_insert_syntax', 'sql_max_query_size', 'sql_hex_for_binary', 'sql_utc_time', 'sql_drop_database', 'sql_views_as_tables', 'csv_separator', 'csv_enclosed', 'csv_escaped', 'csv_terminated', 'csv_null', 'csv_removeCRLF', 'csv_columns', 'csv_structure_or_data', 'latex_caption', 'latex_structure_or_data', 'latex_structure_caption', 'latex_structure_continued_caption', 'latex_structure_label', 'latex_relation', 'latex_comments', 'latex_mime', 'latex_columns', 'latex_data_caption', 'latex_data_continued_caption', 'latex_data_label', 'latex_null');
 foreach ($post_params as $one_post_param) {
     if (isset($_POST[$one_post_param])) {
         $GLOBALS[$one_post_param] = $_POST[$one_post_param];
     }
 }
 // sanitize this parameter which will be used below in a file inclusion
 $what = PMA_securePath($what);
 PMA_Util::checkParameters(array('what', 'export_type'));
 // export class instance, not array of properties, as before
 $export_plugin = PMA_getPlugin("export", $what, 'libraries/plugins/export/', array('export_type' => $export_type, 'single_table' => isset($single_table)));
 // Backward compatibility
 $type = $what;
 // Check export type
 if (!isset($export_plugin)) {
     PMA_fatalError(__('Bad type!'));
 }
 /**
  * valid compression methods
  */
 $compression_methods = array('zip', 'gzip');
 /**
  * init and variable checking
Example #5
0
        $message->addMessage(')');
    }

    if ($GLOBALS['is_ajax_request'] == true) {
        if ($cfg['ShowSQL']) {
            $extra_data['sql_query'] = PMA_showMessage($message, $GLOBALS['sql_query'], 'success');
        }
        if (isset($GLOBALS['reload']) && $GLOBALS['reload'] == 1) {
            $extra_data['reload'] = 1;
            $extra_data['db'] = $GLOBALS['db'];
        }
        PMA_ajaxResponse($message, $message->isSuccess(), (isset($extra_data) ? $extra_data : ''));
    }

    if ($is_gotofile) {
        $goto = PMA_securePath($goto);
        // Checks for a valid target script
        $is_db = $is_table = false;
        if (isset($_REQUEST['purge']) && $_REQUEST['purge'] == '1') {
            $table = '';
            unset($url_params['table']);
        }
        include 'libraries/db_table_exists.lib.php';

        if (strpos($goto, 'tbl_') === 0 && ! $is_table) {
            if (strlen($table)) {
                $table = '';
            }
            $goto = 'db_sql.php';
        }
        if (strpos($goto, 'db_') === 0 && ! $is_db) {
Example #6
0
                $ThemeDefaultOk = TRUE;
            }
        }
    }
    if ($ThemeDefaultOk == TRUE) {
        $GLOBALS['theme'] = $cfg['ThemeDefault'];
    } else {
        $GLOBALS['theme'] = 'original';
    }
} else {
    // if we just changed theme, we must take the new one so that
    // index.php takes the correct one for height computing
    if (isset($_POST['set_theme'])) {
        $GLOBALS['theme'] = PMA_securePath($_POST['set_theme']);
    } else {
        $GLOBALS['theme'] = PMA_securePath($_COOKIE[$theme_cookie_name]);
    }
}
// check for theme requires/name
unset($theme_name, $theme_generation, $theme_version);
@(include $cfg['ThemePath'] . '/' . $GLOBALS['theme'] . '/info.inc.php');
// did it set correctly?
if (!isset($theme_name, $theme_generation, $theme_version)) {
    $GLOBALS['theme'] = 'original';
    // invalid theme
} elseif ($theme_generation != PMA_THEME_GENERATION) {
    $GLOBALS['theme'] = 'original';
    // different generation
} elseif ($theme_version < PMA_THEME_VERSION) {
    $GLOBALS['theme'] = 'original';
    // too old version
Example #7
0
    PMA_DBI_free_result($result);
    unset($result);
}
if ($total_affected_rows != 0) {
    $message .= $total_affected_rows;
} else {
    $message .= $strModifications;
}
$message .= $last_message;
if (!empty($warning_message)) {
    // TODO: use a <div class="warning"> in PMA_showMessage()
    // for this part of the message
    $message .= '[br]' . $warning_message;
}
if ($is_gotofile) {
    if ($goto == 'db_details.php' && isset($table)) {
        unset($table);
    }
    $js_to_run = 'functions.js';
    $active_page = $goto;
    require_once './libraries/header.inc.php';
    require './' . PMA_securePath($goto);
} else {
    // if we have seen binary,
    // we do not append the query to the Location so it won't be displayed
    // on the resulting page
    // Nijel: we also need to limit size of url...
    $add_query = !$seen_binary && strlen($sql_query) < 1024 ? '&disp_query=' . urlencode($sql_query) : '';
    PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $goto . '&disp_message=' . urlencode($message) . $add_query);
}
exit;
Example #8
0
// Calculate value of the limit
if (strtolower(substr($memory_limit, -1)) == 'm') {
    $memory_limit = (int) substr($memory_limit, 0, -1) * 1024 * 1024;
} elseif (strtolower(substr($memory_limit, -1)) == 'k') {
    $memory_limit = (int) substr($memory_limit, 0, -1) * 1024;
} elseif (strtolower(substr($memory_limit, -1)) == 'g') {
    $memory_limit = (int) substr($memory_limit, 0, -1) * 1024 * 1024 * 1024;
} else {
    $memory_limit = (int) $memory_limit;
}
$read_limit = $memory_limit / 8;
// Just to be sure, there might be lot of memory needed for uncompression
// handle filenames
if (!empty($local_import_file) && !empty($cfg['UploadDir'])) {
    // sanitize $local_import_file as it comes from a POST
    $local_import_file = PMA_securePath($local_import_file);
    $import_file = PMA_userDir($cfg['UploadDir']) . $local_import_file;
} elseif (empty($import_file) || !is_uploaded_file($import_file)) {
    $import_file = 'none';
}
// Do we have file to import?
if ($import_file != 'none' && !$error) {
    // work around open_basedir and other limitations
    $open_basedir = @ini_get('open_basedir');
    // If we are on a server with open_basedir, we must move the file
    // before opening it. The doc explains how to create the "./tmp"
    // directory
    if (!empty($open_basedir)) {
        $tmp_subdir = PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/';
        if (is_writable($tmp_subdir)) {
            $import_file_new = $tmp_subdir . basename($import_file);
Example #9
0
         if (!empty($_ENV) && isset($_ENV['DOCUMENT_ROOT'])) {
             $DOCUMENT_ROOT = $_ENV['DOCUMENT_ROOT'];
         } else {
             if (@getenv('DOCUMENT_ROOT')) {
                 $DOCUMENT_ROOT = getenv('DOCUMENT_ROOT');
             } else {
                 $DOCUMENT_ROOT = '.';
             }
         }
     }
 }
 // end if
 if (substr($cfg['UploadDir'], -1) != '/') {
     $cfg['UploadDir'] .= '/';
 }
 $textfile = $DOCUMENT_ROOT . dirname($PHP_SELF) . '/' . preg_replace('@^./@s', '', $cfg['UploadDir']) . PMA_securePath($local_textfile);
 if (file_exists($textfile)) {
     $open_basedir = @ini_get('open_basedir');
     // If we are on a server with open_basedir, we must move the file
     // before opening it. The doc explains how to create the "./tmp"
     // directory
     if (!empty($open_basedir)) {
         $tmp_subdir = PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/';
         // function is_writeable() is valid on PHP3 and 4
         if (!is_writeable($tmp_subdir)) {
             echo $strWebServerUploadDirectoryError . ': ' . $tmp_subdir . '<br />';
             exit;
         } else {
             $textfile_new = $tmp_subdir . basename($textfile);
             move_uploaded_file($textfile, $textfile_new);
             $textfile = $textfile_new;
             $docsql_text = PMA_readFile($sql_file, $sql_file_compression);
         }
         // Convert the file's charset if necessary
         if ($cfg['AllowAnywhereRecoding'] && $allow_recoding && isset($charset_of_file) && $charset_of_file != $charset) {
             $docsql_text = PMA_convert_string($charset_of_file, $charset, $docsql_text);
         }
         if (!isset($docsql_text) || $docsql_text == FALSE || $docsql_text == '') {
             echo '<p><font color="red">' . $GLOBALS['strFileCouldNotBeRead'] . '</font></p>' . "\n";
         } else {
             docsql_check('', $sql_file_name, $sql_file_name, $docsql_text);
         }
     }
     // end uploaded file stuff
 } else {
     // echo '<h1>Starting Import</h1>';
     $docpath = $cfg['docSQLDir'] . PMA_securePath($docpath);
     if (substr($docpath, -1) != '/') {
         $docpath .= '/';
     }
     $matched_files = 0;
     if (is_dir($docpath)) {
         // Do the work
         $handle = opendir($docpath);
         while ($file = @readdir($handle)) {
             $filename = basename($file);
             // echo '<p>Working on file ' . $filename . '</p>';
             $matched_files += docsql_check($docpath, $file, $filename);
         }
         // end while
     } else {
         echo '<p><font color="red">' . $docpath . ': ' . $strThisNotDirectory . "</font></p>\n";
 /**
  * get all the export options and verify
  * call and include the appropriate Schema Class depending on $export_type
  *
  * @return void
  * @access private
  */
 private function _processExportSchema()
 {
     /**
      * Settings for relation stuff
      */
     include_once './libraries/transformations.lib.php';
     include_once './libraries/Index.class.php';
     /**
      * default is PDF, otherwise validate it's only letters a-z
      */
     global $db, $export_type;
     if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) {
         $export_type = 'pdf';
     }
     $GLOBALS['dbi']->selectDb($db);
     $path = PMA_securePath(ucfirst($export_type));
     $filename = 'libraries/schema/' . $path . '_Relation_Schema.class.php';
     if (!file_exists($filename)) {
         PMA_Export_Relation_Schema::dieSchema($_POST['chpage'], $export_type, __('File doesn\'t exist'));
     }
     $GLOBALS['skip_import'] = false;
     include $filename;
     if ($GLOBALS['skip_import']) {
         PMA_Export_Relation_Schema::dieSchema($_POST['chpage'], $export_type, __('Plugin is disabled'));
     }
     $class_name = 'PMA_' . $path . '_Relation_Schema';
     $obj_schema = new $class_name();
     $obj_schema->showOutput();
 }
Example #12
0
/**
 * Defines the url to return to in case of error in a sql statement
 */
if (!isset($goto) || !preg_match('@^(db_details|tbl_properties)(_[a-z]*)?\\.php$@i', $goto)) {
    $goto = 'db_details.php';
}
$err_url = $goto . '?' . PMA_generate_common_url($db) . (preg_match('@^tbl_properties(_[a-z]*)?\\.php$@', $goto) ? '&amp;table=' . urlencode($table) : '');
/**
 * Set up default values for some variables
 */
$view_bookmark = 0;
$sql_bookmark = isset($sql_bookmark) ? $sql_bookmark : '';
$sql_query = isset($sql_query) ? $sql_query : '';
if (!empty($sql_localfile) && !empty($cfg['UploadDir'])) {
    // sanitize $sql_localfile as it comes from a POST
    $sql_localfile = PMA_securePath($sql_localfile);
    if (substr($cfg['UploadDir'], -1) != '/') {
        $cfg['UploadDir'] .= '/';
    }
    $sql_file = $cfg['UploadDir'] . $sql_localfile;
} else {
    if (empty($sql_file)) {
        $sql_file = 'none';
    }
}
/**
 * Bookmark Support: get a query back from bookmark if required
 */
if (!empty($id_bookmark)) {
    require_once './libraries/bookmark.lib.php';
    switch ($action_bookmark) {
/**
 * Gets some core libraries
 */
require_once './libraries/common.inc.php';
require './libraries/StorageEngine.class.php';
/**
 * Include settings for relation stuff
 * get all variables needed for exporting relational schema
 * in $cfgRelation
 */
require_once './libraries/relation.lib.php';
$cfgRelation = PMA_getRelationsParam();
require_once './libraries/transformations.lib.php';
require_once './libraries/Index.class.php';
require_once "./libraries/schema/Export_Relation_Schema.class.php";
/**
 * get all the export options and verify
 * call and include the appropriate Schema Class depending on $export_type
 * default is PDF
 */
global $db, $export_type;
if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) {
    $export_type = 'pdf';
}
PMA_DBI_select_db($db);
$path = PMA_securePath(ucfirst($export_type));
if (!file_exists('./libraries/schema/' . $path . '_Relation_Schema.class.php')) {
    PMA_Export_Relation_Schema::dieSchema($_POST['chpage'], $export_type, __('File doesn\'t exist'));
}
require "./libraries/schema/" . $path . "_Relation_Schema.class.php";
$obj_schema = eval("new PMA_" . $path . "_Relation_Schema();");
 /**
  * Test for replacing dots.
  *
  * @return void
  */
 public function testReplaceDots()
 {
     $this->assertEquals(PMA_securePath('../../../etc/passwd'), './././etc/passwd');
     $this->assertEquals(PMA_securePath('/var/www/../phpmyadmin'), '/var/www/./phpmyadmin');
     $this->assertEquals(PMA_securePath('./path/with..dots/../../file..php'), './path/with.dots/././file.php');
 }
$message .= $total_affected_rows . $last_message;
if (!empty($warning_message)) {
    /**
     * @todo use a <div class="warning"> in PMA_showMessage() for this part of
     * the message
     */
    $message .= '[br]' . $warning_message;
}
unset($warning_message, $total_affected_rows, $last_message);
if (isset($return_to_sql_query)) {
    $disp_query = $GLOBALS['sql_query'];
    $disp_message = $message;
    unset($message);
    $GLOBALS['sql_query'] = $return_to_sql_query;
}
// if user asked to "Insert another new row", we need tbl_change.js
// otherwise the calendar icon does not work
if ($goto_include == 'tbl_change.php') {
    /**
     * @todo if we really need to run many different js at header time,
     * $js_to_run would become an array and header.inc.php would iterate
     * thru it, instead of the bunch of if/elseif it does now
     */
    $js_to_run = 'tbl_change.js';
} else {
    $js_to_run = 'functions.js';
}
$active_page = $goto_include;
require_once './libraries/header.inc.php';
require './' . PMA_securePath($goto_include);
exit;
Example #16
0
 /**
  * Sets globals from $_POST
  *
  * - Please keep the parameters in order of their appearance in the form
  * - Some of these parameters are not used, as the code below directly
  *   verifies from the superglobal $_POST or $_REQUEST
  */
 $post_params = array('db', 'table', 'single_table', 'export_type', 'export_method', 'quick_or_custom', 'db_select', 'table_select', 'table_structure', 'table_data', 'limit_to', 'limit_from', 'allrows', 'lock_tables', 'output_format', 'filename_template', 'maxsize', 'remember_template', 'charset', 'compression', 'as_separate_files', 'knjenc', 'xkana', 'htmlword_structure_or_data', 'htmlword_null', 'htmlword_columns', 'mediawiki_headers', 'mediawiki_structure_or_data', 'mediawiki_caption', 'pdf_structure_or_data', 'odt_structure_or_data', 'odt_relation', 'odt_comments', 'odt_mime', 'odt_columns', 'odt_null', 'codegen_structure_or_data', 'codegen_format', 'excel_null', 'excel_removeCRLF', 'excel_columns', 'excel_edition', 'excel_structure_or_data', 'yaml_structure_or_data', 'ods_null', 'ods_structure_or_data', 'ods_columns', 'json_structure_or_data', 'json_pretty_print', 'xml_structure_or_data', 'xml_export_events', 'xml_export_functions', 'xml_export_procedures', 'xml_export_tables', 'xml_export_triggers', 'xml_export_views', 'xml_export_contents', 'texytext_structure_or_data', 'texytext_columns', 'texytext_null', 'phparray_structure_or_data', 'sql_include_comments', 'sql_header_comment', 'sql_dates', 'sql_relation', 'sql_mime', 'sql_use_transaction', 'sql_disable_fk', 'sql_compatibility', 'sql_structure_or_data', 'sql_create_database', 'sql_drop_table', 'sql_procedure_function', 'sql_create_table_statements', 'sql_create_table', 'sql_create_view', 'sql_create_trigger', 'sql_if_not_exists', 'sql_auto_increment', 'sql_backquotes', 'sql_truncate', 'sql_delayed', 'sql_ignore', 'sql_type', 'sql_insert_syntax', 'sql_max_query_size', 'sql_hex_for_binary', 'sql_utc_time', 'sql_drop_database', 'sql_views_as_tables', 'sql_metadata', 'csv_separator', 'csv_enclosed', 'csv_escaped', 'csv_terminated', 'csv_null', 'csv_removeCRLF', 'csv_columns', 'csv_structure_or_data', 'latex_caption', 'latex_structure_or_data', 'latex_structure_caption', 'latex_structure_continued_caption', 'latex_structure_label', 'latex_relation', 'latex_comments', 'latex_mime', 'latex_columns', 'latex_data_caption', 'latex_data_continued_caption', 'latex_data_label', 'latex_null', 'aliases');
 foreach ($post_params as $one_post_param) {
     if (isset($_POST[$one_post_param])) {
         $GLOBALS[$one_post_param] = $_POST[$one_post_param];
     }
 }
 $table = $GLOBALS['table'];
 // sanitize this parameter which will be used below in a file inclusion
 $what = PMA_securePath($_POST['what']);
 PMA_Util::checkParameters(array('what', 'export_type'));
 // export class instance, not array of properties, as before
 /* @var $export_plugin ExportPlugin */
 $export_plugin = PMA_getPlugin("export", $what, 'libraries/plugins/export/', array('export_type' => $export_type, 'single_table' => isset($single_table)));
 // Backward compatibility
 $type = $what;
 // Check export type
 if (!isset($export_plugin)) {
     PMA_fatalError(__('Bad type!'));
 }
 // Avoid warning from PHP Analyzer
 if (is_null($export_plugin)) {
     $export_plugin = new stdClass();
 }
 /**
Example #17
0
 /**
  * Sets named file to be read from UploadDir.
  *
  * @param string $name file name
  *
  * @return boolean success
  * @access  public
  */
 public function setLocalSelectedFile($name)
 {
     if (empty($GLOBALS['cfg']['UploadDir'])) {
         return false;
     }
     $this->setName(PMA_Util::userDir($GLOBALS['cfg']['UploadDir']) . PMA_securePath($name));
     if (!$this->isReadable()) {
         $this->_error_message = __('File could not be read!');
         $this->setName(null);
         return false;
     }
     return true;
 }
Example #18
0
    /**
     * replaces %u in given path with current user name
     *
     * example:
     * <code>
     * $user_dir = userDir('/var/pma_tmp/%u/'); // '/var/pma_tmp/root/'
     *
     * </code>
     *
     * @param string $dir with wildcard for user
     *
     * @return string  per user directory
     */
    public static function userDir($dir)
    {
        // add trailing slash
        if (mb_substr($dir, -1) != '/') {
            $dir .= '/';
        }

        return str_replace('%u', PMA_securePath($GLOBALS['cfg']['Server']['user']), $dir);
    }
Example #19
0
                $ThemeDefaultOk = TRUE;
            }
        }
    }
    if ($ThemeDefaultOk == TRUE) {
        $GLOBALS['theme'] = $cfg['ThemeDefault'];
    } else {
        $GLOBALS['theme'] = 'original';
    }
} else {
    // if we just changed theme, we must take the new one so that
    // index.php takes the correct one for height computing
    if (isset($_POST['set_theme'])) {
        $GLOBALS['theme'] = PMA_securePath($_POST['set_theme']);
    } else {
        $GLOBALS['theme'] = PMA_securePath($_COOKIE['pma_theme']);
    }
}
// check for theme requires/name
unset($theme_name, $theme_generation, $theme_version);
@(include $cfg['ThemePath'] . '/' . $GLOBALS['theme'] . '/info.inc.php');
// did it set correctly?
if (!isset($theme_name, $theme_generation, $theme_version)) {
    $GLOBALS['theme'] = 'original';
}
// invalid theme
if ($theme_generation != PMA_THEME_GENERATION) {
    $GLOBALS['theme'] = 'original';
}
// different generation
if ($theme_version < PMA_THEME_VERSION) {
Example #20
0
/**
 * Displays the body of the results table
 *
 * @uses    $_SESSION['tmp_user_values']['disp_direction']
 * @uses    $_SESSION['tmp_user_values']['repeat_cells']
 * @uses    $_SESSION['tmp_user_values']['max_rows']
 * @uses    $_SESSION['tmp_user_values']['display_text']
 * @uses    $_SESSION['tmp_user_values']['display_binary']
 * @uses    $_SESSION['tmp_user_values']['display_binary_as_hex']
 * @uses    $_SESSION['tmp_user_values']['display_blob']
 * @param   integer  the link id associated to the query which results have
 *                   to be displayed
 * @param   array    which elements to display
 * @param   array    the list of relations
 * @param   array    the analyzed query
 *
 * @return  boolean  always true
 *
 * @global  string   $db                the database name
 * @global  string   $table             the table name
 * @global  string   $goto              the URL to go back in case of errors
 * @global  string   $sql_query         the SQL query
 * @global  array    $fields_meta       the list of fields properties
 * @global  integer  $fields_cnt        the total number of fields returned by
 *                                      the SQL query
 * @global  array    $vertical_display  informations used with vertical display
 *                                      mode
 * @global  array    $highlight_columns column names to highlight
 * @global  array    $row               current row data
 *
 * @access  private
 *
 * @see     PMA_displayTable()
 */
function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql)
{
    global $db, $table, $goto;
    global $sql_query, $fields_meta, $fields_cnt;
    global $vertical_display, $highlight_columns;
    global $row;
    // mostly because of browser transformations, to make the row-data accessible in a plugin
    $url_sql_query = $sql_query;
    // query without conditions to shorten URLs when needed, 200 is just
    // guess, it should depend on remaining URL length
    if (isset($analyzed_sql) && isset($analyzed_sql[0]) && isset($analyzed_sql[0]['querytype']) && $analyzed_sql[0]['querytype'] == 'SELECT' && strlen($sql_query) > 200) {
        $url_sql_query = 'SELECT ';
        if (isset($analyzed_sql[0]['queryflags']['distinct'])) {
            $url_sql_query .= ' DISTINCT ';
        }
        $url_sql_query .= $analyzed_sql[0]['select_expr_clause'];
        if (!empty($analyzed_sql[0]['from_clause'])) {
            $url_sql_query .= ' FROM ' . $analyzed_sql[0]['from_clause'];
        }
    }
    if (!is_array($map)) {
        $map = array();
    }
    $row_no = 0;
    $vertical_display['edit'] = array();
    $vertical_display['copy'] = array();
    $vertical_display['delete'] = array();
    $vertical_display['data'] = array();
    $vertical_display['row_delete'] = array();
    // name of the class added to all inline editable elements
    $inline_edit_class = 'inline_edit';
    // Correction University of Virginia 19991216 in the while below
    // Previous code assumed that all tables have keys, specifically that
    // the phpMyAdmin GUI should support row delete/edit only for such
    // tables.
    // Although always using keys is arguably the prescribed way of
    // defining a relational table, it is not required. This will in
    // particular be violated by the novice.
    // We want to encourage phpMyAdmin usage by such novices. So the code
    // below has been changed to conditionally work as before when the
    // table being displayed has one or more keys; but to display
    // delete/edit options correctly for tables without keys.
    $odd_row = true;
    while ($row = PMA_DBI_fetch_row($dt_result)) {
        // "vertical display" mode stuff
        if ($row_no != 0 && $_SESSION['tmp_user_values']['repeat_cells'] != 0 && !($row_no % $_SESSION['tmp_user_values']['repeat_cells']) && ($_SESSION['tmp_user_values']['disp_direction'] == 'horizontal' || $_SESSION['tmp_user_values']['disp_direction'] == 'horizontalflipped')) {
            echo '<tr>' . "\n";
            if ($vertical_display['emptypre'] > 0) {
                echo '    <th colspan="' . $vertical_display['emptypre'] . '">' . "\n" . '        &nbsp;</th>' . "\n";
            }
            foreach ($vertical_display['desc'] as $val) {
                echo $val;
            }
            if ($vertical_display['emptyafter'] > 0) {
                echo '    <th colspan="' . $vertical_display['emptyafter'] . '">' . "\n" . '        &nbsp;</th>' . "\n";
            }
            echo '</tr>' . "\n";
        }
        // end if
        $alternating_color_class = $odd_row ? 'odd' : 'even';
        $odd_row = !$odd_row;
        if ($_SESSION['tmp_user_values']['disp_direction'] == 'horizontal' || $_SESSION['tmp_user_values']['disp_direction'] == 'horizontalflipped') {
            // pointer code part
            echo '<tr class="' . $alternating_color_class . '">';
        }
        // 1. Prepares the row
        // 1.1 Results from a "SELECT" statement -> builds the
        //     WHERE clause to use in links (a unique key if possible)
        /**
         * @todo $where_clause could be empty, for example a table
         *       with only one field and it's a BLOB; in this case,
         *       avoid to display the delete and edit links
         */
        list($where_clause, $clause_is_unique) = PMA_getUniqueCondition($dt_result, $fields_cnt, $fields_meta, $row);
        $where_clause_html = urlencode($where_clause);
        // 1.2 Defines the URLs for the modify/delete link(s)
        if ($is_display['edit_lnk'] != 'nn' || $is_display['del_lnk'] != 'nn') {
            // We need to copy the value or else the == 'both' check will always return true
            if ($GLOBALS['cfg']['PropertiesIconic'] === 'both') {
                $iconic_spacer = '<div class="nowrap">';
            } else {
                $iconic_spacer = '';
            }
            // 1.2.1 Modify link(s)
            if ($is_display['edit_lnk'] == 'ur') {
                // update row case
                $_url_params = array('db' => $db, 'table' => $table, 'where_clause' => $where_clause, 'clause_is_unique' => $clause_is_unique, 'sql_query' => $url_sql_query, 'goto' => 'sql.php');
                $edit_url = 'tbl_change.php' . PMA_generate_common_url($_url_params + array('default_action' => 'update'));
                $copy_url = 'tbl_change.php' . PMA_generate_common_url($_url_params + array('default_action' => 'insert'));
                $edit_str = PMA_getIcon('b_edit.png', __('Edit'), true);
                $copy_str = PMA_getIcon('b_insrow.png', __('Copy'), true);
                // Class definitions required for inline editing jQuery scripts
                $edit_anchor_class = "edit_row_anchor";
                if ($clause_is_unique == 0) {
                    $edit_anchor_class .= ' nonunique';
                }
            }
            // end if (1.2.1)
            // 1.2.2 Delete/Kill link(s)
            if ($is_display['del_lnk'] == 'dr') {
                // delete row case
                $_url_params = array('db' => $db, 'table' => $table, 'sql_query' => $url_sql_query, 'message_to_show' => __('The row has been deleted'), 'goto' => empty($goto) ? 'tbl_sql.php' : $goto);
                $lnk_goto = 'sql.php' . PMA_generate_common_url($_url_params, 'text');
                $del_query = 'DELETE FROM ' . PMA_backquote($db) . '.' . PMA_backquote($table) . ' WHERE ' . $where_clause . ($clause_is_unique ? '' : ' LIMIT 1');
                $_url_params = array('db' => $db, 'table' => $table, 'sql_query' => $del_query, 'message_to_show' => __('The row has been deleted'), 'goto' => $lnk_goto);
                $del_url = 'sql.php' . PMA_generate_common_url($_url_params);
                $js_conf = 'DELETE FROM ' . PMA_jsFormat($db) . '.' . PMA_jsFormat($table) . ' WHERE ' . PMA_jsFormat($where_clause, false) . ($clause_is_unique ? '' : ' LIMIT 1');
                $del_str = PMA_getIcon('b_drop.png', __('Delete'), true);
            } elseif ($is_display['del_lnk'] == 'kp') {
                // kill process case
                $_url_params = array('db' => $db, 'table' => $table, 'sql_query' => $url_sql_query, 'goto' => 'main.php');
                $lnk_goto = 'sql.php' . PMA_generate_common_url($_url_params, 'text');
                $_url_params = array('db' => 'mysql', 'sql_query' => 'KILL ' . $row[0], 'goto' => $lnk_goto);
                $del_url = 'sql.php' . PMA_generate_common_url($_url_params);
                $del_query = 'KILL ' . $row[0];
                $js_conf = 'KILL ' . $row[0];
                $del_str = PMA_getIcon('b_drop.png', __('Kill'), true);
            }
            // end if (1.2.2)
            // 1.3 Displays the links at left if required
            if ($GLOBALS['cfg']['ModifyDeleteAtLeft'] && ($_SESSION['tmp_user_values']['disp_direction'] == 'horizontal' || $_SESSION['tmp_user_values']['disp_direction'] == 'horizontalflipped')) {
                if (!isset($js_conf)) {
                    $js_conf = '';
                }
                echo PMA_generateCheckboxAndLinks('left', $del_url, $is_display, $row_no, $where_clause, $where_clause_html, $del_query, 'l', $edit_url, $copy_url, $edit_anchor_class, $edit_str, $copy_str, $del_str, $js_conf);
            }
            // end if (1.3)
        }
        // end if (1)
        // 2. Displays the rows' values
        for ($i = 0; $i < $fields_cnt; ++$i) {
            $meta = $fields_meta[$i];
            $not_null_class = $meta->not_null ? 'not_null' : '';
            $relation_class = isset($map[$meta->name]) ? 'relation' : '';
            $pointer = $i;
            $is_field_truncated = false;
            //If the previous column had blob data, we need to reset the class
            // to $inline_edit_class
            $class = 'data ' . $inline_edit_class . ' ' . $not_null_class . ' ' . $alternating_color_class . ' ' . $relation_class;
            //  See if this column should get highlight because it's used in the
            //  where-query.
            if (isset($highlight_columns) && (isset($highlight_columns[$meta->name]) || isset($highlight_columns[PMA_backquote($meta->name)]))) {
                $condition_field = true;
            } else {
                $condition_field = false;
            }
            if ($_SESSION['tmp_user_values']['disp_direction'] == 'vertical' && (!isset($GLOBALS['printview']) || $GLOBALS['printview'] != '1')) {
                // the row number corresponds to a data row, not HTML table row
                $class .= ' row_' . $row_no;
                if ($GLOBALS['cfg']['BrowsePointerEnable'] == true) {
                    $class .= ' vpointer';
                }
                if ($GLOBALS['cfg']['BrowseMarkerEnable'] == true) {
                    $class .= ' vmarker';
                }
            }
            // end if
            // Wrap MIME-transformations. [MIME]
            $default_function = 'default_function';
            // default_function
            $transform_function = $default_function;
            $transform_options = array();
            if ($GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) {
                if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) && isset($GLOBALS['mime_map'][$meta->name]['transformation']) && !empty($GLOBALS['mime_map'][$meta->name]['transformation'])) {
                    $include_file = PMA_securePath($GLOBALS['mime_map'][$meta->name]['transformation']);
                    if (file_exists('./libraries/transformations/' . $include_file)) {
                        $transformfunction_name = str_replace('.inc.php', '', $GLOBALS['mime_map'][$meta->name]['transformation']);
                        require_once './libraries/transformations/' . $include_file;
                        if (function_exists('PMA_transformation_' . $transformfunction_name)) {
                            $transform_function = 'PMA_transformation_' . $transformfunction_name;
                            $transform_options = PMA_transformation_getOptions(isset($GLOBALS['mime_map'][$meta->name]['transformation_options']) ? $GLOBALS['mime_map'][$meta->name]['transformation_options'] : '');
                            $meta->mimetype = str_replace('_', '/', $GLOBALS['mime_map'][$meta->name]['mimetype']);
                        }
                    }
                    // end if file_exists
                }
                // end if transformation is set
            }
            // end if mime/transformation works.
            $_url_params = array('db' => $db, 'table' => $table, 'where_clause' => $where_clause, 'transform_key' => $meta->name);
            if (!empty($sql_query)) {
                $_url_params['sql_query'] = $url_sql_query;
            }
            $transform_options['wrapper_link'] = PMA_generate_common_url($_url_params);
            // n u m e r i c
            if ($meta->numeric == 1) {
                // if two fields have the same name (this is possible
                //       with self-join queries, for example), using $meta->name
                //       will show both fields NULL even if only one is NULL,
                //       so use the $pointer
                if (!isset($row[$i]) || is_null($row[$i])) {
                    $vertical_display['data'][$row_no][$i] = PMA_buildNullDisplay($class, $condition_field, $meta, 'align="right"');
                } elseif ($row[$i] != '') {
                    $nowrap = ' nowrap';
                    $where_comparison = ' = ' . $row[$i];
                    $vertical_display['data'][$row_no][$i] = '<td align="right"' . PMA_prepare_row_data($class, $condition_field, $analyzed_sql, $meta, $map, $row[$i], $transform_function, $default_function, $nowrap, $where_comparison, $transform_options, $is_field_truncated);
                } else {
                    $vertical_display['data'][$row_no][$i] = PMA_buildEmptyDisplay($class, $condition_field, $meta, 'align="right"');
                }
                //  b l o b
            } elseif (stristr($meta->type, 'BLOB')) {
                // PMA_mysql_fetch_fields returns BLOB in place of
                // TEXT fields type so we have to ensure it's really a BLOB
                $field_flags = PMA_DBI_field_flags($dt_result, $i);
                // remove 'inline_edit' from $class as we can't edit binary data.
                $class = str_replace('inline_edit', '', $class);
                if (stristr($field_flags, 'BINARY')) {
                    if (!isset($row[$i]) || is_null($row[$i])) {
                        $vertical_display['data'][$row_no][$i] = PMA_buildNullDisplay($class, $condition_field, $meta);
                    } else {
                        // for blobstreaming
                        // if valid BS reference exists
                        if (PMA_BS_IsPBMSReference($row[$i], $db)) {
                            $blobtext = PMA_BS_CreateReferenceLink($row[$i], $db);
                        } else {
                            $blobtext = PMA_handle_non_printable_contents('BLOB', isset($row[$i]) ? $row[$i] : '', $transform_function, $transform_options, $default_function, $meta, $_url_params);
                        }
                        $vertical_display['data'][$row_no][$i] = PMA_buildValueDisplay($class, $condition_field, $blobtext);
                        unset($blobtext);
                    }
                    // not binary:
                } else {
                    if (!isset($row[$i]) || is_null($row[$i])) {
                        $vertical_display['data'][$row_no][$i] = PMA_buildNullDisplay($class, $condition_field, $meta);
                    } elseif ($row[$i] != '') {
                        // if a transform function for blob is set, none of these replacements will be made
                        if (PMA_strlen($row[$i]) > $GLOBALS['cfg']['LimitChars'] && $_SESSION['tmp_user_values']['display_text'] == 'P') {
                            $row[$i] = PMA_substr($row[$i], 0, $GLOBALS['cfg']['LimitChars']) . '...';
                            $is_field_truncated = true;
                        }
                        // displays all space characters, 4 space
                        // characters for tabulations and <cr>/<lf>
                        $row[$i] = $default_function != $transform_function ? $transform_function($row[$i], $transform_options, $meta) : $default_function($row[$i], array(), $meta);
                        $vertical_display['data'][$row_no][$i] = PMA_buildValueDisplay($class, $condition_field, $row[$i]);
                    } else {
                        $vertical_display['data'][$row_no][$i] = PMA_buildEmptyDisplay($class, $condition_field, $meta);
                    }
                }
                // g e o m e t r y
            } elseif ($meta->type == 'geometry') {
                $geometry_text = PMA_handle_non_printable_contents('GEOMETRY', isset($row[$i]) ? $row[$i] : '', $transform_function, $transform_options, $default_function, $meta);
                // remove 'inline_edit' from $class as we can't edit geometry data.
                $class = str_replace('inline_edit', '', $class);
                $vertical_display['data'][$row_no][$i] = PMA_buildValueDisplay($class, $condition_field, $geometry_text);
                unset($geometry_text);
                // n o t   n u m e r i c   a n d   n o t   B L O B
            } else {
                if (!isset($row[$i]) || is_null($row[$i])) {
                    $vertical_display['data'][$row_no][$i] = PMA_buildNullDisplay($class, $condition_field, $meta);
                } elseif ($row[$i] != '') {
                    // support blanks in the key
                    $relation_id = $row[$i];
                    // Cut all fields to $GLOBALS['cfg']['LimitChars']
                    // (unless it's a link-type transformation)
                    if (PMA_strlen($row[$i]) > $GLOBALS['cfg']['LimitChars'] && $_SESSION['tmp_user_values']['display_text'] == 'P' && !strpos($transform_function, 'link') === true) {
                        $row[$i] = PMA_substr($row[$i], 0, $GLOBALS['cfg']['LimitChars']) . '...';
                        $is_field_truncated = true;
                    }
                    // displays special characters from binaries
                    $field_flags = PMA_DBI_field_flags($dt_result, $i);
                    $is_html = false;
                    if (isset($meta->_type) && $meta->_type === MYSQLI_TYPE_BIT) {
                        $row[$i] = PMA_printable_bit_value($row[$i], $meta->length);
                        // some results of PROCEDURE ANALYSE() are reported as
                        // being BINARY but they are quite readable,
                        // so don't treat them as BINARY
                    } elseif (stristr($field_flags, 'BINARY') && $meta->type == 'string' && !(isset($GLOBALS['is_analyse']) && $GLOBALS['is_analyse'])) {
                        if ($_SESSION['tmp_user_values']['display_binary']) {
                            // user asked to see the real contents of BINARY
                            // fields
                            if ($_SESSION['tmp_user_values']['display_binary_as_hex'] && PMA_contains_nonprintable_ascii($row[$i])) {
                                $row[$i] = bin2hex($row[$i]);
                            } else {
                                $row[$i] = htmlspecialchars(PMA_replace_binary_contents($row[$i]));
                            }
                        } else {
                            // we show the BINARY message and field's size
                            // (or maybe use a transformation)
                            $row[$i] = PMA_handle_non_printable_contents('BINARY', $row[$i], $transform_function, $transform_options, $default_function, $meta, $_url_params);
                            $is_html = true;
                        }
                    }
                    if ($is_html) {
                        $vertical_display['data'][$row_no][$i] = PMA_buildValueDisplay($class, $condition_field, $row[$i]);
                    } else {
                        // transform functions may enable no-wrapping:
                        $function_nowrap = $transform_function . '_nowrap';
                        $bool_nowrap = $default_function != $transform_function && function_exists($function_nowrap) ? $function_nowrap($transform_options) : false;
                        // do not wrap if date field type
                        $nowrap = preg_match('@DATE|TIME@i', $meta->type) || $bool_nowrap ? ' nowrap' : '';
                        $where_comparison = ' = \'' . PMA_sqlAddslashes($row[$i]) . '\'';
                        $vertical_display['data'][$row_no][$i] = '<td ' . PMA_prepare_row_data($class, $condition_field, $analyzed_sql, $meta, $map, $row[$i], $transform_function, $default_function, $nowrap, $where_comparison, $transform_options, $is_field_truncated);
                    }
                } else {
                    $vertical_display['data'][$row_no][$i] = PMA_buildEmptyDisplay($class, $condition_field, $meta);
                }
            }
            // output stored cell
            if ($_SESSION['tmp_user_values']['disp_direction'] == 'horizontal' || $_SESSION['tmp_user_values']['disp_direction'] == 'horizontalflipped') {
                echo $vertical_display['data'][$row_no][$i];
            }
            if (isset($vertical_display['rowdata'][$i][$row_no])) {
                $vertical_display['rowdata'][$i][$row_no] .= $vertical_display['data'][$row_no][$i];
            } else {
                $vertical_display['rowdata'][$i][$row_no] = $vertical_display['data'][$row_no][$i];
            }
        }
        // end for (2)
        // 3. Displays the modify/delete links on the right if required
        if ($GLOBALS['cfg']['ModifyDeleteAtRight'] && ($_SESSION['tmp_user_values']['disp_direction'] == 'horizontal' || $_SESSION['tmp_user_values']['disp_direction'] == 'horizontalflipped')) {
            if (!isset($js_conf)) {
                $js_conf = '';
            }
            echo PMA_generateCheckboxAndLinks('right', $del_url, $is_display, $row_no, $where_clause, $where_clause_html, $del_query, 'r', $edit_url, $copy_url, $edit_anchor_class, $edit_str, $copy_str, $del_str, $js_conf);
        }
        // end if (3)
        if ($_SESSION['tmp_user_values']['disp_direction'] == 'horizontal' || $_SESSION['tmp_user_values']['disp_direction'] == 'horizontalflipped') {
            ?>
</tr>
            <?php 
        }
        // end if
        // 4. Gather links of del_urls and edit_urls in an array for later
        //    output
        if (!isset($vertical_display['edit'][$row_no])) {
            $vertical_display['edit'][$row_no] = '';
            $vertical_display['copy'][$row_no] = '';
            $vertical_display['delete'][$row_no] = '';
            $vertical_display['row_delete'][$row_no] = '';
        }
        $vertical_class = ' row_' . $row_no;
        if ($GLOBALS['cfg']['BrowsePointerEnable'] == true) {
            $vertical_class .= ' vpointer';
        }
        if ($GLOBALS['cfg']['BrowseMarkerEnable'] == true) {
            $vertical_class .= ' vmarker';
        }
        if (!empty($del_url) && $is_display['del_lnk'] != 'kp') {
            $vertical_display['row_delete'][$row_no] .= PMA_generateCheckboxForMulti($del_url, $is_display, $row_no, $where_clause_html, $del_query, '[%_PMA_CHECKBOX_DIR_%]', $alternating_color_class . $vertical_class);
        } else {
            unset($vertical_display['row_delete'][$row_no]);
        }
        if (isset($edit_url)) {
            $vertical_display['edit'][$row_no] .= PMA_generateEditLink($edit_url, $alternating_color_class . ' ' . $edit_anchor_class . $vertical_class, $edit_str, $where_clause, $where_clause_html);
        } else {
            unset($vertical_display['edit'][$row_no]);
        }
        if (isset($copy_url)) {
            $vertical_display['copy'][$row_no] .= PMA_generateCopyLink($copy_url, $copy_str, $where_clause, $where_clause_html, $alternating_color_class . $vertical_class);
        } else {
            unset($vertical_display['copy'][$row_no]);
        }
        if (isset($del_url)) {
            if (!isset($js_conf)) {
                $js_conf = '';
            }
            $vertical_display['delete'][$row_no] .= PMA_generateDeleteLink($del_url, $del_str, $js_conf, $alternating_color_class . $vertical_class);
        } else {
            unset($vertical_display['delete'][$row_no]);
        }
        echo $_SESSION['tmp_user_values']['disp_direction'] == 'horizontal' || $_SESSION['tmp_user_values']['disp_direction'] == 'horizontalflipped' ? "\n" : '';
        $row_no++;
    }
    // end while
    // this is needed by PMA_displayTable() to generate the proper param
    // in the multi-edit and multi-delete form
    return $clause_is_unique;
}
Example #21
0
/**
* Returns the real filename of a configured transformation
*
* @param   string   the current filename
*
* @return  string   the new filename
*
* @access  public
*/
function PMA_sanitizeTransformationFile(&$filename)
{
    // garvin: for security, never allow to break out from transformations directory
    $include_file = PMA_securePath($filename);
    // This value can also contain a 'php3' value, in which case we map this filename to our new 'php' variant
    $testfile = preg_replace('@\\.inc\\.php3$@', '.inc.php', $include_file);
    if ($include_file[strlen($include_file) - 1] == '3' && file_exists('./libraries/transformations/' . $testfile)) {
        $include_file = $testfile;
        $filename = $testfile;
        // Corrects the referenced variable for further actions on the filename;
    }
    return $include_file;
}
            }
        }
    }
    if ($ThemeDefaultOk == TRUE) {
        $pmaThemeImage = './' . $cfg['ThemePath'] . '/' . $cfg['ThemeDefault'] . '/img/';
        $tmp_color_file = './' . $cfg['ThemePath'] . '/' . $cfg['ThemeDefault'] . '/colors.inc.php';
        if (@file_exists($tmp_color_file)) {
            include $tmp_color_file;
        }
    } else {
        $pmaThemeImage = './' . $cfg['ThemePath'] . '/original/img/';
    }
} else {
    $GLOBALS['theme'] = $_COOKIE['pma_theme'];
    $pmaThemeImage = './' . $cfg['ThemePath'] . '/' . $_COOKIE['pma_theme'] . '/img/';
    $tmp_color_file = './' . $cfg['ThemePath'] . '/' . PMA_securePath($_COOKIE['pma_theme']) . '/colors.inc.php';
    if (@file_exists($tmp_color_file)) {
        include $tmp_color_file;
    }
}
if (!is_dir($pmaThemeImage)) {
    $pmaThemeImage = './' . $cfg['ThemePath'] . '/original/img/';
}
// end theme manager
if ($is_minimum_common == FALSE) {
    /**
     * Include URL/hidden inputs generating.
     */
    require_once './libraries/url_generating.lib.php';
    /**
     * Add slashes before "'" and "\" characters so a value containing them can