/** * get all the export options and verify * call and include the appropriate Schema Class depending on $export_type * * @param string $export_type format of the export * * @return void */ function PMA_processExportSchema($export_type) { /** * default is PDF, otherwise validate it's only letters a-z */ if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) { $export_type = 'pdf'; } // sanitize this parameter which will be used below in a file inclusion $export_type = PMA_securePath($export_type); // get the specific plugin $export_plugin = PMA_getPlugin("schema", $export_type, 'libraries/plugins/schema/'); // Check schema export type if (!isset($export_plugin)) { PMA_fatalError(__('Bad type!')); } $GLOBALS['dbi']->selectDb($GLOBALS['db']); $export_plugin->exportSchema($GLOBALS['db']); }
$err_url = 'server_export.php?' . PMA_generate_common_url(); } elseif ($export_type == 'database' && strlen($db)) { $err_url = 'db_export.php?' . PMA_generate_common_url($db); // Check if we have something to export if (isset($table_select)) { $tables = $table_select; } else { $tables = array(); } } elseif ($export_type == 'table' && strlen($db) && strlen($table)) { $err_url = 'tbl_export.php?' . PMA_generate_common_url($db, $table); } else { die('Bad parameters!'); } // Get the functions specific to the export type require './libraries/export/' . PMA_securePath($type) . '.php'; /** * Increase time limit for script execution and initializes some variables */ @set_time_limit($cfg['ExecTimeLimit']); if (!empty($cfg['MemoryLimit'])) { @ini_set('memory_limit', $cfg['MemoryLimit']); } // Start with empty buffer $dump_buffer = ''; $dump_buffer_len = 0; // We send fake headers to avoid browser timeout when buffering $time_start = time(); /** * Output handler for all exports, if needed buffering, it stores data into * $dump_buffer, otherwise it prints thems out.
/** * * @access public * @uses $GLOBALS['strFileCouldNotBeRead'] * @uses PMA_File::setName() * @uses PMA_securePath() * @uses PMA_userDir() * @uses $GLOBALS['cfg']['UploadDir'] * @param string $name * @return boolean success */ function setLocalSelectedFile($name) { if (empty($GLOBALS['cfg']['UploadDir'])) return false; $this->setName(PMA_userDir($GLOBALS['cfg']['UploadDir']) . PMA_securePath($name)); if (! $this->isReadable()) { $this->_error_message = $GLOBALS['strFileCouldNotBeRead']; $this->setName(null); return false; } return true; }
} /** * Sets globals from $_POST * * - Please keep the parameters in order of their appearance in the form * - Some of these parameters are not used, as the code below directly * verifies from the superglobal $_POST or $_REQUEST */ $post_params = array('db', 'table', 'single_table', 'export_type', 'export_method', 'quick_or_custom', 'db_select', 'table_select', 'limit_to', 'limit_from', 'allrows', 'output_format', 'filename_template', 'maxsize', 'remember_template', 'charset_of_file', 'compression', 'what', 'knjenc', 'xkana', 'htmlword_structure_or_data', 'htmlword_null', 'htmlword_columns', 'mediawiki_headers', 'mediawiki_structure_or_data', 'mediawiki_caption', 'pdf_structure_or_data', 'odt_structure_or_data', 'odt_relation', 'odt_comments', 'odt_mime', 'odt_columns', 'odt_null', 'codegen_structure_or_data', 'codegen_format', 'excel_null', 'excel_removeCRLF', 'excel_columns', 'excel_edition', 'excel_structure_or_data', 'yaml_structure_or_data', 'ods_null', 'ods_structure_or_data', 'ods_columns', 'json_structure_or_data', 'xml_structure_or_data', 'xml_export_events', 'xml_export_functions', 'xml_export_procedures', 'xml_export_tables', 'xml_export_triggers', 'xml_export_views', 'xml_export_contents', 'texytext_structure_or_data', 'texytext_columns', 'texytext_null', 'phparray_structure_or_data', 'sql_include_comments', 'sql_header_comment', 'sql_dates', 'sql_relation', 'sql_mime', 'sql_use_transaction', 'sql_disable_fk', 'sql_compatibility', 'sql_structure_or_data', 'sql_create_database', 'sql_drop_table', 'sql_procedure_function', 'sql_create_table_statements', 'sql_create_table', 'sql_create_view', 'sql_create_trigger', 'sql_if_not_exists', 'sql_auto_increment', 'sql_backquotes', 'sql_truncate', 'sql_delayed', 'sql_ignore', 'sql_type', 'sql_insert_syntax', 'sql_max_query_size', 'sql_hex_for_binary', 'sql_utc_time', 'sql_drop_database', 'sql_views_as_tables', 'csv_separator', 'csv_enclosed', 'csv_escaped', 'csv_terminated', 'csv_null', 'csv_removeCRLF', 'csv_columns', 'csv_structure_or_data', 'latex_caption', 'latex_structure_or_data', 'latex_structure_caption', 'latex_structure_continued_caption', 'latex_structure_label', 'latex_relation', 'latex_comments', 'latex_mime', 'latex_columns', 'latex_data_caption', 'latex_data_continued_caption', 'latex_data_label', 'latex_null'); foreach ($post_params as $one_post_param) { if (isset($_POST[$one_post_param])) { $GLOBALS[$one_post_param] = $_POST[$one_post_param]; } } // sanitize this parameter which will be used below in a file inclusion $what = PMA_securePath($what); PMA_Util::checkParameters(array('what', 'export_type')); // export class instance, not array of properties, as before $export_plugin = PMA_getPlugin("export", $what, 'libraries/plugins/export/', array('export_type' => $export_type, 'single_table' => isset($single_table))); // Backward compatibility $type = $what; // Check export type if (!isset($export_plugin)) { PMA_fatalError(__('Bad type!')); } /** * valid compression methods */ $compression_methods = array('zip', 'gzip'); /** * init and variable checking
$message->addMessage(')'); } if ($GLOBALS['is_ajax_request'] == true) { if ($cfg['ShowSQL']) { $extra_data['sql_query'] = PMA_showMessage($message, $GLOBALS['sql_query'], 'success'); } if (isset($GLOBALS['reload']) && $GLOBALS['reload'] == 1) { $extra_data['reload'] = 1; $extra_data['db'] = $GLOBALS['db']; } PMA_ajaxResponse($message, $message->isSuccess(), (isset($extra_data) ? $extra_data : '')); } if ($is_gotofile) { $goto = PMA_securePath($goto); // Checks for a valid target script $is_db = $is_table = false; if (isset($_REQUEST['purge']) && $_REQUEST['purge'] == '1') { $table = ''; unset($url_params['table']); } include 'libraries/db_table_exists.lib.php'; if (strpos($goto, 'tbl_') === 0 && ! $is_table) { if (strlen($table)) { $table = ''; } $goto = 'db_sql.php'; } if (strpos($goto, 'db_') === 0 && ! $is_db) {
$ThemeDefaultOk = TRUE; } } } if ($ThemeDefaultOk == TRUE) { $GLOBALS['theme'] = $cfg['ThemeDefault']; } else { $GLOBALS['theme'] = 'original'; } } else { // if we just changed theme, we must take the new one so that // index.php takes the correct one for height computing if (isset($_POST['set_theme'])) { $GLOBALS['theme'] = PMA_securePath($_POST['set_theme']); } else { $GLOBALS['theme'] = PMA_securePath($_COOKIE[$theme_cookie_name]); } } // check for theme requires/name unset($theme_name, $theme_generation, $theme_version); @(include $cfg['ThemePath'] . '/' . $GLOBALS['theme'] . '/info.inc.php'); // did it set correctly? if (!isset($theme_name, $theme_generation, $theme_version)) { $GLOBALS['theme'] = 'original'; // invalid theme } elseif ($theme_generation != PMA_THEME_GENERATION) { $GLOBALS['theme'] = 'original'; // different generation } elseif ($theme_version < PMA_THEME_VERSION) { $GLOBALS['theme'] = 'original'; // too old version
PMA_DBI_free_result($result); unset($result); } if ($total_affected_rows != 0) { $message .= $total_affected_rows; } else { $message .= $strModifications; } $message .= $last_message; if (!empty($warning_message)) { // TODO: use a <div class="warning"> in PMA_showMessage() // for this part of the message $message .= '[br]' . $warning_message; } if ($is_gotofile) { if ($goto == 'db_details.php' && isset($table)) { unset($table); } $js_to_run = 'functions.js'; $active_page = $goto; require_once './libraries/header.inc.php'; require './' . PMA_securePath($goto); } else { // if we have seen binary, // we do not append the query to the Location so it won't be displayed // on the resulting page // Nijel: we also need to limit size of url... $add_query = !$seen_binary && strlen($sql_query) < 1024 ? '&disp_query=' . urlencode($sql_query) : ''; PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $goto . '&disp_message=' . urlencode($message) . $add_query); } exit;
// Calculate value of the limit if (strtolower(substr($memory_limit, -1)) == 'm') { $memory_limit = (int) substr($memory_limit, 0, -1) * 1024 * 1024; } elseif (strtolower(substr($memory_limit, -1)) == 'k') { $memory_limit = (int) substr($memory_limit, 0, -1) * 1024; } elseif (strtolower(substr($memory_limit, -1)) == 'g') { $memory_limit = (int) substr($memory_limit, 0, -1) * 1024 * 1024 * 1024; } else { $memory_limit = (int) $memory_limit; } $read_limit = $memory_limit / 8; // Just to be sure, there might be lot of memory needed for uncompression // handle filenames if (!empty($local_import_file) && !empty($cfg['UploadDir'])) { // sanitize $local_import_file as it comes from a POST $local_import_file = PMA_securePath($local_import_file); $import_file = PMA_userDir($cfg['UploadDir']) . $local_import_file; } elseif (empty($import_file) || !is_uploaded_file($import_file)) { $import_file = 'none'; } // Do we have file to import? if ($import_file != 'none' && !$error) { // work around open_basedir and other limitations $open_basedir = @ini_get('open_basedir'); // If we are on a server with open_basedir, we must move the file // before opening it. The doc explains how to create the "./tmp" // directory if (!empty($open_basedir)) { $tmp_subdir = PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/'; if (is_writable($tmp_subdir)) { $import_file_new = $tmp_subdir . basename($import_file);
if (!empty($_ENV) && isset($_ENV['DOCUMENT_ROOT'])) { $DOCUMENT_ROOT = $_ENV['DOCUMENT_ROOT']; } else { if (@getenv('DOCUMENT_ROOT')) { $DOCUMENT_ROOT = getenv('DOCUMENT_ROOT'); } else { $DOCUMENT_ROOT = '.'; } } } } // end if if (substr($cfg['UploadDir'], -1) != '/') { $cfg['UploadDir'] .= '/'; } $textfile = $DOCUMENT_ROOT . dirname($PHP_SELF) . '/' . preg_replace('@^./@s', '', $cfg['UploadDir']) . PMA_securePath($local_textfile); if (file_exists($textfile)) { $open_basedir = @ini_get('open_basedir'); // If we are on a server with open_basedir, we must move the file // before opening it. The doc explains how to create the "./tmp" // directory if (!empty($open_basedir)) { $tmp_subdir = PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/'; // function is_writeable() is valid on PHP3 and 4 if (!is_writeable($tmp_subdir)) { echo $strWebServerUploadDirectoryError . ': ' . $tmp_subdir . '<br />'; exit; } else { $textfile_new = $tmp_subdir . basename($textfile); move_uploaded_file($textfile, $textfile_new); $textfile = $textfile_new;
$docsql_text = PMA_readFile($sql_file, $sql_file_compression); } // Convert the file's charset if necessary if ($cfg['AllowAnywhereRecoding'] && $allow_recoding && isset($charset_of_file) && $charset_of_file != $charset) { $docsql_text = PMA_convert_string($charset_of_file, $charset, $docsql_text); } if (!isset($docsql_text) || $docsql_text == FALSE || $docsql_text == '') { echo '<p><font color="red">' . $GLOBALS['strFileCouldNotBeRead'] . '</font></p>' . "\n"; } else { docsql_check('', $sql_file_name, $sql_file_name, $docsql_text); } } // end uploaded file stuff } else { // echo '<h1>Starting Import</h1>'; $docpath = $cfg['docSQLDir'] . PMA_securePath($docpath); if (substr($docpath, -1) != '/') { $docpath .= '/'; } $matched_files = 0; if (is_dir($docpath)) { // Do the work $handle = opendir($docpath); while ($file = @readdir($handle)) { $filename = basename($file); // echo '<p>Working on file ' . $filename . '</p>'; $matched_files += docsql_check($docpath, $file, $filename); } // end while } else { echo '<p><font color="red">' . $docpath . ': ' . $strThisNotDirectory . "</font></p>\n";
/** * get all the export options and verify * call and include the appropriate Schema Class depending on $export_type * * @return void * @access private */ private function _processExportSchema() { /** * Settings for relation stuff */ include_once './libraries/transformations.lib.php'; include_once './libraries/Index.class.php'; /** * default is PDF, otherwise validate it's only letters a-z */ global $db, $export_type; if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) { $export_type = 'pdf'; } $GLOBALS['dbi']->selectDb($db); $path = PMA_securePath(ucfirst($export_type)); $filename = 'libraries/schema/' . $path . '_Relation_Schema.class.php'; if (!file_exists($filename)) { PMA_Export_Relation_Schema::dieSchema($_POST['chpage'], $export_type, __('File doesn\'t exist')); } $GLOBALS['skip_import'] = false; include $filename; if ($GLOBALS['skip_import']) { PMA_Export_Relation_Schema::dieSchema($_POST['chpage'], $export_type, __('Plugin is disabled')); } $class_name = 'PMA_' . $path . '_Relation_Schema'; $obj_schema = new $class_name(); $obj_schema->showOutput(); }
/** * Defines the url to return to in case of error in a sql statement */ if (!isset($goto) || !preg_match('@^(db_details|tbl_properties)(_[a-z]*)?\\.php$@i', $goto)) { $goto = 'db_details.php'; } $err_url = $goto . '?' . PMA_generate_common_url($db) . (preg_match('@^tbl_properties(_[a-z]*)?\\.php$@', $goto) ? '&table=' . urlencode($table) : ''); /** * Set up default values for some variables */ $view_bookmark = 0; $sql_bookmark = isset($sql_bookmark) ? $sql_bookmark : ''; $sql_query = isset($sql_query) ? $sql_query : ''; if (!empty($sql_localfile) && !empty($cfg['UploadDir'])) { // sanitize $sql_localfile as it comes from a POST $sql_localfile = PMA_securePath($sql_localfile); if (substr($cfg['UploadDir'], -1) != '/') { $cfg['UploadDir'] .= '/'; } $sql_file = $cfg['UploadDir'] . $sql_localfile; } else { if (empty($sql_file)) { $sql_file = 'none'; } } /** * Bookmark Support: get a query back from bookmark if required */ if (!empty($id_bookmark)) { require_once './libraries/bookmark.lib.php'; switch ($action_bookmark) {
/** * Gets some core libraries */ require_once './libraries/common.inc.php'; require './libraries/StorageEngine.class.php'; /** * Include settings for relation stuff * get all variables needed for exporting relational schema * in $cfgRelation */ require_once './libraries/relation.lib.php'; $cfgRelation = PMA_getRelationsParam(); require_once './libraries/transformations.lib.php'; require_once './libraries/Index.class.php'; require_once "./libraries/schema/Export_Relation_Schema.class.php"; /** * get all the export options and verify * call and include the appropriate Schema Class depending on $export_type * default is PDF */ global $db, $export_type; if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) { $export_type = 'pdf'; } PMA_DBI_select_db($db); $path = PMA_securePath(ucfirst($export_type)); if (!file_exists('./libraries/schema/' . $path . '_Relation_Schema.class.php')) { PMA_Export_Relation_Schema::dieSchema($_POST['chpage'], $export_type, __('File doesn\'t exist')); } require "./libraries/schema/" . $path . "_Relation_Schema.class.php"; $obj_schema = eval("new PMA_" . $path . "_Relation_Schema();");
/** * Test for replacing dots. * * @return void */ public function testReplaceDots() { $this->assertEquals(PMA_securePath('../../../etc/passwd'), './././etc/passwd'); $this->assertEquals(PMA_securePath('/var/www/../phpmyadmin'), '/var/www/./phpmyadmin'); $this->assertEquals(PMA_securePath('./path/with..dots/../../file..php'), './path/with.dots/././file.php'); }
$message .= $total_affected_rows . $last_message; if (!empty($warning_message)) { /** * @todo use a <div class="warning"> in PMA_showMessage() for this part of * the message */ $message .= '[br]' . $warning_message; } unset($warning_message, $total_affected_rows, $last_message); if (isset($return_to_sql_query)) { $disp_query = $GLOBALS['sql_query']; $disp_message = $message; unset($message); $GLOBALS['sql_query'] = $return_to_sql_query; } // if user asked to "Insert another new row", we need tbl_change.js // otherwise the calendar icon does not work if ($goto_include == 'tbl_change.php') { /** * @todo if we really need to run many different js at header time, * $js_to_run would become an array and header.inc.php would iterate * thru it, instead of the bunch of if/elseif it does now */ $js_to_run = 'tbl_change.js'; } else { $js_to_run = 'functions.js'; } $active_page = $goto_include; require_once './libraries/header.inc.php'; require './' . PMA_securePath($goto_include); exit;
/** * Sets globals from $_POST * * - Please keep the parameters in order of their appearance in the form * - Some of these parameters are not used, as the code below directly * verifies from the superglobal $_POST or $_REQUEST */ $post_params = array('db', 'table', 'single_table', 'export_type', 'export_method', 'quick_or_custom', 'db_select', 'table_select', 'table_structure', 'table_data', 'limit_to', 'limit_from', 'allrows', 'lock_tables', 'output_format', 'filename_template', 'maxsize', 'remember_template', 'charset', 'compression', 'as_separate_files', 'knjenc', 'xkana', 'htmlword_structure_or_data', 'htmlword_null', 'htmlword_columns', 'mediawiki_headers', 'mediawiki_structure_or_data', 'mediawiki_caption', 'pdf_structure_or_data', 'odt_structure_or_data', 'odt_relation', 'odt_comments', 'odt_mime', 'odt_columns', 'odt_null', 'codegen_structure_or_data', 'codegen_format', 'excel_null', 'excel_removeCRLF', 'excel_columns', 'excel_edition', 'excel_structure_or_data', 'yaml_structure_or_data', 'ods_null', 'ods_structure_or_data', 'ods_columns', 'json_structure_or_data', 'json_pretty_print', 'xml_structure_or_data', 'xml_export_events', 'xml_export_functions', 'xml_export_procedures', 'xml_export_tables', 'xml_export_triggers', 'xml_export_views', 'xml_export_contents', 'texytext_structure_or_data', 'texytext_columns', 'texytext_null', 'phparray_structure_or_data', 'sql_include_comments', 'sql_header_comment', 'sql_dates', 'sql_relation', 'sql_mime', 'sql_use_transaction', 'sql_disable_fk', 'sql_compatibility', 'sql_structure_or_data', 'sql_create_database', 'sql_drop_table', 'sql_procedure_function', 'sql_create_table_statements', 'sql_create_table', 'sql_create_view', 'sql_create_trigger', 'sql_if_not_exists', 'sql_auto_increment', 'sql_backquotes', 'sql_truncate', 'sql_delayed', 'sql_ignore', 'sql_type', 'sql_insert_syntax', 'sql_max_query_size', 'sql_hex_for_binary', 'sql_utc_time', 'sql_drop_database', 'sql_views_as_tables', 'sql_metadata', 'csv_separator', 'csv_enclosed', 'csv_escaped', 'csv_terminated', 'csv_null', 'csv_removeCRLF', 'csv_columns', 'csv_structure_or_data', 'latex_caption', 'latex_structure_or_data', 'latex_structure_caption', 'latex_structure_continued_caption', 'latex_structure_label', 'latex_relation', 'latex_comments', 'latex_mime', 'latex_columns', 'latex_data_caption', 'latex_data_continued_caption', 'latex_data_label', 'latex_null', 'aliases'); foreach ($post_params as $one_post_param) { if (isset($_POST[$one_post_param])) { $GLOBALS[$one_post_param] = $_POST[$one_post_param]; } } $table = $GLOBALS['table']; // sanitize this parameter which will be used below in a file inclusion $what = PMA_securePath($_POST['what']); PMA_Util::checkParameters(array('what', 'export_type')); // export class instance, not array of properties, as before /* @var $export_plugin ExportPlugin */ $export_plugin = PMA_getPlugin("export", $what, 'libraries/plugins/export/', array('export_type' => $export_type, 'single_table' => isset($single_table))); // Backward compatibility $type = $what; // Check export type if (!isset($export_plugin)) { PMA_fatalError(__('Bad type!')); } // Avoid warning from PHP Analyzer if (is_null($export_plugin)) { $export_plugin = new stdClass(); } /**
/** * Sets named file to be read from UploadDir. * * @param string $name file name * * @return boolean success * @access public */ public function setLocalSelectedFile($name) { if (empty($GLOBALS['cfg']['UploadDir'])) { return false; } $this->setName(PMA_Util::userDir($GLOBALS['cfg']['UploadDir']) . PMA_securePath($name)); if (!$this->isReadable()) { $this->_error_message = __('File could not be read!'); $this->setName(null); return false; } return true; }
/** * replaces %u in given path with current user name * * example: * <code> * $user_dir = userDir('/var/pma_tmp/%u/'); // '/var/pma_tmp/root/' * * </code> * * @param string $dir with wildcard for user * * @return string per user directory */ public static function userDir($dir) { // add trailing slash if (mb_substr($dir, -1) != '/') { $dir .= '/'; } return str_replace('%u', PMA_securePath($GLOBALS['cfg']['Server']['user']), $dir); }
$ThemeDefaultOk = TRUE; } } } if ($ThemeDefaultOk == TRUE) { $GLOBALS['theme'] = $cfg['ThemeDefault']; } else { $GLOBALS['theme'] = 'original'; } } else { // if we just changed theme, we must take the new one so that // index.php takes the correct one for height computing if (isset($_POST['set_theme'])) { $GLOBALS['theme'] = PMA_securePath($_POST['set_theme']); } else { $GLOBALS['theme'] = PMA_securePath($_COOKIE['pma_theme']); } } // check for theme requires/name unset($theme_name, $theme_generation, $theme_version); @(include $cfg['ThemePath'] . '/' . $GLOBALS['theme'] . '/info.inc.php'); // did it set correctly? if (!isset($theme_name, $theme_generation, $theme_version)) { $GLOBALS['theme'] = 'original'; } // invalid theme if ($theme_generation != PMA_THEME_GENERATION) { $GLOBALS['theme'] = 'original'; } // different generation if ($theme_version < PMA_THEME_VERSION) {
/** * Displays the body of the results table * * @uses $_SESSION['tmp_user_values']['disp_direction'] * @uses $_SESSION['tmp_user_values']['repeat_cells'] * @uses $_SESSION['tmp_user_values']['max_rows'] * @uses $_SESSION['tmp_user_values']['display_text'] * @uses $_SESSION['tmp_user_values']['display_binary'] * @uses $_SESSION['tmp_user_values']['display_binary_as_hex'] * @uses $_SESSION['tmp_user_values']['display_blob'] * @param integer the link id associated to the query which results have * to be displayed * @param array which elements to display * @param array the list of relations * @param array the analyzed query * * @return boolean always true * * @global string $db the database name * @global string $table the table name * @global string $goto the URL to go back in case of errors * @global string $sql_query the SQL query * @global array $fields_meta the list of fields properties * @global integer $fields_cnt the total number of fields returned by * the SQL query * @global array $vertical_display informations used with vertical display * mode * @global array $highlight_columns column names to highlight * @global array $row current row data * * @access private * * @see PMA_displayTable() */ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) { global $db, $table, $goto; global $sql_query, $fields_meta, $fields_cnt; global $vertical_display, $highlight_columns; global $row; // mostly because of browser transformations, to make the row-data accessible in a plugin $url_sql_query = $sql_query; // query without conditions to shorten URLs when needed, 200 is just // guess, it should depend on remaining URL length if (isset($analyzed_sql) && isset($analyzed_sql[0]) && isset($analyzed_sql[0]['querytype']) && $analyzed_sql[0]['querytype'] == 'SELECT' && strlen($sql_query) > 200) { $url_sql_query = 'SELECT '; if (isset($analyzed_sql[0]['queryflags']['distinct'])) { $url_sql_query .= ' DISTINCT '; } $url_sql_query .= $analyzed_sql[0]['select_expr_clause']; if (!empty($analyzed_sql[0]['from_clause'])) { $url_sql_query .= ' FROM ' . $analyzed_sql[0]['from_clause']; } } if (!is_array($map)) { $map = array(); } $row_no = 0; $vertical_display['edit'] = array(); $vertical_display['copy'] = array(); $vertical_display['delete'] = array(); $vertical_display['data'] = array(); $vertical_display['row_delete'] = array(); // name of the class added to all inline editable elements $inline_edit_class = 'inline_edit'; // Correction University of Virginia 19991216 in the while below // Previous code assumed that all tables have keys, specifically that // the phpMyAdmin GUI should support row delete/edit only for such // tables. // Although always using keys is arguably the prescribed way of // defining a relational table, it is not required. This will in // particular be violated by the novice. // We want to encourage phpMyAdmin usage by such novices. So the code // below has been changed to conditionally work as before when the // table being displayed has one or more keys; but to display // delete/edit options correctly for tables without keys. $odd_row = true; while ($row = PMA_DBI_fetch_row($dt_result)) { // "vertical display" mode stuff if ($row_no != 0 && $_SESSION['tmp_user_values']['repeat_cells'] != 0 && !($row_no % $_SESSION['tmp_user_values']['repeat_cells']) && ($_SESSION['tmp_user_values']['disp_direction'] == 'horizontal' || $_SESSION['tmp_user_values']['disp_direction'] == 'horizontalflipped')) { echo '<tr>' . "\n"; if ($vertical_display['emptypre'] > 0) { echo ' <th colspan="' . $vertical_display['emptypre'] . '">' . "\n" . ' </th>' . "\n"; } foreach ($vertical_display['desc'] as $val) { echo $val; } if ($vertical_display['emptyafter'] > 0) { echo ' <th colspan="' . $vertical_display['emptyafter'] . '">' . "\n" . ' </th>' . "\n"; } echo '</tr>' . "\n"; } // end if $alternating_color_class = $odd_row ? 'odd' : 'even'; $odd_row = !$odd_row; if ($_SESSION['tmp_user_values']['disp_direction'] == 'horizontal' || $_SESSION['tmp_user_values']['disp_direction'] == 'horizontalflipped') { // pointer code part echo '<tr class="' . $alternating_color_class . '">'; } // 1. Prepares the row // 1.1 Results from a "SELECT" statement -> builds the // WHERE clause to use in links (a unique key if possible) /** * @todo $where_clause could be empty, for example a table * with only one field and it's a BLOB; in this case, * avoid to display the delete and edit links */ list($where_clause, $clause_is_unique) = PMA_getUniqueCondition($dt_result, $fields_cnt, $fields_meta, $row); $where_clause_html = urlencode($where_clause); // 1.2 Defines the URLs for the modify/delete link(s) if ($is_display['edit_lnk'] != 'nn' || $is_display['del_lnk'] != 'nn') { // We need to copy the value or else the == 'both' check will always return true if ($GLOBALS['cfg']['PropertiesIconic'] === 'both') { $iconic_spacer = '<div class="nowrap">'; } else { $iconic_spacer = ''; } // 1.2.1 Modify link(s) if ($is_display['edit_lnk'] == 'ur') { // update row case $_url_params = array('db' => $db, 'table' => $table, 'where_clause' => $where_clause, 'clause_is_unique' => $clause_is_unique, 'sql_query' => $url_sql_query, 'goto' => 'sql.php'); $edit_url = 'tbl_change.php' . PMA_generate_common_url($_url_params + array('default_action' => 'update')); $copy_url = 'tbl_change.php' . PMA_generate_common_url($_url_params + array('default_action' => 'insert')); $edit_str = PMA_getIcon('b_edit.png', __('Edit'), true); $copy_str = PMA_getIcon('b_insrow.png', __('Copy'), true); // Class definitions required for inline editing jQuery scripts $edit_anchor_class = "edit_row_anchor"; if ($clause_is_unique == 0) { $edit_anchor_class .= ' nonunique'; } } // end if (1.2.1) // 1.2.2 Delete/Kill link(s) if ($is_display['del_lnk'] == 'dr') { // delete row case $_url_params = array('db' => $db, 'table' => $table, 'sql_query' => $url_sql_query, 'message_to_show' => __('The row has been deleted'), 'goto' => empty($goto) ? 'tbl_sql.php' : $goto); $lnk_goto = 'sql.php' . PMA_generate_common_url($_url_params, 'text'); $del_query = 'DELETE FROM ' . PMA_backquote($db) . '.' . PMA_backquote($table) . ' WHERE ' . $where_clause . ($clause_is_unique ? '' : ' LIMIT 1'); $_url_params = array('db' => $db, 'table' => $table, 'sql_query' => $del_query, 'message_to_show' => __('The row has been deleted'), 'goto' => $lnk_goto); $del_url = 'sql.php' . PMA_generate_common_url($_url_params); $js_conf = 'DELETE FROM ' . PMA_jsFormat($db) . '.' . PMA_jsFormat($table) . ' WHERE ' . PMA_jsFormat($where_clause, false) . ($clause_is_unique ? '' : ' LIMIT 1'); $del_str = PMA_getIcon('b_drop.png', __('Delete'), true); } elseif ($is_display['del_lnk'] == 'kp') { // kill process case $_url_params = array('db' => $db, 'table' => $table, 'sql_query' => $url_sql_query, 'goto' => 'main.php'); $lnk_goto = 'sql.php' . PMA_generate_common_url($_url_params, 'text'); $_url_params = array('db' => 'mysql', 'sql_query' => 'KILL ' . $row[0], 'goto' => $lnk_goto); $del_url = 'sql.php' . PMA_generate_common_url($_url_params); $del_query = 'KILL ' . $row[0]; $js_conf = 'KILL ' . $row[0]; $del_str = PMA_getIcon('b_drop.png', __('Kill'), true); } // end if (1.2.2) // 1.3 Displays the links at left if required if ($GLOBALS['cfg']['ModifyDeleteAtLeft'] && ($_SESSION['tmp_user_values']['disp_direction'] == 'horizontal' || $_SESSION['tmp_user_values']['disp_direction'] == 'horizontalflipped')) { if (!isset($js_conf)) { $js_conf = ''; } echo PMA_generateCheckboxAndLinks('left', $del_url, $is_display, $row_no, $where_clause, $where_clause_html, $del_query, 'l', $edit_url, $copy_url, $edit_anchor_class, $edit_str, $copy_str, $del_str, $js_conf); } // end if (1.3) } // end if (1) // 2. Displays the rows' values for ($i = 0; $i < $fields_cnt; ++$i) { $meta = $fields_meta[$i]; $not_null_class = $meta->not_null ? 'not_null' : ''; $relation_class = isset($map[$meta->name]) ? 'relation' : ''; $pointer = $i; $is_field_truncated = false; //If the previous column had blob data, we need to reset the class // to $inline_edit_class $class = 'data ' . $inline_edit_class . ' ' . $not_null_class . ' ' . $alternating_color_class . ' ' . $relation_class; // See if this column should get highlight because it's used in the // where-query. if (isset($highlight_columns) && (isset($highlight_columns[$meta->name]) || isset($highlight_columns[PMA_backquote($meta->name)]))) { $condition_field = true; } else { $condition_field = false; } if ($_SESSION['tmp_user_values']['disp_direction'] == 'vertical' && (!isset($GLOBALS['printview']) || $GLOBALS['printview'] != '1')) { // the row number corresponds to a data row, not HTML table row $class .= ' row_' . $row_no; if ($GLOBALS['cfg']['BrowsePointerEnable'] == true) { $class .= ' vpointer'; } if ($GLOBALS['cfg']['BrowseMarkerEnable'] == true) { $class .= ' vmarker'; } } // end if // Wrap MIME-transformations. [MIME] $default_function = 'default_function'; // default_function $transform_function = $default_function; $transform_options = array(); if ($GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) { if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) && isset($GLOBALS['mime_map'][$meta->name]['transformation']) && !empty($GLOBALS['mime_map'][$meta->name]['transformation'])) { $include_file = PMA_securePath($GLOBALS['mime_map'][$meta->name]['transformation']); if (file_exists('./libraries/transformations/' . $include_file)) { $transformfunction_name = str_replace('.inc.php', '', $GLOBALS['mime_map'][$meta->name]['transformation']); require_once './libraries/transformations/' . $include_file; if (function_exists('PMA_transformation_' . $transformfunction_name)) { $transform_function = 'PMA_transformation_' . $transformfunction_name; $transform_options = PMA_transformation_getOptions(isset($GLOBALS['mime_map'][$meta->name]['transformation_options']) ? $GLOBALS['mime_map'][$meta->name]['transformation_options'] : ''); $meta->mimetype = str_replace('_', '/', $GLOBALS['mime_map'][$meta->name]['mimetype']); } } // end if file_exists } // end if transformation is set } // end if mime/transformation works. $_url_params = array('db' => $db, 'table' => $table, 'where_clause' => $where_clause, 'transform_key' => $meta->name); if (!empty($sql_query)) { $_url_params['sql_query'] = $url_sql_query; } $transform_options['wrapper_link'] = PMA_generate_common_url($_url_params); // n u m e r i c if ($meta->numeric == 1) { // if two fields have the same name (this is possible // with self-join queries, for example), using $meta->name // will show both fields NULL even if only one is NULL, // so use the $pointer if (!isset($row[$i]) || is_null($row[$i])) { $vertical_display['data'][$row_no][$i] = PMA_buildNullDisplay($class, $condition_field, $meta, 'align="right"'); } elseif ($row[$i] != '') { $nowrap = ' nowrap'; $where_comparison = ' = ' . $row[$i]; $vertical_display['data'][$row_no][$i] = '<td align="right"' . PMA_prepare_row_data($class, $condition_field, $analyzed_sql, $meta, $map, $row[$i], $transform_function, $default_function, $nowrap, $where_comparison, $transform_options, $is_field_truncated); } else { $vertical_display['data'][$row_no][$i] = PMA_buildEmptyDisplay($class, $condition_field, $meta, 'align="right"'); } // b l o b } elseif (stristr($meta->type, 'BLOB')) { // PMA_mysql_fetch_fields returns BLOB in place of // TEXT fields type so we have to ensure it's really a BLOB $field_flags = PMA_DBI_field_flags($dt_result, $i); // remove 'inline_edit' from $class as we can't edit binary data. $class = str_replace('inline_edit', '', $class); if (stristr($field_flags, 'BINARY')) { if (!isset($row[$i]) || is_null($row[$i])) { $vertical_display['data'][$row_no][$i] = PMA_buildNullDisplay($class, $condition_field, $meta); } else { // for blobstreaming // if valid BS reference exists if (PMA_BS_IsPBMSReference($row[$i], $db)) { $blobtext = PMA_BS_CreateReferenceLink($row[$i], $db); } else { $blobtext = PMA_handle_non_printable_contents('BLOB', isset($row[$i]) ? $row[$i] : '', $transform_function, $transform_options, $default_function, $meta, $_url_params); } $vertical_display['data'][$row_no][$i] = PMA_buildValueDisplay($class, $condition_field, $blobtext); unset($blobtext); } // not binary: } else { if (!isset($row[$i]) || is_null($row[$i])) { $vertical_display['data'][$row_no][$i] = PMA_buildNullDisplay($class, $condition_field, $meta); } elseif ($row[$i] != '') { // if a transform function for blob is set, none of these replacements will be made if (PMA_strlen($row[$i]) > $GLOBALS['cfg']['LimitChars'] && $_SESSION['tmp_user_values']['display_text'] == 'P') { $row[$i] = PMA_substr($row[$i], 0, $GLOBALS['cfg']['LimitChars']) . '...'; $is_field_truncated = true; } // displays all space characters, 4 space // characters for tabulations and <cr>/<lf> $row[$i] = $default_function != $transform_function ? $transform_function($row[$i], $transform_options, $meta) : $default_function($row[$i], array(), $meta); $vertical_display['data'][$row_no][$i] = PMA_buildValueDisplay($class, $condition_field, $row[$i]); } else { $vertical_display['data'][$row_no][$i] = PMA_buildEmptyDisplay($class, $condition_field, $meta); } } // g e o m e t r y } elseif ($meta->type == 'geometry') { $geometry_text = PMA_handle_non_printable_contents('GEOMETRY', isset($row[$i]) ? $row[$i] : '', $transform_function, $transform_options, $default_function, $meta); // remove 'inline_edit' from $class as we can't edit geometry data. $class = str_replace('inline_edit', '', $class); $vertical_display['data'][$row_no][$i] = PMA_buildValueDisplay($class, $condition_field, $geometry_text); unset($geometry_text); // n o t n u m e r i c a n d n o t B L O B } else { if (!isset($row[$i]) || is_null($row[$i])) { $vertical_display['data'][$row_no][$i] = PMA_buildNullDisplay($class, $condition_field, $meta); } elseif ($row[$i] != '') { // support blanks in the key $relation_id = $row[$i]; // Cut all fields to $GLOBALS['cfg']['LimitChars'] // (unless it's a link-type transformation) if (PMA_strlen($row[$i]) > $GLOBALS['cfg']['LimitChars'] && $_SESSION['tmp_user_values']['display_text'] == 'P' && !strpos($transform_function, 'link') === true) { $row[$i] = PMA_substr($row[$i], 0, $GLOBALS['cfg']['LimitChars']) . '...'; $is_field_truncated = true; } // displays special characters from binaries $field_flags = PMA_DBI_field_flags($dt_result, $i); $is_html = false; if (isset($meta->_type) && $meta->_type === MYSQLI_TYPE_BIT) { $row[$i] = PMA_printable_bit_value($row[$i], $meta->length); // some results of PROCEDURE ANALYSE() are reported as // being BINARY but they are quite readable, // so don't treat them as BINARY } elseif (stristr($field_flags, 'BINARY') && $meta->type == 'string' && !(isset($GLOBALS['is_analyse']) && $GLOBALS['is_analyse'])) { if ($_SESSION['tmp_user_values']['display_binary']) { // user asked to see the real contents of BINARY // fields if ($_SESSION['tmp_user_values']['display_binary_as_hex'] && PMA_contains_nonprintable_ascii($row[$i])) { $row[$i] = bin2hex($row[$i]); } else { $row[$i] = htmlspecialchars(PMA_replace_binary_contents($row[$i])); } } else { // we show the BINARY message and field's size // (or maybe use a transformation) $row[$i] = PMA_handle_non_printable_contents('BINARY', $row[$i], $transform_function, $transform_options, $default_function, $meta, $_url_params); $is_html = true; } } if ($is_html) { $vertical_display['data'][$row_no][$i] = PMA_buildValueDisplay($class, $condition_field, $row[$i]); } else { // transform functions may enable no-wrapping: $function_nowrap = $transform_function . '_nowrap'; $bool_nowrap = $default_function != $transform_function && function_exists($function_nowrap) ? $function_nowrap($transform_options) : false; // do not wrap if date field type $nowrap = preg_match('@DATE|TIME@i', $meta->type) || $bool_nowrap ? ' nowrap' : ''; $where_comparison = ' = \'' . PMA_sqlAddslashes($row[$i]) . '\''; $vertical_display['data'][$row_no][$i] = '<td ' . PMA_prepare_row_data($class, $condition_field, $analyzed_sql, $meta, $map, $row[$i], $transform_function, $default_function, $nowrap, $where_comparison, $transform_options, $is_field_truncated); } } else { $vertical_display['data'][$row_no][$i] = PMA_buildEmptyDisplay($class, $condition_field, $meta); } } // output stored cell if ($_SESSION['tmp_user_values']['disp_direction'] == 'horizontal' || $_SESSION['tmp_user_values']['disp_direction'] == 'horizontalflipped') { echo $vertical_display['data'][$row_no][$i]; } if (isset($vertical_display['rowdata'][$i][$row_no])) { $vertical_display['rowdata'][$i][$row_no] .= $vertical_display['data'][$row_no][$i]; } else { $vertical_display['rowdata'][$i][$row_no] = $vertical_display['data'][$row_no][$i]; } } // end for (2) // 3. Displays the modify/delete links on the right if required if ($GLOBALS['cfg']['ModifyDeleteAtRight'] && ($_SESSION['tmp_user_values']['disp_direction'] == 'horizontal' || $_SESSION['tmp_user_values']['disp_direction'] == 'horizontalflipped')) { if (!isset($js_conf)) { $js_conf = ''; } echo PMA_generateCheckboxAndLinks('right', $del_url, $is_display, $row_no, $where_clause, $where_clause_html, $del_query, 'r', $edit_url, $copy_url, $edit_anchor_class, $edit_str, $copy_str, $del_str, $js_conf); } // end if (3) if ($_SESSION['tmp_user_values']['disp_direction'] == 'horizontal' || $_SESSION['tmp_user_values']['disp_direction'] == 'horizontalflipped') { ?> </tr> <?php } // end if // 4. Gather links of del_urls and edit_urls in an array for later // output if (!isset($vertical_display['edit'][$row_no])) { $vertical_display['edit'][$row_no] = ''; $vertical_display['copy'][$row_no] = ''; $vertical_display['delete'][$row_no] = ''; $vertical_display['row_delete'][$row_no] = ''; } $vertical_class = ' row_' . $row_no; if ($GLOBALS['cfg']['BrowsePointerEnable'] == true) { $vertical_class .= ' vpointer'; } if ($GLOBALS['cfg']['BrowseMarkerEnable'] == true) { $vertical_class .= ' vmarker'; } if (!empty($del_url) && $is_display['del_lnk'] != 'kp') { $vertical_display['row_delete'][$row_no] .= PMA_generateCheckboxForMulti($del_url, $is_display, $row_no, $where_clause_html, $del_query, '[%_PMA_CHECKBOX_DIR_%]', $alternating_color_class . $vertical_class); } else { unset($vertical_display['row_delete'][$row_no]); } if (isset($edit_url)) { $vertical_display['edit'][$row_no] .= PMA_generateEditLink($edit_url, $alternating_color_class . ' ' . $edit_anchor_class . $vertical_class, $edit_str, $where_clause, $where_clause_html); } else { unset($vertical_display['edit'][$row_no]); } if (isset($copy_url)) { $vertical_display['copy'][$row_no] .= PMA_generateCopyLink($copy_url, $copy_str, $where_clause, $where_clause_html, $alternating_color_class . $vertical_class); } else { unset($vertical_display['copy'][$row_no]); } if (isset($del_url)) { if (!isset($js_conf)) { $js_conf = ''; } $vertical_display['delete'][$row_no] .= PMA_generateDeleteLink($del_url, $del_str, $js_conf, $alternating_color_class . $vertical_class); } else { unset($vertical_display['delete'][$row_no]); } echo $_SESSION['tmp_user_values']['disp_direction'] == 'horizontal' || $_SESSION['tmp_user_values']['disp_direction'] == 'horizontalflipped' ? "\n" : ''; $row_no++; } // end while // this is needed by PMA_displayTable() to generate the proper param // in the multi-edit and multi-delete form return $clause_is_unique; }
/** * Returns the real filename of a configured transformation * * @param string the current filename * * @return string the new filename * * @access public */ function PMA_sanitizeTransformationFile(&$filename) { // garvin: for security, never allow to break out from transformations directory $include_file = PMA_securePath($filename); // This value can also contain a 'php3' value, in which case we map this filename to our new 'php' variant $testfile = preg_replace('@\\.inc\\.php3$@', '.inc.php', $include_file); if ($include_file[strlen($include_file) - 1] == '3' && file_exists('./libraries/transformations/' . $testfile)) { $include_file = $testfile; $filename = $testfile; // Corrects the referenced variable for further actions on the filename; } return $include_file; }
} } } if ($ThemeDefaultOk == TRUE) { $pmaThemeImage = './' . $cfg['ThemePath'] . '/' . $cfg['ThemeDefault'] . '/img/'; $tmp_color_file = './' . $cfg['ThemePath'] . '/' . $cfg['ThemeDefault'] . '/colors.inc.php'; if (@file_exists($tmp_color_file)) { include $tmp_color_file; } } else { $pmaThemeImage = './' . $cfg['ThemePath'] . '/original/img/'; } } else { $GLOBALS['theme'] = $_COOKIE['pma_theme']; $pmaThemeImage = './' . $cfg['ThemePath'] . '/' . $_COOKIE['pma_theme'] . '/img/'; $tmp_color_file = './' . $cfg['ThemePath'] . '/' . PMA_securePath($_COOKIE['pma_theme']) . '/colors.inc.php'; if (@file_exists($tmp_color_file)) { include $tmp_color_file; } } if (!is_dir($pmaThemeImage)) { $pmaThemeImage = './' . $cfg['ThemePath'] . '/original/img/'; } // end theme manager if ($is_minimum_common == FALSE) { /** * Include URL/hidden inputs generating. */ require_once './libraries/url_generating.lib.php'; /** * Add slashes before "'" and "\" characters so a value containing them can