sanitize() public static method

If you want to include result in element attribute, you should escape it. Examples:

bar
public static sanitize ( string $message, boolean $escape = false, boolean $safe = false ) : string
$message string the message
$escape boolean whether to escape html in result
$safe boolean whether string is safe (can keep < and > chars)
return string the sanitized message
/**
 * Returns sanitized language string, taking into account our special codes
 * for formatting. Takes variable number of arguments.
 * Based on Sanitize::sanitize from sanitize.lib.php.
 *
 * @param string $lang_key key in $GLOBALS WITHOUT 'strSetup' prefix
 *
 * @return string
 */
function PMA_lang($lang_key)
{
    $message = isset($GLOBALS["strConfig{$lang_key}"]) ? $GLOBALS["strConfig{$lang_key}"] : $lang_key;
    $message = Sanitize::sanitize($message);
    if (func_num_args() == 1) {
        return $message;
    } else {
        $args = func_get_args();
        array_shift($args);
        return vsprintf($message, $args);
    }
}
 /**
  * Returns error message for failed authentication.
  *
  * @return string
  */
 public function getErrorMessage()
 {
     if (!empty($GLOBALS['login_without_password_is_forbidden'])) {
         return __('Login without a password is forbidden by configuration' . ' (see AllowNoPassword)');
     } elseif (!empty($GLOBALS['allowDeny_forbidden'])) {
         return __('Access denied!');
     } elseif (!empty($GLOBALS['no_activity'])) {
         return sprintf(__('No activity within %s seconds; please log in again.'), $GLOBALS['cfg']['LoginCookieValidity']);
     } else {
         $dbi_error = $GLOBALS['dbi']->getError();
         if (!empty($dbi_error)) {
             return Sanitize::sanitize($dbi_error);
         } elseif (isset($GLOBALS['errno'])) {
             return '#' . $GLOBALS['errno'] . ' ' . __('Cannot log in to the MySQL server');
         } else {
             return __('Cannot log in to the MySQL server');
         }
     }
 }
 /**
  * Returns whether the row count is approximated
  *
  * @param array   $current_table array containing details about the table
  * @param boolean $table_is_view whether the table is a view
  *
  * @return array
  */
 protected function isRowCountApproximated($current_table, $table_is_view)
 {
     $approx_rows = false;
     $show_superscript = '';
     // there is a null value in the ENGINE
     // - when the table needs to be repaired, or
     // - when it's a view
     //  so ensure that we'll display "in use" below for a table
     //  that needs to be repaired
     if (isset($current_table['TABLE_ROWS']) && ($current_table['ENGINE'] != null || $table_is_view)) {
         // InnoDB table: we did not get an accurate row count
         $approx_rows = !$table_is_view && $current_table['ENGINE'] == 'InnoDB' && !$current_table['COUNTED'];
         if ($table_is_view && $current_table['TABLE_ROWS'] >= $GLOBALS['cfg']['MaxExactCountViews']) {
             $approx_rows = true;
             $show_superscript = Util::showHint(Sanitize::sanitize(sprintf(__('This view has at least this number of ' . 'rows. Please refer to %sdocumentation%s.'), '[doc@cfg_MaxExactCountViews]', '[/doc]')));
         }
     }
     return array($approx_rows, $show_superscript);
 }
Example #4
0
 /**
  * decode $message, taking into account our special codes
  * for formatting
  *
  * @param string $message the message
  *
  * @return string  the decoded message
  * @access  public
  * @static
  */
 public static function decodeBB($message)
 {
     return Sanitize::sanitize($message, false, true);
 }
Example #5
0
    /**
     * Prepare the message and the query
     * usually the message is the result of the query executed
     *
     * @param Message|string $message   the message to display
     * @param string         $sql_query the query to display
     * @param string         $type      the type (level) of the message
     *
     * @return string
     *
     * @access  public
     */
    public static function getMessage(
        $message,
        $sql_query = null,
        $type = 'notice'
    ) {
        global $cfg;
        $retval = '';

        if (null === $sql_query) {
            if (! empty($GLOBALS['display_query'])) {
                $sql_query = $GLOBALS['display_query'];
            } elseif (! empty($GLOBALS['unparsed_sql'])) {
                $sql_query = $GLOBALS['unparsed_sql'];
            } elseif (! empty($GLOBALS['sql_query'])) {
                $sql_query = $GLOBALS['sql_query'];
            } else {
                $sql_query = '';
            }
        }

        $render_sql = $cfg['ShowSQL'] == true && ! empty($sql_query) && $sql_query !== ';';

        if (isset($GLOBALS['using_bookmark_message'])) {
            $retval .= $GLOBALS['using_bookmark_message']->getDisplay();
            unset($GLOBALS['using_bookmark_message']);
        }

        if ($render_sql) {
            $retval .= '<div class="result_query"'
                . ' style="text-align: ' . $GLOBALS['cell_align_left'] . '"'
                . '>' . "\n";
        }

        if ($message instanceof Message) {
            if (isset($GLOBALS['special_message'])) {
                $message->addText($GLOBALS['special_message']);
                unset($GLOBALS['special_message']);
            }
            $retval .= $message->getDisplay();
        } else {
            $retval .= '<div class="' . $type . '">';
            $retval .= Sanitize::sanitize($message);
            if (isset($GLOBALS['special_message'])) {
                $retval .= Sanitize::sanitize($GLOBALS['special_message']);
                unset($GLOBALS['special_message']);
            }
            $retval .= '</div>';
        }

        if ($render_sql) {
            $query_too_big = false;

            $queryLength = mb_strlen($sql_query);
            if ($queryLength > $cfg['MaxCharactersInDisplayedSQL']) {
                // when the query is large (for example an INSERT of binary
                // data), the parser chokes; so avoid parsing the query
                $query_too_big = true;
                $query_base = mb_substr(
                    $sql_query,
                    0,
                    $cfg['MaxCharactersInDisplayedSQL']
                ) . '[...]';
            } else {
                $query_base = $sql_query;
            }

            // Html format the query to be displayed
            // If we want to show some sql code it is easiest to create it here
            /* SQL-Parser-Analyzer */

            if (! empty($GLOBALS['show_as_php'])) {
                $new_line = '\\n"<br />' . "\n" . '&nbsp;&nbsp;&nbsp;&nbsp;. "';
                $query_base = '$sql  = \'' . $query_base;
                $query_base = '<code class="php"><pre>' . "\n"
                    . htmlspecialchars(addslashes($query_base));
                $query_base = preg_replace(
                    '/((\015\012)|(\015)|(\012))/',
                    $new_line,
                    $query_base
                );
                $query_base = '$sql  = \'' . $query_base . '"';
            } elseif ($query_too_big) {
                $query_base = htmlspecialchars($query_base);
            } else {
                $query_base = self::formatSql($query_base);
            }

            // Prepares links that may be displayed to edit/explain the query
            // (don't go to default pages, we must go to the page
            // where the query box is available)

            // Basic url query part
            $url_params = array();
            if (! isset($GLOBALS['db'])) {
                $GLOBALS['db'] = '';
            }
            if (strlen($GLOBALS['db']) > 0) {
                $url_params['db'] = $GLOBALS['db'];
                if (strlen($GLOBALS['table']) > 0) {
                    $url_params['table'] = $GLOBALS['table'];
                    $edit_link = 'tbl_sql.php';
                } else {
                    $edit_link = 'db_sql.php';
                }
            } else {
                $edit_link = 'server_sql.php';
            }

            // Want to have the query explained
            // but only explain a SELECT (that has not been explained)
            /* SQL-Parser-Analyzer */
            $explain_link = '';
            $is_select = preg_match('@^SELECT[[:space:]]+@i', $sql_query);
            if (! empty($cfg['SQLQuery']['Explain']) && ! $query_too_big) {
                $explain_params = $url_params;
                if ($is_select) {
                    $explain_params['sql_query'] = 'EXPLAIN ' . $sql_query;
                    $explain_link = ' ['
                        . self::linkOrButton(
                            'import.php' . URL::getCommon($explain_params),
                            __('Explain SQL')
                        ) . ']';
                } elseif (preg_match(
                    '@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i',
                    $sql_query
                )) {
                    $explain_params['sql_query']
                        = mb_substr($sql_query, 8);
                    $explain_link = ' ['
                        . self::linkOrButton(
                            'import.php' . URL::getCommon($explain_params),
                            __('Skip Explain SQL')
                        ) . ']';
                    $url = 'https://mariadb.org/explain_analyzer/analyze/'
                        . '?client=phpMyAdmin&raw_explain='
                        . urlencode(self::_generateRowQueryOutput($sql_query));
                    $explain_link .= ' ['
                        . self::linkOrButton(
                            htmlspecialchars('url.php?url=' . urlencode($url)),
                            sprintf(__('Analyze Explain at %s'), 'mariadb.org'),
                            array(),
                            true,
                            false,
                            '_blank'
                        ) . ']';
                }
            } //show explain

            $url_params['sql_query']  = $sql_query;
            $url_params['show_query'] = 1;

            // even if the query is big and was truncated, offer the chance
            // to edit it (unless it's enormous, see linkOrButton() )
            if (! empty($cfg['SQLQuery']['Edit'])
                && empty($GLOBALS['show_as_php'])
            ) {
                $edit_link .= URL::getCommon($url_params) . '#querybox';
                $edit_link = ' ['
                    . self::linkOrButton($edit_link, __('Edit'))
                    . ']';
            } else {
                $edit_link = '';
            }

            // Also we would like to get the SQL formed in some nice
            // php-code
            if (! empty($cfg['SQLQuery']['ShowAsPHP']) && ! $query_too_big) {

                if (! empty($GLOBALS['show_as_php'])) {
                    $php_link = ' ['
                        . self::linkOrButton(
                            'import.php' . URL::getCommon($url_params),
                            __('Without PHP code'),
                            array(),
                            true,
                            false,
                            '',
                            true
                        )
                        . ']';

                    $php_link .= ' ['
                        . self::linkOrButton(
                            'import.php' . URL::getCommon($url_params),
                            __('Submit query'),
                            array(),
                            true,
                            false,
                            '',
                            true
                        )
                        . ']';
                } else {
                    $php_params = $url_params;
                    $php_params['show_as_php'] = 1;
                    $_message = __('Create PHP code');
                    $php_link = ' ['
                        . self::linkOrButton(
                            'import.php' . URL::getCommon($php_params),
                            $_message
                        )
                        . ']';
                }
            } else {
                $php_link = '';
            } //show as php

            // Refresh query
            if (! empty($cfg['SQLQuery']['Refresh'])
                && ! isset($GLOBALS['show_as_php']) // 'Submit query' does the same
                && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $sql_query)
            ) {
                $refresh_link = 'import.php' . URL::getCommon($url_params);
                $refresh_link = ' ['
                    . self::linkOrButton($refresh_link, __('Refresh')) . ']';
            } else {
                $refresh_link = '';
            } //refresh

            $retval .= '<div class="sqlOuter">';
            $retval .= $query_base;

            //Clean up the end of the PHP
            if (! empty($GLOBALS['show_as_php'])) {
                $retval .= '\';' . "\n"
                    . '</pre></code>';
            }
            $retval .= '</div>';

            $retval .= '<div class="tools print_ignore">';
            $retval .= '<form action="sql.php" method="post">';
            $retval .= URL::getHiddenInputs($GLOBALS['db'], $GLOBALS['table']);
            $retval .= '<input type="hidden" name="sql_query" value="'
                . htmlspecialchars($sql_query) . '" />';

            // avoid displaying a Profiling checkbox that could
            // be checked, which would reexecute an INSERT, for example
            if (! empty($refresh_link) && self::profilingSupported()) {
                $retval .= '<input type="hidden" name="profiling_form" value="1" />';
                $retval .= Template::get('checkbox')
                    ->render(
                        array(
                            'html_field_name'   => 'profiling',
                            'label'             => __('Profiling'),
                            'checked'           => isset($_SESSION['profiling']),
                            'onclick'           => true,
                            'html_field_id'     => '',
                        )
                    );
            }
            $retval .= '</form>';

            /**
             * TODO: Should we have $cfg['SQLQuery']['InlineEdit']?
             */
            if (! empty($cfg['SQLQuery']['Edit'])
                && ! $query_too_big
                && empty($GLOBALS['show_as_php'])
            ) {
                $inline_edit_link = ' ['
                    . self::linkOrButton(
                        '#',
                        _pgettext('Inline edit query', 'Edit inline'),
                        array('class' => 'inline_edit_sql')
                    )
                    . ']';
            } else {
                $inline_edit_link = '';
            }
            $retval .= $inline_edit_link . $edit_link . $explain_link . $php_link
                . $refresh_link;
            $retval .= '</div>';

            $retval .= '</div>';
        }

        return $retval;
    } // end of the 'getMessage()' function
Example #6
0
foreach ($all_languages as $each_lang) {
    //Is current one active?
    $selected = $each_lang->isActive() ? ' selected="selected"' : '';
    echo '<option value="', $each_lang->getCode(), '"', $selected, '>', $each_lang->getName(), '</option>', "\n";
}
echo '</select>';
echo '</form>';
// Check for done action info and set notice message if present
switch ($action_done) {
    case 'config_saved':
        /* Use uniqid to display this message every time configuration is saved */
        PMA_messagesSet('notice', uniqid('config_saved'), __('Configuration saved.'), Sanitize::sanitize(__('Configuration saved to file config/config.inc.php in phpMyAdmin ' . 'top level directory, copy it to top level one and delete ' . 'directory config to use it.')));
        break;
    case 'config_not_saved':
        /* Use uniqid to display this message every time configuration is saved */
        PMA_messagesSet('notice', uniqid('config_not_saved'), __('Configuration not saved!'), Sanitize::sanitize(__('Please create web server writable folder [em]config[/em] in ' . 'phpMyAdmin top level directory as described in ' . '[doc@setup_script]documentation[/doc]. Otherwise you will be ' . 'only able to download or display it.')));
        break;
    default:
        break;
}
echo '<h2>', __('Overview'), '</h2>';
// message handling
PMA_messagesEnd();
PMA_messagesShowHtml();
echo '<a href="#" id="show_hidden_messages" style="display:none">';
echo __('Show hidden messages (#MSG_COUNT)');
echo '</a>';
echo '<fieldset class="simple"><legend>';
echo __('Servers');
echo '</legend>';
//
Example #7
0
    }
    // end if
}
/**
 * Warning about different MySQL library and server version
 * (a difference on the third digit does not count).
 * If someday there is a constant that we can check about mysqlnd,
 * we can use it instead of strpos().
 * If no default server is set, $GLOBALS['dbi'] is not defined yet.
 * We also do not warn if MariaDB is detected, as it has its own version
 * numbering.
 */
if (isset($GLOBALS['dbi']) && $cfg['ServerLibraryDifference_DisableWarning'] == false) {
    $_client_info = $GLOBALS['dbi']->getClientInfo();
    if ($server > 0 && mb_strpos($_client_info, 'mysqlnd') === false && mb_strpos(PMA_MYSQL_STR_VERSION, 'MariaDB') === false && substr(PMA_MYSQL_CLIENT_API, 0, 3) != substr(PMA_MYSQL_INT_VERSION, 0, 3)) {
        trigger_error(Sanitize::sanitize(sprintf(__('Your PHP MySQL library version %s differs from your ' . 'MySQL server version %s. This may cause unpredictable ' . 'behavior.'), $_client_info, substr(PMA_MYSQL_STR_VERSION, 0, strpos(PMA_MYSQL_STR_VERSION . '-', '-')))), E_USER_NOTICE);
    }
    unset($_client_info);
}
/**
 * Warning about Suhosin only if its simulation mode is not enabled
 */
if ($cfg['SuhosinDisableWarning'] == false && @ini_get('suhosin.request.max_value_length') && @ini_get('suhosin.simulation') == '0') {
    trigger_error(sprintf(__('Server running with Suhosin. Please refer to %sdocumentation%s ' . 'for possible issues.'), '[doc@faq1-38]', '[/doc]'), E_USER_WARNING);
}
/**
 * Warning about incomplete translations.
 *
 * The data file is created while creating release by ./scripts/remove-incomplete-mo
 */
if (@file_exists('libraries/language_stats.inc.php')) {
Example #8
0
 /**
  * Tests output escaping.
  *
  * @return void
  */
 public function testEscape()
 {
     $this->assertEquals('&lt;strong&gt;strong&lt;/strong&gt;', Sanitize::sanitize('[strong]strong[/strong]', true));
 }
Example #9
0
 /**
  * Prepare a table of results returned by a SQL query.
  *
  * @param integer &$dt_result           the link id associated to the query
  *                                      which results have to be displayed
  * @param array   &$displayParts        the parts to display
  * @param array   $analyzed_sql_results analyzed sql results
  * @param boolean $is_limited_display   With limited operations or not
  *
  * @return  string   $table_html   Generated HTML content for resulted table
  *
  * @access  public
  *
  * @see     sql.php file
  */
 public function getTable(&$dt_result, &$displayParts, $analyzed_sql_results, $is_limited_display = false)
 {
     /**
      * The statement this table is built for.
      * @var \SqlParser\Statements\SelectStatement
      */
     $statement = $analyzed_sql_results['statement'];
     $table_html = '';
     // Following variable are needed for use in isset/empty or
     // use with array indexes/safe use in foreach
     $fields_meta = $this->__get('fields_meta');
     $showtable = $this->__get('showtable');
     $printview = $this->__get('printview');
     // why was this called here? (already called from sql.php)
     //$this->setConfigParamsForDisplayTable();
     /**
      * @todo move this to a central place
      * @todo for other future table types
      */
     $is_innodb = isset($showtable['Type']) && $showtable['Type'] == self::TABLE_TYPE_INNO_DB;
     if ($is_innodb && PMA_isJustBrowsing($analyzed_sql_results, true)) {
         // "j u s t   b r o w s i n g"
         $pre_count = '~';
         $after_count = Util::showHint(Sanitize::sanitize(__('May be approximate. See [doc@faq3-11]FAQ 3.11[/doc].')));
     } else {
         $pre_count = '';
         $after_count = '';
     }
     // 1. ----- Prepares the work -----
     // 1.1 Gets the information about which functionalities should be
     //     displayed
     list($displayParts, $total) = $this->_setDisplayPartsAndTotal($displayParts);
     // 1.2 Defines offsets for the next and previous pages
     if ($displayParts['nav_bar'] == '1') {
         list($pos_next, $pos_prev) = $this->_getOffsets();
     }
     // end if
     // 1.3 Extract sorting expressions.
     //     we need $sort_expression and $sort_expression_nodirection
     //     even if there are many table references
     $sort_expression = array();
     $sort_expression_nodirection = array();
     $sort_direction = array();
     if (!empty($statement->order)) {
         foreach ($statement->order as $o) {
             $sort_expression[] = $o->expr->expr . ' ' . $o->type;
             $sort_expression_nodirection[] = $o->expr->expr;
             $sort_direction[] = $o->type;
         }
     } else {
         $sort_expression[] = '';
         $sort_expression_nodirection[] = '';
         $sort_direction[] = '';
     }
     $number_of_columns = count($sort_expression_nodirection);
     // 1.4 Prepares display of first and last value of the sorted column
     $sorted_column_message = '';
     for ($i = 0; $i < $number_of_columns; $i++) {
         $sorted_column_message .= $this->_getSortedColumnMessage($dt_result, $sort_expression_nodirection[$i]);
     }
     // 2. ----- Prepare to display the top of the page -----
     // 2.1 Prepares a messages with position information
     if ($displayParts['nav_bar'] == '1' && isset($pos_next)) {
         $message = $this->_setMessageInformation($sorted_column_message, $analyzed_sql_results, $total, $pos_next, $pre_count, $after_count);
         $table_html .= Util::getMessage($message, $this->__get('sql_query'), 'success');
     } elseif ((!isset($printview) || $printview != '1') && !$is_limited_display) {
         $table_html .= Util::getMessage(__('Your SQL query has been executed successfully.'), $this->__get('sql_query'), 'success');
     }
     // 2.3 Prepare the navigation bars
     if (!mb_strlen($this->__get('table'))) {
         if ($analyzed_sql_results['querytype'] == 'SELECT') {
             // table does not always contain a real table name,
             // for example in MySQL 5.0.x, the query SHOW STATUS
             // returns STATUS as a table name
             $this->__set('table', $fields_meta[0]->table);
         } else {
             $this->__set('table', '');
         }
     }
     // can the result be sorted?
     if ($displayParts['sort_lnk'] == '1') {
         // At this point, $sort_expression is an array but we only verify
         // the first element in case we could find that the table is
         // sorted by one of the choices listed in the
         // "Sort by key" drop-down
         list($unsorted_sql_query, $sort_by_key_html) = $this->_getUnsortedSqlAndSortByKeyDropDown($analyzed_sql_results, $sort_expression[0]);
     } else {
         $sort_by_key_html = $unsorted_sql_query = '';
     }
     if ($displayParts['nav_bar'] == '1' && empty($statement->limit)) {
         $table_html .= $this->_getPlacedTableNavigations($pos_next, $pos_prev, self::PLACE_TOP_DIRECTION_DROPDOWN, $is_innodb, $sort_by_key_html);
     }
     // 2b ----- Get field references from Database -----
     // (see the 'relation' configuration variable)
     // initialize map
     $map = array();
     $target = array();
     if (!empty($statement->from)) {
         foreach ($statement->from as $field) {
             if (!empty($field->table)) {
                 $target[] = $field->table;
             }
         }
     }
     if (mb_strlen($this->__get('table'))) {
         // This method set the values for $map array
         $this->_setParamForLinkForeignKeyRelatedTables($map);
         // Coming from 'Distinct values' action of structure page
         // We manipulate relations mechanism to show a link to related rows.
         if ($this->__get('is_browse_distinct')) {
             $map[$fields_meta[1]->name] = array($this->__get('table'), $fields_meta[1]->name, '', $this->__get('db'));
         }
     }
     // end if
     // end 2b
     // 3. ----- Prepare the results table -----
     if ($is_limited_display) {
         $table_html .= "<br>";
     }
     $table_html .= $this->_getTableHeaders($displayParts, $analyzed_sql_results, $unsorted_sql_query, $sort_expression, $sort_expression_nodirection, $sort_direction, $is_limited_display);
     $table_html .= '<tbody>' . "\n";
     $table_html .= $this->_getTableBody($dt_result, $displayParts, $map, $analyzed_sql_results, $is_limited_display);
     $this->__set('display_params', null);
     $table_html .= '</tbody>' . "\n" . '</table>';
     // 4. ----- Prepares the link for multi-fields edit and delete
     if ($displayParts['del_lnk'] == self::DELETE_ROW && $displayParts['del_lnk'] != self::KILL_PROCESS) {
         $table_html .= $this->_getMultiRowOperationLinks($dt_result, $analyzed_sql_results, $displayParts['del_lnk']);
     }
     // 5. ----- Get the navigation bar at the bottom if required -----
     if ($displayParts['nav_bar'] == '1' && empty($statement->limit)) {
         $table_html .= $this->_getPlacedTableNavigations($pos_next, $pos_prev, self::PLACE_BOTTOM_DIRECTION_DROPDOWN, $is_innodb, $sort_by_key_html);
     } elseif (!isset($printview) || $printview != '1') {
         $table_html .= "\n" . '<br /><br />' . "\n";
     }
     // 6. ----- Prepare "Query results operations"
     if ((!isset($printview) || $printview != '1') && !$is_limited_display) {
         $table_html .= $this->_getResultsOperations($displayParts, $analyzed_sql_results);
     }
     return $table_html;
 }
Example #10
0
/**
 * Checks for newest phpMyAdmin version and sets result as a new notice
 *
 * @return void
 */
function PMA_versionCheck()
{
    // version check messages should always be visible so let's make
    // a unique message id each time we run it
    $message_id = uniqid('version_check');
    // Fetch data
    $versionInformation = new VersionInformation();
    $version_data = $versionInformation->getLatestVersion();
    if (empty($version_data)) {
        PMA_messagesSet('error', $message_id, __('Version check'), __('Reading of version failed. ' . 'Maybe you\'re offline or the upgrade server does not respond.'));
        return;
    }
    $releases = $version_data->releases;
    $latestCompatible = $versionInformation->getLatestCompatibleVersion($releases);
    if ($latestCompatible != null) {
        $version = $latestCompatible['version'];
        $date = $latestCompatible['date'];
    } else {
        return;
    }
    $version_upstream = $versionInformation->versionToInt($version);
    if ($version_upstream === false) {
        PMA_messagesSet('error', $message_id, __('Version check'), __('Got invalid version string from server'));
        return;
    }
    $version_local = $versionInformation->versionToInt($GLOBALS['PMA_Config']->get('PMA_VERSION'));
    if ($version_local === false) {
        PMA_messagesSet('error', $message_id, __('Version check'), __('Unparsable version string'));
        return;
    }
    if ($version_upstream > $version_local) {
        $version = htmlspecialchars($version);
        $date = htmlspecialchars($date);
        PMA_messagesSet('notice', $message_id, __('Version check'), sprintf(__('A newer version of phpMyAdmin is available and you should consider upgrading. The newest version is %s, released on %s.'), $version, $date));
    } else {
        if ($version_local % 100 == 0) {
            PMA_messagesSet('notice', $message_id, __('Version check'), Sanitize::sanitize(sprintf(__('You are using Git version, run [kbd]git pull[/kbd] :-)[br]The latest stable version is %s, released on %s.'), $version, $date)));
        } else {
            PMA_messagesSet('notice', $message_id, __('Version check'), __('No newer stable version is available'));
        }
    }
}
Example #11
0
        margin: 1em;
    }
    h1 {
        margin: 0;
        padding: 0.3em;
        font-size: 1.4em;
        font-weight: bold;
        color: #ffffff;
        background-color: #ff0000;
    }
    p {
        margin: 0;
        padding: 0.5em;
        border: 0.1em solid red;
        background-color: #ffeeee;
    }
    //-->
    </style>
</head>
<body>
<h1>phpMyAdmin - <?php 
echo $error_header;
?>
</h1>
<p><?php 
echo Sanitize::sanitize($error_message);
?>
</p>
</body>
</html>
Example #12
0
echo '</label></bdo><br />';
echo '<select id="lang" name="lang" class="autosubmit" lang="en" dir="ltr">';
// create language list
$lang_list = array();
foreach ($all_languages as $each_lang) {
    //Is current one active?
    $selected = $each_lang->isActive() ? ' selected="selected"' : '';
    echo '<option value="', $each_lang->getCode(), '"', $selected, '>', $each_lang->getName(), '</option>', "\n";
}
echo '</select>';
echo '</form>';
// Check for done action info and set notice message if present
switch ($action_done) {
    case 'config_saved':
        /* Use uniqid to display this message every time configuration is saved */
        PMA_messagesSet('notice', uniqid('config_saved'), __('Configuration saved.'), Sanitize::sanitize(__('Configuration saved to file config/config.inc.php in phpMyAdmin ' . 'top level directory, copy it to top level one and delete ' . 'directory config to use it.')));
        break;
    default:
        break;
}
echo '<h2>', __('Overview'), '</h2>';
// message handling
PMA_messagesEnd();
PMA_messagesShowHtml();
echo '<a href="#" id="show_hidden_messages" style="display:none">';
echo __('Show hidden messages (#MSG_COUNT)');
echo '</a>';
echo '<fieldset class="simple"><legend>';
echo __('Servers');
echo '</legend>';
//
$script_name = basename($GLOBALS['PMA_PHP_SELF']);
foreach (array_keys($forms) as $formset) {
    $tab = array('link' => 'prefs_forms.php', 'text' => PMA_lang('Form_' . $formset), 'icon' => $tabs_icons[$formset], 'active' => $script_name == 'prefs_forms.php' && $formset == $form_param);
    $content .= PMA\libraries\Util::getHtmlTab($tab, array('form' => $formset)) . "\n";
}
echo PMA\libraries\Template::get('list/unordered')->render(array('id' => 'topmenu2', 'class' => 'user_prefs_tabs', 'content' => $content));
echo '<div class="clearfloat"></div>';
// show "configuration saved" message and reload navigation panel if needed
if (!empty($_GET['saved'])) {
    Message::rawSuccess(__('Configuration has been saved.'))->display();
}
/* debug code
$arr = $cf->getConfigArray();
$arr2 = array();
foreach ($arr as $k => $v) {
    $arr2[] = "<b>$k</b> " . var_export($v, true);
}
$arr2 = implode(', ', $arr2);
$arr2 .= '<br />Blacklist: ' . (empty($cfg['UserprefsDisallow'])
        ? '<i>empty</i>'
        : implode(', ', $cfg['UserprefsDisallow']));
$msg = Message::notice('Settings: ' . $arr2);
$msg->display();
//*/
// warn about using session storage for settings
$cfgRelation = PMA_getRelationsParam();
if (!$cfgRelation['userconfigwork']) {
    $msg = __('Your preferences will be saved for current session only. Storing them ' . 'permanently requires %sphpMyAdmin configuration storage%s.');
    $msg = Sanitize::sanitize(sprintf($msg, '[doc@linked-tables]', '[/doc]'));
    Message::notice($msg)->display();
}