/** * Outputs export header. It is the first method to be called, so all * the required variables are initialized here. * * @return bool Whether it succeeded */ public function exportHeader() { $this->initSpecificVariables(); global $crlf, $cfg, $db; $table = $this->_getTable(); $tables = $this->_getTables(); $export_struct = isset($GLOBALS['xml_export_functions']) || isset($GLOBALS['xml_export_procedures']) || isset($GLOBALS['xml_export_tables']) || isset($GLOBALS['xml_export_triggers']) || isset($GLOBALS['xml_export_views']); $export_data = isset($GLOBALS['xml_export_contents']) ? true : false; if ($GLOBALS['output_charset_conversion']) { $charset = $GLOBALS['charset']; } else { $charset = 'utf-8'; } $head = '<?xml version="1.0" encoding="' . $charset . '"?>' . $crlf . '<!--' . $crlf . '- phpMyAdmin XML Dump' . $crlf . '- version ' . PMA_VERSION . $crlf . '- https://www.phpmyadmin.net' . $crlf . '-' . $crlf . '- ' . __('Host:') . ' ' . $cfg['Server']['host']; if (!empty($cfg['Server']['port'])) { $head .= ':' . $cfg['Server']['port']; } $head .= $crlf . '- ' . __('Generation Time:') . ' ' . PMA_Util::localisedDate() . $crlf . '- ' . __('Server version:') . ' ' . PMA_MYSQL_STR_VERSION . $crlf . '- ' . __('PHP Version:') . ' ' . phpversion() . $crlf . '-->' . $crlf . $crlf; $head .= '<pma_xml_export version="1.0"' . ($export_struct ? ' xmlns:pma="http://www.phpmyadmin.net/some_doc_url/"' : '') . '>' . $crlf; if ($export_struct) { if (PMA_DRIZZLE) { $result = $GLOBALS['dbi']->fetchResult("SELECT\n 'utf8' AS DEFAULT_CHARACTER_SET_NAME,\n DEFAULT_COLLATION_NAME\n FROM data_dictionary.SCHEMAS\n WHERE SCHEMA_NAME = '" . PMA_Util::sqlAddSlashes($db) . "'"); } else { $result = $GLOBALS['dbi']->fetchResult('SELECT `DEFAULT_CHARACTER_SET_NAME`, `DEFAULT_COLLATION_NAME`' . ' FROM `information_schema`.`SCHEMATA` WHERE `SCHEMA_NAME`' . ' = \'' . PMA_Util::sqlAddSlashes($db) . '\' LIMIT 1'); } $db_collation = $result[0]['DEFAULT_COLLATION_NAME']; $db_charset = $result[0]['DEFAULT_CHARACTER_SET_NAME']; $head .= ' <!--' . $crlf; $head .= ' - Structure schemas' . $crlf; $head .= ' -->' . $crlf; $head .= ' <pma:structure_schemas>' . $crlf; $head .= ' <pma:database name="' . htmlspecialchars($db) . '" collation="' . $db_collation . '" charset="' . $db_charset . '">' . $crlf; if (count($tables) == 0) { $tables[] = $table; } foreach ($tables as $table) { // Export tables and views $result = $GLOBALS['dbi']->fetchResult('SHOW CREATE TABLE ' . PMA_Util::backquote($db) . '.' . PMA_Util::backquote($table), 0); $tbl = $result[$table][1]; $is_view = $GLOBALS['dbi']->getTable($db, $table)->isView(); if ($is_view) { $type = 'view'; } else { $type = 'table'; } if ($is_view && !isset($GLOBALS['xml_export_views'])) { continue; } if (!$is_view && !isset($GLOBALS['xml_export_tables'])) { continue; } $head .= ' <pma:' . $type . ' name="' . $table . '">' . $crlf; $tbl = " " . htmlspecialchars($tbl); $tbl = str_replace("\n", "\n ", $tbl); $head .= $tbl . ';' . $crlf; $head .= ' </pma:' . $type . '>' . $crlf; if (isset($GLOBALS['xml_export_triggers']) && $GLOBALS['xml_export_triggers']) { // Export triggers $triggers = $GLOBALS['dbi']->getTriggers($db, $table); if ($triggers) { foreach ($triggers as $trigger) { $code = $trigger['create']; $head .= ' <pma:trigger name="' . $trigger['name'] . '">' . $crlf; // Do some formatting $code = mb_substr(rtrim($code), 0, -3); $code = " " . htmlspecialchars($code); $code = str_replace("\n", "\n ", $code); $head .= $code . $crlf; $head .= ' </pma:trigger>' . $crlf; } unset($trigger); unset($triggers); } } } if (isset($GLOBALS['xml_export_functions']) && $GLOBALS['xml_export_functions']) { // Export functions $functions = $GLOBALS['dbi']->getProceduresOrFunctions($db, 'FUNCTION'); if ($functions) { foreach ($functions as $function) { $head .= ' <pma:function name="' . $function . '">' . $crlf; // Do some formatting $sql = $GLOBALS['dbi']->getDefinition($db, 'FUNCTION', $function); $sql = rtrim($sql); $sql = " " . htmlspecialchars($sql); $sql = str_replace("\n", "\n ", $sql); $head .= $sql . $crlf; $head .= ' </pma:function>' . $crlf; } unset($function); unset($functions); } } if (isset($GLOBALS['xml_export_procedures']) && $GLOBALS['xml_export_procedures']) { // Export procedures $procedures = $GLOBALS['dbi']->getProceduresOrFunctions($db, 'PROCEDURE'); if ($procedures) { foreach ($procedures as $procedure) { $head .= ' <pma:procedure name="' . $procedure . '">' . $crlf; // Do some formatting $sql = $GLOBALS['dbi']->getDefinition($db, 'PROCEDURE', $procedure); $sql = rtrim($sql); $sql = " " . htmlspecialchars($sql); $sql = str_replace("\n", "\n ", $sql); $head .= $sql . $crlf; $head .= ' </pma:procedure>' . $crlf; } unset($procedure); unset($procedures); } } if (isset($GLOBALS['xml_export_events']) && $GLOBALS['xml_export_events']) { // Export events $events = $GLOBALS['dbi']->fetchResult("SELECT EVENT_NAME FROM information_schema.EVENTS " . "WHERE EVENT_SCHEMA='" . PMA_Util::sqlAddslashes($db) . "'"); if ($events) { foreach ($events as $event) { $head .= ' <pma:event name="' . $event . '">' . $crlf; $sql = $GLOBALS['dbi']->getDefinition($db, 'EVENT', $event); $sql = rtrim($sql); $sql = " " . htmlspecialchars($sql); $sql = str_replace("\n", "\n ", $sql); $head .= $sql . $crlf; $head .= ' </pma:event>' . $crlf; } unset($event); unset($events); } } unset($result); $head .= ' </pma:database>' . $crlf; $head .= ' </pma:structure_schemas>' . $crlf; if ($export_data) { $head .= $crlf; } } return PMA_exportOutputHandler($head); }
/** * Composes the query necessary to create a routine from an HTTP request. * * @return string The CREATE [ROUTINE | PROCEDURE] query. */ function PMA_RTN_getQueryFromRequest() { global $_REQUEST, $errors, $param_sqldataaccess, $param_directions; $_REQUEST['item_type'] = isset($_REQUEST['item_type']) ? $_REQUEST['item_type'] : ''; $query = 'CREATE '; if (!empty($_REQUEST['item_definer'])) { if (strpos($_REQUEST['item_definer'], '@') !== false) { $arr = explode('@', $_REQUEST['item_definer']); $query .= 'DEFINER=' . PMA_Util::backquote($arr[0]); $query .= '@' . PMA_Util::backquote($arr[1]) . ' '; } else { $errors[] = __('The definer must be in the "username@hostname" format'); } } if ($_REQUEST['item_type'] == 'FUNCTION' || $_REQUEST['item_type'] == 'PROCEDURE') { $query .= $_REQUEST['item_type'] . ' '; } else { $errors[] = sprintf(__('Invalid routine type: "%s"'), htmlspecialchars($_REQUEST['item_type'])); } if (!empty($_REQUEST['item_name'])) { $query .= PMA_Util::backquote($_REQUEST['item_name']); } else { $errors[] = __('You must provide a routine name'); } $params = ''; $warned_about_dir = false; $warned_about_name = false; $warned_about_length = false; if (!empty($_REQUEST['item_param_name']) && !empty($_REQUEST['item_param_type']) && !empty($_REQUEST['item_param_length']) && is_array($_REQUEST['item_param_name']) && is_array($_REQUEST['item_param_type']) && is_array($_REQUEST['item_param_length'])) { for ($i = 0; $i < count($_REQUEST['item_param_name']); $i++) { if (!empty($_REQUEST['item_param_name'][$i]) && !empty($_REQUEST['item_param_type'][$i])) { if ($_REQUEST['item_type'] == 'PROCEDURE' && !empty($_REQUEST['item_param_dir'][$i]) && in_array($_REQUEST['item_param_dir'][$i], $param_directions)) { $params .= $_REQUEST['item_param_dir'][$i] . " " . PMA_Util::backquote($_REQUEST['item_param_name'][$i]) . " " . $_REQUEST['item_param_type'][$i]; } else { if ($_REQUEST['item_type'] == 'FUNCTION') { $params .= PMA_Util::backquote($_REQUEST['item_param_name'][$i]) . " " . $_REQUEST['item_param_type'][$i]; } else { if (!$warned_about_dir) { $warned_about_dir = true; $errors[] = sprintf(__('Invalid direction "%s" given for parameter.'), htmlspecialchars($_REQUEST['item_param_dir'][$i])); } } } if ($_REQUEST['item_param_length'][$i] != '' && !preg_match('@^(DATE|DATETIME|TIME|TINYBLOB|TINYTEXT|BLOB|TEXT|MEDIUMBLOB|MEDIUMTEXT|LONGBLOB|LONGTEXT|SERIAL|BOOLEAN)$@i', $_REQUEST['item_param_type'][$i])) { $params .= "(" . $_REQUEST['item_param_length'][$i] . ")"; } else { if ($_REQUEST['item_param_length'][$i] == '' && preg_match('@^(ENUM|SET|VARCHAR|VARBINARY)$@i', $_REQUEST['item_param_type'][$i])) { if (!$warned_about_length) { $warned_about_length = true; $errors[] = __('You must provide length/values for routine parameters of type ENUM, SET, VARCHAR and VARBINARY.'); } } } if (!empty($_REQUEST['item_param_opts_text'][$i])) { if ($GLOBALS['PMA_Types']->getTypeClass($_REQUEST['item_param_type'][$i]) == 'CHAR') { $params .= ' CHARSET ' . strtolower($_REQUEST['item_param_opts_text'][$i]); } } if (!empty($_REQUEST['item_param_opts_num'][$i])) { if ($GLOBALS['PMA_Types']->getTypeClass($_REQUEST['item_param_type'][$i]) == 'NUMBER') { $params .= ' ' . strtoupper($_REQUEST['item_param_opts_num'][$i]); } } if ($i != count($_REQUEST['item_param_name']) - 1) { $params .= ", "; } } else { if (!$warned_about_name) { $warned_about_name = true; $errors[] = __('You must provide a name and a type for each routine parameter.'); break; } } } } $query .= "(" . $params . ") "; if ($_REQUEST['item_type'] == 'FUNCTION') { if (!empty($_REQUEST['item_returntype']) && in_array($_REQUEST['item_returntype'], PMA_Util::getSupportedDatatypes())) { $query .= "RETURNS {$_REQUEST['item_returntype']}"; } else { $errors[] = __('You must provide a valid return type for the routine.'); } if (!empty($_REQUEST['item_returnlength']) && !preg_match('@^(DATE|DATETIME|TIME|TINYBLOB|TINYTEXT|BLOB|TEXT|MEDIUMBLOB|MEDIUMTEXT|LONGBLOB|LONGTEXT|SERIAL|BOOLEAN)$@i', $_REQUEST['item_returntype'])) { $query .= "(" . $_REQUEST['item_returnlength'] . ")"; } else { if (empty($_REQUEST['item_returnlength']) && preg_match('@^(ENUM|SET|VARCHAR|VARBINARY)$@i', $_REQUEST['item_returntype'])) { if (!$warned_about_length) { $warned_about_length = true; $errors[] = __('You must provide length/values for routine parameters of type ENUM, SET, VARCHAR and VARBINARY.'); } } } if (!empty($_REQUEST['item_returnopts_text'])) { if ($GLOBALS['PMA_Types']->getTypeClass($_REQUEST['item_returntype']) == 'CHAR') { $query .= ' CHARSET ' . strtolower($_REQUEST['item_returnopts_text']); } } if (!empty($_REQUEST['item_returnopts_num'])) { if ($GLOBALS['PMA_Types']->getTypeClass($_REQUEST['item_returntype']) == 'NUMBER') { $query .= ' ' . strtoupper($_REQUEST['item_returnopts_num']); } } $query .= ' '; } if (!empty($_REQUEST['item_comment'])) { $query .= "COMMENT '" . PMA_Util::sqlAddslashes($_REQUEST['item_comment']) . "' "; } if (isset($_REQUEST['item_isdeterministic'])) { $query .= 'DETERMINISTIC '; } else { $query .= 'NOT DETERMINISTIC '; } if (!empty($_REQUEST['item_sqldataaccess']) && in_array($_REQUEST['item_sqldataaccess'], $param_sqldataaccess)) { $query .= $_REQUEST['item_sqldataaccess'] . ' '; } if (!empty($_REQUEST['item_securitytype'])) { if ($_REQUEST['item_securitytype'] == 'DEFINER' || $_REQUEST['item_securitytype'] == 'INVOKER') { $query .= 'SQL SECURITY ' . $_REQUEST['item_securitytype'] . ' '; } } if (!empty($_REQUEST['item_definition'])) { $query .= $_REQUEST['item_definition']; } else { $errors[] = __('You must provide a routine definition.'); } return $query; }
/** * Composes the query necessary to create an event from an HTTP request. * * @return string The CREATE EVENT query. */ function PMA_EVN_getQueryFromRequest() { global $_REQUEST, $errors, $event_status, $event_type, $event_interval; $query = 'CREATE '; if (!empty($_REQUEST['item_definer'])) { if (strpos($_REQUEST['item_definer'], '@') !== false) { $arr = explode('@', $_REQUEST['item_definer']); $query .= 'DEFINER=' . PMA_Util::backquote($arr[0]); $query .= '@' . PMA_Util::backquote($arr[1]) . ' '; } else { $errors[] = __('The definer must be in the "username@hostname" format'); } } $query .= 'EVENT '; if (!empty($_REQUEST['item_name'])) { $query .= PMA_Util::backquote($_REQUEST['item_name']) . ' '; } else { $errors[] = __('You must provide an event name'); } $query .= 'ON SCHEDULE '; if (!empty($_REQUEST['item_type']) && in_array($_REQUEST['item_type'], $event_type)) { if ($_REQUEST['item_type'] == 'RECURRING') { if (!empty($_REQUEST['item_interval_value']) && !empty($_REQUEST['item_interval_field']) && in_array($_REQUEST['item_interval_field'], $event_interval)) { $query .= 'EVERY ' . intval($_REQUEST['item_interval_value']) . ' '; $query .= $_REQUEST['item_interval_field'] . ' '; } else { $errors[] = __('You must provide a valid interval value for the event.'); } if (!empty($_REQUEST['item_starts'])) { $query .= "STARTS '" . PMA_Util::sqlAddSlashes($_REQUEST['item_starts']) . "' "; } if (!empty($_REQUEST['item_ends'])) { $query .= "ENDS '" . PMA_Util::sqlAddSlashes($_REQUEST['item_ends']) . "' "; } } else { if (!empty($_REQUEST['item_execute_at'])) { $query .= "AT '" . PMA_Util::sqlAddSlashes($_REQUEST['item_execute_at']) . "' "; } else { $errors[] = __('You must provide a valid execution time for the event.'); } } } else { $errors[] = __('You must provide a valid type for the event.'); } $query .= 'ON COMPLETION '; if (empty($_REQUEST['item_preserve'])) { $query .= 'NOT '; } $query .= 'PRESERVE '; if (!empty($_REQUEST['item_status'])) { foreach ($event_status['display'] as $key => $value) { if ($value == $_REQUEST['item_status']) { $query .= $event_status['query'][$key] . ' '; break; } } } if (!empty($_REQUEST['item_comment'])) { $query .= "COMMENT '" . PMA_Util::sqlAddslashes($_REQUEST['item_comment']) . "' "; } $query .= 'DO '; if (!empty($_REQUEST['item_definition'])) { $query .= $_REQUEST['item_definition']; } else { $errors[] = __('You must provide an event definition.'); } return $query; }