/** * Returns HTML code to include javascript file. * * @param array $files The list of js file to include * * @return string HTML code for javascript inclusion. */ private function _includeFiles($files) { $dynamic_scripts = ""; $params = array(); foreach ($files as $value) { if (strpos($value['filename'], "?") === false) { $include = true; if ($value['conditional_ie'] !== false && PMA_USR_BROWSER_AGENT === 'IE') { if ($value['conditional_ie'] === true) { $include = true; } else { if ($value['conditional_ie'] == PMA_USR_BROWSER_VER) { $include = true; } else { $include = false; } } } if ($include) { $scripts[] = "scripts[]=" . $value['filename']; } } else { $dynamic_scripts .= "<script type='text/javascript' src='js/" . $value['filename'] . "'></script>"; } } $static_scripts = sprintf('<script type="text/javascript" ' . 'src="js/get_scripts.js.php%s&%s"></script>', PMA_URL_getCommon(array(), 'none'), implode("&", $scripts)); return $static_scripts . $dynamic_scripts; }
/** * Returns HTML code to include javascript file. * * @param array $files The list of js file to include * * @return string HTML code for javascript inclusion. */ private function _includeFiles($files) { $first_dynamic_scripts = ""; $dynamic_scripts = ""; $scripts = array(); foreach ($files as $value) { if (strpos($value['filename'], "?") !== false) { if ($value['before_statics'] === true) { $first_dynamic_scripts .= "<script type='text/javascript' src='js/" . $value['filename'] . "'></script>"; } else { $dynamic_scripts .= "<script type='text/javascript' src='js/" . $value['filename'] . "'></script>"; } continue; } $include = true; if ($value['conditional_ie'] !== false && PMA_USR_BROWSER_AGENT === 'IE') { if ($value['conditional_ie'] === true) { $include = true; } else { if ($value['conditional_ie'] == PMA_USR_BROWSER_VER) { $include = true; } else { $include = false; } } } if ($include) { $scripts[] = "scripts[]=" . $value['filename']; } } $separator = PMA_URL_getArgSeparator(); $url = 'js/get_scripts.js.php' . PMA_URL_getCommon(array(), 'none') . $separator . implode($separator, $scripts); $static_scripts = sprintf('<script type="text/javascript" src="%s"></script>', htmlspecialchars($url)); return $first_dynamic_scripts . $static_scripts . $dynamic_scripts; }
/** * Tests getHtmlForControlButtons() method * * @return void * @test */ public function testGetHtmlForControlButtons() { $parent = PMA_NodeFactory::getInstance('Node_Database', 'parent'); $parent->addChild($this->object); $this->object->expects($this->once())->method('getItemType')->will($this->returnValue('itemType')); $html = $this->object->getHtmlForControlButtons(); $this->assertStringStartsWith('<span class="navItemControls">', $html); $this->assertStringEndsWith('</span>', $html); $this->assertContains('<a href="navigation.php?' . PMA_URL_getCommon() . '&hideNavItem=true&itemType=itemType&itemName=child' . '&dbName=parent" class="hideNavItem ajax">', $html); }
/** * Returns the html for the list filter * * @param PMA_ServerStatusData $ServerStatusData Server status data * * @return string */ function PMA_getHtmlForFilter($ServerStatusData) { $filterAlert = ''; if (!empty($_REQUEST['filterAlert'])) { $filterAlert = ' checked="checked"'; } $filterText = ''; if (!empty($_REQUEST['filterText'])) { $filterText = htmlspecialchars($_REQUEST['filterText']); } $dontFormat = ''; if (!empty($_REQUEST['dontFormat'])) { $dontFormat = ' checked="checked"'; } $retval = ''; $retval .= '<fieldset id="tableFilter">'; $retval .= '<legend>' . __('Filters') . '</legend>'; $retval .= '<form action="server_status_variables.php' . PMA_URL_getCommon() . '">'; $retval .= '<input type="submit" value="' . __('Refresh') . '" />'; $retval .= '<div class="formelement">'; $retval .= '<label for="filterText">' . __('Containing the word:') . '</label>'; $retval .= '<input name="filterText" type="text" id="filterText" ' . 'style="vertical-align: baseline;" value="' . $filterText . '" />'; $retval .= '</div>'; $retval .= '<div class="formelement">'; $retval .= '<input' . $filterAlert . ' type="checkbox" ' . 'name="filterAlert" id="filterAlert" />'; $retval .= '<label for="filterAlert">'; $retval .= __('Show only alert values'); $retval .= '</label>'; $retval .= '</div>'; $retval .= '<div class="formelement">'; $retval .= '<select id="filterCategory" name="filterCategory">'; $retval .= '<option value="">' . __('Filter by category…') . '</option>'; foreach ($ServerStatusData->sections as $section_id => $section_name) { if (isset($ServerStatusData->categoryUsed[$section_id])) { if (!empty($_REQUEST['filterCategory']) && $_REQUEST['filterCategory'] == $section_id) { $selected = ' selected="selected"'; } else { $selected = ''; } $retval .= '<option' . $selected . ' value="' . $section_id . '">'; $retval .= htmlspecialchars($section_name) . '</option>'; } } $retval .= '</select>'; $retval .= '</div>'; $retval .= '<div class="formelement">'; $retval .= '<input' . $dontFormat . ' type="checkbox" ' . 'name="dontFormat" id="dontFormat" />'; $retval .= '<label for="dontFormat">'; $retval .= __('Show unformatted values'); $retval .= '</label>'; $retval .= '</div>'; $retval .= '</form>'; $retval .= '</fieldset>'; return $retval; }
/** * Returns HTML for hide button displayed infront of the database child node * * @return String HTML for hide button */ public function getHtmlForControlButtons() { $ret = ''; $cfgRelation = PMA_getRelationsParam(); if ($cfgRelation['navwork']) { $db = $this->realParent()->real_name; $item = $this->real_name; $ret = '<span class="navItemControls">' . '<a href="navigation.php' . PMA_URL_getCommon() . '&hideNavItem=true' . '&itemType=' . urlencode($this->getItemType()) . '&itemName=' . urlencode($item) . '&dbName=' . urlencode($db) . '"' . ' class="hideNavItem ajax">' . PMA_Util::getImage('lightbulb_off.png', __('Hide')) . '</a></span>'; } return $ret; }
/** * Tests PMA_getHtmlForUserGroupsTable() function when there are user groups * * @return void */ public function testGetHtmlForUserGroupsTableWithUserGroups() { $expectedQuery = "SELECT * FROM `pmadb`.`usergroups`" . " ORDER BY `usergroup` ASC"; $dbi = $this->getMockBuilder('PMA\\libraries\\DatabaseInterface')->disableOriginalConstructor()->getMock(); $dbi->expects($this->once())->method('tryQuery')->with($expectedQuery)->will($this->returnValue(true)); $dbi->expects($this->once())->method('numRows')->withAnyParameters()->will($this->returnValue(1)); $dbi->expects($this->at(2))->method('fetchAssoc')->withAnyParameters()->will($this->returnValue(array('usergroup' => 'usergroup', 'tab' => 'server_sql', 'allowed' => 'Y'))); $dbi->expects($this->at(3))->method('fetchAssoc')->withAnyParameters()->will($this->returnValue(false)); $dbi->expects($this->once())->method('freeResult'); $GLOBALS['dbi'] = $dbi; $html = PMA_getHtmlForUserGroupsTable(); $this->assertContains('<td>usergroup</td>', $html); $url_tag = '<a class="" href="server_user_groups.php' . PMA_URL_getCommon(array('viewUsers' => 1, 'userGroup' => htmlspecialchars('usergroup'))); $this->assertContains($url_tag, $html); $url_tag = '<a class="" href="server_user_groups.php' . PMA_URL_getCommon(array('editUserGroup' => 1, 'userGroup' => htmlspecialchars('usergroup'))); $this->assertContains($url_tag, $html); $url_tag = '<a class="deleteUserGroup ajax" href="server_user_groups.php' . PMA_URL_getCommon(array('deleteUserGroup' => 1, 'userGroup' => htmlspecialchars('usergroup'))); $this->assertContains($url_tag, $html); }
/** * Get HTML for secondary level menu tabs on 'Users' page * * @param string $selfUrl Url of the file * * @return string HTML for secondary level menu tabs on 'Users' page */ function PMA_getHtmlForSubMenusOnUsersPage($selfUrl) { $url_params = PMA_URL_getCommon(); $items = array(array('name' => __('Users overview'), 'url' => 'server_privileges.php', 'specific_params' => '&viewing_mode=server'), array('name' => __('User groups'), 'url' => 'server_user_groups.php', 'specific_params' => '')); $retval = '<ul id="topmenu2">'; foreach ($items as $item) { $class = ''; if ($item['url'] === $selfUrl) { $class = ' class="tabactive"'; } $retval .= '<li>'; $retval .= '<a' . $class; $retval .= ' href="' . $item['url'] . '?' . $url_params . $item['specific_params'] . '">'; $retval .= $item['name']; $retval .= '</a>'; $retval .= '</li>'; } $retval .= '</ul>'; $retval .= '<div class="clearfloat"></div>'; return $retval; }
/** * Get the HTML for the sub tabs * * @param string $activeUrl url of the active sub tab * * @return string HTML for sub tabs */ function PMA_getHtmlForPluginsSubTabs($activeUrl) { $url_params = PMA_URL_getCommon(); $items = array(array('name' => __('Plugins'), 'url' => 'server_plugins.php'), array('name' => __('Modules'), 'url' => 'server_modules.php')); $retval = '<ul id="topmenu2">'; foreach ($items as $item) { $class = ''; if ($item['url'] === $activeUrl) { $class = ' class="tabactive"'; } $retval .= '<li>'; $retval .= '<a' . $class; $retval .= ' href="' . $item['url'] . $url_params . '">'; $retval .= $item['name']; $retval .= '</a>'; $retval .= '</li>'; } $retval .= '</ul>'; $retval .= '<div class="clearfloat"></div>'; return $retval; }
/** * setup HTML for a given Storage Engine * * @return string */ function PMA_getHtmlForSpecifiedServerEngines() { /** * Displays details about a given Storage Engine */ $html = ''; $engine_plugin = PMA_StorageEngine::getEngine($_REQUEST['engine']); $html .= '<h2>' . "\n" . PMA_Util::getImage('b_engine.png') . ' ' . htmlspecialchars($engine_plugin->getTitle()) . "\n" . ' ' . PMA_Util::showMySQLDocu($engine_plugin->getMysqlHelpPage()) . "\n" . '</h2>' . "\n\n"; $html .= '<p>' . "\n" . ' <em>' . "\n" . ' ' . htmlspecialchars($engine_plugin->getComment()) . "\n" . ' </em>' . "\n" . '</p>' . "\n\n"; $infoPages = $engine_plugin->getInfoPages(); if (!empty($infoPages) && is_array($infoPages)) { $html .= '<p>' . "\n" . ' <strong>[</strong>' . "\n"; if (empty($_REQUEST['page'])) { $html .= ' <strong>' . __('Variables') . '</strong>' . "\n"; } else { $html .= ' <a href="server_engines.php' . PMA_URL_getCommon(array('engine' => $_REQUEST['engine'])) . '">' . __('Variables') . '</a>' . "\n"; } foreach ($infoPages as $current => $label) { $html .= ' <strong>|</strong>' . "\n"; if (isset($_REQUEST['page']) && $_REQUEST['page'] == $current) { $html .= ' <strong>' . $label . '</strong>' . "\n"; } else { $html .= ' <a href="server_engines.php' . PMA_URL_getCommon(array('engine' => $_REQUEST['engine'], 'page' => $current)) . '">' . htmlspecialchars($label) . '</a>' . "\n"; } } unset($current, $label); $html .= ' <strong>]</strong>' . "\n" . '</p>' . "\n\n"; } unset($infoPages, $page_output); if (!empty($_REQUEST['page'])) { $page_output = $engine_plugin->getPage($_REQUEST['page']); } if (!empty($page_output)) { $html .= $page_output; } else { $html .= '<p> ' . $engine_plugin->getSupportInformationMessage() . "\n" . '</p>' . "\n" . $engine_plugin->getHtmlVariables(); } return $html; }
/** * Get the HTML for Referential Integrity check * * @param array $foreign all Relations to foreign tables for a given table * or optionally a given column in a table * @param array $url_params array of url parameters * * @return string $html_output */ function PMA_getHtmlForReferentialIntegrityCheck($foreign, $url_params) { $html_output = '<div class="operations_half_width">' . '<fieldset>' . '<legend>' . __('Check referential integrity:') . '</legend>'; $html_output .= '<ul>'; foreach ($foreign as $master => $arr) { $join_query = 'SELECT ' . PMA\libraries\Util::backquote($GLOBALS['table']) . '.*' . ' FROM ' . PMA\libraries\Util::backquote($GLOBALS['table']) . ' LEFT JOIN ' . PMA\libraries\Util::backquote($arr['foreign_db']) . '.' . PMA\libraries\Util::backquote($arr['foreign_table']); if ($arr['foreign_table'] == $GLOBALS['table']) { $foreign_table = $GLOBALS['table'] . '1'; $join_query .= ' AS ' . PMA\libraries\Util::backquote($foreign_table); } else { $foreign_table = $arr['foreign_table']; } $join_query .= ' ON ' . PMA\libraries\Util::backquote($GLOBALS['table']) . '.' . PMA\libraries\Util::backquote($master) . ' = ' . PMA\libraries\Util::backquote($arr['foreign_db']) . '.' . PMA\libraries\Util::backquote($foreign_table) . '.' . PMA\libraries\Util::backquote($arr['foreign_field']) . ' WHERE ' . PMA\libraries\Util::backquote($arr['foreign_db']) . '.' . PMA\libraries\Util::backquote($foreign_table) . '.' . PMA\libraries\Util::backquote($arr['foreign_field']) . ' IS NULL AND ' . PMA\libraries\Util::backquote($GLOBALS['table']) . '.' . PMA\libraries\Util::backquote($master) . ' IS NOT NULL'; $this_url_params = array_merge($url_params, array('sql_query' => $join_query)); $html_output .= '<li>' . '<a href="sql.php' . PMA_URL_getCommon($this_url_params) . '">' . $master . ' -> ' . $arr['foreign_db'] . '.' . $arr['foreign_table'] . '.' . $arr['foreign_field'] . '</a></li>' . "\n"; } // foreach $foreign $html_output .= '</ul></fieldset></div>'; return $html_output; }
/** * Get HTML snippet for display user overview page * * @param string $pmaThemeImage a image source link * @param string $text_dir text directory * * @return string $html_output */ function PMA_getHtmlForUserOverview($pmaThemeImage, $text_dir) { $html_output = '<h2>' . "\n" . PMA_Util::getIcon('b_usrlist.png') . __('Users overview') . "\n" . '</h2>' . "\n"; $password_column = 'Password'; if (PMA_Util::getServerType() == 'MySQL' && PMA_MYSQL_INT_VERSION >= 50706) { $password_column = 'authentication_string'; } // $sql_query is for the initial-filtered, // $sql_query_all is for counting the total no. of users $sql_query = $sql_query_all = 'SELECT *,' . " IF(`" . $password_column . "` = _latin1 '', 'N', 'Y') AS 'Password'" . ' FROM `mysql`.`user`'; $sql_query .= isset($_REQUEST['initial']) ? PMA_rangeOfUsers($_REQUEST['initial']) : ''; $sql_query .= ' ORDER BY `User` ASC, `Host` ASC;'; $sql_query_all .= ' ;'; $res = $GLOBALS['dbi']->tryQuery($sql_query, null, PMA_DatabaseInterface::QUERY_STORE); $res_all = $GLOBALS['dbi']->tryQuery($sql_query_all, null, PMA_DatabaseInterface::QUERY_STORE); if (!$res) { // the query failed! This may have two reasons: // - the user does not have enough privileges // - the privilege tables use a structure of an earlier version. // so let's try a more simple query $GLOBALS['dbi']->freeResult($res); $GLOBALS['dbi']->freeResult($res_all); $sql_query = 'SELECT * FROM `mysql`.`user`'; $res = $GLOBALS['dbi']->tryQuery($sql_query, null, PMA_DatabaseInterface::QUERY_STORE); if (!$res) { $html_output .= PMA_getHtmlForViewUsersError(); $html_output .= PMA_getAddUserHtmlFieldset(); } else { // This message is hardcoded because I will replace it by // a automatic repair feature soon. $raw = 'Your privilege table structure seems to be older than' . ' this MySQL version!<br />' . 'Please run the <code>mysql_upgrade</code> command' . '(<code>mysql_fix_privilege_tables</code> on older systems)' . ' that should be included in your MySQL server distribution' . ' to solve this problem!'; $html_output .= PMA_Message::rawError($raw)->getDisplay(); } $GLOBALS['dbi']->freeResult($res); } else { $db_rights = PMA_getDbRightsForUserOverview(); // for all initials, even non A-Z $array_initials = array(); /** * Displays the initials * Also not necessary if there is less than 20 privileges */ if ($GLOBALS['dbi']->numRows($res_all) > 20) { $html_output .= PMA_getHtmlForInitials($array_initials); } /** * Display the user overview * (if less than 50 users, display them immediately) */ if (isset($_REQUEST['initial']) || isset($_REQUEST['showall']) || $GLOBALS['dbi']->numRows($res) < 50) { $html_output .= PMA_getUsersOverview($res, $db_rights, $pmaThemeImage, $text_dir); } else { $html_output .= PMA_getAddUserHtmlFieldset(); } // end if (display overview) if (!$GLOBALS['is_ajax_request'] || !empty($_REQUEST['ajax_page_request'])) { $flushnote = new PMA_Message(__('Note: phpMyAdmin gets the users\' privileges directly ' . 'from MySQL\'s privilege tables. The content of these tables ' . 'may differ from the privileges the server uses, ' . 'if they have been changed manually. In this case, ' . 'you should %sreload the privileges%s before you continue.'), PMA_Message::NOTICE); $flushLink = '<a href="server_privileges.php' . PMA_URL_getCommon(array('flush_privileges' => 1)) . '" id="reload_privileges_anchor">'; $flushnote->addParam($flushLink, false); $flushnote->addParam('</a>', false); $html_output .= $flushnote->getDisplay(); } } return $html_output; }
// file_put_contents($config_file_path, ConfigGenerator::getConfigFile($GLOBALS['ConfigFile'])); header('HTTP/1.1 303 See Other'); header('Location: index.php' . PMA_URL_getCommon() . '&action_done=config_saved'); exit; } elseif (PMA_ifSetOr($_POST['submit_load'], '')) { // // Load config file from the server // $cfg = array(); include_once $config_file_path; $GLOBALS['ConfigFile']->setConfigData($cfg); header('HTTP/1.1 303 See Other'); header('Location: index.php'); exit; } elseif (PMA_ifSetOr($_POST['submit_delete'], '')) { // // Delete config file on the server // @unlink($config_file_path); header('HTTP/1.1 303 See Other'); header('Location: index.php'); exit; } else { // // Show generated config file in a <textarea> // header('HTTP/1.1 303 See Other'); header('Location: index.php' . PMA_URL_getCommon() . '&page=config'); exit; }
/** * Returns HTML for the 'user groups' table * * @return string HTML for the 'user groups' table */ function PMA_getHtmlForUserGroupsTable() { $tabs = PMA_Util::getMenuTabList(); $html_output = '<h2>' . __('User groups') . '</h2>'; $groupTable = PMA_Util::backquote($GLOBALS['cfg']['Server']['pmadb']) . "." . PMA_Util::backquote($GLOBALS['cfg']['Server']['usergroups']); $sql_query = "SELECT * FROM " . $groupTable . " ORDER BY `usergroup` ASC"; $result = PMA_queryAsControlUser($sql_query, false); if ($result && $GLOBALS['dbi']->numRows($result)) { $html_output .= '<form name="userGroupsForm" id="userGroupsForm"' . ' action="server_privileges.php" method="post">'; $html_output .= PMA_URL_getHiddenInputs(); $html_output .= '<table id="userGroupsTable">'; $html_output .= '<thead><tr>'; $html_output .= '<th style="white-space: nowrap">' . __('User group') . '</th>'; $html_output .= '<th>' . __('Server level tabs') . '</th>'; $html_output .= '<th>' . __('Database level tabs') . '</th>'; $html_output .= '<th>' . __('Table level tabs') . '</th>'; $html_output .= '<th>' . __('Action') . '</th>'; $html_output .= '</tr></thead>'; $html_output .= '<tbody>'; $odd = true; $userGroups = array(); while ($row = $GLOBALS['dbi']->fetchAssoc($result)) { $groupName = $row['usergroup']; if (!isset($userGroups[$groupName])) { $userGroups[$groupName] = array(); } $userGroups[$groupName][$row['tab']] = $row['allowed']; } foreach ($userGroups as $groupName => $tabs) { $html_output .= '<tr class="' . ($odd ? 'odd' : 'even') . '">'; $html_output .= '<td>' . htmlspecialchars($groupName) . '</td>'; $html_output .= '<td>' . _getAllowedTabNames($tabs, 'server') . '</td>'; $html_output .= '<td>' . _getAllowedTabNames($tabs, 'db') . '</td>'; $html_output .= '<td>' . _getAllowedTabNames($tabs, 'table') . '</td>'; $html_output .= '<td>'; $html_output .= '<a class="" href="server_user_groups.php' . PMA_URL_getCommon(array('viewUsers' => 1, 'userGroup' => $groupName)) . '">' . PMA_Util::getIcon('b_usrlist.png', __('View users')) . '</a>'; $html_output .= ' '; $html_output .= '<a class="" href="server_user_groups.php' . PMA_URL_getCommon(array('editUserGroup' => 1, 'userGroup' => $groupName)) . '">' . PMA_Util::getIcon('b_edit.png', __('Edit')) . '</a>'; $html_output .= ' '; $html_output .= '<a class="deleteUserGroup ajax"' . ' href="server_user_groups.php' . PMA_URL_getCommon(array('deleteUserGroup' => 1, 'userGroup' => $groupName)) . '">' . PMA_Util::getIcon('b_drop.png', __('Delete')) . '</a>'; $html_output .= '</td>'; $html_output .= '</tr>'; $odd = !$odd; } $html_output .= '</tbody>'; $html_output .= '</table>'; $html_output .= '</form>'; } $GLOBALS['dbi']->freeResult($result); $html_output .= '<fieldset id="fieldset_add_user_group">'; $html_output .= '<a href="server_user_groups.php' . PMA_URL_getCommon(array('addUserGroup' => 1)) . '">' . PMA_Util::getIcon('b_usradd.png') . __('Add user group') . '</a>'; $html_output .= '</fieldset>'; return $html_output; }
/** * Get Html for PMA tables fixing anchor. * * @param boolean $allTables whether to create all tables * * @return string Html */ function PMA_getHtmlFixPMATables($allTables) { $retval = ''; $url_query = PMA_URL_getCommon(array('db' => $GLOBALS['db'])); if ($allTables) { $url_query .= '&goto=db_operations.php&create_pmadb=1'; $message = PMA_Message::notice(__('%sCreate%s the phpMyAdmin configuration storage in the ' . 'current database.')); } else { $url_query .= '&goto=db_operations.php&fix_pmadb=1'; $message = PMA_Message::notice(__('%sCreate%s missing phpMyAdmin configuration storage tables.')); } $message->addParam('<a href="' . $GLOBALS['cfg']['PmaAbsoluteUri'] . 'chk_rel.php' . $url_query . '">', false); $message->addParam('</a>', false); $retval .= $message->getDisplay(); return $retval; }
*/ if (!defined('PHPMYADMIN')) { exit; } /** * Gets some core libraries */ require_once './libraries/bookmark.lib.php'; // Check parameters PMA_Util::checkParameters(array('db', 'table')); $db_is_system_schema = $GLOBALS['dbi']->isSystemSchema($db); /** * Set parameters for links * @deprecated */ $url_query = PMA_URL_getCommon(array('db' => $db, 'table' => $table)); /** * Set parameters for links */ $url_params = array(); $url_params['db'] = $db; $url_params['table'] = $table; /** * Defines the urls to return to in case of error in a sql statement */ $err_url_0 = PMA_Util::getScriptNameForOption($GLOBALS['cfg']['DefaultTabDatabase'], 'database') . PMA_URL_getCommon(array('db' => $db)); $err_url = PMA_Util::getScriptNameForOption($GLOBALS['cfg']['DefaultTabTable'], 'table') . PMA_URL_getCommon($url_params); /** * Ensures the database and the table exist (else move to the "parent" script) */ require_once './libraries/db_table_exists.lib.php';
/** * Test for PMA_getHtmlHeaderForUserProperties * * @return void */ public function testPMAGetHtmlHeaderForUserProperties() { $dbname_is_wildcard = true; $url_dbname = "url_dbname"; $dbname = "dbname"; $username = "******"; $hostname = "hostname"; $tablename = "tablename"; $_REQUEST['tablename'] = "tablename"; $html = PMA_getHtmlHeaderForUserProperties($dbname_is_wildcard, $url_dbname, $dbname, $username, $hostname, $tablename); //title $this->assertContains(__('Edit privileges:'), $html); $this->assertContains(__('User account'), $html); //PMA_URL_getCommon $item = PMA_URL_getCommon(array('username' => $username, 'hostname' => $hostname, 'dbname' => '', 'tablename' => '')); $this->assertContains($item, $html); //$username & $hostname $this->assertContains(htmlspecialchars($username), $html); $this->assertContains(htmlspecialchars($hostname), $html); //$dbname_is_wildcard = true $this->assertContains(__('Databases'), $html); //$dbname_is_wildcard = true $this->assertContains(__('Databases'), $html); //PMA_URL_getCommon $item = PMA_URL_getCommon(array('username' => $username, 'hostname' => $hostname, 'dbname' => $url_dbname, 'tablename' => '')); $this->assertContains($item, $html); $this->assertContains($dbname, $html); }
/** * Returns HTML for show hidden button displayed infront of database node * * @return String HTML for show hidden button */ public function getHtmlForControlButtons() { $ret = ''; $db = $this->real_name; $cfgRelation = PMA_getRelationsParam(); if ($cfgRelation['navwork']) { $navTable = PMA_Util::backquote($cfgRelation['db']) . "." . PMA_Util::backquote($cfgRelation['navigationhiding']); $sqlQuery = "SELECT COUNT(*) FROM " . $navTable . " WHERE `username`='" . PMA_Util::sqlAddSlashes($GLOBALS['cfg']['Server']['user']) . "'" . " AND `db_name`='" . PMA_Util::sqlAddSlashes($db) . "'"; $count = $GLOBALS['dbi']->fetchValue($sqlQuery, 0, 0, $GLOBALS['controllink']); if ($count > 0) { $ret = '<span class="dbItemControls">' . '<a href="navigation.php?' . PMA_URL_getCommon() . '&showUnhideDialog=true' . '&dbName=' . urldecode($db) . '"' . ' class="showUnhide ajax">' . PMA_Util::getImage('lightbulb.png', __('Show hidden items')) . '</a></span>'; } } return $ret; }
foreach ($_COOKIE as $cookie_name => $tmp) { $GLOBALS['PMA_Config']->removeCookie($cookie_name); } $_COOKIE = array(); $GLOBALS['PMA_Config']->setCookie('pmaCookieVer', $pma_cookie_version); } } /** * check HTTPS connection */ if ($GLOBALS['PMA_Config']->get('ForceSSL') && !$GLOBALS['PMA_Config']->detectHttps()) { require './libraries/select_lang.lib.php'; // grab SSL URL $url = $GLOBALS['PMA_Config']->getSSLUri(); // Actually redirect PMA_sendHeaderLocation($url . PMA_URL_getCommon($_GET, 'text')); // delete the current session, otherwise we get problems (see bug #2397877) $GLOBALS['PMA_Config']->removeCookie($GLOBALS['session_name']); exit; } /** * include session handling after the globals, to prevent overwriting */ require './libraries/session.inc.php'; /** * init some variables LABEL_variables_init */ /** * holds parameters to be passed to next page * @global array $GLOBALS['url_params'] */
/** * Returns link to (possibly) external site using defined redirector. * * @param string $url URL where to go. * * @return string URL for a link. */ function PMA_linkURL($url) { if (!preg_match('#^https?://#', $url) || defined('PMA_SETUP')) { return $url; } if (!function_exists('PMA_URL_getCommon')) { include_once './libraries/url_generating.lib.php'; } $params = array(); $params['url'] = $url; $url = PMA_URL_getCommon($params); //strip off token and such sensitive information. Just keep url. $arr = parse_url($url); parse_str($arr["query"], $vars); $query = http_build_query(array("url" => $vars["url"])); $url = './url.php?' . $query; return $url; }
/** * Generate Html for sync Favorite tables anchor. (from localStorage to pmadb) * * @return string */ public function getHtmlSyncFavoriteTables() { $retval = ''; $server_id = $GLOBALS['server']; // Not to show this once list is synchronized. $is_synced = isset($_SESSION['tmpval']['favorites_synced'][$server_id]) ? true : false; if (!$is_synced) { $params = array('ajax_request' => true, 'favorite_table' => true, 'sync_favorite_tables' => true); $url = 'db_structure.php' . PMA_URL_getCommon($params); $retval = '<a class="hide" id="sync_favorite_tables"'; $retval .= ' href="' . $url . '"></a>'; } return $retval; }
include 'tbl_export.php'; break; case 'row_delete': default: $action = 'tbl_row_action.php'; $err_url = 'tbl_row_action.php' . PMA_URL_getCommon($GLOBALS['url_params']); if (!isset($_REQUEST['mult_btn'])) { $original_sql_query = $sql_query; if (!empty($url_query)) { $original_url_query = $url_query; } } include 'libraries/mult_submits.inc.php'; $_url_params = $GLOBALS['url_params']; $_url_params['goto'] = 'tbl_sql.php'; $url_query = PMA_URL_getCommon($_url_params); /** * Show result of multi submit operation */ // sql_query is not set when user does not confirm multi-delete if ((!empty($submit_mult) || isset($_REQUEST['mult_btn'])) && !empty($sql_query)) { $disp_message = __('Your SQL query has been executed successfully.'); $disp_query = $sql_query; } if (isset($original_sql_query)) { $sql_query = $original_sql_query; } if (isset($original_url_query)) { $url_query = $original_url_query; } $active_page = 'sql.php';
/** * Prepares the displayable content of a data cell in Browse mode, * taking into account foreign key description field and transformations * * @param string $class css classes for the td element * @param bool $condition_field whether the column is a part of * the where clause * @param array $analyzed_sql the analyzed query * @param object $meta the meta-information about the * field * @param array $map the list of relations * @param string $data data * @param object|string $transformation_plugin transformation plugin. * Can also be the default function: * PMA_mimeDefaultFunction * @param string $default_function default function * @param string $nowrap 'nowrap' if the content should * not be wrapped * @param string $where_comparison data for the where clause * @param array $transform_options options for transformation * @param bool $is_field_truncated whether the field is truncated * * @return string formatted data * * @access private * * @see _getDataCellForNumericColumns(), _getDataCellForGeometryColumns(), * _getDataCellForNonNumericColumns(), * */ private function _getRowData($class, $condition_field, $analyzed_sql, $meta, $map, $data, $transformation_plugin, $default_function, $nowrap, $where_comparison, $transform_options, $is_field_truncated) { $relational_display = $_SESSION['tmpval']['relational_display']; $printview = $this->__get('printview'); $decimals = isset($meta->decimals) ? $meta->decimals : '-1'; $result = '<td data-decimals="' . $decimals . '" data-type="' . $meta->type . '" class="' . $this->_addClass($class, $condition_field, $meta, $nowrap, $is_field_truncated, $transformation_plugin, $default_function) . '">'; if (isset($analyzed_sql[0]['select_expr']) && is_array($analyzed_sql[0]['select_expr'])) { foreach ($analyzed_sql[0]['select_expr'] as $select_expr_position => $select_expr) { $alias = $analyzed_sql[0]['select_expr'][$select_expr_position]['alias']; if (!isset($alias) || !mb_strlen($alias)) { continue; } // end if $true_column = $analyzed_sql[0]['select_expr'][$select_expr_position]['column']; if ($alias == $meta->name) { // this change in the parameter does not matter // outside of the function $meta->name = $true_column; } // end if } // end foreach } // end if if (isset($map[$meta->name])) { // Field to display from the foreign table? if (isset($map[$meta->name][2]) && mb_strlen($map[$meta->name][2])) { $dispsql = 'SELECT ' . PMA_Util::backquote($map[$meta->name][2]) . ' FROM ' . PMA_Util::backquote($map[$meta->name][3]) . '.' . PMA_Util::backquote($map[$meta->name][0]) . ' WHERE ' . PMA_Util::backquote($map[$meta->name][1]) . $where_comparison; $dispresult = $GLOBALS['dbi']->tryQuery($dispsql, null, PMA_DatabaseInterface::QUERY_STORE); if ($dispresult && $GLOBALS['dbi']->numRows($dispresult) > 0) { list($dispval) = $GLOBALS['dbi']->fetchRow($dispresult, 0); } else { $dispval = __('Link not found!'); } @$GLOBALS['dbi']->freeResult($dispresult); } else { $dispval = ''; } // end if... else... if (isset($printview) && $printview == '1') { $result .= ($transformation_plugin != $default_function ? $transformation_plugin->applyTransformation($data, $transform_options, $meta) : $default_function($data)) . ' <code>[->' . $dispval . ']</code>'; } else { if ($relational_display == self::RELATIONAL_KEY) { // user chose "relational key" in the display options, so // the title contains the display field $title = !empty($dispval) ? ' title="' . htmlspecialchars($dispval) . '"' : ''; } else { $title = ' title="' . htmlspecialchars($data) . '"'; } $_url_params = array('db' => $map[$meta->name][3], 'table' => $map[$meta->name][0], 'pos' => '0', 'sql_query' => 'SELECT * FROM ' . PMA_Util::backquote($map[$meta->name][3]) . '.' . PMA_Util::backquote($map[$meta->name][0]) . ' WHERE ' . PMA_Util::backquote($map[$meta->name][1]) . $where_comparison); $result .= '<a class="ajax" href="sql.php' . PMA_URL_getCommon($_url_params) . '"' . $title . '>'; if ($transformation_plugin != $default_function) { // always apply a transformation on the real data, // not on the display field $result .= $transformation_plugin->applyTransformation($data, $transform_options, $meta); } else { if ($relational_display == self::RELATIONAL_DISPLAY_COLUMN && !empty($map[$meta->name][2])) { // user chose "relational display field" in the // display options, so show display field in the cell $result .= $default_function($dispval); } else { // otherwise display data in the cell $result .= $default_function($data); } } $result .= '</a>'; } } else { $result .= $transformation_plugin != $default_function ? $transformation_plugin->applyTransformation($data, $transform_options, $meta) : $default_function($data); } $result .= '</td>' . "\n"; return $result; }
* @package PhpMyAdmin */ /** * Get some core libraries */ require_once 'libraries/common.inc.php'; $response = PMA\libraries\Response::getInstance(); $header = $response->getHeader(); $scripts = $header->getScripts(); $scripts->addFile('tbl_structure.js'); // Check parameters PMA\libraries\Util::checkParameters(array('db', 'table')); /** * Defines the url to return to in case of error in a sql statement */ $err_url = 'tbl_sql.php' . PMA_URL_getCommon(array('db' => $db, 'table' => $table)); /** * The form used to define the field to add has been submitted */ $abort = false; // check number of fields to be created if (isset($_REQUEST['submit_num_fields'])) { if (isset($_REQUEST['orig_after_field'])) { $_REQUEST['after_field'] = $_REQUEST['orig_after_field']; } if (isset($_REQUEST['orig_field_where'])) { $_REQUEST['field_where'] = $_REQUEST['orig_field_where']; } $num_fields = $_REQUEST['orig_num_fields'] + $_REQUEST['added_fields']; $regenerate = true; } elseif (isset($_REQUEST['num_fields']) && intval($_REQUEST['num_fields']) > 0) {
$response = PMA_Response::getInstance(); if ($response->isAjax()) { $response->setRequestStatus(false); $response->addJSON('message', PMA_Message::error(__('No databases selected.'))); } else { $url_params = array('reload' => 1); if (isset($message)) { $url_params['message'] = $message; } if (!empty($sql_query)) { $url_params['sql_query'] = $sql_query; } if (isset($show_as_php)) { $url_params['show_as_php'] = $show_as_php; } PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . 'index.php' . PMA_URL_getCommon($url_params, 'text')); } exit; } } } // end if (ensures db exists) if (empty($is_table) && !defined('PMA_SUBMIT_MULT') && !defined('TABLE_MAY_BE_ABSENT')) { // Not a valid table name -> back to the db_sql.php if (mb_strlen($table)) { $is_table = $GLOBALS['dbi']->getCachedTableContent("{$db}.{$table}", false); if (!$is_table) { $_result = $GLOBALS['dbi']->tryQuery('SHOW TABLES LIKE \'' . PMA_Util::sqlAddSlashes($table, true) . '\';', null, PMA_DatabaseInterface::QUERY_STORE); $is_table = @$GLOBALS['dbi']->numRows($_result); $GLOBALS['dbi']->freeResult($_result); }
$response->addJSON('field_type', htmlspecialchars($properties['type'])); $response->addJSON('field_collation', $properties['collation']); $response->addJSON('field_operators', $properties['func']); $response->addJSON('field_value', $properties['value']); exit; } // Gets some core libraries require_once './libraries/tbl_common.inc.php'; $url_query .= '&goto=tbl_select.php&back=tbl_select.php'; // Gets tables informations require_once './libraries/tbl_info.inc.php'; if (!isset($goto)) { $goto = $GLOBALS['cfg']['DefaultTabTable']; } // Defines the url to return to in case of error in the next sql statement $err_url = $goto . PMA_URL_getCommon(array('db' => $db, 'table' => $table)); //Set default datalabel if not selected if (!isset($_POST['zoom_submit']) || $_POST['dataLabel'] == '') { $dataLabel = PMA_getDisplayField($db, $table); } else { $dataLabel = $_POST['dataLabel']; } // Displays the zoom search form $response->addHTML($table_search->getSecondaryTabs()); $response->addHTML($table_search->getSelectionForm($goto, $dataLabel)); /* * Handle the input criteria and generate the query result * Form for displaying query results */ if (isset($_POST['zoom_submit']) && $_POST['criteriaColumnNames'][0] != 'pma_null' && $_POST['criteriaColumnNames'][1] != 'pma_null' && $_POST['criteriaColumnNames'][0] != $_POST['criteriaColumnNames'][1]) { //Query generation part
* This test may be bypassed if $is_js_confirmed = 1 (already checked with js) * but since a malicious user may pass this variable by url/form, we don't take * into account this case. */ if (PMA_hasNoRightsToDropDatabase($analyzed_sql_results, $cfg['AllowUserDropDatabase'], $is_superuser)) { PMA_Util::mysqlDie(__('"DROP DATABASE" statements are disabled.'), '', '', $err_url); } // end if /** * Need to find the real end of rows? */ if (isset($find_real_end) && $find_real_end) { $unlim_num_rows = PMA_findRealEndOfRows($db, $table); } /** * Bookmark add */ if (isset($_POST['store_bkm'])) { PMA_addBookmark($cfg['PmaAbsoluteUri'], $goto); // script has exited at this point } // end if /** * Sets or modifies the $goto variable if required */ if ($goto == 'sql.php') { $is_gotofile = false; $goto = 'sql.php' . PMA_URL_getCommon(array('db' => $db, 'table' => $table, 'sql_query' => $sql_query)); } // end if PMA_executeQueryAndSendQueryResponse($analyzed_sql_results, $is_gotofile, $db, $table, isset($find_real_end) ? $find_real_end : null, isset($import_text) ? $import_text : null, isset($extra_data) ? $extra_data : null, $is_affected, isset($message_to_show) ? $message_to_show : null, isset($disp_mode) ? $disp_mode : null, isset($message) ? $message : null, isset($sql_data) ? $sql_data : null, $goto, $pmaThemeImage, isset($disp_query) ? $display_query : null, isset($disp_message) ? $disp_message : null, isset($query_type) ? $query_type : null, $sql_query, isset($selected) ? $selected : null, isset($complete_query) ? $complete_query : null);
/** * Returns the LINK tags for the favicon and the stylesheets * * @return string the LINK tags */ private function _getLinkTags() { $retval = '<link rel="icon" href="favicon.ico" ' . 'type="image/x-icon" />' . '<link rel="shortcut icon" href="favicon.ico" ' . 'type="image/x-icon" />'; // stylesheets $basedir = defined('PMA_PATH_TO_BASEDIR') ? PMA_PATH_TO_BASEDIR : ''; $common_url = PMA_URL_getCommon(array('server' => $GLOBALS['server'])); $theme_id = $GLOBALS['PMA_Config']->getThemeUniqueValue(); $theme_path = $GLOBALS['pmaThemePath']; if ($this->_isPrintView) { $retval .= '<link rel="stylesheet" type="text/css" href="' . $basedir . 'print.css" />'; } else { // load jQuery's CSS prior to our theme's CSS, to let the theme // override jQuery's CSS $retval .= '<link rel="stylesheet" type="text/css" href="' . $theme_path . '/jquery/jquery-ui-1.11.2.css" />'; $retval .= '<link rel="stylesheet" type="text/css" href="' . $basedir . 'phpmyadmin.css.php' . $common_url . '&nocache=' . $theme_id . $GLOBALS['text_dir'] . '" />'; } return $retval; }
/** * User is not allowed to login to MySQL -> authentication failed * * @global string the MySQL error message PHP returns * @global string the connection type (persistent or not) * @global string the MySQL server port to use * @global string the MySQL socket port to use * @global array the current server settings * @global string the font face to use in case of failure * @global string the default font size to use in case of failure * @global string the big font size to use in case of failure * @global boolean tell the "PMA_mysqlDie()" function headers have been * sent * * @return boolean always true (no return indeed) */ public function authFails() { $conn_error = $GLOBALS['dbi']->getError(); if (!$conn_error) { $conn_error = __('Cannot connect: invalid settings.'); } /* HTML header */ $response = PMA_Response::getInstance(); $response->getFooter()->setMinimal(); $header = $response->getHeader(); $header->setBodyId('loginform'); $header->setTitle(__('Access denied!')); $header->disableMenuAndConsole(); echo '<br /><br /> <center> <h1>'; echo sprintf(__('Welcome to %s'), ' phpMyAdmin '); echo '</h1> </center> <br /> <table cellpadding="0" cellspacing="3" style="margin: 0 auto" width="80%"> <tr> <td>'; if (isset($GLOBALS['allowDeny_forbidden']) && $GLOBALS['allowDeny_forbidden']) { trigger_error(__('Access denied!'), E_USER_NOTICE); } else { // Check whether user has configured something if ($GLOBALS['PMA_Config']->source_mtime == 0) { echo '<p>' . sprintf(__('You probably did not create a configuration file.' . ' You might want to use the %1$ssetup script%2$s to' . ' create one.'), '<a href="setup/">', '</a>') . '</p>' . "\n"; } elseif (!isset($GLOBALS['errno']) || isset($GLOBALS['errno']) && $GLOBALS['errno'] != 2002 && $GLOBALS['errno'] != 2003) { // if we display the "Server not responding" error, do not confuse // users by telling them they have a settings problem // (note: it's true that they could have a badly typed host name, // but anyway the current message tells that the server // rejected the connection, which is not really what happened) // 2002 is the error given by mysqli // 2003 is the error given by mysql trigger_error(__('phpMyAdmin tried to connect to the MySQL server, and the' . ' server rejected the connection. You should check the' . ' host, username and password in your configuration and' . ' make sure that they correspond to the information given' . ' by the administrator of the MySQL server.'), E_USER_WARNING); } echo PMA_Util::mysqlDie($conn_error, '', true, '', false); } $GLOBALS['error_handler']->dispUserErrors(); echo '</td> </tr> <tr> <td>' . "\n"; echo '<a href="' . PMA_Util::getScriptNameForOption($GLOBALS['cfg']['DefaultTabServer'], 'server') . PMA_URL_getCommon(array()) . '" class="button disableAjax">' . __('Retry to connect') . '</a>' . "\n"; echo '</td> </tr>' . "\n"; if (count($GLOBALS['cfg']['Servers']) > 1) { // offer a chance to login to other servers if the current one failed include_once './libraries/select_server.lib.php'; echo '<tr>' . "\n"; echo ' <td>' . "\n"; echo PMA_selectServer(true, true); echo ' </td>' . "\n"; echo '</tr>' . "\n"; } echo '</table>' . "\n"; if (!defined('TESTSUITE')) { exit; } return true; }
/** * Tests for PMA_getHtmlForTrackingReport() method. * * @return void * @test */ public function testPMAGetHtmlForTrackingReportr() { $_REQUEST['version'] = 10; $_REQUEST['date_from'] = "date_from"; $_REQUEST['date_to'] = "date_to"; $_REQUEST['users'] = "users"; $_REQUEST['logtype'] = 'logtype'; $url_query = "select * from PMA"; $data = array('tracking' => 'tracking', 'ddlog' => array('ddlog'), 'dmlog' => array('dmlog')); $url_params = array(); $selection_schema = array(); $selection_data = array(); $selection_both = array(); $filter_ts_to = array(); $filter_ts_from = array(); $filter_users = array(); $html = PMA_getHtmlForTrackingReport($url_query, $data, $url_params, $selection_schema, $selection_data, $selection_both, $filter_ts_to, $filter_ts_from, $filter_users); $this->assertContains(__('Tracking report'), $html); $this->assertContains($url_query, $html); $this->assertContains(__('Tracking statements'), $html); $this->assertContains($data['tracking'], $html); $version = '<form method="post" action="tbl_tracking.php' . PMA_URL_getCommon($url_params + array('report' => 'true', 'version' => $_REQUEST['version'])); $this->assertContains($version, $html); $this->assertContains($version, $html); $this->assertContains(__('Structure only'), $html); $this->assertContains(__('Data only'), $html); $this->assertContains(__('Structure and data'), $html); $this->assertContains(htmlspecialchars($_REQUEST['date_from']), $html); $this->assertContains(htmlspecialchars($_REQUEST['date_to']), $html); $this->assertContains(htmlspecialchars($_REQUEST['users']), $html); }
echo '<ul>'; $class = null; // We rely on CSP to allow access to http://www.phpmyadmin.net, but IE lacks // support here and does not allow request to http once using https. if ($GLOBALS['cfg']['VersionCheck'] && (!$GLOBALS['PMA_Config']->get('is_https') || PMA_USR_BROWSER_AGENT != 'IE')) { $class = 'jsversioncheck'; } PMA_printListItem(__('Version information:') . ' <span class="version">' . PMA_VERSION . '</span>', 'li_pma_version', null, null, null, null, $class); PMA_printListItem(__('Documentation'), 'li_pma_docs', PMA\libraries\Util::getDocuLink('index'), null, '_blank'); PMA_printListItem(__('Wiki'), 'li_pma_wiki', PMA_linkURL('http://wiki.phpmyadmin.net/'), null, '_blank'); // does not work if no target specified, don't know why PMA_printListItem(__('Official Homepage'), 'li_pma_homepage', PMA_linkURL('http://www.phpMyAdmin.net/'), null, '_blank'); PMA_printListItem(__('Contribute'), 'li_pma_contribute', PMA_linkURL('https://www.phpmyadmin.net/contribute/'), null, '_blank'); PMA_printListItem(__('Get support'), 'li_pma_support', PMA_linkURL('https://www.phpmyadmin.net/support/'), null, '_blank'); PMA_printListItem(__('List of changes'), 'li_pma_changes', 'changelog.php' . PMA_URL_getCommon(), null, '_blank'); PMA_printListItem(__('License'), 'li_pma_license', 'license.php' . PMA_URL_getCommon(), null, '_blank'); echo ' </ul>'; echo ' </div>'; echo '</div>'; echo '</div>'; /** * As we try to handle charsets by ourself, mbstring overloads just * break it, see bug 1063821. */ if (@extension_loaded('mbstring') && @ini_get('mbstring.func_overload') > 1) { trigger_error(__('You have enabled mbstring.func_overload in your PHP ' . 'configuration. This option is incompatible with phpMyAdmin ' . 'and might cause some data to be corrupted!'), E_USER_WARNING); } /** * mbstring is used for handling multibytes inside parser, so it is good * to tell user something might be broken without it, see bug #1063149. */