/**
* Returns HTML code to include javascript file.
*
* @param array $files The list of js file to include
*
* @return string HTML code for javascript inclusion.
*/
private function _includeFiles($files)
{
$first_dynamic_scripts = "";
$dynamic_scripts = "";
$scripts = array();
foreach ($files as $value) {
if (strpos($value['filename'], "?") !== false) {
if ($value['before_statics'] === true) {
$first_dynamic_scripts .= "<script type='text/javascript' src='js/" . $value['filename'] . "'></script>";
} else {
$dynamic_scripts .= "<script type='text/javascript' src='js/" . $value['filename'] . "'></script>";
}
continue;
}
$include = true;
if ($value['conditional_ie'] !== false && PMA_USR_BROWSER_AGENT === 'IE') {
if ($value['conditional_ie'] === true) {
$include = true;
} else {
if ($value['conditional_ie'] == PMA_USR_BROWSER_VER) {
$include = true;
} else {
$include = false;
}
}
}
if ($include) {
$scripts[] = "scripts[]=" . $value['filename'];
}
}
$separator = PMA_URL_getArgSeparator();
$url = 'js/get_scripts.js.php' . PMA_URL_getCommon(array(), 'none') . $separator . implode($separator, $scripts);
$static_scripts = sprintf('<script type="text/javascript" src="%s"></script>', htmlspecialchars($url));
return $first_dynamic_scripts . $static_scripts . $dynamic_scripts;
}
/**
* Returns HTML code to include javascript file.
*
* @param array $files The list of js file to include
*
* @return string HTML code for javascript inclusion.
*/
private function _includeFiles($files)
{
$first_dynamic_scripts = "";
$dynamic_scripts = "";
$scripts = array();
$separator = PMA_URL_getArgSeparator();
foreach ($files as $value) {
if (mb_strpos($value['filename'], "?") !== false) {
$file_name = $value['filename'] . $separator . Header::getVersionParameter();
if ($value['before_statics'] === true) {
$first_dynamic_scripts .= "<script data-cfasync='false' type='text/javascript' " . "src='js/" . $file_name . "'></script>";
} else {
$dynamic_scripts .= "<script data-cfasync='false' " . "type='text/javascript' src='js/" . $file_name . "'></script>";
}
continue;
}
$include = true;
if ($value['conditional_ie'] !== false && PMA_USR_BROWSER_AGENT === 'IE') {
if ($value['conditional_ie'] === true) {
$include = true;
} else {
if ($value['conditional_ie'] == PMA_USR_BROWSER_VER) {
$include = true;
} else {
$include = false;
}
}
}
if ($include) {
$scripts[] = "scripts%5B%5D=" . $value['filename'];
}
}
$separator = PMA_URL_getArgSeparator();
$static_scripts = '';
// Using chunks of 10 files to avoid too long URLs
// as some servers are set to 512 bytes URL limit
$script_chunks = array_chunk($scripts, 10);
foreach ($script_chunks as $script_chunk) {
$url = 'js/get_scripts.js.php?' . implode($separator, $script_chunk) . $separator . Header::getVersionParameter();
$static_scripts .= sprintf('<script data-cfasync="false" type="text/javascript" src="%s">' . '</script>', htmlspecialchars($url));
}
return $first_dynamic_scripts . $static_scripts . $dynamic_scripts;
}
/**
* Returns HTML code to include javascript file.
*
* @param array $files The list of js file to include
*
* @return string HTML code for javascript inclusion.
*/
private function _includeFiles($files)
{
$first_dynamic_scripts = "";
$dynamic_scripts = "";
$scripts = array();
$separator = PMA_URL_getArgSeparator();
foreach ($files as $value) {
if (mb_strpos($value['filename'], "?") !== false) {
$file_name = $value['filename'] . $separator . PMA_Header::getVersionParameter();
if ($value['before_statics'] === true) {
$first_dynamic_scripts .= "<script data-cfasync='false' type='text/javascript' src='js/" . $file_name . "'></script>";
} else {
$dynamic_scripts .= "<script data-cfasync='false' type='text/javascript' src='js/" . $file_name . "'></script>";
}
continue;
}
$include = true;
if ($value['conditional_ie'] !== false && PMA_USR_BROWSER_AGENT === 'IE') {
if ($value['conditional_ie'] === true) {
$include = true;
} else {
if ($value['conditional_ie'] == PMA_USR_BROWSER_VER) {
$include = true;
} else {
$include = false;
}
}
}
if ($include) {
$scripts[] = "scripts%5B%5D=" . $value['filename'];
}
}
$url = 'js/get_scripts.js.php?' . implode($separator, $scripts) . $separator . PMA_Header::getVersionParameter();
$static_scripts = sprintf('<script data-cfasync="false" type="text/javascript" src="%s"></script>', htmlspecialchars($url));
return $first_dynamic_scripts . $static_scripts . $dynamic_scripts;
}
/**
* Send HTTP header, taking IIS limits into account (600 seems ok)
*
* @param string $uri the header to send
* @param bool $use_refresh whether to use Refresh: header when running on IIS
*
* @return boolean always true
*/
function PMA_sendHeaderLocation($uri, $use_refresh = false)
{
if (PMA_IS_IIS && strlen($uri) > 600) {
include_once './libraries/js_escape.lib.php';
PMA_Response::getInstance()->disable();
echo '<html><head><title>- - -</title>' . "\n";
echo '<meta http-equiv="expires" content="0">' . "\n";
echo '<meta http-equiv="Pragma" content="no-cache">' . "\n";
echo '<meta http-equiv="Cache-Control" content="no-cache">' . "\n";
echo '<meta http-equiv="Refresh" content="0;url=' . htmlspecialchars($uri) . '">' . "\n";
echo '<script type="text/javascript">' . "\n";
echo '//<![CDATA[' . "\n";
echo 'setTimeout("window.location = unescape(\'"' . PMA_escapeJsString($uri) . '"\')", 2000);' . "\n";
echo '//]]>' . "\n";
echo '</script>' . "\n";
echo '</head>' . "\n";
echo '<body>' . "\n";
echo '<script type="text/javascript">' . "\n";
echo '//<![CDATA[' . "\n";
echo 'document.write(\'<p><a href="' . htmlspecialchars($uri) . '">' . __('Go') . '</a></p>\');' . "\n";
echo '//]]>' . "\n";
echo '</script></body></html>' . "\n";
return;
}
if (SID) {
if (strpos($uri, '?') === false) {
header('Location: ' . $uri . '?' . SID);
} else {
$separator = PMA_URL_getArgSeparator();
header('Location: ' . $uri . $separator . SID);
}
return;
}
session_write_close();
if (headers_sent()) {
if (function_exists('debug_print_backtrace')) {
echo '<pre>';
debug_print_backtrace();
echo '</pre>';
}
trigger_error('PMA_sendHeaderLocation called when headers are already sent!', E_USER_ERROR);
}
// bug #1523784: IE6 does not like 'Refresh: 0', it
// results in a blank page
// but we need it when coming from the cookie login panel)
if (PMA_IS_IIS && $use_refresh) {
header('Refresh: 0; ' . $uri);
} else {
header('Location: ' . $uri);
}
}
/**
* Test for PMA_sendHeaderLocation
*
* @return void
*/
public function testSendHeaderLocationWithSidUrlWithQuestionMark()
{
if (defined('PMA_TEST_HEADERS')) {
runkit_constant_redefine('SID', md5('test_hash'));
$testUri = 'http://testurl.com/test.php?test=test';
$separator = PMA_URL_getArgSeparator();
$header = array('Location: ' . $testUri . $separator . SID);
/* sets $GLOBALS['header'] */
PMA_sendHeaderLocation($testUri);
$this->assertEquals($header, $GLOBALS['header']);
} else {
$this->markTestSkipped('Cannot redefine constant/function - missing runkit extension');
}
}
/**
* Send HTTP header, taking IIS limits into account (600 seems ok)
*
* @param string $uri the header to send
* @param bool $use_refresh whether to use Refresh: header when running on IIS
*
* @return void
*/
function PMA_sendHeaderLocation($uri, $use_refresh = false)
{
if (PMA_IS_IIS && mb_strlen($uri) > 600) {
include_once './libraries/js_escape.lib.php';
PMA\libraries\Response::getInstance()->disable();
echo PMA\libraries\Template::get('header_location')->render(array('uri' => $uri));
return;
}
if (SID) {
if (mb_strpos($uri, '?') === false) {
header('Location: ' . $uri . '?' . SID);
} else {
$separator = PMA_URL_getArgSeparator();
header('Location: ' . $uri . $separator . SID);
}
return;
}
session_write_close();
if (headers_sent()) {
if (function_exists('debug_print_backtrace')) {
echo '<pre>';
debug_print_backtrace();
echo '</pre>';
}
trigger_error('PMA_sendHeaderLocation called when headers are already sent!', E_USER_ERROR);
}
// bug #1523784: IE6 does not like 'Refresh: 0', it
// results in a blank page
// but we need it when coming from the cookie login panel)
if (PMA_IS_IIS && $use_refresh) {
header('Refresh: 0; ' . $uri);
} else {
header('Location: ' . $uri);
}
}
*/
if (!defined('PHPMYADMIN')) {
exit;
}
/**
* Core libraries.
*/
require_once './libraries/display_select_lang.lib.php';
require_once './libraries/config/FormDisplay.class.php';
require_once './libraries/config/ServerConfigChecks.class.php';
require_once './setup/lib/index.lib.php';
// prepare unfiltered language list
$all_languages = PMA_langList();
uasort($all_languages, 'PMA_languageCmp');
$cf = $GLOBALS['ConfigFile'];
$separator = PMA_URL_getArgSeparator('html');
// message handling
PMA_messagesBegin();
//
// Check phpMyAdmin version
//
if (isset($_GET['version_check'])) {
PMA_versionCheck();
}
//
// Perform various security, compatibility and consistency checks
//
$configChecker = new ServerConfigChecks($GLOBALS['ConfigFile']);
$configChecker->performConfigChecks();
//
// Check whether we can read/write configuration
/**
* Splits a URL string by parameter
*
* @param string $url the URL
*
* @return array the parameter/value pairs, for example [0] db=sakila
*/
public static function splitURLQuery($url)
{
// decode encoded url separators
$separator = PMA_URL_getArgSeparator();
// on most places separator is still hard coded ...
if ($separator !== '&') {
// ... so always replace & with $separator
$url = str_replace(htmlentities('&'), $separator, $url);
$url = str_replace('&', $separator, $url);
}
$url = str_replace(htmlentities($separator), $separator, $url);
// end decode
$url_parts = parse_url($url);
if (!empty($url_parts['query'])) {
return explode($separator, $url_parts['query']);
} else {
return array();
}
}
/**
* Generates text with URL parameters.
*
* <code>
* // OLD (deprecated) style
* // note the ?
* echo 'script.php?' . PMA_URL_getCommon('mysql', 'rights');
* // produces with cookies enabled:
* // script.php?db=mysql&table=rights
* // with cookies disabled:
* // script.php?server=1&lang=en&db=mysql&table=rights
*
* // NEW style
* $params['myparam'] = 'myvalue';
* $params['db'] = 'mysql';
* $params['table'] = 'rights';
* // note the missing ?
* echo 'script.php' . PMA_URL_getCommon($params);
* // produces with cookies enabled:
* // script.php?myparam=myvalue&db=mysql&table=rights
* // with cookies disabled:
* // script.php?server=1&lang=en&myparam=myvalue&db=mysql
* // &table=rights
*
* // note the missing ?
* echo 'script.php' . PMA_URL_getCommon();
* // produces with cookies enabled:
* // script.php
* // with cookies disabled:
* // script.php?server=1&lang=en
* </code>
*
* @param mixed $params_or_db Contains either an associative array with url
* params or optional string with database name;
* if first param is an array there is also an ?
* prefixed to the url
*
* @param string $encode_or_table If first param is array: 'html' to use
* htmlspecialchars() on the resulting URL
* (for a normal URL displayed in HTML)
* or something else to avoid using
* htmlspecialchars() (for a URL sent via a
* header); if not set,'html' is assumed;
* If first param is not array:
* optional table name
*
* @param string $divider If first param is array: optional character
* to use instead of '?';
* If first param is not array: optional
* character to use instead of '&' for
* dividing URL parameters
*
* @return string string with URL parameters
* @access public
*/
function PMA_URL_getCommon()
{
$args = func_get_args();
if (isset($args[0]) && is_array($args[0])) {
// new style
$params = $args[0];
if (isset($args[1])) {
$encode = $args[1];
} else {
$encode = 'html';
}
if (isset($args[2])) {
$questionmark = $args[2];
} else {
$questionmark = '?';
}
} else {
// old style
$params = array();
if (PMA_isValid($args[0])) {
$params['db'] = $args[0];
}
if (PMA_isValid($args[1])) {
$params['table'] = $args[1];
}
if (isset($args[2]) && $args[2] !== '&') {
$encode = 'text';
} else {
$encode = 'html';
}
$questionmark = '';
}
$separator = PMA_URL_getArgSeparator();
// avoid overwriting when creating navi panel links to servers
if (isset($GLOBALS['server']) && $GLOBALS['server'] != $GLOBALS['cfg']['ServerDefault'] && !isset($params['server'])) {
$params['server'] = $GLOBALS['server'];
}
if (empty($_COOKIE['pma_lang']) && !empty($GLOBALS['lang'])) {
$params['lang'] = $GLOBALS['lang'];
}
if (empty($_COOKIE['pma_collation_connection']) && !empty($GLOBALS['collation_connection'])) {
$params['collation_connection'] = $GLOBALS['collation_connection'];
}
if (isset($_SESSION[' PMA_token '])) {
$params['token'] = $_SESSION[' PMA_token '];
}
if (empty($params)) {
return '';
}
$query = $questionmark . http_build_query($params, null, $separator);
if ($encode === 'html') {
$query = htmlspecialchars($query);
}
return $query;
}
/**
* Processes forms registered in $form_display, handles error correction
*
* @param FormDisplay $form_display Form to display
*
* @return void
*/
function PMA_Process_formset(FormDisplay $form_display)
{
if (isset($_GET['mode']) && $_GET['mode'] == 'revert') {
// revert erroneous fields to their default values
$form_display->fixErrors();
PMA_generateHeader303();
}
if (!$form_display->process(false)) {
// handle form view and failed POST
echo $form_display->getDisplay(true, true);
return;
}
// check for form errors
if (!$form_display->hasErrors()) {
PMA_generateHeader303();
return;
}
// form has errors, show warning
$separator = PMA_URL_getArgSeparator('html');
$page = isset($_GET['page']) ? $_GET['page'] : null;
$formset = isset($_GET['formset']) ? $_GET['formset'] : null;
$formset = $formset ? "{$separator}formset={$formset}" : '';
$formId = PMA_isValid($_GET['id'], 'numeric') ? $_GET['id'] : null;
if ($formId === null && $page == 'servers') {
// we've just added a new server, get its id
$formId = $form_display->getConfigFile()->getServerCount();
}
$formId = $formId ? "{$separator}id={$formId}" : '';
?>
<div class="error">
<h4><?php
echo __('Warning');
?>
</h4>
<?php
echo __('Submitted form contains errors');
?>
<br />
<a href="<?php
echo PMA_URL_getCommon(), $separator;
?>
page=<?php
echo $page, $formset, $formId, $separator;
?>
mode=revert">
<?php
echo __('Try to revert erroneous fields to their default values');
?>
</a>
</div>
<?php
echo $form_display->displayErrors();
?>
<a class="btn" href="index.php<?php
echo PMA_URL_getCommon();
?>
">
<?php
echo __('Ignore errors');
?>
</a>
<a class="btn" href="<?php
echo PMA_URL_getCommon() . $separator;
?>
page=<?php
echo $page . $formset . $formId . $separator;
?>
mode=edit">
<?php
echo __('Show form');
?>
</a>
<?php
}
/**
* Test for PMA_URL_getCommon
*
* @return void
*/
public function testDefault()
{
$GLOBALS['server'] = 'x';
$GLOBALS['collation_connection'] = 'x';
$GLOBALS['cfg']['ServerDefault'] = 'y';
$separator = PMA_URL_getArgSeparator();
$expected = '?server=x' . htmlentities($separator) . 'lang=en' . htmlentities($separator) . 'collation_connection=x' . htmlentities($separator) . 'token=token';
$this->assertEquals($expected, PMA_URL_getCommon());
}
/**
* Processes forms registered in $form_display, handles error correction
*
* @param FormDisplay $form_display
*
* @return void
*/
function process_formset(FormDisplay $form_display)
{
if (filter_input(INPUT_GET, 'mode') == 'revert') {
// revert erroneous fields to their default values
$form_display->fixErrors();
// drop post data
header('HTTP/1.1 303 See Other');
header('Location: index.php');
if (!defined('TESTSUITE')) {
exit;
}
}
if (!$form_display->process(false)) {
// handle form view and failed POST
$form_display->display(true, true);
} else {
// check for form errors
if ($form_display->hasErrors()) {
// form has errors, show warning
$separator = PMA_URL_getArgSeparator('html');
$page = filter_input(INPUT_GET, 'page');
$formset = filter_input(INPUT_GET, 'formset');
$formset = $formset ? "{$separator}formset={$formset}" : '';
$id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);
if ($id === null && $page == 'servers') {
// we've just added a new server, get it's id
$id = $form_display->getConfigFile()->getServerCount();
}
$id = $id ? "{$separator}id={$id}" : '';
?>
<div class="error">
<h4><?php
echo __('Warning');
?>
</h4>
<?php
echo __('Submitted form contains errors');
?>
<br />
<a href="?page=<?php
echo $page . $formset . $id . $separator;
?>
mode=revert"><?php
echo __('Try to revert erroneous fields to their default values');
?>
</a>
</div>
<?php
$form_display->displayErrors();
?>
<a class="btn" href="index.php"><?php
echo __('Ignore errors');
?>
</a>
<a class="btn" href="?page=<?php
echo $page . $formset . $id . $separator;
?>
mode=edit"><?php
echo __('Show form');
?>
</a>
<?php
} else {
// drop post data
header('HTTP/1.1 303 See Other');
header('Location: index.php');
if (!defined('TESTSUITE')) {
exit;
}
}
}
}
public function testSendHeaderLocationWithoutSidWithIis()
{
if (defined('PMA_TEST_HEADERS')) {
runkit_constant_redefine('PMA_IS_IIS', true);
$testUri = 'http://testurl.com/test.php';
$separator = PMA_URL_getArgSeparator();
$header = array('Location: ' . $testUri);
PMA_sendHeaderLocation($testUri); // sets $GLOBALS['header']
$this->assertEquals($header, $GLOBALS['header']);
//reset $GLOBALS['header'] for the next assertion
unset($GLOBALS['header']);
$header = array('Refresh: 0; ' . $testUri);
PMA_sendHeaderLocation($testUri, true); // sets $GLOBALS['header']
$this->assertEquals($header, $GLOBALS['header']);
} else {
$this->markTestSkipped('Cannot redefine constant/function - missing runkit extension');
}
}
/**
* Generates text with URL parameters.
*
* <code>
* $params['myparam'] = 'myvalue';
* $params['db'] = 'mysql';
* $params['table'] = 'rights';
* // note the missing ?
* echo 'script.php' . PMA_URL_getCommon($params);
* // produces with cookies enabled:
* // script.php?myparam=myvalue&db=mysql&table=rights
* // with cookies disabled:
* // script.php?server=1&lang=en&myparam=myvalue&db=mysql
* // &table=rights
*
* // note the missing ?
* echo 'script.php' . PMA_URL_getCommon();
* // produces with cookies enabled:
* // script.php
* // with cookies disabled:
* // script.php?server=1&lang=en
* </code>
*
* @param mixed $params optional, Contains an associative array with url params
*
* @param string $encode 'html' to use htmlspecialchars() on the resulting
* URL (for a normal URL displayed in HTML) or
* something else to avoid using htmlspecialchars()
* (for a URL sent via a header);
* if not set,'html' is assumed
*
* @param string $divider optional character to use instead of '?'
*
* @return string string with URL parameters
* @access public
*/
function PMA_URL_getCommon($params = array(), $encode = 'html', $divider = '?')
{
$separator = PMA_URL_getArgSeparator();
// avoid overwriting when creating navi panel links to servers
if (isset($GLOBALS['server']) && $GLOBALS['server'] != $GLOBALS['cfg']['ServerDefault'] && !isset($params['server'])) {
$params['server'] = $GLOBALS['server'];
}
if (empty($_COOKIE['pma_lang']) && !empty($GLOBALS['lang'])) {
$params['lang'] = $GLOBALS['lang'];
}
if (empty($_COOKIE['pma_collation_connection']) && !empty($GLOBALS['collation_connection'])) {
$params['collation_connection'] = $GLOBALS['collation_connection'];
}
if (isset($_SESSION[' PMA_token '])) {
$params['token'] = $_SESSION[' PMA_token '];
}
if (empty($params)) {
return '';
}
$query = $divider . http_build_query($params, null, $separator);
if ($encode === 'html') {
$query = htmlspecialchars($query);
}
return $query;
}
