/** * Returns HTML code to include javascript file. * * @param array $files The list of js file to include * * @return string HTML code for javascript inclusion. */ private function _includeFiles($files) { $first_dynamic_scripts = ""; $dynamic_scripts = ""; $scripts = array(); foreach ($files as $value) { if (strpos($value['filename'], "?") !== false) { if ($value['before_statics'] === true) { $first_dynamic_scripts .= "<script type='text/javascript' src='js/" . $value['filename'] . "'></script>"; } else { $dynamic_scripts .= "<script type='text/javascript' src='js/" . $value['filename'] . "'></script>"; } continue; } $include = true; if ($value['conditional_ie'] !== false && PMA_USR_BROWSER_AGENT === 'IE') { if ($value['conditional_ie'] === true) { $include = true; } else { if ($value['conditional_ie'] == PMA_USR_BROWSER_VER) { $include = true; } else { $include = false; } } } if ($include) { $scripts[] = "scripts[]=" . $value['filename']; } } $separator = PMA_URL_getArgSeparator(); $url = 'js/get_scripts.js.php' . PMA_URL_getCommon(array(), 'none') . $separator . implode($separator, $scripts); $static_scripts = sprintf('<script type="text/javascript" src="%s"></script>', htmlspecialchars($url)); return $first_dynamic_scripts . $static_scripts . $dynamic_scripts; }
/** * Returns HTML code to include javascript file. * * @param array $files The list of js file to include * * @return string HTML code for javascript inclusion. */ private function _includeFiles($files) { $first_dynamic_scripts = ""; $dynamic_scripts = ""; $scripts = array(); $separator = PMA_URL_getArgSeparator(); foreach ($files as $value) { if (mb_strpos($value['filename'], "?") !== false) { $file_name = $value['filename'] . $separator . Header::getVersionParameter(); if ($value['before_statics'] === true) { $first_dynamic_scripts .= "<script data-cfasync='false' type='text/javascript' " . "src='js/" . $file_name . "'></script>"; } else { $dynamic_scripts .= "<script data-cfasync='false' " . "type='text/javascript' src='js/" . $file_name . "'></script>"; } continue; } $include = true; if ($value['conditional_ie'] !== false && PMA_USR_BROWSER_AGENT === 'IE') { if ($value['conditional_ie'] === true) { $include = true; } else { if ($value['conditional_ie'] == PMA_USR_BROWSER_VER) { $include = true; } else { $include = false; } } } if ($include) { $scripts[] = "scripts%5B%5D=" . $value['filename']; } } $separator = PMA_URL_getArgSeparator(); $static_scripts = ''; // Using chunks of 10 files to avoid too long URLs // as some servers are set to 512 bytes URL limit $script_chunks = array_chunk($scripts, 10); foreach ($script_chunks as $script_chunk) { $url = 'js/get_scripts.js.php?' . implode($separator, $script_chunk) . $separator . Header::getVersionParameter(); $static_scripts .= sprintf('<script data-cfasync="false" type="text/javascript" src="%s">' . '</script>', htmlspecialchars($url)); } return $first_dynamic_scripts . $static_scripts . $dynamic_scripts; }
/** * Returns HTML code to include javascript file. * * @param array $files The list of js file to include * * @return string HTML code for javascript inclusion. */ private function _includeFiles($files) { $first_dynamic_scripts = ""; $dynamic_scripts = ""; $scripts = array(); $separator = PMA_URL_getArgSeparator(); foreach ($files as $value) { if (mb_strpos($value['filename'], "?") !== false) { $file_name = $value['filename'] . $separator . PMA_Header::getVersionParameter(); if ($value['before_statics'] === true) { $first_dynamic_scripts .= "<script data-cfasync='false' type='text/javascript' src='js/" . $file_name . "'></script>"; } else { $dynamic_scripts .= "<script data-cfasync='false' type='text/javascript' src='js/" . $file_name . "'></script>"; } continue; } $include = true; if ($value['conditional_ie'] !== false && PMA_USR_BROWSER_AGENT === 'IE') { if ($value['conditional_ie'] === true) { $include = true; } else { if ($value['conditional_ie'] == PMA_USR_BROWSER_VER) { $include = true; } else { $include = false; } } } if ($include) { $scripts[] = "scripts%5B%5D=" . $value['filename']; } } $url = 'js/get_scripts.js.php?' . implode($separator, $scripts) . $separator . PMA_Header::getVersionParameter(); $static_scripts = sprintf('<script data-cfasync="false" type="text/javascript" src="%s"></script>', htmlspecialchars($url)); return $first_dynamic_scripts . $static_scripts . $dynamic_scripts; }
/** * Send HTTP header, taking IIS limits into account (600 seems ok) * * @param string $uri the header to send * @param bool $use_refresh whether to use Refresh: header when running on IIS * * @return boolean always true */ function PMA_sendHeaderLocation($uri, $use_refresh = false) { if (PMA_IS_IIS && strlen($uri) > 600) { include_once './libraries/js_escape.lib.php'; PMA_Response::getInstance()->disable(); echo '<html><head><title>- - -</title>' . "\n"; echo '<meta http-equiv="expires" content="0">' . "\n"; echo '<meta http-equiv="Pragma" content="no-cache">' . "\n"; echo '<meta http-equiv="Cache-Control" content="no-cache">' . "\n"; echo '<meta http-equiv="Refresh" content="0;url=' . htmlspecialchars($uri) . '">' . "\n"; echo '<script type="text/javascript">' . "\n"; echo '//<![CDATA[' . "\n"; echo 'setTimeout("window.location = unescape(\'"' . PMA_escapeJsString($uri) . '"\')", 2000);' . "\n"; echo '//]]>' . "\n"; echo '</script>' . "\n"; echo '</head>' . "\n"; echo '<body>' . "\n"; echo '<script type="text/javascript">' . "\n"; echo '//<![CDATA[' . "\n"; echo 'document.write(\'<p><a href="' . htmlspecialchars($uri) . '">' . __('Go') . '</a></p>\');' . "\n"; echo '//]]>' . "\n"; echo '</script></body></html>' . "\n"; return; } if (SID) { if (strpos($uri, '?') === false) { header('Location: ' . $uri . '?' . SID); } else { $separator = PMA_URL_getArgSeparator(); header('Location: ' . $uri . $separator . SID); } return; } session_write_close(); if (headers_sent()) { if (function_exists('debug_print_backtrace')) { echo '<pre>'; debug_print_backtrace(); echo '</pre>'; } trigger_error('PMA_sendHeaderLocation called when headers are already sent!', E_USER_ERROR); } // bug #1523784: IE6 does not like 'Refresh: 0', it // results in a blank page // but we need it when coming from the cookie login panel) if (PMA_IS_IIS && $use_refresh) { header('Refresh: 0; ' . $uri); } else { header('Location: ' . $uri); } }
/** * Test for PMA_sendHeaderLocation * * @return void */ public function testSendHeaderLocationWithSidUrlWithQuestionMark() { if (defined('PMA_TEST_HEADERS')) { runkit_constant_redefine('SID', md5('test_hash')); $testUri = 'http://testurl.com/test.php?test=test'; $separator = PMA_URL_getArgSeparator(); $header = array('Location: ' . $testUri . $separator . SID); /* sets $GLOBALS['header'] */ PMA_sendHeaderLocation($testUri); $this->assertEquals($header, $GLOBALS['header']); } else { $this->markTestSkipped('Cannot redefine constant/function - missing runkit extension'); } }
/** * Send HTTP header, taking IIS limits into account (600 seems ok) * * @param string $uri the header to send * @param bool $use_refresh whether to use Refresh: header when running on IIS * * @return void */ function PMA_sendHeaderLocation($uri, $use_refresh = false) { if (PMA_IS_IIS && mb_strlen($uri) > 600) { include_once './libraries/js_escape.lib.php'; PMA\libraries\Response::getInstance()->disable(); echo PMA\libraries\Template::get('header_location')->render(array('uri' => $uri)); return; } if (SID) { if (mb_strpos($uri, '?') === false) { header('Location: ' . $uri . '?' . SID); } else { $separator = PMA_URL_getArgSeparator(); header('Location: ' . $uri . $separator . SID); } return; } session_write_close(); if (headers_sent()) { if (function_exists('debug_print_backtrace')) { echo '<pre>'; debug_print_backtrace(); echo '</pre>'; } trigger_error('PMA_sendHeaderLocation called when headers are already sent!', E_USER_ERROR); } // bug #1523784: IE6 does not like 'Refresh: 0', it // results in a blank page // but we need it when coming from the cookie login panel) if (PMA_IS_IIS && $use_refresh) { header('Refresh: 0; ' . $uri); } else { header('Location: ' . $uri); } }
*/ if (!defined('PHPMYADMIN')) { exit; } /** * Core libraries. */ require_once './libraries/display_select_lang.lib.php'; require_once './libraries/config/FormDisplay.class.php'; require_once './libraries/config/ServerConfigChecks.class.php'; require_once './setup/lib/index.lib.php'; // prepare unfiltered language list $all_languages = PMA_langList(); uasort($all_languages, 'PMA_languageCmp'); $cf = $GLOBALS['ConfigFile']; $separator = PMA_URL_getArgSeparator('html'); // message handling PMA_messagesBegin(); // // Check phpMyAdmin version // if (isset($_GET['version_check'])) { PMA_versionCheck(); } // // Perform various security, compatibility and consistency checks // $configChecker = new ServerConfigChecks($GLOBALS['ConfigFile']); $configChecker->performConfigChecks(); // // Check whether we can read/write configuration
/** * Splits a URL string by parameter * * @param string $url the URL * * @return array the parameter/value pairs, for example [0] db=sakila */ public static function splitURLQuery($url) { // decode encoded url separators $separator = PMA_URL_getArgSeparator(); // on most places separator is still hard coded ... if ($separator !== '&') { // ... so always replace & with $separator $url = str_replace(htmlentities('&'), $separator, $url); $url = str_replace('&', $separator, $url); } $url = str_replace(htmlentities($separator), $separator, $url); // end decode $url_parts = parse_url($url); if (!empty($url_parts['query'])) { return explode($separator, $url_parts['query']); } else { return array(); } }
/** * Generates text with URL parameters. * * <code> * // OLD (deprecated) style * // note the ? * echo 'script.php?' . PMA_URL_getCommon('mysql', 'rights'); * // produces with cookies enabled: * // script.php?db=mysql&table=rights * // with cookies disabled: * // script.php?server=1&lang=en&db=mysql&table=rights * * // NEW style * $params['myparam'] = 'myvalue'; * $params['db'] = 'mysql'; * $params['table'] = 'rights'; * // note the missing ? * echo 'script.php' . PMA_URL_getCommon($params); * // produces with cookies enabled: * // script.php?myparam=myvalue&db=mysql&table=rights * // with cookies disabled: * // script.php?server=1&lang=en&myparam=myvalue&db=mysql * // &table=rights * * // note the missing ? * echo 'script.php' . PMA_URL_getCommon(); * // produces with cookies enabled: * // script.php * // with cookies disabled: * // script.php?server=1&lang=en * </code> * * @param mixed $params_or_db Contains either an associative array with url * params or optional string with database name; * if first param is an array there is also an ? * prefixed to the url * * @param string $encode_or_table If first param is array: 'html' to use * htmlspecialchars() on the resulting URL * (for a normal URL displayed in HTML) * or something else to avoid using * htmlspecialchars() (for a URL sent via a * header); if not set,'html' is assumed; * If first param is not array: * optional table name * * @param string $divider If first param is array: optional character * to use instead of '?'; * If first param is not array: optional * character to use instead of '&' for * dividing URL parameters * * @return string string with URL parameters * @access public */ function PMA_URL_getCommon() { $args = func_get_args(); if (isset($args[0]) && is_array($args[0])) { // new style $params = $args[0]; if (isset($args[1])) { $encode = $args[1]; } else { $encode = 'html'; } if (isset($args[2])) { $questionmark = $args[2]; } else { $questionmark = '?'; } } else { // old style $params = array(); if (PMA_isValid($args[0])) { $params['db'] = $args[0]; } if (PMA_isValid($args[1])) { $params['table'] = $args[1]; } if (isset($args[2]) && $args[2] !== '&') { $encode = 'text'; } else { $encode = 'html'; } $questionmark = ''; } $separator = PMA_URL_getArgSeparator(); // avoid overwriting when creating navi panel links to servers if (isset($GLOBALS['server']) && $GLOBALS['server'] != $GLOBALS['cfg']['ServerDefault'] && !isset($params['server'])) { $params['server'] = $GLOBALS['server']; } if (empty($_COOKIE['pma_lang']) && !empty($GLOBALS['lang'])) { $params['lang'] = $GLOBALS['lang']; } if (empty($_COOKIE['pma_collation_connection']) && !empty($GLOBALS['collation_connection'])) { $params['collation_connection'] = $GLOBALS['collation_connection']; } if (isset($_SESSION[' PMA_token '])) { $params['token'] = $_SESSION[' PMA_token ']; } if (empty($params)) { return ''; } $query = $questionmark . http_build_query($params, null, $separator); if ($encode === 'html') { $query = htmlspecialchars($query); } return $query; }
/** * Processes forms registered in $form_display, handles error correction * * @param FormDisplay $form_display Form to display * * @return void */ function PMA_Process_formset(FormDisplay $form_display) { if (isset($_GET['mode']) && $_GET['mode'] == 'revert') { // revert erroneous fields to their default values $form_display->fixErrors(); PMA_generateHeader303(); } if (!$form_display->process(false)) { // handle form view and failed POST echo $form_display->getDisplay(true, true); return; } // check for form errors if (!$form_display->hasErrors()) { PMA_generateHeader303(); return; } // form has errors, show warning $separator = PMA_URL_getArgSeparator('html'); $page = isset($_GET['page']) ? $_GET['page'] : null; $formset = isset($_GET['formset']) ? $_GET['formset'] : null; $formset = $formset ? "{$separator}formset={$formset}" : ''; $formId = PMA_isValid($_GET['id'], 'numeric') ? $_GET['id'] : null; if ($formId === null && $page == 'servers') { // we've just added a new server, get its id $formId = $form_display->getConfigFile()->getServerCount(); } $formId = $formId ? "{$separator}id={$formId}" : ''; ?> <div class="error"> <h4><?php echo __('Warning'); ?> </h4> <?php echo __('Submitted form contains errors'); ?> <br /> <a href="<?php echo PMA_URL_getCommon(), $separator; ?> page=<?php echo $page, $formset, $formId, $separator; ?> mode=revert"> <?php echo __('Try to revert erroneous fields to their default values'); ?> </a> </div> <?php echo $form_display->displayErrors(); ?> <a class="btn" href="index.php<?php echo PMA_URL_getCommon(); ?> "> <?php echo __('Ignore errors'); ?> </a> <a class="btn" href="<?php echo PMA_URL_getCommon() . $separator; ?> page=<?php echo $page . $formset . $formId . $separator; ?> mode=edit"> <?php echo __('Show form'); ?> </a> <?php }
/** * Test for PMA_URL_getCommon * * @return void */ public function testDefault() { $GLOBALS['server'] = 'x'; $GLOBALS['collation_connection'] = 'x'; $GLOBALS['cfg']['ServerDefault'] = 'y'; $separator = PMA_URL_getArgSeparator(); $expected = '?server=x' . htmlentities($separator) . 'lang=en' . htmlentities($separator) . 'collation_connection=x' . htmlentities($separator) . 'token=token'; $this->assertEquals($expected, PMA_URL_getCommon()); }
/** * Processes forms registered in $form_display, handles error correction * * @param FormDisplay $form_display * * @return void */ function process_formset(FormDisplay $form_display) { if (filter_input(INPUT_GET, 'mode') == 'revert') { // revert erroneous fields to their default values $form_display->fixErrors(); // drop post data header('HTTP/1.1 303 See Other'); header('Location: index.php'); if (!defined('TESTSUITE')) { exit; } } if (!$form_display->process(false)) { // handle form view and failed POST $form_display->display(true, true); } else { // check for form errors if ($form_display->hasErrors()) { // form has errors, show warning $separator = PMA_URL_getArgSeparator('html'); $page = filter_input(INPUT_GET, 'page'); $formset = filter_input(INPUT_GET, 'formset'); $formset = $formset ? "{$separator}formset={$formset}" : ''; $id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT); if ($id === null && $page == 'servers') { // we've just added a new server, get it's id $id = $form_display->getConfigFile()->getServerCount(); } $id = $id ? "{$separator}id={$id}" : ''; ?> <div class="error"> <h4><?php echo __('Warning'); ?> </h4> <?php echo __('Submitted form contains errors'); ?> <br /> <a href="?page=<?php echo $page . $formset . $id . $separator; ?> mode=revert"><?php echo __('Try to revert erroneous fields to their default values'); ?> </a> </div> <?php $form_display->displayErrors(); ?> <a class="btn" href="index.php"><?php echo __('Ignore errors'); ?> </a> <a class="btn" href="?page=<?php echo $page . $formset . $id . $separator; ?> mode=edit"><?php echo __('Show form'); ?> </a> <?php } else { // drop post data header('HTTP/1.1 303 See Other'); header('Location: index.php'); if (!defined('TESTSUITE')) { exit; } } } }
public function testSendHeaderLocationWithoutSidWithIis() { if (defined('PMA_TEST_HEADERS')) { runkit_constant_redefine('PMA_IS_IIS', true); $testUri = 'http://testurl.com/test.php'; $separator = PMA_URL_getArgSeparator(); $header = array('Location: ' . $testUri); PMA_sendHeaderLocation($testUri); // sets $GLOBALS['header'] $this->assertEquals($header, $GLOBALS['header']); //reset $GLOBALS['header'] for the next assertion unset($GLOBALS['header']); $header = array('Refresh: 0; ' . $testUri); PMA_sendHeaderLocation($testUri, true); // sets $GLOBALS['header'] $this->assertEquals($header, $GLOBALS['header']); } else { $this->markTestSkipped('Cannot redefine constant/function - missing runkit extension'); } }
/** * Generates text with URL parameters. * * <code> * $params['myparam'] = 'myvalue'; * $params['db'] = 'mysql'; * $params['table'] = 'rights'; * // note the missing ? * echo 'script.php' . PMA_URL_getCommon($params); * // produces with cookies enabled: * // script.php?myparam=myvalue&db=mysql&table=rights * // with cookies disabled: * // script.php?server=1&lang=en&myparam=myvalue&db=mysql * // &table=rights * * // note the missing ? * echo 'script.php' . PMA_URL_getCommon(); * // produces with cookies enabled: * // script.php * // with cookies disabled: * // script.php?server=1&lang=en * </code> * * @param mixed $params optional, Contains an associative array with url params * * @param string $encode 'html' to use htmlspecialchars() on the resulting * URL (for a normal URL displayed in HTML) or * something else to avoid using htmlspecialchars() * (for a URL sent via a header); * if not set,'html' is assumed * * @param string $divider optional character to use instead of '?' * * @return string string with URL parameters * @access public */ function PMA_URL_getCommon($params = array(), $encode = 'html', $divider = '?') { $separator = PMA_URL_getArgSeparator(); // avoid overwriting when creating navi panel links to servers if (isset($GLOBALS['server']) && $GLOBALS['server'] != $GLOBALS['cfg']['ServerDefault'] && !isset($params['server'])) { $params['server'] = $GLOBALS['server']; } if (empty($_COOKIE['pma_lang']) && !empty($GLOBALS['lang'])) { $params['lang'] = $GLOBALS['lang']; } if (empty($_COOKIE['pma_collation_connection']) && !empty($GLOBALS['collation_connection'])) { $params['collation_connection'] = $GLOBALS['collation_connection']; } if (isset($_SESSION[' PMA_token '])) { $params['token'] = $_SESSION[' PMA_token ']; } if (empty($params)) { return ''; } $query = $divider . http_build_query($params, null, $separator); if ($encode === 'html') { $query = htmlspecialchars($query); } return $query; }