/** * Bookmark Support: get a query back from bookmark if required */ if (!empty($id_bookmark)) { require_once './libraries/bookmark.lib.php'; switch ($action_bookmark) { case 0: // bookmarked query that have to be run $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark, 'id', isset($action_bookmark_all) ? TRUE : FALSE); if (isset($bookmark_variable) && !empty($bookmark_variable)) { $sql_query = preg_replace('|/\\*(.*)\\[VARIABLE\\](.*)\\*/|imsU', '${1}' . PMA_sqlAddslashes($bookmark_variable) . '${2}', $sql_query); } break; case 1: // bookmarked query that have to be displayed $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark); $view_bookmark = 1; break; case 2: // bookmarked query that have to be deleted $sql_query = PMA_deleteBookmarks($db, $cfg['Bookmark'], $id_bookmark); break; } } // end if /** * Prepares the sql query */ // Gets the query from a file if required if ($sql_file != 'none') { // loic1 : fixed a security issue
$err_url = (!empty($back) ? $back : $goto) . '?' . PMA_generate_common_url(isset($db) ? $db : '') . (strpos(' ' . $goto, 'db_details') != 1 && isset($table) ? '&table=' . urlencode($table) : ''); } // end if // Coming from a bookmark dialog if (isset($fields['query'])) { $sql_query = $fields['query']; } // This one is just to fill $db if (isset($fields['dbase'])) { $db = $fields['dbase']; } // Default to browse if no query set an we have table // (needed for browsing from DefaultTabTable) if (!isset($sql_query) && isset($table) && isset($db)) { require_once './libraries/bookmark.lib.php'; $book_sql_query = PMA_queryBookmarks($db, $GLOBALS['cfg']['Bookmark'], '\'' . PMA_sqlAddslashes($table) . '\'', 'label'); if (!empty($book_sql_query)) { $sql_query = $book_sql_query; } else { $sql_query = 'SELECT * FROM ' . PMA_backquote($table); } unset($book_sql_query); // set $goto to what will be displayed if query returns 0 rows $goto = 'tbl_properties_structure.php'; } else { // Now we can check the parameters PMA_checkParameters(array('sql_query')); } // instead of doing the test twice $is_drop_database = preg_match('/DROP[[:space:]]+(DATABASE|SCHEMA)[[:space:]]+/i', $sql_query); /**
$each_table['TABLE_ROWS'] = PMA_countRecords($db, $each_table['TABLE_NAME'], $return = true, $force_exact = true); } $table_encoded = urlencode($each_table['TABLE_NAME']); // MySQL < 5.0.13 returns "view", >= 5.0.13 returns "VIEW" $table_is_view = $each_table['TABLE_TYPE'] === 'VIEW' || $each_table['TABLE_TYPE'] === 'SYSTEM VIEW'; $alias = !empty($tooltip_aliasname) && isset($tooltip_aliasname[$each_table['TABLE_NAME']]) ? htmlspecialchars($tooltip_aliasname[$each_table['TABLE_NAME']]) : htmlspecialchars($each_table['TABLE_NAME']); $truename = !empty($tooltip_truename) && isset($tooltip_truename[$each_table['TABLE_NAME']]) ? htmlspecialchars($tooltip_truename[$each_table['TABLE_NAME']]) : htmlspecialchars($each_table['TABLE_NAME']); // Sets parameters for links $tbl_url_query = $url_query . '&table=' . $table_encoded; $i++; $row_count++; if ($table_is_view) { $hidden_fields[] = '<input type="hidden" name="views[]" value="' . $table_encoded . '" />'; } if ($each_table['TABLE_ROWS'] > 0) { $book_sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], '\'' . PMA_sqlAddslashes($each_table['TABLE_NAME']) . '\'', 'label'); $browse_table = '<a href="sql.php?' . $tbl_url_query . '&sql_query=' . ($book_sql_query ? urlencode($book_sql_query) : urlencode('SELECT * FROM ' . PMA_backquote($each_table['TABLE_NAME']))) . '&pos=0">' . $titles['Browse'] . '</a>'; $search_table = '<a href="tbl_select.php?' . $tbl_url_query . '">' . $titles['Search'] . '</a>'; } else { $browse_table = $titles['NoBrowse']; $search_table = $titles['NoSearch']; } if (!$db_is_information_schema) { if (!empty($each_table['TABLE_ROWS'])) { $empty_table = '<a href="sql.php?' . $tbl_url_query . '&sql_query='; if (PMA_MYSQL_INT_VERSION >= 40000) { $empty_table .= urlencode('TRUNCATE ' . PMA_backquote($each_table['TABLE_NAME'])) . '&zero_rows=' . urlencode(sprintf($strTableHasBeenEmptied, htmlspecialchars($each_table['TABLE_NAME']))) . '" onclick="return confirmLink(this, \'TRUNCATE '; } else { $empty_table .= urlencode('DELETE FROM ' . PMA_backquote($each_table['TABLE_NAME'])) . '&zero_rows=' . urlencode(sprintf($strTableHasBeenEmptied, htmlspecialchars($each_table['TABLE_NAME']))) . '" onclick="return confirmLink(this, \'DELETE FROM '; } $empty_table .= PMA_jsFormat($each_table['TABLE_NAME']) . '\')">' . $titles['Empty'] . '</a>';
if (isset($bookmark_variable) && !empty($bookmark_variable)) { $import_text = preg_replace('|/\\*(.*)\\[VARIABLE\\](.*)\\*/|imsU', '${1}' . PMA_sqlAddslashes($bookmark_variable) . '${2}', $import_text); } // refresh left frame on changes in table or db structure if (preg_match('/^(CREATE|ALTER|DROP)\\s+(VIEW|TABLE|DATABASE|SCHEMA)\\s+/i', $import_text)) { $GLOBALS['reload'] = true; } break; case 1: // bookmarked query that have to be displayed $import_text = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark); $run_query = FALSE; break; case 2: // bookmarked query that have to be deleted $import_text = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark); PMA_deleteBookmarks($db, $cfg['Bookmark'], $id_bookmark); $run_query = FALSE; $error = TRUE; // this is kind of hack to skip processing the query break; } } // end bookmarks reading // Do no run query if we show PHP code if (isset($GLOBALS['show_as_php'])) { $run_query = FALSE; $go_sql = TRUE; } // Store the query as a bookmark before executing it if bookmarklabel was given if (!empty($bkm_label) && !empty($import_text)) {
$sql_bookmark = isset($sql_bookmark) ? $sql_bookmark : ''; $sql_query = isset($sql_query) ? $sql_query : ''; $sql_file = !empty($sql_file) ? $sql_file : 'none'; /** * Bookmark Support: get a query back from bookmark if required */ if (!empty($id_bookmark)) { include 'bookmark.lib.php'; switch ($action_bookmark) { case 0: // bookmarked query that have to be run $sql_query = PMA_queryBookmarks($db, $cfgBookmark, $id_bookmark); break; case 1: // bookmarked query that have to be displayed $sql_query = PMA_queryBookmarks($db, $cfgBookmark, $id_bookmark); $view_bookmark = 1; break; case 2: // bookmarked query that have to be deleted $sql_query = PMA_deleteBookmarks($db, $cfgBookmark, $id_bookmark); break; } } // end if /** * Prepares the sql query */ // Gets the query from a file if required if ($sql_file != 'none') { if (file_exists($sql_file) && is_uploaded_file($sql_file)) {