/**
* Sanitizes the file name.
*
* @param string $file_name file name
* @param string $ext extension of the file
*
* @return string the sanitized file name
* @access private
*/
private function _sanitizeName($file_name, $ext)
{
$file_name = PMA_sanitizeFilename($file_name);
// Check if the user already added extension;
// get the substring where the extension would be if it was included
$extension_start_pos = strlen($file_name) - strlen($ext) - 1;
$user_extension = substr($file_name, $extension_start_pos, strlen($file_name));
$required_extension = "." . $ext;
if (strtolower($user_extension) != $required_extension) {
$file_name .= $required_extension;
}
return $file_name;
}
/**
* Return the filename and MIME type for export file
*
* @param string $export_type type of export
* @param string $remember_template whether to remember template
* @param ExportPlugin $export_plugin the export plugin
* @param string $compression compression asked
* @param string $filename_template the filename template
*
* @return array the filename template and mime type
*/
function PMA_getExportFilenameAndMimetype($export_type, $remember_template, $export_plugin, $compression, $filename_template)
{
if ($export_type == 'server') {
if (!empty($remember_template)) {
$GLOBALS['PMA_Config']->setUserValue('pma_server_filename_template', 'Export/file_template_server', $filename_template);
}
} elseif ($export_type == 'database') {
if (!empty($remember_template)) {
$GLOBALS['PMA_Config']->setUserValue('pma_db_filename_template', 'Export/file_template_database', $filename_template);
}
} else {
if (!empty($remember_template)) {
$GLOBALS['PMA_Config']->setUserValue('pma_table_filename_template', 'Export/file_template_table', $filename_template);
}
}
$filename = PMA_Util::expandUserString($filename_template);
// remove dots in filename (coming from either the template or already
// part of the filename) to avoid a remote code execution vulnerability
$filename = PMA_sanitizeFilename($filename, $replaceDots = true);
// Grab basic dump extension and mime type
// Check if the user already added extension;
// get the substring where the extension would be if it was included
$extension_start_pos = mb_strlen($filename) - mb_strlen($export_plugin->getProperties()->getExtension()) - 1;
$user_extension = mb_substr($filename, $extension_start_pos, mb_strlen($filename));
$required_extension = "." . $export_plugin->getProperties()->getExtension();
if (mb_strtolower($user_extension) != $required_extension) {
$filename .= $required_extension;
}
$mime_type = $export_plugin->getProperties()->getMimeType();
// If dump is going to be compressed, set correct mime_type and add
// compression to extension
if ($compression == 'gzip') {
$filename .= '.gz';
$mime_type = 'application/x-gzip';
} elseif ($compression == 'zip') {
$filename .= '.zip';
$mime_type = 'application/zip';
}
return array($filename, $mime_type);
}
include 'tbl_export.php';
}
exit;
}
}
/**
* Send headers depending on whether the user chose to download a dump file
* or not
*/
if (!$save_on_server) {
if ($asfile) {
// Download
// (avoid rewriting data containing HTML with anchors and forms;
// this was reported to happen under Plesk)
@ini_set('url_rewriter.tags', '');
$filename = PMA_sanitizeFilename($filename);
PMA_downloadHeader($filename, $mime_type);
} else {
// HTML
if ($export_type == 'database') {
$num_tables = count($tables);
if ($num_tables == 0) {
$message = PMA_Message::error(__('No tables found in database.'));
$active_page = 'db_export.php';
include 'db_export.php';
exit;
}
}
list($html, $back_button) = PMA_getHtmlForDisplayedExportHeader($export_type, $db, $table);
echo $html;
unset($html);
/**
* Handles the whole import logic
*
* @param array &$sql_data 2-element array with sql data
*
* @return void
*/
public function doImport(&$sql_data = array())
{
global $db, $error, $finished, $compression, $import_file, $local_import_file, $message;
$GLOBALS['finished'] = false;
$shp = new ShapeFile(1);
// If the zip archive has more than one file,
// get the correct content to the buffer from .shp file.
if ($compression == 'application/zip' && PMA_getNoOfFilesInZip($import_file) > 1) {
$zip_content = PMA_getZipContents($import_file, '/^.*\\.shp$/i');
$GLOBALS['import_text'] = $zip_content['data'];
}
$temp_dbf_file = false;
// We need dbase extension to handle .dbf file
if (extension_loaded('dbase')) {
// If we can extract the zip archive to 'TempDir'
// and use the files in it for import
if ($compression == 'application/zip' && !empty($GLOBALS['cfg']['TempDir']) && @is_writable($GLOBALS['cfg']['TempDir'])) {
$dbf_file_name = PMA_findFileFromZipArchive('/^.*\\.dbf$/i', $import_file);
// If the corresponding .dbf file is in the zip archive
if ($dbf_file_name) {
// Extract the .dbf file and point to it.
$extracted = PMA_zipExtract($import_file, $dbf_file_name);
if ($extracted !== false) {
$dbf_file_path = realpath($GLOBALS['cfg']['TempDir']) . (PMA_IS_WINDOWS ? '\\' : '/') . PMA_sanitizeFilename($dbf_file_name, true);
$handle = fopen($dbf_file_path, 'wb');
if ($handle !== false) {
fwrite($handle, $extracted);
fclose($handle);
$temp_dbf_file = true;
// Replace the .dbf with .*, as required
// by the bsShapeFiles library.
$file_name = substr($dbf_file_path, 0, strlen($dbf_file_path) - 4) . '.*';
$shp->FileName = $file_name;
}
}
}
} elseif (!empty($local_import_file) && !empty($GLOBALS['cfg']['UploadDir']) && $compression == 'none') {
// If file is in UploadDir, use .dbf file in the same UploadDir
// to load extra data.
// Replace the .shp with .*,
// so the bsShapeFiles library correctly locates .dbf file.
$file_name = mb_substr($import_file, 0, mb_strlen($import_file) - 4) . '.*';
$shp->FileName = $file_name;
}
}
// Delete the .dbf file extracted to 'TempDir'
if ($temp_dbf_file && isset($dbf_file_path) && file_exists($dbf_file_path)) {
unlink($dbf_file_path);
}
// Load data
$shp->loadFromFile('');
if ($shp->lastError != "") {
$error = true;
$message = PMA\libraries\Message::error(__('There was an error importing the ESRI shape file: "%s".'));
$message->addParam($shp->lastError);
return;
}
$esri_types = array(0 => 'Null Shape', 1 => 'Point', 3 => 'PolyLine', 5 => 'Polygon', 8 => 'MultiPoint', 11 => 'PointZ', 13 => 'PolyLineZ', 15 => 'PolygonZ', 18 => 'MultiPointZ', 21 => 'PointM', 23 => 'PolyLineM', 25 => 'PolygonM', 28 => 'MultiPointM', 31 => 'MultiPatch');
switch ($shp->shapeType) {
// ESRI Null Shape
case 0:
break;
// ESRI Point
// ESRI Point
case 1:
$gis_type = 'point';
break;
// ESRI PolyLine
// ESRI PolyLine
case 3:
$gis_type = 'multilinestring';
break;
// ESRI Polygon
// ESRI Polygon
case 5:
$gis_type = 'multipolygon';
break;
// ESRI MultiPoint
// ESRI MultiPoint
case 8:
$gis_type = 'multipoint';
break;
default:
$error = true;
if (!isset($esri_types[$shp->shapeType])) {
$message = PMA\libraries\Message::error(__('You tried to import an invalid file or the imported file' . ' contains invalid data!'));
} else {
$message = PMA\libraries\Message::error(__('MySQL Spatial Extension does not support ESRI type "%s".'));
$message->addParam($esri_types[$shp->shapeType]);
}
return;
}
if (isset($gis_type)) {
/** @var GISMultilinestring|\PMA\libraries\gis\GISMultipoint|\PMA\libraries\gis\GISPoint|GISPolygon $gis_obj */
$gis_obj = GISFactory::factory($gis_type);
} else {
$gis_obj = null;
}
$num_rows = count($shp->records);
// If .dbf file is loaded, the number of extra data columns
$num_data_cols = isset($shp->DBFHeader) ? count($shp->DBFHeader) : 0;
$rows = array();
$col_names = array();
if ($num_rows != 0) {
foreach ($shp->records as $record) {
$tempRow = array();
if ($gis_obj == null) {
$tempRow[] = null;
} else {
$tempRow[] = "GeomFromText('" . $gis_obj->getShape($record->SHPData) . "')";
}
if (isset($shp->DBFHeader)) {
foreach ($shp->DBFHeader as $c) {
$cell = trim($record->DBFData[$c[0]]);
if (!strcmp($cell, '')) {
$cell = 'NULL';
}
$tempRow[] = $cell;
}
}
$rows[] = $tempRow;
}
}
if (count($rows) == 0) {
$error = true;
$message = PMA\libraries\Message::error(__('The imported file does not contain any data!'));
return;
}
// Column names for spatial column and the rest of the columns,
// if they are available
$col_names[] = 'SPATIAL';
for ($n = 0; $n < $num_data_cols; $n++) {
$col_names[] = $shp->DBFHeader[$n][0];
}
// Set table name based on the number of tables
if (mb_strlen($db)) {
$result = $GLOBALS['dbi']->fetchResult('SHOW TABLES');
$table_name = 'TABLE ' . (count($result) + 1);
} else {
$table_name = 'TBL_NAME';
}
$tables = array(array($table_name, $col_names, $rows));
// Use data from shape file to chose best-fit MySQL types for each column
$analyses = array();
$analyses[] = PMA_analyzeTable($tables[0]);
$table_no = 0;
$spatial_col = 0;
$analyses[$table_no][TYPES][$spatial_col] = GEOMETRY;
$analyses[$table_no][FORMATTEDSQL][$spatial_col] = true;
// Set database name to the currently selected one, if applicable
if (mb_strlen($db)) {
$db_name = $db;
$options = array('create_db' => false);
} else {
$db_name = 'SHP_DB';
$options = null;
}
// Created and execute necessary SQL statements from data
$null_param = null;
PMA_buildSQL($db_name, $tables, $analyses, $null_param, $options, $sql_data);
unset($tables);
unset($analyses);
$finished = true;
$error = false;
// Commit any possible data in buffers
PMA_importRunQuery('', '', $sql_data);
}
/**
* Test for PMA_sanitizeFilename
*/
public function testSanitizeFilename()
{
$this->assertEquals('File_name_123', PMA_sanitizeFilename('File_name 123'));
}
/**
* Sanitizes the file name.
*
* @param string $file_name file name
* @param string $ext extension of the file
*
* @return string the sanitized file name
* @access private
*/
private function _sanitizeName($file_name, $ext)
{
$file_name = PMA_sanitizeFilename($file_name);
/** @var PMA_String $pmaString */
$pmaString = $GLOBALS['PMA_String'];
// Check if the user already added extension;
// get the substring where the extension would be if it was included
$extension_start_pos = $pmaString->strlen($file_name) - $pmaString->strlen($ext) - 1;
$user_extension = $pmaString->substr($file_name, $extension_start_pos, $pmaString->strlen($file_name));
$required_extension = "." . $ext;
if ($pmaString->strtolower($user_extension) != $required_extension) {
$file_name .= $required_extension;
}
return $file_name;
}
