/** * Return the filename and MIME type for export file * * @param string $export_type type of export * @param string $remember_template whether to remember template * @param ExportPlugin $export_plugin the export plugin * @param string $compression compression asked * @param string $filename_template the filename template * * @return array the filename template and mime type */ function PMA_getExportFilenameAndMimetype($export_type, $remember_template, $export_plugin, $compression, $filename_template) { if ($export_type == 'server') { if (!empty($remember_template)) { $GLOBALS['PMA_Config']->setUserValue('pma_server_filename_template', 'Export/file_template_server', $filename_template); } } elseif ($export_type == 'database') { if (!empty($remember_template)) { $GLOBALS['PMA_Config']->setUserValue('pma_db_filename_template', 'Export/file_template_database', $filename_template); } } else { if (!empty($remember_template)) { $GLOBALS['PMA_Config']->setUserValue('pma_table_filename_template', 'Export/file_template_table', $filename_template); } } $filename = PMA\libraries\Util::expandUserString($filename_template); // remove dots in filename (coming from either the template or already // part of the filename) to avoid a remote code execution vulnerability $filename = PMA_sanitizeFilename($filename, $replaceDots = true); // Grab basic dump extension and mime type // Check if the user already added extension; // get the substring where the extension would be if it was included $extension_start_pos = mb_strlen($filename) - mb_strlen($export_plugin->getProperties()->getExtension()) - 1; $user_extension = mb_substr($filename, $extension_start_pos, mb_strlen($filename)); $required_extension = "." . $export_plugin->getProperties()->getExtension(); if (mb_strtolower($user_extension) != $required_extension) { $filename .= $required_extension; } $mime_type = $export_plugin->getProperties()->getMimeType(); // If dump is going to be compressed, set correct mime_type and add // compression to extension if ($compression == 'gzip') { $filename .= '.gz'; $mime_type = 'application/x-gzip'; } elseif ($compression == 'zip') { $filename .= '.zip'; $mime_type = 'application/zip'; } return array($filename, $mime_type); }
/** * Get initial values for Sql Query Form Insert * * @param string $query query to display in the textarea * * @return array ($legend, $query, $columns_list) * * @usedby PMA_getHtmlForSqlQueryFormInsert() */ function PMA_initQueryForm($query) { $columns_list = array(); if (!mb_strlen($GLOBALS['db'])) { // prepare for server related $legend = sprintf(__('Run SQL query/queries on server %s'), '"' . htmlspecialchars(!empty($GLOBALS['cfg']['Servers'][$GLOBALS['server']]['verbose']) ? $GLOBALS['cfg']['Servers'][$GLOBALS['server']]['verbose'] : $GLOBALS['cfg']['Servers'][$GLOBALS['server']]['host']) . '"'); } elseif (!mb_strlen($GLOBALS['table'])) { // prepare for db related $db = $GLOBALS['db']; // if you want navigation: $tmp_db_link = '<a href="' . PMA\libraries\Util::getScriptNameForOption($GLOBALS['cfg']['DefaultTabDatabase'], 'database') . PMA_URL_getCommon(array('db' => $db)) . '"'; $tmp_db_link .= '>' . htmlspecialchars($db) . '</a>'; $legend = sprintf(__('Run SQL query/queries on database %s'), $tmp_db_link); if (empty($query)) { $query = PMA\libraries\Util::expandUserString($GLOBALS['cfg']['DefaultQueryDatabase'], 'backquote'); } } else { $db = $GLOBALS['db']; $table = $GLOBALS['table']; // Get the list and number of fields // we do a try_query here, because we could be in the query window, // trying to synchronize and the table has not yet been created $columns_list = $GLOBALS['dbi']->getColumns($db, $GLOBALS['table'], null, true); $tmp_tbl_link = '<a href="' . PMA\libraries\Util::getScriptNameForOption($GLOBALS['cfg']['DefaultTabTable'], 'table') . PMA_URL_getCommon(array('db' => $db, 'table' => $table)) . '" >'; $tmp_tbl_link .= htmlspecialchars($db) . '.' . htmlspecialchars($table) . '</a>'; $legend = sprintf(__('Run SQL query/queries on table %s'), $tmp_tbl_link); if (empty($query)) { $query = PMA\libraries\Util::expandUserString($GLOBALS['cfg']['DefaultQueryTable'], 'backquote'); } } $legend .= ': ' . PMA\libraries\Util::showMySQLDocu('SELECT'); return array($legend, $query, $columns_list); }
/** * Test case for expanding strings with escaping * * @param string $in string to evaluate * @param string $out expected output * * @return void * * @dataProvider provider */ public function testExpandEscape($in, $out) { $out = str_replace('PMA_VERSION', PMA_VERSION, $out); $this->assertEquals(htmlspecialchars($out), PMA\libraries\Util::expandUserString($in, 'htmlspecialchars')); }