コード例 #1
0
ファイル: export.lib.php プロジェクト: wp-cloud/phpmyadmin 
/**
 * Return the filename and MIME type for export file
 *
 * @param string       $export_type       type of export
 * @param string       $remember_template whether to remember template
 * @param ExportPlugin $export_plugin     the export plugin
 * @param string       $compression       compression asked
 * @param string       $filename_template the filename template
 *
 * @return array the filename template and mime type
 */
function PMA_getExportFilenameAndMimetype($export_type, $remember_template, $export_plugin, $compression, $filename_template)
{
    if ($export_type == 'server') {
        if (!empty($remember_template)) {
            $GLOBALS['PMA_Config']->setUserValue('pma_server_filename_template', 'Export/file_template_server', $filename_template);
        }
    } elseif ($export_type == 'database') {
        if (!empty($remember_template)) {
            $GLOBALS['PMA_Config']->setUserValue('pma_db_filename_template', 'Export/file_template_database', $filename_template);
        }
    } else {
        if (!empty($remember_template)) {
            $GLOBALS['PMA_Config']->setUserValue('pma_table_filename_template', 'Export/file_template_table', $filename_template);
        }
    }
    $filename = PMA\libraries\Util::expandUserString($filename_template);
    // remove dots in filename (coming from either the template or already
    // part of the filename) to avoid a remote code execution vulnerability
    $filename = PMA_sanitizeFilename($filename, $replaceDots = true);
    // Grab basic dump extension and mime type
    // Check if the user already added extension;
    // get the substring where the extension would be if it was included
    $extension_start_pos = mb_strlen($filename) - mb_strlen($export_plugin->getProperties()->getExtension()) - 1;
    $user_extension = mb_substr($filename, $extension_start_pos, mb_strlen($filename));
    $required_extension = "." . $export_plugin->getProperties()->getExtension();
    if (mb_strtolower($user_extension) != $required_extension) {
        $filename .= $required_extension;
    }
    $mime_type = $export_plugin->getProperties()->getMimeType();
    // If dump is going to be compressed, set correct mime_type and add
    // compression to extension
    if ($compression == 'gzip') {
        $filename .= '.gz';
        $mime_type = 'application/x-gzip';
    } elseif ($compression == 'zip') {
        $filename .= '.zip';
        $mime_type = 'application/zip';
    }
    return array($filename, $mime_type);
}
コード例 #2
0
/**
 * Get initial values for Sql Query Form Insert
 *
 * @param string $query query to display in the textarea
 *
 * @return array ($legend, $query, $columns_list)
 *
 * @usedby  PMA_getHtmlForSqlQueryFormInsert()
 */
function PMA_initQueryForm($query)
{
    $columns_list = array();
    if (!mb_strlen($GLOBALS['db'])) {
        // prepare for server related
        $legend = sprintf(__('Run SQL query/queries on server %s'), '"' . htmlspecialchars(!empty($GLOBALS['cfg']['Servers'][$GLOBALS['server']]['verbose']) ? $GLOBALS['cfg']['Servers'][$GLOBALS['server']]['verbose'] : $GLOBALS['cfg']['Servers'][$GLOBALS['server']]['host']) . '"');
    } elseif (!mb_strlen($GLOBALS['table'])) {
        // prepare for db related
        $db = $GLOBALS['db'];
        // if you want navigation:
        $tmp_db_link = '<a href="' . PMA\libraries\Util::getScriptNameForOption($GLOBALS['cfg']['DefaultTabDatabase'], 'database') . PMA_URL_getCommon(array('db' => $db)) . '"';
        $tmp_db_link .= '>' . htmlspecialchars($db) . '</a>';
        $legend = sprintf(__('Run SQL query/queries on database %s'), $tmp_db_link);
        if (empty($query)) {
            $query = PMA\libraries\Util::expandUserString($GLOBALS['cfg']['DefaultQueryDatabase'], 'backquote');
        }
    } else {
        $db = $GLOBALS['db'];
        $table = $GLOBALS['table'];
        // Get the list and number of fields
        // we do a try_query here, because we could be in the query window,
        // trying to synchronize and the table has not yet been created
        $columns_list = $GLOBALS['dbi']->getColumns($db, $GLOBALS['table'], null, true);
        $tmp_tbl_link = '<a href="' . PMA\libraries\Util::getScriptNameForOption($GLOBALS['cfg']['DefaultTabTable'], 'table') . PMA_URL_getCommon(array('db' => $db, 'table' => $table)) . '" >';
        $tmp_tbl_link .= htmlspecialchars($db) . '.' . htmlspecialchars($table) . '</a>';
        $legend = sprintf(__('Run SQL query/queries on table %s'), $tmp_tbl_link);
        if (empty($query)) {
            $query = PMA\libraries\Util::expandUserString($GLOBALS['cfg']['DefaultQueryTable'], 'backquote');
        }
    }
    $legend .= ': ' . PMA\libraries\Util::showMySQLDocu('SELECT');
    return array($legend, $query, $columns_list);
}
コード例 #3
0
 /**
  * Test case for expanding strings with escaping
  *
  * @param string $in  string to evaluate
  * @param string $out expected output
  *
  * @return void
  *
  * @dataProvider provider
  */
 public function testExpandEscape($in, $out)
 {
     $out = str_replace('PMA_VERSION', PMA_VERSION, $out);
     $this->assertEquals(htmlspecialchars($out), PMA\libraries\Util::expandUserString($in, 'htmlspecialchars'));
 }