Exemplo n.º 1
0
 /**
  * The basic node
  * @static
  * @param string $nodeName
  * @param string $nodeLabel
  * @param bool $isLeaf
  * @param array $metaData
  * @param bool $close
  * @param bool $print
  * @return void|string
  */
 public static function renderNode($nodeName, $nodeLabel, $isLeaf, $metaData = array(), $close = true, $print = true)
 {
     $string = "<tree";
     $metaData["filename"] = $nodeName;
     if (AJXP_Utils::detectXSS($nodeName)) {
         $metaData["filename"] = "/XSS Detected - Please contact your admin";
     }
     if (!isset($metaData["text"])) {
         if (AJXP_Utils::detectXSS($nodeLabel)) {
             $nodeLabel = "XSS Detected - Please contact your admin";
         }
         $metaData["text"] = $nodeLabel;
     } else {
         if (AJXP_Utils::detectXSS($metaData["text"])) {
             $metaData["text"] = "XSS Detected - Please contact your admin";
         }
     }
     $metaData["is_file"] = $isLeaf ? "true" : "false";
     $metaData["ajxp_im_time"] = time();
     foreach ($metaData as $key => $value) {
         if (AJXP_Utils::detectXSS($value)) {
             $value = "XSS Detected!";
         }
         $value = AJXP_Utils::xmlEntities($value, true);
         $string .= " {$key}=\"{$value}\"";
     }
     if ($close) {
         $string .= "/>";
     } else {
         $string .= ">";
     }
     return AJXP_XMLWriter::write($string, $print);
 }
Exemplo n.º 2
0
 /**
  * Write text to the log file.
  *
  * If write is not allowed because the file is not yet open, the message is buffered until
  * file becomes available.
  *
  * @param String $level Log severity: one of LOG_LEVEL_* (DEBUG,INFO,NOTICE,WARNING,ERROR)
  * @param String $ip The client ip
  * @param String $user The user login
  * @param String $source The source of the message
  * @param String $prefix The prefix of the message
  * @param String $message The message to log
  * @throws Exception
  * @return void
  */
 public function write2($level, $ip, $user, $source, $prefix, $message, $nodePathes = array())
 {
     if (AJXP_Utils::detectXSS($message)) {
         $message = "XSS Detected in message!";
     }
     $textMessage = date("m-d-y") . " " . date("H:i:s") . "\t";
     $textMessage .= "{$ip}\t" . strtoupper((string) $level) . "\t{$user}\t{$source}\t{$prefix}\t{$message}\n";
     if ($this->fileHandle !== false) {
         if (count($this->stack)) {
             $this->stackFlush();
         }
         if (fwrite($this->fileHandle, $textMessage) === false) {
             throw new Exception("There was an error writing to log file ({$this->logFileName})");
         }
     } else {
         $this->stack[] = $textMessage;
     }
 }
 public function switchAction($action, $httpVars, $fileVars)
 {
     parent::accessPreprocess($action, $httpVars, $fileVars);
     $xmlBuffer = "";
     foreach ($httpVars as $getName => $getValue) {
         ${$getName} = AJXP_Utils::securePath($getValue);
     }
     $selection = new UserSelection();
     $selection->initFromHttpVars($httpVars);
     if (isset($dir) && $action != "upload") {
         $safeDir = $dir;
         $dir = SystemTextEncoding::fromUTF8($dir);
     }
     // FILTER DIR PAGINATION ANCHOR
     if (isset($dir) && strstr($dir, "%23") !== false) {
         $parts = explode("%23", $dir);
         $dir = $parts[0];
         $page = $parts[1];
     }
     if (isset($dest)) {
         $dest = SystemTextEncoding::fromUTF8($dest);
     }
     $mess = ConfService::getMessages();
     // Sanitize all httpVars entries
     foreach ($httpVars as $k => &$value) {
         $value = AJXP_Utils::sanitize($value, AJXP_SANITIZE_FILENAME);
     }
     switch ($action) {
         //------------------------------------
         //	ONLINE EDIT
         //------------------------------------
         case "edit_record":
             $isNew = false;
             if (isset($record_is_new) && $record_is_new == "true") {
                 $isNew = true;
             }
             $tableName = $_POST["table_name"];
             $pkName = $_POST["pk_name"];
             $query = "";
             $arrValues = array();
             foreach ($_POST as $key => $value) {
                 if (substr($key, 0, strlen("ajxp_mysql_")) == "ajxp_mysql_") {
                     $newKey = substr($key, strlen("ajxp_mysql_"));
                     $arrValues[$newKey] = $value;
                 }
             }
             if ($isNew) {
                 $string = "";
                 $index = 0;
                 foreach ($arrValues as $k => $v) {
                     // CHECK IF AUTO KEY!!!
                     $string .= "'" . addslashes(SystemTextEncoding::fromUTF8($v)) . "'";
                     if ($index < count($arrValues) - 1) {
                         $string .= ",";
                     }
                     $index++;
                 }
                 $query = "INSERT INTO {$tableName} VALUES ({$string})";
             } else {
                 $string = "";
                 $index = 0;
                 foreach ($arrValues as $k => $v) {
                     if ($k == $pkName) {
                         $pkValue = $v;
                     } else {
                         $string .= $k . "='" . addslashes(SystemTextEncoding::fromUTF8($v)) . "'";
                         if ($index < count($arrValues) - 1) {
                             $string .= ",";
                         }
                     }
                     $index++;
                 }
                 $query = "UPDATE {$tableName} SET {$string} WHERE {$pkName}='{$pkValue}'";
             }
             $link = $this->createDbLink();
             $res = $this->execQuery($query);
             $this->closeDbLink($link);
             if (is_a($res, "AJXP_Exception")) {
                 $errorMessage = $res->messageId;
             } else {
                 $logMessage = $query;
                 $reload_file_list = true;
             }
             break;
             //------------------------------------
             //	CHANGE COLUMNS OR CREATE TABLE
             //------------------------------------
         //------------------------------------
         //	CHANGE COLUMNS OR CREATE TABLE
         //------------------------------------
         case "edit_table":
             $link = $this->createDbLink();
             if (isset($httpVars["current_table"])) {
                 if (isset($httpVars["delete_column"])) {
                     $query = "ALTER TABLE " . $httpVars["current_table"] . " DROP COLUMN " . $httpVars["delete_column"];
                     $res = $this->execQuery($query);
                     if (is_a($res, "AJXP_Exception")) {
                         $errorMessage = $res->messageId;
                     } else {
                         $logMessage = $query;
                         $reload_file_list = true;
                     }
                     $this->closeDbLink($link);
                     break;
                 }
                 if (isset($httpVars["add_column"])) {
                     $defString = $this->makeColumnDef($httpVars, "add_field_");
                     $query = "ALTER TABLE " . $httpVars["current_table"] . " ADD COLUMN ({$defString})";
                     if (isset($httpVars["add_field_pk"]) && $httpVars["add_field_pk"] == "1") {
                         $query .= ", ADD PRIMARY KEY (" . $httpVars["add_field_name"] . ")";
                     }
                     if (isset($httpVars["add_field_index"]) && $httpVars["add_field_index"] == "1") {
                         $query .= ", ADD INDEX (" . $httpVars["add_field_name"] . ")";
                     }
                     if (isset($httpVars["add_field_uniq"]) && $httpVars["add_field_uniq"] == "1") {
                         $query .= ", ADD UNIQUE (" . $httpVars["add_field_name"] . ")";
                     }
                     $res = $this->execQuery($query);
                     if (is_a($res, "AJXP_Exception")) {
                         $errorMessage = $res->messageId;
                     } else {
                         $logMessage = $query;
                         $reload_file_list = true;
                     }
                     $this->closeDbLink($link);
                     break;
                 }
             }
             $fields = array("origname", "name", "default", "null", "size", "type", "flags", "pk", "index", "uniq");
             $rows = array();
             foreach ($httpVars as $k => $val) {
                 $split = explode("_", $k);
                 if (count($split) == 3 && $split[0] == "field" && is_numeric($split[2]) && in_array($split[1], $fields)) {
                     if (!isset($rows[intval($split[2])])) {
                         $rows[intval($split[2])] = array();
                     }
                     $rows[intval($split[2])][$split[1]] = $val;
                 } else {
                     if (count($split) == 2 && $split[0] == "field" && in_array($split[1], $fields)) {
                         if (!isset($rows[0])) {
                             $rows[0] = array();
                         }
                         $rows[0][$split[1]] = $val;
                     }
                 }
             }
             if (isset($current_table)) {
                 $qMessage = '';
                 foreach ($rows as $row) {
                     $sizeString = $row["size"] != "" ? "(" . $row["size"] . ")" : "";
                     $defString = $row["default"] != "" ? " DEFAULT " . $row["default"] . "" : "";
                     $query = "ALTER TABLE {$current_table} CHANGE " . $row["origname"] . " " . $row["name"] . " " . $row["type"] . $sizeString . $defString . " " . $row["null"];
                     $res = $this->execQuery(trim($query));
                     if (is_a($res, "AJXP_Exception")) {
                         $errorMessage = $res->messageId;
                         $this->closeDbLink($link);
                         break;
                     } else {
                         $qMessage .= $query;
                         $reload_file_list = true;
                     }
                 }
                 $logMessage = $qMessage;
             } else {
                 if (isset($new_table)) {
                     $fieldsDef = array();
                     $pks = array();
                     $indexes = array();
                     $uniqs = array();
                     foreach ($rows as $index => $row) {
                         $fieldsDef[] = $this->makeColumnDef($row);
                         // Analyse keys
                         if ($row["pk"] == "1") {
                             $pks[] = $row["name"];
                         }
                         if ($row["index"] == "1") {
                             $indexes[] = $row["name"];
                         }
                         if ($row["uniq"] == "1") {
                             $uniqs[] = $row["name"];
                         }
                     }
                     $fieldsDef = implode(",", $fieldsDef);
                     if (count($pks)) {
                         $fieldsDef .= ",PRIMARY KEY (" . implode(",", $pks) . ")";
                     }
                     if (count($indexes)) {
                         $fieldsDef .= ",INDEX (" . implode(",", $indexes) . ")";
                     }
                     if (count($uniqs)) {
                         $fieldsDef .= ",UNIQUE (" . implode(",", $uniqs) . ")";
                     }
                     $query = "CREATE TABLE {$new_table} ({$fieldsDef})";
                     $res = $this->execQuery(trim($query));
                     if (is_a($res, "AJXP_Exception")) {
                         $errorMessage = $res->messageId;
                     } else {
                         $logMessage = $query;
                         $reload_file_list = true;
                         $reload_current_node = true;
                     }
                 }
             }
             $this->closeDbLink($link);
             break;
             //------------------------------------
             //	SUPPRIMER / DELETE
             //------------------------------------
         //------------------------------------
         //	SUPPRIMER / DELETE
         //------------------------------------
         case "delete_table":
         case "delete_record":
             $dir = basename($dir);
             $link = $this->createDbLink();
             if (trim($dir) == "") {
                 // ROOT NODE => DROP TABLES
                 $tables = $selection->getFiles();
                 $query = "DROP TABLE";
                 foreach ($tables as $index => $tableName) {
                     $tables[$index] = basename($tableName);
                 }
                 $query .= " " . implode(",", $tables);
                 $res = $this->execQuery($query);
                 $reload_current_node = true;
             } else {
                 // TABLE NODE => DELETE RECORDS
                 $tableName = $dir;
                 $pks = $selection->getFiles();
                 foreach ($pks as $key => $pkString) {
                     $parts = explode(".", $pkString);
                     array_pop($parts);
                     // remove .pk extension
                     array_shift($parts);
                     // remove record prefix
                     foreach ($parts as $index => $pkPart) {
                         $parts[$index] = str_replace("__", "='", $pkPart) . "'";
                     }
                     $pks[$key] = "(" . implode(" AND ", $parts) . ")";
                 }
                 $query = "DELETE FROM {$tableName} WHERE " . implode(" OR ", $pks);
                 $res = $this->execQuery($query);
             }
             //AJXP_Exception::errorToXml($res);
             if (is_a($res, "AJXP_Exception")) {
                 $errorMessage = $res->messageId;
             } else {
                 $logMessage = $query;
                 $reload_file_list = true;
             }
             $this->closeDbLink($link);
             break;
             //------------------------------------
             //	RENOMMER / RENAME
             //------------------------------------
         //------------------------------------
         //	RENOMMER / RENAME
         //------------------------------------
         case "set_query":
             $query = $httpVars["query"];
             $_SESSION["LAST_SQL_QUERY"] = $query;
             print "<tree store=\"true\"></tree>";
             break;
             //------------------------------------
             //	XML LISTING
             //------------------------------------
         //------------------------------------
         //	XML LISTING
         //------------------------------------
         case "ls":
             if (!isset($dir) || $dir == "/") {
                 $dir = "";
             }
             $searchMode = $fileListMode = $completeMode = false;
             if (isset($mode)) {
                 if ($mode == "search") {
                     $searchMode = true;
                 } else {
                     if ($mode == "file_list") {
                         $fileListMode = true;
                     } else {
                         if ($mode == "complete") {
                             $completeMode = true;
                         }
                     }
                 }
             }
             $link = $this->createDbLink();
             //AJXP_Exception::errorToXml($link);
             if ($dir == "") {
                 AJXP_XMLWriter::header();
                 $tables = $this->listTables();
                 AJXP_XMLWriter::sendFilesListComponentConfig('<columns switchDisplayMode="list" switchGridMode="filelist"><column messageString="Table Name" attributeName="ajxp_label" sortType="String"/><column messageString="Byte Size" attributeName="bytesize" sortType="NumberKo"/><column messageString="Count" attributeName="count" sortType="Number"/></columns>');
                 $icon = $mode == "file_list" ? "sql_images/mimes/ICON_SIZE/table_empty.png" : "sql_images/mimes/ICON_SIZE/table_empty_tree.png";
                 foreach ($tables as $tableName) {
                     if (AJXP_Utils::detectXSS($tableName)) {
                         $tableName = "XSS Detected!";
                         $size = 'N/A';
                         $count = 'N/A';
                     } else {
                         $size = $this->getSize($tableName);
                         $count = $this->getCount($tableName);
                     }
                     print "<tree is_file=\"0\" text=\"{$tableName}\" filename=\"/{$tableName}\" bytesize=\"{$size}\" count=\"{$count}\" icon=\"{$icon}\" ajxp_mime=\"table\" />";
                 }
                 print "<tree is_file=\"0\" text=\"Search Results\" ajxp_node=\"true\" filename=\"/ajxpmysqldriver_searchresults\" bytesize=\"-\" count=\"-\" icon=\"search.png\"/>";
                 AJXP_XMLWriter::close();
             } else {
                 $tableName = basename($dir);
                 if (isset($page)) {
                     $currentPage = $page;
                 } else {
                     $currentPage = 1;
                 }
                 $query = "SELECT * FROM {$tableName}";
                 $searchQuery = false;
                 if ($tableName == "ajxpmysqldriver_searchresults") {
                     if (isset($_SESSION["LAST_SQL_QUERY"])) {
                         $query = $_SESSION["LAST_SQL_QUERY"];
                         $matches = array();
                         if (preg_match("/SELECT [\\S, ]* FROM (\\S*).*/i", $query, $matches) !== false) {
                             $tableName = $matches[1];
                             $searchQuery = true;
                         } else {
                             break;
                         }
                     } else {
                         break;
                     }
                 }
                 if (isset($order_column)) {
                     $query .= " ORDER BY {$order_column} " . strtoupper($order_direction);
                     if (!isset($_SESSION["AJXP_ORDER_DATA"])) {
                         $_SESSION["AJXP_ORDER_DATA"] = array();
                     }
                     $_SESSION["AJXP_ORDER_DATA"][$this->repository->getUniqueId() . "_" . $tableName] = array("column" => $order_column, "dir" => $order_direction);
                 } else {
                     if (isset($_SESSION["AJXP_ORDER_DATA"])) {
                         if (isset($_SESSION["AJXP_ORDER_DATA"][$this->repository->getUniqueId() . "_" . $tableName])) {
                             $order_column = $_SESSION["AJXP_ORDER_DATA"][$this->repository->getUniqueId() . "_" . $tableName]["column"];
                             $order_direction = $_SESSION["AJXP_ORDER_DATA"][$this->repository->getUniqueId() . "_" . $tableName]["dir"];
                             $query .= " ORDER BY {$order_column} " . strtoupper($order_direction);
                         }
                     }
                 }
                 try {
                     $result = $this->showRecords($query, $tableName, $currentPage);
                 } catch (AJXP_Exception $ex) {
                     unset($_SESSION["LAST_SQL_QUERY"]);
                     throw $ex;
                 }
                 AJXP_XMLWriter::header();
                 $blobCols = array();
                 $columnsString = '<columns switchDisplayMode="list" switchGridMode="grid">';
                 foreach ($result["COLUMNS"] as $col) {
                     $columnsString .= "<column messageString=\"" . $col["NAME"] . "\" attributeName=\"" . $col["NAME"] . "\" field_name=\"" . $col["NAME"] . "\" field_type=\"" . $col["TYPE"] . "\" field_size=\"" . $col["LENGTH"] . "\" field_flags=\"" . $this->cleanFlagString($col["FLAGS"]) . "\" field_pk=\"" . (preg_match("/primary/", $col["FLAGS"]) ? "1" : "0") . "\" field_null=\"" . (preg_match("/not_null/", $col["FLAGS"]) ? "NOT_NULL" : "NULL") . "\" sortType=\"" . $this->sqlTypeToSortType($col["TYPE"]) . "\" field_default=\"" . $col["DEFAULT"] . "\"/>";
                     if (stristr($col["TYPE"], "blob") !== false && ($col["FLAGS"] != "" && stristr($col["FLAGS"], "binary"))) {
                         $blobCols[] = $col["NAME"];
                     }
                 }
                 $columnsString .= '</columns>';
                 AJXP_XMLWriter::sendFilesListComponentConfig($columnsString);
                 //print '<pagination total="'.$result["TOTAL_PAGES"].'" current="'.$currentPage.'" remote_order="true" currentOrderCol="'.$order_column.'" currentOrderDir="'.$order_direction.'"/>';
                 if ($result["TOTAL_PAGES"] > 1) {
                     AJXP_XMLWriter::renderPaginationData($count, $currentPage, $result["TOTAL_PAGES"]);
                 }
                 foreach ($result["ROWS"] as $arbitIndex => $row) {
                     print '<tree ';
                     $pkString = "";
                     foreach ($row as $key => $value) {
                         if (in_array($key, $blobCols)) {
                             $sizeStr = " - NULL";
                             if (strlen($value)) {
                                 $sizeStr = " - " . AJXP_Utils::roundSize(strlen($value));
                             }
                             print "{$key}=\"BLOB{$sizeStr}\" ";
                         } else {
                             $value = str_replace("\"", "", $value);
                             if (AJXP_Utils::detectXSS($value)) {
                                 $value = "Possible XSS Detected - Cannot display value!";
                             }
                             $value = AJXP_Utils::xmlEntities($value);
                             print $key . '="' . SystemTextEncoding::toUTF8($value) . '" ';
                             if ($result["HAS_PK"] > 0) {
                                 if (in_array($key, $result["PK_FIELDS"])) {
                                     $pkString .= $key . "__" . $value . ".";
                                 }
                             }
                         }
                     }
                     if ($result["HAS_PK"] > 0) {
                         print 'filename="record.' . $pkString . 'pk" ';
                         print 'is_file="1" ajxp_mime="pk"/>';
                     } else {
                         print 'filename="record_' . $arbitIndex . '.no_pk" ';
                         print 'is_file="1" ajxp_mime="row"/>';
                     }
                 }
                 AJXP_XMLWriter::close();
             }
             $this->closeDbLink($link);
             exit(1);
             break;
     }
     if (isset($logMessage) || isset($errorMessage)) {
         if (AJXP_Utils::detectXSS($logMessage) || AJXP_Utils::detectXSS($errorMessage)) {
             $xmlBuffer = AJXP_XMLWriter::sendMessage(null, "XSS Detected!", false);
         }
         $xmlBuffer .= AJXP_XMLWriter::sendMessage(isset($logMessage) ? $logMessage : null, isset($errorMessage) ? $errorMessage : null, false);
     }
     if (isset($requireAuth)) {
         $xmlBuffer .= AJXP_XMLWriter::requireAuth(false);
     }
     if (isset($reload_current_node) && $reload_current_node == "true" || isset($reload_file_list)) {
         $xmlBuffer .= AJXP_XMLWriter::reloadDataNode("", "", false);
     }
     return $xmlBuffer;
 }
Exemplo n.º 4
0
 /**
  * Write an entry to the log.
  *
  * @param String $level Log severity: one of LOG_LEVEL_* (DEBUG,INFO,NOTICE,WARNING,ERROR)
  * @param String $ip The client ip
  * @param String $user The user login
  * @param String $source The source of the message
  * @param String $prefix The prefix of the message
  * @param String $message The message to log
  * @param array $nodesPathes
  */
 public function write2($level, $ip, $user, $source, $prefix, $message, $nodesPathes = array())
 {
     if ($prefix == "Log In" && $message == "context=API") {
         // Limit the number of logs
         $test = dibi::query('SELECT [logdate] FROM [ajxp_log] WHERE [user]=%s AND [message]=%s AND [params]=%s ORDER BY [logdate] DESC %lmt %ofs', $user, $prefix, $message, 1, 0);
         $lastInsert = $test->fetchSingle();
         $now = new DateTime('NOW');
         if (is_a($lastInsert, "DibiDateTime")) {
             $lastTimestamp = $lastInsert->getTimestamp();
         } else {
             $lastTimestamp = strtotime($lastInsert);
         }
         if ($lastInsert !== false && $now->getTimestamp() - $lastTimestamp < 60 * 60) {
             // IGNORING, LIMIT API LOGINS TO ONE PER HOUR, OR IT WILL FILL THE LOGS
             return;
         }
     }
     $files = array(array("dirname" => "", "basename" => ""));
     if (AJXP_Utils::detectXSS($message)) {
         $message = "XSS Detected in Message!";
     } else {
         if (count($nodesPathes)) {
             $files = array();
             foreach ($nodesPathes as $path) {
                 $parts = pathinfo($path);
                 $files[] = array("dirname" => $parts["dirname"], "basename" => $parts["basename"]);
             }
         }
     }
     foreach ($files as $fileDef) {
         $log_row = array('logdate' => new DateTime('NOW'), 'remote_ip' => $this->inet_ptod($ip), 'severity' => strtoupper((string) $level), 'user' => $user, 'source' => $source, 'message' => $prefix, 'params' => $message, 'repository_id' => ConfService::getInstance()->getContextRepositoryId(), 'device' => $_SERVER['HTTP_USER_AGENT'], 'dirname' => $fileDef["dirname"], 'basename' => $fileDef["basename"]);
         //we already handle exception for write2 in core.log
         dibi::query('INSERT INTO [ajxp_log]', $log_row);
     }
 }
Exemplo n.º 5
0
 /**
  * Write an entry to the log.
  *
  * @param String $level Log severity: one of LOG_LEVEL_* (DEBUG,INFO,NOTICE,WARNING,ERROR)
  * @param String $ip The client ip
  * @param String $user The user login
  * @param String $source The source of the message
  * @param String $prefix  The prefix of the message
  * @param String $message The message to log
  *
  */
 public function write2($level, $ip, $user, $source, $prefix, $message)
 {
     if ($prefix == "Log In" && ($message = "context=API")) {
         // Limit the number of logs
         $test = dibi::query('SELECT [logdate] FROM [ajxp_log] WHERE [user]=%s AND [message]=%s AND [params]=%s ORDER BY [logdate] DESC %lmt %ofs', $user, $prefix, $message, 1, 0);
         $lastInsert = $test->fetchSingle();
         $now = new DateTime('NOW');
         if (is_a($lastInsert, "DibiDateTime")) {
             $lastTimestamp = $lastInsert->getTimestamp();
         } else {
             $lastTimestamp = strtotime($lastInsert);
         }
         if ($lastInsert !== false && $now->getTimestamp() - $lastTimestamp < 60 * 60) {
             // IGNORING, LIMIT API LOGINS TO ONE PER HOUR, OR IT WILL FILL THE LOGS
             return;
         }
     }
     if (AJXP_Utils::detectXSS($message)) {
         $message = "XSS Detected in Message!";
     }
     $log_row = array('logdate' => new DateTime('NOW'), 'remote_ip' => $this->inet_ptod($ip), 'severity' => strtoupper((string) $level), 'user' => $user, 'source' => $source, 'message' => $prefix, 'params' => $message);
     //we already handle exception for write2 in core.log
     dibi::query('INSERT INTO [ajxp_log]', $log_row);
 }