/** * Loads common scripts * * @return void */ private function _addDefaultScripts() { if (empty($GLOBALS['error_message'])) { $this->_scripts->addCode("\n \$(function() {\n // updates current settings\n if (window.parent.setAll) {\n window.parent.setAll(\n '" . PMA_escapeJsString($GLOBALS['lang']) . "',\n '" . PMA_escapeJsString($GLOBALS['collation_connection']) . "',\n '" . PMA_escapeJsString($GLOBALS['server']) . "',\n '" . PMA_escapeJsString(PMA_ifSetOr($GLOBALS['db'], '')) . "',\n '" . PMA_escapeJsString(PMA_ifSetOr($GLOBALS['table'], '')) . "',\n '" . PMA_escapeJsString($_SESSION[' PMA_token ']) . "'\n );\n }\n });\n "); if (!empty($GLOBALS['reload'])) { $this->_scripts->addCode("\n // refresh navigation frame content\n if (window.parent.refreshNavigation) {\n window.parent.refreshNavigation();\n }\n "); } else { if (isset($_GET['reload_left_frame']) && $_GET['reload_left_frame'] == '1') { // reload left frame (used by user preferences) $this->_scripts->addCode("\n if (window.parent && window.parent.frame_navigation) {\n window.parent.frame_navigation.location.reload();\n }\n "); } } // set current db, table and sql query in the querywindow $query = ''; if (isset($GLOBALS['sql_query']) && strlen($GLOBALS['sql_query']) > $GLOBALS['cfg']['MaxCharactersInDisplayedSQL']) { $query = PMA_escapeJsString($GLOBALS['sql_query']); } $this->_scripts->addCode("\n if (window.parent.reload_querywindow) {\n window.parent.reload_querywindow(\n '" . PMA_escapeJsString(PMA_ifSetOr($GLOBALS['db'], '')) . "',\n '" . PMA_escapeJsString(PMA_ifSetOr($GLOBALS['table'], '')) . "',\n '" . $query . "'\n );\n }\n "); if (!empty($GLOBALS['focus_querywindow'])) { // set focus to the querywindow $this->_scripts->addCode("\n if (parent.querywindow && !parent.querywindow.closed\n && parent.querywindow.location\n ) {\n self.focus();\n }\n "); } $this->_scripts->addCode("\n if (window.parent.frame_content) {\n // reset content frame name, as querywindow needs\n // to set a unique name before submitting form data,\n // and navigation frame needs the original name\n if (typeof(window.parent.frame_content.name) != 'undefined'\n && window.parent.frame_content.name != 'frame_content') {\n window.parent.frame_content.name = 'frame_content';\n }\n if (typeof(window.parent.frame_content.id) != 'undefined'\n && window.parent.frame_content.id != 'frame_content') {\n window.parent.frame_content.id = 'frame_content';\n }\n //window.parent.frame_content.setAttribute('name', 'frame_content');\n //window.parent.frame_content.setAttribute('id', 'frame_content');\n }\n "); } }
/** * Format a string so it can be a string inside JavaScript code inside an * eventhandler (onclick, onchange, on..., ). * This function is used to displays a javascript confirmation box for * "DROP/DELETE/ALTER" queries. * * @uses PMA_escapeJsString() * @uses PMA_backquote() * @uses is_string() * @uses htmlspecialchars() * @uses str_replace() * @param string $a_string the string to format * @param boolean $add_backquotes whether to add backquotes to the string or not * * @return string the formatted string * * @access public */ function PMA_jsFormat($a_string = '', $add_backquotes = true) { if (is_string($a_string)) { $a_string = htmlspecialchars($a_string); $a_string = PMA_escapeJsString($a_string); /** * @todo what is this good for? */ $a_string = str_replace('#', '\\#', $a_string); } return $add_backquotes ? PMA_backquote($a_string) : $a_string; }
/** * Prints an javascript assignment with proper escaping of a value * and support for assigning array of strings. * * @param string $key Name of value to set * @param mixed $value Value to set, can be either string or array of strings */ function PMA_printJsValue($key, $value) { echo $key . ' = '; if (is_array($value)) { echo '['; foreach ($value as $id => $val) { echo "'" . PMA_escapeJsString($val) . "',"; } echo "];\n"; } else { echo "'" . PMA_escapeJsString($value) . "';\n"; } }
/** * Formats a value for javascript code. * * @param string $value String to be formatted. * * @return string formatted value. */ function PMA_formatJsVal($value) { if (is_bool($value)) { if ($value) { return 'true'; } return 'false'; } if (is_int($value)) { return (int) $value; } return '"' . PMA_escapeJsString($value) . '"'; }
/** * Function to get html for each insert/edit column * * @param array $table_columns table columns * @param int $column_number column index in table_columns * @param array $comments_map comments map * @param bool $timestamp_seen whether timestamp seen * @param array $current_result current result * @param string $chg_evt_handler javascript change event handler * @param string $jsvkey javascript validation key * @param string $vkey validation key * @param bool $insert_mode whether insert mode * @param array $current_row current row * @param bool $odd_row whether odd row * @param int &$o_rows row offset * @param int &$tabindex tab index * @param int $columns_cnt columns count * @param bool $is_upload whether upload * @param int $tabindex_for_function tab index offset for function * @param array $foreigners foreigners * @param int $tabindex_for_null tab index offset for null * @param int $tabindex_for_value tab index offset for value * @param string $table table * @param string $db database * @param int $row_id row id * @param array $titles titles * @param int $biggest_max_file_size biggest max file size * @param string $default_char_editing default char editing mode which is stored * in the config.inc.php script * @param string $text_dir text direction * @param array $repopulate the data to be repopulated * @param array $column_mime the mime information of column * @param string $where_clause the where clause * * @return string */ function PMA_getHtmlForInsertEditFormColumn($table_columns, $column_number, $comments_map, $timestamp_seen, $current_result, $chg_evt_handler, $jsvkey, $vkey, $insert_mode, $current_row, $odd_row, &$o_rows, &$tabindex, $columns_cnt, $is_upload, $tabindex_for_function, $foreigners, $tabindex_for_null, $tabindex_for_value, $table, $db, $row_id, $titles, $biggest_max_file_size, $default_char_editing, $text_dir, $repopulate, $column_mime, $where_clause) { $column = $table_columns[$column_number]; if (!isset($column['processed'])) { $column = PMA_analyzeTableColumnsArray($column, $comments_map, $timestamp_seen); } $as_is = false; if (!empty($repopulate) && !empty($current_row)) { $current_row[$column['Field']] = $repopulate[$column['Field_md5']]; $as_is = true; } $extracted_columnspec = PMA_Util::extractColumnSpec($column['Type']); if (-1 === $column['len']) { $column['len'] = $GLOBALS['dbi']->fieldLen($current_result, $column_number); // length is unknown for geometry fields, // make enough space to edit very simple WKTs if (-1 === $column['len']) { $column['len'] = 30; } } //Call validation when the form submitted... $onChangeClause = $chg_evt_handler . "=\"return verificationsAfterFieldChange('" . PMA_escapeJsString($column['Field_md5']) . "', '" . PMA_escapeJsString($jsvkey) . "','" . $column['pma_type'] . "')\""; // Use an MD5 as an array index to avoid having special characters // in the name attribute (see bug #1746964 ) $column_name_appendix = $vkey . '[' . $column['Field_md5'] . ']'; if ($column['Type'] === 'datetime' && !isset($column['Default']) && !is_null($column['Default']) && $insert_mode) { $column['Default'] = date('Y-m-d H:i:s', time()); } $html_output = PMA_getHtmlForFunctionOption($odd_row, $column, $column_name_appendix); if ($GLOBALS['cfg']['ShowFieldTypesInDataEditView']) { $html_output .= PMA_getHtmlForInsertEditColumnType($column); } //End if // Get a list of GIS data types. $gis_data_types = PMA_Util::getGISDatatypes(); // Prepares the field value $real_null_value = false; $special_chars_encoded = ''; if (!empty($current_row)) { // (we are editing) list($real_null_value, $special_chars_encoded, $special_chars, $data, $backup_field) = PMA_getSpecialCharsAndBackupFieldForExistingRow($current_row, $column, $extracted_columnspec, $real_null_value, $gis_data_types, $column_name_appendix, $as_is); } else { // (we are inserting) // display default values $tmp = $column; if (isset($repopulate[$column['Field_md5']])) { $tmp['Default'] = $repopulate[$column['Field_md5']]; } list($real_null_value, $data, $special_chars, $backup_field, $special_chars_encoded) = PMA_getSpecialCharsAndBackupFieldForInsertingMode($tmp, $real_null_value); unset($tmp); } $idindex = $o_rows * $columns_cnt + $column_number + 1; $tabindex = $idindex; // Get a list of data types that are not yet supported. $no_support_types = PMA_Util::unsupportedDatatypes(); // The function column // ------------------- if ($GLOBALS['cfg']['ShowFunctionFields']) { $html_output .= PMA_getFunctionColumn($column, $is_upload, $column_name_appendix, $onChangeClause, $no_support_types, $tabindex_for_function, $tabindex, $idindex, $insert_mode); } // The null column // --------------- $foreignData = PMA_getForeignData($foreigners, $column['Field'], false, '', ''); $html_output .= PMA_getNullColumn($column, $column_name_appendix, $real_null_value, $tabindex, $tabindex_for_null, $idindex, $vkey, $foreigners, $foreignData); // The value column (depends on type) // ---------------- // See bug #1667887 for the reason why we don't use the maxlength // HTML attribute //add data attributes "no of decimals" and "data type" $no_decimals = 0; $type = current(explode("(", $column['pma_type'])); if (preg_match('/\\(([^()]+)\\)/', $column['pma_type'], $match)) { $match[0] = trim($match[0], '()'); $no_decimals = $match[0]; } $html_output .= '<td' . ' data-type="' . $type . '"' . ' data-decimals="' . $no_decimals . '">' . "\n"; // Will be used by js/tbl_change.js to set the default value // for the "Continue insertion" feature $html_output .= '<span class="default_value hide">' . $special_chars . '</span>'; // Check input transformation of column $transformed_html = ''; if (!empty($column_mime['input_transformation'])) { $file = $column_mime['input_transformation']; $include_file = 'libraries/plugins/transformations/' . $file; if (is_file($include_file)) { include_once $include_file; $class_name = PMA_getTransformationClassName($file); $transformation_plugin = new $class_name(); $transformation_options = PMA_Transformation_getOptions($column_mime['input_transformation_options']); $_url_params = array('db' => $db, 'table' => $table, 'transform_key' => $column['Field'], 'where_clause' => $where_clause); $transformation_options['wrapper_link'] = PMA_URL_getCommon($_url_params); $current_value = ''; if (isset($current_row[$column['Field']])) { $current_value = $current_row[$column['Field']]; } if (method_exists($transformation_plugin, 'getInputHtml')) { $transformed_html = $transformation_plugin->getInputHtml($column, $row_id, $column_name_appendix, $transformation_options, $current_value, $text_dir, $tabindex, $tabindex_for_value, $idindex); } if (method_exists($transformation_plugin, 'getScripts')) { $GLOBALS['plugin_scripts'] = array_merge($GLOBALS['plugin_scripts'], $transformation_plugin->getScripts()); } } } if (!empty($transformed_html)) { $html_output .= $transformed_html; } else { $html_output .= PMA_getValueColumn($column, $backup_field, $column_name_appendix, $onChangeClause, $tabindex, $tabindex_for_value, $idindex, $data, $special_chars, $foreignData, $odd_row, array($table, $db), $row_id, $titles, $text_dir, $special_chars_encoded, $vkey, $is_upload, $biggest_max_file_size, $default_char_editing, $no_support_types, $gis_data_types, $extracted_columnspec); } $html_output .= '</td>' . '</tr>'; return $html_output; }
/** * Appends JS validation code to $js_array * * @param string $field_id ID of field to validate * @param string|array $validators validators callback * @param array &$js_array will be updated with javascript code * * @return void */ function PMA_addJsValidate($field_id, $validators, &$js_array) { foreach ((array) $validators as $validator) { $validator = (array) $validator; $v_name = array_shift($validator); $v_name = "PMA_" . $v_name; $v_args = array(); foreach ($validator as $arg) { $v_args[] = PMA_escapeJsString($arg); } $v_args = $v_args ? ", ['" . implode("', '", $v_args) . "']" : ''; $js_array[] = "validateField('{$field_id}', '{$v_name}', true{$v_args})"; } }
require_once './libraries/js_escape.lib.php'; $js_messages['strClickToSelect'] = __('Click to select'); $js_messages['strClickToUnselect'] = __('Click to unselect'); $js_messages['strNoDropDatabases'] = __('"DROP DATABASE" statements are disabled.'); /* For confirmations */ $js_messages['strDoYouReally'] = __('Do you really want to '); $js_messages['strDropDatabaseStrongWarning'] = __('You are about to DESTROY a complete database!'); $js_messages['strDroppingEvent'] = __('Dropping Event'); $js_messages['strDroppingProcedure'] = __('Dropping Procedure'); $js_messages['strDeleteTrackingData'] = __('Delete tracking data for this table'); $js_messages['strDeletingTrackingData'] = __('Deleting tracking data'); $js_messages['strDroppingPrimaryKeyIndex'] = __('Dropping Primary Key/Index'); $js_messages['strOperationTakesLongTime'] = __('This operation could take a long time. Proceed anyway?'); /* For blobstreaming */ $js_messages['strBLOBRepositoryDisableStrongWarning'] = __('You are about to DISABLE a BLOB Repository!'); $js_messages['strBLOBRepositoryDisableAreYouSure'] = sprintf(__('Are you sure you want to disable all BLOB references for database %s?'), PMA_escapeJsString($GLOBALS['db'])); /* For indexes */ $js_messages['strFormEmpty'] = __('Missing value in the form!'); $js_messages['strNotNumber'] = __('This is not a number!'); /* For server_privileges.js */ $js_messages['strHostEmpty'] = __('The host name is empty!'); $js_messages['strUserEmpty'] = __('The user name is empty!'); $js_messages['strPasswordEmpty'] = __('The password is empty!'); $js_messages['strPasswordNotSame'] = __('The passwords aren\'t the same!'); $js_messages['strAddNewUser'] = __('Add a New User'); $js_messages['strCreateUser'] = __('Create User'); $js_messages['strReloadingPrivileges'] = __('Reloading Privileges'); $js_messages['strRemovingSelectedUsers'] = __('Removing Selected Users'); $js_messages['strClose'] = __('Close'); /* For inline query editing */ $js_messages['strGo'] = __('Go');
/** * Returns, as a string, a list of parameters * used on the client side * * @return string */ public function getJsParamsCode() { $params = $this->getJsParams(); foreach ($params as $key => $value) { $params[$key] = $key . ':"' . PMA_escapeJsString($value) . '"'; } return 'PMA_commonParams.setAll({' . implode(',', $params) . '});'; }
?> _3" value="<?php echo htmlspecialchars($data); ?> " /> <script type="text/javascript"> //<![CDATA[ document.writeln('<a target="_blank" onclick="window.open(this.href, \'foreigners\', \'width=640,height=240,scrollbars=yes,resizable=yes\'); return false"'); document.write(' href="browse_foreigners.php?'); document.write('<?php echo PMA_generate_common_url($db, $table); ?> '); document.writeln('&field=<?php echo PMA_escapeJsString(urlencode($field['Field']) . $browse_foreigners_uri); ?> ">'); document.writeln('<?php echo str_replace("'", "\\'", $titles['Browse']); ?> </a>'); //]]> </script> <?php } elseif (is_array($foreignData['disp_row'])) { echo $backup_field . "\n"; ?> <input type="hidden" name="fields_type<?php echo $field_name_appendix; ?>
* Here we add a timestamp when loading the file, so that users who * upgrade phpMyAdmin are not stuck with older .js files in their * browser cache. This produces an HTTP 304 request for each file. */ // avoid loading twice a js file $GLOBALS['js_include'] = array_unique($GLOBALS['js_include']); foreach ($GLOBALS['js_include'] as $js_script_file) { echo PMA_includeJS($js_script_file); } ?> <script type="text/javascript"> // <![CDATA[ // Updates the title of the frameset if possible (ns4 does not allow this) if (typeof(parent.document) != 'undefined' && typeof(parent.document) != 'unknown' && typeof(parent.document.title) == 'string') { parent.document.title = '<?php echo isset($title) ? PMA_sanitize(PMA_escapeJsString(htmlspecialchars($title))) : ''; ?> '; } <?php foreach ($GLOBALS['js_events'] as $js_event) { echo "\$(window.parent).bind('" . $js_event['event'] . "', " . $js_event['function'] . ");\n"; } ?> // ]]> </script> <?php // Reloads the navigation frame via JavaScript if required PMA_reloadNavigation();
/** * Generate HTML for export form * * @param array $url_params Parameters * @param string $str1 HTML for logtype select * @param string $str2 HTML for "from date" * @param string $str3 HTML for "to date" * @param string $str4 HTML for user * @param string $str5 HTML for "list report" * * @return string HTML for form */ function PMA_getHtmlForTrackingReportExportForm2($url_params, $str1, $str2, $str3, $str4, $str5) { $html = '<form method="post" action="tbl_tracking.php' . PMA_URL_getCommon($url_params + array('report' => 'true', 'version' => $_REQUEST['version'])) . '">'; $html .= sprintf(__('Show %1$s with dates from %2$s to %3$s by user %4$s %5$s'), $str1, $str2, $str3, $str4, $str5); $html .= '</form>'; $html .= '<form class="disableAjax" method="post" action="tbl_tracking.php' . PMA_URL_getCommon($url_params + array('report' => 'true', 'version' => $_REQUEST['version'])) . '">'; $html .= '<input type="hidden" name="logtype" value="' . htmlspecialchars($_REQUEST['logtype']) . '" />'; $html .= '<input type="hidden" name="date_from" value="' . htmlspecialchars($_REQUEST['date_from']) . '" />'; $html .= '<input type="hidden" name="date_to" value="' . htmlspecialchars($_REQUEST['date_to']) . '" />'; $html .= '<input type="hidden" name="users" value="' . htmlspecialchars($_REQUEST['users']) . '" />'; $str_export1 = '<select name="export_type">' . '<option value="sqldumpfile">' . __('SQL dump (file download)') . '</option>' . '<option value="sqldump">' . __('SQL dump') . '</option>' . '<option value="execution" onclick="alert(\'' . PMA_escapeJsString(__('This option will replace your table and contained data.')) . '\')">' . __('SQL execution') . '</option>' . '</select>'; $str_export2 = '<input type="hidden" name="report_export" value="1" />' . '<input type="submit" value="' . __('Go') . '" />'; $html .= "<br/>" . sprintf(__('Export as %s'), $str_export1) . $str_export2 . "<br/>"; $html .= '</form>'; return $html; }
var token = "' . PMA_escapeJsString($token) . '"; var LangSelectReferencedKey = "' . PMA_escapeJsString($strSelectReferencedKey) . '"; var LangSelectForeignKey = "' . PMA_escapeJsString($strSelectForeignKey) . '"; var LangPleaseSelectPrimaryOrUniqueKey = "' . PMA_escapeJsString($strPleaseSelectPrimaryOrUniqueKey) . '"; var LangIEnotSupport = "' . PMA_escapeJsString($strIEUnsupported) . '"; var LangChangeDisplay = "' . PMA_escapeJsString($strChangeDisplay) . '"; var strLang = Array(); strLang["strModifications"] = "' . PMA_escapeJsString($strModifications) . '"; strLang["strRelationDeleted"] = "' . PMA_escapeJsString($strRelationDeleted) . '"; strLang["strForeignKeyRelationAdded"] = "' . PMA_escapeJsString($strForeignKeyRelationAdded) . '"; strLang["strGeneralRelationFeat:strDisabled"] = "' . PMA_escapeJsString($strGeneralRelationFeat . ' : ' . $strDisabled) . '"; strLang["strInternalRelationAdded"] = "' . PMA_escapeJsString($strInternalRelationAdded) . '"; strLang["strErrorRelationAdded"] = "' . PMA_escapeJsString($strErrorRelationAdded) . '"; strLang["strErrorRelationExists"] = "' . PMA_escapeJsString($strErrorRelationExists) . '"; strLang["strErrorSaveTable"] = "' . PMA_escapeJsString($strErrorSaveTable) . '";'; ?> // ]]> </script> <script src="pmd/scripts/ajax.js" type="text/javascript"></script> <script src="pmd/scripts/move.js" type="text/javascript"></script> <!--[if IE]> <script src="pmd/scripts/iecanvas.js" type="text/javascript"></script> <![endif]--> <?php echo $script_tabs . $script_contr . $script_display_field; ?> </head> <body onload="Main()" class="general_body" id="pmd_body">
<?php /* vim: set expandtab sw=4 ts=4 sts=4: */ /** * URL redirector to avoid leaking Referer with some sensitive information. * * @package PhpMyAdmin */ /** * Gets core libraries and defines some variables */ define('PMA_MINIMUM_COMMON', true); require_once './libraries/common.inc.php'; /** * JavaScript escaping. */ require_once './libraries/js_escape.lib.php'; if (!PMA_isValid($_GET['url']) || !preg_match('/^https?:\\/\\/[^\\n\\r]*$/', $_GET['url']) || !PMA_isAllowedDomain($_GET['url'])) { header('Location: ' . $cfg['PmaAbsoluteUri']); } else { // JavaScript redirection is necessary. Because if header() is used // then web browser sometimes does not change the HTTP_REFERER // field and so with old URL as Referer, token also goes to // external site. echo "<script type='text/javascript'>\n window.onload=function(){\n window.location='" . PMA_escapeJsString($_GET['url']) . "';\n }\n </script>"; // Display redirecting msg on screen. printf(__('Taking you to %s.'), htmlspecialchars($_GET['url'])); } die;
/** * Displays a link, or a button if the link's URL is too large, to * accommodate some browsers' limitations * * @param string the URL * @param string the link message * @param mixed $tag_params string: js confirmation * array: additional tag params (f.e. style="") * @param boolean $new_form we set this to false when we are already in * a form, to avoid generating nested forms * * @return string the results to be echoed or saved in an array */ function PMA_linkOrButton($url, $message, $tag_params = array(), $new_form = true, $strip_img = false, $target = '') { $url_length = strlen($url); // with this we should be able to catch case of image upload // into a (MEDIUM) BLOB; not worth generating even a form for these if ($url_length > $GLOBALS['cfg']['LinkLengthLimit'] * 100) { return ''; } if (!is_array($tag_params)) { $tmp = $tag_params; $tag_params = array(); if (!empty($tmp)) { $tag_params['onclick'] = 'return confirmLink(this, \'' . PMA_escapeJsString($tmp) . '\')'; } unset($tmp); } if (!empty($target)) { $tag_params['target'] = htmlentities($target); } $tag_params_strings = array(); foreach ($tag_params as $par_name => $par_value) { // htmlspecialchars() only on non javascript $par_value = substr($par_name, 0, 2) == 'on' ? $par_value : htmlspecialchars($par_value); $tag_params_strings[] = $par_name . '="' . $par_value . '"'; } if ($url_length <= $GLOBALS['cfg']['LinkLengthLimit']) { // no whitespace within an <a> else Safari will make it part of the link $ret = "\n" . '<a href="' . $url . '" ' . implode(' ', $tag_params_strings) . '>' . $message . '</a>' . "\n"; } else { // no spaces (linebreaks) at all // or after the hidden fields // IE will display them all // add class=link to submit button if (empty($tag_params['class'])) { $tag_params['class'] = 'link'; } // decode encoded url separators $separator = PMA_get_arg_separator(); // on most places separator is still hard coded ... if ($separator !== '&') { // ... so always replace & with $separator $url = str_replace(htmlentities('&'), $separator, $url); $url = str_replace('&', $separator, $url); } $url = str_replace(htmlentities($separator), $separator, $url); // end decode $url_parts = parse_url($url); $query_parts = explode($separator, $url_parts['query']); if ($new_form) { $ret = '<form action="' . $url_parts['path'] . '" class="link"' . ' method="post"' . $target . ' style="display: inline;">'; $subname_open = ''; $subname_close = ''; $submit_name = ''; } else { $query_parts[] = 'redirect=' . $url_parts['path']; if (empty($GLOBALS['subform_counter'])) { $GLOBALS['subform_counter'] = 0; } $GLOBALS['subform_counter']++; $ret = ''; $subname_open = 'subform[' . $GLOBALS['subform_counter'] . ']['; $subname_close = ']'; $submit_name = ' name="usesubform[' . $GLOBALS['subform_counter'] . ']"'; } foreach ($query_parts as $query_pair) { list($eachvar, $eachval) = explode('=', $query_pair); $ret .= '<input type="hidden" name="' . $subname_open . $eachvar . $subname_close . '" value="' . htmlspecialchars(urldecode($eachval)) . '" />'; } // end while if (stristr($message, '<img')) { if ($strip_img) { $message = trim(strip_tags($message)); $ret .= '<input type="submit"' . $submit_name . ' ' . implode(' ', $tag_params_strings) . ' value="' . htmlspecialchars($message) . '" />'; } else { $displayed_message = htmlspecialchars(preg_replace('/^.*\\salt="([^"]*)".*$/si', '\\1', $message)); $ret .= '<input type="image"' . $submit_name . ' ' . implode(' ', $tag_params_strings) . ' src="' . preg_replace('/^.*\\ssrc="([^"]*)".*$/si', '\\1', $message) . '"' . ' value="' . $displayed_message . '" title="' . $displayed_message . '" />'; // Here we cannot obey PropertiesIconic completely as a // generated link would have a length over LinkLengthLimit // but we can at least show the message. // If PropertiesIconic is false or 'both' if ($GLOBALS['cfg']['PropertiesIconic'] !== true) { $ret .= ' <span class="clickprevimage">' . $displayed_message . '</span>'; } } } else { $message = trim(strip_tags($message)); $ret .= '<input type="submit"' . $submit_name . ' ' . implode(' ', $tag_params_strings) . ' value="' . htmlspecialchars($message) . '" />'; } if ($new_form) { $ret .= '</form>'; } } // end if... else... return $ret; }
$('#upload_form_status_info').html('<img src="<?php echo $GLOBALS['pmaThemeImage']; ?> ajax_clock_small.gif" width="16" height="16" alt="ajax clock" /> <?php echo PMA_jsFormat(__('The file being uploaded is probably larger than the maximum allowed size or this is a known bug in webkit based (Safari, Google Chrome, Arora etc.) browsers.'), false); ?> '); $('#upload_form_status').css("display", "none"); } else { var now = new Date(); now = Date.UTC( now.getFullYear(), now.getMonth(), now.getDate(), now.getHours(), now.getMinutes(), now.getSeconds()) + now.getMilliseconds() - 1000; var statustext = $.sprintf('<?php echo PMA_escapeJsString(__('%s of %s')); ?> ', formatBytes(complete, 1, PMA_messages.strDecimalSeparator), formatBytes(total, 1, PMA_messages.strDecimalSeparator) ); if ($('#importmain').is(':visible')) { // show progress UI $('#importmain').hide(); $('#import_form_status') .html('<div class="upload_progress"><div class="upload_progress_bar_outer"><div class="percentage"></div><div id="status" class="upload_progress_bar_inner"><div class="percentage"></div></div></div><div><img src="<?php echo $GLOBALS['pmaThemeImage']; ?> ajax_clock_small.gif" width="16" height="16" alt="ajax clock" /> <?php echo PMA_jsFormat(__('Uploading your import file...'), false);
/** * Provides search results row with browse/delete links. * (for a table) * * @param string $each_table One of the tables on which search was performed * @param array $newsearchsqls Contains SQL queries * @param bool $odd_row For displaying contrasting table rows * @param integer $res_cnt Number of results found * * @return string HTML row */ private function _getResultsRow($each_table, $newsearchsqls, $odd_row, $res_cnt) { $this_url_params = array('db' => $GLOBALS['db'], 'table' => $each_table, 'goto' => 'db_sql.php', 'pos' => 0, 'is_js_confirmed' => 0); // Start forming search results row $html_output = '<tr class="noclick ' . ($odd_row ? 'odd' : 'even') . '">'; // Displays results count for a table $html_output .= '<td>'; $html_output .= sprintf(_ngettext('%1$s match in <strong>%2$s</strong>', '%1$s matches in <strong>%2$s</strong>', $res_cnt), $res_cnt, htmlspecialchars($each_table)); $html_output .= '</td>'; // Displays browse/delete link if result count > 0 if ($res_cnt > 0) { $this_url_params['sql_query'] = $newsearchsqls['select_columns']; $browse_result_path = 'sql.php' . PMA_URL_getCommon($this_url_params); $html_output .= '<td><a name="browse_search" class="ajax" href="' . $browse_result_path . '" onclick="loadResult(\'' . $browse_result_path . '\',\'' . PMA_escapeJsString(htmlspecialchars($each_table)) . '\',\'' . PMA_URL_getCommon(array('db' => $GLOBALS['db'], 'table' => $each_table)) . '\'' . ');return false;" >' . __('Browse') . '</a></td>'; $this_url_params['sql_query'] = $newsearchsqls['delete']; $delete_result_path = 'sql.php' . PMA_URL_getCommon($this_url_params); $html_output .= '<td><a name="delete_search" class="ajax" href="' . $delete_result_path . '" onclick="deleteResult(\'' . $delete_result_path . '\' , \'' . sprintf(__('Delete the matches for the %s table?'), htmlspecialchars($each_table)) . '\');return false;">' . __('Delete') . '</a></td>'; } else { $html_output .= '<td> </td>' . '<td> </td>'; } // end if else $html_output .= '</tr>'; return $html_output; }
/** * Test for PMA_sendHeaderLocation * * @return void */ public function testSendHeaderLocationIisLongUri() { if (defined('PMA_IS_IIS') && PMA_HAS_RUNKIT) { runkit_constant_redefine('PMA_IS_IIS', true); } elseif (!defined('PMA_IS_IIS')) { define('PMA_IS_IIS', true); } else { $this->markTestSkipped('Cannot redefine constant/function - missing runkit extension'); } // over 600 chars $testUri = 'http://testurl.com/test.php?testlonguri=over600chars&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test'; $testUri_html = htmlspecialchars($testUri); $testUri_js = PMA_escapeJsString($testUri); $header = "<html><head><title>- - -</title>\n <meta http-equiv=\"expires\" content=\"0\">" . "<meta http-equiv=\"Pragma\" content=\"no-cache\">" . "<meta http-equiv=\"Cache-Control\" content=\"no-cache\">" . "<meta http-equiv=\"Refresh\" content=\"0;url=" . $testUri_html . "\">" . "<script type=\"text/javascript\">//<![CDATA[\n setTimeout(\"window.location = decodeURI('" . $testUri_js . "')\", 2000);\n //]]></script></head>\n<body><script type=\"text/javascript\">//<![CDATA[\n document.write('<p><a href=\"" . $testUri_html . "\">" . __('Go') . "</a></p>');\n //]]></script></body></html>"; $this->expectOutputString($header); PMA_sendHeaderLocation($testUri); }
/** * Displays a link, or a button if the link's URL is too large, to * accommodate some browsers' limitations * * @param string $url the URL * @param string $message the link message * @param mixed $tag_params string: js confirmation * array: additional tag params (f.e. style="") * @param boolean $new_form we set this to false when we are already in * a form, to avoid generating nested forms * @param boolean $strip_img whether to strip the image * @param string $target target * * @return string the results to be echoed or saved in an array */ function PMA_linkOrButton($url, $message, $tag_params = array(), $new_form = true, $strip_img = false, $target = '') { $url_length = strlen($url); // with this we should be able to catch case of image upload // into a (MEDIUM) BLOB; not worth generating even a form for these if ($url_length > $GLOBALS['cfg']['LinkLengthLimit'] * 100) { return ''; } if (!is_array($tag_params)) { $tmp = $tag_params; $tag_params = array(); if (!empty($tmp)) { $tag_params['onclick'] = 'return confirmLink(this, \'' . PMA_escapeJsString($tmp) . '\')'; } unset($tmp); } if (!empty($target)) { $tag_params['target'] = htmlentities($target); } $tag_params_strings = array(); foreach ($tag_params as $par_name => $par_value) { // htmlspecialchars() only on non javascript $par_value = substr($par_name, 0, 2) == 'on' ? $par_value : htmlspecialchars($par_value); $tag_params_strings[] = $par_name . '="' . $par_value . '"'; } $displayed_message = ''; // Add text if not already added if (stristr($message, '<img') && (!$strip_img || $GLOBALS['cfg']['PropertiesIconic'] === true) && strip_tags($message) == $message) { $displayed_message = '<span>' . htmlspecialchars(preg_replace('/^.*\\salt="([^"]*)".*$/si', '\\1', $message)) . '</span>'; } // Suhosin: Check that each query parameter is not above maximum $in_suhosin_limits = true; if ($url_length <= $GLOBALS['cfg']['LinkLengthLimit']) { if ($suhosin_get_MaxValueLength = ini_get('suhosin.get.max_value_length')) { $query_parts = PMA_splitURLQuery($url); foreach ($query_parts as $query_pair) { list($eachvar, $eachval) = explode('=', $query_pair); if (strlen($eachval) > $suhosin_get_MaxValueLength) { $in_suhosin_limits = false; break; } } } } if ($url_length <= $GLOBALS['cfg']['LinkLengthLimit'] && $in_suhosin_limits) { // no whitespace within an <a> else Safari will make it part of the link $ret = "\n" . '<a href="' . $url . '" ' . implode(' ', $tag_params_strings) . '>' . $message . $displayed_message . '</a>' . "\n"; } else { // no spaces (linebreaks) at all // or after the hidden fields // IE will display them all // add class=link to submit button if (empty($tag_params['class'])) { $tag_params['class'] = 'link'; } if (!isset($query_parts)) { $query_parts = PMA_splitURLQuery($url); } $url_parts = parse_url($url); if ($new_form) { $ret = '<form action="' . $url_parts['path'] . '" class="link"' . ' method="post"' . $target . ' style="display: inline;">'; $subname_open = ''; $subname_close = ''; $submit_link = '#'; } else { $query_parts[] = 'redirect=' . $url_parts['path']; if (empty($GLOBALS['subform_counter'])) { $GLOBALS['subform_counter'] = 0; } $GLOBALS['subform_counter']++; $ret = ''; $subname_open = 'subform[' . $GLOBALS['subform_counter'] . ']['; $subname_close = ']'; $submit_link = '#usesubform[' . $GLOBALS['subform_counter'] . ']=1'; } foreach ($query_parts as $query_pair) { list($eachvar, $eachval) = explode('=', $query_pair); $ret .= '<input type="hidden" name="' . $subname_open . $eachvar . $subname_close . '" value="' . htmlspecialchars(urldecode($eachval)) . '" />'; } // end while $ret .= "\n" . '<a href="' . $submit_link . '" class="formLinkSubmit" ' . implode(' ', $tag_params_strings) . '>' . $message . ' ' . $displayed_message . '</a>' . "\n"; if ($new_form) { $ret .= '</form>'; } } // end if... else... return $ret; }
$GLOBALS['js_include'][] = 'tooltip.js'; $GLOBALS['js_events'][] = array('object' => 'window', 'event' => 'load', 'function' => 'PMA_TT_init'); foreach ($GLOBALS['js_include'] as $js_script_file) { echo '<script src="./js/' . $js_script_file . '" type="text/javascript"></script>' . "\n"; } ?> <script type="text/javascript"> // <![CDATA[ // Updates the title of the frameset if possible (ns4 does not allow this) if (typeof(parent.document) != 'undefined' && typeof(parent.document) != 'unknown' && typeof(parent.document.title) == 'string') { parent.document.title = '<?php echo PMA_sanitize(PMA_escapeJsString($title)); ?> '; } var PMA_messages = new Array(); <?php foreach ($GLOBALS['js_messages'] as $name => $js_message) { echo "PMA_messages['" . $name . "'] = '" . PMA_escapeJsString($js_message) . "';\n"; } foreach ($GLOBALS['js_events'] as $js_event) { echo "window.parent.addEvent(" . $js_event['object'] . ", '" . $js_event['event'] . "', " . $js_event['function'] . ");\n"; } ?> // ]]> </script> <?php // Reloads the navigation frame via JavaScript if required PMA_reloadNavigation();
/** * Prepares data for input field display and outputs HTML code * * @uses ConfigFile::get() * @uses ConfigFile::getDefault() * @uses ConfigFile::getInstance() * @uses display_group_footer() * @uses display_group_header() * @uses display_input() * @uses Form::getOptionType() * @uses Form::getOptionValueList() * @uses PMA_escapeJsString() * @uses PMA_lang_desc() * @uses PMA_lang_name() * @param Form $form * @param string $field field name as it appears in $form * @param string $system_path field path, eg. Servers/1/verbose * @param string $work_path work path, eg. Servers/4/verbose * @param string $translated_path work path changed so that it can be used as XHTML id * @param bool $show_restore_default whether show "restore default" button besides the input field * @param mixed $userprefs_allow whether user preferences are enabled for this field * (null - no support, true/false - enabled/disabled) * @param array &$js_default array which stores JavaScript code to be displayed */ private function _displayFieldInput(Form $form, $field, $system_path, $work_path, $translated_path, $show_restore_default, $userprefs_allow, array &$js_default) { $name = PMA_lang_name($system_path); $description = PMA_lang_name($system_path, 'desc', ''); $cf = ConfigFile::getInstance(); $value = $cf->get($work_path); $value_default = $cf->getDefault($system_path); $value_is_default = false; if ($value === null || $value === $value_default) { $value = $value_default; $value_is_default = true; } $opts = array('doc' => $this->getDocLink($system_path), 'wiki' => $this->getWikiLink($system_path), 'show_restore_default' => $show_restore_default, 'userprefs_allow' => $userprefs_allow, 'userprefs_comment' => PMA_lang_name($system_path, 'cmt', '')); if (isset($form->default[$system_path])) { $opts['setvalue'] = $form->default[$system_path]; } if (isset($this->errors[$work_path])) { $opts['errors'] = $this->errors[$work_path]; } switch ($form->getOptionType($field)) { case 'string': $type = 'text'; break; case 'short_string': $type = 'short_text'; break; case 'double': case 'integer': $type = 'number_text'; break; case 'boolean': $type = 'checkbox'; break; case 'select': $type = 'select'; $opts['values'] = $form->getOptionValueList($form->fields[$field]); break; case 'array': $type = 'list'; $value = (array) $value; $value_default = (array) $value_default; break; case 'group': if (substr($field, 7, 4) != 'end:') { // :group:end is changed to :group:end:{unique id} in Form class display_group_header(substr($field, 7)); } else { display_group_footer(); } return; case 'NULL': trigger_error("Field {$system_path} has no type", E_USER_WARNING); return; } // TrustedProxies requires changes before displaying if ($system_path == 'TrustedProxies') { foreach ($value as $ip => &$v) { if (!preg_match('/^-\\d+$/', $ip)) { $v = $ip . ': ' . $v; } } } $this->_setComments($system_path, $opts); // send default value to form's JS $js_line = '\'' . $translated_path . '\': '; switch ($type) { case 'text': case 'short_text': case 'number_text': $js_line .= '\'' . PMA_escapeJsString($value_default) . '\''; break; case 'checkbox': $js_line .= $value_default ? 'true' : 'false'; break; case 'select': $value_default_js = is_bool($value_default) ? (int) $value_default : $value_default; $js_line .= '[\'' . PMA_escapeJsString($value_default_js) . '\']'; break; case 'list': $js_line .= '\'' . PMA_escapeJsString(implode("\n", $value_default)) . '\''; break; } $js_default[] = $js_line; display_input($translated_path, $name, $description, $type, $value, $value_is_default, $opts); }
/** * Prints javascript for upload with plugin, upload process bar * * @param int $upload_id The selected upload id * * @return string */ function PMA_getHtmlForImportWithPlugin($upload_id) { //some variable for javascript $ajax_url = "import_status.php?id=" . $upload_id . "&" . PMA_URL_getCommon(array('import_status' => 1), 'text'); $promot_str = PMA_jsFormat(__('The file being uploaded is probably larger than ' . 'the maximum allowed size or this is a known bug in webkit ' . 'based (Safari, Google Chrome, Arora etc.) browsers.'), false); $statustext_str = PMA_escapeJsString(__('%s of %s')); $upload_str = PMA_jsFormat(__('Uploading your import file…'), false); $second_str = PMA_jsFormat(__('%s/sec.'), false); $remaining_min = PMA_jsFormat(__('About %MIN min. %SEC sec. remaining.'), false); $remaining_second = PMA_jsFormat(__('About %SEC sec. remaining.'), false); $processed_str = PMA_jsFormat(__('The file is being processed, please be patient.'), false); $import_url = PMA_URL_getCommon(array('import_status' => 1), 'text'); //start output $html = 'var finished = false; '; $html .= 'var percent = 0.0; '; $html .= 'var total = 0; '; $html .= 'var complete = 0; '; $html .= 'var original_title = ' . 'parent && parent.document ? parent.document.title : false; '; $html .= 'var import_start; '; $html .= 'var perform_upload = function () { '; $html .= 'new $.getJSON( '; $html .= ' "' . $ajax_url . '", '; $html .= ' {}, '; $html .= ' function(response) { '; $html .= ' finished = response.finished; '; $html .= ' percent = response.percent; '; $html .= ' total = response.total; '; $html .= ' complete = response.complete; '; $html .= ' if (total==0 && complete==0 && percent==0) { '; $img_tag = '<img src="' . $GLOBALS['pmaThemeImage'] . 'ajax_clock_small.gif"'; $html .= ' $("#upload_form_status_info").html(\'' . $img_tag . ' width="16" height="16" alt="ajax clock" /> ' . $promot_str . '\'); '; $html .= ' $("#upload_form_status").css("display", "none"); '; $html .= ' } else { '; $html .= ' var now = new Date(); '; $html .= ' now = Date.UTC( '; $html .= ' now.getFullYear(), '; $html .= ' now.getMonth(), '; $html .= ' now.getDate(), '; $html .= ' now.getHours(), '; $html .= ' now.getMinutes(), '; $html .= ' now.getSeconds()) '; $html .= ' + now.getMilliseconds() - 1000; '; $html .= ' var statustext = PMA_sprintf('; $html .= ' "' . $statustext_str . '", '; $html .= ' formatBytes( '; $html .= ' complete, 1, PMA_messages.strDecimalSeparator'; $html .= ' ), '; $html .= ' formatBytes('; $html .= ' total, 1, PMA_messages.strDecimalSeparator'; $html .= ' ) '; $html .= ' ); '; $html .= ' if ($("#importmain").is(":visible")) { '; // show progress UI $html .= ' $("#importmain").hide(); '; $html .= ' $("#import_form_status") '; $html .= ' .html(\'<div class="upload_progress">' . '<div class="upload_progress_bar_outer"><div class="percentage">' . '</div><div id="status" class="upload_progress_bar_inner">' . '<div class="percentage"></div></div></div><div>' . '<img src="' . $GLOBALS['pmaThemeImage'] . 'ajax_clock_small.gif" width="16" height="16" alt="ajax clock" /> ' . $upload_str . '</div><div id="statustext"></div></div>\') '; $html .= ' .show(); '; $html .= ' import_start = now; '; $html .= ' } '; $html .= ' else if (percent > 9 || complete > 2000000) { '; // calculate estimated time $html .= ' var used_time = now - import_start; '; $html .= ' var seconds = ' . 'parseInt(((total - complete) / complete) * used_time / 1000); '; $html .= ' var speed = PMA_sprintf("' . $second_str . '"'; $html .= ' , formatBytes(complete / used_time * 1000, 1,' . ' PMA_messages.strDecimalSeparator)); '; $html .= ' var minutes = parseInt(seconds / 60); '; $html .= ' seconds %= 60; '; $html .= ' var estimated_time; '; $html .= ' if (minutes > 0) { '; $html .= ' estimated_time = "' . $remaining_min . '"'; $html .= ' .replace("%MIN", minutes)'; $html .= ' .replace("%SEC", seconds); '; $html .= ' } '; $html .= ' else { '; $html .= ' estimated_time = "' . $remaining_second . '"'; $html .= ' .replace("%SEC", seconds); '; $html .= ' } '; $html .= ' statustext += "<br />" + speed + "<br /><br />" ' . '+ estimated_time; '; $html .= ' } '; $html .= ' var percent_str = Math.round(percent) + "%"; '; $html .= ' $("#status").animate({width: percent_str}, 150); '; $html .= ' $(".percentage").text(percent_str); '; // show percent in window title $html .= ' if (original_title !== false) { '; $html .= ' parent.document.title '; $html .= ' = percent_str + " - " + original_title; '; $html .= ' } '; $html .= ' else { '; $html .= ' document.title '; $html .= ' = percent_str + " - " + original_title; '; $html .= ' } '; $html .= ' $("#statustext").html(statustext); '; $html .= ' } '; $html .= ' if (finished == true) { '; $html .= ' if (original_title !== false) { '; $html .= ' parent.document.title = original_title; '; $html .= ' } '; $html .= ' else { '; $html .= ' document.title = original_title; '; $html .= ' } '; $html .= ' $("#importmain").hide(); '; // loads the message, either success or mysql error $html .= ' $("#import_form_status") '; $html .= ' .html(\'<img src="' . $GLOBALS['pmaThemeImage'] . 'ajax_clock_small.gif" width="16" height="16" alt="ajax clock" /> ' . $processed_str . '\')'; $html .= ' .show(); '; $html .= ' $("#import_form_status").load("import_status.php?' . 'message=true&' . $import_url . '"); '; $html .= ' PMA_reloadNavigation(); '; // if finished $html .= ' } '; $html .= ' else { '; $html .= ' setTimeout(perform_upload, 1000); '; $html .= ' } '; $html .= '}); '; $html .= '}; '; $html .= 'setTimeout(perform_upload, 1000); '; return $html; }
/** * Get HTML for foreign link in insert form * * @param array $column description of column in given table * @param string $backup_field hidden input field * @param string $column_name_appendix the name atttibute * @param string $unnullify_trigger validation string * @param integer $tabindex tab index * @param integer $tabindex_for_value offset for the values tabindex * @param integer $idindex id index * @param array $data data to edit * @param array $paramTableDbArray array containing $db and $table * @param array $rownumber_param &rownumber=row_id * @param array $titles An HTML IMG tag for a particular icon from * a theme, which may be an actual file or * an icon from a sprite * * @return string an html snippet */ function PMA_getForeignLink($column, $backup_field, $column_name_appendix, $unnullify_trigger, $tabindex, $tabindex_for_value, $idindex, $data, $paramTableDbArray, $rownumber_param, $titles) { list($db, $table) = $paramTableDbArray; $html_output = ''; $html_output .= $backup_field . "\n"; $html_output .= '<input type="hidden" name="fields_type' . $column_name_appendix . '" value="foreign" />'; $html_output .= '<input type="text" name="fields' . $column_name_appendix . '" ' . 'class="textfield" ' . $unnullify_trigger . ' ' . 'tabindex="' . ($tabindex + $tabindex_for_value) . '" ' . 'id="field_' . $idindex . '_3" ' . 'value="' . htmlspecialchars($data) . '" />'; $html_output .= '<a class="hide foreign_values_anchor" target="_blank" ' . 'onclick="window.open(this.href,\'foreigners\', \'width=640,height=240,scrollbars=yes,resizable=yes\'); return false;" ' . 'href="browse_foreigners.php?' . PMA_generate_common_url($db, $table) . '&field=' . PMA_escapeJsString(urlencode($column['Field']) . $rownumber_param) . '">' . str_replace("'", "\\'", $titles['Browse']) . '</a>'; return $html_output; }
/** * Renders the footer * * @return string */ public function getDisplay() { $retval = ''; $this->_setHistory(); if ($this->_isEnabled) { if (!$this->_isAjax) { $retval .= "</div>"; } if (!$this->_isAjax && !$this->_isMinimal) { if (PMA_getenv('SCRIPT_NAME') && empty($_POST) && empty($GLOBALS['checked_special']) && !$this->_isAjax) { $url = $this->getSelfUrl('unencoded'); $header = PMA_Response::getInstance()->getHeader(); $scripts = $header->getScripts()->getFiles(); $menuHash = $header->getMenu()->getHash(); // prime the client-side cache $this->_scripts->addCode(sprintf('AJAX.cache.primer = {' . ' url: "%s",' . ' scripts: %s,' . ' menuHash: "%s"' . '};', PMA_escapeJsString($url), json_encode($scripts), PMA_escapeJsString($menuHash))); $url = $this->getSelfUrl(); $retval .= $this->_getSelfLink($url); } $retval .= $this->_getDebugMessage(); $retval .= $this->getErrorMessages(); $retval .= $this->_scripts->getDisplay(); if ($GLOBALS['cfg']['DBG']['demo']) { $retval .= '<div id="pma_demo">'; $retval .= $this->_getDemoMessage(); $retval .= '</div>'; } // Include possible custom footers if (file_exists(CUSTOM_FOOTER_FILE)) { $retval .= '<div id="pma_footer">'; ob_start(); include CUSTOM_FOOTER_FILE; $retval .= ob_get_contents(); ob_end_clean(); $retval .= '</div>'; } } if (!$this->_isAjax) { $retval .= "</body></html>"; } } return $retval; }
} } ?> </tbody> </table> <?php } ?> </form> <form method="post" action="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('report' => 'true', 'version' => $_REQUEST['version'])); ?> "> <?php printf(__('Show %s with dates from %s to %s by user %s %s'), $str1, $str2, $str3, $str4, $str5); $str_export1 = '<select name="export_type">' . '<option value="sqldumpfile">' . __('SQL dump (file download)') . '</option>' . '<option value="sqldump">' . __('SQL dump') . '</option>' . '<option value="execution" onclick="alert(\'' . PMA_escapeJsString(__('This option will replace your table and contained data.')) . '\')">' . __('SQL execution') . '</option>' . '</select>'; $str_export2 = '<input type="submit" name="report_export" value="' . __('Go') . '" />'; ?> </form> <form method="post" action="tbl_tracking.php<?php echo PMA_generate_common_url($url_params + array('report' => 'true', 'version' => $_REQUEST['version'])); ?> "> <input type="hidden" name="logtype" value="<?php echo htmlspecialchars($_REQUEST['logtype']); ?> " /> <input type="hidden" name="date_from" value="<?php echo htmlspecialchars($_REQUEST['date_from']); ?> " />
/** * Renders all the JavaScript file inclusions, code and events * * @return string */ public function getDisplay() { $retval = ''; if (count($this->_files) > 0) { $retval .= $this->_includeFiles($this->_files); } $code = 'AJAX.scriptHandler'; foreach ($this->_files as $file) { $code .= sprintf('.add("%s",%d)', PMA_escapeJsString($file['filename']), $file['has_onload'] ? 1 : 0); } $code .= ';'; $this->addCode($code); $code = '$(function() {'; foreach ($this->_files as $file) { if ($file['has_onload']) { $code .= 'AJAX.fireOnload("'; $code .= PMA_escapeJsString($file['filename']); $code .= '");'; } } $code .= '});'; $this->addCode($code); $retval .= '<script type="text/javascript">'; $retval .= "// <![CDATA[\n"; $retval .= $this->_code; foreach ($this->_events as $js_event) { $retval .= sprintf("\$(window).bind('%s', %s);\n", $js_event['event'], $js_event['function']); } $retval .= '// ]]>'; $retval .= '</script>'; return $retval; }
/** * Prepares data for input field display and outputs HTML code * * @param Form $form * @param string $field field name as it appears in $form * @param string $system_path field path, eg. Servers/1/verbose * @param string $work_path work path, eg. Servers/4/verbose * @param string $translated_path work path changed so that it can be used as XHTML id * @param bool $show_restore_default whether show "restore default" button besides the input field * @param array &$js_default array which stores JavaScript code to be displayed */ private function _displayFieldInput(Form $form, $field, $system_path, $work_path, $translated_path, $show_restore_default, array &$js_default) { $name = PMA_lang_name($system_path); $description = PMA_lang_desc($system_path); $cf = ConfigFile::getInstance(); $value = $cf->get($work_path); $value_default = $cf->getDefault($system_path); $value_is_default = false; if ($value === null || $value === $value_default) { $value = $value_default; $value_is_default = true; } $opts = array('doc' => $this->getDocLink($system_path), 'wiki' => $this->getWikiLink($system_path), 'show_restore_default' => $show_restore_default); if (isset($form->default[$system_path])) { $opts['setvalue'] = $form->default[$system_path]; } if (isset($this->errors[$work_path])) { $opts['errors'] = $this->errors[$work_path]; } switch ($form->getOptionType($field)) { case 'string': $type = 'text'; break; case 'double': $type = 'text'; break; case 'integer': $type = 'text'; break; case 'boolean': $type = 'checkbox'; break; case 'select': $type = 'select'; $opts['values'] = array(); $values = $form->getOptionValueList($form->fields[$field]); foreach ($values as $v) { $opts['values'][$v] = $v; } break; case 'array': $type = 'list'; $value = (array) $value; $value_default = (array) $value_default; break; case 'NULL': trigger_error("Field {$system_path} has no type", E_USER_WARNING); return; } // TrustedProxies requires changes before displaying if ($system_path == 'TrustedProxies') { foreach ($value as $ip => &$v) { if (!preg_match('/^-\\d+$/', $ip)) { $v = $ip . ': ' . $v; } } } // send default value to form's JS $js_line = '\'' . $translated_path . '\': '; switch ($type) { case 'text': $js_line .= '\'' . PMA_escapeJsString($value_default) . '\''; break; case 'checkbox': $js_line .= $value_default ? 'true' : 'false'; break; case 'select': $value_default_js = is_bool($value_default) ? (int) $value_default : $value_default; $js_line .= '[\'' . PMA_escapeJsString($value_default_js) . '\']'; break; case 'list': $js_line .= '\'' . PMA_escapeJsString(implode("\n", $value_default)) . '\''; break; } $js_default[] = $js_line; display_input($translated_path, $name, $description, $type, $value, $value_is_default, $opts); }
/** * Test for PMA_sendHeaderLocation * * @return void */ public function testSendHeaderLocationIisLongUri() { $GLOBALS['PMA_Config']->set('PMA_IS_IIS', true); // over 600 chars $testUri = 'http://testurl.com/test.php?testlonguri=over600chars&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test&test=test&test=test&test=test&test=test' . '&test=test&test=test'; $testUri_html = htmlspecialchars($testUri); $testUri_js = PMA_escapeJsString($testUri); $header = "<html><head><title>- - -</title>\n <meta http-equiv=\"expires\" content=\"0\">" . "<meta http-equiv=\"Pragma\" content=\"no-cache\">" . "<meta http-equiv=\"Cache-Control\" content=\"no-cache\">" . "<meta http-equiv=\"Refresh\" content=\"0;url=" . $testUri_html . "\">" . "<script type=\"text/javascript\">//<![CDATA[\n setTimeout(\"window.location = decodeURI('" . $testUri_js . "')\", 2000);\n //]]></script></head>\n<body><script type=\"text/javascript\">//<![CDATA[\n document.write('<p><a href=\"" . $testUri_html . "\">" . __('Go') . "</a></p>');\n //]]></script></body></html>\n"; $this->expectOutputString($header); $restoreInstance = PMA\libraries\Response::getInstance(); $mockResponse = $this->getMockBuilder('PMA\\libraries\\Response')->disableOriginalConstructor()->setMethods(array('disable', 'header', 'headersSent'))->getMock(); $mockResponse->expects($this->once())->method('disable'); $mockResponse->expects($this->any())->method('headersSent')->with()->will($this->returnValue(false)); $attrInstance = new ReflectionProperty('PMA\\libraries\\Response', '_instance'); $attrInstance->setAccessible(true); $attrInstance->setValue($mockResponse); PMA_sendHeaderLocation($testUri); $attrInstance->setValue($restoreInstance); }
/** * Prints table row * * $rows contains following keys: * - src_table_name - source server table name * - dst_table_name - target server table name * - btn_type - 'M' or 'U' * - btn_structure - null or arguments for showDetails in server_synchronize.js (without img_obj and table_name): * i, update_size, insert_size, remove_size, insert_index, remove_index * * @param array $rows */ function PMA_syncDisplayDataCompare($rows) { global $pmaThemeImage; $odd_row = true; foreach ($rows as $row) { echo '<tr class=" ' . ($odd_row ? 'odd' : 'even') . '">'; echo '<td>' . htmlspecialchars($row['src_table_name']) . '</td><td style="text-align:center">'; if (isset($row['btn_structure']) && $row['btn_structure']) { // parameters: i, update_size, insert_size, remove_size, insert_index, remove_index $p = $row['btn_structure']; $p[0] = $row['btn_type'] . 'S' . $p[0]; echo '<img class="icon struct_img" src="' . $pmaThemeImage . 'new_struct.png" width="16" height="16" alt="Structure" title="' . __('Click to select') . '" style="cursor:pointer" onclick="showDetails(' . "'" . implode($p, "','") . "'" . ', this, ' . "'" . PMA_escapeJsString(htmlspecialchars($row['src_table_name'])) . "'" . ')" /> '; } if (isset($row['btn_data']) && $row['btn_data']) { // parameters: i, update_size, insert_size, remove_size, insert_index, remove_index $p = $row['btn_data']; $p[0] = $row['btn_type'] . 'D' . $p[0]; echo '<img class="icon data_img" src="' . $pmaThemeImage . 'new_data.png" width="16" height="16" alt="Data" title="' . __('Click to select') . '" style="cursor:pointer" onclick="showDetails(' . "'" . implode($p, "','") . "'" . ', this, ' . "'" . PMA_escapeJsString(htmlspecialchars($row['src_table_name'])) . "'" . ')" />'; } echo '</td><td>' . htmlspecialchars($row['dst_table_name']) . '</td></tr>'; $odd_row = !$odd_row; } }
/** * Send HTTP header, taking IIS limits into account (600 seems ok) * * @param string $uri the header to send * @param bool $use_refresh whether to use Refresh: header when running on IIS * * @return boolean always true */ function PMA_sendHeaderLocation($uri, $use_refresh = false) { if (PMA_IS_IIS && strlen($uri) > 600) { include_once './libraries/js_escape.lib.php'; PMA_Response::getInstance()->disable(); echo '<html><head><title>- - -</title>' . "\n"; echo '<meta http-equiv="expires" content="0">' . "\n"; echo '<meta http-equiv="Pragma" content="no-cache">' . "\n"; echo '<meta http-equiv="Cache-Control" content="no-cache">' . "\n"; echo '<meta http-equiv="Refresh" content="0;url=' . htmlspecialchars($uri) . '">' . "\n"; echo '<script type="text/javascript">' . "\n"; echo '//<![CDATA[' . "\n"; echo 'setTimeout("window.location = unescape(\'"' . PMA_escapeJsString($uri) . '"\')", 2000);' . "\n"; echo '//]]>' . "\n"; echo '</script>' . "\n"; echo '</head>' . "\n"; echo '<body>' . "\n"; echo '<script type="text/javascript">' . "\n"; echo '//<![CDATA[' . "\n"; echo 'document.write(\'<p><a href="' . htmlspecialchars($uri) . '">' . __('Go') . '</a></p>\');' . "\n"; echo '//]]>' . "\n"; echo '</script></body></html>' . "\n"; return; } if (SID) { if (strpos($uri, '?') === false) { header('Location: ' . $uri . '?' . SID); } else { $separator = PMA_URL_getArgSeparator(); header('Location: ' . $uri . $separator . SID); } return; } session_write_close(); if (headers_sent()) { if (function_exists('debug_print_backtrace')) { echo '<pre>'; debug_print_backtrace(); echo '</pre>'; } trigger_error('PMA_sendHeaderLocation called when headers are already sent!', E_USER_ERROR); } // bug #1523784: IE6 does not like 'Refresh: 0', it // results in a blank page // but we need it when coming from the cookie login panel) if (PMA_IS_IIS && $use_refresh) { header('Refresh: 0; ' . $uri); } else { header('Location: ' . $uri); } }
/** * PMA_escapeJsString tests * * @param string $target expected output * @param string $source string to be escaped * * @return void * @dataProvider escapeDataProvider */ public function testEscape($target, $source) { $this->assertEquals($target, PMA_escapeJsString($source)); }