/**
* Sends header indicating file download.
*
* @param string $filename Filename to include in headers if empty,
* none Content-Disposition header will be sent.
* @param string $mimetype MIME type to include in headers.
* @param int $length Length of content (optional)
* @param bool $no_cache Whether to include no-caching headers.
*
* @return void
*/
function PMA_downloadHeader($filename, $mimetype, $length = 0, $no_cache = true)
{
if ($no_cache) {
PMA_noCacheHeader();
}
/* Replace all possibly dangerous chars in filename */
$filename = str_replace(array(';', '"', "\n", "\r"), '-', $filename);
if (!empty($filename)) {
header('Content-Description: File Transfer');
header('Content-Disposition: attachment; filename="' . $filename . '"');
}
header('Content-Type: ' . $mimetype);
// inform the server that compression has been done,
// to avoid a double compression (for example with Apache + mod_deflate)
if (strpos($mimetype, 'gzip') !== false) {
header('Content-Encoding: gzip');
}
header('Content-Transfer-Encoding: binary');
if ($length > 0) {
header('Content-Length: ' . $length);
}
}
require_once 'libraries/display_import_ajax.lib.php';
if (defined('SESSIONUPLOAD')) {
// write sessionupload back into the loaded PMA session
$sessionupload = unserialize(SESSIONUPLOAD);
foreach ($sessionupload as $key => $value) {
$_SESSION[$key] = $value;
}
// remove session upload data that are not set anymore
foreach ($_SESSION as $key => $value) {
if (substr($key, 0, strlen(UPLOAD_PREFIX)) == UPLOAD_PREFIX && !isset($sessionupload[$key])) {
unset($_SESSION[$key]);
}
}
}
// AJAX requests can't be cached!
PMA_noCacheHeader();
// $_GET["message"] is used for asking for an import message
if (isset($_GET["message"]) && $_GET["message"]) {
header('Content-type: text/html');
// wait 0.3 sec before we check for $_SESSION variable,
// which is set inside import.php
usleep(300000);
// wait until message is available
while ($_SESSION['Import_message']['message'] == null) {
usleep(250000);
// 0.25 sec
}
echo $_SESSION['Import_message']['message'];
echo '<fieldset class="tblFooters">' . "\n";
echo ' [ <a href="' . $_SESSION['Import_message']['go_back_url'] . '">' . __('Back') . '</a> ]' . "\n";
echo '</fieldset>' . "\n";
/**
* Sends out the HTTP headers
*
* @return void
*/
public function sendHttpHeaders()
{
if (defined('TESTSUITE') && !defined('PMA_TEST_HEADERS')) {
return;
}
if ($GLOBALS['PMA_Config']->isHttps()) {
$map_tile_urls = '';
} else {
$map_tile_urls = ' *.tile.openstreetmap.org *.tile.opencyclemap.org';
}
/**
* Sends http headers
*/
$GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT';
if (!empty($GLOBALS['cfg']['CaptchaLoginPrivateKey']) && !empty($GLOBALS['cfg']['CaptchaLoginPublicKey'])) {
$captcha_url = ' https://www.google.com https://www.gstatic.com ';
} else {
$captcha_url = '';
}
/* Prevent against ClickJacking by disabling framing */
if (!$GLOBALS['cfg']['AllowThirdPartyFraming']) {
header('X-Frame-Options: DENY');
}
header("Content-Security-Policy: default-src 'self' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ';' . "script-src 'self' 'unsafe-inline' 'unsafe-eval' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ';' . ";" . "style-src 'self' 'unsafe-inline' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ";" . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . $map_tile_urls . $captcha_url . ";");
header("X-Content-Security-Policy: default-src 'self' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ';' . "options inline-script eval-script;" . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . $map_tile_urls . $captcha_url . ";");
header("X-WebKit-CSP: default-src 'self' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ';' . "script-src 'self' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . " 'unsafe-inline' 'unsafe-eval';" . "style-src 'self' 'unsafe-inline' " . $captcha_url . ';' . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . $map_tile_urls . $captcha_url . ";");
PMA_noCacheHeader();
if (!defined('IS_TRANSFORMATION_WRAPPER')) {
// Define the charset to be used
header('Content-Type: text/html; charset=utf-8');
}
$this->_headerIsSent = true;
}
/**
* Sends header indicating file download.
*
* @param string $filename Filename to include in headers if empty,
* none Content-Disposition header will be sent.
* @param string $mimetype MIME type to include in headers.
* @param int $length Length of content (optional)
* @param bool $no_cache Whether to include no-caching headers.
*
* @return void
*/
function PMA_downloadHeader($filename, $mimetype, $length = 0, $no_cache = true)
{
if ($no_cache) {
PMA_noCacheHeader();
}
/* Replace all possibly dangerous chars in filename */
$filename = Sanitize::sanitizeFilename($filename);
if (!empty($filename)) {
header('Content-Description: File Transfer');
header('Content-Disposition: attachment; filename="' . $filename . '"');
}
header('Content-Type: ' . $mimetype);
// inform the server that compression has been done,
// to avoid a double compression (for example with Apache + mod_deflate)
$notChromeOrLessThan43 = PMA_USR_BROWSER_AGENT != 'CHROME' || PMA_USR_BROWSER_AGENT == 'CHROME' && PMA_USR_BROWSER_VER < 43;
if (strpos($mimetype, 'gzip') !== false && $notChromeOrLessThan43) {
header('Content-Encoding: gzip');
}
header('Content-Transfer-Encoding: binary');
if ($length > 0) {
header('Content-Length: ' . $length);
}
}
/**
* Sends header indicating file download.
*
* @param string $filename Filename to include in headers if empty,
* none Content-Disposition header will be sent.
* @param string $mimetype MIME type to include in headers.
* @param int $length Length of content (optional)
* @param bool $no_cache Whether to include no-caching headers.
*
* @return void
*/
function PMA_downloadHeader($filename, $mimetype, $length = 0, $no_cache = true)
{
if ($no_cache) {
PMA_noCacheHeader();
}
/* Replace all possibly dangerous chars in filename */
$filename = str_replace(array(';', '"', "\n", "\r"), '-', $filename);
if (!empty($filename)) {
header('Content-Description: File Transfer');
header('Content-Disposition: attachment; filename="' . $filename . '"');
}
header('Content-Type: ' . $mimetype);
header('Content-Transfer-Encoding: binary');
if ($length > 0) {
header('Content-Length: ' . $length);
}
}
/**
* Sends out the HTTP headers
*
* @return void
*/
public function sendHttpHeaders()
{
$https = $GLOBALS['PMA_Config']->isHttps();
$mapTilesUrls = ' *.tile.openstreetmap.org *.tile.opencyclemap.org';
/**
* Sends http headers
*/
$GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT';
if (!defined('TESTSUITE')) {
/* Prevent against ClickJacking by disabling framing */
if (!$GLOBALS['cfg']['AllowThirdPartyFraming']) {
header('X-Frame-Options: DENY');
}
header("X-Content-Security-Policy: default-src 'self' " . $GLOBALS['cfg']['CSPAllow'] . ';' . "options inline-script eval-script;" . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . ($https ? "" : $mapTilesUrls) . ";");
if (PMA_USR_BROWSER_AGENT == 'SAFARI' && PMA_USR_BROWSER_VER < '6.0.0') {
header("X-WebKit-CSP: allow 'self' " . $GLOBALS['cfg']['CSPAllow'] . ';' . "options inline-script eval-script;" . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . ($https ? "" : $mapTilesUrls) . ";");
} else {
header("X-WebKit-CSP: default-src 'self' " . $GLOBALS['cfg']['CSPAllow'] . ';' . "script-src 'self' " . $GLOBALS['cfg']['CSPAllow'] . " 'unsafe-inline' 'unsafe-eval';" . "style-src 'self' 'unsafe-inline';" . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . ($https ? "" : $mapTilesUrls) . ";");
}
}
PMA_noCacheHeader();
if (!defined('IS_TRANSFORMATION_WRAPPER') && !defined('TESTSUITE')) {
// Define the charset to be used
header('Content-Type: text/html; charset=utf-8');
}
$this->_headerIsSent = true;
}
/**
* Sends out the HTTP headers
*
* @return void
*/
public function sendHttpHeaders()
{
if (defined('TESTSUITE') && !defined('PMA_TEST_HEADERS')) {
return;
}
if ($GLOBALS['PMA_Config']->isHttps()) {
$map_tile_urls = '';
} else {
$map_tile_urls = ' *.tile.openstreetmap.org *.tile.opencyclemap.org';
}
/**
* Sends http headers
*/
$GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT';
if (!empty($GLOBALS['cfg']['CaptchaLoginPrivateKey']) && !empty($GLOBALS['cfg']['CaptchaLoginPublicKey'])) {
$captcha_url = ' https://apis.google.com https://www.google.com/recaptcha/' . ' https://www.gstatic.com/recaptcha/ https://ssl.gstatic.com/ ';
} else {
$captcha_url = '';
}
/* Prevent against ClickJacking by disabling framing */
if (!$GLOBALS['cfg']['AllowThirdPartyFraming']) {
header('X-Frame-Options: DENY');
}
header("Content-Security-Policy: default-src 'self' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ';' . "script-src 'self' 'unsafe-inline' 'unsafe-eval' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ';' . ";" . "style-src 'self' 'unsafe-inline' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ";" . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . $map_tile_urls . $captcha_url . ";");
header("X-Content-Security-Policy: default-src 'self' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ';' . "options inline-script eval-script;" . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . $map_tile_urls . $captcha_url . ";");
header("X-WebKit-CSP: default-src 'self' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ';' . "script-src 'self' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . " 'unsafe-inline' 'unsafe-eval';" . "style-src 'self' 'unsafe-inline' " . $captcha_url . ';' . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . $map_tile_urls . $captcha_url . ";");
// Re-enable possible disabled XSS filters
// see https://www.owasp.org/index.php/List_of_useful_HTTP_headers
header('X-XSS-Protection: 1; mode=block');
// "nosniff", prevents Internet Explorer and Google Chrome from MIME-sniffing
// a response away from the declared content-type
// see https://www.owasp.org/index.php/List_of_useful_HTTP_headers
header('X-Content-Type-Options: nosniff');
// Adobe cross-domain-policies
// see http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
header('X-Permitted-Cross-Domain-Policies: none');
PMA_noCacheHeader();
if (!defined('IS_TRANSFORMATION_WRAPPER')) {
// Define the charset to be used
header('Content-Type: text/html; charset=utf-8');
}
$this->_headerIsSent = true;
}
/**
* Sends out the HTTP headers
*
* @return void
*/
public function sendHttpHeaders()
{
/**
* Sends http headers
*/
$GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT';
/* Prevent against ClickJacking by allowing frames only from same origin */
if (!$GLOBALS['cfg']['AllowThirdPartyFraming'] && !defined('TESTSUITE')) {
header('X-Frame-Options: SAMEORIGIN');
header("X-Content-Security-Policy: allow 'self'; " . "options inline-script eval-script; " . "frame-ancestors 'self'; img-src 'self' data:; " . "script-src 'self' http://www.phpmyadmin.net");
header("X-WebKit-CSP: allow 'self' http://www.phpmyadmin.net; " . "options inline-script eval-script");
}
PMA_noCacheHeader();
if (!defined('IS_TRANSFORMATION_WRAPPER') && !defined('TESTSUITE')) {
// Define the charset to be used
header('Content-Type: text/html; charset=utf-8');
}
$this->_headerIsSent = true;
}
