/** * Sends header indicating file download. * * @param string $filename Filename to include in headers if empty, * none Content-Disposition header will be sent. * @param string $mimetype MIME type to include in headers. * @param int $length Length of content (optional) * @param bool $no_cache Whether to include no-caching headers. * * @return void */ function PMA_downloadHeader($filename, $mimetype, $length = 0, $no_cache = true) { if ($no_cache) { PMA_noCacheHeader(); } /* Replace all possibly dangerous chars in filename */ $filename = str_replace(array(';', '"', "\n", "\r"), '-', $filename); if (!empty($filename)) { header('Content-Description: File Transfer'); header('Content-Disposition: attachment; filename="' . $filename . '"'); } header('Content-Type: ' . $mimetype); // inform the server that compression has been done, // to avoid a double compression (for example with Apache + mod_deflate) if (strpos($mimetype, 'gzip') !== false) { header('Content-Encoding: gzip'); } header('Content-Transfer-Encoding: binary'); if ($length > 0) { header('Content-Length: ' . $length); } }
require_once 'libraries/display_import_ajax.lib.php'; if (defined('SESSIONUPLOAD')) { // write sessionupload back into the loaded PMA session $sessionupload = unserialize(SESSIONUPLOAD); foreach ($sessionupload as $key => $value) { $_SESSION[$key] = $value; } // remove session upload data that are not set anymore foreach ($_SESSION as $key => $value) { if (substr($key, 0, strlen(UPLOAD_PREFIX)) == UPLOAD_PREFIX && !isset($sessionupload[$key])) { unset($_SESSION[$key]); } } } // AJAX requests can't be cached! PMA_noCacheHeader(); // $_GET["message"] is used for asking for an import message if (isset($_GET["message"]) && $_GET["message"]) { header('Content-type: text/html'); // wait 0.3 sec before we check for $_SESSION variable, // which is set inside import.php usleep(300000); // wait until message is available while ($_SESSION['Import_message']['message'] == null) { usleep(250000); // 0.25 sec } echo $_SESSION['Import_message']['message']; echo '<fieldset class="tblFooters">' . "\n"; echo ' [ <a href="' . $_SESSION['Import_message']['go_back_url'] . '">' . __('Back') . '</a> ]' . "\n"; echo '</fieldset>' . "\n";
/** * Sends out the HTTP headers * * @return void */ public function sendHttpHeaders() { if (defined('TESTSUITE') && !defined('PMA_TEST_HEADERS')) { return; } if ($GLOBALS['PMA_Config']->isHttps()) { $map_tile_urls = ''; } else { $map_tile_urls = ' *.tile.openstreetmap.org *.tile.opencyclemap.org'; } /** * Sends http headers */ $GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT'; if (!empty($GLOBALS['cfg']['CaptchaLoginPrivateKey']) && !empty($GLOBALS['cfg']['CaptchaLoginPublicKey'])) { $captcha_url = ' https://www.google.com https://www.gstatic.com '; } else { $captcha_url = ''; } /* Prevent against ClickJacking by disabling framing */ if (!$GLOBALS['cfg']['AllowThirdPartyFraming']) { header('X-Frame-Options: DENY'); } header("Content-Security-Policy: default-src 'self' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ';' . "script-src 'self' 'unsafe-inline' 'unsafe-eval' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ';' . ";" . "style-src 'self' 'unsafe-inline' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ";" . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . $map_tile_urls . $captcha_url . ";"); header("X-Content-Security-Policy: default-src 'self' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ';' . "options inline-script eval-script;" . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . $map_tile_urls . $captcha_url . ";"); header("X-WebKit-CSP: default-src 'self' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ';' . "script-src 'self' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . " 'unsafe-inline' 'unsafe-eval';" . "style-src 'self' 'unsafe-inline' " . $captcha_url . ';' . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . $map_tile_urls . $captcha_url . ";"); PMA_noCacheHeader(); if (!defined('IS_TRANSFORMATION_WRAPPER')) { // Define the charset to be used header('Content-Type: text/html; charset=utf-8'); } $this->_headerIsSent = true; }
/** * Sends header indicating file download. * * @param string $filename Filename to include in headers if empty, * none Content-Disposition header will be sent. * @param string $mimetype MIME type to include in headers. * @param int $length Length of content (optional) * @param bool $no_cache Whether to include no-caching headers. * * @return void */ function PMA_downloadHeader($filename, $mimetype, $length = 0, $no_cache = true) { if ($no_cache) { PMA_noCacheHeader(); } /* Replace all possibly dangerous chars in filename */ $filename = Sanitize::sanitizeFilename($filename); if (!empty($filename)) { header('Content-Description: File Transfer'); header('Content-Disposition: attachment; filename="' . $filename . '"'); } header('Content-Type: ' . $mimetype); // inform the server that compression has been done, // to avoid a double compression (for example with Apache + mod_deflate) $notChromeOrLessThan43 = PMA_USR_BROWSER_AGENT != 'CHROME' || PMA_USR_BROWSER_AGENT == 'CHROME' && PMA_USR_BROWSER_VER < 43; if (strpos($mimetype, 'gzip') !== false && $notChromeOrLessThan43) { header('Content-Encoding: gzip'); } header('Content-Transfer-Encoding: binary'); if ($length > 0) { header('Content-Length: ' . $length); } }
/** * Sends header indicating file download. * * @param string $filename Filename to include in headers if empty, * none Content-Disposition header will be sent. * @param string $mimetype MIME type to include in headers. * @param int $length Length of content (optional) * @param bool $no_cache Whether to include no-caching headers. * * @return void */ function PMA_downloadHeader($filename, $mimetype, $length = 0, $no_cache = true) { if ($no_cache) { PMA_noCacheHeader(); } /* Replace all possibly dangerous chars in filename */ $filename = str_replace(array(';', '"', "\n", "\r"), '-', $filename); if (!empty($filename)) { header('Content-Description: File Transfer'); header('Content-Disposition: attachment; filename="' . $filename . '"'); } header('Content-Type: ' . $mimetype); header('Content-Transfer-Encoding: binary'); if ($length > 0) { header('Content-Length: ' . $length); } }
/** * Sends out the HTTP headers * * @return void */ public function sendHttpHeaders() { $https = $GLOBALS['PMA_Config']->isHttps(); $mapTilesUrls = ' *.tile.openstreetmap.org *.tile.opencyclemap.org'; /** * Sends http headers */ $GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT'; if (!defined('TESTSUITE')) { /* Prevent against ClickJacking by disabling framing */ if (!$GLOBALS['cfg']['AllowThirdPartyFraming']) { header('X-Frame-Options: DENY'); } header("X-Content-Security-Policy: default-src 'self' " . $GLOBALS['cfg']['CSPAllow'] . ';' . "options inline-script eval-script;" . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . ($https ? "" : $mapTilesUrls) . ";"); if (PMA_USR_BROWSER_AGENT == 'SAFARI' && PMA_USR_BROWSER_VER < '6.0.0') { header("X-WebKit-CSP: allow 'self' " . $GLOBALS['cfg']['CSPAllow'] . ';' . "options inline-script eval-script;" . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . ($https ? "" : $mapTilesUrls) . ";"); } else { header("X-WebKit-CSP: default-src 'self' " . $GLOBALS['cfg']['CSPAllow'] . ';' . "script-src 'self' " . $GLOBALS['cfg']['CSPAllow'] . " 'unsafe-inline' 'unsafe-eval';" . "style-src 'self' 'unsafe-inline';" . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . ($https ? "" : $mapTilesUrls) . ";"); } } PMA_noCacheHeader(); if (!defined('IS_TRANSFORMATION_WRAPPER') && !defined('TESTSUITE')) { // Define the charset to be used header('Content-Type: text/html; charset=utf-8'); } $this->_headerIsSent = true; }
/** * Sends out the HTTP headers * * @return void */ public function sendHttpHeaders() { if (defined('TESTSUITE') && !defined('PMA_TEST_HEADERS')) { return; } if ($GLOBALS['PMA_Config']->isHttps()) { $map_tile_urls = ''; } else { $map_tile_urls = ' *.tile.openstreetmap.org *.tile.opencyclemap.org'; } /** * Sends http headers */ $GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT'; if (!empty($GLOBALS['cfg']['CaptchaLoginPrivateKey']) && !empty($GLOBALS['cfg']['CaptchaLoginPublicKey'])) { $captcha_url = ' https://apis.google.com https://www.google.com/recaptcha/' . ' https://www.gstatic.com/recaptcha/ https://ssl.gstatic.com/ '; } else { $captcha_url = ''; } /* Prevent against ClickJacking by disabling framing */ if (!$GLOBALS['cfg']['AllowThirdPartyFraming']) { header('X-Frame-Options: DENY'); } header("Content-Security-Policy: default-src 'self' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ';' . "script-src 'self' 'unsafe-inline' 'unsafe-eval' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ';' . ";" . "style-src 'self' 'unsafe-inline' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ";" . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . $map_tile_urls . $captcha_url . ";"); header("X-Content-Security-Policy: default-src 'self' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ';' . "options inline-script eval-script;" . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . $map_tile_urls . $captcha_url . ";"); header("X-WebKit-CSP: default-src 'self' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . ';' . "script-src 'self' " . $captcha_url . $GLOBALS['cfg']['CSPAllow'] . " 'unsafe-inline' 'unsafe-eval';" . "style-src 'self' 'unsafe-inline' " . $captcha_url . ';' . "img-src 'self' data: " . $GLOBALS['cfg']['CSPAllow'] . $map_tile_urls . $captcha_url . ";"); // Re-enable possible disabled XSS filters // see https://www.owasp.org/index.php/List_of_useful_HTTP_headers header('X-XSS-Protection: 1; mode=block'); // "nosniff", prevents Internet Explorer and Google Chrome from MIME-sniffing // a response away from the declared content-type // see https://www.owasp.org/index.php/List_of_useful_HTTP_headers header('X-Content-Type-Options: nosniff'); // Adobe cross-domain-policies // see http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html header('X-Permitted-Cross-Domain-Policies: none'); PMA_noCacheHeader(); if (!defined('IS_TRANSFORMATION_WRAPPER')) { // Define the charset to be used header('Content-Type: text/html; charset=utf-8'); } $this->_headerIsSent = true; }
/** * Sends out the HTTP headers * * @return void */ public function sendHttpHeaders() { /** * Sends http headers */ $GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT'; /* Prevent against ClickJacking by allowing frames only from same origin */ if (!$GLOBALS['cfg']['AllowThirdPartyFraming'] && !defined('TESTSUITE')) { header('X-Frame-Options: SAMEORIGIN'); header("X-Content-Security-Policy: allow 'self'; " . "options inline-script eval-script; " . "frame-ancestors 'self'; img-src 'self' data:; " . "script-src 'self' http://www.phpmyadmin.net"); header("X-WebKit-CSP: allow 'self' http://www.phpmyadmin.net; " . "options inline-script eval-script"); } PMA_noCacheHeader(); if (!defined('IS_TRANSFORMATION_WRAPPER') && !defined('TESTSUITE')) { // Define the charset to be used header('Content-Type: text/html; charset=utf-8'); } $this->_headerIsSent = true; }