function PMBP_getln($path, $close = false, $org_path = false) { if (!isset($GLOBALS['lnFile'])) { $GLOBALS['lnFile'] = null; } if (!$org_path) { $org_path = $path; } else { $org_path = PMBP_EXPORT_DIR . $org_path; } // gz file if (PMBP_file_info("gzip", $org_path) == "gz") { if (!$close) { if ($GLOBALS['lnFile'] == null) { $GLOBALS['lnFile'] = gzopen($path, "r"); } if (!gzeof($GLOBALS['lnFile'])) { return gzgets($GLOBALS['lnFile']); } else { $close = true; } } if ($close) { // remove the file handler @gzclose($GLOBALS['lnFile']); $GLOBALS['lnFile'] = null; return null; } // zip file } elseif (PMBP_file_info("zip", $org_path) == "zip") { if (!$close) { if ($GLOBALS['lnFile'] == null) { // try to guess the filename of the packed file // known problem: ZIP file xyz.sql.zip contains file abc.sql which already exists with different content! if (!file_exists(substr($org_path, 0, strlen($org_path) - 4))) { // extract the file include_once "pclzip.lib.php"; $pclzip = new PclZip($path); $extracted_file = $pclzip->extract(PMBP_EXPORT_DIR, ""); if ($pclzip->error_code != 0) { // print pclzip error message echo "<div class=\"red\">pclzip: " . $pclzip->error_string . "<br>" . BI_BROKEN_ZIP . "!</div>"; return false; } else { unset($pclzip); } } } // read the extracted file $line = PMBP_getln(substr($org_path, 0, strlen($org_path) - 4)); if ($line == null) { $close = true; } else { return $line; } } // remove the temporary file if ($close) { @fclose($GLOBALS['lnFile']); $GLOBALS['lnFile'] = null; @unlink(substr($org_path, 0, strlen($org_path) - 4)); return null; } // sql file } else { if (!$close) { if ($GLOBALS['lnFile'] == null) { $GLOBALS['lnFile'] = fopen($path, "r"); } if (!feof($GLOBALS['lnFile'])) { return fgets($GLOBALS['lnFile']); } else { $close = true; } } if ($close) { // remove the file handler @fclose($GLOBALS['lnFile']); $GLOBALS['lnFile'] = null; return null; } } }
echo "<script type=\"text/javascript\">\n"; // set delete to 1 to delete the renamed file afterwards echo "window.onload=popUp(\"big_import.php?fn=" . $filename . "&delete=1&dbn=" . $_POST['db'] . "\",\"" . B_IMPORT . "\",\"" . $CONF['confirm'] . "\",\"" . B_CONF_IMP . "\");\n"; echo "\n</script>"; } // standard import } else { // trim lines and remove comments $sql_file = ""; // remove comments and store sql queries in $sql_file while ($line = PMBP_getln($_FILES['sql_file']['tmp_name'], false, $_FILES['sql_file']['name'])) { if (trim($line) && substr(trim($line), 0, 1) != "#" && substr(trim($line), 0, 2) != "--") { $sql_file .= trim($line) . "\n"; } } PMBP_getln($_FILES['sql_file']['tmp_name'], true, $_FILES['sql_file']['name']); // do everything below once for the POST-data and once for the file $file_and_post = array($_POST['sql_query'], $sql_file); /* // alternative code instead of the paragraph before: // it uses exec_sql for executing the sql queries but does not output any query results!!! // extract zip file if (PMBP_file_info("comp",$_FILES['sql_file']['name'])=="zip") { include_once("pclzip.lib.php"); $pclzip = new PclZip($_FILES['sql_file']['tmp_name']); $extracted_file=$pclzip->extractByIndex(0,"./".PMBP_EXPORT_DIR,""); if ($pclzip->error_code!=0) $error="plczip: ".$pclzip->error_string."<br>".BI_BROKEN_ZIP."!"; $filename="./".PMBP_EXPORT_DIR.$extracted_file[0]["stored_filename"]; unset($pclzip); }
require_once "login.php"; // set the timelimit @set_time_limit($CONF['timelimit']); // show the requested file if (isset($_GET['view']) && file_exists($_GET['view'])) { $ext4 = substr($_GET['view'], -4); $ext5 = substr($_GET['view'], -5); $ext7 = substr($_GET['view'], -7); $ext8 = substr($_GET['view'], -8); if ($ext4 != ".php" && $ext5 != ".html" && $ext4 != ".htm" && $ext5 != ".php3" && $ext4 != ".sql" && $ext8 != ".sql.zip" && $ext7 != ".sql.gz" || substr($_GET['view'], -strlen("definitions.php")) == "definitions.php" || substr($_GET['view'], -strlen(PMBP_GLOBAL_CONF_SQL)) == PMBP_GLOBAL_CONF_SQL || substr($_GET['view'], -strlen(PMBP_GLOBAL_CONF_MU)) == PMBP_GLOBAL_CONF_MU || substr($_GET['view'], -strlen($_PMBP_GLOBAL_CONF)) == $_PMBP_GLOBAL_CONF) { echo GF_INVALID_EXT; } else { if (isset($_GET['download'])) { header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename=" . basename($_GET['view'])); readfile($_GET['view']); } else { header('Content-Type: text/html; charset=utf-8'); echo "<pre>"; while ($line = PMBP_getln($_GET['view'])) { echo htmlspecialchars($line); } PMBP_getln($_GET['view'], true); echo "</pre>"; } } } else { if (isset($_GET['view'])) { echo $_GET['view'] . " " . F_MAIL_3 . "!"; } }