/** * Test for checkParameters * * @return void */ function testCheckParameter() { $GLOBALS['PMA_PHP_SELF'] = PMA_getenv('PHP_SELF'); $GLOBALS['pmaThemePath'] = $_SESSION['PMA_Theme']->getPath(); $GLOBALS['db'] = "dbDatabase"; $GLOBALS['table'] = "tblTable"; $GLOBALS['field'] = "test_field"; $GLOBALS['sql_query'] = "SELECT * FROM tblTable;"; $this->expectOutputString(""); PMA\libraries\Util::checkParameters(array('db', 'table', 'field', 'sql_query')); }
/* vim: set expandtab sw=4 ts=4 sts=4: */ /** * Provides download to a given field defined in parameters. * * @package PhpMyAdmin */ /** * Common functions. */ // we don't want the usual PMA\libraries\Response-generated HTML above the column's // data define('PMA_BYPASS_GET_INSTANCE', 1); require_once 'libraries/common.inc.php'; require_once 'libraries/mime.lib.php'; /* Check parameters */ PMA\libraries\Util::checkParameters(array('db', 'table')); /* Select database */ if (!$GLOBALS['dbi']->selectDb($db)) { PMA\libraries\Util::mysqlDie(sprintf(__('\'%s\' database does not exist.'), htmlspecialchars($db)), '', false); } /* Check if table exists */ if (!$GLOBALS['dbi']->getColumns($db, $table)) { PMA\libraries\Util::mysqlDie(__('Invalid table name')); } /* Grab data */ $sql = 'SELECT ' . PMA\libraries\Util::backquote($_GET['transform_key']) . ' FROM ' . PMA\libraries\Util::backquote($table) . ' WHERE ' . $_GET['where_clause'] . ';'; $result = $GLOBALS['dbi']->fetchValue($sql); /* Check return code */ if ($result === false) { PMA\libraries\Util::mysqlDie(__('MySQL returned an empty result set (i.e. zero rows).'), $sql); }
$response = PMA\libraries\Response::getInstance(); $response->addJSON('console_message_id', $_POST['console_message_id']); } /** * Sets globals from $_POST patterns, for import plugins * We only need to load the selected plugin */ if (!in_array($format, array('csv', 'ldi', 'mediawiki', 'ods', 'shp', 'sql', 'xml'))) { // this should not happen for a normal user // but only during an attack PMA_fatalError('Incorrect format parameter'); } $post_patterns = array('/^force_file_/', '/^' . $format . '_/'); PMA_setPostAsGlobal($post_patterns); // Check needed parameters PMA\libraries\Util::checkParameters(array('import_type', 'format')); // We don't want anything special in format $format = PMA_securePath($format); // Create error and goto url if ($import_type == 'table') { $err_url = 'tbl_import.php' . URL::getCommon(array('db' => $db, 'table' => $table)); $_SESSION['Import_message']['go_back_url'] = $err_url; $goto = 'tbl_import.php'; } elseif ($import_type == 'database') { $err_url = 'db_import.php' . URL::getCommon(array('db' => $db)); $_SESSION['Import_message']['go_back_url'] = $err_url; $goto = 'db_import.php'; } elseif ($import_type == 'server') { $err_url = 'server_import.php' . URL::getCommon(); $_SESSION['Import_message']['go_back_url'] = $err_url; $goto = 'server_import.php';
* Sets globals from $_POST * * - Please keep the parameters in order of their appearance in the form * - Some of these parameters are not used, as the code below directly * verifies from the superglobal $_POST or $_REQUEST */ $post_params = array('db', 'table', 'single_table', 'export_type', 'export_method', 'quick_or_custom', 'db_select', 'table_select', 'table_structure', 'table_data', 'limit_to', 'limit_from', 'allrows', 'lock_tables', 'output_format', 'filename_template', 'maxsize', 'remember_template', 'charset', 'compression', 'as_separate_files', 'knjenc', 'xkana', 'htmlword_structure_or_data', 'htmlword_null', 'htmlword_columns', 'mediawiki_headers', 'mediawiki_structure_or_data', 'mediawiki_caption', 'pdf_structure_or_data', 'odt_structure_or_data', 'odt_relation', 'odt_comments', 'odt_mime', 'odt_columns', 'odt_null', 'codegen_structure_or_data', 'codegen_format', 'excel_null', 'excel_removeCRLF', 'excel_columns', 'excel_edition', 'excel_structure_or_data', 'yaml_structure_or_data', 'ods_null', 'ods_structure_or_data', 'ods_columns', 'json_structure_or_data', 'json_pretty_print', 'xml_structure_or_data', 'xml_export_events', 'xml_export_functions', 'xml_export_procedures', 'xml_export_tables', 'xml_export_triggers', 'xml_export_views', 'xml_export_contents', 'texytext_structure_or_data', 'texytext_columns', 'texytext_null', 'phparray_structure_or_data', 'sql_include_comments', 'sql_header_comment', 'sql_dates', 'sql_relation', 'sql_mime', 'sql_use_transaction', 'sql_disable_fk', 'sql_compatibility', 'sql_structure_or_data', 'sql_create_database', 'sql_drop_table', 'sql_procedure_function', 'sql_create_table', 'sql_create_view', 'sql_create_trigger', 'sql_if_not_exists', 'sql_auto_increment', 'sql_backquotes', 'sql_truncate', 'sql_delayed', 'sql_ignore', 'sql_type', 'sql_insert_syntax', 'sql_max_query_size', 'sql_hex_for_binary', 'sql_utc_time', 'sql_drop_database', 'sql_views_as_tables', 'sql_metadata', 'csv_separator', 'csv_enclosed', 'csv_escaped', 'csv_terminated', 'csv_null', 'csv_removeCRLF', 'csv_columns', 'csv_structure_or_data', 'latex_caption', 'latex_structure_or_data', 'latex_structure_caption', 'latex_structure_continued_caption', 'latex_structure_label', 'latex_relation', 'latex_comments', 'latex_mime', 'latex_columns', 'latex_data_caption', 'latex_data_continued_caption', 'latex_data_label', 'latex_null', 'aliases'); foreach ($post_params as $one_post_param) { if (isset($_POST[$one_post_param])) { $GLOBALS[$one_post_param] = $_POST[$one_post_param]; } } $table = $GLOBALS['table']; // sanitize this parameter which will be used below in a file inclusion $what = PMA_securePath($_POST['what']); PMA\libraries\Util::checkParameters(array('what', 'export_type')); // export class instance, not array of properties, as before /* @var $export_plugin ExportPlugin */ $export_plugin = PMA_getPlugin("export", $what, 'libraries/plugins/export/', array('export_type' => $export_type, 'single_table' => isset($single_table))); // Backward compatibility $type = $what; // Check export type if (empty($export_plugin)) { PMA_fatalError(__('Bad type!')); } /** * valid compression methods */ $compression_methods = array('zip', 'gzip'); /** * init and variable checking
use PMA\libraries\URL; /** * Escapes special characters if the variable is set. * Returns an empty string otherwise. * * @param string $variable variable to be escaped * * @return string escaped variable */ function escape($variable) { return isset($variable) ? htmlspecialchars($variable) : ''; } require_once 'libraries/common.inc.php'; if (!isset($_REQUEST['field'])) { PMA\libraries\Util::checkParameters(array('field')); } // Get data if any posted $gis_data = array(); if (PMA_isValid($_REQUEST['gis_data'], 'array')) { $gis_data = $_REQUEST['gis_data']; } $gis_types = array('POINT', 'MULTIPOINT', 'LINESTRING', 'MULTILINESTRING', 'POLYGON', 'MULTIPOLYGON', 'GEOMETRYCOLLECTION'); // Extract type from the initial call and make sure that it's a valid one. // Extract from field's values if available, if not use the column type passed. if (!isset($gis_data['gis_type'])) { if (isset($_REQUEST['type']) && $_REQUEST['type'] != '') { $gis_data['gis_type'] = mb_strtoupper($_REQUEST['type']); } if (isset($_REQUEST['value']) && trim($_REQUEST['value']) != '') { $start = substr($_REQUEST['value'], 0, 1) == "'" ? 1 : 0;
/** * Display form for changing/adding table fields/columns. * Included by tbl_addfield.php and tbl_create.php * * @package PhpMyAdmin */ use PMA\libraries\Table; use PMA\Util; if (!defined('PHPMYADMIN')) { exit; } /** * Check parameters */ require_once 'libraries/util.lib.php'; PMA\libraries\Util::checkParameters(array('server', 'db', 'table', 'action', 'num_fields')); global $db, $table; /** * Initialize to avoid code execution path warnings */ if (!isset($num_fields)) { $num_fields = 0; } if (!isset($mime_map)) { $mime_map = null; } if (!isset($columnMeta)) { $columnMeta = array(); } // Get available character sets and storage engines require_once './libraries/mysql_charsets.inc.php';
* Handles some variables that may have been sent by the calling script * Note: this can be called also from the db panel to get the privileges of * a db, in which case we want to keep displaying the tabs of * the Database panel */ if (empty($viewing_mode)) { $db = $table = ''; } /** * Set parameters for links */ $GLOBALS['url_query'] = URL::getCommon(array('db' => $db)); /** * Defines the urls to return to in case of error in a sql statement */ $err_url = 'index.php' . $GLOBALS['url_query']; /** * @global boolean Checks for superuser privileges */ $GLOBALS['is_superuser'] = $GLOBALS['dbi']->isSuperuser(); $GLOBALS['is_grantuser'] = $GLOBALS['dbi']->isUserType('grant'); $GLOBALS['is_createuser'] = $GLOBALS['dbi']->isUserType('create'); // now, select the mysql db if ($GLOBALS['is_superuser']) { $GLOBALS['dbi']->selectDb('mysql', $GLOBALS['userlink']); } PMA\libraries\Util::checkParameters(array('is_superuser', 'url_query'), false); /** * shared functions for server page */ require_once './libraries/server_common.lib.php';