/**
* Test for checkParameters
*
* @return void
*/
function testCheckParameter()
{
$GLOBALS['PMA_PHP_SELF'] = PMA_getenv('PHP_SELF');
$GLOBALS['pmaThemePath'] = $_SESSION['PMA_Theme']->getPath();
$GLOBALS['db'] = "dbDatabase";
$GLOBALS['table'] = "tblTable";
$GLOBALS['field'] = "test_field";
$GLOBALS['sql_query'] = "SELECT * FROM tblTable;";
$this->expectOutputString("");
PMA\libraries\Util::checkParameters(array('db', 'table', 'field', 'sql_query'));
}
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Provides download to a given field defined in parameters.
*
* @package PhpMyAdmin
*/
/**
* Common functions.
*/
// we don't want the usual PMA\libraries\Response-generated HTML above the column's
// data
define('PMA_BYPASS_GET_INSTANCE', 1);
require_once 'libraries/common.inc.php';
require_once 'libraries/mime.lib.php';
/* Check parameters */
PMA\libraries\Util::checkParameters(array('db', 'table'));
/* Select database */
if (!$GLOBALS['dbi']->selectDb($db)) {
PMA\libraries\Util::mysqlDie(sprintf(__('\'%s\' database does not exist.'), htmlspecialchars($db)), '', false);
}
/* Check if table exists */
if (!$GLOBALS['dbi']->getColumns($db, $table)) {
PMA\libraries\Util::mysqlDie(__('Invalid table name'));
}
/* Grab data */
$sql = 'SELECT ' . PMA\libraries\Util::backquote($_GET['transform_key']) . ' FROM ' . PMA\libraries\Util::backquote($table) . ' WHERE ' . $_GET['where_clause'] . ';';
$result = $GLOBALS['dbi']->fetchValue($sql);
/* Check return code */
if ($result === false) {
PMA\libraries\Util::mysqlDie(__('MySQL returned an empty result set (i.e. zero rows).'), $sql);
}
$response = PMA\libraries\Response::getInstance();
$response->addJSON('console_message_id', $_POST['console_message_id']);
}
/**
* Sets globals from $_POST patterns, for import plugins
* We only need to load the selected plugin
*/
if (!in_array($format, array('csv', 'ldi', 'mediawiki', 'ods', 'shp', 'sql', 'xml'))) {
// this should not happen for a normal user
// but only during an attack
PMA_fatalError('Incorrect format parameter');
}
$post_patterns = array('/^force_file_/', '/^' . $format . '_/');
PMA_setPostAsGlobal($post_patterns);
// Check needed parameters
PMA\libraries\Util::checkParameters(array('import_type', 'format'));
// We don't want anything special in format
$format = PMA_securePath($format);
// Create error and goto url
if ($import_type == 'table') {
$err_url = 'tbl_import.php' . URL::getCommon(array('db' => $db, 'table' => $table));
$_SESSION['Import_message']['go_back_url'] = $err_url;
$goto = 'tbl_import.php';
} elseif ($import_type == 'database') {
$err_url = 'db_import.php' . URL::getCommon(array('db' => $db));
$_SESSION['Import_message']['go_back_url'] = $err_url;
$goto = 'db_import.php';
} elseif ($import_type == 'server') {
$err_url = 'server_import.php' . URL::getCommon();
$_SESSION['Import_message']['go_back_url'] = $err_url;
$goto = 'server_import.php';
* Sets globals from $_POST
*
* - Please keep the parameters in order of their appearance in the form
* - Some of these parameters are not used, as the code below directly
* verifies from the superglobal $_POST or $_REQUEST
*/
$post_params = array('db', 'table', 'single_table', 'export_type', 'export_method', 'quick_or_custom', 'db_select', 'table_select', 'table_structure', 'table_data', 'limit_to', 'limit_from', 'allrows', 'lock_tables', 'output_format', 'filename_template', 'maxsize', 'remember_template', 'charset', 'compression', 'as_separate_files', 'knjenc', 'xkana', 'htmlword_structure_or_data', 'htmlword_null', 'htmlword_columns', 'mediawiki_headers', 'mediawiki_structure_or_data', 'mediawiki_caption', 'pdf_structure_or_data', 'odt_structure_or_data', 'odt_relation', 'odt_comments', 'odt_mime', 'odt_columns', 'odt_null', 'codegen_structure_or_data', 'codegen_format', 'excel_null', 'excel_removeCRLF', 'excel_columns', 'excel_edition', 'excel_structure_or_data', 'yaml_structure_or_data', 'ods_null', 'ods_structure_or_data', 'ods_columns', 'json_structure_or_data', 'json_pretty_print', 'xml_structure_or_data', 'xml_export_events', 'xml_export_functions', 'xml_export_procedures', 'xml_export_tables', 'xml_export_triggers', 'xml_export_views', 'xml_export_contents', 'texytext_structure_or_data', 'texytext_columns', 'texytext_null', 'phparray_structure_or_data', 'sql_include_comments', 'sql_header_comment', 'sql_dates', 'sql_relation', 'sql_mime', 'sql_use_transaction', 'sql_disable_fk', 'sql_compatibility', 'sql_structure_or_data', 'sql_create_database', 'sql_drop_table', 'sql_procedure_function', 'sql_create_table', 'sql_create_view', 'sql_create_trigger', 'sql_if_not_exists', 'sql_auto_increment', 'sql_backquotes', 'sql_truncate', 'sql_delayed', 'sql_ignore', 'sql_type', 'sql_insert_syntax', 'sql_max_query_size', 'sql_hex_for_binary', 'sql_utc_time', 'sql_drop_database', 'sql_views_as_tables', 'sql_metadata', 'csv_separator', 'csv_enclosed', 'csv_escaped', 'csv_terminated', 'csv_null', 'csv_removeCRLF', 'csv_columns', 'csv_structure_or_data', 'latex_caption', 'latex_structure_or_data', 'latex_structure_caption', 'latex_structure_continued_caption', 'latex_structure_label', 'latex_relation', 'latex_comments', 'latex_mime', 'latex_columns', 'latex_data_caption', 'latex_data_continued_caption', 'latex_data_label', 'latex_null', 'aliases');
foreach ($post_params as $one_post_param) {
if (isset($_POST[$one_post_param])) {
$GLOBALS[$one_post_param] = $_POST[$one_post_param];
}
}
$table = $GLOBALS['table'];
// sanitize this parameter which will be used below in a file inclusion
$what = PMA_securePath($_POST['what']);
PMA\libraries\Util::checkParameters(array('what', 'export_type'));
// export class instance, not array of properties, as before
/* @var $export_plugin ExportPlugin */
$export_plugin = PMA_getPlugin("export", $what, 'libraries/plugins/export/', array('export_type' => $export_type, 'single_table' => isset($single_table)));
// Backward compatibility
$type = $what;
// Check export type
if (empty($export_plugin)) {
PMA_fatalError(__('Bad type!'));
}
/**
* valid compression methods
*/
$compression_methods = array('zip', 'gzip');
/**
* init and variable checking
use PMA\libraries\URL;
/**
* Escapes special characters if the variable is set.
* Returns an empty string otherwise.
*
* @param string $variable variable to be escaped
*
* @return string escaped variable
*/
function escape($variable)
{
return isset($variable) ? htmlspecialchars($variable) : '';
}
require_once 'libraries/common.inc.php';
if (!isset($_REQUEST['field'])) {
PMA\libraries\Util::checkParameters(array('field'));
}
// Get data if any posted
$gis_data = array();
if (PMA_isValid($_REQUEST['gis_data'], 'array')) {
$gis_data = $_REQUEST['gis_data'];
}
$gis_types = array('POINT', 'MULTIPOINT', 'LINESTRING', 'MULTILINESTRING', 'POLYGON', 'MULTIPOLYGON', 'GEOMETRYCOLLECTION');
// Extract type from the initial call and make sure that it's a valid one.
// Extract from field's values if available, if not use the column type passed.
if (!isset($gis_data['gis_type'])) {
if (isset($_REQUEST['type']) && $_REQUEST['type'] != '') {
$gis_data['gis_type'] = mb_strtoupper($_REQUEST['type']);
}
if (isset($_REQUEST['value']) && trim($_REQUEST['value']) != '') {
$start = substr($_REQUEST['value'], 0, 1) == "'" ? 1 : 0;
/**
* Display form for changing/adding table fields/columns.
* Included by tbl_addfield.php and tbl_create.php
*
* @package PhpMyAdmin
*/
use PMA\libraries\Table;
use PMA\Util;
if (!defined('PHPMYADMIN')) {
exit;
}
/**
* Check parameters
*/
require_once 'libraries/util.lib.php';
PMA\libraries\Util::checkParameters(array('server', 'db', 'table', 'action', 'num_fields'));
global $db, $table;
/**
* Initialize to avoid code execution path warnings
*/
if (!isset($num_fields)) {
$num_fields = 0;
}
if (!isset($mime_map)) {
$mime_map = null;
}
if (!isset($columnMeta)) {
$columnMeta = array();
}
// Get available character sets and storage engines
require_once './libraries/mysql_charsets.inc.php';
* Handles some variables that may have been sent by the calling script
* Note: this can be called also from the db panel to get the privileges of
* a db, in which case we want to keep displaying the tabs of
* the Database panel
*/
if (empty($viewing_mode)) {
$db = $table = '';
}
/**
* Set parameters for links
*/
$GLOBALS['url_query'] = URL::getCommon(array('db' => $db));
/**
* Defines the urls to return to in case of error in a sql statement
*/
$err_url = 'index.php' . $GLOBALS['url_query'];
/**
* @global boolean Checks for superuser privileges
*/
$GLOBALS['is_superuser'] = $GLOBALS['dbi']->isSuperuser();
$GLOBALS['is_grantuser'] = $GLOBALS['dbi']->isUserType('grant');
$GLOBALS['is_createuser'] = $GLOBALS['dbi']->isUserType('create');
// now, select the mysql db
if ($GLOBALS['is_superuser']) {
$GLOBALS['dbi']->selectDb('mysql', $GLOBALS['userlink']);
}
PMA\libraries\Util::checkParameters(array('is_superuser', 'url_query'), false);
/**
* shared functions for server page
*/
require_once './libraries/server_common.lib.php';
