diff options
79 files changed, 3227 insertions, 3216 deletions
diff --git a/browse_foreigners.php b/browse_foreigners.php index 6c2be738ba..ea981d7efe 100644 --- a/browse_foreigners.php +++ b/browse_foreigners.php @@ -9,7 +9,7 @@ /** * Gets a core script and starts output buffering work */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); PMA_checkParameters(array('db', 'table', 'field')); diff --git a/calendar.php b/calendar.php index f971f7a32a..fe46fc35e2 100644 --- a/calendar.php +++ b/calendar.php @@ -8,7 +8,7 @@ /** * */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); require_once('./libraries/header_http.inc.php'); $page_title = $strCalendar; require('./libraries/header_meta_style.inc.php'); diff --git a/chk_rel.php b/chk_rel.php index 71889a6c29..9c0bcf747e 100644 --- a/chk_rel.php +++ b/chk_rel.php @@ -8,7 +8,7 @@ /** * Gets some core libraries */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); require_once('./libraries/db_common.inc.php'); require_once('./libraries/relation.lib.php'); diff --git a/db_create.php b/db_create.php index 5e7e8d4ecf..35542cc49a 100644 --- a/db_create.php +++ b/db_create.php @@ -8,7 +8,7 @@ /** * Gets some core libraries */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); $js_to_run = 'functions.js'; require_once('./libraries/header.inc.php'); require_once('./libraries/mysql_charsets.lib.php'); diff --git a/db_datadict.php b/db_datadict.php index e88c3e401e..10fff38055 100644 --- a/db_datadict.php +++ b/db_datadict.php @@ -8,7 +8,7 @@ /** * Gets the variables sent or posted to this script, then displays headers */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); if (!isset($selected_tbl)) { require_once('./libraries/header.inc.php'); diff --git a/db_export.php b/db_export.php index f87d2a237e..180e082b23 100644 --- a/db_export.php +++ b/db_export.php @@ -13,7 +13,7 @@ /** * Gets some core libraries */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); $sub_part = '_export'; require_once('./libraries/db_common.inc.php'); diff --git a/db_import.php b/db_import.php index 9d9893980c..f5fbe7d237 100644 --- a/db_import.php +++ b/db_import.php @@ -8,7 +8,7 @@ /** * */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); /** * Gets tables informations and displays top links diff --git a/db_operations.php b/db_operations.php index b28c9e2c52..210b2f5edc 100644 --- a/db_operations.php +++ b/db_operations.php @@ -15,7 +15,7 @@ /** * requirements */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; require_once './libraries/Table.class.php'; require_once './libraries/mysql_charsets.lib.php'; diff --git a/db_printview.php b/db_printview.php index a32b44fa60..d164a46b1a 100644 --- a/db_printview.php +++ b/db_printview.php @@ -8,7 +8,7 @@ /** * */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; /** * Gets the variables sent or posted to this script, then displays headers diff --git a/db_qbe.php b/db_qbe.php index b780a5c167..996e9d2a5a 100644 --- a/db_qbe.php +++ b/db_qbe.php @@ -9,7 +9,7 @@ /** * requirements */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; require_once './libraries/Table.class.php'; require_once './libraries/relation.lib.php'; diff --git a/db_search.php b/db_search.php index 3886f91d29..878e7c90ca 100644 --- a/db_search.php +++ b/db_search.php @@ -52,7 +52,7 @@ /** * */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; /** * Gets some core libraries and send headers diff --git a/db_sql.php b/db_sql.php index a1174fa4e2..77aeef90e8 100644 --- a/db_sql.php +++ b/db_sql.php @@ -8,7 +8,7 @@ /** * */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); /** * Runs common work diff --git a/db_structure.php b/db_structure.php index 390208d3aa..95bea781a8 100644 --- a/db_structure.php +++ b/db_structure.php @@ -8,7 +8,7 @@ /** * */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; require_once './libraries/Table.class.php'; /** diff --git a/export.php b/export.php index f68675b314..78320d4717 100644 --- a/export.php +++ b/export.php @@ -8,7 +8,7 @@ /** * Get the variables sent or posted to this script and a core script */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; require_once './libraries/zip.lib.php'; require_once './libraries/plugin_interface.lib.php'; diff --git a/import.php b/import.php index b721148a4f..30ee721024 100644 --- a/import.php +++ b/import.php @@ -9,7 +9,7 @@ /** * Get the variables sent or posted to this script and a core script */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); $js_to_run = 'functions.js'; // default values @@ -4,8 +4,6 @@ * forms frameset * * @version $Id$ - * @uses libraries/common.lib.php global fnctions - * @uses libraries/relation.lib.php table relations * @uses $GLOBALS['strNoFrames'] * @uses $GLOBALS['cfg']['QueryHistoryDB'] * @uses $GLOBALS['cfg']['Server']['user'] @@ -13,8 +11,8 @@ * @uses $GLOBALS['cfg']['DefaultTabDatabase'] as src for the mainframe * @uses $GLOBALS['cfg']['NaviWidth'] for navi frame width * @uses $GLOBALS['collation_connection'] from $_REQUEST (grab_globals.lib.php) - * or common.lib.php - * @uses $GLOBALS['available_languages'] from common.lib.php (select_lang.lib.php) + * or common.inc.php + * @uses $GLOBALS['available_languages'] from common.inc.php (select_lang.lib.php) * @uses $GLOBALS['db'] * @uses $GLOBALS['charset'] * @uses $GLOBALS['lang'] @@ -33,7 +31,7 @@ /** * Gets core libraries and defines some variables */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; /** * Includes the ThemeManager if it hasn't been included yet diff --git a/libraries/Config.class.php b/libraries/Config.class.php index 368da045a4..b20b502207 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -420,7 +420,7 @@ class PMA_Config // Now, a collation information could come from REQUEST // (an example of this: the collation selector in main.php) // so the following handles the setting of collation_connection - // and later, in common.lib.php, the cookie will be set + // and later, in common.inc.php, the cookie will be set // according to this. $this->checkCollationConnection(); diff --git a/libraries/check_user_privileges.lib.php b/libraries/check_user_privileges.lib.php index 38eb5bec4d..93f477901a 100644 --- a/libraries/check_user_privileges.lib.php +++ b/libraries/check_user_privileges.lib.php @@ -2,7 +2,7 @@ /* vim: set expandtab sw=4 ts=4 sts=4: */ /** * Get user's global privileges and some db-specific privileges - * ($controllink and $userlink are links to MySQL defined in the "common.lib.php" library) + * ($controllink and $userlink are links to MySQL defined in the "common.inc.php" library) * Note: if no controluser is defined, $controllink contains $userlink * * @version $Id$ diff --git a/libraries/common.inc.php b/libraries/common.inc.php new file mode 100644 index 0000000000..65e6a88e37 --- /dev/null +++ b/libraries/common.inc.php @@ -0,0 +1,869 @@ +<?php +/* vim: set expandtab sw=4 ts=4 sts=4: */ +/** + * Misc stuff and REQUIRED by ALL the scripts. + * MUST be included by every script + * + * Among other things, it contains the advanced authentication work. + * + * Order of sections for common.inc.php: + * + * the include of libraries/defines_mysql.lib.php must be after the connection + * to db to get the MySql version + * + * the authentication libraries must be before the connection to db + * + * ... so the required order is: + * + * LABEL_variables_init + * - init some variables always needed + * LABEL_parsing_config_file + * - parsing of the config file + * LABEL_loading_language_file + * - loading language file + * LABEL_theme_setup + * - setting up themes + * + * - load of mysql extension (if necessary) label_loading_mysql + * - loading of an authentication library label_ + * - db connection + * - authentication work + * - load of the libraries/defines_mysql.lib.php library to get the MySQL + * release number + * + * @version $Id$ + */ + +/** + * For now, avoid warnings of E_STRICT mode + * (this must be done before function definitions) + */ +if (defined('E_STRICT')) { + $old_error_reporting = error_reporting(0); + if ($old_error_reporting & E_STRICT) { + error_reporting($old_error_reporting ^ E_STRICT); + } else { + error_reporting($old_error_reporting); + } + unset($old_error_reporting); +} + +/** + * Avoid object cloning errors + */ +@ini_set('zend.ze1_compatibility_mode', false); + +/** + * Avoid problems with magic_quotes_runtime + */ +@ini_set('magic_quotes_runtime', false); + +/** + * core functions + */ +require_once './libraries/core.lib.php'; + +/** + * Input sanitizing + */ +require_once './libraries/sanitizing.lib.php'; + +/** + * the PMA_Theme class + */ +require_once './libraries/Theme.class.php'; + +/** + * the PMA_Theme_Manager class + */ +require_once './libraries/Theme_Manager.class.php'; + +/** + * the PMA_Config class + */ +require_once './libraries/Config.class.php'; + +/** + * the PMA_Table class + */ +require_once './libraries/Table.class.php'; + +if (!defined('PMA_MINIMUM_COMMON')) { + /** + * common functions + */ + require_once './libraries/common.lib.php'; + + /** + * Java script escaping. + */ + require_once './libraries/js_escape.lib.php'; + + /** + * Include URL/hidden inputs generating. + */ + require_once './libraries/url_generating.lib.php'; +} + +/******************************************************************************/ +/* start procedural code label_start_procedural */ + +/** + * protect against older PHP versions' bug about GLOBALS overwrite + * (no need to localize this message :)) + * but what if script.php?GLOBALS[admin]=1&GLOBALS[_REQUEST]=1 ??? + */ +if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS']) + || isset($_SERVER['GLOBALS']) || isset($_COOKIE['GLOBALS']) + || isset($_ENV['GLOBALS'])) { + die('GLOBALS overwrite attempt'); +} + +/** + * protect against possible exploits - there is no need to have so much vars + */ +if (count($_REQUEST) > 1000) { + die('possible exploit'); +} + +/** + * Check for numeric keys + * (if register_globals is on, numeric key can be found in $GLOBALS) + */ +foreach ($GLOBALS as $key => $dummy) { + if (is_numeric($key)) { + die('numeric key detected'); + } +} + +/** + * just to be sure there was no import (registering) before here + * we empty the global space + */ +$variables_whitelist = array ( + 'GLOBALS', + '_SERVER', + '_GET', + '_POST', + '_REQUEST', + '_FILES', + '_ENV', + '_COOKIE', + '_SESSION', +); + +foreach (get_defined_vars() as $key => $value) { + if (! in_array($key, $variables_whitelist)) { + unset($$key); + } +} +unset($key, $value, $variables_whitelist); + + +/** + * Subforms - some functions need to be called by form, cause of the limited url + * length, but if this functions inside another form you cannot just open a new + * form - so phpMyAdmin uses 'arrays' inside this form + * + * <code> + * <form ...> + * ... main form elments ... + * <intput type="hidden" name="subform[action1][id]" value="1" /> + * ... other subform data ... + * <intput type="submit" name="usesubform[action1]" value="do action1" /> + * ... other subforms ... + * <intput type="hidden" name="subform[actionX][id]" value="X" /> + * ... other subform data ... + * <intput type="submit" name="usesubform[actionX]" value="do actionX" /> + * ... main form elments ... + * <intput type="submit" name="main_action" value="submit form" /> + * </form> + * </code + * + * so we now check if a subform is submitted + */ +$__redirect = null; +if (isset($_POST['usesubform'])) { + // if a subform is present and should be used + // the rest of the form is deprecated + $subform_id = key($_POST['usesubform']); + $subform = $_POST['subform'][$subform_id]; + $_POST = $subform; + $_REQUEST = $subform; + /** + * some subforms need another page than the main form, so we will just + * include this page at the end of this script - we use $__redirect to + * track this + */ + if (isset($_POST['redirect']) + && $_POST['redirect'] != basename(PMA_getenv('PHP_SELF'))) { + $__redirect = $_POST['redirect']; + unset($_POST['redirect']); + } + unset($subform_id, $subform); +} +// end check if a subform is submitted + +// remove quotes added by php +if (get_magic_quotes_gpc()) { + PMA_arrayWalkRecursive($_GET, 'stripslashes', true); + PMA_arrayWalkRecursive($_POST, 'stripslashes', true); + PMA_arrayWalkRecursive($_COOKIE, 'stripslashes', true); + PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true); +} + +/** + * clean cookies on new install or upgrade + * when changing something with increment the cookie version + */ +$pma_cookie_version = 4; +if (isset($_COOKIE) + && (! isset($_COOKIE['pmaCookieVer']) + || $_COOKIE['pmaCookieVer'] < $pma_cookie_version)) { + // delete all cookies + foreach($_COOKIE as $cookie_name => $tmp) { + PMA_removeCookie($cookie_name); + } + $_COOKIE = array(); + PMA_setCookie('pmaCookieVer', $pma_cookie_version); +} + +/** + * include deprecated grab_globals only if required + */ +if (empty($__redirect) && !defined('PMA_NO_VARIABLES_IMPORT')) { + require './libraries/grab_globals.lib.php'; +} + +/** + * include session handling after the globals, to prevent overwriting + */ +require_once './libraries/session.inc.php'; + +/** + * init some variables LABEL_variables_init + */ + +/** + * holds errors + * @global array $GLOBALS['PMA_errors'] + */ +$GLOBALS['PMA_errors'] = array(); + +/** + * holds params to be passed to next page + * @global array $GLOBALS['url_params'] + */ +$GLOBALS['url_params'] = array(); + +/** + * the whitelist for $GLOBALS['goto'] + * @global array $goto_whitelist + */ +$goto_whitelist = array( + //'browse_foreigners.php', + //'calendar.php', + //'changelog.php', + //'chk_rel.php', + 'db_create.php', + 'db_datadict.php', + 'db_sql.php', + 'db_export.php', + 'db_importdocsql.php', + 'db_qbe.php', + 'db_structure.php', + 'db_import.php', + 'db_operations.php', + 'db_printview.php', + 'db_search.php', + //'Documentation.html', + //'error.php', + 'export.php', + 'import.php', + //'index.php', + //'navigation.php', + //'license.php', + 'main.php', + 'pdf_pages.php', + 'pdf_schema.php', + //'phpinfo.php', + 'querywindow.php', + //'readme.php', + 'server_binlog.php', + 'server_collations.php', + 'server_databases.php', + 'server_engines.php', + 'server_export.php', + 'server_import.php', + 'server_privileges.php', + 'server_processlist.php', + 'server_sql.php', + 'server_status.php', + 'server_variables.php', + 'sql.php', + 'tbl_addfield.php', + 'tbl_alter.php', + 'tbl_change.php', + 'tbl_create.php', + 'tbl_import.php', + 'tbl_indexes.php', + 'tbl_move_copy.php', + 'tbl_printview.php', + 'tbl_sql.php', + 'tbl_export.php', + 'tbl_operations.php', + 'tbl_structure.php', + 'tbl_relation.php', + 'tbl_replace.php', + 'tbl_row_action.php', + 'tbl_select.php', + //'themes.php', + 'transformation_overview.php', + 'transformation_wrapper.php', + 'translators.html', + 'user_password.php', +); + +/** + * check $__redirect against whitelist + */ +if (! PMA_checkPageValidity($__redirect, $goto_whitelist)) { + $__redirect = null; +} + +/** + * holds page that should be displayed + * @global string $GLOBALS['goto'] + */ +$GLOBALS['goto'] = ''; +// Security fix: disallow accessing serious server files via "?goto=" +if (PMA_checkPageValidity($_REQUEST['goto'], $goto_whitelist)) { + $GLOBALS['goto'] = $_REQUEST['goto']; + $GLOBALS['url_params']['goto'] = $_REQUEST['goto']; +} else { + unset($_REQUEST['goto'], $_GET['goto'], $_POST['goto'], $_COOKIE['goto']); +} + +/** + * returning page + * @global string $GLOBALS['back'] + */ +if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) { + $GLOBALS['back'] = $_REQUEST['back']; +} else { + unset($_REQUEST['back'], $_GET['back'], $_POST['back'], $_COOKIE['back']); +} + +/** + * Check whether user supplied token is valid, if not remove any possibly + * dangerous stuff from request. + * + * remember that some objects in the session with session_start and __wakeup() + * could access this variables before we reach this point + * f.e. PMA_Config: fontsize + * + * @todo variables should be handled by their respective owners (objects) + * f.e. lang, server, convcharset, collation_connection in PMA_Config + */ +if ((isset($_REQUEST['token']) && !is_string($_REQUEST['token'])) || empty($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) { + /** + * List of parameters which are allowed from unsafe source + */ + $allow_list = array( + 'db', 'table', 'lang', 'server', 'convcharset', 'collation_connection', 'target', + /* Session ID */ + 'phpMyAdmin', + /* Cookie preferences */ + 'pma_lang', 'pma_charset', 'pma_collation_connection', + /* Possible login form */ + 'pma_servername', 'pma_username', 'pma_password', + ); + /** + * Require cleanup functions + */ + require_once('./libraries/cleanup.lib.php'); + /** + * Do actual cleanup + */ + PMA_remove_request_vars($allow_list); + +} + + +/** + * @global string $convcharset + * @see select_lang.lib.php + */ +if (isset($_REQUEST['convcharset'])) { + $convcharset = strip_tags($_REQUEST['convcharset']); +} + +/** + * current selected database + * @global string $GLOBALS['db'] + */ +$GLOBALS['db'] = ''; +if (isset($_REQUEST['db']) && is_string($_REQUEST['db'])) { + // can we strip tags from this? + // only \ and / is not allowed in db names for MySQL + $GLOBALS['db'] = $_REQUEST['db']; + $GLOBALS['url_params']['db'] = $GLOBALS['db']; +} + +/** + * current selected table + * @global string $GLOBALS['table'] + */ +$GLOBALS['table'] = ''; +if (isset($_REQUEST['table']) && is_string($_REQUEST['table'])) { + // can we strip tags from this? + // only \ and / is not allowed in table names for MySQL + $GLOBALS['table'] = $_REQUEST['table']; + $GLOBALS['url_params']['table'] = $GLOBALS['table']; +} + +/** + * sql query to be executed + * @global string $GLOBALS['sql_query'] + */ +if (isset($_REQUEST['sql_query']) && is_string($_REQUEST['sql_query'])) { + $GLOBALS['sql_query'] = $_REQUEST['sql_query']; +} + +//$_REQUEST['set_theme'] // checked later in this file LABEL_theme_setup +//$_REQUEST['server']; // checked later in this file +//$_REQUEST['lang']; // checked by LABEL_loading_language_file + + + +/******************************************************************************/ +/* parsing config file LABEL_parsing_config_file */ + +if (empty($_SESSION['PMA_Config'])) { + /** + * We really need this one! + */ + if (! function_exists('preg_replace')) { + PMA_fatalError('strCantLoad', 'pcre'); + } + + /** + * @global PMA_Config $_SESSION['PMA_Config'] + */ + $_SESSION['PMA_Config'] = new PMA_Config('./config.inc.php'); + +} elseif (version_compare(phpversion(), '5', 'lt')) { + /** + * @todo move all __wakeup() functionality into session.inc.php + */ + $_SESSION['PMA_Config']->__wakeup(); +} + +if (!defined('PMA_MINIMUM_COMMON')) { + $_SESSION['PMA_Config']->checkPmaAbsoluteUri(); +} + +/** + * BC - enable backward compatibility + * exports all config settings into $GLOBALS ($GLOBALS['cfg']) + */ +$_SESSION['PMA_Config']->enableBc(); + + +/** + * check https connection + */ +if ($_SESSION['PMA_Config']->get('ForceSSL') + && !$_SESSION['PMA_Config']->get('is_https')) { + PMA_sendHeaderLocation( + preg_replace('/^http/', 'https', + $_SESSION['PMA_Config']->get('PmaAbsoluteUri')) + . PMA_generate_common_url($_GET)); + exit; +} + + +/******************************************************************************/ +/* loading language file LABEL_loading_language_file */ + +/** + * Added messages while developing: + */ +if (file_exists('./lang/added_messages.php')) { + include './lang/added_messages.php'; +} + +/** + * Includes the language file if it hasn't been included yet + */ +require './libraries/language.lib.php'; + + +/** + * check for errors occured while loading config + * this check is done here after loading lang files to present errors in locale + */ +if ($_SESSION['PMA_Config']->error_config_file) { + $GLOBALS['PMA_errors'][] = $strConfigFileError + . '<br /><br />' + . ($_SESSION['PMA_Config']->getSource() == './config.inc.php' ? + '<a href="show_config_errors.php"' + .' target="_blank">' . $_SESSION['PMA_Config']->getSource() . '</a>' + : + '<a href="' . $_SESSION['PMA_Config']->getSource() . '"' + .' target="_blank">' . $_SESSION['PMA_Config']->getSource() . '</a>'); +} +if ($_SESSION['PMA_Config']->error_config_default_file) { + $GLOBALS['PMA_errors'][] = sprintf($strConfigDefaultFileError, + $_SESSION['PMA_Config']->default_source); +} +if ($_SESSION['PMA_Config']->error_pma_uri) { + $GLOBALS['PMA_errors'][] = sprintf($strPmaUriError); +} + +/** + * current server + * @global integer $GLOBALS['server'] + */ +$GLOBALS['server'] = 0; + +/** + * Servers array fixups. + * $default_server comes from PMA_Config::enableBc() + * @todo merge into PMA_Config + */ +// Do we have some server? +if (!isset($cfg['Servers']) || count($cfg['Servers']) == 0) { + // No server => create one with defaults + $cfg['Servers'] = array(1 => $default_server); +} else { + // We have server(s) => apply default config + $new_servers = array(); + + foreach ($cfg['Servers'] as $server_index => $each_server) { + + // Detect wrong configuration + if (!is_int($server_index) || $server_index < 1) { + $GLOBALS['PMA_errors'][] = sprintf($strInvalidServerIndex, $server_index); + } + + $each_server = array_merge($default_server, $each_server); + + // Don't use servers with no hostname + if ($each_server['connect_type'] == 'tcp' && empty($each_server['host'])) { + $GLOBALS['PMA_errors'][] = sprintf($strInvalidServerHostname, $server_index); + } + + // Final solution to bug #582890 + // If we are using a socket connection + // and there is nothing in the verbose server name + // or the host field, then generate a name for the server + // in the form of "Server 2", localized of course! + if ($each_server['connect_type'] == 'socket' && empty($each_server['host']) && empty($each_server['verbose'])) { + $each_server['verbose'] = $GLOBALS['strServer'] . $server_index; + } + + $new_servers[$server_index] = $each_server; + } + $cfg['Servers'] = $new_servers; + unset($new_servers, $server_index, $each_server); +} + +// Cleanup +unset($default_server); + + +/******************************************************************************/ +/* setup themes LABEL_theme_setup */ + +/** + * @global PMA_Theme_Manager $_SESSION['PMA_Theme_Manager'] + */ +if (! isset($_SESSION['PMA_Theme_Manager'])) { + $_SESSION['PMA_Theme_Manager'] = new PMA_Theme_Manager; +} else { + /** + * @todo move all __wakeup() functionality into session.inc.php + */ + $_SESSION['PMA_Theme_Manager']->checkConfig(); +} + +// for the theme per server feature +if (isset($_REQUEST['server']) && !isset($_REQUEST['set_theme'])) { + $GLOBALS['server'] = $_REQUEST['server']; + $tmp = $_SESSION['PMA_Theme_Manager']->getThemeCookie(); + if (empty($tmp)) { + $tmp = $_SESSION['PMA_Theme_Manager']->theme_default; + } + $_SESSION['PMA_Theme_Manager']->setActiveTheme($tmp); + unset($tmp); +} +/** + * @todo move into PMA_Theme_Manager::__wakeup() + */ +if (isset($_REQUEST['set_theme'])) { + // if user selected a theme + $_SESSION['PMA_Theme_Manager']->setActiveTheme($_REQUEST['set_theme']); +} + +/** + * the theme object + * @global PMA_Theme $_SESSION['PMA_Theme'] + */ +$_SESSION['PMA_Theme'] = $_SESSION['PMA_Theme_Manager']->theme; + +// BC +/** + * the active theme + * @global string $GLOBALS['theme'] + */ +$GLOBALS['theme'] = $_SESSION['PMA_Theme']->getName(); +/** + * the theme path + * @global string $GLOBALS['pmaThemePath'] + */ +$GLOBALS['pmaThemePath'] = $_SESSION['PMA_Theme']->getPath(); +/** + * the theme image path + * @global string $GLOBALS['pmaThemeImage'] + */ +$GLOBALS['pmaThemeImage'] = $_SESSION['PMA_Theme']->getImgPath(); + +/** + * load layout file if exists + */ +if (@file_exists($_SESSION['PMA_Theme']->getLayoutFile())) { + include $_SESSION['PMA_Theme']->getLayoutFile(); + /** + * @todo remove if all themes are update use Navi instead of Left as frame name + */ + if (! isset($GLOBALS['cfg']['NaviWidth']) + && isset($GLOBALS['cfg']['LeftWidth'])) { + $GLOBALS['cfg']['NaviWidth'] = $GLOBALS['cfg']['LeftWidth']; + } +} + +if (! defined('PMA_MINIMUM_COMMON')) { + /** + * Charset conversion. + */ + require_once './libraries/charset_conversion.lib.php'; + + /** + * String handling + */ + require_once './libraries/string.lib.php'; + + /** + * Lookup server by name + * by Arnold - Helder Hosting + * (see FAQ 4.8) + */ + if (! empty($_REQUEST['server']) && is_string($_REQUEST['server']) && ! ctype_digit($_REQUEST['server'])) { + foreach ($cfg['Servers'] as $i => $server) { + if ($server['host'] == $_REQUEST['server']) { + $_REQUEST['server'] = $i; + break; + } + } + if (is_string($_REQUEST['server'])) { + unset($_REQUEST['server']); + } + unset($i); + } + + /** + * If no server is selected, make sure that $cfg['Server'] is empty (so + * that nothing will work), and skip server authentication. + * We do NOT exit here, but continue on without logging into any server. + * This way, the welcome page will still come up (with no server info) and + * present a choice of servers in the case that there are multiple servers + * and '$cfg['ServerDefault'] = 0' is set. + */ + + if (isset($_REQUEST['server']) && (is_string($_REQUEST['server']) || is_numeric($_REQUEST['server'])) && ! empty($_REQUEST['server']) && ! empty($cfg['Servers'][$_REQUEST['server']])) { + $GLOBALS['server'] = $_REQUEST['server']; + $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']]; + } else { + if (!empty($cfg['Servers'][$cfg['ServerDefault']])) { + $GLOBALS['server'] = $cfg['ServerDefault']; + $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']]; + } else { + $GLOBALS['server'] = 0; + $cfg['Server'] = array(); + } + } + $GLOBALS['url_params']['server'] = $GLOBALS['server']; + + if (! empty($cfg['Server'])) { + + /** + * Loads the proper database interface for this server + */ + require_once './libraries/database_interface.lib.php'; + + // Gets the authentication library that fits the $cfg['Server'] settings + // and run authentication + + // (for a quick check of path disclosure in auth/cookies:) + $coming_from_common = true; + + // to allow HTTP or http + $cfg['Server']['auth_type'] = strtolower($cfg['Server']['auth_type']); + if (! file_exists('./libraries/auth/' . $cfg['Server']['auth_type'] . '.auth.lib.php')) { + PMA_fatalError($strInvalidAuthMethod . ' ' . $cfg['Server']['auth_type']); + } + /** + * the required auth type plugin + */ + require_once './libraries/auth/' . $cfg['Server']['auth_type'] . '.auth.lib.php'; + + if (!PMA_auth_check()) { + PMA_auth(); + } else { + PMA_auth_set_user(); + } + + // Check IP-based Allow/Deny rules as soon as possible to reject the + // user + // Based on mod_access in Apache: + // http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/aaa/mod_access.c?rev=1.37&content-type=text/vnd.viewcvs-markup + // Look at: "static int check_dir_access(request_rec *r)" + // Robbat2 - May 10, 2002 + if (isset($cfg['Server']['AllowDeny']) + && isset($cfg['Server']['AllowDeny']['order'])) { + + /** + * ip based access library + */ + require_once './libraries/ip_allow_deny.lib.php'; + + $allowDeny_forbidden = false; // default + if ($cfg['Server']['AllowDeny']['order'] == 'allow,deny') { + $allowDeny_forbidden = true; + if (PMA_allowDeny('allow')) { + $allowDeny_forbidden = false; + } + if (PMA_allowDeny('deny')) { + $allowDeny_forbidden = true; + } + } elseif ($cfg['Server']['AllowDeny']['order'] == 'deny,allow') { + if (PMA_allowDeny('deny')) { + $allowDeny_forbidden = true; + } + if (PMA_allowDeny('allow')) { + $allowDeny_forbidden = false; + } + } elseif ($cfg['Server']['AllowDeny']['order'] == 'explicit') { + if (PMA_allowDeny('allow') + && !PMA_allowDeny('deny')) { + $allowDeny_forbidden = false; + } else { + $allowDeny_forbidden = true; + } + } // end if ... elseif ... elseif + + // Ejects the user if banished + if ($allowDeny_forbidden) { + PMA_auth_fails(); + } + unset($allowDeny_forbidden); //Clean up after you! + } // end if + + // is root allowed? + if (!$cfg['Server']['AllowRoot'] && $cfg['Server']['user'] == 'root') { + $allowDeny_forbidden = true; + PMA_auth_fails(); + unset($allowDeny_forbidden); //Clean up after you! + } + + $bkp_track_err = @ini_set('track_errors', 1); + + // Try to connect MySQL with the control user profile (will be used to + // get the privileges list for the current user but the true user link + // must be open after this one so it would be default one for all the + // scripts) + $controllink = false; + if ($cfg['Server']['controluser'] != '') { + $controllink = PMA_DBI_connect($cfg['Server']['controluser'], + $cfg['Server']['controlpass'], true); + } + if (! $controllink) { + $controllink = PMA_DBI_connect($cfg['Server']['user'], + $cfg['Server']['password'], true); + } // end if ... else + + // Pass #1 of DB-Config to read in master level DB-Config will go here + // Robbat2 - May 11, 2002 + + // Connects to the server (validates user's login) + $userlink = PMA_DBI_connect($cfg['Server']['user'], + $cfg['Server']['password'], false); + + // Pass #2 of DB-Config to read in user level DB-Config will go here + // Robbat2 - May 11, 2002 + + @ini_set('track_errors', $bkp_track_err); + unset($bkp_track_err); + + /** + * If we auto switched to utf-8 we need to reread messages here + */ + if (defined('PMA_LANG_RELOAD')) { + require './libraries/language.lib.php'; + } + + /** + * SQL Parser code + */ + require_once './libraries/sqlparser.lib.php'; + + /** + * SQL Validator interface code + */ + require_once './libraries/sqlvalidator.lib.php'; + + /** + * the PMA_List_Database class + */ + require_once './libraries/PMA_List_Database.class.php'; + $PMA_List_Database = new PMA_List_Database($userlink, $controllink); + + } // end server connecting + + /** + * Kanji encoding convert feature appended by Y.Kawada (2002/2/20) + */ + if (@function_exists('mb_convert_encoding') + && strpos(' ' . $lang, 'ja-') + && file_exists('./libraries/kanji-encoding.lib.php')) { + require_once './libraries/kanji-encoding.lib.php'; + /** + * enable multibyte string support + */ + define('PMA_MULTIBYTE_ENCODING', 1); + } // end if + + /** + * save some settings in cookies + * @todo should be done in PMA_Config + */ + PMA_setCookie('pma_lang', $GLOBALS['lang']); + PMA_setCookie('pma_charset', $GLOBALS['convcharset']); + PMA_setCookie('pma_collation_connection', $GLOBALS['collation_connection']); + + $_SESSION['PMA_Theme_Manager']->setThemeCookie(); +} // end if !defined('PMA_MINIMUM_COMMON') + +if (!empty($__redirect) && in_array($__redirect, $goto_whitelist)) { + // to handle bug #1388167 + if (isset($_GET['is_js_confirmed'])) { + $is_js_confirmed = 1; + } + /** + * include subform target page + */ + require $__redirect; + exit(); +} +?> diff --git a/libraries/common.lib.php b/libraries/common.lib.php index 2e5b70e58b..2f77de6a8e 100644 --- a/libraries/common.lib.php +++ b/libraries/common.lib.php @@ -1,1458 +1,927 @@ <?php /* vim: set expandtab sw=4 ts=4 sts=4: */ /** - * Misc stuff and functions used by ALL the scripts. - * MUST be included by every script - * - * Among other things, it contains the advanced authentication work. - * - * Order of sections for common.lib.php: - * - * the include of libraries/defines_mysql.lib.php must be after the connection - * to db to get the MySql version - * - * the authentication libraries must be before the connection to db - * - * ... so the required order is: - * - * LABEL_definition_of_functions - * - definition of functions - * LABEL_variables_init - * - init some variables always needed - * LABEL_parsing_config_file - * - parsing of the config file - * LABEL_loading_language_file - * - loading language file - * LABEL_theme_setup - * - setting up themes - * - * - load of mysql extension (if necessary) label_loading_mysql - * - loading of an authentication library label_ - * - db connection - * - authentication work - * - load of the libraries/defines_mysql.lib.php library to get the MySQL - * release number + * Misc functions used all over the scripts. * * @version $Id$ */ /** - * For now, avoid warnings of E_STRICT mode - * (this must be done before function definitions) + * Exponential expression / raise number into power + * + * @uses function_exists() + * @uses bcpow() + * @uses gmp_pow() + * @uses gmp_strval() + * @uses pow() + * @param number $base + * @param number $exp + * @param string pow function use, or false for auto-detect + * @return mixed string or float */ -if (defined('E_STRICT')) { - $old_error_reporting = error_reporting(0); - if ($old_error_reporting & E_STRICT) { - error_reporting($old_error_reporting ^ E_STRICT); - } else { - error_reporting($old_error_reporting); +function PMA_pow($base, $exp, $use_function = false) +{ + static $pow_function = null; + if (null == $pow_function) { + if (function_exists('bcpow')) { + // BCMath Arbitrary Precision Mathematics Function + $pow_function = 'bcpow'; + } elseif (function_exists('gmp_pow')) { + // GMP Function + $pow_function = 'gmp_pow'; + } else { + // PHP function + $pow_function = 'pow'; + } + } + + if (! $use_function) { + $use_function = $pow_function; + } + + switch ($use_function) { + case 'bcpow' : + $pow = bcpow($base, $exp); + break; + case 'gmp_pow' : + $pow = gmp_strval(gmp_pow($base, $exp)); + break; + case 'pow' : + $base = (float) $base; + $exp = (int) $exp; + if ($exp < 0) { + return false; + } + $pow = pow($base, $exp); + break; + default: + $pow = $use_function($base, $exp); } - unset($old_error_reporting); + + return $pow; } /** - * Avoid object cloning errors + * string PMA_getIcon(string $icon) + * + * @uses $GLOBALS['pmaThemeImage'] + * @param $icon name of icon + * @return html img tag */ -@ini_set('zend.ze1_compatibility_mode', false); +function PMA_getIcon($icon, $alternate = '') +{ + if ($GLOBALS['cfg']['PropertiesIconic']) { + return '<img src="' . $GLOBALS['pmaThemeImage'] . $icon . '"' + . ' title="' . $alternate . '" alt="' . $alternate . '"' + . ' class="icon" width="16" height="16" />'; + } else { + return $alternate; + } +} /** - * Avoid problems with magic_quotes_runtime + * Displays the maximum size for an upload + * + * @uses $GLOBALS['strMaximumSize'] + * @uses PMA_formatByteDown() + * @uses sprintf() + * @param integer the size + * + * @return string the message + * + * @access public */ -@ini_set('magic_quotes_runtime', false); - +function PMA_displayMaximumUploadSize($max_upload_size) +{ + list($max_size, $max_unit) = PMA_formatByteDown($max_upload_size); + return '(' . sprintf($GLOBALS['strMaximumSize'], $max_size, $max_unit) . ')'; +} -/******************************************************************************/ -/* definition of functions LABEL_definition_of_functions */ /** - * Removes insecure parts in a path; used before include() or - * require() when a part of the path comes from an insecure source - * like a cookie or form. + * Generates a hidden field which should indicate to the browser + * the maximum size for upload * - * @param string The path to check + * @param integer the size * - * @return string The secured path + * @return string the INPUT field * * @access public - * @author Marc Delisle (lem9@users.sourceforge.net) */ -function PMA_securePath($path) -{ - // change .. to . - $path = preg_replace('@\.\.*@', '.', $path); - - return $path; -} // end function + function PMA_generateHiddenMaxFileSize($max_size) + { + return '<input type="hidden" name="MAX_FILE_SIZE" value="' .$max_size . '" />'; + } /** - * displays the given error message on phpMyAdmin error page in foreign language, - * ends script execution and closes session + * Add slashes before "'" and "\" characters so a value containing them can + * be used in a sql comparison. * - * @todo use detected argument separator (PMA_Config) - * @uses $GLOBALS['session_name'] - * @uses $GLOBALS['text_dir'] - * @uses $GLOBALS['strError'] - * @uses $GLOBALS['available_languages'] - * @uses $GLOBALS['lang'] - * @uses PMA_removeCookie() - * @uses select_lang.lib.php - * @uses $_COOKIE - * @uses substr() - * @uses header() - * @uses urlencode() - * @param string $error_message the error message or named error message + * @uses str_replace() + * @param string the string to slash + * @param boolean whether the string will be used in a 'LIKE' clause + * (it then requires two more escaped sequences) or not + * @param boolean whether to treat cr/lfs as escape-worthy entities + * (converts \n to \\n, \r to \\r) + * + * @param boolean whether this function is used as part of the + * "Create PHP code" dialog + * + * @return string the slashed string + * + * @access public */ -function PMA_fatalError($error_message, $message_args = null) +function PMA_sqlAddslashes($a_string = '', $is_like = false, $crlf = false, $php_code = false) { - if (! isset($GLOBALS['available_languages'])) { - $GLOBALS['cfg'] = array('DefaultLang' => 'en-iso-8859-1', - 'AllowAnywhereRecoding' => false); - // Loads the language file - require_once './libraries/select_lang.lib.php'; - if (isset($strError)) { - $GLOBALS['strError'] = $strError; - } - if (isset($text_dir)) { - $GLOBALS['text_dir'] = $text_dir; - } + if ($is_like) { + $a_string = str_replace('\\', '\\\\\\\\', $a_string); + } else { + $a_string = str_replace('\\', '\\\\', $a_string); } - if (substr($error_message, 0, 3) === 'str') { - if (isset($$error_message)) { - $error_message = $$error_message; - } elseif (isset($GLOBALS[$error_message])) { - $error_message = $GLOBALS[$error_message]; - } + if ($crlf) { + $a_string = str_replace("\n", '\n', $a_string); + $a_string = str_replace("\r", '\r', $a_string); + $a_string = str_replace("\t", '\t', $a_string); } - if (is_string($message_args)) { - $error_message = sprintf($error_message, $message_args); - } elseif (is_array($message_args)) { - $error_message = vsprintf($error_message, $message_args); + if ($php_code) { + $a_string = str_replace('\'', '\\\'', $a_string); + } else { + $a_string = str_replace('\'', '\'\'', $a_string); } - $error_message = strtr($error_message, array('<br />' => '[br]')); - - // Displays the error message - // (do not use & for parameters sent by header) - header('Location: error.php' - . '?lang=' . urlencode($GLOBALS['available_languages'][$GLOBALS['lang']][2]) - . '&dir=' . urlencode($GLOBALS['text_dir']) - . '&type=' . urlencode($GLOBALS['strError']) - . '&error=' . urlencode($error_message)); - // on fatal errors it cannot hurt to always delete the current session - if (isset($GLOBALS['session_name']) && isset($_COOKIE[$GLOBALS['session_name']])) { - PMA_removeCookie($GLOBALS['session_name']); - } + return $a_string; +} // end of the 'PMA_sqlAddslashes()' function - exit; -} /** - * returns count of tables in given db + * Add slashes before "_" and "%" characters for using them in MySQL + * database, table and field names. + * Note: This function does not escape backslashes! * - * @uses PMA_DBI_try_query() - * @uses PMA_backquote() - * @uses PMA_DBI_QUERY_STORE() - * @uses PMA_DBI_num_rows() - * @uses PMA_DBI_free_result() - * @param string $db database to count tables for - * @return integer count of tables in $db + * @uses str_replace() + * @param string the string to escape + * + * @return string the escaped string + * + * @access public */ -function PMA_getTableCount($db) +function PMA_escape_mysql_wildcards($name) { - $tables = PMA_DBI_try_query( - 'SHOW TABLES FROM ' . PMA_backquote($db) . ';', - null, PMA_DBI_QUERY_STORE); - if ($tables) { - $num_tables = PMA_DBI_num_rows($tables); - PMA_DBI_free_result($tables); - } else { - $num_tables = 0; - } + $name = str_replace('_', '\\_', $name); + $name = str_replace('%', '\\%', $name); - return $num_tables; -} + return $name; +} // end of the 'PMA_escape_mysql_wildcards()' function /** - * Converts numbers like 10M into bytes - * Used with permission from Moodle (http://moodle.org) by Martin Dougiamas - * (renamed with PMA prefix to avoid double definition when embedded - * in Moodle) + * removes slashes before "_" and "%" characters + * Note: This function does not unescape backslashes! * - * @uses each() - * @uses strlen() - * @uses substr() - * @param string $size - * @return integer $size + * @uses str_replace() + * @param string $name the string to escape + * @return string the escaped string + * @access public */ -function PMA_get_real_size($size = 0) +function PMA_unescape_mysql_wildcards($name) { - if (! $size) { - return 0; - } - - $scan['gb'] = 1073741824; //1024 * 1024 * 1024; - $scan['g'] = 1073741824; //1024 * 1024 * 1024; - $scan['mb'] = 1048576; - $scan['m'] = 1048576; - $scan['kb'] = 1024; - $scan['k'] = 1024; - $scan['b'] = 1; - - foreach ($scan as $unit => $factor) { - if (strlen($size) > strlen($unit) - && strtolower(substr($size, strlen($size) - strlen($unit))) == $unit) { - return substr($size, 0, strlen($size) - strlen($unit)) * $factor; - } - } + $name = str_replace('\\_', '_', $name); + $name = str_replace('\\%', '%', $name); - return $size; -} // end function PMA_get_real_size() + return $name; +} // end of the 'PMA_unescape_mysql_wildcards()' function /** - * loads php module + * removes quotes (',",`) from a quoted string * - * @uses PHP_OS - * @uses extension_loaded() - * @uses ini_get() - * @uses function_exists() - * @uses ob_start() - * @uses phpinfo() - * @uses strip_tags() - * @uses ob_get_contents() - * @uses ob_end_clean() - * @uses preg_match() - * @uses strtoupper() + * checks if the sting is quoted and removes this quotes + * + * @uses str_replace() * @uses substr() - * @uses dl() - * @param string $module name if module to load - * @return boolean success loading module + * @param string $quoted_string string to remove quotes from + * @param string $quote type of quote to remove + * @return string unqoted string */ -function PMA_dl($module) +function PMA_unQuote($quoted_string, $quote = null) { - static $dl_allowed = null; - - if (extension_loaded($module)) { - return true; - } - - if (null === $dl_allowed) { - if (!@ini_get('safe_mode') - && @ini_get('enable_dl') - && @function_exists('dl')) { - ob_start(); - phpinfo(INFO_GENERAL); /* Only general info */ - $a = strip_tags(ob_get_contents()); - ob_end_clean(); - if (preg_match('@Thread Safety[[:space:]]*enabled@', $a)) { - if (preg_match('@Server API[[:space:]]*\(CGI\|CLI\)@', $a)) { - $dl_allowed = true; - } else { - $dl_allowed = false; - } - } else { - $dl_allowed = true; - } - } else { - $dl_allowed = false; - } - } + $quotes = array(); - if (!$dl_allowed) { - return false; + if (null === $quote) { + $quotes[] = '`'; + $quotes[] = '"'; + $quotes[] = "'"; + } else { + $quotes[] = $quote; } - /* Once we require PHP >= 4.3, we might use PHP_SHLIB_SUFFIX here */ - if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { - $module_file = 'php_' . $module . '.dll'; - } elseif (PHP_OS=='HP-UX') { - $module_file = $module . '.sl'; - } else { - $module_file = $module . '.so'; + foreach ($quotes as $quote) { + if (substr($quoted_string, 0, 1) === $quote + && substr($quoted_string, -1, 1) === $quote ) { + $unquoted_string = substr($quoted_string, 1, -1); + // replace escaped quotes + $unquoted_string = str_replace($quote . $quote, $quote, $unquoted_string); + return $unquoted_string; + } } - return @dl($module_file); + return $quoted_string; } /** - * merges array recursive like array_merge_recursive() but keyed-values are - * always overwritten. + * format sql strings * - * array PMA_array_merge_recursive(array $array1[, array $array2[, array ...]]) - * - * @see http://php.net/array_merge - * @see http://php.net/array_merge_recursive - * @uses func_num_args() - * @uses func_get_arg() + * @todo move into PMA_Sql + * @uses PMA_SQP_isError() + * @uses PMA_SQP_formatHtml() + * @uses PMA_SQP_formatNone() * @uses is_array() - * @uses call_user_func_array() - * @param array array to merge - * @param array array to merge - * @param array ... - * @return array merged array + * @param mixed pre-parsed SQL structure + * + * @return string the formatted sql + * + * @global array the configuration array + * @global boolean whether the current statement is a multiple one or not + * + * @access public + * + * @author Robin Johnson <robbat2@users.sourceforge.net> */ -function PMA_array_merge_recursive() +function PMA_formatSql($parsed_sql, $unparsed_sql = '') { - switch(func_num_args()) { - case 0 : - return false; + global $cfg; + + // Check that we actually have a valid set of parsed data + // well, not quite + // first check for the SQL parser having hit an error + if (PMA_SQP_isError()) { + return $parsed_sql; + } + // then check for an array + if (!is_array($parsed_sql)) { + // We don't so just return the input directly + // This is intended to be used for when the SQL Parser is turned off + $formatted_sql = '<pre>' . "\n" + . (($cfg['SQP']['fmtType'] == 'none' && $unparsed_sql != '') ? $unparsed_sql : $parsed_sql) . "\n" + . '</pre>'; + return $formatted_sql; + } + + $formatted_sql = ''; + + switch ($cfg['SQP']['fmtType']) { + case 'none': + if ($unparsed_sql != '') { + $formatted_sql = "<pre>\n" . PMA_SQP_formatNone(array('raw' => $unparsed_sql)) . "\n</pre>"; + } else { + $formatted_sql = PMA_SQP_formatNone($parsed_sql); + } break; - case 1 : - // when does that happen? - return func_get_arg(0); + case 'html': + $formatted_sql = PMA_SQP_formatHtml($parsed_sql, 'color'); break; - case 2 : - $args = func_get_args(); - if (!is_array($args[0]) || !is_array($args[1])) { - return $args[1]; - } - foreach ($args[1] as $key2 => $value2) { - if (isset($args[0][$key2]) && !is_int($key2)) { - $args[0][$key2] = PMA_array_merge_recursive($args[0][$key2], - $value2); - } else { - // we erase the parent array, otherwise we cannot override a directive that - // contains array elements, like this: - // (in config.default.php) $cfg['ForeignKeyDropdownOrder'] = array('id-content','content-id'); - // (in config.inc.php) $cfg['ForeignKeyDropdownOrder'] = array('content-id'); - if (is_int($key2) && $key2 == 0) { - unset($args[0]); - } - $args[0][$key2] = $value2; - } - } - return $args[0]; + case 'text': + //$formatted_sql = PMA_SQP_formatText($parsed_sql); + $formatted_sql = PMA_SQP_formatHtml($parsed_sql, 'text'); break; - default : - $args = func_get_args(); - $args[1] = PMA_array_merge_recursive($args[0], $args[1]); - array_shift($args); - return call_user_func_array('PMA_array_merge_recursive', $args); + default: break; - } -} + } // end switch + + return $formatted_sql; +} // end of the "PMA_formatSql()" function + /** - * calls $function vor every element in $array recursively + * Displays a link to the official MySQL documentation * - * this function is protected against deep recursion attack CVE-2006-1549, - * 1000 seems to be more than enough + * @uses $cfg['MySQLManualType'] + * @uses $cfg['MySQLManualBase'] + * @uses $cfg['ReplaceHelpImg'] + * @uses $GLOBALS['mysql_4_1_doc_lang'] + * @uses $GLOBALS['mysql_5_1_doc_lang'] + * @uses $GLOBALS['mysql_5_0_doc_lang'] + * @uses $GLOBALS['strDocu'] + * @uses $GLOBALS['pmaThemeImage'] + * @uses PMA_MYSQL_INT_VERSION + * @uses strtolower() + * @uses str_replace() + * @param string chapter of "HTML, one page per chapter" documentation + * @param string contains name of page/anchor that is being linked + * @param bool whether to use big icon (like in left frame) * - * @see http://www.php-security.org/MOPB/MOPB-02-2007.html - * @see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1549 + * @return string the html link * - * @uses PMA_arrayWalkRecursive() - * @uses is_array() - * @uses is_string() - * @param array $array array to walk - * @param string $function function to call for every array element + * @access public */ -function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false) +function PMA_showMySQLDocu($chapter, $link, $big_icon = false) { - static $recursive_counter = 0; - if (++$recursive_counter > 1000) { - die('possible deep recursion attack'); - } - foreach ($array as $key => $value) { - if (is_array($value)) { - PMA_arrayWalkRecursive($array[$key], $function, $apply_to_keys_also); - } else { - $array[$key] = $function($value); - } + global $cfg; - if ($apply_to_keys_also && is_string($key)) { - $new_key = $function($key); - if ($new_key != $key) { - $array[$new_key] = $array[$key]; - unset($array[$key]); - } - } + if ($cfg['MySQLManualType'] == 'none' || empty($cfg['MySQLManualBase'])) { + return ''; } - $recursive_counter++; -} -/** - * boolean phpMyAdmin.PMA_checkPageValidity(string &$page, array $whitelist) - * - * checks given given $page against given $whitelist and returns true if valid - * it ignores optionaly query paramters in $page (script.php?ignored) - * - * @uses in_array() - * @uses urldecode() - * @uses substr() - * @uses strpos() - * @param string &$page page to check - * @param array $whitelist whitelist to check page against - * @return boolean whether $page is valid or not (in $whitelist or not) - */ -function PMA_checkPageValidity(&$page, $whitelist) -{ - if (! isset($page) || !is_string($page)) { - return false; + // Fixup for newly used names: + $chapter = str_replace('_', '-', strtolower($chapter)); + $link = str_replace('_', '-', strtolower($link)); + + switch ($cfg['MySQLManualType']) { + case 'chapters': + if (empty($chapter)) { + $chapter = 'index'; + } + $url = $cfg['MySQLManualBase'] . '/' . $chapter . '.html#' . $link; + break; + case 'big': + $url = $cfg['MySQLManualBase'] . '#' . $link; + break; + case 'searchable': + if (empty($link)) { + $link = 'index'; + } + $url = $cfg['MySQLManualBase'] . '/' . $link . '.html'; + break; + case 'viewable': + default: + if (empty($link)) { + $link = 'index'; + } + $mysql = '5.0'; + $lang = 'en'; + if (defined('PMA_MYSQL_INT_VERSION')) { + if (PMA_MYSQL_INT_VERSION < 50000) { + $mysql = '4.1'; + if (!empty($GLOBALS['mysql_4_1_doc_lang'])) { + $lang = $GLOBALS['mysql_4_1_doc_lang']; + } + } elseif (PMA_MYSQL_INT_VERSION >= 50100) { + $mysql = '5.1'; + if (!empty($GLOBALS['mysql_5_1_doc_lang'])) { + $lang = $GLOBALS['mysql_5_1_doc_lang']; + } + } elseif (PMA_MYSQL_INT_VERSION >= 50000) { + $mysql = '5.0'; + if (!empty($GLOBALS['mysql_5_0_doc_lang'])) { + $lang = $GLOBALS['mysql_5_0_doc_lang']; + } + } + } + $url = $cfg['MySQLManualBase'] . '/' . $mysql . '/' . $lang . '/' . $link . '.html'; + break; } - if (in_array($page, $whitelist)) { - return true; - } elseif (in_array(substr($page, 0, strpos($page . '?', '?')), $whitelist)) { - return true; + if ($big_icon) { + return '<a href="' . $url . '" target="mysql_doc"><img class="icon" src="' . $GLOBALS['pmaThemeImage'] . 'b_sqlhelp.png" width="16" height="16" alt="' . $GLOBALS['strDocu'] . '" title="' . $GLOBALS['strDocu'] . '" /></a>'; + } elseif ($GLOBALS['cfg']['ReplaceHelpImg']) { + return '<a href="' . $url . '" target="mysql_doc"><img class="icon" src="' . $GLOBALS['pmaThemeImage'] . 'b_help.png" width="11" height="11" alt="' . $GLOBALS['strDocu'] . '" title="' . $GLOBALS['strDocu'] . '" /></a>'; } else { - $_page = urldecode($page); - if (in_array(substr($_page, 0, strpos($_page . '?', '?')), $whitelist)) { - return true; - } + return '[<a href="' . $url . '" target="mysql_doc">' . $GLOBALS['strDocu'] . '</a>]'; } - return false; -} +} // end of the 'PMA_showMySQLDocu()' function /** - * trys to find the value for the given environment vriable name + * Displays a hint icon, on mouse over show the hint * - * searchs in $_SERVER, $_ENV than trys getenv() and apache_getenv() - * in this order + * @uses $GLOBALS['pmaThemeImage'] + * @uses PMA_jsFormat() + * @param string the error message * - * @uses $_SERVER - * @uses $_ENV - * @uses getenv() - * @uses function_exists() - * @uses apache_getenv() - * @param string $var_name variable name - * @return string value of $var or empty string - */ -function PMA_getenv($var_name) { - if (isset($_SERVER[$var_name])) { - return $_SERVER[$var_name]; - } elseif (isset($_ENV[$var_name])) { - return $_ENV[$var_name]; - } elseif (getenv($var_name)) { - return getenv($var_name); - } elseif (function_exists('apache_getenv') - && apache_getenv($var_name, true)) { - return apache_getenv($var_name, true); - } - - return ''; -} - -/** - * removes cookie - * - * @uses PMA_Config::isHttps() - * @uses PMA_Config::getCookiePath() - * @uses setcookie() - * @uses time() - * @param string $cookie name of cookie to remove - * @return boolean result of setcookie() + * @access public */ -function PMA_removeCookie($cookie) +function PMA_showHint($hint_message) { - return setcookie($cookie, '', time() - 3600, - PMA_Config::getCookiePath(), '', PMA_Config::isHttps()); + //return '<img class="lightbulb" src="' . $GLOBALS['pmaThemeImage'] . 'b_tipp.png" width="16" height="16" border="0" alt="' . $hint_message . '" title="' . $hint_message . '" align="middle" onclick="alert(\'' . PMA_jsFormat($hint_message, false) . '\');" />'; + return '<img class="lightbulb" src="' . $GLOBALS['pmaThemeImage'] + . 'b_tipp.png" width="16" height="16" alt="Tip" title="Tip" onmouseover="pmaTooltip(\'' + . PMA_jsFormat($hint_message, false) . '\'); return false;" onmouseout="swapTooltip(\'default\'); return false;" />'; } /** - * sets cookie if value is different from current cokkie value, - * or removes if value is equal to default - * - * @uses PMA_Config::isHttps() - * @uses PMA_Config::getCookiePath() - * @uses $_COOKIE - * @uses PMA_removeCookie() - * @uses setcookie() - * @uses time() - * @param string $cookie name of cookie to remove - * @param mixed $value new cookie value - * @param string $default default value - * @param int $validity validity of cookie in seconds (default is one month) - * @param bool $httponlt whether cookie is only for HTTP (and not for scripts) - * @return boolean result of setcookie() + * Displays a MySQL error message in the right frame. + * + * @uses footer.inc.php + * @uses header.inc.php + * @uses $GLOBALS['sql_query'] + * @uses $GLOBALS['strError'] + * @uses $GLOBALS['strSQLQuery'] + * @uses $GLOBALS['pmaThemeImage'] + * @uses $GLOBALS['strEdit'] + * @uses $GLOBALS['strMySQLSaid'] + * @uses $cfg['PropertiesIconic'] + * @uses PMA_backquote() + * @uses PMA_DBI_getError() + * @uses PMA_formatSql() + * @uses PMA_generate_common_hidden_inputs() + * @uses PMA_generate_common_url() + * @uses PMA_showMySQLDocu() + * @uses PMA_sqlAddslashes() + * @uses PMA_SQP_isError() + * @uses PMA_SQP_parse() + * @uses PMA_SQP_getErrorString() + * @uses strtolower() + * @uses urlencode() + * @uses str_replace() + * @uses nl2br() + * @uses substr() + * @uses preg_replace() + * @uses preg_match() + * @uses explode() + * @uses implode() + * @uses is_array() + * @uses function_exists() + * @uses htmlspecialchars() + * @uses trim() + * @uses strstr() + * @param string the error message + * @param string the sql query that failed + * @param boolean whether to show a "modify" link or not + * @param string the "back" link url (full path is not required) + * @param boolean EXIT the page? + * + * @global string the curent table + * @global string the current db + * + * @access public */ -function PMA_setCookie($cookie, $value, $default = null, $validity = null, $httponly = true) +function PMA_mysqlDie($error_message = '', $the_query = '', + $is_modify_link = true, $back_url = '', $exit = true) { - if ($validity == null) { - $validity = 2592000; - } - if (strlen($value) && null !== $default && $value === $default - && isset($_COOKIE[$cookie])) { - // remove cookie, default value is used - return PMA_removeCookie($cookie); - } - - if (! strlen($value) && isset($_COOKIE[$cookie])) { - // remove cookie, value is empty - return PMA_removeCookie($cookie); - } - - if (! isset($_COOKIE[$cookie]) || $_COOKIE[$cookie] !== $value) { - // set cookie with new value - /* Calculate cookie validity */ - if ($validity == 0) { - $v = 0; - } else { - $v = time() + $validity; - } - /* Use native support for httponly cookies if available */ - if (version_compare(PHP_VERSION, '5.2.0', 'ge')) { - return setcookie($cookie, $value, $v, - PMA_Config::getCookiePath(), '', PMA_Config::isHttps(), $httponly); - } else { - return setcookie($cookie, $value, $v, - PMA_Config::getCookiePath() . ($httponly ? '; HttpOnly' : ''), '', PMA_Config::isHttps()); - } - } - - // cookie has already $value as value - return true; -} - -/** - * include here only libraries which contain only function definitions - * no code in main()! - */ -/** - * Input sanitizing - */ -require_once './libraries/sanitizing.lib.php'; -/** - * the PMA_Theme class - */ -require_once './libraries/Theme.class.php'; -/** - * the PMA_Theme_Manager class - */ -require_once './libraries/Theme_Manager.class.php'; -/** - * the PMA_Config class - */ -require_once './libraries/Config.class.php'; -/** - * the PMA_Table class - */ -require_once './libraries/Table.class.php'; - - -if (!defined('PMA_MINIMUM_COMMON')) { + global $table, $db; /** - * Java script escaping. + * start http output, display html headers */ - require_once './libraries/js_escape.lib.php'; + require_once './libraries/header.inc.php'; - /** - * Exponential expression / raise number into power - * - * @uses function_exists() - * @uses bcpow() - * @uses gmp_pow() - * @uses gmp_strval() - * @uses pow() - * @param number $base - * @param number $exp - * @param string pow function use, or false for auto-detect - * @return mixed string or float - */ - function PMA_pow($base, $exp, $use_function = false) - { - static $pow_function = null; - if (null == $pow_function) { - if (function_exists('bcpow')) { - // BCMath Arbitrary Precision Mathematics Function - $pow_function = 'bcpow'; - } elseif (function_exists('gmp_pow')) { - // GMP Function - $pow_function = 'gmp_pow'; - } else { - // PHP function - $pow_function = 'pow'; - } - } - - if (! $use_function) { - $use_function = $pow_function; - } - - switch ($use_function) { - case 'bcpow' : - $pow = bcpow($base, $exp); - break; - case 'gmp_pow' : - $pow = gmp_strval(gmp_pow($base, $exp)); - break; - case 'pow' : - $base = (float) $base; - $exp = (int) $exp; - if ($exp < 0) { - return false; - } - $pow = pow($base, $exp); - break; - default: - $pow = $use_function($base, $exp); - } - - return $pow; + if (!$error_message) { + $error_message = PMA_DBI_getError(); } - - /** - * string PMA_getIcon(string $icon) - * - * @uses $GLOBALS['pmaThemeImage'] - * @param $icon name of icon - * @return html img tag - */ - function PMA_getIcon($icon, $alternate = '') - { - if ($GLOBALS['cfg']['PropertiesIconic']) { - return '<img src="' . $GLOBALS['pmaThemeImage'] . $icon . '"' - . ' title="' . $alternate . '" alt="' . $alternate . '"' - . ' class="icon" width="16" height="16" />'; - } else { - return $alternate; - } - } - - /** - * Displays the maximum size for an upload - * - * @uses $GLOBALS['strMaximumSize'] - * @uses PMA_formatByteDown() - * @uses sprintf() - * @param integer the size - * - * @return string the message - * - * @access public - */ - function PMA_displayMaximumUploadSize($max_upload_size) - { - list($max_size, $max_unit) = PMA_formatByteDown($max_upload_size); - return '(' . sprintf($GLOBALS['strMaximumSize'], $max_size, $max_unit) . ')'; - } - - /** - * Generates a hidden field which should indicate to the browser - * the maximum size for upload - * - * @param integer the size - * - * @return string the INPUT field - * - * @access public - */ - function PMA_generateHiddenMaxFileSize($max_size) - { - return '<input type="hidden" name="MAX_FILE_SIZE" value="' .$max_size . '" />'; - } - - /** - * Add slashes before "'" and "\" characters so a value containing them can - * be used in a sql comparison. - * - * @uses str_replace() - * @param string the string to slash - * @param boolean whether the string will be used in a 'LIKE' clause - * (it then requires two more escaped sequences) or not - * @param boolean whether to treat cr/lfs as escape-worthy entities - * (converts \n to \\n, \r to \\r) - * - * @param boolean whether this function is used as part of the - * "Create PHP code" dialog - * - * @return string the slashed string - * - * @access public - */ - function PMA_sqlAddslashes($a_string = '', $is_like = false, $crlf = false, $php_code = false) - { - if ($is_like) { - $a_string = str_replace('\\', '\\\\\\\\', $a_string); - } else { - $a_string = str_replace('\\', '\\\\', $a_string); - } - - if ($crlf) { - $a_string = str_replace("\n", '\n', $a_string); - $a_string = str_replace("\r", '\r', $a_string); - $a_string = str_replace("\t", '\t', $a_string); - } - - if ($php_code) { - $a_string = str_replace('\'', '\\\'', $a_string); - } else { - $a_string = str_replace('\'', '\'\'', $a_string); - } - - return $a_string; - } // end of the 'PMA_sqlAddslashes()' function - - - /** - * Add slashes before "_" and "%" characters for using them in MySQL - * database, table and field names. - * Note: This function does not escape backslashes! - * - * @uses str_replace() - * @param string the string to escape - * - * @return string the escaped string - * - * @access public - */ - function PMA_escape_mysql_wildcards($name) - { - $name = str_replace('_', '\\_', $name); - $name = str_replace('%', '\\%', $name); - - return $name; - } // end of the 'PMA_escape_mysql_wildcards()' function - - /** - * removes slashes before "_" and "%" characters - * Note: This function does not unescape backslashes! - * - * @uses str_replace() - * @param string $name the string to escape - * @return string the escaped string - * @access public - */ - function PMA_unescape_mysql_wildcards($name) - { - $name = str_replace('\\_', '_', $name); - $name = str_replace('\\%', '%', $name); - - return $name; - } // end of the 'PMA_unescape_mysql_wildcards()' function - - /** - * removes quotes (',",`) from a quoted string - * - * checks if the sting is quoted and removes this quotes - * - * @uses str_replace() - * @uses substr() - * @param string $quoted_string string to remove quotes from - * @param string $quote type of quote to remove - * @return string unqoted string - */ - function PMA_unQuote($quoted_string, $quote = null) - { - $quotes = array(); - - if (null === $quote) { - $quotes[] = '`'; - $quotes[] = '"'; - $quotes[] = "'"; - } else { - $quotes[] = $quote; - } - - foreach ($quotes as $quote) { - if (substr($quoted_string, 0, 1) === $quote - && substr($quoted_string, -1, 1) === $quote ) { - $unquoted_string = substr($quoted_string, 1, -1); - // replace escaped quotes - $unquoted_string = str_replace($quote . $quote, $quote, $unquoted_string); - return $unquoted_string; - } - } - - return $quoted_string; + if (!$the_query && !empty($GLOBALS['sql_query'])) { + $the_query = $GLOBALS['sql_query']; } - /** - * format sql strings - * - * @todo move into PMA_Sql - * @uses PMA_SQP_isError() - * @uses PMA_SQP_formatHtml() - * @uses PMA_SQP_formatNone() - * @uses is_array() - * @param mixed pre-parsed SQL structure - * - * @return string the formatted sql - * - * @global array the configuration array - * @global boolean whether the current statement is a multiple one or not - * - * @access public - * - * @author Robin Johnson <robbat2@users.sourceforge.net> - */ - function PMA_formatSql($parsed_sql, $unparsed_sql = '') - { - global $cfg; - - // Check that we actually have a valid set of parsed data - // well, not quite - // first check for the SQL parser having hit an error - if (PMA_SQP_isError()) { - return $parsed_sql; - } - // then check for an array - if (!is_array($parsed_sql)) { - // We don't so just return the input directly - // This is intended to be used for when the SQL Parser is turned off - $formatted_sql = '<pre>' . "\n" - . (($cfg['SQP']['fmtType'] == 'none' && $unparsed_sql != '') ? $unparsed_sql : $parsed_sql) . "\n" - . '</pre>'; - return $formatted_sql; - } - - $formatted_sql = ''; - - switch ($cfg['SQP']['fmtType']) { - case 'none': - if ($unparsed_sql != '') { - $formatted_sql = "<pre>\n" . PMA_SQP_formatNone(array('raw' => $unparsed_sql)) . "\n</pre>"; - } else { - $formatted_sql = PMA_SQP_formatNone($parsed_sql); - } - break; - case 'html': - $formatted_sql = PMA_SQP_formatHtml($parsed_sql, 'color'); - break; - case 'text': - //$formatted_sql = PMA_SQP_formatText($parsed_sql); - $formatted_sql = PMA_SQP_formatHtml($parsed_sql, 'text'); - break; - default: - break; - } // end switch - - return $formatted_sql; - } // end of the "PMA_formatSql()" function - - - /** - * Displays a link to the official MySQL documentation - * - * @uses $cfg['MySQLManualType'] - * @uses $cfg['MySQLManualBase'] - * @uses $cfg['ReplaceHelpImg'] - * @uses $GLOBALS['mysql_4_1_doc_lang'] - * @uses $GLOBALS['mysql_5_1_doc_lang'] - * @uses $GLOBALS['mysql_5_0_doc_lang'] - * @uses $GLOBALS['strDocu'] - * @uses $GLOBALS['pmaThemeImage'] - * @uses PMA_MYSQL_INT_VERSION - * @uses strtolower() - * @uses str_replace() - * @param string chapter of "HTML, one page per chapter" documentation - * @param string contains name of page/anchor that is being linked - * @param bool whether to use big icon (like in left frame) - * - * @return string the html link - * - * @access public - */ - function PMA_showMySQLDocu($chapter, $link, $big_icon = false) - { - global $cfg; - - if ($cfg['MySQLManualType'] == 'none' || empty($cfg['MySQLManualBase'])) { - return ''; - } - - // Fixup for newly used names: - $chapter = str_replace('_', '-', strtolower($chapter)); - $link = str_replace('_', '-', strtolower($link)); - - switch ($cfg['MySQLManualType']) { - case 'chapters': - if (empty($chapter)) { - $chapter = 'index'; - } - $url = $cfg['MySQLManualBase'] . '/' . $chapter . '.html#' . $link; - break; - case 'big': - $url = $cfg['MySQLManualBase'] . '#' . $link; - break; - case 'searchable': - if (empty($link)) { - $link = 'index'; - } - $url = $cfg['MySQLManualBase'] . '/' . $link . '.html'; - break; - case 'viewable': - default: - if (empty($link)) { - $link = 'index'; - } - $mysql = '5.0'; - $lang = 'en'; - if (defined('PMA_MYSQL_INT_VERSION')) { - if (PMA_MYSQL_INT_VERSION < 50000) { - $mysql = '4.1'; - if (!empty($GLOBALS['mysql_4_1_doc_lang'])) { - $lang = $GLOBALS['mysql_4_1_doc_lang']; - } - } elseif (PMA_MYSQL_INT_VERSION >= 50100) { - $mysql = '5.1'; - if (!empty($GLOBALS['mysql_5_1_doc_lang'])) { - $lang = $GLOBALS['mysql_5_1_doc_lang']; - } - } elseif (PMA_MYSQL_INT_VERSION >= 50000) { - $mysql = '5.0'; - if (!empty($GLOBALS['mysql_5_0_doc_lang'])) { - $lang = $GLOBALS['mysql_5_0_doc_lang']; - } - } - } - $url = $cfg['MySQLManualBase'] . '/' . $mysql . '/' . $lang . '/' . $link . '.html'; - break; - } - - if ($big_icon) { - return '<a href="' . $url . '" target="mysql_doc"><img class="icon" src="' . $GLOBALS['pmaThemeImage'] . 'b_sqlhelp.png" width="16" height="16" alt="' . $GLOBALS['strDocu'] . '" title="' . $GLOBALS['strDocu'] . '" /></a>'; - } elseif ($GLOBALS['cfg']['ReplaceHelpImg']) { - return '<a href="' . $url . '" target="mysql_doc"><img class="icon" src="' . $GLOBALS['pmaThemeImage'] . 'b_help.png" width="11" height="11" alt="' . $GLOBALS['strDocu'] . '" title="' . $GLOBALS['strDocu'] . '" /></a>'; - } else { - return '[<a href="' . $url . '" target="mysql_doc">' . $GLOBALS['strDocu'] . '</a>]'; - } - } // end of the 'PMA_showMySQLDocu()' function - - /** - * Displays a hint icon, on mouse over show the hint - * - * @uses $GLOBALS['pmaThemeImage'] - * @uses PMA_jsFormat() - * @param string the error message - * - * @access public - */ - function PMA_showHint($hint_message) - { - //return '<img class="lightbulb" src="' . $GLOBALS['pmaThemeImage'] . 'b_tipp.png" width="16" height="16" border="0" alt="' . $hint_message . '" title="' . $hint_message . '" align="middle" onclick="alert(\'' . PMA_jsFormat($hint_message, false) . '\');" />'; - return '<img class="lightbulb" src="' . $GLOBALS['pmaThemeImage'] - . 'b_tipp.png" width="16" height="16" alt="Tip" title="Tip" onmouseover="pmaTooltip(\'' - . PMA_jsFormat($hint_message, false) . '\'); return false;" onmouseout="swapTooltip(\'default\'); return false;" />'; + // --- Added to solve bug #641765 + // Robbat2 - 12 January 2003, 9:46PM + // Revised, Robbat2 - 13 January 2003, 2:59PM + if (!function_exists('PMA_SQP_isError') || PMA_SQP_isError()) { + $formatted_sql = htmlspecialchars($the_query); + } elseif (empty($the_query) || trim($the_query) == '') { + $formatted_sql = ''; + } else { + $formatted_sql = PMA_formatSql(PMA_SQP_parse($the_query), $the_query); } - - /** - * Displays a MySQL error message in the right frame. - * - * @uses footer.inc.php - * @uses header.inc.php - * @uses $GLOBALS['sql_query'] - * @uses $GLOBALS['strError'] - * @uses $GLOBALS['strSQLQuery'] - * @uses $GLOBALS['pmaThemeImage'] - * @uses $GLOBALS['strEdit'] - * @uses $GLOBALS['strMySQLSaid'] - * @uses $cfg['PropertiesIconic'] - * @uses PMA_backquote() - * @uses PMA_DBI_getError() - * @uses PMA_formatSql() - * @uses PMA_generate_common_hidden_inputs() - * @uses PMA_generate_common_url() - * @uses PMA_showMySQLDocu() - * @uses PMA_sqlAddslashes() - * @uses PMA_SQP_isError() - * @uses PMA_SQP_parse() - * @uses PMA_SQP_getErrorString() - * @uses strtolower() - * @uses urlencode() - * @uses str_replace() - * @uses nl2br() - * @uses substr() - * @uses preg_replace() - * @uses preg_match() - * @uses explode() - * @uses implode() - * @uses is_array() - * @uses function_exists() - * @uses htmlspecialchars() - * @uses trim() - * @uses strstr() - * @param string the error message - * @param string the sql query that failed - * @param boolean whether to show a "modify" link or not - * @param string the "back" link url (full path is not required) - * @param boolean EXIT the page? - * - * @global string the curent table - * @global string the current db - * - * @access public - */ - function PMA_mysqlDie($error_message = '', $the_query = '', - $is_modify_link = true, $back_url = '', $exit = true) - { - global $table, $db; - - /** - * start http output, display html headers - */ - require_once './libraries/header.inc.php'; - - if (!$error_message) { - $error_message = PMA_DBI_getError(); - } - if (!$the_query && !empty($GLOBALS['sql_query'])) { - $the_query = $GLOBALS['sql_query']; - } - + // --- + echo "\n" . '<!-- PMA-SQL-ERROR -->' . "\n"; + echo ' <div class="error"><h1>' . $GLOBALS['strError'] . '</h1>' . "\n"; + // if the config password is wrong, or the MySQL server does not + // respond, do not show the query that would reveal the + // username/password + if (!empty($the_query) && !strstr($the_query, 'connect')) { // --- Added to solve bug #641765 // Robbat2 - 12 January 2003, 9:46PM // Revised, Robbat2 - 13 January 2003, 2:59PM - if (!function_exists('PMA_SQP_isError') || PMA_SQP_isError()) { - $formatted_sql = htmlspecialchars($the_query); - } elseif (empty($the_query) || trim($the_query) == '') { - $formatted_sql = ''; - } else { - $formatted_sql = PMA_formatSql(PMA_SQP_parse($the_query), $the_query); + if (function_exists('PMA_SQP_isError') && PMA_SQP_isError()) { + echo PMA_SQP_getErrorString() . "\n"; + echo '<br />' . "\n"; } // --- - echo "\n" . '<!-- PMA-SQL-ERROR -->' . "\n"; - echo ' <div class="error"><h1>' . $GLOBALS['strError'] . '</h1>' . "\n"; - // if the config password is wrong, or the MySQL server does not - // respond, do not show the query that would reveal the - // username/password - if (!empty($the_query) && !strstr($the_query, 'connect')) { - // --- Added to solve bug #641765 - // Robbat2 - 12 January 2003, 9:46PM - // Revised, Robbat2 - 13 January 2003, 2:59PM - if (function_exists('PMA_SQP_isError') && PMA_SQP_isError()) { - echo PMA_SQP_getErrorString() . "\n"; - echo '<br />' . "\n"; + // modified to show me the help on sql errors (Michael Keck) + echo ' <p><strong>' . $GLOBALS['strSQLQuery'] . ':</strong>' . "\n"; + if (strstr(strtolower($formatted_sql), 'select')) { // please show me help to the error on select + echo PMA_showMySQLDocu('SQL-Syntax', 'SELECT'); + } + if ($is_modify_link && isset($db)) { + if (isset($table)) { + $doedit_goto = '<a href="tbl_sql.php?' . PMA_generate_common_url($db, $table) . '&sql_query=' . urlencode($the_query) . '&show_query=1">'; + } else { + $doedit_goto = '<a href="db_sql.php?' . PMA_generate_common_url($db) . '&sql_query=' . urlencode($the_query) . '&show_query=1">'; } - // --- - // modified to show me the help on sql errors (Michael Keck) - echo ' <p><strong>' . $GLOBALS['strSQLQuery'] . ':</strong>' . "\n"; - if (strstr(strtolower($formatted_sql), 'select')) { // please show me help to the error on select - echo PMA_showMySQLDocu('SQL-Syntax', 'SELECT'); + if ($GLOBALS['cfg']['PropertiesIconic']) { + echo $doedit_goto + . '<img class="icon" src=" '. $GLOBALS['pmaThemeImage'] . 'b_edit.png" width="16" height="16" alt="' . $GLOBALS['strEdit'] .'" />' + . '</a>'; + } else { + echo ' [' + . $doedit_goto . $GLOBALS['strEdit'] . '</a>' + . ']' . "\n"; } - if ($is_modify_link && isset($db)) { - if (isset($table)) { - $doedit_goto = '<a href="tbl_sql.php?' . PMA_generate_common_url($db, $table) . '&sql_query=' . urlencode($the_query) . '&show_query=1">'; - } else { - $doedit_goto = '<a href="db_sql.php?' . PMA_generate_common_url($db) . '&sql_query=' . urlencode($the_query) . '&show_query=1">'; - } - if ($GLOBALS['cfg']['PropertiesIconic']) { - echo $doedit_goto - . '<img class="icon" src=" '. $GLOBALS['pmaThemeImage'] . 'b_edit.png" width="16" height="16" alt="' . $GLOBALS['strEdit'] .'" />' - . '</a>'; - } else { - echo ' [' - . $doedit_goto . $GLOBALS['strEdit'] . '</a>' - . ']' . "\n"; - } - } // end if - echo ' </p>' . "\n" - .' <p>' . "\n" - .' ' . $formatted_sql . "\n" - .' </p>' . "\n"; } // end if + echo ' </p>' . "\n" + .' <p>' . "\n" + .' ' . $formatted_sql . "\n" + .' </p>' . "\n"; + } // end if - $tmp_mysql_error = ''; // for saving the original $error_message - if (!empty($error_message)) { - $tmp_mysql_error = strtolower($error_message); // save the original $error_message - $error_message = htmlspecialchars($error_message); - $error_message = preg_replace("@((\015\012)|(\015)|(\012)){3,}@", "\n\n", $error_message); - } - // modified to show me the help on error-returns (Michael Keck) - // (now error-messages-server) - echo '<p>' . "\n" - . ' <strong>' . $GLOBALS['strMySQLSaid'] . '</strong>' - . PMA_showMySQLDocu('Error-messages-server', 'Error-messages-server') - . "\n" - . '</p>' . "\n"; - - // The error message will be displayed within a CODE segment. - // To preserve original formatting, but allow wordwrapping, we do a couple of replacements - - // Replace all non-single blanks with their HTML-counterpart - $error_message = str_replace(' ', ' ', $error_message); - // Replace TAB-characters with their HTML-counterpart - $error_message = str_replace("\t", ' ', $error_message); - // Replace linebreaks - $error_message = nl2br($error_message); - - echo '<code>' . "\n" - . $error_message . "\n" - . '</code><br />' . "\n"; - - // feature request #1036254: - // Add a link by MySQL-Error #1062 - Duplicate entry - // 2004-10-20 by mkkeck - // 2005-01-17 modified by mkkeck bugfix - if (substr($error_message, 1, 4) == '1062') { - // get the duplicate entry - - // get table name - /** - * @todo what would be the best delimiter, while avoiding special - * characters that can become high-ascii after editing, depending - * upon which editor is used by the developer? - */ - $error_table = array(); - if (preg_match('@ALTER\s*TABLE\s*\`([^\`]+)\`@iu', $the_query, $error_table)) { - $error_table = $error_table[1]; - } elseif (preg_match('@INSERT\s*INTO\s*\`([^\`]+)\`@iu', $the_query, $error_table)) { - $error_table = $error_table[1]; - } elseif (preg_match('@UPDATE\s*\`([^\`]+)\`@iu', $the_query, $error_table)) { - $error_table = $error_table[1]; - } elseif (preg_match('@INSERT\s*\`([^\`]+)\`@iu', $the_query, $error_table)) { - $error_table = $error_table[1]; - } - - // get fields - $error_fields = array(); - if (preg_match('@\(([^\)]+)\)@i', $the_query, $error_fields)) { - $error_fields = explode(',', $error_fields[1]); - } elseif (preg_match('@(`[^`]+`)\s*=@i', $the_query, $error_fields)) { - $error_fields = explode(',', $error_fields[1]); - } - if (is_array($error_table) || is_array($error_fields)) { - - // duplicate value - $duplicate_value = array(); - preg_match('@\'([^\']+)\'@i', $tmp_mysql_error, $duplicate_value); - $duplicate_value = $duplicate_value[1]; - - $sql = ' - SELECT * - FROM ' . PMA_backquote($error_table) . ' - WHERE CONCAT_WS("-", ' . implode(', ', $error_fields) . ') - = "' . PMA_sqlAddslashes($duplicate_value) . '" - ORDER BY ' . implode(', ', $error_fields); - unset($error_table, $error_fields, $duplicate_value); - - echo ' <form method="post" action="import.php" style="padding: 0; margin: 0">' ."\n" - .' <input type="hidden" name="sql_query" value="' . htmlspecialchars($sql) . '" />' . "\n" - .' ' . PMA_generate_common_hidden_inputs($db, $table) . "\n" - .' <input type="submit" name="submit" value="' . $GLOBALS['strBrowse'] . '" />' . "\n" - .' </form>' . "\n"; - unset($sql); - } - } // end of show duplicate entry - - echo '</div>'; - echo '<fieldset class="tblFooters">'; - - if (!empty($back_url) && $exit) { - $goto_back_url='<a href="' . (strstr($back_url, '?') ? $back_url . '&no_history=true' : $back_url . '?no_history=true') . '">'; - echo '[ ' . $goto_back_url . $GLOBALS['strBack'] . '</a> ]'; - } - echo ' </fieldset>' . "\n\n"; - if ($exit) { - /** - * display footer and exit - */ - require_once './libraries/footer.inc.php'; - } - } // end of the 'PMA_mysqlDie()' function + $tmp_mysql_error = ''; // for saving the original $error_message + if (!empty($error_message)) { + $tmp_mysql_error = strtolower($error_message); // save the original $error_message + $error_message = htmlspecialchars($error_message); + $error_message = preg_replace("@((\015\012)|(\015)|(\012)){3,}@", "\n\n", $error_message); + } + // modified to show me the help on error-returns (Michael Keck) + // (now error-messages-server) + echo '<p>' . "\n" + . ' <strong>' . $GLOBALS['strMySQLSaid'] . '</strong>' + . PMA_showMySQLDocu('Error-messages-server', 'Error-messages-server') + . "\n" + . '</p>' . "\n"; + + // The error message will be displayed within a CODE segment. + // To preserve original formatting, but allow wordwrapping, we do a couple of replacements + + // Replace all non-single blanks with their HTML-counterpart + $error_message = str_replace(' ', ' ', $error_message); + // Replace TAB-characters with their HTML-counterpart + $error_message = str_replace("\t", ' ', $error_message); + // Replace linebreaks + $error_message = nl2br($error_message); + + echo '<code>' . "\n" + . $error_message . "\n" + . '</code><br />' . "\n"; + + // feature request #1036254: + // Add a link by MySQL-Error #1062 - Duplicate entry + // 2004-10-20 by mkkeck + // 2005-01-17 modified by mkkeck bugfix + if (substr($error_message, 1, 4) == '1062') { + // get the duplicate entry + + // get table name + /** + * @todo what would be the best delimiter, while avoiding special + * characters that can become high-ascii after editing, depending + * upon which editor is used by the developer? + */ + $error_table = array(); + if (preg_match('@ALTER\s*TABLE\s*\`([^\`]+)\`@iu', $the_query, $error_table)) { + $error_table = $error_table[1]; + } elseif (preg_match('@INSERT\s*INTO\s*\`([^\`]+)\`@iu', $the_query, $error_table)) { + $error_table = $error_table[1]; + } elseif (preg_match('@UPDATE\s*\`([^\`]+)\`@iu', $the_query, $error_table)) { + $error_table = $error_table[1]; + } elseif (preg_match('@INSERT\s*\`([^\`]+)\`@iu', $the_query, $error_table)) { + $error_table = $error_table[1]; + } + + // get fields + $error_fields = array(); + if (preg_match('@\(([^\)]+)\)@i', $the_query, $error_fields)) { + $error_fields = explode(',', $error_fields[1]); + } elseif (preg_match('@(`[^`]+`)\s*=@i', $the_query, $error_fields)) { + $error_fields = explode(',', $error_fields[1]); + } + if (is_array($error_table) || is_array($error_fields)) { + + // duplicate value + $duplicate_value = array(); + preg_match('@\'([^\']+)\'@i', $tmp_mysql_error, $duplicate_value); + $duplicate_value = $duplicate_value[1]; + + $sql = ' + SELECT * + FROM ' . PMA_backquote($error_table) . ' + WHERE CONCAT_WS("-", ' . implode(', ', $error_fields) . ') + = "' . PMA_sqlAddslashes($duplicate_value) . '" + ORDER BY ' . implode(', ', $error_fields); + unset($error_table, $error_fields, $duplicate_value); + + echo ' <form method="post" action="import.php" style="padding: 0; margin: 0">' ."\n" + .' <input type="hidden" name="sql_query" value="' . htmlspecialchars($sql) . '" />' . "\n" + .' ' . PMA_generate_common_hidden_inputs($db, $table) . "\n" + .' <input type="submit" name="submit" value="' . $GLOBALS['strBrowse'] . '" />' . "\n" + .' </form>' . "\n"; + unset($sql); + } + } // end of show duplicate entry + + echo '</div>'; + echo '<fieldset class="tblFooters">'; + + if (!empty($back_url) && $exit) { + $goto_back_url='<a href="' . (strstr($back_url, '?') ? $back_url . '&no_history=true' : $back_url . '?no_history=true') . '">'; + echo '[ ' . $goto_back_url . $GLOBALS['strBack'] . '</a> ]'; + } + echo ' </fieldset>' . "\n\n"; + if ($exit) { + /** + * display footer and exit + */ + require_once './libraries/footer.inc.php'; + } +} // end of the 'PMA_mysqlDie()' function - /** - * Returns a string formatted with CONVERT ... USING - * if MySQL supports it - * - * @uses PMA_MYSQL_INT_VERSION - * @uses $GLOBALS['collation_connection'] - * @uses explode() - * @param string the string itself - * @param string the mode: quoted or unquoted (this one by default) - * - * @return the formatted string - * - * @access private - */ - function PMA_convert_using($string, $mode='unquoted') - { - if ($mode == 'quoted') { - $possible_quote = "'"; - } else { - $possible_quote = ""; - } +/** + * Returns a string formatted with CONVERT ... USING + * if MySQL supports it + * + * @uses PMA_MYSQL_INT_VERSION + * @uses $GLOBALS['collation_connection'] + * @uses explode() + * @param string the string itself + * @param string the mode: quoted or unquoted (this one by default) + * + * @return the formatted string + * + * @access private + */ +function PMA_convert_using($string, $mode='unquoted') +{ + if ($mode == 'quoted') { + $possible_quote = "'"; + } else { + $possible_quote = ""; + } - if (PMA_MYSQL_INT_VERSION >= 40100) { - list($conn_charset) = explode('_', $GLOBALS['collation_connection']); - $converted_string = "CONVERT(" . $possible_quote . $string . $possible_quote . " USING " . $conn_charset . ")"; - } else { - $converted_string = $possible_quote . $string . $possible_quote; - } - return $converted_string; - } // end function + if (PMA_MYSQL_INT_VERSION >= 40100) { + list($conn_charset) = explode('_', $GLOBALS['collation_connection']); + $converted_string = "CONVERT(" . $possible_quote . $string . $possible_quote . " USING " . $conn_charset . ")"; + } else { + $converted_string = $possible_quote . $string . $possible_quote; + } + return $converted_string; +} // end function - /** - * Send HTTP header, taking IIS limits into account (600 seems ok) - * - * @uses PMA_IS_IIS - * @uses PMA_COMING_FROM_COOKIE_LOGIN - * @uses PMA_get_arg_separator() - * @uses SID - * @uses strlen() - * @uses strpos() - * @uses header() - * @uses session_write_close() - * @uses headers_sent() - * @uses function_exists() - * @uses debug_print_backtrace() - * @uses trigger_error() - * @uses defined() - * @param string $uri the header to send - * @return boolean always true - */ - function PMA_sendHeaderLocation($uri) - { - if (PMA_IS_IIS && strlen($uri) > 600) { - - echo '<html><head><title>- - -</title>' . "\n"; - echo '<meta http-equiv="expires" content="0">' . "\n"; - echo '<meta http-equiv="Pragma" content="no-cache">' . "\n"; - echo '<meta http-equiv="Cache-Control" content="no-cache">' . "\n"; - echo '<meta http-equiv="Refresh" content="0;url=' .$uri . '">' . "\n"; - echo '<script type="text/javascript" language="javascript">' . "\n"; - echo '//<![CDATA[' . "\n"; - echo 'setTimeout ("window.location = unescape(\'"' . $uri . '"\')",2000); </script>' . "\n"; - echo '//]]>' . "\n"; - echo '</head>' . "\n"; - echo '<body>' . "\n"; - echo '<script type="text/javascript" language="javascript">' . "\n"; - echo '//<![CDATA[' . "\n"; - echo 'document.write (\'<p><a href="' . $uri . '">' . $GLOBALS['strGo'] . '</a></p>\');' . "\n"; - echo '//]]>' . "\n"; - echo '</script></body></html>' . "\n"; +/** + * Send HTTP header, taking IIS limits into account (600 seems ok) + * + * @uses PMA_IS_IIS + * @uses PMA_COMING_FROM_COOKIE_LOGIN + * @uses PMA_get_arg_separator() + * @uses SID + * @uses strlen() + * @uses strpos() + * @uses header() + * @uses session_write_close() + * @uses headers_sent() + * @uses function_exists() + * @uses debug_print_backtrace() + * @uses trigger_error() + * @uses defined() + * @param string $uri the header to send + * @return boolean always true + */ +function PMA_sendHeaderLocation($uri) +{ + if (PMA_IS_IIS && strlen($uri) > 600) { + + echo '<html><head><title>- - -</title>' . "\n"; + echo '<meta http-equiv="expires" content="0">' . "\n"; + echo '<meta http-equiv="Pragma" content="no-cache">' . "\n"; + echo '<meta http-equiv="Cache-Control" content="no-cache">' . "\n"; + echo '<meta http-equiv="Refresh" content="0;url=' .$uri . '">' . "\n"; + echo '<script type="text/javascript" language="javascript">' . "\n"; + echo '//<![CDATA[' . "\n"; + echo 'setTimeout ("window.location = unescape(\'"' . $uri . '"\')",2000); </script>' . "\n"; + echo '//]]>' . "\n"; + echo '</head>' . "\n"; + echo '<body>' . "\n"; + echo '<script type="text/javascript" language="javascript">' . "\n"; + echo '//<![CDATA[' . "\n"; + echo 'document.write (\'<p><a href="' . $uri . '">' . $GLOBALS['strGo'] . '</a></p>\');' . "\n"; + echo '//]]>' . "\n"; + echo '</script></body></html>' . "\n"; + } else { + if (SID) { + if (strpos($uri, '?') === false) { + header('Location: ' . $uri . '?' . SID); + } else { + $separator = PMA_get_arg_separator(); + header('Location: ' . $uri . $separator . SID); + } } else { - if (SID) { - if (strpos($uri, '?') === false) { - header('Location: ' . $uri . '?' . SID); - } else { - $separator = PMA_get_arg_separator(); - header('Location: ' . $uri . $separator . SID); + session_write_close(); + if (headers_sent()) { + if (function_exists('debug_print_backtrace')) { + echo '<pre>'; + debug_print_backtrace(); + echo '</pre>'; } + trigger_error('PMA_sendHeaderLocation called when headers are already sent!', E_USER_ERROR); + } + // bug #1523784: IE6 does not like 'Refresh: 0', it + // results in a blank page + // but we need it when coming from the cookie login panel) + if (PMA_IS_IIS && defined('PMA_COMING_FROM_COOKIE_LOGIN')) { + header('Refresh: 0; ' . $uri); } else { - session_write_close(); - if (headers_sent()) { - if (function_exists('debug_print_backtrace')) { - echo '<pre>'; - debug_print_backtrace(); - echo '</pre>'; - } - trigger_error('PMA_sendHeaderLocation called when headers are already sent!', E_USER_ERROR); - } - // bug #1523784: IE6 does not like 'Refresh: 0', it - // results in a blank page - // but we need it when coming from the cookie login panel) - if (PMA_IS_IIS && defined('PMA_COMING_FROM_COOKIE_LOGIN')) { - header('Refresh: 0; ' . $uri); - } else { - header('Location: ' . $uri); - } + header('Location: ' . $uri); } } } +} - /** - * returns array with tables of given db with extended infomation and grouped - * - * @uses $cfg['LeftFrameTableSeparator'] - * @uses $cfg['LeftFrameTableLevel'] - * @uses $cfg['ShowTooltipAliasTB'] - * @uses $cfg['NaturalOrder'] - * @uses PMA_backquote() - * @uses count() - * @uses array_merge - * @uses uksort() - * @uses strstr() - * @uses explode() - * @param string $db name of db - * return array (rekursive) grouped table list - */ - function PMA_getTableList($db, $tables = null) - { - $sep = $GLOBALS['cfg']['LeftFrameTableSeparator']; - - if ( null === $tables ) { - $tables = PMA_DBI_get_tables_full($db); - if ($GLOBALS['cfg']['NaturalOrder']) { - uksort($tables, 'strnatcasecmp'); - } - } +/** + * returns array with tables of given db with extended infomation and grouped + * + * @uses $cfg['LeftFrameTableSeparator'] + * @uses $cfg['LeftFrameTableLevel'] + * @uses $cfg['ShowTooltipAliasTB'] + * @uses $cfg['NaturalOrder'] + * @uses PMA_backquote() + * @uses count() + * @uses array_merge + * @uses uksort() + * @uses strstr() + * @uses explode() + * @param string $db name of db + * return array (rekursive) grouped table list + */ +function PMA_getTableList($db, $tables = null) +{ + $sep = $GLOBALS['cfg']['LeftFrameTableSeparator']; - if (count($tables) < 1) { - return $tables; + if ( null === $tables ) { + $tables = PMA_DBI_get_tables_full($db); + if ($GLOBALS['cfg']['NaturalOrder']) { + uksort($tables, 'strnatcasecmp'); } + } - $default = array( - 'Name' => '', - 'Rows' => 0, - 'Comment' => '', - 'disp_name' => '', - ); + if (count($tables) < 1) { + return $tables; + } + + $default = array( + 'Name' => '', + 'Rows' => 0, + 'Comment' => '', + 'disp_name' => '', + ); - $table_groups = array(); + $table_groups = array(); - foreach ($tables as $table_name => $table) { + foreach ($tables as $table_name => $table) { - // check for correct row count - if (null === $table['Rows']) { - // Do not check exact row count here, - // if row count is invalid possibly the table is defect - // and this would break left frame; - // but we can check row count if this is a view, - // since PMA_Table::countRecords() returns a limited row count - // in this case. + // check for correct row count + if (null === $table['Rows']) { + // Do not check exact row count here, + // if row count is invalid possibly the table is defect + // and this would break left frame; + // but we can check row count if this is a view, + // since PMA_Table::countRecords() returns a limited row count + // in this case. - // set this because PMA_Table::countRecords() can use it - $tbl_is_view = PMA_Table::isView($db, $table['Name']); + // set this because PMA_Table::countRecords() can use it + $tbl_is_view = PMA_Table::isView($db, $table['Name']); - if ($tbl_is_view) { - $table['Rows'] = PMA_Table::countRecords($db, $table['Name'], - $return = true); - } + if ($tbl_is_view) { + $table['Rows'] = PMA_Table::countRecords($db, $table['Name'], + $return = true); } + } - // in $group we save the reference to the place in $table_groups - // where to store the table info - if ($GLOBALS['cfg']['LeftFrameDBTree'] - && $sep && strstr($table_name, $sep)) - { - $parts = explode($sep, $table_name); - - $group =& $table_groups; - $i = 0; - $group_name_full = ''; - while ($i < count($parts) - 1 - && $i < $GLOBALS['cfg']['LeftFrameTableLevel']) { - $group_name = $parts[$i] . $sep; - $group_name_full .= $group_name; - - if (!isset($group[$group_name])) { - $group[$group_name] = array(); - $group[$group_name]['is' . $sep . 'group'] = true; - $group[$group_name]['tab' . $sep . 'count'] = 1; - $group[$group_name]['tab' . $sep . 'group'] = $group_name_full; - } elseif (!isset($group[$group_name]['is' . $sep . 'group'])) { - $table = $group[$group_name]; - $group[$group_name] = array(); - $group[$group_name][$group_name] = $table; - unset($table); - $group[$group_name]['is' . $sep . 'group'] = true; - $group[$group_name]['tab' . $sep . 'count'] = 1; - $group[$group_name]['tab' . $sep . 'group'] = $group_name_full; - } else { - $group[$group_name]['tab' . $sep . 'count']++; - } - $group =& $group[$group_name]; - $i++; - } - } else { - if (!isset($table_groups[$table_name])) { - $table_groups[$table_name] = array(); + // in $group we save the reference to the place in $table_groups + // where to store the table info + if ($GLOBALS['cfg']['LeftFrameDBTree'] + && $sep && strstr($table_name, $sep)) + { + $parts = explode($sep, $table_name); + + $group =& $table_groups; + $i = 0; + $group_name_full = ''; + while ($i < count($parts) - 1 + && $i < $GLOBALS['cfg']['LeftFrameTableLevel']) { + $group_name = $parts[$i] . $sep; + $group_name_full .= $group_name; + + if (!isset($group[$group_name])) { + $group[$group_name] = array(); + $group[$group_name]['is' . $sep . 'group'] = true; + $group[$group_name]['tab' . $sep . 'count'] = 1; + $group[$group_name]['tab' . $sep . 'group'] = $group_name_full; + } elseif (!isset($group[$group_name]['is' . $sep . 'group'])) { + $table = $group[$group_name]; + $group[$group_name] = array(); + $group[$group_name][$group_name] = $table; + unset($table); + $group[$group_name]['is' . $sep . 'group'] = true; + $group[$group_name]['tab' . $sep . 'count'] = 1; + $group[$group_name]['tab' . $sep . 'group'] = $group_name_full; + } else { + $group[$group_name]['tab' . $sep . 'count']++; } - $group =& $table_groups; + $group =& $group[$group_name]; + $i++; } - - - if ($GLOBALS['cfg']['ShowTooltipAliasTB'] - && $GLOBALS['cfg']['ShowTooltipAliasTB'] !== 'nested') { - // switch tooltip and name - $table['Comment'] = $table['Name']; - $table['disp_name'] = $table['Comment']; - } else { - $table['disp_name'] = $table['Name']; + } else { + if (!isset($table_groups[$table_name])) { + $table_groups[$table_name] = array(); } + $group =& $table_groups; + } - $group[$table_name] = array_merge($default, $table); + + if ($GLOBALS['cfg']['ShowTooltipAliasTB'] + && $GLOBALS['cfg']['ShowTooltipAliasTB'] !== 'nested') { + // switch tooltip and name + $table['Comment'] = $table['Name']; + $table['disp_name'] = $table['Comment']; + } else { + $table['disp_name'] = $table['Name']; } - return $table_groups; + $group[$table_name] = array_merge($default, $table); } - /* ----------------------- Set of misc functions ----------------------- */ + return $table_groups; +} +/* ----------------------- Set of misc functions ----------------------- */ - /** - * Adds backquotes on both sides of a database, table or field name. - * and escapes backquotes inside the name with another backquote - * - * example: - * <code> - * echo PMA_backquote('owner`s db'); // `owner``s db` - * - * </code> - * - * @uses PMA_backquote() - * @uses is_array() - * @uses strlen() - * @uses str_replace() - * @param mixed $a_name the database, table or field name to "backquote" - * or array of it - * @param boolean $do_it a flag to bypass this function (used by dump - * functions) - * @return mixed the "backquoted" database, table or field name if the - * current MySQL release is >= 3.23.6, the original one - * else - * @access public - */ - function PMA_backquote($a_name, $do_it = true) - { - if (! $do_it) { - return $a_name; - } - if (is_array($a_name)) { - $result = array(); - foreach ($a_name as $key => $val) { - $result[$key] = PMA_backquote($val); - } - return $result; - } +/** + * Adds backquotes on both sides of a database, table or field name. + * and escapes backquotes inside the name with another backquote + * + * example: + * <code> + * echo PMA_backquote('owner`s db'); // `owner``s db` + * + * </code> + * + * @uses PMA_backquote() + * @uses is_array() + * @uses strlen() + * @uses str_replace() + * @param mixed $a_name the database, table or field name to "backquote" + * or array of it + * @param boolean $do_it a flag to bypass this function (used by dump + * functions) + * @return mixed the "backquoted" database, table or field name if the + * current MySQL release is >= 3.23.6, the original one + * else + * @access public + */ +function PMA_backquote($a_name, $do_it = true) +{ + if (! $do_it) { + return $a_name; + } - // '0' is also empty for php :-( - if (strlen($a_name) && $a_name !== '*') { - return '`' . str_replace('`', '``', $a_name) . '`'; - } else { - return $a_name; - } - } // end of the 'PMA_backquote()' function + if (is_array($a_name)) { + $result = array(); + foreach ($a_name as $key => $val) { + $result[$key] = PMA_backquote($val); + } + return $result; + } + // '0' is also empty for php :-( + if (strlen($a_name) && $a_name !== '*') { + return '`' . str_replace('`', '``', $a_name) . '`'; + } else { + return $a_name; + } +} // end of the 'PMA_backquote()' function - /** - * Defines the <CR><LF> value depending on the user OS. - * - * @uses PMA_USR_OS - * @return string the <CR><LF> value to use - * - * @access public - */ - function PMA_whichCrlf() - { - $the_crlf = "\n"; - // The 'PMA_USR_OS' constant is defined in "./libraries/defines.lib.php" - // Win case - if (PMA_USR_OS == 'Win') { - $the_crlf = "\r\n"; - } - // Others - else { - $the_crlf = "\n"; - } +/** + * Defines the <CR><LF> value depending on the user OS. + * + * @uses PMA_USR_OS + * @return string the <CR><LF> value to use + * + * @access public + */ +function PMA_whichCrlf() +{ + $the_crlf = "\n"; - return $the_crlf; - } // end of the 'PMA_whichCrlf()' function + // The 'PMA_USR_OS' constant is defined in "./libraries/defines.lib.php" + // Win case + if (PMA_USR_OS == 'Win') { + $the_crlf = "\r\n"; + } + // Others + else { + $the_crlf = "\n"; + } - /** - * Reloads navigation if needed. - * - * @uses $GLOBALS['reload'] - * @uses $GLOBALS['db'] - * @uses PMA_generate_common_url() - * @global array configuration - * - * @access public - */ - function PMA_reloadNavigation() - { - global $cfg; + return $the_crlf; +} // end of the 'PMA_whichCrlf()' function - // Reloads the navigation frame via JavaScript if required - if (isset($GLOBALS['reload']) && $GLOBALS['reload']) { - echo "\n"; - $reload_url = './navigation.php?' . PMA_generate_common_url((isset($GLOBALS['db']) ? $GLOBALS['db'] : ''), '', '&'); - ?> +/** + * Reloads navigation if needed. + * + * @uses $GLOBALS['reload'] + * @uses $GLOBALS['db'] + * @uses PMA_generate_common_url() + * @global array configuration + * + * @access public + */ +function PMA_reloadNavigation() +{ + global $cfg; + + // Reloads the navigation frame via JavaScript if required + if (isset($GLOBALS['reload']) && $GLOBALS['reload']) { + echo "\n"; + $reload_url = './navigation.php?' . PMA_generate_common_url((isset($GLOBALS['db']) ? $GLOBALS['db'] : ''), '', '&'); + ?> <script type="text/javascript" language="javascript"> //<![CDATA[ if (typeof(window.parent) != 'undefined' @@ -1461,2004 +930,1231 @@ if (typeof(window.parent) != 'undefined' } //]]> </script> - <?php - unset($GLOBALS['reload']); - } + <?php + unset($GLOBALS['reload']); } +} - /** - * displays the message and the query - * usually the message is the result of the query executed - * - * @param string $message the message to display - * @param string $sql_query the query to display - * @global array the configuration array - * @uses $cfg - * @access public - */ - function PMA_showMessage($message, $sql_query = null) - { - global $cfg; - - if (null === $sql_query) { - if (! empty($GLOBALS['display_query'])) { - $sql_query = $GLOBALS['display_query']; - } elseif ($cfg['SQP']['fmtType'] == 'none' && ! empty($GLOBALS['unparsed_sql'])) { - $sql_query = $GLOBALS['unparsed_sql']; - } elseif (! empty($GLOBALS['sql_query'])) { - $sql_query = $GLOBALS['sql_query']; - } else { - $sql_query = ''; - } +/** + * displays the message and the query + * usually the message is the result of the query executed + * + * @param string $message the message to display + * @param string $sql_query the query to display + * @global array the configuration array + * @uses $cfg + * @access public + */ +function PMA_showMessage($message, $sql_query = null) +{ + global $cfg; + + if (null === $sql_query) { + if (! empty($GLOBALS['display_query'])) { + $sql_query = $GLOBALS['display_query']; + } elseif ($cfg['SQP']['fmtType'] == 'none' && ! empty($GLOBALS['unparsed_sql'])) { + $sql_query = $GLOBALS['unparsed_sql']; + } elseif (! empty($GLOBALS['sql_query'])) { + $sql_query = $GLOBALS['sql_query']; + } else { + $sql_query = ''; } + } - // Corrects the tooltip text via JS if required - // @todo this is REALLY the wrong place to do this - very unexpected here - if ( isset($GLOBALS['table']) && strlen($GLOBALS['table']) && $cfg['ShowTooltip']) { - $result = PMA_DBI_try_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], true) . '\''); + // Corrects the tooltip text via JS if required + // @todo this is REALLY the wrong place to do this - very unexpected here + if ( isset($GLOBALS['table']) && strlen($GLOBALS['table']) && $cfg['ShowTooltip']) { + $result = PMA_DBI_try_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], true) . '\''); + if ($result) { + $tbl_status = PMA_DBI_fetch_assoc($result); + $tooltip = (empty($tbl_status['Comment'])) + ? '' + : $tbl_status['Comment'] . ' '; + $tooltip .= '(' . PMA_formatNumber($tbl_status['Rows'], 0) . ' ' . $GLOBALS['strRows'] . ')'; + PMA_DBI_free_result($result); + $uni_tbl = PMA_jsFormat($GLOBALS['db'] . '.' . $GLOBALS['table'], false); + echo "\n"; + echo '<script type="text/javascript" language="javascript">' . "\n"; + echo '//<![CDATA[' . "\n"; + echo "window.parent.updateTableTitle('" . $uni_tbl . "', '" . PMA_jsFormat($tooltip, false) . "');" . "\n"; + echo '//]]>' . "\n"; + echo '</script>' . "\n"; + } // end if + } // end if ... elseif + + // Checks if the table needs to be repaired after a TRUNCATE query. + // @todo this should only be done if isset($GLOBALS['sql_query']), what about $GLOBALS['display_query']??? + // @todo this is REALLY the wrong place to do this - very unexpected here + if (isset($GLOBALS['table']) && isset($GLOBALS['sql_query']) + && $GLOBALS['sql_query'] == 'TRUNCATE TABLE ' . PMA_backquote($GLOBALS['table'])) { + if (!isset($tbl_status)) { + $result = @PMA_DBI_try_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], true) . '\''); if ($result) { $tbl_status = PMA_DBI_fetch_assoc($result); - $tooltip = (empty($tbl_status['Comment'])) - ? '' - : $tbl_status['Comment'] . ' '; - $tooltip .= '(' . PMA_formatNumber($tbl_status['Rows'], 0) . ' ' . $GLOBALS['strRows'] . ')'; PMA_DBI_free_result($result); - $uni_tbl = PMA_jsFormat($GLOBALS['db'] . '.' . $GLOBALS['table'], false); - echo "\n"; - echo '<script type="text/javascript" language="javascript">' . "\n"; - echo '//<![CDATA[' . "\n"; - echo "window.parent.updateTableTitle('" . $uni_tbl . "', '" . PMA_jsFormat($tooltip, false) . "');" . "\n"; - echo '//]]>' . "\n"; - echo '</script>' . "\n"; - } // end if - } // end if ... elseif - - // Checks if the table needs to be repaired after a TRUNCATE query. - // @todo this should only be done if isset($GLOBALS['sql_query']), what about $GLOBALS['display_query']??? - // @todo this is REALLY the wrong place to do this - very unexpected here - if (isset($GLOBALS['table']) && isset($GLOBALS['sql_query']) - && $GLOBALS['sql_query'] == 'TRUNCATE TABLE ' . PMA_backquote($GLOBALS['table'])) { - if (!isset($tbl_status)) { - $result = @PMA_DBI_try_query('SHOW TABLE STATUS FROM ' . PMA_backquote($GLOBALS['db']) . ' LIKE \'' . PMA_sqlAddslashes($GLOBALS['table'], true) . '\''); - if ($result) { - $tbl_status = PMA_DBI_fetch_assoc($result); - PMA_DBI_free_result($result); - } - } - if (isset($tbl_status) && (int) $tbl_status['Index_length'] > 1024) { - PMA_DBI_try_query('REPAIR TABLE ' . PMA_backquote($GLOBALS['table'])); } } - unset($tbl_status); - echo '<br />' . "\n"; - - echo '<div align="' . $GLOBALS['cell_align_left'] . '">' . "\n"; - if (!empty($GLOBALS['show_error_header'])) { - echo '<div class="error">' . "\n"; - echo '<h1>' . $GLOBALS['strError'] . '</h1>' . "\n"; - } - - echo '<div class="notice">'; - echo PMA_sanitize($message); - if (isset($GLOBALS['special_message'])) { - echo PMA_sanitize($GLOBALS['special_message']); - unset($GLOBALS['special_message']); + if (isset($tbl_status) && (int) $tbl_status['Index_length'] > 1024) { + PMA_DBI_try_query('REPAIR TABLE ' . PMA_backquote($GLOBALS['table'])); } - echo '</div>'; - - if (!empty($GLOBALS['show_error_header'])) { - echo '</div>'; - } - - if ($cfg['ShowSQL'] == true && ! empty($sql_query)) { - // Basic url query part - $url_qpart = '?' . PMA_generate_common_url(isset($GLOBALS['db']) ? $GLOBALS['db'] : '', isset($GLOBALS['table']) ? $GLOBALS['table'] : ''); - - // Html format the query to be displayed - // The nl2br function isn't used because its result isn't a valid - // xhtml1.0 statement before php4.0.5 ("<br>" and not "<br />") - // If we want to show some sql code it is easiest to create it here - /* SQL-Parser-Analyzer */ - - if (!empty($GLOBALS['show_as_php'])) { - $new_line = '\'<br />' . "\n" . ' . \' '; - } - if (isset($new_line)) { - /* SQL-Parser-Analyzer */ - $query_base = PMA_sqlAddslashes(htmlspecialchars($sql_query), false, false, true); - /* SQL-Parser-Analyzer */ - $query_base = preg_replace("@((\015\012)|(\015)|(\012))+@", $new_line, $query_base); - } else { - $query_base = $sql_query; - } - - $max_characters = 1000; - if (strlen($query_base) > $max_characters) { - define('PMA_QUERY_TOO_BIG',1); - } - - // Parse SQL if needed - if (isset($GLOBALS['parsed_sql']) && $query_base == $GLOBALS['parsed_sql']['raw']) { - $parsed_sql = $GLOBALS['parsed_sql']; - } else { - // when the query is large (for example an INSERT of binary - // data), the parser chokes; so avoid parsing the query - if (! defined('PMA_QUERY_TOO_BIG')) { - $parsed_sql = PMA_SQP_parse($query_base); - } - } - - // Analyze it - if (isset($parsed_sql)) { - $analyzed_display_query = PMA_SQP_analyze($parsed_sql); - } - - // Here we append the LIMIT added for navigation, to - // enable its display. Adding it higher in the code - // to $sql_query would create a problem when - // using the Refresh or Edit links. - - // Only append it on SELECTs. - - /** - * @todo what would be the best to do when someone hits Refresh: - * use the current LIMITs ? - */ - - if (isset($analyzed_display_query[0]['queryflags']['select_from']) - && isset($GLOBALS['sql_limit_to_append'])) { - $query_base = $analyzed_display_query[0]['section_before_limit'] . "\n" . $GLOBALS['sql_limit_to_append'] . $analyzed_display_query[0]['section_after_limit']; - // Need to reparse query - $parsed_sql = PMA_SQP_parse($query_base); - } - - if (!empty($GLOBALS['show_as_php'])) { - $query_base = '$sql = \'' . $query_base; - } elseif (!empty($GLOBALS['validatequery'])) { - $query_base = PMA_validateSQL($query_base); - } else { - if (isset($parsed_sql)) { - $query_base = PMA_formatSql($parsed_sql, $query_base); - } - } - - // Prepares links that may be displayed to edit/explain the query - // (don't go to default pages, we must go to the page - // where the query box is available) - - $edit_target = isset($GLOBALS['db']) ? (isset($GLOBALS['table']) ? 'tbl_sql.php' : 'db_sql.php') : 'server_sql.php'; - - if (isset($cfg['SQLQuery']['Edit']) - && ($cfg['SQLQuery']['Edit'] == true) - && (!empty($edit_target)) - && ! defined('PMA_QUERY_TOO_BIG')) { - - if ($cfg['EditInWindow'] == true) { - $onclick = 'window.parent.focus_querywindow(\'' . PMA_jsFormat($sql_query, false) . '\'); return false;'; - } else { - $onclick = ''; - } - - $edit_link = $edit_target - . $url_qpart - . '&sql_query=' . urlencode($sql_query) - . '&show_query=1#querybox'; - $edit_link = ' [' . PMA_linkOrButton($edit_link, $GLOBALS['strEdit'], array('onclick' => $onclick)) . ']'; - } else { - $edit_link = ''; - } + } + unset($tbl_status); + echo '<br />' . "\n"; - // Want to have the query explained (Mike Beck 2002-05-22) - // but only explain a SELECT (that has not been explained) - /* SQL-Parser-Analyzer */ - if (isset($cfg['SQLQuery']['Explain']) - && $cfg['SQLQuery']['Explain'] == true - && ! defined('PMA_QUERY_TOO_BIG')) { - - // Detect if we are validating as well - // To preserve the validate uRL data - if (!empty($GLOBALS['validatequery'])) { - $explain_link_validate = '&validatequery=1'; - } else { - $explain_link_validate = ''; - } + echo '<div align="' . $GLOBALS['cell_align_left'] . '">' . "\n"; + if (!empty($GLOBALS['show_error_header'])) { + echo '<div class="error">' . "\n"; + echo '<h1>' . $GLOBALS['strError'] . '</h1>' . "\n"; + } - $explain_link = 'import.php' - . $url_qpart - . $explain_link_validate - . '&sql_query='; - - if (preg_match('@^SELECT[[:space:]]+@i', $sql_query)) { - $explain_link .= urlencode('EXPLAIN ' . $sql_query); - $message = $GLOBALS['strExplain']; - } elseif (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $sql_query)) { - $explain_link .= urlencode(substr($sql_query, 8)); - $message = $GLOBALS['strNoExplain']; - } else { - $explain_link = ''; - } - if (!empty($explain_link)) { - $explain_link = ' [' . PMA_linkOrButton($explain_link, $message) . ']'; - } - } else { - $explain_link = ''; - } //show explain - - // Also we would like to get the SQL formed in some nice - // php-code (Mike Beck 2002-05-22) - if (isset($cfg['SQLQuery']['ShowAsPHP']) - && $cfg['SQLQuery']['ShowAsPHP'] == true - && ! defined('PMA_QUERY_TOO_BIG')) { - $php_link = 'import.php' - . $url_qpart - . '&show_query=1' - . '&sql_query=' . urlencode($sql_query) - . '&show_as_php='; + echo '<div class="notice">'; + echo PMA_sanitize($message); + if (isset($GLOBALS['special_message'])) { + echo PMA_sanitize($GLOBALS['special_message']); + unset($GLOBALS['special_message']); + } + echo '</div>'; - if (!empty($GLOBALS['show_as_php'])) { - $php_link .= '0'; - $message = $GLOBALS['strNoPhp']; - } else { - $php_link .= '1'; - $message = $GLOBALS['strPhp']; - } - $php_link = ' [' . PMA_linkOrButton($php_link, $message) . ']'; - - if (isset($GLOBALS['show_as_php'])) { - $runquery_link - = 'import.php' - . $url_qpart - . '&show_query=1' - . '&sql_query=' . urlencode($sql_query); - $php_link .= ' [' . PMA_linkOrButton($runquery_link, $GLOBALS['strRunQuery']) . ']'; - } + if (!empty($GLOBALS['show_error_header'])) { + echo '</div>'; + } - } else { - $php_link = ''; - } //show as php + if ($cfg['ShowSQL'] == true && ! empty($sql_query)) { + // Basic url query part + $url_qpart = '?' . PMA_generate_common_url(isset($GLOBALS['db']) ? $GLOBALS['db'] : '', isset($GLOBALS['table']) ? $GLOBALS['table'] : ''); - // Refresh query - if (isset($cfg['SQLQuery']['Refresh']) - && $cfg['SQLQuery']['Refresh'] - && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $sql_query)) { + // Html format the query to be displayed + // The nl2br function isn't used because its result isn't a valid + // xhtml1.0 statement before php4.0.5 ("<br>" and not "<br />") + // If we want to show some sql code it is easiest to create it here + /* SQL-Parser-Analyzer */ - $refresh_link = 'import.php' - . $url_qpart - . '&show_query=1' - . (isset($_GET['pos']) ? '&pos=' . $_GET['pos'] : '') - . '&sql_query=' . urlencode($sql_query); - $refresh_link = ' [' . PMA_linkOrButton($refresh_link, $GLOBALS['strRefresh']) . ']'; - } else { - $refresh_link = ''; - } //show as php - - if (isset($cfg['SQLValidator']['use']) - && $cfg['SQLValidator']['use'] == true - && isset($cfg['SQLQuery']['Validate']) - && $cfg['SQLQuery']['Validate'] == true) { - $validate_link = 'import.php' - . $url_qpart - . '&show_query=1' - . '&sql_query=' . urlencode($sql_query) - . '&validatequery='; - if (!empty($GLOBALS['validatequery'])) { - $validate_link .= '0'; - $validate_message = $GLOBALS['strNoValidateSQL'] ; - } else { - $validate_link .= '1'; - $validate_message = $GLOBALS['strValidateSQL'] ; - } - $validate_link = ' [' . PMA_linkOrButton($validate_link, $validate_message) . ']'; - } else { - $validate_link = ''; - } //validator - unset($sql_query); - - // Displays the message - echo '<fieldset class="">' . "\n"; - echo ' <legend>' . $GLOBALS['strSQLQuery'] . ':</legend>'; - echo ' <div>'; - // when uploading a 700 Kio binary file into a LONGBLOB, - // I get a white page, strlen($query_base) is 2 x 700 Kio - // so put a hard limit here (let's say 1000) - if (defined('PMA_QUERY_TOO_BIG')) { - echo ' ' . substr($query_base,0,$max_characters) . '[...]'; - } else { - echo ' ' . $query_base; - } - - //Clean up the end of the PHP - if (!empty($GLOBALS['show_as_php'])) { - echo '\';'; - } - echo ' </div>'; - echo '</fieldset>' . "\n"; - - if (!empty($edit_target)) { - echo '<fieldset class="tblFooters">'; - echo $edit_link . $explain_link . $php_link . $refresh_link . $validate_link; - echo '</fieldset>'; - } + if (!empty($GLOBALS['show_as_php'])) { + $new_line = '\'<br />' . "\n" . ' . \' '; } - echo '</div><br />' . "\n"; - } // end of the 'PMA_showMessage()' function - - - /** - * Formats $value to byte view - * - * @param double the value to format - * @param integer the sensitiveness - * @param integer the number of decimals to retain - * - * @return array the formatted value and its unit - * - * @access public - * - * @author staybyte - * @version 1.2 - 18 July 2002 - */ - function PMA_formatByteDown($value, $limes = 6, $comma = 0) - { - $dh = PMA_pow(10, $comma); - $li = PMA_pow(10, $limes); - $return_value = $value; - $unit = $GLOBALS['byteUnits'][0]; - - for ($d = 6, $ex = 15; $d >= 1; $d--, $ex-=3) { - if (isset($GLOBALS['byteUnits'][$d]) && $value >= $li * PMA_pow(10, $ex)) { - // use 1024.0 to avoid integer overflow on 64-bit machines - $value = round($value / (PMA_pow(1024, $d) / $dh)) /$dh; - $unit = $GLOBALS['byteUnits'][$d]; - break 1; - } // end if - } // end for - - if ($unit != $GLOBALS['byteUnits'][0]) { - $return_value = number_format($value, $comma, $GLOBALS['number_decimal_separator'], $GLOBALS['number_thousands_separator']); + if (isset($new_line)) { + /* SQL-Parser-Analyzer */ + $query_base = PMA_sqlAddslashes(htmlspecialchars($sql_query), false, false, true); + /* SQL-Parser-Analyzer */ + $query_base = preg_replace("@((\015\012)|(\015)|(\012))+@", $new_line, $query_base); } else { - $return_value = number_format($value, 0, $GLOBALS['number_decimal_separator'], $GLOBALS['number_thousands_separator']); - } - - return array($return_value, $unit); - } // end of the 'PMA_formatByteDown' function - - /** - * Formats $value to the given length and appends SI prefixes - * $comma is not substracted from the length - * with a $length of 0 no truncation occurs, number is only formated - * to the current locale - * - * examples: - * <code> - * echo PMA_formatNumber(123456789, 6); // 123,457 k - * echo PMA_formatNumber(-123456789, 4, 2); // -123.46 M - * echo PMA_formatNumber(-0.003, 6); // -3 m - * echo PMA_formatNumber(0.003, 3, 3); // 0.003 - * echo PMA_formatNumber(0.00003, 3, 2); // 0.03 m - * echo PMA_formatNumber(0, 6); // 0 - * - * </code> - * @param double $value the value to format - * @param integer $length the max length - * @param integer $comma the number of decimals to retain - * @param boolean $only_down do not reformat numbers below 1 - * - * @return string the formatted value and its unit - * - * @access public - * - * @author staybyte, sebastian mendel - * @version 1.1.0 - 2005-10-27 - */ - function PMA_formatNumber($value, $length = 3, $comma = 0, $only_down = false) - { - if ($length === 0) { - return number_format($value, - $comma, - $GLOBALS['number_decimal_separator'], - $GLOBALS['number_thousands_separator']); + $query_base = $sql_query; } - // this units needs no translation, ISO - $units = array( - -8 => 'y', - -7 => 'z', - -6 => 'a', - -5 => 'f', - -4 => 'p', - -3 => 'n', - -2 => 'µ', - -1 => 'm', - 0 => ' ', - 1 => 'k', - 2 => 'M', - 3 => 'G', - 4 => 'T', - 5 => 'P', - 6 => 'E', - 7 => 'Z', - 8 => 'Y' - ); - - // we need at least 3 digits to be displayed - if (3 > $length + $comma) { - $length = 3 - $comma; + $max_characters = 1000; + if (strlen($query_base) > $max_characters) { + define('PMA_QUERY_TOO_BIG',1); } - // check for negativ value to retain sign - if ($value < 0) { - $sign = '-'; - $value = abs($value); + // Parse SQL if needed + if (isset($GLOBALS['parsed_sql']) && $query_base == $GLOBALS['parsed_sql']['raw']) { + $parsed_sql = $GLOBALS['parsed_sql']; } else { - $sign = ''; - } - - $dh = PMA_pow(10, $comma); - $li = PMA_pow(10, $length); - $unit = $units[0]; - - if ($value >= 1) { - for ($d = 8; $d >= 0; $d--) { - if (isset($units[$d]) && $value >= $li * PMA_pow(1000, $d-1)) { - $value = round($value / (PMA_pow(1000, $d) / $dh)) /$dh; - $unit = $units[$d]; - break 1; - } // end if - } // end for - } elseif (!$only_down && (float) $value !== 0.0) { - for ($d = -8; $d <= 8; $d++) { - if (isset($units[$d]) && $value <= $li * PMA_pow(1000, $d-1)) { - $value = round($value / (PMA_pow(1000, $d) / $dh)) /$dh; - $unit = $units[$d]; - break 1; - } // end if - } // end for - } // end if ($value >= 1) elseif (!$only_down && (float) $value !== 0.0) - - $value = number_format($value, - $comma, - $GLOBALS['number_decimal_separator'], - $GLOBALS['number_thousands_separator']); - - return $sign . $value . ' ' . $unit; - } // end of the 'PMA_formatNumber' function - - /** - * Extracts ENUM / SET options from a type definition string - * - * @param string The column type definition - * - * @return array The options or - * boolean false in case of an error. - * - * @author rabus - */ - function PMA_getEnumSetOptions($type_def) - { - $open = strpos($type_def, '('); - $close = strrpos($type_def, ')'); - if (!$open || !$close) { - return false; - } - $options = substr($type_def, $open + 2, $close - $open - 3); - $options = explode('\',\'', $options); - return $options; - } // end of the 'PMA_getEnumSetOptions' function - - /** - * Writes localised date - * - * @param string the current timestamp - * - * @return string the formatted date - * - * @access public - */ - function PMA_localisedDate($timestamp = -1, $format = '') - { - global $datefmt, $month, $day_of_week; - - if ($format == '') { - $format = $datefmt; - } - - if ($timestamp == -1) { - $timestamp = time(); - } - - $date = preg_replace('@%[aA]@', $day_of_week[(int)strftime('%w', $timestamp)], $format); - $date = preg_replace('@%[bB]@', $month[(int)strftime('%m', $timestamp)-1], $date); - - return strftime($date, $timestamp); - } // end of the 'PMA_localisedDate()' function - - - /** - * returns a tab for tabbed navigation. - * If the variables $link and $args ar left empty, an inactive tab is created - * - * @uses $GLOBALS['strEmpty'] - * @uses $GLOBALS['strDrop'] - * @uses $GLOBALS['active_page'] - * @uses $GLOBALS['url_query'] - * @uses $cfg['MainPageIconic'] - * @uses $GLOBALS['pmaThemeImage'] - * @uses PMA_generate_common_url() - * @uses E_USER_NOTICE - * @uses htmlentities() - * @uses urlencode() - * @uses sprintf() - * @uses trigger_error() - * @uses array_merge() - * @uses basename() - * @param array $tab array with all options - * @return string html code for one tab, a link if valid otherwise a span - * @access public - */ - function PMA_getTab($tab) - { - // default values - $defaults = array( - 'text' => '', - 'class' => '', - 'active' => false, - 'link' => '', - 'sep' => '?', - 'attr' => '', - 'args' => '', - 'warning' => '', - ); - - $tab = array_merge($defaults, $tab); - - // determine additionnal style-class - if (empty($tab['class'])) { - if ($tab['text'] == $GLOBALS['strEmpty'] - || $tab['text'] == $GLOBALS['strDrop']) { - $tab['class'] = 'caution'; - } elseif (!empty($tab['active']) - || (isset($GLOBALS['active_page']) - && $GLOBALS['active_page'] == $tab['link']) - || basename(PMA_getenv('PHP_SELF')) == $tab['link']) - { - $tab['class'] = 'active'; - } - } - - if (!empty($tab['warning'])) { - $tab['class'] .= ' warning'; - $tab['attr'] .= ' title="' . htmlspecialchars($tab['warning']) . '"'; - } - - // build the link - if (!empty($tab['link'])) { - $tab['link'] = htmlentities($tab['link']); - $tab['link'] = $tab['link'] . $tab['sep'] - .(empty($GLOBALS['url_query']) ? - PMA_generate_common_url() : $GLOBALS['url_query']); - if (!empty($tab['args'])) { - foreach ($tab['args'] as $param => $value) { - $tab['link'] .= '&' . urlencode($param) . '=' - . urlencode($value); - } + // when the query is large (for example an INSERT of binary + // data), the parser chokes; so avoid parsing the query + if (! defined('PMA_QUERY_TOO_BIG')) { + $parsed_sql = PMA_SQP_parse($query_base); } } - // display icon, even if iconic is disabled but the link-text is missing - if (($GLOBALS['cfg']['MainPageIconic'] || empty($tab['text'])) - && isset($tab['icon'])) { - $image = '<img class="icon" src="' . htmlentities($GLOBALS['pmaThemeImage']) - .'%1$s" width="16" height="16" alt="%2$s" />%2$s'; - $tab['text'] = sprintf($image, htmlentities($tab['icon']), $tab['text']); - } - // check to not display an empty link-text - elseif (empty($tab['text'])) { - $tab['text'] = '?'; - trigger_error('empty linktext in function ' . __FUNCTION__ . '()', - E_USER_NOTICE); + // Analyze it + if (isset($parsed_sql)) { + $analyzed_display_query = PMA_SQP_analyze($parsed_sql); } - if (!empty($tab['link'])) { - $out = '<a class="tab' . htmlentities($tab['class']) . '"' - .' href="' . $tab['link'] . '" ' . $tab['attr'] . '>' - . $tab['text'] . '</a>'; - } else { - $out = '<span class="tab' . htmlentities($tab['class']) . '">' - . $tab['text'] . '</span>'; - } + // Here we append the LIMIT added for navigation, to + // enable its display. Adding it higher in the code + // to $sql_query would create a problem when + // using the Refresh or Edit links. - return $out; - } // end of the 'PMA_getTab()' function + // Only append it on SELECTs. - /** - * returns html-code for a tab navigation - * - * @uses PMA_getTab() - * @uses htmlentities() - * @param array $tabs one element per tab - * @param string $tag_id id used for the html-tag - * @return string html-code for tab-navigation - */ - function PMA_getTabs($tabs, $tag_id = 'topmenu') - { - $tab_navigation = - '<div id="' . htmlentities($tag_id) . 'container">' . "\n" - .'<ul id="' . htmlentities($tag_id) . '">' . "\n"; - - foreach ($tabs as $tab) { - $tab_navigation .= '<li>' . PMA_getTab($tab) . '</li>' . "\n"; - } - - $tab_navigation .= - '</ul>' . "\n" - .'<div class="clearfloat"></div>' - .'</div>' . "\n"; - - return $tab_navigation; - } - - - /** - * Displays a link, or a button if the link's URL is too large, to - * accommodate some browsers' limitations - * - * @param string the URL - * @param string the link message - * @param mixed $tag_params string: js confirmation - * array: additional tag params (f.e. style="") - * @param boolean $new_form we set this to false when we are already in - * a form, to avoid generating nested forms - * - * @return string the results to be echoed or saved in an array - */ - function PMA_linkOrButton($url, $message, $tag_params = array(), - $new_form = true, $strip_img = false, $target = '') - { - if (! is_array($tag_params)) { - $tmp = $tag_params; - $tag_params = array(); - if (!empty($tmp)) { - $tag_params['onclick'] = 'return confirmLink(this, \'' . $tmp . '\')'; - } - unset($tmp); - } - if (! empty($target)) { - $tag_params['target'] = htmlentities($target); - } + /** + * @todo what would be the best to do when someone hits Refresh: + * use the current LIMITs ? + */ - $tag_params_strings = array(); - foreach ($tag_params as $par_name => $par_value) { - // htmlspecialchars() only on non javascript - $par_value = substr($par_name, 0, 2) == 'on' - ? $par_value - : htmlspecialchars($par_value); - $tag_params_strings[] = $par_name . '="' . $par_value . '"'; + if (isset($analyzed_display_query[0]['queryflags']['select_from']) + && isset($GLOBALS['sql_limit_to_append'])) { + $query_base = $analyzed_display_query[0]['section_before_limit'] . "\n" . $GLOBALS['sql_limit_to_append'] . $analyzed_display_query[0]['section_after_limit']; + // Need to reparse query + $parsed_sql = PMA_SQP_parse($query_base); } - // previously the limit was set to 2047, it seems 1000 is better - if (strlen($url) <= 1000) { - // no whitespace within an <a> else Safari will make it part of the link - $ret = "\n" . '<a href="' . $url . '" ' - . implode(' ', $tag_params_strings) . '>' - . $message . '</a>' . "\n"; + if (!empty($GLOBALS['show_as_php'])) { + $query_base = '$sql = \'' . $query_base; + } elseif (!empty($GLOBALS['validatequery'])) { + $query_base = PMA_validateSQL($query_base); } else { - // no spaces (linebreaks) at all - // or after the hidden fields - // IE will display them all - - // add class=link to submit button - if (empty($tag_params['class'])) { - $tag_params['class'] = 'link'; - } - - // decode encoded url separators - $separator = PMA_get_arg_separator(); - // on most places separator is still hard coded ... - if ($separator !== '&') { - // ... so always replace & with $separator - $url = str_replace(htmlentities('&'), $separator, $url); - $url = str_replace('&', $separator, $url); - } - $url = str_replace(htmlentities($separator), $separator, $url); - // end decode - - $url_parts = parse_url($url); - $query_parts = explode($separator, $url_parts['query']); - if ($new_form) { - $ret = '<form action="' . $url_parts['path'] . '" class="link"' - . ' method="post"' . $target . ' style="display: inline;">'; - $subname_open = ''; - $subname_close = ''; - $submit_name = ''; - } else { - $query_parts[] = 'redirect=' . $url_parts['path']; - if (empty($GLOBALS['subform_counter'])) { - $GLOBALS['subform_counter'] = 0; - } - $GLOBALS['subform_counter']++; - $ret = ''; - $subname_open = 'subform[' . $GLOBALS['subform_counter'] . ']['; - $subname_close = ']'; - $submit_name = ' name="usesubform[' . $GLOBALS['subform_counter'] . ']"'; - } - foreach ($query_parts as $query_pair) { - list($eachvar, $eachval) = explode('=', $query_pair); - $ret .= '<input type="hidden" name="' . $subname_open . $eachvar - . $subname_close . '" value="' - . htmlspecialchars(urldecode($eachval)) . '" />'; - } // end while - - if (stristr($message, '<img')) { - if ($strip_img) { - $message = trim(strip_tags($message)); - $ret .= '<input type="submit"' . $submit_name . ' ' - . implode(' ', $tag_params_strings) - . ' value="' . htmlspecialchars($message) . '" />'; - } else { - $ret .= '<input type="image"' . $submit_name . ' ' - . implode(' ', $tag_params_strings) - . ' src="' . preg_replace( - '/^.*\ssrc="([^"]*)".*$/si', '\1', $message) . '"' - . ' value="' . htmlspecialchars( - preg_replace('/^.*\salt="([^"]*)".*$/si', '\1', - $message)) - . '" />'; - } - } else { - $message = trim(strip_tags($message)); - $ret .= '<input type="submit"' . $submit_name . ' ' - . implode(' ', $tag_params_strings) - . ' value="' . htmlspecialchars($message) . '" />'; - } - if ($new_form) { - $ret .= '</form>'; + if (isset($parsed_sql)) { + $query_base = PMA_formatSql($parsed_sql, $query_base); } - } // end if... else... + } - return $ret; - } // end of the 'PMA_linkOrButton()' function + // Prepares links that may be displayed to edit/explain the query + // (don't go to default pages, we must go to the page + // where the query box is available) + $edit_target = isset($GLOBALS['db']) ? (isset($GLOBALS['table']) ? 'tbl_sql.php' : 'db_sql.php') : 'server_sql.php'; - /** - * Returns a given timespan value in a readable format. - * - * @uses $GLOBALS['timespanfmt'] - * @uses sprintf() - * @uses floor() - * @param int the timespan - * - * @return string the formatted value - */ - function PMA_timespanFormat($seconds) - { - $return_string = ''; - $days = floor($seconds / 86400); - if ($days > 0) { - $seconds -= $days * 86400; - } - $hours = floor($seconds / 3600); - if ($days > 0 || $hours > 0) { - $seconds -= $hours * 3600; - } - $minutes = floor($seconds / 60); - if ($days > 0 || $hours > 0 || $minutes > 0) { - $seconds -= $minutes * 60; - } - return sprintf($GLOBALS['timespanfmt'], (string)$days, (string)$hours, (string)$minutes, (string)$seconds); - } + if (isset($cfg['SQLQuery']['Edit']) + && ($cfg['SQLQuery']['Edit'] == true) + && (!empty($edit_target)) + && ! defined('PMA_QUERY_TOO_BIG')) { - /** - * Takes a string and outputs each character on a line for itself. Used - * mainly for horizontalflipped display mode. - * Takes care of special html-characters. - * Fulfills todo-item - * http://sf.net/tracker/?func=detail&aid=544361&group_id=23067&atid=377411 - * - * @todo add a multibyte safe function PMA_STR_split() - * @uses strlen - * @param string The string - * @param string The Separator (defaults to "<br />\n") - * - * @access public - * @author Garvin Hicking <me@supergarv.de> - * @return string The flipped string - */ - function PMA_flipstring($string, $Separator = "<br />\n") - { - $format_string = ''; - $charbuff = false; - - for ($i = 0; $i < strlen($string); $i++) { - $char = $string{$i}; - $append = false; - - if ($char == '&') { - $format_string .= $charbuff; - $charbuff = $char; - $append = true; - } elseif (!empty($charbuff)) { - $charbuff .= $char; - } elseif ($char == ';' && !empty($charbuff)) { - $format_string .= $charbuff; - $charbuff = false; - $append = true; + if ($cfg['EditInWindow'] == true) { + $onclick = 'window.parent.focus_querywindow(\'' . PMA_jsFormat($sql_query, false) . '\'); return false;'; } else { - $format_string .= $char; - $append = true; + $onclick = ''; } - if ($append && ($i != strlen($string))) { - $format_string .= $Separator; - } - } - - return $format_string; - } - - - /** - * Function added to avoid path disclosures. - * Called by each script that needs parameters, it displays - * an error message and, by default, stops the execution. - * - * Not sure we could use a strMissingParameter message here, - * would have to check if the error message file is always available - * - * @todo localize error message - * @todo use PMA_fatalError() if $die === true? - * @uses PMA_getenv() - * @uses header_meta_style.inc.php - * basename - * @param array The names of the parameters needed by the calling - * script. - * @param boolean Stop the execution? - * (Set this manually to false in the calling script - * until you know all needed parameters to check). - * @param boolean Whether to include this list in checking for special params. - * @global string path to current script - * @global boolean flag whether any special variable was required - * - * @access public - * @author Marc Delisle (lem9@users.sourceforge.net) - */ - function PMA_checkParameters($params, $die = true, $request = true) - { - global $checked_special; - - if (!isset($checked_special)) { - $checked_special = false; + $edit_link = $edit_target + . $url_qpart + . '&sql_query=' . urlencode($sql_query) + . '&show_query=1#querybox'; + $edit_link = ' [' . PMA_linkOrButton($edit_link, $GLOBALS['strEdit'], array('onclick' => $onclick)) . ']'; + } else { + $edit_link = ''; } - $reported_script_name = basename(PMA_getenv('PHP_SELF')); - $found_error = false; - $error_message = ''; + // Want to have the query explained (Mike Beck 2002-05-22) + // but only explain a SELECT (that has not been explained) + /* SQL-Parser-Analyzer */ + if (isset($cfg['SQLQuery']['Explain']) + && $cfg['SQLQuery']['Explain'] == true + && ! defined('PMA_QUERY_TOO_BIG')) { - foreach ($params as $param) { - if ($request && $param != 'db' && $param != 'table') { - $checked_special = true; + // Detect if we are validating as well + // To preserve the validate uRL data + if (!empty($GLOBALS['validatequery'])) { + $explain_link_validate = '&validatequery=1'; + } else { + $explain_link_validate = ''; } - if (!isset($GLOBALS[$param])) { - $error_message .= $reported_script_name - . ': Missing parameter: ' . $param - . ' <a href="./Documentation.html#faqmissingparameters"' - . ' target="documentation"> (FAQ 2.8)</a><br />'; - $found_error = true; + $explain_link = 'import.php' + . $url_qpart + . $explain_link_validate + . '&sql_query='; + + if (preg_match('@^SELECT[[:space:]]+@i', $sql_query)) { + $explain_link .= urlencode('EXPLAIN ' . $sql_query); + $message = $GLOBALS['strExplain']; + } elseif (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $sql_query)) { + $explain_link .= urlencode(substr($sql_query, 8)); + $message = $GLOBALS['strNoExplain']; + } else { + $explain_link = ''; } - } - if ($found_error) { - /** - * display html meta tags - */ - require_once './libraries/header_meta_style.inc.php'; - echo '</head><body><p>' . $error_message . '</p></body></html>'; - if ($die) { - exit(); + if (!empty($explain_link)) { + $explain_link = ' [' . PMA_linkOrButton($explain_link, $message) . ']'; } - } - } // end function - - /** - * Function to generate unique condition for specified row. - * - * @uses PMA_MYSQL_INT_VERSION - * @uses $GLOBALS['analyzed_sql'][0] - * @uses PMA_DBI_field_flags() - * @uses PMA_backquote() - * @uses PMA_sqlAddslashes() - * @uses stristr() - * @uses bin2hex() - * @uses preg_replace() - * @param resource $handle current query result - * @param integer $fields_cnt number of fields - * @param array $fields_meta meta information about fields - * @param array $row current row - * - * @access public - * @author Michal Cihar (michal@cihar.com) - * @return string calculated condition - */ - function PMA_getUniqueCondition($handle, $fields_cnt, $fields_meta, $row) - { - $primary_key = ''; - $unique_key = ''; - $nonprimary_condition = ''; - - for ($i = 0; $i < $fields_cnt; ++$i) { - $condition = ''; - $field_flags = PMA_DBI_field_flags($handle, $i); - $meta = $fields_meta[$i]; - - // do not use an alias in a condition - if (! isset($meta->orgname) || ! strlen($meta->orgname)) { - $meta->orgname = $meta->name; - - if (isset($GLOBALS['analyzed_sql'][0]['select_expr']) - && is_array($GLOBALS['analyzed_sql'][0]['select_expr'])) { - foreach ($GLOBALS['analyzed_sql'][0]['select_expr'] - as $select_expr) { - // need (string) === (string) - // '' !== 0 but '' == 0 - if ((string) $select_expr['alias'] === (string) $meta->name) { - $meta->orgname = $select_expr['column']; - break; - } // end if - } // end foreach - } - } - - - // to fix the bug where float fields (primary or not) - // can't be matched because of the imprecision of - // floating comparison, use CONCAT - // (also, the syntax "CONCAT(field) IS NULL" - // that we need on the next "if" will work) - if ($meta->type == 'real') { - $condition = ' CONCAT(' . PMA_backquote($meta->table) . '.' - . PMA_backquote($meta->orgname) . ') '; - } else { - // string and blob fields have to be converted using - // the system character set (always utf8) since - // mysql4.1 can use different charset for fields. - if (PMA_MYSQL_INT_VERSION >= 40100 - && ($meta->type == 'string' || $meta->type == 'blob')) { - $condition = ' CONVERT(' . PMA_backquote($meta->table) . '.' - . PMA_backquote($meta->orgname) . ' USING utf8) '; - } else { - $condition = ' ' . PMA_backquote($meta->table) . '.' - . PMA_backquote($meta->orgname) . ' '; - } - } // end if... else... + } else { + $explain_link = ''; + } //show explain + + // Also we would like to get the SQL formed in some nice + // php-code (Mike Beck 2002-05-22) + if (isset($cfg['SQLQuery']['ShowAsPHP']) + && $cfg['SQLQuery']['ShowAsPHP'] == true + && ! defined('PMA_QUERY_TOO_BIG')) { + $php_link = 'import.php' + . $url_qpart + . '&show_query=1' + . '&sql_query=' . urlencode($sql_query) + . '&show_as_php='; - if (!isset($row[$i]) || is_null($row[$i])) { - $condition .= 'IS NULL AND'; + if (!empty($GLOBALS['show_as_php'])) { + $php_link .= '0'; + $message = $GLOBALS['strNoPhp']; } else { - // timestamp is numeric on some MySQL 4.1 - if ($meta->numeric && $meta->type != 'timestamp') { - $condition .= '= ' . $row[$i] . ' AND'; - } elseif ($meta->type == 'blob' - // hexify only if this is a true not empty BLOB - && stristr($field_flags, 'BINARY') - && !empty($row[$i])) { - // do not waste memory building a too big condition - if (strlen($row[$i]) < 1000) { - if (PMA_MYSQL_INT_VERSION < 40002) { - $condition .= 'LIKE 0x' . bin2hex($row[$i]) . ' AND'; - } else { - // use a CAST if possible, to avoid problems - // if the field contains wildcard characters % or _ - $condition .= '= CAST(0x' . bin2hex($row[$i]) - . ' AS BINARY) AND'; - } - } - } else { - $condition .= '= \'' - . PMA_sqlAddslashes($row[$i], false, true) . '\' AND'; - } + $php_link .= '1'; + $message = $GLOBALS['strPhp']; } - if ($meta->primary_key > 0) { - $primary_key .= $condition; - } elseif ($meta->unique_key > 0) { - $unique_key .= $condition; + $php_link = ' [' . PMA_linkOrButton($php_link, $message) . ']'; + + if (isset($GLOBALS['show_as_php'])) { + $runquery_link + = 'import.php' + . $url_qpart + . '&show_query=1' + . '&sql_query=' . urlencode($sql_query); + $php_link .= ' [' . PMA_linkOrButton($runquery_link, $GLOBALS['strRunQuery']) . ']'; } - $nonprimary_condition .= $condition; - } // end for - - // Correction University of Virginia 19991216: - // prefer primary or unique keys for condition, - // but use conjunction of all values if no primary key - if ($primary_key) { - $preferred_condition = $primary_key; - } elseif ($unique_key) { - $preferred_condition = $unique_key; - } else { - $preferred_condition = $nonprimary_condition; - } - return preg_replace('|\s?AND$|', '', $preferred_condition); - } // end function - - /** - * Generate a button or image tag - * - * @uses PMA_USR_BROWSER_AGENT - * @uses $GLOBALS['pmaThemeImage'] - * @uses $GLOBALS['cfg']['PropertiesIconic'] - * @param string name of button element - * @param string class of button element - * @param string name of image element - * @param string text to display - * @param string image to display - * - * @access public - * @author Michal Cihar (michal@cihar.com) - */ - function PMA_buttonOrImage($button_name, $button_class, $image_name, $text, - $image) - { - /* Opera has trouble with <input type="image"> */ - /* IE has trouble with <button> */ - if (PMA_USR_BROWSER_AGENT != 'IE') { - echo '<button class="' . $button_class . '" type="submit"' - .' name="' . $button_name . '" value="' . $text . '"' - .' title="' . $text . '">' . "\n" - .'<img class="icon" src="' . $GLOBALS['pmaThemeImage'] . $image . '"' - .' title="' . $text . '" alt="' . $text . '" width="16"' - .' height="16" />' - .($GLOBALS['cfg']['PropertiesIconic'] === 'both' ? ' ' . $text : '') . "\n" - .'</button>' . "\n"; } else { - echo '<input type="image" name="' . $image_name . '" value="' - . $text . '" title="' . $text . '" src="' . $GLOBALS['pmaThemeImage'] - . $image . '" />' - . ($GLOBALS['cfg']['PropertiesIconic'] === 'both' ? ' ' . $text : '') . "\n"; - } - } // end function - - /** - * Generate a pagination selector for browsing resultsets - * - * @uses $GLOBALS['strPageNumber'] - * @uses range() - * @param string URL for the JavaScript - * @param string Number of rows in the pagination set - * @param string current page number - * @param string number of total pages - * @param string If the number of pages is lower than this - * variable, no pages will be ommitted in - * pagination - * @param string How many rows at the beginning should always - * be shown? - * @param string How many rows at the end should always - * be shown? - * @param string Percentage of calculation page offsets to - * hop to a next page - * @param string Near the current page, how many pages should - * be considered "nearby" and displayed as - * well? - * - * @access public - * @author Garvin Hicking (pma@supergarv.de) - */ - function PMA_pageselector($url, $rows, $pageNow = 1, $nbTotalPage = 1, - $showAll = 200, $sliceStart = 5, $sliceEnd = 5, $percent = 20, - $range = 10) - { - $gotopage = $GLOBALS['strPageNumber'] - . ' <select name="goToPage" onchange="goToUrl(this, \'' - . $url . '\');">' . "\n"; - if ($nbTotalPage < $showAll) { - $pages = range(1, $nbTotalPage); + $php_link = ''; + } //show as php + + // Refresh query + if (isset($cfg['SQLQuery']['Refresh']) + && $cfg['SQLQuery']['Refresh'] + && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $sql_query)) { + + $refresh_link = 'import.php' + . $url_qpart + . '&show_query=1' + . (isset($_GET['pos']) ? '&pos=' . $_GET['pos'] : '') + . '&sql_query=' . urlencode($sql_query); + $refresh_link = ' [' . PMA_linkOrButton($refresh_link, $GLOBALS['strRefresh']) . ']'; } else { - $pages = array(); - - // Always show first X pages - for ($i = 1; $i <= $sliceStart; $i++) { - $pages[] = $i; - } - - // Always show last X pages - for ($i = $nbTotalPage - $sliceEnd; $i <= $nbTotalPage; $i++) { - $pages[] = $i; - } - - // garvin: Based on the number of results we add the specified - // $percent percentate to each page number, - // so that we have a representing page number every now and then to - // immideately jump to specific pages. - // As soon as we get near our currently chosen page ($pageNow - - // $range), every page number will be - // shown. - $i = $sliceStart; - $x = $nbTotalPage - $sliceEnd; - $met_boundary = false; - while ($i <= $x) { - if ($i >= ($pageNow - $range) && $i <= ($pageNow + $range)) { - // If our pageselector comes near the current page, we use 1 - // counter increments - $i++; - $met_boundary = true; - } else { - // We add the percentate increment to our current page to - // hop to the next one in range - $i = $i + floor($nbTotalPage / $percent); - - // Make sure that we do not cross our boundaries. - if ($i > ($pageNow - $range) && !$met_boundary) { - $i = $pageNow - $range; - } - } - - if ($i > 0 && $i <= $x) { - $pages[] = $i; - } - } - - // Since because of ellipsing of the current page some numbers may be double, - // we unify our array: - sort($pages); - $pages = array_unique($pages); - } - - foreach ($pages as $i) { - if ($i == $pageNow) { - $selected = 'selected="selected" style="font-weight: bold"'; + $refresh_link = ''; + } //show as php + + if (isset($cfg['SQLValidator']['use']) + && $cfg['SQLValidator']['use'] == true + && isset($cfg['SQLQuery']['Validate']) + && $cfg['SQLQuery']['Validate'] == true) { + $validate_link = 'import.php' + . $url_qpart + . '&show_query=1' + . '&sql_query=' . urlencode($sql_query) + . '&validatequery='; + if (!empty($GLOBALS['validatequery'])) { + $validate_link .= '0'; + $validate_message = $GLOBALS['strNoValidateSQL'] ; } else { - $selected = ''; + $validate_link .= '1'; + $validate_message = $GLOBALS['strValidateSQL'] ; } - $gotopage .= ' <option ' . $selected . ' value="' . (($i - 1) * $rows) . '">' . $i . '</option>' . "\n"; - } - - $gotopage .= ' </select>'; - - return $gotopage; - } // end function - - /** - * replaces %u in given path with current user name - * - * example: - * <code> - * $user_dir = PMA_userDir('/var/pma_tmp/%u/'); // '/var/pma_tmp/root/' - * - * </code> - * @uses $cfg['Server']['user'] - * @uses substr() - * @uses str_replace() - * @param string $dir with wildcard for user - * @return string per user directory - */ - function PMA_userDir($dir) - { - // add trailing slash - if (substr($dir, -1) != '/') { - $dir .= '/'; - } - - return str_replace('%u', $GLOBALS['cfg']['Server']['user'], $dir); - } - - /** - * returns html code for db link to default db page - * - * @uses $cfg['DefaultTabDatabase'] - * @uses $GLOBALS['db'] - * @uses $GLOBALS['strJumpToDB'] - * @uses PMA_generate_common_url() - * @uses PMA_unescape_mysql_wildcards() - * @uses strlen() - * @uses sprintf() - * @uses htmlspecialchars() - * @param string $database - * @return string html link to default db page - */ - function PMA_getDbLink($database = null) - { - if (!strlen($database)) { - if (!strlen($GLOBALS['db'])) { - return ''; - } - $database = $GLOBALS['db']; + $validate_link = ' [' . PMA_linkOrButton($validate_link, $validate_message) . ']'; + } else { + $validate_link = ''; + } //validator + unset($sql_query); + + // Displays the message + echo '<fieldset class="">' . "\n"; + echo ' <legend>' . $GLOBALS['strSQLQuery'] . ':</legend>'; + echo ' <div>'; + // when uploading a 700 Kio binary file into a LONGBLOB, + // I get a white page, strlen($query_base) is 2 x 700 Kio + // so put a hard limit here (let's say 1000) + if (defined('PMA_QUERY_TOO_BIG')) { + echo ' ' . substr($query_base,0,$max_characters) . '[...]'; } else { - $database = PMA_unescape_mysql_wildcards($database); + echo ' ' . $query_base; } - return '<a href="' . $GLOBALS['cfg']['DefaultTabDatabase'] . '?' . PMA_generate_common_url($database) . '"' - .' title="' . sprintf($GLOBALS['strJumpToDB'], htmlspecialchars($database)) . '">' - .htmlspecialchars($database) . '</a>'; - } + //Clean up the end of the PHP + if (!empty($GLOBALS['show_as_php'])) { + echo '\';'; + } + echo ' </div>'; + echo '</fieldset>' . "\n"; - /** - * Displays a lightbulb hint explaining a known external bug - * that affects a functionality - * - * @uses PMA_MYSQL_INT_VERSION - * @uses $GLOBALS['strKnownExternalBug'] - * @uses PMA_showHint() - * @uses sprintf() - * @param string $functionality localized message explaining the func. - * @param string $component 'mysql' (eventually, 'php') - * @param string $minimum_version of this component - * @param string $bugref bug reference for this component - */ - function PMA_externalBug($functionality, $component, $minimum_version, $bugref) { - if ($component == 'mysql' && PMA_MYSQL_INT_VERSION < $minimum_version) { - echo PMA_showHint(sprintf($GLOBALS['strKnownExternalBug'], $functionality, 'http://bugs.mysql.com/' . $bugref)); + if (!empty($edit_target)) { + echo '<fieldset class="tblFooters">'; + echo $edit_link . $explain_link . $php_link . $refresh_link . $validate_link; + echo '</fieldset>'; } } + echo '</div><br />' . "\n"; +} // end of the 'PMA_showMessage()' function - /** - * include here only libraries which contain only function definitions - * no code im main()! - */ - /** - * Include URL/hidden inputs generating. - */ - require_once './libraries/url_generating.lib.php'; - -} - - -/******************************************************************************/ -/* start procedural code label_start_procedural */ /** - * protect against older PHP versions' bug about GLOBALS overwrite - * (no need to localize this message :)) - * but what if script.php?GLOBALS[admin]=1&GLOBALS[_REQUEST]=1 ??? - */ -if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS']) - || isset($_SERVER['GLOBALS']) || isset($_COOKIE['GLOBALS']) - || isset($_ENV['GLOBALS'])) { - die('GLOBALS overwrite attempt'); -} - -/** - * protect against possible exploits - there is no need to have so much vars - */ -if (count($_REQUEST) > 1000) { - die('possible exploit'); -} - -/** - * Check for numeric keys - * (if register_globals is on, numeric key can be found in $GLOBALS) + * Formats $value to byte view + * + * @param double the value to format + * @param integer the sensitiveness + * @param integer the number of decimals to retain + * + * @return array the formatted value and its unit + * + * @access public + * + * @author staybyte + * @version 1.2 - 18 July 2002 */ -foreach ($GLOBALS as $key => $dummy) { - if (is_numeric($key)) { - die('numeric key detected'); - } -} +function PMA_formatByteDown($value, $limes = 6, $comma = 0) +{ + $dh = PMA_pow(10, $comma); + $li = PMA_pow(10, $limes); + $return_value = $value; + $unit = $GLOBALS['byteUnits'][0]; + + for ($d = 6, $ex = 15; $d >= 1; $d--, $ex-=3) { + if (isset($GLOBALS['byteUnits'][$d]) && $value >= $li * PMA_pow(10, $ex)) { + // use 1024.0 to avoid integer overflow on 64-bit machines + $value = round($value / (PMA_pow(1024, $d) / $dh)) /$dh; + $unit = $GLOBALS['byteUnits'][$d]; + break 1; + } // end if + } // end for -/** - * just to be sure there was no import (registering) before here - * we empty the global space - */ -$variables_whitelist = array ( - 'GLOBALS', - '_SERVER', - '_GET', - '_POST', - '_REQUEST', - '_FILES', - '_ENV', - '_COOKIE', - '_SESSION', -); - -foreach (get_defined_vars() as $key => $value) { - if (! in_array($key, $variables_whitelist)) { - unset($$key); + if ($unit != $GLOBALS['byteUnits'][0]) { + $return_value = number_format($value, $comma, $GLOBALS['number_decimal_separator'], $GLOBALS['number_thousands_separator']); + } else { + $return_value = number_format($value, 0, $GLOBALS['number_decimal_separator'], $GLOBALS['number_thousands_separator']); } -} -unset($key, $value, $variables_whitelist); + return array($return_value, $unit); +} // end of the 'PMA_formatByteDown' function /** - * Subforms - some functions need to be called by form, cause of the limited url - * length, but if this functions inside another form you cannot just open a new - * form - so phpMyAdmin uses 'arrays' inside this form + * Formats $value to the given length and appends SI prefixes + * $comma is not substracted from the length + * with a $length of 0 no truncation occurs, number is only formated + * to the current locale * + * examples: * <code> - * <form ...> - * ... main form elments ... - * <intput type="hidden" name="subform[action1][id]" value="1" /> - * ... other subform data ... - * <intput type="submit" name="usesubform[action1]" value="do action1" /> - * ... other subforms ... - * <intput type="hidden" name="subform[actionX][id]" value="X" /> - * ... other subform data ... - * <intput type="submit" name="usesubform[actionX]" value="do actionX" /> - * ... main form elments ... - * <intput type="submit" name="main_action" value="submit form" /> - * </form> - * </code - * - * so we now check if a subform is submitted + * echo PMA_formatNumber(123456789, 6); // 123,457 k + * echo PMA_formatNumber(-123456789, 4, 2); // -123.46 M + * echo PMA_formatNumber(-0.003, 6); // -3 m + * echo PMA_formatNumber(0.003, 3, 3); // 0.003 + * echo PMA_formatNumber(0.00003, 3, 2); // 0.03 m + * echo PMA_formatNumber(0, 6); // 0 + * + * </code> + * @param double $value the value to format + * @param integer $length the max length + * @param integer $comma the number of decimals to retain + * @param boolean $only_down do not reformat numbers below 1 + * + * @return string the formatted value and its unit + * + * @access public + * + * @author staybyte, sebastian mendel + * @version 1.1.0 - 2005-10-27 */ -$__redirect = null; -if (isset($_POST['usesubform'])) { - // if a subform is present and should be used - // the rest of the form is deprecated - $subform_id = key($_POST['usesubform']); - $subform = $_POST['subform'][$subform_id]; - $_POST = $subform; - $_REQUEST = $subform; - /** - * some subforms need another page than the main form, so we will just - * include this page at the end of this script - we use $__redirect to - * track this - */ - if (isset($_POST['redirect']) - && $_POST['redirect'] != basename(PMA_getenv('PHP_SELF'))) { - $__redirect = $_POST['redirect']; - unset($_POST['redirect']); +function PMA_formatNumber($value, $length = 3, $comma = 0, $only_down = false) +{ + if ($length === 0) { + return number_format($value, + $comma, + $GLOBALS['number_decimal_separator'], + $GLOBALS['number_thousands_separator']); } - unset($subform_id, $subform); -} -// end check if a subform is submitted - -// remove quotes added by php -if (get_magic_quotes_gpc()) { - PMA_arrayWalkRecursive($_GET, 'stripslashes', true); - PMA_arrayWalkRecursive($_POST, 'stripslashes', true); - PMA_arrayWalkRecursive($_COOKIE, 'stripslashes', true); - PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true); -} - -/** - * clean cookies on new install or upgrade - * when changing something with increment the cookie version - */ -$pma_cookie_version = 4; -if (isset($_COOKIE) - && (! isset($_COOKIE['pmaCookieVer']) - || $_COOKIE['pmaCookieVer'] < $pma_cookie_version)) { - // delete all cookies - foreach($_COOKIE as $cookie_name => $tmp) { - PMA_removeCookie($cookie_name); - } - $_COOKIE = array(); - PMA_setCookie('pmaCookieVer', $pma_cookie_version); -} - -/** - * include deprecated grab_globals only if required - */ -if (empty($__redirect) && !defined('PMA_NO_VARIABLES_IMPORT')) { - require './libraries/grab_globals.lib.php'; -} - -/** - * include session handling after the globals, to prevent overwriting - */ -require_once './libraries/session.inc.php'; -/** - * init some variables LABEL_variables_init - */ + // this units needs no translation, ISO + $units = array( + -8 => 'y', + -7 => 'z', + -6 => 'a', + -5 => 'f', + -4 => 'p', + -3 => 'n', + -2 => 'µ', + -1 => 'm', + 0 => ' ', + 1 => 'k', + 2 => 'M', + 3 => 'G', + 4 => 'T', + 5 => 'P', + 6 => 'E', + 7 => 'Z', + 8 => 'Y' + ); + + // we need at least 3 digits to be displayed + if (3 > $length + $comma) { + $length = 3 - $comma; + } -/** - * holds errors - * @global array $GLOBALS['PMA_errors'] - */ -$GLOBALS['PMA_errors'] = array(); + // check for negativ value to retain sign + if ($value < 0) { + $sign = '-'; + $value = abs($value); + } else { + $sign = ''; + } -/** - * holds params to be passed to next page - * @global array $GLOBALS['url_params'] - */ -$GLOBALS['url_params'] = array(); + $dh = PMA_pow(10, $comma); + $li = PMA_pow(10, $length); + $unit = $units[0]; -/** - * the whitelist for $GLOBALS['goto'] - * @global array $goto_whitelist - */ -$goto_whitelist = array( - //'browse_foreigners.php', - //'calendar.php', - //'changelog.php', - //'chk_rel.php', - 'db_create.php', - 'db_datadict.php', - 'db_sql.php', - 'db_export.php', - 'db_importdocsql.php', - 'db_qbe.php', - 'db_structure.php', - 'db_import.php', - 'db_operations.php', - 'db_printview.php', - 'db_search.php', - //'Documentation.html', - //'error.php', - 'export.php', - 'import.php', - //'index.php', - //'navigation.php', - //'license.php', - 'main.php', - 'pdf_pages.php', - 'pdf_schema.php', - //'phpinfo.php', - 'querywindow.php', - //'readme.php', - 'server_binlog.php', - 'server_collations.php', - 'server_databases.php', - 'server_engines.php', - 'server_export.php', - 'server_import.php', - 'server_privileges.php', - 'server_processlist.php', - 'server_sql.php', - 'server_status.php', - 'server_variables.php', - 'sql.php', - 'tbl_addfield.php', - 'tbl_alter.php', - 'tbl_change.php', - 'tbl_create.php', - 'tbl_import.php', - 'tbl_indexes.php', - 'tbl_move_copy.php', - 'tbl_printview.php', - 'tbl_sql.php', - 'tbl_export.php', - 'tbl_operations.php', - 'tbl_structure.php', - 'tbl_relation.php', - 'tbl_replace.php', - 'tbl_row_action.php', - 'tbl_select.php', - //'themes.php', - 'transformation_overview.php', - 'transformation_wrapper.php', - 'translators.html', - 'user_password.php', -); + if ($value >= 1) { + for ($d = 8; $d >= 0; $d--) { + if (isset($units[$d]) && $value >= $li * PMA_pow(1000, $d-1)) { + $value = round($value / (PMA_pow(1000, $d) / $dh)) /$dh; + $unit = $units[$d]; + break 1; + } // end if + } // end for + } elseif (!$only_down && (float) $value !== 0.0) { + for ($d = -8; $d <= 8; $d++) { + if (isset($units[$d]) && $value <= $li * PMA_pow(1000, $d-1)) { + $value = round($value / (PMA_pow(1000, $d) / $dh)) /$dh; + $unit = $units[$d]; + break 1; + } // end if + } // end for + } // end if ($value >= 1) elseif (!$only_down && (float) $value !== 0.0) -/** - * check $__redirect against whitelist - */ -if (! PMA_checkPageValidity($__redirect, $goto_whitelist)) { - $__redirect = null; -} + $value = number_format($value, + $comma, + $GLOBALS['number_decimal_separator'], + $GLOBALS['number_thousands_separator']); -/** - * holds page that should be displayed - * @global string $GLOBALS['goto'] - */ -$GLOBALS['goto'] = ''; -// Security fix: disallow accessing serious server files via "?goto=" -if (PMA_checkPageValidity($_REQUEST['goto'], $goto_whitelist)) { - $GLOBALS['goto'] = $_REQUEST['goto']; - $GLOBALS['url_params']['goto'] = $_REQUEST['goto']; -} else { - unset($_REQUEST['goto'], $_GET['goto'], $_POST['goto'], $_COOKIE['goto']); -} + return $sign . $value . ' ' . $unit; +} // end of the 'PMA_formatNumber' function /** - * returning page - * @global string $GLOBALS['back'] + * Extracts ENUM / SET options from a type definition string + * + * @param string The column type definition + * + * @return array The options or + * boolean false in case of an error. + * + * @author rabus */ -if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) { - $GLOBALS['back'] = $_REQUEST['back']; -} else { - unset($_REQUEST['back'], $_GET['back'], $_POST['back'], $_COOKIE['back']); -} +function PMA_getEnumSetOptions($type_def) +{ + $open = strpos($type_def, '('); + $close = strrpos($type_def, ')'); + if (!$open || !$close) { + return false; + } + $options = substr($type_def, $open + 2, $close - $open - 3); + $options = explode('\',\'', $options); + return $options; +} // end of the 'PMA_getEnumSetOptions' function /** - * Check whether user supplied token is valid, if not remove any possibly - * dangerous stuff from request. + * Writes localised date + * + * @param string the current timestamp * - * remember that some objects in the session with session_start and __wakeup() - * could access this variables before we reach this point - * f.e. PMA_Config: fontsize + * @return string the formatted date * - * @todo variables should be handled by their respective owners (objects) - * f.e. lang, server, convcharset, collation_connection in PMA_Config + * @access public */ -if ((isset($_REQUEST['token']) && !is_string($_REQUEST['token'])) || empty($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) { - /** - * List of parameters which are allowed from unsafe source - */ - $allow_list = array( - 'db', 'table', 'lang', 'server', 'convcharset', 'collation_connection', 'target', - /* Session ID */ - 'phpMyAdmin', - /* Cookie preferences */ - 'pma_lang', 'pma_charset', 'pma_collation_connection', - /* Possible login form */ - 'pma_servername', 'pma_username', 'pma_password', - ); - /** - * Require cleanup functions - */ - require_once('./libraries/cleanup.lib.php'); - /** - * Do actual cleanup - */ - PMA_remove_request_vars($allow_list); +function PMA_localisedDate($timestamp = -1, $format = '') +{ + global $datefmt, $month, $day_of_week; -} + if ($format == '') { + $format = $datefmt; + } + if ($timestamp == -1) { + $timestamp = time(); + } -/** - * @global string $convcharset - * @see select_lang.lib.php - */ -if (isset($_REQUEST['convcharset'])) { - $convcharset = strip_tags($_REQUEST['convcharset']); -} + $date = preg_replace('@%[aA]@', $day_of_week[(int)strftime('%w', $timestamp)], $format); + $date = preg_replace('@%[bB]@', $month[(int)strftime('%m', $timestamp)-1], $date); -/** - * current selected database - * @global string $GLOBALS['db'] - */ -$GLOBALS['db'] = ''; -if (isset($_REQUEST['db']) && is_string($_REQUEST['db'])) { - // can we strip tags from this? - // only \ and / is not allowed in db names for MySQL - $GLOBALS['db'] = $_REQUEST['db']; - $GLOBALS['url_params']['db'] = $GLOBALS['db']; -} + return strftime($date, $timestamp); +} // end of the 'PMA_localisedDate()' function -/** - * current selected table - * @global string $GLOBALS['table'] - */ -$GLOBALS['table'] = ''; -if (isset($_REQUEST['table']) && is_string($_REQUEST['table'])) { - // can we strip tags from this? - // only \ and / is not allowed in table names for MySQL - $GLOBALS['table'] = $_REQUEST['table']; - $GLOBALS['url_params']['table'] = $GLOBALS['table']; -} /** - * sql query to be executed - * @global string $GLOBALS['sql_query'] + * returns a tab for tabbed navigation. + * If the variables $link and $args ar left empty, an inactive tab is created + * + * @uses $GLOBALS['strEmpty'] + * @uses $GLOBALS['strDrop'] + * @uses $GLOBALS['active_page'] + * @uses $GLOBALS['url_query'] + * @uses $cfg['MainPageIconic'] + * @uses $GLOBALS['pmaThemeImage'] + * @uses PMA_generate_common_url() + * @uses E_USER_NOTICE + * @uses htmlentities() + * @uses urlencode() + * @uses sprintf() + * @uses trigger_error() + * @uses array_merge() + * @uses basename() + * @param array $tab array with all options + * @return string html code for one tab, a link if valid otherwise a span + * @access public */ -if (isset($_REQUEST['sql_query']) && is_string($_REQUEST['sql_query'])) { - $GLOBALS['sql_query'] = $_REQUEST['sql_query']; -} - -//$_REQUEST['set_theme'] // checked later in this file LABEL_theme_setup -//$_REQUEST['server']; // checked later in this file -//$_REQUEST['lang']; // checked by LABEL_loading_language_file - - - -/******************************************************************************/ -/* parsing config file LABEL_parsing_config_file */ - -if (empty($_SESSION['PMA_Config'])) { - /** - * We really need this one! - */ - if (! function_exists('preg_replace')) { - PMA_fatalError('strCantLoad', 'pcre'); +function PMA_getTab($tab) +{ + // default values + $defaults = array( + 'text' => '', + 'class' => '', + 'active' => false, + 'link' => '', + 'sep' => '?', + 'attr' => '', + 'args' => '', + 'warning' => '', + ); + + $tab = array_merge($defaults, $tab); + + // determine additionnal style-class + if (empty($tab['class'])) { + if ($tab['text'] == $GLOBALS['strEmpty'] + || $tab['text'] == $GLOBALS['strDrop']) { + $tab['class'] = 'caution'; + } elseif (!empty($tab['active']) + || (isset($GLOBALS['active_page']) + && $GLOBALS['active_page'] == $tab['link']) + || basename(PMA_getenv('PHP_SELF')) == $tab['link']) + { + $tab['class'] = 'active'; + } } - /** - * @global PMA_Config $_SESSION['PMA_Config'] - */ - $_SESSION['PMA_Config'] = new PMA_Config('./config.inc.php'); - -} elseif (version_compare(phpversion(), '5', 'lt')) { - /** - * @todo move all __wakeup() functionality into session.inc.php - */ - $_SESSION['PMA_Config']->__wakeup(); -} - -if (!defined('PMA_MINIMUM_COMMON')) { - $_SESSION['PMA_Config']->checkPmaAbsoluteUri(); -} - -/** - * BC - enable backward compatibility - * exports all config settings into $GLOBALS ($GLOBALS['cfg']) - */ -$_SESSION['PMA_Config']->enableBc(); + if (!empty($tab['warning'])) { + $tab['class'] .= ' warning'; + $tab['attr'] .= ' title="' . htmlspecialchars($tab['warning']) . '"'; + } + // build the link + if (!empty($tab['link'])) { + $tab['link'] = htmlentities($tab['link']); + $tab['link'] = $tab['link'] . $tab['sep'] + .(empty($GLOBALS['url_query']) ? + PMA_generate_common_url() : $GLOBALS['url_query']); + if (!empty($tab['args'])) { + foreach ($tab['args'] as $param => $value) { + $tab['link'] .= '&' . urlencode($param) . '=' + . urlencode($value); + } + } + } -/** - * check https connection - */ -if ($_SESSION['PMA_Config']->get('ForceSSL') - && !$_SESSION['PMA_Config']->get('is_https')) { - PMA_sendHeaderLocation( - preg_replace('/^http/', 'https', - $_SESSION['PMA_Config']->get('PmaAbsoluteUri')) - . PMA_generate_common_url($_GET)); - exit; -} + // display icon, even if iconic is disabled but the link-text is missing + if (($GLOBALS['cfg']['MainPageIconic'] || empty($tab['text'])) + && isset($tab['icon'])) { + $image = '<img class="icon" src="' . htmlentities($GLOBALS['pmaThemeImage']) + .'%1$s" width="16" height="16" alt="%2$s" />%2$s'; + $tab['text'] = sprintf($image, htmlentities($tab['icon']), $tab['text']); + } + // check to not display an empty link-text + elseif (empty($tab['text'])) { + $tab['text'] = '?'; + trigger_error('empty linktext in function ' . __FUNCTION__ . '()', + E_USER_NOTICE); + } + if (!empty($tab['link'])) { + $out = '<a class="tab' . htmlentities($tab['class']) . '"' + .' href="' . $tab['link'] . '" ' . $tab['attr'] . '>' + . $tab['text'] . '</a>'; + } else { + $out = '<span class="tab' . htmlentities($tab['class']) . '">' + . $tab['text'] . '</span>'; + } -/******************************************************************************/ -/* loading language file LABEL_loading_language_file */ + return $out; +} // end of the 'PMA_getTab()' function /** - * Added messages while developing: + * returns html-code for a tab navigation + * + * @uses PMA_getTab() + * @uses htmlentities() + * @param array $tabs one element per tab + * @param string $tag_id id used for the html-tag + * @return string html-code for tab-navigation */ -if (file_exists('./lang/added_messages.php')) { - include './lang/added_messages.php'; -} +function PMA_getTabs($tabs, $tag_id = 'topmenu') +{ + $tab_navigation = + '<div id="' . htmlentities($tag_id) . 'container">' . "\n" + .'<ul id="' . htmlentities($tag_id) . '">' . "\n"; -/** - * Includes the language file if it hasn't been included yet - */ -require './libraries/language.lib.php'; + foreach ($tabs as $tab) { + $tab_navigation .= '<li>' . PMA_getTab($tab) . '</li>' . "\n"; + } + $tab_navigation .= + '</ul>' . "\n" + .'<div class="clearfloat"></div>' + .'</div>' . "\n"; -/** - * check for errors occured while loading config - * this check is done here after loading lang files to present errors in locale - */ -if ($_SESSION['PMA_Config']->error_config_file) { - $GLOBALS['PMA_errors'][] = $strConfigFileError - . '<br /><br />' - . ($_SESSION['PMA_Config']->getSource() == './config.inc.php' ? - '<a href="show_config_errors.php"' - .' target="_blank">' . $_SESSION['PMA_Config']->getSource() . '</a>' - : - '<a href="' . $_SESSION['PMA_Config']->getSource() . '"' - .' target="_blank">' . $_SESSION['PMA_Config']->getSource() . '</a>'); -} -if ($_SESSION['PMA_Config']->error_config_default_file) { - $GLOBALS['PMA_errors'][] = sprintf($strConfigDefaultFileError, - $_SESSION['PMA_Config']->default_source); -} -if ($_SESSION['PMA_Config']->error_pma_uri) { - $GLOBALS['PMA_errors'][] = sprintf($strPmaUriError); + return $tab_navigation; } -/** - * current server - * @global integer $GLOBALS['server'] - */ -$GLOBALS['server'] = 0; /** - * Servers array fixups. - * $default_server comes from PMA_Config::enableBc() - * @todo merge into PMA_Config + * Displays a link, or a button if the link's URL is too large, to + * accommodate some browsers' limitations + * + * @param string the URL + * @param string the link message + * @param mixed $tag_params string: js confirmation + * array: additional tag params (f.e. style="") + * @param boolean $new_form we set this to false when we are already in + * a form, to avoid generating nested forms + * + * @return string the results to be echoed or saved in an array */ -// Do we have some server? -if (!isset($cfg['Servers']) || count($cfg['Servers']) == 0) { - // No server => create one with defaults - $cfg['Servers'] = array(1 => $default_server); -} else { - // We have server(s) => apply default config - $new_servers = array(); - - foreach ($cfg['Servers'] as $server_index => $each_server) { - - // Detect wrong configuration - if (!is_int($server_index) || $server_index < 1) { - $GLOBALS['PMA_errors'][] = sprintf($strInvalidServerIndex, $server_index); +function PMA_linkOrButton($url, $message, $tag_params = array(), + $new_form = true, $strip_img = false, $target = '') +{ + if (! is_array($tag_params)) { + $tmp = $tag_params; + $tag_params = array(); + if (!empty($tmp)) { + $tag_params['onclick'] = 'return confirmLink(this, \'' . $tmp . '\')'; } + unset($tmp); + } + if (! empty($target)) { + $tag_params['target'] = htmlentities($target); + } - $each_server = array_merge($default_server, $each_server); + $tag_params_strings = array(); + foreach ($tag_params as $par_name => $par_value) { + // htmlspecialchars() only on non javascript + $par_value = substr($par_name, 0, 2) == 'on' + ? $par_value + : htmlspecialchars($par_value); + $tag_params_strings[] = $par_name . '="' . $par_value . '"'; + } - // Don't use servers with no hostname - if ($each_server['connect_type'] == 'tcp' && empty($each_server['host'])) { - $GLOBALS['PMA_errors'][] = sprintf($strInvalidServerHostname, $server_index); + // previously the limit was set to 2047, it seems 1000 is better + if (strlen($url) <= 1000) { + // no whitespace within an <a> else Safari will make it part of the link + $ret = "\n" . '<a href="' . $url . '" ' + . implode(' ', $tag_params_strings) . '>' + . $message . '</a>' . "\n"; + } else { + // no spaces (linebreaks) at all + // or after the hidden fields + // IE will display them all + + // add class=link to submit button + if (empty($tag_params['class'])) { + $tag_params['class'] = 'link'; + } + + // decode encoded url separators + $separator = PMA_get_arg_separator(); + // on most places separator is still hard coded ... + if ($separator !== '&') { + // ... so always replace & with $separator + $url = str_replace(htmlentities('&'), $separator, $url); + $url = str_replace('&', $separator, $url); + } + $url = str_replace(htmlentities($separator), $separator, $url); + // end decode + + $url_parts = parse_url($url); + $query_parts = explode($separator, $url_parts['query']); + if ($new_form) { + $ret = '<form action="' . $url_parts['path'] . '" class="link"' + . ' method="post"' . $target . ' style="display: inline;">'; + $subname_open = ''; + $subname_close = ''; + $submit_name = ''; + } else { + $query_parts[] = 'redirect=' . $url_parts['path']; + if (empty($GLOBALS['subform_counter'])) { + $GLOBALS['subform_counter'] = 0; + } + $GLOBALS['subform_counter']++; + $ret = ''; + $subname_open = 'subform[' . $GLOBALS['subform_counter'] . ']['; + $subname_close = ']'; + $submit_name = ' name="usesubform[' . $GLOBALS['subform_counter'] . ']"'; + } + foreach ($query_parts as $query_pair) { + list($eachvar, $eachval) = explode('=', $query_pair); + $ret .= '<input type="hidden" name="' . $subname_open . $eachvar + . $subname_close . '" value="' + . htmlspecialchars(urldecode($eachval)) . '" />'; + } // end while + + if (stristr($message, '<img')) { + if ($strip_img) { + $message = trim(strip_tags($message)); + $ret .= '<input type="submit"' . $submit_name . ' ' + . implode(' ', $tag_params_strings) + . ' value="' . htmlspecialchars($message) . '" />'; + } else { + $ret .= '<input type="image"' . $submit_name . ' ' + . implode(' ', $tag_params_strings) + . ' src="' . preg_replace( + '/^.*\ssrc="([^"]*)".*$/si', '\1', $message) . '"' + . ' value="' . htmlspecialchars( + preg_replace('/^.*\salt="([^"]*)".*$/si', '\1', + $message)) + . '" />'; + } + } else { + $message = trim(strip_tags($message)); + $ret .= '<input type="submit"' . $submit_name . ' ' + . implode(' ', $tag_params_strings) + . ' value="' . htmlspecialchars($message) . '" />'; } - - // Final solution to bug #582890 - // If we are using a socket connection - // and there is nothing in the verbose server name - // or the host field, then generate a name for the server - // in the form of "Server 2", localized of course! - if ($each_server['connect_type'] == 'socket' && empty($each_server['host']) && empty($each_server['verbose'])) { - $each_server['verbose'] = $GLOBALS['strServer'] . $server_index; + if ($new_form) { + $ret .= '</form>'; } + } // end if... else... - $new_servers[$server_index] = $each_server; - } - $cfg['Servers'] = $new_servers; - unset($new_servers, $server_index, $each_server); -} - -// Cleanup -unset($default_server); - + return $ret; +} // end of the 'PMA_linkOrButton()' function -/******************************************************************************/ -/* setup themes LABEL_theme_setup */ /** - * @global PMA_Theme_Manager $_SESSION['PMA_Theme_Manager'] + * Returns a given timespan value in a readable format. + * + * @uses $GLOBALS['timespanfmt'] + * @uses sprintf() + * @uses floor() + * @param int the timespan + * + * @return string the formatted value */ -if (! isset($_SESSION['PMA_Theme_Manager'])) { - $_SESSION['PMA_Theme_Manager'] = new PMA_Theme_Manager; -} else { - /** - * @todo move all __wakeup() functionality into session.inc.php - */ - $_SESSION['PMA_Theme_Manager']->checkConfig(); -} - -// for the theme per server feature -if (isset($_REQUEST['server']) && !isset($_REQUEST['set_theme'])) { - $GLOBALS['server'] = $_REQUEST['server']; - $tmp = $_SESSION['PMA_Theme_Manager']->getThemeCookie(); - if (empty($tmp)) { - $tmp = $_SESSION['PMA_Theme_Manager']->theme_default; +function PMA_timespanFormat($seconds) +{ + $return_string = ''; + $days = floor($seconds / 86400); + if ($days > 0) { + $seconds -= $days * 86400; + } + $hours = floor($seconds / 3600); + if ($days > 0 || $hours > 0) { + $seconds -= $hours * 3600; } - $_SESSION['PMA_Theme_Manager']->setActiveTheme($tmp); - unset($tmp); + $minutes = floor($seconds / 60); + if ($days > 0 || $hours > 0 || $minutes > 0) { + $seconds -= $minutes * 60; + } + return sprintf($GLOBALS['timespanfmt'], (string)$days, (string)$hours, (string)$minutes, (string)$seconds); } + /** - * @todo move into PMA_Theme_Manager::__wakeup() + * Takes a string and outputs each character on a line for itself. Used + * mainly for horizontalflipped display mode. + * Takes care of special html-characters. + * Fulfills todo-item + * http://sf.net/tracker/?func=detail&aid=544361&group_id=23067&atid=377411 + * + * @todo add a multibyte safe function PMA_STR_split() + * @uses strlen + * @param string The string + * @param string The Separator (defaults to "<br />\n") + * + * @access public + * @author Garvin Hicking <me@supergarv.de> + * @return string The flipped string */ -if (isset($_REQUEST['set_theme'])) { - // if user selected a theme - $_SESSION['PMA_Theme_Manager']->setActiveTheme($_REQUEST['set_theme']); +function PMA_flipstring($string, $Separator = "<br />\n") +{ + $format_string = ''; + $charbuff = false; + + for ($i = 0; $i < strlen($string); $i++) { + $char = $string{$i}; + $append = false; + + if ($char == '&') { + $format_string .= $charbuff; + $charbuff = $char; + $append = true; + } elseif (!empty($charbuff)) { + $charbuff .= $char; + } elseif ($char == ';' && !empty($charbuff)) { + $format_string .= $charbuff; + $charbuff = false; + $append = true; + } else { + $format_string .= $char; + $append = true; + } + + if ($append && ($i != strlen($string))) { + $format_string .= $Separator; + } + } + + return $format_string; } -/** - * the theme object - * @global PMA_Theme $_SESSION['PMA_Theme'] - */ -$_SESSION['PMA_Theme'] = $_SESSION['PMA_Theme_Manager']->theme; -// BC -/** - * the active theme - * @global string $GLOBALS['theme'] - */ -$GLOBALS['theme'] = $_SESSION['PMA_Theme']->getName(); /** - * the theme path - * @global string $GLOBALS['pmaThemePath'] - */ -$GLOBALS['pmaThemePath'] = $_SESSION['PMA_Theme']->getPath(); -/** - * the theme image path - * @global string $GLOBALS['pmaThemeImage'] + * Function added to avoid path disclosures. + * Called by each script that needs parameters, it displays + * an error message and, by default, stops the execution. + * + * Not sure we could use a strMissingParameter message here, + * would have to check if the error message file is always available + * + * @todo localize error message + * @todo use PMA_fatalError() if $die === true? + * @uses PMA_getenv() + * @uses header_meta_style.inc.php + * basename + * @param array The names of the parameters needed by the calling + * script. + * @param boolean Stop the execution? + * (Set this manually to false in the calling script + * until you know all needed parameters to check). + * @param boolean Whether to include this list in checking for special params. + * @global string path to current script + * @global boolean flag whether any special variable was required + * + * @access public + * @author Marc Delisle (lem9@users.sourceforge.net) */ -$GLOBALS['pmaThemeImage'] = $_SESSION['PMA_Theme']->getImgPath(); +function PMA_checkParameters($params, $die = true, $request = true) +{ + global $checked_special; -/** - * load layout file if exists - */ -if (@file_exists($_SESSION['PMA_Theme']->getLayoutFile())) { - include $_SESSION['PMA_Theme']->getLayoutFile(); - /** - * @todo remove if all themes are update use Navi instead of Left as frame name - */ - if (! isset($GLOBALS['cfg']['NaviWidth']) - && isset($GLOBALS['cfg']['LeftWidth'])) { - $GLOBALS['cfg']['NaviWidth'] = $GLOBALS['cfg']['LeftWidth']; + if (!isset($checked_special)) { + $checked_special = false; } -} - -if (! defined('PMA_MINIMUM_COMMON')) { - /** - * Charset conversion. - */ - require_once './libraries/charset_conversion.lib.php'; - /** - * String handling - */ - require_once './libraries/string.lib.php'; + $reported_script_name = basename(PMA_getenv('PHP_SELF')); + $found_error = false; + $error_message = ''; - /** - * Lookup server by name - * by Arnold - Helder Hosting - * (see FAQ 4.8) - */ - if (! empty($_REQUEST['server']) && is_string($_REQUEST['server']) && ! ctype_digit($_REQUEST['server'])) { - foreach ($cfg['Servers'] as $i => $server) { - if ($server['host'] == $_REQUEST['server']) { - $_REQUEST['server'] = $i; - break; - } + foreach ($params as $param) { + if ($request && $param != 'db' && $param != 'table') { + $checked_special = true; } - if (is_string($_REQUEST['server'])) { - unset($_REQUEST['server']); - } - unset($i); - } - /** - * If no server is selected, make sure that $cfg['Server'] is empty (so - * that nothing will work), and skip server authentication. - * We do NOT exit here, but continue on without logging into any server. - * This way, the welcome page will still come up (with no server info) and - * present a choice of servers in the case that there are multiple servers - * and '$cfg['ServerDefault'] = 0' is set. - */ - - if (isset($_REQUEST['server']) && (is_string($_REQUEST['server']) || is_numeric($_REQUEST['server'])) && ! empty($_REQUEST['server']) && ! empty($cfg['Servers'][$_REQUEST['server']])) { - $GLOBALS['server'] = $_REQUEST['server']; - $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']]; - } else { - if (!empty($cfg['Servers'][$cfg['ServerDefault']])) { - $GLOBALS['server'] = $cfg['ServerDefault']; - $cfg['Server'] = $cfg['Servers'][$GLOBALS['server']]; - } else { - $GLOBALS['server'] = 0; - $cfg['Server'] = array(); + if (!isset($GLOBALS[$param])) { + $error_message .= $reported_script_name + . ': Missing parameter: ' . $param + . ' <a href="./Documentation.html#faqmissingparameters"' + . ' target="documentation"> (FAQ 2.8)</a><br />'; + $found_error = true; } } - $GLOBALS['url_params']['server'] = $GLOBALS['server']; - - if (! empty($cfg['Server'])) { - + if ($found_error) { /** - * Loads the proper database interface for this server + * display html meta tags */ - require_once './libraries/database_interface.lib.php'; - - // Gets the authentication library that fits the $cfg['Server'] settings - // and run authentication - - // (for a quick check of path disclosure in auth/cookies:) - $coming_from_common = true; - - // to allow HTTP or http - $cfg['Server']['auth_type'] = strtolower($cfg['Server']['auth_type']); - if (! file_exists('./libraries/auth/' . $cfg['Server']['auth_type'] . '.auth.lib.php')) { - PMA_fatalError($strInvalidAuthMethod . ' ' . $cfg['Server']['auth_type']); + require_once './libraries/header_meta_style.inc.php'; + echo '</head><body><p>' . $error_message . '</p></body></html>'; + if ($die) { + exit(); } - /** - * the required auth type plugin - */ - require_once './libraries/auth/' . $cfg['Server']['auth_type'] . '.auth.lib.php'; + } +} // end function - if (!PMA_auth_check()) { - PMA_auth(); - } else { - PMA_auth_set_user(); +/** + * Function to generate unique condition for specified row. + * + * @uses PMA_MYSQL_INT_VERSION + * @uses $GLOBALS['analyzed_sql'][0] + * @uses PMA_DBI_field_flags() + * @uses PMA_backquote() + * @uses PMA_sqlAddslashes() + * @uses stristr() + * @uses bin2hex() + * @uses preg_replace() + * @param resource $handle current query result + * @param integer $fields_cnt number of fields + * @param array $fields_meta meta information about fields + * @param array $row current row + * + * @access public + * @author Michal Cihar (michal@cihar.com) + * @return string calculated condition + */ +function PMA_getUniqueCondition($handle, $fields_cnt, $fields_meta, $row) +{ + $primary_key = ''; + $unique_key = ''; + $nonprimary_condition = ''; + + for ($i = 0; $i < $fields_cnt; ++$i) { + $condition = ''; + $field_flags = PMA_DBI_field_flags($handle, $i); + $meta = $fields_meta[$i]; + + // do not use an alias in a condition + if (! isset($meta->orgname) || ! strlen($meta->orgname)) { + $meta->orgname = $meta->name; + + if (isset($GLOBALS['analyzed_sql'][0]['select_expr']) + && is_array($GLOBALS['analyzed_sql'][0]['select_expr'])) { + foreach ($GLOBALS['analyzed_sql'][0]['select_expr'] + as $select_expr) { + // need (string) === (string) + // '' !== 0 but '' == 0 + if ((string) $select_expr['alias'] === (string) $meta->name) { + $meta->orgname = $select_expr['column']; + break; + } // end if + } // end foreach + } } - // Check IP-based Allow/Deny rules as soon as possible to reject the - // user - // Based on mod_access in Apache: - // http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/aaa/mod_access.c?rev=1.37&content-type=text/vnd.viewcvs-markup - // Look at: "static int check_dir_access(request_rec *r)" - // Robbat2 - May 10, 2002 - if (isset($cfg['Server']['AllowDeny']) - && isset($cfg['Server']['AllowDeny']['order'])) { - - /** - * ip based access library - */ - require_once './libraries/ip_allow_deny.lib.php'; - - $allowDeny_forbidden = false; // default - if ($cfg['Server']['AllowDeny']['order'] == 'allow,deny') { - $allowDeny_forbidden = true; - if (PMA_allowDeny('allow')) { - $allowDeny_forbidden = false; - } - if (PMA_allowDeny('deny')) { - $allowDeny_forbidden = true; - } - } elseif ($cfg['Server']['AllowDeny']['order'] == 'deny,allow') { - if (PMA_allowDeny('deny')) { - $allowDeny_forbidden = true; - } - if (PMA_allowDeny('allow')) { - $allowDeny_forbidden = false; - } - } elseif ($cfg['Server']['AllowDeny']['order'] == 'explicit') { - if (PMA_allowDeny('allow') - && !PMA_allowDeny('deny')) { - $allowDeny_forbidden = false; - } else { - $allowDeny_forbidden = true; - } - } // end if ... elseif ... elseif - // Ejects the user if banished - if ($allowDeny_forbidden) { - PMA_auth_fails(); + // to fix the bug where float fields (primary or not) + // can't be matched because of the imprecision of + // floating comparison, use CONCAT + // (also, the syntax "CONCAT(field) IS NULL" + // that we need on the next "if" will work) + if ($meta->type == 'real') { + $condition = ' CONCAT(' . PMA_backquote($meta->table) . '.' + . PMA_backquote($meta->orgname) . ') '; + } else { + // string and blob fields have to be converted using + // the system character set (always utf8) since + // mysql4.1 can use different charset for fields. + if (PMA_MYSQL_INT_VERSION >= 40100 + && ($meta->type == 'string' || $meta->type == 'blob')) { + $condition = ' CONVERT(' . PMA_backquote($meta->table) . '.' + . PMA_backquote($meta->orgname) . ' USING utf8) '; + } else { + $condition = ' ' . PMA_backquote($meta->table) . '.' + . PMA_backquote($meta->orgname) . ' '; } - unset($allowDeny_forbidden); //Clean up after you! - } // end if + } // end if... else... - // is root allowed? - if (!$cfg['Server']['AllowRoot'] && $cfg['Server']['user'] == 'root') { - $allowDeny_forbidden = true; - PMA_auth_fails(); - unset($allowDeny_forbidden); //Clean up after you! + if (!isset($row[$i]) || is_null($row[$i])) { + $condition .= 'IS NULL AND'; + } else { + // timestamp is numeric on some MySQL 4.1 + if ($meta->numeric && $meta->type != 'timestamp') { + $condition .= '= ' . $row[$i] . ' AND'; + } elseif ($meta->type == 'blob' + // hexify only if this is a true not empty BLOB + && stristr($field_flags, 'BINARY') + && !empty($row[$i])) { + // do not waste memory building a too big condition + if (strlen($row[$i]) < 1000) { + if (PMA_MYSQL_INT_VERSION < 40002) { + $condition .= 'LIKE 0x' . bin2hex($row[$i]) . ' AND'; + } else { + // use a CAST if possible, to avoid problems + // if the field contains wildcard characters % or _ + $condition .= '= CAST(0x' . bin2hex($row[$i]) + . ' AS BINARY) AND'; + } + } + } else { + $condition .= '= \'' + . PMA_sqlAddslashes($row[$i], false, true) . '\' AND'; + } } + if ($meta->primary_key > 0) { + $primary_key .= $condition; + } elseif ($meta->unique_key > 0) { + $unique_key .= $condition; + } + $nonprimary_condition .= $condition; + } // end for + + // Correction University of Virginia 19991216: + // prefer primary or unique keys for condition, + // but use conjunction of all values if no primary key + if ($primary_key) { + $preferred_condition = $primary_key; + } elseif ($unique_key) { + $preferred_condition = $unique_key; + } else { + $preferred_condition = $nonprimary_condition; + } - $bkp_track_err = @ini_set('track_errors', 1); + return preg_replace('|\s?AND$|', '', $preferred_condition); +} // end function - // Try to connect MySQL with the control user profile (will be used to - // get the privileges list for the current user but the true user link - // must be open after this one so it would be default one for all the - // scripts) - $controllink = false; - if ($cfg['Server']['controluser'] != '') { - $controllink = PMA_DBI_connect($cfg['Server']['controluser'], - $cfg['Server']['controlpass'], true); - } - if (! $controllink) { - $controllink = PMA_DBI_connect($cfg['Server']['user'], - $cfg['Server']['password'], true); - } // end if ... else +/** + * Generate a button or image tag + * + * @uses PMA_USR_BROWSER_AGENT + * @uses $GLOBALS['pmaThemeImage'] + * @uses $GLOBALS['cfg']['PropertiesIconic'] + * @param string name of button element + * @param string class of button element + * @param string name of image element + * @param string text to display + * @param string image to display + * + * @access public + * @author Michal Cihar (michal@cihar.com) + */ +function PMA_buttonOrImage($button_name, $button_class, $image_name, $text, + $image) +{ + /* Opera has trouble with <input type="image"> */ + /* IE has trouble with <button> */ + if (PMA_USR_BROWSER_AGENT != 'IE') { + echo '<button class="' . $button_class . '" type="submit"' + .' name="' . $button_name . '" value="' . $text . '"' + .' title="' . $text . '">' . "\n" + .'<img class="icon" src="' . $GLOBALS['pmaThemeImage'] . $image . '"' + .' title="' . $text . '" alt="' . $text . '" width="16"' + .' height="16" />' + .($GLOBALS['cfg']['PropertiesIconic'] === 'both' ? ' ' . $text : '') . "\n" + .'</button>' . "\n"; + } else { + echo '<input type="image" name="' . $image_name . '" value="' + . $text . '" title="' . $text . '" src="' . $GLOBALS['pmaThemeImage'] + . $image . '" />' + . ($GLOBALS['cfg']['PropertiesIconic'] === 'both' ? ' ' . $text : '') . "\n"; + } +} // end function - // Pass #1 of DB-Config to read in master level DB-Config will go here - // Robbat2 - May 11, 2002 +/** + * Generate a pagination selector for browsing resultsets + * + * @uses $GLOBALS['strPageNumber'] + * @uses range() + * @param string URL for the JavaScript + * @param string Number of rows in the pagination set + * @param string current page number + * @param string number of total pages + * @param string If the number of pages is lower than this + * variable, no pages will be ommitted in + * pagination + * @param string How many rows at the beginning should always + * be shown? + * @param string How many rows at the end should always + * be shown? + * @param string Percentage of calculation page offsets to + * hop to a next page + * @param string Near the current page, how many pages should + * be considered "nearby" and displayed as + * well? + * + * @access public + * @author Garvin Hicking (pma@supergarv.de) + */ +function PMA_pageselector($url, $rows, $pageNow = 1, $nbTotalPage = 1, + $showAll = 200, $sliceStart = 5, $sliceEnd = 5, $percent = 20, + $range = 10) +{ + $gotopage = $GLOBALS['strPageNumber'] + . ' <select name="goToPage" onchange="goToUrl(this, \'' + . $url . '\');">' . "\n"; + if ($nbTotalPage < $showAll) { + $pages = range(1, $nbTotalPage); + } else { + $pages = array(); + + // Always show first X pages + for ($i = 1; $i <= $sliceStart; $i++) { + $pages[] = $i; + } + + // Always show last X pages + for ($i = $nbTotalPage - $sliceEnd; $i <= $nbTotalPage; $i++) { + $pages[] = $i; + } + + // garvin: Based on the number of results we add the specified + // $percent percentate to each page number, + // so that we have a representing page number every now and then to + // immideately jump to specific pages. + // As soon as we get near our currently chosen page ($pageNow - + // $range), every page number will be + // shown. + $i = $sliceStart; + $x = $nbTotalPage - $sliceEnd; + $met_boundary = false; + while ($i <= $x) { + if ($i >= ($pageNow - $range) && $i <= ($pageNow + $range)) { + // If our pageselector comes near the current page, we use 1 + // counter increments + $i++; + $met_boundary = true; + } else { + // We add the percentate increment to our current page to + // hop to the next one in range + $i = $i + floor($nbTotalPage / $percent); - // Connects to the server (validates user's login) - $userlink = PMA_DBI_connect($cfg['Server']['user'], - $cfg['Server']['password'], false); + // Make sure that we do not cross our boundaries. + if ($i > ($pageNow - $range) && !$met_boundary) { + $i = $pageNow - $range; + } + } - // Pass #2 of DB-Config to read in user level DB-Config will go here - // Robbat2 - May 11, 2002 + if ($i > 0 && $i <= $x) { + $pages[] = $i; + } + } - @ini_set('track_errors', $bkp_track_err); - unset($bkp_track_err); + // Since because of ellipsing of the current page some numbers may be double, + // we unify our array: + sort($pages); + $pages = array_unique($pages); + } - /** - * If we auto switched to utf-8 we need to reread messages here - */ - if (defined('PMA_LANG_RELOAD')) { - require './libraries/language.lib.php'; + foreach ($pages as $i) { + if ($i == $pageNow) { + $selected = 'selected="selected" style="font-weight: bold"'; + } else { + $selected = ''; } + $gotopage .= ' <option ' . $selected . ' value="' . (($i - 1) * $rows) . '">' . $i . '</option>' . "\n"; + } - /** - * SQL Parser code - */ - require_once './libraries/sqlparser.lib.php'; - - /** - * SQL Validator interface code - */ - require_once './libraries/sqlvalidator.lib.php'; + $gotopage .= ' </select>'; - /** - * the PMA_List_Database class - */ - require_once './libraries/PMA_List_Database.class.php'; - $PMA_List_Database = new PMA_List_Database($userlink, $controllink); + return $gotopage; +} // end function - } // end server connecting +/** + * replaces %u in given path with current user name + * + * example: + * <code> + * $user_dir = PMA_userDir('/var/pma_tmp/%u/'); // '/var/pma_tmp/root/' + * + * </code> + * @uses $cfg['Server']['user'] + * @uses substr() + * @uses str_replace() + * @param string $dir with wildcard for user + * @return string per user directory + */ +function PMA_userDir($dir) +{ + // add trailing slash + if (substr($dir, -1) != '/') { + $dir .= '/'; + } - /** - * Kanji encoding convert feature appended by Y.Kawada (2002/2/20) - */ - if (@function_exists('mb_convert_encoding') - && strpos(' ' . $lang, 'ja-') - && file_exists('./libraries/kanji-encoding.lib.php')) { - require_once './libraries/kanji-encoding.lib.php'; - /** - * enable multibyte string support - */ - define('PMA_MULTIBYTE_ENCODING', 1); - } // end if + return str_replace('%u', $GLOBALS['cfg']['Server']['user'], $dir); +} - /** - * save some settings in cookies - * @todo should be done in PMA_Config - */ - PMA_setCookie('pma_lang', $GLOBALS['lang']); - PMA_setCookie('pma_charset', $GLOBALS['convcharset']); - PMA_setCookie('pma_collation_connection', $GLOBALS['collation_connection']); +/** + * returns html code for db link to default db page + * + * @uses $cfg['DefaultTabDatabase'] + * @uses $GLOBALS['db'] + * @uses $GLOBALS['strJumpToDB'] + * @uses PMA_generate_common_url() + * @uses PMA_unescape_mysql_wildcards() + * @uses strlen() + * @uses sprintf() + * @uses htmlspecialchars() + * @param string $database + * @return string html link to default db page + */ +function PMA_getDbLink($database = null) +{ + if (!strlen($database)) { + if (!strlen($GLOBALS['db'])) { + return ''; + } + $database = $GLOBALS['db']; + } else { + $database = PMA_unescape_mysql_wildcards($database); + } - $_SESSION['PMA_Theme_Manager']->setThemeCookie(); -} // end if !defined('PMA_MINIMUM_COMMON') + return '<a href="' . $GLOBALS['cfg']['DefaultTabDatabase'] . '?' . PMA_generate_common_url($database) . '"' + .' title="' . sprintf($GLOBALS['strJumpToDB'], htmlspecialchars($database)) . '">' + .htmlspecialchars($database) . '</a>'; +} -if (!empty($__redirect) && in_array($__redirect, $goto_whitelist)) { - // to handle bug #1388167 - if (isset($_GET['is_js_confirmed'])) { - $is_js_confirmed = 1; +/** + * Displays a lightbulb hint explaining a known external bug + * that affects a functionality + * + * @uses PMA_MYSQL_INT_VERSION + * @uses $GLOBALS['strKnownExternalBug'] + * @uses PMA_showHint() + * @uses sprintf() + * @param string $functionality localized message explaining the func. + * @param string $component 'mysql' (eventually, 'php') + * @param string $minimum_version of this component + * @param string $bugref bug reference for this component + */ +function PMA_externalBug($functionality, $component, $minimum_version, $bugref) +{ + if ($component == 'mysql' && PMA_MYSQL_INT_VERSION < $minimum_version) { + echo PMA_showHint(sprintf($GLOBALS['strKnownExternalBug'], $functionality, 'http://bugs.mysql.com/' . $bugref)); } - /** - * include subform target page - */ - require $__redirect; - exit(); } ?> diff --git a/libraries/core.lib.php b/libraries/core.lib.php new file mode 100644 index 0000000000..d6ee9300a2 --- /dev/null +++ b/libraries/core.lib.php @@ -0,0 +1,449 @@ +<?php +/* vim: set expandtab sw=4 ts=4 sts=4: */ +/** + * Core functions used all over the scripts. + * + * @version $Id$ + */ + +/** + * Removes insecure parts in a path; used before include() or + * require() when a part of the path comes from an insecure source + * like a cookie or form. + * + * @param string The path to check + * + * @return string The secured path + * + * @access public + * @author Marc Delisle (lem9@users.sourceforge.net) + */ +function PMA_securePath($path) +{ + // change .. to . + $path = preg_replace('@\.\.*@', '.', $path); + + return $path; +} // end function + +/** + * displays the given error message on phpMyAdmin error page in foreign language, + * ends script execution and closes session + * + * @todo use detected argument separator (PMA_Config) + * @uses $GLOBALS['session_name'] + * @uses $GLOBALS['text_dir'] + * @uses $GLOBALS['strError'] + * @uses $GLOBALS['available_languages'] + * @uses $GLOBALS['lang'] + * @uses PMA_removeCookie() + * @uses select_lang.lib.php + * @uses $_COOKIE + * @uses substr() + * @uses header() + * @uses urlencode() + * @param string $error_message the error message or named error message + */ +function PMA_fatalError($error_message, $message_args = null) +{ + if (! isset($GLOBALS['available_languages'])) { + $GLOBALS['cfg'] = array('DefaultLang' => 'en-iso-8859-1', + 'AllowAnywhereRecoding' => false); + // Loads the language file + require_once './libraries/select_lang.lib.php'; + if (isset($strError)) { + $GLOBALS['strError'] = $strError; + } + if (isset($text_dir)) { + $GLOBALS['text_dir'] = $text_dir; + } + } + + if (substr($error_message, 0, 3) === 'str') { + if (isset($$error_message)) { + $error_message = $$error_message; + } elseif (isset($GLOBALS[$error_message])) { + $error_message = $GLOBALS[$error_message]; + } + } + + if (is_string($message_args)) { + $error_message = sprintf($error_message, $message_args); + } elseif (is_array($message_args)) { + $error_message = vsprintf($error_message, $message_args); + } + $error_message = strtr($error_message, array('<br />' => '[br]')); + + // Displays the error message + // (do not use & for parameters sent by header) + header('Location: error.php' + . '?lang=' . urlencode($GLOBALS['available_languages'][$GLOBALS['lang']][2]) + . '&dir=' . urlencode($GLOBALS['text_dir']) + . '&type=' . urlencode($GLOBALS['strError']) + . '&error=' . urlencode($error_message)); + + // on fatal errors it cannot hurt to always delete the current session + if (isset($GLOBALS['session_name']) && isset($_COOKIE[$GLOBALS['session_name']])) { + PMA_removeCookie($GLOBALS['session_name']); + } + + exit; +} + +/** + * returns count of tables in given db + * + * @uses PMA_DBI_try_query() + * @uses PMA_backquote() + * @uses PMA_DBI_QUERY_STORE() + * @uses PMA_DBI_num_rows() + * @uses PMA_DBI_free_result() + * @param string $db database to count tables for + * @return integer count of tables in $db + */ +function PMA_getTableCount($db) +{ + $tables = PMA_DBI_try_query( + 'SHOW TABLES FROM ' . PMA_backquote($db) . ';', + null, PMA_DBI_QUERY_STORE); + if ($tables) { + $num_tables = PMA_DBI_num_rows($tables); + PMA_DBI_free_result($tables); + } else { + $num_tables = 0; + } + + return $num_tables; +} + +/** + * Converts numbers like 10M into bytes + * Used with permission from Moodle (http://moodle.org) by Martin Dougiamas + * (renamed with PMA prefix to avoid double definition when embedded + * in Moodle) + * + * @uses each() + * @uses strlen() + * @uses substr() + * @param string $size + * @return integer $size + */ +function PMA_get_real_size($size = 0) +{ + if (! $size) { + return 0; + } + + $scan['gb'] = 1073741824; //1024 * 1024 * 1024; + $scan['g'] = 1073741824; //1024 * 1024 * 1024; + $scan['mb'] = 1048576; + $scan['m'] = 1048576; + $scan['kb'] = 1024; + $scan['k'] = 1024; + $scan['b'] = 1; + + foreach ($scan as $unit => $factor) { + if (strlen($size) > strlen($unit) + && strtolower(substr($size, strlen($size) - strlen($unit))) == $unit) { + return substr($size, 0, strlen($size) - strlen($unit)) * $factor; + } + } + + return $size; +} // end function PMA_get_real_size() + +/** + * loads php module + * + * @uses PHP_OS + * @uses extension_loaded() + * @uses ini_get() + * @uses function_exists() + * @uses ob_start() + * @uses phpinfo() + * @uses strip_tags() + * @uses ob_get_contents() + * @uses ob_end_clean() + * @uses preg_match() + * @uses strtoupper() + * @uses substr() + * @uses dl() + * @param string $module name if module to load + * @return boolean success loading module + */ +function PMA_dl($module) +{ + static $dl_allowed = null; + + if (extension_loaded($module)) { + return true; + } + + if (null === $dl_allowed) { + if (!@ini_get('safe_mode') + && @ini_get('enable_dl') + && @function_exists('dl')) { + ob_start(); + phpinfo(INFO_GENERAL); /* Only general info */ + $a = strip_tags(ob_get_contents()); + ob_end_clean(); + if (preg_match('@Thread Safety[[:space:]]*enabled@', $a)) { + if (preg_match('@Server API[[:space:]]*\(CGI\|CLI\)@', $a)) { + $dl_allowed = true; + } else { + $dl_allowed = false; + } + } else { + $dl_allowed = true; + } + } else { + $dl_allowed = false; + } + } + + if (!$dl_allowed) { + return false; + } + + /* Once we require PHP >= 4.3, we might use PHP_SHLIB_SUFFIX here */ + if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { + $module_file = 'php_' . $module . '.dll'; + } elseif (PHP_OS=='HP-UX') { + $module_file = $module . '.sl'; + } else { + $module_file = $module . '.so'; + } + + return @dl($module_file); +} + +/** + * merges array recursive like array_merge_recursive() but keyed-values are + * always overwritten. + * + * array PMA_array_merge_recursive(array $array1[, array $array2[, array ...]]) + * + * @see http://php.net/array_merge + * @see http://php.net/array_merge_recursive + * @uses func_num_args() + * @uses func_get_arg() + * @uses is_array() + * @uses call_user_func_array() + * @param array array to merge + * @param array array to merge + * @param array ... + * @return array merged array + */ +function PMA_array_merge_recursive() +{ + switch(func_num_args()) { + case 0 : + return false; + break; + case 1 : + // when does that happen? + return func_get_arg(0); + break; + case 2 : + $args = func_get_args(); + if (!is_array($args[0]) || !is_array($args[1])) { + return $args[1]; + } + foreach ($args[1] as $key2 => $value2) { + if (isset($args[0][$key2]) && !is_int($key2)) { + $args[0][$key2] = PMA_array_merge_recursive($args[0][$key2], + $value2); + } else { + // we erase the parent array, otherwise we cannot override a directive that + // contains array elements, like this: + // (in config.default.php) $cfg['ForeignKeyDropdownOrder'] = array('id-content','content-id'); + // (in config.inc.php) $cfg['ForeignKeyDropdownOrder'] = array('content-id'); + if (is_int($key2) && $key2 == 0) { + unset($args[0]); + } + $args[0][$key2] = $value2; + } + } + return $args[0]; + break; + default : + $args = func_get_args(); + $args[1] = PMA_array_merge_recursive($args[0], $args[1]); + array_shift($args); + return call_user_func_array('PMA_array_merge_recursive', $args); + break; + } +} + +/** + * calls $function vor every element in $array recursively + * + * this function is protected against deep recursion attack CVE-2006-1549, + * 1000 seems to be more than enough + * + * @see http://www.php-security.org/MOPB/MOPB-02-2007.html + * @see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1549 + * + * @uses PMA_arrayWalkRecursive() + * @uses is_array() + * @uses is_string() + * @param array $array array to walk + * @param string $function function to call for every array element + */ +function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false) +{ + static $recursive_counter = 0; + if (++$recursive_counter > 1000) { + die('possible deep recursion attack'); + } + foreach ($array as $key => $value) { + if (is_array($value)) { + PMA_arrayWalkRecursive($array[$key], $function, $apply_to_keys_also); + } else { + $array[$key] = $function($value); + } + + if ($apply_to_keys_also && is_string($key)) { + $new_key = $function($key); + if ($new_key != $key) { + $array[$new_key] = $array[$key]; + unset($array[$key]); + } + } + } + $recursive_counter++; +} + +/** + * boolean phpMyAdmin.PMA_checkPageValidity(string &$page, array $whitelist) + * + * checks given given $page against given $whitelist and returns true if valid + * it ignores optionaly query paramters in $page (script.php?ignored) + * + * @uses in_array() + * @uses urldecode() + * @uses substr() + * @uses strpos() + * @param string &$page page to check + * @param array $whitelist whitelist to check page against + * @return boolean whether $page is valid or not (in $whitelist or not) + */ +function PMA_checkPageValidity(&$page, $whitelist) +{ + if (! isset($page) || !is_string($page)) { + return false; + } + + if (in_array($page, $whitelist)) { + return true; + } elseif (in_array(substr($page, 0, strpos($page . '?', '?')), $whitelist)) { + return true; + } else { + $_page = urldecode($page); + if (in_array(substr($_page, 0, strpos($_page . '?', '?')), $whitelist)) { + return true; + } + } + return false; +} + +/** + * trys to find the value for the given environment vriable name + * + * searchs in $_SERVER, $_ENV than trys getenv() and apache_getenv() + * in this order + * + * @uses $_SERVER + * @uses $_ENV + * @uses getenv() + * @uses function_exists() + * @uses apache_getenv() + * @param string $var_name variable name + * @return string value of $var or empty string + */ +function PMA_getenv($var_name) { + if (isset($_SERVER[$var_name])) { + return $_SERVER[$var_name]; + } elseif (isset($_ENV[$var_name])) { + return $_ENV[$var_name]; + } elseif (getenv($var_name)) { + return getenv($var_name); + } elseif (function_exists('apache_getenv') + && apache_getenv($var_name, true)) { + return apache_getenv($var_name, true); + } + + return ''; +} + +/** + * removes cookie + * + * @uses PMA_Config::isHttps() + * @uses PMA_Config::getCookiePath() + * @uses setcookie() + * @uses time() + * @param string $cookie name of cookie to remove + * @return boolean result of setcookie() + */ +function PMA_removeCookie($cookie) +{ + return setcookie($cookie, '', time() - 3600, + PMA_Config::getCookiePath(), '', PMA_Config::isHttps()); +} + +/** + * sets cookie if value is different from current cokkie value, + * or removes if value is equal to default + * + * @uses PMA_Config::isHttps() + * @uses PMA_Config::getCookiePath() + * @uses $_COOKIE + * @uses PMA_removeCookie() + * @uses setcookie() + * @uses time() + * @param string $cookie name of cookie to remove + * @param mixed $value new cookie value + * @param string $default default value + * @param int $validity validity of cookie in seconds (default is one month) + * @param bool $httponlt whether cookie is only for HTTP (and not for scripts) + * @return boolean result of setcookie() + */ +function PMA_setCookie($cookie, $value, $default = null, $validity = null, $httponly = true) +{ + if ($validity == null) { + $validity = 2592000; + } + if (strlen($value) && null !== $default && $value === $default + && isset($_COOKIE[$cookie])) { + // remove cookie, default value is used + return PMA_removeCookie($cookie); + } + + if (! strlen($value) && isset($_COOKIE[$cookie])) { + // remove cookie, value is empty + return PMA_removeCookie($cookie); + } + + if (! isset($_COOKIE[$cookie]) || $_COOKIE[$cookie] !== $value) { + // set cookie with new value + /* Calculate cookie validity */ + if ($validity == 0) { + $v = 0; + } else { + $v = time() + $validity; + } + /* Use native support for httponly cookies if available */ + if (version_compare(PHP_VERSION, '5.2.0', 'ge')) { + return setcookie($cookie, $value, $v, + PMA_Config::getCookiePath(), '', PMA_Config::isHttps(), $httponly); + } else { + return setcookie($cookie, $value, $v, + PMA_Config::getCookiePath() . ($httponly ? '; HttpOnly' : ''), '', PMA_Config::isHttps()); + } + } + + // cookie has already $value as value + return true; +} +?> diff --git a/libraries/db_common.inc.php b/libraries/db_common.inc.php index 560b60b533..d722ea1195 100644 --- a/libraries/db_common.inc.php +++ b/libraries/db_common.inc.php @@ -8,7 +8,7 @@ /** * Gets some core libraries */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); require_once('./libraries/bookmark.lib.php'); PMA_checkParameters(array('db')); diff --git a/libraries/db_info.inc.php b/libraries/db_info.inc.php index 739f9991db..2686e6321e 100644 --- a/libraries/db_info.inc.php +++ b/libraries/db_info.inc.php @@ -8,7 +8,7 @@ /** * Check parameters */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); PMA_checkParameters(array('db')); diff --git a/libraries/db_links.inc.php b/libraries/db_links.inc.php index fc281ff71a..1bd1be5878 100644 --- a/libraries/db_links.inc.php +++ b/libraries/db_links.inc.php @@ -8,7 +8,7 @@ /** * */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); require_once './libraries/relation.lib.php'; /** diff --git a/libraries/header.inc.php b/libraries/header.inc.php index 2c2182eee9..336c1c1abb 100644 --- a/libraries/header.inc.php +++ b/libraries/header.inc.php @@ -8,14 +8,14 @@ /** * */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; if (empty($GLOBALS['is_header_sent'])) { /** * Gets a core script and starts output buffering work */ - require_once './libraries/common.lib.php'; + require_once './libraries/common.inc.php'; require_once './libraries/ob.lib.php'; if ($GLOBALS['cfg']['OBGzip']) { $GLOBALS['ob_mode'] = PMA_outBufferModeGet(); diff --git a/libraries/header_printview.inc.php b/libraries/header_printview.inc.php index 9814fe999b..ca68b57e53 100644 --- a/libraries/header_printview.inc.php +++ b/libraries/header_printview.inc.php @@ -8,7 +8,7 @@ /** * Gets a core script and starts output buffering work */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); require_once('./libraries/ob.lib.php'); if ($cfg['OBGzip']) { $ob_mode = PMA_outBufferModeGet(); diff --git a/libraries/server_common.inc.php b/libraries/server_common.inc.php index 14499ab286..27af6045fc 100644 --- a/libraries/server_common.inc.php +++ b/libraries/server_common.inc.php @@ -13,7 +13,7 @@ /** * Gets some core libraries */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; /** * Handles some variables that may have been sent by the calling script diff --git a/libraries/server_links.inc.php b/libraries/server_links.inc.php index e6aad721a7..6b12cabca4 100644 --- a/libraries/server_links.inc.php +++ b/libraries/server_links.inc.php @@ -8,7 +8,7 @@ /** * Check parameters */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); require_once('./libraries/server_common.inc.php'); PMA_checkParameters(array('is_superuser', 'url_query'), TRUE, FALSE); diff --git a/libraries/sql_query_form.lib.php b/libraries/sql_query_form.lib.php index fcd9bdaf9c..5764bd309b 100644 --- a/libraries/sql_query_form.lib.php +++ b/libraries/sql_query_form.lib.php @@ -29,7 +29,7 @@ require_once './libraries/bookmark.lib.php'; // used for file listing * @uses $GLOBALS['db'] * @uses $GLOBALS['server'] * @uses $GLOBALS['goto'] - * @uses $GLOBALS['is_upload'] from common.lib.php + * @uses $GLOBALS['is_upload'] from common.inc.php * @uses $GLOBALS['sql_query'] from grab_globals.lib.php * @uses $GLOBALS['cfg']['DefaultQueryTable'] * @uses $GLOBALS['cfg']['DefaultQueryDatabase'] diff --git a/libraries/tbl_common.php b/libraries/tbl_common.php index 6ddd36b1a9..f6d215fa03 100644 --- a/libraries/tbl_common.php +++ b/libraries/tbl_common.php @@ -8,7 +8,7 @@ /** * Gets some core libraries */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); require_once('./libraries/bookmark.lib.php'); // Check parameters diff --git a/libraries/tbl_info.inc.php b/libraries/tbl_info.inc.php index 80659eec1b..e1b154a67f 100644 --- a/libraries/tbl_info.inc.php +++ b/libraries/tbl_info.inc.php @@ -20,7 +20,7 @@ require_once './libraries/Table.class.php'; /** * requirements */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); // Check parameters PMA_checkParameters(array('db', 'table')); diff --git a/libraries/tbl_links.inc.php b/libraries/tbl_links.inc.php index 3f90c50422..b254937644 100644 --- a/libraries/tbl_links.inc.php +++ b/libraries/tbl_links.inc.php @@ -8,7 +8,7 @@ /** * Check parameters */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); PMA_checkParameters(array('db', 'table')); diff --git a/libraries/tbl_properties.inc.php b/libraries/tbl_properties.inc.php index b6ca23d594..a897ff5d83 100644 --- a/libraries/tbl_properties.inc.php +++ b/libraries/tbl_properties.inc.php @@ -8,7 +8,7 @@ /** * Check parameters */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); PMA_checkParameters(array('db', 'table', 'action', 'num_fields')); diff --git a/libraries/tbl_replace_fields.inc.php b/libraries/tbl_replace_fields.inc.php index 9e352d7c38..47971ab3b4 100644 --- a/libraries/tbl_replace_fields.inc.php +++ b/libraries/tbl_replace_fields.inc.php @@ -39,7 +39,7 @@ if (! defined('PMA_NO_VARIABLES_IMPORT')) { /** * Gets some core libraries */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; require_once './libraries/PMA_File.class.php'; $file_to_insert = new PMA_File(); @@ -15,7 +15,7 @@ if (!defined('PMA_DISPLAY_HEADING')) { /** * Gets some core libraries and displays a top message if required */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; // Handles some variables that may have been sent by the calling script if (isset($db)) { diff --git a/navigation.php b/navigation.php index 1c7da32365..cb08a9b37c 100644 --- a/navigation.php +++ b/navigation.php @@ -45,7 +45,7 @@ /** * Gets a core script and starts output buffering work */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; /** * finish and cleanup navigation.php script execution diff --git a/pdf_pages.php b/pdf_pages.php index 2b40b9b0de..5ef6007fbd 100644 --- a/pdf_pages.php +++ b/pdf_pages.php @@ -8,7 +8,7 @@ /** * Gets some core libraries */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); require_once('./libraries/db_common.inc.php'); diff --git a/pdf_schema.php b/pdf_schema.php index 406c0b0c6e..cbdedc01c1 100644 --- a/pdf_schema.php +++ b/pdf_schema.php @@ -9,7 +9,7 @@ /** * Gets some core scripts */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); /** * Settings for relation stuff diff --git a/phpinfo.php b/phpinfo.php index 3f38ece513..461cbf115a 100644 --- a/phpinfo.php +++ b/phpinfo.php @@ -9,7 +9,7 @@ * Gets core libraries and defines some variables */ define( 'PMA_MINIMUM_COMMON', true ); -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); /** diff --git a/phpmyadmin.css.php b/phpmyadmin.css.php index 0a9efcc2bd..c47ba856e3 100644 --- a/phpmyadmin.css.php +++ b/phpmyadmin.css.php @@ -9,7 +9,7 @@ * */ define('PMA_MINIMUM_COMMON', true); -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; require_once './libraries/sqlparser.lib.php'; // MSIE 6 (at least some unpatched versions) has problems loading CSS diff --git a/pmd_common.php b/pmd_common.php index d11f15d2f9..b2dbcd8ff1 100644 --- a/pmd_common.php +++ b/pmd_common.php @@ -8,7 +8,7 @@ /** * */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; // not understand require_once './libraries/header_http.inc.php'; diff --git a/querywindow.php b/querywindow.php index 0ced4e23ff..b6b24fd2ea 100644 --- a/querywindow.php +++ b/querywindow.php @@ -8,7 +8,7 @@ /** * */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; $is_superuser = PMA_isSuperuser(); diff --git a/scripts/setup.php b/scripts/setup.php index ac6e9d7aee..4ad5a69b7e 100644 --- a/scripts/setup.php +++ b/scripts/setup.php @@ -16,7 +16,7 @@ // Grab phpMyAdmin version and PMA_dl function define( 'PMA_MINIMUM_COMMON', TRUE ); chdir('..'); -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); // Grab configuration defaults // Do not use $PMA_Config, it interferes with the one in $_SESSION diff --git a/server_binlog.php b/server_binlog.php index ce0b6a63d6..413f26a587 100644 --- a/server_binlog.php +++ b/server_binlog.php @@ -42,7 +42,7 @@ /** * */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; /** * Does the common work, provides $binary_logs diff --git a/server_collations.php b/server_collations.php index 31000c6d6a..9e5a5d4d8d 100644 --- a/server_collations.php +++ b/server_collations.php @@ -11,7 +11,7 @@ if ( ! defined( 'PMA_NO_VARIABLES_IMPORT' ) ) { define( 'PMA_NO_VARIABLES_IMPORT', true ); } -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); /** * Does the common work diff --git a/server_databases.php b/server_databases.php index f5fc38f373..b35228eed0 100644 --- a/server_databases.php +++ b/server_databases.php @@ -8,7 +8,7 @@ /** * Does the common work */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; $js_to_run = 'functions.js'; diff --git a/server_engines.php b/server_engines.php index 19eb7b3962..fe1a5358f8 100644 --- a/server_engines.php +++ b/server_engines.php @@ -16,7 +16,7 @@ if ( ! defined( 'PMA_NO_VARIABLES_IMPORT' ) ) { /** * requirements */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); /** * Does the common work diff --git a/server_export.php b/server_export.php index 94e36b2807..856c167413 100644 --- a/server_export.php +++ b/server_export.php @@ -8,7 +8,7 @@ /** * Does the common work */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); $js_to_run = 'functions.js'; diff --git a/server_import.php b/server_import.php index ec490b8ca6..cfbfdf50ea 100644 --- a/server_import.php +++ b/server_import.php @@ -8,7 +8,7 @@ /** * */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); /** * Does the common work diff --git a/server_privileges.php b/server_privileges.php index 9bf4fe75d5..b844cd434d 100644 --- a/server_privileges.php +++ b/server_privileges.php @@ -8,7 +8,7 @@ /** * */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); /** * Does the common work diff --git a/server_processlist.php b/server_processlist.php index 86ef87ac1f..b483de234c 100644 --- a/server_processlist.php +++ b/server_processlist.php @@ -8,7 +8,7 @@ /** * */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); /** * Does the common work diff --git a/server_sql.php b/server_sql.php index 3188e61a02..53518bc93f 100644 --- a/server_sql.php +++ b/server_sql.php @@ -8,7 +8,7 @@ /** * */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); /** * Does the common work diff --git a/server_status.php b/server_status.php index d635b659fe..23f6b65d24 100644 --- a/server_status.php +++ b/server_status.php @@ -13,7 +13,7 @@ if (! defined('PMA_NO_VARIABLES_IMPORT')) { define('PMA_NO_VARIABLES_IMPORT', true); } -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; /** * Does the common work diff --git a/server_variables.php b/server_variables.php index de947a2365..40a8058538 100644 --- a/server_variables.php +++ b/server_variables.php @@ -11,7 +11,7 @@ if ( ! defined( 'PMA_NO_VARIABLES_IMPORT' ) ) { define( 'PMA_NO_VARIABLES_IMPORT', true ); } -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; /** * Does the common work @@ -9,7 +9,7 @@ /** * Gets some core libraries */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; require_once './libraries/Table.class.php'; require_once './libraries/tbl_indexes.lib.php'; require_once './libraries/check_user_privileges.lib.php'; diff --git a/tbl_addfield.php b/tbl_addfield.php index 5812748ec2..0112ae97f6 100644 --- a/tbl_addfield.php +++ b/tbl_addfield.php @@ -8,7 +8,7 @@ /** * Get some core libraries */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; require_once './libraries/Table.class.php'; $js_to_run = 'functions.js'; diff --git a/tbl_alter.php b/tbl_alter.php index 3ab01bedcb..a8336bbc6d 100644 --- a/tbl_alter.php +++ b/tbl_alter.php @@ -8,7 +8,7 @@ /** * Gets some core libraries */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); require_once('./libraries/Table.class.php'); $js_to_run = 'functions.js'; diff --git a/tbl_change.php b/tbl_change.php index c1fc5845df..f7cb61fa95 100644 --- a/tbl_change.php +++ b/tbl_change.php @@ -8,7 +8,7 @@ /** * Gets the variables sent or posted to this script and displays the header */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; /** * Sets global variables. diff --git a/tbl_create.php b/tbl_create.php index 1a00daa7d9..0918179a1b 100644 --- a/tbl_create.php +++ b/tbl_create.php @@ -40,7 +40,7 @@ /** * Get some core libraries */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; require_once './libraries/Table.class.php'; $js_to_run = 'functions.js'; diff --git a/tbl_export.php b/tbl_export.php index 963fe216b6..c9df7caa5b 100644 --- a/tbl_export.php +++ b/tbl_export.php @@ -8,7 +8,7 @@ /** * */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); /** * Gets tables informations and displays top links diff --git a/tbl_import.php b/tbl_import.php index 67f3bda861..7f971b97a5 100644 --- a/tbl_import.php +++ b/tbl_import.php @@ -8,7 +8,7 @@ /** * */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); /** * Gets tables informations and displays top links diff --git a/tbl_indexes.php b/tbl_indexes.php index 176c6d4dd2..22fb49c988 100644 --- a/tbl_indexes.php +++ b/tbl_indexes.php @@ -9,7 +9,7 @@ /** * Gets some core libraries */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; require_once './libraries/tbl_indexes.lib.php'; /** diff --git a/tbl_move_copy.php b/tbl_move_copy.php index 93f8bf3952..02f44c4827 100644 --- a/tbl_move_copy.php +++ b/tbl_move_copy.php @@ -8,7 +8,7 @@ /** * Gets some core libraries */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; require_once './libraries/Table.class.php'; // Check parameters diff --git a/tbl_operations.php b/tbl_operations.php index 6673caf5ea..4ef05af98d 100644 --- a/tbl_operations.php +++ b/tbl_operations.php @@ -8,7 +8,7 @@ /** * */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; require_once './libraries/Table.class.php'; $pma_table = new PMA_Table($GLOBALS['table'], $GLOBALS['db']); diff --git a/tbl_printview.php b/tbl_printview.php index 066ac80da1..b71a9be5c2 100644 --- a/tbl_printview.php +++ b/tbl_printview.php @@ -8,7 +8,7 @@ /** * */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; require './libraries/tbl_common.php'; diff --git a/tbl_relation.php b/tbl_relation.php index 20baa6ff2f..cfa1bb66fe 100644 --- a/tbl_relation.php +++ b/tbl_relation.php @@ -8,7 +8,7 @@ /** * Gets some core libraries */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); require_once('./libraries/tbl_common.php'); $url_query .= '&goto=tbl_sql.php'; diff --git a/tbl_replace.php b/tbl_replace.php index 23e640d24b..ecd21ca803 100644 --- a/tbl_replace.php +++ b/tbl_replace.php @@ -52,7 +52,7 @@ if (! defined('PMA_NO_VARIABLES_IMPORT')) { /** * Gets some core libraries */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; // Check parameters PMA_checkParameters(array('db', 'table', 'goto')); diff --git a/tbl_row_action.php b/tbl_row_action.php index 60ba6f4195..98a6d4a6a5 100644 --- a/tbl_row_action.php +++ b/tbl_row_action.php @@ -8,7 +8,7 @@ /** * */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); require_once('./libraries/mysql_charsets.lib.php'); /** diff --git a/tbl_select.php b/tbl_select.php index 43a26fea16..a486ad0b71 100644 --- a/tbl_select.php +++ b/tbl_select.php @@ -8,7 +8,7 @@ /** * Gets some core libraries */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); require_once('./libraries/relation.lib.php'); // foreign keys require_once('./libraries/mysql_charsets.lib.php'); diff --git a/tbl_sql.php b/tbl_sql.php index a3a9fd8dad..1943ecbb6c 100644 --- a/tbl_sql.php +++ b/tbl_sql.php @@ -8,7 +8,7 @@ /** * */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); /** * Runs common work diff --git a/tbl_structure.php b/tbl_structure.php index eb94e362c6..9de35843e2 100644 --- a/tbl_structure.php +++ b/tbl_structure.php @@ -8,7 +8,7 @@ /** * */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; require_once './libraries/mysql_charsets.lib.php'; require_once './libraries/relation.lib.php'; diff --git a/test/FailTest.php b/test/FailTest.php index 0035b099ab..3494c4f020 100644 --- a/test/FailTest.php +++ b/test/FailTest.php @@ -11,7 +11,6 @@ * */ require_once 'PHPUnit/Framework.php'; -require_once './libraries/common.lib.php'; class FailTest extends PHPUnit_Framework_TestCase { diff --git a/test/PMA_get_real_size_test.php b/test/PMA_get_real_size_test.php index b2bf638171..4f618b2c5b 100644 --- a/test/PMA_get_real_size_test.php +++ b/test/PMA_get_real_size_test.php @@ -11,7 +11,7 @@ * */ require_once 'PHPUnit/Framework.php'; -require_once './libraries/common.lib.php'; +require_once './libraries/core.lib.php'; class PMA_get_real_size_test extends PHPUnit_Framework_TestCase { diff --git a/test/theme.php b/test/theme.php index 49bed9dbf1..3814fff959 100644 --- a/test/theme.php +++ b/test/theme.php @@ -3,7 +3,7 @@ /** * theme test * - * @uses libraries/common.lib.php global fnctions + * @uses libraries/common.inc.php global fnctions * @package phpMyAdmin-test * @version $Id$ */ @@ -13,7 +13,7 @@ chdir('..'); /** * Gets core libraries and defines some variables */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; $lang_iso_code = $GLOBALS['available_languages'][$GLOBALS['lang']][2]; diff --git a/themes.php b/themes.php index 6d55e3d6ad..6edbeaa024 100644 --- a/themes.php +++ b/themes.php @@ -8,7 +8,7 @@ /** * get some globals */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); /* Theme Select */ $path_to_themes = $cfg['ThemePath'] . '/'; diff --git a/transformation_overview.php b/transformation_overview.php index ceac9b745c..b0b48ad392 100644 --- a/transformation_overview.php +++ b/transformation_overview.php @@ -13,7 +13,7 @@ define('PMA_DISPLAY_HEADING', 0); /** * Gets some core libraries and displays a top message if required */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; require_once './libraries/header.inc.php'; require_once './libraries/relation.lib.php'; require_once './libraries/transformations.lib.php'; diff --git a/transformation_wrapper.php b/transformation_wrapper.php index f53dc94910..377aea967b 100644 --- a/transformation_wrapper.php +++ b/transformation_wrapper.php @@ -13,7 +13,7 @@ define('IS_TRANSFORMATION_WRAPPER', true); /** * Gets a core script and starts output buffering work */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); require_once('./libraries/relation.lib.php'); // foreign keys require_once('./libraries/transformations.lib.php'); // Transformations $cfgRelation = PMA_getRelationsParam(); diff --git a/user_password.php b/user_password.php index 685f254b6f..e9222ea71b 100644 --- a/user_password.php +++ b/user_password.php @@ -8,7 +8,7 @@ /** * Gets some core libraries */ -require_once('./libraries/common.lib.php'); +require_once('./libraries/common.inc.php'); /** * Displays an error message and exits if the user isn't allowed to use this diff --git a/view_create.php b/view_create.php index 88bbb8efb0..b950fe756d 100644 --- a/view_create.php +++ b/view_create.php @@ -8,7 +8,7 @@ /** * */ -require_once './libraries/common.lib.php'; +require_once './libraries/common.inc.php'; /** * Runs common work |