Viewing file: common.inc.php (30.48 KB) -rw-r--r-- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
1000) {
die('possible exploit');
}
/**
* Check for numeric keys
* (if register_globals is on, numeric key can be found in $GLOBALS)
*/
foreach ($GLOBALS as $key => $dummy) {
if (is_numeric($key)) {
die('numeric key detected');
}
}
unset($dummy);
/**
* PATH_INFO could be compromised if set, so remove it from PHP_SELF
* and provide a clean PHP_SELF here
*/
$PMA_PHP_SELF = PMA_getenv('PHP_SELF');
$_PATH_INFO = PMA_getenv('PATH_INFO');
if (! empty($_PATH_INFO) && ! empty($PMA_PHP_SELF)) {
$path_info_pos = strrpos($PMA_PHP_SELF, $_PATH_INFO);
if ($path_info_pos + strlen($_PATH_INFO) === strlen($PMA_PHP_SELF)) {
$PMA_PHP_SELF = substr($PMA_PHP_SELF, 0, $path_info_pos);
}
}
$PMA_PHP_SELF = htmlspecialchars($PMA_PHP_SELF);
/**
* just to be sure there was no import (registering) before here
* we empty the global space (but avoid unsetting $variables_list
* and $key in the foreach(), we still need them!)
*/
$variables_whitelist = array (
'GLOBALS',
'_SERVER',
'_GET',
'_POST',
'_REQUEST',
'_FILES',
'_ENV',
'_COOKIE',
'_SESSION',
'error_handler',
'PMA_PHP_SELF',
'variables_whitelist',
'key'
);
foreach (get_defined_vars() as $key => $value) {
if (! in_array($key, $variables_whitelist)) {
unset($$key);
}
}
unset($key, $value, $variables_whitelist);
/**
* Subforms - some functions need to be called by form, cause of the limited URL
* length, but if this functions inside another form you cannot just open a new
* form - so phpMyAdmin uses 'arrays' inside this form
*
*
*
*
*
* so we now check if a subform is submitted
*/
$__redirect = null;
if (isset($_POST['usesubform'])) {
// if a subform is present and should be used
// the rest of the form is deprecated
$subform_id = key($_POST['usesubform']);
$subform = $_POST['subform'][$subform_id];
$_POST = $subform;
$_REQUEST = $subform;
/**
* some subforms need another page than the main form, so we will just
* include this page at the end of this script - we use $__redirect to
* track this
*/
if (isset($_POST['redirect'])
&& $_POST['redirect'] != basename($PMA_PHP_SELF)) {
$__redirect = $_POST['redirect'];
unset($_POST['redirect']);
}
unset($subform_id, $subform);
} else {
// Note: here we overwrite $_REQUEST so that it does not contain cookies,
// because another application for the same domain could have set
// a cookie (with a compatible path) that overrides a variable
// we expect from GET or POST.
// We'll refer to cookies explicitly with the $_COOKIE syntax.
$_REQUEST = array_merge($_GET, $_POST);
}
// end check if a subform is submitted
// remove quotes added by php
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
PMA_arrayWalkRecursive($_GET, 'stripslashes', true);
PMA_arrayWalkRecursive($_POST, 'stripslashes', true);
PMA_arrayWalkRecursive($_COOKIE, 'stripslashes', true);
PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true);
}
/**
* include deprecated grab_globals only if required
*/
if (empty($__redirect) && !defined('PMA_NO_VARIABLES_IMPORT')) {
require './libraries/grab_globals.lib.php';
}
/**
* check timezone setting
* this could produce an E_STRICT - but only once,
* if not done here it will produce E_STRICT on every date/time function
*
* @todo need to decide how we should handle this (without @)
*/
date_default_timezone_set(@date_default_timezone_get());
/******************************************************************************/
/* parsing configuration file LABEL_parsing_config_file */
/**
* We really need this one!
*/
if (! function_exists('preg_replace')) {
PMA_warnMissingExtension('pcre', true);
}
/**
* @global PMA_Config $GLOBALS['PMA_Config']
* force reading of config file, because we removed sensitive values
* in the previous iteration
*/
$GLOBALS['PMA_Config'] = new PMA_Config(CONFIG_FILE);
if (!defined('PMA_MINIMUM_COMMON')) {
$GLOBALS['PMA_Config']->checkPmaAbsoluteUri();
}
/**
* BC - enable backward compatibility
* exports all configuration settings into $GLOBALS ($GLOBALS['cfg'])
*/
$GLOBALS['PMA_Config']->enableBc();
/**
* clean cookies on upgrade
* when changing something related to PMA cookies, increment the cookie version
*/
$pma_cookie_version = 4;
if (isset($_COOKIE)
&& (isset($_COOKIE['pmaCookieVer'])
&& $_COOKIE['pmaCookieVer'] < $pma_cookie_version)) {
// delete all cookies
foreach($_COOKIE as $cookie_name => $tmp) {
$GLOBALS['PMA_Config']->removeCookie($cookie_name);
}
$_COOKIE = array();
$GLOBALS['PMA_Config']->setCookie('pmaCookieVer', $pma_cookie_version);
}
/**
* check HTTPS connection
*/
if ($GLOBALS['PMA_Config']->get('ForceSSL')
&& !$GLOBALS['PMA_Config']->get('is_https')) {
PMA_sendHeaderLocation(
preg_replace('/^http/', 'https',
$GLOBALS['PMA_Config']->get('PmaAbsoluteUri'))
. PMA_generate_common_url($_GET, 'text'));
// delete the current session, otherwise we get problems (see bug #2397877)
$GLOBALS['PMA_Config']->removeCookie($GLOBALS['session_name']);
exit;
}
/**
* include session handling after the globals, to prevent overwriting
*/
require './libraries/session.inc.php';
/**
* init some variables LABEL_variables_init
*/
/**
* holds parameters to be passed to next page
* @global array $GLOBALS['url_params']
*/
$GLOBALS['url_params'] = array();
/**
* the whitelist for $GLOBALS['goto']
* @global array $goto_whitelist
*/
$goto_whitelist = array(
//'browse_foreigners.php',
//'calendar.php',
//'changelog.php',
//'chk_rel.php',
'db_create.php',
'db_datadict.php',
'db_sql.php',
'db_export.php',
'db_importdocsql.php',
'db_qbe.php',
'db_structure.php',
'db_import.php',
'db_operations.php',
'db_printview.php',
'db_search.php',
//'Documentation.html',
'export.php',
'import.php',
//'index.php',
//'navigation.php',
//'license.php',
'main.php',
'pdf_pages.php',
'pdf_schema.php',
//'phpinfo.php',
'querywindow.php',
//'readme.php',
'server_binlog.php',
'server_collations.php',
'server_databases.php',
'server_engines.php',
'server_export.php',
'server_import.php',
'server_privileges.php',
'server_processlist.php',
'server_sql.php',
'server_status.php',
'server_variables.php',
'sql.php',
'tbl_addfield.php',
'tbl_alter.php',
'tbl_change.php',
'tbl_create.php',
'tbl_import.php',
'tbl_indexes.php',
'tbl_move_copy.php',
'tbl_printview.php',
'tbl_sql.php',
'tbl_export.php',
'tbl_operations.php',
'tbl_structure.php',
'tbl_relation.php',
'tbl_replace.php',
'tbl_row_action.php',
'tbl_select.php',
//'themes.php',
'transformation_overview.php',
'transformation_wrapper.php',
'user_password.php',
);
/**
* check $__redirect against whitelist
*/
if (! PMA_checkPageValidity($__redirect, $goto_whitelist)) {
$__redirect = null;
}
/**
* holds page that should be displayed
* @global string $GLOBALS['goto']
*/
$GLOBALS['goto'] = '';
// Security fix: disallow accessing serious server files via "?goto="
if (PMA_checkPageValidity($_REQUEST['goto'], $goto_whitelist)) {
$GLOBALS['goto'] = $_REQUEST['goto'];
$GLOBALS['url_params']['goto'] = $_REQUEST['goto'];
} else {
unset($_REQUEST['goto'], $_GET['goto'], $_POST['goto'], $_COOKIE['goto']);
}
/**
* returning page
* @global string $GLOBALS['back']
*/
if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) {
$GLOBALS['back'] = $_REQUEST['back'];
} else {
unset($_REQUEST['back'], $_GET['back'], $_POST['back'], $_COOKIE['back']);
}
/**
* Check whether user supplied token is valid, if not remove any possibly
* dangerous stuff from request.
*
* remember that some objects in the session with session_start and __wakeup()
* could access this variables before we reach this point
* f.e. PMA_Config: fontsize
*
* @todo variables should be handled by their respective owners (objects)
* f.e. lang, server, collation_connection in PMA_Config
*/
if (! PMA_isValid($_REQUEST['token']) bool(false)
|