Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/phpMyAdmin/libraries/ drwxr-xr-x |
Viewing file: Select action/file-type: $db) { // garvin: Get comments from PMA comments table $db_tooltip = ''; if ($GLOBALS['cfg']['ShowTooltip'] && $GLOBALS['cfgRelation']['commwork']) { $_db_tooltip = PMA_getComments($db); if (is_array($_db_tooltip)) { $db_tooltip = implode(' ', $_db_tooltip); } } if ($GLOBALS['cfg']['LeftFrameDBTree'] && $GLOBALS['cfg']['LeftFrameDBSeparator'] && strstr($db, $GLOBALS['cfg']['LeftFrameDBSeparator'])) { $pos = strrpos($db, $GLOBALS['cfg']['LeftFrameDBSeparator']); $group = substr($db, 0, $pos); $disp_name_cut = substr($db, $pos); } else { $group = $db; $disp_name_cut = $db; } $disp_name = $db; if ($db_tooltip && $GLOBALS['cfg']['ShowTooltipAliasDB']) { $disp_name = $db_tooltip; $disp_name_cut = $db_tooltip; $db_tooltip = $db; } $dbgroups[$group][$db] = array( 'name' => $db, 'disp_name_cut' => $disp_name_cut, 'disp_name' => $disp_name, 'comment' => $db_tooltip, 'num_tables' => PMA_getTableCount($db), ); } // end foreach ($dblist as $db) return $dbgroups; } /** * returns html code for select form element with dbs * * @return string html code select */ function PMA_getHtmlSelectDb($selected = '') { $dblist = PMA_getDbList(); // TODO: IE can not handle different text directions in select boxes // so, as mostly names will be in english, we set the whole selectbox to LTR // and EN $return = ''; return $return; } /** * returns count of tables in given db * * @param string $db database to count tables for * @return integer count of tables in $db */ function PMA_getTableCount($db) { $tables = PMA_DBI_try_query( 'SHOW TABLES FROM ' . PMA_backquote($db) . ';', null, PMA_DBI_QUERY_STORE); if ($tables) { $num_tables = PMA_DBI_num_rows($tables); PMA_DBI_free_result($tables); } else { $num_tables = 0; } return $num_tables; } /** * Get the complete list of Databases a user can access * * @param boolean whether to include check on failed 'only_db' operations * @param resource database handle (superuser) * @param integer amount of databases inside the 'only_db' container * @param resource possible resource from a failed previous query * @param resource database handle (user) * @param array configuration * @param array previous list of databases * * @return array all databases a user has access to * * @access private */ function PMA_safe_db_list($only_db_check, $controllink, $dblist_cnt, $userlink, $cfg, $dblist) { if ($only_db_check == false) { // try to get the available dbs list // use userlink by default $dblist = PMA_DBI_get_dblist(); $dblist_cnt = count($dblist); // PMA_DBI_get_dblist() relies on the ability to run "SHOW DATABASES". // On servers started with --skip-show-database, this is not possible // so we have here a fallback method, which relies on the controluser // being able to access the "mysql" db, as explained in the doc. if (!$dblist_cnt) { $auth_query = 'SELECT User, Select_priv ' . 'FROM mysql.user ' . 'WHERE User = \'' . PMA_sqlAddslashes($cfg['Server']['user']) . '\''; $rs = PMA_DBI_try_query($auth_query, $controllink); } // end } // Access to "mysql" db allowed and dblist still empty -> gets the // usable db list if (!$dblist_cnt && ($rs && @PMA_DBI_num_rows($rs))) { $row = PMA_DBI_fetch_assoc($rs); PMA_DBI_free_result($rs); // Correction uva 19991215 // Previous code assumed database "mysql" admin table "db" column // "db" contains literal name of user database, and works if so. // Mysql usage generally (and uva usage specifically) allows this // column to contain regular expressions (we have all databases // owned by a given student/faculty/staff beginning with user i.d. // and governed by default by a single set of privileges with // regular expression as key). This breaks previous code. // This maintenance is to fix code to work correctly for regular // expressions. if ($row['Select_priv'] != 'Y') { // 1. get allowed dbs from the "mysql.db" table // lem9: User can be blank (anonymous user) $local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE Select_priv = \'Y\' AND (User = \'' . PMA_sqlAddslashes($cfg['Server']['user']) . '\' OR User = \'\')'; $rs = PMA_DBI_try_query($local_query, $controllink); if ($rs && @PMA_DBI_num_rows($rs)) { // Will use as associative array of the following 2 code // lines: // the 1st is the only line intact from before // correction, // the 2nd replaces $dblist[] = $row['Db']; $uva_mydbs = array(); // Code following those 2 lines in correction continues // populating $dblist[], as previous code did. But it is // now populated with actual database names instead of // with regular expressions. while ($row = PMA_DBI_fetch_assoc($rs)) { // loic1: all databases cases - part 1 if ( !isset($row['Db']) || ! strlen($row['Db']) || $row['Db'] == '%') { $uva_mydbs['%'] = 1; break; } // loic1: avoid multiple entries for dbs if (!isset($uva_mydbs[$row['Db']])) { $uva_mydbs[$row['Db']] = 1; } } // end while PMA_DBI_free_result($rs); $uva_alldbs = PMA_DBI_query('SHOW DATABASES;', $GLOBALS['controllink']); // loic1: all databases cases - part 2 if (isset($uva_mydbs['%'])) { while ($uva_row = PMA_DBI_fetch_row($uva_alldbs)) { $dblist[] = $uva_row[0]; } // end while } else { while ($uva_row = PMA_DBI_fetch_row($uva_alldbs)) { $uva_db = $uva_row[0]; if (isset($uva_mydbs[$uva_db]) && $uva_mydbs[$uva_db] == 1) { $dblist[] = $uva_db; $uva_mydbs[$uva_db] = 0; } elseif (!isset($dblist[$uva_db])) { foreach ($uva_mydbs AS $uva_matchpattern => $uva_value) { // loic1: fixed bad regexp // TODO: db names may contain characters // that are regexp instructions $re = '(^|(\\\\\\\\)+|[^\])'; $uva_regex = ereg_replace($re . '%', '\\1.*', ereg_replace($re . '_', '\\1.{1}', $uva_matchpattern)); // Fixed db name matching // 2000-08-28 -- Benjamin Gandon if (ereg('^' . $uva_regex . '$', $uva_db)) { $dblist[] = $uva_db; break; } } // end while } // end if ... elseif ... } // end while } // end else PMA_DBI_free_result($uva_alldbs); unset($uva_mydbs); } // end if // 2. get allowed dbs from the "mysql.tables_priv" table $local_query = 'SELECT DISTINCT Db FROM mysql.tables_priv WHERE Table_priv LIKE \'%Select%\' AND User = \'' . PMA_sqlAddslashes($cfg['Server']['user']) . '\''; $rs = PMA_DBI_try_query($local_query, $controllink); if ($rs && @PMA_DBI_num_rows($rs)) { while ($row = PMA_DBI_fetch_assoc($rs)) { if (!in_array($row['Db'], $dblist)) { $dblist[] = $row['Db']; } } // end while PMA_DBI_free_result($rs); } // end if } // end if } // end building available dbs from the "mysql" db return $dblist; } /** * Converts numbers like 10M into bytes * * @param string $size * @return integer $size */ function get_real_size($size = 0) { if (!$size) { return 0; } $scan['MB'] = 1048576; $scan['Mb'] = 1048576; $scan['M'] = 1048576; $scan['m'] = 1048576; $scan['KB'] = 1024; $scan['Kb'] = 1024; $scan['K'] = 1024; $scan['k'] = 1024; while (list($key) = each($scan)) { if ((strlen($size) > strlen($key)) && (substr($size, strlen($size) - strlen($key)) == $key)) { $size = substr($size, 0, strlen($size) - strlen($key)) * $scan[$key]; break; } } return $size; } // end function get_real_size() /** * loads php module * * @uses PHP_OS * @uses extension_loaded() * @uses ini_get() * @uses function_exists() * @uses ob_start() * @uses phpinfo() * @uses strip_tags() * @uses ob_get_contents() * @uses ob_end_clean() * @uses preg_match() * @uses strtoupper() * @uses substr() * @uses dl() * @param string $module name if module to load * @return boolean success loading module */ function PMA_dl($module) { static $dl_allowed = null; if (extension_loaded($module)) { return true; } if (null === $dl_allowed) { if (!@ini_get('safe_mode') && @ini_get('enable_dl') && @function_exists('dl')) { ob_start(); phpinfo(INFO_GENERAL); /* Only general info */ $a = strip_tags(ob_get_contents()); ob_end_clean(); if (preg_match('@Thread Safety[[:space:]]*enabled@', $a)) { if (preg_match('@Server API[[:space:]]*\(CGI\|CLI\)@', $a)) { $dl_allowed = true; } else { $dl_allowed = false; } } else { $dl_allowed = true; } } else { $dl_allowed = false; } } if (!$dl_allowed) { return false; } if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { $module_file = 'php_' . $module . '.dll'; } else { $module_file = $module . '.so'; } return @dl($module_file); } /** * merges array recursive like array_merge_recursive() but keyed-values are * always overwritten. * * array PMA_array_merge_recursive(array $array1[, array $array2[, array ...]]) * * @see http://php.net/array_merge * @see http://php.net/array_merge_recursive * @uses func_num_args() * @uses func_get_arg() * @uses is_array() * @uses call_user_func_array() * @param array array to merge * @param array array to merge * @param array ... * @return array merged array */ function PMA_array_merge_recursive() { switch(func_num_args()) { case 0 : return false; break; case 1 : // when does that happen? return func_get_arg(0); break; case 2 : $args = func_get_args(); if (!is_array($args[0]) || !is_array($args[1])) { return $args[1]; } foreach ($args[1] AS $key2 => $value2) { if (isset($args[0][$key2]) && !is_int($key2)) { $args[0][$key2] = PMA_array_merge_recursive($args[0][$key2], $value2); } else { // we erase the parent array, otherwise we cannot override a directive that // contains array elements, like this: // (in config.default.php) $cfg['ForeignKeyDropdownOrder'] = array('id-content','content-id'); // (in config.inc.php) $cfg['ForeignKeyDropdownOrder'] = array('content-id'); if (is_int($key2) && $key2 == 0) { unset($args[0]); } $args[0][$key2] = $value2; } } return $args[0]; break; default : $args = func_get_args(); $args[1] = PMA_array_merge_recursive($args[0], $args[1]); array_shift($args); return call_user_func_array('PMA_array_merge_recursive', $args); break; } } /** * calls $function vor every element in $array recursively * * @param array $array array to walk * @param string $function function to call for every array element */ function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false) { foreach ($array as $key => $value) { if (is_array($value)) { PMA_arrayWalkRecursive($array[$key], $function, $apply_to_keys_also); } else { $array[$key] = $function($value); } if ($apply_to_keys_also && is_string($key)) { $new_key = $function($key); if ($new_key != $key) { $array[$new_key] = $array[$key]; unset($array[$key]); } } } } /** * boolean phpMyAdmin.PMA_checkPageValidity(string &$page, array $whitelist) * * checks given given $page against given $whitelist and returns true if valid * it ignores optionaly query paramters in $page (script.php?ignored) * * @uses in_array() * @uses urldecode() * @uses substr() * @uses strpos() * @param string &$page page to check * @param array $whitelist whitelist to check page against * @return boolean whether $page is valid or not (in $whitelist or not) */ function PMA_checkPageValidity(&$page, $whitelist) { if (! isset($page)) { return false; } if (in_array($page, $whitelist)) { return true; } elseif (in_array(substr($page, 0, strpos($page . '?', '?')), $whitelist)) { return true; } else { $_page = urldecode($page); if (in_array(substr($_page, 0, strpos($_page . '?', '?')), $whitelist)) { return true; } } return false; } /** * trys to find the value for the given environment vriable name * * searchs in $_SERVER, $_ENV than trys getenv() and apache_getenv() * in this order * * @param string $var_name variable name * @return string value of $var or empty string */ function PMA_getenv($var_name) { if (isset($_SERVER[$var_name])) { return $_SERVER[$var_name]; } elseif (isset($_ENV[$var_name])) { return $_ENV[$var_name]; } elseif (getenv($var_name)) { return getenv($var_name); } elseif (function_exists('apache_getenv') && apache_getenv($var_name, true)) { return apache_getenv($var_name, true); } return ''; } /** * include here only libraries which contain only function definitions * no code im main()! */ /* Input sanitizing */ require_once './libraries/sanitizing.lib.php'; require_once './libraries/Theme.class.php'; require_once './libraries/Theme_Manager.class.php'; require_once './libraries/Config.class.php'; if (!defined('PMA_MINIMUM_COMMON')) { /** * Displays the maximum size for an upload * * @param integer the size * * @return string the message * * @access public */ function PMA_displayMaximumUploadSize($max_upload_size) { list($max_size, $max_unit) = PMA_formatByteDown($max_upload_size); return '(' . sprintf($GLOBALS['strMaximumSize'], $max_size, $max_unit) . ')'; } /** * Generates a hidden field which should indicate to the browser * the maximum size for upload * * @param integer the size * * @return string the INPUT field * * @access public */ function PMA_generateHiddenMaxFileSize($max_size) { return ''; } /** * Add slashes before "'" and "\" characters so a value containing them can * be used in a sql comparison. * * @param string the string to slash * @param boolean whether the string will be used in a 'LIKE' clause * (it then requires two more escaped sequences) or not * @param boolean whether to treat cr/lfs as escape-worthy entities * (converts \n to \\n, \r to \\r) * * @param boolean whether this function is used as part of the * "Create PHP code" dialog * * @return string the slashed string * * @access public */ function PMA_sqlAddslashes($a_string = '', $is_like = false, $crlf = false, $php_code = false) { if ($is_like) { $a_string = str_replace('\\', '\\\\\\\\', $a_string); } else { $a_string = str_replace('\\', '\\\\', $a_string); } if ($crlf) { $a_string = str_replace("\n", '\n', $a_string); $a_string = str_replace("\r", '\r', $a_string); $a_string = str_replace("\t", '\t', $a_string); } if ($php_code) { $a_string = str_replace('\'', '\\\'', $a_string); } else { $a_string = str_replace('\'', '\'\'', $a_string); } return $a_string; } // end of the 'PMA_sqlAddslashes()' function /** * Add slashes before "_" and "%" characters for using them in MySQL * database, table and field names. * Note: This function does not escape backslashes! * * @param string the string to escape * * @return string the escaped string * * @access public */ function PMA_escape_mysql_wildcards($name) { $name = str_replace('_', '\\_', $name); $name = str_replace('%', '\\%', $name); return $name; } // end of the 'PMA_escape_mysql_wildcards()' function /** * removes slashes before "_" and "%" characters * Note: This function does not unescape backslashes! * * @param string $name the string to escape * @return string the escaped string * @access public */ function PMA_unescape_mysql_wildcards($name) { $name = str_replace('\\_', '_', $name); $name = str_replace('\\%', '%', $name); return $name; } // end of the 'PMA_unescape_mysql_wildcards()' function /** * format sql strings * * @param mixed pre-parsed SQL structure * * @return string the formatted sql * * @global array the configuration array * @global boolean whether the current statement is a multiple one or not * * @access public * * @author Robin Johnson ' . "\n" . (($cfg['SQP']['fmtType'] == 'none' && $unparsed_sql != '') ? $unparsed_sql : $parsed_sql) . "\n" . ''; return $formatted_sql; } $formatted_sql = ''; switch ($cfg['SQP']['fmtType']) { case 'none': if ($unparsed_sql != '') { $formatted_sql = " \n" . PMA_SQP_formatNone(array('raw' => $unparsed_sql)) . "\n"; } else { $formatted_sql = PMA_SQP_formatNone($parsed_sql); } break; case 'html': $formatted_sql = PMA_SQP_formatHtml($parsed_sql, 'color'); break; case 'text': //$formatted_sql = PMA_SQP_formatText($parsed_sql); $formatted_sql = PMA_SQP_formatHtml($parsed_sql, 'text'); break; default: break; } // end switch return $formatted_sql; } // end of the "PMA_formatSql()" function /** * Displays a link to the official MySQL documentation * * @param string chapter of "HTML, one page per chapter" documentation * @param string contains name of page/anchor that is being linked * @param bool whether to use big icon (like in left frame) * * @return string the html link * * @access public */ function PMA_showMySQLDocu($chapter, $link, $big_icon = false) { global $cfg; if ($cfg['MySQLManualType'] == 'none' || empty($cfg['MySQLManualBase'])) { return ''; } // Fixup for newly used names: $chapter = str_replace('_', '-', strtolower($chapter)); $link = str_replace('_', '-', strtolower($link)); switch ($cfg['MySQLManualType']) { case 'chapters': if (empty($chapter)) { $chapter = 'index'; } $url = $cfg['MySQLManualBase'] . '/' . $chapter . '.html#' . $link; break; case 'big': $url = $cfg['MySQLManualBase'] . '#' . $link; break; case 'searchable': if (empty($link)) { $link = 'index'; } $url = $cfg['MySQLManualBase'] . '/' . $link . '.html'; break; case 'viewable': default: if (empty($link)) { $link = 'index'; } $mysql = '5.0'; if (defined('PMA_MYSQL_INT_VERSION')) { if (PMA_MYSQL_INT_VERSION < 50000) { $mysql = '4.1'; } elseif (PMA_MYSQL_INT_VERSION >= 50100) { $mysql = '5.1'; } elseif (PMA_MYSQL_INT_VERSION >= 50000) { $mysql = '5.0'; } } $url = $cfg['MySQLManualBase'] . '/' . $mysql . '/en/' . $link . '.html'; break; } if ($big_icon) { return ' ![]() ![]() ![]() ![]() ' . $GLOBALS['strError'] . '' . "\n"; // if the config password is wrong, or the MySQL server does not // respond, do not show the query that would reveal the // username/password if (!empty($the_query) && !strstr($the_query, 'connect')) { // --- Added to solve bug #641765 // Robbat2 - 12 January 2003, 9:46PM // Revised, Robbat2 - 13 January 2003, 2:59PM if (function_exists('PMA_SQP_isError') && PMA_SQP_isError()) { echo PMA_SQP_getErrorString() . "\n"; echo '' . "\n"; } // --- // modified to show me the help on sql errors (Michael Keck) echo ' ' . $GLOBALS['strSQLQuery'] . ':' . "\n";
if (strstr(strtolower($formatted_sql), 'select')) { // please show me help to the error on select
echo PMA_showMySQLDocu('SQL-Syntax', 'SELECT');
}
if ($is_modify_link && isset($db)) {
if (isset($table)) {
$doedit_goto = '';
} else {
$doedit_goto = '';
}
if ($GLOBALS['cfg']['PropertiesIconic']) {
echo $doedit_goto
. ' ' . "\n" .' ' . $formatted_sql . "\n" .' ' . "\n"; } // end if $tmp_mysql_error = ''; // for saving the original $error_message if (!empty($error_message)) { $tmp_mysql_error = strtolower($error_message); // save the original $error_message $error_message = htmlspecialchars($error_message); $error_message = preg_replace("@((\015\012)|(\015)|(\012)){3,}@", "\n\n", $error_message); } // modified to show me the help on error-returns (Michael Keck) echo '' . "\n" . ' ' . $GLOBALS['strMySQLSaid'] . '' . PMA_showMySQLDocu('Error-returns', 'Error-returns') . "\n" . ' ' . "\n"; // The error message will be displayed within a CODE segment. // To preserve original formatting, but allow wordwrapping, we do a couple of replacements // Replace all non-single blanks with their HTML-counterpart $error_message = str_replace(' ', ' ', $error_message); // Replace TAB-characters with their HTML-counterpart $error_message = str_replace("\t", ' ', $error_message); // Replace linebreaks $error_message = nl2br($error_message); echo '' . "\n"
. $error_message . "\n"
. ' ' . "\n"; // feature request #1036254: // Add a link by MySQL-Error #1062 - Duplicate entry // 2004-10-20 by mkkeck // 2005-01-17 modified by mkkeck bugfix if (substr($error_message, 1, 4) == '1062') { // get the duplicate entry // get table name // TODO: what would be the best delimiter, while avoiding // special characters that can become high-ascii after editing, // depending upon which editor is used by the developer? $error_table = array(); if (preg_match('@ALTER\s*TABLE\s*\`([^\`]+)\`@iu', $the_query, $error_table)) { $error_table = $error_table[1]; } elseif (preg_match('@INSERT\s*INTO\s*\`([^\`]+)\`@iu', $the_query, $error_table)) { $error_table = $error_table[1]; } elseif (preg_match('@UPDATE\s*\`([^\`]+)\`@iu', $the_query, $error_table)) { $error_table = $error_table[1]; } elseif (preg_match('@INSERT\s*\`([^\`]+)\`@iu', $the_query, $error_table)) { $error_table = $error_table[1]; } // get fields $error_fields = array(); if (preg_match('@\(([^\)]+)\)@i', $the_query, $error_fields)) { $error_fields = explode(',', $error_fields[1]); } elseif (preg_match('@(`[^`]+`)\s*=@i', $the_query, $error_fields)) { $error_fields = explode(',', $error_fields[1]); } if (is_array($error_table) || is_array($error_fields)) { // duplicate value $duplicate_value = array(); preg_match('@\'([^\']+)\'@i', $tmp_mysql_error, $duplicate_value); $duplicate_value = $duplicate_value[1]; $sql = ' SELECT * FROM ' . PMA_backquote($error_table) . ' WHERE CONCAT_WS("-", ' . implode(', ', $error_fields) . ') = "' . PMA_sqlAddslashes($duplicate_value) . '" ORDER BY ' . implode(', ', $error_fields); unset($error_table, $error_fields, $duplicate_value); echo ' ' . "\n"; unset($sql); } } // end of show duplicate entry echo '
* echo PMA_backquote('owner`s db'); // `owner``s db`
*
*
* @param mixed $a_name the database, table or field name to "backquote"
* or array of it
* @param boolean $do_it a flag to bypass this function (used by dump
* functions)
* @return mixed the "backquoted" database, table or field name if the
* current MySQL release is >= 3.23.6, the original one
* else
* @access public
*/
function PMA_backquote($a_name, $do_it = true)
{
if (! $do_it) {
return $a_name;
}
if (is_array($a_name)) {
$result = array();
foreach ($a_name as $key => $val) {
$result[$key] = PMA_backquote($val);
}
return $result;
}
// '0' is also empty for php :-(
if (strlen($a_name) && $a_name != '*') {
return '`' . str_replace('`', '``', $a_name) . '`';
} else {
return $a_name;
}
} // end of the 'PMA_backquote()' function
/**
* Format a string so it can be passed to a javascript function.
* This function is used to displays a javascript confirmation box for
* "DROP/DELETE/ALTER" queries.
*
* @param string the string to format
* @param boolean whether to add backquotes to the string or not
*
* @return string the formated string
*
* @access public
*/
function PMA_jsFormat($a_string = '', $add_backquotes = true)
{
if (is_string($a_string)) {
$a_string = htmlspecialchars($a_string);
$a_string = str_replace('\\', '\\\\', $a_string);
$a_string = str_replace('\'', '\\\'', $a_string);
$a_string = str_replace('#', '\\#', $a_string);
$a_string = str_replace("\012", '\\\\n', $a_string);
$a_string = str_replace("\015", '\\\\r', $a_string);
}
return (($add_backquotes) ? PMA_backquote($a_string) : $a_string);
} // end of the 'PMA_jsFormat()' function
/**
* Defines the
';
}
if ($cfg['ShowSQL'] == true
&& (!empty($GLOBALS['sql_query']) || !empty($GLOBALS['display_query']))) {
$local_query = !empty($GLOBALS['display_query']) ? $GLOBALS['display_query'] : (($cfg['SQP']['fmtType'] == 'none' && isset($GLOBALS['unparsed_sql']) && $GLOBALS['unparsed_sql'] != '') ? $GLOBALS['unparsed_sql'] : $GLOBALS['sql_query']);
// Basic url query part
$url_qpart = '?' . PMA_generate_common_url(isset($GLOBALS['db']) ? $GLOBALS['db'] : '', isset($GLOBALS['table']) ? $GLOBALS['table'] : '');
// Html format the query to be displayed
// The nl2br function isn't used because its result isn't a valid
// xhtml1.0 statement before php4.0.5 (" " and not " ") // If we want to show some sql code it is easiest to create it here /* SQL-Parser-Analyzer */ if (!empty($GLOBALS['show_as_php'])) { $new_line = '\' ' . "\n" . ' . \' '; } if (isset($new_line)) { /* SQL-Parser-Analyzer */ $query_base = PMA_sqlAddslashes(htmlspecialchars($local_query), false, false, true); /* SQL-Parser-Analyzer */ $query_base = preg_replace("@((\015\012)|(\015)|(\012))+@", $new_line, $query_base); } else { $query_base = $local_query; } // Parse SQL if needed if (isset($GLOBALS['parsed_sql']) && $query_base == $GLOBALS['parsed_sql']['raw']) { $parsed_sql = $GLOBALS['parsed_sql']; } else { // when the query is large (for example an INSERT of binary // data), the parser chokes; so avoid parsing it if (strlen($query_base) < 1000) { $parsed_sql = PMA_SQP_parse($query_base); } } // Analyze it if (isset($parsed_sql)) { $analyzed_display_query = PMA_SQP_analyze($parsed_sql); } // Here we append the LIMIT added for navigation, to // enable its display. Adding it higher in the code // to $local_query would create a problem when // using the Refresh or Edit links. // Only append it on SELECTs. // FIXME: what would be the best to do when someone // hits Refresh: use the current LIMITs ? if (isset($analyzed_display_query[0]['queryflags']['select_from']) && isset($GLOBALS['sql_limit_to_append'])) { $query_base = $analyzed_display_query[0]['section_before_limit'] . "\n" . $GLOBALS['sql_limit_to_append'] . $analyzed_display_query[0]['section_after_limit']; // Need to reparse query $parsed_sql = PMA_SQP_parse($query_base); } if (!empty($GLOBALS['show_as_php'])) { $query_base = '$sql = \'' . $query_base; } elseif (!empty($GLOBALS['validatequery'])) { $query_base = PMA_validateSQL($query_base); } else { if (isset($parsed_sql)) { $query_base = PMA_formatSql($parsed_sql, $query_base); } } // Prepares links that may be displayed to edit/explain the query // (don't go to default pages, we must go to the page // where the query box is available) // (also, I don't see why we should check the goto variable) //if (!isset($GLOBALS['goto'])) { //$edit_target = (isset($GLOBALS['table'])) ? $cfg['DefaultTabTable'] : $cfg['DefaultTabDatabase']; $edit_target = isset($GLOBALS['db']) ? (isset($GLOBALS['table']) ? 'tbl_properties.php' : 'db_details.php') : 'server_sql.php'; //} elseif ($GLOBALS['goto'] != 'main.php') { // $edit_target = $GLOBALS['goto']; //} else { // $edit_target = ''; //} if (isset($cfg['SQLQuery']['Edit']) && ($cfg['SQLQuery']['Edit'] == true) && (!empty($edit_target))) { if ($cfg['EditInWindow'] == true) { $onclick = 'window.parent.focus_querywindow(\'' . urlencode($local_query) . '\'); return false;'; } else { $onclick = ''; } $edit_link = $edit_target . $url_qpart . '&sql_query=' . urlencode($local_query) . '&show_query=1#querybox'; $edit_link = ' [' . PMA_linkOrButton($edit_link, $GLOBALS['strEdit'], array('onclick' => $onclick)) . ']'; } else { $edit_link = ''; } // Want to have the query explained (Mike Beck 2002-05-22) // but only explain a SELECT (that has not been explained) /* SQL-Parser-Analyzer */ if (isset($cfg['SQLQuery']['Explain']) && $cfg['SQLQuery']['Explain'] == true) { // Detect if we are validating as well // To preserve the validate uRL data if (!empty($GLOBALS['validatequery'])) { $explain_link_validate = '&validatequery=1'; } else { $explain_link_validate = ''; } $explain_link = 'import.php' . $url_qpart . $explain_link_validate . '&sql_query='; if (preg_match('@^SELECT[[:space:]]+@i', $local_query)) { $explain_link .= urlencode('EXPLAIN ' . $local_query); $message = $GLOBALS['strExplain']; } elseif (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $local_query)) { $explain_link .= urlencode(substr($local_query, 8)); $message = $GLOBALS['strNoExplain']; } else { $explain_link = ''; } if (!empty($explain_link)) { $explain_link = ' [' . PMA_linkOrButton($explain_link, $message) . ']'; } } else { $explain_link = ''; } //show explain // Also we would like to get the SQL formed in some nice // php-code (Mike Beck 2002-05-22) if (isset($cfg['SQLQuery']['ShowAsPHP']) && $cfg['SQLQuery']['ShowAsPHP'] == true) { $php_link = 'import.php' . $url_qpart . '&show_query=1' . '&sql_query=' . urlencode($local_query) . '&show_as_php='; if (!empty($GLOBALS['show_as_php'])) { $php_link .= '0'; $message = $GLOBALS['strNoPhp']; } else { $php_link .= '1'; $message = $GLOBALS['strPhp']; } $php_link = ' [' . PMA_linkOrButton($php_link, $message) . ']'; if (isset($GLOBALS['show_as_php']) && $GLOBALS['show_as_php'] == '1') { $runquery_link = 'import.php' . $url_qpart . '&show_query=1' . '&sql_query=' . urlencode($local_query); $php_link .= ' [' . PMA_linkOrButton($runquery_link, $GLOBALS['strRunQuery']) . ']'; } } else { $php_link = ''; } //show as php // Refresh query if (isset($cfg['SQLQuery']['Refresh']) && $cfg['SQLQuery']['Refresh'] && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $local_query)) { $refresh_link = 'import.php' . $url_qpart . '&show_query=1' . (isset($_GET['pos']) ? '&pos=' . $_GET['pos'] : '') . '&sql_query=' . urlencode($local_query); $refresh_link = ' [' . PMA_linkOrButton($refresh_link, $GLOBALS['strRefresh']) . ']'; } else { $refresh_link = ''; } //show as php if (isset($cfg['SQLValidator']['use']) && $cfg['SQLValidator']['use'] == true && isset($cfg['SQLQuery']['Validate']) && $cfg['SQLQuery']['Validate'] == true) { $validate_link = 'import.php' . $url_qpart . '&show_query=1' . '&sql_query=' . urlencode($local_query) . '&validatequery='; if (!empty($GLOBALS['validatequery'])) { $validate_link .= '0'; $validate_message = $GLOBALS['strNoValidateSQL'] ; } else { $validate_link .= '1'; $validate_message = $GLOBALS['strValidateSQL'] ; } $validate_link = ' [' . PMA_linkOrButton($validate_link, $validate_message) . ']'; } else { $validate_link = ''; } //validator unset($local_query); // Displays the message echo '' . "\n"; if (!empty($edit_target)) { echo ''; } } ?> = 1; $d--, $ex-=3) { if (isset($GLOBALS['byteUnits'][$d]) && $value >= $li * pow(10, $ex)) { $value = round($value / (pow(1024, $d) / $dh)) /$dh; $unit = $GLOBALS['byteUnits'][$d]; break 1; } // end if } // end for if ($unit != $GLOBALS['byteUnits'][0]) { $return_value = number_format($value, $comma, $GLOBALS['number_decimal_separator'], $GLOBALS['number_thousands_separator']); } else { $return_value = number_format($value, 0, $GLOBALS['number_decimal_separator'], $GLOBALS['number_thousands_separator']); } return array($return_value, $unit); } // end of the 'PMA_formatByteDown' function /** * Formats $value to the given length and appends SI prefixes * $comma is not substracted from the length * with a $length of 0 no truncation occurs, number is only formated * to the current locale *
* echo PMA_formatNumber(123456789, 6); // 123,457 k
* echo PMA_formatNumber(-123456789, 4, 2); // -123.46 M
* echo PMA_formatNumber(-0.003, 6); // -3 m
* echo PMA_formatNumber(0.003, 3, 3); // 0.003
* echo PMA_formatNumber(0.00003, 3, 2); // 0.03 m
* echo PMA_formatNumber(0, 6); // 0
*
* @param double $value the value to format
* @param integer $length the max length
* @param integer $comma the number of decimals to retain
* @param boolean $only_down do not reformat numbers below 1
*
* @return string the formatted value and its unit
*
* @access public
*
* @author staybyte, sebastian mendel
* @version 1.1.0 - 2005-10-27
*/
function PMA_formatNumber($value, $length = 3, $comma = 0, $only_down = false)
{
if ($length === 0) {
return number_format($value,
$comma,
$GLOBALS['number_decimal_separator'],
$GLOBALS['number_thousands_separator']);
}
// this units needs no translation, ISO
$units = array(
-8 => 'y',
-7 => 'z',
-6 => 'a',
-5 => 'f',
-4 => 'p',
-3 => 'n',
-2 => 'µ',
-1 => 'm',
0 => ' ',
1 => 'k',
2 => 'M',
3 => 'G',
4 => 'T',
5 => 'P',
6 => 'E',
7 => 'Z',
8 => 'Y'
);
// we need at least 3 digits to be displayed
if (3 > $length + $comma) {
$length = 3 - $comma;
}
// check for negativ value to retain sign
if ($value < 0) {
$sign = '-';
$value = abs($value);
} else {
$sign = '';
}
$dh = pow(10, $comma);
$li = pow(10, $length);
$unit = $units[0];
if ($value >= 1) {
for ($d = 8; $d >= 0; $d--) {
if (isset($units[$d]) && $value >= $li * pow(1000, $d-1)) {
$value = round($value / (pow(1000, $d) / $dh)) /$dh;
$unit = $units[$d];
break 1;
} // end if
} // end for
} elseif (!$only_down && (float) $value !== 0.0) {
for ($d = -8; $d <= 8; $d++) {
if (isset($units[$d]) && $value <= $li * pow(1000, $d-1)) {
$value = round($value / (pow(1000, $d) / $dh)) /$dh;
$unit = $units[$d];
break 1;
} // end if
} // end for
} // end if ($value >= 1) elseif (!$only_down && (float) $value !== 0.0)
$value = number_format($value,
$comma,
$GLOBALS['number_decimal_separator'],
$GLOBALS['number_thousands_separator']);
return $sign . $value . ' ' . $unit;
} // end of the 'PMA_formatNumber' function
/**
* Extracts ENUM / SET options from a type definition string
*
* @param string The column type definition
*
* @return array The options or
* boolean false in case of an error.
*
* @author rabus
*/
function PMA_getEnumSetOptions($type_def)
{
$open = strpos($type_def, '(');
$close = strrpos($type_def, ')');
if (!$open || !$close) {
return false;
}
$options = substr($type_def, $open + 2, $close - $open - 3);
$options = explode('\',\'', $options);
return $options;
} // end of the 'PMA_getEnumSetOptions' function
/**
* Writes localised date
*
* @param string the current timestamp
*
* @return string the formatted date
*
* @access public
*/
function PMA_localisedDate($timestamp = -1, $format = '')
{
global $datefmt, $month, $day_of_week;
if ($format == '') {
$format = $datefmt;
}
if ($timestamp == -1) {
$timestamp = time();
}
$date = preg_replace('@%[aA]@', $day_of_week[(int)strftime('%w', $timestamp)], $format);
$date = preg_replace('@%[bB]@', $month[(int)strftime('%m', $timestamp)-1], $date);
return strftime($date, $timestamp);
} // end of the 'PMA_localisedDate()' function
/**
* returns a tab for tabbed navigation.
* If the variables $link and $args ar left empty, an inactive tab is created
*
* @uses array_merge()
* basename()
* $GLOBALS['strEmpty']
* $GLOBALS['strDrop']
* $GLOBALS['active_page']
* $GLOBALS['PHP_SELF']
* htmlentities()
* PMA_generate_common_url()
* $GLOBALS['url_query']
* urlencode()
* $GLOBALS['cfg']['MainPageIconic']
* $GLOBALS['pmaThemeImage']
* sprintf()
* trigger_error()
* E_USER_NOTICE
* @param array $tab array with all options
* @return string html code for one tab, a link if valid otherwise a span
* @access public
*/
function PMA_getTab($tab)
{
// default values
$defaults = array(
'text' => '',
'class' => '',
'active' => false,
'link' => '',
'sep' => '?',
'attr' => '',
'args' => '',
);
$tab = array_merge($defaults, $tab);
// determine additionnal style-class
if (empty($tab['class'])) {
if ($tab['text'] == $GLOBALS['strEmpty']
|| $tab['text'] == $GLOBALS['strDrop']) {
$tab['class'] = 'caution';
} elseif (!empty($tab['active'])
|| (isset($GLOBALS['active_page'])
&& $GLOBALS['active_page'] == $tab['link'])
|| basename(PMA_getenv('PHP_SELF')) == $tab['link'])
{
$tab['class'] = 'active';
}
}
// build the link
if (!empty($tab['link'])) {
$tab['link'] = htmlentities($tab['link']);
$tab['link'] = $tab['link'] . $tab['sep']
.(empty($GLOBALS['url_query']) ?
PMA_generate_common_url() : $GLOBALS['url_query']);
if (!empty($tab['args'])) {
foreach ($tab['args'] as $param => $value) {
$tab['link'] .= '&' . urlencode($param) . '='
. urlencode($value);
}
}
}
// display icon, even if iconic is disabled but the link-text is missing
if (($GLOBALS['cfg']['MainPageIconic'] || empty($tab['text']))
&& isset($tab['icon'])) {
$image = '' . "\n"
.' ' . "\n";
return $tab_navigation;
}
/**
* Displays a link, or a button if the link's URL is too large, to
* accommodate some browsers' limitations
*
* @param string the URL
* @param string the link message
* @param mixed $tag_params string: js confirmation
* array: additional tag params (f.e. style="")
* @param boolean $new_form we set this to false when we are already in
* a form, to avoid generating nested forms
*
* @return string the results to be echoed or saved in an array
*/
function PMA_linkOrButton($url, $message, $tag_params = array(),
$new_form = true, $strip_img = false, $target = '')
{
if (! is_array($tag_params)) {
$tmp = $tag_params;
$tag_params = array();
if (!empty($tmp)) {
$tag_params['onclick'] = 'return confirmLink(this, \'' . $tmp . '\')';
}
unset($tmp);
}
if (! empty($target)) {
$tag_params['target'] = htmlentities($target);
}
$tag_params_strings = array();
foreach ($tag_params as $par_name => $par_value) {
// htmlentities() only on non javascript
$par_value = substr($par_name, 0, 2) == 'on'
? $par_value
: htmlentities($par_value);
$tag_params_strings[] = $par_name . '="' . $par_value . '"';
}
// previously the limit was set to 2047, it seems 1000 is better
if (strlen($url) <= 1000) {
// no whitespace within an else Safari will make it part of the link
$ret = "\n" . ''
. $message . '' . "\n";
} else {
// no spaces (linebreaks) at all
// or after the hidden fields
// IE will display them all
// add class=link to submit button
if (empty($tag_params['class'])) {
$tag_params['class'] = 'link';
}
$url = str_replace('&', '&', $url);
$url_parts = parse_url($url);
$query_parts = explode('&', $url_parts['query']);
if ($new_form) {
$ret = '';
}
} // end if... else...
return $ret;
} // end of the 'PMA_linkOrButton()' function
/**
* Returns a given timespan value in a readable format.
*
* @param int the timespan
*
* @return string the formatted value
*/
function PMA_timespanFormat($seconds)
{
$return_string = '';
$days = floor($seconds / 86400);
if ($days > 0) {
$seconds -= $days * 86400;
}
$hours = floor($seconds / 3600);
if ($days > 0 || $hours > 0) {
$seconds -= $hours * 3600;
}
$minutes = floor($seconds / 60);
if ($days > 0 || $hours > 0 || $minutes > 0) {
$seconds -= $minutes * 60;
}
return sprintf($GLOBALS['timespanfmt'], (string)$days, (string)$hours, (string)$minutes, (string)$seconds);
}
/**
* Takes a string and outputs each character on a line for itself. Used
* mainly for horizontalflipped display mode.
* Takes care of special html-characters.
* Fulfills todo-item
* http://sf.net/tracker/?func=detail&aid=544361&group_id=23067&atid=377411
*
* @param string The string
* @param string The Separator (defaults to "
\n") * * @access public * @author Garvin Hicking \n") { $format_string = ''; $charbuff = false; for ($i = 0; $i < strlen($string); $i++) { $char = $string{$i}; $append = false; if ($char == '&') { $format_string .= $charbuff; $charbuff = $char; $append = true; } elseif (!empty($charbuff)) { $charbuff .= $char; } elseif ($char == ';' && !empty($charbuff)) { $format_string .= $charbuff; $charbuff = false; $append = true; } else { $format_string .= $char; $append = true; } if ($append && ($i != strlen($string))) { $format_string .= $Separator; } } return $format_string; } /** * Function added to avoid path disclosures. * Called by each script that needs parameters, it displays * an error message and, by default, stops the execution. * * Not sure we could use a strMissingParameter message here, * would have to check if the error message file is always available * * @param array The names of the parameters needed by the calling * script. * @param boolean Stop the execution? * (Set this manually to false in the calling script * until you know all needed parameters to check). * @param boolean Whether to include this list in checking for special params. * @global string path to current script * @global boolean flag whether any special variable was required * * @access public * @author Marc Delisle (lem9@users.sourceforge.net) */ function PMA_checkParameters($params, $die = true, $request = true) { global $PHP_SELF, $checked_special; if (!isset($checked_special)) { $checked_special = false; } $reported_script_name = basename($PHP_SELF); $found_error = false; $error_message = ''; foreach ($params AS $param) { if ($request && $param != 'db' && $param != 'table') { $checked_special = true; } if (!isset($GLOBALS[$param])) { $error_message .= $reported_script_name . ': Missing parameter: ' . $param . ' (FAQ 2.8) '; $found_error = true; } } if ($found_error) { require_once './libraries/header_meta_style.inc.php'; echo ' ' . $error_message . ' |