Viewing file:  core.lib.php (24.35 KB) -rw-rw-rw-
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Core functions used all over the scripts.
* This script is distinct from libraries/common.inc.php because this
* script is called from /test.
*
* @package PhpMyAdmin
*/
if (! defined('PHPMYADMIN')) {
exit;
}
/**
* checks given $var and returns it if valid, or $default of not valid
* given $var is also checked for type being 'similar' as $default
* or against any other type if $type is provided
*
* <code>
* // $_REQUEST['db'] not set
* echo PMA_ifSetOr($_REQUEST['db'], ''); // ''
* // $_REQUEST['sql_query'] not set
* echo PMA_ifSetOr($_REQUEST['sql_query']); // null
* // $cfg['ForceSSL'] not set
* echo PMA_ifSetOr($cfg['ForceSSL'], false, 'boolean'); // false
* echo PMA_ifSetOr($cfg['ForceSSL']); // null
* // $cfg['ForceSSL'] set to 1
* echo PMA_ifSetOr($cfg['ForceSSL'], false, 'boolean'); // false
* echo PMA_ifSetOr($cfg['ForceSSL'], false, 'similar'); // 1
* echo PMA_ifSetOr($cfg['ForceSSL'], false); // 1
* // $cfg['ForceSSL'] set to true
* echo PMA_ifSetOr($cfg['ForceSSL'], false, 'boolean'); // true
* </code>
*
* @param mixed &$var param to check
* @param mixed $default default value
* @param mixed $type var type or array of values to check against $var
*
* @return mixed $var or $default
*
* @see PMA_isValid()
*/
function PMA_ifSetOr(&$var, $default = null, $type = 'similar')
{
if (! PMA_isValid($var, $type, $default)) {
return $default;
}
return $var;
}
/**
* checks given $var against $type or $compare
*
* $type can be:
* - false : no type checking
* - 'scalar' : whether type of $var is integer, float, string or boolean
* - 'numeric' : whether type of $var is any number representation
* - 'length' : whether type of $var is scalar with a string length > 0
* - 'similar' : whether type of $var is similar to type of $compare
* - 'equal' : whether type of $var is identical to type of $compare
* - 'identical' : whether $var is identical to $compare, not only the type!
* - or any other valid PHP variable type
*
* <code>
* // $_REQUEST['doit'] = true;
* PMA_isValid($_REQUEST['doit'], 'identical', 'true'); // false
* // $_REQUEST['doit'] = 'true';
* PMA_isValid($_REQUEST['doit'], 'identical', 'true'); // true
* </code>
*
* NOTE: call-by-reference is used to not get NOTICE on undefined vars,
* but the var is not altered inside this function, also after checking a var
* this var exists nut is not set, example:
* <code>
* // $var is not set
* isset($var); // false
* functionCallByReference($var); // false
* isset($var); // true
* functionCallByReference($var); // true
* </code>
*
* to avoid this we set this var to null if not isset
*
* @param mixed &$var variable to check
* @param mixed $type var type or array of valid values to check against $var
* @param mixed $compare var to compare with $var
*
* @return boolean whether valid or not
*
* @todo add some more var types like hex, bin, ...?
* @see http://php.net/gettype
*/
function PMA_isValid(&$var, $type = 'length', $compare = null)
{
if (! isset($var)) {
// var is not even set
return false;
}
if ($type === false) {
// no vartype requested
return true;
}
if (is_array($type)) {
return in_array($var, $type);
}
// allow some aliaes of var types
$type = strtolower($type);
switch ($type) {
case 'identic' :
$type = 'identical';
break;
case 'len' :
$type = 'length';
break;
case 'bool' :
$type = 'boolean';
break;
case 'float' :
$type = 'double';
break;
case 'int' :
$type = 'integer';
break;
case 'null' :
$type = 'NULL';
break;
}
if ($type === 'identical') {
return $var === $compare;
}
// whether we should check against given $compare
if ($type === 'similar') {
switch (gettype($compare)) {
case 'string':
case 'boolean':
$type = 'scalar';
break;
case 'integer':
case 'double':
$type = 'numeric';
break;
default:
$type = gettype($compare);
}
} elseif ($type === 'equal') {
$type = gettype($compare);
}
// do the check
if ($type === 'length' || $type === 'scalar') {
$is_scalar = is_scalar($var);
if ($is_scalar && $type === 'length') {
return (bool) strlen($var);
}
return $is_scalar;
}
if ($type === 'numeric') {
return is_numeric($var);
}
if (gettype($var) === $type) {
return true;
}
return false;
}
/**
* Removes insecure parts in a path; used before include() or
* require() when a part of the path comes from an insecure source
* like a cookie or form.
*
* @param string $path The path to check
*
* @return string The secured path
*
* @access public
*/
function PMA_securePath($path)
{
// change .. to .
$path = preg_replace('@\.\.*@', '.', $path);
return $path;
} // end function
/**
* displays the given error message on phpMyAdmin error page in foreign language,
* ends script execution and closes session
*
* loads language file if not loaded already
*
* @param string $error_message the error message or named error message
* @param string|array $message_args arguments applied to $error_message
* @param boolean $delete_session whether to delete session cookie
*
* @return void
*/
function PMA_fatalError(
$error_message, $message_args = null, $delete_session = true
) {
/* Use format string if applicable */
if (is_string($message_args)) {
$error_message = sprintf($error_message, $message_args);
} elseif (is_array($message_args)) {
$error_message = vsprintf($error_message, $message_args);
}
if ($GLOBALS['is_ajax_request']) {
$response = PMA_Response::getInstance();
$response->isSuccess(false);
$response->addJSON('message', PMA_Message::error($error_message));
} else {
$error_message = strtr($error_message, array('<br />' => '[br]'));
/* Load gettext for fatal errors */
if (!function_exists('__')) {
include_once './libraries/php-gettext/gettext.inc';
}
// these variables are used in the included file libraries/error.inc.php
$error_header = __('Error');
$lang = $GLOBALS['available_languages'][$GLOBALS['lang']][1];
$dir = $GLOBALS['text_dir'];
// on fatal errors it cannot hurt to always delete the current session
if ($delete_session
&& isset($GLOBALS['session_name'])
&& isset($_COOKIE[$GLOBALS['session_name']])
) {
$GLOBALS['PMA_Config']->removeCookie($GLOBALS['session_name']);
}
// Displays the error message
include './libraries/error.inc.php';
}
if (! defined('TESTSUITE')) {
exit;
}
}
/**
* Returns a link to the PHP documentation
*
* @param string $target anchor in documentation
*
* @return string the URL
*
* @access public
*/
function PMA_getPHPDocLink($target)
{
/* List of PHP documentation translations */
$php_doc_languages = array(
'pt_BR', 'zh', 'fr', 'de', 'it', 'ja', 'pl', 'ro', 'ru', 'fa', 'es', 'tr'
);
$lang = 'en';
if (in_array($GLOBALS['lang'], $php_doc_languages)) {
$lang = $GLOBALS['lang'];
}
return PMA_linkURL('http://php.net/manual/' . $lang . '/' . $target);
}
/**
* Warn or fail on missing extension.
*
* @param string $extension Extension name
* @param bool $fatal Whether the error is fatal.
* @param string $extra Extra string to append to messsage.
*
* @return void
*/
function PMA_warnMissingExtension($extension, $fatal = false, $extra = '')
{
/* Gettext does not have to be loaded yet here */
if (function_exists('__')) {
$message = __(
'The %s extension is missing. Please check your PHP configuration.'
);
} else {
$message
= 'The %s extension is missing. Please check your PHP configuration.';
}
$doclink = PMA_getPHPDocLink('book.' . $extension . '.php');
$message = sprintf(
$message,
'[a@' . $doclink . '@Documentation][em]' . $extension . '[/em][/a]'
);
if ($extra != '') {
$message .= ' ' . $extra;
}
if ($fatal) {
PMA_fatalError($message);
return;
}
$GLOBALS['error_handler']->addError(
$message,
E_USER_WARNING,
'',
'',
false
);
}
/**
* returns count of tables in given db
*
* @param string $db database to count tables for
*
* @return integer count of tables in $db
*/
function PMA_getTableCount($db)
{
$tables = $GLOBALS['dbi']->tryQuery(
'SHOW TABLES FROM ' . PMA_Util::backquote($db) . ';',
null, PMA_DatabaseInterface::QUERY_STORE
);
if ($tables) {
$num_tables = $GLOBALS['dbi']->numRows($tables);
$GLOBALS['dbi']->freeResult($tables);
} else {
$num_tables = 0;
}
return $num_tables;
}
/**
* Converts numbers like 10M into bytes
* Used with permission from Moodle (http://moodle.org) by Martin Dougiamas
* (renamed with PMA prefix to avoid double definition when embedded
* in Moodle)
*
* @param string|int $size size (Default = 0)
*
* @return integer $size
*/
function PMA_getRealSize($size = 0)
{
if (! $size) {
return 0;
}
$scan = array();
$scan['gb'] = 1073741824; //1024 * 1024 * 1024;
$scan['g'] = 1073741824; //1024 * 1024 * 1024;
$scan['mb'] = 1048576;
$scan['m'] = 1048576;
$scan['kb'] = 1024;
$scan['k'] = 1024;
$scan['b'] = 1;
foreach ($scan as $unit => $factor) {
if (strlen($size) > strlen($unit)
&& strtolower(substr($size, strlen($size) - strlen($unit))) == $unit
) {
return substr($size, 0, strlen($size) - strlen($unit)) * $factor;
}
}
return $size;
} // end function PMA_getRealSize()
/**
* merges array recursive like array_merge_recursive() but keyed-values are
* always overwritten.
*
* array PMA_arrayMergeRecursive(array $array1[, array $array2[, array ...]])
*
* @return array merged array
*
* @see http://php.net/array_merge
* @see http://php.net/array_merge_recursive
*/
function PMA_arrayMergeRecursive()
{
switch(func_num_args()) {
case 0 :
return false;
break;
case 1 :
// when does that happen?
return func_get_arg(0);
break;
case 2 :
$args = func_get_args();
if (! is_array($args[0]) || ! is_array($args[1])) {
return $args[1];
}
foreach ($args[1] as $key2 => $value2) {
if (isset($args[0][$key2]) && !is_int($key2)) {
$args[0][$key2] = PMA_arrayMergeRecursive(
$args[0][$key2], $value2
);
} else {
// we erase the parent array, otherwise we cannot override
// a directive that contains array elements, like this:
// (in config.default.php)
// $cfg['ForeignKeyDropdownOrder']= array('id-content','content-id');
// (in config.inc.php)
// $cfg['ForeignKeyDropdownOrder']= array('content-id');
if (is_int($key2) && $key2 == 0) {
unset($args[0]);
}
$args[0][$key2] = $value2;
}
}
return $args[0];
break;
default :
$args = func_get_args();
$args[1] = PMA_arrayMergeRecursive($args[0], $args[1]);
array_shift($args);
return call_user_func_array('PMA_arrayMergeRecursive', $args);
break;
}
}
/**
* calls $function for every element in $array recursively
*
* this function is protected against deep recursion attack CVE-2006-1549,
* 1000 seems to be more than enough
*
* @param array &$array array to walk
* @param string $function function to call for every array element
* @param bool $apply_to_keys_also whether to call the function for the keys also
*
* @return void
*
* @see http://www.php-security.org/MOPB/MOPB-02-2007.html
* @see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1549
*/
function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false)
{
static $recursive_counter = 0;
$walked_keys = array();
if (++$recursive_counter > 1000) {
PMA_fatalError(__('possible deep recursion attack'));
}
foreach ($array as $key => $value) {
if (isset($walked_keys[$key])) {
continue;
}
$walked_keys[$key] = true;
if (is_array($value)) {
PMA_arrayWalkRecursive($array[$key], $function, $apply_to_keys_also);
} else {
$array[$key] = $function($value);
}
if ($apply_to_keys_also && is_string($key)) {
$new_key = $function($key);
if ($new_key != $key) {
$array[$new_key] = $array[$key];
unset($array[$key]);
$walked_keys[$new_key] = true;
}
}
}
$recursive_counter--;
}
/**
* boolean phpMyAdmin.PMA_checkPageValidity(string &$page, array $whitelist)
*
* checks given $page against given $whitelist and returns true if valid
* it optionally ignores query parameters in $page (script.php?ignored)
*
* @param string &$page page to check
* @param array $whitelist whitelist to check page against
*
* @return boolean whether $page is valid or not (in $whitelist or not)
*/
function PMA_checkPageValidity(&$page, $whitelist)
{
if (! isset($page) || !is_string($page)) {
return false;
}
if (in_array($page, $whitelist)) {
return true;
}
if (in_array(substr($page, 0, strpos($page . '?', '?')), $whitelist)) {
return true;
}
$_page = urldecode($page);
if (in_array(substr($_page, 0, strpos($_page . '?', '?')), $whitelist)) {
return true;
}
return false;
}
/**
* tries to find the value for the given environment variable name
*
* searches in $_SERVER, $_ENV then tries getenv() and apache_getenv()
* in this order
*
* @param string $var_name variable name
*
* @return string value of $var or empty string
*/
function PMA_getenv($var_name)
{
if (isset($_SERVER[$var_name])) {
return $_SERVER[$var_name];
}
if (isset($_ENV[$var_name])) {
return $_ENV[$var_name];
}
if (getenv($var_name)) {
return getenv($var_name);
}
if (function_exists('apache_getenv')
&& apache_getenv($var_name, true)
) {
return apache_getenv($var_name, true);
}
return '';
}
/**
* Send HTTP header, taking IIS limits into account (600 seems ok)
*
* @param string $uri the header to send
* @param bool $use_refresh whether to use Refresh: header when running on IIS
*
* @return boolean always true
*/
function PMA_sendHeaderLocation($uri, $use_refresh = false)
{
if (PMA_IS_IIS && strlen($uri) > 600) {
include_once './libraries/js_escape.lib.php';
PMA_Response::getInstance()->disable();
echo '<html><head><title>- - -</title>' . "\n";
echo '<meta http-equiv="expires" content="0">' . "\n";
echo '<meta http-equiv="Pragma" content="no-cache">' . "\n";
echo '<meta http-equiv="Cache-Control" content="no-cache">' . "\n";
echo '<meta http-equiv="Refresh" content="0;url='
. htmlspecialchars($uri) . '">' . "\n";
echo '<script type="text/javascript">' . "\n";
echo '//<![CDATA[' . "\n";
echo 'setTimeout("window.location = unescape(\'"'
. PMA_escapeJsString($uri) . '"\')", 2000);' . "\n";
echo '//]]>' . "\n";
echo '</script>' . "\n";
echo '</head>' . "\n";
echo '<body>' . "\n";
echo '<script type="text/javascript">' . "\n";
echo '//<![CDATA[' . "\n";
echo 'document.write(\'<p><a href="' . htmlspecialchars($uri) . '">'
. __('Go') . '</a></p>\');' . "\n";
echo '//]]>' . "\n";
echo '</script></body></html>' . "\n";
return;
}
if (SID) {
if (strpos($uri, '?') === false) {
header('Location: ' . $uri . '?' . SID);
} else {
$separator = PMA_URL_getArgSeparator();
header('Location: ' . $uri . $separator . SID);
}
return;
}
session_write_close();
if (headers_sent()) {
if (function_exists('debug_print_backtrace')) {
echo '<pre>';
debug_print_backtrace();
echo '</pre>';
}
trigger_error(
'PMA_sendHeaderLocation called when headers are already sent!',
E_USER_ERROR
);
}
// bug #1523784: IE6 does not like 'Refresh: 0', it
// results in a blank page
// but we need it when coming from the cookie login panel)
if (PMA_IS_IIS && $use_refresh) {
header('Refresh: 0; ' . $uri);
} else {
header('Location: ' . $uri);
}
}
/**
* Outputs headers to prevent caching in browser (and on the way).
*
* @return void
*/
function PMA_noCacheHeader()
{
if (defined('TESTSUITE')) {
return;
}
// rfc2616 - Section 14.21
header('Expires: ' . date(DATE_RFC1123));
// HTTP/1.1
header(
'Cache-Control: no-store, no-cache, must-revalidate,'
. ' pre-check=0, post-check=0, max-age=0'
);
if (PMA_USR_BROWSER_AGENT == 'IE') {
/* On SSL IE sometimes fails with:
*
* Internet Explorer was not able to open this Internet site. The
* requested site is either unavailable or cannot be found. Please
* try again later.
*
* Adding Pragma: public fixes this.
*/
header('Pragma: public');
return;
}
header('Pragma: no-cache'); // HTTP/1.0
// test case: exporting a database into a .gz file with Safari
// would produce files not having the current time
// (added this header for Safari but should not harm other browsers)
header('Last-Modified: ' . date(DATE_RFC1123));
}
/**
* Sends header indicating file download.
*
* @param string $filename Filename to include in headers if empty,
* none Content-Disposition header will be sent.
* @param string $mimetype MIME type to include in headers.
* @param int $length Length of content (optional)
* @param bool $no_cache Whether to include no-caching headers.
*
* @return void
*/
function PMA_downloadHeader($filename, $mimetype, $length = 0, $no_cache = true)
{
if ($no_cache) {
PMA_noCacheHeader();
}
/* Replace all possibly dangerous chars in filename */
$filename = str_replace(array(';', '"', "\n", "\r"), '-', $filename);
if (!empty($filename)) {
header('Content-Description: File Transfer');
header('Content-Disposition: attachment; filename="' . $filename . '"');
}
header('Content-Type: ' . $mimetype);
// inform the server that compression has been done,
// to avoid a double compression (for example with Apache + mod_deflate)
if (strpos($mimetype, 'gzip') !== false) {
header('Content-Encoding: gzip');
}
header('Content-Transfer-Encoding: binary');
if ($length > 0) {
header('Content-Length: ' . $length);
}
}
/**
* Checks whether element given by $path exists in $array.
* $path is a string describing position of an element in an associative array,
* eg. Servers/1/host refers to $array[Servers][1][host]
*
* @param string $path path in the arry
* @param array $array the array
*
* @return mixed array element or $default
*/
function PMA_arrayKeyExists($path, $array)
{
$keys = explode('/', $path);
$value =& $array;
foreach ($keys as $key) {
if (! isset($value[$key])) {
return false;
}
$value =& $value[$key];
}
return true;
}
/**
* Returns value of an element in $array given by $path.
* $path is a string describing position of an element in an associative array,
* eg. Servers/1/host refers to $array[Servers][1][host]
*
* @param string $path path in the arry
* @param array $array the array
* @param mixed $default default value
*
* @return mixed array element or $default
*/
function PMA_arrayRead($path, $array, $default = null)
{
$keys = explode('/', $path);
$value =& $array;
foreach ($keys as $key) {
if (! isset($value[$key])) {
return $default;
}
$value =& $value[$key];
}
return $value;
}
/**
* Stores value in an array
*
* @param string $path path in the array
* @param array &$array the array
* @param mixed $value value to store
*
* @return void
*/
function PMA_arrayWrite($path, &$array, $value)
{
$keys = explode('/', $path);
$last_key = array_pop($keys);
$a =& $array;
foreach ($keys as $key) {
if (! isset($a[$key])) {
$a[$key] = array();
}
$a =& $a[$key];
}
$a[$last_key] = $value;
}
/**
* Removes value from an array
*
* @param string $path path in the array
* @param array &$array the array
*
* @return void
*/
function PMA_arrayRemove($path, &$array)
{
$keys = explode('/', $path);
$keys_last = array_pop($keys);
$path = array();
$depth = 0;
$path[0] =& $array;
$found = true;
// go as deep as required or possible
foreach ($keys as $key) {
if (! isset($path[$depth][$key])) {
$found = false;
break;
}
$depth++;
$path[$depth] =& $path[$depth-1][$key];
}
// if element found, remove it
if ($found) {
unset($path[$depth][$keys_last]);
$depth--;
}
// remove empty nested arrays
for (; $depth >= 0; $depth--) {
if (! isset($path[$depth+1]) || count($path[$depth+1]) == 0) {
unset($path[$depth][$keys[$depth]]);
} else {
break;
}
}
}
/**
* Returns link to (possibly) external site using defined redirector.
*
* @param string $url URL where to go.
*
* @return string URL for a link.
*/
function PMA_linkURL($url)
{
if (!preg_match('#^https?://#', $url) || defined('PMA_SETUP')) {
return $url;
}
if (!function_exists('PMA_URL_getCommon')) {
include_once './libraries/url_generating.lib.php';
}
$params = array();
$params['url'] = $url;
$url = PMA_URL_getCommon($params);
//strip off token and such sensitive information. Just keep url.
$arr = parse_url($url);
parse_str($arr["query"], $vars);
$query = http_build_query(array("url" => $vars["url"]));
$url = './url.php?' . $query;
return $url;
}
/**
* Checks whether domain of URL is whitelisted domain or not.
* Use only for URLs of external sites.
*
* @param string $url URL of external site.
*
* @return boolean.True:if domain of $url is allowed domain, False:otherwise.
*/
function PMA_isAllowedDomain($url)
{
$arr = parse_url($url);
$domain = $arr["host"];
$domainWhiteList = array(
/* Include current domain */
$_SERVER['SERVER_NAME'],
/* phpMyAdmin domains */
'wiki.phpmyadmin.net', 'www.phpmyadmin.net', 'phpmyadmin.net',
'docs.phpmyadmin.net',
/* mysql.com domains */
'dev.mysql.com','bugs.mysql.com',
/* php.net domains */
'php.net',
/* Github domains*/
'github.com','www.github.com',
/* Following are doubtful ones. */
'www.primebase.com','pbxt.blogspot.com'
);
if (in_array(strtolower($domain), $domainWhiteList)) {
return true;
}
return false;
}
/**
* Adds JS code snippets to be displayed by the PMA_Response class.
* Adds a newline to each snippet.
*
* @param string $str Js code to be added (e.g. "token=1234;")
*
* @return void
*/
function PMA_addJSCode($str)
{
$response = PMA_Response::getInstance();
$header = $response->getHeader();
$scripts = $header->getScripts();
$scripts->addCode($str);
}
/**
* Adds JS code snippet for variable assignment
* to be displayed by the PMA_Response class.
*
* @param string $key Name of value to set
* @param mixed $value Value to set, can be either string or array of strings
* @param bool $escape Whether to escape value or keep it as it is
* (for inclusion of js code)
*
* @return void
*/
function PMA_addJSVar($key, $value, $escape = true)
{
PMA_addJSCode(PMA_getJsValue($key, $value, $escape));
}
?>
|