From 04d6d5ca99ebfd1cebb8ce06618fb3811fc1a8aa Mon Sep 17 00:00:00 2001 From: Charles Date: Thu, 9 Jan 2020 10:55:03 +0100 Subject: phpmyadmin working --- srcs/phpmyadmin/libraries/classes/Util.php | 4975 ++++++++++++++++++++++++++++ 1 file changed, 4975 insertions(+) create mode 100644 srcs/phpmyadmin/libraries/classes/Util.php (limited to 'srcs/phpmyadmin/libraries/classes/Util.php') diff --git a/srcs/phpmyadmin/libraries/classes/Util.php b/srcs/phpmyadmin/libraries/classes/Util.php new file mode 100644 index 0000000..ad7bcdf --- /dev/null +++ b/srcs/phpmyadmin/libraries/classes/Util.php @@ -0,0 +1,4975 @@ +'; + if ($include_icon) { + $button .= self::getImage($icon, $alternate); + } + if ($include_icon && $include_text) { + $button .= ' '; + } + if ($include_text) { + $button .= $alternate; + } + $button .= $menu_icon ? '' : ''; + + return $button; + } + + /** + * Returns an HTML IMG tag for a particular image from a theme + * + * The image name should match CSS class defined in icons.css.php + * + * @param string $image The name of the file to get + * @param string $alternate Used to set 'alt' and 'title' attributes + * of the image + * @param array $attributes An associative array of other attributes + * + * @return string an html IMG tag + */ + public static function getImage($image, $alternate = '', array $attributes = []) + { + $alternate = htmlspecialchars($alternate); + + if (isset($attributes['class'])) { + $attributes['class'] = "icon ic_$image " . $attributes['class']; + } else { + $attributes['class'] = "icon ic_$image"; + } + + // set all other attributes + $attr_str = ''; + foreach ($attributes as $key => $value) { + if (! in_array($key, ['alt', 'title'])) { + $attr_str .= " $key=\"$value\""; + } + } + + // override the alt attribute + if (isset($attributes['alt'])) { + $alt = $attributes['alt']; + } else { + $alt = $alternate; + } + + // override the title attribute + if (isset($attributes['title'])) { + $title = $attributes['title']; + } else { + $title = $alternate; + } + + // generate the IMG tag + $template = '%s'; + return sprintf($template, $title, $alt, $attr_str); + } + + /** + * Returns the formatted maximum size for an upload + * + * @param integer $max_upload_size the size + * + * @return string the message + * + * @access public + */ + public static function getFormattedMaximumUploadSize($max_upload_size) + { + // I have to reduce the second parameter (sensitiveness) from 6 to 4 + // to avoid weird results like 512 kKib + list($max_size, $max_unit) = self::formatByteDown($max_upload_size, 4); + return '(' . sprintf(__('Max: %s%s'), $max_size, $max_unit) . ')'; + } + + /** + * Generates a hidden field which should indicate to the browser + * the maximum size for upload + * + * @param integer $max_size the size + * + * @return string the INPUT field + * + * @access public + */ + public static function generateHiddenMaxFileSize($max_size) + { + return ''; + } + + /** + * Add slashes before "_" and "%" characters for using them in MySQL + * database, table and field names. + * Note: This function does not escape backslashes! + * + * @param string $name the string to escape + * + * @return string the escaped string + * + * @access public + */ + public static function escapeMysqlWildcards($name) + { + return strtr($name, ['_' => '\\_', '%' => '\\%']); + } // end of the 'escapeMysqlWildcards()' function + + /** + * removes slashes before "_" and "%" characters + * Note: This function does not unescape backslashes! + * + * @param string $name the string to escape + * + * @return string the escaped string + * + * @access public + */ + public static function unescapeMysqlWildcards($name) + { + return strtr($name, ['\\_' => '_', '\\%' => '%']); + } // end of the 'unescapeMysqlWildcards()' function + + /** + * removes quotes (',",`) from a quoted string + * + * checks if the string is quoted and removes this quotes + * + * @param string $quoted_string string to remove quotes from + * @param string $quote type of quote to remove + * + * @return string unqoted string + */ + public static function unQuote($quoted_string, $quote = null) + { + $quotes = []; + + if ($quote === null) { + $quotes[] = '`'; + $quotes[] = '"'; + $quotes[] = "'"; + } else { + $quotes[] = $quote; + } + + foreach ($quotes as $quote) { + if (mb_substr($quoted_string, 0, 1) === $quote + && mb_substr($quoted_string, -1, 1) === $quote + ) { + $unquoted_string = mb_substr($quoted_string, 1, -1); + // replace escaped quotes + $unquoted_string = str_replace( + $quote . $quote, + $quote, + $unquoted_string + ); + return $unquoted_string; + } + } + + return $quoted_string; + } + + /** + * format sql strings + * + * @param string $sqlQuery raw SQL string + * @param boolean $truncate truncate the query if it is too long + * + * @return string the formatted sql + * + * @global array $cfg the configuration array + * + * @access public + * @todo move into PMA_Sql + */ + public static function formatSql($sqlQuery, $truncate = false) + { + global $cfg; + + if ($truncate + && mb_strlen($sqlQuery) > $cfg['MaxCharactersInDisplayedSQL'] + ) { + $sqlQuery = mb_substr( + $sqlQuery, + 0, + $cfg['MaxCharactersInDisplayedSQL'] + ) . '[...]'; + } + return '
' . "\n"
+            . htmlspecialchars($sqlQuery) . "\n"
+            . '
'; + } // end of the "formatSql()" function + + /** + * Displays a button to copy content to clipboard + * + * @param string $text Text to copy to clipboard + * + * @return string the html link + * + * @access public + */ + public static function showCopyToClipboard($text) + { + $open_link = ' ' . __('Copy') . ''; + return $open_link; + } // end of the 'showCopyToClipboard()' function + + /** + * Displays a link to the documentation as an icon + * + * @param string $link documentation link + * @param string $target optional link target + * @param boolean $bbcode optional flag indicating whether to output bbcode + * + * @return string the html link + * + * @access public + */ + public static function showDocLink($link, $target = 'documentation', $bbcode = false) + { + if ($bbcode) { + return "[a@$link@$target][dochelpicon][/a]"; + } + + return '' + . self::getImage('b_help', __('Documentation')) + . ''; + } // end of the 'showDocLink()' function + + /** + * Get a URL link to the official MySQL documentation + * + * @param string $link contains name of page/anchor that is being linked + * @param string $anchor anchor to page part + * + * @return string the URL link + * + * @access public + */ + public static function getMySQLDocuURL($link, $anchor = '') + { + // Fixup for newly used names: + $link = str_replace('_', '-', mb_strtolower($link)); + + if (empty($link)) { + $link = 'index'; + } + $mysql = '5.5'; + $lang = 'en'; + if (isset($GLOBALS['dbi'])) { + $serverVersion = $GLOBALS['dbi']->getVersion(); + if ($serverVersion >= 50700) { + $mysql = '5.7'; + } elseif ($serverVersion >= 50600) { + $mysql = '5.6'; + } elseif ($serverVersion >= 50500) { + $mysql = '5.5'; + } + } + $url = 'https://dev.mysql.com/doc/refman/' + . $mysql . '/' . $lang . '/' . $link . '.html'; + if (! empty($anchor)) { + $url .= '#' . $anchor; + } + + return Core::linkURL($url); + } + + /** + * Get a link to variable documentation + * + * @param string $name The variable name + * @param boolean $useMariaDB Use only MariaDB documentation + * @param string $text (optional) The text for the link + * @return string link or empty string + */ + public static function linkToVarDocumentation( + string $name, + bool $useMariaDB = false, + string $text = null + ): string { + $html = ''; + try { + $type = KBSearch::MYSQL; + if ($useMariaDB) { + $type = KBSearch::MARIADB; + } + $docLink = KBSearch::getByName($name, $type); + $html = Util::showMySQLDocu( + $name, + false, + $docLink, + $text + ); + } catch (KBException $e) { + unset($e);// phpstan workaround + } + return $html; + } + + /** + * Displays a link to the official MySQL documentation + * + * @param string $link contains name of page/anchor that is being linked + * @param bool $bigIcon whether to use big icon (like in left frame) + * @param string|null $url href attribute + * @param string|null $text text of link + * @param string $anchor anchor to page part + * + * @return string the html link + * + * @access public + */ + public static function showMySQLDocu( + $link, + bool $bigIcon = false, + $url = null, + $text = null, + $anchor = '' + ): string { + if ($url === null) { + $url = self::getMySQLDocuURL($link, $anchor); + } + $openLink = ''; + $closeLink = ''; + $html = ''; + + if ($bigIcon) { + $html = $openLink . + self::getImage('b_sqlhelp', __('Documentation')) + . $closeLink; + } elseif ($text !== null) { + $html = $openLink . $text . $closeLink; + } else { + $html = self::showDocLink($url, 'mysql_doc'); + } + + return $html; + } // end of the 'showMySQLDocu()' function + + /** + * Returns link to documentation. + * + * @param string $page Page in documentation + * @param string $anchor Optional anchor in page + * + * @return string URL + */ + public static function getDocuLink($page, $anchor = '') + { + /* Construct base URL */ + $url = $page . '.html'; + if (! empty($anchor)) { + $url .= '#' . $anchor; + } + + /* Check if we have built local documentation, however + * provide consistent URL for testsuite + */ + if (! defined('TESTSUITE') && @file_exists(ROOT_PATH . 'doc/html/index.html')) { + return 'doc/html/' . $url; + } + + return Core::linkURL('https://docs.phpmyadmin.net/en/latest/' . $url); + } + + /** + * Displays a link to the phpMyAdmin documentation + * + * @param string $page Page in documentation + * @param string $anchor Optional anchor in page + * @param boolean $bbcode Optional flag indicating whether to output bbcode + * + * @return string the html link + * + * @access public + */ + public static function showDocu($page, $anchor = '', $bbcode = false) + { + return self::showDocLink(self::getDocuLink($page, $anchor), 'documentation', $bbcode); + } // end of the 'showDocu()' function + + /** + * Displays a link to the PHP documentation + * + * @param string $target anchor in documentation + * + * @return string the html link + * + * @access public + */ + public static function showPHPDocu($target) + { + $url = Core::getPHPDocLink($target); + + return self::showDocLink($url); + } // end of the 'showPHPDocu()' function + + /** + * Returns HTML code for a tooltip + * + * @param string $message the message for the tooltip + * + * @return string + * + * @access public + */ + public static function showHint($message) + { + if ($GLOBALS['cfg']['ShowHint']) { + $classClause = ' class="pma_hint"'; + } else { + $classClause = ''; + } + return '' + . self::getImage('b_help') + . '' . $message . '' + . ''; + } + + /** + * Displays a MySQL error message in the main panel when $exit is true. + * Returns the error message otherwise. + * + * @param string|bool $server_msg Server's error message. + * @param string $sql_query The SQL query that failed. + * @param bool $is_modify_link Whether to show a "modify" link or not. + * @param string $back_url URL for the "back" link (full path is + * not required). + * @param bool $exit Whether execution should be stopped or + * the error message should be returned. + * + * @return string + * + * @global string $table The current table. + * @global string $db The current database. + * + * @access public + */ + public static function mysqlDie( + $server_msg = '', + $sql_query = '', + $is_modify_link = true, + $back_url = '', + $exit = true + ) { + global $table, $db; + + /** + * Error message to be built. + * @var string $error_msg + */ + $error_msg = ''; + + // Checking for any server errors. + if (empty($server_msg)) { + $server_msg = $GLOBALS['dbi']->getError(); + } + + // Finding the query that failed, if not specified. + if (empty($sql_query) && ! empty($GLOBALS['sql_query'])) { + $sql_query = $GLOBALS['sql_query']; + } + $sql_query = trim($sql_query); + + /** + * The lexer used for analysis. + * @var Lexer $lexer + */ + $lexer = new Lexer($sql_query); + + /** + * The parser used for analysis. + * @var Parser $parser + */ + $parser = new Parser($lexer->list); + + /** + * The errors found by the lexer and the parser. + * @var array $errors + */ + $errors = ParserError::get([$lexer, $parser]); + + if (empty($sql_query)) { + $formatted_sql = ''; + } elseif (count($errors)) { + $formatted_sql = htmlspecialchars($sql_query); + } else { + $formatted_sql = self::formatSql($sql_query, true); + } + + $error_msg .= '

' . __('Error') . '

'; + + // For security reasons, if the MySQL refuses the connection, the query + // is hidden so no details are revealed. + if (! empty($sql_query) && ! mb_strstr($sql_query, 'connect')) { + // Static analysis errors. + if (! empty($errors)) { + $error_msg .= '

' . __('Static analysis:') + . '

'; + $error_msg .= '

' . sprintf( + __('%d errors were found during analysis.'), + count($errors) + ) . '

'; + $error_msg .= '

    '; + $error_msg .= implode( + ParserError::format( + $errors, + '
  1. %2$s (near "%4$s" at position %5$d)
    2. ' + ) + ); + $error_msg .= '

'; + } + + // Display the SQL query and link to MySQL documentation. + $error_msg .= '

' . __('SQL query:') . '' . self::showCopyToClipboard($sql_query) . "\n"; + $formattedSqlToLower = mb_strtolower($formatted_sql); + + // TODO: Show documentation for all statement types. + if (mb_strstr($formattedSqlToLower, 'select')) { + // please show me help to the error on select + $error_msg .= self::showMySQLDocu('SELECT'); + } + + if ($is_modify_link) { + $_url_params = [ + 'sql_query' => $sql_query, + 'show_query' => 1, + ]; + if (strlen($table) > 0) { + $_url_params['db'] = $db; + $_url_params['table'] = $table; + $doedit_goto = ''; + } elseif (strlen($db) > 0) { + $_url_params['db'] = $db; + $doedit_goto = ''; + } else { + $doedit_goto = ''; + } + + $error_msg .= $doedit_goto + . self::getIcon('b_edit', __('Edit')) + . ''; + } + + $error_msg .= '

' . "\n" + . '

' . "\n" + . $formatted_sql . "\n" + . '

' . "\n"; + } + + // Display server's error. + if (! empty($server_msg)) { + $server_msg = preg_replace( + "@((\015\012)|(\015)|(\012)){3,}@", + "\n\n", + $server_msg + ); + + // Adds a link to MySQL documentation. + $error_msg .= '

' . "\n" + . ' ' . __('MySQL said: ') . '' + . self::showMySQLDocu('Error-messages-server') + . "\n" + . '

' . "\n"; + + // The error message will be displayed within a CODE segment. + // To preserve original formatting, but allow word-wrapping, + // a couple of replacements are done. + // All non-single blanks and TAB-characters are replaced with their + // HTML-counterpart + $server_msg = str_replace( + [ + ' ', + "\t", + ], + [ + '  ', + '    ', + ], + $server_msg + ); + + // Replace line breaks + $server_msg = nl2br($server_msg); + + $error_msg .= '' . $server_msg . '
'; + } + + $error_msg .= '
'; + $_SESSION['Import_message']['message'] = $error_msg; + + if (! $exit) { + return $error_msg; + } + + /** + * If this is an AJAX request, there is no "Back" link and + * `Response()` is used to send the response. + */ + $response = Response::getInstance(); + if ($response->isAjax()) { + $response->setRequestStatus(false); + $response->addJSON('message', $error_msg); + exit; + } + + if (! empty($back_url)) { + if (mb_strstr($back_url, '?')) { + $back_url .= '&no_history=true'; + } else { + $back_url .= '?no_history=true'; + } + + $_SESSION['Import_message']['go_back_url'] = $back_url; + + $error_msg .= '
' + . '[ ' . __('Back') . ' ]' + . '
' . "\n\n"; + } + + exit($error_msg); + } + + /** + * Check the correct row count + * + * @param string $db the db name + * @param array $table the table infos + * + * @return int the possibly modified row count + * + */ + private static function _checkRowCount($db, array $table) + { + $rowCount = 0; + + if ($table['Rows'] === null) { + // Do not check exact row count here, + // if row count is invalid possibly the table is defect + // and this would break the navigation panel; + // but we can check row count if this is a view or the + // information_schema database + // since Table::countRecords() returns a limited row count + // in this case. + + // set this because Table::countRecords() can use it + $tbl_is_view = $table['TABLE_TYPE'] == 'VIEW'; + + if ($tbl_is_view || $GLOBALS['dbi']->isSystemSchema($db)) { + $rowCount = $GLOBALS['dbi'] + ->getTable($db, $table['Name']) + ->countRecords(); + } + } + return $rowCount; + } + + /** + * returns array with tables of given db with extended information and grouped + * + * @param string $db name of db + * @param string $tables name of tables + * @param integer $limit_offset list offset + * @param int|bool $limit_count max tables to return + * + * @return array (recursive) grouped table list + */ + public static function getTableList( + $db, + $tables = null, + $limit_offset = 0, + $limit_count = false + ) { + $sep = $GLOBALS['cfg']['NavigationTreeTableSeparator']; + + if ($tables === null) { + $tables = $GLOBALS['dbi']->getTablesFull( + $db, + '', + false, + $limit_offset, + $limit_count + ); + if ($GLOBALS['cfg']['NaturalOrder']) { + uksort($tables, 'strnatcasecmp'); + } + } + + if (count($tables) < 1) { + return $tables; + } + + $default = [ + 'Name' => '', + 'Rows' => 0, + 'Comment' => '', + 'disp_name' => '', + ]; + + $table_groups = []; + + foreach ($tables as $table_name => $table) { + $table['Rows'] = self::_checkRowCount($db, $table); + + // in $group we save the reference to the place in $table_groups + // where to store the table info + if ($GLOBALS['cfg']['NavigationTreeEnableGrouping'] + && $sep && mb_strstr($table_name, $sep) + ) { + $parts = explode($sep, $table_name); + + $group =& $table_groups; + $i = 0; + $group_name_full = ''; + $parts_cnt = count($parts) - 1; + + while (($i < $parts_cnt) + && ($i < $GLOBALS['cfg']['NavigationTreeTableLevel']) + ) { + $group_name = $parts[$i] . $sep; + $group_name_full .= $group_name; + + if (! isset($group[$group_name])) { + $group[$group_name] = []; + $group[$group_name]['is' . $sep . 'group'] = true; + $group[$group_name]['tab' . $sep . 'count'] = 1; + $group[$group_name]['tab' . $sep . 'group'] + = $group_name_full; + } elseif (! isset($group[$group_name]['is' . $sep . 'group'])) { + $table = $group[$group_name]; + $group[$group_name] = []; + $group[$group_name][$group_name] = $table; + $group[$group_name]['is' . $sep . 'group'] = true; + $group[$group_name]['tab' . $sep . 'count'] = 1; + $group[$group_name]['tab' . $sep . 'group'] + = $group_name_full; + } else { + $group[$group_name]['tab' . $sep . 'count']++; + } + + $group =& $group[$group_name]; + $i++; + } + } else { + if (! isset($table_groups[$table_name])) { + $table_groups[$table_name] = []; + } + $group =& $table_groups; + } + + $table['disp_name'] = $table['Name']; + $group[$table_name] = array_merge($default, $table); + } + + return $table_groups; + } + + /* ----------------------- Set of misc functions ----------------------- */ + + /** + * Adds backquotes on both sides of a database, table or field name. + * and escapes backquotes inside the name with another backquote + * + * example: + * + * echo backquote('owner`s db'); // `owner``s db` + * + * + * + * @param mixed $a_name the database, table or field name to "backquote" + * or array of it + * @param boolean $do_it a flag to bypass this function (used by dump + * functions) + * + * @return mixed the "backquoted" database, table or field name + * + * @access public + */ + public static function backquote($a_name, $do_it = true) + { + if (is_array($a_name)) { + foreach ($a_name as &$data) { + $data = self::backquote($data, $do_it); + } + return $a_name; + } + + if (! $do_it) { + if (! (Context::isKeyword($a_name) & Token::FLAG_KEYWORD_RESERVED) + ) { + return $a_name; + } + } + + // '0' is also empty for php :-( + if (strlen((string) $a_name) > 0 && $a_name !== '*') { + return '`' . str_replace('`', '``', (string) $a_name) . '`'; + } + + return $a_name; + } // end of the 'backquote()' function + + /** + * Adds backquotes on both sides of a database, table or field name. + * in compatibility mode + * + * example: + * + * echo backquoteCompat('owner`s db'); // `owner``s db` + * + * + * + * @param mixed $a_name the database, table or field name to + * "backquote" or array of it + * @param string $compatibility string compatibility mode (used by dump + * functions) + * @param boolean $do_it a flag to bypass this function (used by dump + * functions) + * + * @return mixed the "backquoted" database, table or field name + * + * @access public + */ + public static function backquoteCompat( + $a_name, + $compatibility = 'MSSQL', + $do_it = true + ) { + if (is_array($a_name)) { + foreach ($a_name as &$data) { + $data = self::backquoteCompat($data, $compatibility, $do_it); + } + return $a_name; + } + + if (! $do_it) { + if (! Context::isKeyword($a_name)) { + return $a_name; + } + } + + // @todo add more compatibility cases (ORACLE for example) + switch ($compatibility) { + case 'MSSQL': + $quote = '"'; + break; + default: + $quote = "`"; + break; + } + + // '0' is also empty for php :-( + if (strlen((string) $a_name) > 0 && $a_name !== '*') { + return $quote . $a_name . $quote; + } + + return $a_name; + } // end of the 'backquoteCompat()' function + + /** + * Prepare the message and the query + * usually the message is the result of the query executed + * + * @param Message|string $message the message to display + * @param string $sql_query the query to display + * @param string $type the type (level) of the message + * + * @return string + * + * @access public + */ + public static function getMessage( + $message, + $sql_query = null, + $type = 'notice' + ) { + global $cfg; + $template = new Template(); + $retval = ''; + + if (null === $sql_query) { + if (! empty($GLOBALS['display_query'])) { + $sql_query = $GLOBALS['display_query']; + } elseif (! empty($GLOBALS['unparsed_sql'])) { + $sql_query = $GLOBALS['unparsed_sql']; + } elseif (! empty($GLOBALS['sql_query'])) { + $sql_query = $GLOBALS['sql_query']; + } else { + $sql_query = ''; + } + } + + $render_sql = $cfg['ShowSQL'] == true && ! empty($sql_query) && $sql_query !== ';'; + + if (isset($GLOBALS['using_bookmark_message'])) { + $retval .= $GLOBALS['using_bookmark_message']->getDisplay(); + unset($GLOBALS['using_bookmark_message']); + } + + if ($render_sql) { + $retval .= '
' . "\n"; + } + + if ($message instanceof Message) { + if (isset($GLOBALS['special_message'])) { + $message->addText($GLOBALS['special_message']); + unset($GLOBALS['special_message']); + } + $retval .= $message->getDisplay(); + } else { + $retval .= '
'; + $retval .= Sanitize::sanitizeMessage($message); + if (isset($GLOBALS['special_message'])) { + $retval .= Sanitize::sanitizeMessage($GLOBALS['special_message']); + unset($GLOBALS['special_message']); + } + $retval .= '
'; + } + + if ($render_sql) { + $query_too_big = false; + + $queryLength = mb_strlen($sql_query); + if ($queryLength > $cfg['MaxCharactersInDisplayedSQL']) { + // when the query is large (for example an INSERT of binary + // data), the parser chokes; so avoid parsing the query + $query_too_big = true; + $query_base = mb_substr( + $sql_query, + 0, + $cfg['MaxCharactersInDisplayedSQL'] + ) . '[...]'; + } else { + $query_base = $sql_query; + } + + // Html format the query to be displayed + // If we want to show some sql code it is easiest to create it here + /* SQL-Parser-Analyzer */ + + if (! empty($GLOBALS['show_as_php'])) { + $new_line = '\\n"
' . "\n" . '    . "'; + $query_base = htmlspecialchars(addslashes($query_base)); + $query_base = preg_replace( + '/((\015\012)|(\015)|(\012))/', + $new_line, + $query_base + ); + $query_base = '
' . "\n"
+                    . '$sql = "' . $query_base . '";' . "\n"
+                    . '
'; + } elseif ($query_too_big) { + $query_base = '
' . "\n" .
+                    htmlspecialchars($query_base) .
+                    '
'; + } else { + $query_base = self::formatSql($query_base); + } + + // Prepares links that may be displayed to edit/explain the query + // (don't go to default pages, we must go to the page + // where the query box is available) + + // Basic url query part + $url_params = []; + if (! isset($GLOBALS['db'])) { + $GLOBALS['db'] = ''; + } + if (strlen($GLOBALS['db']) > 0) { + $url_params['db'] = $GLOBALS['db']; + if (strlen($GLOBALS['table']) > 0) { + $url_params['table'] = $GLOBALS['table']; + $edit_link = 'tbl_sql.php'; + } else { + $edit_link = 'db_sql.php'; + } + } else { + $edit_link = 'server_sql.php'; + } + + // Want to have the query explained + // but only explain a SELECT (that has not been explained) + /* SQL-Parser-Analyzer */ + $explain_link = ''; + $is_select = preg_match('@^SELECT[[:space:]]+@i', $sql_query); + if (! empty($cfg['SQLQuery']['Explain']) && ! $query_too_big) { + $explain_params = $url_params; + if ($is_select) { + $explain_params['sql_query'] = 'EXPLAIN ' . $sql_query; + $explain_link = ' [ ' + . self::linkOrButton( + 'import.php' . Url::getCommon($explain_params), + __('Explain SQL') + ) . ' ]'; + } elseif (preg_match( + '@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', + $sql_query + )) { + $explain_params['sql_query'] + = mb_substr($sql_query, 8); + $explain_link = ' [ ' + . self::linkOrButton( + 'import.php' . Url::getCommon($explain_params), + __('Skip Explain SQL') + ) . ']'; + $url = 'https://mariadb.org/explain_analyzer/analyze/' + . '?client=phpMyAdmin&raw_explain=' + . urlencode(self::_generateRowQueryOutput($sql_query)); + $explain_link .= ' [' + . self::linkOrButton( + htmlspecialchars('url.php?url=' . urlencode($url)), + sprintf(__('Analyze Explain at %s'), 'mariadb.org'), + [], + '_blank' + ) . ' ]'; + } + } //show explain + + $url_params['sql_query'] = $sql_query; + $url_params['show_query'] = 1; + + // even if the query is big and was truncated, offer the chance + // to edit it (unless it's enormous, see linkOrButton() ) + if (! empty($cfg['SQLQuery']['Edit']) + && empty($GLOBALS['show_as_php']) + ) { + $edit_link .= Url::getCommon($url_params); + $edit_link = ' [ ' + . self::linkOrButton($edit_link, __('Edit')) + . ' ]'; + } else { + $edit_link = ''; + } + + // Also we would like to get the SQL formed in some nice + // php-code + if (! empty($cfg['SQLQuery']['ShowAsPHP']) && ! $query_too_big) { + if (! empty($GLOBALS['show_as_php'])) { + $php_link = ' [ ' + . self::linkOrButton( + 'import.php' . Url::getCommon($url_params), + __('Without PHP code') + ) + . ' ]'; + + $php_link .= ' [ ' + . self::linkOrButton( + 'import.php' . Url::getCommon($url_params), + __('Submit query') + ) + . ' ]'; + } else { + $php_params = $url_params; + $php_params['show_as_php'] = 1; + $php_link = ' [ ' + . self::linkOrButton( + 'import.php' . Url::getCommon($php_params), + __('Create PHP code') + ) + . ' ]'; + } + } else { + $php_link = ''; + } //show as php + + // Refresh query + if (! empty($cfg['SQLQuery']['Refresh']) + && ! isset($GLOBALS['show_as_php']) // 'Submit query' does the same + && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $sql_query) + ) { + $refresh_link = 'sql.php' . Url::getCommon($url_params); + $refresh_link = ' [ ' + . self::linkOrButton($refresh_link, __('Refresh')) . ']'; + } else { + $refresh_link = ''; + } //refresh + + $retval .= '
'; + $retval .= $query_base; + $retval .= '
'; + + $retval .= '
'; + $retval .= '
'; + $retval .= Url::getHiddenInputs($GLOBALS['db'], $GLOBALS['table']); + $retval .= ''; + + // avoid displaying a Profiling checkbox that could + // be checked, which would reexecute an INSERT, for example + if (! empty($refresh_link) && self::profilingSupported()) { + $retval .= ''; + $retval .= $template->render('checkbox', [ + 'html_field_name' => 'profiling', + 'label' => __('Profiling'), + 'checked' => isset($_SESSION['profiling']), + 'onclick' => true, + 'html_field_id' => '', + ]); + } + $retval .= '
'; + + /** + * TODO: Should we have $cfg['SQLQuery']['InlineEdit']? + */ + if (! empty($cfg['SQLQuery']['Edit']) + && ! $query_too_big + && empty($GLOBALS['show_as_php']) + ) { + $inline_edit_link = ' [' + . self::linkOrButton( + '#', + _pgettext('Inline edit query', 'Edit inline'), + ['class' => 'inline_edit_sql'] + ) + . ']'; + } else { + $inline_edit_link = ''; + } + $retval .= $inline_edit_link . $edit_link . $explain_link . $php_link + . $refresh_link; + $retval .= '
'; + + $retval .= '
'; + } + + return $retval; + } // end of the 'getMessage()' function + + /** + * Execute an EXPLAIN query and formats results similar to MySQL command line + * utility. + * + * @param string $sqlQuery EXPLAIN query + * + * @return string query resuls + */ + private static function _generateRowQueryOutput($sqlQuery) + { + $ret = ''; + $result = $GLOBALS['dbi']->query($sqlQuery); + if ($result) { + $devider = '+'; + $columnNames = '|'; + $fieldsMeta = $GLOBALS['dbi']->getFieldsMeta($result); + foreach ($fieldsMeta as $meta) { + $devider .= '---+'; + $columnNames .= ' ' . $meta->name . ' |'; + } + $devider .= "\n"; + + $ret .= $devider . $columnNames . "\n" . $devider; + while ($row = $GLOBALS['dbi']->fetchRow($result)) { + $values = '|'; + foreach ($row as $value) { + if ($value === null) { + $value = 'NULL'; + } + $values .= ' ' . $value . ' |'; + } + $ret .= $values . "\n"; + } + $ret .= $devider; + } + return $ret; + } + + /** + * Verifies if current MySQL server supports profiling + * + * @access public + * + * @return boolean whether profiling is supported + */ + public static function profilingSupported() + { + if (! self::cacheExists('profiling_supported')) { + // 5.0.37 has profiling but for example, 5.1.20 does not + // (avoid a trip to the server for MySQL before 5.0.37) + // and do not set a constant as we might be switching servers + if ($GLOBALS['dbi']->fetchValue("SELECT @@have_profiling") + ) { + self::cacheSet('profiling_supported', true); + } else { + self::cacheSet('profiling_supported', false); + } + } + + return self::cacheGet('profiling_supported'); + } + + /** + * Formats $value to byte view + * + * @param double|int $value the value to format + * @param int $limes the sensitiveness + * @param int $comma the number of decimals to retain + * + * @return array|null the formatted value and its unit + * + * @access public + */ + public static function formatByteDown($value, $limes = 6, $comma = 0) + { + if ($value === null) { + return null; + } + + $byteUnits = [ + /* l10n: shortcuts for Byte */ + __('B'), + /* l10n: shortcuts for Kilobyte */ + __('KiB'), + /* l10n: shortcuts for Megabyte */ + __('MiB'), + /* l10n: shortcuts for Gigabyte */ + __('GiB'), + /* l10n: shortcuts for Terabyte */ + __('TiB'), + /* l10n: shortcuts for Petabyte */ + __('PiB'), + /* l10n: shortcuts for Exabyte */ + __('EiB'), + ]; + + $dh = pow(10, $comma); + $li = pow(10, $limes); + $unit = $byteUnits[0]; + + for ($d = 6, $ex = 15; $d >= 1; $d--, $ex -= 3) { + $unitSize = $li * pow(10, $ex); + if (isset($byteUnits[$d]) && $value >= $unitSize) { + // use 1024.0 to avoid integer overflow on 64-bit machines + $value = round($value / (pow(1024, $d) / $dh)) / $dh; + $unit = $byteUnits[$d]; + break 1; + } // end if + } // end for + + if ($unit != $byteUnits[0]) { + // if the unit is not bytes (as represented in current language) + // reformat with max length of 5 + // 4th parameter=true means do not reformat if value < 1 + $return_value = self::formatNumber($value, 5, $comma, true, false); + } else { + // do not reformat, just handle the locale + $return_value = self::formatNumber($value, 0); + } + + return [ + trim($return_value), + $unit, + ]; + } // end of the 'formatByteDown' function + + + /** + * Formats $value to the given length and appends SI prefixes + * with a $length of 0 no truncation occurs, number is only formatted + * to the current locale + * + * examples: + * + * echo formatNumber(123456789, 6); // 123,457 k + * echo formatNumber(-123456789, 4, 2); // -123.46 M + * echo formatNumber(-0.003, 6); // -3 m + * echo formatNumber(0.003, 3, 3); // 0.003 + * echo formatNumber(0.00003, 3, 2); // 0.03 m + * echo formatNumber(0, 6); // 0 + * + * + * @param double $value the value to format + * @param integer $digits_left number of digits left of the comma + * @param integer $digits_right number of digits right of the comma + * @param boolean $only_down do not reformat numbers below 1 + * @param boolean $noTrailingZero removes trailing zeros right of the comma + * (default: true) + * + * @return string the formatted value and its unit + * + * @access public + */ + public static function formatNumber( + $value, + $digits_left = 3, + $digits_right = 0, + $only_down = false, + $noTrailingZero = true + ) { + if ($value == 0) { + return '0'; + } + + $originalValue = $value; + //number_format is not multibyte safe, str_replace is safe + if ($digits_left === 0) { + $value = number_format( + (float) $value, + $digits_right, + /* l10n: Decimal separator */ + __('.'), + /* l10n: Thousands separator */ + __(',') + ); + if (($originalValue != 0) && (floatval($value) == 0)) { + $value = ' <' . (1 / pow(10, $digits_right)); + } + return $value; + } + + // this units needs no translation, ISO + $units = [ + -8 => 'y', + -7 => 'z', + -6 => 'a', + -5 => 'f', + -4 => 'p', + -3 => 'n', + -2 => 'ยต', + -1 => 'm', + 0 => ' ', + 1 => 'k', + 2 => 'M', + 3 => 'G', + 4 => 'T', + 5 => 'P', + 6 => 'E', + 7 => 'Z', + 8 => 'Y', + ]; + /* l10n: Decimal separator */ + $decimal_sep = __('.'); + /* l10n: Thousands separator */ + $thousands_sep = __(','); + + // check for negative value to retain sign + if ($value < 0) { + $sign = '-'; + $value = abs($value); + } else { + $sign = ''; + } + + $dh = pow(10, $digits_right); + + /* + * This gives us the right SI prefix already, + * but $digits_left parameter not incorporated + */ + $d = floor(log10((float) $value) / 3); + /* + * Lowering the SI prefix by 1 gives us an additional 3 zeros + * So if we have 3,6,9,12.. free digits ($digits_left - $cur_digits) + * to use, then lower the SI prefix + */ + $cur_digits = floor(log10($value / pow(1000, $d)) + 1); + if ($digits_left > $cur_digits) { + $d -= floor(($digits_left - $cur_digits) / 3); + } + + if ($d < 0 && $only_down) { + $d = 0; + } + + $value = round($value / (pow(1000, $d) / $dh)) / $dh; + $unit = $units[$d]; + + // number_format is not multibyte safe, str_replace is safe + $formattedValue = number_format( + $value, + $digits_right, + $decimal_sep, + $thousands_sep + ); + // If we don't want any zeros, remove them now + if ($noTrailingZero && strpos($formattedValue, $decimal_sep) !== false) { + $formattedValue = preg_replace('/' . preg_quote($decimal_sep, '/') . '?0+$/', '', $formattedValue); + } + + if ($originalValue != 0 && floatval($value) == 0) { + return ' <' . number_format( + 1 / pow(10, $digits_right), + $digits_right, + $decimal_sep, + $thousands_sep + ) + . ' ' . $unit; + } + + return $sign . $formattedValue . ' ' . $unit; + } // end of the 'formatNumber' function + + /** + * Returns the number of bytes when a formatted size is given + * + * @param string $formatted_size the size expression (for example 8MB) + * + * @return integer The numerical part of the expression (for example 8) + */ + public static function extractValueFromFormattedSize($formatted_size) + { + $return_value = -1; + + $formatted_size = (string) $formatted_size; + + if (preg_match('/^[0-9]+GB$/', $formatted_size)) { + $return_value = (int) mb_substr( + $formatted_size, + 0, + -2 + ) * pow(1024, 3); + } elseif (preg_match('/^[0-9]+MB$/', $formatted_size)) { + $return_value = (int) mb_substr( + $formatted_size, + 0, + -2 + ) * pow(1024, 2); + } elseif (preg_match('/^[0-9]+K$/', $formatted_size)) { + $return_value = (int) mb_substr( + $formatted_size, + 0, + -1 + ) * pow(1024, 1); + } + return $return_value; + } + + /** + * Writes localised date + * + * @param integer $timestamp the current timestamp + * @param string $format format + * + * @return string the formatted date + * + * @access public + */ + public static function localisedDate($timestamp = -1, $format = '') + { + $month = [ + /* l10n: Short month name */ + __('Jan'), + /* l10n: Short month name */ + __('Feb'), + /* l10n: Short month name */ + __('Mar'), + /* l10n: Short month name */ + __('Apr'), + /* l10n: Short month name */ + _pgettext('Short month name', 'May'), + /* l10n: Short month name */ + __('Jun'), + /* l10n: Short month name */ + __('Jul'), + /* l10n: Short month name */ + __('Aug'), + /* l10n: Short month name */ + __('Sep'), + /* l10n: Short month name */ + __('Oct'), + /* l10n: Short month name */ + __('Nov'), + /* l10n: Short month name */ + __('Dec'), + ]; + $day_of_week = [ + /* l10n: Short week day name for Sunday */ + _pgettext('Short week day name', 'Sun'), + /* l10n: Short week day name for Monday */ + __('Mon'), + /* l10n: Short week day name for Tuesday */ + __('Tue'), + /* l10n: Short week day name for Wednesday */ + __('Wed'), + /* l10n: Short week day name for Thursday */ + __('Thu'), + /* l10n: Short week day name for Friday */ + __('Fri'), + /* l10n: Short week day name for Saturday */ + __('Sat'), + ]; + + if ($format == '') { + /* l10n: See https://www.php.net/manual/en/function.strftime.php */ + $format = __('%B %d, %Y at %I:%M %p'); + } + + if ($timestamp == -1) { + $timestamp = time(); + } + + $date = preg_replace( + '@%[aA]@', + $day_of_week[(int) strftime('%w', (int) $timestamp)], + $format + ); + $date = preg_replace( + '@%[bB]@', + $month[(int) strftime('%m', (int) $timestamp) - 1], + $date + ); + + /* Fill in AM/PM */ + $hours = (int) date('H', (int) $timestamp); + if ($hours >= 12) { + $am_pm = _pgettext('AM/PM indication in time', 'PM'); + } else { + $am_pm = _pgettext('AM/PM indication in time', 'AM'); + } + $date = preg_replace('@%[pP]@', $am_pm, $date); + + $ret = strftime($date, (int) $timestamp); + // Some OSes such as Win8.1 Traditional Chinese version did not produce UTF-8 + // output here. See https://github.com/phpmyadmin/phpmyadmin/issues/10598 + if (mb_detect_encoding($ret, 'UTF-8', true) != 'UTF-8') { + $ret = date('Y-m-d H:i:s', (int) $timestamp); + } + + return $ret; + } // end of the 'localisedDate()' function + + /** + * returns a tab for tabbed navigation. + * If the variables $link and $args ar left empty, an inactive tab is created + * + * @param array $tab array with all options + * @param array $url_params tab specific URL parameters + * + * @return string html code for one tab, a link if valid otherwise a span + * + * @access public + */ + public static function getHtmlTab(array $tab, array $url_params = []) + { + $template = new Template(); + // default values + $defaults = [ + 'text' => '', + 'class' => '', + 'active' => null, + 'link' => '', + 'sep' => '?', + 'attr' => '', + 'args' => '', + 'warning' => '', + 'fragment' => '', + 'id' => '', + ]; + + $tab = array_merge($defaults, $tab); + + // determine additional style-class + if (empty($tab['class'])) { + if (! empty($tab['active']) + || Core::isValid($GLOBALS['active_page'], 'identical', $tab['link']) + ) { + $tab['class'] = 'active'; + } elseif ($tab['active'] === null && empty($GLOBALS['active_page']) + && (basename($GLOBALS['PMA_PHP_SELF']) == $tab['link']) + ) { + $tab['class'] = 'active'; + } + } + + // build the link + if (! empty($tab['link'])) { + // If there are any tab specific URL parameters, merge those with + // the general URL parameters + if (! empty($tab['args']) && is_array($tab['args'])) { + $url_params = array_merge($url_params, $tab['args']); + } + $tab['link'] = htmlentities($tab['link']) . Url::getCommon($url_params); + } + + if (! empty($tab['fragment'])) { + $tab['link'] .= $tab['fragment']; + } + + // display icon + if (isset($tab['icon'])) { + // avoid generating an alt tag, because it only illustrates + // the text that follows and if browser does not display + // images, the text is duplicated + $tab['text'] = self::getIcon( + $tab['icon'], + $tab['text'], + false, + true, + 'TabsMode' + ); + } elseif (empty($tab['text'])) { + // check to not display an empty link-text + $tab['text'] = '?'; + trigger_error( + 'empty linktext in function ' . __FUNCTION__ . '()', + E_USER_NOTICE + ); + } + + //Set the id for the tab, if set in the params + $tabId = (empty($tab['id']) ? null : $tab['id']); + + $item = []; + if (! empty($tab['link'])) { + $item = [ + 'content' => $tab['text'], + 'url' => [ + 'href' => empty($tab['link']) ? null : $tab['link'], + 'id' => $tabId, + 'class' => 'tab' . htmlentities($tab['class']), + ], + ]; + } else { + $item['content'] = '' . $tab['text'] . ''; + } + + $item['class'] = $tab['class'] == 'active' ? 'active' : ''; + + return $template->render('list/item', $item); + } + + /** + * returns html-code for a tab navigation + * + * @param array $tabs one element per tab + * @param array $url_params additional URL parameters + * @param string $menu_id HTML id attribute for the menu container + * @param bool $resizable whether to add a "resizable" class + * + * @return string html-code for tab-navigation + */ + public static function getHtmlTabs( + array $tabs, + array $url_params, + $menu_id, + $resizable = false + ) { + $class = ''; + if ($resizable) { + $class = ' class="resizable-menu"'; + } + + $tab_navigation = '
' + . '' + . '
    '; + + foreach ($tabs as $tab) { + $tab_navigation .= self::getHtmlTab($tab, $url_params); + } + $tab_navigation .= ''; + + $tab_navigation .= + '
    ' + . '
' . "\n" + . '' + . '
' . "\n"; + + return $tab_navigation; + } + + /** + * Displays a link, or a link with code to trigger POST request. + * + * POST is used in following cases: + * + * - URL is too long + * - URL components are over Suhosin limits + * - There is SQL query in the parameters + * + * @param string $url the URL + * @param string $message the link message + * @param mixed $tag_params string: js confirmation; array: additional tag + * params (f.e. style="") + * @param string $target target + * + * @return string the results to be echoed or saved in an array + */ + public static function linkOrButton( + $url, + $message, + $tag_params = [], + $target = '' + ) { + $url_length = strlen($url); + + if (! is_array($tag_params)) { + $tmp = $tag_params; + $tag_params = []; + if (! empty($tmp)) { + $tag_params['onclick'] = 'return Functions.confirmLink(this, \'' + . Sanitize::escapeJsString($tmp) . '\')'; + } + unset($tmp); + } + if (! empty($target)) { + $tag_params['target'] = $target; + if ($target === '_blank' && strncmp($url, 'url.php?', 8) == 0) { + $tag_params['rel'] = 'noopener noreferrer'; + } + } + + // Suhosin: Check that each query parameter is not above maximum + $in_suhosin_limits = true; + if ($url_length <= $GLOBALS['cfg']['LinkLengthLimit']) { + $suhosin_get_MaxValueLength = ini_get('suhosin.get.max_value_length'); + if ($suhosin_get_MaxValueLength) { + $query_parts = self::splitURLQuery($url); + foreach ($query_parts as $query_pair) { + if (strpos($query_pair, '=') === false) { + continue; + } + + list(, $eachval) = explode('=', $query_pair); + if (strlen($eachval) > $suhosin_get_MaxValueLength + ) { + $in_suhosin_limits = false; + break; + } + } + } + } + + $tag_params_strings = []; + if (($url_length > $GLOBALS['cfg']['LinkLengthLimit']) + || ! $in_suhosin_limits + // Has as sql_query without a signature + || ( strpos($url, 'sql_query=') !== false && strpos($url, 'sql_signature=') === false) + || strpos($url, 'view[as]=') !== false + ) { + $parts = explode('?', $url, 2); + /* + * The data-post indicates that client should do POST + * this is handled in js/ajax.js + */ + $tag_params_strings[] = 'data-post="' . (isset($parts[1]) ? $parts[1] : '') . '"'; + $url = $parts[0]; + if (array_key_exists('class', $tag_params) + && strpos($tag_params['class'], 'create_view') !== false + ) { + $url .= '?' . explode('&', $parts[1], 2)[0]; + } + } + + foreach ($tag_params as $par_name => $par_value) { + $tag_params_strings[] = $par_name . '="' . htmlspecialchars($par_value) . '"'; + } + + // no whitespace within an else Safari will make it part of the link + return '' + . $message . ''; + } // end of the 'linkOrButton()' function + + /** + * Splits a URL string by parameter + * + * @param string $url the URL + * + * @return array the parameter/value pairs, for example [0] db=sakila + */ + public static function splitURLQuery($url) + { + // decode encoded url separators + $separator = Url::getArgSeparator(); + // on most places separator is still hard coded ... + if ($separator !== '&') { + // ... so always replace & with $separator + $url = str_replace([htmlentities('&'), '&'], [$separator, $separator], $url); + } + + $url = str_replace(htmlentities($separator), $separator, $url); + // end decode + + $url_parts = parse_url($url); + + if (! empty($url_parts['query'])) { + return explode($separator, $url_parts['query']); + } + + return []; + } + + /** + * Returns a given timespan value in a readable format. + * + * @param int $seconds the timespan + * + * @return string the formatted value + */ + public static function timespanFormat($seconds) + { + $days = floor($seconds / 86400); + if ($days > 0) { + $seconds -= $days * 86400; + } + + $hours = floor($seconds / 3600); + if ($days > 0 || $hours > 0) { + $seconds -= $hours * 3600; + } + + $minutes = floor($seconds / 60); + if ($days > 0 || $hours > 0 || $minutes > 0) { + $seconds -= $minutes * 60; + } + + return sprintf( + __('%s days, %s hours, %s minutes and %s seconds'), + (string) $days, + (string) $hours, + (string) $minutes, + (string) $seconds + ); + } + + /** + * Function added to avoid path disclosures. + * Called by each script that needs parameters, it displays + * an error message and, by default, stops the execution. + * + * @param string[] $params The names of the parameters needed by the calling + * script + * @param boolean $request Check parameters in request + * + * @return void + * + * @access public + */ + public static function checkParameters($params, $request = false) + { + $reported_script_name = basename($GLOBALS['PMA_PHP_SELF']); + $found_error = false; + $error_message = ''; + if ($request) { + $array = $_REQUEST; + } else { + $array = $GLOBALS; + } + + foreach ($params as $param) { + if (! isset($array[$param])) { + $error_message .= $reported_script_name + . ': ' . __('Missing parameter:') . ' ' + . $param + . self::showDocu('faq', 'faqmissingparameters', true) + . '[br]'; + $found_error = true; + } + } + if ($found_error) { + Core::fatalError($error_message); + } + } // end function + + /** + * Function to generate unique condition for specified row. + * + * @param resource $handle current query result + * @param integer $fields_cnt number of fields + * @param stdClass[] $fields_meta meta information about fields + * @param array $row current row + * @param boolean $force_unique generate condition only on pk + * or unique + * @param string|boolean $restrict_to_table restrict the unique condition + * to this table or false if + * none + * @param array|null $analyzed_sql_results the analyzed query + * + * @access public + * + * @return array the calculated condition and whether condition is unique + */ + public static function getUniqueCondition( + $handle, + $fields_cnt, + array $fields_meta, + array $row, + $force_unique = false, + $restrict_to_table = false, + $analyzed_sql_results = null + ) { + $primary_key = ''; + $unique_key = ''; + $nonprimary_condition = ''; + $preferred_condition = ''; + $primary_key_array = []; + $unique_key_array = []; + $nonprimary_condition_array = []; + $condition_array = []; + + for ($i = 0; $i < $fields_cnt; ++$i) { + $con_val = ''; + $field_flags = $GLOBALS['dbi']->fieldFlags($handle, $i); + $meta = $fields_meta[$i]; + + // do not use a column alias in a condition + if (! isset($meta->orgname) || strlen($meta->orgname) === 0) { + $meta->orgname = $meta->name; + + if (! empty($analyzed_sql_results['statement']->expr)) { + foreach ($analyzed_sql_results['statement']->expr as $expr) { + if (empty($expr->alias) || empty($expr->column)) { + continue; + } + if (strcasecmp($meta->name, $expr->alias) == 0) { + $meta->orgname = $expr->column; + break; + } + } + } + } + + // Do not use a table alias in a condition. + // Test case is: + // select * from galerie x WHERE + //(select count(*) from galerie y where y.datum=x.datum)>1 + // + // But orgtable is present only with mysqli extension so the + // fix is only for mysqli. + // Also, do not use the original table name if we are dealing with + // a view because this view might be updatable. + // (The isView() verification should not be costly in most cases + // because there is some caching in the function). + if (isset($meta->orgtable) + && ($meta->table != $meta->orgtable) + && ! $GLOBALS['dbi']->getTable($GLOBALS['db'], $meta->table)->isView() + ) { + $meta->table = $meta->orgtable; + } + + // If this field is not from the table which the unique clause needs + // to be restricted to. + if ($restrict_to_table && $restrict_to_table != $meta->table) { + continue; + } + + // to fix the bug where float fields (primary or not) + // can't be matched because of the imprecision of + // floating comparison, use CONCAT + // (also, the syntax "CONCAT(field) IS NULL" + // that we need on the next "if" will work) + if ($meta->type == 'real') { + $con_key = 'CONCAT(' . self::backquote($meta->table) . '.' + . self::backquote($meta->orgname) . ')'; + } else { + $con_key = self::backquote($meta->table) . '.' + . self::backquote($meta->orgname); + } // end if... else... + $condition = ' ' . $con_key . ' '; + + if (! isset($row[$i]) || $row[$i] === null) { + $con_val = 'IS NULL'; + } else { + // timestamp is numeric on some MySQL 4.1 + // for real we use CONCAT above and it should compare to string + if ($meta->numeric + && ($meta->type != 'timestamp') + && ($meta->type != 'real') + ) { + $con_val = '= ' . $row[$i]; + } elseif ((($meta->type == 'blob') || ($meta->type == 'string')) + && false !== stripos($field_flags, 'BINARY') + && ! empty($row[$i]) + ) { + // hexify only if this is a true not empty BLOB or a BINARY + + // do not waste memory building a too big condition + if (mb_strlen($row[$i]) < 1000) { + // use a CAST if possible, to avoid problems + // if the field contains wildcard characters % or _ + $con_val = '= CAST(0x' . bin2hex($row[$i]) . ' AS BINARY)'; + } elseif ($fields_cnt == 1) { + // when this blob is the only field present + // try settling with length comparison + $condition = ' CHAR_LENGTH(' . $con_key . ') '; + $con_val = ' = ' . mb_strlen($row[$i]); + } else { + // this blob won't be part of the final condition + $con_val = null; + } + } elseif (in_array($meta->type, self::getGISDatatypes()) + && ! empty($row[$i]) + ) { + // do not build a too big condition + if (mb_strlen($row[$i]) < 5000) { + $condition .= '=0x' . bin2hex($row[$i]) . ' AND'; + } else { + $condition = ''; + } + } elseif ($meta->type == 'bit') { + $con_val = "= b'" + . self::printableBitValue((int) $row[$i], (int) $meta->length) . "'"; + } else { + $con_val = '= \'' + . $GLOBALS['dbi']->escapeString($row[$i]) . '\''; + } + } + + if ($con_val != null) { + $condition .= $con_val . ' AND'; + + if ($meta->primary_key > 0) { + $primary_key .= $condition; + $primary_key_array[$con_key] = $con_val; + } elseif ($meta->unique_key > 0) { + $unique_key .= $condition; + $unique_key_array[$con_key] = $con_val; + } + + $nonprimary_condition .= $condition; + $nonprimary_condition_array[$con_key] = $con_val; + } + } // end for + + // Correction University of Virginia 19991216: + // prefer primary or unique keys for condition, + // but use conjunction of all values if no primary key + $clause_is_unique = true; + + if ($primary_key) { + $preferred_condition = $primary_key; + $condition_array = $primary_key_array; + } elseif ($unique_key) { + $preferred_condition = $unique_key; + $condition_array = $unique_key_array; + } elseif (! $force_unique) { + $preferred_condition = $nonprimary_condition; + $condition_array = $nonprimary_condition_array; + $clause_is_unique = false; + } + + $where_clause = trim(preg_replace('|\s?AND$|', '', $preferred_condition)); + return [ + $where_clause, + $clause_is_unique, + $condition_array, + ]; + } // end function + + /** + * Generate the charset query part + * + * @param string $collation Collation + * @param boolean $override (optional) force 'CHARACTER SET' keyword + * + * @return string + */ + public static function getCharsetQueryPart($collation, $override = false) + { + list($charset) = explode('_', $collation); + $keyword = ' CHARSET='; + + if ($override) { + $keyword = ' CHARACTER SET '; + } + return $keyword . $charset + . ($charset == $collation ? '' : ' COLLATE ' . $collation); + } + + /** + * Generate a button or image tag + * + * @param string $button_name name of button element + * @param string $button_class class of button or image element + * @param string $text text to display + * @param string $image image to display + * @param string $value value + * + * @return string html content + * + * @access public + */ + public static function getButtonOrImage( + $button_name, + $button_class, + $text, + $image, + $value = '' + ) { + if ($value == '') { + $value = $text; + } + if ($GLOBALS['cfg']['ActionLinksMode'] == 'text') { + return ' ' . "\n"; + } + return '' . "\n"; + } // end function + + /** + * Generate a pagination selector for browsing resultsets + * + * @param string $name The name for the request parameter + * @param int $rows Number of rows in the pagination set + * @param int $pageNow current page number + * @param int $nbTotalPage number of total pages + * @param int $showAll If the number of pages is lower than this + * variable, no pages will be omitted in pagination + * @param int $sliceStart How many rows at the beginning should always + * be shown? + * @param int $sliceEnd How many rows at the end should always be shown? + * @param int $percent Percentage of calculation page offsets to hop to a + * next page + * @param int $range Near the current page, how many pages should + * be considered "nearby" and displayed as well? + * @param string $prompt The prompt to display (sometimes empty) + * + * @return string + * + * @access public + */ + public static function pageselector( + $name, + $rows, + $pageNow = 1, + $nbTotalPage = 1, + $showAll = 200, + $sliceStart = 5, + $sliceEnd = 5, + $percent = 20, + $range = 10, + $prompt = '' + ) { + $increment = floor($nbTotalPage / $percent); + $pageNowMinusRange = ($pageNow - $range); + $pageNowPlusRange = ($pageNow + $range); + + $gotopage = $prompt . ' '; + + return $gotopage; + } // end function + + + /** + * Calculate page number through position + * @param int $pos position of first item + * @param int $max_count number of items per page + * @return int $page_num + * @access public + */ + public static function getPageFromPosition($pos, $max_count) + { + return (int) floor($pos / $max_count) + 1; + } + + /** + * Prepare navigation for a list + * + * @param int $count number of elements in the list + * @param int $pos current position in the list + * @param array $_url_params url parameters + * @param string $script script name for form target + * @param string $frame target frame + * @param int $max_count maximum number of elements to display from + * the list + * @param string $name the name for the request parameter + * @param string[] $classes additional classes for the container + * + * @return string the html content + * + * @access public + * + * @todo use $pos from $_url_params + */ + public static function getListNavigator( + $count, + $pos, + array $_url_params, + $script, + $frame, + $max_count, + $name = 'pos', + $classes = [] + ) { + + // This is often coming from $cfg['MaxTableList'] and + // people sometimes set it to empty string + $max_count = intval($max_count); + if ($max_count <= 0) { + $max_count = 250; + } + + $class = $frame == 'frame_navigation' ? ' class="ajax"' : ''; + + $list_navigator_html = ''; + + if ($max_count < $count) { + $classes[] = 'pageselector'; + $list_navigator_html .= '
'; + + if ($frame != 'frame_navigation') { + $list_navigator_html .= __('Page number:'); + } + + // Move to the beginning or to the previous page + if ($pos > 0) { + $caption1 = ''; + $caption2 = ''; + if (self::showIcons('TableNavigationLinksMode')) { + $caption1 .= '<< '; + $caption2 .= '< '; + } + if (self::showText('TableNavigationLinksMode')) { + $caption1 .= _pgettext('First page', 'Begin'); + $caption2 .= _pgettext('Previous page', 'Previous'); + } + $title1 = ' title="' . _pgettext('First page', 'Begin') . '"'; + $title2 = ' title="' . _pgettext('Previous page', 'Previous') . '"'; + + $_url_params[$name] = 0; + $list_navigator_html .= '' . $caption1 + . ''; + + $_url_params[$name] = $pos - $max_count; + $list_navigator_html .= ' ' + . $caption2 . ''; + } + + $list_navigator_html .= '
'; + + $list_navigator_html .= Url::getHiddenInputs($_url_params); + $list_navigator_html .= self::pageselector( + $name, + $max_count, + self::getPageFromPosition($pos, $max_count), + ceil($count / $max_count) + ); + $list_navigator_html .= '
'; + + if ($pos + $max_count < $count) { + $caption3 = ''; + $caption4 = ''; + if (self::showText('TableNavigationLinksMode')) { + $caption3 .= _pgettext('Next page', 'Next'); + $caption4 .= _pgettext('Last page', 'End'); + } + if (self::showIcons('TableNavigationLinksMode')) { + $caption3 .= ' >'; + $caption4 .= ' >>'; + } + $title3 = ' title="' . _pgettext('Next page', 'Next') . '"'; + $title4 = ' title="' . _pgettext('Last page', 'End') . '"'; + + $_url_params[$name] = $pos + $max_count; + $list_navigator_html .= '' . $caption3 + . ''; + + $_url_params[$name] = floor($count / $max_count) * $max_count; + if ($_url_params[$name] == $count) { + $_url_params[$name] = $count - $max_count; + } + + $list_navigator_html .= ' ' + . $caption4 . ''; + } + $list_navigator_html .= '
' . "\n"; + } + + return $list_navigator_html; + } + + /** + * replaces %u in given path with current user name + * + * example: + * + * $user_dir = userDir('/var/pma_tmp/%u/'); // '/var/pma_tmp/root/' + * + * + * + * @param string $dir with wildcard for user + * + * @return string per user directory + */ + public static function userDir($dir) + { + // add trailing slash + if (mb_substr($dir, -1) != '/') { + $dir .= '/'; + } + + return str_replace('%u', Core::securePath($GLOBALS['cfg']['Server']['user']), $dir); + } + + /** + * returns html code for db link to default db page + * + * @param string $database database + * + * @return string html link to default db page + */ + public static function getDbLink($database = '') + { + if (strlen((string) $database) === 0) { + if (strlen((string) $GLOBALS['db']) === 0) { + return ''; + } + $database = $GLOBALS['db']; + } else { + $database = self::unescapeMysqlWildcards($database); + } + + return '' . htmlspecialchars($database) . ''; + } + + /** + * Prepare a lightbulb hint explaining a known external bug + * that affects a functionality + * + * @param string $functionality localized message explaining the func. + * @param string $component 'mysql' (eventually, 'php') + * @param string $minimum_version of this component + * @param string $bugref bug reference for this component + * + * @return String + */ + public static function getExternalBug( + $functionality, + $component, + $minimum_version, + $bugref + ) { + $ext_but_html = ''; + if (($component == 'mysql') && ($GLOBALS['dbi']->getVersion() < $minimum_version)) { + $ext_but_html .= self::showHint( + sprintf( + __('The %s functionality is affected by a known bug, see %s'), + $functionality, + Core::linkURL('https://bugs.mysql.com/') . $bugref + ) + ); + } + return $ext_but_html; + } + + /** + * Generates a set of radio HTML fields + * + * @param string $html_field_name the radio HTML field + * @param array $choices the choices values and labels + * @param string $checked_choice the choice to check by default + * @param boolean $line_break whether to add HTML line break after a choice + * @param boolean $escape_label whether to use htmlspecialchars() on label + * @param string $class enclose each choice with a div of this class + * @param string $id_prefix prefix for the id attribute, name will be + * used if this is not supplied + * + * @return string set of html radio fiels + */ + public static function getRadioFields( + $html_field_name, + array $choices, + $checked_choice = '', + $line_break = true, + $escape_label = true, + $class = '', + $id_prefix = '' + ) { + $template = new Template(); + $radio_html = ''; + + foreach ($choices as $choice_value => $choice_label) { + if (! $id_prefix) { + $id_prefix = $html_field_name; + } + $html_field_id = $id_prefix . '_' . $choice_value; + + if ($choice_value == $checked_choice) { + $checked = 1; + } else { + $checked = 0; + } + $radio_html .= $template->render('radio_fields', [ + 'class' => $class, + 'html_field_name' => $html_field_name, + 'html_field_id' => $html_field_id, + 'choice_value' => $choice_value, + 'is_line_break' => $line_break, + 'choice_label' => $choice_label, + 'escape_label' => $escape_label, + 'checked' => $checked, + ]); + } + + return $radio_html; + } + + /** + * Generates and returns an HTML dropdown + * + * @param string $select_name name for the select element + * @param array $choices choices values + * @param string $active_choice the choice to select by default + * @param string $id id of the select element; can be different in + * case the dropdown is present more than once + * on the page + * @param string $class class for the select element + * @param string $placeholder Placeholder for dropdown if nothing else + * is selected + * + * @return string html content + * + * @todo support titles + */ + public static function getDropdown( + $select_name, + array $choices, + $active_choice, + $id, + $class = '', + $placeholder = null + ) { + $template = new Template(); + $resultOptions = []; + $selected = false; + + foreach ($choices as $one_choice_value => $one_choice_label) { + $resultOptions[$one_choice_value]['value'] = $one_choice_value; + $resultOptions[$one_choice_value]['selected'] = false; + + if ($one_choice_value == $active_choice) { + $resultOptions[$one_choice_value]['selected'] = true; + $selected = true; + } + $resultOptions[$one_choice_value]['label'] = $one_choice_label; + } + return $template->render('dropdown', [ + 'select_name' => $select_name, + 'id' => $id, + 'class' => $class, + 'placeholder' => $placeholder, + 'selected' => $selected, + 'result_options' => $resultOptions, + ]); + } + + /** + * Generates a slider effect (jQjuery) + * Takes care of generating the initial
and the link + * controlling the slider; you have to generate the
yourself + * after the sliding section. + * + * @param string $id the id of the
on which to apply the effect + * @param string $message the message to show as a link + * @param string|null $overrideDefault override InitialSlidersState config + * + * @return string html div element + * + */ + public static function getDivForSliderEffect($id = '', $message = '', $overrideDefault = null) + { + $template = new Template(); + return $template->render('div_for_slider_effect', [ + 'id' => $id, + 'initial_sliders_state' => ($overrideDefault != null) ? $overrideDefault : $GLOBALS['cfg']['InitialSlidersState'], + 'message' => $message, + ]); + } + + /** + * Creates an AJAX sliding toggle button + * (or and equivalent form when AJAX is disabled) + * + * @param string $action The URL for the request to be executed + * @param string $select_name The name for the dropdown box + * @param array $options An array of options (see PhpMyAdmin\Rte\Footer) + * @param string $callback A JS snippet to execute when the request is + * successfully processed + * + * @return string HTML code for the toggle button + */ + public static function toggleButton($action, $select_name, array $options, $callback) + { + $template = new Template(); + // Do the logic first + $link = "$action&" . urlencode($select_name) . "="; + $link_on = $link . urlencode($options[1]['value']); + $link_off = $link . urlencode($options[0]['value']); + + if ($options[1]['selected'] == true) { + $state = 'on'; + } elseif ($options[0]['selected'] == true) { + $state = 'off'; + } else { + $state = 'on'; + } + + return $template->render('toggle_button', [ + 'pma_theme_image' => $GLOBALS['pmaThemeImage'], + 'text_dir' => $GLOBALS['text_dir'], + 'link_on' => $link_on, + 'link_off' => $link_off, + 'toggle_on' => $options[1]['label'], + 'toggle_off' => $options[0]['label'], + 'callback' => $callback, + 'state' => $state, + ]); + } + + /** + * Clears cache content which needs to be refreshed on user change. + * + * @return void + */ + public static function clearUserCache() + { + self::cacheUnset('is_superuser'); + self::cacheUnset('is_createuser'); + self::cacheUnset('is_grantuser'); + } + + /** + * Calculates session cache key + * + * @return string + */ + public static function cacheKey() + { + if (isset($GLOBALS['cfg']['Server']['user'])) { + return 'server_' . $GLOBALS['server'] . '_' . $GLOBALS['cfg']['Server']['user']; + } + + return 'server_' . $GLOBALS['server']; + } + + /** + * Verifies if something is cached in the session + * + * @param string $var variable name + * + * @return boolean + */ + public static function cacheExists($var) + { + return isset($_SESSION['cache'][self::cacheKey()][$var]); + } + + /** + * Gets cached information from the session + * + * @param string $var variable name + * @param Closure $callback callback to fetch the value + * + * @return mixed + */ + public static function cacheGet($var, $callback = null) + { + if (self::cacheExists($var)) { + return $_SESSION['cache'][self::cacheKey()][$var]; + } + + if ($callback) { + $val = $callback(); + self::cacheSet($var, $val); + return $val; + } + return null; + } + + /** + * Caches information in the session + * + * @param string $var variable name + * @param mixed $val value + * + * @return void + */ + public static function cacheSet($var, $val = null) + { + $_SESSION['cache'][self::cacheKey()][$var] = $val; + } + + /** + * Removes cached information from the session + * + * @param string $var variable name + * + * @return void + */ + public static function cacheUnset($var) + { + unset($_SESSION['cache'][self::cacheKey()][$var]); + } + + /** + * Converts a bit value to printable format; + * in MySQL a BIT field can be from 1 to 64 bits so we need this + * function because in PHP, decbin() supports only 32 bits + * on 32-bit servers + * + * @param int $value coming from a BIT field + * @param int $length length + * + * @return string the printable value + */ + public static function printableBitValue(int $value, int $length): string + { + // if running on a 64-bit server or the length is safe for decbin() + if (PHP_INT_SIZE == 8 || $length < 33) { + $printable = decbin($value); + } else { + // FIXME: does not work for the leftmost bit of a 64-bit value + $i = 0; + $printable = ''; + while ($value >= pow(2, $i)) { + ++$i; + } + if ($i != 0) { + --$i; + } + + while ($i >= 0) { + if ($value - pow(2, $i) < 0) { + $printable = '0' . $printable; + } else { + $printable = '1' . $printable; + $value -= pow(2, $i); + } + --$i; + } + $printable = strrev($printable); + } + $printable = str_pad($printable, $length, '0', STR_PAD_LEFT); + return $printable; + } + + /** + * Converts a BIT type default value + * for example, b'010' becomes 010 + * + * @param string $bit_default_value value + * + * @return string the converted value + */ + public static function convertBitDefaultValue($bit_default_value) + { + return rtrim(ltrim(htmlspecialchars_decode($bit_default_value, ENT_QUOTES), "b'"), "'"); + } + + /** + * Extracts the various parts from a column spec + * + * @param string $columnspec Column specification + * + * @return array associative array containing type, spec_in_brackets + * and possibly enum_set_values (another array) + */ + public static function extractColumnSpec($columnspec) + { + $first_bracket_pos = mb_strpos($columnspec, '('); + if ($first_bracket_pos) { + $spec_in_brackets = rtrim( + mb_substr( + $columnspec, + $first_bracket_pos + 1, + mb_strrpos($columnspec, ')') - $first_bracket_pos - 1 + ) + ); + // convert to lowercase just to be sure + $type = mb_strtolower( + rtrim(mb_substr($columnspec, 0, $first_bracket_pos)) + ); + } else { + // Split trailing attributes such as unsigned, + // binary, zerofill and get data type name + $type_parts = explode(' ', $columnspec); + $type = mb_strtolower($type_parts[0]); + $spec_in_brackets = ''; + } + + if ('enum' == $type || 'set' == $type) { + // Define our working vars + $enum_set_values = self::parseEnumSetValues($columnspec, false); + $printtype = $type + . '(' . str_replace("','", "', '", $spec_in_brackets) . ')'; + $binary = false; + $unsigned = false; + $zerofill = false; + } else { + $enum_set_values = []; + + /* Create printable type name */ + $printtype = mb_strtolower($columnspec); + + // Strip the "BINARY" attribute, except if we find "BINARY(" because + // this would be a BINARY or VARBINARY column type; + // by the way, a BLOB should not show the BINARY attribute + // because this is not accepted in MySQL syntax. + if (false !== strpos($printtype, "binary") + && ! preg_match('@binary[\(]@', $printtype) + ) { + $printtype = str_replace("binary", '', $printtype); + $binary = true; + } else { + $binary = false; + } + + $printtype = preg_replace( + '@zerofill@', + '', + $printtype, + -1, + $zerofill_cnt + ); + $zerofill = ($zerofill_cnt > 0); + $printtype = preg_replace( + '@unsigned@', + '', + $printtype, + -1, + $unsigned_cnt + ); + $unsigned = ($unsigned_cnt > 0); + $printtype = trim($printtype); + } + + $attribute = ' '; + if ($binary) { + $attribute = 'BINARY'; + } + if ($unsigned) { + $attribute = 'UNSIGNED'; + } + if ($zerofill) { + $attribute = 'UNSIGNED ZEROFILL'; + } + + $can_contain_collation = false; + if (! $binary + && preg_match( + "@^(char|varchar|text|tinytext|mediumtext|longtext|set|enum)@", + $type + ) + ) { + $can_contain_collation = true; + } + + // for the case ENUM('–','“') + $displayed_type = htmlspecialchars($printtype); + if (mb_strlen($printtype) > $GLOBALS['cfg']['LimitChars']) { + $displayed_type = ''; + $displayed_type .= htmlspecialchars( + mb_substr( + $printtype, + 0, + (int) $GLOBALS['cfg']['LimitChars'] + ) . '...' + ); + $displayed_type .= ''; + } + + return [ + 'type' => $type, + 'spec_in_brackets' => $spec_in_brackets, + 'enum_set_values' => $enum_set_values, + 'print_type' => $printtype, + 'binary' => $binary, + 'unsigned' => $unsigned, + 'zerofill' => $zerofill, + 'attribute' => $attribute, + 'can_contain_collation' => $can_contain_collation, + 'displayed_type' => $displayed_type, + ]; + } + + /** + * Verifies if this table's engine supports foreign keys + * + * @param string $engine engine + * + * @return boolean + */ + public static function isForeignKeySupported($engine) + { + $engine = strtoupper((string) $engine); + if (($engine == 'INNODB') || ($engine == 'PBXT')) { + return true; + } elseif ($engine == 'NDBCLUSTER' || $engine == 'NDB') { + $ndbver = strtolower( + $GLOBALS['dbi']->fetchValue("SELECT @@ndb_version_string") + ); + if (substr($ndbver, 0, 4) == 'ndb-') { + $ndbver = substr($ndbver, 4); + } + return version_compare($ndbver, '7.3', '>='); + } + + return false; + } + + /** + * Is Foreign key check enabled? + * + * @return bool + */ + public static function isForeignKeyCheck() + { + if ($GLOBALS['cfg']['DefaultForeignKeyChecks'] === 'enable') { + return true; + } elseif ($GLOBALS['cfg']['DefaultForeignKeyChecks'] === 'disable') { + return false; + } + return ($GLOBALS['dbi']->getVariable('FOREIGN_KEY_CHECKS') == 'ON'); + } + + /** + * Get HTML for Foreign key check checkbox + * + * @return string HTML for checkbox + */ + public static function getFKCheckbox() + { + $template = new Template(); + return $template->render('fk_checkbox', [ + 'checked' => self::isForeignKeyCheck(), + ]); + } + + /** + * Handle foreign key check request + * + * @return bool Default foreign key checks value + */ + public static function handleDisableFKCheckInit() + { + $default_fk_check_value + = $GLOBALS['dbi']->getVariable('FOREIGN_KEY_CHECKS') == 'ON'; + if (isset($_REQUEST['fk_checks'])) { + if (empty($_REQUEST['fk_checks'])) { + // Disable foreign key checks + $GLOBALS['dbi']->setVariable('FOREIGN_KEY_CHECKS', 'OFF'); + } else { + // Enable foreign key checks + $GLOBALS['dbi']->setVariable('FOREIGN_KEY_CHECKS', 'ON'); + } + } // else do nothing, go with default + return $default_fk_check_value; + } + + /** + * Cleanup changes done for foreign key check + * + * @param bool $default_fk_check_value original value for 'FOREIGN_KEY_CHECKS' + * + * @return void + */ + public static function handleDisableFKCheckCleanup($default_fk_check_value) + { + $GLOBALS['dbi']->setVariable( + 'FOREIGN_KEY_CHECKS', + $default_fk_check_value ? 'ON' : 'OFF' + ); + } + + /** + * Converts GIS data to Well Known Text format + * + * @param string $data GIS data + * @param bool $includeSRID Add SRID to the WKT + * + * @return string GIS data in Well Know Text format + */ + public static function asWKT($data, $includeSRID = false) + { + // Convert to WKT format + $hex = bin2hex($data); + $spatialAsText = 'ASTEXT'; + $spatialSrid = 'SRID'; + if ($GLOBALS['dbi']->getVersion() >= 50600) { + $spatialAsText = 'ST_ASTEXT'; + $spatialSrid = 'ST_SRID'; + } + $wktsql = "SELECT $spatialAsText(x'" . $hex . "')"; + if ($includeSRID) { + $wktsql .= ", $spatialSrid(x'" . $hex . "')"; + } + + $wktresult = $GLOBALS['dbi']->tryQuery( + $wktsql + ); + $wktarr = $GLOBALS['dbi']->fetchRow($wktresult, 0); + $wktval = $wktarr[0] ?? null; + + if ($includeSRID) { + $srid = $wktarr[1] ?? null; + $wktval = "'" . $wktval . "'," . $srid; + } + @$GLOBALS['dbi']->freeResult($wktresult); + + return $wktval; + } + + /** + * If the string starts with a \r\n pair (0x0d0a) add an extra \n + * + * @param string $string string + * + * @return string with the chars replaced + */ + public static function duplicateFirstNewline($string) + { + $first_occurence = mb_strpos($string, "\r\n"); + if ($first_occurence === 0) { + $string = "\n" . $string; + } + return $string; + } + + /** + * Get the action word corresponding to a script name + * in order to display it as a title in navigation panel + * + * @param string $target a valid value for $cfg['NavigationTreeDefaultTabTable'], + * $cfg['NavigationTreeDefaultTabTable2'], + * $cfg['DefaultTabTable'] or $cfg['DefaultTabDatabase'] + * + * @return string Title for the $cfg value + */ + public static function getTitleForTarget($target) + { + $mapping = [ + 'structure' => __('Structure'), + 'sql' => __('SQL'), + 'search' => __('Search'), + 'insert' => __('Insert'), + 'browse' => __('Browse'), + 'operations' => __('Operations'), + + // For backward compatiblity + + // Values for $cfg['DefaultTabTable'] + 'tbl_structure.php' => __('Structure'), + 'tbl_sql.php' => __('SQL'), + 'tbl_select.php' => __('Search'), + 'tbl_change.php' => __('Insert'), + 'sql.php' => __('Browse'), + // Values for $cfg['DefaultTabDatabase'] + 'db_structure.php' => __('Structure'), + 'db_sql.php' => __('SQL'), + 'db_search.php' => __('Search'), + 'db_operations.php' => __('Operations'), + ]; + return isset($mapping[$target]) ? $mapping[$target] : false; + } + + /** + * Get the script name corresponding to a plain English config word + * in order to append in links on navigation and main panel + * + * @param string $target a valid value for + * $cfg['NavigationTreeDefaultTabTable'], + * $cfg['NavigationTreeDefaultTabTable2'], + * $cfg['DefaultTabTable'], $cfg['DefaultTabDatabase'] or + * $cfg['DefaultTabServer'] + * @param string $location one out of 'server', 'table', 'database' + * + * @return string script name corresponding to the config word + */ + public static function getScriptNameForOption($target, $location) + { + if ($location == 'server') { + // Values for $cfg['DefaultTabServer'] + switch ($target) { + case 'welcome': + return 'index.php'; + case 'databases': + return 'server_databases.php'; + case 'status': + return 'server_status.php'; + case 'variables': + return 'server_variables.php'; + case 'privileges': + return 'server_privileges.php'; + } + } elseif ($location == 'database') { + // Values for $cfg['DefaultTabDatabase'] + switch ($target) { + case 'structure': + return 'db_structure.php'; + case 'sql': + return 'db_sql.php'; + case 'search': + return 'db_search.php'; + case 'operations': + return 'db_operations.php'; + } + } elseif ($location == 'table') { + // Values for $cfg['DefaultTabTable'], + // $cfg['NavigationTreeDefaultTabTable'] and + // $cfg['NavigationTreeDefaultTabTable2'] + switch ($target) { + case 'structure': + return 'tbl_structure.php'; + case 'sql': + return 'tbl_sql.php'; + case 'search': + return 'tbl_select.php'; + case 'insert': + return 'tbl_change.php'; + case 'browse': + return 'sql.php'; + } + } + + return $target; + } + + /** + * Formats user string, expanding @VARIABLES@, accepting strftime format + * string. + * + * @param string $string Text where to do expansion. + * @param array|string $escape Function to call for escaping variable values. + * Can also be an array of: + * - the escape method name + * - the class that contains the method + * - location of the class (for inclusion) + * @param array $updates Array with overrides for default parameters + * (obtained from GLOBALS). + * + * @return string + */ + public static function expandUserString( + $string, + $escape = null, + array $updates = [] + ) { + /* Content */ + $vars = []; + $vars['http_host'] = Core::getenv('HTTP_HOST'); + $vars['server_name'] = $GLOBALS['cfg']['Server']['host']; + $vars['server_verbose'] = $GLOBALS['cfg']['Server']['verbose']; + + if (empty($GLOBALS['cfg']['Server']['verbose'])) { + $vars['server_verbose_or_name'] = $GLOBALS['cfg']['Server']['host']; + } else { + $vars['server_verbose_or_name'] = $GLOBALS['cfg']['Server']['verbose']; + } + + $vars['database'] = $GLOBALS['db']; + $vars['table'] = $GLOBALS['table']; + $vars['phpmyadmin_version'] = 'phpMyAdmin ' . PMA_VERSION; + + /* Update forced variables */ + foreach ($updates as $key => $val) { + $vars[$key] = $val; + } + + /* Replacement mapping */ + /* + * The __VAR__ ones are for backward compatibility, because user + * might still have it in cookies. + */ + $replace = [ + '@HTTP_HOST@' => $vars['http_host'], + '@SERVER@' => $vars['server_name'], + '__SERVER__' => $vars['server_name'], + '@VERBOSE@' => $vars['server_verbose'], + '@VSERVER@' => $vars['server_verbose_or_name'], + '@DATABASE@' => $vars['database'], + '__DB__' => $vars['database'], + '@TABLE@' => $vars['table'], + '__TABLE__' => $vars['table'], + '@PHPMYADMIN@' => $vars['phpmyadmin_version'], + ]; + + /* Optional escaping */ + if ($escape !== null) { + if (is_array($escape)) { + $escape_class = new $escape[1]; + $escape_method = $escape[0]; + } + foreach ($replace as $key => $val) { + if (is_array($escape)) { + $replace[$key] = $escape_class->$escape_method($val); + } else { + $replace[$key] = ($escape == 'backquote') + ? self::$escape($val) + : $escape($val); + } + } + } + + /* Backward compatibility in 3.5.x */ + if (mb_strpos($string, '@FIELDS@') !== false) { + $string = strtr($string, ['@FIELDS@' => '@COLUMNS@']); + } + + /* Fetch columns list if required */ + if (mb_strpos($string, '@COLUMNS@') !== false) { + $columns_list = $GLOBALS['dbi']->getColumns( + $GLOBALS['db'], + $GLOBALS['table'] + ); + + // sometimes the table no longer exists at this point + if ($columns_list !== null) { + $column_names = []; + foreach ($columns_list as $column) { + if ($escape !== null) { + $column_names[] = self::$escape($column['Field']); + } else { + $column_names[] = $column['Field']; + } + } + $replace['@COLUMNS@'] = implode(',', $column_names); + } else { + $replace['@COLUMNS@'] = '*'; + } + } + + /* Do the replacement */ + return strtr((string) strftime($string), $replace); + } + + /** + * Prepare the form used to browse anywhere on the local server for a file to + * import + * + * @param string $max_upload_size maximum upload size + * + * @return String + */ + public static function getBrowseUploadFileBlock($max_upload_size) + { + $block_html = ''; + + if ($GLOBALS['is_upload'] && ! empty($GLOBALS['cfg']['UploadDir'])) { + $block_html .= '