'; if ($include_icon) { $button .= self::getImage($icon, $alternate); } if ($include_icon && $include_text) { $button .= ' '; } if ($include_text) { $button .= $alternate; } $button .= $menu_icon ? '' : ''; return $button; } /** * Returns an HTML IMG tag for a particular image from a theme, * which may be an actual file or an icon from a sprite * * @param string $image The name of the file to get * @param string $alternate Used to set 'alt' and 'title' attributes * of the image * @param array $attributes An associative array of other attributes * * @return string an html IMG tag */ public static function getImage($image, $alternate = '', $attributes = array()) { static $sprites; // cached list of available sprites (if any) if (defined('TESTSUITE')) { // prevent caching in testsuite unset($sprites); } $is_sprite = false; $alternate = htmlspecialchars($alternate); // If it's the first time this function is called if (! isset($sprites)) { $sprites = array(); // Try to load the list of sprites if (isset($_SESSION['PMA_Theme'])) { $sprites = $_SESSION['PMA_Theme']->getSpriteData(); } } // Check if we have the requested image as a sprite // and set $url accordingly $class = str_replace(array('.gif','.png'), '', $image); if (array_key_exists($class, $sprites)) { $is_sprite = true; $url = (defined('PMA_TEST_THEME') ? '../' : '') . 'themes/dot.gif'; } elseif (isset($GLOBALS['pmaThemeImage'])) { $url = $GLOBALS['pmaThemeImage'] . $image; } else { $url = './themes/pmahomme/' . $image; } // set class attribute if ($is_sprite) { if (isset($attributes['class'])) { $attributes['class'] = "icon ic_$class " . $attributes['class']; } else { $attributes['class'] = "icon ic_$class"; } } // set all other attributes $attr_str = ''; foreach ($attributes as $key => $value) { if (! in_array($key, array('alt', 'title'))) { $attr_str .= " $key=\"$value\""; } } // override the alt attribute if (isset($attributes['alt'])) { $alt = $attributes['alt']; } else { $alt = $alternate; } // override the title attribute if (isset($attributes['title'])) { $title = $attributes['title']; } else { $title = $alternate; } // generate the IMG tag $template = '%s'; $retval = sprintf($template, $url, $title, $alt, $attr_str); return $retval; } /** * Returns the formatted maximum size for an upload * * @param integer $max_upload_size the size * * @return string the message * * @access public */ public static function getFormattedMaximumUploadSize($max_upload_size) { // I have to reduce the second parameter (sensitiveness) from 6 to 4 // to avoid weird results like 512 kKib list($max_size, $max_unit) = self::formatByteDown($max_upload_size, 4); return '(' . sprintf(__('Max: %s%s'), $max_size, $max_unit) . ')'; } /** * Generates a hidden field which should indicate to the browser * the maximum size for upload * * @param integer $max_size the size * * @return string the INPUT field * * @access public */ public static function generateHiddenMaxFileSize($max_size) { return ''; } /** * Add slashes before "_" and "%" characters for using them in MySQL * database, table and field names. * Note: This function does not escape backslashes! * * @param string $name the string to escape * * @return string the escaped string * * @access public */ public static function escapeMysqlWildcards($name) { return strtr($name, array('_' => '\\_', '%' => '\\%')); } // end of the 'escapeMysqlWildcards()' function /** * removes slashes before "_" and "%" characters * Note: This function does not unescape backslashes! * * @param string $name the string to escape * * @return string the escaped string * * @access public */ public static function unescapeMysqlWildcards($name) { return strtr($name, array('\\_' => '_', '\\%' => '%')); } // end of the 'unescapeMysqlWildcards()' function /** * removes quotes (',",`) from a quoted string * * checks if the string is quoted and removes this quotes * * @param string $quoted_string string to remove quotes from * @param string $quote type of quote to remove * * @return string unqoted string */ public static function unQuote($quoted_string, $quote = null) { $quotes = array(); if ($quote === null) { $quotes[] = '`'; $quotes[] = '"'; $quotes[] = "'"; } else { $quotes[] = $quote; } foreach ($quotes as $quote) { if (mb_substr($quoted_string, 0, 1) === $quote && mb_substr($quoted_string, -1, 1) === $quote ) { $unquoted_string = mb_substr($quoted_string, 1, -1); // replace escaped quotes $unquoted_string = str_replace( $quote . $quote, $quote, $unquoted_string ); return $unquoted_string; } } return $quoted_string; } /** * format sql strings * * @param string $sqlQuery raw SQL string * @param boolean $truncate truncate the query if it is too long * * @return string the formatted sql * * @global array $cfg the configuration array * * @access public * @todo move into PMA_Sql */ public static function formatSql($sqlQuery, $truncate = false) { global $cfg; if ($truncate && mb_strlen($sqlQuery) > $cfg['MaxCharactersInDisplayedSQL'] ) { $sqlQuery = mb_substr( $sqlQuery, 0, $cfg['MaxCharactersInDisplayedSQL'] ) . '[...]'; } return '
' . "\n"
            . htmlspecialchars($sqlQuery) . "\n"
            . '
'; } // end of the "formatSql()" function /** * Displays a link to the documentation as an icon * * @param string $link documentation link * @param string $target optional link target * @param boolean $bbcode optional flag indicating whether to output bbcode * * @return string the html link * * @access public */ public static function showDocLink($link, $target = 'documentation', $bbcode = false) { if($bbcode){ return "[a@$link@$target][dochelpicon][/a]"; }else{ return '' . self::getImage('b_help.png', __('Documentation')) . ''; } } // end of the 'showDocLink()' function /** * Get a URL link to the official MySQL documentation * * @param string $link contains name of page/anchor that is being linked * @param string $anchor anchor to page part * * @return string the URL link * * @access public */ public static function getMySQLDocuURL($link, $anchor = '') { // Fixup for newly used names: $link = str_replace('_', '-', mb_strtolower($link)); if (empty($link)) { $link = 'index'; } $mysql = '5.5'; $lang = 'en'; if (defined('PMA_MYSQL_INT_VERSION')) { if (PMA_MYSQL_INT_VERSION >= 50700) { $mysql = '5.7'; } elseif (PMA_MYSQL_INT_VERSION >= 50600) { $mysql = '5.6'; } elseif (PMA_MYSQL_INT_VERSION >= 50500) { $mysql = '5.5'; } } $url = 'https://dev.mysql.com/doc/refman/' . $mysql . '/' . $lang . '/' . $link . '.html'; if (! empty($anchor)) { $url .= '#' . $anchor; } return PMA_linkURL($url); } /** * Displays a link to the official MySQL documentation * * @param string $link contains name of page/anchor that is being linked * @param bool $big_icon whether to use big icon (like in left frame) * @param string $anchor anchor to page part * @param bool $just_open whether only the opening tag should be returned * * @return string the html link * * @access public */ public static function showMySQLDocu( $link, $big_icon = false, $anchor = '', $just_open = false ) { $url = self::getMySQLDocuURL($link, $anchor); $open_link = ''; if ($just_open) { return $open_link; } elseif ($big_icon) { return $open_link . self::getImage('b_sqlhelp.png', __('Documentation')) . ''; } else { return self::showDocLink($url, 'mysql_doc'); } } // end of the 'showMySQLDocu()' function /** * Returns link to documentation. * * @param string $page Page in documentation * @param string $anchor Optional anchor in page * * @return string URL */ public static function getDocuLink($page, $anchor = '') { /* Construct base URL */ $url = $page . '.html'; if (!empty($anchor)) { $url .= '#' . $anchor; } /* Check if we have built local documentation */ if (defined('TESTSUITE')) { /* Provide consistent URL for testsuite */ return PMA_linkURL('https://docs.phpmyadmin.net/en/latest/' . $url); } elseif (@file_exists('doc/html/index.html')) { if (defined('PMA_SETUP')) { return '../doc/html/' . $url; } else { return './doc/html/' . $url; } } else { /* TODO: Should link to correct branch for released versions */ return PMA_linkURL('https://docs.phpmyadmin.net/en/latest/' . $url); } } /** * Displays a link to the phpMyAdmin documentation * * @param string $page Page in documentation * @param string $anchor Optional anchor in page * @param boolean $bbcode Optional flag indicating whether to output bbcode * * @return string the html link * * @access public */ public static function showDocu($page, $anchor = '', $bbcode = false) { return self::showDocLink(self::getDocuLink($page, $anchor), 'documentation', $bbcode); } // end of the 'showDocu()' function /** * Displays a link to the PHP documentation * * @param string $target anchor in documentation * * @return string the html link * * @access public */ public static function showPHPDocu($target) { $url = PMA_getPHPDocLink($target); return self::showDocLink($url); } // end of the 'showPHPDocu()' function /** * Returns HTML code for a tooltip * * @param string $message the message for the tooltip * * @return string * * @access public */ public static function showHint($message) { if ($GLOBALS['cfg']['ShowHint']) { $classClause = ' class="pma_hint"'; } else { $classClause = ''; } return '' . self::getImage('b_help.png') . '' . $message . '' . ''; } /** * Displays a MySQL error message in the main panel when $exit is true. * Returns the error message otherwise. * * @param string|bool $server_msg Server's error message. * @param string $sql_query The SQL query that failed. * @param bool $is_modify_link Whether to show a "modify" link or not. * @param string $back_url URL for the "back" link (full path is * not required). * @param bool $exit Whether execution should be stopped or * the error message should be returned. * * @return string * * @global string $table The current table. * @global string $db The current database. * * @access public */ public static function mysqlDie( $server_msg = '', $sql_query = '', $is_modify_link = true, $back_url = '', $exit = true ) { global $table, $db; /** * Error message to be built. * @var string $error_msg */ $error_msg = ''; // Checking for any server errors. if (empty($server_msg)) { $server_msg = $GLOBALS['dbi']->getError(); } // Finding the query that failed, if not specified. if ((empty($sql_query) && (!empty($GLOBALS['sql_query'])))) { $sql_query = $GLOBALS['sql_query']; } $sql_query = trim($sql_query); /** * The lexer used for analysis. * @var Lexer $lexer */ $lexer = new Lexer($sql_query); /** * The parser used for analysis. * @var Parser $parser */ $parser = new Parser($lexer->list); /** * The errors found by the lexer and the parser. * @var array $errors */ $errors = ParserError::get(array($lexer, $parser)); if (empty($sql_query)) { $formatted_sql = ''; } elseif (count($errors)) { $formatted_sql = htmlspecialchars($sql_query); } else { $formatted_sql = self::formatSql($sql_query, true); } $error_msg .= '

' . __('Error') . '

'; // For security reasons, if the MySQL refuses the connection, the query // is hidden so no details are revealed. if ((!empty($sql_query)) && (!(mb_strstr($sql_query, 'connect')))) { // Static analysis errors. if (!empty($errors)) { $error_msg .= '

' . __('Static analysis:') . '

'; $error_msg .= '

' . sprintf( __('%d errors were found during analysis.'), count($errors) ) . '

'; $error_msg .= '

    '; $error_msg .= implode( ParserError::format( $errors, '
  1. %2$s (near "%4$s" at position %5$d)
    2. ' ) ); $error_msg .= '

'; } // Display the SQL query and link to MySQL documentation. $error_msg .= '

' . __('SQL query:') . '' . "\n"; $formattedSqlToLower = mb_strtolower($formatted_sql); // TODO: Show documentation for all statement types. if (mb_strstr($formattedSqlToLower, 'select')) { // please show me help to the error on select $error_msg .= self::showMySQLDocu('SELECT'); } if ($is_modify_link) { $_url_params = array( 'sql_query' => $sql_query, 'show_query' => 1, ); if (strlen($table) > 0) { $_url_params['db'] = $db; $_url_params['table'] = $table; $doedit_goto = ''; } elseif (strlen($db) > 0) { $_url_params['db'] = $db; $doedit_goto = ''; } else { $doedit_goto = ''; } $error_msg .= $doedit_goto . self::getIcon('b_edit.png', __('Edit')) . ''; } $error_msg .= '

' . "\n" . '

' . "\n" . $formatted_sql . "\n" . '

' . "\n"; } // Display server's error. if (!empty($server_msg)) { $server_msg = preg_replace( "@((\015\012)|(\015)|(\012)){3,}@", "\n\n", $server_msg ); // Adds a link to MySQL documentation. $error_msg .= '

' . "\n" . ' ' . __('MySQL said: ') . '' . self::showMySQLDocu('Error-messages-server') . "\n" . '

' . "\n"; // The error message will be displayed within a CODE segment. // To preserve original formatting, but allow word-wrapping, // a couple of replacements are done. // All non-single blanks and TAB-characters are replaced with their // HTML-counterpart $server_msg = str_replace( array(' ', "\t"), array('  ', '    '), $server_msg ); // Replace line breaks $server_msg = nl2br($server_msg); $error_msg .= '' . $server_msg . '
'; } $error_msg .= '
'; $_SESSION['Import_message']['message'] = $error_msg; if (!$exit) { return $error_msg; } /** * If this is an AJAX request, there is no "Back" link and * `Response()` is used to send the response. */ $response = Response::getInstance(); if ($response->isAjax()) { $response->setRequestStatus(false); $response->addJSON('message', $error_msg); exit; } if (!empty($back_url)) { if (mb_strstr($back_url, '?')) { $back_url .= '&no_history=true'; } else { $back_url .= '?no_history=true'; } $_SESSION['Import_message']['go_back_url'] = $back_url; $error_msg .= '
' . '[ ' . __('Back') . ' ]' . '
' . "\n\n"; } exit($error_msg); } /** * Check the correct row count * * @param string $db the db name * @param array $table the table infos * * @return int $rowCount the possibly modified row count * */ private static function _checkRowCount($db, $table) { $rowCount = 0; if ($table['Rows'] === null) { // Do not check exact row count here, // if row count is invalid possibly the table is defect // and this would break the navigation panel; // but we can check row count if this is a view or the // information_schema database // since Table::countRecords() returns a limited row count // in this case. // set this because Table::countRecords() can use it $tbl_is_view = $table['TABLE_TYPE'] == 'VIEW'; if ($tbl_is_view || $GLOBALS['dbi']->isSystemSchema($db)) { $rowCount = $GLOBALS['dbi'] ->getTable($db, $table['Name']) ->countRecords(); } } return $rowCount; } /** * returns array with tables of given db with extended information and grouped * * @param string $db name of db * @param string $tables name of tables * @param integer $limit_offset list offset * @param int|bool $limit_count max tables to return * * @return array (recursive) grouped table list */ public static function getTableList( $db, $tables = null, $limit_offset = 0, $limit_count = false ) { $sep = $GLOBALS['cfg']['NavigationTreeTableSeparator']; if ($tables === null) { $tables = $GLOBALS['dbi']->getTablesFull( $db, '', false, null, $limit_offset, $limit_count ); if ($GLOBALS['cfg']['NaturalOrder']) { uksort($tables, 'strnatcasecmp'); } } if (count($tables) < 1) { return $tables; } $default = array( 'Name' => '', 'Rows' => 0, 'Comment' => '', 'disp_name' => '', ); $table_groups = array(); foreach ($tables as $table_name => $table) { $table['Rows'] = self::_checkRowCount($db, $table); // in $group we save the reference to the place in $table_groups // where to store the table info if ($GLOBALS['cfg']['NavigationTreeEnableGrouping'] && $sep && mb_strstr($table_name, $sep) ) { $parts = explode($sep, $table_name); $group =& $table_groups; $i = 0; $group_name_full = ''; $parts_cnt = count($parts) - 1; while (($i < $parts_cnt) && ($i < $GLOBALS['cfg']['NavigationTreeTableLevel']) ) { $group_name = $parts[$i] . $sep; $group_name_full .= $group_name; if (! isset($group[$group_name])) { $group[$group_name] = array(); $group[$group_name]['is' . $sep . 'group'] = true; $group[$group_name]['tab' . $sep . 'count'] = 1; $group[$group_name]['tab' . $sep . 'group'] = $group_name_full; } elseif (! isset($group[$group_name]['is' . $sep . 'group'])) { $table = $group[$group_name]; $group[$group_name] = array(); $group[$group_name][$group_name] = $table; $group[$group_name]['is' . $sep . 'group'] = true; $group[$group_name]['tab' . $sep . 'count'] = 1; $group[$group_name]['tab' . $sep . 'group'] = $group_name_full; } else { $group[$group_name]['tab' . $sep . 'count']++; } $group =& $group[$group_name]; $i++; } } else { if (! isset($table_groups[$table_name])) { $table_groups[$table_name] = array(); } $group =& $table_groups; } $table['disp_name'] = $table['Name']; $group[$table_name] = array_merge($default, $table); } return $table_groups; } /* ----------------------- Set of misc functions ----------------------- */ /** * Adds backquotes on both sides of a database, table or field name. * and escapes backquotes inside the name with another backquote * * example: * * echo backquote('owner`s db'); // `owner``s db` * * * * @param mixed $a_name the database, table or field name to "backquote" * or array of it * @param boolean $do_it a flag to bypass this function (used by dump * functions) * * @return mixed the "backquoted" database, table or field name * * @access public */ public static function backquote($a_name, $do_it = true) { if (is_array($a_name)) { foreach ($a_name as &$data) { $data = self::backquote($data, $do_it); } return $a_name; } if (! $do_it) { if (!(Context::isKeyword($a_name) & Token::FLAG_KEYWORD_RESERVED) ) { return $a_name; } } // '0' is also empty for php :-( if (strlen($a_name) > 0 && $a_name !== '*') { return '`' . str_replace('`', '``', $a_name) . '`'; } else { return $a_name; } } // end of the 'backquote()' function /** * Adds backquotes on both sides of a database, table or field name. * in compatibility mode * * example: * * echo backquoteCompat('owner`s db'); // `owner``s db` * * * * @param mixed $a_name the database, table or field name to * "backquote" or array of it * @param string $compatibility string compatibility mode (used by dump * functions) * @param boolean $do_it a flag to bypass this function (used by dump * functions) * * @return mixed the "backquoted" database, table or field name * * @access public */ public static function backquoteCompat( $a_name, $compatibility = 'MSSQL', $do_it = true ) { if (is_array($a_name)) { foreach ($a_name as &$data) { $data = self::backquoteCompat($data, $compatibility, $do_it); } return $a_name; } if (! $do_it) { if (!Context::isKeyword($a_name)) { return $a_name; } } // @todo add more compatibility cases (ORACLE for example) switch ($compatibility) { case 'MSSQL': $quote = '"'; break; default: $quote = "`"; break; } // '0' is also empty for php :-( if (strlen($a_name) > 0 && $a_name !== '*') { return $quote . $a_name . $quote; } else { return $a_name; } } // end of the 'backquoteCompat()' function /** * Prepare the message and the query * usually the message is the result of the query executed * * @param Message|string $message the message to display * @param string $sql_query the query to display * @param string $type the type (level) of the message * * @return string * * @access public */ public static function getMessage( $message, $sql_query = null, $type = 'notice' ) { global $cfg; $retval = ''; if (null === $sql_query) { if (! empty($GLOBALS['display_query'])) { $sql_query = $GLOBALS['display_query']; } elseif (! empty($GLOBALS['unparsed_sql'])) { $sql_query = $GLOBALS['unparsed_sql']; } elseif (! empty($GLOBALS['sql_query'])) { $sql_query = $GLOBALS['sql_query']; } else { $sql_query = ''; } } $render_sql = $cfg['ShowSQL'] == true && ! empty($sql_query) && $sql_query !== ';'; if (isset($GLOBALS['using_bookmark_message'])) { $retval .= $GLOBALS['using_bookmark_message']->getDisplay(); unset($GLOBALS['using_bookmark_message']); } if ($render_sql) { $retval .= '
' . "\n"; } if ($message instanceof Message) { if (isset($GLOBALS['special_message'])) { $message->addText($GLOBALS['special_message']); unset($GLOBALS['special_message']); } $retval .= $message->getDisplay(); } else { $retval .= '
'; $retval .= Sanitize::sanitize($message); if (isset($GLOBALS['special_message'])) { $retval .= Sanitize::sanitize($GLOBALS['special_message']); unset($GLOBALS['special_message']); } $retval .= '
'; } if ($render_sql) { $query_too_big = false; $queryLength = mb_strlen($sql_query); if ($queryLength > $cfg['MaxCharactersInDisplayedSQL']) { // when the query is large (for example an INSERT of binary // data), the parser chokes; so avoid parsing the query $query_too_big = true; $query_base = mb_substr( $sql_query, 0, $cfg['MaxCharactersInDisplayedSQL'] ) . '[...]'; } else { $query_base = $sql_query; } // Html format the query to be displayed // If we want to show some sql code it is easiest to create it here /* SQL-Parser-Analyzer */ if (! empty($GLOBALS['show_as_php'])) { $new_line = '\\n"
' . "\n" . '    . "'; $query_base = htmlspecialchars(addslashes($query_base)); $query_base = preg_replace( '/((\015\012)|(\015)|(\012))/', $new_line, $query_base ); $query_base = '
' . "\n"
                    . '$sql = "' . $query_base;
            } elseif ($query_too_big) {
                $query_base = htmlspecialchars($query_base);
            } else {
                $query_base = self::formatSql($query_base);
            }

            // Prepares links that may be displayed to edit/explain the query
            // (don't go to default pages, we must go to the page
            // where the query box is available)

            // Basic url query part
            $url_params = array();
            if (! isset($GLOBALS['db'])) {
                $GLOBALS['db'] = '';
            }
            if (strlen($GLOBALS['db']) > 0) {
                $url_params['db'] = $GLOBALS['db'];
                if (strlen($GLOBALS['table']) > 0) {
                    $url_params['table'] = $GLOBALS['table'];
                    $edit_link = 'tbl_sql.php';
                } else {
                    $edit_link = 'db_sql.php';
                }
            } else {
                $edit_link = 'server_sql.php';
            }

            // Want to have the query explained
            // but only explain a SELECT (that has not been explained)
            /* SQL-Parser-Analyzer */
            $explain_link = '';
            $is_select = preg_match('@^SELECT[[:space:]]+@i', $sql_query);
            if (! empty($cfg['SQLQuery']['Explain']) && ! $query_too_big) {
                $explain_params = $url_params;
                if ($is_select) {
                    $explain_params['sql_query'] = 'EXPLAIN ' . $sql_query;
                    $explain_link = ' [ '
                        . self::linkOrButton(
                            'import.php' . URL::getCommon($explain_params),
                            __('Explain SQL')
                        ) . ' ]';
                } elseif (preg_match(
                    '@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i',
                    $sql_query
                )) {
                    $explain_params['sql_query']
                        = mb_substr($sql_query, 8);
                    $explain_link = ' [ '
                        . self::linkOrButton(
                            'import.php' . URL::getCommon($explain_params),
                            __('Skip Explain SQL')
                        ) . ']';
                    $url = 'https://mariadb.org/explain_analyzer/analyze/'
                        . '?client=phpMyAdmin&raw_explain='
                        . urlencode(self::_generateRowQueryOutput($sql_query));
                    $explain_link .= ' ['
                        . self::linkOrButton(
                            htmlspecialchars('url.php?url=' . urlencode($url)),
                            sprintf(__('Analyze Explain at %s'), 'mariadb.org'),
                            array(),
                            true,
                            false,
                            '_blank'
                        ) . ' ]';
                }
            } //show explain

            $url_params['sql_query']  = $sql_query;
            $url_params['show_query'] = 1;

            // even if the query is big and was truncated, offer the chance
            // to edit it (unless it's enormous, see linkOrButton() )
            if (! empty($cfg['SQLQuery']['Edit'])
                && empty($GLOBALS['show_as_php'])
            ) {
                $edit_link .= URL::getCommon($url_params) . '#querybox';
                $edit_link = ' [ '
                    . self::linkOrButton($edit_link, __('Edit'))
                    . ' ]';
            } else {
                $edit_link = '';
            }

            // Also we would like to get the SQL formed in some nice
            // php-code
            if (! empty($cfg['SQLQuery']['ShowAsPHP']) && ! $query_too_big) {

                if (! empty($GLOBALS['show_as_php'])) {
                    $php_link = ' [ '
                        . self::linkOrButton(
                            'import.php' . URL::getCommon($url_params),
                            __('Without PHP code'),
                            array(),
                            true,
                            false,
                            '',
                            true
                        )
                        . ' ]';

                    $php_link .= ' [ '
                        . self::linkOrButton(
                            'import.php' . URL::getCommon($url_params),
                            __('Submit query'),
                            array(),
                            true,
                            false,
                            '',
                            true
                        )
                        . ' ]';
                } else {
                    $php_params = $url_params;
                    $php_params['show_as_php'] = 1;
                    $_message = __('Create PHP code');
                    $php_link = ' [ '
                        . self::linkOrButton(
                            'import.php' . URL::getCommon($php_params),
                            $_message
                        )
                        . ' ]';
                }
            } else {
                $php_link = '';
            } //show as php

            // Refresh query
            if (! empty($cfg['SQLQuery']['Refresh'])
                && ! isset($GLOBALS['show_as_php']) // 'Submit query' does the same
                && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $sql_query)
            ) {
                $refresh_link = 'import.php' . URL::getCommon($url_params);
                $refresh_link = ' [ '
                    . self::linkOrButton($refresh_link, __('Refresh')) . ' ]';
            } else {
                $refresh_link = '';
            } //refresh

            $retval .= '
';
            $retval .= $query_base;

            //Clean up the end of the PHP
            if (! empty($GLOBALS['show_as_php'])) {
                $retval .= '";' . "\n"
                    . '
'; } $retval .= '
'; $retval .= '
'; $retval .= '
'; $retval .= URL::getHiddenInputs($GLOBALS['db'], $GLOBALS['table']); $retval .= ''; // avoid displaying a Profiling checkbox that could // be checked, which would reexecute an INSERT, for example if (! empty($refresh_link) && self::profilingSupported()) { $retval .= ''; $retval .= Template::get('checkbox') ->render( array( 'html_field_name' => 'profiling', 'label' => __('Profiling'), 'checked' => isset($_SESSION['profiling']), 'onclick' => true, 'html_field_id' => '', ) ); } $retval .= '
'; /** * TODO: Should we have $cfg['SQLQuery']['InlineEdit']? */ if (! empty($cfg['SQLQuery']['Edit']) && ! $query_too_big && empty($GLOBALS['show_as_php']) ) { $inline_edit_link = ' [' . self::linkOrButton( '#', _pgettext('Inline edit query', 'Edit inline'), array('class' => 'inline_edit_sql') ) . ']'; } else { $inline_edit_link = ''; } $retval .= $inline_edit_link . $edit_link . $explain_link . $php_link . $refresh_link; $retval .= '
'; $retval .= ''; } return $retval; } // end of the 'getMessage()' function /** * Execute an EXPLAIN query and formats results similar to MySQL command line * utility. * * @param string $sqlQuery EXPLAIN query * * @return string query resuls */ private static function _generateRowQueryOutput($sqlQuery) { $ret = ''; $result = $GLOBALS['dbi']->query($sqlQuery); if ($result) { $devider = '+'; $columnNames = '|'; $fieldsMeta = $GLOBALS['dbi']->getFieldsMeta($result); foreach ($fieldsMeta as $meta) { $devider .= '---+'; $columnNames .= ' ' . $meta->name . ' |'; } $devider .= "\n"; $ret .= $devider . $columnNames . "\n" . $devider; while ($row = $GLOBALS['dbi']->fetchRow($result)) { $values = '|'; foreach ($row as $value) { if (is_null($value)) { $value = 'NULL'; } $values .= ' ' . $value . ' |'; } $ret .= $values . "\n"; } $ret .= $devider; } return $ret; } /** * Verifies if current MySQL server supports profiling * * @access public * * @return boolean whether profiling is supported */ public static function profilingSupported() { if (!self::cacheExists('profiling_supported')) { // 5.0.37 has profiling but for example, 5.1.20 does not // (avoid a trip to the server for MySQL before 5.0.37) // and do not set a constant as we might be switching servers if (defined('PMA_MYSQL_INT_VERSION') && $GLOBALS['dbi']->fetchValue("SELECT @@have_profiling") ) { self::cacheSet('profiling_supported', true); } else { self::cacheSet('profiling_supported', false); } } return self::cacheGet('profiling_supported'); } /** * Formats $value to byte view * * @param double|int $value the value to format * @param int $limes the sensitiveness * @param int $comma the number of decimals to retain * * @return array the formatted value and its unit * * @access public */ public static function formatByteDown($value, $limes = 6, $comma = 0) { if ($value === null) { return null; } $byteUnits = array( /* l10n: shortcuts for Byte */ __('B'), /* l10n: shortcuts for Kilobyte */ __('KiB'), /* l10n: shortcuts for Megabyte */ __('MiB'), /* l10n: shortcuts for Gigabyte */ __('GiB'), /* l10n: shortcuts for Terabyte */ __('TiB'), /* l10n: shortcuts for Petabyte */ __('PiB'), /* l10n: shortcuts for Exabyte */ __('EiB') ); $dh = pow(10, $comma); $li = pow(10, $limes); $unit = $byteUnits[0]; for ($d = 6, $ex = 15; $d >= 1; $d--, $ex-=3) { $unitSize = $li * pow(10, $ex); if (isset($byteUnits[$d]) && $value >= $unitSize) { // use 1024.0 to avoid integer overflow on 64-bit machines $value = round($value / (pow(1024, $d) / $dh)) /$dh; $unit = $byteUnits[$d]; break 1; } // end if } // end for if ($unit != $byteUnits[0]) { // if the unit is not bytes (as represented in current language) // reformat with max length of 5 // 4th parameter=true means do not reformat if value < 1 $return_value = self::formatNumber($value, 5, $comma, true); } else { // do not reformat, just handle the locale $return_value = self::formatNumber($value, 0); } return array(trim($return_value), $unit); } // end of the 'formatByteDown' function /** * Formats $value to the given length and appends SI prefixes * with a $length of 0 no truncation occurs, number is only formatted * to the current locale * * examples: * * echo formatNumber(123456789, 6); // 123,457 k * echo formatNumber(-123456789, 4, 2); // -123.46 M * echo formatNumber(-0.003, 6); // -3 m * echo formatNumber(0.003, 3, 3); // 0.003 * echo formatNumber(0.00003, 3, 2); // 0.03 m * echo formatNumber(0, 6); // 0 * * * @param double $value the value to format * @param integer $digits_left number of digits left of the comma * @param integer $digits_right number of digits right of the comma * @param boolean $only_down do not reformat numbers below 1 * @param boolean $noTrailingZero removes trailing zeros right of the comma * (default: true) * * @return string the formatted value and its unit * * @access public */ public static function formatNumber( $value, $digits_left = 3, $digits_right = 0, $only_down = false, $noTrailingZero = true ) { if ($value == 0) { return '0'; } $originalValue = $value; //number_format is not multibyte safe, str_replace is safe if ($digits_left === 0) { $value = number_format( $value, $digits_right, /* l10n: Decimal separator */ __('.'), /* l10n: Thousands separator */ __(',') ); if (($originalValue != 0) && (floatval($value) == 0)) { $value = ' <' . (1 / pow(10, $digits_right)); } return $value; } // this units needs no translation, ISO $units = array( -8 => 'y', -7 => 'z', -6 => 'a', -5 => 'f', -4 => 'p', -3 => 'n', -2 => 'µ', -1 => 'm', 0 => ' ', 1 => 'k', 2 => 'M', 3 => 'G', 4 => 'T', 5 => 'P', 6 => 'E', 7 => 'Z', 8 => 'Y' ); /* l10n: Decimal separator */ $decimal_sep = __('.'); /* l10n: Thousands separator */ $thousands_sep = __(','); // check for negative value to retain sign if ($value < 0) { $sign = '-'; $value = abs($value); } else { $sign = ''; } $dh = pow(10, $digits_right); /* * This gives us the right SI prefix already, * but $digits_left parameter not incorporated */ $d = floor(log10($value) / 3); /* * Lowering the SI prefix by 1 gives us an additional 3 zeros * So if we have 3,6,9,12.. free digits ($digits_left - $cur_digits) * to use, then lower the SI prefix */ $cur_digits = floor(log10($value / pow(1000, $d))+1); if ($digits_left > $cur_digits) { $d -= floor(($digits_left - $cur_digits)/3); } if ($d < 0 && $only_down) { $d = 0; } $value = round($value / (pow(1000, $d) / $dh)) /$dh; $unit = $units[$d]; // number_format is not multibyte safe, str_replace is safe $formattedValue = number_format( $value, $digits_right, $decimal_sep, $thousands_sep ); // If we don't want any zeros, remove them now if ($noTrailingZero && strpos($formattedValue, $decimal_sep) !== false) { $formattedValue = preg_replace('/' . preg_quote($decimal_sep) . '?0+$/', '', $formattedValue); } if ($originalValue != 0 && floatval($value) == 0) { return ' <' . number_format( (1 / pow(10, $digits_right)), $digits_right, $decimal_sep, $thousands_sep ) . ' ' . $unit; } return $sign . $formattedValue . ' ' . $unit; } // end of the 'formatNumber' function /** * Returns the number of bytes when a formatted size is given * * @param string $formatted_size the size expression (for example 8MB) * * @return integer The numerical part of the expression (for example 8) */ public static function extractValueFromFormattedSize($formatted_size) { $return_value = -1; if (preg_match('/^[0-9]+GB$/', $formatted_size)) { $return_value = mb_substr($formatted_size, 0, -2) * pow(1024, 3); } elseif (preg_match('/^[0-9]+MB$/', $formatted_size)) { $return_value = mb_substr($formatted_size, 0, -2) * pow(1024, 2); } elseif (preg_match('/^[0-9]+K$/', $formatted_size)) { $return_value = mb_substr($formatted_size, 0, -1) * pow(1024, 1); } return $return_value; }// end of the 'extractValueFromFormattedSize' function /** * Writes localised date * * @param integer $timestamp the current timestamp * @param string $format format * * @return string the formatted date * * @access public */ public static function localisedDate($timestamp = -1, $format = '') { $month = array( /* l10n: Short month name */ __('Jan'), /* l10n: Short month name */ __('Feb'), /* l10n: Short month name */ __('Mar'), /* l10n: Short month name */ __('Apr'), /* l10n: Short month name */ _pgettext('Short month name', 'May'), /* l10n: Short month name */ __('Jun'), /* l10n: Short month name */ __('Jul'), /* l10n: Short month name */ __('Aug'), /* l10n: Short month name */ __('Sep'), /* l10n: Short month name */ __('Oct'), /* l10n: Short month name */ __('Nov'), /* l10n: Short month name */ __('Dec')); $day_of_week = array( /* l10n: Short week day name */ _pgettext('Short week day name', 'Sun'), /* l10n: Short week day name */ __('Mon'), /* l10n: Short week day name */ __('Tue'), /* l10n: Short week day name */ __('Wed'), /* l10n: Short week day name */ __('Thu'), /* l10n: Short week day name */ __('Fri'), /* l10n: Short week day name */ __('Sat')); if ($format == '') { /* l10n: See https://secure.php.net/manual/en/function.strftime.php */ $format = __('%B %d, %Y at %I:%M %p'); } if ($timestamp == -1) { $timestamp = time(); } $date = preg_replace( '@%[aA]@', $day_of_week[(int)strftime('%w', $timestamp)], $format ); $date = preg_replace( '@%[bB]@', $month[(int)strftime('%m', $timestamp)-1], $date ); /* Fill in AM/PM */ $hours = (int)date('H', $timestamp); if ($hours >= 12) { $am_pm = _pgettext('AM/PM indication in time', 'PM'); } else { $am_pm = _pgettext('AM/PM indication in time', 'AM'); } $date = preg_replace('@%[pP]@', $am_pm, $date); $ret = strftime($date, $timestamp); // Some OSes such as Win8.1 Traditional Chinese version did not produce UTF-8 // output here. See https://sourceforge.net/p/phpmyadmin/bugs/4207/ if (mb_detect_encoding($ret, 'UTF-8', true) != 'UTF-8') { $ret = date('Y-m-d H:i:s', $timestamp); } return $ret; } // end of the 'localisedDate()' function /** * returns a tab for tabbed navigation. * If the variables $link and $args ar left empty, an inactive tab is created * * @param array $tab array with all options * @param array $url_params tab specific URL parameters * * @return string html code for one tab, a link if valid otherwise a span * * @access public */ public static function getHtmlTab($tab, $url_params = array()) { // default values $defaults = array( 'text' => '', 'class' => '', 'active' => null, 'link' => '', 'sep' => '?', 'attr' => '', 'args' => '', 'warning' => '', 'fragment' => '', 'id' => '', ); $tab = array_merge($defaults, $tab); // determine additional style-class if (empty($tab['class'])) { if (! empty($tab['active']) || PMA_isValid($GLOBALS['active_page'], 'identical', $tab['link']) ) { $tab['class'] = 'active'; } elseif (is_null($tab['active']) && empty($GLOBALS['active_page']) && (basename($GLOBALS['PMA_PHP_SELF']) == $tab['link']) ) { $tab['class'] = 'active'; } } // If there are any tab specific URL parameters, merge those with // the general URL parameters if (! empty($tab['url_params']) && is_array($tab['url_params'])) { $url_params = array_merge($url_params, $tab['url_params']); } // build the link if (! empty($tab['link'])) { $tab['link'] = htmlentities($tab['link']); $tab['link'] = $tab['link'] . URL::getCommon($url_params); if (! empty($tab['args'])) { foreach ($tab['args'] as $param => $value) { $tab['link'] .= URL::getArgSeparator('html') . urlencode($param) . '=' . urlencode($value); } } } if (! empty($tab['fragment'])) { $tab['link'] .= $tab['fragment']; } // display icon if (isset($tab['icon'])) { // avoid generating an alt tag, because it only illustrates // the text that follows and if browser does not display // images, the text is duplicated $tab['text'] = self::getIcon( $tab['icon'], $tab['text'], false, true, 'TabsMode' ); } elseif (empty($tab['text'])) { // check to not display an empty link-text $tab['text'] = '?'; trigger_error( 'empty linktext in function ' . __FUNCTION__ . '()', E_USER_NOTICE ); } //Set the id for the tab, if set in the params $tabId = (empty($tab['id']) ? null : $tab['id']); $item = array(); if (!empty($tab['link'])) { $item = array( 'content' => $tab['text'], 'url' => array( 'href' => empty($tab['link']) ? null : $tab['link'], 'id' => $tabId, 'class' => 'tab' . htmlentities($tab['class']), ), ); } else { $item['content'] = '' . $tab['text'] . ''; } $item['class'] = $tab['class'] == 'active' ? 'active' : ''; return Template::get('list/item') ->render($item); } // end of the 'getHtmlTab()' function /** * returns html-code for a tab navigation * * @param array $tabs one element per tab * @param array $url_params additional URL parameters * @param string $menu_id HTML id attribute for the menu container * @param bool $resizable whether to add a "resizable" class * * @return string html-code for tab-navigation */ public static function getHtmlTabs( $tabs, $url_params, $menu_id, $resizable = false ) { $class = ''; if ($resizable) { $class = ' class="resizable-menu"'; } $tab_navigation = '
' . '' . "\n" . '
' . "\n"; return $tab_navigation; } /** * Displays a link, or a button if the link's URL is too large, to * accommodate some browsers' limitations * * @param string $url the URL * @param string $message the link message * @param mixed $tag_params string: js confirmation * array: additional tag params (f.e. style="") * @param boolean $new_form we set this to false when we are already in * a form, to avoid generating nested forms * @param boolean $strip_img whether to strip the image * @param string $target target * @param boolean $force_button use a button even when the URL is not too long * * @return string the results to be echoed or saved in an array */ public static function linkOrButton( $url, $message, $tag_params = array(), $new_form = true, $strip_img = false, $target = '', $force_button = false ) { $url_length = mb_strlen($url); if (! is_array($tag_params)) { $tmp = $tag_params; $tag_params = array(); if (! empty($tmp)) { $tag_params['onclick'] = 'return confirmLink(this, \'' . Sanitize::escapeJsString($tmp) . '\')'; } unset($tmp); } if (! empty($target)) { $tag_params['target'] = htmlentities($target); if ($target === '_blank' && strncmp($url, 'url.php?', 8) == 0) { $tag_params['rel'] = 'noopener noreferrer'; } } $displayed_message = ''; // Add text if not already added if (stristr($message, ''; } // Suhosin: Check that each query parameter is not above maximum $in_suhosin_limits = true; if ($url_length <= $GLOBALS['cfg']['LinkLengthLimit']) { $suhosin_get_MaxValueLength = ini_get('suhosin.get.max_value_length'); if ($suhosin_get_MaxValueLength) { $query_parts = self::splitURLQuery($url); foreach ($query_parts as $query_pair) { if (strpos($query_pair, '=') === false) { continue; } list(, $eachval) = explode('=', $query_pair); if (mb_strlen($eachval) > $suhosin_get_MaxValueLength ) { $in_suhosin_limits = false; break; } } } } $tag_params_strings = array(); if (($url_length > $GLOBALS['cfg']['LinkLengthLimit']) || ! $in_suhosin_limits || $force_button || strpos($url, 'sql_query=') !== false ) { $parts = explode('?', $url, 2); /* * The data-post indicates that client should do POST * this is handled in js/ajax.js */ $tag_params_strings[] = 'data-post="' . (isset($parts[1]) ? $parts[1] : '') . '"'; $url = $parts[0]; } foreach ($tag_params as $par_name => $par_value) { $tag_params_strings[] = $par_name . '="' . htmlspecialchars($par_value) . '"'; } // no whitespace within an else Safari will make it part of the link return '' . $message . $displayed_message . ''; } // end of the 'linkOrButton()' function /** * Splits a URL string by parameter * * @param string $url the URL * * @return array the parameter/value pairs, for example [0] db=sakila */ public static function splitURLQuery($url) { // decode encoded url separators $separator = URL::getArgSeparator(); // on most places separator is still hard coded ... if ($separator !== '&') { // ... so always replace & with $separator $url = str_replace(htmlentities('&'), $separator, $url); $url = str_replace('&', $separator, $url); } $url = str_replace(htmlentities($separator), $separator, $url); // end decode $url_parts = parse_url($url); if (! empty($url_parts['query'])) { return explode($separator, $url_parts['query']); } else { return array(); } } /** * Returns a given timespan value in a readable format. * * @param int $seconds the timespan * * @return string the formatted value */ public static function timespanFormat($seconds) { $days = floor($seconds / 86400); if ($days > 0) { $seconds -= $days * 86400; } $hours = floor($seconds / 3600); if ($days > 0 || $hours > 0) { $seconds -= $hours * 3600; } $minutes = floor($seconds / 60); if ($days > 0 || $hours > 0 || $minutes > 0) { $seconds -= $minutes * 60; } return sprintf( __('%s days, %s hours, %s minutes and %s seconds'), (string)$days, (string)$hours, (string)$minutes, (string)$seconds ); } /** * Function added to avoid path disclosures. * Called by each script that needs parameters, it displays * an error message and, by default, stops the execution. * * Not sure we could use a strMissingParameter message here, * would have to check if the error message file is always available * * @param string[] $params The names of the parameters needed by the calling * script * @param bool $request Whether to include this list in checking for * special params * * @return void * * @global boolean $checked_special flag whether any special variable * was required * * @access public */ public static function checkParameters($params, $request = true) { global $checked_special; if (! isset($checked_special)) { $checked_special = false; } $reported_script_name = basename($GLOBALS['PMA_PHP_SELF']); $found_error = false; $error_message = ''; foreach ($params as $param) { if ($request && ($param != 'db') && ($param != 'table')) { $checked_special = true; } if (! isset($GLOBALS[$param])) { $error_message .= $reported_script_name . ': ' . __('Missing parameter:') . ' ' . $param . self::showDocu('faq', 'faqmissingparameters',true) . '[br]'; $found_error = true; } } if ($found_error) { PMA_fatalError($error_message); } } // end function /** * Function to generate unique condition for specified row. * * @param resource $handle current query result * @param integer $fields_cnt number of fields * @param array $fields_meta meta information about fields * @param array $row current row * @param boolean $force_unique generate condition only on pk * or unique * @param string|boolean $restrict_to_table restrict the unique condition * to this table or false if * none * @param array $analyzed_sql_results the analyzed query * * @access public * * @return array the calculated condition and whether condition is unique */ public static function getUniqueCondition( $handle, $fields_cnt, $fields_meta, $row, $force_unique = false, $restrict_to_table = false, $analyzed_sql_results = null ) { $primary_key = ''; $unique_key = ''; $nonprimary_condition = ''; $preferred_condition = ''; $primary_key_array = array(); $unique_key_array = array(); $nonprimary_condition_array = array(); $condition_array = array(); for ($i = 0; $i < $fields_cnt; ++$i) { $con_val = ''; $field_flags = $GLOBALS['dbi']->fieldFlags($handle, $i); $meta = $fields_meta[$i]; // do not use a column alias in a condition if (! isset($meta->orgname) || strlen($meta->orgname) === 0) { $meta->orgname = $meta->name; if (!empty($analyzed_sql_results['statement']->expr)) { foreach ($analyzed_sql_results['statement']->expr as $expr) { if ((empty($expr->alias)) || (empty($expr->column))) { continue; } if (strcasecmp($meta->name, $expr->alias) == 0) { $meta->orgname = $expr->column; break; } } } } // Do not use a table alias in a condition. // Test case is: // select * from galerie x WHERE //(select count(*) from galerie y where y.datum=x.datum)>1 // // But orgtable is present only with mysqli extension so the // fix is only for mysqli. // Also, do not use the original table name if we are dealing with // a view because this view might be updatable. // (The isView() verification should not be costly in most cases // because there is some caching in the function). if (isset($meta->orgtable) && ($meta->table != $meta->orgtable) && ! $GLOBALS['dbi']->getTable($GLOBALS['db'], $meta->table)->isView() ) { $meta->table = $meta->orgtable; } // If this field is not from the table which the unique clause needs // to be restricted to. if ($restrict_to_table && $restrict_to_table != $meta->table) { continue; } // to fix the bug where float fields (primary or not) // can't be matched because of the imprecision of // floating comparison, use CONCAT // (also, the syntax "CONCAT(field) IS NULL" // that we need on the next "if" will work) if ($meta->type == 'real') { $con_key = 'CONCAT(' . self::backquote($meta->table) . '.' . self::backquote($meta->orgname) . ')'; } else { $con_key = self::backquote($meta->table) . '.' . self::backquote($meta->orgname); } // end if... else... $condition = ' ' . $con_key . ' '; if (! isset($row[$i]) || is_null($row[$i])) { $con_val = 'IS NULL'; } else { // timestamp is numeric on some MySQL 4.1 // for real we use CONCAT above and it should compare to string if ($meta->numeric && ($meta->type != 'timestamp') && ($meta->type != 'real') ) { $con_val = '= ' . $row[$i]; } elseif ((($meta->type == 'blob') || ($meta->type == 'string')) && stristr($field_flags, 'BINARY') && ! empty($row[$i]) ) { // hexify only if this is a true not empty BLOB or a BINARY // do not waste memory building a too big condition if (mb_strlen($row[$i]) < 1000) { // use a CAST if possible, to avoid problems // if the field contains wildcard characters % or _ $con_val = '= CAST(0x' . bin2hex($row[$i]) . ' AS BINARY)'; } elseif ($fields_cnt == 1) { // when this blob is the only field present // try settling with length comparison $condition = ' CHAR_LENGTH(' . $con_key . ') '; $con_val = ' = ' . mb_strlen($row[$i]); } else { // this blob won't be part of the final condition $con_val = null; } } elseif (in_array($meta->type, self::getGISDatatypes()) && ! empty($row[$i]) ) { // do not build a too big condition if (mb_strlen($row[$i]) < 5000) { $condition .= '=0x' . bin2hex($row[$i]) . ' AND'; } else { $condition = ''; } } elseif ($meta->type == 'bit') { $con_val = "= b'" . self::printableBitValue($row[$i], $meta->length) . "'"; } else { $con_val = '= \'' . $GLOBALS['dbi']->escapeString($row[$i]) . '\''; } } if ($con_val != null) { $condition .= $con_val . ' AND'; if ($meta->primary_key > 0) { $primary_key .= $condition; $primary_key_array[$con_key] = $con_val; } elseif ($meta->unique_key > 0) { $unique_key .= $condition; $unique_key_array[$con_key] = $con_val; } $nonprimary_condition .= $condition; $nonprimary_condition_array[$con_key] = $con_val; } } // end for // Correction University of Virginia 19991216: // prefer primary or unique keys for condition, // but use conjunction of all values if no primary key $clause_is_unique = true; if ($primary_key) { $preferred_condition = $primary_key; $condition_array = $primary_key_array; } elseif ($unique_key) { $preferred_condition = $unique_key; $condition_array = $unique_key_array; } elseif (! $force_unique) { $preferred_condition = $nonprimary_condition; $condition_array = $nonprimary_condition_array; $clause_is_unique = false; } $where_clause = trim(preg_replace('|\s?AND$|', '', $preferred_condition)); return(array($where_clause, $clause_is_unique, $condition_array)); } // end function /** * Generate the charset query part * * @param string $collation Collation * @param boolean optional $override force 'CHARACTER SET' keyword * * @return string */ static function getCharsetQueryPart($collation, $override = false) { list($charset) = explode('_', $collation); $keyword = ' CHARSET='; if ($override) { $keyword = ' CHARACTER SET '; } return $keyword . $charset . ($charset == $collation ? '' : ' COLLATE ' . $collation); } /** * Generate a button or image tag * * @param string $button_name name of button element * @param string $button_class class of button or image element * @param string $text text to display * @param string $image image to display * @param string $value value * * @return string html content * * @access public */ public static function getButtonOrImage( $button_name, $button_class, $text, $image, $value = '' ) { if ($value == '') { $value = $text; } if ($GLOBALS['cfg']['ActionLinksMode'] == 'text') { return ' ' . "\n"; } return '' . "\n"; } // end function /** * Generate a pagination selector for browsing resultsets * * @param string $name The name for the request parameter * @param int $rows Number of rows in the pagination set * @param int $pageNow current page number * @param int $nbTotalPage number of total pages * @param int $showAll If the number of pages is lower than this * variable, no pages will be omitted in pagination * @param int $sliceStart How many rows at the beginning should always * be shown? * @param int $sliceEnd How many rows at the end should always be shown? * @param int $percent Percentage of calculation page offsets to hop to a * next page * @param int $range Near the current page, how many pages should * be considered "nearby" and displayed as well? * @param string $prompt The prompt to display (sometimes empty) * * @return string * * @access public */ public static function pageselector( $name, $rows, $pageNow = 1, $nbTotalPage = 1, $showAll = 200, $sliceStart = 5, $sliceEnd = 5, $percent = 20, $range = 10, $prompt = '' ) { $increment = floor($nbTotalPage / $percent); $pageNowMinusRange = ($pageNow - $range); $pageNowPlusRange = ($pageNow + $range); $gotopage = $prompt . ' '; return $gotopage; } // end function /** * Prepare navigation for a list * * @param int $count number of elements in the list * @param int $pos current position in the list * @param array $_url_params url parameters * @param string $script script name for form target * @param string $frame target frame * @param int $max_count maximum number of elements to display from * the list * @param string $name the name for the request parameter * @param string[] $classes additional classes for the container * * @return string $list_navigator_html the html content * * @access public * * @todo use $pos from $_url_params */ public static function getListNavigator( $count, $pos, $_url_params, $script, $frame, $max_count, $name = 'pos', $classes = array() ) { // This is often coming from $cfg['MaxTableList'] and // people sometimes set it to empty string $max_count = intval($max_count); if ($max_count <= 0) { $max_count = 250; } $class = $frame == 'frame_navigation' ? ' class="ajax"' : ''; $list_navigator_html = ''; if ($max_count < $count) { $classes[] = 'pageselector'; $list_navigator_html .= '
'; if ($frame != 'frame_navigation') { $list_navigator_html .= __('Page number:'); } // Move to the beginning or to the previous page if ($pos > 0) { $caption1 = ''; $caption2 = ''; if (self::showIcons('TableNavigationLinksMode')) { $caption1 .= '<< '; $caption2 .= '< '; } if (self::showText('TableNavigationLinksMode')) { $caption1 .= _pgettext('First page', 'Begin'); $caption2 .= _pgettext('Previous page', 'Previous'); } $title1 = ' title="' . _pgettext('First page', 'Begin') . '"'; $title2 = ' title="' . _pgettext('Previous page', 'Previous') . '"'; $_url_params[$name] = 0; $list_navigator_html .= '' . $caption1 . ''; $_url_params[$name] = $pos - $max_count; $list_navigator_html .= ' ' . $caption2 . ''; } $list_navigator_html .= '
'; $list_navigator_html .= URL::getHiddenInputs($_url_params); $list_navigator_html .= self::pageselector( $name, $max_count, floor(($pos + 1) / $max_count) + 1, ceil($count / $max_count) ); $list_navigator_html .= '
'; if ($pos + $max_count < $count) { $caption3 = ''; $caption4 = ''; if (self::showText('TableNavigationLinksMode')) { $caption3 .= _pgettext('Next page', 'Next'); $caption4 .= _pgettext('Last page', 'End'); } if (self::showIcons('TableNavigationLinksMode')) { $caption3 .= ' >'; $caption4 .= ' >>'; if (! self::showText('TableNavigationLinksMode')) { } } $title3 = ' title="' . _pgettext('Next page', 'Next') . '"'; $title4 = ' title="' . _pgettext('Last page', 'End') . '"'; $_url_params[$name] = $pos + $max_count; $list_navigator_html .= '' . $caption3 . ''; $_url_params[$name] = floor($count / $max_count) * $max_count; if ($_url_params[$name] == $count) { $_url_params[$name] = $count - $max_count; } $list_navigator_html .= ' ' . $caption4 . ''; } $list_navigator_html .= '
' . "\n"; } return $list_navigator_html; } /** * replaces %u in given path with current user name * * example: * * $user_dir = userDir('/var/pma_tmp/%u/'); // '/var/pma_tmp/root/' * * * * @param string $dir with wildcard for user * * @return string per user directory */ public static function userDir($dir) { // add trailing slash if (mb_substr($dir, -1) != '/') { $dir .= '/'; } return str_replace('%u', PMA_securePath($GLOBALS['cfg']['Server']['user']), $dir); } /** * returns html code for db link to default db page * * @param string $database database * * @return string html link to default db page */ public static function getDbLink($database = null) { if (strlen($database) === 0) { if (strlen($GLOBALS['db']) === 0) { return ''; } $database = $GLOBALS['db']; } else { $database = self::unescapeMysqlWildcards($database); } return '' . htmlspecialchars($database) . ''; } /** * Prepare a lightbulb hint explaining a known external bug * that affects a functionality * * @param string $functionality localized message explaining the func. * @param string $component 'mysql' (eventually, 'php') * @param string $minimum_version of this component * @param string $bugref bug reference for this component * * @return String */ public static function getExternalBug( $functionality, $component, $minimum_version, $bugref ) { $ext_but_html = ''; if (($component == 'mysql') && (PMA_MYSQL_INT_VERSION < $minimum_version)) { $ext_but_html .= self::showHint( sprintf( __('The %s functionality is affected by a known bug, see %s'), $functionality, PMA_linkURL('https://bugs.mysql.com/') . $bugref ) ); } return $ext_but_html; } /** * Generates a set of radio HTML fields * * @param string $html_field_name the radio HTML field * @param array $choices the choices values and labels * @param string $checked_choice the choice to check by default * @param boolean $line_break whether to add HTML line break after a choice * @param boolean $escape_label whether to use htmlspecialchars() on label * @param string $class enclose each choice with a div of this class * @param string $id_prefix prefix for the id attribute, name will be * used if this is not supplied * * @return string set of html radio fiels */ public static function getRadioFields( $html_field_name, $choices, $checked_choice = '', $line_break = true, $escape_label = true, $class = '', $id_prefix = '' ) { $radio_html = ''; foreach ($choices as $choice_value => $choice_label) { if (! empty($class)) { $radio_html .= '
'; } if (! $id_prefix) { $id_prefix = $html_field_name; } $html_field_id = $id_prefix . '_' . $choice_value; $radio_html .= '' . ($escape_label ? htmlspecialchars($choice_label) : $choice_label) . ''; if ($line_break) { $radio_html .= '
'; } if (! empty($class)) { $radio_html .= '
'; } $radio_html .= "\n"; } return $radio_html; } /** * Generates and returns an HTML dropdown * * @param string $select_name name for the select element * @param array $choices choices values * @param string $active_choice the choice to select by default * @param string $id id of the select element; can be different in * case the dropdown is present more than once * on the page * @param string $class class for the select element * @param string $placeholder Placeholder for dropdown if nothing else * is selected * * @return string html content * * @todo support titles */ public static function getDropdown( $select_name, $choices, $active_choice, $id, $class = '', $placeholder = null ) { $result = ''; $resultOptions = ''; $selected = false; foreach ($choices as $one_choice_value => $one_choice_label) { $resultOptions .= '' . $resultOptions; } $result .= $resultOptions . ''; return $result; } /** * Generates a slider effect (jQjuery) * Takes care of generating the initial
and the link * controlling the slider; you have to generate the
yourself * after the sliding section. * * @param string $id the id of the
on which to apply the effect * @param string $message the message to show as a link * * @return string html div element * */ public static function getDivForSliderEffect($id = '', $message = '') { return Template::get('div_for_slider_effect')->render([ 'id' => $id, 'InitialSlidersState' => $GLOBALS['cfg']['InitialSlidersState'], 'message' => $message, ]); } /** * Creates an AJAX sliding toggle button * (or and equivalent form when AJAX is disabled) * * @param string $action The URL for the request to be executed * @param string $select_name The name for the dropdown box * @param array $options An array of options (see rte_footer.lib.php) * @param string $callback A JS snippet to execute when the request is * successfully processed * * @return string HTML code for the toggle button */ public static function toggleButton($action, $select_name, $options, $callback) { // Do the logic first $link = "$action&" . urlencode($select_name) . "="; $link_on = $link . urlencode($options[1]['value']); $link_off = $link . urlencode($options[0]['value']); if ($options[1]['selected'] == true) { $state = 'on'; } else if ($options[0]['selected'] == true) { $state = 'off'; } else { $state = 'on'; } return Template::get('toggle_button')->render( [ 'pmaThemeImage' => $GLOBALS['pmaThemeImage'], 'text_dir' => $GLOBALS['text_dir'], 'link_on' => $link_on, 'toggleOn' => str_replace(' ', ' ', htmlspecialchars( $options[1]['label'])), 'toggleOff' => str_replace(' ', ' ', htmlspecialchars( $options[0]['label'])), 'link_off' => $link_off, 'callback' => $callback, 'state' => $state ]); } // end toggleButton() /** * Clears cache content which needs to be refreshed on user change. * * @return void */ public static function clearUserCache() { self::cacheUnset('is_superuser'); self::cacheUnset('is_createuser'); self::cacheUnset('is_grantuser'); } /** * Calculates session cache key * * @return string */ public static function cacheKey() { if (isset($GLOBALS['cfg']['Server']['user'])) { return 'server_' . $GLOBALS['server'] . '_' . $GLOBALS['cfg']['Server']['user']; } else { return 'server_' . $GLOBALS['server']; } } /** * Verifies if something is cached in the session * * @param string $var variable name * * @return boolean */ public static function cacheExists($var) { return isset($_SESSION['cache'][self::cacheKey()][$var]); } /** * Gets cached information from the session * * @param string $var variable name * @param \Closure $callback callback to fetch the value * * @return mixed */ public static function cacheGet($var, $callback = null) { if (self::cacheExists($var)) { return $_SESSION['cache'][self::cacheKey()][$var]; } else { if ($callback) { $val = $callback(); self::cacheSet($var, $val); return $val; } return null; } } /** * Caches information in the session * * @param string $var variable name * @param mixed $val value * * @return mixed */ public static function cacheSet($var, $val = null) { $_SESSION['cache'][self::cacheKey()][$var] = $val; } /** * Removes cached information from the session * * @param string $var variable name * * @return void */ public static function cacheUnset($var) { unset($_SESSION['cache'][self::cacheKey()][$var]); } /** * Converts a bit value to printable format; * in MySQL a BIT field can be from 1 to 64 bits so we need this * function because in PHP, decbin() supports only 32 bits * on 32-bit servers * * @param integer $value coming from a BIT field * @param integer $length length * * @return string the printable value */ public static function printableBitValue($value, $length) { // if running on a 64-bit server or the length is safe for decbin() if (PHP_INT_SIZE == 8 || $length < 33) { $printable = decbin($value); } else { // FIXME: does not work for the leftmost bit of a 64-bit value $i = 0; $printable = ''; while ($value >= pow(2, $i)) { ++$i; } if ($i != 0) { --$i; } while ($i >= 0) { if ($value - pow(2, $i) < 0) { $printable = '0' . $printable; } else { $printable = '1' . $printable; $value = $value - pow(2, $i); } --$i; } $printable = strrev($printable); } $printable = str_pad($printable, $length, '0', STR_PAD_LEFT); return $printable; } /** * Verifies whether the value contains a non-printable character * * @param string $value value * * @return integer */ public static function containsNonPrintableAscii($value) { return preg_match('@[^[:print:]]@', $value); } /** * Converts a BIT type default value * for example, b'010' becomes 010 * * @param string $bit_default_value value * * @return string the converted value */ public static function convertBitDefaultValue($bit_default_value) { return rtrim(ltrim($bit_default_value, "b'"), "'"); } /** * Extracts the various parts from a column spec * * @param string $columnspec Column specification * * @return array associative array containing type, spec_in_brackets * and possibly enum_set_values (another array) */ public static function extractColumnSpec($columnspec) { $first_bracket_pos = mb_strpos($columnspec, '('); if ($first_bracket_pos) { $spec_in_brackets = chop( mb_substr( $columnspec, $first_bracket_pos + 1, mb_strrpos($columnspec, ')') - $first_bracket_pos - 1 ) ); // convert to lowercase just to be sure $type = mb_strtolower( chop(mb_substr($columnspec, 0, $first_bracket_pos)) ); } else { // Split trailing attributes such as unsigned, // binary, zerofill and get data type name $type_parts = explode(' ', $columnspec); $type = mb_strtolower($type_parts[0]); $spec_in_brackets = ''; } if ('enum' == $type || 'set' == $type) { // Define our working vars $enum_set_values = self::parseEnumSetValues($columnspec, false); $printtype = $type . '(' . str_replace("','", "', '", $spec_in_brackets) . ')'; $binary = false; $unsigned = false; $zerofill = false; } else { $enum_set_values = array(); /* Create printable type name */ $printtype = mb_strtolower($columnspec); // Strip the "BINARY" attribute, except if we find "BINARY(" because // this would be a BINARY or VARBINARY column type; // by the way, a BLOB should not show the BINARY attribute // because this is not accepted in MySQL syntax. if (preg_match('@binary@', $printtype) && ! preg_match('@binary[\(]@', $printtype) ) { $printtype = preg_replace('@binary@', '', $printtype); $binary = true; } else { $binary = false; } $printtype = preg_replace( '@zerofill@', '', $printtype, -1, $zerofill_cnt ); $zerofill = ($zerofill_cnt > 0); $printtype = preg_replace( '@unsigned@', '', $printtype, -1, $unsigned_cnt ); $unsigned = ($unsigned_cnt > 0); $printtype = trim($printtype); } $attribute = ' '; if ($binary) { $attribute = 'BINARY'; } if ($unsigned) { $attribute = 'UNSIGNED'; } if ($zerofill) { $attribute = 'UNSIGNED ZEROFILL'; } $can_contain_collation = false; if (! $binary && preg_match( "@^(char|varchar|text|tinytext|mediumtext|longtext|set|enum)@", $type ) ) { $can_contain_collation = true; } // for the case ENUM('–','“') $displayed_type = htmlspecialchars($printtype); if (mb_strlen($printtype) > $GLOBALS['cfg']['LimitChars']) { $displayed_type = ''; $displayed_type .= htmlspecialchars( mb_substr( $printtype, 0, $GLOBALS['cfg']['LimitChars'] ) . '...' ); $displayed_type .= ''; } return array( 'type' => $type, 'spec_in_brackets' => $spec_in_brackets, 'enum_set_values' => $enum_set_values, 'print_type' => $printtype, 'binary' => $binary, 'unsigned' => $unsigned, 'zerofill' => $zerofill, 'attribute' => $attribute, 'can_contain_collation' => $can_contain_collation, 'displayed_type' => $displayed_type ); } /** * Verifies if this table's engine supports foreign keys * * @param string $engine engine * * @return boolean */ public static function isForeignKeySupported($engine) { $engine = strtoupper($engine); if (($engine == 'INNODB') || ($engine == 'PBXT')) { return true; } elseif ($engine == 'NDBCLUSTER' || $engine == 'NDB') { $ndbver = strtolower( $GLOBALS['dbi']->fetchValue("SELECT @@ndb_version_string") ); if (substr($ndbver, 0, 4) == 'ndb-') { $ndbver = substr($ndbver, 4); } return version_compare($ndbver, 7.3, '>='); } else { return false; } } /** * Is Foreign key check enabled? * * @return bool */ public static function isForeignKeyCheck() { if ($GLOBALS['cfg']['DefaultForeignKeyChecks'] === 'enable') { return true; } else if ($GLOBALS['cfg']['DefaultForeignKeyChecks'] === 'disable') { return false; } return ($GLOBALS['dbi']->getVariable('FOREIGN_KEY_CHECKS') == 'ON'); } /** * Get HTML for Foreign key check checkbox * * @return string HTML for checkbox */ public static function getFKCheckbox() { $checked = self::isForeignKeyCheck(); $html = ''; $html .= ''; $html .= ''; return $html; } /** * Handle foreign key check request * * @return bool Default foreign key checks value */ public static function handleDisableFKCheckInit() { $default_fk_check_value = $GLOBALS['dbi']->getVariable('FOREIGN_KEY_CHECKS') == 'ON'; if (isset($_REQUEST['fk_checks'])) { if (empty($_REQUEST['fk_checks'])) { // Disable foreign key checks $GLOBALS['dbi']->setVariable('FOREIGN_KEY_CHECKS', 'OFF'); } else { // Enable foreign key checks $GLOBALS['dbi']->setVariable('FOREIGN_KEY_CHECKS', 'ON'); } } // else do nothing, go with default return $default_fk_check_value; } /** * Cleanup changes done for foreign key check * * @param bool $default_fk_check_value original value for 'FOREIGN_KEY_CHECKS' * * @return void */ public static function handleDisableFKCheckCleanup($default_fk_check_value) { $GLOBALS['dbi']->setVariable( 'FOREIGN_KEY_CHECKS', $default_fk_check_value ? 'ON' : 'OFF' ); } /** * Converts GIS data to Well Known Text format * * @param string $data GIS data * @param bool $includeSRID Add SRID to the WKT * * @return string GIS data in Well Know Text format */ public static function asWKT($data, $includeSRID = false) { // Convert to WKT format $hex = bin2hex($data); $wktsql = "SELECT ASTEXT(x'" . $hex . "')"; if ($includeSRID) { $wktsql .= ", SRID(x'" . $hex . "')"; } $wktresult = $GLOBALS['dbi']->tryQuery( $wktsql, null, DatabaseInterface::QUERY_STORE ); $wktarr = $GLOBALS['dbi']->fetchRow($wktresult, 0); $wktval = $wktarr[0]; if ($includeSRID) { $srid = $wktarr[1]; $wktval = "'" . $wktval . "'," . $srid; } @$GLOBALS['dbi']->freeResult($wktresult); return $wktval; } /** * If the string starts with a \r\n pair (0x0d0a) add an extra \n * * @param string $string string * * @return string with the chars replaced */ public static function duplicateFirstNewline($string) { $first_occurence = mb_strpos($string, "\r\n"); if ($first_occurence === 0) { $string = "\n" . $string; } return $string; } /** * Get the action word corresponding to a script name * in order to display it as a title in navigation panel * * @param string $target a valid value for $cfg['NavigationTreeDefaultTabTable'], * $cfg['NavigationTreeDefaultTabTable2'], * $cfg['DefaultTabTable'] or $cfg['DefaultTabDatabase'] * * @return string Title for the $cfg value */ public static function getTitleForTarget($target) { $mapping = array( 'structure' => __('Structure'), 'sql' => __('SQL'), 'search' =>__('Search'), 'insert' =>__('Insert'), 'browse' => __('Browse'), 'operations' => __('Operations'), // For backward compatiblity // Values for $cfg['DefaultTabTable'] 'tbl_structure.php' => __('Structure'), 'tbl_sql.php' => __('SQL'), 'tbl_select.php' =>__('Search'), 'tbl_change.php' =>__('Insert'), 'sql.php' => __('Browse'), // Values for $cfg['DefaultTabDatabase'] 'db_structure.php' => __('Structure'), 'db_sql.php' => __('SQL'), 'db_search.php' => __('Search'), 'db_operations.php' => __('Operations'), ); return isset($mapping[$target]) ? $mapping[$target] : false; } /** * Get the script name corresponding to a plain English config word * in order to append in links on navigation and main panel * * @param string $target a valid value for * $cfg['NavigationTreeDefaultTabTable'], * $cfg['NavigationTreeDefaultTabTable2'], * $cfg['DefaultTabTable'], $cfg['DefaultTabDatabase'] or * $cfg['DefaultTabServer'] * @param string $location one out of 'server', 'table', 'database' * * @return string script name corresponding to the config word */ public static function getScriptNameForOption($target, $location) { if ($location == 'server') { // Values for $cfg['DefaultTabServer'] switch ($target) { case 'welcome': return 'index.php'; case 'databases': return 'server_databases.php'; case 'status': return 'server_status.php'; case 'variables': return 'server_variables.php'; case 'privileges': return 'server_privileges.php'; } } elseif ($location == 'database') { // Values for $cfg['DefaultTabDatabase'] switch ($target) { case 'structure': return 'db_structure.php'; case 'sql': return 'db_sql.php'; case 'search': return 'db_search.php'; case 'operations': return 'db_operations.php'; } } elseif ($location == 'table') { // Values for $cfg['DefaultTabTable'], // $cfg['NavigationTreeDefaultTabTable'] and // $cfg['NavigationTreeDefaultTabTable2'] switch ($target) { case 'structure': return 'tbl_structure.php'; case 'sql': return 'tbl_sql.php'; case 'search': return 'tbl_select.php'; case 'insert': return 'tbl_change.php'; case 'browse': return 'sql.php'; } } return $target; } /** * Formats user string, expanding @VARIABLES@, accepting strftime format * string. * * @param string $string Text where to do expansion. * @param array|string $escape Function to call for escaping variable values. * Can also be an array of: * - the escape method name * - the class that contains the method * - location of the class (for inclusion) * @param array $updates Array with overrides for default parameters * (obtained from GLOBALS). * * @return string */ public static function expandUserString( $string, $escape = null, $updates = array() ) { /* Content */ $vars = array(); $vars['http_host'] = PMA_getenv('HTTP_HOST'); $vars['server_name'] = $GLOBALS['cfg']['Server']['host']; $vars['server_verbose'] = $GLOBALS['cfg']['Server']['verbose']; if (empty($GLOBALS['cfg']['Server']['verbose'])) { $vars['server_verbose_or_name'] = $GLOBALS['cfg']['Server']['host']; } else { $vars['server_verbose_or_name'] = $GLOBALS['cfg']['Server']['verbose']; } $vars['database'] = $GLOBALS['db']; $vars['table'] = $GLOBALS['table']; $vars['phpmyadmin_version'] = 'phpMyAdmin ' . PMA_VERSION; /* Update forced variables */ foreach ($updates as $key => $val) { $vars[$key] = $val; } /* Replacement mapping */ /* * The __VAR__ ones are for backward compatibility, because user * might still have it in cookies. */ $replace = array( '@HTTP_HOST@' => $vars['http_host'], '@SERVER@' => $vars['server_name'], '__SERVER__' => $vars['server_name'], '@VERBOSE@' => $vars['server_verbose'], '@VSERVER@' => $vars['server_verbose_or_name'], '@DATABASE@' => $vars['database'], '__DB__' => $vars['database'], '@TABLE@' => $vars['table'], '__TABLE__' => $vars['table'], '@PHPMYADMIN@' => $vars['phpmyadmin_version'], ); /* Optional escaping */ if (! is_null($escape)) { if (is_array($escape)) { $escape_class = new $escape[1]; $escape_method = $escape[0]; } foreach ($replace as $key => $val) { if (is_array($escape)) { $replace[$key] = $escape_class->$escape_method($val); } else { $replace[$key] = ($escape == 'backquote') ? self::$escape($val) : $escape($val); } } } /* Backward compatibility in 3.5.x */ if (mb_strpos($string, '@FIELDS@') !== false) { $string = strtr($string, array('@FIELDS@' => '@COLUMNS@')); } /* Fetch columns list if required */ if (mb_strpos($string, '@COLUMNS@') !== false) { $columns_list = $GLOBALS['dbi']->getColumns( $GLOBALS['db'], $GLOBALS['table'] ); // sometimes the table no longer exists at this point if (! is_null($columns_list)) { $column_names = array(); foreach ($columns_list as $column) { if (! is_null($escape)) { $column_names[] = self::$escape($column['Field']); } else { $column_names[] = $column['Field']; } } $replace['@COLUMNS@'] = implode(',', $column_names); } else { $replace['@COLUMNS@'] = '*'; } } /* Do the replacement */ return strtr(strftime($string), $replace); } /** * Prepare the form used to browse anywhere on the local server for a file to * import * * @param string $max_upload_size maximum upload size * * @return String */ public static function getBrowseUploadFileBlock($max_upload_size) { $block_html = ''; if ($GLOBALS['is_upload'] && ! empty($GLOBALS['cfg']['UploadDir'])) { $block_html .= '