nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

replaced $_SERVER with getenv()

Browse Source
This commit is contained in:
Sebastian Mendel
2006-03-06 11:32:58 +00:00
parent 76f0235061
commit 5bdcd33740
10 changed files with 1393 additions and 1441 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@@ -6,7 +6,12 @@ $Id$
$Source$ $Source$
2006-03-06 Sebastian Mendel <cybot_tm@users.sourceforge.net> 2006-03-06 Sebastian Mendel <cybot_tm@users.sourceforge.net>
* libraries/Config.class.php: replaced $_SERVER with getenv() * libraries/Config.class.php, libraries/select_lang.lib.php,
libraries/footer.inc.php, libraries/ip_allow_deny.lib.php,
libraries/common.lib.php, libraries/header.inc.php,
libraries/grab_globals.lib.php, libraries/auth/cookie.auth.lib.php,
libraries/auth/http.auth.lib.php, libraries/fpdf/fdpf.php:
replaced $_SERVER with getenv()
2006-03-04 Marc Delisle <lem9@users.sourceforge.net> 2006-03-04 Marc Delisle <lem9@users.sourceforge.net>
* lang/swedish: Update, thanks to Björn T. Hallberg - bjornth. * lang/swedish: Update, thanks to Björn T. Hallberg - bjornth.

62
libraries/auth/cookie.auth.lib.php
View File

@@ -19,9 +19,9 @@ $current_time = time();
// Uses faster mcrypt library if available // Uses faster mcrypt library if available
// (Note: mcrypt.lib.php needs $cookie_path and $is_https) // (Note: mcrypt.lib.php needs $cookie_path and $is_https)
if (function_exists('mcrypt_encrypt') || PMA_dl('mcrypt')) { if (function_exists('mcrypt_encrypt') || PMA_dl('mcrypt')) {
require_once('./libraries/mcrypt.lib.php'); require_once './libraries/mcrypt.lib.php';
} else { } else {
require_once('./libraries/blowfish.php'); require_once './libraries/blowfish.php';
} }
/** /**
@@ -101,7 +101,7 @@ function PMA_auth()
/* HTML header */ /* HTML header */
$page_title = 'phpMyAdmin ' . PMA_VERSION; $page_title = 'phpMyAdmin ' . PMA_VERSION;
require('./libraries/header_meta_style.inc.php'); require './libraries/header_meta_style.inc.php';
?> ?>
<script type="text/javascript" language="javascript"> <script type="text/javascript" language="javascript">
//<![CDATA[ //<![CDATA[
@@ -115,7 +115,7 @@ if (top != self) {
<body class="loginform"> <body class="loginform">
<?php require('./libraries/header_custom.inc.php'); ?> <?php require './libraries/header_custom.inc.php'; ?>
<a href="http://www.phpmyadmin.net" target="_blank" class="logo"><?php <a href="http://www.phpmyadmin.net" target="_blank" class="logo"><?php
$logo_image = $GLOBALS['pmaThemeImage'] . 'logo_right.png'; $logo_image = $GLOBALS['pmaThemeImage'] . 'logo_right.png';
@@ -143,8 +143,8 @@ echo sprintf( $GLOBALS['strWelcome'],
// Displays the languages form // Displays the languages form
if (empty($cfg['Lang'])) { if (empty($cfg['Lang'])) {
echo "\n"; echo "\n";
require_once('./libraries/display_select_lang.lib.php'); require_once './libraries/display_select_lang.lib.php';
PMA_select_language(TRUE); PMA_select_language(true);
} }
echo "\n\n"; echo "\n\n";
@@ -156,7 +156,7 @@ echo sprintf( $GLOBALS['strWelcome'],
<?php echo $GLOBALS['strSecretRequired']; ?> <?php echo $GLOBALS['strSecretRequired']; ?>
</div> </div>
<?php <?php
require('./libraries/footer_custom.inc.php'); require './libraries/footer_custom.inc.php';
echo ' </body>' . "\n" echo ' </body>' . "\n"
. '</html>'; . '</html>';
exit(); exit();
@@ -196,8 +196,8 @@ echo sprintf( $GLOBALS['strWelcome'],
?> ?>
> >
<?php <?php
require_once('./libraries/select_server.lib.php'); require_once './libraries/select_server.lib.php';
PMA_select_server(FALSE, FALSE); PMA_select_server(false, false);
?> ?>
</select> </select>
</div> </div>
@@ -247,7 +247,7 @@ if (uname.value == '') {
//--> //-->
</script> </script>
<?php require('./libraries/footer_custom.inc.php'); ?> <?php require './libraries/footer_custom.inc.php'; ?>
</body> </body>
@@ -255,7 +255,7 @@ if (uname.value == '') {
<?php <?php
exit(); exit();
return TRUE; return true;
} // end of the 'PMA_auth()' function } // end of the 'PMA_auth()' function
@@ -285,13 +285,13 @@ function PMA_auth_check()
// avoid an error in mcrypt // avoid an error in mcrypt
if (empty($GLOBALS['cfg']['blowfish_secret'])) { if (empty($GLOBALS['cfg']['blowfish_secret'])) {
return FALSE; return false;
} }
// Initialization // Initialization
$PHP_AUTH_USER = $PHP_AUTH_PW = ''; $PHP_AUTH_USER = $PHP_AUTH_PW = '';
$from_cookie = FALSE; $from_cookie = false;
$from_form = FALSE; $from_form = false;
// The user wants to be logged out -> delete password cookie // The user wants to be logged out -> delete password cookie
if (!empty($old_usr)) { if (!empty($old_usr)) {
@@ -305,7 +305,7 @@ function PMA_auth_check()
if ($GLOBALS['cfg']['AllowArbitraryServer']) { if ($GLOBALS['cfg']['AllowArbitraryServer']) {
$pma_auth_server = $pma_servername; $pma_auth_server = $pma_servername;
} }
$from_form = TRUE; $from_form = true;
} }
// At the end, try to set the $PHP_AUTH_USER & $PHP_AUTH_PW variables // At the end, try to set the $PHP_AUTH_USER & $PHP_AUTH_PW variables
@@ -316,17 +316,17 @@ function PMA_auth_check()
// servername // servername
if (!empty($pma_cookie_servername)) { if (!empty($pma_cookie_servername)) {
$pma_auth_server = $pma_cookie_servername; $pma_auth_server = $pma_cookie_servername;
$from_cookie = TRUE; $from_cookie = true;
} elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) { } elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_servername-' . $server])) {
$pma_auth_server = $_COOKIE['pma_cookie_servername-' . $server]; $pma_auth_server = $_COOKIE['pma_cookie_servername-' . $server];
$from_cookie = TRUE; $from_cookie = true;
} }
} }
// username // username
if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username-' . $server])) { if (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_username-' . $server])) {
$PHP_AUTH_USER = $_COOKIE['pma_cookie_username-' . $server]; $PHP_AUTH_USER = $_COOKIE['pma_cookie_username-' . $server];
$from_cookie = TRUE; $from_cookie = true;
} }
$decrypted_user = PMA_blowfish_decrypt($PHP_AUTH_USER, $GLOBALS['cfg']['blowfish_secret']); $decrypted_user = PMA_blowfish_decrypt($PHP_AUTH_USER, $GLOBALS['cfg']['blowfish_secret']);
if (!empty($decrypted_user)) { if (!empty($decrypted_user)) {
@@ -344,10 +344,10 @@ function PMA_auth_check()
// alerting users with a error after "much" time has passed, // alerting users with a error after "much" time has passed,
// for example next morning. // for example next morning.
if ($decrypted_time > $GLOBALS['current_time'] - ($GLOBALS['cfg']['LoginCookieValidity'] * 4)) { if ($decrypted_time > $GLOBALS['current_time'] - ($GLOBALS['cfg']['LoginCookieValidity'] * 4)) {
$GLOBALS['no_activity'] = TRUE; $GLOBALS['no_activity'] = true;
PMA_auth_fails(); PMA_auth_fails();
} }
return FALSE; return false;
} }
// password // password
@@ -356,7 +356,7 @@ function PMA_auth_check()
} elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_password-' . $server])) { } elseif (!empty($_COOKIE) && isset($_COOKIE['pma_cookie_password-' . $server])) {
$PHP_AUTH_PW = $_COOKIE['pma_cookie_password-' . $server]; $PHP_AUTH_PW = $_COOKIE['pma_cookie_password-' . $server];
} else { } else {
$from_cookie = FALSE; $from_cookie = false;
} }
$PHP_AUTH_PW = PMA_blowfish_decrypt($PHP_AUTH_PW, $GLOBALS['cfg']['blowfish_secret'] . $decrypted_time); $PHP_AUTH_PW = PMA_blowfish_decrypt($PHP_AUTH_PW, $GLOBALS['cfg']['blowfish_secret'] . $decrypted_time);
@@ -367,12 +367,12 @@ function PMA_auth_check()
// Returns whether we get authentication settings or not // Returns whether we get authentication settings or not
if (!$from_cookie && !$from_form) { if (!$from_cookie && !$from_form) {
return FALSE; return false;
} elseif ($from_cookie) { } elseif ($from_cookie) {
return TRUE; return true;
} else { } else {
// we don't need to strip here, it is done in grab_globals // we don't need to strip here, it is done in grab_globals
return TRUE; return true;
} }
} // end of the 'PMA_auth_check()' function } // end of the 'PMA_auth_check()' function
@@ -412,13 +412,13 @@ function PMA_auth_set_user()
} // end for } // end for
} // end if } // end if
$pma_server_changed = FALSE; $pma_server_changed = false;
if ($GLOBALS['cfg']['AllowArbitraryServer'] if ($GLOBALS['cfg']['AllowArbitraryServer']
&& isset($pma_auth_server) && !empty($pma_auth_server) && isset($pma_auth_server) && !empty($pma_auth_server)
&& ($cfg['Server']['host'] != $pma_auth_server) && ($cfg['Server']['host'] != $pma_auth_server)
) { ) {
$cfg['Server']['host'] = $pma_auth_server; $cfg['Server']['host'] = $pma_auth_server;
$pma_server_changed = TRUE; $pma_server_changed = true;
} }
$cfg['Server']['user'] = $PHP_AUTH_USER; $cfg['Server']['user'] = $PHP_AUTH_USER;
$cfg['Server']['password'] = $PHP_AUTH_PW; $cfg['Server']['password'] = $PHP_AUTH_PW;
@@ -481,7 +481,7 @@ function PMA_auth_set_user()
exit(); exit();
} // end if } // end if
return TRUE; return true;
} // end of the 'PMA_auth_set_user()' function } // end of the 'PMA_auth_set_user()' function
@@ -494,7 +494,7 @@ function PMA_auth_set_user()
*/ */
function PMA_auth_fails() function PMA_auth_fails()
{ {
global $conn_error, $server; global $conn_error, $server;
// Deletes password cookie and displays the login form // Deletes password cookie and displays the login form
setcookie('pma_cookie_password-' . $server, '', 0, $GLOBALS['cookie_path'], '', $GLOBALS['is_https']); setcookie('pma_cookie_password-' . $server, '', 0, $GLOBALS['cookie_path'], '', $GLOBALS['is_https']);
@@ -504,8 +504,8 @@ global $conn_error, $server;
} elseif (isset($GLOBALS['no_activity']) && $GLOBALS['no_activity']) { } elseif (isset($GLOBALS['no_activity']) && $GLOBALS['no_activity']) {
$conn_error = sprintf($GLOBALS['strNoActivity'], $GLOBALS['cfg']['LoginCookieValidity']); $conn_error = sprintf($GLOBALS['strNoActivity'], $GLOBALS['cfg']['LoginCookieValidity']);
// Remember where we got timeout to return on same place // Remember where we got timeout to return on same place
if (isset($_SERVER['SCRIPT_NAME'])) { if (getenv('SCRIPT_NAME')) {
$GLOBALS['target'] = basename($_SERVER['SCRIPT_NAME']); $GLOBALS['target'] = basename(getenv('SCRIPT_NAME'));
} }
} elseif (PMA_DBI_getError()) { } elseif (PMA_DBI_getError()) {
$conn_error = PMA_sanitize(PMA_DBI_getError()); $conn_error = PMA_sanitize(PMA_DBI_getError());
@@ -517,7 +517,7 @@ global $conn_error, $server;
PMA_auth(); PMA_auth();
return TRUE; return true;
} // end of the 'PMA_auth_fails()' function } // end of the 'PMA_auth_fails()' function
?> ?>

44
libraries/auth/http.auth.lib.php
View File

@@ -29,11 +29,11 @@ function PMA_auth() {
header('Content-Type: text/html; charset=' . $GLOBALS['charset']); header('Content-Type: text/html; charset=' . $GLOBALS['charset']);
/* HTML header */ /* HTML header */
$page_title = $GLOBALS['strAccessDenied']; $page_title = $GLOBALS['strAccessDenied'];
require('./libraries/header_meta_style.inc.php'); require './libraries/header_meta_style.inc.php';
?> ?>
</head> </head>
<body> <body>
<?php require('./libraries/header_custom.inc.php'); ?> <?php require './libraries/header_custom.inc.php'; ?>
<br /><br /> <br /><br />
<center> <center>
@@ -42,7 +42,7 @@ function PMA_auth() {
<br /> <br />
<div class="warning"><?php echo $GLOBALS['strWrongUser']; ?></div> <div class="warning"><?php echo $GLOBALS['strWrongUser']; ?></div>
<?php require('./libraries/footer_custom.inc.php'); ?> <?php require './libraries/footer_custom.inc.php'; ?>
</body> </body>
</html> </html>
@@ -79,23 +79,19 @@ function PMA_auth_check()
// 'register_globals' and the 'variables_order' directives // 'register_globals' and the 'variables_order' directives
// loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+ // loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
if (empty($PHP_AUTH_USER)) { if (empty($PHP_AUTH_USER)) {
if (!empty($_SERVER) && isset($_SERVER['PHP_AUTH_USER'])) { if (getenv('PHP_AUTH_USER')) {
$PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER']; $PHP_AUTH_USER = getenv('PHP_AUTH_USER');
} } elseif (getenv('REMOTE_USER')) {
// CGI, might be encoded, see bellow // CGI, might be encoded, see bellow
elseif (@getenv('REMOTE_USER')) {
$PHP_AUTH_USER = getenv('REMOTE_USER'); $PHP_AUTH_USER = getenv('REMOTE_USER');
} } elseif (getenv('AUTH_USER')) {
// WebSite Professional // WebSite Professional
elseif (@getenv('AUTH_USER')) {
$PHP_AUTH_USER = getenv('AUTH_USER'); $PHP_AUTH_USER = getenv('AUTH_USER');
} } elseif (getenv('HTTP_AUTHORIZATION')) {
// IIS, might be encoded, see bellow // IIS, might be encoded, see bellow
elseif (@getenv('HTTP_AUTHORIZATION')) {
$PHP_AUTH_USER = getenv('HTTP_AUTHORIZATION'); $PHP_AUTH_USER = getenv('HTTP_AUTHORIZATION');
} } elseif (getenv('Authorization')) {
// FastCGI, might be encoded, see bellow // FastCGI, might be encoded, see bellow
elseif (@getenv('Authorization')) {
$PHP_AUTH_USER = getenv('Authorization'); $PHP_AUTH_USER = getenv('Authorization');
} }
} }
@@ -103,8 +99,8 @@ function PMA_auth_check()
// 'register_globals' and the 'variables_order' directives // 'register_globals' and the 'variables_order' directives
// loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+ // loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
if (empty($PHP_AUTH_PW)) { if (empty($PHP_AUTH_PW)) {
if (!empty($_SERVER) && isset($_SERVER['PHP_AUTH_PW'])) { if (getenv('PHP_AUTH_PW')) {
$PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW']; $PHP_AUTH_PW = getenv('PHP_AUTH_PW');
} }
// Apache/CGI // Apache/CGI
elseif (@getenv('REMOTE_PASSWORD')) { elseif (@getenv('REMOTE_PASSWORD')) {
@@ -119,7 +115,7 @@ function PMA_auth_check()
// Decode possibly encoded information (used by IIS/CGI/FastCGI) // Decode possibly encoded information (used by IIS/CGI/FastCGI)
if (strcmp(substr($PHP_AUTH_USER, 0, 6), 'Basic ') == 0) { if (strcmp(substr($PHP_AUTH_USER, 0, 6), 'Basic ') == 0) {
$usr_pass = base64_decode(substr($PHP_AUTH_USER, 6)); $usr_pass = base64_decode(substr($PHP_AUTH_USER, 6));
if (!empty($usr_pass) && strpos($usr_pass, ':') !== FALSE) { if (!empty($usr_pass) && strpos($usr_pass, ':') !== false) {
list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', $usr_pass); list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', $usr_pass);
} }
unset($usr_pass); unset($usr_pass);
@@ -133,9 +129,9 @@ function PMA_auth_check()
// Returns whether we get authentication settings or not // Returns whether we get authentication settings or not
if (empty($PHP_AUTH_USER)) { if (empty($PHP_AUTH_USER)) {
return FALSE; return false;
} else { } else {
return TRUE; return true;
} }
} // end of the 'PMA_auth_check()' function } // end of the 'PMA_auth_check()' function
@@ -175,7 +171,7 @@ function PMA_auth_set_user()
$cfg['Server']['user'] = $PHP_AUTH_USER; $cfg['Server']['user'] = $PHP_AUTH_USER;
$cfg['Server']['password'] = $PHP_AUTH_PW; $cfg['Server']['password'] = $PHP_AUTH_PW;
return TRUE; return true;
} // end of the 'PMA_auth_set_user()' function } // end of the 'PMA_auth_set_user()' function
@@ -190,7 +186,7 @@ function PMA_auth_fails()
{ {
PMA_auth(); PMA_auth();
return TRUE; return true;
} // end of the 'PMA_auth_fails()' function } // end of the 'PMA_auth_fails()' function
?> ?>

4
libraries/common.lib.php
View File

@@ -1867,7 +1867,7 @@ window.parent.updateTableTitle('<?php echo $uni_tbl; ?>', '<?php echo PMA_jsForm
} elseif (!empty($tab['active']) } elseif (!empty($tab['active'])
|| (isset($GLOBALS['active_page']) || (isset($GLOBALS['active_page'])
&& $GLOBALS['active_page'] == $tab['link']) && $GLOBALS['active_page'] == $tab['link'])
|| basename($_SERVER['PHP_SELF']) == $tab['link']) || basename(getenv('PHP_SELF')) == $tab['link'])
{ {
$tab['class'] = 'active'; $tab['class'] = 'active';
} }
@@ -2579,7 +2579,7 @@ if (isset($_POST['usesubform'])) {
$_POST = $subform; $_POST = $subform;
$_REQUEST = $subform; $_REQUEST = $subform;
if (isset($_POST['redirect']) if (isset($_POST['redirect'])
&& $_POST['redirect'] != basename($_SERVER['PHP_SELF'])) { && $_POST['redirect'] != basename(getenv('PHP_SELF'))) {
$__redirect = $_POST['redirect']; $__redirect = $_POST['redirect'];
unset($_POST['redirect']); unset($_POST['redirect']);
} // end if (isset($_POST['redirect'])) } // end if (isset($_POST['redirect']))

6
libraries/footer.inc.php
View File

@@ -80,13 +80,13 @@ if (!isset($GLOBALS['checked_special'])) {
$GLOBALS['checked_special'] = FALSE; $GLOBALS['checked_special'] = FALSE;
} }
if (isset($_SERVER['SCRIPT_NAME']) && empty($_POST) && !$GLOBALS['checked_special']) { if (getenv('SCRIPT_NAME') && empty($_POST) && !$GLOBALS['checked_special']) {
echo '<div id="selflink" class="print_ignore">' . "\n"; echo '<div id="selflink" class="print_ignore">' . "\n";
$url_params['target'] = basename($_SERVER['SCRIPT_NAME']); $url_params['target'] = basename(getenv('SCRIPT_NAME'));
echo '<a href="index.php' . PMA_generate_common_url($url_params) . '"' echo '<a href="index.php' . PMA_generate_common_url($url_params) . '"'
. ' title="' . $GLOBALS['strOpenNewWindow'] . '" target="_blank">'; . ' title="' . $GLOBALS['strOpenNewWindow'] . '" target="_blank">';
/* /*
echo '<a href="index.php?target=' . basename($_SERVER['SCRIPT_NAME']); echo '<a href="index.php?target=' . basename(getenv('SCRIPT_NAME'));
$url = PMA_generate_common_url(isset($GLOBALS['db']) ? $GLOBALS['db'] : '', isset($GLOBALS['table']) ? $GLOBALS['table'] : ''); $url = PMA_generate_common_url(isset($GLOBALS['db']) ? $GLOBALS['db'] : '', isset($GLOBALS['table']) ? $GLOBALS['table'] : '');
if (!empty($url)) { if (!empty($url)) {
echo '&amp;' . $url; echo '&amp;' . $url;

2514
libraries/fpdf/fpdf.php
View File

File diff suppressed because it is too large Load Diff

43
libraries/grab_globals.lib.php
View File

@@ -82,39 +82,38 @@ $_import_blacklist = array(
//'/^PMA_.*$/i', // other PMA variables //'/^PMA_.*$/i', // other PMA variables
); );
if ( ! empty( $_GET ) ) { if (! empty($_GET)) {
PMA_gpc_extract($_GET, $GLOBALS); PMA_gpc_extract($_GET, $GLOBALS);
} }
if ( ! empty( $_POST ) ) { if (! empty($_POST)) {
PMA_gpc_extract($_POST, $GLOBALS); PMA_gpc_extract($_POST, $GLOBALS);
} }
if ( ! empty( $_FILES ) ) { if (! empty($_FILES)) {
foreach ( $_FILES AS $name => $value ) { foreach ($_FILES as $name => $value) {
$$name = $value['tmp_name']; $$name = $value['tmp_name'];
${$name . '_name'} = $value['name']; ${$name . '_name'} = $value['name'];
} }
unset( $name, $value ); unset($name, $value);
} }
if ( ! empty( $_SERVER ) ) { /**
$server_vars = array('PHP_SELF', 'HTTP_ACCEPT_LANGUAGE', 'HTTP_AUTHORIZATION'); * globalize some environment variables
foreach ( $server_vars as $current ) { */
// its not important HOW we detect html tags $server_vars = array('PHP_SELF', 'HTTP_ACCEPT_LANGUAGE', 'HTTP_AUTHORIZATION');
// its more important to prevent XSS foreach ($server_vars as $current) {
// so its not important if we result in an invalid string, // its not important HOW we detect html tags
// its even better than a XSS capable string // its more important to prevent XSS
if ( isset( $_SERVER[$current] ) && false === strpos($_SERVER[$current], '<') ) { // so its not important if we result in an invalid string,
$$current = $_SERVER[$current]; // its even better than a XSS capable string
// already importet by register_globals? if (getenv($current) && false === strpos(getenv($current), '<')) {
} elseif ( ! isset( $$current ) || false !== strpos($$current, '<') ) { $$current = getenv($current);
$$current = ''; // already importet by register_globals?
} } elseif (! isset($$current) || false !== strpos($$current, '<')) {
$$current = '';
} }
unset( $server_vars, $current ); }
} // end if unset($server_vars, $current, $_import_blacklist);
unset( $_import_blacklist );
?> ?>

20
libraries/header.inc.php
View File

@@ -2,15 +2,15 @@
/* $Id$ */ /* $Id$ */
// vim: expandtab sw=4 ts=4 sts=4: // vim: expandtab sw=4 ts=4 sts=4:
require_once('./libraries/common.lib.php'); require_once './libraries/common.lib.php';
if (empty($GLOBALS['is_header_sent'])) { if (empty($GLOBALS['is_header_sent'])) {
/** /**
* Gets a core script and starts output buffering work * Gets a core script and starts output buffering work
*/ */
require_once('./libraries/common.lib.php'); require_once './libraries/common.lib.php';
require_once('./libraries/ob.lib.php'); require_once './libraries/ob.lib.php';
if ($GLOBALS['cfg']['OBGzip']) { if ($GLOBALS['cfg']['OBGzip']) {
$GLOBALS['ob_mode'] = PMA_outBufferModeGet(); $GLOBALS['ob_mode'] = PMA_outBufferModeGet();
if ($GLOBALS['ob_mode']) { if ($GLOBALS['ob_mode']) {
@@ -22,8 +22,8 @@ if (empty($GLOBALS['is_header_sent'])) {
// to a seperate file. It can now be included by header.inc.php, // to a seperate file. It can now be included by header.inc.php,
// querywindow.php. // querywindow.php.
require_once('./libraries/header_http.inc.php'); require_once './libraries/header_http.inc.php';
require_once('./libraries/header_meta_style.inc.php'); require_once './libraries/header_meta_style.inc.php';
// generate title // generate title
$title = str_replace( $title = str_replace(
@@ -37,7 +37,7 @@ if (empty($GLOBALS['is_header_sent'])) {
'@PHPMYADMIN@', '@PHPMYADMIN@',
), ),
array( array(
isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '', getenv('HTTP_HOST') ? getenv('HTTP_HOST') : '',
isset($GLOBALS['cfg']['Server']['host']) ? $GLOBALS['cfg']['Server']['host'] : '', isset($GLOBALS['cfg']['Server']['host']) ? $GLOBALS['cfg']['Server']['host'] : '',
isset($GLOBALS['cfg']['Server']['verbose']) ? $GLOBALS['cfg']['Server']['verbose'] : '', isset($GLOBALS['cfg']['Server']['verbose']) ? $GLOBALS['cfg']['Server']['verbose'] : '',
!empty($GLOBALS['cfg']['Server']['verbose']) ? $GLOBALS['cfg']['Server']['verbose'] : (isset($GLOBALS['cfg']['Server']['host']) ? $GLOBALS['cfg']['Server']['host'] : ''), !empty($GLOBALS['cfg']['Server']['verbose']) ? $GLOBALS['cfg']['Server']['verbose'] : (isset($GLOBALS['cfg']['Server']['host']) ? $GLOBALS['cfg']['Server']['host'] : ''),
@@ -137,7 +137,7 @@ if (empty($GLOBALS['is_header_sent'])) {
<?php <?php
// Include possible custom headers // Include possible custom headers
require_once('./libraries/header_custom.inc.php'); require_once './libraries/header_custom.inc.php';
if (!defined('PMA_DISPLAY_HEADING')) { if (!defined('PMA_DISPLAY_HEADING')) {
define('PMA_DISPLAY_HEADING', 1); define('PMA_DISPLAY_HEADING', 1);
@@ -187,7 +187,7 @@ if (empty($GLOBALS['is_header_sent'])) {
's_db.png' ); 's_db.png' );
if (isset($GLOBALS['table']) && strlen($GLOBALS['table'])) { if (isset($GLOBALS['table']) && strlen($GLOBALS['table'])) {
require_once('./libraries/tbl_properties_table_info.inc.php'); require_once './libraries/tbl_properties_table_info.inc.php';
echo $separator; echo $separator;
printf( $item, printf( $item,
@@ -215,7 +215,7 @@ if (empty($GLOBALS['is_header_sent'])) {
/** /**
* Settings for relations stuff * Settings for relations stuff
*/ */
require_once('./libraries/relation.lib.php'); require_once './libraries/relation.lib.php';
$cfgRelation = PMA_getRelationsParam(); $cfgRelation = PMA_getRelationsParam();
// Get additional information about tables for tooltip is done // Get additional information about tables for tooltip is done
@@ -241,6 +241,6 @@ if (empty($GLOBALS['is_header_sent'])) {
/** /**
* Sets a variable to remember headers have been sent * Sets a variable to remember headers have been sent
*/ */
$GLOBALS['is_header_sent'] = TRUE; $GLOBALS['is_header_sent'] = true;
} }
?> ?>

126
libraries/ip_allow_deny.lib.php
View File

@@ -22,78 +22,30 @@ function PMA_getIp()
global $HTTP_VIA, $HTTP_X_COMING_FROM, $HTTP_COMING_FROM; global $HTTP_VIA, $HTTP_X_COMING_FROM, $HTTP_COMING_FROM;
// Get some server/environment variables values // Get some server/environment variables values
if (empty($REMOTE_ADDR)) { if (empty($REMOTE_ADDR) && getenv('REMOTE_ADDR')) {
if (!empty($_SERVER) && isset($_SERVER['REMOTE_ADDR'])) { $REMOTE_ADDR = getenv('REMOTE_ADDR');
$REMOTE_ADDR = $_SERVER['REMOTE_ADDR']; }
} elseif (!empty($_ENV) && isset($_ENV['REMOTE_ADDR'])) { if (empty($HTTP_X_FORWARDED_FOR) && getenv('HTTP_X_FORWARDED_FOR')) {
$REMOTE_ADDR = $_ENV['REMOTE_ADDR']; $HTTP_X_FORWARDED_FOR = getenv('HTTP_X_FORWARDED_FOR');
} elseif (@getenv('REMOTE_ADDR')) { }
$REMOTE_ADDR = getenv('REMOTE_ADDR'); if (empty($HTTP_X_FORWARDED) && getenv('HTTP_X_FORWARDED')) {
} $HTTP_X_FORWARDED = getenv('HTTP_X_FORWARDED');
} // end if }
if (empty($HTTP_X_FORWARDED_FOR)) { if (empty($HTTP_FORWARDED_FOR) && getenv('HTTP_FORWARDED_FOR')) {
if (!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $HTTP_FORWARDED_FOR = getenv('HTTP_FORWARDED_FOR');
$HTTP_X_FORWARDED_FOR = $_SERVER['HTTP_X_FORWARDED_FOR']; }
} elseif (!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED_FOR'])) { if (empty($HTTP_FORWARDED) && getenv('HTTP_FORWARDED')) {
$HTTP_X_FORWARDED_FOR = $_ENV['HTTP_X_FORWARDED_FOR']; $HTTP_FORWARDED = getenv('HTTP_FORWARDED');
} elseif (@getenv('HTTP_X_FORWARDED_FOR')) { }
$HTTP_X_FORWARDED_FOR = getenv('HTTP_X_FORWARDED_FOR'); if (empty($HTTP_VIA) && getenv('HTTP_VIA')) {
} $HTTP_VIA = getenv('HTTP_VIA');
} // end if }
if (empty($HTTP_X_FORWARDED)) { if (empty($HTTP_X_COMING_FROM) && getenv('HTTP_X_COMING_FROM')) {
if (!empty($_SERVER) && isset($_SERVER['HTTP_X_FORWARDED'])) { $HTTP_X_COMING_FROM = getenv('HTTP_X_COMING_FROM');
$HTTP_X_FORWARDED = $_SERVER['HTTP_X_FORWARDED']; }
} elseif (!empty($_ENV) && isset($_ENV['HTTP_X_FORWARDED'])) { if (empty($HTTP_COMING_FROM) && getenv('HTTP_COMING_FROM')) {
$HTTP_X_FORWARDED = $_ENV['HTTP_X_FORWARDED']; $HTTP_COMING_FROM = getenv('HTTP_COMING_FROM');
} elseif (@getenv('HTTP_X_FORWARDED')) { }
$HTTP_X_FORWARDED = getenv('HTTP_X_FORWARDED');
}
} // end if
if (empty($HTTP_FORWARDED_FOR)) {
if (!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED_FOR'])) {
$HTTP_FORWARDED_FOR = $_SERVER['HTTP_FORWARDED_FOR'];
} elseif (!empty($_ENV) && isset($_ENV['HTTP_FORWARDED_FOR'])) {
$HTTP_FORWARDED_FOR = $_ENV['HTTP_FORWARDED_FOR'];
} elseif (@getenv('HTTP_FORWARDED_FOR')) {
$HTTP_FORWARDED_FOR = getenv('HTTP_FORWARDED_FOR');
}
} // end if
if (empty($HTTP_FORWARDED)) {
if (!empty($_SERVER) && isset($_SERVER['HTTP_FORWARDED'])) {
$HTTP_FORWARDED = $_SERVER['HTTP_FORWARDED'];
} elseif (!empty($_ENV) && isset($_ENV['HTTP_FORWARDED'])) {
$HTTP_FORWARDED = $_ENV['HTTP_FORWARDED'];
} elseif (@getenv('HTTP_FORWARDED')) {
$HTTP_FORWARDED = getenv('HTTP_FORWARDED');
}
} // end if
if (empty($HTTP_VIA)) {
if (!empty($_SERVER) && isset($_SERVER['HTTP_VIA'])) {
$HTTP_VIA = $_SERVER['HTTP_VIA'];
} elseif (!empty($_ENV) && isset($_ENV['HTTP_VIA'])) {
$HTTP_VIA = $_ENV['HTTP_VIA'];
} elseif (@getenv('HTTP_VIA')) {
$HTTP_VIA = getenv('HTTP_VIA');
}
} // end if
if (empty($HTTP_X_COMING_FROM)) {
if (!empty($_SERVER) && isset($_SERVER['HTTP_X_COMING_FROM'])) {
$HTTP_X_COMING_FROM = $_SERVER['HTTP_X_COMING_FROM'];
} elseif (!empty($_ENV) && isset($_ENV['HTTP_X_COMING_FROM'])) {
$HTTP_X_COMING_FROM = $_ENV['HTTP_X_COMING_FROM'];
} elseif (@getenv('HTTP_X_COMING_FROM')) {
$HTTP_X_COMING_FROM = getenv('HTTP_X_COMING_FROM');
}
} // end if
if (empty($HTTP_COMING_FROM)) {
if (!empty($_SERVER) && isset($_SERVER['HTTP_COMING_FROM'])) {
$HTTP_COMING_FROM = $_SERVER['HTTP_COMING_FROM'];
} elseif (!empty($_ENV) && isset($_ENV['HTTP_COMING_FROM'])) {
$HTTP_COMING_FROM = $_ENV['HTTP_COMING_FROM'];
} elseif (@getenv('HTTP_COMING_FROM')) {
$HTTP_COMING_FROM = getenv('HTTP_COMING_FROM');
}
} // end if
// Gets the default ip sent by the user // Gets the default ip sent by the user
if (!empty($REMOTE_ADDR)) { if (!empty($REMOTE_ADDR)) {
@@ -118,7 +70,7 @@ function PMA_getIp()
$proxy_ip = $HTTP_COMING_FROM; $proxy_ip = $HTTP_COMING_FROM;
} // end if... elseif... } // end if... elseif...
// Returns the true IP if it has been found, else FALSE // Returns the true IP if it has been found, else false
if (empty($proxy_ip)) { if (empty($proxy_ip)) {
// True IP without proxy // True IP without proxy
return $direct_ip; return $direct_ip;
@@ -130,7 +82,7 @@ function PMA_getIp()
} else { } else {
// Can't define IP: there is a proxy but we don't have // Can't define IP: there is a proxy but we don't have
// information about the true IP // information about the true IP
return FALSE; return false;
} }
} // end if... else... } // end if... else...
} // end of the 'PMA_getIp()' function } // end of the 'PMA_getIp()' function
@@ -159,7 +111,7 @@ function PMA_getIp()
*/ */
function PMA_ipMaskTest($testRange, $ipToTest) function PMA_ipMaskTest($testRange, $ipToTest)
{ {
$result = TRUE; $result = true;
if (preg_match('|([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/([0-9]+)|', $testRange, $regs)) { if (preg_match('|([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/([0-9]+)|', $testRange, $regs)) {
// performs a mask match // performs a mask match
@@ -175,9 +127,9 @@ function PMA_ipMaskTest($testRange, $ipToTest)
} // end for } // end for
if (($maskl & $rangel) == ($maskl & $ipl)) { if (($maskl & $rangel) == ($maskl & $ipl)) {
return TRUE; return true;
} else { } else {
return FALSE; return false;
} }
} else { } else {
// range based // range based
@@ -189,11 +141,11 @@ function PMA_ipMaskTest($testRange, $ipToTest)
if (preg_match('|\[([0-9]+)\-([0-9]+)\]|', $maskocts[$i], $regs)) { if (preg_match('|\[([0-9]+)\-([0-9]+)\]|', $maskocts[$i], $regs)) {
if (($ipocts[$i] > $regs[2]) if (($ipocts[$i] > $regs[2])
|| ($ipocts[$i] < $regs[1])) { || ($ipocts[$i] < $regs[1])) {
$result = FALSE; $result = false;
} // end if } // end if
} else { } else {
if ($maskocts[$i] <> $ipocts[$i]) { if ($maskocts[$i] <> $ipocts[$i]) {
$result = FALSE; $result = false;
} // end if } // end if
} // end if/else } // end if/else
} //end for } //end for
@@ -221,7 +173,7 @@ function PMA_allowDeny($type)
// Grabs true IP of the user and returns if it can't be found // Grabs true IP of the user and returns if it can't be found
$remote_ip = PMA_getIp(); $remote_ip = PMA_getIp();
if (empty($remote_ip)) { if (empty($remote_ip)) {
return FALSE; return false;
} }
// copy username // copy username
@@ -237,13 +189,13 @@ function PMA_allowDeny($type)
); );
// Provide some useful shortcuts if server gives us address: // Provide some useful shortcuts if server gives us address:
if (isset($_SERVER['SERVER_ADDR'])) { if (getenv('SERVER_ADDR')) {
$shortcuts['localnetA'] = $_SERVER['SERVER_ADDR'] . '/8'; $shortcuts['localnetA'] = getenv('SERVER_ADDR') . '/8';
$shortcuts['localnetB'] = $_SERVER['SERVER_ADDR'] . '/16'; $shortcuts['localnetB'] = getenv('SERVER_ADDR') . '/16';
$shortcuts['localnetC'] = $_SERVER['SERVER_ADDR'] . '/24'; $shortcuts['localnetC'] = getenv('SERVER_ADDR') . '/24';
} }
foreach ($rules AS $rule) { foreach ($rules as $rule) {
// extract rule data // extract rule data
$rule_data = explode(' ', $rule); $rule_data = explode(' ', $rule);
@@ -275,11 +227,11 @@ function PMA_allowDeny($type)
// Do the actual matching now // Do the actual matching now
if (PMA_ipMaskTest($rule_data[2], $remote_ip)) { if (PMA_ipMaskTest($rule_data[2], $remote_ip)) {
return TRUE; return true;
} }
} // end while } // end while
return FALSE; return false;
} // end of the "PMA_AllowDeny()" function } // end of the "PMA_AllowDeny()" function
?> ?>

8
libraries/select_lang.lib.php
View File

@@ -53,8 +53,8 @@ function PMA_langCheck()
} }
// try to findout user's language by checking its HTTP_ACCEPT_LANGUAGE variable // try to findout user's language by checking its HTTP_ACCEPT_LANGUAGE variable
if (! empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { if (getenv('HTTP_ACCEPT_LANGUAGE')) {
foreach (explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']) as $lang) { foreach (explode(',', getenv('HTTP_ACCEPT_LANGUAGE')) as $lang) {
if (PMA_langDetect($lang, 1)) { if (PMA_langDetect($lang, 1)) {
return true; return true;
} }
@@ -62,7 +62,7 @@ function PMA_langCheck()
} }
// try to findout user's language by checking its HTTP_USER_AGENT variable // try to findout user's language by checking its HTTP_USER_AGENT variable
if (PMA_langDetect($_SERVER['HTTP_USER_AGENT'], 2)) { if (PMA_langDetect(getenv('HTTP_USER_AGENT'), 2)) {
return true; return true;
} }
@@ -405,7 +405,7 @@ if (! PMA_langCheck()) {
// Defines the associated filename and load the translation // Defines the associated filename and load the translation
$lang_file = $lang_path . $available_languages[$GLOBALS['lang']][1] . '.inc.php'; $lang_file = $lang_path . $available_languages[$GLOBALS['lang']][1] . '.inc.php';
require_once($lang_file); require_once $lang_file;
// now, that we have loaded the language strings we can send the errors // now, that we have loaded the language strings we can send the errors
if ($lang_failed_cfg) { if ($lang_failed_cfg) {