[setup] avoid usage of (un)serialize, what might be unsafe in some cases
This commit is contained in:
Michal Čihař
@@ -10,6 +10,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
|
|||||||
Kinkhorst)
|
Kinkhorst)
|
||||||
- [core] do not automatically set and create TempDir, it might lead to security
|
- [core] do not automatically set and create TempDir, it might lead to security
|
||||||
issue (thanks to Thijs Kinkhorst)
|
issue (thanks to Thijs Kinkhorst)
|
||||||
|
- [setup] avoid usage of (un)serialize, what might be unsafe in some cases
|
||||||
|
|
||||||
2.11.9.6 (2009-10-12)
|
2.11.9.6 (2009-10-12)
|
||||||
- [security] XSS and SQL injection, thanks to Herman van Rink
|
- [security] XSS and SQL injection, thanks to Herman van Rink
|
||||||
|
|||||||
@@ -37,35 +37,32 @@ if (isset($_POST['action'])) {
|
|||||||
|
|
||||||
// Grab wanted CRLF type
|
// Grab wanted CRLF type
|
||||||
if (isset($_POST['eoltype'])) {
|
if (isset($_POST['eoltype'])) {
|
||||||
$eoltype = $_POST['eoltype'];
|
$_SESSION['eoltype'] = $_POST['eoltype'];
|
||||||
} else {
|
} else {
|
||||||
if (PMA_USR_OS == 'Win') {
|
if (PMA_USR_OS == 'Win') {
|
||||||
$eoltype = 'dos';
|
$_SESSION['eoltype'] = 'dos';
|
||||||
} else {
|
} else {
|
||||||
$eoltype = 'unix';
|
$_SESSION['eoltype'] = 'unix';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Detect which CRLF to use
|
// Detect which CRLF to use
|
||||||
if ($eoltype == 'dos') {
|
if ($_SESSION['eoltype'] == 'dos') {
|
||||||
$crlf = "\r\n";
|
$crlf = "\r\n";
|
||||||
} elseif ($eoltype == 'mac') {
|
} elseif ($_SESSION['eoltype'] == 'mac') {
|
||||||
$crlf = "\r";
|
$crlf = "\r";
|
||||||
} else {
|
} else {
|
||||||
$crlf = "\n";
|
$crlf = "\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($_POST['configuration']) && $action != 'clear') {
|
if (!isset($_SESSION['configuration']) || $action == 'clear') {
|
||||||
// Grab previous configuration, if it should not be cleared
|
// Create empty configuration
|
||||||
$configuration = unserialize($_POST['configuration']);
|
$_SESSION['configuration'] = array();
|
||||||
} else {
|
|
||||||
// Start with empty configuration
|
|
||||||
$configuration = array();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// We rely on Servers array to exist, so create it here
|
// We rely on Servers array to exist, so create it here
|
||||||
if (!isset($configuration['Servers']) || !is_array($configuration['Servers'])) {
|
if (!isset($_SESSION['configuration']['Servers']) || !is_array($_SESSION['configuration']['Servers'])) {
|
||||||
$configuration['Servers'] = array();
|
$_SESSION['configuration']['Servers'] = array();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Used later
|
// Used later
|
||||||
@@ -340,20 +337,6 @@ function message($type, $text, $title = '') {
|
|||||||
echo '</div>' . "\n";
|
echo '</div>' . "\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Creates hidden input required for keeping current configuraion
|
|
||||||
*
|
|
||||||
* @return string HTML with hidden inputs
|
|
||||||
*/
|
|
||||||
function get_hidden_cfg() {
|
|
||||||
global $configuration, $eoltype;
|
|
||||||
|
|
||||||
$ret = '<input type="hidden" name="configuration" value="' . htmlspecialchars(serialize($configuration)) . '" />' . "\n";
|
|
||||||
$ret .= '<input type="hidden" name="eoltype" value="' . htmlspecialchars($eoltype) . '" />' . "\n";
|
|
||||||
|
|
||||||
return $ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns needed hidden input for forms.
|
* Returns needed hidden input for forms.
|
||||||
*
|
*
|
||||||
@@ -383,7 +366,6 @@ function get_action($name, $title, $added = '', $enabled = TRUE) {
|
|||||||
$ret .= ' disabled="disabled"';
|
$ret .= ' disabled="disabled"';
|
||||||
}
|
}
|
||||||
$ret .= ' />';
|
$ret .= ' />';
|
||||||
$ret .= get_hidden_cfg();
|
|
||||||
$ret .= '</form>';
|
$ret .= '</form>';
|
||||||
$ret .= "\n";
|
$ret .= "\n";
|
||||||
return $ret;
|
return $ret;
|
||||||
@@ -613,7 +595,7 @@ function compress_servers(&$cfg) {
|
|||||||
* @param string list of values to grab, values are separated by ";",
|
* @param string list of values to grab, values are separated by ";",
|
||||||
* each can have defined type separated by ":", if no type
|
* each can have defined type separated by ":", if no type
|
||||||
* is defined, string is assumed. Possible types: bool -
|
* is defined, string is assumed. Possible types: bool -
|
||||||
* boolean value, serialized - serialized value, int -
|
* boolean value, allow-deny - allow-deny rules, int -
|
||||||
* integer, tristate - "TRUE"/"FALSE" converted to bool,
|
* integer, tristate - "TRUE"/"FALSE" converted to bool,
|
||||||
* other strings are kept.
|
* other strings are kept.
|
||||||
*
|
*
|
||||||
@@ -632,9 +614,17 @@ function grab_values($list)
|
|||||||
case 'bool':
|
case 'bool':
|
||||||
$res[$v[0]] = isset($_POST[$v[0]]);
|
$res[$v[0]] = isset($_POST[$v[0]]);
|
||||||
break;
|
break;
|
||||||
case 'serialized':
|
case 'allow-deny':
|
||||||
if (isset($_POST[$v[0]]) && strlen($_POST[$v[0]]) > 0) {
|
$res[$v[0]] = array();
|
||||||
$res[$v[0]] = unserialize($_POST[$v[0]]);
|
if (isset($_POST[$v[0] . '_order']) && strlen($_POST[$v[0] . '_order']) > 0) {
|
||||||
|
$res[$v[0]]['order'] = $_POST[$v[0]];
|
||||||
|
} else {
|
||||||
|
$res[$v[0]]['order'] = '';
|
||||||
|
}
|
||||||
|
if (isset($_POST[$v[0] . '_rules']) && strlen($_POST[$v[0] . '_rules']) > 0) {
|
||||||
|
$res[$v[0]]['rules'] = split('|', $_POST[$v[0]]);
|
||||||
|
} else {
|
||||||
|
$res[$v[0]]['rules'] = array();
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'int':
|
case 'int':
|
||||||
@@ -819,7 +809,6 @@ function show_security_form($defaults = array()) {
|
|||||||
<?php echo get_hidden_inputs();?>
|
<?php echo get_hidden_inputs();?>
|
||||||
<input type="hidden" name="action" value="feat_security_real" />
|
<input type="hidden" name="action" value="feat_security_real" />
|
||||||
<?php
|
<?php
|
||||||
echo get_hidden_cfg();
|
|
||||||
show_config_form(array(
|
show_config_form(array(
|
||||||
array('Blowfish secret', 'blowfish_secret', 'Secret passphrase used for encrypting cookies'),
|
array('Blowfish secret', 'blowfish_secret', 'Secret passphrase used for encrypting cookies'),
|
||||||
array('Force SSL connection', 'ForceSSL', 'Whether to force using secured connection while using phpMyAdmin', FALSE),
|
array('Force SSL connection', 'ForceSSL', 'Whether to force using secured connection while using phpMyAdmin', FALSE),
|
||||||
@@ -850,7 +839,6 @@ function show_manual_form($defaults = array()) {
|
|||||||
<?php echo get_hidden_inputs();?>
|
<?php echo get_hidden_inputs();?>
|
||||||
<input type="hidden" name="action" value="feat_manual_real" />
|
<input type="hidden" name="action" value="feat_manual_real" />
|
||||||
<?php
|
<?php
|
||||||
echo get_hidden_cfg();
|
|
||||||
show_config_form(array(
|
show_config_form(array(
|
||||||
array('Type of MySQL documentation', 'MySQLManualType', 'These types are same as listed on MySQL download page', array('viewable', 'chapters', 'big', 'none')),
|
array('Type of MySQL documentation', 'MySQLManualType', 'These types are same as listed on MySQL download page', array('viewable', 'chapters', 'big', 'none')),
|
||||||
array('Base URL of MySQL documentation', 'MySQLManualBase', 'Where is MySQL documentation placed, this is usually top level directory.'),
|
array('Base URL of MySQL documentation', 'MySQLManualBase', 'Where is MySQL documentation placed, this is usually top level directory.'),
|
||||||
@@ -877,7 +865,6 @@ function show_charset_form($defaults = array()) {
|
|||||||
<?php echo get_hidden_inputs();?>
|
<?php echo get_hidden_inputs();?>
|
||||||
<input type="hidden" name="action" value="feat_charset_real" />
|
<input type="hidden" name="action" value="feat_charset_real" />
|
||||||
<?php
|
<?php
|
||||||
echo get_hidden_cfg();
|
|
||||||
show_config_form(array(
|
show_config_form(array(
|
||||||
array('Allow charset conversion', 'AllowAnywhereRecoding', 'If you want to use such functions.', FALSE),
|
array('Allow charset conversion', 'AllowAnywhereRecoding', 'If you want to use such functions.', FALSE),
|
||||||
array('Default charset', 'DefaultCharset', 'Default charset for conversion.', $PMA_Config_Setup->get('AvailableCharsets')),
|
array('Default charset', 'DefaultCharset', 'Default charset for conversion.', $PMA_Config_Setup->get('AvailableCharsets')),
|
||||||
@@ -905,7 +892,6 @@ function show_extensions_form($defaults = array()) {
|
|||||||
<?php echo get_hidden_inputs();?>
|
<?php echo get_hidden_inputs();?>
|
||||||
<input type="hidden" name="action" value="feat_extensions_real" />
|
<input type="hidden" name="action" value="feat_extensions_real" />
|
||||||
<?php
|
<?php
|
||||||
echo get_hidden_cfg();
|
|
||||||
show_config_form(array(
|
show_config_form(array(
|
||||||
array('GD 2 is available', 'GD2Available', 'Whether you have GD 2 or newer installed', array('auto', 'yes', 'no')),
|
array('GD 2 is available', 'GD2Available', 'Whether you have GD 2 or newer installed', array('auto', 'yes', 'no')),
|
||||||
),
|
),
|
||||||
@@ -931,7 +917,6 @@ function show_relation_form($defaults = array()) {
|
|||||||
<?php echo get_hidden_inputs();?>
|
<?php echo get_hidden_inputs();?>
|
||||||
<input type="hidden" name="action" value="feat_relation_real" />
|
<input type="hidden" name="action" value="feat_relation_real" />
|
||||||
<?php
|
<?php
|
||||||
echo get_hidden_cfg();
|
|
||||||
show_config_form(array(
|
show_config_form(array(
|
||||||
array('Permanent query history', 'QueryHistoryDB', 'Store history into database.', FALSE),
|
array('Permanent query history', 'QueryHistoryDB', 'Store history into database.', FALSE),
|
||||||
array('Maximal history size', 'QueryHistoryMax', 'How many queries are kept in history.'),
|
array('Maximal history size', 'QueryHistoryMax', 'How many queries are kept in history.'),
|
||||||
@@ -959,7 +944,6 @@ function show_upload_form($defaults = array()) {
|
|||||||
<?php echo get_hidden_inputs();?>
|
<?php echo get_hidden_inputs();?>
|
||||||
<input type="hidden" name="action" value="feat_upload_real" />
|
<input type="hidden" name="action" value="feat_upload_real" />
|
||||||
<?php
|
<?php
|
||||||
echo get_hidden_cfg();
|
|
||||||
show_config_form(array(
|
show_config_form(array(
|
||||||
array('Upload directory', 'UploadDir', 'Directory on server where you can upload files for import'),
|
array('Upload directory', 'UploadDir', 'Directory on server where you can upload files for import'),
|
||||||
array('Save directory', 'SaveDir', 'Directory where exports can be saved on server'),
|
array('Save directory', 'SaveDir', 'Directory where exports can be saved on server'),
|
||||||
@@ -985,14 +969,21 @@ function show_server_form($defaults = array(), $number = FALSE) {
|
|||||||
<?php echo get_hidden_inputs();?>
|
<?php echo get_hidden_inputs();?>
|
||||||
<input type="hidden" name="action" value="addserver_real" />
|
<input type="hidden" name="action" value="addserver_real" />
|
||||||
<?php
|
<?php
|
||||||
echo get_hidden_cfg();
|
|
||||||
if (!($number === FALSE)) {
|
if (!($number === FALSE)) {
|
||||||
echo '<input type="hidden" name="server" value="' . $number . '" />';
|
echo '<input type="hidden" name="server" value="' . $number . '" />';
|
||||||
}
|
}
|
||||||
$hi = array ('bookmarktable', 'relation', 'table_info', 'table_coords', 'pdf_pages', 'column_info', 'designer_coords', 'history', 'AllowDeny');
|
$hi = array ('bookmarktable', 'relation', 'table_info', 'table_coords', 'pdf_pages', 'column_info', 'designer_coords', 'history');
|
||||||
foreach ($hi as $k) {
|
foreach ($hi as $k) {
|
||||||
if (isset($defaults[$k]) && (!is_string($defaults[$k]) || strlen($defaults[$k]) > 0)) {
|
if (isset($defaults[$k]) && is_string($defaults[$k]) && strlen($defaults[$k]) > 0) {
|
||||||
echo '<input type="hidden" name="' . $k . '" value="' . htmlspecialchars(serialize($defaults[$k])) . '" />';
|
echo '<input type="hidden" name="' . $k . '" value="' . htmlspecialchars($defaults[$k]) . '" />';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (isset($defaults['AllowDeny'])) {
|
||||||
|
if (isset($defaults['AllowDeny']['order']) && is_string($defaults['AllowDeny']['order']) && strlen($defaults['AllowDeny']['order']) > 0) {
|
||||||
|
echo '<input type="hidden" name="AllowDeny_rules" value="' . htmlspecialchars($defaults['AllowDeny']['order']) . '" />';
|
||||||
|
}
|
||||||
|
if (isset($defaults['AllowDeny']['rules']) && is_array($defaults['AllowDeny']['rules']) && count($defaults['AllowDeny']['rules']) > 0) {
|
||||||
|
echo '<input type="hidden" name="AllowDeny_rules" value="' . htmlspecialchars(implode('|', $defaults['AllowDeny']['rules'])) . '" />';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
show_config_form(array(
|
show_config_form(array(
|
||||||
@@ -1035,7 +1026,6 @@ function show_left_form($defaults = array()) {
|
|||||||
<?php echo get_hidden_inputs();?>
|
<?php echo get_hidden_inputs();?>
|
||||||
<input type="hidden" name="action" value="lay_navigation_real" />
|
<input type="hidden" name="action" value="lay_navigation_real" />
|
||||||
<?php
|
<?php
|
||||||
echo get_hidden_cfg();
|
|
||||||
show_config_form(array(
|
show_config_form(array(
|
||||||
array('Use light version', 'LeftFrameLight', 'Disable this if you want to see all databases at one time.', TRUE),
|
array('Use light version', 'LeftFrameLight', 'Disable this if you want to see all databases at one time.', TRUE),
|
||||||
array('Display databases in tree', 'LeftFrameDBTree', 'Whether to display databases in tree (determined by separator defined lower)', TRUE),
|
array('Display databases in tree', 'LeftFrameDBTree', 'Whether to display databases in tree (determined by separator defined lower)', TRUE),
|
||||||
@@ -1069,7 +1059,6 @@ function show_tabs_form($defaults = array()) {
|
|||||||
<?php echo get_hidden_inputs();?>
|
<?php echo get_hidden_inputs();?>
|
||||||
<input type="hidden" name="action" value="lay_tabs_real" />
|
<input type="hidden" name="action" value="lay_tabs_real" />
|
||||||
<?php
|
<?php
|
||||||
echo get_hidden_cfg();
|
|
||||||
show_config_form(array(
|
show_config_form(array(
|
||||||
array('Default tab for server', 'DefaultTabServer', 'Tab that is displayed when entering server', array('main.php', 'server_databases.php', 'server_status.php', 'server_variables.php', 'server_privileges.php', 'server_processlist.php')),
|
array('Default tab for server', 'DefaultTabServer', 'Tab that is displayed when entering server', array('main.php', 'server_databases.php', 'server_status.php', 'server_variables.php', 'server_privileges.php', 'server_processlist.php')),
|
||||||
array('Default tab for database', 'DefaultTabDatabase', 'Tab that is displayed when entering database', array('db_structure.php', 'db_sql.php', 'db_search.php', 'db_operations.php')),
|
array('Default tab for database', 'DefaultTabDatabase', 'Tab that is displayed when entering database', array('db_structure.php', 'db_sql.php', 'db_search.php', 'db_operations.php')),
|
||||||
@@ -1097,7 +1086,6 @@ function show_icons_form($defaults = array()) {
|
|||||||
<?php echo get_hidden_inputs();?>
|
<?php echo get_hidden_inputs();?>
|
||||||
<input type="hidden" name="action" value="lay_icons_real" />
|
<input type="hidden" name="action" value="lay_icons_real" />
|
||||||
<?php
|
<?php
|
||||||
echo get_hidden_cfg();
|
|
||||||
show_config_form(array(
|
show_config_form(array(
|
||||||
array('Icons on errors', 'ErrorIconic', 'Whether to use icons in error messages.', TRUE),
|
array('Icons on errors', 'ErrorIconic', 'Whether to use icons in error messages.', TRUE),
|
||||||
array('Icons on main page', 'MainPageIconic', 'Whether to use icons on main page.', TRUE),
|
array('Icons on main page', 'MainPageIconic', 'Whether to use icons on main page.', TRUE),
|
||||||
@@ -1126,7 +1114,6 @@ function show_browse_form($defaults = array()) {
|
|||||||
<?php echo get_hidden_inputs();?>
|
<?php echo get_hidden_inputs();?>
|
||||||
<input type="hidden" name="action" value="lay_browse_real" />
|
<input type="hidden" name="action" value="lay_browse_real" />
|
||||||
<?php
|
<?php
|
||||||
echo get_hidden_cfg();
|
|
||||||
show_config_form(array(
|
show_config_form(array(
|
||||||
array('Display of values', 'DefaultDisplay', 'How to list values while browsing', array('horizontal', 'vertical', 'horizontalflipped')),
|
array('Display of values', 'DefaultDisplay', 'How to list values while browsing', array('horizontal', 'vertical', 'horizontalflipped')),
|
||||||
array('Hightlight pointer', 'BrowsePointerEnable', 'Whether to highlight row under mouse.', TRUE),
|
array('Hightlight pointer', 'BrowsePointerEnable', 'Whether to highlight row under mouse.', TRUE),
|
||||||
@@ -1156,7 +1143,6 @@ function show_edit_form($defaults = array()) {
|
|||||||
<?php echo get_hidden_inputs();?>
|
<?php echo get_hidden_inputs();?>
|
||||||
<input type="hidden" name="action" value="lay_edit_real" />
|
<input type="hidden" name="action" value="lay_edit_real" />
|
||||||
<?php
|
<?php
|
||||||
echo get_hidden_cfg();
|
|
||||||
show_config_form(array(
|
show_config_form(array(
|
||||||
array('Display of properties while editing', 'DefaultPropDisplay', 'How to list properties (table structure or values) while editing', array('horizontal', 'vertical')),
|
array('Display of properties while editing', 'DefaultPropDisplay', 'How to list properties (table structure or values) while editing', array('horizontal', 'vertical')),
|
||||||
array('Number of inserted rows', 'InsertRows', 'How many rows can be inserted at once'),
|
array('Number of inserted rows', 'InsertRows', 'How many rows can be inserted at once'),
|
||||||
@@ -1190,7 +1176,6 @@ function show_window_form($defaults = array()) {
|
|||||||
<?php echo get_hidden_inputs();?>
|
<?php echo get_hidden_inputs();?>
|
||||||
<input type="hidden" name="action" value="lay_window_real" />
|
<input type="hidden" name="action" value="lay_window_real" />
|
||||||
<?php
|
<?php
|
||||||
echo get_hidden_cfg();
|
|
||||||
show_config_form(array(
|
show_config_form(array(
|
||||||
array('Edit SQL in window', 'EditInWindow', 'Whether edit links will edit in query window.', TRUE),
|
array('Edit SQL in window', 'EditInWindow', 'Whether edit links will edit in query window.', TRUE),
|
||||||
array('Query window height', 'QueryWindowHeight', 'Height of query window'),
|
array('Query window height', 'QueryWindowHeight', 'Height of query window'),
|
||||||
@@ -1284,12 +1269,12 @@ switch ($action) {
|
|||||||
header('Content-Type: text/plain');
|
header('Content-Type: text/plain');
|
||||||
header('Content-Disposition: attachment; filename="config.inc.php"');
|
header('Content-Disposition: attachment; filename="config.inc.php"');
|
||||||
|
|
||||||
echo get_cfg_string($configuration);
|
echo get_cfg_string($_SESSION['configuration']);
|
||||||
exit;
|
exit;
|
||||||
break;
|
break;
|
||||||
case 'display':
|
case 'display':
|
||||||
echo '<form method="none" action=""><textarea name="config" cols="50" rows="20" id="textconfig" wrap="off">' . "\n";
|
echo '<form method="none" action=""><textarea name="config" cols="50" rows="20" id="textconfig" wrap="off">' . "\n";
|
||||||
echo htmlspecialchars(get_cfg_string($configuration));
|
echo htmlspecialchars(get_cfg_string($_SESSION['configuration']));
|
||||||
echo '</textarea></form>' . "\n";
|
echo '</textarea></form>' . "\n";
|
||||||
?>
|
?>
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
@@ -1320,7 +1305,7 @@ switch ($action) {
|
|||||||
message('error', 'Could not open config file for writing! Bad permissions?');
|
message('error', 'Could not open config file for writing! Bad permissions?');
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
$s = get_cfg_string($configuration);
|
$s = get_cfg_string($_SESSION['configuration']);
|
||||||
$r = fwrite($config, $s);
|
$r = fwrite($config, $s);
|
||||||
if (!$r || $r != strlen($s)) {
|
if (!$r || $r != strlen($s)) {
|
||||||
message('error', 'Could not write to config file! Not enough space?');
|
message('error', 'Could not write to config file! Not enough space?');
|
||||||
@@ -1338,14 +1323,14 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
$new_cfg = load_config('./config/config.inc.php');
|
$new_cfg = load_config('./config/config.inc.php');
|
||||||
if (!($new_cfg === FALSE)) {
|
if (!($new_cfg === FALSE)) {
|
||||||
$configuration = $new_cfg;
|
$_SESSION['configuration'] = $new_cfg;
|
||||||
}
|
}
|
||||||
$show_info = TRUE;
|
$show_info = TRUE;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'addserver_real':
|
case 'addserver_real':
|
||||||
if (isset($_POST['submit_save'])) {
|
if (isset($_POST['submit_save'])) {
|
||||||
$new_server = grab_values('host;extension;port;socket;connect_type;compress:bool;controluser;controlpass;auth_type;user;password;only_db;verbose;pmadb;bookmarktable:serialized;relation:serialized;table_info:serialized;table_coords:serialized;pdf_pages:serialized;column_info:serialized;designer_coords:serialized;history:serialized;AllowDeny:serialized;SignonSession;SignonURL;LogoutURL');
|
$new_server = grab_values('host;extension;port;socket;connect_type;compress:bool;controluser;controlpass;auth_type;user;password;only_db;verbose;pmadb;bookmarktable;relation;table_info;table_coords;pdf_pages;column_info;designer_coords;history;AllowDeny:allow-deny;SignonSession;SignonURL;LogoutURL');
|
||||||
$err = FALSE;
|
$err = FALSE;
|
||||||
if (empty($new_server['host'])) {
|
if (empty($new_server['host'])) {
|
||||||
message('error', 'Empty hostname!');
|
message('error', 'Empty hostname!');
|
||||||
@@ -1423,16 +1408,16 @@ switch ($action) {
|
|||||||
show_server_form($new_server, isset($_POST['server']) ? $_POST['server'] : FALSE);
|
show_server_form($new_server, isset($_POST['server']) ? $_POST['server'] : FALSE);
|
||||||
} else {
|
} else {
|
||||||
if (isset($_POST['server'])) {
|
if (isset($_POST['server'])) {
|
||||||
$configuration['Servers'][$_POST['server']] = $new_server;
|
$_SESSION['configuration']['Servers'][$_POST['server']] = $new_server;
|
||||||
message('notice', 'Changed server ' . get_server_name($new_server, $_POST['server']));
|
message('notice', 'Changed server ' . get_server_name($new_server, $_POST['server']));
|
||||||
} else {
|
} else {
|
||||||
$configuration['Servers'][] = $new_server;
|
$_SESSION['configuration']['Servers'][] = $new_server;
|
||||||
message('notice', 'New server added');
|
message('notice', 'New server added');
|
||||||
}
|
}
|
||||||
$show_info = TRUE;
|
$show_info = TRUE;
|
||||||
if ($new_server['auth_type'] == 'cookie' && empty($configuration['blowfish_secret'])) {
|
if ($new_server['auth_type'] == 'cookie' && empty($_SESSION['configuration']['blowfish_secret'])) {
|
||||||
message('notice', 'You did not have configured blowfish secret and you want to use cookie authentication so I generated blowfish secret for you. It is used to encrypt cookies.', 'Blowfish secret generated');
|
message('notice', 'You did not have configured blowfish secret and you want to use cookie authentication so I generated blowfish secret for you. It is used to encrypt cookies.', 'Blowfish secret generated');
|
||||||
$configuration['blowfish_secret'] = uniqid('', TRUE);
|
$_SESSION['configuration']['blowfish_secret'] = uniqid('', TRUE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
unset($new_server);
|
unset($new_server);
|
||||||
@@ -1441,7 +1426,7 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'addserver':
|
case 'addserver':
|
||||||
if (count($configuration['Servers']) == 0) {
|
if (count($_SESSION['configuration']['Servers']) == 0) {
|
||||||
// First server will use defaults as in config.default.php
|
// First server will use defaults as in config.default.php
|
||||||
$defaults = $PMA_Config_Setup->default_server;
|
$defaults = $PMA_Config_Setup->default_server;
|
||||||
unset($defaults['AllowDeny']); // Ignore this for now
|
unset($defaults['AllowDeny']); // Ignore this for now
|
||||||
@@ -1474,22 +1459,22 @@ switch ($action) {
|
|||||||
if (!isset($_POST['server'])) {
|
if (!isset($_POST['server'])) {
|
||||||
footer();
|
footer();
|
||||||
}
|
}
|
||||||
show_server_form($configuration['Servers'][$_POST['server']], $_POST['server']);
|
show_server_form($_SESSION['configuration']['Servers'][$_POST['server']], $_POST['server']);
|
||||||
break;
|
break;
|
||||||
case 'deleteserver':
|
case 'deleteserver':
|
||||||
if (!isset($_POST['server'])) {
|
if (!isset($_POST['server'])) {
|
||||||
footer();
|
footer();
|
||||||
}
|
}
|
||||||
message('notice', 'Deleted server ' . get_server_name($configuration['Servers'][$_POST['server']], $_POST['server']));
|
message('notice', 'Deleted server ' . get_server_name($_SESSION['configuration']['Servers'][$_POST['server']], $_POST['server']));
|
||||||
unset($configuration['Servers'][$_POST['server']]);
|
unset($_SESSION['configuration']['Servers'][$_POST['server']]);
|
||||||
compress_servers($configuration);
|
compress_servers($_SESSION['configuration']);
|
||||||
$show_info = TRUE;
|
$show_info = TRUE;
|
||||||
break;
|
break;
|
||||||
case 'servers':
|
case 'servers':
|
||||||
if (count($configuration['Servers']) == 0) {
|
if (count($_SESSION['configuration']['Servers']) == 0) {
|
||||||
message('notice', 'No servers defined, so none can be shown');
|
message('notice', 'No servers defined, so none can be shown');
|
||||||
} else {
|
} else {
|
||||||
foreach ($configuration['Servers'] as $i => $srv) {
|
foreach ($_SESSION['configuration']['Servers'] as $i => $srv) {
|
||||||
$data = array();
|
$data = array();
|
||||||
if (!empty($srv['verbose'])) {
|
if (!empty($srv['verbose'])) {
|
||||||
$data[] = array('Verbose name', $srv['verbose']);
|
$data[] = array('Verbose name', $srv['verbose']);
|
||||||
@@ -1521,7 +1506,7 @@ switch ($action) {
|
|||||||
if ($err) {
|
if ($err) {
|
||||||
show_upload_form($dirs);
|
show_upload_form($dirs);
|
||||||
} else {
|
} else {
|
||||||
$configuration = array_merge($configuration, $dirs);
|
$_SESSION['configuration'] = array_merge($_SESSION['configuration'], $dirs);
|
||||||
message('notice', 'Configuration changed');
|
message('notice', 'Configuration changed');
|
||||||
$show_info = TRUE;
|
$show_info = TRUE;
|
||||||
}
|
}
|
||||||
@@ -1530,7 +1515,7 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'feat_upload':
|
case 'feat_upload':
|
||||||
show_upload_form($configuration);
|
show_upload_form($_SESSION['configuration']);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'feat_security_real':
|
case 'feat_security_real':
|
||||||
@@ -1550,7 +1535,7 @@ switch ($action) {
|
|||||||
if ($err) {
|
if ($err) {
|
||||||
show_security_form($vals);
|
show_security_form($vals);
|
||||||
} else {
|
} else {
|
||||||
$configuration = array_merge($configuration, $vals);
|
$_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
|
||||||
message('notice', 'Configuration changed');
|
message('notice', 'Configuration changed');
|
||||||
$show_info = TRUE;
|
$show_info = TRUE;
|
||||||
}
|
}
|
||||||
@@ -1559,7 +1544,7 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'feat_security':
|
case 'feat_security':
|
||||||
show_security_form($configuration);
|
show_security_form($_SESSION['configuration']);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'feat_manual_real':
|
case 'feat_manual_real':
|
||||||
@@ -1573,7 +1558,7 @@ switch ($action) {
|
|||||||
if ($err) {
|
if ($err) {
|
||||||
show_manual_form($vals);
|
show_manual_form($vals);
|
||||||
} else {
|
} else {
|
||||||
$configuration = array_merge($configuration, $vals);
|
$_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
|
||||||
message('notice', 'Configuration changed');
|
message('notice', 'Configuration changed');
|
||||||
$show_info = TRUE;
|
$show_info = TRUE;
|
||||||
}
|
}
|
||||||
@@ -1582,7 +1567,7 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'feat_manual':
|
case 'feat_manual':
|
||||||
show_manual_form($configuration);
|
show_manual_form($_SESSION['configuration']);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'feat_charset_real':
|
case 'feat_charset_real':
|
||||||
@@ -1592,7 +1577,7 @@ switch ($action) {
|
|||||||
if ($err) {
|
if ($err) {
|
||||||
show_charset_form($vals);
|
show_charset_form($vals);
|
||||||
} else {
|
} else {
|
||||||
$configuration = array_merge($configuration, $vals);
|
$_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
|
||||||
message('notice', 'Configuration changed');
|
message('notice', 'Configuration changed');
|
||||||
$show_info = TRUE;
|
$show_info = TRUE;
|
||||||
}
|
}
|
||||||
@@ -1601,7 +1586,7 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'feat_charset':
|
case 'feat_charset':
|
||||||
$d = $configuration;
|
$d = $_SESSION['configuration'];
|
||||||
if (!isset($d['RecodingEngine'])) {
|
if (!isset($d['RecodingEngine'])) {
|
||||||
if (@extension_loaded('iconv')) {
|
if (@extension_loaded('iconv')) {
|
||||||
$d['RecodingEngine'] = 'iconv';
|
$d['RecodingEngine'] = 'iconv';
|
||||||
@@ -1635,7 +1620,7 @@ switch ($action) {
|
|||||||
if ($err) {
|
if ($err) {
|
||||||
show_extensions_form($vals);
|
show_extensions_form($vals);
|
||||||
} else {
|
} else {
|
||||||
$configuration = array_merge($configuration, $vals);
|
$_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
|
||||||
message('notice', 'Configuration changed');
|
message('notice', 'Configuration changed');
|
||||||
$show_info = TRUE;
|
$show_info = TRUE;
|
||||||
}
|
}
|
||||||
@@ -1644,7 +1629,7 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'feat_extensions':
|
case 'feat_extensions':
|
||||||
$d = $configuration;
|
$d = $_SESSION['configuration'];
|
||||||
if (!@extension_loaded('mbstring')) {
|
if (!@extension_loaded('mbstring')) {
|
||||||
PMA_dl('mbstring');
|
PMA_dl('mbstring');
|
||||||
}
|
}
|
||||||
@@ -1675,7 +1660,7 @@ switch ($action) {
|
|||||||
if ($err) {
|
if ($err) {
|
||||||
show_relation_form($vals);
|
show_relation_form($vals);
|
||||||
} else {
|
} else {
|
||||||
$configuration = array_merge($configuration, $vals);
|
$_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
|
||||||
message('notice', 'Configuration changed');
|
message('notice', 'Configuration changed');
|
||||||
$show_info = TRUE;
|
$show_info = TRUE;
|
||||||
}
|
}
|
||||||
@@ -1684,7 +1669,7 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'feat_relation':
|
case 'feat_relation':
|
||||||
show_relation_form($configuration);
|
show_relation_form($_SESSION['configuration']);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'lay_navigation_real':
|
case 'lay_navigation_real':
|
||||||
@@ -1705,7 +1690,7 @@ switch ($action) {
|
|||||||
if ($err) {
|
if ($err) {
|
||||||
show_left_form($vals);
|
show_left_form($vals);
|
||||||
} else {
|
} else {
|
||||||
$configuration = array_merge($configuration, $vals);
|
$_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
|
||||||
message('notice', 'Configuration changed');
|
message('notice', 'Configuration changed');
|
||||||
$show_info = TRUE;
|
$show_info = TRUE;
|
||||||
}
|
}
|
||||||
@@ -1714,7 +1699,7 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'lay_navigation':
|
case 'lay_navigation':
|
||||||
show_left_form($configuration);
|
show_left_form($_SESSION['configuration']);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'lay_tabs_real':
|
case 'lay_tabs_real':
|
||||||
@@ -1724,7 +1709,7 @@ switch ($action) {
|
|||||||
if ($err) {
|
if ($err) {
|
||||||
show_tabs_form($vals);
|
show_tabs_form($vals);
|
||||||
} else {
|
} else {
|
||||||
$configuration = array_merge($configuration, $vals);
|
$_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
|
||||||
message('notice', 'Configuration changed');
|
message('notice', 'Configuration changed');
|
||||||
$show_info = TRUE;
|
$show_info = TRUE;
|
||||||
}
|
}
|
||||||
@@ -1733,7 +1718,7 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'lay_tabs':
|
case 'lay_tabs':
|
||||||
show_tabs_form($configuration);
|
show_tabs_form($_SESSION['configuration']);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'lay_icons_real':
|
case 'lay_icons_real':
|
||||||
@@ -1743,7 +1728,7 @@ switch ($action) {
|
|||||||
if ($err) {
|
if ($err) {
|
||||||
show_icons_form($vals);
|
show_icons_form($vals);
|
||||||
} else {
|
} else {
|
||||||
$configuration = array_merge($configuration, $vals);
|
$_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
|
||||||
message('notice', 'Configuration changed');
|
message('notice', 'Configuration changed');
|
||||||
$show_info = TRUE;
|
$show_info = TRUE;
|
||||||
}
|
}
|
||||||
@@ -1752,7 +1737,7 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'lay_icons':
|
case 'lay_icons':
|
||||||
show_icons_form($configuration);
|
show_icons_form($_SESSION['configuration']);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'lay_browse_real':
|
case 'lay_browse_real':
|
||||||
@@ -1770,7 +1755,7 @@ switch ($action) {
|
|||||||
if ($err) {
|
if ($err) {
|
||||||
show_browse_form($vals);
|
show_browse_form($vals);
|
||||||
} else {
|
} else {
|
||||||
$configuration = array_merge($configuration, $vals);
|
$_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
|
||||||
message('notice', 'Configuration changed');
|
message('notice', 'Configuration changed');
|
||||||
$show_info = TRUE;
|
$show_info = TRUE;
|
||||||
}
|
}
|
||||||
@@ -1779,7 +1764,7 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'lay_browse':
|
case 'lay_browse':
|
||||||
show_browse_form($configuration);
|
show_browse_form($_SESSION['configuration']);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'lay_edit_real':
|
case 'lay_edit_real':
|
||||||
@@ -1809,7 +1794,7 @@ switch ($action) {
|
|||||||
if ($err) {
|
if ($err) {
|
||||||
show_edit_form($vals);
|
show_edit_form($vals);
|
||||||
} else {
|
} else {
|
||||||
$configuration = array_merge($configuration, $vals);
|
$_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
|
||||||
message('notice', 'Configuration changed');
|
message('notice', 'Configuration changed');
|
||||||
$show_info = TRUE;
|
$show_info = TRUE;
|
||||||
}
|
}
|
||||||
@@ -1818,7 +1803,7 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'lay_edit':
|
case 'lay_edit':
|
||||||
show_edit_form($configuration);
|
show_edit_form($_SESSION['configuration']);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'lay_window_real':
|
case 'lay_window_real':
|
||||||
@@ -1836,7 +1821,7 @@ switch ($action) {
|
|||||||
if ($err) {
|
if ($err) {
|
||||||
show_window_form($vals);
|
show_window_form($vals);
|
||||||
} else {
|
} else {
|
||||||
$configuration = array_merge($configuration, $vals);
|
$_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
|
||||||
message('notice', 'Configuration changed');
|
message('notice', 'Configuration changed');
|
||||||
$show_info = TRUE;
|
$show_info = TRUE;
|
||||||
}
|
}
|
||||||
@@ -1845,7 +1830,7 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'lay_window':
|
case 'lay_window':
|
||||||
show_window_form($configuration);
|
show_window_form($_SESSION['configuration']);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
/* Template for new actions:
|
/* Template for new actions:
|
||||||
@@ -1860,7 +1845,7 @@ switch ($action) {
|
|||||||
if ($err) {
|
if ($err) {
|
||||||
show_blah_form($vals);
|
show_blah_form($vals);
|
||||||
} else {
|
} else {
|
||||||
$configuration = array_merge($configuration, $vals);
|
$_SESSION['configuration'] = array_merge($_SESSION['configuration'], $vals);
|
||||||
message('notice', 'Configuration changed');
|
message('notice', 'Configuration changed');
|
||||||
$show_info = TRUE;
|
$show_info = TRUE;
|
||||||
}
|
}
|
||||||
@@ -1869,7 +1854,7 @@ switch ($action) {
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'blah':
|
case 'blah':
|
||||||
show_blah_form($configuration);
|
show_blah_form($_SESSION['configuration']);
|
||||||
break;
|
break;
|
||||||
*/
|
*/
|
||||||
case 'versioncheck': // Check for latest available version
|
case 'versioncheck': // Check for latest available version
|
||||||
@@ -1931,7 +1916,7 @@ switch ($action) {
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case 'seteol':
|
case 'seteol':
|
||||||
$eoltype = $_POST['neweol'];
|
$_SESSION['eoltype'] = $_POST['neweol'];
|
||||||
message('notice', 'End of line format changed.');
|
message('notice', 'End of line format changed.');
|
||||||
case 'clear': // Actual clearing is done on beginning of this script
|
case 'clear': // Actual clearing is done on beginning of this script
|
||||||
case 'main':
|
case 'main':
|
||||||
@@ -1967,14 +1952,14 @@ switch ($action) {
|
|||||||
if ($show_info) {
|
if ($show_info) {
|
||||||
$servers = 'none';
|
$servers = 'none';
|
||||||
$servers_text = 'Servers';
|
$servers_text = 'Servers';
|
||||||
if (count($configuration['Servers']) == 0) {
|
if (count($_SESSION['configuration']['Servers']) == 0) {
|
||||||
message('warning', 'No servers defined, you probably want to add one.');
|
message('warning', 'No servers defined, you probably want to add one.');
|
||||||
} else {
|
} else {
|
||||||
$servers = '';
|
$servers = '';
|
||||||
$servers_text = 'Servers (' . count($configuration['Servers']) . ')';
|
$servers_text = 'Servers (' . count($_SESSION['configuration']['Servers']) . ')';
|
||||||
|
|
||||||
$sep = '';
|
$sep = '';
|
||||||
foreach ($configuration['Servers'] as $key => $val) {
|
foreach ($_SESSION['configuration']['Servers'] as $key => $val) {
|
||||||
$servers .= $sep;
|
$servers .= $sep;
|
||||||
$sep = ', ';
|
$sep = ', ';
|
||||||
$servers .= get_server_name($val, $key);
|
$servers .= get_server_name($val, $key);
|
||||||
@@ -1984,9 +1969,9 @@ if ($show_info) {
|
|||||||
show_overview('Current configuration overview',
|
show_overview('Current configuration overview',
|
||||||
array(
|
array(
|
||||||
array($servers_text, $servers),
|
array($servers_text, $servers),
|
||||||
array('SQL files upload', empty($configuration['UploadDir']) ? 'disabled' : 'enabled'),
|
array('SQL files upload', empty($_SESSION['configuration']['UploadDir']) ? 'disabled' : 'enabled'),
|
||||||
array('Exported files on server', empty($configuration['SaveDir']) ? 'disabled' : 'enabled'),
|
array('Exported files on server', empty($_SESSION['configuration']['SaveDir']) ? 'disabled' : 'enabled'),
|
||||||
array('Charset conversion', isset($configuration['AllowAnywhereRecoding']) && $configuration['AllowAnywhereRecoding'] ? 'enabled' : 'disabled'),
|
array('Charset conversion', isset($_SESSION['configuration']['AllowAnywhereRecoding']) && $_SESSION['configuration']['AllowAnywhereRecoding'] ? 'enabled' : 'disabled'),
|
||||||
));
|
));
|
||||||
unset($servers_text, $servers);
|
unset($servers_text, $servers);
|
||||||
}
|
}
|
||||||
@@ -1996,7 +1981,7 @@ echo '<p>Available global actions (please note that these will delete any change
|
|||||||
|
|
||||||
echo '<fieldset class="toolbar"><legend>Servers</legend>' . "\n";
|
echo '<fieldset class="toolbar"><legend>Servers</legend>' . "\n";
|
||||||
echo get_action('addserver', 'Add');
|
echo get_action('addserver', 'Add');
|
||||||
$servers = get_server_selection($configuration);
|
$servers = get_server_selection($_SESSION['configuration']);
|
||||||
if (!empty($servers)) {
|
if (!empty($servers)) {
|
||||||
echo get_action('servers', 'List');
|
echo get_action('servers', 'List');
|
||||||
echo get_action('deleteserver', 'Delete', $servers);
|
echo get_action('deleteserver', 'Delete', $servers);
|
||||||
@@ -2031,9 +2016,9 @@ echo get_action('load', 'Load', '', !$fail_dir);
|
|||||||
echo get_action('clear', 'Clear');
|
echo get_action('clear', 'Clear');
|
||||||
echo get_action('seteol', 'Change end of line',
|
echo get_action('seteol', 'Change end of line',
|
||||||
'<select name="neweol">' .
|
'<select name="neweol">' .
|
||||||
'<option value="unix" ' . ($eoltype == 'unix' ? ' selected="selected"' : '') . '>UNIX/Linux (\\n)</option>' .
|
'<option value="unix" ' . ($_SESSION['eoltype'] == 'unix' ? ' selected="selected"' : '') . '>UNIX/Linux (\\n)</option>' .
|
||||||
'<option value="dos" ' . ($eoltype == 'dos' ? ' selected="selected"' : '') . '>DOS/Windows (\\r\\n)</option>' .
|
'<option value="dos" ' . ($_SESSION['eoltype'] == 'dos' ? ' selected="selected"' : '') . '>DOS/Windows (\\r\\n)</option>' .
|
||||||
'<option value="mac" ' . ($eoltype == 'mac' ? ' selected="selected"' : '') . '>Macintosh (\\r)</option>' . '
|
'<option value="mac" ' . ($_SESSION['eoltype'] == 'mac' ? ' selected="selected"' : '') . '>Macintosh (\\r)</option>' . '
|
||||||
</select>');
|
</select>');
|
||||||
echo '</fieldset>' . "\n\n";
|
echo '</fieldset>' . "\n\n";
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user