nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[core] Remove config data from session as it brings chicken-egg problem.

Browse Source 
Configuration data stores PmaAbsoluteUri, which should be accessible
before initiating session. Otherwise there is no way to make
PmaAbsoluteUri work. PmaAbsoluteUri is needed at least for reverse
proxy setups, for example http webserver running behind https proxy.
This commit is contained in:
Michal Čihař
2010-01-21 11:18:18 +00:00
parent f7dda75cd7
commit 94c2f864ae
34 changed files with 223 additions and 222 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -14,6 +14,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
+ rfe #2838080 [interface] Show warning when javascript is disabled.
+ rfe #2823707 [edit] Call UUID function separately to show it in insert.
+ rfe #2420684 [export] Allow export of timestamps in UTC.
+ [core] Remove config data from session as it brings chicken-egg problem.
3.3.0.0 (not yet released)
+ rfe #2308632 [edit] Use hex for (var)binary fields,

2
browse_foreigners.php
View File

@@ -95,7 +95,7 @@ if (is_array($foreignData['disp_row'])) {
<title>phpMyAdmin</title>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $charset; ?>" />
<link rel="stylesheet" type="text/css"
href="phpmyadmin.css.php?<?php echo PMA_generate_common_url('', ''); ?>&amp;js_frame=right&amp;nocache=<?php echo $_SESSION['PMA_Config']->getThemeUniqueValue(); ?>" />
href="phpmyadmin.css.php?<?php echo PMA_generate_common_url('', ''); ?>&amp;js_frame=right&amp;nocache=<?php echo $GLOBALS['PMA_Config']->getThemeUniqueValue(); ?>" />
<script src="./js/functions.js" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[

2
bs_change_mime_type.php
View File

@@ -35,7 +35,7 @@
if ($bsDB && $bsTable && $bsReference && $bsNewMIMEType)
{
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// if PMA configuration exists
if (!empty($PMA_Config))

2
bs_disp_as_mime_type.php
View File

@@ -12,7 +12,7 @@
require_once './libraries/common.inc.php';
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// retrieve BS server variables from PMA configuration
$bs_server = $PMA_Config->get('BLOBSTREAMING_SERVER');

2
bs_play_media.php
View File

@@ -30,7 +30,7 @@
if (isset($mediaType) && isset($bsReference))
{
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// if PMA configuration exists
if (!empty($PMA_Config))

8
db_operations.php
View File

@@ -248,10 +248,10 @@ if (strlen($db) && (! empty($db_rename) || ! empty($db_copy))) {
$db = $newname;
} elseif (! $_error) {
if (isset($switch_to_new) && $switch_to_new == 'true') {
PMA_setCookie('pma_switch_to_new', 'true');
$GLOBALS['PMA_Config']->setCookie('pma_switch_to_new', 'true');
$db = $newname;
} else {
PMA_setCookie('pma_switch_to_new', '');
$GLOBALS['PMA_Config']->setCookie('pma_switch_to_new', '');
}
}
@@ -267,7 +267,7 @@ if (strlen($db) && (! empty($db_rename) || ! empty($db_copy))) {
if (strlen($db) > 0 && !empty($db_blob_streaming_op))
{
// load PMA_Config
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
if (!empty($PMA_Config))
{
@@ -502,7 +502,7 @@ if (!$is_information_schema) {
*/
// load PMA_Config
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// if all blobstreaming plugins exist, begin checking for blobstreaming tables
if (!empty($PMA_Config))

2
db_structure.php
View File

@@ -153,7 +153,7 @@ $odd_row = true;
$sum_row_count_pre = '';
// added by rajk - for blobstreaming
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
if (!empty($PMA_Config))
$session_bs_tables = $PMA_Config->get('BLOBSTREAMING_TABLES'); // list of blobstreaming tables

6
export.php
View File

@@ -246,17 +246,17 @@ if ($asfile) {
$pma_uri_parts = parse_url($cfg['PmaAbsoluteUri']);
if ($export_type == 'server') {
if (isset($remember_template)) {
PMA_setCookie('pma_server_filename_template', $filename_template);
$GLOBALS['PMA_Config']->setCookie('pma_server_filename_template', $filename_template);
}
$filename = str_replace('__SERVER__', $GLOBALS['cfg']['Server']['host'], strftime($filename_template));
} elseif ($export_type == 'database') {
if (isset($remember_template)) {
PMA_setCookie('pma_db_filename_template', $filename_template);
$GLOBALS['PMA_Config']->setCookie('pma_db_filename_template', $filename_template);
}
$filename = str_replace('__DB__', $db, str_replace('__SERVER__', $GLOBALS['cfg']['Server']['host'], strftime($filename_template)));
} else {
if (isset($remember_template)) {
PMA_setCookie('pma_table_filename_template', $filename_template);
$GLOBALS['PMA_Config']->setCookie('pma_table_filename_template', $filename_template);
}
$filename = str_replace('__TABLE__', $table, str_replace('__DB__', $db, str_replace('__SERVER__', $GLOBALS['cfg']['Server']['host'], strftime($filename_template))));
}

87
libraries/Config.class.php
View File

@@ -554,7 +554,7 @@ class PMA_Config
*/
function getThemeUniqueValue()
{
return intval((null !== $_SESSION['PMA_Config']->get('fontsize') ? $_SESSION['PMA_Config']->get('fontsize') : (isset($_COOKIE['pma_fontsize']) ? $_COOKIE['pma_fontsize'] : 0))) + ($this->source_mtime + $this->default_source_mtime + $_SESSION['PMA_Theme']->mtime_info + $_SESSION['PMA_Theme']->filesize_info) . (isset($_SESSION['tmp_user_values']['custom_color']) ? substr($_SESSION['tmp_user_values']['custom_color'],1,6) : '');
return intval((null !== $GLOBALS['PMA_Config']->get('fontsize') ? $_SESSION['PMA_Config']->get('fontsize') : (isset($_COOKIE['pma_fontsize']) ? $_COOKIE['pma_fontsize'] : 0))) + ($this->source_mtime + $this->default_source_mtime + $_SESSION['PMA_Theme']->mtime_info + $_SESSION['PMA_Theme']->filesize_info) . (isset($_SESSION['tmp_user_values']['custom_color']) ? substr($_SESSION['tmp_user_values']['custom_color'],1,6) : '');
}
/**
@@ -735,7 +735,7 @@ class PMA_Config
* @uses function_exists()
* @uses PMA_Config::set()
* @uses PMA_Config::get()
* @uses PMA_setCookie()
* @uses PMA_Config::setCookie()
*/
function checkFontsize()
{
@@ -757,9 +757,7 @@ class PMA_Config
$this->set('fontsize', '82%');
}
if (function_exists('PMA_setCookie')) {
PMA_setCookie('pma_fontsize', $this->get('fontsize'), '82%');
}
$this->setCookie('pma_fontsize', $this->get('fontsize'), '82%');
}
/**
@@ -806,16 +804,18 @@ class PMA_Config
*/
function checkIsHttps()
{
$this->set('is_https', PMA_Config::isHttps());
$this->set('is_https', $this->isHttps());
}
/**
* @static
*/
static public function isHttps()
public function isHttps()
{
$is_https = false;
# print $this->get('PmaAbsoluteUri');
$url = array();
// At first we try to parse REQUEST_URI, it might contain full URL,
@@ -855,13 +855,13 @@ class PMA_Config
*/
function checkCookiePath()
{
$this->set('cookie_path', PMA_Config::getCookiePath());
$this->set('cookie_path', $this->getCookiePath());
}
/**
* @static
*/
static public function getCookiePath()
public function getCookiePath()
{
static $cookie_path = null;
@@ -1010,7 +1010,7 @@ class PMA_Config
/**
* returns html selectbox for font sizes
*
* @uses $_SESSION['PMA_Config']
* @uses $GLOBALS['PMA_Config']
* @uses PMA_Config::get()
* @uses PMA_Config::_getFontsizeOptions()
* @uses $GLOBALS['strFontSize']
@@ -1020,7 +1020,7 @@ class PMA_Config
*/
static protected function _getFontsizeSelection()
{
$current_size = $_SESSION['PMA_Config']->get('fontsize');
$current_size = $GLOBALS['PMA_Config']->get('fontsize');
// for the case when there is no config file (this is supported)
if (empty($current_size)) {
if (isset($_COOKIE['pma_fontsize'])) {
@@ -1066,5 +1066,70 @@ class PMA_Config
. '</noscript>' . "\n"
. '</form>';
}
/**
* removes cookie
*
* @uses PMA_Config::isHttps()
* @uses PMA_Config::getCookiePath()
* @uses setcookie()
* @uses time()
* @param string $cookie name of cookie to remove
* @return boolean result of setcookie()
*/
function removeCookie($cookie)
{
return setcookie($cookie, '', time() - 3600,
$this->getCookiePath(), '', $this->isHttps());
}
/**
* sets cookie if value is different from current cokkie value,
* or removes if value is equal to default
*
* @uses PMA_Config::isHttps()
* @uses PMA_Config::getCookiePath()
* @uses $_COOKIE
* @uses PMA_Config::removeCookie()
* @uses setcookie()
* @uses time()
* @param string $cookie name of cookie to remove
* @param mixed $value new cookie value
* @param string $default default value
* @param int $validity validity of cookie in seconds (default is one month)
* @param bool $httponlt whether cookie is only for HTTP (and not for scripts)
* @return boolean result of setcookie()
*/
function setCookie($cookie, $value, $default = null, $validity = null, $httponly = true)
{
if ($validity == null) {
$validity = 2592000;
}
if (strlen($value) && null !== $default && $value === $default
&& isset($_COOKIE[$cookie])) {
// remove cookie, default value is used
return $this->removeCookie($cookie);
}
if (! strlen($value) && isset($_COOKIE[$cookie])) {
// remove cookie, value is empty
return $this->removeCookie($cookie);
}
if (! isset($_COOKIE[$cookie]) || $_COOKIE[$cookie] !== $value) {
// set cookie with new value
/* Calculate cookie validity */
if ($validity == 0) {
$v = 0;
} else {
$v = time() + $validity;
}
return setcookie($cookie, $value, $v,
$this->getCookiePath(), '', $this->isHttps(), $httponly);
}
// cookie has already $value as value
return true;
}
}
?>

6
libraries/File.class.php
View File

@@ -294,7 +294,7 @@ class PMA_File
if ($is_bs_upload)
{
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// if PMA configuration is loaded
if (!empty($PMA_Config))
@@ -502,7 +502,7 @@ class PMA_File
if ($is_bs_upload)
{
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// if the PMA configuration was loaded
if (!empty($PMA_Config))
@@ -642,7 +642,7 @@ class PMA_File
if ($is_bs_upload)
{
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// if the PMA configuration was loaded
if (!empty($PMA_Config))

6
libraries/Theme_Manager.class.php
View File

@@ -193,7 +193,7 @@ class PMA_Theme_Manager
/**
* save theme in cookie
*
* @uses PMA_setCookie();
* @uses $GLOBALS['PMA_Config']->setCookie();
* @uses PMA_Theme_Manager::getThemeCookieName()
* @uses PMA_Theme_Manager::$theme
* @uses PMA_Theme_Manager::$theme_default
@@ -201,11 +201,11 @@ class PMA_Theme_Manager
*/
function setThemeCookie()
{
PMA_setCookie($this->getThemeCookieName(), $this->theme->id,
$GLOBALS['PMA_Config']->setCookie($this->getThemeCookieName(), $this->theme->id,
$this->theme_default);
// force a change of a dummy session variable to avoid problems
// with the caching of phpmyadmin.css.php
$_SESSION['PMA_Config']->set('theme-update', $this->theme->id);
$GLOBALS['PMA_Config']->set('theme-update', $this->theme->id);
return true;
}

2
libraries/auth/config.auth.lib.php
View File

@@ -103,7 +103,7 @@ function PMA_auth_fails()
trigger_error($GLOBALS['strAccessDenied'], E_USER_NOTICE);
} else {
// Check whether user has configured something
if ($_SESSION['PMA_Config']->source_mtime == 0) {
if ($GLOBALS['PMA_Config']->source_mtime == 0) {
echo '<p>' . sprintf($GLOBALS['strAccessDeniedCreateConfig'], '<a href="setup/">', '</a>') . '</p>' . "\n";
} elseif (!isset($GLOBALS['errno']) || (isset($GLOBALS['errno']) && $GLOBALS['errno'] != 2002) && $GLOBALS['errno'] != 2003) {
// if we display the "Server not responding" error, do not confuse users

30
libraries/auth/cookie.auth.lib.php
View File

@@ -39,7 +39,7 @@ if (function_exists('mcrypt_encrypt')) {
trigger_error(PMA_sanitize(sprintf($strCantLoad, 'mcrypt')), E_USER_WARNING);
}
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
PMA_setCookie('pma_mcrypt_iv', base64_encode($iv));
$GLOBALS['PMA_Config']->setCookie('pma_mcrypt_iv', base64_encode($iv));
}
/**
@@ -387,7 +387,7 @@ window.setTimeout('PMA_focusInput()', 500);
* @uses $_REQUEST['pma_servername'] from login form
* @uses $_COOKIE
* @uses $_SESSION['last_access_time']
* @uses PMA_removeCookie()
* @uses $GLOBALS['PMA_Config']->removeCookie()
* @uses PMA_blowfish_decrypt()
* @uses PMA_auth_fails()
* @uses time()
@@ -415,9 +415,9 @@ function PMA_auth_check()
if (defined('PMA_CLEAR_COOKIES')) {
foreach($GLOBALS['cfg']['Servers'] as $key => $val) {
PMA_removeCookie('pmaPass-' . $key);
PMA_removeCookie('pmaServer-' . $key);
PMA_removeCookie('pmaUser-' . $key);
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key);
$GLOBALS['PMA_Config']->removeCookie('pmaServer-' . $key);
$GLOBALS['PMA_Config']->removeCookie('pmaUser-' . $key);
}
return false;
}
@@ -435,13 +435,13 @@ function PMA_auth_check()
// -> delete password cookie(s)
if ($GLOBALS['cfg']['LoginCookieDeleteAll']) {
foreach($GLOBALS['cfg']['Servers'] as $key => $val) {
PMA_removeCookie('pmaPass-' . $key);
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $key);
if (isset($_COOKIE['pmaPass-' . $key])) {
unset($_COOKIE['pmaPass-' . $key]);
}
}
} else {
PMA_removeCookie('pmaPass-' . $GLOBALS['server']);
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $GLOBALS['server']);
if (isset($_COOKIE['pmaPass-' . $GLOBALS['server']])) {
unset($_COOKIE['pmaPass-' . $GLOBALS['server']]);
}
@@ -526,9 +526,9 @@ function PMA_auth_check()
* @uses $cfg['PmaAbsoluteUri']
* @uses $_SESSION['last_access_time']
* @uses PMA_COMING_FROM_COOKIE_LOGIN
* @uses PMA_setCookie()
* @uses $GLOBALS['PMA_Config']->setCookie()
* @uses PMA_blowfish_encrypt()
* @uses PMA_removeCookie()
* @uses $GLOBALS['PMA_Config']->removeCookie()
* @uses PMA_sendHeaderLocation()
* @uses time()
* @uses define()
@@ -583,12 +583,12 @@ function PMA_auth_set_user()
// Name and password cookies need to be refreshed each time
// Duration = one month for username
PMA_setCookie('pmaUser-' . $GLOBALS['server'],
$GLOBALS['PMA_Config']->setCookie('pmaUser-' . $GLOBALS['server'],
PMA_blowfish_encrypt($cfg['Server']['user'],
PMA_get_blowfish_secret()));
// Duration = as configured
PMA_setCookie('pmaPass-' . $GLOBALS['server'],
$GLOBALS['PMA_Config']->setCookie('pmaPass-' . $GLOBALS['server'],
PMA_blowfish_encrypt(!empty($cfg['Server']['password']) ? $cfg['Server']['password'] : "\xff(blank)",
PMA_get_blowfish_secret()),
null,
@@ -600,10 +600,10 @@ function PMA_auth_set_user()
if ($GLOBALS['cfg']['AllowArbitraryServer']) {
if (! empty($GLOBALS['pma_auth_server'])) {
// Duration = one month for servername
PMA_setCookie('pmaServer-' . $GLOBALS['server'], $cfg['Server']['host']);
$GLOBALS['PMA_Config']->setCookie('pmaServer-' . $GLOBALS['server'], $cfg['Server']['host']);
} else {
// Delete servername cookie
PMA_removeCookie('pmaServer-' . $GLOBALS['server']);
$GLOBALS['PMA_Config']->removeCookie('pmaServer-' . $GLOBALS['server']);
}
}
@@ -652,7 +652,7 @@ function PMA_auth_set_user()
* @uses $GLOBALS['strCannotLogin']
* @uses $GLOBALS['no_activity']
* @uses $cfg['LoginCookieValidity']
* @uses PMA_removeCookie()
* @uses $GLOBALS['PMA_Config']->removeCookie()
* @uses PMA_getenv()
* @uses PMA_DBI_getError()
* @uses PMA_sanitize()
@@ -666,7 +666,7 @@ function PMA_auth_fails()
global $conn_error;
// Deletes password cookie and displays the login form
PMA_removeCookie('pmaPass-' . $GLOBALS['server']);
$GLOBALS['PMA_Config']->removeCookie('pmaPass-' . $GLOBALS['server']);
if (! empty($GLOBALS['login_without_password_is_forbidden'])) {
$conn_error = $GLOBALS['strLoginWithoutPassword'];

20
libraries/blobstreaming.lib.php
View File

@@ -22,7 +22,7 @@
function checkBLOBStreamingPlugins()
{
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// return if unable to load PMA configuration
if (empty($PMA_Config)) {
@@ -240,7 +240,7 @@ EOD;
function checkBLOBStreamableDatabases()
{
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
$serverCfg = $GLOBALS['cfg']['Server'];
@@ -382,7 +382,7 @@ function PMA_BS_SetVariables($bs_variables)
function PMA_BS_GetVariables()
{
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// return if unable to load PMA configuration
if (empty($PMA_Config))
@@ -415,7 +415,7 @@ function PMA_BS_GetVariables()
function PMA_BS_SetFieldReferences($val)
{
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// return if unable to load PMA configuration
if (empty($PMA_Config))
@@ -446,7 +446,7 @@ function PMA_BS_SetFieldReferences($val)
function PMA_BS_GetTableStruct($tbl_name)
{
// retrieve table structures for BS tables
$bs_tables = $_SESSION['PMA_Config']->get('BLOBSTREAMING_TABLES');
$bs_tables = $GLOBALS['PMA_Config']->get('BLOBSTREAMING_TABLES');
// return if tables don't exist
if (!$bs_tables)
@@ -474,7 +474,7 @@ function PMA_BS_GetTableStruct($tbl_name)
function PMA_BS_CreateTables($db_name)
{
// retrieve BS tables
$bs_tables = $_SESSION['PMA_Config']->get('BLOBSTREAMING_TABLES');
$bs_tables = $GLOBALS['PMA_Config']->get('BLOBSTREAMING_TABLES');
// select specified database
PMA_DBI_select_db($db_name);
@@ -507,7 +507,7 @@ function PMA_BS_CreateTables($db_name)
function PMA_BS_DropTables($db_name)
{
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// return if unable to load PMA configuration
if (empty($PMA_Config))
@@ -549,7 +549,7 @@ function PMA_BS_DropTables($db_name)
function PMA_BS_GetPrimaryField($db_name, $tbl_name)
{
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// return if unable to load PMA configuration
if (empty($PMA_Config))
@@ -593,7 +593,7 @@ function PMA_BS_ReferenceExists($bs_reference, $db_name)
return $referenceExists;
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// return if unable to load PMA configuration
if (empty($PMA_Config))
@@ -631,7 +631,7 @@ function PMA_BS_ReferenceExists($bs_reference, $db_name)
function PMA_BS_CreateReferenceLink($bs_reference, $db_name)
{
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// return if unable to load PMA configuration
if (empty($PMA_Config))

146
libraries/common.inc.php
View File

@@ -257,22 +257,6 @@ if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true);
}
/**
* clean cookies on upgrade
* when changing something related to PMA cookies, increment the cookie version
*/
$pma_cookie_version = 4;
if (isset($_COOKIE)
&& (isset($_COOKIE['pmaCookieVer'])
&& $_COOKIE['pmaCookieVer'] < $pma_cookie_version)) {
// delete all cookies
foreach($_COOKIE as $cookie_name => $tmp) {
PMA_removeCookie($cookie_name);
}
$_COOKIE = array();
PMA_setCookie('pmaCookieVer', $pma_cookie_version);
}
/**
* include deprecated grab_globals only if required
*/
@@ -289,6 +273,65 @@ if (empty($__redirect) && !defined('PMA_NO_VARIABLES_IMPORT')) {
*/
date_default_timezone_set(@date_default_timezone_get());
/******************************************************************************/
/* parsing configuration file LABEL_parsing_config_file */
/**
* We really need this one!
*/
if (! function_exists('preg_replace')) {
PMA_fatalError('strCantLoad', 'pcre');
}
/**
* @global PMA_Config $GLOBALS['PMA_Config']
* force reading of config file, because we removed sensitive values
* in the previous iteration
*/
$GLOBALS['PMA_Config'] = new PMA_Config('./config.inc.php');
if (!defined('PMA_MINIMUM_COMMON')) {
$GLOBALS['PMA_Config']->checkPmaAbsoluteUri();
}
/**
* BC - enable backward compatibility
* exports all configuration settings into $GLOBALS ($GLOBALS['cfg'])
*/
$GLOBALS['PMA_Config']->enableBc();
/**
* clean cookies on upgrade
* when changing something related to PMA cookies, increment the cookie version
*/
$pma_cookie_version = 4;
if (isset($_COOKIE)
&& (isset($_COOKIE['pmaCookieVer'])
&& $_COOKIE['pmaCookieVer'] < $pma_cookie_version)) {
// delete all cookies
foreach($_COOKIE as $cookie_name => $tmp) {
$GLOBALS['PMA_Config']->removeCookie($cookie_name);
}
$_COOKIE = array();
$GLOBALS['PMA_Config']->setCookie('pmaCookieVer', $pma_cookie_version);
}
/**
* check HTTPS connection
*/
if ($GLOBALS['PMA_Config']->get('ForceSSL')
&& !$GLOBALS['PMA_Config']->get('is_https')) {
PMA_sendHeaderLocation(
preg_replace('/^http/', 'https',
$GLOBALS['PMA_Config']->get('PmaAbsoluteUri'))
. PMA_generate_common_url($_GET, 'text'));
// delete the current session, otherwise we get problems (see bug #2397877)
$GLOBALS['PMA_Config']->removeCookie($GLOBALS['session_name']);
exit;
}
/**
* include session handling after the globals, to prevent overwriting
*/
@@ -521,49 +564,6 @@ $GLOBALS['js_events'] = array();
*/
$GLOBALS['footnotes'] = array();
/******************************************************************************/
/* parsing configuration file LABEL_parsing_config_file */
/**
* We really need this one!
*/
if (! function_exists('preg_replace')) {
PMA_fatalError('strCantLoad', 'pcre');
}
/**
* @global PMA_Config $_SESSION['PMA_Config']
* force reading of config file, because we removed sensitive values
* in the previous iteration
*/
$_SESSION['PMA_Config'] = new PMA_Config('./config.inc.php');
if (!defined('PMA_MINIMUM_COMMON')) {
$_SESSION['PMA_Config']->checkPmaAbsoluteUri();
}
/**
* BC - enable backward compatibility
* exports all configuration settings into $GLOBALS ($GLOBALS['cfg'])
*/
$_SESSION['PMA_Config']->enableBc();
/**
* check HTTPS connection
*/
if ($_SESSION['PMA_Config']->get('ForceSSL')
&& !$_SESSION['PMA_Config']->get('is_https')) {
PMA_sendHeaderLocation(
preg_replace('/^http/', 'https',
$_SESSION['PMA_Config']->get('PmaAbsoluteUri'))
. PMA_generate_common_url($_GET, 'text'));
// delete the current session, otherwise we get problems (see bug #2397877)
PMA_removeCookie($GLOBALS['session_name']);
exit;
}
/******************************************************************************/
/* loading language file LABEL_loading_language_file */
@@ -583,23 +583,23 @@ require_once './libraries/select_lang.lib.php';
* check for errors occurred while loading configuration
* this check is done here after loading language files to present errors in locale
*/
if ($_SESSION['PMA_Config']->error_config_file) {
if ($GLOBALS['PMA_Config']->error_config_file) {
$error = $strConfigFileError
. '<br /><br />'
. ($_SESSION['PMA_Config']->getSource() == './config.inc.php' ?
. ($GLOBALS['PMA_Config']->getSource() == './config.inc.php' ?
'<a href="show_config_errors.php"'
.' target="_blank">' . $_SESSION['PMA_Config']->getSource() . '</a>'
.' target="_blank">' . $GLOBALS['PMA_Config']->getSource() . '</a>'
:
'<a href="' . $_SESSION['PMA_Config']->getSource() . '"'
.' target="_blank">' . $_SESSION['PMA_Config']->getSource() . '</a>');
'<a href="' . $GLOBALS['PMA_Config']->getSource() . '"'
.' target="_blank">' . $GLOBALS['PMA_Config']->getSource() . '</a>');
trigger_error($error, E_USER_ERROR);
}
if ($_SESSION['PMA_Config']->error_config_default_file) {
if ($GLOBALS['PMA_Config']->error_config_default_file) {
$error = sprintf($strConfigDefaultFileError,
$_SESSION['PMA_Config']->default_source);
$GLOBALS['PMA_Config']->default_source);
trigger_error($error, E_USER_ERROR);
}
if ($_SESSION['PMA_Config']->error_pma_uri) {
if ($GLOBALS['PMA_Config']->error_pma_uri) {
trigger_error($strPmaUriError, E_USER_ERROR);
}
@@ -805,9 +805,9 @@ if (! defined('PMA_MINIMUM_COMMON')) {
* save some settings in cookies
* @todo should be done in PMA_Config
*/
PMA_setCookie('pma_lang', $GLOBALS['lang']);
PMA_setCookie('pma_charset', $GLOBALS['convcharset']);
PMA_setCookie('pma_collation_connection', $GLOBALS['collation_connection']);
$GLOBALS['PMA_Config']->setCookie('pma_lang', $GLOBALS['lang']);
$GLOBALS['PMA_Config']->setCookie('pma_charset', $GLOBALS['convcharset']);
$GLOBALS['PMA_Config']->setCookie('pma_collation_connection', $GLOBALS['collation_connection']);
$_SESSION['PMA_Theme_Manager']->setThemeCookie();
@@ -982,9 +982,9 @@ if (! defined('PMA_MINIMUM_COMMON')) {
} // end if !defined('PMA_MINIMUM_COMMON')
// remove sensitive values from session
$_SESSION['PMA_Config']->set('blowfish_secret', '');
$_SESSION['PMA_Config']->set('Servers', '');
$_SESSION['PMA_Config']->set('default_server', '');
$GLOBALS['PMA_Config']->set('blowfish_secret', '');
$GLOBALS['PMA_Config']->set('Servers', '');
$GLOBALS['PMA_Config']->set('default_server', '');
/* Tell tracker that it can actually work */
PMA_Tracker::enable();

4
libraries/common.lib.php
View File

@@ -782,11 +782,11 @@ function PMA_getTableList($db, $tables = null, $limit_offset = 0, $limit_count =
// for blobstreaming - list of blobstreaming tables - rajk
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// if PMA configuration exists
if (!empty($PMA_Config))
$session_bs_tables = $_SESSION['PMA_Config']->get('BLOBSTREAMING_TABLES');
$session_bs_tables = $GLOBALS['PMA_Config']->get('BLOBSTREAMING_TABLES');
foreach ($tables as $table_name => $table) {
// if BS tables exist

73
libraries/core.lib.php
View File

@@ -206,7 +206,7 @@ function PMA_securePath($path)
* @uses $GLOBALS['strError']
* @uses $GLOBALS['available_languages']
* @uses $GLOBALS['lang']
* @uses PMA_removeCookie()
* @uses $GLOBALS['PMA_Config']->removeCookie()
* @uses select_lang.lib.php
* @uses $_COOKIE
* @uses substr()
@@ -273,7 +273,7 @@ function PMA_fatalError($error_message, $message_args = null)
// on fatal errors it cannot hurt to always delete the current session
if (isset($GLOBALS['session_name']) && isset($_COOKIE[$GLOBALS['session_name']])) {
PMA_removeCookie($GLOBALS['session_name']);
$GLOBALS['PMA_Config']->removeCookie($GLOBALS['session_name']);
}
exit;
@@ -302,13 +302,13 @@ function PMA_getTableCount($db)
// for use in determining if a table here is a blobstreaming table - rajk
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// if PMA configuration exists
if (!empty($PMA_Config))
{
// load BS tables
$session_bs_tables = $_SESSION['PMA_Config']->get('BLOBSTREAMING_TABLES');
$session_bs_tables = $GLOBALS['PMA_Config']->get('BLOBSTREAMING_TABLES');
// if BS tables exist
if (isset ($session_bs_tables))
@@ -526,69 +526,4 @@ function PMA_getenv($var_name) {
return '';
}
/**
* removes cookie
*
* @uses PMA_Config::isHttps()
* @uses PMA_Config::getCookiePath()
* @uses setcookie()
* @uses time()
* @param string $cookie name of cookie to remove
* @return boolean result of setcookie()
*/
function PMA_removeCookie($cookie)
{
return setcookie($cookie, '', time() - 3600,
PMA_Config::getCookiePath(), '', PMA_Config::isHttps());
}
/**
* sets cookie if value is different from current cokkie value,
* or removes if value is equal to default
*
* @uses PMA_Config::isHttps()
* @uses PMA_Config::getCookiePath()
* @uses $_COOKIE
* @uses PMA_removeCookie()
* @uses setcookie()
* @uses time()
* @param string $cookie name of cookie to remove
* @param mixed $value new cookie value
* @param string $default default value
* @param int $validity validity of cookie in seconds (default is one month)
* @param bool $httponlt whether cookie is only for HTTP (and not for scripts)
* @return boolean result of setcookie()
*/
function PMA_setCookie($cookie, $value, $default = null, $validity = null, $httponly = true)
{
if ($validity == null) {
$validity = 2592000;
}
if (strlen($value) && null !== $default && $value === $default
&& isset($_COOKIE[$cookie])) {
// remove cookie, default value is used
return PMA_removeCookie($cookie);
}
if (! strlen($value) && isset($_COOKIE[$cookie])) {
// remove cookie, value is empty
return PMA_removeCookie($cookie);
}
if (! isset($_COOKIE[$cookie]) || $_COOKIE[$cookie] !== $value) {
// set cookie with new value
/* Calculate cookie validity */
if ($validity == 0) {
$v = 0;
} else {
$v = time() + $validity;
}
return setcookie($cookie, $value, $v,
PMA_Config::getCookiePath(), '', PMA_Config::isHttps(), $httponly);
}
// cookie has already $value as value
return true;
}
?>

2
libraries/display_tbl.lib.php
View File

@@ -1281,7 +1281,7 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
$bs_reference_exists = $allBSTablesExist = FALSE;
// load PMA configuration
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// if PMA configuration exists
if ($PMA_Config) {

2
libraries/header_meta_style.inc.php
View File

@@ -46,7 +46,7 @@ if ($GLOBALS['text_dir'] == 'ltr') {
echo 'phpMyAdmin';
}
?></title>
<link rel="stylesheet" type="text/css" href="<?php echo defined('PMA_PATH_TO_BASEDIR') ? PMA_PATH_TO_BASEDIR : ''; ?>phpmyadmin.css.php?<?php echo PMA_generate_common_url(); ?>&amp;js_frame=<?php echo isset($print_view) ? 'print' : 'right'; ?>&amp;nocache=<?php echo $_SESSION['PMA_Config']->getThemeUniqueValue(); ?>" />
<link rel="stylesheet" type="text/css" href="<?php echo defined('PMA_PATH_TO_BASEDIR') ? PMA_PATH_TO_BASEDIR : ''; ?>phpmyadmin.css.php?<?php echo PMA_generate_common_url(); ?>&amp;js_frame=<?php echo isset($print_view) ? 'print' : 'right'; ?>&amp;nocache=<?php echo $GLOBALS['PMA_Config']->getThemeUniqueValue(); ?>" />
<?php if (defined('PMA_MOORAINBOW')) { ?>
<link rel="stylesheet" type="text/css" href="js/mooRainbow/mooRainbow.css" />
<?php

2
libraries/header_printview.inc.php
View File

@@ -48,7 +48,7 @@ if ($text_dir == 'ltr') {
<link rel="icon" href="./favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
<title><?php echo $strSQLResult; ?> - phpMyAdmin <?php echo PMA_VERSION ?></title>
<link rel="stylesheet" type="text/css" href="phpmyadmin.css.php?<?php echo PMA_generate_common_url('', ''); ?>&amp;js_frame=print&amp;nocache=<?php echo $_SESSION['PMA_Config']->getThemeUniqueValue(); ?>" />
<link rel="stylesheet" type="text/css" href="phpmyadmin.css.php?<?php echo PMA_generate_common_url('', ''); ?>&amp;js_frame=print&amp;nocache=<?php echo $GLOBALS['PMA_Config']->getThemeUniqueValue(); ?>" />
</head>
<body bgcolor="#ffffff">

8
libraries/session.inc.php
View File

@@ -31,8 +31,8 @@ if (!@function_exists('session_name')) {
//ini_set('session.auto_start', 0);
// session cookie settings
session_set_cookie_params(0, PMA_Config::getCookiePath() . '; HttpOnly',
'', PMA_Config::isHttps());
//session_set_cookie_params(0, PMA_Config::getCookiePath() . '; HttpOnly',
// '', PMA_Config::isHttps());
// cookies are safer (use @ini_set() in case this function is disabled)
@ini_set('session.use_cookies', true);
@@ -79,7 +79,7 @@ if (! isset($_COOKIE[$session_name])) {
}
unset($orig_error_count);
} else {
@session_start();
session_start();
}
/**
@@ -102,4 +102,4 @@ function PMA_secureSession()
// prevent session fixation and XSS
session_regenerate_id(true);
}
?>
?>

2
navigation.php
View File

@@ -135,7 +135,7 @@ require_once './libraries/header_http.inc.php';
content="text/html; charset=<?php echo $GLOBALS['charset']; ?>" />
<base target="frame_content" />
<link rel="stylesheet" type="text/css"
href="phpmyadmin.css.php?<?php echo PMA_generate_common_url('', ''); ?>&amp;js_frame=left&amp;nocache=<?php echo $_SESSION['PMA_Config']->getThemeUniqueValue(); ?>" />
href="phpmyadmin.css.php?<?php echo PMA_generate_common_url('', ''); ?>&amp;js_frame=left&amp;nocache=<?php echo $GLOBALS['PMA_Config']->getThemeUniqueValue(); ?>" />
<script type="text/javascript" src="js/navigation.js"></script>
<script type="text/javascript" src="js/functions.js"></script>
<script type="text/javascript">

4
setup/index.php
View File

@@ -31,7 +31,7 @@ require './libraries/header_http.inc.php';
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>phpMyAdmin <?php echo $_SESSION['PMA_Config']->get('PMA_VERSION'); ?> setup</title>
<title>phpMyAdmin <?php echo $GLOBALS['PMA_Config']->get('PMA_VERSION'); ?> setup</title>
<link href="../favicon.ico" rel="icon" type="image/x-icon" />
<link href="../favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="styles.css" rel="stylesheet" type="text/css" />
@@ -40,7 +40,7 @@ require './libraries/header_http.inc.php';
<script type="text/javascript" src="scripts.js"></script>
</head>
<body>
<h1><span class="blue">php</span><span class="orange">MyAdmin</span> <?php echo $_SESSION['PMA_Config']->get('PMA_VERSION'); ?> setup</h1>
<h1><span class="blue">php</span><span class="orange">MyAdmin</span> <?php echo $GLOBALS['PMA_Config']->get('PMA_VERSION'); ?> setup</h1>
<div id="menu">
<?php
require './setup/frames/menu.inc.php';

2
setup/lib/ConfigFile.class.php
View File

@@ -277,7 +277,7 @@ class ConfigFile
. '/*' . $crlf
. ' * Generated configuration file' . $crlf
. ' * Generated by: phpMyAdmin '
. $_SESSION['PMA_Config']->get('PMA_VERSION')
. $GLOBALS['PMA_Config']->get('PMA_VERSION')
. ' setup script by Piotr Przybylski <piotrprz@gmail.com>' . $crlf
. ' * Date: ' . date(DATE_RFC1123) . $crlf
. ' */' . $crlf . $crlf;

2
setup/lib/common.inc.php
View File

@@ -24,7 +24,7 @@ require_once './setup/lib/ConfigFile.class.php';
restore_error_handler();
// Save current language in a cookie, required since we use PMA_MINIMUM_COMMON
PMA_setCookie('pma_lang', $GLOBALS['lang']);
$GLOBALS['PMA_Config']->setCookie('pma_lang', $GLOBALS['lang']);
if (!isset($_SESSION['ConfigFile'])) {
$_SESSION['ConfigFile'] = array();

2
setup/lib/index.lib.php
View File

@@ -153,7 +153,7 @@ function PMA_version_check()
return;
}
$version_local = version_to_int($_SESSION['PMA_Config']->get('PMA_VERSION'));
$version_local = version_to_int($GLOBALS['PMA_Config']->get('PMA_VERSION'));
if ($version_local === false) {
messages_set('error', $message_id, 'VersionCheck',
PMA_lang('VersionCheckUnparsable'));

4
tbl_change.php
View File

@@ -831,7 +831,7 @@ foreach ($rows as $row_id => $vrow) {
if (isset ($tbl_type) && strlen ($tbl_type) > 0)
{
// load PMA_Config
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
if (!empty($PMA_Config))
{
@@ -931,7 +931,7 @@ foreach ($rows as $row_id => $vrow) {
if (isset ($tbl_type) && strlen ($tbl_type) > 0)
{
// load PMA Config
$PMA_Config = $_SESSION['PMA_Config'];
$PMA_Config = $GLOBALS['PMA_Config'];
// is PMA_Config's data loaded? continue only if it is
if (!empty($PMA_Config))

2
tbl_replace.php
View File

@@ -54,7 +54,7 @@ if (! defined('PMA_NO_VARIABLES_IMPORT')) {
* Gets some core libraries
*/
require_once './libraries/common.inc.php';
$blob_streaming_active = $_SESSION['PMA_Config']->get('BLOBSTREAMING_PLUGINS_EXIST');
$blob_streaming_active = $GLOBALS['PMA_Config']->get('BLOBSTREAMING_PLUGINS_EXIST');
// Check parameters
PMA_checkParameters(array('db', 'table', 'goto'));

2
test/theme.php
View File

@@ -32,7 +32,7 @@ header('Content-Type: text/html; charset=' . $GLOBALS['charset']);
<meta http-equiv="Content-Type"
content="text/html; charset=<?php echo $GLOBALS['charset']; ?>" />
<link rel="stylesheet" type="text/css"
href="../phpmyadmin.css.php?<?php echo PMA_generate_common_url(); ?>&amp;js_frame=right&amp;nocache=<?php echo $_SESSION['PMA_Config']->getThemeUniqueValue(); ?>" />
href="../phpmyadmin.css.php?<?php echo PMA_generate_common_url(); ?>&amp;js_frame=right&amp;nocache=<?php echo $GLOBALS['PMA_Config']->getThemeUniqueValue(); ?>" />
<link rel="stylesheet" type="text/css" media="print"
href="../print.css" />
<script src="../js/functions.js" type="text/javascript"></script>

2
themes/darkblue_orange/css/theme_right.css.php
View File

@@ -16,7 +16,7 @@ if (!defined('PMA_MINIMUM_COMMON')) {
/******************************************************************************/
/* general tags */
html {
font-size: <?php echo (null !== $_SESSION['PMA_Config']->get('fontsize') ? $_SESSION['PMA_Config']->get('fontsize') : $_COOKIE['pma_fontsize']); ?>;
font-size: <?php echo (null !== $GLOBALS['PMA_Config']->get('fontsize') ? $_SESSION['PMA_Config']->get('fontsize') : $_COOKIE['pma_fontsize']); ?>;
}
input, select, textarea {

2
themes/original/css/theme_left.css.php
View File

@@ -16,7 +16,7 @@ if (!defined('PMA_MINIMUM_COMMON')) {
/******************************************************************************/
/* general tags */
html {
font-size: <?php echo (null !== $_SESSION['PMA_Config']->get('fontsize') ? $_SESSION['PMA_Config']->get('fontsize') : $_COOKIE['pma_fontsize']); ?>;
font-size: <?php echo (null !== $GLOBALS['PMA_Config']->get('fontsize') ? $_SESSION['PMA_Config']->get('fontsize') : $_COOKIE['pma_fontsize']); ?>;
}
input, select, textarea {

2
themes/original/css/theme_right.css.php
View File

@@ -16,7 +16,7 @@ if (!defined('PMA_MINIMUM_COMMON')) {
/******************************************************************************/
/* general tags */
html {
font-size: <?php echo (null !== $_SESSION['PMA_Config']->get('fontsize') ? $_SESSION['PMA_Config']->get('fontsize') : (
font-size: <?php echo (null !== $GLOBALS['PMA_Config']->get('fontsize') ? $_SESSION['PMA_Config']->get('fontsize') : (
isset($_COOKIE['pma_fontsize']) ? $_COOKIE['pma_fontsize'] : '84%'));?>;
}

4
user_password.php
View File

@@ -21,7 +21,7 @@
* @uses PMA_generate_common_url()
* @uses PMA_isValid()
* @uses PMA_mysqlDie()
* @uses PMA_setCookie()
* @uses $GLOBALS['PMA_Config']->setCookie()
* @uses PMA_blowfish_encrypt()
* @uses PMA_showMessage()
* @uses define()
@@ -96,7 +96,7 @@ if (isset($_REQUEST['nopass'])) {
// Changes password cookie if required
// Duration = till the browser is closed for password (we don't want this to be saved)
if ($cfg['Server']['auth_type'] == 'cookie') {
PMA_setCookie('pmaPass-' . $server,
$GLOBALS['PMA_Config']->setCookie('pmaPass-' . $server,
PMA_blowfish_encrypt($password, $GLOBALS['cfg']['blowfish_secret']));
} // end if

2
webapp.php
View File

@@ -22,7 +22,7 @@ require_once './libraries/zip.lib.php';
// ini file
$parameters = array(
'id' => 'phpMyAdmin@' . $_SERVER['HTTP_HOST'],
'uri' => $_SESSION['PMA_Config']->get('PmaAbsoluteUri'),
'uri' => $GLOBALS['PMA_Config']->get('PmaAbsoluteUri'),
'status' => 'yes',
'location' => 'no',
'sidebar' => 'no',