From dadcb42f7eac2987d286996d371a78ade4adeb8b Mon Sep 17 00:00:00 2001 From: Sebastian Mendel Date: Mon, 26 Mar 2007 12:48:11 +0000 Subject: [PATCH] documentation; minor tweaks; PMA_getMIME(), PMA_setMIME() now checks itself for $cfgRelation; --- libraries/transformations.lib.php | 335 +++++++++++++++++------------- 1 file changed, 194 insertions(+), 141 deletions(-) diff --git a/libraries/transformations.lib.php b/libraries/transformations.lib.php index 3a00263ed..0623db767 100644 --- a/libraries/transformations.lib.php +++ b/libraries/transformations.lib.php @@ -7,85 +7,122 @@ */ /** + * returns array of options from string with options separated by comma, removes quotes * + * + * PMA_transformation_getOptions("'option ,, quoted',abd,'2,3',"); + * // array { + * // 'option ,, quoted', + * // 'abc', + * // '2,3', + * // '', + * // } + * + * + * @uses preg_split() + * @uses array_shift() + * @uses trim() + * @uses rtrim() + * @uses ltrim() + * @uses strlen() + * @uses substr() + * @uses stripslashes() + * @param string $option_string comma separated options + * @return array options */ -function PMA_transformation_getOptions($string) { - $transform_options = array(); - - /* Parse options */ - for ($nextToken = strtok($string, ','); $nextToken !== false; $nextToken = strtok(',')) { - $trimmed = trim($nextToken); - if ($trimmed{0} == '\'' && $trimmed{strlen($trimmed) - 1} == '\'') { - $transform_options[] = substr($trimmed, 1, -1); - } else { - if ($trimmed{0} == '\'') { - $trimmed= ltrim($nextToken); - while ($nextToken !== false) { - $nextToken = strtok(','); - $trimmed .= $nextToken; - $rtrimmed = rtrim($trimmed); - if ($rtrimmed{strlen($rtrimmed) - 1} == '\'') break; - } - $transform_options[] = substr($rtrimmed, 1, -1); - } else { - $transform_options[] = $nextToken; - } - } - } - - // strip possible slashes to behave like documentation says +function PMA_transformation_getOptions($option_string) +{ $result = array(); - foreach ($transform_options as $val) { - $result[] = stripslashes($val); + + if (! $transform_options = preg_split('/,/', $option_string)) { + return $result; } + + while (($option = array_shift($transform_options)) !== null) { + $trimmed = trim($option); + if (strlen($trimmed) > 1 + && $trimmed[0] == "'" + && $trimmed[strlen($trimmed) - 1] == "'") { + // '...' + $option = substr($trimmed, 1, -1); + } elseif (isset($trimmed[0]) && $trimmed[0] == "'") { + // '..., + $trimmed = ltrim($option); + while (($option = array_shift($transform_options)) !== null) { + // ..., + $trimmed .= ',' . $option; + $rtrimmed = rtrim($trimmed); + if ($rtrimmed[strlen($rtrimmed) - 1] == "'") { + // ,...' + break; + } + } + $option = substr($rtrimmed, 1, -1); + } + $result[] = stripslashes($option); + } + return $result; } /** * Gets all available MIME-types * - * @return array array[mimetype], array[transformation] - * * @access public - * * @author Garvin Hicking + * @uses opendir() + * @uses readdir() + * @uses closedir() + * @uses sort() + * @uses preg_match() + * @uses explode() + * @uses str_replace() + * @staticvar array mimetypes + * @return array array[mimetype], array[transformation] */ -function PMA_getAvailableMIMEtypes() { - $handle = opendir('./libraries/transformations'); +function PMA_getAvailableMIMEtypes() +{ + static $stack = null; + + if (null !== $stack) { + return $stack; + } $stack = array(); $filestack = array(); - while (($file = readdir($handle)) != false) { - $filestack[$file] = $file; + $handle = opendir('./libraries/transformations'); + + if (! $handle) { + return $stack; + } + + while ($file = readdir($handle)) { + $filestack[] = $file; } closedir($handle); + sort($filestack); - if (is_array($filestack)) { - @ksort($filestack); - foreach ($filestack AS $key => $file) { + foreach ($filestack as $file) { + if (preg_match('|^.*__.*\.inc\.php$|', $file)) { + // File contains transformation functions. + $base = explode('__', str_replace('.inc.php', '', $file)); + $mimetype = str_replace('_', '/', $base[0]); + $stack['mimetype'][$mimetype] = $mimetype; - if (preg_match('|^.*__.*\.inc\.php$|', trim($file))) { - // File contains transformation functions. - $base = explode('__', str_replace('.inc.php', '', $file)); - $mimetype = str_replace('_', '/', $base[0]); + $stack['transformation'][] = $mimetype . ': ' . $base[1]; + $stack['transformation_file'][] = $file; + + } elseif (preg_match('|^.*\.inc\.php$|', $file)) { + // File is a plain mimetype, no functions. + $base = str_replace('.inc.php', '', $file); + + if ($base != 'global') { + $mimetype = str_replace('_', '/', $base); $stack['mimetype'][$mimetype] = $mimetype; - - $stack['transformation'][] = $mimetype . ': ' . $base[1]; - $stack['transformation_file'][] = $file; - - } elseif (preg_match('|^.*\.inc\.php$|', trim($file))) { - // File is a plain mimetype, no functions. - $base = str_replace('.inc.php', '', $file); - - if ($base != 'global') { - $mimetype = str_replace('_', '/', $base); - $stack['mimetype'][$mimetype] = $mimetype; - $stack['empty_mimetype'][$mimetype] = $mimetype; - } + $stack['empty_mimetype'][$mimetype] = $mimetype; } - } } @@ -95,90 +132,103 @@ function PMA_getAvailableMIMEtypes() { /** * Gets the mimetypes for all rows of a table * - * @param string the name of the db to check for - * @param string the name of the table to check for - * @param string whether to include only results having a mimetype set - * - * @return array [field_name][field_key] = field_value - * - * @global array the list of relations settings - * + * @uses $GLOBALS['controllink'] + * @uses PMA_getRelationsParam() + * @uses PMA_backquote() + * @uses PMA_sqlAddslashes() + * @uses PMA_DBI_fetch_result() + * @author Mike Beck + * @author Garvin Hicking * @access public - * - * @author Mike Beck / Garvin Hicking + * @param string $db the name of the db to check for + * @param string $table the name of the table to check for + * @param string $strict whether to include only results having a mimetype set + * @return array [field_name][field_key] = field_value */ -function PMA_getMIME($db, $table, $strict = false) { - global $cfgRelation; +function PMA_getMIME($db, $table, $strict = false) +{ + $cfgRelation = PMA_getRelationsParam(); - $com_qry = 'SELECT column_name, mimetype, transformation, transformation_options FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['column_info']) - . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'' - . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'' - . ' AND (mimetype != \'\'' . (!$strict ? ' OR transformation != \'\' OR transformation_options != \'\'' : '') . ')'; - $com_rs = PMA_query_as_cu($com_qry); + if (! $cfgRelation['commwork']) { + return false; + } - while ($row = @PMA_DBI_fetch_assoc($com_rs)) { - $col = $row['column_name']; - $mime[$col]['mimetype'] = $row['mimetype']; - $mime[$col]['transformation'] = $row['transformation']; - $mime[$col]['transformation_options'] = $row['transformation_options']; - } // end while - PMA_DBI_free_result($com_rs); - unset($com_rs); - - if (isset($mime) && is_array($mime)) { - return $mime; - } else { - return FALSE; - } - } // end of the 'PMA_getMIME()' function + $com_qry = ' + SELECT `column_name`, + `mimetype`, + `transformation`, + `transformation_options` + FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']) . ' + WHERE `db_name` = \'' . PMA_sqlAddslashes($db) . '\' + AND `table_name` = \'' . PMA_sqlAddslashes($table) . '\' + AND ( `mimetype` != \'\'' . (!$strict ? ' + OR `transformation` != \'\' + OR `transformation_options` != \'\'' : '') . ')'; + return PMA_DBI_fetch_result($com_qry, 'column_name', null, $GLOBALS['controllink']); +} // end of the 'PMA_getMIME()' function /** -* Set a single mimetype to a certain value. -* -* @param string the name of the db -* @param string the name of the table -* @param string the name of the column -* @param string the mimetype of the column -* @param string the transformation of the column -* @param string the transformation options of the column -* @param string (optional) force delete, will erase any existing comments for this column -* -* @return boolean true, if comment-query was made. -* -* @global array the list of relations settings -* -* @access public -*/ -function PMA_setMIME($db, $table, $key, $mimetype, $transformation, $transformation_options, $forcedelete = false) { - global $cfgRelation; + * Set a single mimetype to a certain value. + * + * @uses PMA_DBI_QUERY_STORE + * @uses PMA_getRelationsParam() + * @uses PMA_backquote() + * @uses PMA_sqlAddslashes() + * @uses PMA_query_as_cu() + * @uses PMA_DBI_num_rows() + * @uses PMA_DBI_fetch_assoc() + * @uses PMA_DBI_free_result() + * @uses strlen() + * @access public + * @param string $db the name of the db + * @param string $table the name of the table + * @param string $key the name of the column + * @param string $mimetype the mimetype of the column + * @param string $transformation the transformation of the column + * @param string $transformation_options the transformation options of the column + * @param string $forcedelete force delete, will erase any existing comments for this column + * @return boolean true, if comment-query was made. + */ +function PMA_setMIME($db, $table, $key, $mimetype, $transformation, + $transformation_options, $forcedelete = false) +{ + $cfgRelation = PMA_getRelationsParam(); - $test_qry = 'SELECT mimetype, ' . PMA_backquote('comment') . ' FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['column_info']) - . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'' - . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'' - . ' AND column_name = \'' . PMA_sqlAddslashes($key) . '\''; - $test_rs = PMA_query_as_cu($test_qry, TRUE, PMA_DBI_QUERY_STORE); + if (! $cfgRelation['commwork']) { + return false; + } + + $test_qry = ' + SELECT `mimetype`, + `comment` + FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']) . ' + WHERE `db_name` = \'' . PMA_sqlAddslashes($db) . '\' + AND `table_name` = \'' . PMA_sqlAddslashes($table) . '\' + AND `column_name` = \'' . PMA_sqlAddslashes($key) . '\''; + $test_rs = PMA_query_as_cu($test_qry, true, PMA_DBI_QUERY_STORE); if ($test_rs && PMA_DBI_num_rows($test_rs) > 0) { $row = @PMA_DBI_fetch_assoc($test_rs); PMA_DBI_free_result($test_rs); - unset($test_rs); - if (!$forcedelete && (strlen($mimetype) > 0 || strlen($transformation) > 0 || strlen($transformation_options) > 0 || strlen($row['comment']) > 0)) { - $upd_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['column_info']) - . ' SET mimetype = \'' . PMA_sqlAddslashes($mimetype) . '\',' - . ' transformation = \'' . PMA_sqlAddslashes($transformation) . '\',' - . ' transformation_options = \'' . PMA_sqlAddslashes($transformation_options) . '\'' - . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'' - . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'' - . ' AND column_name = \'' . PMA_sqlAddslashes($key) . '\''; + if (! $forcedelete + && (strlen($mimetype) || strlen($transformation) + || strlen($transformation_options) || strlen($row['comment']))) { + $upd_query = ' + UPDATE ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']) . ' + SET `mimetype` = \'' . PMA_sqlAddslashes($mimetype) . '\', + `transformation` = \'' . PMA_sqlAddslashes($transformation) . '\', + `transformation_options` = \'' . PMA_sqlAddslashes($transformation_options) . '\''; } else { - $upd_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['column_info']) - . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'' - . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'' - . ' AND column_name = \'' . PMA_sqlAddslashes($key) . '\''; + $upd_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']); } - } elseif (strlen($mimetype) > 0 || strlen($transformation) > 0 || strlen($transformation_options) > 0) { - $upd_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['column_info']) + $upd_query .= ' + WHERE `db_name` = \'' . PMA_sqlAddslashes($db) . '\' + AND `table_name` = \'' . PMA_sqlAddslashes($table) . '\' + AND `column_name` = \'' . PMA_sqlAddslashes($key) . '\''; + } elseif (strlen($mimetype) || strlen($transformation) + || strlen($transformation_options)) { + $upd_query = 'INSERT INTO ' . PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['column_info']) . ' (db_name, table_name, column_name, mimetype, transformation, transformation_options) ' . ' VALUES(' . '\'' . PMA_sqlAddslashes($db) . '\',' @@ -190,32 +240,35 @@ function PMA_setMIME($db, $table, $key, $mimetype, $transformation, $transformat } if (isset($upd_query)){ - $upd_rs = PMA_query_as_cu($upd_query); - PMA_DBI_free_result($upd_rs); - unset($upd_rs); - return true; + return PMA_query_as_cu($upd_query); } else { return false; } } // end of 'PMA_setMIME()' function /** -* Returns the real filename of a configured transformation -* -* @param string the current filename -* -* @return string the new filename -* -* @access public -*/ -function PMA_sanitizeTransformationFile(&$filename) { - // garvin: for security, never allow to break out from transformations directory - + * Returns the real filename of a configured transformation + * + * in fact: it just replaces old php3 with php extension + * + * garvin: for security, never allow to break out from transformations directory + * + * @uses PMA_securePath() + * @uses preg_replace() + * @uses strlen() + * @uses file_exists() + * @access public + * @param string $filename the current filename + * @return string the new filename + */ +function PMA_sanitizeTransformationFile(&$filename) +{ $include_file = PMA_securePath($filename); // This value can also contain a 'php3' value, in which case we map this filename to our new 'php' variant $testfile = preg_replace('@\.inc\.php3$@', '.inc.php', $include_file); - if ($include_file{strlen($include_file)-1} == '3' && file_exists('./libraries/transformations/' . $testfile)) { + if ($include_file{strlen($include_file)-1} == '3' + && file_exists('./libraries/transformations/' . $testfile)) { $include_file = $testfile; $filename = $testfile; // Corrects the referenced variable for further actions on the filename; }