nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

documentation;

Browse Source 
better variable checking/sanitizing;
reflect changes in relation code and PMA_getTab();
dropped form based sql history (now done with session in relation code);
display db and/or table in history view only if applicable;
limit display length of sql in history;
This commit is contained in:
Sebastian Mendel
2007-03-22 16:34:50 +00:00
parent 43882c2968
commit e8f3519a39
1 changed files with 210 additions and 227 deletions
Download Patch File Download Diff File Expand all files Collapse all files

437
querywindow.php
View File

@@ -1,7 +1,44 @@
<?php <?php
/* vim: set expandtab sw=4 ts=4 sts=4: */ /* vim: set expandtab sw=4 ts=4 sts=4: */
/** /**
* this file is register_globals save
*
* @todo move JavaScript out of here into .js files * @todo move JavaScript out of here into .js files
* @uses $cfg['QueryWindowDefTab']
* @uses $cfg['PropertiesIconic']
* @uses $cfg['QueryHistoryDB']
* @uses $cfg['Server']['user']
* @uses $cfg['AllowUserDropDatabase']
* @uses $cfg['Confirm']
* @uses $GLOBALS['db']
* @uses $GLOBALS['table']
* @uses $GLOBALS['strSQL']
* @uses $GLOBALS['strImportFiles']
* @uses $GLOBALS['strQuerySQLHistory']
* @uses $GLOBALS['strAll']
* @uses $GLOBALS['strChange']
* @uses $GLOBALS['strFormEmpty']
* @uses $GLOBALS['strNotNumber']
* @uses $GLOBALS['strNoDropDatabases']
* @uses $GLOBALS['strDoYouReally']
* @uses $GLOBALS['strQuerySQLHistory']
* @uses PMA_isSuperuser()
* @uses PMA_outBufferPre()
* @uses PMA_getRelationsParam()
* @uses PMA_isValid()
* @uses PMA_ifSetOr()
* @uses PMA_setHistory()
* @uses PMA_getHistory()
* @uses PMA_generate_common_url()
* @uses PMA_generate_common_hidden_inputs()
* @uses PMA_escapeJsString()
* @uses PMA_getTabs()
* @uses PMA_sqlQueryForm()
* @uses PMA_jsFormat()
* @uses in_array()
* @uses strlen()
* @uses preg_replace()
* @uses htmlspecialchars()
* @version $Id$ * @version $Id$
*/ */
@@ -12,72 +49,155 @@ require_once './libraries/common.inc.php';
$is_superuser = PMA_isSuperuser(); $is_superuser = PMA_isSuperuser();
/**
* Gets the variables sent to this script, retains the db name that may have
* been defined as startup option and include a core library
*/
if (isset($db) && strlen($db)) {
$db_start = $db;
}
/** /**
* Gets a core script and starts output buffering work * Gets a core script and starts output buffering work
*/ */
require_once './libraries/sql_query_form.lib.php'; require_once './libraries/sql_query_form.lib.php';
require_once './libraries/ob.lib.php';
if ($GLOBALS['cfg']['OBGzip']) {
$ob_mode = PMA_outBufferModeGet();
if ($ob_mode) {
PMA_outBufferPre($ob_mode);
}
}
/**
* starts output buffering if requested and supported
*/
require_once './libraries/ob.lib.php';
PMA_outBufferPre();
/**
* load relations
*/
require_once './libraries/relation.lib.php'; require_once './libraries/relation.lib.php';
$cfgRelation = PMA_getRelationsParam(); $cfgRelation = PMA_getRelationsParam();
/**
* load bookmark support
*/
require_once './libraries/bookmark.lib.php';
// initialize some variables $querydisplay_tabs = array(
$_sql_history = array(); 'sql',
$_input_query_history = array(); 'files',
'history',
'full',
);
// garvin: For re-usability, moved http-headers and stylesheets if (isset($_REQUEST['querydisplay_tab'])
// to a seperate file. It can now be included by libraries/header.inc.php, && in_array($_REQUEST['querydisplay_tab'], $querydisplay_tabs)) {
// querywindow.php. $querydisplay_tab = $_REQUEST['querydisplay_tab'];
} else {
$querydisplay_tab = $GLOBALS['cfg']['QueryWindowDefTab'];
}
/**
* $_REQUEST['no_js'] is set if open new window by JavaScript failed
* so this page is loaded in main frame
*/
$no_js = PMA_ifSetOr($_REQUEST['no_js'], false);
if ($no_js) {
$querydisplay_tab = 'full';
$tabs = false;
} else {
$tabs = array();
$tabs['sql']['icon'] = 'b_sql.png';
$tabs['sql']['text'] = $GLOBALS['strSQL'];
$tabs['sql']['fragment'] = '#';
$tabs['sql']['attr'] = 'onclick="javascript:PMA_querywindowCommit(\'sql\');return false;"';
$tabs['sql']['active'] = (bool) ($querydisplay_tab == 'sql');
$tabs['import']['icon'] = 'b_import.png';
$tabs['import']['text'] = $GLOBALS['strImportFiles'];
$tabs['import']['fragment'] = '#';
$tabs['import']['attr'] = 'onclick="javascript:PMA_querywindowCommit(\'files\');return false;"';
$tabs['import']['active'] = (bool) ($querydisplay_tab == 'files');
$tabs['history']['icon'] = 'b_bookmark.png';
$tabs['history']['text'] = $GLOBALS['strQuerySQLHistory'];
$tabs['history']['fragment'] = '#';
$tabs['history']['attr'] = 'onclick="javascript:PMA_querywindowCommit(\'history\');return false;"';
$tabs['history']['active'] = (bool) ($querydisplay_tab == 'history');
if ($GLOBALS['cfg']['QueryWindowDefTab'] == 'full') {
$tabs['all']['text'] = $GLOBALS['strAll'];
$tabs['all']['fragment'] = '#';
$tabs['all']['attr'] = 'onclick="javascript:PMA_querywindowCommit(\'full\');return false;"';
$tabs['all']['active'] = (bool) ($querydisplay_tab == 'full');
}
}
if ($GLOBALS['cfg']['PropertiesIconic']) {
$titles['Change'] =
'<img class="icon" width="16" height="16" src="' . $pmaThemeImage
. 'b_edit.png" alt="' . $GLOBALS['strChange'] . '" title="' . $GLOBALS['strChange']
. '" />';
if ('both' === $GLOBALS['cfg']['PropertiesIconic']) {
$titles['Change'] .= $GLOBALS['strChange'];
}
} else {
$titles['Change'] = $GLOBALS['strChange'];
}
// Hidden forms and query frame interaction stuff
if (PMA_isValid($_REQUEST['query_history_latest'])) {
$sql_query = $_REQUEST['query_history_latest'];
$db = PMA_ifSetOr($_REQUEST['query_history_latest_db'], '');
$table = PMA_ifSetOr($_REQUEST['query_history_latest_table'], '');
}
$url_query = PMA_generate_common_url($db, $table);
if (PMA_isValid($sql_query)) {
$show_query = 1;
}
if ($no_js) {
// ... we redirect to appropriate query sql page
// works only full if $db and $table is also stored/grabbed from $_COOKIE
if (strlen($table)) {
require './tbl_sql.php';
} elseif (strlen($db)) {
require './db_sql.php';
} else {
require './server_sql.php';
}
exit;
}
/**
* Defines the query to be displayed in the query textarea
*/
if (! empty($show_query)) {
$query_to_display = $sql_query;
} else {
$query_to_display = '';
}
unset($sql_query);
/**
* start HTML output
*/
require_once './libraries/header_http.inc.php'; require_once './libraries/header_http.inc.php';
require_once './libraries/header_meta_style.inc.php'; require_once './libraries/header_meta_style.inc.php';
?> ?>
<script type="text/javascript" language="javascript"> <script type="text/javascript">
//<![CDATA[ //<![CDATA[
function query_auto_commit() { var errorMsg0 = '<?php echo PMA_escapeJsString($GLOBALS['strFormEmpty']); ?>';
var errorMsg1 = '<?php echo PMA_escapeJsString($GLOBALS['strNotNumber']); ?>';
var noDropDbMsg = '<?php echo (!$is_superuser && !$GLOBALS['cfg']['AllowUserDropDatabase'])
? PMA_escapeJsString($GLOBALS['strNoDropDatabases']) : ''; ?>';
var confirmMsg = '<?php echo $GLOBALS['cfg']['Confirm']
? PMA_escapeJsString($GLOBALS['strDoYouReally']) : ''; ?>';
function PMA_queryAutoCommit() {
document.getElementById('sqlqueryform').target = window.opener.frame_content.name; document.getElementById('sqlqueryform').target = window.opener.frame_content.name;
document.getElementById('sqlqueryform').submit(); document.getElementById('sqlqueryform').submit();
return; return;
} }
function query_tab_commit(tab) { function PMA_querywindowCommit(tab) {
document.getElementById('hiddenqueryform').querydisplay_tab.value = tab; document.getElementById('hiddenqueryform').querydisplay_tab.value = tab;
document.getElementById('hiddenqueryform').submit(); document.getElementById('hiddenqueryform').submit();
return false; return false;
} }
// js form validation stuff function PMA_querywindowResize() {
/**/
var errorMsg0 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strFormEmpty']); ?>';
var errorMsg1 = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strNotNumber']); ?>';
var noDropDbMsg = '<?php echo (!$is_superuser && !$GLOBALS['cfg']['AllowUserDropDatabase'])
? str_replace('\'', '\\\'', $GLOBALS['strNoDropDatabases']) : ''; ?>';
var confirmMsg = '<?php echo $GLOBALS['cfg']['Confirm']
? str_replace('\'', '\\\'', $GLOBALS['strDoYouReally']) : ''; ?>';
/**/
<?php
if (empty($querydisplay_tab)) {
$onload = 'onload="resize();"';
?>
function resize() {
// for Gecko // for Gecko
if (typeof(self.sizeToContent) == 'function') { if (typeof(self.sizeToContent) == 'function') {
self.sizeToContent(); self.sizeToContent();
@@ -99,178 +219,44 @@ function resize() {
self.resizeTo(newWidth + 45, newHeight + 75); self.resizeTo(newWidth + 45, newHeight + 75);
} }
} }
function PMA_querywindowInit()
{
<?php <?php
} else { if (PMA_isValid($_REQUEST['auto_commit'], 'identical', 'true')) {
$onload = ''; echo 'PMA_queryAutoCommit();' . "\n";
}
if (PMA_isValid($_REQUEST['init'])) {
echo 'PMA_querywindowResize();' . "\n";
} }
?> ?>
}
//]]> //]]>
</script> </script>
<script src="./js/functions.js" type="text/javascript" language="javascript"></script> <script src="./js/functions.js" type="text/javascript"></script>
</head> </head>
<body id="bodyquerywindow" <?php echo $onload; ?> > <body id="bodyquerywindow" onload="PMA_querywindowInit();">
<div id="querywindowcontainer"> <div id="querywindowcontainer">
<?php <?php
if (!isset($no_js)) {
$querydisplay_tab = (isset($querydisplay_tab) ? $querydisplay_tab : $GLOBALS['cfg']['QueryWindowDefTab']);
$tabs = array();
$tabs['sql']['icon'] = 'b_sql.png';
$tabs['sql']['text'] = $strSQL;
$tabs['sql']['link'] = '#';
$tabs['sql']['attr'] = 'onclick="javascript:query_tab_commit(\'sql\');return false;"';
$tabs['sql']['active'] = (bool) ($querydisplay_tab == 'sql');
$tabs['import']['icon'] = 'b_import.png';
$tabs['import']['text'] = $strImportFiles;
$tabs['import']['link'] = '#';
$tabs['import']['attr'] = 'onclick="javascript:query_tab_commit(\'files\');return false;"';
$tabs['import']['active'] = (bool) ($querydisplay_tab == 'files');
$tabs['history']['icon'] = 'b_bookmark.png';
$tabs['history']['text'] = $strQuerySQLHistory;
$tabs['history']['link'] = '#';
$tabs['history']['attr'] = 'onclick="javascript:query_tab_commit(\'history\');return false;"';
$tabs['history']['active'] = (bool) ($querydisplay_tab == 'history');
if ($GLOBALS['cfg']['QueryWindowDefTab'] == 'full') {
$tabs['all']['text'] = $strAll;
$tabs['all']['link'] = '#';
$tabs['all']['attr'] = 'onclick="javascript:query_tab_commit(\'full\');return false;"';
$tabs['all']['active'] = (bool) ($querydisplay_tab == 'full');
}
if ($tabs) {
echo PMA_getTabs($tabs); echo PMA_getTabs($tabs);
unset($tabs); unset($tabs);
} else {
$querydisplay_tab = 'full';
} }
if (true == $GLOBALS['cfg']['PropertiesIconic']) {
$titles['Change'] =
'<img class="icon" width="16" height="16" src="' . $pmaThemeImage
. 'b_edit.png" alt="' . $strChange . '" title="' . $strChange
. '" />';
if ('both' === $GLOBALS['cfg']['PropertiesIconic']) {
$titles['Change'] .= $strChange;
}
} else {
$titles['Change'] = $strChange;
}
// Hidden forms and query frame interaction stuff
if (! empty($query_history_latest) && ! empty($query_history_latest_db)) {
if ($GLOBALS['cfg']['QueryHistoryDB'] && $cfgRelation['historywork']) {
PMA_setHistory((isset($query_history_latest_db) ? $query_history_latest_db : ''),
(isset($query_history_latest_table) ? $query_history_latest_table : ''),
$GLOBALS['cfg']['Server']['user'],
$query_history_latest);
}
$_input_query_history[$query_history_latest] = array(
'db' => $query_history_latest_db,
'table' => isset($query_history_latest_table) ? $query_history_latest_table : '',
);
$_sql_history[$query_history_latest] = array(
'db' => $query_history_latest_db,
'table' => isset($query_history_latest_table) ? $query_history_latest_table : '',
);
$sql_query = $query_history_latest;
$db = $query_history_latest_db;
$table = $query_history_latest_table;
} elseif (! empty($query_history_latest)) {
$sql_query = $query_history_latest;
}
if (isset($sql_query)) {
$show_query = 1;
}
if ($GLOBALS['cfg']['QueryHistoryDB'] && $cfgRelation['historywork']) {
$temp_history = PMA_getHistory($GLOBALS['cfg']['Server']['user']);
if (is_array($temp_history) && count($temp_history) > 0) {
foreach ($temp_history AS $history_nr => $history_array) {
if (! isset($_sql_history[$history_array['sqlquery']])) {
$_sql_history[$history_array['sqlquery']] = array(
'db' => $history_array['db'],
'table' => isset($history_array['table']) ? $history_array['table'] : '',
);
}
}
}
} else {
if (isset($query_history) && is_array($query_history)) {
$current_index = count($query_history);
foreach ($query_history AS $query_no => $query_sql) {
if (! isset($_input_query_history[$query_sql])) {
$_input_query_history[$query_sql] = array(
'db' => $query_history_db[$query_no],
'table' => isset($query_history_table[$query_no]) ? $query_history_table[$query_no] : '',
);
$_sql_history[$query_sql] = array(
'db' => $query_history_db[$query_no],
'table' => isset($query_history_table[$query_no]) ? $query_history_table[$query_no] : '',
);
} // end if check if this item exists
} // end while print history
} // end if history exists
} // end if DB-based history
$url_query = PMA_generate_common_url(isset($db) ? $db : '', isset($table) ? $table : '');
if (!isset($goto)) {
$goto = '';
}
require_once './libraries/bookmark.lib.php';
if (isset($no_js) && $no_js) {
// ... we redirect to appropriate query sql page
// works only full if $db and $table is also stored/grabbed from $_COOKIE
if (isset($table) && strlen($table)) {
require './tbl_sql.php';
} elseif (isset($db) && strlen($db)) {
require './db_sql.php';
} else {
require './server_sql.php';
}
exit;
}
/**
* Defines the query to be displayed in the query textarea
*/
if (! empty($show_query)) {
$query_to_display = $sql_query;
} else {
$query_to_display = '';
}
unset($sql_query);
PMA_sqlQueryForm($query_to_display, $querydisplay_tab); PMA_sqlQueryForm($query_to_display, $querydisplay_tab);
// Hidden forms and query frame interaction stuff // Hidden forms and query frame interaction stuff
if (isset($auto_commit) && $auto_commit == 'true') {
?>
<script type="text/javascript" language="javascript">
//<![CDATA[
query_auto_commit();
//]]>
</script>
<?php
}
if (count($_sql_history) > 0 $_sql_history = PMA_getHistory($GLOBALS['cfg']['Server']['user']);
&& ($querydisplay_tab == 'history' || $querydisplay_tab == 'full')) { if (! empty($_sql_history)
$tab = isset($querydisplay_tab) && $querydisplay_tab != 'full' ? 'sql' : 'full'; && ($querydisplay_tab == 'history' || $querydisplay_tab == 'full')) {
echo $strQuerySQLHistory . ':<br />' . "\n" $tab = $querydisplay_tab != 'full' ? 'sql' : 'full';
echo $GLOBALS['strQuerySQLHistory'] . ':<br />' . "\n"
.'<ul>'; .'<ul>';
foreach ($_sql_history as $sql => $query) { foreach ($_sql_history as $query) {
echo '<li>' . "\n"; echo '<li>' . "\n";
// edit link // edit link
echo '<a href="#" onclick="' echo '<a href="#" onclick="'
@@ -279,7 +265,7 @@ if (count($_sql_history) > 0
.' document.getElementById(\'hiddenqueryform\').' .' document.getElementById(\'hiddenqueryform\').'
.'query_history_latest.value = \'' .'query_history_latest.value = \''
. preg_replace('/(\r|\n)+/i', '\\n', . preg_replace('/(\r|\n)+/i', '\\n',
PMA_jsFormat($sql, false)) . '\';' PMA_jsFormat($query['sqlquery'], false)) . '\';'
.' document.getElementById(\'hiddenqueryform\').' .' document.getElementById(\'hiddenqueryform\').'
.'auto_commit.value = \'false\';' .'auto_commit.value = \'false\';'
.' document.getElementById(\'hiddenqueryform\').' .' document.getElementById(\'hiddenqueryform\').'
@@ -294,14 +280,14 @@ if (count($_sql_history) > 0
. htmlspecialchars($query['table']) . '\';' . htmlspecialchars($query['table']) . '\';'
.' document.getElementById(\'hiddenqueryform\').submit();' .' document.getElementById(\'hiddenqueryform\').submit();'
.' return false;">' . $titles['Change'] . '</a>'; .' return false;">' . $titles['Change'] . '</a>';
// execute link // execute link
echo '<a href="#" onclick="' echo '<a href="#" onclick="'
.' document.getElementById(\'hiddenqueryform\').' .' document.getElementById(\'hiddenqueryform\').'
.'querydisplay_tab.value = \'' . $tab . '\';' .'querydisplay_tab.value = \'' . $tab . '\';'
.' document.getElementById(\'hiddenqueryform\').' .' document.getElementById(\'hiddenqueryform\').'
.'query_history_latest.value = \'' .'query_history_latest.value = \''
. preg_replace('/(\r|\n)+/i', '\\r\\n', . preg_replace('/(\r|\n)+/i', '\\r\\n',
PMA_jsFormat($sql, false)) . '\';' PMA_jsFormat($query['sqlquery'], false)) . '\';'
.' document.getElementById(\'hiddenqueryform\').' .' document.getElementById(\'hiddenqueryform\').'
.'auto_commit.value = \'true\';' .'auto_commit.value = \'true\';'
.' document.getElementById(\'hiddenqueryform\').' .' document.getElementById(\'hiddenqueryform\').'
@@ -315,63 +301,60 @@ if (count($_sql_history) > 0
.'query_history_latest_table.value = \'' .'query_history_latest_table.value = \''
. htmlspecialchars($query['table']) . '\';' . htmlspecialchars($query['table']) . '\';'
.' document.getElementById(\'hiddenqueryform\').submit();' .' document.getElementById(\'hiddenqueryform\').submit();'
.' return false;">[' . htmlspecialchars($query['db']) . '] ' .' return false;">';
. htmlspecialchars($sql) . '</a>' . "\n"; if (! empty($query['db'])) {
echo '[';
echo htmlspecialchars(PMA_backquote($query['db']));
if (! empty($query['table'])) {
echo '.' . htmlspecialchars(PMA_backquote($query['table']));
}
echo '] ';
}
if (strlen($query['sqlquery']) > 120) {
echo '<span title="' . htmlspecialchars($query['sqlquery']) . '">';
echo htmlspecialchars(substr($query['sqlquery'], 0, 50)) . ' [...] ';
echo htmlspecialchars(substr($query['sqlquery'], -50));
echo '</span>';
} else {
echo htmlspecialchars($query['sqlquery']);
}
echo '</a>' . "\n";
echo '</li>' . "\n"; echo '</li>' . "\n";
} }
unset($tab, $_sql_history, $sql, $query); unset($tab, $_sql_history, $query);
echo '</ul>' . "\n"; echo '</ul>' . "\n";
} }
?> ?>
<form action="querywindow.php" method="post" name="querywindow" id="hiddenqueryform"> <form action="querywindow.php" method="post" name="hiddenqueryform"
<?php id="hiddenqueryform">
echo PMA_generate_common_hidden_inputs('', '') . "\n"; <?php echo PMA_generate_common_hidden_inputs('', ''); ?>
foreach ($_input_query_history as $sql => $history) { <input type="hidden" name="db" value="<?php echo htmlspecialchars($db); ?>" />
echo '<input type="hidden" name="query_history[]" value="' <input type="hidden" name="table" value="<?php echo htmlspecialchars($table); ?>" />
. $sql . '" />' . "\n";
echo '<input type="hidden" name="query_history_db[]" value="'
. htmlspecialchars($history['db']) . '" />' . "\n";
echo '<input type="hidden" name="query_history_table[]" value="'
. htmlspecialchars($history['table']) . '" />' . "\n";
}
unset($_input_query_history, $sql, $history);
?>
<input type="hidden" name="db" value="<?php echo (! isset($db) ? '' : htmlspecialchars($db)); ?>" />
<input type="hidden" name="table" value="<?php echo (! isset($table) ? '' : htmlspecialchars($table)); ?>" />
<input type="hidden" name="query_history_latest" value="" /> <input type="hidden" name="query_history_latest" value="" />
<input type="hidden" name="query_history_latest_db" value="" /> <input type="hidden" name="query_history_latest_db" value="" />
<input type="hidden" name="query_history_latest_table" value="" /> <input type="hidden" name="query_history_latest_table" value="" />
<input type="hidden" name="previous_db" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="auto_commit" value="false" /> <input type="hidden" name="auto_commit" value="false" />
<input type="hidden" name="querydisplay_tab" value="<?php echo $querydisplay_tab; ?>" /> <input type="hidden" name="querydisplay_tab" value="<?php echo $querydisplay_tab; ?>" />
</form> </form>
<?php
?>
</div> </div>
</body> </body>
</html> </html>
<?php <?php
/** /**
* Close MySql connections * Close MySql connections
*/ */
if (isset($controllink) && $controllink) { if (! empty($controllink)) {
PMA_DBI_close($controllink); PMA_DBI_close($controllink);
} }
if (isset($userlink) && $userlink) { if (! empty($userlink)) {
PMA_DBI_close($userlink); PMA_DBI_close($userlink);
} }
/** /**
* Sends bufferized data * Sends bufferized data
*/ */
if ($GLOBALS['cfg']['OBGzip'] && isset($ob_mode) && $ob_mode) { PMA_outBufferPost();
PMA_outBufferPost($ob_mode);
}
?> ?>