From ea2db87706f990047e731d5489213fb8d61a0cab Mon Sep 17 00:00:00 2001 From: Robin Johnson Date: Sat, 3 Aug 2002 10:23:04 +0000 Subject: [PATCH] * libraries/sqlvalidator.class.php3: - PHP Class to run SQL Validator * libraries/sqlvalidator.php3: - SQL Validator interface code --- libraries/common.lib.php3 | 46 +++++-- libraries/sqlvalidator.class.php3 | 199 ++++++++++++++++++++++++++++++ libraries/sqlvalidator.php3 | 60 +++++++++ 3 files changed, 298 insertions(+), 7 deletions(-) create mode 100644 libraries/sqlvalidator.class.php3 create mode 100644 libraries/sqlvalidator.php3 diff --git a/libraries/common.lib.php3 b/libraries/common.lib.php3 index 05e85b709..a16f6cb8d 100644 --- a/libraries/common.lib.php3 +++ b/libraries/common.lib.php3 @@ -176,6 +176,11 @@ h1 {font-family: sans-serif; font-size: large; font-weight: bold} include('./libraries/sqlparser.data.php3'); include('./libraries/sqlparser.lib.php3'); + /** + * SQL Validator interface code + */ + include('./libraries/sqlvalidator.php3'); + // If zlib output compression is set in the php configuration file, no // output buffering should be run if (PMA_PHP_INT_VERSION < 40000 @@ -1120,6 +1125,8 @@ if (typeof(document.getElementById) != 'undefined' } if (!empty($GLOBALS['show_as_php'])) { $query_base = '$sql = "' . $query_base; + } else if (!empty($GLOBALS['validatequery'])) { + $query_base = validateSQL($query_base); } else { $parsed_sql = PMA_SQP_parse($query_base); $query_base = PMA_formatSql($parsed_sql); @@ -1135,7 +1142,8 @@ if (typeof(document.getElementById) != 'undefined' $edit_target = ''; } - if (isset($cfg['SQLQuery']['Edit']) && $cfg['SQLQuery']['Edit'] == TRUE) { + if (isset($cfg['SQLQuery']['Edit']) + && $cfg['SQLQuery']['Edit'] == TRUE) { if ($edit_target == 'tbl_properties.php3') { $edit_link = '' . $GLOBALS['strExplain']; } else if (eregi('^EXPLAIN[[:space:]]+SELECT[[:space:]]+', $GLOBALS['sql_query'])) { @@ -1173,7 +1193,8 @@ if (typeof(document.getElementById) != 'undefined' // Also we would like to get the SQL formed in some nice // php-code (Mike Beck 2002-05-22) - if (isset($cfg['SQLQuery']['ShowAsPHP']) && $cfg['SQLQuery']['ShowAsPHP'] == TRUE) { + if (isset($cfg['SQLQuery']['ShowAsPHP']) + && $cfg['SQLQuery']['ShowAsPHP'] == TRUE) { if (!empty($GLOBALS['show_as_php'])) { $php_link = ' +* http://www.orbis-terrarum.net/?l=people.robbat2 +* +* All data is transported over HTTP-SOAP +* And uses the PEAR SOAP Module +* +* Install instructions for PEAR SOAP +* Make sure you have a really recent PHP with PEAR support +* run this: "pear install Mail_Mime Net_DIME SOAP" +* +* +* @access public +* @author Robin Johnson +* @version $Revision$ +*/ + +if (!defined('PMA_SQL_VALIDATOR_CLASS_INCLUDED')) { + define('PMA_SQL_VALIDATOR_CLASS_INCLUDED', 1); + + include("SOAP/Client.php"); + + // Ok, so we have SOAP Support, so let's use it! + + class SQLValidator { + + var $url; + var $serviceName; + var $wsdl; + var $outputType; + + var $username; + var $password; + var $callingProgram; + var $callingProgramVersion; + var $targetDbms; + var $targetDbmsVersion; + var $connectionTechnology; + var $connectionTechnologyVersion; + var $interactive; + + var $serviceLink = NULL; + var $sessionData = NULL; + + function dataInit() + { + $this->url = "http://sqlvalidator.mimer.com/v1/services"; + $this->serviceName = 'SQL99Validator'; + $this->wsdl = '?wsdl'; + $this->outputType = 'html'; + + $this->username = 'anonymous'; + $this->password = ''; + $this->callingProgram = 'PHP_SQLValidator'; + $this->callingProgramVersion = '$Revision$'; + $this->targetDbms = 'N/A'; + $this->targetDbmsVersion = 'N/A'; + $this->connectionTechnology = 'PHP'; + $this->connectionTechnologyVersion = phpversion(); + $this->interactive = 1; + + $this->serviceLink = NULL; + $this->sessionData = NULL; + } + + function SQLValidator() + { + $this->dataInit(); + } + + function setCredentials($username,$password) + { + $this->username = $username; + $this->password = $password; + } + + function setCallingProgram($callingProgram,$callingProgramVersion) + { + $this->callingProgram = $callingProgram; + $this->callingProgramVersion = $callingProgramVersion; + } + + function appendCallingProgram($callingProgram,$callingProgramVersion) + { + $this->callingProgram .= ' - ' . $callingProgram; + $this->callingProgramVersion .= ' - ' . $callingProgramVersion; + } + + function setTargetDbms($targetDbms,$targetDbmsVersion) + { + $this->targetDbms = $targetDbms; + $this->targetDbmsVersion = $targetDbmsVersion; + } + + function appendTargetDbms($targetDbms,$targetDbmsVersion) + { + $this->targetDbms .= ' - ' . $targetDbms; + $this->targetDbmsVersion .= ' - ' . $targetDbmsVersion; + } + + function setConnectionTechnology($connectionTechnology,$connectionTechnologyVersion) + { + $this->connectionTechnology = $connectionTechnology; + $this->connectionTechnologyVersion = $connectionTechnologyVersion; + } + + function appendConnectionTechnology($connectionTechnology,$connectionTechnologyVersion) + { + $this->connectionTechnology .= ' - ' . $connectionTechnology; + $this->connectionTechnologyVersion .= ' - ' . $connectionTechnologyVersion; + } + + function setInteractive($interactive) + { + $this->interactive = $interactive; + } + + function start() + { + $this->startService(); + $this->startSession(); + } + + function startService() + { + $this->serviceLink = $this->_openService($this->url.'/'.$this->serviceName.$this->wsdl); + } + + function startSession() + { + $this->sessionData = $this->_openSession($this->serviceLink, $this->username, $this->password, $this->callingProgram, $this->callingProgramVersion, $this->targetDbms, $this->targetDbmsVersion, $this->connectionTechnology, $this->connectionTechnologyVersion, $this->interactive); + + if( isset($this->sessionData) && + ($this->sessionData != NULL) && + ($this->sessionData->target != $this->url)) + { + // Reopen the service on the new URL that was provided + $url = $this->sessionData->target; + $this->startService(); + } + } + + + function isValid($sql) + { + $res = $this->_validate($sql); + return $res->standard; + } + + function ValidationString($sql) + { + $res = $this->_validate($sql); + return $res->data; + } + + /* Private functions beyond here + * + */ + function _openService($url) + { + $obj = new SOAP_Client($url,TRUE); + return $obj; + } + + function _openSession($obj, $username, $password, $callingProgram, $callingProgramVersion, $targetDbms, $targetDbmsVersion, $connectionTechnology, $connectionTechnologyVersion, $interactive) + { + + $ret = $obj->openSession($username, $password, $callingProgram, $callingProgramVersion, $targetDbms, $targetDbmsVersion, $connectionTechnology, $connectionTechnologyVersion, $interactive); + + return $ret; + } + + /** + * Standard calling method + * + * @param sql SQL statement to validate + * @return Raw string from Mimer + */ + function _validateSQL($obj,$session,$sql,$method) + { + $res = $obj->validateSQL($session->sessionId, $session->sessionKey, $sql, $this->outputType); + return $res; + } + + function _validate($sql) + { + $ret = $this->_validateSQL($this->serviceLink, $this->sessionData, $sql, $this->outputType); + return $ret; + } + } + +} // $__PMA_SQL_VALIDATOR_CLASS__ + +?> diff --git a/libraries/sqlvalidator.php3 b/libraries/sqlvalidator.php3 new file mode 100644 index 000000000..337861793 --- /dev/null +++ b/libraries/sqlvalidator.php3 @@ -0,0 +1,60 @@ + + * http://www.orbis-terrarum.net/?l=people.robbat2 + * + * This function uses the Mimer SQL Validator service + * from phpMyAdmin + * + * All data is transported over HTTP-SOAP + * And uses the PEAR SOAP Module + * + * Install instructions for PEAR SOAP + * Make sure you have a really recent PHP with PEAR support + * run this: "pear install Mail_Mime Net_DIME SOAP" + * + * Enable the SQL Validator options in the configuration file + * $cfg['SQLQuery']['Validate'] = TRUE; + * $cfg['SQLValidator']['use'] = FALSE; + * + * Also set a username and password if you have a private one + */ + +if (!defined('PMA_SQL_VALIDATOR_INCLUDED')) { + define('PMA_SQL_VALIDATOR_INCLUDED', 1); + + // We need the PEAR libraries, so do a minimum version check first + // I'm not sure if PEAR was available before this point + // For now we actually use a configuration flag + if ($cfg['SQLValidator']['use'] == TRUE) { + include_once('sqlvalidator.class.php3'); + + function validateSQL($sql) + { + global $cfg; + $srv = new SQLValidator(); + if($cfg['SQLValidator']['username'] != '') { + $srv->setCredentials($cfg['SQLValidator']['username'], $cfg['SQLValidator']['password']); + } + $srv->appendCallingProgram('phpMyAdmin',PMA_VERSION); + $srv->setTargetDbms('MySQL',PMA_MYSQL_STR_VERSION); + $srv->start(); + $str = $srv->ValidationString($sql); + if($cfg['SQLValidator']['DisplayCopyright'] != TRUE) { + $match = "reserved.
\n
"; + $pos = strpos($str,$match); + $pos += strlen($match); + $str = substr($str,$pos); + } + return $str; + + } // function validateSQL($sql) + + } // if ($cfg['SQLValidator']['use'] == TRUE) + +} //$__PMA_SQL_VALIDATOR__ + +?>