nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first example for deglobalization: goto

Browse Source
This commit is contained in:
Marc Delisle
2005-12-11 13:49:00 +00:00
parent ee3825013d
commit f6d24d59c9
1 changed files with 32 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
sql.php
View File

@@ -14,23 +14,23 @@ require_once('./libraries/bookmark.lib.php');
* Defines the url to return to in case of error in a sql statement * Defines the url to return to in case of error in a sql statement
*/ */
// Security checkings // Security checkings
if (!empty($goto)) { if (!empty($_REQUEST['goto'])) {
$is_gotofile = preg_replace('@^([^?]+).*$@s', '\\1', $goto); $is_gotofile = preg_replace('@^([^?]+).*$@s', '\\1', $_REQUEST['goto']);
if (!@file_exists('./' . $is_gotofile)) { if (!@file_exists('./' . $is_gotofile)) {
unset($goto); unset($_REQUEST['goto']);
} else { } else {
$is_gotofile = ($is_gotofile == $goto); $is_gotofile = ($is_gotofile == $_REQUEST['goto']);
} }
} // end if (security checkings) } // end if (security checkings)
if (empty($goto)) { if (empty($_REQUEST['goto'])) {
$goto = (empty($table)) ? $cfg['DefaultTabDatabase'] : $cfg['DefaultTabTable']; $_REQUEST['goto'] = (empty($table)) ? $cfg['DefaultTabDatabase'] : $cfg['DefaultTabTable'];
$is_gotofile = TRUE; $is_gotofile = TRUE;
} // end if } // end if
if (!isset($err_url)) { if (!isset($err_url)) {
$err_url = (!empty($back) ? $back : $goto) $err_url = (!empty($back) ? $back : $_REQUEST['goto'])
. '?' . PMA_generate_common_url(isset($db) ? $db : '') . '?' . PMA_generate_common_url(isset($db) ? $db : '')
. ((strpos(' ' . $goto, 'db_details') != 1 && isset($table)) ? '&table=' . urlencode($table) : ''); . ((strpos(' ' . $_REQUEST['goto'], 'db_details') != 1 && isset($table)) ? '&table=' . urlencode($table) : '');
} // end if } // end if
// Coming from a bookmark dialog // Coming from a bookmark dialog
@@ -97,7 +97,7 @@ elseif (!isset($pos)) {
*/ */
if (isset($store_bkm)) { if (isset($store_bkm)) {
PMA_addBookmarks($fields, $cfg['Bookmark'], (isset($bkm_all_users) && $bkm_all_users == 'true' ? true : false)); PMA_addBookmarks($fields, $cfg['Bookmark'], (isset($bkm_all_users) && $bkm_all_users == 'true' ? true : false));
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $goto); PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $_REQUEST['goto']);
} // end if } // end if
@@ -172,9 +172,9 @@ if ($is_select) {
/** /**
* Sets or modifies the $goto variable if required * Sets or modifies the $goto variable if required
*/ */
if ($goto == 'sql.php') { if ($_REQUEST['goto'] == 'sql.php') {
$is_gotofile = FALSE; $is_gotofile = FALSE;
$goto = 'sql.php?' $_REQUEST['goto'] = 'sql.php?'
. PMA_generate_common_url($db, $table) . PMA_generate_common_url($db, $table)
. '&pos=' . $pos . '&pos=' . $pos
. '&sql_query=' . urlencode($sql_query); . '&sql_query=' . urlencode($sql_query);
@@ -186,16 +186,16 @@ if ($goto == 'sql.php') {
*/ */
if (isset($btnDrop) && $btnDrop == $strNo) { if (isset($btnDrop) && $btnDrop == $strNo) {
if (!empty($back)) { if (!empty($back)) {
$goto = $back; $_REQUEST['goto'] = $back;
} }
if ($is_gotofile) { if ($is_gotofile) {
if (strpos(' ' . $goto, 'db_details') == 1 && !empty($table)) { if (strpos(' ' . $_REQUEST['goto'], 'db_details') == 1 && !empty($table)) {
unset($table); unset($table);
} }
$active_page = $goto; $active_page = $_REQUEST['goto'];
require('./' . PMA_securePath($goto)); require('./' . PMA_securePath($_REQUEST['goto']));
} else { } else {
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . str_replace('&', '&', $goto)); PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . str_replace('&', '&', $_REQUEST['goto']));
} }
exit(); exit();
} // end if } // end if
@@ -236,7 +236,7 @@ if ( $do_confirm ) {
?> ?>
<input type="hidden" name="sql_query" value="<?php echo urlencode($sql_query); ?>" /> <input type="hidden" name="sql_query" value="<?php echo urlencode($sql_query); ?>" />
<input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? PMA_sanitize($zero_rows) : ''; ?>" /> <input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? PMA_sanitize($zero_rows) : ''; ?>" />
<input type="hidden" name="goto" value="<?php echo $goto; ?>" /> <input type="hidden" name="goto" value="<?php echo $_REQUEST['goto']; ?>" />
<input type="hidden" name="back" value="<?php echo isset($back) ? PMA_sanitize($back) : ''; ?>" /> <input type="hidden" name="back" value="<?php echo isset($back) ? PMA_sanitize($back) : ''; ?>" />
<input type="hidden" name="reload" value="<?php echo isset($reload) ? PMA_sanitize($reload) : 0; ?>" /> <input type="hidden" name="reload" value="<?php echo isset($reload) ? PMA_sanitize($reload) : 0; ?>" />
<input type="hidden" name="purge" value="<?php echo isset($purge) ? PMA_sanitize($purge) : ''; ?>" /> <input type="hidden" name="purge" value="<?php echo isset($purge) ? PMA_sanitize($purge) : ''; ?>" />
@@ -631,7 +631,7 @@ else {
$message .= ' ' . (isset($GLOBALS['querytime']) ? '(' . sprintf($strQueryTime, $GLOBALS['querytime']) . ')' : ''); $message .= ' ' . (isset($GLOBALS['querytime']) ? '(' . sprintf($strQueryTime, $GLOBALS['querytime']) . ')' : '');
if ($is_gotofile) { if ($is_gotofile) {
$goto = PMA_securePath($goto); $_REQUEST['goto'] = PMA_securePath($_REQUEST['goto']);
// Checks for a valid target script // Checks for a valid target script
if (isset($table) && $table == '') { if (isset($table) && $table == '') {
unset($table); unset($table);
@@ -640,45 +640,45 @@ else {
unset($db); unset($db);
} }
$is_db = $is_table = FALSE; $is_db = $is_table = FALSE;
if (strpos(' ' . $goto, 'tbl_properties') == 1) { if (strpos(' ' . $_REQUEST['goto'], 'tbl_properties') == 1) {
if (!isset($table)) { if (!isset($table)) {
$goto = 'db_details.php'; $_REQUEST['goto'] = 'db_details.php';
} else { } else {
$is_table = @PMA_DBI_query('SHOW TABLES LIKE \'' . PMA_sqlAddslashes($table, TRUE) . '\';', NULL, PMA_DBI_QUERY_STORE); $is_table = @PMA_DBI_query('SHOW TABLES LIKE \'' . PMA_sqlAddslashes($table, TRUE) . '\';', NULL, PMA_DBI_QUERY_STORE);
if (!($is_table && @PMA_DBI_num_rows($is_table))) { if (!($is_table && @PMA_DBI_num_rows($is_table))) {
$goto = 'db_details.php'; $_REQUEST['goto'] = 'db_details.php';
unset($table); unset($table);
} }
@PMA_DBI_free_result($is_table); @PMA_DBI_free_result($is_table);
} // end if... else... } // end if... else...
} }
if (strpos(' ' . $goto, 'db_details') == 1) { if (strpos(' ' . $_REQUEST['goto'], 'db_details') == 1) {
if (isset($table)) { if (isset($table)) {
unset($table); unset($table);
} }
if (!isset($db)) { if (!isset($db)) {
$goto = 'main.php'; $_REQUEST['goto'] = 'main.php';
} else { } else {
$is_db = @PMA_DBI_select_db($db); $is_db = @PMA_DBI_select_db($db);
if (!$is_db) { if (!$is_db) {
$goto = 'main.php'; $_REQUEST['goto'] = 'main.php';
unset($db); unset($db);
} }
} // end if... else... } // end if... else...
} }
// Loads to target script // Loads to target script
if (strpos(' ' . $goto, 'db_details') == 1 if (strpos(' ' . $_REQUEST['goto'], 'db_details') == 1
|| strpos(' ' . $goto, 'tbl_properties') == 1) { || strpos(' ' . $_REQUEST['goto'], 'tbl_properties') == 1) {
$js_to_run = 'functions.js'; $js_to_run = 'functions.js';
} }
if ($goto != 'main.php') { if ($_REQUEST['goto'] != 'main.php') {
require_once('./libraries/header.inc.php'); require_once('./libraries/header.inc.php');
} }
$active_page = $goto; $active_page = $_REQUEST['goto'];
require('./' . $goto); require('./' . $_REQUEST['goto']);
} // end if file_exist } // end if file_exist
else { else {
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . str_replace('&amp;', '&', $goto) . '&message=' . urlencode($message)); PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . str_replace('&amp;', '&', $_REQUEST['goto']) . '&message=' . urlencode($message));
} // end else } // end else
exit(); exit();
} // end no rows returned } // end no rows returned
@@ -859,7 +859,7 @@ else {
&& !empty($sql_query)) { && !empty($sql_query)) {
echo "\n"; echo "\n";
$goto = 'sql.php?' $_REQUEST['goto'] = 'sql.php?'
. PMA_generate_common_url($db, $table) . PMA_generate_common_url($db, $table)
. '&amp;pos=' . $pos . '&amp;pos=' . $pos
. '&amp;session_max_rows=' . $session_max_rows . '&amp;session_max_rows=' . $session_max_rows
@@ -877,7 +877,7 @@ else {
?> ?>
<form action="sql.php" method="post" onsubmit="return emptyFormElements(this, 'fields[label]');"> <form action="sql.php" method="post" onsubmit="return emptyFormElements(this, 'fields[label]');">
<?php echo PMA_generate_common_hidden_inputs(); ?> <?php echo PMA_generate_common_hidden_inputs(); ?>
<input type="hidden" name="goto" value="<?php echo $goto; ?>" /> <input type="hidden" name="goto" value="<?php echo $_REQUEST['goto']; ?>" />
<input type="hidden" name="fields[dbase]" value="<?php echo htmlspecialchars($db); ?>" /> <input type="hidden" name="fields[dbase]" value="<?php echo htmlspecialchars($db); ?>" />
<input type="hidden" name="fields[user]" value="<?php echo $cfg['Bookmark']['user']; ?>" /> <input type="hidden" name="fields[user]" value="<?php echo $cfg['Bookmark']['user']; ?>" />
<input type="hidden" name="fields[query]" value="<?php echo urlencode(isset($complete_query) ? $complete_query : $sql_query); ?>" /> <input type="hidden" name="fields[query]" value="<?php echo urlencode(isset($complete_query) ? $complete_query : $sql_query); ?>" />