nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d0facc3d4fe3a7594e38163cc75fd2da7c734fa7
phpmyadmin/libraries/core.lib.php

450 lines
13 KiB
PHP
Raw Blame History

<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Core functions used all over the scripts.
*
* @version $Id$
*/
/**
* Removes insecure parts in a path; used before include() or
* require() when a part of the path comes from an insecure source
* like a cookie or form.
*
* @param string The path to check
*
* @return string The secured path
*
* @access public
* @author Marc Delisle (lem9@users.sourceforge.net)
*/
function PMA_securePath($path)
{
// change .. to .
$path = preg_replace('@\.\.*@', '.', $path);
return $path;
} // end function
/**
* displays the given error message on phpMyAdmin error page in foreign language,
* ends script execution and closes session
*
* @todo use detected argument separator (PMA_Config)
* @uses $GLOBALS['session_name']
* @uses $GLOBALS['text_dir']
* @uses $GLOBALS['strError']
* @uses $GLOBALS['available_languages']
* @uses $GLOBALS['lang']
* @uses PMA_removeCookie()
* @uses select_lang.lib.php
* @uses $_COOKIE
* @uses substr()
* @uses header()
* @uses urlencode()
* @param string $error_message the error message or named error message
*/
function PMA_fatalError($error_message, $message_args = null)
{
if (! isset($GLOBALS['available_languages'])) {
$GLOBALS['cfg'] = array('DefaultLang' => 'en-iso-8859-1',
'AllowAnywhereRecoding' => false);
// Loads the language file
require_once './libraries/select_lang.lib.php';
if (isset($strError)) {
$GLOBALS['strError'] = $strError;
}
if (isset($text_dir)) {
$GLOBALS['text_dir'] = $text_dir;
}
}
if (substr($error_message, 0, 3) === 'str') {
if (isset($$error_message)) {
$error_message = $$error_message;
} elseif (isset($GLOBALS[$error_message])) {
$error_message = $GLOBALS[$error_message];
}
}
if (is_string($message_args)) {
$error_message = sprintf($error_message, $message_args);
} elseif (is_array($message_args)) {
$error_message = vsprintf($error_message, $message_args);
}
$error_message = strtr($error_message, array('<br />' => '[br]'));
// Displays the error message
// (do not use &amp; for parameters sent by header)
header('Location: error.php'
. '?lang=' . urlencode($GLOBALS['available_languages'][$GLOBALS['lang']][2])
. '&dir=' . urlencode($GLOBALS['text_dir'])
. '&type=' . urlencode($GLOBALS['strError'])
. '&error=' . urlencode($error_message));
// on fatal errors it cannot hurt to always delete the current session
if (isset($GLOBALS['session_name']) && isset($_COOKIE[$GLOBALS['session_name']])) {
PMA_removeCookie($GLOBALS['session_name']);
}
exit;
}
/**
* returns count of tables in given db
*
* @uses PMA_DBI_try_query()
* @uses PMA_backquote()
* @uses PMA_DBI_QUERY_STORE()
* @uses PMA_DBI_num_rows()
* @uses PMA_DBI_free_result()
* @param string $db database to count tables for
* @return integer count of tables in $db
*/
function PMA_getTableCount($db)
{
$tables = PMA_DBI_try_query(
'SHOW TABLES FROM ' . PMA_backquote($db) . ';',
null, PMA_DBI_QUERY_STORE);
if ($tables) {
$num_tables = PMA_DBI_num_rows($tables);
PMA_DBI_free_result($tables);
} else {
$num_tables = 0;
}
return $num_tables;
}
/**
* Converts numbers like 10M into bytes
* Used with permission from Moodle (http://moodle.org) by Martin Dougiamas
* (renamed with PMA prefix to avoid double definition when embedded
* in Moodle)
*
* @uses each()
* @uses strlen()
* @uses substr()
* @param string $size
* @return integer $size
*/
function PMA_get_real_size($size = 0)
{
if (! $size) {
return 0;
}
$scan['gb'] = 1073741824; //1024 * 1024 * 1024;
$scan['g'] = 1073741824; //1024 * 1024 * 1024;
$scan['mb'] = 1048576;
$scan['m'] = 1048576;
$scan['kb'] = 1024;
$scan['k'] = 1024;
$scan['b'] = 1;
foreach ($scan as $unit => $factor) {
if (strlen($size) > strlen($unit)
&& strtolower(substr($size, strlen($size) - strlen($unit))) == $unit) {
return substr($size, 0, strlen($size) - strlen($unit)) * $factor;
}
}
return $size;
} // end function PMA_get_real_size()
/**
* loads php module
*
* @uses PHP_OS
* @uses extension_loaded()
* @uses ini_get()
* @uses function_exists()
* @uses ob_start()
* @uses phpinfo()
* @uses strip_tags()
* @uses ob_get_contents()
* @uses ob_end_clean()
* @uses preg_match()
* @uses strtoupper()
* @uses substr()
* @uses dl()
* @param string $module name if module to load
* @return boolean success loading module
*/
function PMA_dl($module)
{
static $dl_allowed = null;
if (extension_loaded($module)) {
return true;
}
if (null === $dl_allowed) {
if (!@ini_get('safe_mode')
&& @ini_get('enable_dl')
&& @function_exists('dl')) {
ob_start();
phpinfo(INFO_GENERAL); /* Only general info */
$a = strip_tags(ob_get_contents());
ob_end_clean();
if (preg_match('@Thread Safety[[:space:]]*enabled@', $a)) {
if (preg_match('@Server API[[:space:]]*\(CGI\|CLI\)@', $a)) {
$dl_allowed = true;
} else {
$dl_allowed = false;
}
} else {
$dl_allowed = true;
}
} else {
$dl_allowed = false;
}
}
if (!$dl_allowed) {
return false;
}
/* Once we require PHP >= 4.3, we might use PHP_SHLIB_SUFFIX here */
if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
$module_file = 'php_' . $module . '.dll';
} elseif (PHP_OS=='HP-UX') {
$module_file = $module . '.sl';
} else {
$module_file = $module . '.so';
}
return @dl($module_file);
}
/**
* merges array recursive like array_merge_recursive() but keyed-values are
* always overwritten.
*
* array PMA_array_merge_recursive(array $array1[, array $array2[, array ...]])
*
* @see http://php.net/array_merge
* @see http://php.net/array_merge_recursive
* @uses func_num_args()
* @uses func_get_arg()
* @uses is_array()
* @uses call_user_func_array()
* @param array array to merge
* @param array array to merge
* @param array ...
* @return array merged array
*/
function PMA_array_merge_recursive()
{
switch(func_num_args()) {
case 0 :
return false;
break;
case 1 :
// when does that happen?
return func_get_arg(0);
break;
case 2 :
$args = func_get_args();
if (!is_array($args[0]) || !is_array($args[1])) {
return $args[1];
}
foreach ($args[1] as $key2 => $value2) {
if (isset($args[0][$key2]) && !is_int($key2)) {
$args[0][$key2] = PMA_array_merge_recursive($args[0][$key2],
$value2);
} else {
// we erase the parent array, otherwise we cannot override a directive that
// contains array elements, like this:
// (in config.default.php) $cfg['ForeignKeyDropdownOrder'] = array('id-content','content-id');
// (in config.inc.php) $cfg['ForeignKeyDropdownOrder'] = array('content-id');
if (is_int($key2) && $key2 == 0) {
unset($args[0]);
}
$args[0][$key2] = $value2;
}
}
return $args[0];
break;
default :
$args = func_get_args();
$args[1] = PMA_array_merge_recursive($args[0], $args[1]);
array_shift($args);
return call_user_func_array('PMA_array_merge_recursive', $args);
break;
}
}
/**
* calls $function vor every element in $array recursively
*
* this function is protected against deep recursion attack CVE-2006-1549,
* 1000 seems to be more than enough
*
* @see http://www.php-security.org/MOPB/MOPB-02-2007.html
* @see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1549
*
* @uses PMA_arrayWalkRecursive()
* @uses is_array()
* @uses is_string()
* @param array $array array to walk
* @param string $function function to call for every array element
*/
function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false)
{
static $recursive_counter = 0;
if (++$recursive_counter > 1000) {
die('possible deep recursion attack');
}
foreach ($array as $key => $value) {
if (is_array($value)) {
PMA_arrayWalkRecursive($array[$key], $function, $apply_to_keys_also);
} else {
$array[$key] = $function($value);
}
if ($apply_to_keys_also && is_string($key)) {
$new_key = $function($key);
if ($new_key != $key) {
$array[$new_key] = $array[$key];
unset($array[$key]);
}
}
}
$recursive_counter++;
}
/**
* boolean phpMyAdmin.PMA_checkPageValidity(string &$page, array $whitelist)
*
* checks given given $page against given $whitelist and returns true if valid
* it ignores optionaly query paramters in $page (script.php?ignored)
*
* @uses in_array()
* @uses urldecode()
* @uses substr()
* @uses strpos()
* @param string &$page page to check
* @param array $whitelist whitelist to check page against
* @return boolean whether $page is valid or not (in $whitelist or not)
*/
function PMA_checkPageValidity(&$page, $whitelist)
{
if (! isset($page) || !is_string($page)) {
return false;
}
if (in_array($page, $whitelist)) {
return true;
} elseif (in_array(substr($page, 0, strpos($page . '?', '?')), $whitelist)) {
return true;
} else {
$_page = urldecode($page);
if (in_array(substr($_page, 0, strpos($_page . '?', '?')), $whitelist)) {
return true;
}
}
return false;
}
/**
* trys to find the value for the given environment vriable name
*
* searchs in $_SERVER, $_ENV than trys getenv() and apache_getenv()
* in this order
*
* @uses $_SERVER
* @uses $_ENV
* @uses getenv()
* @uses function_exists()
* @uses apache_getenv()
* @param string $var_name variable name
* @return string value of $var or empty string
*/
function PMA_getenv($var_name) {
if (isset($_SERVER[$var_name])) {
return $_SERVER[$var_name];
} elseif (isset($_ENV[$var_name])) {
return $_ENV[$var_name];
} elseif (getenv($var_name)) {
return getenv($var_name);
} elseif (function_exists('apache_getenv')
&& apache_getenv($var_name, true)) {
return apache_getenv($var_name, true);
}
return '';
}
/**
* removes cookie
*
* @uses PMA_Config::isHttps()
* @uses PMA_Config::getCookiePath()
* @uses setcookie()
* @uses time()
* @param string $cookie name of cookie to remove
* @return boolean result of setcookie()
*/
function PMA_removeCookie($cookie)
{
return setcookie($cookie, '', time() - 3600,
PMA_Config::getCookiePath(), '', PMA_Config::isHttps());
}
/**
* sets cookie if value is different from current cokkie value,
* or removes if value is equal to default
*
* @uses PMA_Config::isHttps()
* @uses PMA_Config::getCookiePath()
* @uses $_COOKIE
* @uses PMA_removeCookie()
* @uses setcookie()
* @uses time()
* @param string $cookie name of cookie to remove
* @param mixed $value new cookie value
* @param string $default default value
* @param int $validity validity of cookie in seconds (default is one month)
* @param bool $httponlt whether cookie is only for HTTP (and not for scripts)
* @return boolean result of setcookie()
*/
function PMA_setCookie($cookie, $value, $default = null, $validity = null, $httponly = true)
{
if ($validity == null) {
$validity = 2592000;
}
if (strlen($value) && null !== $default && $value === $default
&& isset($_COOKIE[$cookie])) {
// remove cookie, default value is used
return PMA_removeCookie($cookie);
}
if (! strlen($value) && isset($_COOKIE[$cookie])) {
// remove cookie, value is empty
return PMA_removeCookie($cookie);
}
if (! isset($_COOKIE[$cookie]) || $_COOKIE[$cookie] !== $value) {
// set cookie with new value
/* Calculate cookie validity */
if ($validity == 0) {
$v = 0;
} else {
$v = time() + $validity;
}
/* Use native support for httponly cookies if available */
if (version_compare(PHP_VERSION, '5.2.0', 'ge')) {
return setcookie($cookie, $value, $v,
PMA_Config::getCookiePath(), '', PMA_Config::isHttps(), $httponly);
} else {
return setcookie($cookie, $value, $v,
PMA_Config::getCookiePath() . ($httponly ? '; HttpOnly' : ''), '', PMA_Config::isHttps());
}
}
// cookie has already $value as value
return true;
}
?>
Reference in New Issue View Git Blame Copy Permalink