search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
PHPMYADMIN - [PATCH] [security] Global variables scope injection vulnerability (see...
[openemr.git] / phpmyadmin / import.php
blob6075d5d94fc40d6a540c5a9dd560ade75447161d
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Core script for import, this is just the glue around all other stuff
5 *
6 * @package PhpMyAdmin
7 */
8
9 /**
10 * Get the variables sent or posted to this script and a core script
11 */
12 require_once 'libraries/common.inc.php';
13 //require_once 'libraries/display_import_functions.lib.php';
14
15 if (isset($_REQUEST['show_as_php'])) {
16 $GLOBALS['show_as_php'] = $_REQUEST['show_as_php'];
17 }
18
19 /**
20 * Sets globals from $_POST
21 */
22 $post_params = array(
23 'action_bookmark',
24 'allow_interrupt',
25 'bkm_label',
26 'bookmark_variable',
27 'charset_of_file',
28 'format',
29 'id_bookmark',
30 'import_type',
31 'is_js_confirmed',
32 'MAX_FILE_SIZE',
33 'message_to_show',
34 'noplugin',
35 'skip_queries',
36 'local_import_file'
37 );
38
39 // TODO: adapt full list of allowed parameters, as in export.php
40 foreach ($post_params as $one_post_param) {
41 if (isset($_POST[$one_post_param])) {
42 $GLOBALS[$one_post_param] = $_POST[$one_post_param];
43 }
44 }
45
46 // reset import messages for ajax request
47 $_SESSION['Import_message']['message'] = null;
48 $_SESSION['Import_message']['go_back_url'] = null;
49 // default values
50 $GLOBALS['reload'] = false;
51
52 // Use to identify curren cycle is executing
53 // a multiquery statement or stored routine
54 if (!isset($_SESSION['is_multi_query'])) {
55 $_SESSION['is_multi_query'] = false;
56 }
57
58 // Are we just executing plain query or sql file?
59 // (eg. non import, but query box/window run)
60 if (! empty($sql_query)) {
61 // run SQL query
62 $import_text = $sql_query;
63 $import_type = 'query';
64 $format = 'sql';
65
66 // refresh navigation and main panels
67 if (preg_match('/^(DROP)\s+(VIEW|TABLE|DATABASE|SCHEMA)\s+/i', $sql_query)) {
68 $GLOBALS['reload'] = true;
69 }
70
71 // refresh navigation panel only
72 if (preg_match('/^(CREATE|ALTER)\s+(VIEW|TABLE|DATABASE|SCHEMA)\s+/i', $sql_query)) {
73 $ajax_reload['reload'] = true;
74 }
75
76 // do a dynamic reload if table is RENAMED
77 // (by sending the instruction to the AJAX response handler)
78 if (preg_match('/^RENAME\s+TABLE\s+(.*?)\s+TO\s+(.*?)($|;|\s)/i', $sql_query, $rename_table_names)) {
79 $ajax_reload['table_name'] = PMA_Util::unQuote($rename_table_names[2]);
80 $ajax_reload['reload'] = true;
81 }
82
83 $sql_query = '';
84 } elseif (! empty($sql_localfile)) {
85 // run SQL file on server
86 $local_import_file = $sql_localfile;
87 $import_type = 'queryfile';
88 $format = 'sql';
89 unset($sql_localfile);
90 } elseif (! empty($sql_file)) {
91 // run uploaded SQL file
92 $import_file = $sql_file;
93 $import_type = 'queryfile';
94 $format = 'sql';
95 unset($sql_file);
96 } elseif (! empty($id_bookmark)) {
97 // run bookmark
98 $import_type = 'query';
99 $format = 'sql';
100 }
101
102 // If we didn't get any parameters, either user called this directly, or
103 // upload limit has been reached, let's assume the second possibility.
104 ;
105 if ($_POST == array() && $_GET == array()) {
106 $message = PMA_Message::error(
107 __('You probably tried to upload a file that is too large. Please refer to %sdocumentation%s for a workaround for this limit.')
108 );
109 $message->addParam('[doc@faq1-16]');
110 $message->addParam('[/doc]');
111
112 // so we can obtain the message
113 $_SESSION['Import_message']['message'] = $message->getDisplay();
114 $_SESSION['Import_message']['go_back_url'] = $goto;
115
116 $message->display();
117 exit; // the footer is displayed automatically
118 }
119
120 /**
121 * Sets globals from $_POST patterns, for import plugins
122 * We only need to load the selected plugin
123 */
124
125 if (! in_array(
126 $format,
127 array(
128 'csv',
129 'ldi',
130 'mediawiki',
131 'ods',
132 'shp',
133 'sql',
134 'xml'
135 )
136 )
137 ) {
138 // this should not happen for a normal user
139 // but only during an attack
140 PMA_fatalError('Incorrect format parameter');
141 }
142
143 $post_patterns = array(
144 '/^force_file_/',
145 '/^'. $format . '_/'
146 );
147 foreach (array_keys($_POST) as $post_key) {
148 foreach ($post_patterns as $one_post_pattern) {
149 if (preg_match($one_post_pattern, $post_key)) {
150 $GLOBALS[$post_key] = $_POST[$post_key];
151 }
152 }
153 }
154
155 // Check needed parameters
156 PMA_Util::checkParameters(array('import_type', 'format'));
157
158 // We don't want anything special in format
159 $format = PMA_securePath($format);
160
161 // Import functions
162 require_once 'libraries/import.lib.php';
163
164 // Create error and goto url
165 if ($import_type == 'table') {
166 $err_url = 'tbl_import.php?' . PMA_generate_common_url($db, $table);
167 $_SESSION['Import_message']['go_back_url'] = $err_url;
168 $goto = 'tbl_import.php';
169 } elseif ($import_type == 'database') {
170 $err_url = 'db_import.php?' . PMA_generate_common_url($db);
171 $_SESSION['Import_message']['go_back_url'] = $err_url;
172 $goto = 'db_import.php';
173 } elseif ($import_type == 'server') {
174 $err_url = 'server_import.php?' . PMA_generate_common_url();
175 $_SESSION['Import_message']['go_back_url'] = $err_url;
176 $goto = 'server_import.php';
177 } else {
178 if (empty($goto) || !preg_match('@^(server|db|tbl)(_[a-z]*)*\.php$@i', $goto)) {
179 if (strlen($table) && strlen($db)) {
180 $goto = 'tbl_structure.php';
181 } elseif (strlen($db)) {
182 $goto = 'db_structure.php';
183 } else {
184 $goto = 'server_sql.php';
185 }
186 }
187 if (strlen($table) && strlen($db)) {
188 $common = PMA_generate_common_url($db, $table);
189 } elseif (strlen($db)) {
190 $common = PMA_generate_common_url($db);
191 } else {
192 $common = PMA_generate_common_url();
193 }
194 $err_url = $goto . '?' . $common
195 . (preg_match('@^tbl_[a-z]*\.php$@', $goto)
196 ? '&amp;table=' . htmlspecialchars($table)
197 : '');
198 $_SESSION['Import_message']['go_back_url'] = $err_url;
199 }
200
201
202 if (strlen($db)) {
203 PMA_DBI_select_db($db);
204 }
205
206 @set_time_limit($cfg['ExecTimeLimit']);
207 if (! empty($cfg['MemoryLimit'])) {
208 @ini_set('memory_limit', $cfg['MemoryLimit']);
209 }
210
211 $timestamp = time();
212 if (isset($allow_interrupt)) {
213 $maximum_time = ini_get('max_execution_time');
214 } else {
215 $maximum_time = 0;
216 }
217
218 // set default values
219 $timeout_passed = false;
220 $error = false;
221 $read_multiply = 1;
222 $finished = false;
223 $offset = 0;
224 $max_sql_len = 0;
225 $file_to_unlink = '';
226 $sql_query = '';
227 $sql_query_disabled = false;
228 $go_sql = false;
229 $executed_queries = 0;
230 $run_query = true;
231 $charset_conversion = false;
232 $reset_charset = false;
233 $bookmark_created = false;
234
235 // Bookmark Support: get a query back from bookmark if required
236 if (! empty($id_bookmark)) {
237 $id_bookmark = (int)$id_bookmark;
238 include_once 'libraries/bookmark.lib.php';
239 switch ($action_bookmark) {
240 case 0: // bookmarked query that have to be run
241 $import_text = PMA_Bookmark_get(
242 $db,
243 $id_bookmark,
244 'id',
245 isset($action_bookmark_all)
246 );
247 if (isset($bookmark_variable) && ! empty($bookmark_variable)) {
248 $import_text = preg_replace(
249 '|/\*(.*)\[VARIABLE\](.*)\*/|imsU',
250 '${1}' . PMA_Util::sqlAddSlashes($bookmark_variable) . '${2}',
251 $import_text
252 );
253 }
254
255 // refresh navigation and main panels
256 if (preg_match('/^(DROP)\s+(VIEW|TABLE|DATABASE|SCHEMA)\s+/i', $import_text)) {
257 $GLOBALS['reload'] = true;
258 }
259
260 // refresh navigation panel only
261 if (preg_match('/^(CREATE|ALTER)\s+(VIEW|TABLE|DATABASE|SCHEMA)\s+/i', $import_text)) {
262 $ajax_reload['reload'] = true;
263 }
264 break;
265 case 1: // bookmarked query that have to be displayed
266 $import_text = PMA_Bookmark_get($db, $id_bookmark);
267 if ($GLOBALS['is_ajax_request'] == true) {
268 $message = PMA_Message::success(__('Showing bookmark'));
269 $response = PMA_Response::getInstance();
270 $response->isSuccess($message->isSuccess());
271 $response->addJSON('message', $message);
272 $response->addJSON('sql_query', $import_text);
273 $response->addJSON('action_bookmark', $action_bookmark);
274 exit;
275 } else {
276 $run_query = false;
277 }
278 break;
279 case 2: // bookmarked query that have to be deleted
280 $import_text = PMA_Bookmark_get($db, $id_bookmark);
281 PMA_Bookmark_delete($db, $id_bookmark);
282 if ($GLOBALS['is_ajax_request'] == true) {
283 $message = PMA_Message::success(__('The bookmark has been deleted.'));
284 $response = PMA_Response::getInstance();
285 $response->isSuccess($message->isSuccess());
286 $response->addJSON('message', $message);
287 $response->addJSON('action_bookmark', $action_bookmark);
288 $response->addJSON('id_bookmark', $id_bookmark);
289 exit;
290 } else {
291 $run_query = false;
292 $error = true; // this is kind of hack to skip processing the query
293 }
294 break;
295 }
296 } // end bookmarks reading
297
298 // Do no run query if we show PHP code
299 if (isset($GLOBALS['show_as_php'])) {
300 $run_query = false;
301 $go_sql = true;
302 }
303
304 // We can not read all at once, otherwise we can run out of memory
305 $memory_limit = trim(@ini_get('memory_limit'));
306 // 2 MB as default
307 if (empty($memory_limit)) {
308 $memory_limit = 2 * 1024 * 1024;
309 }
310 // In case no memory limit we work on 10MB chunks
311 if ($memory_limit == -1) {
312 $memory_limit = 10 * 1024 * 1024;
313 }
314
315 // Calculate value of the limit
316 if (strtolower(substr($memory_limit, -1)) == 'm') {
317 $memory_limit = (int)substr($memory_limit, 0, -1) * 1024 * 1024;
318 } elseif (strtolower(substr($memory_limit, -1)) == 'k') {
319 $memory_limit = (int)substr($memory_limit, 0, -1) * 1024;
320 } elseif (strtolower(substr($memory_limit, -1)) == 'g') {
321 $memory_limit = (int)substr($memory_limit, 0, -1) * 1024 * 1024 * 1024;
322 } else {
323 $memory_limit = (int)$memory_limit;
324 }
325
326 // Just to be sure, there might be lot of memory needed for uncompression
327 $read_limit = $memory_limit / 8;
328
329 // handle filenames
330 if (isset($_FILES['import_file'])) {
331 $import_file = $_FILES['import_file']['tmp_name'];
332 }
333 if (! empty($local_import_file) && ! empty($cfg['UploadDir'])) {
334
335 // sanitize $local_import_file as it comes from a POST
336 $local_import_file = PMA_securePath($local_import_file);
337
338 $import_file = PMA_Util::userDir($cfg['UploadDir'])
339 . $local_import_file;
340
341 } elseif (empty($import_file) || ! is_uploaded_file($import_file)) {
342 $import_file = 'none';
343 }
344
345 // Do we have file to import?
346
347 if ($import_file != 'none' && ! $error) {
348 // work around open_basedir and other limitations
349 $open_basedir = @ini_get('open_basedir');
350
351 // If we are on a server with open_basedir, we must move the file
352 // before opening it. The doc explains how to create the "./tmp"
353 // directory
354
355 if (! empty($open_basedir)) {
356
357 $tmp_subdir = (PMA_IS_WINDOWS ? '.\\tmp\\' : 'tmp/');
358
359 if (is_writable($tmp_subdir)) {
360
361
362 $import_file_new = $tmp_subdir . basename($import_file) . uniqid();
363 if (move_uploaded_file($import_file, $import_file_new)) {
364 $import_file = $import_file_new;
365 $file_to_unlink = $import_file_new;
366 }
367
368 $size = filesize($import_file);
369 }
370 }
371
372 /**
373 * Handle file compression
374 * @todo duplicate code exists in File.class.php
375 */
376 $compression = PMA_detectCompression($import_file);
377 if ($compression === false) {
378 $message = PMA_Message::error(__('File could not be read'));
379 $error = true;
380 } else {
381 switch ($compression) {
382 case 'application/bzip2':
383 if ($cfg['BZipDump'] && @function_exists('bzopen')) {
384 $import_handle = @bzopen($import_file, 'r');
385 } else {
386 $message = PMA_Message::error(
387 __('You attempted to load file with unsupported compression (%s). Either support for it is not implemented or disabled by your configuration.')
388 );
389 $message->addParam($compression);
390 $error = true;
391 }
392 break;
393 case 'application/gzip':
394 if ($cfg['GZipDump'] && @function_exists('gzopen')) {
395 $import_handle = @gzopen($import_file, 'r');
396 } else {
397 $message = PMA_Message::error(
398 __('You attempted to load file with unsupported compression (%s). Either support for it is not implemented or disabled by your configuration.')
399 );
400 $message->addParam($compression);
401 $error = true;
402 }
403 break;
404 case 'application/zip':
405 if ($cfg['ZipDump'] && @function_exists('zip_open')) {
406 /**
407 * Load interface for zip extension.
408 */
409 include_once 'libraries/zip_extension.lib.php';
410 $result = PMA_getZipContents($import_file);
411 if (! empty($result['error'])) {
412 $message = PMA_Message::rawError($result['error']);
413 $error = true;
414 } else {
415 $import_text = $result['data'];
416 }
417 } else {
418 $message = PMA_Message::error(
419 __('You attempted to load file with unsupported compression (%s). Either support for it is not implemented or disabled by your configuration.')
420 );
421 $message->addParam($compression);
422 $error = true;
423 }
424 break;
425 case 'none':
426 $import_handle = @fopen($import_file, 'r');
427 break;
428 default:
429 $message = PMA_Message::error(
430 __('You attempted to load file with unsupported compression (%s). Either support for it is not implemented or disabled by your configuration.')
431 );
432 $message->addParam($compression);
433 $error = true;
434 break;
435 }
436 }
437 // use isset() because zip compression type does not use a handle
438 if (! $error && isset($import_handle) && $import_handle === false) {
439 $message = PMA_Message::error(__('File could not be read'));
440 $error = true;
441 }
442 } elseif (! $error) {
443 if (! isset($import_text) || empty($import_text)) {
444 $message = PMA_Message::error(
445 __('No data was received to import. Either no file name was submitted, or the file size exceeded the maximum size permitted by your PHP configuration. See [doc@faq1-16]FAQ 1.16[/doc].')
446 );
447 $error = true;
448 }
449 }
450
451 // so we can obtain the message
452 //$_SESSION['Import_message'] = $message->getDisplay();
453
454 // Convert the file's charset if necessary
455 if ($GLOBALS['PMA_recoding_engine'] != PMA_CHARSET_NONE && isset($charset_of_file)) {
456 if ($charset_of_file != 'utf-8') {
457 $charset_conversion = true;
458 }
459 } elseif (isset($charset_of_file) && $charset_of_file != 'utf8') {
460 if (PMA_DRIZZLE) {
461 // Drizzle doesn't support other character sets,
462 // so we can't fallback to SET NAMES - throw an error
463 $error = true;
464 $message = PMA_Message::error(
465 __('Cannot convert file\'s character set without character set conversion library')
466 );
467 } else {
468 PMA_DBI_query('SET NAMES \'' . $charset_of_file . '\'');
469 // We can not show query in this case, it is in different charset
470 $sql_query_disabled = true;
471 $reset_charset = true;
472 }
473 }
474
475 // Something to skip?
476 if (! $error && isset($skip)) {
477 $original_skip = $skip;
478 while ($skip > 0) {
479 PMA_importGetNextChunk($skip < $read_limit ? $skip : $read_limit);
480 // Disable read progresivity, otherwise we eat all memory!
481 $read_multiply = 1;
482 $skip -= $read_limit;
483 }
484 unset($skip);
485 }
486
487 // This array contain the data like numberof valid sql queries in the statement
488 // and complete valid sql statement (which affected for rows)
489 $sql_data = array('valid_sql' => array(), 'valid_queries' => 0);
490
491 if (! $error) {
492 // Check for file existance
493 include_once "libraries/plugin_interface.lib.php";
494 $import_plugin = PMA_getPlugin(
495 "import",
496 $format,
497 'libraries/plugins/import/',
498 $import_type
499 );
500 if ($import_plugin == null) {
501 $error = true;
502 $message = PMA_Message::error(
503 __('Could not load import plugins, please check your installation!')
504 );
505 } else {
506 // Do the real import
507 $import_plugin->doImport($sql_data);
508 }
509 }
510
511 if (! $error && false !== $import_handle && null !== $import_handle) {
512 fclose($import_handle);
513 }
514
515 // Cleanup temporary file
516 if ($file_to_unlink != '') {
517 unlink($file_to_unlink);
518 }
519
520 // Reset charset back, if we did some changes
521 if ($reset_charset) {
522 PMA_DBI_query('SET CHARACTER SET utf8');
523 PMA_DBI_query(
524 'SET SESSION collation_connection =\'' . $collation_connection . '\''
525 );
526 }
527
528 // Show correct message
529 if (! empty($id_bookmark) && $action_bookmark == 2) {
530 $message = PMA_Message::success(__('The bookmark has been deleted.'));
531 $display_query = $import_text;
532 $error = false; // unset error marker, it was used just to skip processing
533 } elseif (! empty($id_bookmark) && $action_bookmark == 1) {
534 $message = PMA_Message::notice(__('Showing bookmark'));
535 } elseif ($bookmark_created) {
536 $special_message = '[br]' . sprintf(
537 __('Bookmark %s created'),
538 htmlspecialchars($bkm_label)
539 );
540 } elseif ($finished && ! $error) {
541 if ($import_type == 'query') {
542 $message = PMA_Message::success();
543 } else {
544 if ($import_notice) {
545 $message = PMA_Message::success(
546 '<em>' . __('Import has been successfully finished, %d queries executed.') . '</em>'
547 );
548 $message->addParam($executed_queries);
549
550 $message->addString($import_notice);
551 if (isset($local_import_file)) {
552 $message->addString('(' . $local_import_file . ')');
553 } else {
554 $message->addString('(' . $_FILES['import_file']['name'] . ')');
555 }
556 } else {
557 $message = PMA_Message::success(
558 __('Import has been successfully finished, %d queries executed.')
559 );
560 $message->addParam($executed_queries);
561 if (isset($local_import_file)) {
562 $message->addString('(' . $local_import_file . ')');
563 } else {
564 $message->addString('(' . $_FILES['import_file']['name'] . ')');
565 }
566 }
567 }
568 }
569
570 // Did we hit timeout? Tell it user.
571 if ($timeout_passed) {
572 $message = PMA_Message::error(
573 __('Script timeout passed, if you want to finish import, please resubmit same file and import will resume.')
574 );
575 if ($offset == 0 || (isset($original_skip) && $original_skip == $offset)) {
576 $message->addString(
577 __('However on last run no data has been parsed, this usually means phpMyAdmin won\'t be able to finish this import unless you increase php time limits.')
578 );
579 }
580 }
581
582 // if there is any message, copy it into $_SESSION as well,
583 // so we can obtain it by AJAX call
584 if (isset($message)) {
585 $_SESSION['Import_message']['message'] = $message->getDisplay();
586 }
587 // Parse and analyze the query, for correct db and table name
588 // in case of a query typed in the query window
589 // (but if the query is too large, in case of an imported file, the parser
590 // can choke on it so avoid parsing)
591 if (strlen($sql_query) <= $GLOBALS['cfg']['MaxCharactersInDisplayedSQL']) {
592 include_once 'libraries/parse_analyze.lib.php';
593 }
594
595 // There was an error?
596 if (isset($my_die)) {
597 foreach ($my_die AS $key => $die) {
598 PMA_Util::mysqlDie(
599 $die['error'], $die['sql'], '', $err_url, $error
600 );
601 }
602 }
603
604 // we want to see the results of the last query that returned at least a row
605 if (! empty($last_query_with_results)) {
606 // but we want to show intermediate results too
607 $disp_query = $sql_query;
608 $disp_message = __('Your SQL query has been executed successfully');
609 $sql_query = $last_query_with_results;
610 $go_sql = true;
611 }
612
613 if ($go_sql) {
614 include 'sql.php';
615 } else {
616 $active_page = $goto;
617 include '' . $goto;
618 }
619 ?>
Mirror of official OpenEMR Sourceforge repository