view_create.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * handles creation of VIEWs
   5  *
   6  * @todo js error when view name is empty (strFormEmpty)
   7  * @todo (also validate if js is disabled, after form submission?)
   8  * @package PhpMyAdmin
   9  */
  10
  11 use PhpMyAdmin\Core;
  12 use PhpMyAdmin\Response;
  13 use PhpMyAdmin\Template;
  14
  15 require_once './libraries/common.inc.php';
  16
  17 /**
  18  * Runs common work
  19  */
  20 require './libraries/db_common.inc.php';
  21 $url_params['goto'] = 'tbl_structure.php';
  22 $url_params['back'] = 'view_create.php';
  23
  24 $response = Response::getInstance();
  25
  26 $view_algorithm_options = array(
  27     'UNDEFINED',
  28     'MERGE',
  29     'TEMPTABLE',
  30 );
  31
  32 $view_with_options = array(
  33     'CASCADED',
  34     'LOCAL'
  35 );
  36
  37 $view_security_options = array(
  38     'DEFINER',
  39     'INVOKER'
  40 );
  41
  42 // View name is a compulsory field
  43 if (isset($_POST['view']['name'])
  44     && empty($_POST['view']['name'])
  45 ) {
  46     $message = PhpMyAdmin\Message::error(__('View name can not be empty!'));
  47     $response->addJSON(
  48         'message',
  49         $message
  50     );
  51     $response->setRequestStatus(false);
  52     exit;
  53 }
  54
  55 if (isset($_POST['createview']) || isset($_POST['alterview'])) {
  56     /**
  57      * Creates the view
  58      */
  59     $sep = "\r\n";
  60
  61     if (isset($_POST['createview'])) {
  62         $sql_query = 'CREATE';
  63         if (isset($_POST['view']['or_replace'])) {
  64             $sql_query .= ' OR REPLACE';
  65         }
  66     } else {
  67         $sql_query = 'ALTER';
  68     }
  69
  70     if (Core::isValid($_POST['view']['algorithm'], $view_algorithm_options)) {
  71         $sql_query .= $sep . ' ALGORITHM = ' . $_POST['view']['algorithm'];
  72     }
  73
  74     if (! empty($_POST['view']['definer'])) {
  75         if (strpos($_POST['view']['definer'], '@') === false) {
  76             $sql_query .= $sep . 'DEFINER='
  77                 . PhpMyAdmin\Util::backquote($_POST['view']['definer']);
  78         } else {
  79             $arr = explode('@', $_POST['view']['definer']);
  80             $sql_query .= $sep . 'DEFINER=' . PhpMyAdmin\Util::backquote($arr[0]);
  81             $sql_query .= '@' . PhpMyAdmin\Util::backquote($arr[1]) . ' ';
  82         }
  83     }
  84
  85     if (isset($_POST['view']['sql_security'])) {
  86         if (in_array($_POST['view']['sql_security'], $view_security_options)) {
  87             $sql_query .= $sep . ' SQL SECURITY '
  88                 . $_POST['view']['sql_security'];
  89         }
  90     }
  91
  92     $sql_query .= $sep . ' VIEW '
  93         . PhpMyAdmin\Util::backquote($_POST['view']['name']);
  94
  95     if (! empty($_POST['view']['column_names'])) {
  96         $sql_query .= $sep . ' (' . $_POST['view']['column_names'] . ')';
  97     }
  98
  99     $sql_query .= $sep . ' AS ' . $_POST['view']['as'];
 100
 101     if (isset($_POST['view']['with'])) {
 102         if (in_array($_POST['view']['with'], $view_with_options)) {
 103             $sql_query .= $sep . ' WITH ' . $_POST['view']['with']
 104                 . '  CHECK OPTION';
 105         }
 106     }
 107
 108     if (!$GLOBALS['dbi']->tryQuery($sql_query)) {
 109         if (! isset($_POST['ajax_dialog'])) {
 110             $message = PhpMyAdmin\Message::rawError($GLOBALS['dbi']->getError());
 111             return;
 112         }
 113
 114         $response->addJSON(
 115             'message',
 116             PhpMyAdmin\Message::error(
 117                 "<i>" . htmlspecialchars($sql_query) . "</i><br /><br />"
 118                 . $GLOBALS['dbi']->getError()
 119             )
 120         );
 121         $response->setRequestStatus(false);
 122         exit;
 123     }
 124
 125     // If different column names defined for VIEW
 126     $view_columns = array();
 127     if (isset($_POST['view']['column_names'])) {
 128         $view_columns = explode(',', $_POST['view']['column_names']);
 129     }
 130
 131     $column_map = $GLOBALS['dbi']->getColumnMapFromSql(
 132         $_POST['view']['as'], $view_columns
 133     );
 134
 135     $systemDb = $GLOBALS['dbi']->getSystemDatabase();
 136     $pma_transformation_data = $systemDb->getExistingTransformationData(
 137         $GLOBALS['db']
 138     );
 139
 140     if ($pma_transformation_data !== false) {
 141
 142         // SQL for store new transformation details of VIEW
 143         $new_transformations_sql = $systemDb->getNewTransformationDataSql(
 144             $pma_transformation_data, $column_map,
 145             $_POST['view']['name'], $GLOBALS['db']
 146         );
 147
 148         // Store new transformations
 149         if ($new_transformations_sql != '') {
 150             $GLOBALS['dbi']->tryQuery($new_transformations_sql);
 151         }
 152
 153     }
 154     unset($pma_transformation_data);
 155
 156     if (! isset($_POST['ajax_dialog'])) {
 157         $message = PhpMyAdmin\Message::success();
 158         include 'tbl_structure.php';
 159     } else {
 160         $response->addJSON(
 161             'message',
 162             PhpMyAdmin\Util::getMessage(
 163                 PhpMyAdmin\Message::success(),
 164                 $sql_query
 165             )
 166         );
 167         $response->setRequestStatus(true);
 168     }
 169
 170     exit;
 171 }
 172
 173 $sql_query = ! empty($_POST['sql_query']) ? $_POST['sql_query'] : '';
 174
 175 // prefill values if not already filled from former submission
 176 $view = array(
 177     'operation' => 'create',
 178     'or_replace' => '',
 179     'algorithm' => '',
 180     'definer' => '',
 181     'sql_security' => '',
 182     'name' => '',
 183     'column_names' => '',
 184     'as' => $sql_query,
 185     'with' => '',
 186     'algorithm' => '',
 187 );
 188
 189 // Used to prefill the fields when editing a view
 190 if (isset($_GET['db']) && isset($_GET['table'])) {
 191     $item = $GLOBALS['dbi']->fetchSingleRow(
 192         sprintf(
 193             "SELECT `VIEW_DEFINITION`, `CHECK_OPTION`, `DEFINER`,
 194             `SECURITY_TYPE`
 195             FROM `INFORMATION_SCHEMA`.`VIEWS`
 196             WHERE TABLE_SCHEMA='%s'
 197             AND TABLE_NAME='%s';",
 198             $GLOBALS['dbi']->escapeString($_GET['db']),
 199             $GLOBALS['dbi']->escapeString($_GET['table'])
 200         )
 201     );
 202     $createView = $GLOBALS['dbi']->getTable($_GET['db'], $_GET['table'])
 203         ->showCreate();
 204
 205     // CREATE ALGORITHM=<ALGORITHM> DE...
 206     $parts = explode(" ", substr($createView, 17));
 207     $item['ALGORITHM'] = $parts[0];
 208
 209     $view['operation'] = 'alter';
 210     $view['definer'] = $item['DEFINER'];
 211     $view['sql_security'] = $item['SECURITY_TYPE'];
 212     $view['name'] = $_GET['table'];
 213     $view['as'] = $item['VIEW_DEFINITION'];
 214     $view['with'] = $item['CHECK_OPTION'];
 215     $view['algorithm'] = $item['ALGORITHM'];
 216
 217 }
 218
 219 if (Core::isValid($_POST['view'], 'array')) {
 220     $view = array_merge($view, $_POST['view']);
 221 }
 222
 223 $url_params['db'] = $GLOBALS['db'];
 224 $url_params['reload'] = 1;
 225
 226 echo Template::get('view_create')->render([
 227     'ajax_dialog' => isset($_POST['ajax_dialog']),
 228     'text_dir' => $text_dir,
 229     'url_params' => $url_params,
 230     'view' => $view,
 231     'view_algorithm_options' => $view_algorithm_options,
 232     'view_with_options' => $view_with_options,
 233     'view_security_options' => $view_security_options,
 234 ]);