search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
1. Check existence of mb_string, mysql and xml extensions before installation.
[openemr.git] / phpmyadmin / libraries / core.lib.php
blob8065e9d69a851b79c92add2bad0b66c727299579
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Core functions used all over the scripts.
5 * This script is distinct from libraries/common.inc.php because this
6 * script is called from /test.
7 *
8 * @package PhpMyAdmin
9 */
10 if (! defined('PHPMYADMIN')) {
11 exit;
12 }
13
14 /**
15 * String handling (security)
16 */
17 require_once 'libraries/string.lib.php';
18 require_once 'libraries/String.class.php';
19 $PMA_String = new PMA_String();
20
21 /**
22 * checks given $var and returns it if valid, or $default of not valid
23 * given $var is also checked for type being 'similar' as $default
24 * or against any other type if $type is provided
25 *
26 * <code>
27 * // $_REQUEST['db'] not set
28 * echo PMA_ifSetOr($_REQUEST['db'], ''); // ''
29 * // $_REQUEST['sql_query'] not set
30 * echo PMA_ifSetOr($_REQUEST['sql_query']); // null
31 * // $cfg['ForceSSL'] not set
32 * echo PMA_ifSetOr($cfg['ForceSSL'], false, 'boolean'); // false
33 * echo PMA_ifSetOr($cfg['ForceSSL']); // null
34 * // $cfg['ForceSSL'] set to 1
35 * echo PMA_ifSetOr($cfg['ForceSSL'], false, 'boolean'); // false
36 * echo PMA_ifSetOr($cfg['ForceSSL'], false, 'similar'); // 1
37 * echo PMA_ifSetOr($cfg['ForceSSL'], false); // 1
38 * // $cfg['ForceSSL'] set to true
39 * echo PMA_ifSetOr($cfg['ForceSSL'], false, 'boolean'); // true
40 * </code>
41 *
42 * @param mixed &$var param to check
43 * @param mixed $default default value
44 * @param mixed $type var type or array of values to check against $var
45 *
46 * @return mixed $var or $default
47 *
48 * @see PMA_isValid()
49 */
50 function PMA_ifSetOr(&$var, $default = null, $type = 'similar')
51 {
52 if (! PMA_isValid($var, $type, $default)) {
53 return $default;
54 }
55
56 return $var;
57 }
58
59 /**
60 * checks given $var against $type or $compare
61 *
62 * $type can be:
63 * - false : no type checking
64 * - 'scalar' : whether type of $var is integer, float, string or boolean
65 * - 'numeric' : whether type of $var is any number representation
66 * - 'length' : whether type of $var is scalar with a string length > 0
67 * - 'similar' : whether type of $var is similar to type of $compare
68 * - 'equal' : whether type of $var is identical to type of $compare
69 * - 'identical' : whether $var is identical to $compare, not only the type!
70 * - or any other valid PHP variable type
71 *
72 * <code>
73 * // $_REQUEST['doit'] = true;
74 * PMA_isValid($_REQUEST['doit'], 'identical', 'true'); // false
75 * // $_REQUEST['doit'] = 'true';
76 * PMA_isValid($_REQUEST['doit'], 'identical', 'true'); // true
77 * </code>
78 *
79 * NOTE: call-by-reference is used to not get NOTICE on undefined vars,
80 * but the var is not altered inside this function, also after checking a var
81 * this var exists nut is not set, example:
82 * <code>
83 * // $var is not set
84 * isset($var); // false
85 * functionCallByReference($var); // false
86 * isset($var); // true
87 * functionCallByReference($var); // true
88 * </code>
89 *
90 * to avoid this we set this var to null if not isset
91 *
92 * @param mixed &$var variable to check
93 * @param mixed $type var type or array of valid values to check against $var
94 * @param mixed $compare var to compare with $var
95 *
96 * @return boolean whether valid or not
97 *
98 * @todo add some more var types like hex, bin, ...?
99 * @see http://php.net/gettype
100 */
101 function PMA_isValid(&$var, $type = 'length', $compare = null)
102 {
103 if (! isset($var)) {
104 // var is not even set
105 return false;
106 }
107
108 if ($type === false) {
109 // no vartype requested
110 return true;
111 }
112
113 if (is_array($type)) {
114 return in_array($var, $type);
115 }
116
117 // allow some aliases of var types
118 $type = strtolower($type);
119 switch ($type) {
120 case 'identic' :
121 $type = 'identical';
122 break;
123 case 'len' :
124 $type = 'length';
125 break;
126 case 'bool' :
127 $type = 'boolean';
128 break;
129 case 'float' :
130 $type = 'double';
131 break;
132 case 'int' :
133 $type = 'integer';
134 break;
135 case 'null' :
136 $type = 'NULL';
137 break;
138 }
139
140 if ($type === 'identical') {
141 return $var === $compare;
142 }
143
144 // whether we should check against given $compare
145 if ($type === 'similar') {
146 switch (gettype($compare)) {
147 case 'string':
148 case 'boolean':
149 $type = 'scalar';
150 break;
151 case 'integer':
152 case 'double':
153 $type = 'numeric';
154 break;
155 default:
156 $type = gettype($compare);
157 }
158 } elseif ($type === 'equal') {
159 $type = gettype($compare);
160 }
161
162 // do the check
163 if ($type === 'length' || $type === 'scalar') {
164 $is_scalar = is_scalar($var);
165 if ($is_scalar && $type === 'length') {
166 return (bool) /*overload*/mb_strlen($var);
167 }
168 return $is_scalar;
169 }
170
171 if ($type === 'numeric') {
172 return is_numeric($var);
173 }
174
175 if (gettype($var) === $type) {
176 return true;
177 }
178
179 return false;
180 }
181
182 /**
183 * Removes insecure parts in a path; used before include() or
184 * require() when a part of the path comes from an insecure source
185 * like a cookie or form.
186 *
187 * @param string $path The path to check
188 *
189 * @return string The secured path
190 *
191 * @access public
192 */
193 function PMA_securePath($path)
194 {
195 // change .. to .
196 $path = preg_replace('@\.\.*@', '.', $path);
197
198 return $path;
199 } // end function
200
201 /**
202 * displays the given error message on phpMyAdmin error page in foreign language,
203 * ends script execution and closes session
204 *
205 * loads language file if not loaded already
206 *
207 * @param string $error_message the error message or named error message
208 * @param string|array $message_args arguments applied to $error_message
209 * @param boolean $delete_session whether to delete session cookie
210 *
211 * @return void
212 */
213 function PMA_fatalError(
214 $error_message, $message_args = null, $delete_session = true
215 ) {
216 /* Use format string if applicable */
217 if (is_string($message_args)) {
218 $error_message = sprintf($error_message, $message_args);
219 } elseif (is_array($message_args)) {
220 $error_message = vsprintf($error_message, $message_args);
221 }
222
223 if ($GLOBALS['is_ajax_request']) {
224 $response = PMA_Response::getInstance();
225 $response->isSuccess(false);
226 $response->addJSON('message', PMA_Message::error($error_message));
227 } else {
228 $error_message = strtr($error_message, array('<br />' => '[br]'));
229
230 /* Load gettext for fatal errors */
231 if (!function_exists('__')) {
232 // It is possible that PMA_fatalError() is called before including
233 // vendor_config.php which defines GETTEXT_INC. See bug #4557
234 if (defined(GETTEXT_INC)) {
235 include_once GETTEXT_INC;
236 } else {
237 include_once './libraries/php-gettext/gettext.inc';
238 }
239 }
240
241 // these variables are used in the included file libraries/error.inc.php
242 //first check if php-mbstring is available
243 if (function_exists('mb_detect_encoding')) {
244 //If present use gettext
245 $error_header = __('Error');
246 } else {
247 $error_header = 'Error';
248 }
249 $lang = $GLOBALS['available_languages'][$GLOBALS['lang']][1];
250 $dir = $GLOBALS['text_dir'];
251
252 // on fatal errors it cannot hurt to always delete the current session
253 if ($delete_session
254 && isset($GLOBALS['session_name'])
255 && isset($_COOKIE[$GLOBALS['session_name']])
256 ) {
257 $GLOBALS['PMA_Config']->removeCookie($GLOBALS['session_name']);
258 }
259
260 // Displays the error message
261 include './libraries/error.inc.php';
262 }
263 if (! defined('TESTSUITE')) {
264 exit;
265 }
266 }
267
268 /**
269 * Returns a link to the PHP documentation
270 *
271 * @param string $target anchor in documentation
272 *
273 * @return string the URL
274 *
275 * @access public
276 */
277 function PMA_getPHPDocLink($target)
278 {
279 /* List of PHP documentation translations */
280 $php_doc_languages = array(
281 'pt_BR', 'zh', 'fr', 'de', 'it', 'ja', 'pl', 'ro', 'ru', 'fa', 'es', 'tr'
282 );
283
284 $lang = 'en';
285 if (in_array($GLOBALS['lang'], $php_doc_languages)) {
286 $lang = $GLOBALS['lang'];
287 }
288
289 return PMA_linkURL('http://php.net/manual/' . $lang . '/' . $target);
290 }
291
292 /**
293 * Warn or fail on missing extension.
294 *
295 * @param string $extension Extension name
296 * @param bool $fatal Whether the error is fatal.
297 * @param string $extra Extra string to append to message.
298 *
299 * @return void
300 */
301 function PMA_warnMissingExtension($extension, $fatal = false, $extra = '')
302 {
303 /* Gettext does not have to be loaded yet here */
304 if (function_exists('__')) {
305 $message = __(
306 'The %s extension is missing. Please check your PHP configuration.'
307 );
308 } else {
309 $message
310 = 'The %s extension is missing. Please check your PHP configuration.';
311 }
312 $doclink = PMA_getPHPDocLink('book.' . $extension . '.php');
313 $message = sprintf(
314 $message,
315 '[a@' . $doclink . '@Documentation][em]' . $extension . '[/em][/a]'
316 );
317 if ($extra != '') {
318 $message .= ' ' . $extra;
319 }
320 if ($fatal) {
321 PMA_fatalError($message);
322 return;
323 }
324
325 $GLOBALS['error_handler']->addError(
326 $message,
327 E_USER_WARNING,
328 '',
329 '',
330 false
331 );
332 }
333
334 /**
335 * returns count of tables in given db
336 *
337 * @param string $db database to count tables for
338 *
339 * @return integer count of tables in $db
340 */
341 function PMA_getTableCount($db)
342 {
343 $tables = $GLOBALS['dbi']->tryQuery(
344 'SHOW TABLES FROM ' . PMA_Util::backquote($db) . ';',
345 null, PMA_DatabaseInterface::QUERY_STORE
346 );
347 if ($tables) {
348 $num_tables = $GLOBALS['dbi']->numRows($tables);
349 $GLOBALS['dbi']->freeResult($tables);
350 } else {
351 $num_tables = 0;
352 }
353
354 return $num_tables;
355 }
356
357 /**
358 * Converts numbers like 10M into bytes
359 * Used with permission from Moodle (http://moodle.org) by Martin Dougiamas
360 * (renamed with PMA prefix to avoid double definition when embedded
361 * in Moodle)
362 *
363 * @param string|int $size size (Default = 0)
364 *
365 * @return integer $size
366 */
367 function PMA_getRealSize($size = 0)
368 {
369 if (! $size) {
370 return 0;
371 }
372
373 $scan = array(
374 'gb' => 1073741824, //1024 * 1024 * 1024,
375 'g' => 1073741824, //1024 * 1024 * 1024,
376 'mb' => 1048576,
377 'm' => 1048576,
378 'kb' => 1024,
379 'k' => 1024,
380 'b' => 1,
381 );
382
383 foreach ($scan as $unit => $factor) {
384 $sizeLength = strlen($size);
385 $unitLength = strlen($unit);
386 if ($sizeLength > $unitLength
387 && strtolower(
388 substr(
389 $size,
390 $sizeLength - $unitLength
391 )
392 ) == $unit
393 ) {
394 return substr(
395 $size,
396 0,
397 $sizeLength - $unitLength
398 ) * $factor;
399 }
400 }
401
402 return $size;
403 } // end function PMA_getRealSize()
404
405 /**
406 * merges array recursive like array_merge_recursive() but keyed-values are
407 * always overwritten.
408 *
409 * array PMA_arrayMergeRecursive(array $array1[, array $array2[, array ...]])
410 *
411 * @return array merged array
412 *
413 * @see http://php.net/array_merge
414 * @see http://php.net/array_merge_recursive
415 */
416 function PMA_arrayMergeRecursive()
417 {
418 switch(func_num_args()) {
419 case 0 :
420 return false;
421 case 1 :
422 // when does that happen?
423 return func_get_arg(0);
424 case 2 :
425 $args = func_get_args();
426 if (! is_array($args[0]) || ! is_array($args[1])) {
427 return $args[1];
428 }
429 foreach ($args[1] as $key2 => $value2) {
430 if (isset($args[0][$key2]) && !is_int($key2)) {
431 $args[0][$key2] = PMA_arrayMergeRecursive(
432 $args[0][$key2], $value2
433 );
434 } else {
435 // we erase the parent array, otherwise we cannot override
436 // a directive that contains array elements, like this:
437 // (in config.default.php)
438 // $cfg['ForeignKeyDropdownOrder']= array('id-content','content-id');
439 // (in config.inc.php)
440 // $cfg['ForeignKeyDropdownOrder']= array('content-id');
441 if (is_int($key2) && $key2 == 0) {
442 unset($args[0]);
443 }
444 $args[0][$key2] = $value2;
445 }
446 }
447 return $args[0];
448 default :
449 $args = func_get_args();
450 $args[1] = PMA_arrayMergeRecursive($args[0], $args[1]);
451 array_shift($args);
452 return call_user_func_array('PMA_arrayMergeRecursive', $args);
453 }
454 }
455
456 /**
457 * calls $function for every element in $array recursively
458 *
459 * this function is protected against deep recursion attack CVE-2006-1549,
460 * 1000 seems to be more than enough
461 *
462 * @param array &$array array to walk
463 * @param callable $function function to call for every array element
464 * @param bool $apply_to_keys_also whether to call the function for the keys also
465 *
466 * @return void
467 *
468 * @see http://www.php-security.org/MOPB/MOPB-02-2007.html
469 * @see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1549
470 */
471 function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false)
472 {
473 static $recursive_counter = 0;
474 $walked_keys = array();
475
476 if (++$recursive_counter > 1000) {
477 PMA_fatalError(__('possible deep recursion attack'));
478 }
479 foreach ($array as $key => $value) {
480 if (isset($walked_keys[$key])) {
481 continue;
482 }
483 $walked_keys[$key] = true;
484
485 if (is_array($value)) {
486 PMA_arrayWalkRecursive($array[$key], $function, $apply_to_keys_also);
487 } else {
488 $array[$key] = $function($value);
489 }
490
491 if ($apply_to_keys_also && is_string($key)) {
492 $new_key = $function($key);
493 if ($new_key != $key) {
494 $array[$new_key] = $array[$key];
495 unset($array[$key]);
496 $walked_keys[$new_key] = true;
497 }
498 }
499 }
500 $recursive_counter--;
501 }
502
503 /**
504 * boolean phpMyAdmin.PMA_checkPageValidity(string &$page, array $whitelist)
505 *
506 * checks given $page against given $whitelist and returns true if valid
507 * it optionally ignores query parameters in $page (script.php?ignored)
508 *
509 * @param string &$page page to check
510 * @param array $whitelist whitelist to check page against
511 *
512 * @return boolean whether $page is valid or not (in $whitelist or not)
513 */
514 function PMA_checkPageValidity(&$page, $whitelist)
515 {
516 if (! isset($page) || !is_string($page)) {
517 return false;
518 }
519
520 if (in_array($page, $whitelist)) {
521 return true;
522 }
523
524 $_page = /*overload*/mb_substr(
525 $page,
526 0,
527 /*overload*/mb_strpos($page . '?', '?')
528 );
529 if (in_array($_page, $whitelist)) {
530 return true;
531 }
532
533 $_page = urldecode($page);
534 $_page = /*overload*/mb_substr(
535 $_page,
536 0,
537 /*overload*/mb_strpos($_page . '?', '?')
538 );
539 if (in_array($_page, $whitelist)) {
540 return true;
541 }
542
543 return false;
544 }
545
546 /**
547 * tries to find the value for the given environment variable name
548 *
549 * searches in $_SERVER, $_ENV then tries getenv() and apache_getenv()
550 * in this order
551 *
552 * @param string $var_name variable name
553 *
554 * @return string value of $var or empty string
555 */
556 function PMA_getenv($var_name)
557 {
558 if (isset($_SERVER[$var_name])) {
559 return $_SERVER[$var_name];
560 }
561
562 if (isset($_ENV[$var_name])) {
563 return $_ENV[$var_name];
564 }
565
566 if (getenv($var_name)) {
567 return getenv($var_name);
568 }
569
570 if (function_exists('apache_getenv')
571 && apache_getenv($var_name, true)
572 ) {
573 return apache_getenv($var_name, true);
574 }
575
576 return '';
577 }
578
579 /**
580 * Send HTTP header, taking IIS limits into account (600 seems ok)
581 *
582 * @param string $uri the header to send
583 * @param bool $use_refresh whether to use Refresh: header when running on IIS
584 *
585 * @return boolean always true
586 */
587 function PMA_sendHeaderLocation($uri, $use_refresh = false)
588 {
589 if (PMA_IS_IIS && /*overload*/mb_strlen($uri) > 600) {
590 include_once './libraries/js_escape.lib.php';
591 PMA_Response::getInstance()->disable();
592
593 include_once './libraries/Template.class.php';
594
595 echo PMA\Template::get('header_location')
596 ->render(array('uri' => $uri));
597
598 return;
599 }
600
601 if (SID) {
602 if (/*overload*/mb_strpos($uri, '?') === false) {
603 header('Location: ' . $uri . '?' . SID);
604 } else {
605 $separator = PMA_URL_getArgSeparator();
606 header('Location: ' . $uri . $separator . SID);
607 }
608 return;
609 }
610
611 session_write_close();
612 if (headers_sent()) {
613 if (function_exists('debug_print_backtrace')) {
614 echo '<pre>';
615 debug_print_backtrace();
616 echo '</pre>';
617 }
618 trigger_error(
619 'PMA_sendHeaderLocation called when headers are already sent!',
620 E_USER_ERROR
621 );
622 }
623 // bug #1523784: IE6 does not like 'Refresh: 0', it
624 // results in a blank page
625 // but we need it when coming from the cookie login panel)
626 if (PMA_IS_IIS && $use_refresh) {
627 header('Refresh: 0; ' . $uri);
628 } else {
629 header('Location: ' . $uri);
630 }
631 }
632
633 /**
634 * Outputs application/json headers. This includes no caching.
635 *
636 * @return void
637 */
638 function PMA_headerJSON()
639 {
640 if (defined('TESTSUITE') && ! defined('PMA_TEST_HEADERS')) {
641 return;
642 }
643 // No caching
644 PMA_noCacheHeader();
645 // MIME type
646 header('Content-Type: application/json; charset=UTF-8');
647 // Disable content sniffing in browser
648 // This is needed in case we include HTML in JSON, browser might assume it's
649 // html to display
650 header('X-Content-Type-Options: nosniff');
651 }
652
653 /**
654 * Outputs headers to prevent caching in browser (and on the way).
655 *
656 * @return void
657 */
658 function PMA_noCacheHeader()
659 {
660 if (defined('TESTSUITE') && ! defined('PMA_TEST_HEADERS')) {
661 return;
662 }
663 // rfc2616 - Section 14.21
664 header('Expires: ' . date(DATE_RFC1123));
665 // HTTP/1.1
666 header(
667 'Cache-Control: no-store, no-cache, must-revalidate,'
668 . ' pre-check=0, post-check=0, max-age=0'
669 );
670 if (PMA_USR_BROWSER_AGENT == 'IE') {
671 /* On SSL IE sometimes fails with:
672 *
673 * Internet Explorer was not able to open this Internet site. The
674 * requested site is either unavailable or cannot be found. Please
675 * try again later.
676 *
677 * Adding Pragma: public fixes this.
678 */
679 header('Pragma: public');
680 return;
681 }
682
683 header('Pragma: no-cache'); // HTTP/1.0
684 // test case: exporting a database into a .gz file with Safari
685 // would produce files not having the current time
686 // (added this header for Safari but should not harm other browsers)
687 header('Last-Modified: ' . date(DATE_RFC1123));
688 }
689
690
691 /**
692 * Sends header indicating file download.
693 *
694 * @param string $filename Filename to include in headers if empty,
695 * none Content-Disposition header will be sent.
696 * @param string $mimetype MIME type to include in headers.
697 * @param int $length Length of content (optional)
698 * @param bool $no_cache Whether to include no-caching headers.
699 *
700 * @return void
701 */
702 function PMA_downloadHeader($filename, $mimetype, $length = 0, $no_cache = true)
703 {
704 if ($no_cache) {
705 PMA_noCacheHeader();
706 }
707 /* Replace all possibly dangerous chars in filename */
708 $filename = str_replace(array(';', '"', "\n", "\r"), '-', $filename);
709 if (!empty($filename)) {
710 header('Content-Description: File Transfer');
711 header('Content-Disposition: attachment; filename="' . $filename . '"');
712 }
713 header('Content-Type: ' . $mimetype);
714 // inform the server that compression has been done,
715 // to avoid a double compression (for example with Apache + mod_deflate)
716 $notChromeOrLessThan43 = PMA_USR_BROWSER_AGENT != 'CHROME' // see bug #4942
717 || (PMA_USR_BROWSER_AGENT == 'CHROME' && PMA_USR_BROWSER_VER < 43);
718 if (strpos($mimetype, 'gzip') !== false && $notChromeOrLessThan43) {
719 header('Content-Encoding: gzip');
720 }
721 header('Content-Transfer-Encoding: binary');
722 if ($length > 0) {
723 header('Content-Length: ' . $length);
724 }
725 }
726
727 /**
728 * Returns value of an element in $array given by $path.
729 * $path is a string describing position of an element in an associative array,
730 * eg. Servers/1/host refers to $array[Servers][1][host]
731 *
732 * @param string $path path in the array
733 * @param array $array the array
734 * @param mixed $default default value
735 *
736 * @return mixed array element or $default
737 */
738 function PMA_arrayRead($path, $array, $default = null)
739 {
740 $keys = explode('/', $path);
741 $value =& $array;
742 foreach ($keys as $key) {
743 if (! isset($value[$key])) {
744 return $default;
745 }
746 $value =& $value[$key];
747 }
748 return $value;
749 }
750
751 /**
752 * Stores value in an array
753 *
754 * @param string $path path in the array
755 * @param array &$array the array
756 * @param mixed $value value to store
757 *
758 * @return void
759 */
760 function PMA_arrayWrite($path, &$array, $value)
761 {
762 $keys = explode('/', $path);
763 $last_key = array_pop($keys);
764 $a =& $array;
765 foreach ($keys as $key) {
766 if (! isset($a[$key])) {
767 $a[$key] = array();
768 }
769 $a =& $a[$key];
770 }
771 $a[$last_key] = $value;
772 }
773
774 /**
775 * Removes value from an array
776 *
777 * @param string $path path in the array
778 * @param array &$array the array
779 *
780 * @return void
781 */
782 function PMA_arrayRemove($path, &$array)
783 {
784 $keys = explode('/', $path);
785 $keys_last = array_pop($keys);
786 $path = array();
787 $depth = 0;
788
789 $path[0] =& $array;
790 $found = true;
791 // go as deep as required or possible
792 foreach ($keys as $key) {
793 if (! isset($path[$depth][$key])) {
794 $found = false;
795 break;
796 }
797 $depth++;
798 $path[$depth] =& $path[$depth - 1][$key];
799 }
800 // if element found, remove it
801 if ($found) {
802 unset($path[$depth][$keys_last]);
803 $depth--;
804 }
805
806 // remove empty nested arrays
807 for (; $depth >= 0; $depth--) {
808 if (! isset($path[$depth+1]) || count($path[$depth+1]) == 0) {
809 unset($path[$depth][$keys[$depth]]);
810 } else {
811 break;
812 }
813 }
814 }
815
816 /**
817 * Returns link to (possibly) external site using defined redirector.
818 *
819 * @param string $url URL where to go.
820 *
821 * @return string URL for a link.
822 */
823 function PMA_linkURL($url)
824 {
825 if (!preg_match('#^https?://#', $url) || defined('PMA_SETUP')) {
826 return $url;
827 }
828
829 if (!function_exists('PMA_URL_getCommon')) {
830 include_once './libraries/url_generating.lib.php';
831 }
832 $params = array();
833 $params['url'] = $url;
834
835 $url = PMA_URL_getCommon($params);
836 //strip off token and such sensitive information. Just keep url.
837 $arr = parse_url($url);
838 parse_str($arr["query"], $vars);
839 $query = http_build_query(array("url" => $vars["url"]));
840 $url = './url.php?' . $query;
841
842 return $url;
843 }
844
845 /**
846 * Checks whether domain of URL is whitelisted domain or not.
847 * Use only for URLs of external sites.
848 *
849 * @param string $url URL of external site.
850 *
851 * @return boolean True: if domain of $url is allowed domain,
852 * False: otherwise.
853 */
854 function PMA_isAllowedDomain($url)
855 {
856 $arr = parse_url($url);
857 $domain = $arr["host"];
858 $domainWhiteList = array(
859 /* Include current domain */
860 $_SERVER['SERVER_NAME'],
861 /* phpMyAdmin domains */
862 'wiki.phpmyadmin.net', 'www.phpmyadmin.net', 'phpmyadmin.net',
863 'docs.phpmyadmin.net',
864 /* mysql.com domains */
865 'dev.mysql.com','bugs.mysql.com',
866 /* drizzle.org domains */
867 'www.drizzle.org',
868 /* mariadb domains */
869 'mariadb.org',
870 /* php.net domains */
871 'php.net',
872 /* Github domains*/
873 'github.com','www.github.com',
874 /* Following are doubtful ones. */
875 'www.primebase.com',
876 'pbxt.blogspot.com',
877 'www.percona.com',
878 'mysqldatabaseadministration.blogspot.com',
879 'ronaldbradford.com',
880 'xaprb.com',
881 );
882 if (in_array(/*overload*/mb_strtolower($domain), $domainWhiteList)) {
883 return true;
884 }
885
886 return false;
887 }
888
889
890 /**
891 * Adds JS code snippets to be displayed by the PMA_Response class.
892 * Adds a newline to each snippet.
893 *
894 * @param string $str Js code to be added (e.g. "token=1234;")
895 *
896 * @return void
897 */
898 function PMA_addJSCode($str)
899 {
900 $response = PMA_Response::getInstance();
901 $header = $response->getHeader();
902 $scripts = $header->getScripts();
903 $scripts->addCode($str);
904 }
905
906 /**
907 * Adds JS code snippet for variable assignment
908 * to be displayed by the PMA_Response class.
909 *
910 * @param string $key Name of value to set
911 * @param mixed $value Value to set, can be either string or array of strings
912 * @param bool $escape Whether to escape value or keep it as it is
913 * (for inclusion of js code)
914 *
915 * @return void
916 */
917 function PMA_addJSVar($key, $value, $escape = true)
918 {
919 PMA_addJSCode(PMA_getJsValue($key, $value, $escape));
920 }
921
922 /**
923 * Replace some html-unfriendly stuff
924 *
925 * @param string $buffer String to process
926 *
927 * @return string Escaped and cleaned up text suitable for html
928 */
929 function PMA_mimeDefaultFunction($buffer)
930 {
931 $buffer = htmlspecialchars($buffer);
932 $buffer = str_replace(' ', ' &nbsp;', $buffer);
933 $buffer = preg_replace("@((\015\012)|(\015)|(\012))@", '<br />' . "\n", $buffer);
934
935 return $buffer;
936 }
937
938 /**
939 * Displays SQL query before executing.
940 *
941 * @param array|string $query_data Array containing queries or query itself
942 *
943 * @return void
944 */
945 function PMA_previewSQL($query_data)
946 {
947 $retval = '<div class="preview_sql">';
948 if (empty($query_data)) {
949 $retval .= __('No change');
950 } elseif (is_array($query_data)) {
951 foreach ($query_data as $query) {
952 $retval .= PMA_Util::formatSql($query);
953 }
954 } else {
955 $retval .= PMA_Util::formatSql($query_data);
956 }
957 $retval .= '</div>';
958 $response = PMA_Response::getInstance();
959 $response->addJSON('sql_data', $retval);
960 exit;
961 }
962
963 /**
964 * recursively check if variable is empty
965 *
966 * @param mixed $value the variable
967 *
968 * @return bool true if empty
969 */
970 function PMA_emptyRecursive($value)
971 {
972 $empty = true;
973 if (is_array($value)) {
974 PMA_arrayWalkRecursive(
975 $value,
976 function ($item) use (&$empty) {
977 $empty = $empty && empty($item);
978 }
979 );
980 } else {
981 $empty = empty($value);
982 }
983 return $empty;
984 }
985
986 /**
987 * Creates some globals from $_POST variables matching a pattern
988 *
989 * @param array $post_patterns The patterns to search for
990 *
991 * @return void
992 */
993 function PMA_setPostAsGlobal($post_patterns)
994 {
995 foreach (array_keys($_POST) as $post_key) {
996 foreach ($post_patterns as $one_post_pattern) {
997 if (preg_match($one_post_pattern, $post_key)) {
998 $GLOBALS[$post_key] = $_POST[$post_key];
999 }
1000 }
1001 }
1002 }
1003
1004 /**
1005 * Creates some globals from $_REQUEST
1006 *
1007 * @param string $param db|table
1008 *
1009 * @return void
1010 */
1011 function PMA_setGlobalDbOrTable($param)
1012 {
1013 $GLOBALS[$param] = '';
1014 if (PMA_isValid($_REQUEST[$param])) {
1015 // can we strip tags from this?
1016 // only \ and / is not allowed in db names for MySQL
1017 $GLOBALS[$param] = $_REQUEST[$param];
1018 $GLOBALS['url_params'][$param] = $GLOBALS[$param];
1019 }
1020 }
1021
1022 /* Compatibility with PHP < 5.6 */
1023 if(! function_exists('hash_equals')) {
1024 function hash_equals($a, $b) {
1025 $ret = strlen($a) ^ strlen($b);
1026 $ret |= array_sum(unpack("C*", $a ^ $b));
1027 return ! $ret;
1028 }
1029 }
Mirror of official OpenEMR Sourceforge repository