sql.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * SQL executor
   5  *
   6  * @todo    we must handle the case if sql.php is called directly with a query
   7  *          that returns 0 rows - to prevent cyclic redirects or includes
   8  * @package PhpMyAdmin
   9  */
  10 declare(strict_types=1);
  11
  12 use PhpMyAdmin\Config\PageSettings;
  13 use PhpMyAdmin\ParseAnalyze;
  14 use PhpMyAdmin\Response;
  15 use PhpMyAdmin\Sql;
  16 use PhpMyAdmin\Url;
  17 use PhpMyAdmin\Util;
  18
  19 /**
  20  * Gets some core libraries
  21  */
  22 require_once 'libraries/common.inc.php';
  23 require_once 'libraries/check_user_privileges.inc.php';
  24
  25 PageSettings::showGroup('Browse');
  26
  27 $response = Response::getInstance();
  28 $header   = $response->getHeader();
  29 $scripts  = $header->getScripts();
  30 $scripts->addFile('vendor/jquery/jquery.uitablefilter.js');
  31 $scripts->addFile('tbl_change.js');
  32 $scripts->addFile('indexes.js');
  33 $scripts->addFile('gis_data_editor.js');
  34 $scripts->addFile('multi_column_sort.js');
  35
  36 $sql = new Sql();
  37
  38 /**
  39  * Set ajax_reload in the response if it was already set
  40  */
  41 if (isset($ajax_reload) && $ajax_reload['reload'] === true) {
  42     $response->addJSON('ajax_reload', $ajax_reload);
  43 }
  44
  45 /**
  46  * Defines the url to return to in case of error in a sql statement
  47  */
  48 $is_gotofile  = true;
  49 if (empty($goto)) {
  50     if (empty($table)) {
  51         $goto = Util::getScriptNameForOption(
  52             $GLOBALS['cfg']['DefaultTabDatabase'],
  53             'database'
  54         );
  55     } else {
  56         $goto = Util::getScriptNameForOption(
  57             $GLOBALS['cfg']['DefaultTabTable'],
  58             'table'
  59         );
  60     }
  61 } // end if
  62
  63 if (! isset($err_url)) {
  64     $err_url = (! empty($back) ? $back : $goto)
  65         . '?' . Url::getCommon(['db' => $GLOBALS['db']])
  66         . ((mb_strpos(' ' . $goto, 'db_') != 1
  67             && strlen($table) > 0)
  68             ? '&amp;table=' . urlencode($table)
  69             : ''
  70         );
  71 } // end if
  72
  73 // Coming from a bookmark dialog
  74 if (isset($_POST['bkm_fields']['bkm_sql_query'])) {
  75     $sql_query = $_POST['bkm_fields']['bkm_sql_query'];
  76 } elseif (isset($_POST['sql_query'])) {
  77     $sql_query = $_POST['sql_query'];
  78 }
  79
  80 // This one is just to fill $db
  81 if (isset($_POST['bkm_fields']['bkm_database'])) {
  82     $db = $_POST['bkm_fields']['bkm_database'];
  83 }
  84
  85 // During grid edit, if we have a relational field, show the dropdown for it.
  86 if (isset($_REQUEST['get_relational_values'])
  87     && $_REQUEST['get_relational_values'] == true
  88 ) {
  89     $sql->getRelationalValues($db, $table);
  90     // script has exited at this point
  91 }
  92
  93 // Just like above, find possible values for enum fields during grid edit.
  94 if (isset($_REQUEST['get_enum_values']) && $_REQUEST['get_enum_values'] == true) {
  95     $sql->getEnumOrSetValues($db, $table, "enum");
  96     // script has exited at this point
  97 }
  98
  99
 100 // Find possible values for set fields during grid edit.
 101 if (isset($_REQUEST['get_set_values']) && $_REQUEST['get_set_values'] == true) {
 102     $sql->getEnumOrSetValues($db, $table, "set");
 103     // script has exited at this point
 104 }
 105
 106 if (isset($_REQUEST['get_default_fk_check_value'])
 107     && $_REQUEST['get_default_fk_check_value'] == true
 108 ) {
 109     $response = Response::getInstance();
 110     $response->addJSON(
 111         'default_fk_check_value',
 112         Util::isForeignKeyCheck()
 113     );
 114     exit;
 115 }
 116
 117 /**
 118  * Check ajax request to set the column order and visibility
 119  */
 120 if (isset($_REQUEST['set_col_prefs']) && $_REQUEST['set_col_prefs'] == true) {
 121     $sql->setColumnOrderOrVisibility($table, $db);
 122     // script has exited at this point
 123 }
 124
 125 // Default to browse if no query set and we have table
 126 // (needed for browsing from DefaultTabTable)
 127 if (empty($sql_query) && strlen($table) > 0 && strlen($db) > 0) {
 128     $sql_query = $sql->getDefaultSqlQueryForBrowse($db, $table);
 129
 130     // set $goto to what will be displayed if query returns 0 rows
 131     $goto = '';
 132 } else {
 133     // Now we can check the parameters
 134     Util::checkParameters(['sql_query']);
 135 }
 136
 137 /**
 138  * Parse and analyze the query
 139  */
 140 list(
 141     $analyzed_sql_results,
 142     $db,
 143     $table_from_sql
 144 ) = ParseAnalyze::sqlQuery($sql_query, $db);
 145 // @todo: possibly refactor
 146 extract($analyzed_sql_results);
 147
 148 if ($table != $table_from_sql && !empty($table_from_sql)) {
 149     $table = $table_from_sql;
 150 }
 151
 152
 153 /**
 154  * Check rights in case of DROP DATABASE
 155  *
 156  * This test may be bypassed if $is_js_confirmed = 1 (already checked with js)
 157  * but since a malicious user may pass this variable by url/form, we don't take
 158  * into account this case.
 159  */
 160 if ($sql->hasNoRightsToDropDatabase(
 161     $analyzed_sql_results,
 162     $cfg['AllowUserDropDatabase'],
 163     $GLOBALS['dbi']->isSuperuser()
 164 )) {
 165     Util::mysqlDie(
 166         __('"DROP DATABASE" statements are disabled.'),
 167         '',
 168         false,
 169         $err_url
 170     );
 171 } // end if
 172
 173 /**
 174  * Need to find the real end of rows?
 175  */
 176 if (isset($find_real_end) && $find_real_end) {
 177     $unlim_num_rows = $sql->findRealEndOfRows($db, $table);
 178 }
 179
 180
 181 /**
 182  * Bookmark add
 183  */
 184 if (isset($_POST['store_bkm'])) {
 185     $sql->addBookmark($goto);
 186     // script has exited at this point
 187 } // end if
 188
 189
 190 /**
 191  * Sets or modifies the $goto variable if required
 192  */
 193 if ($goto == 'sql.php') {
 194     $is_gotofile = false;
 195     $goto = 'sql.php' . Url::getCommon(
 196         [
 197             'db' => $db,
 198             'table' => $table,
 199             'sql_query' => $sql_query
 200         ]
 201     );
 202 } // end if
 203
 204 $sql->executeQueryAndSendQueryResponse(
 205     $analyzed_sql_results, // analyzed_sql_results
 206     $is_gotofile, // is_gotofile
 207     $db, // db
 208     $table, // table
 209     isset($find_real_end) ? $find_real_end : null, // find_real_end
 210     isset($import_text) ? $import_text : null, // sql_query_for_bookmark
 211     isset($extra_data) ? $extra_data : null, // extra_data
 212     isset($message_to_show) ? $message_to_show : null, // message_to_show
 213     isset($message) ? $message : null, // message
 214     isset($sql_data) ? $sql_data : null, // sql_data
 215     $goto, // goto
 216     $pmaThemeImage, // pmaThemeImage
 217     isset($disp_query) ? $display_query : null, // disp_query
 218     isset($disp_message) ? $disp_message : null, // disp_message
 219     isset($query_type) ? $query_type : null, // query_type
 220     $sql_query, // sql_query
 221     isset($selected) ? $selected : null, // selectedTables
 222     isset($complete_query) ? $complete_query : null // complete_query
 223 );