sql.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * SQL executor
   5  *
   6  * @todo    we must handle the case if sql.php is called directly with a query
   7  *          that returns 0 rows - to prevent cyclic redirects or includes
   8  * @package PhpMyAdmin
   9  */
  10 use PhpMyAdmin\Config\PageSettings;
  11 use PhpMyAdmin\Response;
  12 use PhpMyAdmin\Sql;
  13 use PhpMyAdmin\Url;
  14 use PhpMyAdmin\Util;
  15
  16 /**
  17  * Gets some core libraries
  18  */
  19 require_once 'libraries/common.inc.php';
  20 require_once 'libraries/check_user_privileges.lib.php';
  21 require_once 'libraries/config/user_preferences.forms.php';
  22 require_once 'libraries/config/page_settings.forms.php';
  23
  24 PageSettings::showGroup('Browse');
  25
  26 $response = Response::getInstance();
  27 $header   = $response->getHeader();
  28 $scripts  = $header->getScripts();
  29 $scripts->addFile('vendor/jquery/jquery-ui-timepicker-addon.js');
  30 $scripts->addFile('vendor/jquery/jquery.uitablefilter.js');
  31 $scripts->addFile('tbl_change.js');
  32 $scripts->addFile('indexes.js');
  33 $scripts->addFile('gis_data_editor.js');
  34 $scripts->addFile('multi_column_sort.js');
  35
  36 /**
  37  * Set ajax_reload in the response if it was already set
  38  */
  39 if (isset($ajax_reload) && $ajax_reload['reload'] === true) {
  40     $response->addJSON('ajax_reload', $ajax_reload);
  41 }
  42
  43 /**
  44  * Defines the url to return to in case of error in a sql statement
  45  */
  46 $is_gotofile  = true;
  47 if (empty($goto)) {
  48     if (empty($table)) {
  49         $goto = Util::getScriptNameForOption(
  50             $GLOBALS['cfg']['DefaultTabDatabase'], 'database'
  51         );
  52     } else {
  53         $goto = Util::getScriptNameForOption(
  54             $GLOBALS['cfg']['DefaultTabTable'], 'table'
  55         );
  56     }
  57 } // end if
  58
  59 if (! isset($err_url)) {
  60     $err_url = (! empty($back) ? $back : $goto)
  61         . '?' . Url::getCommon(array('db' => $GLOBALS['db']))
  62         . ((mb_strpos(' ' . $goto, 'db_') != 1
  63             && strlen($table) > 0)
  64             ? '&amp;table=' . urlencode($table)
  65             : ''
  66         );
  67 } // end if
  68
  69 // Coming from a bookmark dialog
  70 if (isset($_POST['bkm_fields']['bkm_sql_query'])) {
  71     $sql_query = $_POST['bkm_fields']['bkm_sql_query'];
  72 } elseif (isset($_GET['sql_query'])) {
  73     $sql_query = $_GET['sql_query'];
  74 }
  75
  76 // This one is just to fill $db
  77 if (isset($_POST['bkm_fields']['bkm_database'])) {
  78     $db = $_POST['bkm_fields']['bkm_database'];
  79 }
  80
  81 // During grid edit, if we have a relational field, show the dropdown for it.
  82 if (isset($_REQUEST['get_relational_values'])
  83     && $_REQUEST['get_relational_values'] == true
  84 ) {
  85     Sql::getRelationalValues($db, $table);
  86     // script has exited at this point
  87 }
  88
  89 // Just like above, find possible values for enum fields during grid edit.
  90 if (isset($_REQUEST['get_enum_values']) && $_REQUEST['get_enum_values'] == true) {
  91     Sql::getEnumOrSetValues($db, $table, "enum");
  92     // script has exited at this point
  93 }
  94
  95
  96 // Find possible values for set fields during grid edit.
  97 if (isset($_REQUEST['get_set_values']) && $_REQUEST['get_set_values'] == true) {
  98     Sql::getEnumOrSetValues($db, $table, "set");
  99     // script has exited at this point
 100 }
 101
 102 if (isset($_REQUEST['get_default_fk_check_value'])
 103     && $_REQUEST['get_default_fk_check_value'] == true
 104 ) {
 105     $response = Response::getInstance();
 106     $response->addJSON(
 107         'default_fk_check_value', Util::isForeignKeyCheck()
 108     );
 109     exit;
 110 }
 111
 112 /**
 113  * Check ajax request to set the column order and visibility
 114  */
 115 if (isset($_REQUEST['set_col_prefs']) && $_REQUEST['set_col_prefs'] == true) {
 116     Sql::setColumnOrderOrVisibility($table, $db);
 117     // script has exited at this point
 118 }
 119
 120 // Default to browse if no query set and we have table
 121 // (needed for browsing from DefaultTabTable)
 122 if (empty($sql_query) && strlen($table) > 0 && strlen($db) > 0) {
 123     $sql_query = Sql::getDefaultSqlQueryForBrowse($db, $table);
 124
 125     // set $goto to what will be displayed if query returns 0 rows
 126     $goto = '';
 127 } else {
 128     // Now we can check the parameters
 129     Util::checkParameters(array('sql_query'));
 130 }
 131
 132 /**
 133  * Parse and analyze the query
 134  */
 135 require_once 'libraries/parse_analyze.lib.php';
 136 list(
 137     $analyzed_sql_results,
 138     $db,
 139     $table_from_sql
 140 ) = PMA_parseAnalyze($sql_query, $db);
 141 // @todo: possibly refactor
 142 extract($analyzed_sql_results);
 143
 144 if ($table != $table_from_sql && !empty($table_from_sql)) {
 145     $table = $table_from_sql;
 146 }
 147
 148
 149 /**
 150  * Check rights in case of DROP DATABASE
 151  *
 152  * This test may be bypassed if $is_js_confirmed = 1 (already checked with js)
 153  * but since a malicious user may pass this variable by url/form, we don't take
 154  * into account this case.
 155  */
 156 if (Sql::hasNoRightsToDropDatabase(
 157     $analyzed_sql_results, $cfg['AllowUserDropDatabase'], $is_superuser
 158 )) {
 159     Util::mysqlDie(
 160         __('"DROP DATABASE" statements are disabled.'),
 161         '',
 162         false,
 163         $err_url
 164     );
 165 } // end if
 166
 167 /**
 168  * Need to find the real end of rows?
 169  */
 170 if (isset($find_real_end) && $find_real_end) {
 171     $unlim_num_rows = Sql::findRealEndOfRows($db, $table);
 172 }
 173
 174
 175 /**
 176  * Bookmark add
 177  */
 178 if (isset($_POST['store_bkm'])) {
 179     Sql::addBookmark($goto);
 180     // script has exited at this point
 181 } // end if
 182
 183
 184 /**
 185  * Sets or modifies the $goto variable if required
 186  */
 187 if ($goto == 'sql.php') {
 188     $is_gotofile = false;
 189     $goto = 'sql.php' . Url::getCommon(
 190         array(
 191             'db' => $db,
 192             'table' => $table,
 193             'sql_query' => $sql_query
 194         )
 195     );
 196 } // end if
 197
 198 Sql::executeQueryAndSendQueryResponse(
 199     $analyzed_sql_results, // analyzed_sql_results
 200     $is_gotofile, // is_gotofile
 201     $db, // db
 202     $table, // table
 203     isset($find_real_end) ? $find_real_end : null, // find_real_end
 204     isset($import_text) ? $import_text : null, // sql_query_for_bookmark
 205     isset($extra_data) ? $extra_data : null, // extra_data
 206     isset($message_to_show) ? $message_to_show : null, // message_to_show
 207     isset($message) ? $message : null, // message
 208     isset($sql_data) ? $sql_data : null, // sql_data
 209     $goto, // goto
 210     $pmaThemeImage, // pmaThemeImage
 211     isset($disp_query) ? $display_query : null, // disp_query
 212     isset($disp_message) ? $disp_message : null, // disp_message
 213     isset($query_type) ? $query_type : null, // query_type
 214     $sql_query, // sql_query
 215     isset($selected) ? $selected : null, // selectedTables
 216     isset($complete_query) ? $complete_query : null // complete_query
 217 );