search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Translated using Weblate (Estonian)
[phpmyadmin.git] / libraries / classes / Header.php
blob2ba9337b666078ce929be86f11e50a7f09b3c899
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Used to render the header of PMA's pages
5 *
6 * @package PhpMyAdmin
7 */
8 declare(strict_types=1);
9
10 namespace PhpMyAdmin;
11
12 use PhpMyAdmin\Navigation\Navigation;
13
14 /**
15 * Class used to output the HTTP and HTML headers
16 *
17 * @package PhpMyAdmin
18 */
19 class Header
20 {
21 /**
22 * Scripts instance
23 *
24 * @access private
25 * @var Scripts
26 */
27 private $_scripts;
28 /**
29 * PhpMyAdmin\Console instance
30 *
31 * @access private
32 * @var Console
33 */
34 private $_console;
35 /**
36 * Menu instance
37 *
38 * @access private
39 * @var Menu
40 */
41 private $_menu;
42 /**
43 * Whether to offer the option of importing user settings
44 *
45 * @access private
46 * @var bool
47 */
48 private $_userprefsOfferImport;
49 /**
50 * The page title
51 *
52 * @access private
53 * @var string
54 */
55 private $_title;
56 /**
57 * The value for the id attribute for the body tag
58 *
59 * @access private
60 * @var string
61 */
62 private $_bodyId;
63 /**
64 * Whether to show the top menu
65 *
66 * @access private
67 * @var bool
68 */
69 private $_menuEnabled;
70 /**
71 * Whether to show the warnings
72 *
73 * @access private
74 * @var bool
75 */
76 private $_warningsEnabled;
77 /**
78 * Whether the page is in 'print view' mode
79 *
80 * @access private
81 * @var bool
82 */
83 private $_isPrintView;
84 /**
85 * Whether we are servicing an ajax request.
86 *
87 * @access private
88 * @var bool
89 */
90 private $_isAjax;
91 /**
92 * Whether to display anything
93 *
94 * @access private
95 * @var bool
96 */
97 private $_isEnabled;
98 /**
99 * Whether the HTTP headers (and possibly some HTML)
100 * have already been sent to the browser
101 *
102 * @access private
103 * @var bool
104 */
105 private $_headerIsSent;
106
107 /**
108 * @var UserPreferences
109 */
110 private $userPreferences;
111
112 /**
113 * @var Template
114 */
115 private $template;
116
117 /**
118 * @var Navigation
119 */
120 private $navigation;
121
122 /**
123 * Creates a new class instance
124 */
125 public function __construct()
126 {
127 $this->template = new Template();
128
129 $this->_isEnabled = true;
130 $this->_isAjax = false;
131 $this->_bodyId = '';
132 $this->_title = '';
133 $this->_console = new Console();
134 $db = strlen($GLOBALS['db']) ? $GLOBALS['db'] : '';
135 $table = strlen($GLOBALS['table']) ? $GLOBALS['table'] : '';
136 $this->_menu = new Menu(
137 $db,
138 $table
139 );
140 $this->_menuEnabled = true;
141 $this->_warningsEnabled = true;
142 $this->_isPrintView = false;
143 $this->_scripts = new Scripts();
144 $this->_addDefaultScripts();
145 $this->_headerIsSent = false;
146 // if database storage for user preferences is transient,
147 // offer to load exported settings from localStorage
148 // (detection will be done in JavaScript)
149 $this->_userprefsOfferImport = false;
150 if ($GLOBALS['PMA_Config']->get('user_preferences') == 'session'
151 && ! isset($_SESSION['userprefs_autoload'])
152 ) {
153 $this->_userprefsOfferImport = true;
154 }
155
156 $this->userPreferences = new UserPreferences();
157 $this->navigation = new Navigation(
158 $this->template,
159 new Relation($GLOBALS['dbi']),
160 $GLOBALS['dbi']
161 );
162 }
163
164 /**
165 * Loads common scripts
166 *
167 * @return void
168 */
169 private function _addDefaultScripts(): void
170 {
171 // Localised strings
172 $this->_scripts->addFile('vendor/jquery/jquery.min.js');
173 $this->_scripts->addFile('vendor/jquery/jquery-migrate.js');
174 $this->_scripts->addFile('whitelist.php');
175 $this->_scripts->addFile('vendor/sprintf.js');
176 $this->_scripts->addFile('ajax.js');
177 $this->_scripts->addFile('keyhandler.js');
178 $this->_scripts->addFile('vendor/bootstrap/bootstrap.bundle.min.js');
179 $this->_scripts->addFile('vendor/jquery/jquery-ui.min.js');
180 $this->_scripts->addFile('vendor/js.cookie.js');
181 $this->_scripts->addFile('vendor/jquery/jquery.mousewheel.js');
182 $this->_scripts->addFile('vendor/jquery/jquery.event.drag-2.2.js');
183 $this->_scripts->addFile('vendor/jquery/jquery.validate.js');
184 $this->_scripts->addFile('vendor/jquery/jquery-ui-timepicker-addon.js');
185 $this->_scripts->addFile('vendor/jquery/jquery.ba-hashchange-1.3.js');
186 $this->_scripts->addFile('vendor/jquery/jquery.debounce-1.0.5.js');
187 $this->_scripts->addFile('menu_resizer.js');
188
189 // Cross-framing protection
190 if ($GLOBALS['cfg']['AllowThirdPartyFraming'] === false) {
191 $this->_scripts->addFile('cross_framing_protection.js');
192 }
193
194 $this->_scripts->addFile('rte.js');
195 if ($GLOBALS['cfg']['SendErrorReports'] !== 'never') {
196 $this->_scripts->addFile('vendor/tracekit.js');
197 $this->_scripts->addFile('error_report.js');
198 }
199
200 // Here would not be a good place to add CodeMirror because
201 // the user preferences have not been merged at this point
202
203 $this->_scripts->addFile('messages.php', ['l' => $GLOBALS['lang']]);
204 $this->_scripts->addFile('config.js');
205 $this->_scripts->addFile('doclinks.js');
206 $this->_scripts->addFile('functions.js');
207 $this->_scripts->addFile('navigation.js');
208 $this->_scripts->addFile('indexes.js');
209 $this->_scripts->addFile('common.js');
210 $this->_scripts->addFile('page_settings.js');
211 if ($GLOBALS['cfg']['enable_drag_drop_import'] === true) {
212 $this->_scripts->addFile('drag_drop_import.js');
213 }
214 if (! $GLOBALS['PMA_Config']->get('DisableShortcutKeys')) {
215 $this->_scripts->addFile('shortcuts_handler.js');
216 }
217 $this->_scripts->addCode($this->getJsParamsCode());
218 }
219
220 /**
221 * Returns, as an array, a list of parameters
222 * used on the client side
223 *
224 * @return array
225 */
226 public function getJsParams(): array
227 {
228 $db = strlen($GLOBALS['db']) ? $GLOBALS['db'] : '';
229 $table = strlen($GLOBALS['table']) ? $GLOBALS['table'] : '';
230 $pftext = isset($_SESSION['tmpval']['pftext'])
231 ? $_SESSION['tmpval']['pftext'] : '';
232
233 $params = [
234 'common_query' => Url::getCommonRaw(),
235 'opendb_url' => Util::getScriptNameForOption(
236 $GLOBALS['cfg']['DefaultTabDatabase'],
237 'database'
238 ),
239 'lang' => $GLOBALS['lang'],
240 'server' => $GLOBALS['server'],
241 'table' => $table,
242 'db' => $db,
243 'token' => $_SESSION[' PMA_token '],
244 'text_dir' => $GLOBALS['text_dir'],
245 'show_databases_navigation_as_tree' => $GLOBALS['cfg']['ShowDatabasesNavigationAsTree'],
246 'pma_text_default_tab' => Util::getTitleForTarget(
247 $GLOBALS['cfg']['DefaultTabTable']
248 ),
249 'pma_text_left_default_tab' => Util::getTitleForTarget(
250 $GLOBALS['cfg']['NavigationTreeDefaultTabTable']
251 ),
252 'pma_text_left_default_tab2' => Util::getTitleForTarget(
253 $GLOBALS['cfg']['NavigationTreeDefaultTabTable2']
254 ),
255 'LimitChars' => $GLOBALS['cfg']['LimitChars'],
256 'pftext' => $pftext,
257 'confirm' => $GLOBALS['cfg']['Confirm'],
258 'LoginCookieValidity' => $GLOBALS['cfg']['LoginCookieValidity'],
259 'session_gc_maxlifetime' => (int) ini_get('session.gc_maxlifetime'),
260 'logged_in' => isset($GLOBALS['dbi']) ? $GLOBALS['dbi']->isUserType('logged') : false,
261 'is_https' => $GLOBALS['PMA_Config']->isHttps(),
262 'rootPath' => $GLOBALS['PMA_Config']->getRootPath(),
263 'arg_separator' => Url::getArgSeparator(),
264 'PMA_VERSION' => PMA_VERSION,
265 ];
266 if (isset($GLOBALS['cfg']['Server'], $GLOBALS['cfg']['Server']['auth_type'])) {
267 $params['auth_type'] = $GLOBALS['cfg']['Server']['auth_type'];
268 if (isset($GLOBALS['cfg']['Server']['user'])) {
269 $params['user'] = $GLOBALS['cfg']['Server']['user'];
270 }
271 }
272
273 return $params;
274 }
275
276 /**
277 * Returns, as a string, a list of parameters
278 * used on the client side
279 *
280 * @return string
281 */
282 public function getJsParamsCode(): string
283 {
284 $params = $this->getJsParams();
285 foreach ($params as $key => $value) {
286 if (is_bool($value)) {
287 $params[$key] = $key . ':' . ($value ? 'true' : 'false') . '';
288 } else {
289 $params[$key] = $key . ':"' . Sanitize::escapeJsString($value) . '"';
290 }
291 }
292 return 'CommonParams.setAll({' . implode(',', $params) . '});';
293 }
294
295 /**
296 * Disables the rendering of the header
297 *
298 * @return void
299 */
300 public function disable(): void
301 {
302 $this->_isEnabled = false;
303 }
304
305 /**
306 * Set the ajax flag to indicate whether
307 * we are servicing an ajax request
308 *
309 * @param bool $isAjax Whether we are servicing an ajax request
310 *
311 * @return void
312 */
313 public function setAjax(bool $isAjax): void
314 {
315 $this->_isAjax = $isAjax;
316 $this->_console->setAjax($isAjax);
317 }
318
319 /**
320 * Returns the Scripts object
321 *
322 * @return Scripts object
323 */
324 public function getScripts(): Scripts
325 {
326 return $this->_scripts;
327 }
328
329 /**
330 * Returns the Menu object
331 *
332 * @return Menu object
333 */
334 public function getMenu(): Menu
335 {
336 return $this->_menu;
337 }
338
339 /**
340 * Setter for the ID attribute in the BODY tag
341 *
342 * @param string $id Value for the ID attribute
343 *
344 * @return void
345 */
346 public function setBodyId(string $id): void
347 {
348 $this->_bodyId = htmlspecialchars($id);
349 }
350
351 /**
352 * Setter for the title of the page
353 *
354 * @param string $title New title
355 *
356 * @return void
357 */
358 public function setTitle(string $title): void
359 {
360 $this->_title = htmlspecialchars($title);
361 }
362
363 /**
364 * Disables the display of the top menu
365 *
366 * @return void
367 */
368 public function disableMenuAndConsole(): void
369 {
370 $this->_menuEnabled = false;
371 $this->_console->disable();
372 }
373
374 /**
375 * Disables the display of the top menu
376 *
377 * @return void
378 */
379 public function disableWarnings(): void
380 {
381 $this->_warningsEnabled = false;
382 }
383
384 /**
385 * Turns on 'print view' mode
386 *
387 * @return void
388 */
389 public function enablePrintView(): void
390 {
391 $this->disableMenuAndConsole();
392 $this->setTitle(__('Print view') . ' - phpMyAdmin ' . PMA_VERSION);
393 $this->_isPrintView = true;
394 }
395
396 /**
397 * Generates the header
398 *
399 * @return string The header
400 */
401 public function getDisplay(): string
402 {
403 if (! $this->_headerIsSent) {
404 if (! $this->_isAjax && $this->_isEnabled) {
405 $this->sendHttpHeaders();
406
407 $baseDir = defined('PMA_PATH_TO_BASEDIR') ? PMA_PATH_TO_BASEDIR : '';
408 $uniqueValue = $GLOBALS['PMA_Config']->getThemeUniqueValue();
409 $themePath = $GLOBALS['pmaThemePath'];
410 $version = self::getVersionParameter();
411
412 // The user preferences have been merged at this point
413 // so we can conditionally add CodeMirror
414 if ($GLOBALS['cfg']['CodemirrorEnable']) {
415 $this->_scripts->addFile('vendor/codemirror/lib/codemirror.js');
416 $this->_scripts->addFile('vendor/codemirror/mode/sql/sql.js');
417 $this->_scripts->addFile('vendor/codemirror/addon/runmode/runmode.js');
418 $this->_scripts->addFile('vendor/codemirror/addon/hint/show-hint.js');
419 $this->_scripts->addFile('vendor/codemirror/addon/hint/sql-hint.js');
420 if ($GLOBALS['cfg']['LintEnable']) {
421 $this->_scripts->addFile('vendor/codemirror/addon/lint/lint.js');
422 $this->_scripts->addFile(
423 'codemirror/addon/lint/sql-lint.js'
424 );
425 }
426 }
427 $this->_scripts->addCode(
428 'ConsoleEnterExecutes='
429 . ($GLOBALS['cfg']['ConsoleEnterExecutes'] ? 'true' : 'false')
430 );
431 $this->_scripts->addFiles($this->_console->getScripts());
432 if ($this->_userprefsOfferImport) {
433 $this->_scripts->addFile('config.js');
434 }
435
436 if ($this->_menuEnabled && $GLOBALS['server'] > 0) {
437 $navigation = $this->navigation->getDisplay();
438 }
439
440 $customHeader = Config::renderHeader();
441
442 // offer to load user preferences from localStorage
443 if ($this->_userprefsOfferImport) {
444 $loadUserPreferences = $this->userPreferences->autoloadGetHeader();
445 }
446
447 if ($this->_menuEnabled && $GLOBALS['server'] > 0) {
448 $menu = $this->_menu->getDisplay();
449 }
450 $console = $this->_console->getDisplay();
451 $messages = $this->getMessage();
452 }
453 if ($this->_isEnabled && empty($_REQUEST['recent_table'])) {
454 $recentTable = $this->_addRecentTable(
455 $GLOBALS['db'],
456 $GLOBALS['table']
457 );
458 }
459 return $this->template->render('header', [
460 'is_ajax' => $this->_isAjax,
461 'is_enabled' => $this->_isEnabled,
462 'lang' => $GLOBALS['lang'],
463 'allow_third_party_framing' => $GLOBALS['cfg']['AllowThirdPartyFraming'],
464 'is_print_view' => $this->_isPrintView,
465 'base_dir' => $baseDir ?? '',
466 'unique_value' => $uniqueValue ?? '',
467 'theme_path' => $themePath ?? '',
468 'version' => $version ?? '',
469 'text_dir' => $GLOBALS['text_dir'],
470 'server' => $GLOBALS['server'] ?? null,
471 'title' => $this->getPageTitle(),
472 'scripts' => $this->_scripts->getDisplay(),
473 'body_id' => $this->_bodyId,
474 'navigation' => $navigation ?? '',
475 'custom_header' => $customHeader ?? '',
476 'load_user_preferences' => $loadUserPreferences ?? '',
477 'show_hint' => $GLOBALS['cfg']['ShowHint'],
478 'is_warnings_enabled' => $this->_warningsEnabled,
479 'is_menu_enabled' => $this->_menuEnabled,
480 'menu' => $menu ?? '',
481 'console' => $console ?? '',
482 'messages' => $messages ?? '',
483 'has_recent_table' => empty($_REQUEST['recent_table']),
484 'recent_table' => $recentTable ?? '',
485 ]);
486 }
487 return '';
488 }
489
490 /**
491 * Returns the message to be displayed at the top of
492 * the page, including the executed SQL query, if any.
493 *
494 * @return string
495 */
496 public function getMessage(): string
497 {
498 $retval = '';
499 $message = '';
500 if (! empty($GLOBALS['message'])) {
501 $message = $GLOBALS['message'];
502 unset($GLOBALS['message']);
503 } elseif (! empty($_REQUEST['message'])) {
504 $message = $_REQUEST['message'];
505 }
506 if (! empty($message)) {
507 if (isset($GLOBALS['buffer_message'])) {
508 $buffer_message = $GLOBALS['buffer_message'];
509 }
510 $retval .= Util::getMessage($message);
511 if (isset($buffer_message)) {
512 $GLOBALS['buffer_message'] = $buffer_message;
513 }
514 }
515 return $retval;
516 }
517
518 /**
519 * Sends out the HTTP headers
520 *
521 * @return void
522 */
523 public function sendHttpHeaders(): void
524 {
525 if (defined('TESTSUITE')) {
526 return;
527 }
528 $map_tile_urls = ' *.tile.openstreetmap.org';
529
530 /**
531 * Sends http headers
532 */
533 $GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT';
534 if (! empty($GLOBALS['cfg']['CaptchaLoginPrivateKey'])
535 && ! empty($GLOBALS['cfg']['CaptchaLoginPublicKey'])
536 ) {
537 $captcha_url
538 = ' https://apis.google.com https://www.google.com/recaptcha/'
539 . ' https://www.gstatic.com/recaptcha/ https://ssl.gstatic.com/ ';
540 } else {
541 $captcha_url = '';
542 }
543 /* Prevent against ClickJacking by disabling framing */
544 if (strtolower((string) $GLOBALS['cfg']['AllowThirdPartyFraming']) === 'sameorigin') {
545 header(
546 'X-Frame-Options: SAMEORIGIN'
547 );
548 } elseif ($GLOBALS['cfg']['AllowThirdPartyFraming'] !== true) {
549 header(
550 'X-Frame-Options: DENY'
551 );
552 }
553 header(
554 'Referrer-Policy: no-referrer'
555 );
556 header(
557 "Content-Security-Policy: default-src 'self' "
558 . $captcha_url
559 . $GLOBALS['cfg']['CSPAllow'] . ';'
560 . "script-src 'self' 'unsafe-inline' 'unsafe-eval' "
561 . $captcha_url
562 . $GLOBALS['cfg']['CSPAllow'] . ';'
563 . "style-src 'self' 'unsafe-inline' "
564 . $captcha_url
565 . $GLOBALS['cfg']['CSPAllow']
566 . ";"
567 . "img-src 'self' data: "
568 . $GLOBALS['cfg']['CSPAllow']
569 . $map_tile_urls
570 . $captcha_url
571 . ";"
572 . "object-src 'none';"
573 );
574 header(
575 "X-Content-Security-Policy: default-src 'self' "
576 . $captcha_url
577 . $GLOBALS['cfg']['CSPAllow'] . ';'
578 . "options inline-script eval-script;"
579 . "referrer no-referrer;"
580 . "img-src 'self' data: "
581 . $GLOBALS['cfg']['CSPAllow']
582 . $map_tile_urls
583 . $captcha_url
584 . ";"
585 . "object-src 'none';"
586 );
587 header(
588 "X-WebKit-CSP: default-src 'self' "
589 . $captcha_url
590 . $GLOBALS['cfg']['CSPAllow'] . ';'
591 . "script-src 'self' "
592 . $captcha_url
593 . $GLOBALS['cfg']['CSPAllow']
594 . " 'unsafe-inline' 'unsafe-eval';"
595 . "referrer no-referrer;"
596 . "style-src 'self' 'unsafe-inline' "
597 . $captcha_url
598 . ';'
599 . "img-src 'self' data: "
600 . $GLOBALS['cfg']['CSPAllow']
601 . $map_tile_urls
602 . $captcha_url
603 . ";"
604 . "object-src 'none';"
605 );
606 // Re-enable possible disabled XSS filters
607 // see https://www.owasp.org/index.php/List_of_useful_HTTP_headers
608 header(
609 'X-XSS-Protection: 1; mode=block'
610 );
611 // "nosniff", prevents Internet Explorer and Google Chrome from MIME-sniffing
612 // a response away from the declared content-type
613 // see https://www.owasp.org/index.php/List_of_useful_HTTP_headers
614 header(
615 'X-Content-Type-Options: nosniff'
616 );
617 // Adobe cross-domain-policies
618 // see https://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
619 header(
620 'X-Permitted-Cross-Domain-Policies: none'
621 );
622 // Robots meta tag
623 // see https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag
624 header(
625 'X-Robots-Tag: noindex, nofollow'
626 );
627 Core::noCacheHeader();
628 if (! defined('IS_TRANSFORMATION_WRAPPER')) {
629 // Define the charset to be used
630 header('Content-Type: text/html; charset=utf-8');
631 }
632 $this->_headerIsSent = true;
633 }
634
635 /**
636 * If the page is missing the title, this function
637 * will set it to something reasonable
638 *
639 * @return string
640 */
641 public function getPageTitle(): string
642 {
643 if (strlen($this->_title) == 0) {
644 if ($GLOBALS['server'] > 0) {
645 if (strlen($GLOBALS['table'])) {
646 $temp_title = $GLOBALS['cfg']['TitleTable'];
647 } elseif (strlen($GLOBALS['db'])) {
648 $temp_title = $GLOBALS['cfg']['TitleDatabase'];
649 } elseif (strlen($GLOBALS['cfg']['Server']['host'])) {
650 $temp_title = $GLOBALS['cfg']['TitleServer'];
651 } else {
652 $temp_title = $GLOBALS['cfg']['TitleDefault'];
653 }
654 $this->_title = htmlspecialchars(
655 Util::expandUserString($temp_title)
656 );
657 } else {
658 $this->_title = 'phpMyAdmin';
659 }
660 }
661 return $this->_title;
662 }
663
664 /**
665 * Add recently used table and reload the navigation.
666 *
667 * @param string $db Database name where the table is located.
668 * @param string $table The table name
669 *
670 * @return string
671 */
672 private function _addRecentTable(string $db, string $table): string
673 {
674 $retval = '';
675 if ($this->_menuEnabled
676 && strlen($table) > 0
677 && $GLOBALS['cfg']['NumRecentTables'] > 0
678 ) {
679 $tmp_result = RecentFavoriteTable::getInstance('recent')->add(
680 $db,
681 $table
682 );
683 if ($tmp_result === true) {
684 $retval = RecentFavoriteTable::getHtmlUpdateRecentTables();
685 } else {
686 $error = $tmp_result;
687 $retval = $error->getDisplay();
688 }
689 }
690 return $retval;
691 }
692
693 /**
694 * Returns the phpMyAdmin version to be appended to the url to avoid caching
695 * between versions
696 *
697 * @return string urlenocded pma version as a parameter
698 */
699 public static function getVersionParameter(): string
700 {
701 return "v=" . urlencode(PMA_VERSION);
702 }
703 }
phpMyAdmin