tbl_replace.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * Manipulation of table data like inserting, replacing and updating
   5  *
   6  * Usually called as form action from tbl_change.php to insert or update table rows
   7  *
   8  * @todo 'edit_next' tends to not work as expected if used ...
   9  * at least there is no order by it needs the original query
  10  * and the row number and than replace the LIMIT clause
  11  *
  12  * @package PhpMyAdmin
  13  */
  14
  15 use PhpMyAdmin\Core;
  16 use PhpMyAdmin\File;
  17 use PhpMyAdmin\InsertEdit;
  18 use PhpMyAdmin\Message;
  19 use PhpMyAdmin\Plugins\IOTransformationsPlugin;
  20 use PhpMyAdmin\Relation;
  21 use PhpMyAdmin\Response;
  22 use PhpMyAdmin\Table;
  23 use PhpMyAdmin\Transformations;
  24 use PhpMyAdmin\Util;
  25
  26 /**
  27  * Gets some core libraries
  28  */
  29 require_once 'libraries/common.inc.php';
  30
  31 // Check parameters
  32 Util::checkParameters(array('db', 'table', 'goto'));
  33
  34 $GLOBALS['dbi']->selectDb($GLOBALS['db']);
  35
  36 /**
  37  * Initializes some variables
  38  */
  39 $goto_include = false;
  40
  41 $response = Response::getInstance();
  42 $header = $response->getHeader();
  43 $scripts = $header->getScripts();
  44 $scripts->addFile('makegrid.js');
  45 // Needed for generation of Inline Edit anchors
  46 $scripts->addFile('sql.js');
  47 $scripts->addFile('indexes.js');
  48 $scripts->addFile('gis_data_editor.js');
  49
  50 $relation = new Relation();
  51
  52 $insertEdit = new InsertEdit($GLOBALS['dbi']);
  53
  54 // check whether insert row mode, if so include tbl_change.php
  55 $insertEdit->isInsertRow();
  56
  57 $after_insert_actions = array('new_insert', 'same_insert', 'edit_next');
  58 if (isset($_POST['after_insert'])
  59     && in_array($_POST['after_insert'], $after_insert_actions)
  60 ) {
  61     $url_params['after_insert'] = $_POST['after_insert'];
  62     if (isset($_POST['where_clause'])) {
  63         foreach ($_POST['where_clause'] as $one_where_clause) {
  64             if ($_POST['after_insert'] == 'same_insert') {
  65                 $url_params['where_clause'][] = $one_where_clause;
  66             } elseif ($_POST['after_insert'] == 'edit_next') {
  67                 $insertEdit->setSessionForEditNext($one_where_clause);
  68             }
  69         }
  70     }
  71 }
  72 //get $goto_include for different cases
  73 $goto_include = $insertEdit->getGotoInclude($goto_include);
  74
  75 // Defines the url to return in case of failure of the query
  76 $err_url = $insertEdit->getErrorUrl($url_params);
  77
  78 /**
  79  * Prepares the update/insert of a row
  80  */
  81 list($loop_array, $using_key, $is_insert, $is_insertignore)
  82     = $insertEdit->getParamsForUpdateOrInsert();
  83
  84 $query = array();
  85 $value_sets = array();
  86 $func_no_param = array(
  87     'CONNECTION_ID',
  88     'CURRENT_USER',
  89     'CURDATE',
  90     'CURTIME',
  91     'CURRENT_DATE',
  92     'CURRENT_TIME',
  93     'DATABASE',
  94     'LAST_INSERT_ID',
  95     'NOW',
  96     'PI',
  97     'RAND',
  98     'SYSDATE',
  99     'UNIX_TIMESTAMP',
 100     'USER',
 101     'UTC_DATE',
 102     'UTC_TIME',
 103     'UTC_TIMESTAMP',
 104     'UUID',
 105     'UUID_SHORT',
 106     'VERSION',
 107 );
 108 $func_optional_param = array(
 109     'RAND',
 110     'UNIX_TIMESTAMP',
 111 );
 112
 113 $gis_from_text_functions = array(
 114     'GeomFromText',
 115     'GeomCollFromText',
 116     'LineFromText',
 117     'MLineFromText',
 118     'PointFromText',
 119     'MPointFromText',
 120     'PolyFromText',
 121     'MPolyFromText',
 122 );
 123
 124 if ($GLOBALS['dbi']->getVersion() >= 50600) {
 125     $gis_from_text_functions = array(
 126         'ST_GeomFromText',
 127         'ST_GeomCollFromText',
 128         'ST_LineFromText',
 129         'ST_MLineFromText',
 130         'ST_PointFromText',
 131         'ST_MPointFromText',
 132         'ST_PolyFromText',
 133         'ST_MPolyFromText',
 134     );
 135 }
 136
 137 $gis_from_wkb_functions = array(
 138     'GeomFromWKB',
 139     'GeomCollFromWKB',
 140     'LineFromWKB',
 141     'MLineFromWKB',
 142     'PointFromWKB',
 143     'MPointFromWKB',
 144     'PolyFromWKB',
 145     'MPolyFromWKB',
 146 );
 147
 148 //if some posted fields need to be transformed.
 149 $mime_map = Transformations::getMIME($GLOBALS['db'], $GLOBALS['table']);
 150 if ($mime_map === false) {
 151     $mime_map = array();
 152 }
 153
 154 $query_fields = array();
 155 $insert_errors = array();
 156 $row_skipped = false;
 157 $unsaved_values = array();
 158 foreach ($loop_array as $rownumber => $where_clause) {
 159     // skip fields to be ignored
 160     if (! $using_key && isset($_POST['insert_ignore_' . $where_clause])) {
 161         continue;
 162     }
 163
 164     // Defines the SET part of the sql query
 165     $query_values = array();
 166
 167     // Map multi-edit keys to single-level arrays, dependent on how we got the fields
 168     $multi_edit_columns
 169         = isset($_POST['fields']['multi_edit'][$rownumber])
 170         ? $_POST['fields']['multi_edit'][$rownumber]
 171         : array();
 172     $multi_edit_columns_name
 173         = isset($_POST['fields_name']['multi_edit'][$rownumber])
 174         ? $_POST['fields_name']['multi_edit'][$rownumber]
 175         : array();
 176     $multi_edit_columns_prev
 177         = isset($_POST['fields_prev']['multi_edit'][$rownumber])
 178         ? $_POST['fields_prev']['multi_edit'][$rownumber]
 179         : null;
 180     $multi_edit_funcs
 181         = isset($_POST['funcs']['multi_edit'][$rownumber])
 182         ? $_POST['funcs']['multi_edit'][$rownumber]
 183         : null;
 184     $multi_edit_salt
 185         = isset($_POST['salt']['multi_edit'][$rownumber])
 186         ? $_POST['salt']['multi_edit'][$rownumber]
 187         :null;
 188     $multi_edit_columns_type
 189         = isset($_POST['fields_type']['multi_edit'][$rownumber])
 190         ? $_POST['fields_type']['multi_edit'][$rownumber]
 191         : null;
 192     $multi_edit_columns_null
 193         = isset($_POST['fields_null']['multi_edit'][$rownumber])
 194         ? $_POST['fields_null']['multi_edit'][$rownumber]
 195         : null;
 196     $multi_edit_columns_null_prev
 197         = isset($_POST['fields_null_prev']['multi_edit'][$rownumber])
 198         ? $_POST['fields_null_prev']['multi_edit'][$rownumber]
 199         : null;
 200     $multi_edit_auto_increment
 201         = isset($_POST['auto_increment']['multi_edit'][$rownumber])
 202         ? $_POST['auto_increment']['multi_edit'][$rownumber]
 203         : null;
 204     $multi_edit_virtual
 205         = isset($_POST['virtual']['multi_edit'][$rownumber])
 206         ? $_POST['virtual']['multi_edit'][$rownumber]
 207         : null;
 208
 209     // When a select field is nullified, it's not present in $_POST
 210     // so initialize it; this way, the foreach($multi_edit_columns) will process it
 211     foreach ($multi_edit_columns_name as $key => $val) {
 212         if (! isset($multi_edit_columns[$key])) {
 213             $multi_edit_columns[$key] = '';
 214         }
 215     }
 216
 217     // Iterate in the order of $multi_edit_columns_name,
 218     // not $multi_edit_columns, to avoid problems
 219     // when inserting multiple entries
 220     $insert_fail = false;
 221     foreach ($multi_edit_columns_name as $key => $column_name) {
 222         $current_value = $multi_edit_columns[$key];
 223         // Note: $key is an md5 of the fieldname. The actual fieldname is
 224         // available in $multi_edit_columns_name[$key]
 225
 226         $file_to_insert = new File();
 227         $file_to_insert->checkTblChangeForm($key, $rownumber);
 228
 229         $possibly_uploaded_val = $file_to_insert->getContent();
 230         if ($possibly_uploaded_val !== false) {
 231             $current_value = $possibly_uploaded_val;
 232         }
 233         // Apply Input Transformation if defined
 234         if (!empty($mime_map[$column_name])
 235             && !empty($mime_map[$column_name]['input_transformation'])
 236         ) {
 237             $filename = 'libraries/classes/Plugins/Transformations/'
 238                 . $mime_map[$column_name]['input_transformation'];
 239             if (is_file($filename)) {
 240                 $classname = Transformations::getClassName($filename);
 241                 if (class_exists($classname)) {
 242                     /** @var IOTransformationsPlugin $transformation_plugin */
 243                     $transformation_plugin = new $classname();
 244                     $transformation_options = Transformations::getOptions(
 245                         $mime_map[$column_name]['input_transformation_options']
 246                     );
 247                     $current_value = $transformation_plugin->applyTransformation(
 248                         $current_value, $transformation_options
 249                     );
 250                     // check if transformation was successful or not
 251                     // and accordingly set error messages & insert_fail
 252                     if (method_exists($transformation_plugin, 'isSuccess')
 253                         && !$transformation_plugin->isSuccess()
 254                     ) {
 255                         $insert_fail = true;
 256                         $row_skipped = true;
 257                         $insert_errors[] = sprintf(
 258                             __('Row: %1$s, Column: %2$s, Error: %3$s'),
 259                             $rownumber, $column_name,
 260                             $transformation_plugin->getError()
 261                         );
 262                     }
 263                 }
 264             }
 265         }
 266
 267         if ($file_to_insert->isError()) {
 268             $insert_errors[] = $file_to_insert->getError();
 269         }
 270         // delete $file_to_insert temporary variable
 271         $file_to_insert->cleanUp();
 272
 273         $current_value = $insertEdit->getCurrentValueForDifferentTypes(
 274             $possibly_uploaded_val, $key, $multi_edit_columns_type,
 275             $current_value, $multi_edit_auto_increment,
 276             $rownumber, $multi_edit_columns_name, $multi_edit_columns_null,
 277             $multi_edit_columns_null_prev, $is_insert,
 278             $using_key, $where_clause, $table, $multi_edit_funcs
 279         );
 280
 281         $current_value_as_an_array = $insertEdit->getCurrentValueAsAnArrayForMultipleEdit(
 282             $multi_edit_funcs,
 283             $multi_edit_salt, $gis_from_text_functions, $current_value,
 284             $gis_from_wkb_functions, $func_optional_param, $func_no_param, $key
 285         );
 286
 287         if (! isset($multi_edit_virtual) || ! isset($multi_edit_virtual[$key])) {
 288             list($query_values, $query_fields)
 289                 = $insertEdit->getQueryValuesForInsertAndUpdateInMultipleEdit(
 290                     $multi_edit_columns_name, $multi_edit_columns_null,
 291                     $current_value, $multi_edit_columns_prev, $multi_edit_funcs,
 292                     $is_insert, $query_values, $query_fields,
 293                     $current_value_as_an_array, $value_sets, $key,
 294                     $multi_edit_columns_null_prev
 295                 );
 296         }
 297         if (isset($multi_edit_columns_null[$key])) {
 298             $multi_edit_columns[$key] = null;
 299         }
 300     } //end of foreach
 301
 302     // temporarily store rows not inserted
 303     // so that they can be populated again.
 304     if ($insert_fail) {
 305         $unsaved_values[$rownumber] = $multi_edit_columns;
 306     }
 307     if (!$insert_fail && count($query_values) > 0) {
 308         if ($is_insert) {
 309             $value_sets[] = implode(', ', $query_values);
 310         } else {
 311             // build update query
 312             $query[] = 'UPDATE ' . Util::backquote($GLOBALS['table'])
 313                 . ' SET ' . implode(', ', $query_values)
 314                 . ' WHERE ' . $where_clause
 315                 . ($_POST['clause_is_unique'] ? '' : ' LIMIT 1');
 316         }
 317     }
 318 } // end foreach ($loop_array as $where_clause)
 319 unset(
 320     $multi_edit_columns_name, $multi_edit_columns_prev, $multi_edit_funcs,
 321     $multi_edit_columns_type, $multi_edit_columns_null, $func_no_param,
 322     $multi_edit_auto_increment, $current_value_as_an_array, $key, $current_value,
 323     $loop_array, $where_clause, $using_key,  $multi_edit_columns_null_prev,
 324     $insert_fail
 325 );
 326
 327 // Builds the sql query
 328 if ($is_insert && count($value_sets) > 0) {
 329     $query = $insertEdit->buildSqlQuery($is_insertignore, $query_fields, $value_sets);
 330 } elseif (empty($query) && ! isset($_POST['preview_sql']) && !$row_skipped) {
 331     // No change -> move back to the calling script
 332     //
 333     // Note: logic passes here for inline edit
 334     $message = Message::success(__('No change'));
 335     // Avoid infinite recursion
 336     if ($goto_include == 'tbl_replace.php') {
 337         $goto_include = 'tbl_change.php';
 338     }
 339     $active_page = $goto_include;
 340     include '' . Core::securePath($goto_include);
 341     exit;
 342 }
 343 unset($multi_edit_columns, $is_insertignore);
 344
 345 // If there is a request for SQL previewing.
 346 if (isset($_POST['preview_sql'])) {
 347     Core::previewSQL($query);
 348 }
 349
 350 /**
 351  * Executes the sql query and get the result, then move back to the calling
 352  * page
 353  */
 354 list ($url_params, $total_affected_rows, $last_messages, $warning_messages,
 355     $error_messages, $return_to_sql_query)
 356         = $insertEdit->executeSqlQuery($url_params, $query);
 357
 358 if ($is_insert && (count($value_sets) > 0 || $row_skipped)) {
 359     $message = Message::getMessageForInsertedRows(
 360         $total_affected_rows
 361     );
 362     $unsaved_values = array_values($unsaved_values);
 363 } else {
 364     $message = Message::getMessageForAffectedRows(
 365         $total_affected_rows
 366     );
 367 }
 368 if ($row_skipped) {
 369     $goto_include = 'tbl_change.php';
 370     $message->addMessagesString($insert_errors, '<br />');
 371     $message->isError(true);
 372 }
 373
 374 $message->addMessages($last_messages, '<br />');
 375
 376 if (! empty($warning_messages)) {
 377     $message->addMessagesString($warning_messages, '<br />');
 378     $message->isError(true);
 379 }
 380 if (! empty($error_messages)) {
 381     $message->addMessagesString($error_messages);
 382     $message->isError(true);
 383 }
 384 unset(
 385     $error_messages, $warning_messages, $total_affected_rows,
 386     $last_messages, $last_message, $row_skipped, $insert_errors
 387 );
 388
 389 /**
 390  * The following section only applies to grid editing.
 391  * However, verifying isAjax() is not enough to ensure we are coming from
 392  * grid editing. If we are coming from the Edit or Copy link in Browse mode,
 393  * ajax_page_request is present in the POST parameters.
 394  */
 395 if ($response->isAjax() && ! isset($_POST['ajax_page_request'])) {
 396     /**
 397      * If we are in grid editing, we need to process the relational and
 398      * transformed fields, if they were edited. After that, output the correct
 399      * link/transformed value and exit
 400      */
 401     if (isset($_POST['rel_fields_list']) && $_POST['rel_fields_list'] != '') {
 402
 403         $map = $relation->getForeigners($db, $table, '', 'both');
 404
 405         $relation_fields = array();
 406         parse_str($_POST['rel_fields_list'], $relation_fields);
 407
 408         // loop for each relation cell
 409         /** @var array $relation_fields */
 410         foreach ($relation_fields as $cell_index => $curr_rel_field) {
 411             foreach ($curr_rel_field as $relation_field => $relation_field_value) {
 412                 $where_comparison = "='" . $relation_field_value . "'";
 413                 $dispval = $insertEdit->getDisplayValueForForeignTableColumn(
 414                     $where_comparison, $map, $relation_field
 415                 );
 416
 417                 $extra_data['relations'][$cell_index]
 418                     = $insertEdit->getLinkForRelationalDisplayField(
 419                         $map, $relation_field, $where_comparison,
 420                         $dispval, $relation_field_value
 421                     );
 422             }
 423         }   // end of loop for each relation cell
 424     }
 425     if (isset($_POST['do_transformations'])
 426         && $_POST['do_transformations'] == true
 427     ) {
 428         $edited_values = array();
 429         parse_str($_POST['transform_fields_list'], $edited_values);
 430
 431         if (! isset($extra_data)) {
 432             $extra_data = array();
 433         }
 434         $transformation_types = array(
 435             "input_transformation",
 436             "transformation"
 437         );
 438         foreach ($mime_map as $transformation) {
 439             $column_name = $transformation['column_name'];
 440             foreach ($transformation_types as $type) {
 441                 $file = Core::securePath($transformation[$type]);
 442                 $extra_data = $insertEdit->transformEditedValues(
 443                     $db, $table, $transformation, $edited_values, $file,
 444                     $column_name, $extra_data, $type
 445                 );
 446             }
 447         }   // end of loop for each $mime_map
 448     }
 449
 450     // Need to check the inline edited value can be truncated by MySQL
 451     // without informing while saving
 452     $column_name = $_POST['fields_name']['multi_edit'][0][0];
 453
 454     $insertEdit->verifyWhetherValueCanBeTruncatedAndAppendExtraData(
 455         $db, $table, $column_name, $extra_data
 456     );
 457
 458     /**Get the total row count of the table*/
 459     $_table = new Table($_POST['table'], $_POST['db']);
 460     $extra_data['row_count'] = $_table->countRecords();
 461
 462     $extra_data['sql_query'] = Util::getMessage(
 463         $message,
 464         $GLOBALS['display_query']
 465     );
 466
 467     $response->setRequestStatus($message->isSuccess());
 468     $response->addJSON('message', $message);
 469     $response->addJSON($extra_data);
 470     exit;
 471 }
 472
 473 if (! empty($return_to_sql_query)) {
 474     $disp_query = $GLOBALS['sql_query'];
 475     $disp_message = $message;
 476     unset($message);
 477     $GLOBALS['sql_query'] = $return_to_sql_query;
 478 }
 479
 480 $scripts->addFile('vendor/jquery/additional-methods.js');
 481 $scripts->addFile('tbl_change.js');
 482
 483 $active_page = $goto_include;
 484
 485 /**
 486  * If user asked for "and then Insert another new row" we have to remove
 487  * WHERE clause information so that tbl_change.php does not go back
 488  * to the current record
 489  */
 490 if (isset($_POST['after_insert']) && 'new_insert' == $_POST['after_insert']) {
 491     unset($_POST['where_clause']);
 492 }
 493
 494 /**
 495  * Load target page.
 496  */
 497 require '' . Core::securePath($goto_include);
 498 exit;