Sanitize filenames (in a unified manner) before using in Content-Disposition header
[phpmyadmin.git] / prefs_manage.php
blobe5dbe3f906fe672b0e2a1718d8c34b0e0e600de9
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * User preferences management page
6 * @package phpMyAdmin
7 */
9 /**
10 * Gets some core libraries and displays a top message if required
12 require_once './libraries/common.inc.php';
13 require_once './libraries/user_preferences.lib.php';
14 require_once './libraries/config/config_functions.lib.php';
15 require_once './libraries/config/messages.inc.php';
16 require_once './libraries/config/ConfigFile.class.php';
17 require_once './libraries/config/Form.class.php';
18 require_once './libraries/config/FormDisplay.class.php';
19 require './libraries/config/user_preferences.forms.php';
21 PMA_userprefs_pageinit();
23 $error = '';
24 if (isset($_POST['submit_export']) && filter_input(INPUT_POST, 'export_type') == 'text_file') {
25 // export to JSON file
26 $filename = 'phpMyAdmin-config-' . urlencode(PMA_getenv('HTTP_HOST')) . '.json';
27 header('Content-Type: application/json');
28 header('Content-Disposition: attachment; filename="' . $filename . '"');
29 header('Expires: ' . date(DATE_RFC1123));
30 $settings = PMA_load_userprefs();
31 echo json_encode($settings['config_data']);
32 return;
33 } else if (isset($_POST['submit_get_json'])) {
34 $settings = PMA_load_userprefs();
35 header('Content-Type: application/json');
36 echo json_encode(array(
37 'prefs' => json_encode($settings['config_data']),
38 'mtime' => $settings['mtime']));
39 return;
40 } else if (isset($_POST['submit_import'])) {
41 // load from JSON file
42 $json = '';
43 if (filter_input(INPUT_POST, 'import_type') == 'text_file'
44 && isset($_FILES['import_file'])
45 && $_FILES['import_file']['error'] == UPLOAD_ERR_OK
46 && is_uploaded_file($_FILES['import_file']['tmp_name'])) {
47 // read JSON from uploaded file
48 $open_basedir = @ini_get('open_basedir');
49 $file_to_unlink = '';
50 $import_file = $_FILES['import_file']['tmp_name'];
52 // If we are on a server with open_basedir, we must move the file
53 // before opening it. The doc explains how to create the "./tmp"
54 // directory
55 if (!empty($open_basedir)) {
56 $tmp_subdir = (PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/');
57 if (is_writable($tmp_subdir)) {
58 $import_file_new = tempnam($tmp_subdir, 'prefs');
59 if (move_uploaded_file($import_file, $import_file_new)) {
60 $import_file = $import_file_new;
61 $file_to_unlink = $import_file_new;
65 $json = file_get_contents($import_file);
66 if ($file_to_unlink) {
67 unlink($file_to_unlink);
69 } else {
70 // read from POST value (json)
71 $json = filter_input(INPUT_POST, 'json');
74 // hide header message
75 $_SESSION['userprefs_autoload'] = true;
77 $config = json_decode($json, true);
78 $return_url = filter_input(INPUT_POST, 'return_url');
79 if (!is_array($config)) {
80 $error = __('Could not import configuration');
81 } else {
82 // sanitize input values: treat them as though they came from HTTP POST request
83 $form_display = new FormDisplay();
84 foreach ($forms as $formset_id => $formset) {
85 foreach ($formset as $form_name => $form) {
86 $form_display->registerForm($formset_id . ': ' . $form_name, $form);
89 $cf = ConfigFile::getInstance();
90 $new_config = $cf->getFlatDefaultConfig();
91 if (!empty($_POST['import_merge'])) {
92 $new_config = array_merge($new_config, $cf->getConfigArray());
94 $new_config = array_merge($new_config, $config);
95 $_POST_bak = $_POST;
96 foreach ($new_config as $k => $v) {
97 $_POST[str_replace('/', '-', $k)] = $v;
99 $cf->resetConfigData();
100 $all_ok = $form_display->process(true, false);
101 $all_ok = $all_ok && !$form_display->hasErrors();
102 $_POST = $_POST_bak;
104 if (!$all_ok && isset($_POST['fix_errors'])) {
105 $form_display->fixErrors();
106 $all_ok = true;
108 if (!$all_ok) {
109 // mimic original form and post json in a hidden field
110 require './libraries/header.inc.php';
111 require './libraries/user_preferences.inc.php';
112 $msg = PMA_Message::error(__('Configuration contains incorrect data for some fields.'));
113 $msg->display();
114 echo '<div class="config-form">';
115 $form_display->displayErrors();
116 echo '</div>';
118 <form action="prefs_manage.php" method="post">
119 <?php echo PMA_generate_common_hidden_inputs() . "\n"; ?>
120 <input type="hidden" name="json" value="<?php echo htmlspecialchars($json) ?>" />
121 <input type="hidden" name="fix_errors" value="1" />
122 <?php if (!empty($_POST['import_merge'])): ?>
123 <input type="hidden" name="import_merge" value="1" />
124 <?php endif; ?>
125 <?php if ($return_url): ?>
126 <input type="hidden" name="return_url" value="<?php echo htmlspecialchars($return_url) ?>" />
127 <?php endif; ?>
128 <p><?php echo __('Do you want to import remaining settings?') ?></p>
129 <input type="submit" name="submit_import" value="<?php echo __('Yes') ?>" />
130 <input type="submit" name="submit_ignore" value="<?php echo __('No') ?>" />
131 </form>
132 <?php
133 require './libraries/footer.inc.php';
134 return;
137 // check for ThemeDefault and fontsize
138 $params = array();
139 if (isset($config['ThemeDefault'])
140 && $_SESSION['PMA_Theme_Manager']->theme->getId() != $config['ThemeDefault']
141 && $_SESSION['PMA_Theme_Manager']->checkTheme($config['ThemeDefault'])) {
142 $_SESSION['PMA_Theme_Manager']->setActiveTheme($config['ThemeDefault']);
143 $_SESSION['PMA_Theme_Manager']->setThemeCookie();
144 $params['reload_left_frame'] = true;
146 if (isset($config['fontsize'])
147 && $config['fontsize'] != $GLOBALS['PMA_Config']->get('fontsize')) {
148 $params['set_fontsize'] = $config['fontsize'];
149 $params['reload_left_frame'] = true;
151 if (isset($config['lang'])
152 && $config['lang'] != $GLOBALS['lang']) {
153 $params['lang'] = $config['lang'];
154 $params['reload_left_frame'] = true;
156 if (isset($config['collation_connection'])
157 && $config['collation_connection'] != $GLOBALS['collation_connection']) {
158 $params['collation_connection'] = $config['collation_connection'];
159 $params['reload_left_frame'] = true;
162 // save settings
163 $old_settings = PMA_load_userprefs();
164 $result = PMA_save_userprefs($cf->getConfigArray());
165 if ($result === true) {
166 if ($return_url) {
167 $query = explode('&', parse_url($return_url, PHP_URL_QUERY));
168 $return_url = parse_url($return_url, PHP_URL_PATH);
169 foreach ($query as $q) {
170 $pos = strpos($q, '=');
171 $k = substr($q, 0, $pos);
172 if ($k == 'token') {
173 continue;
175 $params[$k] = substr($q, $pos+1);
177 } else {
178 $return_url = 'prefs_manage.php';
180 // reload config
181 $GLOBALS['PMA_Config']->loadUserPreferences();
182 PMA_userprefs_redirect($forms, $old_settings, $return_url, $params);
183 exit;
184 } else {
185 $error = $result;
188 } else if (isset($_POST['submit_clear'])) {
189 $old_settings = PMA_load_userprefs();
190 $result = PMA_save_userprefs(array());
191 if ($result === true) {
192 $params = array();
193 if ($_SESSION['PMA_Theme_Manager']->theme->getId() != 'original') {
194 $GLOBALS['PMA_Config']->removeCookie($_SESSION['PMA_Theme_Manager']->getThemeCookieName());
195 unset($_SESSION['PMA_Theme_Manager']);
196 unset($_SESSION['PMA_Theme']);
197 $params['reload_left_frame'] = true;
199 if ($GLOBALS['PMA_Config']->get('fontsize') != '82%') {
200 $GLOBALS['PMA_Config']->removeCookie('pma_fontsize');
201 $params['reload_left_frame'] = true;
203 $GLOBALS['PMA_Config']->removeCookie('pma_collaction_connection');
204 $GLOBALS['PMA_Config']->removeCookie('pma_lang');
205 PMA_userprefs_redirect($forms, $old_settings, 'prefs_manage.php', $params);
206 exit;
207 } else {
208 $error = $result;
210 exit;
213 $GLOBALS['js_include'][] = 'config.js';
214 require './libraries/header.inc.php';
215 require './libraries/user_preferences.inc.php';
216 if ($error) {
217 if (!$error instanceof PMA_Message) {
218 $error = PMA_Message::error($error);
220 $error->display();
223 <script type="text/javascript">
224 <?php
225 PMA_printJsValue("PMA_messages['strSavedOn']", __('Saved on: @DATE@'));
227 </script>
228 <div id="maincontainer">
229 <div id="main_pane_left">
230 <div class="group">
231 <h2><?php echo __('Import') ?></h2>
232 <form class="group-cnt prefs-form" name="prefs_import" action="prefs_manage.php" method="post" enctype="multipart/form-data">
233 <?php
234 echo PMA_generateHiddenMaxFileSize($max_upload_size) . "\n";
235 echo PMA_generate_common_hidden_inputs() . "\n";
237 <input type="hidden" name="json" value="" />
238 <input type="radio" id="import_text_file" name="import_type" value="text_file" checked="checked" />
239 <label for="import_text_file"><?php echo __('Import from file') ?></label>
240 <div id="opts_import_text_file" class="prefsmanage_opts">
241 <label for="input_import_file"><?php echo __('Location of the text file'); ?></label>
242 <input type="file" name="import_file" id="input_import_file" />
243 </div>
244 <input type="radio" id="import_local_storage" name="import_type" value="local_storage" disabled="disabled" />
245 <label for="import_local_storage"><?php echo __('Import from browser\'s storage') ?></label>
246 <div id="opts_import_local_storage" class="prefsmanage_opts disabled">
247 <div class="localStorage-supported">
248 <?php echo __('Settings will be imported from your browser\'s local storage.') ?>
249 <br />
250 <span class="localStorage-exists">
251 <?php echo __('Saved on: @DATE@') ?>
252 </span>
253 <span class="localStorage-empty">
254 <?php PMA_Message::notice(__('You have no saved settings!'))->display() ?>
255 </span>
256 </div>
257 <span class="localStorage-unsupported">
258 <?php PMA_Message::notice(__('This feature is not supported by your web browser'))->display() ?>
259 </span>
260 </div>
262 <input type="checkbox" id="import_merge" name="import_merge" />
263 <label for="import_merge"><?php echo __('Merge with current configuration') ?></label>
264 <br /><br />
265 <input type="submit" name="submit_import" value="<?php echo __('Go'); ?>" />
266 </form>
267 </div>
268 <?php
269 if (file_exists('./setup/index.php')) {
270 // show only if setup script is available, allows to disable this message
271 // by simply removing setup directory
273 <div class="group">
274 <h2><?php echo __('More settings') ?></h2>
275 <div class="group-cnt">
276 <?php
277 echo sprintf(__('You can set more settings by modifying config.inc.php, eg. by using %sSetup script%s.'), '<a href="setup/index.php">', '</a>');
278 echo PMA_showDocu('setup_script');
280 </div>
281 </div>
282 <?php
285 </div>
286 <div id="main_pane_right">
287 <div class="group">
288 <h2><?php echo __('Export') ?></h2>
289 <div class="click-hide-message group-cnt" style="display:none">
290 <?php
291 $message = PMA_Message::rawSuccess(__('Configuration has been saved'));
292 $message->display();
294 </div>
295 <form class="group-cnt prefs-form" name="prefs_export" action="prefs_manage.php" method="post">
296 <?php echo PMA_generate_common_hidden_inputs() . "\n" ?>
297 <div style="padding-bottom:0.5em">
298 <input type="radio" id="export_text_file" name="export_type" value="text_file" checked="checked" />
299 <label for="export_text_file"><?php echo __('Save as file') ?></label>
300 <br />
301 <input type="radio" id="export_local_storage" name="export_type" value="local_storage" disabled="disabled" />
302 <label for="export_local_storage"><?php echo __('Save to browser\'s storage') ?></label>
303 </div>
304 <div id="opts_export_local_storage" class="prefsmanage_opts disabled">
305 <span class="localStorage-supported">
306 <?php echo __('Settings will be saved in your browser\'s local storage.') ?>
307 <span class="localStorage-exists">
308 <br /><b><?php echo __('Existing settings will be overwritten!') ?></b>
309 </span>
310 </span>
311 <span class="localStorage-unsupported">
312 <?php PMA_Message::notice(__('This feature is not supported by your web browser'))->display() ?>
313 </span>
314 </div>
315 <br />
316 <input type="submit" name="submit_export" value="<?php echo __('Go'); ?>" />
317 </form>
318 </div>
319 <div class="group">
320 <h2><?php echo __('Reset') ?></h2>
321 <form class="group-cnt prefs-form" name="prefs_reset" action="prefs_manage.php" method="post">
322 <?php echo PMA_generate_common_hidden_inputs() . "\n" ?>
323 <?php echo __('You can reset all your settings and restore them to default values.') ?>
324 <br /><br />
325 <input type="submit" name="submit_clear" value="<?php echo __('Reset') ?>" />
326 </form>
328 </div>
329 </div>
330 <br class="clearfloat" />
331 </div>
332 <?php
334 * Displays the footer
336 require './libraries/footer.inc.php';