search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Translated using Weblate (Portuguese)
[phpmyadmin.git] / src / Url.php
blob540368b8a01d42010c9a18f9ca4537d04f33b691
1 <?php
2 /**
3 * Static methods for URL/hidden inputs generating
4 */
5
6 declare(strict_types=1);
7
8 namespace PhpMyAdmin;
9
10 use PhpMyAdmin\Crypto\Crypto;
11 use PhpMyAdmin\Tests\UrlTest;
12
13 use function base64_decode;
14 use function base64_encode;
15 use function htmlspecialchars;
16 use function http_build_query;
17 use function in_array;
18 use function ini_get;
19 use function is_array;
20 use function is_string;
21 use function json_encode;
22 use function method_exists;
23 use function str_contains;
24 use function strtr;
25
26 /**
27 * Static methods for URL/hidden inputs generating
28 */
29 class Url
30 {
31 private static string|null $inputArgSeparator = null;
32
33 /**
34 * Generates text with hidden inputs.
35 *
36 * @see Url::getCommon()
37 *
38 * @param string|mixed[] $db optional database name (can also be an array of parameters)
39 * @param string $table optional table name
40 * @param string|mixed[] $skip do not generate a hidden field for this parameter (can be an array of strings)
41 *
42 * @return string string with input fields
43 */
44 public static function getHiddenInputs(
45 string|array $db = '',
46 string $table = '',
47 string|array $skip = [],
48 ): string {
49 if (is_array($db)) {
50 $params =& $db;
51 } else {
52 $params = [];
53 if ($db !== '') {
54 $params['db'] = $db;
55 }
56
57 if ($table !== '') {
58 $params['table'] = $table;
59 }
60 }
61
62 $config = Config::getInstance();
63 if (Current::$server > 0 && Current::$server !== $config->settings['ServerDefault']) {
64 $params['server'] = Current::$server;
65 }
66
67 if (empty($config->getCookie('pma_lang')) && ! empty($GLOBALS['lang'])) {
68 $params['lang'] = $GLOBALS['lang'];
69 }
70
71 if (! is_array($skip)) {
72 if (isset($params[$skip])) {
73 unset($params[$skip]);
74 }
75 } else {
76 foreach ($skip as $skipping) {
77 if (! isset($params[$skipping])) {
78 continue;
79 }
80
81 unset($params[$skipping]);
82 }
83 }
84
85 return self::getHiddenFields($params);
86 }
87
88 /**
89 * create hidden form fields from array with name => value
90 *
91 * <code>
92 * $values = array(
93 * 'aaa' => aaa,
94 * 'bbb' => array(
95 * 'bbb_0',
96 * 'bbb_1',
97 * ),
98 * 'ccc' => array(
99 * 'a' => 'ccc_a',
100 * 'b' => 'ccc_b',
101 * ),
102 * );
103 * echo Url::getHiddenFields($values);
104 *
105 * // produces:
106 * <input type="hidden" name="aaa" Value="aaa">
107 * <input type="hidden" name="bbb[0]" Value="bbb_0">
108 * <input type="hidden" name="bbb[1]" Value="bbb_1">
109 * <input type="hidden" name="ccc[a]" Value="ccc_a">
110 * <input type="hidden" name="ccc[b]" Value="ccc_b">
111 * </code>
112 *
113 * @param mixed[] $values hidden values
114 * @param string $pre prefix
115 * @param bool $isToken if token already added in hidden input field
116 *
117 * @return string form fields of type hidden
118 */
119 public static function getHiddenFields(array $values, string $pre = '', bool $isToken = false): string
120 {
121 $fields = '';
122
123 /* Always include token in plain forms */
124 if ($isToken === false && isset($_SESSION[' PMA_token '])) {
125 $values['token'] = $_SESSION[' PMA_token '];
126 }
127
128 foreach ($values as $name => $value) {
129 if ($pre !== '') {
130 $name = $pre . '[' . $name . ']';
131 }
132
133 if (is_array($value)) {
134 $fields .= self::getHiddenFields($value, $name, true);
135 } else {
136 // do not generate an ending "\n" because
137 // Url::getHiddenInputs() is sometimes called
138 // from a JS document.write()
139 $fields .= '<input type="hidden" name="' . htmlspecialchars((string) $name)
140 . '" value="' . htmlspecialchars((string) $value) . '">';
141 }
142 }
143
144 return $fields;
145 }
146
147 /**
148 * Generates text with URL parameters.
149 *
150 * <code>
151 * $params['myparam'] = 'myvalue';
152 * $params['db'] = 'mysql';
153 * $params['table'] = 'rights';
154 * // note the missing ?
155 * echo 'script.php' . Url::getCommon($params);
156 * // produces with cookies enabled:
157 * // script.php?myparam=myvalue&db=mysql&table=rights
158 * // with cookies disabled:
159 * // script.php?server=1&lang=en&myparam=myvalue&db=mysql
160 * // &table=rights
161 *
162 * // note the missing ?
163 * echo 'script.php' . Url::getCommon();
164 * // produces with cookies enabled:
165 * // script.php
166 * // with cookies disabled:
167 * // script.php?server=1&lang=en
168 * </code>
169 *
170 * @param array<string,int|string|bool> $params optional, Contains an associative array with url params
171 * @param string $divider optional character to use instead of '?'
172 * @param bool $encrypt whether to encrypt URL params
173 *
174 * @return string string with URL parameters
175 */
176 public static function getCommon(array $params = [], string $divider = '?', bool $encrypt = true): string
177 {
178 return self::getCommonRaw($params, $divider, $encrypt);
179 }
180
181 /**
182 * Generates text with URL parameters.
183 *
184 * <code>
185 * $params['myparam'] = 'myvalue';
186 * $params['db'] = 'mysql';
187 * $params['table'] = 'rights';
188 * // note the missing ?
189 * echo 'script.php' . Url::getCommon($params);
190 * // produces with cookies enabled:
191 * // script.php?myparam=myvalue&db=mysql&table=rights
192 * // with cookies disabled:
193 * // script.php?server=1&lang=en&myparam=myvalue&db=mysql
194 * // &table=rights
195 *
196 * // note the missing ?
197 * echo 'script.php' . Url::getCommon();
198 * // produces with cookies enabled:
199 * // script.php
200 * // with cookies disabled:
201 * // script.php?server=1&lang=en
202 * </code>
203 *
204 * @param array<string|int,int|string|bool> $params optional, Contains an associative array with url params
205 * @param string $divider optional character to use instead of '?'
206 * @param bool $encrypt whether to encrypt URL params
207 *
208 * @return string string with URL parameters
209 */
210 public static function getCommonRaw(array $params = [], string $divider = '?', bool $encrypt = true): string
211 {
212 // avoid overwriting when creating navigation panel links to servers
213 $config = Config::getInstance();
214 if (
215 Current::$server > 0
216 && Current::$server !== $config->settings['ServerDefault']
217 && ! isset($params['server'])
218 && ! $config->get('is_setup')
219 ) {
220 $params['server'] = Current::$server;
221 }
222
223 // Can be null when the user is missing an extension.
224 if (empty($config->getCookie('pma_lang')) && ! empty($GLOBALS['lang'])) {
225 $params['lang'] = $GLOBALS['lang'];
226 }
227
228 $query = self::buildHttpQuery($params, $encrypt);
229
230 if (($divider !== '?' && $divider !== self::getArgSeparator()) || $query !== '') {
231 return $divider . $query;
232 }
233
234 return '';
235 }
236
237 /**
238 * @param array<int|string, mixed> $params
239 * @param bool $encrypt whether to encrypt URL params
240 */
241 public static function buildHttpQuery(array $params, bool $encrypt = true): string
242 {
243 if ($params === []) {
244 return '';
245 }
246
247 $separator = self::getArgSeparator();
248
249 if (! $encrypt || ! Config::getInstance()->get('URLQueryEncryption')) {
250 return http_build_query($params, '', $separator);
251 }
252
253 $data = $params;
254 $keys = [
255 'db',
256 'table',
257 'field',
258 'sql_query',
259 'sql_signature',
260 'where_clause',
261 'goto',
262 'back',
263 'message_to_show',
264 'username',
265 'hostname',
266 'dbname',
267 'tablename',
268 ];
269 $paramsToEncrypt = [];
270 foreach ($params as $paramKey => $paramValue) {
271 if (! in_array($paramKey, $keys)) {
272 continue;
273 }
274
275 $paramsToEncrypt[$paramKey] = $paramValue;
276 unset($data[$paramKey]);
277 }
278
279 if ($paramsToEncrypt !== []) {
280 $data['eq'] = self::encryptQuery((string) json_encode($paramsToEncrypt));
281 }
282
283 return http_build_query($data, '', $separator);
284 }
285
286 public static function encryptQuery(string $query): string
287 {
288 $crypto = new Crypto();
289
290 return strtr(base64_encode($crypto->encrypt($query)), '+/', '-_');
291 }
292
293 public static function decryptQuery(string $query): string|null
294 {
295 $crypto = new Crypto();
296
297 return $crypto->decrypt(base64_decode(strtr($query, '-_', '+/')));
298 }
299
300 /**
301 * Returns url separator character used for separating url parts.
302 *
303 * Extracted from 'arg_separator.input' as set in php.ini, but prefers '&' and ';'.
304 *
305 * @see https://www.php.net/manual/en/ini.core.php#ini.arg-separator.input
306 * @see https://www.w3.org/TR/1999/REC-html401-19991224/appendix/notes.html#h-B.2.2
307 */
308 public static function getArgSeparator(): string
309 {
310 if (is_string(self::$inputArgSeparator)) {
311 return self::$inputArgSeparator;
312 }
313
314 $separator = self::getArgSeparatorValueFromIni();
315 if (! is_string($separator) || $separator === '' || str_contains($separator, '&')) {
316 return self::$inputArgSeparator = '&';
317 }
318
319 if (str_contains($separator, ';')) {
320 return self::$inputArgSeparator = ';';
321 }
322
323 // uses first character
324 return self::$inputArgSeparator = $separator[0];
325 }
326
327 /** @return string|false */
328 private static function getArgSeparatorValueFromIni(): string|bool
329 {
330 /** @phpstan-ignore-next-line */
331 if (method_exists(UrlTest::class, 'getInputArgSeparator')) {
332 return UrlTest::getInputArgSeparator();
333 }
334
335 return ini_get('arg_separator.input');
336 }
337
338 /**
339 * @param string $route Route to use
340 * @param mixed[] $additionalParameters Additional URL parameters
341 */
342 public static function getFromRoute(string $route, array $additionalParameters = []): string
343 {
344 return 'index.php?route=' . $route . self::getCommon($additionalParameters, self::getArgSeparator());
345 }
346 }
phpMyAdmin