sql.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * SQL executor
   5  *
   6  * @todo    we must handle the case if sql.php is called directly with a query
   7  *          that returns 0 rows - to prevent cyclic redirects or includes
   8  * @package PhpMyAdmin
   9  */
  10 use PMA\libraries\config\PageSettings;
  11 use PMA\libraries\Response;
  12 use PMA\libraries\Util;
  13 use PMA\libraries\URL;
  14
  15 /**
  16  * Gets some core libraries
  17  */
  18 require_once 'libraries/common.inc.php';
  19 require_once 'libraries/check_user_privileges.lib.php';
  20 require_once 'libraries/sql.lib.php';
  21 require_once 'libraries/config/user_preferences.forms.php';
  22 require_once 'libraries/config/page_settings.forms.php';
  23
  24 PageSettings::showGroup('Browse');
  25
  26
  27 $response = Response::getInstance();
  28 $header   = $response->getHeader();
  29 $scripts  = $header->getScripts();
  30 $scripts->addFile('jquery/jquery-ui-timepicker-addon.js');
  31 $scripts->addFile('jquery/jquery.uitablefilter.js');
  32 $scripts->addFile('tbl_change.js');
  33 $scripts->addFile('indexes.js');
  34 $scripts->addFile('gis_data_editor.js');
  35 $scripts->addFile('multi_column_sort.js');
  36
  37 /**
  38  * Set ajax_reload in the response if it was already set
  39  */
  40 if (isset($ajax_reload) && $ajax_reload['reload'] === true) {
  41     $response->addJSON('ajax_reload', $ajax_reload);
  42 }
  43
  44
  45 /**
  46  * Defines the url to return to in case of error in a sql statement
  47  */
  48 $is_gotofile  = true;
  49 if (empty($goto)) {
  50     if (empty($table)) {
  51         $goto = Util::getScriptNameForOption(
  52             $GLOBALS['cfg']['DefaultTabDatabase'], 'database'
  53         );
  54     } else {
  55         $goto = Util::getScriptNameForOption(
  56             $GLOBALS['cfg']['DefaultTabTable'], 'table'
  57         );
  58     }
  59 } // end if
  60
  61 if (! isset($err_url)) {
  62     $err_url = (! empty($back) ? $back : $goto)
  63         . '?' . URL::getCommon(array('db' => $GLOBALS['db']))
  64         . ((mb_strpos(' ' . $goto, 'db_') != 1
  65             && strlen($table) > 0)
  66             ? '&amp;table=' . urlencode($table)
  67             : ''
  68         );
  69 } // end if
  70
  71 // Coming from a bookmark dialog
  72 if (isset($_POST['bkm_fields']['bkm_sql_query'])) {
  73     $sql_query = $_POST['bkm_fields']['bkm_sql_query'];
  74 } elseif (isset($_GET['sql_query'])) {
  75     $sql_query = $_GET['sql_query'];
  76 }
  77
  78 // This one is just to fill $db
  79 if (isset($_POST['bkm_fields']['bkm_database'])) {
  80     $db = $_POST['bkm_fields']['bkm_database'];
  81 }
  82
  83
  84 // During grid edit, if we have a relational field, show the dropdown for it.
  85 if (isset($_REQUEST['get_relational_values'])
  86     && $_REQUEST['get_relational_values'] == true
  87 ) {
  88     PMA_getRelationalValues($db, $table);
  89     // script has exited at this point
  90 }
  91
  92 // Just like above, find possible values for enum fields during grid edit.
  93 if (isset($_REQUEST['get_enum_values']) && $_REQUEST['get_enum_values'] == true) {
  94     PMA_getEnumOrSetValues($db, $table, "enum");
  95     // script has exited at this point
  96 }
  97
  98
  99 // Find possible values for set fields during grid edit.
 100 if (isset($_REQUEST['get_set_values']) && $_REQUEST['get_set_values'] == true) {
 101     PMA_getEnumOrSetValues($db, $table, "set");
 102     // script has exited at this point
 103 }
 104
 105 if (isset($_REQUEST['get_default_fk_check_value'])
 106     && $_REQUEST['get_default_fk_check_value'] == true
 107 ) {
 108     $response = Response::getInstance();
 109     $response->addJSON(
 110         'default_fk_check_value', Util::isForeignKeyCheck()
 111     );
 112     exit;
 113 }
 114
 115 /**
 116  * Check ajax request to set the column order and visibility
 117  */
 118 if (isset($_REQUEST['set_col_prefs']) && $_REQUEST['set_col_prefs'] == true) {
 119     PMA_setColumnOrderOrVisibility($table, $db);
 120     // script has exited at this point
 121 }
 122
 123 // Default to browse if no query set and we have table
 124 // (needed for browsing from DefaultTabTable)
 125 if (empty($sql_query) && strlen($table) > 0 && strlen($db) > 0) {
 126     $sql_query = PMA_getDefaultSqlQueryForBrowse($db, $table);
 127
 128     // set $goto to what will be displayed if query returns 0 rows
 129     $goto = '';
 130 } else {
 131     // Now we can check the parameters
 132     Util::checkParameters(array('sql_query'));
 133 }
 134
 135 /**
 136  * Parse and analyze the query
 137  */
 138 require_once 'libraries/parse_analyze.lib.php';
 139 list(
 140     $analyzed_sql_results,
 141     $db,
 142     $table_from_sql
 143 ) = PMA_parseAnalyze($sql_query, $db);
 144 // @todo: possibly refactor
 145 extract($analyzed_sql_results);
 146
 147 if ($table != $table_from_sql && !empty($table_from_sql)) {
 148     $table = $table_from_sql;
 149 }
 150
 151
 152 /**
 153  * Check rights in case of DROP DATABASE
 154  *
 155  * This test may be bypassed if $is_js_confirmed = 1 (already checked with js)
 156  * but since a malicious user may pass this variable by url/form, we don't take
 157  * into account this case.
 158  */
 159 if (PMA_hasNoRightsToDropDatabase(
 160     $analyzed_sql_results, $cfg['AllowUserDropDatabase'], $is_superuser
 161 )) {
 162     Util::mysqlDie(
 163         __('"DROP DATABASE" statements are disabled.'),
 164         '',
 165         false,
 166         $err_url
 167     );
 168 } // end if
 169
 170 /**
 171  * Need to find the real end of rows?
 172  */
 173 if (isset($find_real_end) && $find_real_end) {
 174     $unlim_num_rows = PMA_findRealEndOfRows($db, $table);
 175 }
 176
 177
 178 /**
 179  * Bookmark add
 180  */
 181 if (isset($_POST['store_bkm'])) {
 182     PMA_addBookmark($goto);
 183     // script has exited at this point
 184 } // end if
 185
 186
 187 /**
 188  * Sets or modifies the $goto variable if required
 189  */
 190 if ($goto == 'sql.php') {
 191     $is_gotofile = false;
 192     $goto = 'sql.php' . URL::getCommon(
 193         array(
 194             'db' => $db,
 195             'table' => $table,
 196             'sql_query' => $sql_query
 197         )
 198     );
 199 } // end if
 200
 201 PMA_executeQueryAndSendQueryResponse(
 202     $analyzed_sql_results, // analyzed_sql_results
 203     $is_gotofile, // is_gotofile
 204     $db, // db
 205     $table, // table
 206     isset($find_real_end) ? $find_real_end : null, // find_real_end
 207     isset($import_text) ? $import_text : null, // sql_query_for_bookmark
 208     isset($extra_data) ? $extra_data : null, // extra_data
 209     isset($message_to_show) ? $message_to_show : null, // message_to_show
 210     isset($message) ? $message : null, // message
 211     isset($sql_data) ? $sql_data : null, // sql_data
 212     $goto, // goto
 213     $pmaThemeImage, // pmaThemeImage
 214     isset($disp_query) ? $display_query : null, // disp_query
 215     isset($disp_message) ? $disp_message : null, // disp_message
 216     isset($query_type) ? $query_type : null, // query_type
 217     $sql_query, // sql_query
 218     isset($selected) ? $selected : null, // selectedTables
 219     isset($complete_query) ? $complete_query : null // complete_query
 220 );