[security] Self-XSS on database names (Synchronize), see PMASA-2011-18
[phpmyadmin.git] / server_variables.php
blobb04a049eafa183f56205bf949b6a5953ed540782
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
5 * @package phpMyAdmin
6 */
8 /**
9 * no need for variables importing
10 * @ignore
12 if (! defined('PMA_NO_VARIABLES_IMPORT')) {
13 define('PMA_NO_VARIABLES_IMPORT', true);
15 require_once './libraries/common.inc.php';
17 /**
18 * Does the common work
20 require './libraries/server_common.inc.php';
23 /**
24 * Displays the links
26 require './libraries/server_links.inc.php';
29 /**
30 * Required to display documentation links
32 require './libraries/server_variables_doc.php';
34 /**
35 * Displays the sub-page heading
37 echo '<h2>' . "\n"
38 . ($cfg['MainPageIconic'] ? '<img class="icon" src="' . $pmaThemeImage . 's_vars.png" width="16" height="16" alt="" />' : '')
39 . '' . __('Server variables and settings') . "\n"
40 . PMA_showMySQLDocu('server_system_variables','server_system_variables')
41 . '</h2>' . "\n";
44 /**
45 * Sends the queries and buffers the results
47 $serverVars = PMA_DBI_fetch_result('SHOW SESSION VARIABLES;', 0, 1);
48 $serverVarsGlobal = PMA_DBI_fetch_result('SHOW GLOBAL VARIABLES;', 0, 1);
51 /**
52 * Displays the page
55 <table class="data">
56 <thead>
57 <tr><th><?php echo __('Variable'); ?></th>
58 <th>
59 <?php
60 echo __('Session value') . ' / ' . __('Global value');
62 </th>
63 <th><?php echo __('Documentation'); ?></th>
64 </tr>
65 </thead>
66 <tbody>
67 <?php
68 $odd_row = true;
69 foreach ($serverVars as $name => $value) {
71 <tr class="noclick <?php
72 echo $odd_row ? 'odd' : 'even';
73 if ($serverVarsGlobal[$name] !== $value) {
74 echo ' marked';
76 ?>">
77 <th nowrap="nowrap">
78 <?php echo htmlspecialchars(str_replace('_', ' ', $name)); ?></th>
79 <td class="value"><?php
80 if (strlen($value) < 16 && is_numeric($value)) {
81 echo PMA_formatNumber($value, 0);
82 $is_numeric = true;
83 } else {
84 echo htmlspecialchars($value);
85 $is_numeric = false;
87 ?></td>
88 <td class="value"><?php
89 if (isset($VARIABLE_DOC_LINKS[$name])) // To display variable documentation link
90 echo PMA_showMySQLDocu($VARIABLE_DOC_LINKS[$name][1], $VARIABLE_DOC_LINKS[$name][1], false, $VARIABLE_DOC_LINKS[$name][2] . '_' . $VARIABLE_DOC_LINKS[$name][0]);
91 ?></td>
92 <?php
93 if ($serverVarsGlobal[$name] !== $value) {
95 </tr>
96 <tr class="noclick <?php
97 echo $odd_row ? 'odd' : 'even';
98 ?> marked">
99 <td>(<?php echo __('Global value'); ?>)</td>
100 <td class="value"><?php
101 if ($is_numeric) {
102 echo PMA_formatNumber($serverVarsGlobal[$name], 0);
103 } else {
104 echo htmlspecialchars($serverVarsGlobal[$name]);
106 ?></td>
107 <td class="value"></td>
108 <?php } ?>
109 </tr>
110 <?php
111 $odd_row = !$odd_row;
114 </tbody>
115 </table>
116 <?php
120 * Sends the footer
122 require './libraries/footer.inc.php';