lint.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * Represents the interface between the linter and  the query editor.
   5  *
   6  * @package PhpMyAdmin
   7  */
   8 declare(strict_types=1);
   9
  10 use PhpMyAdmin\Core;
  11 use PhpMyAdmin\Linter;
  12 use PhpMyAdmin\Response;
  13
  14 if (! defined('ROOT_PATH')) {
  15     define('ROOT_PATH', __DIR__ . DIRECTORY_SEPARATOR);
  16 }
  17
  18 $_GET['ajax_request'] = 'true';
  19
  20 /**
  21  * Loading common files. Used to check for authorization, localization and to
  22  * load the parsing library.
  23  */
  24 require_once ROOT_PATH . 'libraries/common.inc.php';
  25
  26 /**
  27  * The SQL query to be analyzed.
  28  *
  29  * This does not need to be checked again XSS or MySQL injections because it is
  30  * never executed, just parsed.
  31  *
  32  * The client, which will recieve the JSON response will decode the message and
  33  * and any HTML fragments that are displayed to the user will be encoded anyway.
  34  *
  35  * @var string
  36  */
  37 $sql_query = ! empty($_POST['sql_query']) ? $_POST['sql_query'] : '';
  38
  39 // Disabling standard response.
  40 Response::getInstance()->disable();
  41
  42 Core::headerJSON();
  43
  44 if (! empty($_POST['options'])) {
  45     $options = $_POST['options'];
  46
  47     if (! empty($options['routine_editor'])) {
  48         $sql_query = 'CREATE PROCEDURE `a`() ' . $sql_query;
  49     } elseif (! empty($options['trigger_editor'])) {
  50         $sql_query = 'CREATE TRIGGER `a` AFTER INSERT ON `b` FOR EACH ROW '
  51             . $sql_query;
  52     } elseif (! empty($options['event_editor'])) {
  53         $sql_query = 'CREATE EVENT `a` ON SCHEDULE EVERY MINUTE DO ' . $sql_query;
  54     }
  55 }
  56
  57 echo json_encode(Linter::lint($sql_query));