sql.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * SQL executor
   5  *
   6  * @todo    we must handle the case if sql.php is called directly with a query
   7  *          that returns 0 rows - to prevent cyclic redirects or includes
   8  * @package PhpMyAdmin
   9  */
  10
  11 /**
  12  * Gets some core libraries
  13  */
  14 require_once 'libraries/common.inc.php';
  15 require_once 'libraries/Table.class.php';
  16 require_once 'libraries/Header.class.php';
  17 require_once 'libraries/check_user_privileges.lib.php';
  18 require_once 'libraries/bookmark.lib.php';
  19 require_once 'libraries/sql.lib.php';
  20 require_once 'libraries/sqlparser.lib.php';
  21
  22 $response = PMA_Response::getInstance();
  23 $header   = $response->getHeader();
  24 $scripts  = $header->getScripts();
  25 $scripts->addFile('jquery/jquery-ui-timepicker-addon.js');
  26 $scripts->addFile('jquery/jquery.uitablefilter.js');
  27 $scripts->addFile('tbl_change.js');
  28 $scripts->addFile('indexes.js');
  29 $scripts->addFile('gis_data_editor.js');
  30 $scripts->addFile('multi_column_sort.js');
  31
  32 /**
  33  * Set ajax_reload in the response if it was already set
  34  */
  35 if (isset($ajax_reload) && $ajax_reload['reload'] === true) {
  36     $response->addJSON('ajax_reload', $ajax_reload);
  37 }
  38
  39
  40 /**
  41  * Defines the url to return to in case of error in a sql statement
  42  */
  43 // Security checks
  44 if (! empty($goto)) {
  45     $is_gotofile     = preg_replace('@^([^?]+).*$@s', '\\1', $goto);
  46     if (! @file_exists('' . $is_gotofile)) {
  47         unset($goto);
  48     } else {
  49         $is_gotofile = ($is_gotofile == $goto);
  50     }
  51 } else {
  52     if (empty($table)) {
  53         $goto = $cfg['DefaultTabDatabase'];
  54     } else {
  55         $goto = $cfg['DefaultTabTable'];
  56     }
  57     $is_gotofile  = true;
  58 } // end if
  59
  60 if (! isset($err_url)) {
  61     $err_url = (! empty($back) ? $back : $goto)
  62         . '?' . PMA_URL_getCommon(array('db' => $GLOBALS['db']))
  63         . ((/*overload*/mb_strpos(' ' . $goto, 'db_') != 1
  64             && /*overload*/mb_strlen($table))
  65             ? '&amp;table=' . urlencode($table)
  66             : ''
  67         );
  68 } // end if
  69
  70 // Coming from a bookmark dialog
  71 if (isset($_POST['bkm_fields']['bkm_sql_query'])) {
  72     $sql_query = $_POST['bkm_fields']['bkm_sql_query'];
  73 } elseif (isset($_GET['sql_query'])) {
  74     $sql_query = $_GET['sql_query'];
  75 }
  76
  77 // This one is just to fill $db
  78 if (isset($_POST['bkm_fields']['bkm_database'])) {
  79     $db = $_POST['bkm_fields']['bkm_database'];
  80 }
  81
  82
  83 // During grid edit, if we have a relational field, show the dropdown for it.
  84 if (isset($_REQUEST['get_relational_values'])
  85     && $_REQUEST['get_relational_values'] == true
  86 ) {
  87     PMA_getRelationalValues($db, $table);
  88     // script has exited at this point
  89 }
  90
  91 // Just like above, find possible values for enum fields during grid edit.
  92 if (isset($_REQUEST['get_enum_values']) && $_REQUEST['get_enum_values'] == true) {
  93     PMA_getEnumOrSetValues($db, $table, "enum");
  94     // script has exited at this point
  95 }
  96
  97
  98 // Find possible values for set fields during grid edit.
  99 if (isset($_REQUEST['get_set_values']) && $_REQUEST['get_set_values'] == true) {
 100     PMA_getEnumOrSetValues($db, $table, "set");
 101     // script has exited at this point
 102 }
 103
 104 /**
 105  * Check ajax request to set the column order and visibility
 106  */
 107 if (isset($_REQUEST['set_col_prefs']) && $_REQUEST['set_col_prefs'] == true) {
 108     PMA_setColumnOrderOrVisibility($table, $db);
 109     // script has exited at this point
 110 }
 111
 112 // Default to browse if no query set and we have table
 113 // (needed for browsing from DefaultTabTable)
 114 $tableLength = /*overload*/mb_strlen($table);
 115 $dbLength = /*overload*/mb_strlen($db);
 116 if (empty($sql_query) && $tableLength && $dbLength) {
 117     $sql_query = PMA_getDefaultSqlQueryForBrowse($db, $table);
 118
 119     // set $goto to what will be displayed if query returns 0 rows
 120     $goto = '';
 121 } else {
 122     // Now we can check the parameters
 123     PMA_Util::checkParameters(array('sql_query'));
 124 }
 125
 126 /**
 127  * Parse and analyze the query
 128  */
 129 require_once 'libraries/parse_analyze.inc.php';
 130
 131
 132 /**
 133  * Check rights in case of DROP DATABASE
 134  *
 135  * This test may be bypassed if $is_js_confirmed = 1 (already checked with js)
 136  * but since a malicious user may pass this variable by url/form, we don't take
 137  * into account this case.
 138  */
 139 if (PMA_hasNoRightsToDropDatabase(
 140     $analyzed_sql_results, $cfg['AllowUserDropDatabase'], $is_superuser
 141 )) {
 142     PMA_Util::mysqlDie(
 143         __('"DROP DATABASE" statements are disabled.'),
 144         '',
 145         false,
 146         $err_url
 147     );
 148 } // end if
 149
 150 /**
 151  * Need to find the real end of rows?
 152  */
 153 if (isset($find_real_end) && $find_real_end) {
 154     $unlim_num_rows = PMA_findRealEndOfRows($db, $table);
 155 }
 156
 157
 158 /**
 159  * Bookmark add
 160  */
 161 if (isset($_POST['store_bkm'])) {
 162     PMA_addBookmark($cfg['PmaAbsoluteUri'], $goto);
 163     // script has exited at this point
 164 } // end if
 165
 166
 167 /**
 168  * Sets or modifies the $goto variable if required
 169  */
 170 if ($goto == 'sql.php') {
 171     $is_gotofile = false;
 172     $goto = 'sql.php' . PMA_URL_getCommon(
 173         array(
 174             'db' => $db,
 175             'table' => $table,
 176             'sql_query' => $sql_query
 177         )
 178     );
 179 } // end if
 180
 181 PMA_executeQueryAndSendQueryResponse(
 182     $analyzed_sql_results,
 183     $is_gotofile,
 184     $db,
 185     $table,
 186     isset($find_real_end) ? $find_real_end : null,
 187     isset($import_text) ? $import_text : null,
 188     isset($extra_data) ? $extra_data : null,
 189     $is_affected,
 190     isset($message_to_show) ? $message_to_show : null,
 191     isset($message) ? $message : null,
 192     isset($sql_data) ? $sql_data : null,
 193     $goto,
 194     $pmaThemeImage,
 195     isset($disp_query) ? $display_query : null,
 196     isset($disp_message) ? $disp_message : null,
 197     isset($query_type) ? $query_type : null,
 198     $sql_query,
 199     isset($selected) ? $selected : null,
 200     isset($complete_query) ? $complete_query : null
 201 );
 202
 203 ?>