2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * Used to render the header of PMA's pages
8 namespace PMA\libraries
;
10 use PMA\libraries\navigation\Navigation
;
11 use PMA\libraries\URL
;
12 use PMA\libraries\Sanitize
;
13 use PMA\libraries\Config
;
17 * Class used to output the HTTP and HTML headers
31 * PMA\libraries\Console instance
45 * Whether to offer the option of importing user settings
50 private $_userprefsOfferImport;
59 * The value for the id attribute for the body tag
66 * Whether to show the top menu
71 private $_menuEnabled;
73 * Whether to show the warnings
78 private $_warningsEnabled;
80 * Whether the page is in 'print view' mode
85 private $_isPrintView;
87 * Whether we are servicing an ajax request.
94 * Whether to display anything
101 * Whether the HTTP headers (and possibly some HTML)
102 * have already been sent to the browser
107 private $_headerIsSent;
110 * Creates a new class instance
112 public function __construct()
114 $this->_isEnabled
= true;
115 $this->_isAjax
= false;
118 $this->_console
= new Console();
119 $db = ! empty($GLOBALS['db']) ?
$GLOBALS['db'] : '';
120 $table = ! empty($GLOBALS['table']) ?
$GLOBALS['table'] : '';
121 $this->_menu
= new Menu(
126 $this->_menuEnabled
= true;
127 $this->_warningsEnabled
= true;
128 $this->_isPrintView
= false;
129 $this->_scripts
= new Scripts();
130 $this->_addDefaultScripts();
131 $this->_headerIsSent
= false;
132 // if database storage for user preferences is transient,
133 // offer to load exported settings from localStorage
134 // (detection will be done in JavaScript)
135 $this->_userprefsOfferImport
= false;
136 if ($GLOBALS['PMA_Config']->get('user_preferences') == 'session'
137 && ! isset($_SESSION['userprefs_autoload'])
139 $this->_userprefsOfferImport
= true;
144 * Loads common scripts
148 private function _addDefaultScripts()
151 $this->_scripts
->addFile('jquery/jquery.min.js');
152 $this->_scripts
->addFile('jquery/jquery-migrate-3.0.0.js');
153 $this->_scripts
->addFile('whitelist.php');
154 $this->_scripts
->addFile('sprintf.js');
155 $this->_scripts
->addFile('ajax.js');
156 $this->_scripts
->addFile('keyhandler.js');
157 $this->_scripts
->addFile('jquery/jquery-ui.min.js');
158 $this->_scripts
->addFile('jquery/jquery.cookie.js');
159 $this->_scripts
->addFile('jquery/jquery.mousewheel.js');
160 $this->_scripts
->addFile('jquery/jquery.event.drag-2.2.js');
161 $this->_scripts
->addFile('jquery/jquery-ui-timepicker-addon.js');
162 $this->_scripts
->addFile('jquery/jquery.ba-hashchange-1.3.js');
163 $this->_scripts
->addFile('jquery/jquery.debounce-1.0.5.js');
164 $this->_scripts
->addFile('menu-resizer.js');
166 // Cross-framing protection
167 if ($GLOBALS['cfg']['AllowThirdPartyFraming'] === false) {
168 $this->_scripts
->addFile('cross_framing_protection.js');
171 $this->_scripts
->addFile('rte.js');
172 if ($GLOBALS['cfg']['SendErrorReports'] !== 'never') {
173 $this->_scripts
->addFile('tracekit/tracekit.js');
174 $this->_scripts
->addFile('error_report.js');
177 // Here would not be a good place to add CodeMirror because
178 // the user preferences have not been merged at this point
180 $this->_scripts
->addFile('messages.php', false, array('l' => $GLOBALS['lang']));
181 // Append the theme id to this url to invalidate
182 // the cache on a theme change. Though this might be
183 // unavailable for fatal errors.
184 if (isset($_SESSION['PMA_Theme'])) {
185 $theme_id = urlencode($_SESSION['PMA_Theme']->getId());
187 $theme_id = 'default';
189 $this->_scripts
->addFile('get_image.js.php', false, array('theme' => $theme_id));
190 $this->_scripts
->addFile('config.js');
191 $this->_scripts
->addFile('doclinks.js');
192 $this->_scripts
->addFile('functions.js');
193 $this->_scripts
->addFile('navigation.js');
194 $this->_scripts
->addFile('indexes.js');
195 $this->_scripts
->addFile('common.js');
196 $this->_scripts
->addFile('page_settings.js');
197 if(!$GLOBALS['cfg']['DisableShortcutKeys']) {
198 $this->_scripts
->addFile('shortcuts_handler.js');
200 $this->_scripts
->addCode($this->getJsParamsCode());
204 * Returns, as an array, a list of parameters
205 * used on the client side
209 public function getJsParams()
211 $db = ! empty($GLOBALS['db']) ?
$GLOBALS['db'] : '';
212 $table = ! empty($GLOBALS['table']) ?
$GLOBALS['table'] : '';
213 $pftext = ! empty($_SESSION['tmpval']['pftext'])
214 ?
$_SESSION['tmpval']['pftext'] : '';
216 // not sure when this happens, but it happens
217 if (! isset($GLOBALS['collation_connection'])) {
218 $GLOBALS['collation_connection'] = 'utf8_general_ci';
222 'common_query' => URL
::getCommonRaw(),
223 'opendb_url' => Util
::getScriptNameForOption(
224 $GLOBALS['cfg']['DefaultTabDatabase'], 'database'
226 'collation_connection' => $GLOBALS['collation_connection'],
227 'lang' => $GLOBALS['lang'],
228 'server' => $GLOBALS['server'],
231 'token' => $_SESSION[' PMA_token '],
232 'text_dir' => $GLOBALS['text_dir'],
233 'show_databases_navigation_as_tree' => $GLOBALS['cfg']['ShowDatabasesNavigationAsTree'],
234 'pma_text_default_tab' => Util
::getTitleForTarget(
235 $GLOBALS['cfg']['DefaultTabTable']
237 'pma_text_left_default_tab' => Util
::getTitleForTarget(
238 $GLOBALS['cfg']['NavigationTreeDefaultTabTable']
240 'pma_text_left_default_tab2' => Util
::getTitleForTarget(
241 $GLOBALS['cfg']['NavigationTreeDefaultTabTable2']
243 'LimitChars' => $GLOBALS['cfg']['LimitChars'],
245 'confirm' => $GLOBALS['cfg']['Confirm'],
246 'LoginCookieValidity' => $GLOBALS['cfg']['LoginCookieValidity'],
247 'session_gc_maxlifetime' => (int)@ini_get
('session.gc_maxlifetime'),
248 'logged_in' => isset($GLOBALS['userlink']) ?
true : false,
249 'PMA_VERSION' => PMA_VERSION
251 if (isset($GLOBALS['cfg']['Server'])
252 && isset($GLOBALS['cfg']['Server']['auth_type'])
254 $params['auth_type'] = $GLOBALS['cfg']['Server']['auth_type'];
255 if (isset($GLOBALS['cfg']['Server']['user'])) {
256 $params['user'] = $GLOBALS['cfg']['Server']['user'];
264 * Returns, as a string, a list of parameters
265 * used on the client side
269 public function getJsParamsCode()
271 $params = $this->getJsParams();
272 foreach ($params as $key => $value) {
273 $params[$key] = $key . ':"' . Sanitize
::escapeJsString($value) . '"';
275 return 'PMA_commonParams.setAll({' . implode(',', $params) . '});';
279 * Disables the rendering of the header
283 public function disable()
285 $this->_isEnabled
= false;
289 * Set the ajax flag to indicate whether
290 * we are servicing an ajax request
292 * @param bool $isAjax Whether we are servicing an ajax request
296 public function setAjax($isAjax)
298 $this->_isAjax
= (boolean
) $isAjax;
299 $this->_console
->setAjax($isAjax);
303 * Returns the Scripts object
305 * @return Scripts object
307 public function getScripts()
309 return $this->_scripts
;
313 * Returns the Menu object
315 * @return Menu object
317 public function getMenu()
323 * Setter for the ID attribute in the BODY tag
325 * @param string $id Value for the ID attribute
329 public function setBodyId($id)
331 $this->_bodyId
= htmlspecialchars($id);
335 * Setter for the title of the page
337 * @param string $title New title
341 public function setTitle($title)
343 $this->_title
= htmlspecialchars($title);
347 * Disables the display of the top menu
351 public function disableMenuAndConsole()
353 $this->_menuEnabled
= false;
354 $this->_console
->disable();
358 * Disables the display of the top menu
362 public function disableWarnings()
364 $this->_warningsEnabled
= false;
368 * Turns on 'print view' mode
372 public function enablePrintView()
374 $this->disableMenuAndConsole();
375 $this->setTitle(__('Print view') . ' - phpMyAdmin ' . PMA_VERSION
);
376 $this->_isPrintView
= true;
380 * Generates the header
382 * @return string The header
384 public function getDisplay()
387 if (! $this->_headerIsSent
) {
388 if (! $this->_isAjax
&& $this->_isEnabled
) {
389 $this->sendHttpHeaders();
390 $retval .= $this->_getHtmlStart();
391 $retval .= $this->_getMetaTags();
392 $retval .= $this->_getLinkTags();
393 $retval .= $this->getTitleTag();
395 // The user preferences have been merged at this point
396 // so we can conditionally add CodeMirror
397 if ($GLOBALS['cfg']['CodemirrorEnable']) {
398 $this->_scripts
->addFile('codemirror/lib/codemirror.js');
399 $this->_scripts
->addFile('codemirror/mode/sql/sql.js');
400 $this->_scripts
->addFile('codemirror/addon/runmode/runmode.js');
401 $this->_scripts
->addFile('codemirror/addon/hint/show-hint.js');
402 $this->_scripts
->addFile('codemirror/addon/hint/sql-hint.js');
403 if ($GLOBALS['cfg']['LintEnable']) {
404 $this->_scripts
->addFile('codemirror/addon/lint/lint.js');
405 $this->_scripts
->addFile(
406 'codemirror/addon/lint/sql-lint.js'
410 $this->_scripts
->addCode(
411 'ConsoleEnterExecutes='
412 . ($GLOBALS['cfg']['ConsoleEnterExecutes'] ?
'true' : 'false')
414 $this->_scripts
->addFiles($this->_console
->getScripts());
415 if ($this->_userprefsOfferImport
) {
416 $this->_scripts
->addFile('config.js');
418 $retval .= $this->_scripts
->getDisplay();
419 $retval .= '<noscript>';
420 $retval .= '<style>html{display:block}</style>';
421 $retval .= '</noscript>';
422 $retval .= $this->_getBodyStart();
423 if ($this->_menuEnabled
&& $GLOBALS['server'] > 0) {
424 $nav = new Navigation();
425 $retval .= $nav->getDisplay();
427 // Include possible custom headers
428 $retval .= Config
::renderHeader();
429 // offer to load user preferences from localStorage
430 if ($this->_userprefsOfferImport
) {
431 include_once './libraries/user_preferences.lib.php';
432 $retval .= PMA_userprefsAutoloadGetHeader();
434 // pass configuration for hint tooltip display
435 // (to be used by PMA_tooltip() in js/functions.js)
436 if (! $GLOBALS['cfg']['ShowHint']) {
437 $retval .= '<span id="no_hint" class="hide"></span>';
439 $retval .= $this->_getWarnings();
440 if ($this->_menuEnabled
&& $GLOBALS['server'] > 0) {
441 $retval .= $this->_menu
->getDisplay();
442 $retval .= '<span id="page_nav_icons">';
443 $retval .= '<span id="lock_page_icon"></span>';
444 $retval .= '<span id="page_settings_icon">'
447 __('Page-related settings')
451 '<a id="goto_pagetop" href="#">%s</a>',
454 __('Click on the bar to scroll to top of page')
457 $retval .= '</span>';
459 $retval .= $this->_console
->getDisplay();
460 $retval .= '<div id="page_content">';
461 $retval .= $this->getMessage();
463 if ($this->_isEnabled
&& empty($_REQUEST['recent_table'])) {
464 $retval .= $this->_addRecentTable(
474 * Returns the message to be displayed at the top of
475 * the page, including the executed SQL query, if any.
479 public function getMessage()
483 if (! empty($GLOBALS['message'])) {
484 $message = $GLOBALS['message'];
485 unset($GLOBALS['message']);
486 } else if (! empty($_REQUEST['message'])) {
487 $message = $_REQUEST['message'];
489 if (! empty($message)) {
490 if (isset($GLOBALS['buffer_message'])) {
491 $buffer_message = $GLOBALS['buffer_message'];
493 $retval .= Util
::getMessage($message);
494 if (isset($buffer_message)) {
495 $GLOBALS['buffer_message'] = $buffer_message;
502 * Sends out the HTTP headers
506 public function sendHttpHeaders()
508 if (defined('TESTSUITE')) {
511 $map_tile_urls = ' *.tile.openstreetmap.org';
516 $GLOBALS['now'] = gmdate('D, d M Y H:i:s') . ' GMT';
517 if (!empty($GLOBALS['cfg']['CaptchaLoginPrivateKey'])
518 && !empty($GLOBALS['cfg']['CaptchaLoginPublicKey'])
521 = ' https://apis.google.com https://www.google.com/recaptcha/'
522 . ' https://www.gstatic.com/recaptcha/ https://ssl.gstatic.com/ ';
526 /* Prevent against ClickJacking by disabling framing */
527 if (! $GLOBALS['cfg']['AllowThirdPartyFraming']) {
529 'X-Frame-Options: DENY'
532 header('Referrer-Policy: no-referrer');
534 "Content-Security-Policy: default-src 'self' "
536 . $GLOBALS['cfg']['CSPAllow'] . ';'
537 . "script-src 'self' 'unsafe-inline' 'unsafe-eval' "
539 . $GLOBALS['cfg']['CSPAllow'] . ';'
541 . "style-src 'self' 'unsafe-inline' "
543 . $GLOBALS['cfg']['CSPAllow']
545 . "img-src 'self' data: "
546 . $GLOBALS['cfg']['CSPAllow']
552 "X-Content-Security-Policy: default-src 'self' "
554 . $GLOBALS['cfg']['CSPAllow'] . ';'
555 . "options inline-script eval-script;"
556 . "referrer no-referrer;"
557 . "img-src 'self' data: "
558 . $GLOBALS['cfg']['CSPAllow']
564 "X-WebKit-CSP: default-src 'self' "
566 . $GLOBALS['cfg']['CSPAllow'] . ';'
567 . "script-src 'self' "
569 . $GLOBALS['cfg']['CSPAllow']
570 . " 'unsafe-inline' 'unsafe-eval';"
571 . "referrer no-referrer;"
572 . "style-src 'self' 'unsafe-inline' "
575 . "img-src 'self' data: "
576 . $GLOBALS['cfg']['CSPAllow']
581 // Re-enable possible disabled XSS filters
582 // see https://www.owasp.org/index.php/List_of_useful_HTTP_headers
584 'X-XSS-Protection: 1; mode=block'
586 // "nosniff", prevents Internet Explorer and Google Chrome from MIME-sniffing
587 // a response away from the declared content-type
588 // see https://www.owasp.org/index.php/List_of_useful_HTTP_headers
590 'X-Content-Type-Options: nosniff'
592 // Adobe cross-domain-policies
593 // see https://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
595 'X-Permitted-Cross-Domain-Policies: none'
598 // see https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag
600 'X-Robots-Tag: noindex, nofollow'
603 if (! defined('IS_TRANSFORMATION_WRAPPER')) {
604 // Define the charset to be used
605 header('Content-Type: text/html; charset=utf-8');
607 $this->_headerIsSent
= true;
611 * Returns the DOCTYPE and the start HTML tag
613 * @return string DOCTYPE and HTML tags
615 private function _getHtmlStart()
617 $lang = $GLOBALS['lang'];
618 $dir = $GLOBALS['text_dir'];
620 $retval = "<!DOCTYPE HTML>";
621 $retval .= "<html lang='$lang' dir='$dir'>";
628 * Returns the META tags
630 * @return string the META tags
632 private function _getMetaTags()
634 $retval = '<meta charset="utf-8" />';
635 $retval .= '<meta name="referrer" content="no-referrer" />';
636 $retval .= '<meta name="robots" content="noindex,nofollow" />';
637 $retval .= '<meta http-equiv="X-UA-Compatible" content="IE=Edge" />';
638 if (! $GLOBALS['cfg']['AllowThirdPartyFraming']) {
639 $retval .= '<style id="cfs-style">html{display: none;}</style>';
645 * Returns the LINK tags for the favicon and the stylesheets
647 * @return string the LINK tags
649 private function _getLinkTags()
651 $retval = '<link rel="icon" href="favicon.ico" '
652 . 'type="image/x-icon" />'
653 . '<link rel="shortcut icon" href="favicon.ico" '
654 . 'type="image/x-icon" />';
656 $basedir = defined('PMA_PATH_TO_BASEDIR') ? PMA_PATH_TO_BASEDIR
: '';
657 $theme_id = $GLOBALS['PMA_Config']->getThemeUniqueValue();
658 $theme_path = $GLOBALS['pmaThemePath'];
659 $v = self
::getVersionParameter();
661 if ($this->_isPrintView
) {
662 $retval .= '<link rel="stylesheet" type="text/css" href="'
663 . $basedir . 'print.css?' . $v . '" />';
665 // load jQuery's CSS prior to our theme's CSS, to let the theme
666 // override jQuery's CSS
667 $retval .= '<link rel="stylesheet" type="text/css" href="'
668 . $theme_path . '/jquery/jquery-ui.css" />';
669 $retval .= '<link rel="stylesheet" type="text/css" href="'
670 . $basedir . 'js/codemirror/lib/codemirror.css?' . $v . '" />';
671 $retval .= '<link rel="stylesheet" type="text/css" href="'
672 . $basedir . 'js/codemirror/addon/hint/show-hint.css?' . $v . '" />';
673 $retval .= '<link rel="stylesheet" type="text/css" href="'
674 . $basedir . 'js/codemirror/addon/lint/lint.css?' . $v . '" />';
675 $retval .= '<link rel="stylesheet" type="text/css" href="'
676 . $basedir . 'phpmyadmin.css.php?'
677 . 'nocache=' . $theme_id . $GLOBALS['text_dir']
678 . (isset($GLOBALS['server']) ?
'&server=' . $GLOBALS['server'] : '')
680 // load Print view's CSS last, so that it overrides all other CSS while
682 $retval .= '<link rel="stylesheet" type="text/css" href="'
683 . $theme_path . '/css/printview.css?' . $v . '" media="print" id="printcss"/>';
690 * Returns the TITLE tag
692 * @return string the TITLE tag
694 public function getTitleTag()
697 $retval .= $this->_getPageTitle();
698 $retval .= "</title>";
703 * If the page is missing the title, this function
704 * will set it to something reasonable
708 private function _getPageTitle()
710 if (empty($this->_title
)) {
711 if ($GLOBALS['server'] > 0) {
712 if (! empty($GLOBALS['table'])) {
713 $temp_title = $GLOBALS['cfg']['TitleTable'];
714 } else if (! empty($GLOBALS['db'])) {
715 $temp_title = $GLOBALS['cfg']['TitleDatabase'];
716 } elseif (! empty($GLOBALS['cfg']['Server']['host'])) {
717 $temp_title = $GLOBALS['cfg']['TitleServer'];
719 $temp_title = $GLOBALS['cfg']['TitleDefault'];
721 $this->_title
= htmlspecialchars(
722 Util
::expandUserString($temp_title)
725 $this->_title
= 'phpMyAdmin';
728 return $this->_title
;
732 * Returns the close tag to the HEAD
733 * and the start tag for the BODY
735 * @return string HEAD and BODY tags
737 private function _getBodyStart()
739 $retval = "</head><body";
740 if (! empty($this->_bodyId
)) {
741 $retval .= " id='" . $this->_bodyId
. "'";
748 * Returns some warnings to be displayed at the top of the page
750 * @return string The warnings
752 private function _getWarnings()
755 if ($this->_warningsEnabled
) {
756 $retval .= "<noscript>";
757 $retval .= Message
::error(
758 __("Javascript must be enabled past this point!")
760 $retval .= "</noscript>";
766 * Add recently used table and reload the navigation.
768 * @param string $db Database name where the table is located.
769 * @param string $table The table name
773 private function _addRecentTable($db, $table)
776 if ($this->_menuEnabled
777 && strlen($table) > 0
778 && $GLOBALS['cfg']['NumRecentTables'] > 0
780 $tmp_result = RecentFavoriteTable
::getInstance('recent')
782 if ($tmp_result === true) {
783 $retval = RecentFavoriteTable
::getHtmlUpdateRecentTables();
785 $error = $tmp_result;
786 $retval = $error->getDisplay();
793 * Returns the phpMyAdmin version to be appended to the url to avoid caching
796 * @return string urlenocded pma version as a parameter
798 public static function getVersionParameter()
800 return "v=" . urlencode(PMA_VERSION
);