[security] Self-XSS on column type (Create index), see PMASA-2011-18
[phpmyadmin/alexukf.git] / tbl_get_field.php
blobbe0bdded6959068beb8068190c88ace099351ed0
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Provides download to a given field defined in parameters.
5 * @package phpMyAdmin
6 */
8 /**
9 * Common functions.
11 require_once './libraries/common.inc.php';
12 require_once './libraries/mime.lib.php';
14 /* Check parameters */
15 PMA_checkParameters(array('db', 'table', 'where_clause', 'transform_key'));
17 /* Select database */
18 if (!PMA_DBI_select_db($db)) {
19 PMA_mysqlDie(sprintf(__('\'%s\' database does not exist.'), htmlspecialchars($db)),
20 '', '');
23 /* Check if table exists */
24 if (!PMA_DBI_get_columns($db, $table)) {
25 PMA_mysqlDie(__('Invalid table name'));
28 /* Grab data */
29 $sql = 'SELECT ' . PMA_backquote($transform_key) . ' FROM ' . PMA_backquote($table) . ' WHERE ' . $where_clause . ';';
30 $result = PMA_DBI_fetch_value($sql);
32 /* Check return code */
33 if ($result === false) {
34 PMA_mysqlDie(__('MySQL returned an empty result set (i.e. zero rows).'), $sql);
37 /* Avoid corrupting data */
38 @ini_set('url_rewriter.tags', '');
40 header('Content-Type: ' . PMA_detectMIME($result));
41 header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT');
42 $filename = PMA_sanitize_filename($table . '-' . $transform_key . '.bin');
43 header('Content-Disposition: attachment; filename="' . $filename . '"');
44 if (PMA_USR_BROWSER_AGENT == 'IE') {
45 header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
46 header('Pragma: public');
47 } else {
48 header('Pragma: no-cache');
49 // test case: exporting a database into a .gz file with Safari
50 // would produce files not having the current time
51 // (added this header for Safari but should not harm other browsers)
52 header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
54 echo $result;