search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
protect binary contents in cookies
[phpmyadmin/crack.git] / tbl_query_box.php3
blobc170772a60cdc8de0b76f8ad9a97900652973b4e
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5
6 /**
7 * Defines the query to be displayed in the query textarea
8 */
9 if (isset($show_query) && $show_query == '1') {
10 // This script has been called by read_dump.php3
11 if (isset($sql_query_cpy)) {
12 $query_to_display = $sql_query_cpy;
13 }
14 // Other cases
15 else {
16 $query_to_display = $sql_query;
17 }
18 } else {
19 $query_to_display = '';
20 }
21 unset($sql_query);
22
23 /**
24 * Get the list and number of fields
25 */
26 $fields_cnt = 0;
27 if (isset($db) && isset($table) && $table != '' && $db != '') {
28 $local_query = 'SHOW FIELDS FROM ' . PMA_backquote($table) . ' FROM ' . PMA_backquote($db);
29 $result = @PMA_mysql_query($local_query);
30 if (!$result) {
31 PMA_mysqlDie('', $local_query, '', $err_url);
32 }
33 else {
34 $fields_cnt = mysql_num_rows($result);
35 while ($row = PMA_mysql_fetch_array($result)) {
36 $fields_list[] = $row['Field'];
37 } // end while
38 mysql_free_result($result);
39 }
40 }
41
42 /**
43 * Work on the table
44 */
45 // loic1: defines wether file upload is available or not
46 // ($is_upload now defined in common.lib.php3)
47
48 if ($cfg['QueryFrame'] && $cfg['QueryFrameJS'] && isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'sql' || $querydisplay_tab == 'full')) {
49 $locking = 'onKeyPress="this.form.elements[\'LockFromUpdate\'].checked = true;"';
50 } else {
51 $locking = '';
52 }
53
54 $auto_sel = ($cfg['TextareaAutoSelect']
55 // 2003-02-05 rabus: This causes big trouble with Opera 7 for
56 // Windows, so let's disable it there...
57 && !(PMA_USR_OS == 'Win' && PMA_USR_BROWSER_AGENT == 'OPERA' && PMA_USR_BROWSER_VER >= 7))
58 ? "\n" . ' onfocus="if (typeof(document.layers) == \'undefined\' || typeof(textarea_selected) == \'undefined\') {textarea_selected = 1; this.form.elements[\'sql_query\'].select();}"'
59 : '';
60 $auto_sel .= ' ' . $locking;
61
62 // garvin: If non-JS query window is embedded, display a list of databases to choose from.
63 // Apart from that, a non-js query window sucks badly.
64
65 if ($cfg['QueryFrame'] && (!$cfg['QueryFrameJS'] && !$db || ($cfg['QueryFrameJS'] && !$db))) {
66 /**
67 * Get the list and number of available databases.
68 */
69 if ($server > 0) {
70 PMA_availableDatabases(); // this function is defined in "common.lib.php3"
71 } else {
72 $num_dbs = 0;
73 }
74
75 if ($num_dbs > 0) {
76 $queryframe_db_list = '<select size=1 name="db">';
77 for ($i = 0; $i < $num_dbs; $i++) {
78 $t_db = $dblist[$i];
79 $queryframe_db_list .= '<option value="' . htmlspecialchars($t_db) . '">' . htmlspecialchars($t_db) . '</option>';
80 }
81 $queryframe_db_list .= '</select>';
82 } else {
83 $queryframe_db_list = '';
84 }
85 } else {
86 $queryframe_db_list = '';
87 }
88
89 if ($cfg['QueryFrame'] && $cfg['QueryFrameJS'] && isset($is_inside_querywindow) && $is_inside_querywindow) {
90 ?>
91 <script type="text/javascript">
92 <!--
93 document.writeln('<form method="post" target="phpmain' + <?php echo ((isset($is_inside_querywindow) && $is_inside_querywindow == TRUE) ? 'opener.' : '');?>top.frames.queryframe.document.hashform.hash.value + '" action="read_dump.php3"<?php if ($is_upload) echo ' enctype="multipart/form-data"'; ?> onsubmit="return checkSqlQuery(this)" name="sqlform">');
94 //-->
95 </script>
96 <noscript>
97 <form method="post" target="phpmain<?php echo md5($cfg['PmaAbsoluteUri']); ?>" action="read_dump.php3"<?php if ($is_upload) echo ' enctype="multipart/form-data"'; ?> onsubmit="return checkSqlQuery(this)" name="sqlform">
98 </noscript>
99 <?php
100 } else {
101 ?>
102 <form method="post" action="read_dump.php3"<?php if ($is_upload) echo ' enctype="multipart/form-data"'; ?> onsubmit="return checkSqlQuery(this)" name="sqlform">
103 <?php
104 }
105 ?>
106 <input type="hidden" name="is_js_confirmed" value="0" />
107 <?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
108 <input type="hidden" name="pos" value="0" />
109 <input type="hidden" name="goto" value="<?php echo $goto; ?>" />
110 <input type="hidden" name="zero_rows" value="<?php echo $strSuccess; ?>" />
111 <input type="hidden" name="prev_sql_query" value="<?php echo ((!empty($query_to_display)) ? urlencode($query_to_display) : ''); ?>" />
112 <?php
113 if (!isset($is_inside_querywindow) ||
114 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'sql' || $querydisplay_tab == 'full'))) {
115 ?>
116 <!-- Query box and bookmark support -->
117 <?php
118 if (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE) {
119 ?>
120 <input type="hidden" name="focus_querywindow" value="true" />
121 <?php
122 }
123 ?>
124 <a name="querybox"></a>
125 <table cellpadding="1" cellspacing="1">
126 <tr>
127 <td>
128 <?php echo sprintf($strRunSQLQuery, htmlspecialchars($db)) . $queryframe_db_list . (isset($is_inside_querywindow) ? '<br />' : ' ') . PMA_showMySQLDocu('Reference', 'SELECT'); ?>
129 <br />
130 <textarea name="sql_query" rows="<?php echo $cfg['TextareaRows']; ?>" cols="<?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? ceil($cfg['TextareaCols'] * 1.25) : $cfg['TextareaCols'] * 2); ?>" wrap="virtual" dir="<?php echo $text_dir; ?>"<?php echo $auto_sel; ?>>
131 <?php echo ((!empty($query_to_display)) ? htmlspecialchars($query_to_display) : 'SELECT * FROM ' . htmlspecialchars(PMA_backquote($table)) . ' WHERE 1'); ?></textarea>
132 </td>
133 <?php if (isset($table) && $fields_cnt > 0) { ?>
134 <td align="center" valign="top"><?php echo (isset($is_inside_querywindow) ? '<br />' : '') . $strFields; ?>:<br />
135 <select name="dummy" size="4" multiple>
136 <?php
137 echo "\n";
138 for ($i = 0 ; $i < $fields_cnt; $i++) {
139 echo ' '
140 . '<option value="' . PMA_backquote(htmlspecialchars($fields_list[$i])) . '">' . htmlspecialchars($fields_list[$i]) . '</option>' . "\n";
141 }
142 ?>
143 </select><br /><br />
144 <input type="button" name="insert" value="<?php echo($strInsert); ?>" onclick="insertValueQuery()" />
145 </td>
146 <?php
147 }
148 ?>
149 </tr>
150 </table>
151 <input type="checkbox" name="show_query" value="1" id="checkbox_show_query" checked="checked" />&nbsp;
152 <label for="checkbox_show_query"><?php echo $strShowThisQuery; ?></label><br />
153 <?php
154 if (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE) {
155 ?>
156 <script type="text/javascript">
157 document.writeln('<input type="checkbox" name="LockFromUpdate" value="1" id="checkbox_lock" />&nbsp;');
158 document.writeln(' <label for="checkbox_lock"><?php echo $strQueryWindowLock; ?></label><br />');
159 </script>
160 <?php
161 }
162 ?>
163 </div>
164 <?php
165 } else {
166 ?>
167 <input type="hidden" name="sql_query" value="" />
168 <input type="hidden" name="show_query" value="1" />
169 <?php
170 }
171
172 // loic1: displays import dump feature only if file upload available
173 if ($is_upload && (!isset($is_inside_querywindow) ||
174 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full')))) {
175 echo ' ' . ((isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && $querydisplay_tab == 'full') || !isset($is_inside_querywindow) ? '<i>' . $strOr . '</i>' : '') . ' ' . $strLocationTextfile . '&nbsp;:<br />' . "\n";
176 ?>
177 <div style="margin-bottom: 5px">
178 <input type="file" name="sql_file" class="textfield" /><br />
179 <?php
180 if (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE) {
181 ?>
182 <input type="hidden" name="focus_querywindow" value="true" />
183 <?php
184 }
185
186 $is_gzip = ($cfg['GZipDump'] && @function_exists('gzopen'));
187 $is_bzip = ($cfg['BZipDump'] && @function_exists('bzdecompress'));
188 if ($is_bzip || $is_gzip) {
189 echo ' ' . $strCompression . ':' . "\n"
190 . ' <input type="radio" id="radio_sql_file_compression_auto" name="sql_file_compression" value="" checked="checked" />' . "\n"
191 . ' <label for="radio_sql_file_compression_auto">' . $strAutodetect . '</label>&nbsp;&nbsp;&nbsp;' . "\n"
192 . ' <input type="radio" id="radio_sql_file_compression_plain" name="sql_file_compression" value="text/plain" />' . "\n"
193 . ' <label for="radio_sql_file_compression_plain">' . $strNone . '</label>&nbsp;&nbsp;&nbsp;' . "\n";
194 if ($is_gzip) {
195 echo ' <input type="radio" id="radio_sql_file_compression_gzip" name="sql_file_compression" value="application/x-gzip" />' . "\n"
196 . ' <label for="radio_sql_file_compression_gzip">' . $strGzip . '</label>&nbsp;&nbsp;&nbsp;' . "\n";
197 }
198 if ($is_bzip) {
199 echo ' <input type="radio" id="radio_sql_file_compression_bzip" name="sql_file_compression" value="application/x-bzip" />' . "\n"
200 . ' <label for="radio_sql_file_compression_bzip">' . $strBzip . '</label>&nbsp;&nbsp;&nbsp;' . "\n";
201 }
202 } else {
203 echo ' <input type="hidden" name="sql_file_compression" value="text/plain" />' . "\n";
204 }
205 ?>
206 </div>
207 <?php
208 } // end if
209 echo "\n";
210
211 // web-server upload directory
212 $is_upload_dir = false;
213 if ($cfg['UploadDir'] != '' && !isset($is_inside_querywindow) ||
214 ($cfg['UploadDir'] != '' && isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full'))) {
215
216 if ($handle = @opendir($cfg['UploadDir'])) {
217 if (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE) {
218 ?>
219 <input type="hidden" name="focus_querywindow" value="true" />
220 <?php
221 }
222
223 $is_first = 0;
224 while ($file = @readdir($handle)) {
225 if (is_file($cfg['UploadDir'] . $file) && substr($file, -4) == '.sql') {
226 if ($is_first == 0) {
227 $is_upload_dir = true;
228 echo "\n";
229 echo ' ' . ((isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && $querydisplay_tab == 'full') || !isset($is_inside_querywindow) ? '<i>' . $strOr . '</i>' : '') . ' ' . $strWebServerUploadDirectory . '&nbsp;:<br />' . "\n";
230 echo ' <div style="margin-bottom: 5px">' . "\n";
231 echo ' <select size="1" name="sql_localfile">' . "\n";
232 echo ' <option value="" selected="selected"></option>' . "\n";
233 } // end if (is_first)
234 echo ' <option value="' . htmlspecialchars($file) . '">' . htmlspecialchars($file) . '</option>' . "\n";
235 $is_first++;
236 } // end if (is_file)
237 } // end while
238 if ($is_first > 0) {
239 echo ' </select>' . "\n"
240 . ' </div>' . "\n\n";
241 } // end if (isfirst > 0)
242 @closedir($handle);
243 } else {
244 echo ' <div style="margin-bottom: 5px">' . "\n";
245 echo ' <font color="red">' . $strError . '</font><br />' . "\n";
246 echo ' ' . $strWebServerUploadDirectoryError . "\n";
247 echo ' </div>' . "\n";
248 }
249 } // end if (web-server upload directory)
250 echo "\n";
251
252 // Encoding setting form appended by Y.Kawada
253 if (function_exists('PMA_set_enc_form')) {
254 echo PMA_set_enc_form(' ');
255 }
256
257 // Charset conversion options
258 if (($is_upload || $is_upload_dir) &&
259 (!isset($is_inside_querywindow) ||
260 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full')))
261 && isset($db) && $db != ''){
262 if ($cfg['AllowAnywhereRecoding'] && $allow_recoding) {
263 echo ' <div style="margin-bottom: 5px">' . "\n";
264 $temp_charset = reset($cfg['AvailableCharsets']);
265 echo $strCharsetOfFile . "\n"
266 . ' <select name="charset_of_file" size="1">' . "\n"
267 . ' <option value="' . $temp_charset . '"';
268 if ($temp_charset == $charset) {
269 echo ' selected="selected"';
270 }
271 echo '>' . $temp_charset . '</option>' . "\n";
272 while ($temp_charset = next($cfg['AvailableCharsets'])) {
273 echo ' <option value="' . $temp_charset . '"';
274 if ($temp_charset == $charset) {
275 echo ' selected="selected"';
276 }
277 echo '>' . $temp_charset . '</option>' . "\n";
278 }
279 echo ' </select><br />' . "\n" . ' ';
280 echo ' </div>' . "\n";
281 } // end if (recoding)
282 }
283
284 // Bookmark Support
285 $bookmark_go = FALSE;
286 if (!isset($is_inside_querywindow) ||
287 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'history' || $querydisplay_tab == 'full'))) {
288 if ($cfg['Bookmark']['db'] && $cfg['Bookmark']['table']) {
289 if (($bookmark_list = PMA_listBookmarks($db, $cfg['Bookmark'])) && count($bookmark_list) > 0) {
290 echo " " . ((isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && $querydisplay_tab == 'full') || !isset($is_inside_querywindow) ? "<i>$strOr</i>" : '') . " $strBookmarkQuery&nbsp;:<br />\n";
291
292 if (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE) {
293 ?>
294 <input type="hidden" name="focus_querywindow" value="true" />
295 <?php
296 }
297
298 echo ' <div style="margin-bottom: 5px">' . "\n";
299 echo ' <select name="id_bookmark" style="vertical-align: middle">' . "\n";
300 echo ' <option value=""></option>' . "\n";
301 while (list($key, $value) = each($bookmark_list)) {
302 echo ' <option value="' . $value . '">' . htmlspecialchars($key) . '</option>' . "\n";
303 }
304 echo ' </select>' . "<br />\n";
305 echo ' ' . $strVar . ' (<a href="./Documentation.html#faqbookmark" target="documentation">' . $strDocu . '</a>): <input type="text" name="bookmark_variable" class="textfield" size="10" />' . "\n";
306 echo ' <input type="radio" name="action_bookmark" value="0" id="radio_bookmark0" checked="checked" style="vertical-align: middle" /><label for="radio_bookmark0">' . $strSubmit . '</label>' . "\n";
307 echo ' &nbsp;<input type="radio" name="action_bookmark" value="1" id="radio_bookmark1" style="vertical-align: middle" /><label for="radio_bookmark1">' . $strBookmarkView . '</label>' . "\n";
308 echo ' &nbsp;<input type="radio" name="action_bookmark" value="2" id="radio_bookmark2" style="vertical-align: middle" /><label for="radio_bookmark2">' . $strDelete . '</label>' . "\n";
309 echo ' <br />' . "\n";
310 echo ' </div>' . "\n";
311 $bookmark_go = TRUE;
312 }
313 }
314 }
315
316 if (!isset($is_inside_querywindow) || (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && (($querydisplay_tab == 'files') || $querydisplay_tab == 'sql' || $querydisplay_tab == 'full' || ($querydisplay_tab == 'history' && $bookmark_go)))) {
317 ?>
318 <input type="submit" name="SQL" value="<?php echo $strGo; ?>" />
319 </form>
320 <?php
321 }
322
323 if (!isset($is_inside_querywindow) ||
324 (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE && isset($querydisplay_tab) && ($querydisplay_tab == 'files' || $querydisplay_tab == 'full')) && isset($db) && $db != '') {
325
326 // loic1: displays import dump feature only if file upload available
327 $ldi_target = 'ldi_table.php3?' . $url_query . (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? '&amp;focus_querywindow=true' : '');
328
329 if ($is_upload && isset($db) && isset($table)) {
330 ?>
331 <!-- Insert a text file -->
332 <br /><br />
333 <li>
334 <?php
335 if ($cfg['QueryFrame'] && $cfg['QueryFrameJS']) {
336 ?>
337
338 <script type="text/javascript">
339 document.writeln('<div style="margin-bottom: 10px"><a href="<?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? '#' : $ldi_target); ?>" <?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? 'onclick="opener.top.frames.phpmain\' + opener.top.frames.queryframe.document.hashform.hash.value + \'.location.href = \\\'' . $ldi_target . '\\\'; return false;"' : ''); ?>><?php echo addslashes($strInsertTextfiles); ?></a></div>');
340 </script>
341
342 <?php
343 } else {
344 ?>
345
346 <script type="text/javascript">
347 document.writeln('<div style="margin-bottom: 10px"><a href="<?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? '#' : $ldi_target); ?>" <?php echo (isset($is_inside_querywindow) && $is_inside_querywindow == TRUE ? 'onclick="opener.top.frames.phpmain' . md5($cfg['PmaAbsoluteUri']) . '.location.href = \\\'' . $ldi_target . '\\\'; return false;"' : ''); ?>><?php echo addslashes($strInsertTextfiles); ?></a></div>');
348 </script>
349
350 <?php
351 }
352 ?>
353
354 <noscript>
355 <div style="margin-bottom: 10px"><a href="<?php echo $ldi_target; ?>"><?php echo $strInsertTextfiles; ?></a></div>
356 </noscript>
357 </li>
358 <?php
359 }
360 }
361 echo "\n";
362 ?>
Drizzle / GSOC 2011