read_dump.php3

   1 <?php
   2 /* $Id$ */
   3 // vim: expandtab sw=4 ts=4 sts=4:
   4
   5 /**
   6  * Gets some core libraries
   7  */
   8 require('./libraries/read_dump.lib.php3');
   9 require('./libraries/grab_globals.lib.php3');
  10 require('./libraries/common.lib.php3');
  11
  12
  13 /**
  14  * Increases the max. allowed time to run a script
  15  */
  16 @set_time_limit($cfg['ExecTimeLimit']);
  17
  18
  19 /**
  20  * Defines the url to return to in case of error in a sql statement
  21  */
  22 if (!isset($goto) || !eregi('^(db_details|tbl_properties)(_[a-z]*)?\.php3$', $goto)) {
  23     $goto = 'db_details.php3';
  24 }
  25 $err_url  = $goto
  26           . '?' . PMA_generate_common_url($db)
  27           . (($goto == 'tbl_properties.php3') ? '&amp;table=' . urlencode($table) : '');
  28
  29
  30 /**
  31  * Set up default values for some variables
  32  */
  33 $view_bookmark = 0;
  34 $sql_bookmark  = isset($sql_bookmark) ? $sql_bookmark : '';
  35 $sql_query     = isset($sql_query)    ? $sql_query    : '';
  36 if (!empty($sql_localfile) && $cfg['UploadDir'] != '') {
  37     $sql_file  = $cfg['UploadDir'] . $sql_localfile;
  38 } else if (empty($sql_file)) {
  39     $sql_file  = 'none';
  40 }
  41
  42
  43 /**
  44  * Bookmark Support: get a query back from bookmark if required
  45  */
  46 if (!empty($id_bookmark)) {
  47     include('./libraries/bookmark.lib.php3');
  48     switch ($action_bookmark) {
  49         case 0: // bookmarked query that have to be run
  50             $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
  51             if (isset($bookmark_variable) && !empty($bookmark_variable)) {
  52                 $sql_query = preg_replace('|/\*(.*)\[VARIABLE\](.*)\*/|imsU', '${1}' . PMA_sqlAddslashes($bookmark_variable) . '${2}', $sql_query);
  53             }
  54             break;
  55         case 1: // bookmarked query that have to be displayed
  56             $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
  57             $view_bookmark = 1;
  58             break;
  59         case 2: // bookmarked query that have to be deleted
  60             $sql_query = PMA_deleteBookmarks($db, $cfg['Bookmark'], $id_bookmark);
  61             break;
  62     }
  63 } // end if
  64
  65
  66 /**
  67  * Prepares the sql query
  68  */
  69 // Gets the query from a file if required
  70 if ($sql_file != 'none') {
  71 // loic1 : fixed a security issue
  72 //    if ((file_exists($sql_file) && is_uploaded_file($sql_file))
  73 //        || file_exists($cfg['UploadDir'] . $sql_localfile)) {
  74     if (file_exists($sql_file)
  75         && ((isset($sql_localfile) && $sql_file == $cfg['UploadDir'] . $sql_localfile) || is_uploaded_file($sql_file))) {
  76         $open_basedir     = '';
  77         if (PMA_PHP_INT_VERSION >= 40000) {
  78             $open_basedir = @ini_get('open_basedir');
  79         }
  80         if (empty($open_basedir)) {
  81             $open_basedir = @get_cfg_var('open_basedir');
  82         }
  83
  84         // If we are on a server with open_basedir, we must move the file
  85         // before opening it. The doc explains how to create the "./tmp"
  86         // directory
  87
  88         if (!empty($open_basedir)) {
  89
  90             $tmp_subdir = (PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/');
  91
  92             // function is_writeable() is valid on PHP3 and 4
  93             if (!is_writeable($tmp_subdir)) {
  94                 // if we cannot move the file, let PHP report the error
  95                 error_reporting(E_ALL);
  96                 $sql_query = PMA_readFile($sql_file, $sql_file_compression);
  97             }
  98             else {
  99                 $sql_file_new = $tmp_subdir . basename($sql_file);
 100                 if (PMA_PHP_INT_VERSION < 40003) {
 101                     copy($sql_file, $sql_file_new);
 102                 } else {
 103                     move_uploaded_file($sql_file, $sql_file_new);
 104                 }
 105                 $sql_query = PMA_readFile($sql_file_new, $sql_file_compression);
 106                 unlink($sql_file_new);
 107             }
 108         }
 109         else {
 110             // read from the normal upload dir
 111             $sql_query = PMA_readFile($sql_file, $sql_file_compression);
 112         }
 113
 114         // Convert the file's charset if necessary
 115         if ($cfg['AllowAnywhereRecoding'] && $allow_recoding
 116             && isset($charset_of_file) && $charset_of_file != $charset) {
 117             $sql_query = PMA_convert_string($charset_of_file, $charset, $sql_query);
 118         }
 119     } // end uploaded file stuff
 120 }
 121
 122 // Kanji convert SQL textfile 2002/1/4 by Y.Kawada
 123 if (@function_exists('PMA_kanji_str_conv')) {
 124     $sql_tmp   = trim($sql_query);
 125     PMA_change_enc_order();
 126     $sql_query = PMA_kanji_str_conv($sql_tmp, $knjenc, isset($xkana) ? $xkana : '');
 127     PMA_change_enc_order();
 128 } else {
 129     $sql_query = trim($sql_query);
 130 }
 131
 132 // $sql_query come from the query textarea, if it's a reposted query gets its
 133 // 'true' value
 134 if (!empty($prev_sql_query)) {
 135     $prev_sql_query = urldecode($prev_sql_query);
 136     if ($sql_query == trim(htmlspecialchars($prev_sql_query))) {
 137         $sql_query  = $prev_sql_query;
 138     }
 139 }
 140
 141 // Drop database is not allowed -> ensure the query can be run
 142 if (!$cfg['AllowUserDropDatabase']
 143     && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) {
 144     // Checks if the user is a Superuser
 145     // TODO: set a global variable with this information
 146     // loic1: optimized query
 147     $result = @PMA_mysql_query('USE mysql');
 148     if (PMA_mysql_error()) {
 149         include('./header.inc.php3');
 150         PMA_mysqlDie($strNoDropDatabases, '', '', $err_url);
 151     }
 152 }
 153 define('PMA_CHK_DROP', 1);
 154
 155 /**
 156  * Executes the query
 157  */
 158 if ($sql_query != '') {
 159     $pieces       = array();
 160     PMA_splitSqlFile($pieces, $sql_query, PMA_MYSQL_INT_VERSION);
 161     $pieces_count = count($pieces);
 162     if ($pieces_count > 1) {
 163         $is_multiple = TRUE;
 164     }
 165
 166     // Copy of the cleaned sql statement for display purpose only (see near the
 167     // beginning of "db_details.php3" & "tbl_properties.php3")
 168     if ($sql_file != 'none' && $pieces_count > 10) {
 169          // Be nice with bandwidth...
 170         $sql_query_cpy = $sql_query = '';
 171     } else {
 172         $sql_query_cpy = implode(";\n", $pieces) . ';';
 173          // Be nice with bandwidth... for now, an arbitrary limit of 500,
 174          // could be made configurable but probably not necessary
 175         if (strlen($sql_query_cpy) > 500) {
 176             $sql_query_cpy = $sql_query = '';
 177         }
 178     }
 179
 180     // really run the query?
 181     if ($view_bookmark == 0) {
 182         // Only one query to run
 183         if ($pieces_count == 1 && !empty($pieces[0])) {
 184             $sql_query = $pieces[0];
 185             if (eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $sql_query)) {
 186                 $reload = 1;
 187             }
 188             include('./sql.php3');
 189             exit();
 190         }
 191
 192         // Runs multiple queries
 193         else if (PMA_mysql_select_db($db)) {
 194             $mult = TRUE;
 195             for ($i = 0; $i < $pieces_count; $i++) {
 196                 $a_sql_query = $pieces[$i];
 197                 $result = PMA_mysql_query($a_sql_query);
 198                 if ($result == FALSE) { // readdump failed
 199                     $my_die = $a_sql_query;
 200                     break;
 201                 }
 202                 if (!isset($reload) && eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $a_sql_query)) {
 203                     $reload = 1;
 204                 }
 205             } // end for
 206         } // end else if
 207     } // end if (really run the query)
 208     unset($pieces);
 209 } // end if
 210
 211
 212
 213 /**
 214  * MySQL error
 215  */
 216 if (isset($my_die)) {
 217     $js_to_run = 'functions.js';
 218     include('./header.inc.php3');
 219     PMA_mysqlDie('', $my_die, '', $err_url);
 220 }
 221
 222
 223 /**
 224  * Go back to the calling script
 225  */
 226 // Checks for a valid target script
 227 if (isset($table) && $table == '') {
 228     unset($table);
 229 }
 230 if (isset($db) && $db == '') {
 231     unset($db);
 232 }
 233 $is_db = $is_table = FALSE;
 234 if ($goto == 'tbl_properties.php3') {
 235     if (!isset($table)) {
 236         $goto     = 'db_details.php3';
 237     } else {
 238         $is_table = @PMA_mysql_query('SHOW TABLES LIKE \'' . PMA_sqlAddslashes($table, TRUE) . '\'');
 239         if (!($is_table && @mysql_numrows($is_table))) {
 240             $goto = 'db_details.php3';
 241             unset($table);
 242         }
 243     } // end if... else...
 244 }
 245 if ($goto == 'db_details.php3') {
 246     if (isset($table)) {
 247         unset($table);
 248     }
 249     if (!isset($db)) {
 250         $goto     = 'main.php3';
 251     } else {
 252         $is_db    = @PMA_mysql_select_db($db);
 253         if (!$is_db) {
 254             $goto = 'main.php3';
 255             unset($db);
 256         }
 257     } // end if... else...
 258 }
 259 // Defines the message to be displayed
 260 if (!empty($id_bookmark) && $action_bookmark == 2) {
 261     $message   = $strBookmarkDeleted;
 262 } else if (!isset($sql_query_cpy)) {
 263     $message   = $strNoQuery;
 264 } else if ($sql_query_cpy == '') {
 265     $message   = "$strSuccess&nbsp;:<br />$strTheContent ($pieces_count $strInstructions)&nbsp;";
 266 } else {
 267     $message   = $strSuccess;
 268 }
 269 // Loads to target script
 270 if ($goto == 'db_details.php3' || $goto == 'tbl_properties.php3') {
 271     $js_to_run = 'functions.js';
 272 }
 273 if ($goto != 'main.php3') {
 274     include('./header.inc.php3');
 275 }
 276 require('./' . $goto);
 277 ?>