search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
path disclosure
[phpmyadmin/crack.git] / mult_submits.inc.php3
bloba80145e59f91b0f63c95fce0b4ccb5232c46b127
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5
6 /**
7 * Prepares the work and runs some other scripts if required
8 */
9 if (!empty($submit_mult)
10 && ($submit_mult != $strWithChecked)
11 && (!empty($selected_db) || !empty($selected_tbl) || !empty($selected_fld))) {
12
13 if (!empty($selected_db)) {
14 $selected = $selected_db;
15 $what = 'drop_db';
16 } else if (!empty($selected_tbl)) {
17 if ($submit_mult == $strPrintView) {
18 include('./tbl_printview.php3');
19 exit();
20 } else {
21 $selected = $selected_tbl;
22 switch ($submit_mult) {
23 case 'drop_db':
24 $what = 'drop_db';
25 break;
26 case $strDrop:
27 $what = 'drop_tbl';
28 break;
29 case $strEmpty:
30 $what = 'empty_tbl';
31 break;
32 case $strCheckTable:
33 unset($submit_mult);
34 $query_type = 'check_tbl';
35 $mult_btn = $strYes;
36 break;
37 case $strOptimizeTable:
38 unset($submit_mult);
39 $query_type = 'optimize_tbl';
40 $mult_btn = $strYes;
41 break;
42 case $strRepairTable:
43 unset($submit_mult);
44 $query_type = 'repair_tbl';
45 $mult_btn = $strYes;
46 break;
47 case $strAnalyzeTable:
48 unset($submit_mult);
49 $query_type = 'analyze_tbl';
50 $mult_btn = $strYes;
51 break;
52 } // end switch
53 }
54 } else {
55 $selected = $selected_fld;
56 if ($submit_mult == $strDrop) {
57 $what = 'drop_fld';
58 } else {
59 include('./tbl_alter.php3');
60 exit();
61 }
62 }
63 } // end if
64
65
66 /**
67 * Displays the confirmation form if required
68 */
69 if (!empty($submit_mult) && !empty($what)) {
70 $js_to_run = 'functions.js';
71 unset($message);
72 if (!empty($table)) {
73 include('./tbl_properties_common.php3');
74 $url_query .= '&amp;goto=tbl_properties.php3&amp;back=tbl_properties.php3';
75 include('./tbl_properties_table_info.php3');
76 }
77 elseif (!empty($db)) {
78 include('./db_details_common.php3');
79 include('./db_details_db_info.php3');
80 }
81 // Builds the query
82 $full_query = '';
83 $selected_cnt = count($selected);
84 for ($i = 0; $i < $selected_cnt; $i++) {
85 switch ($what) {
86 case 'drop_db':
87 $full_query .= 'DROP DATABASE '
88 . PMA_backquote(htmlspecialchars(urldecode($selected[$i])))
89 . ';<br />';
90 break;
91
92 case 'drop_tbl':
93 $full_query .= (empty($full_query) ? 'DROP TABLE ' : ', ')
94 . PMA_backquote(htmlspecialchars(urldecode($selected[$i])))
95 . (($i == $selected_cnt - 1) ? ';<br />' : '');
96 break;
97
98 case 'empty_tbl':
99 if (PMA_MYSQL_INT_VERSION >= 40000) {
100 $full_query .= 'TRUNCATE ';
101 } else {
102 $full_query .= 'DELETE FROM ';
103 }
104 $full_query .= PMA_backquote(htmlspecialchars(urldecode($selected[$i])))
105 . ';<br />';
106 break;
107
108 case 'drop_fld':
109 if ($full_query == '') {
110 $full_query .= 'ALTER TABLE '
111 . PMA_backquote(htmlspecialchars($table))
112 . '<br />&nbsp;&nbsp;DROP '
113 . PMA_backquote(htmlspecialchars(urldecode($selected[$i])))
114 . ',';
115 } else {
116 $full_query .= '<br />&nbsp;&nbsp;DROP '
117 . PMA_backquote(htmlspecialchars(urldecode($selected[$i])))
118 . ',';
119 }
120 if ($i == $selected_cnt-1) {
121 $full_query = ereg_replace(',$', ';<br />', $full_query);
122 }
123 break;
124 } // end switch
125 }
126
127 // Displays the form
128 echo $strDoYouReally . '&nbsp;:<br />' . "\n";
129 echo '<tt>' . $full_query . '</tt>&nbsp;?<br/>' . "\n";
130 ?>
131 <form action="<?php echo $action; ?>" method="post">
132 <?php
133 echo "\n";
134 if (strpos(' ' . $action, 'db_details') == 1) {
135 echo PMA_generate_common_hidden_inputs($db);
136 } else if (strpos(' ' . $action, 'tbl_properties') == 1) {
137 echo PMA_generate_common_hidden_inputs($db,$table);
138 } else {
139 echo PMA_generate_common_hidden_inputs();
140 }
141 for ($i = 0; $i < $selected_cnt; $i++) {
142 echo ' <input type="hidden" name="selected[]" value="' . htmlspecialchars($selected[$i]) . '" />' . "\n";
143 }
144 ?>
145 <input type="hidden" name="query_type" value="<?php echo $what; ?>" />
146 <input type="submit" name="mult_btn" value="<?php echo $strYes; ?>" />
147 <input type="submit" name="mult_btn" value="<?php echo $strNo; ?>" />
148 </form>
149 <?php
150 echo"\n";
151
152 include('./footer.inc.php3');
153 exit();
154 } // end if
155
156
157 /**
158 * Executes the query
159 */
160 else if ($mult_btn == $strYes) {
161
162 if ($query_type == 'drop_db' || $query_type == 'drop_tbl' || $query_type == 'drop_fld') {
163 include('./libraries/relation_cleanup.lib.php3');
164 }
165
166 $sql_query = '';
167 $selected_cnt = count($selected);
168 for ($i = 0; $i < $selected_cnt; $i++) {
169 switch ($query_type) {
170 case 'drop_db':
171 PMA_relationsCleanupDatabase($selected[$i]);
172 $a_query = 'DROP DATABASE '
173 . PMA_backquote(urldecode($selected[$i]));
174 $reload = 1;
175 break;
176
177 case 'drop_tbl':
178 PMA_relationsCleanupTable($db, $selected[$i]);
179 $sql_query .= (empty($sql_query) ? 'DROP TABLE ' : ', ')
180 . PMA_backquote(urldecode($selected[$i]))
181 . (($i == $selected_cnt-1) ? ';' : '');
182 $reload = 1;
183 break;
184
185 case 'check_tbl':
186 $sql_query .= (empty($sql_query) ? 'CHECK TABLE ' : ', ')
187 . PMA_backquote(urldecode($selected[$i]));
188 break;
189
190 case 'optimize_tbl':
191 $sql_query .= (empty($sql_query) ? 'OPTIMIZE TABLE ' : ', ')
192 . PMA_backquote(urldecode($selected[$i]));
193 break;
194
195 case 'analyze_tbl':
196 $sql_query .= (empty($sql_query) ? 'ANALYZE TABLE ' : ', ')
197 . PMA_backquote(urldecode($selected[$i]));
198 break;
199
200 case 'repair_tbl':
201 $sql_query .= (empty($sql_query) ? 'REPAIR TABLE ' : ', ')
202 . PMA_backquote(urldecode($selected[$i]));
203 break;
204
205 case 'empty_tbl':
206 if (PMA_MYSQL_INT_VERSION >= 40000) {
207 $a_query = 'TRUNCATE ';
208 } else {
209 $a_query = 'DELETE FROM ';
210 }
211 $a_query .= PMA_backquote(htmlspecialchars(urldecode($selected[$i])));
212 break;
213
214 case 'drop_fld':
215 PMA_relationsCleanupTable($db, $table, $selected[$i]);
216 $sql_query .= (empty($sql_query) ? 'ALTER TABLE ' . PMA_backquote($table) : ',')
217 . ' DROP ' . PMA_backquote(urldecode($selected[$i]))
218 . (($i == $selected_cnt-1) ? ';' : '');
219 break;
220 } // end switch
221
222 // All "DROP TABLE","DROP FIELD", "OPTIMIZE TABLE" and "REPAIR TABLE"
223 // statements will be run at once below
224 if ($query_type != 'drop_tbl'
225 && $query_type != 'drop_fld'
226 && $query_type != 'repair_tbl'
227 && $query_type != 'analyze_tbl'
228 && $query_type != 'optimize_tbl'
229 && $query_type != 'check_tbl') {
230
231 $sql_query .= $a_query . ';' . "\n";
232
233 if ($query_type != 'drop_db') {
234 PMA_mysql_select_db($db);
235 }
236 $result = @PMA_mysql_query($a_query) or PMA_mysqlDie('', $a_query, FALSE, $err_url);
237 } // end if
238 } // end for
239
240 if ($query_type == 'drop_tbl'
241 || $query_type == 'drop_fld') {
242 PMA_mysql_select_db($db);
243 $result = @PMA_mysql_query($sql_query) or PMA_mysqlDie('', '', FALSE, $err_url);
244 } elseif ($query_type == 'repair_tbl'
245 || $query_type == 'analyze_tbl'
246 || $query_type == 'check_tbl'
247 || $query_type == 'optimize_tbl') {
248 include('./sql.php3');
249 exit();
250 }
251
252 }
253
254 ?>
Drizzle / GSOC 2011