search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix XSS on table comment.
[phpmyadmin/crack.git] / navigation.php
blob5d3692fcb93c87784183198945596169998333d5
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4 /**
5 * the navigation frame - displays server, db and table selection tree
6 *
7 * @uses $GLOBALS['PMA_List_Database']
8 * @uses $GLOBALS['server']
9 * @uses $GLOBALS['db']
10 * @uses $GLOBALS['table']
11 * @uses $GLOBALS['available_languages']
12 * @uses $GLOBALS['lang']
13 * @uses $GLOBALS['text_dir']
14 * @uses $GLOBALS['charset']
15 * @uses $GLOBALS['pmaThemeImage']
16 * @uses $GLOBALS['strNoDatabases']
17 * @uses $GLOBALS['strDatabase']
18 * @uses $GLOBALS['strGo']
19 * @uses $GLOBALS['strSelectADb']
20 * @uses $GLOBALS['strNoTablesFound']
21 * @uses $GLOBALS['cfg']['LeftFrameLight']
22 * @uses $GLOBALS['cfg']['ShowTooltip']
23 * @uses $GLOBALS['cfg']['ShowTooltipAliasDB']
24 * @uses $GLOBALS['cfg']['DefaultTabDatabase']
25 * @uses $GLOBALS['cfgRelation']['commwork']) {
26 * @uses PMA_List_Database::getSingleItem()
27 * @uses PMA_List_Database::count()
28 * @uses PMA_List_Database::getHtmlSelectGrouped()
29 * @uses PMA_List_Database::getGroupedDetails()
30 * @uses PMA_generate_common_url()
31 * @uses PMA_generate_common_hidden_inputs()
32 * @uses PMA_getComments();
33 * @uses PMA_getTableCount()
34 * @uses PMA_getTableList()
35 * @uses PMA_getRelationsParam()
36 * @uses PMA_outBufferPre()
37 * @uses session_write_close()
38 * @uses strlen()
39 * @uses session_write_close()
40 * @uses is_array()
41 * @uses implode()
42 * @uses htmlspecialchars()
43 */
44
45 /**
46 * Gets a core script and starts output buffering work
47 */
48 require_once './libraries/common.lib.php';
49
50 /**
51 * finish and cleanup navigation.php script execution
52 *
53 * @uses $GLOBALS['controllink'] to close it
54 * @uses $GLOBALS['userlink'] to close it
55 * @uses PMA_outBufferPost()
56 * @uses PMA_DBI_close()
57 * @access private only to be used in navigation.php
58 */
59 function PMA_exitNavigationFrame()
60 {
61 echo '</body></html>';
62
63 /**
64 * Close MySQL connections
65 */
66 if (isset($GLOBALS['controllink']) && $GLOBALS['controllink']) {
67 @PMA_DBI_close($GLOBALS['controllink']);
68 }
69 if (isset($GLOBALS['userlink']) && $GLOBALS['userlink']) {
70 @PMA_DBI_close($GLOBALS['userlink']);
71 }
72
73 /**
74 * Sends bufferized data
75 */
76 PMA_outBufferPost();
77
78 exit();
79 }
80
81 // free the session file, for the other frames to be loaded
82 session_write_close();
83
84 /**
85 * the output compression library
86 */
87 require_once './libraries/ob.lib.php';
88
89 PMA_outBufferPre();
90
91 /*
92 * selects the database if there is only one on current server
93 */
94 if ($GLOBALS['server'] && ! strlen($GLOBALS['db'])) {
95 $GLOBALS['db'] = $GLOBALS['PMA_List_Database']->getSingleItem();
96 }
97
98 $db_start = $GLOBALS['db'];
99
100 /**
101 * the relation library
102 */
103 require_once './libraries/relation.lib.php';
104 $cfgRelation = PMA_getRelationsParam();
105
106 /**
107 * garvin: For re-usability, moved http-headers to a seperate file.
108 * It can now be included by libraries/header.inc.php, querywindow.php.
109 */
110 require_once './libraries/header_http.inc.php';
111
112 /*
113 * Displays the frame
114 */
115 // xml declaration moves IE into quirks mode, making much trouble with CSS
116 /* echo '<?xml version="1.0" encoding="' . $GLOBALS['charset'] . '"?>'; */
117 ?>
118 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
119 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
120 <html xmlns="http://www.w3.org/1999/xhtml"
121 xml:lang="<?php echo $available_languages[$lang][2]; ?>"
122 lang="<?php echo $available_languages[$lang][2]; ?>"
123 dir="<?php echo $GLOBALS['text_dir']; ?>">
124
125 <head>
126 <link rel="icon" href="./favicon.ico" type="image/x-icon" />
127 <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
128 <title>phpMyAdmin</title>
129 <meta http-equiv="Content-Type"
130 content="text/html; charset=<?php echo $GLOBALS['charset']; ?>" />
131 <base target="frame_content" />
132 <link rel="stylesheet" type="text/css"
133 href="./css/phpmyadmin.css.php?<?php echo PMA_generate_common_url('', ''); ?>&amp;js_frame=left" />
134 <script type="text/javascript" src="js/navigation.js"></script>
135 <script type="text/javascript">
136 // <![CDATA[
137 var image_minus = '<?php echo $GLOBALS['pmaThemeImage']; ?>b_minus.png';
138 var image_plus = '<?php echo $GLOBALS['pmaThemeImage']; ?>b_plus.png';
139 // ]]>
140 </script>
141 <?php
142 /*
143 * remove horizontal scroll bar bug in IE 6 by forcing a vertical scroll bar
144 */
145 ?>
146 <!--[if IE 6]>
147 <style type="text/css">
148 /* <![CDATA[ */
149 html {
150 overflow-y: scroll;
151 }
152 /* ]]> */
153 </style>
154 <![endif]-->
155 </head>
156
157 <body id="body_leftFrame" onload="PMA_setFrameSize();" onresize="PMA_saveFrameSize();">
158 <?php
159 require './libraries/navigation_header.inc.php';
160 if (! $GLOBALS['server']) {
161 // no server selected
162 PMA_exitNavigationFrame();
163 } elseif (! $GLOBALS['PMA_List_Database']->count()) {
164 // no database available, so we break here
165 echo '<p>' . $GLOBALS['strNoDatabases'] . '</p>';
166 PMA_exitNavigationFrame();
167 } elseif ($GLOBALS['cfg']['LeftFrameLight'] && $GLOBALS['PMA_List_Database']->count() > 1) {
168 if (!$cfg['DisplayDatabasesList']) {
169 // more than one database available and LeftFrameLight is true
170 // display db selectbox
171 //
172 // Light mode -> beginning of the select combo for databases
173 // Note: When javascript is active, the frameset will be changed from
174 // within navigation.php. With no JS (<noscript>) the whole frameset will
175 // be rebuilt with the new target frame.
176 ?>
177
178 <div id="databaseList">
179 <form method="post" action="index.php" target="_parent" id="left">
180 <label for="lightm_db"><?php echo $GLOBALS['strDatabase']; ?></label>
181 <?php
182 echo PMA_generate_common_hidden_inputs() . "\n";
183 echo $GLOBALS['PMA_List_Database']->getHtmlSelectGrouped(true) . "\n";
184 echo '<noscript>' . "\n"
185 .'<input type="submit" name="Go" value="' . $GLOBALS['strGo'] . '" />' . "\n"
186 .'</noscript>' . "\n"
187 .'</form>' . "\n"
188 .'</div>' . "\n";
189 } else {
190 echo $GLOBALS['PMA_List_Database']->getHtmlListGrouped(true) . "\n";
191 }
192 }
193 ?>
194
195 <div id="left_tableList">
196 <?php
197 // Don't display expansible/collapsible database info if:
198 // 1. $GLOBALS['server'] == 0 (no server selected)
199 // This is the case when there are multiple servers and
200 // '$GLOBALS['cfg']['ServerDefault'] = 0' is set. In that case, we want the welcome
201 // screen to appear with no database info displayed.
202 // 2. there is only one database available (ie either only one database exists
203 // or $GLOBALS['cfg']['Servers']['only_db'] is defined and is not an array)
204 // In this case, the database should not be collapsible/expandable
205
206 $img_plus = '<img class="icon" id="el%dImg" src="' . $pmaThemeImage . 'b_plus.png"'
207 .' width="9" height="9" alt="+" />';
208 $img_minus = '<img class="icon" id="el%dImg" src="' . $pmaThemeImage . 'b_minus.png"'
209 .' width="9" height="9" alt="-" />';
210
211 $href_left = '<a onclick="if (toggle(\'%d\')) return false;"'
212 .' href="navigation.php?%s" target="_self">';
213
214 $element_counter = 0;
215
216 if ($GLOBALS['cfg']['LeftFrameLight'] && isset($GLOBALS['db']) && strlen($GLOBALS['db'])) {
217 // show selected databasename as link to DefaultTabDatabase-page
218 // with table count in ()
219 $common_url_query = PMA_generate_common_url($GLOBALS['db']);
220
221 $db_tooltip = '';
222
223 if ($GLOBALS['cfg']['ShowTooltip']
224 && $GLOBALS['cfgRelation']['commwork']) {
225 $_db_tooltip = PMA_getComments($GLOBALS['db']);
226 if (is_array($_db_tooltip)) {
227 $db_tooltip = implode(' ', $_db_tooltip);
228 }
229 }
230
231 $disp_name = $GLOBALS['db'];
232 if ($db_tooltip && $GLOBALS['cfg']['ShowTooltipAliasDB']) {
233 $disp_name = $db_tooltip;
234 $disp_name_cut = $db_tooltip;
235 $db_tooltip = $GLOBALS['db'];
236 }
237
238 ?>
239 <p><a class="item"
240 href="<?php echo $GLOBALS['cfg']['DefaultTabDatabase'] . '?' . $common_url_query; ?>"
241 title="<?php echo htmlspecialchars($db_tooltip); ?>" >
242 <?php
243 if ($GLOBALS['text_dir'] === 'rtl') {
244 echo ' <bdo dir="ltr">(' . PMA_getTableCount($GLOBALS['db']) . ')</bdo> ';
245 }
246 echo htmlspecialchars($disp_name);
247 if ($GLOBALS['text_dir'] === 'ltr') {
248 echo ' <bdo dir="ltr">(' . PMA_getTableCount($GLOBALS['db']) . ')</bdo> ';
249 }
250 echo '</a></p>';
251
252 $table_list = PMA_getTableList($GLOBALS['db']);
253 if (count($table_list) > 0) {
254 PMA_displayTableList($table_list, true, '', $GLOBALS['db']);
255 } else {
256 echo $GLOBALS['strNoTablesFound'];
257 }
258 unset($table_list);
259 } elseif ($GLOBALS['cfg']['LeftFrameLight']) {
260 echo '<p>' . $GLOBALS['strSelectADb'] . '</p>' . "\n";
261 } else {
262 $common_url_query = PMA_generate_common_url();
263 PMA_displayDbList($GLOBALS['PMA_List_Database']->getGroupedDetails());
264 }
265
266 /**
267 * displays collapsable db list
268 *
269 * @uses $_REQUEST['dbgroup']
270 * @uses $GLOBALS['cfg']['DefaultTabDatabase']
271 * @uses $GLOBALS['strSelectADb']
272 * @uses strpos()
273 * @uses urlencode()
274 * @uses printf()
275 * @uses htmlspecialchars()
276 * @uses PMA_generate_common_url()
277 * @uses PMA_getTableList()
278 * @uses PMA_displayTableList()
279 * @global $element_counter
280 * @global $img_minus
281 * @global $img_plus
282 * @global $href_left
283 * @global $db_start
284 * @global $common_url_query
285 * @param array $ext_dblist extended db list
286 */
287 function PMA_displayDbList($ext_dblist) {
288 global $element_counter, $img_minus, $img_plus, $href_left,
289 $db_start, $common_url_query;
290
291 // get table list, for all databases
292 // doing this in one step takes advantage of a single query with information_schema!
293 $tables_full = PMA_DBI_get_tables_full($GLOBALS['PMA_List_Database']->items);
294
295 $url_dbgroup = '';
296 echo '<ul id="leftdatabaselist">';
297 $close_db_group = false;
298 foreach ($ext_dblist as $group => $db_group) {
299 if ($GLOBALS['PMA_List_Database']->count() > 1) {
300 if ($close_db_group) {
301 $url_dbgroup = '';
302 echo '</ul>';
303 echo '</li>';
304 $close_db_group = false;
305 }
306 if (count($db_group) > 1) {
307 $close_db_group = true;
308 $url_dbgroup = '&amp;dbgroup=' . urlencode($group);
309 $common_url_query = PMA_generate_common_url() . $url_dbgroup;
310 $element_counter++;
311 echo '<li class="dbgroup">';
312 if ((! empty($_REQUEST['dbgroup']) && $_REQUEST['dbgroup'] == $group)
313 || $db_start == $group || strpos($db_start, $group) === 0) {
314 // display + only if this db(group) is not preselected
315 printf($href_left, $element_counter, PMA_generate_common_url());
316 printf($img_minus, $element_counter);
317 } else {
318 printf($href_left, $element_counter, $common_url_query);
319 printf($img_plus, $element_counter);
320 }
321 echo '</a> ' . $group . "\n";
322 if ((! empty($_REQUEST['dbgroup']) && $_REQUEST['dbgroup'] == $group)
323 || $db_start == $group || strpos($db_start, $group) === 0) {
324 echo '<ul id="subel' . $element_counter . '">' . "\n";
325 } else {
326 echo '<ul id="subel' . $element_counter . '"'
327 .' style="display: none">' . "\n";
328 }
329 }
330 }
331 foreach ($db_group as $db) {
332 $common_url_query = PMA_generate_common_url($db['name']) . $url_dbgroup;
333
334 $element_counter++;
335 // Displays the database name
336 echo '<li>' . "\n";
337
338 if ($GLOBALS['PMA_List_Database']->count() > 1) {
339 // only with more than one db we need collapse ...
340 if ($db_start != $db['name'] || $db['num_tables'] < 1) {
341 // display + only if this db is not preselected
342 // or table count is 0
343 printf($href_left, $element_counter, $common_url_query);
344 printf($img_plus, $element_counter);
345 } else {
346 printf($href_left, $element_counter,
347 PMA_generate_common_url() . $url_dbgroup);
348 printf($img_minus, $element_counter);
349 }
350 echo '</a>';
351
352 // ... and we need to refresh both frames on db selection
353 ?>
354 <a class="item"
355 id="<?php echo htmlspecialchars($db['name']); ?>"
356 href="index.php?<?php echo $common_url_query; ?>"
357 target="_parent"
358 title="<?php echo htmlspecialchars($db['comment']); ?>"
359 onclick="
360 if (! toggle('<?php echo $element_counter; ?>', true))
361 window.parent.goTo('./navigation.php?<?php echo $common_url_query; ?>');
362 window.parent.goTo('./<?php echo $GLOBALS['cfg']['DefaultTabDatabase']
363 . '?' . $common_url_query; ?>', 'main');
364 return false;">
365 <?php
366 if ($GLOBALS['text_dir'] === 'rtl') {
367 echo ' <bdo dir="ltr">(' . $db['num_tables'] . ')</bdo> ';
368 }
369 echo htmlspecialchars($db['disp_name']);
370 if ($GLOBALS['text_dir'] === 'ltr') {
371 echo ' <bdo dir="ltr">(' . $db['num_tables'] . ')</bdo> ';
372 }
373 ?>
374 </a>
375 <?php
376 } else {
377 // with only 1 db available we dont need to refresh left frame
378 // on db selection, only phpmain
379 ?>
380 <a href="<?php echo $GLOBALS['cfg']['DefaultTabDatabase']
381 . '?' . $common_url_query; ?>"
382 id="<?php echo htmlspecialchars($db['name']); ?>"
383 title="<?php echo htmlspecialchars($db['comment']); ?>">
384 <?php
385 if ($GLOBALS['text_dir'] === 'rtl') {
386 echo ' <bdo dir="ltr">(' . $db['num_tables'] . ')</bdo> ';
387 }
388 echo htmlspecialchars($db['disp_name']);
389 if ($GLOBALS['text_dir'] === 'ltr') {
390 echo ' <bdo dir="ltr">(' . $db['num_tables'] . ')</bdo> ';
391 }
392 ?>
393 </a>
394 <?php
395 }
396 if ($db['num_tables']) {
397 if (isset($tables_full[$db['name']])) {
398 $tables = PMA_getTableList($db['name'], $tables_full[$db['name']]);
399 } elseif (isset($tables_full[strtolower($db['name'])])) {
400 // on windows with lower_case_table_names = 1
401 // MySQL returns
402 // with SHOW DATABASES or information_schema.SCHEMATA: `Test`
403 // but information_schema.TABLES gives `test`
404 // bug #1436171
405 // sf.net/tracker/?func=detail&aid=1436171&group_id=23067&atid=377408
406 $tables = PMA_getTableList($db['name'], $tables_full[strtolower($db['name'])]);
407 } else {
408 $tables = PMA_getTableList($db['name']);
409 }
410 $child_visible =
411 (bool) ($GLOBALS['PMA_List_Database']->count() === 1 || $db_start == $db['name']);
412 PMA_displayTableList($tables, $child_visible, '', $db['name']);
413 } elseif ($GLOBALS['cfg']['LeftFrameLight']) {
414 // no tables and LeftFrameLight:
415 // display message no tables in selected db
416 echo '<p>' . $GLOBALS['strSelectADb'] . '</p>' . "\n";
417 }
418 echo '</li>' . "\n";
419 } // end foreach db
420 } // end foreach group
421
422 if ($close_db_group) {
423 $url_dbgroup = '';
424 echo '</ul>';
425 echo '</li>';
426 $close_db_group = false;
427 }
428
429 echo '</ul>' . "\n";
430 }
431
432 /**
433 * display unordered list of tables
434 * calls itself recursively if table in given list
435 * is a list itself
436 *
437 * @uses is_array()
438 * @uses count()
439 * @uses urlencode()
440 * @uses strpos()
441 * @uses printf()
442 * @uses htmlspecialchars()
443 * @uses strlen()
444 * @uses is_array()
445 * @uses PMA_displayTableList()
446 * @uses $_REQUEST['tbl_group']
447 * @uses $GLOBALS['common_url_query']
448 * @uses $GLOBALS['table']
449 * @uses $GLOBALS['pmaThemeImage']
450 * @uses $GLOBALS['cfg']['LeftFrameTableSeparator']
451 * @uses $GLOBALS['cfg']['DefaultTabDatabase']
452 * @uses $GLOBALS['cfg']['DefaultTabTable']
453 * @uses $GLOBALS['strRows']
454 * @uses $GLOBALS['strBrowse']
455 * @global integer the element counter
456 * @global string html code for '-' image
457 * @global string html code for '+' image
458 * @global string html code for self link
459 * @param array $tables array of tables/tablegroups
460 * @param boolean $visible wether the list is visible or not
461 * @param string $tab_group_full full tab group name
462 * @param string $table_db db of this table
463 */
464 function PMA_displayTableList($tables, $visible = false,
465 $tab_group_full = '', $table_db = '')
466 {
467 if (! is_array($tables) || count($tables) === 0) {
468 return;
469 }
470
471 global $element_counter, $img_minus, $img_plus, $href_left;
472 $sep = $GLOBALS['cfg']['LeftFrameTableSeparator'];
473
474 if ($visible) {
475 echo '<ul id="subel' . $element_counter . '">';
476 } else {
477 echo '<ul id="subel' . $element_counter . '" style="display: none">';
478 }
479 foreach ($tables as $group => $table) {
480 if (isset($table['is' . $sep . 'group'])) {
481 $common_url_query = $GLOBALS['common_url_query']
482 . '&amp;tbl_group=' . urlencode($tab_group_full . $group);
483
484 $element_counter++;
485 echo '<li>' . "\n";
486 if ($visible &&
487 ((isset($_REQUEST['tbl_group'])
488 && (strpos($_REQUEST['tbl_group'], $group) === 0
489 || strpos($_REQUEST['tbl_group'], $sep . $group) !== false))
490 ||
491 (isset($GLOBALS['table'])
492 && strpos($GLOBALS['table'], $group) === 0))) {
493 printf($href_left, $element_counter,
494 $GLOBALS['common_url_query'] . '&amp;tbl_group=' . $tab_group_full);
495 printf($img_minus, $element_counter);
496 } else {
497 printf($href_left, $element_counter, $common_url_query);
498 printf($img_plus, $element_counter);
499 }
500 echo '</a>';
501 ?>
502 <a href="index.php?<?php echo $common_url_query; ?>"
503 target="_parent"
504 onclick="
505 if (! toggle('<?php echo $element_counter; ?>', true))
506 window.parent.goTo('./navigation.php?<?php echo $common_url_query; ?>');
507 window.parent.goTo('./<?php echo $GLOBALS['cfg']['DefaultTabDatabase']
508 . '?' . $common_url_query; ?>', 'main');
509 return false;">
510 <?php
511 if ($GLOBALS['text_dir'] === 'rtl') {
512 echo ' <bdo dir="ltr">(' . $table['tab' . $sep . 'count'] . ')</bdo> ';
513 }
514 echo htmlspecialchars(substr($group, 0, strlen($group) - strlen($sep)));
515 if ($GLOBALS['text_dir'] === 'ltr') {
516 echo ' <bdo dir="ltr">(' . $table['tab' . $sep . 'count'] . ')</bdo> ';
517 }
518 ?>
519 </a>
520 <?php
521
522 unset($table['is' . $sep . 'group']);
523 unset($table['tab' . $sep . 'group']);
524 unset($table['tab' . $sep . 'count']);
525
526 if ($visible &&
527 ((isset($_REQUEST['tbl_group'])
528 && (strpos($_REQUEST['tbl_group'], $group) === 0
529 || strpos($_REQUEST['tbl_group'], $sep . $group) !== false))
530 ||
531 (isset($GLOBALS['table'])
532 && strpos($GLOBALS['table'], $group) === 0))) {
533 PMA_displayTableList($table, true,
534 $tab_group_full . $group, $table_db);
535 } else {
536 PMA_displayTableList($table, false, '', $table_db);
537 }
538 echo '</li>' . "\n";
539 } elseif (is_array($table)) {
540 $href = $GLOBALS['cfg']['DefaultTabTable'] . '?'
541 .$GLOBALS['common_url_query'] . '&amp;table='
542 .urlencode($table['Name']);
543 echo '<li>' . "\n";
544 echo '<a title="' . $GLOBALS['strBrowse'] . ': '
545 . htmlspecialchars($table['Comment'])
546 .' (' . PMA_formatNumber($table['Rows'], 0) . ' ' . $GLOBALS['strRows'] . ')"'
547 .' id="browse_' . htmlspecialchars($table_db . '.' . $table['Name']) . '"'
548 .' href="sql.php?' . $GLOBALS['common_url_query']
549 .'&amp;table=' . urlencode($table['Name'])
550 .'&amp;goto=' . $GLOBALS['cfg']['DefaultTabTable']
551 . '" >'
552 .'<img class="icon"';
553 if ('VIEW' === strtoupper($table['Comment'])) {
554 echo ' src="' . $GLOBALS['pmaThemeImage'] . 's_views.png"';
555 } else {
556 echo ' src="' . $GLOBALS['pmaThemeImage'] . 'b_sbrowse.png"';
557 }
558 echo ' id="icon_' . htmlspecialchars($table_db . '.' . $table['Name']) . '"'
559 .' width="10" height="10" alt="' . $GLOBALS['strBrowse'] . '" /></a>' . "\n"
560 .'<a href="' . $href . '" title="' . htmlspecialchars($table['Comment']
561 .' (' . PMA_formatNumber($table['Rows'], 0) . ' ' . $GLOBALS['strRows']) . ')"'
562 .' id="' . htmlspecialchars($table_db . '.' . $table['Name']) . '">'
563 . htmlspecialchars($table['disp_name']) . '</a>';
564 echo '</li>' . "\n";
565 }
566 }
567 echo '</ul>';
568 }
569
570 echo '</div>';
571 PMA_exitNavigationFrame();
572 ?>
Drizzle / GSOC 2011