replaced by text_plain__imagelink
[phpmyadmin/crack.git] / read_dump.php3
blob7b44dd0eeba2ea6d0c8920771a5c0fe1acda6a14
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
5 /**
6 * Gets some core libraries
7 */
8 require('./libraries/read_dump.lib.php3');
9 require('./libraries/grab_globals.lib.php3');
10 require('./libraries/common.lib.php3');
13 /**
14 * Increases the max. allowed time to run a script
16 @set_time_limit($cfg['ExecTimeLimit']);
19 /**
20 * Defines the url to return to in case of error in a sql statement
22 if (!isset($goto)
23 || ($goto != 'db_details.php3' && $goto != 'tbl_properties.php3')) {
24 $goto = 'db_details.php3';
26 $err_url = $goto
27 . '?' . PMA_generate_common_url($db)
28 . (($goto == 'tbl_properties.php3') ? '&amp;table=' . urlencode($table) : '');
31 /**
32 * Set up default values for some variables
34 $view_bookmark = 0;
35 $sql_bookmark = isset($sql_bookmark) ? $sql_bookmark : '';
36 $sql_query = isset($sql_query) ? $sql_query : '';
37 if (!empty($sql_localfile) && $cfg['UploadDir'] != '') {
38 $sql_file = $cfg['UploadDir'] . $sql_localfile;
39 } else if (empty($sql_file)) {
40 $sql_file = 'none';
44 /**
45 * Bookmark Support: get a query back from bookmark if required
47 if (!empty($id_bookmark)) {
48 include('./libraries/bookmark.lib.php3');
49 switch ($action_bookmark) {
50 case 0: // bookmarked query that have to be run
51 $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
52 if (isset($bookmark_variable) && !empty($bookmark_variable)) {
53 $sql_query = preg_replace('|/\*(.*)\[VARIABLE\](.*)\*/|imsU', '${1}' . PMA_sqlAddslashes($bookmark_variable) . '${2}', $sql_query);
55 break;
56 case 1: // bookmarked query that have to be displayed
57 $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
58 $view_bookmark = 1;
59 break;
60 case 2: // bookmarked query that have to be deleted
61 $sql_query = PMA_deleteBookmarks($db, $cfg['Bookmark'], $id_bookmark);
62 break;
64 } // end if
67 /**
68 * Prepares the sql query
70 // Gets the query from a file if required
71 if ($sql_file != 'none') {
72 // loic1 : fixed a security issue
73 // if ((file_exists($sql_file) && is_uploaded_file($sql_file))
74 // || file_exists($cfg['UploadDir'] . $sql_localfile)) {
75 if (file_exists($sql_file)
76 && ((isset($sql_localfile) && $sql_file == $cfg['UploadDir'] . $sql_localfile) || is_uploaded_file($sql_file))) {
77 $open_basedir = '';
78 if (PMA_PHP_INT_VERSION >= 40000) {
79 $open_basedir = @ini_get('open_basedir');
81 if (empty($open_basedir)) {
82 $open_basedir = @get_cfg_var('open_basedir');
85 // If we are on a server with open_basedir, we must move the file
86 // before opening it. The doc explains how to create the "./tmp"
87 // directory
89 if (!empty($open_basedir)) {
91 $tmp_subdir = (PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/');
93 // function is_writeable() is valid on PHP3 and 4
94 if (!is_writeable($tmp_subdir)) {
95 // if we cannot move the file, let PHP report the error
96 error_reporting(E_ALL);
97 $sql_query = PMA_readFile($sql_file, $sql_file_compression);
99 else {
100 $sql_file_new = $tmp_subdir . basename($sql_file);
101 if (PMA_PHP_INT_VERSION < 40003) {
102 copy($sql_file, $sql_file_new);
103 } else {
104 move_uploaded_file($sql_file, $sql_file_new);
106 $sql_query = PMA_readFile($sql_file_new, $sql_file_compression);
107 unlink($sql_file_new);
110 else {
111 // read from the normal upload dir
112 $sql_query = PMA_readFile($sql_file, $sql_file_compression);
115 // Convert the file's charset if necessary
116 if ($cfg['AllowAnywhereRecoding'] && $allow_recoding
117 && isset($charset_of_file) && $charset_of_file != $charset) {
118 $sql_query = PMA_convert_string($charset_of_file, $charset, $sql_query);
120 } // end uploaded file stuff
123 // Kanji convert SQL textfile 2002/1/4 by Y.Kawada
124 if (@function_exists('PMA_kanji_str_conv')) {
125 $sql_tmp = trim($sql_query);
126 PMA_change_enc_order();
127 $sql_query = PMA_kanji_str_conv($sql_tmp, $knjenc, isset($xkana) ? $xkana : '');
128 PMA_change_enc_order();
129 } else {
130 $sql_query = trim($sql_query);
133 // $sql_query come from the query textarea, if it's a reposted query gets its
134 // 'true' value
135 if (!empty($prev_sql_query)) {
136 $prev_sql_query = urldecode($prev_sql_query);
137 if ($sql_query == trim(htmlspecialchars($prev_sql_query))) {
138 $sql_query = $prev_sql_query;
142 // Drop database is not allowed -> ensure the query can be run
143 if (!$cfg['AllowUserDropDatabase']
144 && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) {
145 // Checks if the user is a Superuser
146 // TODO: set a global variable with this information
147 // loic1: optimized query
148 $result = @PMA_mysql_query('USE mysql');
149 if (PMA_mysql_error()) {
150 include('./header.inc.php3');
151 PMA_mysqlDie($strNoDropDatabases, '', '', $err_url);
154 define('PMA_CHK_DROP', 1);
157 * Executes the query
159 if ($sql_query != '') {
160 $pieces = array();
161 PMA_splitSqlFile($pieces, $sql_query, PMA_MYSQL_INT_VERSION);
162 $pieces_count = count($pieces);
163 if ($pieces_count > 1) {
164 $is_multiple = TRUE;
167 // Copy of the cleaned sql statement for display purpose only (see near the
168 // beginning of "db_details.php3" & "tbl_properties.php3")
169 if ($sql_file != 'none' && $pieces_count > 10) {
170 // Be nice with bandwidth...
171 $sql_query_cpy = $sql_query = '';
172 } else {
173 $sql_query_cpy = implode(";\n", $pieces) . ';';
174 // Be nice with bandwidth... for now, an arbitrary limit of 500,
175 // could be made configurable but probably not necessary
176 if (strlen($sql_query_cpy) > 500) {
177 $sql_query_cpy = $sql_query = '';
181 // really run the query?
182 if ($view_bookmark == 0) {
183 // Only one query to run
184 if ($pieces_count == 1 && !empty($pieces[0])) {
185 $sql_query = $pieces[0];
186 if (eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $sql_query)) {
187 $reload = 1;
189 include('./sql.php3');
190 exit();
193 // Runs multiple queries
194 else if (PMA_mysql_select_db($db)) {
195 $mult = TRUE;
196 for ($i = 0; $i < $pieces_count; $i++) {
197 $a_sql_query = $pieces[$i];
198 $result = PMA_mysql_query($a_sql_query);
199 if ($result == FALSE) { // readdump failed
200 $my_die = $a_sql_query;
201 break;
203 if (!isset($reload) && eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $a_sql_query)) {
204 $reload = 1;
206 } // end for
207 } // end else if
208 } // end if (really run the query)
209 unset($pieces);
210 } // end if
215 * MySQL error
217 if (isset($my_die)) {
218 $js_to_run = 'functions.js';
219 include('./header.inc.php3');
220 PMA_mysqlDie('', $my_die, '', $err_url);
225 * Go back to the calling script
227 // Checks for a valid target script
228 if (isset($table) && $table == '') {
229 unset($table);
231 if (isset($db) && $db == '') {
232 unset($db);
234 $is_db = $is_table = FALSE;
235 if ($goto == 'tbl_properties.php3') {
236 if (!isset($table)) {
237 $goto = 'db_details.php3';
238 } else {
239 $is_table = @PMA_mysql_query('SHOW TABLES LIKE \'' . PMA_sqlAddslashes($table, TRUE) . '\'');
240 if (!($is_table && @mysql_numrows($is_table))) {
241 $goto = 'db_details.php3';
242 unset($table);
244 } // end if... else...
246 if ($goto == 'db_details.php3') {
247 if (isset($table)) {
248 unset($table);
250 if (!isset($db)) {
251 $goto = 'main.php3';
252 } else {
253 $is_db = @PMA_mysql_select_db($db);
254 if (!$is_db) {
255 $goto = 'main.php3';
256 unset($db);
258 } // end if... else...
260 // Defines the message to be displayed
261 if (!empty($id_bookmark) && $action_bookmark == 2) {
262 $message = $strBookmarkDeleted;
263 } else if (!isset($sql_query_cpy)) {
264 $message = $strNoQuery;
265 } else if ($sql_query_cpy == '') {
266 $message = "$strSuccess&nbsp;:<br />$strTheContent ($pieces_count $strInstructions)&nbsp;";
267 } else {
268 $message = $strSuccess;
270 // Loads to target script
271 if ($goto == 'db_details.php3' || $goto == 'tbl_properties.php3') {
272 $js_to_run = 'functions.js';
274 if ($goto != 'main.php3') {
275 include('./header.inc.php3');
277 require('./' . $goto);