search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
path disclosure
[phpmyadmin/crack.git] / export.php3
blob55f0302d5cb15f46f7e068d9c9d257d84e2e76ba
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5 /**
6 * Get the variables sent or posted to this script and a core script
7 */
8 require('./libraries/grab_globals.lib.php3');
9 require('./libraries/common.lib.php3');
10 require('./libraries/zip.lib.php3');
11
12 PMA_checkParameters(array('what'));
13
14 // What type of export are we doing?
15 if ($what == 'excel') {
16 $type = 'csv';
17 } else {
18 $type = $what;
19 }
20
21 /**
22 * Defines the url to return to in case of error in a sql statement
23 */
24 require('./libraries/export/' . $type . '.php3');
25
26 // Generate error url
27 if ($export_type == 'server') {
28 $err_url = 'server_export.php3?' . PMA_generate_common_url();
29 } elseif ($export_type == 'database') {
30 $err_url = 'db_details_export.php3?' . PMA_generate_common_url($db);
31 } else {
32 $err_url = 'tbl_properties_export.php3?' . PMA_generate_common_url($db, $table);
33 }
34
35 /**
36 * Increase time limit for script execution and initializes some variables
37 */
38 @set_time_limit($cfg['ExecTimeLimit']);
39
40 // Start with empty buffer
41 $dump_buffer = '';
42
43 // We send fake headers to avoid browser timeout when buffering
44 $time_start = time();
45
46
47 /**
48 * Output handler for all exports, if needed buffering, it stores data into
49 * $dump_buffer, otherwise it prints thems out.
50 *
51 * @param string the insert statement
52 *
53 * @return bool Whether output suceeded
54 */
55 function PMA_exportOutputHandler($line)
56 {
57 global $time_start;
58
59 // Kanji encoding convert feature
60 if (function_exists('PMA_kanji_str_conv')) {
61 $line = PMA_kanji_str_conv($line, $GLOBALS['knjenc'], isset($GLOBALS['xkana']) ? $GLOBALS['xkana'] : '');
62 }
63 // If we have to buffer data, we will perform everything at once at the end
64 if ($GLOBALS['buffer_needed']) {
65 $GLOBALS['dump_buffer'] .= $line;
66
67 $time_now = time();
68 if ($time_start >= $time_now + 30) {
69 $time_start = $time_now;
70 header('X-pmaPing: Pong');
71 } // end if
72 } else {
73 if ($GLOBALS['asfile']) {
74 if ($GLOBALS['save_on_server']) {
75 $write_result = @fwrite($GLOBALS['file_handle'], $line);
76 if (!$write_result || ($write_result != strlen($line))) {
77 $GLOBALS['message'] = sprintf($GLOBALS['strNoSpace'], $save_filename);
78 return FALSE;
79 }
80 $time_now = time();
81 if ($time_start >= $time_now + 30) {
82 $time_start = $time_now;
83 header('X-pmaPing: Pong');
84 } // end if
85 } else {
86 // We export as file - output normally
87 if ($GLOBALS['output_charset_conversion']) {
88 $line = PMA_convert_string($GLOBALS['charset'], $GLOBALS['charset_of_file'], $line);
89 }
90 echo $line;
91 }
92 } else {
93 // We export as html - replace special chars
94 echo htmlspecialchars($line);
95 }
96 }
97 return TRUE;
98 } // end of the 'PMA_exportOutputHandler()' function
99
100 // Will we save dump on server?
101 $save_on_server = isset($cfg['SaveDir']) && !empty($cfg['SaveDir']) && !empty($onserver);
102
103 // Ensure compressed formats are associated with the download feature
104 if (empty($asfile)) {
105 if ($save_on_server) {
106 $asfile = TRUE;
107 } elseif (isset($compression) && ($compression == 'zip' | $compression == 'gzip' | $compression == 'bzip')) {
108 $asfile = TRUE;
109 } else {
110 $asfile = FALSE;
111 }
112 } else {
113 $asfile = TRUE;
114 }
115
116 // Defines the default <CR><LF> format
117 $crlf = PMA_whichCrlf();
118
119 // Do we need to convert charset?
120 $output_charset_conversion = $asfile &&
121 $cfg['AllowAnywhereRecoding'] && $allow_recoding
122 && isset($charset_of_file) && $charset_of_file != $charset;
123
124 // Set whether we will need buffering
125 $buffer_needed = isset($compression) && ($compression == 'zip' | $compression == 'gzip' | $compression == 'bzip');
126
127 // Generate filename and mime type if needed
128 if ($asfile) {
129 $pma_uri_parts = parse_url($cfg['PmaAbsoluteUri']);
130 if ($export_type == 'server') {
131 if (isset($remember_template)) {
132 setcookie('pma_server_filename_template', $filename_template , 0,
133 substr($pma_uri_parts['path'], 0, strrpos($pma_uri_parts['path'], '/')),
134 '', ($pma_uri_parts['scheme'] == 'https'));
135 }
136 $filename = str_replace('__SERVER__', $GLOBALS['cfg']['Server']['host'], strftime($filename_template));
137 } elseif ($export_type == 'database') {
138 if (isset($remember_template)) {
139 setcookie('pma_db_filename_template', $filename_template , 0,
140 substr($pma_uri_parts['path'], 0, strrpos($pma_uri_parts['path'], '/')),
141 '', ($pma_uri_parts['scheme'] == 'https'));
142 }
143 $filename = str_replace('__DB__', $db, str_replace('__SERVER__', $GLOBALS['cfg']['Server']['host'], strftime($filename_template)));
144 } else {
145 if (isset($remember_template)) {
146 setcookie('pma_table_filename_template', $filename_template , 0,
147 substr($pma_uri_parts['path'], 0, strrpos($pma_uri_parts['path'], '/')),
148 '', ($pma_uri_parts['scheme'] == 'https'));
149 }
150 $filename = str_replace('__TABLE__', $table, str_replace('__DB__', $db, str_replace('__SERVER__', $GLOBALS['cfg']['Server']['host'], strftime($filename_template))));
151 }
152
153 // convert filename to iso-8859-1, it is safer
154 if (!(isset($cfg['AllowAnywhereRecoding']) && $cfg['AllowAnywhereRecoding'] && $allow_recoding)) {
155 $filename = PMA_convert_string($charset, 'iso-8859-1', $filename);
156 } else {
157 $filename = PMA_convert_string($convcharset, 'iso-8859-1', $filename);
158 }
159
160 // Generate basic dump extension
161 if ($type == 'csv') {
162 $filename .= '.csv';
163 $mime_type = 'text/x-csv';
164 } else if ($type == 'xml') {
165 $filename .= '.xml';
166 $mime_type = 'text/xml';
167 } else if ($type == 'latex') {
168 $filename .= '.tex';
169 $mime_type = 'application/x-tex';
170 } else {
171 $filename .= '.sql';
172 // loic1: 'application/octet-stream' is the registered IANA type but
173 // MSIE and Opera seems to prefer 'application/octetstream'
174 $mime_type = (PMA_USR_BROWSER_AGENT == 'IE' || PMA_USR_BROWSER_AGENT == 'OPERA')
175 ? 'application/octetstream'
176 : 'application/octet-stream';
177 }
178
179 // If dump is going to be compressed, set correct mime_type and add
180 // compression to extension
181 if (isset($compression) && $compression == 'bzip') {
182 $filename .= '.bz2';
183 $mime_type = 'application/x-bzip';
184 } else if (isset($compression) && $compression == 'gzip') {
185 $filename .= '.gz';
186 $mime_type = 'application/x-gzip';
187 } else if (isset($compression) && $compression == 'zip') {
188 $filename .= '.zip';
189 $mime_type = 'application/x-zip';
190 }
191 }
192
193 // Open file on server if needed
194 if ($save_on_server) {
195 $save_filename = $cfg['SaveDir'] . ereg_replace('[/\\]','_',$filename);
196 unset($message);
197 if (file_exists($save_filename) && empty($onserverover)) {
198 $message = sprintf($strFileAlreadyExists, $save_filename);
199 } else {
200 if (is_file($save_filename) && !is_writable($save_filename)) {
201 $message = sprintf($strNoPermission, $save_filename);
202 } else {
203 if (!$file_handle = @fopen($save_filename, 'w')) {
204 $message = sprintf($strNoPermission, $save_filename);
205 }
206 }
207 }
208 if (isset($message)) {
209 $js_to_run = 'functions.js';
210 include('./header.inc.php3');
211 if ($export_type == 'server') {
212 $active_page = 'server_export.php3';
213 include('./server_export.php3');
214 } elseif ($export_type == 'database') {
215 $active_page = 'db_details_export.php3';
216 include('./db_details_export.php3');
217 } else {
218 $active_page = 'tbl_properties_export.php3';
219 include('./tbl_properties_export.php3');
220 }
221 exit();
222 }
223 }
224
225 /**
226 * Send headers depending on whether the user chose to download a dump file
227 * or not
228 */
229 if (!$save_on_server) {
230 if ($asfile ) {
231 // Download
232 header('Content-Type: ' . $mime_type);
233 header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT');
234 // lem9 & loic1: IE need specific headers
235 if (PMA_USR_BROWSER_AGENT == 'IE') {
236 header('Content-Disposition: inline; filename="' . $filename . '"');
237 header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
238 header('Pragma: public');
239 } else {
240 header('Content-Disposition: attachment; filename="' . $filename . '"');
241 header('Pragma: no-cache');
242 }
243 } else {
244 // HTML
245 $backup_cfgServer = $cfg['Server'];
246 include('./header.inc.php3');
247 $cfg['Server'] = $backup_cfgServer;
248 unset($backup_cfgServer);
249 echo '<div align="' . $cell_align_left . '">' . "\n";
250 echo ' <pre>' . "\n";
251 } // end download
252 }
253
254 // Check if we have something to export
255 if ($export_type == 'database') {
256 $tables = PMA_mysql_list_tables($db);
257 $num_tables = ($tables) ? @mysql_numrows($tables) : 0;
258 if ($num_tables == 0) {
259 $message = $strNoTablesFound;
260 $js_to_run = 'functions.js';
261 include('./header.inc.php3');
262 if ($export_type == 'server') {
263 $active_page = 'server_export.php3';
264 include('./server_export.php3');
265 } elseif ($export_type == 'database') {
266 $active_page = 'db_details_export.php3';
267 include('./db_details_export.php3');
268 } else {
269 $active_page = 'tbl_properties_export.php3';
270 include('./tbl_properties_export.php3');
271 }
272 exit();
273 }
274 }
275
276 // Add possibly some comments to export
277 PMA_exportHeader();
278
279 // Will we need relation & co. setup?
280 $do_relation = isset($GLOBALS[$what . '_relation']);
281 $do_comments = isset($GLOBALS[$what . '_comments']);
282 $do_mime = isset($GLOBALS[$what . '_mime']);
283 if ($do_relation || $do_comments || $do_mime) {
284 require('./libraries/relation.lib.php3');
285 $cfgRelation = PMA_getRelationsParam();
286 }
287 if ($do_mime) {
288 require('./libraries/transformations.lib.php3');
289 }
290
291 /**
292 * Builds the dump
293 */
294 // Gets the number of tables if a dump of a database has been required
295 if ($export_type == 'server') {
296 /**
297 * Gets the databases list - if it has not been built yet
298 */
299 if ($server > 0 && empty($dblist)) {
300 PMA_availableDatabases();
301 }
302
303 if (isset($db_select)) {
304 $tmp_select = implode($db_select, '|');
305 $tmp_select = '|' . $tmp_select . '|';
306 }
307 // Walk over databases
308 reset($dblist);
309 while (list(, $current_db) = each($dblist)) {
310 if ((isset($tmp_select) && strpos(' ' . $tmp_select, '|' . $current_db . '|'))
311 || !isset($tmp_select)) {
312 PMA_exportDBHeader($current_db);
313 PMA_exportDBCreate($current_db);
314 $tables = PMA_mysql_list_tables($current_db);
315 $num_tables = ($tables) ? @mysql_numrows($tables) : 0;
316 $i = 0;
317 while ($i < $num_tables) {
318 $table = PMA_mysql_tablename($tables, $i);
319 $local_query = 'SELECT * FROM ' . PMA_backquote($current_db) . '.' . PMA_backquote($table);
320 if (isset($GLOBALS[$what . '_structure'])) PMA_exportStructure($current_db, $table, $crlf, $err_url, $do_relation, $do_comments, $do_mime);
321 if (isset($GLOBALS[$what . '_data'])) PMA_exportData($current_db, $table, $crlf, $err_url, $local_query);
322 $i++;
323 }
324 PMA_exportDBFooter($current_db);
325 }
326 }
327 } elseif ($export_type == 'database') {
328 PMA_exportDBHeader($db);
329 if (isset($table_select)) {
330 $tmp_select = implode($table_select, '|');
331 $tmp_select = '|' . $tmp_select . '|';
332 }
333 $i = 0;
334 while ($i < $num_tables) {
335 $table = PMA_mysql_tablename($tables, $i);
336 $local_query = 'SELECT * FROM ' . PMA_backquote($db) . '.' . PMA_backquote($table);
337 if ((isset($tmp_select) && strpos(' ' . $tmp_select, '|' . $table . '|'))
338 || !isset($tmp_select)) {
339
340 if (isset($GLOBALS[$what . '_structure'])) PMA_exportStructure($db, $table, $crlf, $err_url, $do_relation, $do_comments, $do_mime);
341 if (isset($GLOBALS[$what . '_data'])) PMA_exportData($db, $table, $crlf, $err_url, $local_query);
342 }
343 $i++;
344 }
345 PMA_exportDBFooter($db);
346 } else {
347 PMA_exportDBHeader($db);
348 // We export just one table
349
350 if ($limit_to > 0 && $limit_from >= 0) {
351 $add_query = ' LIMIT '
352 . (($limit_from > 0) ? $limit_from . ', ' : '')
353 . $limit_to;
354 } else {
355 $add_query = '';
356 }
357
358 if (!empty($sql_query)) {
359 $local_query = $sql_query . $add_query;
360 PMA_mysql_select_db($db);
361 } else {
362 $local_query = 'SELECT * FROM ' . PMA_backquote($db) . '.' . PMA_backquote($table) . $add_query;
363 }
364
365 if (isset($GLOBALS[$what . '_structure'])) PMA_exportStructure($db, $table, $crlf, $err_url, $do_relation, $do_comments, $do_mime);
366 if (isset($GLOBALS[$what . '_data'])) PMA_exportData($db, $table, $crlf, $err_url, $local_query);
367 PMA_exportDBFooter($db);
368 }
369
370 /**
371 * Send the dump as a file...
372 */
373 if (!empty($asfile)) {
374 // Convert the charset if required.
375 if ($output_charset_conversion) {
376 $dump_buffer = PMA_convert_string($GLOBALS['charset'], $GLOBALS['charset_of_file'], $dump_buffer);
377 }
378
379 // Do the compression
380 // 1. as a gzipped file
381 if (isset($compression) && $compression == 'zip') {
382 if (PMA_PHP_INT_VERSION >= 40000 && @function_exists('gzcompress')) {
383 if ($type == 'csv' ) {
384 $extbis = '.csv';
385 } else if ($type == 'xml') {
386 $extbis = '.xml';
387 } else {
388 $extbis = '.sql';
389 }
390 $zipfile = new zipfile();
391 $zipfile -> addFile($dump_buffer, $filename . $extbis);
392 $dump_buffer = $zipfile -> file();
393 }
394 }
395 // 2. as a bzipped file
396 else if (isset($compression) && $compression == 'bzip') {
397 if (PMA_PHP_INT_VERSION >= 40004 && @function_exists('bzcompress')) {
398 $dump_buffer = bzcompress($dump_buffer);
399 // nijel: eval in next line is because otherwise === causes syntax error on php3
400 if (eval('return($dump_buffer === -8);')) {
401 include('./header.inc.php3');
402 echo sprintf($strBzError, '<a href="http://bugs.php.net/bug.php?id=17300" target="_blank">17300</a>');
403 include('./footer.inc.php3');
404 exit;
405 }
406 }
407 }
408 // 3. as a gzipped file
409 else if (isset($compression) && $compression == 'gzip') {
410 if (PMA_PHP_INT_VERSION >= 40004 && @function_exists('gzencode')) {
411 // without the optional parameter level because it bug
412 $dump_buffer = gzencode($dump_buffer);
413 }
414 }
415
416 /* If ve saved on server, we have to close file now */
417 if ($save_on_server) {
418 $write_result = @fwrite($file_handle, $dump_buffer);
419 fclose($file_handle);
420 if (strlen($dump_buffer) !=0 && (!$write_result || ($write_result != strlen($dump_buffer)))) {
421 $message = sprintf($strNoSpace, $save_filename);
422 } else {
423 $message = sprintf($strDumpSaved, $save_filename);
424 }
425
426 $js_to_run = 'functions.js';
427 include('./header.inc.php3');
428 if ($export_type == 'server') {
429 $active_page = 'server_export.php3';
430 include('./server_export.php3');
431 } elseif ($export_type == 'database') {
432 $active_page = 'db_details_export.php3';
433 include('./db_details_export.php3');
434 } else {
435 $active_page = 'tbl_properties_export.php3';
436 include('./tbl_properties_export.php3');
437 }
438 exit();
439 } else {
440 echo $dump_buffer;
441 }
442 }
443 /**
444 * Displays the dump...
445 */
446 else {
447 /**
448 * Close the html tags and add the footers in dump is displayed on screen
449 */
450 echo ' </pre>' . "\n";
451 echo '</div>' . "\n";
452 echo "\n";
453 include('./footer.inc.php3');
454 } // end if
455 ?>
Drizzle / GSOC 2011