search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
remove control M
[phpmyadmin/crack.git] / read_dump.php3
blobcf0270b5561f251ab98808c53584bebad9ba1e4c
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5 /**
6 * Gets some core libraries
7 */
8 require('./libraries/read_dump.lib.php3');
9 require('./libraries/grab_globals.lib.php3');
10 require('./libraries/common.lib.php3');
11
12 if (!isset($db)) {
13 $db = '';
14 }
15
16 /**
17 * Increases the max. allowed time to run a script
18 */
19 @set_time_limit($cfg['ExecTimeLimit']);
20
21
22 /**
23 * Defines the url to return to in case of error in a sql statement
24 */
25 if (!isset($goto) || !eregi('^(db_details|tbl_properties)(_[a-z]*)?\.php3$', $goto)) {
26 $goto = 'db_details.php3';
27 }
28 $err_url = $goto
29 . '?' . PMA_generate_common_url($db)
30 . (eregi('^tbl_properties(_[a-z]*)?\.php3$', $goto) ? '&amp;table=' . urlencode($table) : '');
31
32
33 /**
34 * Set up default values for some variables
35 */
36 $view_bookmark = 0;
37 $sql_bookmark = isset($sql_bookmark) ? $sql_bookmark : '';
38 $sql_query = isset($sql_query) ? $sql_query : '';
39 if (!empty($sql_localfile) && !empty($cfg['UploadDir'])) {
40 if (substr($cfg['UploadDir'], -1) != '/') {
41 $cfg['UploadDir'] .= '/';
42 }
43 $sql_file = $cfg['UploadDir'] . $sql_localfile;
44 } else if (empty($sql_file)) {
45 $sql_file = 'none';
46 }
47
48 /**
49 * Bookmark Support: get a query back from bookmark if required
50 */
51 if (!empty($id_bookmark)) {
52 include('./libraries/bookmark.lib.php3');
53 switch ($action_bookmark) {
54 case 0: // bookmarked query that have to be run
55 $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
56 if (isset($bookmark_variable) && !empty($bookmark_variable)) {
57 if (PMA_PHP_INT_VERSION >= 40300) {
58 $sql_query = preg_replace('|/\*(.*)\[VARIABLE\](.*)\*/|imsU', '${1}' . PMA_sqlAddslashes($bookmark_variable) . '${2}', $sql_query);
59 } else {
60 $sql_query = preg_replace('|/\*(.*)\[VARIABLE\](.*)\*/|imsU', '\1 ' . PMA_sqlAddslashes($bookmark_variable) . '\2', $sql_query);
61 }
62 }
63 break;
64 case 1: // bookmarked query that have to be displayed
65 $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
66 $view_bookmark = 1;
67 break;
68 case 2: // bookmarked query that have to be deleted
69 $sql_query = PMA_deleteBookmarks($db, $cfg['Bookmark'], $id_bookmark);
70 break;
71 }
72 } // end if
73
74
75 /**
76 * Prepares the sql query
77 */
78 // Gets the query from a file if required
79 if ($sql_file != 'none') {
80 // loic1 : fixed a security issue
81 // if ((file_exists($sql_file) && is_uploaded_file($sql_file))
82 // || file_exists($cfg['UploadDir'] . $sql_localfile)) {
83 if (file_exists($sql_file)
84 && ((isset($sql_localfile) && $sql_file == $cfg['UploadDir'] . $sql_localfile) || is_uploaded_file($sql_file))) {
85 $open_basedir = '';
86 if (PMA_PHP_INT_VERSION >= 40000) {
87 $open_basedir = @ini_get('open_basedir');
88 }
89 if (empty($open_basedir)) {
90 $open_basedir = @get_cfg_var('open_basedir');
91 }
92
93 if (!isset($sql_file_compression)) $sql_file_compression = '';
94
95 // If we are on a server with open_basedir, we must move the file
96 // before opening it. The doc explains how to create the "./tmp"
97 // directory
98
99 if (!empty($open_basedir)) {
100
101 $tmp_subdir = (PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/');
102
103 // function is_writeable() is valid on PHP3 and 4
104 if (!is_writeable($tmp_subdir)) {
105 $sql_query = PMA_readFile($sql_file, $sql_file_compression);
106 if ($sql_query == FALSE) {
107 $message = $strFileCouldNotBeRead;
108 }
109 }
110 else {
111 $sql_file_new = $tmp_subdir . basename($sql_file);
112 if (PMA_PHP_INT_VERSION < 40003) {
113 copy($sql_file, $sql_file_new);
114 } else {
115 move_uploaded_file($sql_file, $sql_file_new);
116 }
117 $sql_query = PMA_readFile($sql_file_new, $sql_file_compression);
118 unlink($sql_file_new);
119 }
120 }
121 else {
122 // read from the normal upload dir
123 $sql_query = PMA_readFile($sql_file, $sql_file_compression);
124 if ($sql_query == FALSE) {
125 $message = $strFileCouldNotBeRead;
126 }
127 }
128
129 // Convert the file's charset if necessary
130 if ($cfg['AllowAnywhereRecoding'] && $allow_recoding
131 && isset($charset_of_file) && $charset_of_file != $charset) {
132 $sql_query = PMA_convert_string($charset_of_file, $charset, $sql_query);
133 }
134 } // end uploaded file stuff
135 }
136
137 // Kanji convert SQL textfile 2002/1/4 by Y.Kawada
138 if (@function_exists('PMA_kanji_str_conv')) {
139 $sql_tmp = trim($sql_query);
140 PMA_change_enc_order();
141 $sql_query = PMA_kanji_str_conv($sql_tmp, $knjenc, isset($xkana) ? $xkana : '');
142 PMA_change_enc_order();
143 } else {
144 $sql_query = trim($sql_query);
145 }
146
147 // $sql_query come from the query textarea, if it's a reposted query gets its
148 // 'true' value
149 if (!empty($prev_sql_query)) {
150 $prev_sql_query = urldecode($prev_sql_query);
151 if ($sql_query == trim(htmlspecialchars($prev_sql_query))) {
152 $sql_query = $prev_sql_query;
153 }
154 }
155
156 // Drop database is not allowed -> ensure the query can be run
157 if (!$cfg['AllowUserDropDatabase']
158 && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) {
159 // Checks if the user is a Superuser
160 // TODO: set a global variable with this information
161 // loic1: optimized query
162 $result = @PMA_mysql_query('USE mysql');
163 if (PMA_mysql_error()) {
164 include('./header.inc.php3');
165 PMA_mysqlDie($strNoDropDatabases, '', '', $err_url);
166 }
167 }
168 define('PMA_CHK_DROP', 1);
169
170 /**
171 * Store a query as a bookmark before executing it?
172 */
173 if (isset($SQLbookmark) && $sql_query != '') {
174 include('./libraries/bookmark.lib.php3');
175 $bfields = array(
176 'dbase' => $db,
177 'user' => $cfg['Bookmark']['user'],
178 'query' => $sql_query,
179 'label' => $bkm_label
180 );
181
182 PMA_addBookmarks($bfields, $cfg['Bookmark'], (isset($bkm_all_users) && $bkm_all_users == 'true' ? true : false));
183 }
184
185 /**
186 * Executes the query
187 */
188 if ($sql_query != '') {
189 $pieces = array();
190 PMA_splitSqlFile($pieces, $sql_query, PMA_MYSQL_INT_VERSION);
191 $pieces_count = count($pieces);
192 if ($pieces_count > 1) {
193 $is_multiple = TRUE;
194 }
195
196 // Copy of the cleaned sql statement for display purpose only (see near the
197 // beginning of "db_details.php3" & "tbl_properties.php3")
198
199 // You can either
200 // * specify the amount of maximum pieces per query (having max_*_length set to 0!) or
201 // * specify the amount of maximum chars per query (having max_*_pieces set to 0!)
202 // - max_nofile_* is used for any queries submitted via copy&paste in the textarea
203 // - max_file_* is used for any file-submitted query
204 if (!$cfg['VerboseMultiSubmit']) {
205 // Here be the values if the Verbose-Mode (see config.inc.php3) is NOT activated
206 $max_nofile_length = 500;
207 $max_nofile_pieces = 0;
208 // Nijel: Here must be some limit, as extended inserts can be really
209 // huge and parsing them eats megabytes of memory
210 $max_file_length = 10000;
211 $max_file_pieces = 10;
212 } else {
213 // Values for verbose-mode
214 $max_nofile_length = 0;
215 $max_nofile_pieces = 50;
216 // Nijel: Here must be some limit, as extended inserts can be really
217 // huge and parsing them eats megabytes of memory
218 $max_file_length = 50000;
219 $max_file_pieces = 50;
220 }
221
222 if ($sql_file != 'none' &&
223 (($max_file_pieces != 0 && ($pieces_count > $max_file_pieces))
224 ||
225 ($max_file_length != 0 && (strlen($sql_query) > $max_file_length)))) {
226 // Be nice with bandwidth...
227 $sql_query_cpy = $sql_query = '';
228 $save_bandwidth = TRUE;
229 $save_bandwidth_length = $max_file_length;
230 $save_bandwidth_pieces = $max_file_pieces;
231 } else {
232
233 $sql_query_cpy = implode(";\n", $pieces) . ';';
234 // Be nice with bandwidth... for now, an arbitrary limit of 500,
235 // could be made configurable but probably not necessary
236 if (($max_nofile_length != 0 && (strlen($sql_query_cpy) > $max_nofile_length))
237 || ($max_nofile_pieces != 0 && $pieces_count > $max_nofile_pieces)) {
238 $sql_query_cpy = $sql_query = '';
239 $save_bandwidth = TRUE;
240 $save_bandwidth_length = $max_nofile_length;
241 $save_bandwidth_pieces = $max_nofile_pieces;
242 }
243 }
244
245 // really run the query?
246 if ($view_bookmark == 0) {
247 // Only one query to run
248 if ($pieces_count == 1 && !empty($pieces[0])) {
249 $sql_query = $pieces[0];
250 if (eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $sql_query)) {
251 $reload = 1;
252 }
253 include('./sql.php3');
254 exit();
255 }
256
257 // Runs multiple queries
258 else if (PMA_mysql_select_db($db)) {
259 $mult = TRUE;
260 $info_msg = '';
261 $info_count = 0;
262
263 for ($i = 0; $i < $pieces_count; $i++) {
264 $a_sql_query = $pieces[$i];
265 if ($i == $pieces_count - 1 && eregi('^SELECT', $a_sql_query)) {
266 $complete_query = $sql_query;
267 $display_query = $sql_query;
268 $sql_query = $a_sql_query;
269 include('./sql.php3');
270 exit();
271 }
272
273 $result = PMA_mysql_query($a_sql_query);
274 if ($result == FALSE) { // readdump failed
275 if (isset($my_die) && $cfg['IgnoreMultiSubmitErrors']) {
276 $my_die[] = "\n\n" . $a_sql_query;
277 } elseif ($cfg['IgnoreMultiSubmitErrors']) {
278 $my_die = array();
279 $my_die[] = $a_sql_query;
280 } else {
281 $my_die = $a_sql_query;
282 }
283
284 if ($cfg['VerboseMultiSubmit']) {
285 $info_msg .= $a_sql_query . '; # ' . $strError . "\n";
286 $info_count++;
287 }
288
289 if (!$cfg['IgnoreMultiSubmitErrors']) {
290 break;
291 }
292 } else if ($cfg['VerboseMultiSubmit']) {
293 $a_num_rows = (int)@mysql_num_rows($result);
294 $a_aff_rows = (int)@mysql_affected_rows();
295 if ($a_num_rows > 0) {
296 $a_rows = $a_num_rows;
297 $a_switch = $strRows . ': ';
298 } elseif ($a_aff_rows > 0) {
299 $a_rows = $a_aff_rows;
300 $a_switch = $strAffectedRows;;
301 } else {
302 $a_rows = '';
303 $a_switch = $strEmptyResultSet;
304 }
305
306 $info_msg .= $a_sql_query . "; # " . $a_switch . $a_rows . "\n";
307 $info_count++;
308 }
309
310 if (!isset($reload) && eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $a_sql_query)) {
311 $reload = 1;
312 }
313 } // end for
314
315 if ($cfg['VerboseMultiSubmit'] && strlen($info_msg) > 0 &&
316 ((!isset($save_bandwidth) || $save_bandwidth == FALSE) ||
317 ($save_bandwidth_pieces == 0 && strlen($info_msg) < $save_bandwidth_length) ||
318 ($save_bandwidth_length == 0 && $info_count < $save_bandwidth_pieces))) {
319 $sql_query = $info_msg;
320 }
321
322 } // end else if
323 } // end if (really run the query)
324 unset($pieces);
325 } // end if
326
327
328
329 /**
330 * MySQL error
331 */
332 if (isset($my_die)) {
333 $js_to_run = 'functions.js';
334 include('./header.inc.php3');
335 if (is_array($my_die)) {
336 while(list($key, $die_string) = each($my_die)) {
337 PMA_mysqlDie('', $die_string, '', $err_url, FALSE);
338 echo '<hr />';
339 }
340 } else {
341 PMA_mysqlDie('', $my_die, '', $err_url, TRUE);
342 }
343 }
344
345
346 /**
347 * Go back to the calling script
348 */
349 // Checks for a valid target script
350 if (isset($table) && $table == '') {
351 unset($table);
352 }
353 if (isset($db) && $db == '') {
354 unset($db);
355 }
356 $is_db = $is_table = FALSE;
357 if ($goto == 'tbl_properties.php3') {
358 if (!isset($table)) {
359 $goto = 'db_details.php3';
360 } else {
361 PMA_mysql_select_db($db);
362 $is_table = @PMA_mysql_query('SHOW TABLES LIKE \'' . PMA_sqlAddslashes($table, TRUE) . '\'');
363 if (!($is_table && @mysql_numrows($is_table))) {
364 $goto = 'db_details.php3';
365 unset($table);
366 }
367 } // end if... else...
368 }
369 if ($goto == 'db_details.php3') {
370 if (isset($table)) {
371 unset($table);
372 }
373 if (!isset($db)) {
374 $goto = 'main.php3';
375 } else {
376 $is_db = @PMA_mysql_select_db($db);
377 if (!$is_db) {
378 $goto = 'main.php3';
379 unset($db);
380 }
381 } // end if... else...
382 }
383 // Defines the message to be displayed
384 if (!empty($id_bookmark) && $action_bookmark == 2) {
385 $message = $strBookmarkDeleted;
386 } else if (!isset($sql_query_cpy)) {
387 if (empty($message)) {
388 $message = $strNoQuery;
389 }
390 } else if ($sql_query_cpy == '') {
391 $message = "$strSuccess&nbsp;:<br />$strTheContent ($pieces_count $strInstructions)&nbsp;";
392 } else {
393 $message = $strSuccess;
394 }
395 // Loads to target script
396 if ($goto == 'db_details.php3' || $goto == 'tbl_properties.php3') {
397 $js_to_run = 'functions.js';
398 }
399 if ($goto != 'main.php3') {
400 include('./header.inc.php3');
401 }
402 $active_page = $goto;
403 require('./' . $goto);
404 ?>
Drizzle / GSOC 2011