search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
update
[phpmyadmin/crack.git] / ldi_check.php3
bloba02c8dbbdc471703266f600fb30b7bdf6d7f7295
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5
6 /**
7 * This file checks and builds the sql-string for
8 * LOAD DATA INFILE 'file_name.txt' [REPLACE | IGNORE] INTO TABLE table_name
9 * [FIELDS
10 * [TERMINATED BY '\t']
11 * [OPTIONALLY] ENCLOSED BY "]
12 * [ESCAPED BY '\\' ]]
13 * [LINES TERMINATED BY '\n']
14 * [(column_name,...)]
15 */
16
17
18 /**
19 * Gets some core scripts
20 */
21 require('./libraries/grab_globals.lib.php3');
22 require('./libraries/common.lib.php3');
23
24
25 /**
26 * If a file from UploadDir was submitted, use this file
27 */
28 $unlink_local_textfile = false;
29 if (isset($btnLDI) && isset($local_textfile) && $local_textfile != '') {
30 if (empty($DOCUMENT_ROOT)) {
31 if (!empty($_SERVER) && isset($_SERVER['DOCUMENT_ROOT'])) {
32 $DOCUMENT_ROOT = $_SERVER['DOCUMENT_ROOT'];
33 }
34 else if (!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['DOCUMENT_ROOT'])) {
35 $DOCUMENT_ROOT = $HTTP_SERVER_VARS['DOCUMENT_ROOT'];
36 }
37 else if (!empty($_ENV) && isset($_ENV['DOCUMENT_ROOT'])) {
38 $DOCUMENT_ROOT = $_ENV['DOCUMENT_ROOT'];
39 }
40 else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['DOCUMENT_ROOT'])) {
41 $DOCUMENT_ROOT = $HTTP_ENV_VARS['DOCUMENT_ROOT'];
42 }
43 else if (@getenv('DOCUMENT_ROOT')) {
44 $DOCUMENT_ROOT = getenv('DOCUMENT_ROOT');
45 }
46 else {
47 $DOCUMENT_ROOT = '.';
48 }
49 } // end if
50
51 $textfile = $DOCUMENT_ROOT . dirname($PHP_SELF) . '/' . eregi_replace('^./', '', $cfg['UploadDir']) . eregi_replace('\.\.*', '.', $local_textfile);
52 if (file_exists($textfile)) {
53 $open_basedir = '';
54 if (PMA_PHP_INT_VERSION >= 40000) {
55 $open_basedir = @ini_get('open_basedir');
56 }
57 if (empty($open_basedir)) {
58 $open_basedir = @get_cfg_var('open_basedir');
59 }
60
61 // If we are on a server with open_basedir, we must move the file
62 // before opening it. The doc explains how to create the "./tmp"
63 // directory
64
65 if (!empty($open_basedir)) {
66
67 $tmp_subdir = (PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/');
68
69 // function is_writeable() is valid on PHP3 and 4
70 if (!is_writeable($tmp_subdir)) {
71 // if we cannot move the file, let PHP report the error
72 error_reporting(E_ALL);
73 } else {
74 $textfile_new = $tmp_subdir . basename($textfile);
75 if (PMA_PHP_INT_VERSION < 40003) {
76 copy($textfile, $textfile_new);
77 } else {
78 move_uploaded_file($textfile, $textfile_new);
79 }
80 $textfile = $textfile_new;
81 $unlink_local_textfile = true;
82 }
83 }
84 }
85 }
86
87 /**
88 * The form used to define the query has been submitted -> do the work
89 */
90 if (isset($btnLDI) && empty($textfile)) {
91 $js_to_run = 'functions.js';
92 include('./header.inc.php3');
93 $message = $strMustSelectFile;
94 include('./ldi_table.php3');
95 } elseif (isset($btnLDI) && ($textfile != 'none')) {
96 if (!isset($replace)) {
97 $replace = '';
98 }
99
100 error_reporting(E_ALL);
101 chmod($textfile, 0644);
102
103 // Kanji encoding convert appended by Y.Kawada
104 if (function_exists('PMA_kanji_file_conv')) {
105 $textfile = PMA_kanji_file_conv($textfile, $knjenc, isset($xkana) ? $xkana : '');
106 }
107
108 // Convert the file's charset if necessary
109 if ($cfg['AllowAnywhereRecoding'] && $allow_recoding
110 && isset($charset_of_file) && $charset_of_file != $charset) {
111 $textfile = PMA_convert_file($charset_of_file, $convcharset, $textfile);
112 }
113
114 // Formats the data posted to this script
115 $textfile = PMA_sqlAddslashes($textfile);
116 $enclosed = PMA_sqlAddslashes($enclosed);
117 $escaped = PMA_sqlAddslashes($escaped);
118 $column_name = PMA_sqlAddslashes($column_name);
119
120 // (try to) make sure the file is readable:
121 chmod($textfile, 0777);
122
123 // Builds the query
124 $sql_query = 'LOAD DATA';
125
126 if ($local_option == "1") {
127 $sql_query .= ' LOCAL';
128 }
129
130 $sql_query .= ' INFILE \'' . $textfile . '\'';
131 if (!empty($replace)) {
132 $sql_query .= ' ' . $replace;
133 }
134 $sql_query .= ' INTO TABLE ' . PMA_backquote($into_table);
135 if (isset($field_terminater)) {
136 $sql_query .= ' FIELDS TERMINATED BY \'' . $field_terminater . '\'';
137 }
138 if (isset($enclose_option) && strlen($enclose_option) > 0) {
139 $sql_query .= ' OPTIONALLY';
140 }
141 if (strlen($enclosed) > 0) {
142 $sql_query .= ' ENCLOSED BY \'' . $enclosed . '\'';
143 }
144 if (strlen($escaped) > 0) {
145 $sql_query .= ' ESCAPED BY \'' . $escaped . '\'';
146 }
147 if (strlen($line_terminator) > 0){
148 $sql_query .= ' LINES TERMINATED BY \'' . $line_terminator . '\'';
149 }
150 if (strlen($column_name) > 0) {
151 if (PMA_MYSQL_INT_VERSION >= 32306) {
152 $sql_query .= ' (';
153 $tmp = split(',( ?)', $column_name);
154 for ($i = 0; $i < count($tmp); $i++) {
155 if ($i > 0) {
156 $sql_query .= ', ';
157 }
158 $sql_query .= PMA_backquote(trim($tmp[$i]));
159 } // end for
160 $sql_query .= ')';
161 } else {
162 $sql_query .= ' (' . $column_name . ')';
163 }
164 }
165
166 // We could rename the ldi* scripts to tbl_properties_ldi* to improve
167 // consistency with the other sub-pages.
168 //
169 // The $goto in ldi_table.php3 is set to tbl_properties.php3 but maybe
170 // if would be better to Browse the latest inserted data.
171 include('./sql.php3');
172 if ($unlink_local_textfile) {
173 unlink($textfile);
174 }
175 }
176
177
178 /**
179 * The form used to define the query hasn't been yet submitted -> loads it
180 */
181 else {
182 include('./ldi_table.php3');
183 }
184 ?>
Drizzle / GSOC 2011