search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
bad query in query box
[phpmyadmin/crack.git] / read_dump.php3
blobf6fc5dca95392949148d3b19c6b459dede607efa
1 <?php
2 /* $Id$ */
3
4
5 /**
6 * Removes comment lines and splits up large sql files into individual queries
7 *
8 * Last revision: September 23, 2001 - gandon
9 *
10 * @param array the splitted sql commands
11 * @param string the sql commands
12 * @param integer the MySQL release number (because certains php3 versions
13 * can't get the value of a constant from within a function)
14 *
15 * @return boolean always true
16 *
17 * @access public
18 */
19 function PMA_splitSqlFile(&$ret, $sql, $release)
20 {
21 $sql = trim($sql);
22 $sql_len = strlen($sql);
23 $char = '';
24 $string_start = '';
25 $in_string = FALSE;
26 $time0 = time();
27
28 for ($i = 0; $i < $sql_len; ++$i) {
29 $char = $sql[$i];
30
31 // We are in a string, check for not escaped end of strings except for
32 // backquotes that can't be escaped
33 if ($in_string) {
34 for (;;) {
35 $i = strpos($sql, $string_start, $i);
36 // No end of string found -> add the current substring to the
37 // returned array
38 if (!$i) {
39 $ret[] = $sql;
40 return TRUE;
41 }
42 // Backquotes or no backslashes before quotes: it's indeed the
43 // end of the string -> exit the loop
44 else if ($string_start == '`' || $sql[$i-1] != '\\') {
45 $string_start = '';
46 $in_string = FALSE;
47 break;
48 }
49 // one or more Backslashes before the presumed end of string...
50 else {
51 // ... first checks for escaped backslashes
52 $j = 2;
53 $escaped_backslash = FALSE;
54 while ($i-$j > 0 && $sql[$i-$j] == '\\') {
55 $escaped_backslash = !$escaped_backslash;
56 $j++;
57 }
58 // ... if escaped backslashes: it's really the end of the
59 // string -> exit the loop
60 if ($escaped_backslash) {
61 $string_start = '';
62 $in_string = FALSE;
63 break;
64 }
65 // ... else loop
66 else {
67 $i++;
68 }
69 } // end if...elseif...else
70 } // end for
71 } // end if (in string)
72
73 // We are not in a string, first check for delimiter...
74 else if ($char == ';') {
75 // if delimiter found, add the parsed part to the returned array
76 $ret[] = substr($sql, 0, $i);
77 $sql = ltrim(substr($sql, min($i + 1, $sql_len)));
78 $sql_len = strlen($sql);
79 if ($sql_len) {
80 $i = -1;
81 } else {
82 // The submited statement(s) end(s) here
83 return TRUE;
84 }
85 } // end else if (is delimiter)
86
87 // ... then check for start of a string,...
88 else if (($char == '"') || ($char == '\'') || ($char == '`')) {
89 $in_string = TRUE;
90 $string_start = $char;
91 } // end else if (is start of string)
92
93 // ... for start of a comment (and remove this comment if found)...
94 else if ($char == '#'
95 || ($char == ' ' && $i > 1 && $sql[$i-2] . $sql[$i-1] == '--')) {
96 // starting position of the comment depends on the comment type
97 $start_of_comment = (($sql[$i] == '#') ? $i : $i-2);
98 // if no "\n" exits in the remaining string, checks for "\r"
99 // (Mac eol style)
100 $end_of_comment = (strpos(' ' . $sql, "\012", $i+2))
101 ? strpos(' ' . $sql, "\012", $i+2)
102 : strpos(' ' . $sql, "\015", $i+2);
103 if (!$end_of_comment) {
104 // no eol found after '#', add the parsed part to the returned
105 // array if required and exit
106 if ($start_of_comment > 0) {
107 $ret[] = trim(substr($sql, 0, $start_of_comment));
108 }
109 return TRUE;
110 } else {
111 $sql = substr($sql, 0, $start_of_comment)
112 . ltrim(substr($sql, $end_of_comment));
113 $sql_len = strlen($sql);
114 $i--;
115 } // end if...else
116 } // end else if (is comment)
117
118 // ... and finally disactivate the "/*!...*/" syntax if MySQL < 3.22.07
119 else if ($release < 32270
120 && ($char == '!' && $i > 1 && $sql[$i-2] . $sql[$i-1] == '/*')) {
121 $sql[$i] = ' ';
122 } // end else if
123
124 // loic1: send a fake header each 30 sec. to bypass browser timeout
125 $time1 = time();
126 if ($time1 >= $time0 + 30) {
127 $time0 = $time1;
128 header('X-pmaPing: Pong');
129 } // end if
130 } // end for
131
132 // add any rest to the returned array
133 if (!empty($sql) && ereg('[^[:space:]]+', $sql)) {
134 $ret[] = $sql;
135 }
136
137 return TRUE;
138 } // end of the 'PMA_splitSqlFile()' function
139
140
141 if (!function_exists('is_uploaded_file')) {
142 /**
143 * Emulates the 'is_uploaded_file()' function for old php versions.
144 * Grabbed at the php manual:
145 * http://www.php.net/manual/en/features.file-upload.php
146 *
147 * @param string the name of the file to check
148 *
149 * @return boolean wether the file has been uploaded or not
150 *
151 * @access public
152 */
153 function is_uploaded_file($filename) {
154 if (!$tmp_file = @get_cfg_var('upload_tmp_dir')) {
155 $tmp_file = tempnam('','');
156 $deleted = @unlink($tmp_file);
157 $tmp_file = dirname($tmp_file);
158 }
159 $tmp_file .= '/' . basename($filename);
160
161 // User might have trailing slash in php.ini...
162 return (ereg_replace('/+', '/', $tmp_file) == $filename);
163 } // end of the 'is_uploaded_file()' emulated function
164 } // end if
165
166
167
168 /**
169 * Gets some core libraries
170 */
171 require('./libraries/grab_globals.lib.php3');
172 require('./libraries/common.lib.php3');
173
174
175 /**
176 * Increases the max. allowed time to run a script
177 */
178 @set_time_limit($cfg['ExecTimeLimit']);
179
180
181 /**
182 * Defines the url to return to in case of error in a sql statement
183 */
184 if (!isset($goto)
185 || ($goto != 'db_details.php3' && $goto != 'tbl_properties.php3')) {
186 $goto = 'db_details.php3';
187 }
188 $err_url = $goto
189 . '?lang=' . $lang
190 . '&amp;convcharset=' . $convcharset
191 . '&amp;server=' . $server
192 . '&amp;db=' . urlencode($db)
193 . (($goto == 'tbl_properties.php3') ? '&amp;table=' . urlencode($table) : '');
194
195
196 /**
197 * Set up default values for some variables
198 */
199 $view_bookmark = 0;
200 $sql_bookmark = isset($sql_bookmark) ? $sql_bookmark : '';
201 $sql_query = isset($sql_query) ? $sql_query : '';
202 $sql_file = !empty($sql_file) ? $sql_file : 'none';
203
204
205 /**
206 * Bookmark Support: get a query back from bookmark if required
207 */
208 if (!empty($id_bookmark)) {
209 include('./libraries/bookmark.lib.php3');
210 switch($action_bookmark) {
211 case 0: // bookmarked query that have to be run
212 $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
213 break;
214 case 1: // bookmarked query that have to be displayed
215 $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
216 $view_bookmark = 1;
217 break;
218 case 2: // bookmarked query that have to be deleted
219 $sql_query = PMA_deleteBookmarks($db, $cfg['Bookmark'], $id_bookmark);
220 break;
221 }
222 } // end if
223
224
225 /**
226 * Prepares the sql query
227 */
228 // Gets the query from a file if required
229 if ($sql_file != 'none') {
230 if (file_exists($sql_file) && is_uploaded_file($sql_file)) {
231
232 $open_basedir = '';
233 if (PMA_PHP_INT_VERSION >= 40000) {
234 $open_basedir = @ini_get('open_basedir');
235 }
236 if (empty($open_basedir)) {
237 $open_basedir = @get_cfg_var('open_basedir');
238 }
239
240 // If we are on a server with open_basedir, we must move the file
241 // before opening it. The doc explains how to create the "./tmp"
242 // directory
243
244 if (!empty($open_basedir)) {
245 // check if '.' is in open_basedir
246 $split_char = (PMA_IS_WINDOWS ? ';' : ':');
247 $pos = ereg('(^|' . $split_char . ')\\.(' . $split_char . '|$)', $open_basedir);
248
249 // from the PHP annotated manual
250 if (!$pos) {
251 // if no '.' in openbasedir, do not move the file (open_basedir
252 // may only be a prefix), force the error and let PHP reports
253 // it
254 error_reporting(E_ALL);
255 $sql_query = fread(fopen($sql_file, 'r'), filesize($sql_file));
256 }
257 else {
258 $sql_file_new = (PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/')
259 . basename($sql_file);
260 if (PMA_PHP_INT_VERSION < 40003) {
261 copy($sql_file, $sql_file_new);
262 } else {
263 move_uploaded_file($sql_file, $sql_file_new);
264 }
265 $sql_query = fread(fopen($sql_file_new, 'r'), filesize($sql_file_new));
266 unlink($sql_file_new);
267 }
268 }
269 else {
270 // read from the normal upload dir
271 $sql_query = fread(fopen($sql_file, 'r'), filesize($sql_file));
272 }
273
274 if (get_magic_quotes_runtime() == 1) {
275 $sql_query = stripslashes($sql_query);
276 }
277 }
278 }
279 else if (empty($id_bookmark) && get_magic_quotes_gpc() == 1) {
280 $sql_query = stripslashes($sql_query);
281 }
282
283 // Kanji convert SQL textfile 2002/1/4 by Y.Kawada
284 if (@function_exists('PMA_kanji_str_conv')) {
285 $sql_tmp = trim($sql_query);
286 PMA_change_enc_order();
287 $sql_query = PMA_kanji_str_conv($sql_tmp, $knjenc, isset($xkana) ? $xkana : '');
288 PMA_change_enc_order();
289 } else {
290 $sql_query = trim($sql_query);
291 }
292
293 // $sql_query come from the query textarea, if it's a reposted query gets its
294 // 'true' value
295 if (!empty($prev_sql_query)) {
296 $prev_sql_query = urldecode($prev_sql_query);
297 if ($sql_query == trim(htmlspecialchars($prev_sql_query))) {
298 $sql_query = $prev_sql_query;
299 }
300 }
301
302 // Drop database is not allowed -> ensure the query can be run
303 if (!$cfg['AllowUserDropDatabase']
304 && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) {
305 // Checks if the user is a Superuser
306 // TODO: set a global variable with this information
307 // loic1: optimized query
308 $result = @PMA_mysql_query('USE mysql');
309 if (PMA_mysql_error()) {
310 include('./header.inc.php3');
311 PMA_mysqlDie($strNoDropDatabases, '', '', $err_url);
312 }
313 }
314 define('PMA_CHK_DROP', 1);
315
316
317 /**
318 * Executes the query
319 */
320 if ($sql_query != '') {
321 $pieces = array();
322 PMA_splitSqlFile($pieces, $sql_query, PMA_MYSQL_INT_VERSION);
323 $pieces_count = count($pieces);
324 if ($pieces_count > 1) {
325 $is_multiple = TRUE;
326 }
327
328 // Copy of the cleaned sql statement for display purpose only (see near the
329 // beginning of "db_details.php3" & "tbl_properties.php3")
330 if ($sql_file != 'none' && $pieces_count > 10) {
331 // Be nice with bandwidth...
332 $sql_query_cpy = $sql_query = '';
333 } else {
334 $sql_query_cpy = implode(";\n", $pieces) . ';';
335 }
336
337 // really run the query?
338 if ($view_bookmark == 0) {
339 // Only one query to run
340 if ($pieces_count == 1 && !empty($pieces[0])) {
341 // sql.php3 will stripslash the query if get_magic_quotes_gpc
342 if (get_magic_quotes_gpc() == 1) {
343 $sql_query = addslashes($pieces[0]);
344 } else {
345 $sql_query = $pieces[0];
346 }
347 if (eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $sql_query)) {
348 $reload = 1;
349 }
350 include('./sql.php3');
351 exit();
352 }
353
354 // Runs multiple queries
355 else if (PMA_mysql_select_db($db)) {
356 $mult = TRUE;
357 for ($i = 0; $i < $pieces_count; $i++) {
358 $a_sql_query = $pieces[$i];
359 $result = PMA_mysql_query($a_sql_query);
360 if ($result == FALSE) { // readdump failed
361 $my_die = $a_sql_query;
362 break;
363 }
364 if (!isset($reload) && eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $a_sql_query)) {
365 $reload = 1;
366 }
367 } // end for
368 } // end else if
369 } // end if (really run the query)
370 unset($pieces);
371 } // end if
372
373
374 /**
375 * MySQL error
376 */
377 if (isset($my_die)) {
378 $js_to_run = 'functions.js';
379 include('./header.inc.php3');
380 PMA_mysqlDie('', $my_die, '', $err_url);
381 }
382
383
384 /**
385 * Go back to the calling script
386 */
387 // Checks for a valid target script
388 if (isset($table) && $table == '') {
389 unset($table);
390 }
391 if (isset($db) && $db == '') {
392 unset($db);
393 }
394 $is_db = $is_table = FALSE;
395 if ($goto == 'tbl_properties.php3') {
396 if (!isset($table)) {
397 $goto = 'db_details.php3';
398 } else {
399 $is_table = @PMA_mysql_query('SHOW TABLES LIKE \'' . PMA_sqlAddslashes($table, TRUE) . '\'');
400 if (!($is_table && @mysql_numrows($is_table))) {
401 $goto = 'db_details.php3';
402 unset($table);
403 }
404 } // end if... else...
405 }
406 if ($goto == 'db_details.php3') {
407 if (isset($table)) {
408 unset($table);
409 }
410 if (!isset($db)) {
411 $goto = 'main.php3';
412 } else {
413 $is_db = @PMA_mysql_select_db($db);
414 if (!$is_db) {
415 $goto = 'main.php3';
416 unset($db);
417 }
418 } // end if... else...
419 }
420 // Defines the message to be displayed
421 if (!empty($id_bookmark) && $action_bookmark == 2) {
422 $message = $strBookmarkDeleted;
423 } else if (!isset($sql_query_cpy)) {
424 $message = $strNoQuery;
425 } else if ($sql_query_cpy == '') {
426 $message = "$strSuccess&nbsp;:<br />$strTheContent ($pieces_count $strInstructions)&nbsp;";
427 } else {
428 $message = $strSuccess;
429 }
430 // Loads to target script
431 if ($goto == 'db_details.php3' || $goto == 'tbl_properties.php3') {
432 $js_to_run = 'functions.js';
433 }
434 if ($goto != 'main.php3') {
435 include('./header.inc.php3');
436 }
437 require('./' . $goto);
438 ?>
Drizzle / GSOC 2011