search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
bug 617029 for Loic
[phpmyadmin/crack.git] / read_dump.php3
blobfed6eb45eba4f7efa60a94d2a05a28a0b8be9422
1 <?php
2 /* $Id$ */
3
4
5 /**
6 * Removes comment lines and splits up large sql files into individual queries
7 *
8 * Last revision: September 23, 2001 - gandon
9 *
10 * @param array the splitted sql commands
11 * @param string the sql commands
12 * @param integer the MySQL release number (because certains php3 versions
13 * can't get the value of a constant from within a function)
14 *
15 * @return boolean always true
16 *
17 * @access public
18 */
19 function PMA_splitSqlFile(&$ret, $sql, $release)
20 {
21 $sql = trim($sql);
22 $sql_len = strlen($sql);
23 $char = '';
24 $string_start = '';
25 $in_string = FALSE;
26 $time0 = time();
27
28 for ($i = 0; $i < $sql_len; ++$i) {
29 $char = $sql[$i];
30
31 // We are in a string, check for not escaped end of strings except for
32 // backquotes that can't be escaped
33 if ($in_string) {
34 for (;;) {
35 $i = strpos($sql, $string_start, $i);
36 // No end of string found -> add the current substring to the
37 // returned array
38 if (!$i) {
39 $ret[] = $sql;
40 return TRUE;
41 }
42 // Backquotes or no backslashes before quotes: it's indeed the
43 // end of the string -> exit the loop
44 else if ($string_start == '`' || $sql[$i-1] != '\\') {
45 $string_start = '';
46 $in_string = FALSE;
47 break;
48 }
49 // one or more Backslashes before the presumed end of string...
50 else {
51 // ... first checks for escaped backslashes
52 $j = 2;
53 $escaped_backslash = FALSE;
54 while ($i-$j > 0 && $sql[$i-$j] == '\\') {
55 $escaped_backslash = !$escaped_backslash;
56 $j++;
57 }
58 // ... if escaped backslashes: it's really the end of the
59 // string -> exit the loop
60 if ($escaped_backslash) {
61 $string_start = '';
62 $in_string = FALSE;
63 break;
64 }
65 // ... else loop
66 else {
67 $i++;
68 }
69 } // end if...elseif...else
70 } // end for
71 } // end if (in string)
72
73 // We are not in a string, first check for delimiter...
74 else if ($char == ';') {
75 // if delimiter found, add the parsed part to the returned array
76 $ret[] = substr($sql, 0, $i);
77 $sql = ltrim(substr($sql, min($i + 1, $sql_len)));
78 $sql_len = strlen($sql);
79 if ($sql_len) {
80 $i = -1;
81 } else {
82 // The submited statement(s) end(s) here
83 return TRUE;
84 }
85 } // end else if (is delimiter)
86
87 // ... then check for start of a string,...
88 else if (($char == '"') || ($char == '\'') || ($char == '`')) {
89 $in_string = TRUE;
90 $string_start = $char;
91 } // end else if (is start of string)
92
93 // ... for start of a comment (and remove this comment if found)...
94 else if ($char == '#'
95 || ($char == ' ' && $i > 1 && $sql[$i-2] . $sql[$i-1] == '--')) {
96 // starting position of the comment depends on the comment type
97 $start_of_comment = (($sql[$i] == '#') ? $i : $i-2);
98 // if no "\n" exits in the remaining string, checks for "\r"
99 // (Mac eol style)
100 $end_of_comment = (strpos(' ' . $sql, "\012", $i+2))
101 ? strpos(' ' . $sql, "\012", $i+2)
102 : strpos(' ' . $sql, "\015", $i+2);
103 if (!$end_of_comment) {
104 // no eol found after '#', add the parsed part to the returned
105 // array if required and exit
106 if ($start_of_comment > 0) {
107 $ret[] = trim(substr($sql, 0, $start_of_comment));
108 }
109 return TRUE;
110 } else {
111 $sql = substr($sql, 0, $start_of_comment)
112 . ltrim(substr($sql, $end_of_comment));
113 $sql_len = strlen($sql);
114 $i--;
115 } // end if...else
116 } // end else if (is comment)
117
118 // ... and finally disactivate the "/*!...*/" syntax if MySQL < 3.22.07
119 else if ($release < 32270
120 && ($char == '!' && $i > 1 && $sql[$i-2] . $sql[$i-1] == '/*')) {
121 $sql[$i] = ' ';
122 } // end else if
123
124 // loic1: send a fake header each 30 sec. to bypass browser timeout
125 $time1 = time();
126 if ($time1 >= $time0 + 30) {
127 $time0 = $time1;
128 header('X-pmaPing: Pong');
129 } // end if
130 } // end for
131
132 // add any rest to the returned array
133 if (!empty($sql) && ereg('[^[:space:]]+', $sql)) {
134 $ret[] = $sql;
135 }
136
137 return TRUE;
138 } // end of the 'PMA_splitSqlFile()' function
139
140
141 if (!function_exists('is_uploaded_file')) {
142 /**
143 * Emulates the 'is_uploaded_file()' function for old php versions.
144 * Grabbed at the php manual:
145 * http://www.php.net/manual/en/features.file-upload.php
146 *
147 * @param string the name of the file to check
148 *
149 * @return boolean wether the file has been uploaded or not
150 *
151 * @access public
152 */
153 function is_uploaded_file($filename) {
154 if (!$tmp_file = @get_cfg_var('upload_tmp_dir')) {
155 $tmp_file = tempnam('','');
156 $deleted = @unlink($tmp_file);
157 $tmp_file = dirname($tmp_file);
158 }
159 $tmp_file .= '/' . basename($filename);
160
161 // User might have trailing slash in php.ini...
162 return (ereg_replace('/+', '/', $tmp_file) == $filename);
163 } // end of the 'is_uploaded_file()' emulated function
164 } // end if
165
166
167
168 /**
169 * Gets some core libraries
170 */
171 require('./libraries/grab_globals.lib.php3');
172 require('./libraries/common.lib.php3');
173
174
175 /**
176 * Increases the max. allowed time to run a script
177 */
178 @set_time_limit($cfg['ExecTimeLimit']);
179
180
181 /**
182 * Defines the url to return to in case of error in a sql statement
183 */
184 if (!isset($goto)
185 || ($goto != 'db_details.php3' && $goto != 'tbl_properties.php3')) {
186 $goto = 'db_details.php3';
187 }
188 $err_url = $goto
189 . '?lang=' . $lang
190 . '&amp;convcharset=' . $convcharset
191 . '&amp;server=' . $server
192 . '&amp;db=' . urlencode($db)
193 . (($goto == 'tbl_properties.php3') ? '&amp;table=' . urlencode($table) : '');
194
195
196 /**
197 * Set up default values for some variables
198 */
199 $view_bookmark = 0;
200 $sql_bookmark = isset($sql_bookmark) ? $sql_bookmark : '';
201 $sql_query = isset($sql_query) ? $sql_query : '';
202 if (!empty($sql_localfile) && $cfg['UploadDir'] != '') {
203 $sql_file = $cfg['UploadDir'] . $sql_localfile;
204 } else if (empty($sql_file)) {
205 $sql_file = 'none';
206 }
207
208
209 /**
210 * Bookmark Support: get a query back from bookmark if required
211 */
212 if (!empty($id_bookmark)) {
213 include('./libraries/bookmark.lib.php3');
214 switch ($action_bookmark) {
215 case 0: // bookmarked query that have to be run
216 $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
217 break;
218 case 1: // bookmarked query that have to be displayed
219 $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
220 $view_bookmark = 1;
221 break;
222 case 2: // bookmarked query that have to be deleted
223 $sql_query = PMA_deleteBookmarks($db, $cfg['Bookmark'], $id_bookmark);
224 break;
225 }
226 } // end if
227
228
229 /**
230 * Prepares the sql query
231 */
232 // Gets the query from a file if required
233 if ($sql_file != 'none') {
234 // loic1 : fixed a security issue
235 // if ((file_exists($sql_file) && is_uploaded_file($sql_file))
236 // || file_exists($cfg['UploadDir'] . $sql_localfile)) {
237 if (file_exists($sql_file)
238 && ((isset($sql_localfile) && $sql_file == $cfg['UploadDir'] . $sql_localfile) || is_uploaded_file($sql_file))) {
239 $open_basedir = '';
240 if (PMA_PHP_INT_VERSION >= 40000) {
241 $open_basedir = @ini_get('open_basedir');
242 }
243 if (empty($open_basedir)) {
244 $open_basedir = @get_cfg_var('open_basedir');
245 }
246
247 // If we are on a server with open_basedir, we must move the file
248 // before opening it. The doc explains how to create the "./tmp"
249 // directory
250
251 if (!empty($open_basedir)) {
252 // check if '.' is in open_basedir
253 $split_char = (PMA_IS_WINDOWS ? ';' : ':');
254 $pos = ereg('(^|' . $split_char . ')\\.(' . $split_char . '|$)', $open_basedir);
255
256 // from the PHP annotated manual
257 if (!$pos) {
258 // if no '.' in openbasedir, do not move the file (open_basedir
259 // may only be a prefix), force the error and let PHP reports
260 // it
261 error_reporting(E_ALL);
262 $sql_query = fread(fopen($sql_file, 'r'), filesize($sql_file));
263 }
264 else {
265 $sql_file_new = (PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/')
266 . basename($sql_file);
267 if (PMA_PHP_INT_VERSION < 40003) {
268 copy($sql_file, $sql_file_new);
269 } else {
270 move_uploaded_file($sql_file, $sql_file_new);
271 }
272 $sql_query = fread(fopen($sql_file_new, 'r'), filesize($sql_file_new));
273 unlink($sql_file_new);
274 }
275 }
276 else {
277 // read from the normal upload dir
278 $sql_query = fread(fopen($sql_file, 'r'), filesize($sql_file));
279 }
280
281 if (get_magic_quotes_runtime() == 1) {
282 $sql_query = stripslashes($sql_query);
283 }
284 // Convert the file's charset if necessary
285 if ($cfg['AllowAnywhereRecoding'] && $allow_recoding
286 && isset($charset_of_file) && $charset_of_file != $charset) {
287 $sql_query = PMA_convert_string($charset_of_file, $charset, $sql_query);
288 }
289 } // end uploaded file stuff
290 }
291 else if (empty($id_bookmark) && get_magic_quotes_gpc() == 1) {
292 $sql_query = stripslashes($sql_query);
293 }
294
295 // Kanji convert SQL textfile 2002/1/4 by Y.Kawada
296 if (@function_exists('PMA_kanji_str_conv')) {
297 $sql_tmp = trim($sql_query);
298 PMA_change_enc_order();
299 $sql_query = PMA_kanji_str_conv($sql_tmp, $knjenc, isset($xkana) ? $xkana : '');
300 PMA_change_enc_order();
301 } else {
302 $sql_query = trim($sql_query);
303 }
304
305 // $sql_query come from the query textarea, if it's a reposted query gets its
306 // 'true' value
307 if (!empty($prev_sql_query)) {
308 $prev_sql_query = urldecode($prev_sql_query);
309 if ($sql_query == trim(htmlspecialchars($prev_sql_query))) {
310 $sql_query = $prev_sql_query;
311 }
312 }
313
314 // Drop database is not allowed -> ensure the query can be run
315 if (!$cfg['AllowUserDropDatabase']
316 && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) {
317 // Checks if the user is a Superuser
318 // TODO: set a global variable with this information
319 // loic1: optimized query
320 $result = @PMA_mysql_query('USE mysql');
321 if (PMA_mysql_error()) {
322 include('./header.inc.php3');
323 PMA_mysqlDie($strNoDropDatabases, '', '', $err_url);
324 }
325 }
326 define('PMA_CHK_DROP', 1);
327
328
329 /**
330 * Executes the query
331 */
332 if ($sql_query != '') {
333 $pieces = array();
334 PMA_splitSqlFile($pieces, $sql_query, PMA_MYSQL_INT_VERSION);
335 $pieces_count = count($pieces);
336 if ($pieces_count > 1) {
337 $is_multiple = TRUE;
338 }
339
340 // Copy of the cleaned sql statement for display purpose only (see near the
341 // beginning of "db_details.php3" & "tbl_properties.php3")
342 if ($sql_file != 'none' && $pieces_count > 10) {
343 // Be nice with bandwidth...
344 $sql_query_cpy = $sql_query = '';
345 } else {
346 $sql_query_cpy = implode(";\n", $pieces) . ';';
347 // Be nice with bandwidth... for now, an arbitrary limit of 500,
348 // could be made configurable but probably not necessary
349 if (strlen($sql_query_cpy) > 500) {
350 $sql_query_cpy = $sql_query = '';
351 }
352 }
353
354 // really run the query?
355 if ($view_bookmark == 0) {
356 // Only one query to run
357 if ($pieces_count == 1 && !empty($pieces[0])) {
358 // sql.php3 will stripslash the query if get_magic_quotes_gpc
359 if (get_magic_quotes_gpc() == 1) {
360 $sql_query = addslashes($pieces[0]);
361 } else {
362 $sql_query = $pieces[0];
363 }
364 if (eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $sql_query)) {
365 $reload = 1;
366 }
367 include('./sql.php3');
368 exit();
369 }
370
371 // Runs multiple queries
372 else if (PMA_mysql_select_db($db)) {
373 $mult = TRUE;
374 for ($i = 0; $i < $pieces_count; $i++) {
375 $a_sql_query = $pieces[$i];
376 $result = PMA_mysql_query($a_sql_query);
377 if ($result == FALSE) { // readdump failed
378 $my_die = $a_sql_query;
379 break;
380 }
381 if (!isset($reload) && eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $a_sql_query)) {
382 $reload = 1;
383 }
384 } // end for
385 } // end else if
386 } // end if (really run the query)
387 unset($pieces);
388 } // end if
389
390
391 /**
392 * MySQL error
393 */
394 if (isset($my_die)) {
395 $js_to_run = 'functions.js';
396 include('./header.inc.php3');
397 PMA_mysqlDie('', $my_die, '', $err_url);
398 }
399
400
401 /**
402 * Go back to the calling script
403 */
404 // Checks for a valid target script
405 if (isset($table) && $table == '') {
406 unset($table);
407 }
408 if (isset($db) && $db == '') {
409 unset($db);
410 }
411 $is_db = $is_table = FALSE;
412 if ($goto == 'tbl_properties.php3') {
413 if (!isset($table)) {
414 $goto = 'db_details.php3';
415 } else {
416 $is_table = @PMA_mysql_query('SHOW TABLES LIKE \'' . PMA_sqlAddslashes($table, TRUE) . '\'');
417 if (!($is_table && @mysql_numrows($is_table))) {
418 $goto = 'db_details.php3';
419 unset($table);
420 }
421 } // end if... else...
422 }
423 if ($goto == 'db_details.php3') {
424 if (isset($table)) {
425 unset($table);
426 }
427 if (!isset($db)) {
428 $goto = 'main.php3';
429 } else {
430 $is_db = @PMA_mysql_select_db($db);
431 if (!$is_db) {
432 $goto = 'main.php3';
433 unset($db);
434 }
435 } // end if... else...
436 }
437 // Defines the message to be displayed
438 if (!empty($id_bookmark) && $action_bookmark == 2) {
439 $message = $strBookmarkDeleted;
440 } else if (!isset($sql_query_cpy)) {
441 $message = $strNoQuery;
442 } else if ($sql_query_cpy == '') {
443 $message = "$strSuccess&nbsp;:<br />$strTheContent ($pieces_count $strInstructions)&nbsp;";
444 } else {
445 $message = $strSuccess;
446 }
447 // Loads to target script
448 if ($goto == 'db_details.php3' || $goto == 'tbl_properties.php3') {
449 $js_to_run = 'functions.js';
450 }
451 if ($goto != 'main.php3') {
452 include('./header.inc.php3');
453 }
454 require('./' . $goto);
455 ?>
Drizzle / GSOC 2011