search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
bug 736793
[phpmyadmin/crack.git] / read_dump.php3
blob31e194bec2d6636415861b63443d55dba06efba4
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5 /**
6 * Gets some core libraries
7 */
8 require('./libraries/read_dump.lib.php3');
9 require('./libraries/grab_globals.lib.php3');
10 require('./libraries/common.lib.php3');
11
12
13 /**
14 * Increases the max. allowed time to run a script
15 */
16 @set_time_limit($cfg['ExecTimeLimit']);
17
18
19 /**
20 * Defines the url to return to in case of error in a sql statement
21 */
22 if (!isset($goto) || !eregi('^(db_details|tbl_properties)(_[a-z]*)?\.php3$', $goto)) {
23 $goto = 'db_details.php3';
24 }
25 $err_url = $goto
26 . '?' . PMA_generate_common_url($db)
27 . (($goto == 'tbl_properties.php3') ? '&amp;table=' . urlencode($table) : '');
28
29
30 /**
31 * Set up default values for some variables
32 */
33 $view_bookmark = 0;
34 $sql_bookmark = isset($sql_bookmark) ? $sql_bookmark : '';
35 $sql_query = isset($sql_query) ? $sql_query : '';
36 if (!empty($sql_localfile) && $cfg['UploadDir'] != '') {
37 $sql_file = $cfg['UploadDir'] . $sql_localfile;
38 } else if (empty($sql_file)) {
39 $sql_file = 'none';
40 }
41
42
43 /**
44 * Bookmark Support: get a query back from bookmark if required
45 */
46 if (!empty($id_bookmark)) {
47 include('./libraries/bookmark.lib.php3');
48 switch ($action_bookmark) {
49 case 0: // bookmarked query that have to be run
50 $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
51 if (isset($bookmark_variable) && !empty($bookmark_variable)) {
52 $sql_query = preg_replace('|/\*(.*)\[VARIABLE\](.*)\*/|imsU', '${1}' . PMA_sqlAddslashes($bookmark_variable) . '${2}', $sql_query);
53 }
54 break;
55 case 1: // bookmarked query that have to be displayed
56 $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
57 $view_bookmark = 1;
58 break;
59 case 2: // bookmarked query that have to be deleted
60 $sql_query = PMA_deleteBookmarks($db, $cfg['Bookmark'], $id_bookmark);
61 break;
62 }
63 } // end if
64
65
66 /**
67 * Prepares the sql query
68 */
69 // Gets the query from a file if required
70 if ($sql_file != 'none') {
71 // loic1 : fixed a security issue
72 // if ((file_exists($sql_file) && is_uploaded_file($sql_file))
73 // || file_exists($cfg['UploadDir'] . $sql_localfile)) {
74 if (file_exists($sql_file)
75 && ((isset($sql_localfile) && $sql_file == $cfg['UploadDir'] . $sql_localfile) || is_uploaded_file($sql_file))) {
76 $open_basedir = '';
77 if (PMA_PHP_INT_VERSION >= 40000) {
78 $open_basedir = @ini_get('open_basedir');
79 }
80 if (empty($open_basedir)) {
81 $open_basedir = @get_cfg_var('open_basedir');
82 }
83
84 // If we are on a server with open_basedir, we must move the file
85 // before opening it. The doc explains how to create the "./tmp"
86 // directory
87
88 if (!empty($open_basedir)) {
89
90 $tmp_subdir = (PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/');
91
92 // function is_writeable() is valid on PHP3 and 4
93 if (!is_writeable($tmp_subdir)) {
94 // if we cannot move the file, let PHP report the error
95 error_reporting(E_ALL);
96 $sql_query = PMA_readFile($sql_file, $sql_file_compression);
97 }
98 else {
99 $sql_file_new = $tmp_subdir . basename($sql_file);
100 if (PMA_PHP_INT_VERSION < 40003) {
101 copy($sql_file, $sql_file_new);
102 } else {
103 move_uploaded_file($sql_file, $sql_file_new);
104 }
105 $sql_query = PMA_readFile($sql_file_new, $sql_file_compression);
106 unlink($sql_file_new);
107 }
108 }
109 else {
110 // read from the normal upload dir
111 $sql_query = PMA_readFile($sql_file, $sql_file_compression);
112 }
113
114 // Convert the file's charset if necessary
115 if ($cfg['AllowAnywhereRecoding'] && $allow_recoding
116 && isset($charset_of_file) && $charset_of_file != $charset) {
117 $sql_query = PMA_convert_string($charset_of_file, $charset, $sql_query);
118 }
119 } // end uploaded file stuff
120 }
121
122 // Kanji convert SQL textfile 2002/1/4 by Y.Kawada
123 if (@function_exists('PMA_kanji_str_conv')) {
124 $sql_tmp = trim($sql_query);
125 PMA_change_enc_order();
126 $sql_query = PMA_kanji_str_conv($sql_tmp, $knjenc, isset($xkana) ? $xkana : '');
127 PMA_change_enc_order();
128 } else {
129 $sql_query = trim($sql_query);
130 }
131
132 // $sql_query come from the query textarea, if it's a reposted query gets its
133 // 'true' value
134 if (!empty($prev_sql_query)) {
135 $prev_sql_query = urldecode($prev_sql_query);
136 if ($sql_query == trim(htmlspecialchars($prev_sql_query))) {
137 $sql_query = $prev_sql_query;
138 }
139 }
140
141 // Drop database is not allowed -> ensure the query can be run
142 if (!$cfg['AllowUserDropDatabase']
143 && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) {
144 // Checks if the user is a Superuser
145 // TODO: set a global variable with this information
146 // loic1: optimized query
147 $result = @PMA_mysql_query('USE mysql');
148 if (PMA_mysql_error()) {
149 include('./header.inc.php3');
150 PMA_mysqlDie($strNoDropDatabases, '', '', $err_url);
151 }
152 }
153 define('PMA_CHK_DROP', 1);
154
155 /**
156 * Executes the query
157 */
158 if ($sql_query != '') {
159 $pieces = array();
160 PMA_splitSqlFile($pieces, $sql_query, PMA_MYSQL_INT_VERSION);
161 $pieces_count = count($pieces);
162 if ($pieces_count > 1) {
163 $is_multiple = TRUE;
164 }
165
166 // Copy of the cleaned sql statement for display purpose only (see near the
167 // beginning of "db_details.php3" & "tbl_properties.php3")
168 if ($sql_file != 'none' && $pieces_count > 10) {
169 // Be nice with bandwidth...
170 $sql_query_cpy = $sql_query = '';
171 } else {
172 $sql_query_cpy = implode(";\n", $pieces) . ';';
173 // Be nice with bandwidth... for now, an arbitrary limit of 500,
174 // could be made configurable but probably not necessary
175 if (strlen($sql_query_cpy) > 500) {
176 $sql_query_cpy = $sql_query = '';
177 }
178 }
179
180 // really run the query?
181 if ($view_bookmark == 0) {
182 // Only one query to run
183 if ($pieces_count == 1 && !empty($pieces[0])) {
184 $sql_query = $pieces[0];
185 if (eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $sql_query)) {
186 $reload = 1;
187 }
188 include('./sql.php3');
189 exit();
190 }
191
192 // Runs multiple queries
193 else if (PMA_mysql_select_db($db)) {
194 $mult = TRUE;
195 for ($i = 0; $i < $pieces_count; $i++) {
196 $a_sql_query = $pieces[$i];
197 if ($i == $pieces_count - 1 && eregi('^SELECT', $a_sql_query)) {
198 $complete_query = $sql_query;
199 $sql_query = $a_sql_query;
200 include('./sql.php3');
201 exit();
202 }
203 $result = PMA_mysql_query($a_sql_query);
204 if ($result == FALSE) { // readdump failed
205 $my_die = $a_sql_query;
206 break;
207 }
208 if (!isset($reload) && eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $a_sql_query)) {
209 $reload = 1;
210 }
211 } // end for
212 } // end else if
213 } // end if (really run the query)
214 unset($pieces);
215 } // end if
216
217
218
219 /**
220 * MySQL error
221 */
222 if (isset($my_die)) {
223 $js_to_run = 'functions.js';
224 include('./header.inc.php3');
225 PMA_mysqlDie('', $my_die, '', $err_url);
226 }
227
228
229 /**
230 * Go back to the calling script
231 */
232 // Checks for a valid target script
233 if (isset($table) && $table == '') {
234 unset($table);
235 }
236 if (isset($db) && $db == '') {
237 unset($db);
238 }
239 $is_db = $is_table = FALSE;
240 if ($goto == 'tbl_properties.php3') {
241 if (!isset($table)) {
242 $goto = 'db_details.php3';
243 } else {
244 PMA_mysql_select_db($db);
245 $is_table = @PMA_mysql_query('SHOW TABLES LIKE \'' . PMA_sqlAddslashes($table, TRUE) . '\'');
246 if (!($is_table && @mysql_numrows($is_table))) {
247 $goto = 'db_details.php3';
248 unset($table);
249 }
250 } // end if... else...
251 }
252 if ($goto == 'db_details.php3') {
253 if (isset($table)) {
254 unset($table);
255 }
256 if (!isset($db)) {
257 $goto = 'main.php3';
258 } else {
259 $is_db = @PMA_mysql_select_db($db);
260 if (!$is_db) {
261 $goto = 'main.php3';
262 unset($db);
263 }
264 } // end if... else...
265 }
266 // Defines the message to be displayed
267 if (!empty($id_bookmark) && $action_bookmark == 2) {
268 $message = $strBookmarkDeleted;
269 } else if (!isset($sql_query_cpy)) {
270 $message = $strNoQuery;
271 } else if ($sql_query_cpy == '') {
272 $message = "$strSuccess&nbsp;:<br />$strTheContent ($pieces_count $strInstructions)&nbsp;";
273 } else {
274 $message = $strSuccess;
275 }
276 // Loads to target script
277 if ($goto == 'db_details.php3' || $goto == 'tbl_properties.php3') {
278 $js_to_run = 'functions.js';
279 }
280 if ($goto != 'main.php3') {
281 include('./header.inc.php3');
282 }
283 require('./' . $goto);
284 ?>
Drizzle / GSOC 2011