search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
path disclosure
[phpmyadmin/crack.git] / db_details_importdocsql.php3
blob3a93582085151c73a0e1c92e3dfcdad33f59c719
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5
6 /**
7 * This script imports relation infos from docSQL (www.databay.de)
8 */
9
10
11 /**
12 * Get the values of the variables posted or sent to this script and display
13 * the headers
14 */
15 require('./libraries/read_dump.lib.php3');
16 require('./libraries/grab_globals.lib.php3');
17 require('./header.inc.php3');
18
19 //require common added for string importing - Robbat2, 15 January 2003 9.34PM
20 //all hardcoded strings converted by Robbat2, 15 January 2003 9.34PM
21 require('./libraries/common.lib.php3');
22
23 // Check parameters
24 PMA_checkParameters(array('db'));
25
26 /**
27 * Imports docSQL files
28 *
29 * @param string the basepath
30 * @param string the filename
31 * @param string the complete filename
32 * @param string the content of a file
33
34 *
35 * @return boolean always true
36 *
37 * @global array GLOBAL variables
38 */
39 function docsql_check($docpath = '', $file = '', $filename = '', $content = 'none') {
40 global $GLOBALS;
41
42 if (eregi('^(.*)_field_comment\.(txt|zip|bz2|bzip).*$', $filename)) {
43 $tab = eregi_replace('^(.*)_field_comment\.(txt|zip|bz2|bzip).*', '\1', $filename);
44 //echo '<h1>Working on Table ' . $_tab . '</h1>';
45 if ($content == 'none') {
46 $lines = array();
47 $fd = fopen($docpath . $file, 'r');
48 if ($fd) {
49 while (!feof($fd)) {
50 $lines[] = fgets($fd, 4096);
51 }
52 }
53 } else {
54 $content = str_replace("\r\n", "\n", $content);
55 $content = str_replace("\r", "\n", $content);
56 $lines = explode("\n", $content);
57 }
58
59 if (isset($lines) && is_array($lines) && count($lines) > 0) {
60 @reset($lines);
61 while(list($lkey, $line) = each($lines)) {
62 //echo '<p>' . $line . '</p>';
63 $inf = explode('|',$line);
64 if (!empty($inf[1]) && strlen(trim($inf[1])) > 0) {
65 $qry = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['column_info'])
66 . ' (db_name, table_name, column_name, ' . PMA_backquote('comment') . ') '
67 . ' VALUES('
68 . '\'' . PMA_sqlAddslashes($GLOBALS['db']) . '\','
69 . '\'' . PMA_sqlAddslashes(trim($tab)) . '\','
70 . '\'' . PMA_sqlAddslashes(trim($inf[0])) . '\','
71 . '\'' . PMA_sqlAddslashes(trim($inf[1])) . '\')';
72 if (PMA_query_as_cu($qry)) {
73 echo '<p>' . $GLOBALS['strAddedColumnComment'] . ' ' . htmlspecialchars($tab) . '.' . htmlspecialchars($inf[0]) . '</p>';
74 } else {
75 echo '<p>' . $GLOBALS['strWritingCommentNotPossible'] . '</p>';
76 }
77 echo "\n";
78 } // end inf[1] exists
79 if (!empty($inf[2]) && strlen(trim($inf[2])) > 0) {
80 $for = explode('->', $inf[2]);
81 $qry = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['relation'])
82 . '(master_db, master_table, master_field, foreign_db, foreign_table, foreign_field)'
83 . ' VALUES('
84 . '\'' . PMA_sqlAddslashes($GLOBALS['db']) . '\', '
85 . '\'' . PMA_sqlAddslashes(trim($tab)) . '\', '
86 . '\'' . PMA_sqlAddslashes(trim($inf[0])) . '\', '
87 . '\'' . PMA_sqlAddslashes($GLOBALS['db']) . '\', '
88 . '\'' . PMA_sqlAddslashes(trim($for[0])) . '\','
89 . '\'' . PMA_sqlAddslashes(trim($for[1])) . '\')';
90 if (PMA_query_as_cu($qry)) {
91 echo '<p>' . $GLOBALS['strAddedColumnRelation'] . ' ' . htmlspecialchars($tab) . '.' . htmlspecialchars($inf[0]) . ' to ' . htmlspecialchars($inf[2]) . '</p>';
92 } else {
93 echo '<p>' . $GLOBALS['strWritingRelationNotPossible'] . '</p>';
94 }
95 echo "\n";
96 } // end inf[2] exists
97 }
98 echo '<p><font color="green">' . $GLOBALS['strImportFinished'] . '</font></p>' . "\n";
99 } else {
100 echo '<p><font color="red">' . $GLOBALS['strFileCouldNotBeRead'] . '</font></p>' . "\n";
101 }
102
103 return 1;
104 } else {
105 if ($content != 'none') {
106 echo '<p><font color="orange">' . sprintf($GLOBALS['strIgnoringFile'], ' ' . $file) . '</font></p>' . "\n";
107 } else {
108 // garvin: disabled. Shouldn't impose ANY non-submitted files ever.
109 echo '<p><font color="orange">' . sprintf($GLOBALS['strIgnoringFile'], ' ' . '...') . '</font></p>' . "\n";
110 }
111 return 0;
112 } // end working on table
113 }
114
115 /**
116 * Try to get the "$DOCUMENT_ROOT" variable whatever is the register_globals
117 * value
118 */
119 if (empty($DOCUMENT_ROOT)) {
120 if (!empty($_SERVER) && isset($_SERVER['DOCUMENT_ROOT'])) {
121 $DOCUMENT_ROOT = $_SERVER['DOCUMENT_ROOT'];
122 }
123 else if (!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['DOCUMENT_ROOT'])) {
124 $DOCUMENT_ROOT = $HTTP_SERVER_VARS['DOCUMENT_ROOT'];
125 }
126 else if (!empty($_ENV) && isset($_ENV['DOCUMENT_ROOT'])) {
127 $DOCUMENT_ROOT = $_ENV['DOCUMENT_ROOT'];
128 }
129 else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['DOCUMENT_ROOT'])) {
130 $DOCUMENT_ROOT = $HTTP_ENV_VARS['DOCUMENT_ROOT'];
131 }
132 else if (@getenv('DOCUMENT_ROOT')) {
133 $DOCUMENT_ROOT = getenv('DOCUMENT_ROOT');
134 }
135 else {
136 $DOCUMENT_ROOT = '.';
137 }
138 } // end if
139
140 /**
141 * Executes import if required
142 */
143 if (isset($do) && $do == 'import') {
144 $orig_docpath = $docpath;
145
146 if (empty($sql_file)) {
147 $sql_file = 'none';
148 }
149
150 // Get relation settings
151 include('./libraries/relation.lib.php3');
152 $cfgRelation = PMA_getRelationsParam();
153
154 // Gets the query from a file if required
155 if ($sql_file != 'none') {
156 if (file_exists($sql_file)
157 && is_uploaded_file($sql_file)) {
158
159 $open_basedir = '';
160 if (PMA_PHP_INT_VERSION >= 40000) {
161 $open_basedir = @ini_get('open_basedir');
162 }
163 if (empty($open_basedir)) {
164 $open_basedir = @get_cfg_var('open_basedir');
165 }
166
167 // If we are on a server with open_basedir, we must move the file
168 // before opening it. The doc explains how to create the "./tmp"
169 // directory
170
171 if (!empty($open_basedir)) {
172
173 $tmp_subdir = (PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/');
174
175 // function is_writeable() is valid on PHP3 and 4
176 if (!is_writeable($tmp_subdir)) {
177 // if we cannot move the file, let PHP report the error
178 error_reporting(E_ALL);
179 $docsql_text = PMA_readFile($sql_file, $sql_file_compression);
180 }
181 else {
182 $sql_file_new = $tmp_subdir . basename($sql_file);
183 if (PMA_PHP_INT_VERSION < 40003) {
184 copy($sql_file, $sql_file_new);
185 } else {
186 move_uploaded_file($sql_file, $sql_file_new);
187 }
188 $docsql_text = PMA_readFile($sql_file_new, $sql_file_compression);
189 unlink($sql_file_new);
190 }
191 }
192 else {
193 // read from the normal upload dir
194 $docsql_text = PMA_readFile($sql_file, $sql_file_compression);
195 }
196
197 // Convert the file's charset if necessary
198 if ($cfg['AllowAnywhereRecoding'] && $allow_recoding
199 && isset($charset_of_file) && $charset_of_file != $charset) {
200 $docsql_text = PMA_convert_string($charset_of_file, $charset, $docsql_text);
201 }
202
203 if (!isset($docsql_text) || $docsql_text == FALSE || $docsql_text == '') {
204 echo '<p><font color="red">' . $GLOBALS['strFileCouldNotBeRead'] . '</font></p>' . "\n";
205 } else {
206 docsql_check('', $sql_file_name, $sql_file_name, $docsql_text);
207 }
208 } // end uploaded file stuff
209 } else {
210
211 // echo '<h1>Starting Import</h1>';
212 $docpath = $DOCUMENT_ROOT . dirname($PHP_SELF) . '/docSQL/' . eregi_replace('\.\.*', '.', $docpath);
213 if (substr($docpath, strlen($docpath) - 2, 1) != '/') {
214 $docpath = $docpath . '/';
215 }
216
217 $matched_files = 0;
218
219 if (is_dir($docpath)) {
220 // Do the work
221 $handle = opendir($docpath);
222 while ($file = @readdir($handle)) {
223 $filename = basename($file);
224 // echo '<p>Working on file ' . $filename . '</p>';
225 $matched_files += docsql_check($docpath, $file, $filename);
226 } // end while
227 } else {
228 echo '<p><font color="red">' .$docpath . ': ' . $strThisNotDirectory . "</font></p>\n";
229 }
230 }
231 }
232
233
234 /**
235 * Displays the form
236 */
237 ?>
238
239 <form method="post" action="db_details_importdocsql.php3" <?php if ($is_upload) echo ' enctype="multipart/form-data"'; ?>>
240 <?php echo PMA_generate_common_hidden_inputs($db); ?>
241 <input type="hidden" name="submit_show" value="true" />
242 <input type="hidden" name="do" value="import" />
243 <b><?php echo $strAbsolutePathToDocSqlDir; ?>:</b>
244 <br /><br />
245 <?php echo dirname($PHP_SELF) . '/docSQL'; ?>/<input class="textfield" type="text" name="docpath" size="15" value="<?php echo (isset($orig_docpath) ? $orig_docpath : ''); ?>" />
246 <?php
247 // garvin: displays import dump feature only if file upload available
248 if ($is_upload) {
249 echo '<br /><br />';
250 echo ' <i>' . $strOr . '</i> ' . $strLocationTextfile . '&nbsp;:<br />' . "\n";
251 ?>
252 <div style="margin-bottom: 5px">
253 <input type="file" name="sql_file" class="textfield" /><br />
254 <?php
255 if ($cfg['AllowAnywhereRecoding'] && $allow_recoding) {
256 $temp_charset = reset($cfg['AvailableCharsets']);
257 echo $strCharsetOfFile . "\n"
258 . ' <select name="charset_of_file" size="1">' . "\n"
259 . ' <option value="' . $temp_charset . '"';
260 if ($temp_charset == $charset) {
261 echo ' selected="selected"';
262 }
263 echo '>' . $temp_charset . '</option>' . "\n";
264 while ($temp_charset = next($cfg['AvailableCharsets'])) {
265 echo ' <option value="' . $temp_charset . '"';
266 if ($temp_charset == $charset) {
267 echo ' selected="selected"';
268 }
269 echo '>' . $temp_charset . '</option>' . "\n";
270 } // end while
271 echo ' </select><br />' . "\n" . ' ';
272 } // end if
273 $is_gzip = ($cfg['GZipDump'] && @function_exists('gzopen'));
274 $is_bzip = ($cfg['BZipDump'] && @function_exists('bzdecompress'));
275 if ($is_bzip || $is_gzip) {
276 echo ' ' . $strCompression . ':' . "\n"
277 . ' <input type="radio" id="radio_sql_file_compression_auto" name="sql_file_compression" value="" checked="checked" />' . "\n"
278 . ' <label for="radio_sql_file_compression_auto">' . $strAutodetect . '</label>&nbsp;&nbsp;&nbsp;' . "\n"
279 . ' <input type="radio" id="radio_sql_file_compression_plain" name="sql_file_compression" value="text/plain" />' . "\n"
280 . ' <label for="radio_sql_file_compression_plain">' . $strNone . '</label>&nbsp;&nbsp;&nbsp;' . "\n";
281 if ($is_gzip) {
282 echo ' <input type="radio" id="radio_sql_file_compression_gzip" name="sql_file_compression" value="application/x-gzip" />' . "\n"
283 . ' <label for="radio_sql_file_compression_gzip">' . $strGzip . '</label>&nbsp;&nbsp;&nbsp;' . "\n";
284 }
285 if ($is_bzip) {
286 echo ' <input type="radio" id="radio_sql_file_compression_bzip" name="sql_file_compression" value="application/x-bzip" />' . "\n"
287 . ' <label for="radio_sql_file_compression_bzip">' . $strBzip . '</label>&nbsp;&nbsp;&nbsp;' . "\n";
288 }
289 } else {
290 echo ' <input type="hidden" name="sql_file_compression" value="text/plain" />' . "\n";
291 }
292 ?>
293 </div>
294 <?php
295 } // end if
296 echo "\n";
297 ?>
298 <br />
299 &nbsp;<input type="submit" value="<?php echo $strImportFiles; ?>" />
300 </form>
301
302 <?php
303 /**
304 * Displays the footer
305 */
306 echo "\n";
307 require('./footer.inc.php3');
308 ?>
Drizzle / GSOC 2011