search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
path disclosure
[phpmyadmin/crack.git] / ldi_check.php3
blobf317c12c4ea4d946cb7d4918261ff3d4cd6f008a
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5
6 /**
7 * This file checks and builds the sql-string for
8 * LOAD DATA INFILE 'file_name.txt' [REPLACE | IGNORE] INTO TABLE table_name
9 * [FIELDS
10 * [TERMINATED BY '\t']
11 * [OPTIONALLY] ENCLOSED BY "]
12 * [ESCAPED BY '\\' ]]
13 * [LINES TERMINATED BY '\n']
14 * [(column_name,...)]
15 */
16
17
18 /**
19 * Gets some core scripts
20 */
21 require('./libraries/grab_globals.lib.php3');
22 require('./libraries/common.lib.php3');
23
24 // Check parameters
25
26 PMA_checkParameters(array('db', 'table'));
27
28 /**
29 * If a file from UploadDir was submitted, use this file
30 */
31 $unlink_local_textfile = false;
32 if (isset($btnLDI) && isset($local_textfile) && $local_textfile != '') {
33 if (empty($DOCUMENT_ROOT)) {
34 if (!empty($_SERVER) && isset($_SERVER['DOCUMENT_ROOT'])) {
35 $DOCUMENT_ROOT = $_SERVER['DOCUMENT_ROOT'];
36 }
37 else if (!empty($HTTP_SERVER_VARS) && isset($HTTP_SERVER_VARS['DOCUMENT_ROOT'])) {
38 $DOCUMENT_ROOT = $HTTP_SERVER_VARS['DOCUMENT_ROOT'];
39 }
40 else if (!empty($_ENV) && isset($_ENV['DOCUMENT_ROOT'])) {
41 $DOCUMENT_ROOT = $_ENV['DOCUMENT_ROOT'];
42 }
43 else if (!empty($HTTP_ENV_VARS) && isset($HTTP_ENV_VARS['DOCUMENT_ROOT'])) {
44 $DOCUMENT_ROOT = $HTTP_ENV_VARS['DOCUMENT_ROOT'];
45 }
46 else if (@getenv('DOCUMENT_ROOT')) {
47 $DOCUMENT_ROOT = getenv('DOCUMENT_ROOT');
48 }
49 else {
50 $DOCUMENT_ROOT = '.';
51 }
52 } // end if
53
54 $textfile = $DOCUMENT_ROOT . dirname($PHP_SELF) . '/' . eregi_replace('^./', '', $cfg['UploadDir']) . eregi_replace('\.\.*', '.', $local_textfile);
55 if (file_exists($textfile)) {
56 $open_basedir = '';
57 if (PMA_PHP_INT_VERSION >= 40000) {
58 $open_basedir = @ini_get('open_basedir');
59 }
60 if (empty($open_basedir)) {
61 $open_basedir = @get_cfg_var('open_basedir');
62 }
63
64 // If we are on a server with open_basedir, we must move the file
65 // before opening it. The doc explains how to create the "./tmp"
66 // directory
67
68 if (!empty($open_basedir)) {
69
70 $tmp_subdir = (PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/');
71
72 // function is_writeable() is valid on PHP3 and 4
73 if (!is_writeable($tmp_subdir)) {
74 // if we cannot move the file, let PHP report the error
75 error_reporting(E_ALL);
76 } else {
77 $textfile_new = $tmp_subdir . basename($textfile);
78 if (PMA_PHP_INT_VERSION < 40003) {
79 copy($textfile, $textfile_new);
80 } else {
81 move_uploaded_file($textfile, $textfile_new);
82 }
83 $textfile = $textfile_new;
84 $unlink_local_textfile = true;
85 }
86 }
87 }
88 }
89
90 /**
91 * The form used to define the query has been submitted -> do the work
92 */
93 if (isset($btnLDI) && empty($textfile)) {
94 $js_to_run = 'functions.js';
95 include('./header.inc.php3');
96 $message = $strMustSelectFile;
97 include('./ldi_table.php3');
98 } elseif (isset($btnLDI) && ($textfile != 'none')) {
99 if (!isset($replace)) {
100 $replace = '';
101 }
102
103 error_reporting(E_ALL);
104 chmod($textfile, 0644);
105
106 // Kanji encoding convert appended by Y.Kawada
107 if (function_exists('PMA_kanji_file_conv')) {
108 $textfile = PMA_kanji_file_conv($textfile, $knjenc, isset($xkana) ? $xkana : '');
109 }
110
111 // Convert the file's charset if necessary
112 if ($cfg['AllowAnywhereRecoding'] && $allow_recoding
113 && isset($charset_of_file) && $charset_of_file != $charset) {
114 $textfile = PMA_convert_file($charset_of_file, $convcharset, $textfile);
115 }
116
117 // Formats the data posted to this script
118 $textfile = PMA_sqlAddslashes($textfile);
119 $enclosed = PMA_sqlAddslashes($enclosed);
120 $escaped = PMA_sqlAddslashes($escaped);
121 $column_name = PMA_sqlAddslashes($column_name);
122
123 // (try to) make sure the file is readable:
124 chmod($textfile, 0777);
125
126 // Builds the query
127 $sql_query = 'LOAD DATA';
128
129 if ($local_option == "1") {
130 $sql_query .= ' LOCAL';
131 }
132
133 $sql_query .= ' INFILE \'' . $textfile . '\'';
134 if (!empty($replace)) {
135 $sql_query .= ' ' . $replace;
136 }
137 $sql_query .= ' INTO TABLE ' . PMA_backquote($into_table);
138 if (isset($field_terminater)) {
139 $sql_query .= ' FIELDS TERMINATED BY \'' . $field_terminater . '\'';
140 }
141 if (isset($enclose_option) && strlen($enclose_option) > 0) {
142 $sql_query .= ' OPTIONALLY';
143 }
144 if (strlen($enclosed) > 0) {
145 $sql_query .= ' ENCLOSED BY \'' . $enclosed . '\'';
146 }
147 if (strlen($escaped) > 0) {
148 $sql_query .= ' ESCAPED BY \'' . $escaped . '\'';
149 }
150 if (strlen($line_terminator) > 0){
151 $sql_query .= ' LINES TERMINATED BY \'' . $line_terminator . '\'';
152 }
153 if (strlen($column_name) > 0) {
154 if (PMA_MYSQL_INT_VERSION >= 32306) {
155 $sql_query .= ' (';
156 $tmp = split(',( ?)', $column_name);
157 for ($i = 0; $i < count($tmp); $i++) {
158 if ($i > 0) {
159 $sql_query .= ', ';
160 }
161 $sql_query .= PMA_backquote(trim($tmp[$i]));
162 } // end for
163 $sql_query .= ')';
164 } else {
165 $sql_query .= ' (' . $column_name . ')';
166 }
167 }
168
169 // We could rename the ldi* scripts to tbl_properties_ldi* to improve
170 // consistency with the other sub-pages.
171 //
172 // The $goto in ldi_table.php3 is set to tbl_properties.php3 but maybe
173 // if would be better to Browse the latest inserted data.
174 include('./sql.php3');
175 if ($unlink_local_textfile) {
176 unlink($textfile);
177 }
178 }
179
180
181 /**
182 * The form used to define the query hasn't been yet submitted -> loads it
183 */
184 else {
185 include('./ldi_table.php3');
186 }
187 ?>
Drizzle / GSOC 2011