search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
path disclosure
[phpmyadmin/crack.git] / tbl_move_copy.php3
blobf1cc6f0a0cb835a9ed9ae81d0fe3ced682c83cd3
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5 // Check parameters
6
7 if (!defined('PMA_COMMON_LIB_INCLUDED')) {
8 include('./libraries/common.lib.php3');
9 }
10
11 PMA_checkParameters(array('db', 'table'));
12
13 /**
14 * Insert data from one table to another one
15 *
16 * @param string the original insert statement
17 *
18 * @global string the database name
19 * @global string the original table name
20 * @global string the target database and table names
21 * @global string the sql query used to copy the data
22 */
23 function PMA_myHandler($sql_insert = '')
24 {
25 global $db, $table, $target;
26 global $sql_insert_data;
27
28 $sql_insert = eregi_replace('INSERT INTO (`?)' . $table . '(`?)', 'INSERT INTO ' . $target, $sql_insert);
29 $result = PMA_mysql_query($sql_insert) or PMA_mysqlDie('', $sql_insert, '', $GLOBALS['err_url']);
30
31 $sql_insert_data .= $sql_insert . ';' . "\n";
32 } // end of the 'PMA_myHandler()' function
33
34 /**
35 * Inserts existing entries in a PMA_* table by reading a value from an old entry
36 *
37 * @param string The array index, which Relation feature to check
38 * ('relwork', 'commwork', ...)
39 * @param string The array index, which PMA-table to update
40 * ('bookmark', 'relation', ...)
41 * @param array Which fields will be SELECT'ed from the old entry
42 * @param array Which fields will be used for the WHERE query
43 * (array('FIELDNAME' => 'FIELDVALUE'))
44 * @param array Which fields will be used as new VALUES. These are the important
45 * keys which differ from the old entry.
46 * (array('FIELDNAME' => 'NEW FIELDVALUE'))
47
48 * @global string relation variable
49 *
50 * @author Garvin Hicking <me@supergarv.de>
51 */
52 function PMA_duplicate_table($work, $pma_table, $get_fields, $where_fields, $new_fields) {
53 global $cfgRelation;
54
55 $last_id = -1;
56
57 if ($cfgRelation[$work]) {
58 @reset($get_fields);
59 $select_parts = array();
60 $row_fields = array();
61 while(list($nr, $get_field) = each($get_fields)) {
62 $select_parts[] = PMA_backquote($get_field);
63 $row_fields[$get_field] = 'cc';
64 }
65
66 @reset($where_fields);
67 $where_parts = array();
68 while(list($_where, $_value) = each($where_fields)) {
69 $where_parts[] = PMA_backquote($_where) . ' = \'' . PMA_sqlAddslashes($_value) . '\'';
70 }
71
72 @reset($new_fields);
73 $new_parts = array();
74 $new_value_parts = array();
75 while(list($_where, $_value) = each($new_fields)) {
76 $new_parts[] = PMA_backquote($_where);
77 $new_value_parts[] = PMA_sqlAddslashes($_value);
78 }
79
80 $table_copy_query = 'SELECT ' . implode(', ', $select_parts)
81 . ' FROM ' . PMA_backquote($cfgRelation[$pma_table])
82 . ' WHERE ' . implode(' AND ', $where_parts);
83 $table_copy_rs = PMA_query_as_cu($table_copy_query);
84
85 while ($table_copy_row = @PMA_mysql_fetch_array($table_copy_rs)) {
86 $value_parts = array();
87 while(list($_key, $_val) = each($table_copy_row)) {
88 if (isset($row_fields[$_key]) && $row_fields[$_key] == 'cc') {
89 $value_parts[] = PMA_sqlAddslashes($_val);
90 }
91 }
92
93 $new_table_query = 'INSERT IGNORE INTO ' . PMA_backquote($cfgRelation[$pma_table])
94 . ' (' . implode(', ', $select_parts) . ', ' . implode(', ', $new_parts) . ')'
95 . ' VALUES '
96 . ' (\'' . implode('\', \'', $value_parts) . '\', \'' . implode('\', \'', $new_value_parts) . '\')';
97
98 $new_table_rs = PMA_query_as_cu($new_table_query);
99 $last_id = (@function_exists('mysql_insert_id') ? @mysql_insert_id() : -1);
100 } // end while
101
102 return $last_id;
103 }
104
105 return true;
106 } // end of 'PMA_duplicate_table()' function
107
108 /**
109 * Gets some core libraries
110 */
111 require('./libraries/grab_globals.lib.php3');
112 require('./libraries/common.lib.php3');
113
114
115 /**
116 * Defines the url to return to in case of error in a sql statement
117 */
118 $err_url = 'tbl_properties.php3?' . PMA_generate_common_url($db, $table);
119
120
121 /**
122 * Selects the database to work with
123 */
124 PMA_mysql_select_db($db);
125
126
127 /**
128 * A target table name has been sent to this script -> do the work
129 */
130 if (isset($new_name) && trim($new_name) != '') {
131 $use_backquotes = 1;
132 $asfile = 1;
133
134 // Ensure the target is valid
135 if (count($dblist) > 0 &&
136 (PMA_isInto($db, $dblist) == -1 || PMA_isInto($target_db, $dblist) == -1)) {
137 exit();
138 }
139 if (PMA_MYSQL_INT_VERSION < 32306) {
140 PMA_checkReservedWords($target_db, $err_url);
141 PMA_checkReservedWords($new_name, $err_url);
142 }
143
144 if ($db == $target_db && $new_name == $table) {
145 $message = (isset($submit_move) ? $strMoveTableSameNames : $strCopyTableSameNames);
146 } else {
147 $source = PMA_backquote($db) . '.' . PMA_backquote($table);
148 if (empty($target_db)) $target_db = $db;
149 $target = PMA_backquote($target_db) . '.' . PMA_backquote($new_name);
150
151 include('./libraries/export/sql.php3');
152
153 $sql_structure = PMA_getTableDef($db, $table, "\n", $err_url);
154 $parsed_sql = PMA_SQP_parse($sql_structure);
155
156 /* nijel: Find table name in query and replace it */
157 $i = 0;
158 while ($parsed_sql[$i]['type'] != 'quote_backtick') $i++;
159
160 /* no need to PMA_backquote() */
161 $parsed_sql[$i]['data'] = $target;
162
163 /* Generate query back */
164 $sql_structure = PMA_SQP_formatHtml($parsed_sql, 'query_only');
165
166 // do not create the table if dataonly
167 if ($what != 'dataonly') {
168 // If table exists, and 'add drop table' is selected: Drop it!
169 $drop_query = '';
170 if (isset($drop_if_exists) && $drop_if_exists == 'true') {
171 $drop_query = 'DROP TABLE IF EXISTS ' . PMA_backquote($target_db) . '.' . PMA_backquote($new_name);
172 $result = @PMA_mysql_query($drop_query);
173 if (PMA_mysql_error()) {
174 include('./header.inc.php3');
175 PMA_mysqlDie('', $sql_structure, '', $err_url);
176 }
177
178 if (isset($sql_query)) {
179 $sql_query .= "\n" . $drop_query . ';';
180 } else {
181 $sql_query = $drop_query . ';';
182 }
183
184 // garvin: If an existing table gets deleted, maintain any entries
185 // for the PMA_* tables
186 $maintain_relations = true;
187 }
188
189 $result = @PMA_mysql_query($sql_structure);
190 if (PMA_mysql_error()) {
191 include('./header.inc.php3');
192 PMA_mysqlDie('', $sql_structure, '', $err_url);
193 } else if (isset($sql_query)) {
194 $sql_query .= "\n" . $sql_structure . ';';
195 } else {
196 $sql_query = $sql_structure . ';';
197 }
198 } else {
199 $sql_query='';
200 }
201
202 // Copy the data
203 if ($result != FALSE && ($what == 'data' || $what == 'dataonly')) {
204 // speedup copy table - staybyte - 22. Juni 2001
205 if (PMA_MYSQL_INT_VERSION >= 32300) {
206 $sql_insert_data = 'INSERT INTO ' . $target . ' SELECT * FROM ' . $source;
207 $result = @PMA_mysql_query($sql_insert_data);
208 if (PMA_mysql_error()) {
209 include('./header.inc.php3');
210 PMA_mysqlDie('', $sql_insert_data, '', $err_url);
211 }
212 } // end MySQL >= 3.23
213 else {
214 $sql_insert_data = '';
215 PMA_getTableContent($db, $table, 0, 0, 'PMA_myHandler', $err_url,'');
216 } // end MySQL < 3.23
217 $sql_query .= "\n\n" . $sql_insert_data;
218 }
219
220 include('./libraries/relation.lib.php3');
221 $cfgRelation = PMA_getRelationsParam();
222
223 // Drops old table if the user has requested to move it
224 if (isset($submit_move)) {
225 $sql_drop_table = 'DROP TABLE ' . $source;
226 $result = @PMA_mysql_query($sql_drop_table);
227 if (PMA_mysql_error()) {
228 include('./header.inc.php3');
229 PMA_mysqlDie('', $sql_drop_table, '', $err_url);
230 }
231
232 // garvin: Move old entries from PMA-DBs to new table
233 if ($cfgRelation['commwork']) {
234 $remove_query = 'UPDATE ' . PMA_backquote($cfgRelation['column_info'])
235 . ' SET table_name = \'' . PMA_sqlAddslashes($new_name) . '\', '
236 . ' db_name = \'' . PMA_sqlAddslashes($target_db) . '\''
237 . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
238 . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
239 $rmv_rs = PMA_query_as_cu($remove_query);
240 unset($rmv_query);
241 }
242
243 // garvin: updating bookmarks is not possible since only a single table is moved,
244 // and not the whole DB.
245 // if ($cfgRelation['bookmarkwork']) {
246 // $remove_query = 'UPDATE ' . PMA_backquote($cfgRelation['bookmark'])
247 // . ' SET dbase = \'' . PMA_sqlAddslashes($target_db) . '\''
248 // . ' WHERE dbase = \'' . PMA_sqlAddslashes($db) . '\'';
249 // $rmv_rs = PMA_query_as_cu($remove_query);
250 // unset($rmv_query);
251 // }
252
253 if ($cfgRelation['displaywork']) {
254 $table_query = 'UPDATE ' . PMA_backquote($cfgRelation['table_info'])
255 . ' SET db_name = \'' . PMA_sqlAddslashes($target_db) . '\', '
256 . ' table_name = \'' . PMA_sqlAddslashes($new_name) . '\''
257 . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
258 . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
259 $tb_rs = PMA_query_as_cu($table_query);
260 unset($table_query);
261 unset($tb_rs);
262 }
263
264 if ($cfgRelation['relwork']) {
265 $table_query = 'UPDATE ' . PMA_backquote($cfgRelation['relation'])
266 . ' SET foreign_table = \'' . PMA_sqlAddslashes($new_name) . '\','
267 . ' foreign_db = \'' . PMA_sqlAddslashes($target_db) . '\''
268 . ' WHERE foreign_db = \'' . PMA_sqlAddslashes($db) . '\''
269 . ' AND foreign_table = \'' . PMA_sqlAddslashes($table) . '\'';
270 $tb_rs = PMA_query_as_cu($table_query);
271 unset($table_query);
272 unset($tb_rs);
273
274 $table_query = 'UPDATE ' . PMA_backquote($cfgRelation['relation'])
275 . ' SET master_table = \'' . PMA_sqlAddslashes($new_name) . '\','
276 . ' master_db = \'' . PMA_sqlAddslashes($target_db) . '\''
277 . ' WHERE master_db = \'' . PMA_sqlAddslashes($db) . '\''
278 . ' AND master_table = \'' . PMA_sqlAddslashes($table) . '\'';
279 $tb_rs = PMA_query_as_cu($table_query);
280 unset($table_query);
281 unset($tb_rs);
282 }
283
284 // garvin: [TODO] Can't get moving PDFs the right way. The page numbers always
285 // get screwed up independently from duplication because the numbers do not
286 // seem to be stored on a per-database basis. Would the author of pdf support
287 // please have a look at it?
288
289 if ($cfgRelation['pdfwork']) {
290 $table_query = 'UPDATE ' . PMA_backquote($cfgRelation['table_coords'])
291 . ' SET table_name = \'' . PMA_sqlAddslashes($new_name) . '\','
292 . ' db_name = \'' . PMA_sqlAddslashes($target_db) . '\''
293 . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
294 . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'';
295 $tb_rs = PMA_query_as_cu($table_query);
296 unset($table_query);
297 unset($tb_rs);
298 /*
299 $pdf_query = 'SELECT pdf_page_number '
300 . ' FROM ' . PMA_backquote($cfgRelation['table_coords'])
301 . ' WHERE db_name = \'' . PMA_sqlAddslashes($target_db) . '\''
302 . ' AND table_name = \'' . PMA_sqlAddslashes($new_name) . '\'';
303 $pdf_rs = PMA_query_as_cu($pdf_query);
304
305 while ($pdf_copy_row = @PMA_mysql_fetch_array($pdf_rs)) {
306 $table_query = 'UPDATE ' . PMA_backquote($cfgRelation['pdf_pages'])
307 . ' SET db_name = \'' . PMA_sqlAddslashes($target_db) . '\''
308 . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
309 . ' AND page_nr = \'' . PMA_sqlAddslashes($pdf_copy_row['pdf_page_number']) . '\'';
310 $tb_rs = PMA_query_as_cu($table_query);
311 unset($table_query);
312 unset($tb_rs);
313 }
314 */
315 }
316
317 $sql_query .= "\n\n" . $sql_drop_table . ';';
318 } else {
319 // garvin: Create new entries as duplicates from old PMA DBs
320 if ($what != 'dataonly' && !isset($maintain_relations)) {
321 if ($cfgRelation['commwork']) {
322 // Get all comments and MIME-Types for current table
323 $comments_copy_query = 'SELECT
324 column_name, ' . PMA_backquote('comment') . ($cfgRelation['mimework'] ? ', mimetype, transformation, transformation_options' : '') . '
325 FROM ' . PMA_backquote($cfgRelation['column_info']) . '
326 WHERE
327 db_name = \'' . PMA_sqlAddslashes($db) . '\' AND
328 table_name = \'' . PMA_sqlAddslashes($table) . '\'';
329 $comments_copy_rs = PMA_query_as_cu($comments_copy_query);
330
331 // Write every comment as new copied entry. [MIME]
332 while ($comments_copy_row = @PMA_mysql_fetch_array($comments_copy_rs)) {
333 $new_comment_query = 'REPLACE INTO ' . PMA_backquote($cfgRelation['column_info'])
334 . ' (db_name, table_name, column_name, ' . PMA_backquote('comment') . ($cfgRelation['mimework'] ? ', mimetype, transformation, transformation_options' : '') . ') '
335 . ' VALUES('
336 . '\'' . PMA_sqlAddslashes($target_db) . '\','
337 . '\'' . PMA_sqlAddslashes($new_name) . '\','
338 . '\'' . PMA_sqlAddslashes($comments_copy_row['column_name']) . '\''
339 . ($cfgRelation['mimework'] ? ',\'' . PMA_sqlAddslashes($comments_copy_row['comment']) . '\','
340 . '\'' . PMA_sqlAddslashes($comments_copy_row['mimetype']) . '\','
341 . '\'' . PMA_sqlAddslashes($comments_copy_row['transformation']) . '\','
342 . '\'' . PMA_sqlAddslashes($comments_copy_row['transformation_options']) . '\'' : '')
343 . ')';
344 $new_comment_rs = PMA_query_as_cu($new_comment_query);
345 } // end while
346 }
347
348 if ($db != $target_db) {
349 $get_fields = array('user','label','query');
350 $where_fields = array('dbase' => $db);
351 $new_fields = array('dbase' => $target_db);
352 PMA_duplicate_table('bookmarkwork', 'bookmark', $get_fields, $where_fields, $new_fields);
353 }
354
355 $get_fields = array('display_field');
356 $where_fields = array('db_name' => $db, 'table_name' => $table);
357 $new_fields = array('db_name' => $target_db, 'table_name' => $new_name);
358 PMA_duplicate_table('displaywork', 'table_info', $get_fields, $where_fields, $new_fields);
359
360 $get_fields = array('master_field', 'foreign_db', 'foreign_table', 'foreign_field');
361 $where_fields = array('master_db' => $db, 'master_table' => $table);
362 $new_fields = array('master_db' => $target_db, 'master_table' => $new_name);
363 PMA_duplicate_table('relwork', 'relation', $get_fields, $where_fields, $new_fields);
364
365 $get_fields = array('foreign_field', 'master_db', 'master_table', 'master_field');
366 $where_fields = array('foreign_db' => $db, 'foreign_table' => $table);
367 $new_fields = array('foreign_db' => $target_db, 'foreign_table' => $new_name);
368 PMA_duplicate_table('relwork', 'relation', $get_fields, $where_fields, $new_fields);
369
370 // garvin: [TODO] Can't get duplicating PDFs the right way. The page numbers always
371 // get screwed up independently from duplication because the numbers do not
372 // seem to be stored on a per-database basis. Would the author of pdf support
373 // please have a look at it?
374 /*
375 $get_fields = array('page_descr');
376 $where_fields = array('db_name' => $db);
377 $new_fields = array('db_name' => $target_db);
378 $last_id = PMA_duplicate_table('pdfwork', 'pdf_pages', $get_fields, $where_fields, $new_fields);
379
380 if (isset($last_id) && $last_id >= 0) {
381 $get_fields = array('x', 'y');
382 $where_fields = array('db_name' => $db, 'table_name' => $table);
383 $new_fields = array('db_name' => $target_db, 'table_name' => $new_name, 'pdf_page_number' => $last_id);
384 PMA_duplicate_table('pdfwork', 'table_coords', $get_fields, $where_fields, $new_fields);
385 }
386 */
387 }
388 }
389
390 $message = (isset($submit_move) ? $strMoveTableOK : $strCopyTableOK);
391 $message = sprintf($message, $source, $target);
392 $reload = 1;
393 $js_to_run = 'functions.js';
394 /* Check: Work on new table or on old table? */
395 if (isset($submit_move)) {
396 $db = $target_db;
397 $table = $new_name;
398 } else {
399 $pma_uri_parts = parse_url($cfg['PmaAbsoluteUri']);
400 if (isset($switch_to_new) && $switch_to_new == 'true') {
401 setcookie('pma_switch_to_new', 'true', 0, substr($pma_uri_parts['path'], 0, strrpos($pma_uri_parts['path'], '/')), '', ($pma_uri_parts['scheme'] == 'https'));
402 $db = $target_db;
403 $table = $new_name;
404 } else {
405 setcookie('pma_switch_to_new', '', 0, substr($pma_uri_parts['path'], 0, strrpos($pma_uri_parts['path'], '/')), '', ($pma_uri_parts['scheme'] == 'https'));
406 // garvin:Keep original table for work.
407 }
408 }
409 }
410 include('./header.inc.php3');
411 } // end is target table name
412
413
414 /**
415 * No new name for the table!
416 */
417 else {
418 include('./header.inc.php3');
419 PMA_mysqlDie($strTableEmpty, '', '', $err_url);
420 }
421
422
423 /**
424 * Back to the calling script
425 */
426
427 require('./tbl_properties.php3');
428 ?>
Drizzle / GSOC 2011