search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
2.5.3-rc2
[phpmyadmin/crack.git] / read_dump.php3
blobac17dabda7f37e8d9544f53e48c63c2c2cf64e8d
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
4
5 /**
6 * Gets some core libraries
7 */
8 require('./libraries/read_dump.lib.php3');
9 require('./libraries/grab_globals.lib.php3');
10 require('./libraries/common.lib.php3');
11
12 if (!isset($db)) {
13 $db = '';
14 }
15
16 /**
17 * Increases the max. allowed time to run a script
18 */
19 @set_time_limit($cfg['ExecTimeLimit']);
20
21
22 /**
23 * Defines the url to return to in case of error in a sql statement
24 */
25 if (!isset($goto) || !eregi('^(db_details|tbl_properties)(_[a-z]*)?\.php3$', $goto)) {
26 $goto = 'db_details.php3';
27 }
28 $err_url = $goto
29 . '?' . PMA_generate_common_url($db)
30 . (eregi('^tbl_properties(_[a-z]*)?\.php3$', $goto) ? '&amp;table=' . urlencode($table) : '');
31
32
33 /**
34 * Set up default values for some variables
35 */
36 $view_bookmark = 0;
37 $sql_bookmark = isset($sql_bookmark) ? $sql_bookmark : '';
38 $sql_query = isset($sql_query) ? $sql_query : '';
39 if (!empty($sql_localfile) && $cfg['UploadDir'] != '') {
40 $sql_file = $cfg['UploadDir'] . $sql_localfile;
41 } else if (empty($sql_file)) {
42 $sql_file = 'none';
43 }
44
45
46 /**
47 * Bookmark Support: get a query back from bookmark if required
48 */
49 if (!empty($id_bookmark)) {
50 include('./libraries/bookmark.lib.php3');
51 switch ($action_bookmark) {
52 case 0: // bookmarked query that have to be run
53 $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
54 if (isset($bookmark_variable) && !empty($bookmark_variable)) {
55 if (PMA_PHP_INT_VERSION >= 40300) {
56 $sql_query = preg_replace('|/\*(.*)\[VARIABLE\](.*)\*/|imsU', '${1}' . PMA_sqlAddslashes($bookmark_variable) . '${2}', $sql_query);
57 } else {
58 $sql_query = preg_replace('|/\*(.*)\[VARIABLE\](.*)\*/|imsU', '\1 ' . PMA_sqlAddslashes($bookmark_variable) . '\2', $sql_query);
59 }
60 }
61 break;
62 case 1: // bookmarked query that have to be displayed
63 $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
64 $view_bookmark = 1;
65 break;
66 case 2: // bookmarked query that have to be deleted
67 $sql_query = PMA_deleteBookmarks($db, $cfg['Bookmark'], $id_bookmark);
68 break;
69 }
70 } // end if
71
72
73 /**
74 * Prepares the sql query
75 */
76 // Gets the query from a file if required
77 if ($sql_file != 'none') {
78 // loic1 : fixed a security issue
79 // if ((file_exists($sql_file) && is_uploaded_file($sql_file))
80 // || file_exists($cfg['UploadDir'] . $sql_localfile)) {
81 if (file_exists($sql_file)
82 && ((isset($sql_localfile) && $sql_file == $cfg['UploadDir'] . $sql_localfile) || is_uploaded_file($sql_file))) {
83 $open_basedir = '';
84 if (PMA_PHP_INT_VERSION >= 40000) {
85 $open_basedir = @ini_get('open_basedir');
86 }
87 if (empty($open_basedir)) {
88 $open_basedir = @get_cfg_var('open_basedir');
89 }
90
91 if (!isset($sql_file_compression)) $sql_file_compression = '';
92
93 // If we are on a server with open_basedir, we must move the file
94 // before opening it. The doc explains how to create the "./tmp"
95 // directory
96
97 if (!empty($open_basedir)) {
98
99 $tmp_subdir = (PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/');
100
101 // function is_writeable() is valid on PHP3 and 4
102 if (!is_writeable($tmp_subdir)) {
103 $sql_query = PMA_readFile($sql_file, $sql_file_compression);
104 if ($sql_query == FALSE) {
105 echo $strFileCouldNotBeRead;
106 exit();
107 }
108 }
109 else {
110 $sql_file_new = $tmp_subdir . basename($sql_file);
111 if (PMA_PHP_INT_VERSION < 40003) {
112 copy($sql_file, $sql_file_new);
113 } else {
114 move_uploaded_file($sql_file, $sql_file_new);
115 }
116 $sql_query = PMA_readFile($sql_file_new, $sql_file_compression);
117 unlink($sql_file_new);
118 }
119 }
120 else {
121 // read from the normal upload dir
122 $sql_query = PMA_readFile($sql_file, $sql_file_compression);
123 }
124
125 // Convert the file's charset if necessary
126 if ($cfg['AllowAnywhereRecoding'] && $allow_recoding
127 && isset($charset_of_file) && $charset_of_file != $charset) {
128 $sql_query = PMA_convert_string($charset_of_file, $charset, $sql_query);
129 }
130 } // end uploaded file stuff
131 }
132
133 // Kanji convert SQL textfile 2002/1/4 by Y.Kawada
134 if (@function_exists('PMA_kanji_str_conv')) {
135 $sql_tmp = trim($sql_query);
136 PMA_change_enc_order();
137 $sql_query = PMA_kanji_str_conv($sql_tmp, $knjenc, isset($xkana) ? $xkana : '');
138 PMA_change_enc_order();
139 } else {
140 $sql_query = trim($sql_query);
141 }
142
143 // $sql_query come from the query textarea, if it's a reposted query gets its
144 // 'true' value
145 if (!empty($prev_sql_query)) {
146 $prev_sql_query = urldecode($prev_sql_query);
147 if ($sql_query == trim(htmlspecialchars($prev_sql_query))) {
148 $sql_query = $prev_sql_query;
149 }
150 }
151
152 // Drop database is not allowed -> ensure the query can be run
153 if (!$cfg['AllowUserDropDatabase']
154 && eregi('DROP[[:space:]]+(IF EXISTS[[:space:]]+)?DATABASE ', $sql_query)) {
155 // Checks if the user is a Superuser
156 // TODO: set a global variable with this information
157 // loic1: optimized query
158 $result = @PMA_mysql_query('USE mysql');
159 if (PMA_mysql_error()) {
160 include('./header.inc.php3');
161 PMA_mysqlDie($strNoDropDatabases, '', '', $err_url);
162 }
163 }
164 define('PMA_CHK_DROP', 1);
165
166 /**
167 * Executes the query
168 */
169 if ($sql_query != '') {
170 $pieces = array();
171 PMA_splitSqlFile($pieces, $sql_query, PMA_MYSQL_INT_VERSION);
172 $pieces_count = count($pieces);
173 if ($pieces_count > 1) {
174 $is_multiple = TRUE;
175 }
176
177 // Copy of the cleaned sql statement for display purpose only (see near the
178 // beginning of "db_details.php3" & "tbl_properties.php3")
179
180 // You can either
181 // * specify the amount of maximum pieces per query (having max_*_length set to 0!) or
182 // * specify the amount of maximum chars per query (having max_*_pieces set to 0!)
183 // - max_nofile_* is used for any queries submitted via copy&paste in the textarea
184 // - max_file_* is used for any file-submitted query
185 if (!$cfg['VerboseMultiSubmit']) {
186 // Here be the values if the Verbose-Mode (see config.inc.php3) is NOT activated
187 $max_nofile_length = 500;
188 $max_nofile_pieces = 0;
189 $max_file_length = 0;
190 $max_file_pieces = 10;
191 } else {
192 // Values for verbose-mode
193 $max_nofile_length = 0;
194 $max_nofile_pieces = 50;
195 $max_file_length = 0;
196 $max_file_pieces = 50;
197 }
198
199 if ($sql_file != 'none' &&
200 ($max_file_length == 0 && ($pieces_count > $max_file_pieces))
201 ||
202 ($max_file_pieces == 0 && (strlen($sql_query) > $max_file_length))) {
203 // Be nice with bandwidth...
204 $sql_query_cpy = $sql_query = '';
205 $save_bandwidth = TRUE;
206 $save_bandwidth_length = $max_file_length;
207 $save_bandwidth_pieces = $max_file_pieces;
208 } else {
209
210 $sql_query_cpy = implode(";\n", $pieces) . ';';
211 // Be nice with bandwidth... for now, an arbitrary limit of 500,
212 // could be made configurable but probably not necessary
213 if (($max_nofile_pieces == 0 && (strlen($sql_query_cpy) > $max_nofile_length))
214 || ($max_nofile_length == 0 && $pieces_count > $max_nofile_pieces)) {
215 $sql_query_cpy = $sql_query = '';
216 $save_bandwidth = TRUE;
217 $save_bandwidth_length = $max_nofile_length;
218 $save_bandwidth_pieces = $max_nofile_pieces;
219 }
220 }
221
222 // really run the query?
223 if ($view_bookmark == 0) {
224 // Only one query to run
225 if ($pieces_count == 1 && !empty($pieces[0])) {
226 $sql_query = $pieces[0];
227 if (eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $sql_query)) {
228 $reload = 1;
229 }
230 include('./sql.php3');
231 exit();
232 }
233
234 // Runs multiple queries
235 else if (PMA_mysql_select_db($db)) {
236 $mult = TRUE;
237 $info_msg = '';
238 $info_count = 0;
239
240 for ($i = 0; $i < $pieces_count; $i++) {
241 $a_sql_query = $pieces[$i];
242 if ($i == $pieces_count - 1 && eregi('^SELECT', $a_sql_query)) {
243 $complete_query = $sql_query;
244 $display_query = $sql_query;
245 $sql_query = $a_sql_query;
246 include('./sql.php3');
247 exit();
248 }
249
250 $result = PMA_mysql_query($a_sql_query);
251 if ($result == FALSE) { // readdump failed
252 if (isset($my_die) && $cfg['IgnoreMultiSubmitErrors']) {
253 $my_die[] = "\n\n" . $a_sql_query;
254 } elseif ($cfg['IgnoreMultiSubmitErrors']) {
255 $my_die = array();
256 $my_die[] = $a_sql_query;
257 } else {
258 $my_die = $a_sql_query;
259 }
260
261 if ($cfg['VerboseMultiSubmit']) {
262 $info_msg .= $a_sql_query . '; # ' . $strError . "\n";
263 $info_count++;
264 }
265
266 if (!$cfg['IgnoreMultiSubmitErrors']) {
267 break;
268 }
269 } else if ($cfg['VerboseMultiSubmit']) {
270 $a_num_rows = (int)@mysql_num_rows($result);
271 $a_aff_rows = (int)@mysql_affected_rows();
272 if ($a_num_rows > 0) {
273 $a_rows = $a_num_rows;
274 $a_switch = $strRows . ': ';
275 } elseif ($a_aff_rows > 0) {
276 $a_rows = $a_aff_rows;
277 $a_switch = $strAffectedRows;;
278 } else {
279 $a_rows = '';
280 $a_switch = $strEmptyResultSet;
281 }
282
283 $info_msg .= $a_sql_query . "; # " . $a_switch . $a_rows . "\n";
284 $info_count++;
285 }
286
287 if (!isset($reload) && eregi('^(DROP|CREATE)[[:space:]]+(IF EXISTS[[:space:]]+)?(TABLE|DATABASE)[[:space:]]+(.+)', $a_sql_query)) {
288 $reload = 1;
289 }
290 } // end for
291
292 if ($cfg['VerboseMultiSubmit'] && strlen($info_msg) > 0 &&
293 ((!isset($save_bandwidth) || $save_bandwidth == FALSE) ||
294 ($save_bandwidth_pieces == 0 && strlen($sql_query) < $save_bandwidth_length) ||
295 ($save_bandwidth_length == 0 && $info_count < $save_bandwidth_pieces))) {
296 $sql_query = $info_msg;
297 }
298
299 } // end else if
300 } // end if (really run the query)
301 unset($pieces);
302 } // end if
303
304
305
306 /**
307 * MySQL error
308 */
309 if (isset($my_die)) {
310 $js_to_run = 'functions.js';
311 include('./header.inc.php3');
312 if (is_array($my_die)) {
313 while(list($key, $die_string) = each($my_die)) {
314 PMA_mysqlDie('', $die_string, '', $err_url, FALSE);
315 echo '<hr />';
316 }
317 } else {
318 PMA_mysqlDie('', $my_die, '', $err_url, TRUE);
319 }
320 }
321
322
323 /**
324 * Go back to the calling script
325 */
326 // Checks for a valid target script
327 if (isset($table) && $table == '') {
328 unset($table);
329 }
330 if (isset($db) && $db == '') {
331 unset($db);
332 }
333 $is_db = $is_table = FALSE;
334 if ($goto == 'tbl_properties.php3') {
335 if (!isset($table)) {
336 $goto = 'db_details.php3';
337 } else {
338 PMA_mysql_select_db($db);
339 $is_table = @PMA_mysql_query('SHOW TABLES LIKE \'' . PMA_sqlAddslashes($table, TRUE) . '\'');
340 if (!($is_table && @mysql_numrows($is_table))) {
341 $goto = 'db_details.php3';
342 unset($table);
343 }
344 } // end if... else...
345 }
346 if ($goto == 'db_details.php3') {
347 if (isset($table)) {
348 unset($table);
349 }
350 if (!isset($db)) {
351 $goto = 'main.php3';
352 } else {
353 $is_db = @PMA_mysql_select_db($db);
354 if (!$is_db) {
355 $goto = 'main.php3';
356 unset($db);
357 }
358 } // end if... else...
359 }
360 // Defines the message to be displayed
361 if (!empty($id_bookmark) && $action_bookmark == 2) {
362 $message = $strBookmarkDeleted;
363 } else if (!isset($sql_query_cpy)) {
364 $message = $strNoQuery;
365 } else if ($sql_query_cpy == '') {
366 $message = "$strSuccess&nbsp;:<br />$strTheContent ($pieces_count $strInstructions)&nbsp;";
367 } else {
368 $message = $strSuccess;
369 }
370 // Loads to target script
371 if ($goto == 'db_details.php3' || $goto == 'tbl_properties.php3') {
372 $js_to_run = 'functions.js';
373 }
374 if ($goto != 'main.php3') {
375 include('./header.inc.php3');
376 }
377 $active_page = $goto;
378 require('./' . $goto);
379 ?>
Drizzle / GSOC 2011