Escape user input to avoid XSS.
[phpmyadmin/last10db.git] / import.php
blob31bcb157e0736f9fabbdde936881ddfe73ebd06f
1 <?php
2 /* $Id$ */
3 // vim: expandtab sw=4 ts=4 sts=4:
5 /* Core script for import, this is just the glue around all other stuff */
7 /**
8 * Get the variables sent or posted to this script and a core script
9 */
10 require_once('./libraries/common.lib.php');
11 $js_to_run = 'functions.js';
13 // default values
14 $GLOBALS['reload'] = false;
16 // Are we just executing plain query or sql file? (eg. non import, but query box/window run)
17 if (!empty($sql_query)) {
18 // run SQL query
19 $import_text = $sql_query;
20 $import_type = 'query';
21 $format = 'sql';
23 // refresh left frame on changes in table or db structure
24 if (preg_match('/^(CREATE|ALTER|DROP)\s+(VIEW|TABLE|DATABASE|SCHEMA)\s+/i', $sql_query)) {
25 $GLOBALS['reload'] = true;
28 unset($sql_query);
29 } elseif (!empty($sql_localfile)) {
30 // run SQL file on server
31 $local_import_file = $sql_localfile;
32 $import_type = 'queryfile';
33 $format = 'sql';
34 unset($sql_localfile);
35 } elseif (!empty($sql_file)) {
36 // run uploaded SQL file
37 $import_file = $sql_file;
38 $import_type = 'queryfile';
39 $format = 'sql';
40 unset($sql_file);
41 } elseif (!empty($id_bookmark)) {
42 // run bookmark
43 $import_type = 'query';
44 $format = 'sql';
47 // If we didn't get any parameters, either user called this directly, or
48 // upload limit has been reached, let's assume the second possibility.
49 if ($_POST == array() && $_GET == array()) {
50 require_once('./libraries/header.inc.php');
51 $show_error_header = TRUE;
52 PMA_showMessage(sprintf($strUploadLimit, '[a@./Documentation.html#faq1_16@_blank]', '[/a]'));
53 require('./libraries/footer.inc.php');
56 // Check needed parameters
57 PMA_checkParameters(array('import_type', 'format'));
59 // We don't want anything special in format
60 $format = PMA_securePath($format);
62 // Import functions
63 require_once('./libraries/import.lib.php');
65 // Create error and goto url
66 if ($import_type == 'table') {
67 $err_url = 'tbl_import.php?' . PMA_generate_common_url($db, $table);
68 $goto = 'tbl_import.php';
69 } elseif ($import_type == 'database') {
70 $err_url = 'db_import.php?' . PMA_generate_common_url($db);
71 $goto = 'db_import.php';
72 } elseif ($import_type == 'server') {
73 $err_url = 'server_import.php?' . PMA_generate_common_url();
74 $goto = 'server_import.php';
75 } else {
76 if (empty($goto) || !preg_match('@^(server|db|tbl)(_[a-z]*)*\.php$@i', $goto)) {
77 if (isset($table) && isset($db)) {
78 $goto = 'tbl_properties_structure.php';
79 } elseif (isset($db)) {
80 $goto = 'db_details_structure.php';
81 } else {
82 $goto = 'server_sql.php';
85 if (isset($table) && isset($db)) {
86 $common = PMA_generate_common_url($db, $table);
87 } elseif (isset($db)) {
88 $common = PMA_generate_common_url($db);
89 } else {
90 $common = PMA_generate_common_url();
92 $err_url = $goto
93 . '?' . $common
94 . (preg_match('@^tbl_properties(_[a-z]*)?\.php$@', $goto) ? '&amp;table=' . urlencode($table) : '');
98 if (isset($db)) {
99 PMA_DBI_select_db($db);
102 @set_time_limit($cfg['ExecTimeLimit']);
103 if (!empty($cfg['MemoryLimit'])) {
104 @ini_set('memory_limit', $cfg['MemoryLimit']);
107 $timestamp = time();
108 if (isset($allow_interrupt)) {
109 $maximum_time = ini_get('max_execution_time');
110 } else {
111 $maximum_time = 0;
114 // set default values
115 $timeout_passed = FALSE;
116 $error = FALSE;
117 $read_multiply = 1;
118 $finished = FALSE;
119 $offset = 0;
120 $max_sql_len = 0;
121 $file_to_unlink = '';
122 $sql_query = '';
123 $sql_query_disabled = FALSE;
124 $go_sql = FALSE;
125 $executed_queries = 0;
126 $run_query = TRUE;
127 $charset_conversion = FALSE;
128 $reset_charset = FALSE;
129 $bookmark_created = FALSE;
131 // Bookmark Support: get a query back from bookmark if required
132 if (!empty($id_bookmark)) {
133 require_once('./libraries/bookmark.lib.php');
134 switch ($action_bookmark) {
135 case 0: // bookmarked query that have to be run
136 $import_text = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark, 'id', isset($action_bookmark_all));
137 if (isset($bookmark_variable) && !empty($bookmark_variable)) {
138 $import_text = preg_replace('|/\*(.*)\[VARIABLE\](.*)\*/|imsU', '${1}' . PMA_sqlAddslashes($bookmark_variable) . '${2}', $import_text);
141 // refresh left frame on changes in table or db structure
142 if (preg_match('/^(CREATE|ALTER|DROP)\s+(VIEW|TABLE|DATABASE|SCHEMA)\s+/i', $import_text)) {
143 $GLOBALS['reload'] = true;
146 break;
147 case 1: // bookmarked query that have to be displayed
148 $import_text = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
149 $run_query = FALSE;
150 break;
151 case 2: // bookmarked query that have to be deleted
152 $import_text = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
153 PMA_deleteBookmarks($db, $cfg['Bookmark'], $id_bookmark);
154 $run_query = FALSE;
155 $error = TRUE; // this is kind of hack to skip processing the query
156 break;
158 } // end bookmarks reading
160 // Store the query as a bookmark before executing it if bookmarklabel was given
161 if (!empty($bkm_label) && !empty($import_text)) {
162 require_once('./libraries/bookmark.lib.php');
163 $bfields = array(
164 'dbase' => $db,
165 'user' => $cfg['Bookmark']['user'],
166 'query' => urlencode($import_text),
167 'label' => $bkm_label
170 // Should we replace bookmark?
171 if (isset($bkm_replace)) {
172 $bookmarks = PMA_listBookmarks($db, $cfg['Bookmark']);
173 foreach ($bookmarks as $key => $val) {
174 if ($val == $bkm_label) {
175 PMA_deleteBookmarks($db, $cfg['Bookmark'], $key);
180 PMA_addBookmarks($bfields, $cfg['Bookmark'], isset($bkm_all_users));
182 $bookmark_created = TRUE;
183 } // end store bookmarks
185 // We can not read all at once, otherwise we can run out of memory
186 $memory_limit = trim(@ini_get('memory_limit'));
187 // 2 MB as default
188 if (empty($memory_limit)) {
189 $memory_limit = 2 * 1024 * 1024;
191 // In case no memory limit we work on 10MB chunks
192 if ($memory_limit = -1) {
193 $memory_limit = 10 * 1024 * 1024;
196 // Calculate value of the limit
197 if (strtolower(substr($memory_limit, -1)) == 'm') {
198 $memory_limit = (int)substr($memory_limit, 0, -1) * 1024 * 1024;
199 } elseif (strtolower(substr($memory_limit, -1)) == 'k') {
200 $memory_limit = (int)substr($memory_limit, 0, -1) * 1024;
201 } elseif (strtolower(substr($memory_limit, -1)) == 'g') {
202 $memory_limit = (int)substr($memory_limit, 0, -1) * 1024 * 1024 * 1024;
203 } else {
204 $memory_limit = (int)$memory_limit;
207 $read_limit = $memory_limit / 4; // Just to be sure, there might be lot of memory needed for uncompression
209 // handle filenames
210 if (!empty($local_import_file) && !empty($cfg['UploadDir'])) {
212 // sanitize $local_import_file as it comes from a POST
213 $local_import_file = PMA_securePath($local_import_file);
215 $import_file = PMA_userDir($cfg['UploadDir']) . $local_import_file;
216 } elseif (empty($import_file) || !is_uploaded_file($import_file)) {
217 $import_file = 'none';
220 // Do we have file to import?
221 if ($import_file != 'none' && !$error) {
222 // work around open_basedir and other limitations
223 $open_basedir = @ini_get('open_basedir');
225 // If we are on a server with open_basedir, we must move the file
226 // before opening it. The doc explains how to create the "./tmp"
227 // directory
229 if (!empty($open_basedir)) {
231 $tmp_subdir = (PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/');
233 // function is_writeable() is valid on PHP3 and 4
234 if (is_writeable($tmp_subdir)) {
235 $import_file_new = $tmp_subdir . basename($import_file);
236 if (move_uploaded_file($import_file, $import_file_new)) {
237 $import_file = $import_file_new;
238 $file_to_unlink = $import_file_new;
243 // Handle file compression
244 $compression = PMA_detectCompression($import_file);
245 if ($compression === FALSE) {
246 $message = $strFileCouldNotBeRead;
247 $show_error_header = TRUE;
248 $error = TRUE;
249 } else {
250 switch ($compression) {
251 case 'application/bzip2':
252 if ($cfg['BZipDump'] && @function_exists('bzopen')) {
253 $import_handle = @bzopen($import_file, 'r');
254 } else {
255 $message = sprintf($strUnsupportedCompressionDetected, $compression);
256 $show_error_header = TRUE;
257 $error = TRUE;
259 break;
260 case 'application/gzip':
261 if ($cfg['GZipDump'] && @function_exists('gzopen')) {
262 $import_handle = @gzopen($import_file, 'r');
263 } else {
264 $message = sprintf($strUnsupportedCompressionDetected, $compression);
265 $show_error_header = TRUE;
266 $error = TRUE;
268 break;
269 case 'application/zip':
270 if ($cfg['GZipDump'] && @function_exists('gzinflate')) {
271 include_once('./libraries/unzip.lib.php');
272 $import_handle = new SimpleUnzip();
273 $import_handle->ReadFile($import_file);
274 if ($import_handle->Count() == 0) {
275 $message = $strNoFilesFoundInZip;
276 $show_error_header = TRUE;
277 $error = TRUE;
278 } elseif ($import_handle->GetError(0) != 0) {
279 $message = $strErrorInZipFile . ' ' . $import_handle->GetErrorMsg(0);
280 $show_error_header = TRUE;
281 $error = TRUE;
282 } else {
283 $import_text = $import_handle->GetData(0);
285 // We don't need to store it further
286 $import_handle = '';
287 } else {
288 $message = sprintf($strUnsupportedCompressionDetected, $compression);
289 $show_error_header = TRUE;
290 $error = TRUE;
292 break;
293 case 'none':
294 $import_handle = @fopen($import_file, 'r');
295 break;
296 default:
297 $message = sprintf($strUnsupportedCompressionDetected, $compression);
298 $show_error_header = TRUE;
299 $error = TRUE;
300 break;
303 if (!$error && $import_handle === FALSE) {
304 $message = $strFileCouldNotBeRead;
305 $show_error_header = TRUE;
306 $error = TRUE;
308 } elseif (!$error) {
309 if (!isset($import_text) || empty($import_text)) {
310 $message = $strNothingToImport;
311 $show_error_header = TRUE;
312 $error = TRUE;
316 // Convert the file's charset if necessary
317 if ($cfg['AllowAnywhereRecoding'] && $allow_recoding
318 && isset($charset_of_file)) {
319 if ($charset_of_file != $charset) {
320 $charset_conversion = TRUE;
322 } elseif (PMA_MYSQL_INT_VERSION >= 40100
323 && isset($charset_of_file) && $charset_of_file != 'utf8') {
324 PMA_DBI_query('SET NAMES \'' . $charset_of_file . '\'');
325 // We can not show query in this case, it is in different charset
326 $sql_query_disabled = TRUE;
327 $reset_charset = TRUE;
330 // Something to skip?
331 if (!$error && isset($skip)) {
332 $original_skip = $skip;
333 while ($skip > 0) {
334 PMA_importGetNextChunk($skip < $read_limit ? $skip : $read_limit);
335 $read_multiply = 1; // Disable read progresivity, otherwise we eat all memory!
336 $skip -= $read_limit;
338 unset($skip);
341 if (!$error) {
342 // Check for file existance
343 if (!file_exists('./libraries/import/' . $format . '.php')) {
344 $error = TRUE;
345 $message = $strCanNotLoadImportPlugins;
346 $show_error_header = TRUE;
347 } else {
348 // Do the real import
349 $plugin_param = $import_type;
350 require('./libraries/import/' . $format . '.php');
354 // Cleanup temporary file
355 if ($file_to_unlink != '') {
356 unlink($file_to_unlink);
359 // Reset charset back, if we did some changes
360 if ($reset_charset) {
361 PMA_DBI_query('SET CHARACTER SET utf8');
362 PMA_DBI_query('SET SESSION collation_connection =\'' . $collation_connection . '\'');
365 // Show correct message
366 if (!empty($id_bookmark) && $action_bookmark == 2) {
367 $message = $strBookmarkDeleted;
368 $display_query = $import_text;
369 $error = FALSE; // unset error marker, it was used just to skip processing
370 } elseif (!empty($id_bookmark) && $action_bookmark == 1) {
371 $message = $strShowingBookmark;
372 } elseif ($bookmark_created) {
373 $special_message = '[br]' . sprintf($strBookmarkCreated, htmlspecialchars($bkm_label));
374 } elseif ($finished && !$error) {
375 if ($import_type == 'query') {
376 $message = $strSuccess;
377 } else {
378 $message = sprintf($strImportSuccessfullyFinished, $executed_queries);
382 // Did we hit timeout? Tell it user.
383 if ($timeout_passed) {
384 $message = $strTimeoutPassed;
385 if ($offset == 0 || (isset($original_skip) && $original_skip == $offset)) {
386 $message .= ' ' . $strTimeoutNothingParsed;
390 // Display back import page
391 require_once('./libraries/header.inc.php');
393 // There was an error?
394 if (isset($my_die)) {
395 foreach ($my_die AS $key => $die) {
396 PMA_mysqlDie($die['error'], $die['sql'], '', $err_url, $error);
397 echo '<hr />';
401 if ($go_sql) {
402 if (isset($_GET['pos'])) {
403 // comes from the Refresh link
404 $pos = $_GET['pos'];
405 } else {
406 // Set pos to zero to possibly append limit
407 $pos = 0;
409 require('./sql.php');
410 } else {
411 $active_page = $goto;
412 require('./' . $goto);
414 exit();