forked from phpmyadmin/phpmyadmin
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtransformations.lib.php
210 lines (181 loc) · 7.87 KB
/
transformations.lib.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
<?php
/* $Id$ */
// vim: expandtab sw=4 ts=4 sts=4:
/**
* Set of functions used with the relation and pdf feature
*/
function PMA_transformation_getOptions($string) {
$transform_options = array();
if ($string != '') {
if ($string{0} == "'" && $string{strlen($string)-1} == "'") {
$transform_options = explode('\',\'', substr($string, 1, strlen($string)-2));
} else {
$transform_options = array(0 => $string);
}
}
// strip possible slashes to behave like documentation says
$result = array();
foreach($transform_options as $val) {
$result[] = stripslashes($val);
}
return $result;
}
/**
* Gets all available MIME-types
*
* @return array array[mimetype], array[transformation]
*
* @access public
*
* @author Garvin Hicking <me@supergarv.de>
*/
function PMA_getAvailableMIMEtypes() {
$handle = opendir('./libraries/transformations');
$stack = array();
$filestack = array();
while (($file = readdir($handle)) != false) {
$filestack[$file] = $file;
}
closedir($handle);
if (is_array($filestack)) {
@ksort($filestack);
foreach ($filestack AS $key => $file) {
if (preg_match('|^.*__.*\.inc\.php(3?)$|', trim($file), $match)) {
// File contains transformation functions.
$base = explode('__', str_replace('.inc.php' . $match[1], '', $file));
$mimetype = str_replace('_', '/', $base[0]);
$stack['mimetype'][$mimetype] = $mimetype;
$stack['transformation'][] = $mimetype . ': ' . $base[1];
$stack['transformation_file'][] = $file;
} else if (preg_match('|^.*\.inc\.php(3?)$|', trim($file), $match)) {
// File is a plain mimetype, no functions.
$base = str_replace('.inc.php' . $match[1], '', $file);
if ($base != 'global') {
$mimetype = str_replace('_', '/', $base);
$stack['mimetype'][$mimetype] = $mimetype;
$stack['empty_mimetype'][$mimetype] = $mimetype;
}
}
}
}
return $stack;
}
/**
* Gets the mimetypes for all rows of a table
*
* @param string the name of the db to check for
* @param string the name of the table to check for
* @param string whether to include only results having a mimetype set
*
* @return array [field_name][field_key] = field_value
*
* @global array the list of relations settings
*
* @access public
*
* @author Mike Beck <mikebeck@users.sourceforge.net> / Garvin Hicking <me@supergarv.de>
*/
function PMA_getMIME($db, $table, $strict = false) {
global $cfgRelation;
$com_qry = 'SELECT column_name, mimetype, transformation, transformation_options FROM ' . PMA_backquote($cfgRelation['column_info'])
. ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
. ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\''
. ' AND (mimetype != \'\'' . (!$strict ? ' OR transformation != \'\' OR transformation_options != \'\'' : '') . ')';
$com_rs = PMA_query_as_cu($com_qry);
while ($row = @PMA_DBI_fetch_assoc($com_rs)) {
$col = $row['column_name'];
$mime[$col]['mimetype'] = $row['mimetype'];
$mime[$col]['transformation'] = $row['transformation'];
$mime[$col]['transformation_options'] = $row['transformation_options'];
} // end while
PMA_DBI_free_result($com_rs);
unset($com_rs);
if (isset($mime) && is_array($mime)) {
return $mime;
} else {
return FALSE;
}
} // end of the 'PMA_getMIME()' function
/**
* Set a single mimetype to a certain value.
*
* @param string the name of the db
* @param string the name of the table
* @param string the name of the column
* @param string the mimetype of the column
* @param string the transformation of the column
* @param string the transformation options of the column
* @param string (optional) force delete, will erase any existing comments for this column
*
* @return boolean true, if comment-query was made.
*
* @global array the list of relations settings
*
* @access public
*/
function PMA_setMIME($db, $table, $key, $mimetype, $transformation, $transformation_options, $forcedelete = false) {
global $cfgRelation;
$test_qry = 'SELECT mimetype, ' . PMA_backquote('comment') . ' FROM ' . PMA_backquote($cfgRelation['column_info'])
. ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
. ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\''
. ' AND column_name = \'' . PMA_sqlAddslashes($key) . '\'';
$test_rs = PMA_query_as_cu($test_qry, TRUE, PMA_DBI_QUERY_STORE);
if ($test_rs && PMA_DBI_num_rows($test_rs) > 0) {
$row = @PMA_DBI_fetch_assoc($test_rs);
PMA_DBI_free_result($test_rs);
unset($test_rs);
if (!$forcedelete && (strlen($mimetype) > 0 || strlen($transformation) > 0 || strlen($transformation_options) > 0 || strlen($row['comment']) > 0)) {
$upd_query = 'UPDATE ' . PMA_backquote($cfgRelation['column_info'])
. ' SET mimetype = \'' . PMA_sqlAddslashes($mimetype) . '\','
. ' transformation = \'' . PMA_sqlAddslashes($transformation) . '\','
. ' transformation_options = \'' . PMA_sqlAddslashes($transformation_options) . '\''
. ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
. ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\''
. ' AND column_name = \'' . PMA_sqlAddslashes($key) . '\'';
} else {
$upd_query = 'DELETE FROM ' . PMA_backquote($cfgRelation['column_info'])
. ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\''
. ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\''
. ' AND column_name = \'' . PMA_sqlAddslashes($key) . '\'';
}
} else if (strlen($mimetype) > 0 || strlen($transformation) > 0 || strlen($transformation_options) > 0) {
$upd_query = 'INSERT INTO ' . PMA_backquote($cfgRelation['column_info'])
. ' (db_name, table_name, column_name, mimetype, transformation, transformation_options) '
. ' VALUES('
. '\'' . PMA_sqlAddslashes($db) . '\','
. '\'' . PMA_sqlAddslashes($table) . '\','
. '\'' . PMA_sqlAddslashes($key) . '\','
. '\'' . PMA_sqlAddslashes($mimetype) . '\','
. '\'' . PMA_sqlAddslashes($transformation) . '\','
. '\'' . PMA_sqlAddslashes($transformation_options) . '\')';
}
if (isset($upd_query)){
$upd_rs = PMA_query_as_cu($upd_query);
PMA_DBI_free_result($upd_rs);
unset($upd_rs);
return true;
} else {
return false;
}
} // end of 'PMA_setMIME()' function
/**
* Returns the real filename of a configured transformation
*
* @param string the current filename
*
* @return string the new filename
*
* @access public
*/
function PMA_sanitizeTransformationFile(&$filename) {
// garvin: for security, never allow to break out from transformations directory
$include_file = PMA_securePath($filename);
// This value can also contain a 'php3' value, in which case we map this filename to our new 'php' variant
$testfile = preg_replace('@\.inc\.php3$@', '.inc.php', $include_file);
if ($include_file{strlen($include_file)-1} == '3' && file_exists('./libraries/transformations/' . $testfile)) {
$include_file = $testfile;
$filename = $testfile; // Corrects the referenced variable for further actions on the filename;
}
return $include_file;
} // end of 'PMA_sanitizeTransformationFile()' function
?>