mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-18 04:11:27 +02:00
Code Issues Releases Wiki Activity

Comments

Browse Source 
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@729 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana
2009-06-21 23:20:32 +00:00
parent 5d311ef2d9
commit 64ba92421b
29 changed files with 153 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
adminer/include/auth.inc.php
View File

@@ -6,10 +6,10 @@ if (ini_get("session.use_trans_sid") && isset($_POST[$session_name])) {
}
if (isset($_POST["server"])) {
if (isset($_COOKIE[$session_name]) || isset($_POST[$session_name])) {
session_regenerate_id();
session_regenerate_id(); // defense against session fixation
$_SESSION["usernames"][$_POST["server"]] = $_POST["username"];
$_SESSION["passwords"][$_POST["server"]] = $_POST["password"];
$_SESSION["tokens"][$_POST["server"]] = rand(1, 1e6);
$_SESSION["tokens"][$_POST["server"]] = rand(1, 1e6); // defense against cross-site request forgery
if (count($_POST) == count($ignore)) {
$location = ((string) $_GET["server"] === $_POST["server"] ? remove_from_uri() : preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . (strlen($_POST["server"]) ? '?server=' . urlencode($_POST["server"]) : ''));
if (!isset($_COOKIE[$session_name])) {
@@ -66,7 +66,7 @@ function auth_error($exception = null) {
$username = &$_SESSION["usernames"][$_GET["server"]];
if (!isset($username)) {
$username = $_GET["username"];
$username = $_GET["username"]; // default username can be passed in URL
}
$dbh = (isset($username) ? connect() : '');
unset($username);

2
adminer/include/connect.inc.php
View File

@@ -20,7 +20,7 @@ if (!(strlen($_GET["db"]) ? $dbh->select_db($_GET["db"]) : isset($_GET["sql"]) |
if (strlen($_GET["db"])) {
unset($_SESSION["databases"][$_GET["server"]]);
}
connect_error();
connect_error(); // separate function to catch SQLite error
exit;
}
$dbh->query("SET CHARACTER SET utf8");

3
adminer/include/design.inc.php
View File

@@ -47,6 +47,7 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
$databases = null;
}
if (isset($databases) && !isset($_GET["sql"]) && !isset($_SESSION["coverage"])) {
// improves concurrency if a user opens several pages at once
session_write_close();
}
if ($error) {
@@ -55,7 +56,7 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
}
function page_footer($missing = false) {
global $SELF, $dbh, $VERSION;
global $SELF, $VERSION, $dbh;
?>
</div>

4
adminer/include/editing.inc.php
View File

@@ -26,6 +26,7 @@ function input($name, $field, $value, $separator = "</td><td>") { //! pass empty
$options = (preg_match('~char~', $field["type"]) ? array("", "md5", "sha1", "password", "uuid") : array("", "now"));
}
if (!isset($_GET["call"]) && (isset($_GET["select"]) || where($_GET))) {
// relative functions
if (preg_match('~int|float|double|decimal~', $field["type"])) {
$options = array("", "+", "-");
}
@@ -55,6 +56,7 @@ function input($name, $field, $value, $separator = "</td><td>") { //! pass empty
} elseif (preg_match('~binary|blob~', $field["type"])) {
echo (ini_get("file_uploads") ? '<input type="file" name="' . $name . '"' . $onchange . ' />' : lang('File uploads are disabled.') . ' ');
} else {
// int(3) is only a display hint
$maxlength = (!ereg('int', $field["type"]) && preg_match('~^([0-9]+)(,([0-9]+))?$~', $field["length"], $match) ? ($match[1] + ($match[3] ? 1 : 0) + ($match[2] && !$field["unsigned"] ? 1 : 0)) : ($types[$field["type"]] ? $types[$field["type"]] + ($field["unsigned"] ? 0 : 1) : 0));
echo '<input name="fields[' . $name . ']" value="' . htmlspecialchars($value) . '"' . ($maxlength ? " maxlength='$maxlength'" : "") . $onchange . ' />';
}
@@ -87,7 +89,7 @@ function process_input($name, $field) {
} elseif (preg_match('~^[+-]$~', $function)) {
return idf_escape($name) . " $function '" . $dbh->escape_string($value) . "'";
} elseif (preg_match('~^[+-] interval$~', $function)) {
return idf_escape($name) . " $function " . (preg_match("~^([0-9]+|'[0-9.: -]') [A-Z_]+$~i", $value) ? $value : "'" . $dbh->escape_string($value) . "'") . "";
return idf_escape($name) . " $function " . (preg_match("~^([0-9]+|'[0-9.: -]') [A-Z_]+$~i", $value) ? $value : "'" . $dbh->escape_string($value) . "'");
} elseif (preg_match('~^(addtime|subtime)$~', $function)) {
return "$function(" . idf_escape($name) . ", '" . $dbh->escape_string($value) . "')";
} elseif (preg_match('~^(md5|sha1|password)$~', $function)) {

7
adminer/include/export.inc.php
View File

@@ -11,7 +11,7 @@ function dump_csv($row) {
function dump_table($table, $style, $is_view = false) {
global $dbh;
if ($_POST["format"] == "csv") {
echo "\xef\xbb\xbf";
echo "\xef\xbb\xbf"; // UTF-8 byte order mark
if ($style) {
dump_csv(array_keys(fields($table)));
}
@@ -26,6 +26,7 @@ function dump_table($table, $style, $is_view = false) {
echo ($style != "CREATE+ALTER" ? $create : ($is_view ? substr_replace($create, " OR REPLACE", 6, 0) : substr_replace($create, " IF NOT EXISTS", 12, 0))) . ";\n\n";
}
if ($style == "CREATE+ALTER" && !$is_view) {
// create procedure which iterates over original columns and adds new and removes old
$query = "SELECT COLUMN_NAME, COLUMN_DEFAULT, IS_NULLABLE, COLLATION_NAME, COLUMN_TYPE, EXTRA, COLUMN_COMMENT FROM information_schema.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = '" . $dbh->escape_string($table) . "' ORDER BY ORDINAL_POSITION";
?>
DELIMITER ;;
@@ -131,7 +132,7 @@ function dump_data($table, $style, $select = "") {
} else {
$s = "\n(" . implode(", ", $row2) . ")";
if (!$length) {
echo $insert, $s;
echo $insert, $s; // comma used to save memory
$length = strlen($insert) + strlen($s);
} else {
$length += 2 + strlen($s);
@@ -155,7 +156,7 @@ function dump_data($table, $style, $select = "") {
function dump_headers($identifier, $multi_table = false) {
$filename = (strlen($identifier) ? friendly_url($identifier) : "dump");
$ext = ($_POST["format"] == "sql" ? "sql" : ($multi_table ? "tar" : "csv"));
$ext = ($_POST["format"] == "sql" ? "sql" : ($multi_table ? "tar" : "csv")); // multiple CSV packed to TAR
header("Content-Type: " . ($ext == "tar" ? "application/x-tar" : ($ext == "sql" || $_POST["output"] != "file" ? "text/plain" : "text/csv")) . "; charset=utf-8");
if ($_POST["output"] == "file") {
header("Content-Disposition: attachment; filename=$filename.$ext");

24
adminer/include/functions.inc.php
View File

@@ -8,6 +8,7 @@ function idf_unescape($idf) {
}
function bracket_escape($idf, $back = false) {
// escape brackets inside name="x[]"
static $trans = array(':' => ':1', ']' => ':2', '[' => ':3');
return strtr($idf, ($back ? array_flip($trans) : $trans));
}
@@ -46,7 +47,7 @@ function unique_idf($row, $indexes) {
if ($index["type"] == "PRIMARY" || $index["type"] == "UNIQUE") {
$return = array();
foreach ($index["columns"] as $key) {
if (!isset($row[$key])) {
if (!isset($row[$key])) { // NULL is ambiguous
continue 2;
}
$return[] = urlencode("where[" . bracket_escape($key) . "]") . "=" . urlencode($row[$key]);
@@ -90,6 +91,7 @@ function redirect($location, $message = null) {
$_SESSION["messages"][] = $message;
}
if (strlen(SID)) {
// append SID if session cookies are disabled
$location .= (strpos($location, "?") === false ? "?" : "&") . SID;
}
header("Location: " . (strlen($location) ? $location : "."));
@@ -121,6 +123,7 @@ function queries($query = null) {
global $dbh;
static $queries = array();
if (!isset($query)) {
// return executed queries without parameter
return implode(";\n", $queries);
}
$queries[] = $query;
@@ -137,7 +140,9 @@ function print_page($page) {
}
function get_file($key) {
// returns int for error, string otherwise
if (isset($_POST["files"][$key])) {
// get the file from hidden field if the user was logged out
$length = strlen($_POST["files"][$key]);
return ($length && $length < 4 ? intval($_POST["files"][$key]) : base64_decode($_POST["files"][$key]));
}
@@ -158,12 +163,12 @@ function select($result, $dbh2 = null) {
echo "<p class='message'>" . lang('No rows.') . "</p>\n";
} else {
echo "<table cellspacing='0' class='nowrap'>\n";
$links = array();
$indexes = array();
$columns = array();
$blobs = array();
$types = array();
odd('');
$links = array(); // colno => orgtable - create links from these columns
$indexes = array(); // orgtable => array(column => colno) - primary keys
$columns = array(); // orgtable => array(column => ) - not selected columns in primary key
$blobs = array(); // colno => bool - display bytes for blobs
$types = array(); // colno => type - display char in <code>
odd(''); // reset odd for each result
for ($i=0; $row = $result->fetch_row(); $i++) {
if (!$i) {
echo "<thead><tr>";
@@ -171,6 +176,7 @@ function select($result, $dbh2 = null) {
$field = $result->fetch_field();
if (strlen($field->orgtable)) {
if (!isset($indexes[$field->orgtable])) {
// find primary key in each table
$indexes[$field->orgtable] = array();
foreach (indexes($field->orgtable, $dbh2) as $index) {
if ($index["type"] == "PRIMARY") {
@@ -202,7 +208,7 @@ function select($result, $dbh2 = null) {
if ($blobs[$key] && !is_utf8($val)) {
$val = "<i>" . lang('%d byte(s)', strlen($val)) . "</i>"; //! link to download
} elseif (!strlen(trim($val))) {
$val = "&nbsp;";
$val = "&nbsp;"; // some content to print a border
} else {
$val = nl2br(htmlspecialchars($val));
if ($types[$key] == 254) {
@@ -227,6 +233,7 @@ function select($result, $dbh2 = null) {
}
function is_utf8($val) {
// don't print control chars except \t\r\n
return (preg_match('~~u', $val) && !preg_match('~[\\0-\\x8\\xB\\xC\\xE-\\x1F]~', $val));
}
@@ -236,6 +243,7 @@ function shorten_utf8($string, $length = 80, $suffix = "") {
}
function friendly_url($val) {
// used for blobs and export
return preg_replace('~[^a-z0-9_]~i', '-', $val);
}

6
adminer/include/lang.inc.php
View File

@@ -1,4 +1,6 @@
<?php
// not used in single language version
$langs = array(
'en' => 'English', // Jakub Vrána - http://php.vrana.cz
'cs' => 'Čeština', // Jakub Vrána - http://php.vrana.cz
@@ -17,7 +19,7 @@ function lang($idf, $number = null) {
global $LANG, $translations;
$translation = $translations[$idf];
if (is_array($translation) && $translation) {
$pos = ($number == 1 ? 0 : ((!$number || $number >= 5) && ereg('cs|sk|ru', $LANG) ? 2 : 1));
$pos = ($number == 1 ? 0 : ((!$number || $number >= 5) && ereg('cs|sk|ru', $LANG) ? 2 : 1)); // Slavic languages use different form for 2, 3, 4
$translation = $translation[$pos];
}
$args = func_get_args();
@@ -38,7 +40,7 @@ function switch_lang() {
if (isset($_GET["lang"])) {
$_COOKIE["lang"] = $_GET["lang"];
$_SESSION["lang"] = $_GET["lang"];
$_SESSION["lang"] = $_GET["lang"]; // cookies may be disabled
}
$LANG = "en";

12
adminer/include/mysql.inc.php
View File

@@ -1,4 +1,5 @@
<?php
// MySQLi supports everything, MySQL doesn't support multiple result sets, PDO_MySQL doesn't support orgtable
if (extension_loaded("mysqli")) {
class Min_DB extends MySQLi {
var $extension = "MySQLi";
@@ -8,7 +9,7 @@ if (extension_loaded("mysqli")) {
}
function connect($server, $username, $password) {
list($host, $port) = explode(":", $server, 2);
list($host, $port) = explode(":", $server, 2); // part after : is used for port or socket
return @$this->real_connect(
(strlen($server) ? $host : ini_get("mysqli.default_host")),
(strlen("$server$username") ? $username : ini_get("mysqli.default_user")),
@@ -33,6 +34,7 @@ if (extension_loaded("mysqli")) {
}
function query($query) {
// result is packed in envelope object to allow minification
$result = parent::query($query);
return (is_object($result) ? new Min_Result($result) : $result);
}
@@ -126,6 +128,7 @@ if (extension_loaded("mysqli")) {
}
function next_result() {
// MySQL extension doesn't support multiple results
return false;
}
@@ -187,6 +190,7 @@ if (extension_loaded("mysqli")) {
exit;
}
// value means maximum unsigned length
$types = array(
"tinyint" => 3, "smallint" => 5, "mediumint" => 8, "int" => 10, "bigint" => 20,
"float" => 12, "double" => 21, "decimal" => 66,
@@ -205,6 +209,7 @@ function connect() {
}
function get_databases() {
// SHOW DATABASES can take very long so it is cached
$return = &$_SESSION["databases"][$_GET["server"]];
if (!isset($return)) {
flush();
@@ -216,7 +221,7 @@ function get_databases() {
function table_status($table) {
global $dbh;
$result = $dbh->query("SHOW TABLE STATUS LIKE '" . $dbh->escape_string(addcslashes($table, "%_")) . "'");
$return = $result->fetch_assoc();
$return = $result->fetch_assoc(); // ()-> is not supported in PHP 4
$result->free();
return $return;
}
@@ -250,7 +255,7 @@ function fields($table) {
function indexes($table, $dbh2 = null) {
global $dbh;
if (!is_object($dbh2)) {
if (!is_object($dbh2)) { // use the main connection if the separate connection is unavailable
$dbh2 = $dbh;
}
$return = array();
@@ -313,6 +318,7 @@ function collations() {
function table_comment(&$row) {
if ($row["Engine"] == "InnoDB") {
// ignore internal comment, unnecessary since MySQL 5.1.21
$row["Comment"] = preg_replace('~(?:(.+); )?InnoDB free: .*~', '\\1', $row["Comment"]);
}
}

4
adminer/include/pdo.inc.php
View File

@@ -1,4 +1,5 @@
<?php
// PDO can be used in several database drivers
if (extension_loaded('pdo')) {
class Min_PDO extends PDO {
var $_result, $server_info, $affected_rows, $error;
@@ -14,6 +15,7 @@ if (extension_loaded('pdo')) {
}
function select_db($database) {
// database selection is separated from the connection so dbname in DSN can't be used
return $this->query("USE " . idf_escape($database));
}
@@ -29,7 +31,7 @@ if (extension_loaded('pdo')) {
$this->affected_rows = $result->rowCount();
return true;
}
$result->num_rows = $result->rowCount();
$result->num_rows = $result->rowCount(); // is not guaranteed to work with all drivers
return $result;
}