mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-24 07:02:51 +02:00
Code Issues Releases Wiki Activity

Merge from master

Browse Source
This commit is contained in:
Jakub Vrana
2010-11-12 17:31:18 +01:00
parent d8c7ea9837 af0cacba90
commit 9802869d0a
56 changed files with 1452 additions and 719 deletions
Download Patch File Download Diff File Expand all files Collapse all files

240
adminer/include/adminer.inc.php
View File

@@ -36,7 +36,8 @@ class Adminer {
* @return null
*/
function headers() {
header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox NoScript plugin
header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox 3.6.9
header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
}
/** Print login form
@@ -107,6 +108,14 @@ document.getElementById('username').focus();
echo "\n";
}
/** Get foreign keys for table
* @param string
* @return array same format as foreign_keys()
*/
function foreignKeys($table) {
return foreign_keys($table);
}
/** Find backward keys for table
* @param string
* @param string
@@ -130,7 +139,7 @@ document.getElementById('username').focus();
*/
function selectQuery($query) {
global $jush;
return "<p><a href='" . h(remove_from_uri("page")) . "&amp;page=last' title='" . lang('Page') . ": " . lang('last') . "' onclick='return !ajaxMain(this.href, undefined, event);'>&gt;&gt;</a> <code class='jush-$jush'>" . h(str_replace("\n", " ", $query)) . "</code> <a href='" . h(ME) . "sql=" . urlencode($query) . "'>" . lang('Edit') . "</a>\n";
return "<p><a href='" . h(remove_from_uri("page")) . "&amp;page=last' title='" . lang('Last page') . "' onclick='return !ajaxMain(this.href, undefined, event);'>&gt;&gt;</a> <code class='jush-$jush'>" . h(str_replace("\n", " ", $query)) . "</code> <a href='" . h(ME) . "sql=" . urlencode($query) . "'>" . lang('Edit') . "</a>\n";
}
/** Description of a row in a table
@@ -157,7 +166,7 @@ document.getElementById('username').focus();
* @return string
*/
function selectVal($val, $link, $field) {
$return = ($val != "<i>NULL</i>" && ereg("^char|binary", $field["type"]) ? "<code>$val</code>" : $val);
$return = ($val != "<i>NULL</i>" && ereg("char|binary", $field["type"]) && !ereg("var", $field["type"]) ? "<code>$val</code>" : $val);
if (ereg('blob|bytea|raw|file', $field["type"]) && !is_utf8($val)) {
$return = lang('%d byte(s)', strlen(html_entity_decode($val, ENT_QUOTES)));
}
@@ -429,8 +438,10 @@ document.getElementById('username').focus();
*/
function editInput($table, $field, $attrs, $value) {
if ($field["type"] == "enum") {
return ($field["null"] ? "<label><input type='radio'$attrs value=''" . (isset($value) || isset($_GET["select"]) ? "" : " checked") . "><i>NULL</i></label> " : "")
return (isset($_GET["select"]) ? "<label><input type='radio'$attrs value='-1' checked><i>" . lang('original') . "</i></label> " : "")
. ($field["null"] ? "<label><input type='radio'$attrs value=''" . (isset($value) || isset($_GET["select"]) ? "" : " checked") . "><i>NULL</i></label> " : "")
. "<label><input type='radio'$attrs value='0'" . ($value === 0 ? " checked" : "") . "><i>" . lang('empty') . "</i></label>"
. enum_input("radio", $attrs, $field, $value)
;
}
return "";
@@ -452,7 +463,7 @@ document.getElementById('username').focus();
} elseif (ereg('^([+-]|\\|\\|)$', $function)) {
$return = idf_escape($name) . " $function $return";
} elseif (ereg('^[+-] interval$', $function)) {
$return = idf_escape($name) . " $function " . (preg_match("~^([0-9]+|'[0-9.: -]') [A-Z_]+$~i", $value) ? $value : $return);
$return = idf_escape($name) . " $function " . (preg_match("~^(\\d+|'[0-9.: -]') [A-Z_]+$~i", $value) ? $value : $return);
} elseif (ereg('^(addtime|subtime|concat)$', $function)) {
$return = "$function(" . idf_escape($name) . ", $return)";
} elseif (ereg('^(md5|sha1|password|encrypt|hex)$', $function)) {
@@ -465,11 +476,9 @@ document.getElementById('username').focus();
}
/** Returns export output options
* @param bool generate select (otherwise radio)
* @param string
* @return string
* @return array
*/
function dumpOutput($select, $value = "") {
function dumpOutput() {
$return = array('text' => lang('open'), 'file' => lang('save'));
if (function_exists('gzencode')) {
$return['gz'] = 'gzip';
@@ -478,16 +487,199 @@ document.getElementById('username').focus();
$return['bz2'] = 'bzip2';
}
// ZipArchive requires temporary file, ZIP can be created by gzcompress - see PEAR File_Archive
return html_select("output", $return, $value, $select);
return $return;
}
/** Returns export format options
* @param bool generate select (otherwise radio)
* @param string
* @return string
* @return array
*/
function dumpFormat($select, $value = "") {
return html_select("format", array('sql' => 'SQL', 'csv' => 'CSV,', 'csv;' => 'CSV;'), $value, $select);
function dumpFormat() {
return array('sql' => 'SQL', 'csv' => 'CSV,', 'csv;' => 'CSV;', 'tsv' => 'TSV');
}
/** Export table structure
* @param string
* @param string
* @param bool
* @return null prints data
*/
function dumpTable($table, $style, $is_view = false) {
if ($_POST["format"] != "sql") {
echo "\xef\xbb\xbf"; // UTF-8 byte order mark
if ($style) {
dump_csv(array_keys(fields($table)));
}
} elseif ($style) {
$create = create_sql($table, $_POST["auto_increment"]);
if ($create) {
if ($style == "DROP+CREATE") {
echo "DROP " . ($is_view ? "VIEW" : "TABLE") . " IF EXISTS " . table($table) . ";\n";
}
if ($is_view) {
// remove DEFINER with current user
$create = preg_replace('~^([A-Z =]+) DEFINER=`' . str_replace("@", "`@`", logged_user()) . '`~', '\\1', $create); //! proper escaping of user
}
echo ($style != "CREATE+ALTER" ? $create : ($is_view ? substr_replace($create, " OR REPLACE", 6, 0) : substr_replace($create, " IF NOT EXISTS", 12, 0))) . ";\n\n";
}
if ($style == "CREATE+ALTER" && !$is_view) {
// create procedure which iterates over original columns and adds new and removes old
$query = "SELECT COLUMN_NAME, COLUMN_DEFAULT, IS_NULLABLE, COLLATION_NAME, COLUMN_TYPE, EXTRA, COLUMN_COMMENT FROM information_schema.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = " . q($table) . " ORDER BY ORDINAL_POSITION";
echo "DELIMITER ;;
CREATE PROCEDURE adminer_alter (INOUT alter_command text) BEGIN
DECLARE _column_name, _collation_name, after varchar(64) DEFAULT '';
DECLARE _column_type, _column_default text;
DECLARE _is_nullable char(3);
DECLARE _extra varchar(30);
DECLARE _column_comment varchar(255);
DECLARE done, set_after bool DEFAULT 0;
DECLARE add_columns text DEFAULT '";
$fields = array();
$after = "";
foreach (get_rows($query) as $row) {
$default = $row["COLUMN_DEFAULT"];
$row["default"] = (isset($default) ? q($default) : "NULL");
$row["after"] = q($after); //! rgt AFTER lft, lft AFTER id doesn't work
$row["alter"] = escape_string(idf_escape($row["COLUMN_NAME"])
. " $row[COLUMN_TYPE]"
. ($row["COLLATION_NAME"] ? " COLLATE $row[COLLATION_NAME]" : "")
. (isset($default) ? " DEFAULT " . ($default == "CURRENT_TIMESTAMP" ? $default : $row["default"]) : "")
. ($row["IS_NULLABLE"] == "YES" ? "" : " NOT NULL")
. ($row["EXTRA"] ? " $row[EXTRA]" : "")
. ($row["COLUMN_COMMENT"] ? " COMMENT " . q($row["COLUMN_COMMENT"]) : "")
. ($after ? " AFTER " . idf_escape($after) : " FIRST")
);
echo ", ADD $row[alter]";
$fields[] = $row;
$after = $row["COLUMN_NAME"];
}
echo "';
DECLARE columns CURSOR FOR $query;
DECLARE CONTINUE HANDLER FOR NOT FOUND SET done = 1;
SET @alter_table = '';
OPEN columns;
REPEAT
FETCH columns INTO _column_name, _column_default, _is_nullable, _collation_name, _column_type, _extra, _column_comment;
IF NOT done THEN
SET set_after = 1;
CASE _column_name";
foreach ($fields as $row) {
echo "
WHEN " . q($row["COLUMN_NAME"]) . " THEN
SET add_columns = REPLACE(add_columns, ', ADD $row[alter]', '');
IF NOT (_column_default <=> $row[default]) OR _is_nullable != '$row[IS_NULLABLE]' OR _collation_name != '$row[COLLATION_NAME]' OR _column_type != " . q($row["COLUMN_TYPE"]) . " OR _extra != '$row[EXTRA]' OR _column_comment != " . q($row["COLUMN_COMMENT"]) . " OR after != $row[after] THEN
SET @alter_table = CONCAT(@alter_table, ', MODIFY $row[alter]');
END IF;"; //! don't replace in comment
}
echo "
ELSE
SET @alter_table = CONCAT(@alter_table, ', DROP ', _column_name);
SET set_after = 0;
END CASE;
IF set_after THEN
SET after = _column_name;
END IF;
END IF;
UNTIL done END REPEAT;
CLOSE columns;
IF @alter_table != '' OR add_columns != '' THEN
SET alter_command = CONCAT(alter_command, 'ALTER TABLE " . table($table) . "', SUBSTR(CONCAT(add_columns, @alter_table), 2), ';\\n');
END IF;
END;;
DELIMITER ;
CALL adminer_alter(@adminer_alter);
DROP PROCEDURE adminer_alter;
";
//! indexes
}
}
}
/** Export table data
* @param string
* @param string
* @param string
* @return null prints data
*/
function dumpData($table, $style, $query) {
global $connection, $jush;
$max_packet = ($jush == "sqlite" ? 0 : 1048576); // default, minimum is 1024
if ($style) {
if ($_POST["format"] == "sql" && $style == "TRUNCATE+INSERT") {
echo truncate_sql($table) . ";\n";
}
$fields = fields($table);
$result = $connection->query($query, 1); // 1 - MYSQLI_USE_RESULT //! enum and set as numbers
if ($result) {
$insert = "";
$buffer = "";
while ($row = $result->fetch_assoc()) {
if ($_POST["format"] != "sql") {
dump_csv($row);
} else {
if (!$insert) {
$insert = "INSERT INTO " . table($table) . " (" . implode(", ", array_map('idf_escape', array_keys($row))) . ") VALUES";
}
foreach ($row as $key => $val) {
$row[$key] = (isset($val) ? (ereg('int|float|double|decimal', $fields[$key]["type"]) ? $val : q($val)) : "NULL"); //! columns looking like functions
}
$s = implode(",\t", $row);
if ($style == "INSERT+UPDATE") {
$set = array();
foreach ($row as $key => $val) {
$set[] = idf_escape($key) . " = $val";
}
echo "$insert ($s) ON DUPLICATE KEY UPDATE " . implode(", ", $set) . ";\n";
} else {
$s = ($max_packet ? "\n" : " ") . "($s)";
if (!$buffer) {
$buffer = $insert . $s;
} elseif (strlen($buffer) + 2 + strlen($s) < $max_packet) { // 2 - separator and terminator length
$buffer .= ",$s";
} else {
$buffer .= ";\n";
echo $buffer;
$buffer = $insert . $s;
}
}
}
}
if ($_POST["format"] == "sql" && $style != "INSERT+UPDATE" && $buffer) {
$buffer .= ";\n";
echo $buffer;
}
} elseif ($_POST["format"] == "sql") {
echo "-- " . str_replace("\n", " ", $connection->error) . "\n";
}
}
}
/** Send headers for export
* @param string
* @param bool
* @return string extension
*/
function dumpHeaders($identifier, $multi_table = false) {
$filename = ($identifier != "" ? friendly_url($identifier) : "adminer");
$output = $_POST["output"];
$ext = ($_POST["format"] == "sql" ? "sql" : ($multi_table ? "tar" : "csv")); // multiple CSV packed to TAR
header("Content-Type: " .
($output == "bz2" ? "application/x-bzip" :
($output == "gz" ? "application/x-gzip" :
($ext == "tar" ? "application/x-tar" :
($ext == "sql" || $output != "file" ? "text/plain" : "text/csv") . "; charset=utf-8"
))));
if ($output != "text") {
header("Content-Disposition: attachment; filename=$filename.$ext" . ($output != "file" && !ereg('[^0-9a-z]', $output) ? ".$output" : ""));
}
session_write_close();
if ($_POST["output"] == "bz2") {
ob_start('bzcompress', 1e6);
}
if ($_POST["output"] == "gz") {
ob_start('gzencode', 1e6);
}
return $ext;
}
/** Prints navigation after Adminer title
@@ -524,13 +716,13 @@ document.getElementById('username').focus();
<form action="" method="post">
<p class="logout">
<?php
if (DB == "" || !$missing) {
echo "<a href='" . h(ME) . "sql='>" . bold(lang('SQL command'), isset($_GET["sql"])) . "</a>\n";
if (support("dump")) {
echo "<a href='" . h(ME) . "dump=" . urlencode(isset($_GET["table"]) ? $_GET["table"] : $_GET["select"]) . "'>" . bold(lang('Dump'), isset($_GET["dump"])) . "</a>\n";
}
}
?>
if (DB == "" || !$missing) {
echo "<a href='" . h(ME) . "sql='>" . bold(lang('SQL command'), isset($_GET["sql"])) . "</a>\n";
if (support("dump")) {
echo "<a href='" . h(ME) . "dump=" . urlencode(isset($_GET["table"]) ? $_GET["table"] : $_GET["select"]) . "'>" . bold(lang('Dump'), isset($_GET["dump"])) . "</a>\n";
}
}
?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" name="logout" value="<?php echo lang('Logout'); ?>">
</p>
@@ -549,6 +741,7 @@ if (DB == "" || !$missing) {
}
}
if ($_GET["ns"] !== "" && !$missing) {
echo '<p><a href="' . h(ME) . 'create=">' . bold(lang('Create new table'), $_GET["create"] === "") . "</a>\n";
$tables = tables_list();
if (!$tables) {
echo "<p class='message'>" . lang('No tables.') . "\n";
@@ -559,13 +752,12 @@ if (DB == "" || !$missing) {
$links[] = preg_quote($table, '/');
}
echo "<script type='text/javascript'>\n";
echo "var jushLinks = { $jush: [ '" . addcslashes(h(ME), "\\'/") . "table=\$&', /\\b(" . implode("|", $links) . ")\\b/g ] };\n";
echo "var jushLinks = { $jush: [ '" . js_escape(ME) . "table=\$&', /\\b(" . implode("|", $links) . ")\\b/g ] };\n";
foreach (array("bac", "bra", "sqlite_quo", "mssql_bra") as $val) {
echo "jushLinks.$val = jushLinks.$jush;\n";
}
echo "</script>\n";
}
echo '<p><a href="' . h(ME) . 'create=">' . bold(lang('Create new table'), $_GET["create"] === "") . "</a>\n";
}
}
echo (isset($_GET["sql"]) ? '<input type="hidden" name="sql" value="">'