⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.89
Server IP:
41.128.143.86
Server:
Linux host.raqmix.cloud 6.8.0-1025-azure #30~22.04.1-Ubuntu SMP Wed Mar 12 15:28:20 UTC 2025 x86_64
Server Software:
Apache
PHP Version:
8.3.23
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
local
/
psa
/
phpMyAdmin
/
libraries
/
classes
/
Html
/
View File Name :
Generator.php
<?php /** * HTML Generator */ declare(strict_types=1); namespace PhpMyAdmin\Html; use PhpMyAdmin\Core; use PhpMyAdmin\Message; use PhpMyAdmin\Profiling; use PhpMyAdmin\Providers\ServerVariables\ServerVariablesProvider; use PhpMyAdmin\Query\Compatibility; use PhpMyAdmin\ResponseRenderer; use PhpMyAdmin\Sanitize; use PhpMyAdmin\SqlParser\Lexer; use PhpMyAdmin\SqlParser\Parser; use PhpMyAdmin\SqlParser\Utils\Error as ParserError; use PhpMyAdmin\Template; use PhpMyAdmin\Url; use PhpMyAdmin\Util; use Throwable; use Twig\Error\LoaderError; use Twig\Error\RuntimeError; use Twig\Error\SyntaxError; use function __; use function _pgettext; use function addslashes; use function array_key_exists; use function ceil; use function count; use function explode; use function htmlentities; use function htmlspecialchars; use function implode; use function in_array; use function ini_get; use function intval; use function is_array; use function mb_strlen; use function mb_strstr; use function mb_strtolower; use function mb_substr; use function nl2br; use function preg_match; use function preg_replace; use function sprintf; use function str_contains; use function str_replace; use function str_starts_with; use function strlen; use function strtoupper; use function substr; use function trim; use const ENT_COMPAT; /** * HTML Generator */ class Generator { /** * Displays a button to copy content to clipboard * * @param string $text Text to copy to clipboard * * @return string the html link */ public static function showCopyToClipboard(string $text): string { return ' <a href="#" class="copyQueryBtn" data-text="' . htmlspecialchars($text) . '">' . __('Copy') . '</a>'; } /** * Get a link to variable documentation * * @param string $name The variable name * @param bool $useMariaDB Use only MariaDB documentation * @param string $text (optional) The text for the link * * @return string link or empty string */ public static function linkToVarDocumentation( string $name, bool $useMariaDB = false, ?string $text = null ): string { $kbs = ServerVariablesProvider::getImplementation(); $link = $useMariaDB ? $kbs->getDocLinkByNameMariaDb($name) : $kbs->getDocLinkByNameMysql($name); $link = $link !== null ? Core::linkURL($link) : $link; return MySQLDocumentation::show($name, false, $link, $text); } /** * Returns HTML code for a tooltip * * @param string $message the message for the tooltip */ public static function showHint(string $message): string { if ($GLOBALS['cfg']['ShowHint']) { $classClause = ' class="pma_hint"'; } else { $classClause = ''; } return '<span' . $classClause . '>' . self::getImage('b_help') . '<span class="hide">' . $message . '</span>' . '</span>'; } /** * returns html code for db link to default db page * * @param string $database database * * @return string html link to default db page */ public static function getDbLink($database = ''): string { if ((string) $database === '') { if ((string) $GLOBALS['db'] === '') { return ''; } $database = $GLOBALS['db']; } else { $database = Util::unescapeMysqlWildcards($database); } $scriptName = Util::getScriptNameForOption($GLOBALS['cfg']['DefaultTabDatabase'], 'database'); return '<a href="' . $scriptName . Url::getCommon(['db' => $database], ! str_contains($scriptName, '?') ? '?' : '&') . '" title="' . htmlspecialchars( sprintf( __('Jump to database ā%sā.'), $database ) ) . '">' . htmlspecialchars($database) . '</a>'; } /** * Prepare a lightbulb hint explaining a known external bug * that affects a functionality * * @param string $functionality localized message explaining the func. * @param string $component 'mysql' (eventually, 'php') * @param string $minimumVersion of this component * @param string $bugReference bug reference for this component */ public static function getExternalBug( $functionality, $component, $minimumVersion, $bugReference ): string { global $dbi; $return = ''; if (($component === 'mysql') && ($dbi->getVersion() < $minimumVersion)) { $return .= self::showHint( sprintf( __('The %s functionality is affected by a known bug, see %s'), $functionality, Core::linkURL('https://bugs.mysql.com/') . $bugReference ) ); } return $return; } /** * Returns an HTML IMG tag for a particular icon from a theme, * which may be an actual file or an icon from a sprite. * This function takes into account the ActionLinksMode * configuration setting and wraps the image tag in a span tag. * * @param string $icon name of icon file * @param string $alternate alternate text * @param bool $forceText whether to force alternate text to be displayed * @param bool $menuIcon whether this icon is for the menu bar or not * @param string $controlParam which directive controls the display * * @return string an html snippet */ public static function getIcon( $icon, $alternate = '', $forceText = false, $menuIcon = false, $controlParam = 'ActionLinksMode' ): string { $includeIcon = $includeText = false; if (Util::showIcons($controlParam)) { $includeIcon = true; } if ($forceText || Util::showText($controlParam)) { $includeText = true; } // Sometimes use a span (we rely on this in js/sql.js). But for menu bar // we don't need a span $button = $menuIcon ? '' : '<span class="text-nowrap">'; if ($includeIcon) { $button .= self::getImage($icon, $alternate); } if ($includeIcon && $includeText) { $button .= ' '; } if ($includeText) { $button .= $alternate; } $button .= $menuIcon ? '' : '</span>'; return $button; } /** * Returns information about SSL status for current connection */ public static function getServerSSL(): string { $server = $GLOBALS['cfg']['Server']; $class = 'text-danger'; if (! $server['ssl']) { $message = __('SSL is not being used'); if (! empty($server['socket']) || in_array($server['host'], $GLOBALS['cfg']['MysqlSslWarningSafeHosts'])) { $class = ''; } } elseif (! $server['ssl_verify']) { $message = __('SSL is used with disabled verification'); } elseif (empty($server['ssl_ca'])) { $message = __('SSL is used without certification authority'); } else { $class = ''; $message = __('SSL is used'); } return '<span class="' . $class . '">' . $message . '</span> ' . MySQLDocumentation::showDocumentation( 'setup', 'ssl' ); } /** * Returns default function for a particular column. * * @param array $field Data about the column for which * to generate the dropdown * @param bool $insertMode Whether the operation is 'insert' * * @return string An HTML snippet of a dropdown list with function * names appropriate for the requested column. * * @global mixed $data data of currently edited row * (used to detect whether to choose defaults) * @global array $cfg PMA configuration */ public static function getDefaultFunctionForField(array $field, $insertMode): string { global $cfg, $data, $dbi; $defaultFunction = ''; // Can we get field class based values? $currentClass = $dbi->types->getTypeClass($field['True_Type']); if (! empty($currentClass) && isset($cfg['DefaultFunctions']['FUNC_' . $currentClass])) { $defaultFunction = $cfg['DefaultFunctions']['FUNC_' . $currentClass]; // Change the configured default function to include the ST_ prefix with MySQL 5.6 and later. // It needs to match the function listed in the select html element. if ( $currentClass === 'SPATIAL' && $dbi->getVersion() >= 50600 && strtoupper(substr($defaultFunction, 0, 3)) !== 'ST_' ) { $defaultFunction = 'ST_' . $defaultFunction; } } // what function defined as default? // for the first timestamp we don't set the default function // if there is a default value for the timestamp // (not including CURRENT_TIMESTAMP) // and the column does not have the // ON UPDATE DEFAULT TIMESTAMP attribute. if ( ($field['True_Type'] === 'timestamp') && $field['first_timestamp'] && empty($field['Default']) && empty($data) && $field['Extra'] !== 'on update CURRENT_TIMESTAMP' && $field['Null'] === 'NO' ) { $defaultFunction = $cfg['DefaultFunctions']['first_timestamp']; } // For uuid field, no default function if ($field['True_Type'] === 'uuid') { return ''; } // For primary keys of type char(36) or varchar(36) UUID if the default // function // Only applies to insert mode, as it would silently trash data on updates. if ( $insertMode && $field['Key'] === 'PRI' && ($field['Type'] === 'char(36)' || $field['Type'] === 'varchar(36)') ) { $defaultFunction = $cfg['DefaultFunctions']['FUNC_UUID']; } return $defaultFunction; } /** * Creates a dropdown box with MySQL functions for a particular column. * * @param array $field Data about the column for which to generate the dropdown * @param bool $insertMode Whether the operation is 'insert' * @param array $foreignData Foreign data * * @return string An HTML snippet of a dropdown list with function names appropriate for the requested column. */ public static function getFunctionsForField(array $field, $insertMode, array $foreignData): string { global $dbi; $defaultFunction = self::getDefaultFunctionForField($field, $insertMode); // Create the output $retval = '<option></option>' . "\n"; // loop on the dropdown array and print all available options for that // field. $functions = $dbi->types->getAllFunctions(); foreach ($functions as $function) { $retval .= '<option'; if ($function === $defaultFunction && ! isset($foreignData['foreign_field'])) { $retval .= ' selected="selected"'; } $retval .= '>' . $function . '</option>' . "\n"; } $retval .= '<option value="PHP_PASSWORD_HASH" title="'; $retval .= htmlentities(__('The PHP function password_hash() with default options.'), ENT_COMPAT); $retval .= '">' . __('password_hash() PHP function') . '</option>' . "\n"; return $retval; } /** * Renders a single link for the top of the navigation panel * * @param string $link The url for the link * @param bool $showText Whether to show the text or to * only use it for title attributes * @param string $text The text to display and use for title attributes * @param bool $showIcon Whether to show the icon * @param string $icon The filename of the icon to show * @param string $linkId Value to use for the ID attribute * @param bool $disableAjax Whether to disable ajax page loading for this link * @param string $linkTarget The name of the target frame for the link * @param array $classes HTML classes to apply * * @return string HTML code for one link */ public static function getNavigationLink( $link, $showText, $text, $showIcon, $icon, $linkId = '', $disableAjax = false, $linkTarget = '', array $classes = [] ): string { $retval = '<a href="' . $link . '"'; if (! empty($linkId)) { $retval .= ' id="' . $linkId . '"'; } if (! empty($linkTarget)) { $retval .= ' target="' . $linkTarget . '"'; } if ($disableAjax) { $classes[] = 'disableAjax'; } if (! empty($classes)) { $retval .= ' class="' . implode(' ', $classes) . '"'; } $retval .= ' title="' . $text . '">'; if ($showIcon) { $retval .= self::getImage($icon, $text); } if ($showText) { $retval .= $text; } $retval .= '</a>'; if ($showText) { $retval .= '<br>'; } return $retval; } /** * @return array<string, int|string> * @psalm-return array{pos: int, unlim_num_rows: int, rows: int, sql_query: string} */ public static function getStartAndNumberOfRowsFieldsetData(string $sqlQuery): array { if (isset($_REQUEST['session_max_rows'])) { $rows = (int) $_REQUEST['session_max_rows']; } elseif (isset($_SESSION['tmpval']['max_rows']) && $_SESSION['tmpval']['max_rows'] !== 'all') { $rows = (int) $_SESSION['tmpval']['max_rows']; } else { $rows = (int) $GLOBALS['cfg']['MaxRows']; $_SESSION['tmpval']['max_rows'] = $rows; } $numberOfLine = (int) $_REQUEST['unlim_num_rows']; if (isset($_REQUEST['pos'])) { $pos = (int) $_REQUEST['pos']; } elseif (isset($_SESSION['tmpval']['pos'])) { $pos = (int) $_SESSION['tmpval']['pos']; } else { $pos = ((int) ceil($numberOfLine / $rows) - 1) * $rows; $_SESSION['tmpval']['pos'] = $pos; } return ['pos' => $pos, 'unlim_num_rows' => $numberOfLine, 'rows' => $rows, 'sql_query' => $sqlQuery]; } /** * Prepare the message and the query * usually the message is the result of the query executed * * @param Message|string $message the message to display * @param string $sqlQuery the query to display * @param string $type the type (level) of the message * * @throws Throwable * @throws LoaderError * @throws RuntimeError * @throws SyntaxError */ public static function getMessage( $message, $sqlQuery = null, $type = 'notice' ): string { global $cfg, $dbi; $retval = ''; if ($sqlQuery === null) { if (! empty($GLOBALS['display_query'])) { $sqlQuery = $GLOBALS['display_query']; } elseif (! empty($GLOBALS['unparsed_sql'])) { $sqlQuery = $GLOBALS['unparsed_sql']; } elseif (! empty($GLOBALS['sql_query'])) { $sqlQuery = $GLOBALS['sql_query']; } else { $sqlQuery = ''; } } $renderSql = $cfg['ShowSQL'] == true && ! empty($sqlQuery) && $sqlQuery !== ';'; if (isset($GLOBALS['using_bookmark_message'])) { $retval .= $GLOBALS['using_bookmark_message']->getDisplay(); unset($GLOBALS['using_bookmark_message']); } if ($renderSql) { $retval .= '<div class="result_query">' . "\n"; } if ($message instanceof Message) { if (isset($GLOBALS['special_message'])) { $message->addText($GLOBALS['special_message']); unset($GLOBALS['special_message']); } $retval .= $message->getDisplay(); } else { $context = 'primary'; if ($type === 'error') { $context = 'danger'; } elseif ($type === 'success') { $context = 'success'; } $retval .= '<div class="alert alert-' . $context . '" role="alert">'; $retval .= Sanitize::sanitizeMessage($message); if (isset($GLOBALS['special_message'])) { $retval .= Sanitize::sanitizeMessage($GLOBALS['special_message']); unset($GLOBALS['special_message']); } $retval .= '</div>'; } if ($renderSql) { $queryTooBig = false; $queryLength = mb_strlen($sqlQuery); if ($queryLength > $cfg['MaxCharactersInDisplayedSQL']) { // when the query is large (for example an INSERT of binary // data), the parser chokes; so avoid parsing the query $queryTooBig = true; $queryBase = mb_substr($sqlQuery, 0, $cfg['MaxCharactersInDisplayedSQL']) . '[...]'; } else { $queryBase = $sqlQuery; } // Html format the query to be displayed // If we want to show some sql code it is easiest to create it here /* SQL-Parser-Analyzer */ if (! empty($GLOBALS['show_as_php'])) { $newLine = '\\n"<br>' . "\n" . ' . "'; $queryBase = htmlspecialchars(addslashes($queryBase)); $queryBase = preg_replace('/((\015\012)|(\015)|(\012))/', $newLine, $queryBase); $queryBase = '<code class="php" dir="ltr"><pre>' . "\n" . '$sql = "' . $queryBase . '";' . "\n" . '</pre></code>'; } elseif ($queryTooBig) { $queryBase = '<code class="sql" dir="ltr"><pre>' . "\n" . htmlspecialchars($queryBase, ENT_COMPAT) . '</pre></code>'; } else { $queryBase = self::formatSql($queryBase); } // Prepares links that may be displayed to edit/explain the query // (don't go to default pages, we must go to the page // where the query box is available) // Basic url query part $urlParams = []; if (! isset($GLOBALS['db'])) { $GLOBALS['db'] = ''; } if (strlen($GLOBALS['db']) > 0) { $urlParams['db'] = $GLOBALS['db']; if (strlen($GLOBALS['table']) > 0) { $urlParams['table'] = $GLOBALS['table']; $editLinkRoute = '/table/sql'; } else { $editLinkRoute = '/database/sql'; } } else { $editLinkRoute = '/server/sql'; } // Want to have the query explained // but only explain a SELECT (that has not been explained) /* SQL-Parser-Analyzer */ $explainLink = ''; $isSelect = preg_match('@^SELECT[[:space:]]+@i', $sqlQuery); if (! empty($cfg['SQLQuery']['Explain']) && ! $queryTooBig) { $explainParams = $urlParams; if ($isSelect) { $explainParams['sql_query'] = 'EXPLAIN ' . $sqlQuery; $explainLink = ' [ ' . self::linkOrButton( Url::getFromRoute('/import', $explainParams), null, __('Explain SQL') ) . ' ]'; } elseif (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $sqlQuery)) { $explainParams['sql_query'] = mb_substr($sqlQuery, 8); $explainLink = ' [ ' . self::linkOrButton( Url::getFromRoute('/import', $explainParams), null, __('Skip Explain SQL') ) . ']'; } } $urlParams['sql_query'] = $sqlQuery; $urlParams['show_query'] = 1; // even if the query is big and was truncated, offer the chance // to edit it (unless it's enormous, see linkOrButton() ) if (! empty($cfg['SQLQuery']['Edit']) && empty($GLOBALS['show_as_php'])) { $editLink = ' [ ' . self::linkOrButton(Url::getFromRoute($editLinkRoute, $urlParams), null, __('Edit')) . ' ]'; } else { $editLink = ''; } // Also we would like to get the SQL formed in some nice // php-code if (! empty($cfg['SQLQuery']['ShowAsPHP']) && ! $queryTooBig) { if (! empty($GLOBALS['show_as_php'])) { $phpLink = ' [ ' . self::linkOrButton( Url::getFromRoute('/import', $urlParams), null, __('Without PHP code') ) . ' ]'; $phpLink .= ' [ ' . self::linkOrButton( Url::getFromRoute('/import', $urlParams), null, __('Submit query') ) . ' ]'; } else { $phpParams = $urlParams; $phpParams['show_as_php'] = 1; $phpLink = ' [ ' . self::linkOrButton( Url::getFromRoute('/import', $phpParams), null, __('Create PHP code') ) . ' ]'; } } else { $phpLink = ''; } // Refresh query if ( ! empty($cfg['SQLQuery']['Refresh']) && ! isset($GLOBALS['show_as_php']) // 'Submit query' does the same && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $sqlQuery) ) { $refreshLink = Url::getFromRoute('/sql', $urlParams); $refreshLink = ' [ ' . self::linkOrButton($refreshLink, null, __('Refresh')) . ' ]'; } else { $refreshLink = ''; } $retval .= '<div class="sqlOuter">'; $retval .= $queryBase; $retval .= '</div>'; $retval .= '<div class="tools d-print-none">'; $retval .= '<form action="' . Url::getFromRoute( '/sql', ['db' => $GLOBALS['db'], 'table' => $GLOBALS['table']] ) . '" method="post" class="disableAjax">'; $retval .= Url::getHiddenInputs($GLOBALS['db'], $GLOBALS['table']); $retval .= '<input type="hidden" name="sql_query" value="' . htmlspecialchars($sqlQuery) . '">'; // avoid displaying a Profiling checkbox that could // be checked, which would re-execute an INSERT, for example if (! empty($refreshLink) && Profiling::isSupported($dbi)) { $retval .= '<input type="hidden" name="profiling_form" value="1">'; $retval .= '<input type="checkbox" name="profiling" id="profilingCheckbox" class="autosubmit"'; $retval .= isset($_SESSION['profiling']) ? ' checked' : ''; $retval .= '> <label for="profilingCheckbox">' . __('Profiling') . '</label>'; } $retval .= '</form>'; /** * TODO: Should we have $cfg['SQLQuery']['InlineEdit']? */ if (! empty($cfg['SQLQuery']['Edit']) && ! $queryTooBig && empty($GLOBALS['show_as_php'])) { $inlineEditLink = ' [ ' . self::linkOrButton( '#', null, _pgettext('Inline edit query', 'Edit inline'), ['class' => 'inline_edit_sql'] ) . ' ]'; } else { $inlineEditLink = ''; } $retval .= $inlineEditLink . $editLink . $explainLink . $phpLink . $refreshLink; $retval .= '</div>'; $retval .= '</div>'; } return $retval; } /** * Displays a link to the PHP documentation * * @param string $target anchor in documentation * * @return string the html link */ public static function showPHPDocumentation($target): string { return self::showDocumentationLink(Core::getPHPDocLink($target)); } /** * Displays a link to the documentation as an icon * * @param string $link documentation link * @param string $target optional link target * @param bool $bbcode optional flag indicating whether to output bbcode * * @return string the html link */ public static function showDocumentationLink($link, $target = 'documentation', $bbcode = false): string { if ($bbcode) { return '[a@' . $link . '@' . $target . '][dochelpicon][/a]'; } return '<a href="' . $link . '" target="' . $target . '">' . self::getImage('b_help', __('Documentation')) . '</a>'; } /** * Displays a MySQL error message in the main panel when $exit is true. * Returns the error message otherwise. * * @param string $serverMessage Server's error message. * @param string $sqlQuery The SQL query that failed. * @param bool $isModifyLink Whether to show a "modify" link or not. * @param string $backUrl URL for the "back" link (full path is not required). * @param bool $exit Whether execution should be stopped or the error message should be returned. * * @global string $table The current table. * @global string $db The current database. */ public static function mysqlDie( $serverMessage = '', $sqlQuery = '', $isModifyLink = true, $backUrl = '', $exit = true ): ?string { global $table, $db, $dbi; /** * Error message to be built. */ $errorMessage = ''; // Checking for any server errors. if (empty($serverMessage)) { $serverMessage = $dbi->getError(); } // Finding the query that failed, if not specified. if (empty($sqlQuery) && ! empty($GLOBALS['sql_query'])) { $sqlQuery = $GLOBALS['sql_query']; } $sqlQuery = trim($sqlQuery); /** * The lexer used for analysis. */ $lexer = new Lexer($sqlQuery); /** * The parser used for analysis. */ $parser = new Parser($lexer->list); /** * The errors found by the lexer and the parser. */ $errors = ParserError::get( [ $lexer, $parser, ] ); if (empty($sqlQuery)) { $formattedSql = ''; } elseif (count($errors)) { $formattedSql = htmlspecialchars($sqlQuery); } else { $formattedSql = self::formatSql($sqlQuery, true); } $errorMessage .= '<div class="alert alert-danger" role="alert"><h1>' . __('Error') . '</h1>'; // For security reasons, if the MySQL refuses the connection, the query // is hidden so no details are revealed. if (! empty($sqlQuery) && ! mb_strstr($sqlQuery, 'connect')) { // Static analysis errors. if (! empty($errors)) { $errorMessage .= '<p><strong>' . __('Static analysis:') . '</strong></p>'; $errorMessage .= '<p>' . sprintf( __('%d errors were found during analysis.'), count($errors) ) . '</p>'; $errorMessage .= '<p><ol>'; $errorMessage .= implode( ParserError::format( $errors, '<li>%2$s (near "%4$s" at position %5$d)</li>' ) ); $errorMessage .= '</ol></p>'; } // Display the SQL query and link to MySQL documentation. $errorMessage .= '<p><strong>' . __('SQL query:') . '</strong>' . self::showCopyToClipboard( $sqlQuery ) . "\n"; $formattedSqlToLower = mb_strtolower($formattedSql); // TODO: Show documentation for all statement types. if (mb_strstr($formattedSqlToLower, 'select')) { // please show me help to the error on select $errorMessage .= MySQLDocumentation::show('SELECT'); } if ($isModifyLink) { $urlParams = [ 'sql_query' => $sqlQuery, 'show_query' => 1, ]; if (strlen($table) > 0) { $urlParams['db'] = $db; $urlParams['table'] = $table; $doEditGoto = '<a href="' . Url::getFromRoute('/table/sql', $urlParams) . '">'; } elseif (strlen($db) > 0) { $urlParams['db'] = $db; $doEditGoto = '<a href="' . Url::getFromRoute('/database/sql', $urlParams) . '">'; } else { $doEditGoto = '<a href="' . Url::getFromRoute('/server/sql', $urlParams) . '">'; } $errorMessage .= $doEditGoto . self::getIcon('b_edit', __('Edit')) . '</a>'; } $errorMessage .= ' </p>' . "\n" . '<p>' . "\n" . $formattedSql . "\n" . '</p>' . "\n"; } // Display server's error. if ($serverMessage !== '') { $serverMessage = (string) preg_replace("@((\015\012)|(\015)|(\012)){3,}@", "\n\n", $serverMessage); // Adds a link to MySQL documentation. $errorMessage .= '<p>' . "\n" . ' <strong>' . __('MySQL said: ') . '</strong>' . MySQLDocumentation::show('server-error-reference') . "\n" . '</p>' . "\n"; // The error message will be displayed within a CODE segment. // To preserve original formatting, but allow word-wrapping, // a couple of replacements are done. // All non-single blanks and TAB-characters are replaced with their // HTML-counterpart $serverMessage = str_replace( [ ' ', "\t", ], [ ' ', ' ', ], $serverMessage ); // Replace line breaks $serverMessage = nl2br($serverMessage); $errorMessage .= '<code>' . $serverMessage . '</code><br>'; } $errorMessage .= '</div>'; $_SESSION['Import_message']['message'] = $errorMessage; if (! $exit) { return $errorMessage; } /** * If this is an AJAX request, there is no "Back" link and * `Response()` is used to send the response. */ $response = ResponseRenderer::getInstance(); if ($response->isAjax()) { $response->setRequestStatus(false); $response->addJSON('message', $errorMessage); exit; } if (! empty($backUrl)) { if (mb_strstr($backUrl, '?')) { $backUrl .= '&no_history=true'; } else { $backUrl .= '?no_history=true'; } $_SESSION['Import_message']['go_back_url'] = $backUrl; $errorMessage .= '<fieldset class="pma-fieldset tblFooters">' . '[ <a href="' . $backUrl . '">' . __('Back') . '</a> ]' . '</fieldset>' . "\n\n"; } exit($errorMessage); } /** * Returns an HTML IMG tag for a particular image from a theme * * The image name should match CSS class defined in icons.css.php * * @param string $image The name of the file to get * @param string $alternate Used to set 'alt' and 'title' attributes * of the image * @param array $attributes An associative array of other attributes * * @return string an html IMG tag */ public static function getImage($image, $alternate = '', array $attributes = []): string { $alternate = htmlspecialchars($alternate); if (isset($attributes['class'])) { $attributes['class'] = 'icon ic_' . $image . ' ' . $attributes['class']; } else { $attributes['class'] = 'icon ic_' . $image; } // set all other attributes $attributeString = ''; foreach ($attributes as $key => $value) { if (in_array($key, ['alt', 'title'])) { continue; } $attributeString .= ' ' . $key . '="' . $value . '"'; } // override the alt attribute $alt = $attributes['alt'] ?? $alternate; // override the title attribute $title = $attributes['title'] ?? $alternate; // generate the IMG tag $template = '<img src="themes/dot.gif" title="%s" alt="%s"%s>'; return sprintf($template, $title, $alt, $attributeString); } /** * Displays a link, or a link with code to trigger POST request. * * POST is used in following cases: * * - URL is too long * - URL components are over Suhosin limits * - There is SQL query in the parameters * * @param string $urlPath the URL * @param array<int|string, mixed>|null $urlParams URL parameters * @param string $message the link message * @param string|array<string, string> $tagParams string: js confirmation; * array: additional tag params (f.e. style="") * @param string $target target * * @return string the results to be echoed or saved in an array */ public static function linkOrButton( $urlPath, $urlParams, $message, $tagParams = [], $target = '', bool $respectUrlLengthLimit = true ): string { $url = $urlPath; if (is_array($urlParams)) { $url = $urlPath . Url::getCommon($urlParams, str_contains($urlPath, '?') ? '&' : '?', false); } $urlLength = strlen($url); if (! is_array($tagParams)) { $tmp = $tagParams; $tagParams = []; if (! empty($tmp)) { $tagParams['onclick'] = 'return Functions.confirmLink(this, \'' . Sanitize::escapeJsString($tmp) . '\')'; } unset($tmp); } if (! empty($target)) { $tagParams['target'] = $target; if ($target === '_blank' && str_starts_with($url, 'url.php?')) { $tagParams['rel'] = 'noopener noreferrer'; } } // Suhosin: Check that each query parameter is not above maximum $inSuhosinLimits = true; if ($urlLength <= $GLOBALS['cfg']['LinkLengthLimit']) { $suhosinGetMaxValueLength = ini_get('suhosin.get.max_value_length'); if ($suhosinGetMaxValueLength) { $queryParts = Util::splitURLQuery($url); foreach ($queryParts as $queryPair) { if (! str_contains($queryPair, '=')) { continue; } [, $eachValue] = explode('=', $queryPair); if (strlen($eachValue) > $suhosinGetMaxValueLength) { $inSuhosinLimits = false; break; } } } } $tagParamsStrings = []; $isDataPostFormatSupported = ($urlLength > $GLOBALS['cfg']['LinkLengthLimit']) || ! $inSuhosinLimits // Has as sql_query without a signature, to be accepted it needs // to be sent using POST || ( str_contains($url, 'sql_query=') && ! str_contains($url, 'sql_signature=') ) || str_contains($url, 'view[as]='); if ($respectUrlLengthLimit && $isDataPostFormatSupported) { $parts = explode('?', $url, 2); /* * The data-post indicates that client should do POST * this is handled in js/ajax.js */ $tagParamsStrings[] = 'data-post="' . ($parts[1] ?? '') . '"'; $url = $parts[0]; if (array_key_exists('class', $tagParams) && str_contains($tagParams['class'], 'create_view')) { $url .= '?' . explode('&', $parts[1], 2)[0]; } } else { $url = $urlPath; if (is_array($urlParams)) { $url = $urlPath . Url::getCommon($urlParams, str_contains($urlPath, '?') ? '&' : '?'); } } foreach ($tagParams as $paramName => $paramValue) { $tagParamsStrings[] = $paramName . '="' . htmlspecialchars($paramValue) . '"'; } // no whitespace within an <a> else Safari will make it part of the link return '<a href="' . $url . '" ' . implode(' ', $tagParamsStrings) . '>' . $message . '</a>'; } /** * Prepare navigation for a list * * @param int $count number of elements in the list * @param int $pos current position in the list * @param array $urlParams url parameters * @param string $script script name for form target * @param string $frame target frame * @param int $maxCount maximum number of elements to display from * the list * @param string $name the name for the request parameter * @param string[] $classes additional classes for the container * * @return string the html content * * @todo use $pos from $_url_params */ public static function getListNavigator( $count, $pos, array $urlParams, $script, $frame, $maxCount, $name = 'pos', $classes = [] ): string { // This is often coming from $cfg['MaxTableList'] and // people sometimes set it to empty string $maxCount = intval($maxCount); if ($maxCount <= 0) { $maxCount = 250; } $pageSelector = ''; if ($maxCount < $count) { $classes[] = 'pageselector'; $pageSelector = Util::pageselector( $name, $maxCount, Util::getPageFromPosition($pos, $maxCount), (int) ceil($count / $maxCount) ); } return (new Template())->render('list_navigator', [ 'count' => $count, 'max_count' => $maxCount, 'classes' => $classes, 'frame' => $frame, 'position' => $pos, 'script' => $script, 'url_params' => $urlParams, 'param_name' => $name, 'page_selector' => $pageSelector, ]); } /** * format sql strings * * @param string $sqlQuery raw SQL string * @param bool $truncate truncate the query if it is too long * * @return string the formatted sql * * @global array $cfg the configuration array */ public static function formatSql($sqlQuery, $truncate = false): string { global $cfg; if ($truncate && mb_strlen($sqlQuery) > $cfg['MaxCharactersInDisplayedSQL']) { $sqlQuery = mb_substr($sqlQuery, 0, $cfg['MaxCharactersInDisplayedSQL']) . '[...]'; } return '<code class="sql" dir="ltr"><pre>' . "\n" . htmlspecialchars($sqlQuery, ENT_COMPAT) . "\n" . '</pre></code>'; } /** * This function processes the datatypes supported by the DB, * as specified in Types->getColumns() and returns an HTML snippet that * creates a drop-down list. * * @param string $selected The value to mark as selected in HTML mode */ public static function getSupportedDatatypes($selected): string { global $dbi; // NOTE: the SELECT tag is not included in this snippet. $retval = ''; foreach ($dbi->types->getColumns() as $key => $value) { if (is_array($value)) { $retval .= '<optgroup label="' . htmlspecialchars($key) . '">'; foreach ($value as $subvalue) { if ($subvalue === '-') { $retval .= '<option disabled="disabled">'; $retval .= $subvalue; $retval .= '</option>'; continue; } $isLengthRestricted = Compatibility::isIntegersSupportLength($subvalue, '2', $dbi); $retval .= sprintf( '<option data-length-restricted="%b" %s title="%s">%s</option>', $isLengthRestricted ? 0 : 1, $selected === $subvalue ? 'selected="selected"' : '', $dbi->types->getTypeDescription($subvalue), $subvalue ); } $retval .= '</optgroup>'; continue; } $isLengthRestricted = Compatibility::isIntegersSupportLength($value, '2', $dbi); $retval .= sprintf( '<option data-length-restricted="%b" %s title="%s">%s</option>', $isLengthRestricted ? 0 : 1, $selected === $value ? 'selected="selected"' : '', $dbi->types->getTypeDescription($value), $value ); } return $retval; } }