Viewing file:  Generator.php (43.41 KB) -rwxr-x---
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
/**
* HTML Generator
*/
declare(strict_types=1);
namespace PhpMyAdmin\Html;
use PhpMyAdmin\Core;
use PhpMyAdmin\Message;
use PhpMyAdmin\Profiling;
use PhpMyAdmin\Providers\ServerVariables\ServerVariablesProvider;
use PhpMyAdmin\Query\Compatibility;
use PhpMyAdmin\ResponseRenderer;
use PhpMyAdmin\Sanitize;
use PhpMyAdmin\SqlParser\Lexer;
use PhpMyAdmin\SqlParser\Parser;
use PhpMyAdmin\SqlParser\Utils\Error as ParserError;
use PhpMyAdmin\Template;
use PhpMyAdmin\Url;
use PhpMyAdmin\Util;
use Throwable;
use Twig\Error\LoaderError;
use Twig\Error\RuntimeError;
use Twig\Error\SyntaxError;
use function __;
use function _pgettext;
use function addslashes;
use function array_key_exists;
use function ceil;
use function count;
use function explode;
use function htmlentities;
use function htmlspecialchars;
use function implode;
use function in_array;
use function ini_get;
use function intval;
use function is_array;
use function mb_strlen;
use function mb_strstr;
use function mb_strtolower;
use function mb_substr;
use function nl2br;
use function preg_match;
use function preg_replace;
use function sprintf;
use function str_contains;
use function str_replace;
use function str_starts_with;
use function strlen;
use function strtoupper;
use function substr;
use function trim;
use const ENT_COMPAT;
/**
* HTML Generator
*/
class Generator
{
/**
* Displays a button to copy content to clipboard
*
* @param string $text Text to copy to clipboard
*
* @return string the html link
*/
public static function showCopyToClipboard(string $text): string
{
return ' <a href="#" class="copyQueryBtn" data-text="'
. htmlspecialchars($text) . '">' . __('Copy') . '</a>';
}
/**
* Get a link to variable documentation
*
* @param string $name The variable name
* @param bool $useMariaDB Use only MariaDB documentation
* @param string $text (optional) The text for the link
*
* @return string link or empty string
*/
public static function linkToVarDocumentation(
string $name,
bool $useMariaDB = false,
?string $text = null
): string {
$kbs = ServerVariablesProvider::getImplementation();
$link = $useMariaDB ? $kbs->getDocLinkByNameMariaDb($name) :
$kbs->getDocLinkByNameMysql($name);
$link = $link !== null ? Core::linkURL($link) : $link;
return MySQLDocumentation::show($name, false, $link, $text);
}
/**
* Returns HTML code for a tooltip
*
* @param string $message the message for the tooltip
*/
public static function showHint(string $message): string
{
if ($GLOBALS['cfg']['ShowHint']) {
$classClause = ' class="pma_hint"';
} else {
$classClause = '';
}
return '<span' . $classClause . '>'
. self::getImage('b_help')
. '<span class="hide">' . $message . '</span>'
. '</span>';
}
/**
* returns html code for db link to default db page
*
* @param string $database database
*
* @return string html link to default db page
*/
public static function getDbLink($database = ''): string
{
if ((string) $database === '') {
if ((string) $GLOBALS['db'] === '') {
return '';
}
$database = $GLOBALS['db'];
} else {
$database = Util::unescapeMysqlWildcards($database);
}
$scriptName = Util::getScriptNameForOption($GLOBALS['cfg']['DefaultTabDatabase'], 'database');
return '<a href="'
. $scriptName
. Url::getCommon(['db' => $database], ! str_contains($scriptName, '?') ? '?' : '&')
. '" title="'
. htmlspecialchars(
sprintf(
__('Jump to database ā%sā.'),
$database
)
)
. '">' . htmlspecialchars($database) . '</a>';
}
/**
* Prepare a lightbulb hint explaining a known external bug
* that affects a functionality
*
* @param string $functionality localized message explaining the func.
* @param string $component 'mysql' (eventually, 'php')
* @param string $minimumVersion of this component
* @param string $bugReference bug reference for this component
*/
public static function getExternalBug(
$functionality,
$component,
$minimumVersion,
$bugReference
): string {
global $dbi;
$return = '';
if (($component === 'mysql') && ($dbi->getVersion() < $minimumVersion)) {
$return .= self::showHint(
sprintf(
__('The %s functionality is affected by a known bug, see %s'),
$functionality,
Core::linkURL('https://bugs.mysql.com/') . $bugReference
)
);
}
return $return;
}
/**
* Returns an HTML IMG tag for a particular icon from a theme,
* which may be an actual file or an icon from a sprite.
* This function takes into account the ActionLinksMode
* configuration setting and wraps the image tag in a span tag.
*
* @param string $icon name of icon file
* @param string $alternate alternate text
* @param bool $forceText whether to force alternate text to be displayed
* @param bool $menuIcon whether this icon is for the menu bar or not
* @param string $controlParam which directive controls the display
*
* @return string an html snippet
*/
public static function getIcon(
$icon,
$alternate = '',
$forceText = false,
$menuIcon = false,
$controlParam = 'ActionLinksMode'
): string {
$includeIcon = $includeText = false;
if (Util::showIcons($controlParam)) {
$includeIcon = true;
}
if ($forceText || Util::showText($controlParam)) {
$includeText = true;
}
// Sometimes use a span (we rely on this in js/sql.js). But for menu bar
// we don't need a span
$button = $menuIcon ? '' : '<span class="text-nowrap">';
if ($includeIcon) {
$button .= self::getImage($icon, $alternate);
}
if ($includeIcon && $includeText) {
$button .= ' ';
}
if ($includeText) {
$button .= $alternate;
}
$button .= $menuIcon ? '' : '</span>';
return $button;
}
/**
* Returns information about SSL status for current connection
*/
public static function getServerSSL(): string
{
$server = $GLOBALS['cfg']['Server'];
$class = 'text-danger';
if (! $server['ssl']) {
$message = __('SSL is not being used');
if (! empty($server['socket']) || in_array($server['host'], $GLOBALS['cfg']['MysqlSslWarningSafeHosts'])) {
$class = '';
}
} elseif (! $server['ssl_verify']) {
$message = __('SSL is used with disabled verification');
} elseif (empty($server['ssl_ca'])) {
$message = __('SSL is used without certification authority');
} else {
$class = '';
$message = __('SSL is used');
}
return '<span class="' . $class . '">' . $message . '</span> ' . MySQLDocumentation::showDocumentation(
'setup',
'ssl'
);
}
/**
* Returns default function for a particular column.
*
* @param array $field Data about the column for which
* to generate the dropdown
* @param bool $insertMode Whether the operation is 'insert'
*
* @return string An HTML snippet of a dropdown list with function
* names appropriate for the requested column.
*
* @global mixed $data data of currently edited row
* (used to detect whether to choose defaults)
* @global array $cfg PMA configuration
*/
public static function getDefaultFunctionForField(array $field, $insertMode): string
{
global $cfg, $data, $dbi;
$defaultFunction = '';
// Can we get field class based values?
$currentClass = $dbi->types->getTypeClass($field['True_Type']);
if (! empty($currentClass) && isset($cfg['DefaultFunctions']['FUNC_' . $currentClass])) {
$defaultFunction = $cfg['DefaultFunctions']['FUNC_' . $currentClass];
// Change the configured default function to include the ST_ prefix with MySQL 5.6 and later.
// It needs to match the function listed in the select html element.
if (
$currentClass === 'SPATIAL' &&
$dbi->getVersion() >= 50600 &&
strtoupper(substr($defaultFunction, 0, 3)) !== 'ST_'
) {
$defaultFunction = 'ST_' . $defaultFunction;
}
}
// what function defined as default?
// for the first timestamp we don't set the default function
// if there is a default value for the timestamp
// (not including CURRENT_TIMESTAMP)
// and the column does not have the
// ON UPDATE DEFAULT TIMESTAMP attribute.
if (
($field['True_Type'] === 'timestamp')
&& $field['first_timestamp']
&& empty($field['Default'])
&& empty($data)
&& $field['Extra'] !== 'on update CURRENT_TIMESTAMP'
&& $field['Null'] === 'NO'
) {
$defaultFunction = $cfg['DefaultFunctions']['first_timestamp'];
}
// For uuid field, no default function
if ($field['True_Type'] === 'uuid') {
return '';
}
// For primary keys of type char(36) or varchar(36) UUID if the default
// function
// Only applies to insert mode, as it would silently trash data on updates.
if (
$insertMode
&& $field['Key'] === 'PRI'
&& ($field['Type'] === 'char(36)' || $field['Type'] === 'varchar(36)')
) {
$defaultFunction = $cfg['DefaultFunctions']['FUNC_UUID'];
}
return $defaultFunction;
}
/**
* Creates a dropdown box with MySQL functions for a particular column.
*
* @param array $field Data about the column for which to generate the dropdown
* @param bool $insertMode Whether the operation is 'insert'
* @param array $foreignData Foreign data
*
* @return string An HTML snippet of a dropdown list with function names appropriate for the requested column.
*/
public static function getFunctionsForField(array $field, $insertMode, array $foreignData): string
{
global $dbi;
$defaultFunction = self::getDefaultFunctionForField($field, $insertMode);
// Create the output
$retval = '<option></option>' . "\n";
// loop on the dropdown array and print all available options for that
// field.
$functions = $dbi->types->getAllFunctions();
foreach ($functions as $function) {
$retval .= '<option';
if ($function === $defaultFunction && ! isset($foreignData['foreign_field'])) {
$retval .= ' selected="selected"';
}
$retval .= '>' . $function . '</option>' . "\n";
}
$retval .= '<option value="PHP_PASSWORD_HASH" title="';
$retval .= htmlentities(__('The PHP function password_hash() with default options.'), ENT_COMPAT);
$retval .= '">' . __('password_hash() PHP function') . '</option>' . "\n";
return $retval;
}
/**
* Renders a single link for the top of the navigation panel
*
* @param string $link The url for the link
* @param bool $showText Whether to show the text or to
* only use it for title attributes
* @param string $text The text to display and use for title attributes
* @param bool $showIcon Whether to show the icon
* @param string $icon The filename of the icon to show
* @param string $linkId Value to use for the ID attribute
* @param bool $disableAjax Whether to disable ajax page loading for this link
* @param string $linkTarget The name of the target frame for the link
* @param array $classes HTML classes to apply
*
* @return string HTML code for one link
*/
public static function getNavigationLink(
$link,
$showText,
$text,
$showIcon,
$icon,
$linkId = '',
$disableAjax = false,
$linkTarget = '',
array $classes = []
): string {
$retval = '<a href="' . $link . '"';
if (! empty($linkId)) {
$retval .= ' id="' . $linkId . '"';
}
if (! empty($linkTarget)) {
$retval .= ' target="' . $linkTarget . '"';
}
if ($disableAjax) {
$classes[] = 'disableAjax';
}
if (! empty($classes)) {
$retval .= ' class="' . implode(' ', $classes) . '"';
}
$retval .= ' title="' . $text . '">';
if ($showIcon) {
$retval .= self::getImage($icon, $text);
}
if ($showText) {
$retval .= $text;
}
$retval .= '</a>';
if ($showText) {
$retval .= '<br>';
}
return $retval;
}
/**
* @return array<string, int|string>
* @psalm-return array{pos: int, unlim_num_rows: int, rows: int, sql_query: string}
*/
public static function getStartAndNumberOfRowsFieldsetData(string $sqlQuery): array
{
if (isset($_REQUEST['session_max_rows'])) {
$rows = (int) $_REQUEST['session_max_rows'];
} elseif (isset($_SESSION['tmpval']['max_rows']) && $_SESSION['tmpval']['max_rows'] !== 'all') {
$rows = (int) $_SESSION['tmpval']['max_rows'];
} else {
$rows = (int) $GLOBALS['cfg']['MaxRows'];
$_SESSION['tmpval']['max_rows'] = $rows;
}
$numberOfLine = (int) $_REQUEST['unlim_num_rows'];
if (isset($_REQUEST['pos'])) {
$pos = (int) $_REQUEST['pos'];
} elseif (isset($_SESSION['tmpval']['pos'])) {
$pos = (int) $_SESSION['tmpval']['pos'];
} else {
$pos = ((int) ceil($numberOfLine / $rows) - 1) * $rows;
$_SESSION['tmpval']['pos'] = $pos;
}
return ['pos' => $pos, 'unlim_num_rows' => $numberOfLine, 'rows' => $rows, 'sql_query' => $sqlQuery];
}
/**
* Execute an EXPLAIN query and formats results similar to MySQL command line
* utility.
*
* @param string $sqlQuery EXPLAIN query
*
* @return string query results
*/
private static function generateRowQueryOutput($sqlQuery): string
{
global $dbi;
$ret = '';
$result = $dbi->query($sqlQuery);
$devider = '+';
$columnNames = '|';
$fieldsMeta = $dbi->getFieldsMeta($result);
foreach ($fieldsMeta as $meta) {
$devider .= '---+';
$columnNames .= ' ' . $meta->name . ' |';
}
$devider .= "\n";
$ret .= $devider . $columnNames . "\n" . $devider;
while ($row = $result->fetchRow()) {
$values = '|';
foreach ($row as $value) {
if ($value === null) {
$value = 'NULL';
}
$values .= ' ' . $value . ' |';
}
$ret .= $values . "\n";
}
$ret .= $devider;
return $ret;
}
/**
* Prepare the message and the query
* usually the message is the result of the query executed
*
* @param Message|string $message the message to display
* @param string $sqlQuery the query to display
* @param string $type the type (level) of the message
*
* @throws Throwable
* @throws LoaderError
* @throws RuntimeError
* @throws SyntaxError
*/
public static function getMessage(
$message,
$sqlQuery = null,
$type = 'notice'
): string {
global $cfg, $dbi;
$retval = '';
if ($sqlQuery === null) {
if (! empty($GLOBALS['display_query'])) {
$sqlQuery = $GLOBALS['display_query'];
} elseif (! empty($GLOBALS['unparsed_sql'])) {
$sqlQuery = $GLOBALS['unparsed_sql'];
} elseif (! empty($GLOBALS['sql_query'])) {
$sqlQuery = $GLOBALS['sql_query'];
} else {
$sqlQuery = '';
}
}
$renderSql = $cfg['ShowSQL'] == true && ! empty($sqlQuery) && $sqlQuery !== ';';
if (isset($GLOBALS['using_bookmark_message'])) {
$retval .= $GLOBALS['using_bookmark_message']->getDisplay();
unset($GLOBALS['using_bookmark_message']);
}
if ($renderSql) {
$retval .= '<div class="result_query">' . "\n";
}
if ($message instanceof Message) {
if (isset($GLOBALS['special_message'])) {
$message->addText($GLOBALS['special_message']);
unset($GLOBALS['special_message']);
}
$retval .= $message->getDisplay();
} else {
$context = 'primary';
if ($type === 'error') {
$context = 'danger';
} elseif ($type === 'success') {
$context = 'success';
}
$retval .= '<div class="alert alert-' . $context . '" role="alert">';
$retval .= Sanitize::sanitizeMessage($message);
if (isset($GLOBALS['special_message'])) {
$retval .= Sanitize::sanitizeMessage($GLOBALS['special_message']);
unset($GLOBALS['special_message']);
}
$retval .= '</div>';
}
if ($renderSql) {
$queryTooBig = false;
$queryLength = mb_strlen($sqlQuery);
if ($queryLength > $cfg['MaxCharactersInDisplayedSQL']) {
// when the query is large (for example an INSERT of binary
// data), the parser chokes; so avoid parsing the query
$queryTooBig = true;
$queryBase = mb_substr($sqlQuery, 0, $cfg['MaxCharactersInDisplayedSQL']) . '[...]';
} else {
$queryBase = $sqlQuery;
}
// Html format the query to be displayed
// If we want to show some sql code it is easiest to create it here
/* SQL-Parser-Analyzer */
if (! empty($GLOBALS['show_as_php'])) {
$newLine = '\\n"<br>' . "\n" . ' . "';
$queryBase = htmlspecialchars(addslashes($queryBase));
$queryBase = preg_replace('/((\015\012)|(\015)|(\012))/', $newLine, $queryBase);
$queryBase = '<code class="php"><pre>' . "\n"
. '$sql = "' . $queryBase . '";' . "\n"
. '</pre></code>';
} elseif ($queryTooBig) {
$queryBase = '<code class="sql"><pre>' . "\n" .
htmlspecialchars($queryBase, ENT_COMPAT) .
'</pre></code>';
} else {
$queryBase = self::formatSql($queryBase);
}
// Prepares links that may be displayed to edit/explain the query
// (don't go to default pages, we must go to the page
// where the query box is available)
// Basic url query part
$urlParams = [];
if (! isset($GLOBALS['db'])) {
$GLOBALS['db'] = '';
}
if (strlen($GLOBALS['db']) > 0) {
$urlParams['db'] = $GLOBALS['db'];
if (strlen($GLOBALS['table']) > 0) {
$urlParams['table'] = $GLOBALS['table'];
$editLink = Url::getFromRoute('/table/sql');
} else {
$editLink = Url::getFromRoute('/database/sql');
}
} else {
$editLink = Url::getFromRoute('/server/sql');
}
// Want to have the query explained
// but only explain a SELECT (that has not been explained)
/* SQL-Parser-Analyzer */
$explainLink = '';
$isSelect = preg_match('@^SELECT[[:space:]]+@i', $sqlQuery);
if (! empty($cfg['SQLQuery']['Explain']) && ! $queryTooBig) {
$explainParams = $urlParams;
if ($isSelect) {
$explainParams['sql_query'] = 'EXPLAIN ' . $sqlQuery;
$explainLink = ' [ '
. self::linkOrButton(
Url::getFromRoute('/import'),
$explainParams,
__('Explain SQL')
) . ' ]';
} elseif (preg_match('@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $sqlQuery)) {
$explainParams['sql_query'] = mb_substr($sqlQuery, 8);
$explainLink = ' [ '
. self::linkOrButton(
Url::getFromRoute('/import'),
$explainParams,
__('Skip Explain SQL')
) . ']';
}
}
$urlParams['sql_query'] = $sqlQuery;
$urlParams['show_query'] = 1;
// even if the query is big and was truncated, offer the chance
// to edit it (unless it's enormous, see linkOrButton() )
if (! empty($cfg['SQLQuery']['Edit']) && empty($GLOBALS['show_as_php'])) {
$editLink = ' [ '
. self::linkOrButton($editLink, $urlParams, __('Edit'))
. ' ]';
} else {
$editLink = '';
}
// Also we would like to get the SQL formed in some nice
// php-code
if (! empty($cfg['SQLQuery']['ShowAsPHP']) && ! $queryTooBig) {
if (! empty($GLOBALS['show_as_php'])) {
$phpLink = ' [ '
. self::linkOrButton(
Url::getFromRoute('/import'),
$urlParams,
__('Without PHP code')
)
. ' ]';
$phpLink .= ' [ '
. self::linkOrButton(
Url::getFromRoute('/import'),
$urlParams,
__('Submit query')
)
. ' ]';
} else {
$phpParams = $urlParams;
$phpParams['show_as_php'] = 1;
$phpLink = ' [ '
. self::linkOrButton(
Url::getFromRoute('/import'),
$phpParams,
__('Create PHP code')
)
. ' ]';
}
} else {
$phpLink = '';
}
// Refresh query
if (
! empty($cfg['SQLQuery']['Refresh'])
&& ! isset($GLOBALS['show_as_php']) // 'Submit query' does the same
&& preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $sqlQuery)
) {
$refreshLink = Url::getFromRoute('/sql', $urlParams);
$refreshLink = ' [ '
. self::linkOrButton($refreshLink, $urlParams, __('Refresh')) . ' ]';
} else {
$refreshLink = '';
}
$retval .= '<div class="sqlOuter">';
$retval .= $queryBase;
$retval .= '</div>';
$retval .= '<div class="tools d-print-none">';
$retval .= '<form action="' . Url::getFromRoute('/sql') . '" method="post">';
$retval .= Url::getHiddenInputs($GLOBALS['db'], $GLOBALS['table']);
$retval .= '<input type="hidden" name="sql_query" value="'
. htmlspecialchars($sqlQuery) . '">';
// avoid displaying a Profiling checkbox that could
// be checked, which would re-execute an INSERT, for example
if (! empty($refreshLink) && Profiling::isSupported($dbi)) {
$retval .= '<input type="hidden" name="profiling_form" value="1">';
$retval .= '<input type="checkbox" name="profiling" id="profilingCheckbox" class="autosubmit"';
$retval .= isset($_SESSION['profiling']) ? ' checked' : '';
$retval .= '> <label for="profilingCheckbox">' . __('Profiling') . '</label>';
}
$retval .= '</form>';
/**
* TODO: Should we have $cfg['SQLQuery']['InlineEdit']?
*/
if (! empty($cfg['SQLQuery']['Edit']) && ! $queryTooBig && empty($GLOBALS['show_as_php'])) {
$inlineEditLink = ' [ '
. self::linkOrButton(
'#',
null,
_pgettext('Inline edit query', 'Edit inline'),
['class' => 'inline_edit_sql']
)
. ' ]';
} else {
$inlineEditLink = '';
}
$retval .= $inlineEditLink . $editLink . $explainLink . $phpLink
. $refreshLink;
$retval .= '</div>';
$retval .= '</div>';
}
return $retval;
}
/**
* Displays a link to the PHP documentation
*
* @param string $target anchor in documentation
*
* @return string the html link
*/
public static function showPHPDocumentation($target): string
{
return self::showDocumentationLink(Core::getPHPDocLink($target));
}
/**
* Displays a link to the documentation as an icon
*
* @param string $link documentation link
* @param string $target optional link target
* @param bool $bbcode optional flag indicating whether to output bbcode
*
* @return string the html link
*/
public static function showDocumentationLink($link, $target = 'documentation', $bbcode = false): string
{
if ($bbcode) {
return '[a@' . $link . '@' . $target . '][dochelpicon][/a]';
}
return '<a href="' . $link . '" target="' . $target . '">'
. self::getImage('b_help', __('Documentation'))
. '</a>';
}
/**
* Displays a MySQL error message in the main panel when $exit is true.
* Returns the error message otherwise.
*
* @param string $serverMessage Server's error message.
* @param string $sqlQuery The SQL query that failed.
* @param bool $isModifyLink Whether to show a "modify" link or not.
* @param string $backUrl URL for the "back" link (full path is not required).
* @param bool $exit Whether execution should be stopped or the error message should be returned.
*
* @global string $table The current table.
* @global string $db The current database.
*/
public static function mysqlDie(
$serverMessage = '',
$sqlQuery = '',
$isModifyLink = true,
$backUrl = '',
$exit = true
): ?string {
global $table, $db, $dbi;
/**
* Error message to be built.
*/
$errorMessage = '';
// Checking for any server errors.
if (empty($serverMessage)) {
$serverMessage = $dbi->getError();
}
// Finding the query that failed, if not specified.
if (empty($sqlQuery) && ! empty($GLOBALS['sql_query'])) {
$sqlQuery = $GLOBALS['sql_query'];
}
$sqlQuery = trim($sqlQuery);
/**
* The lexer used for analysis.
*/
$lexer = new Lexer($sqlQuery);
/**
* The parser used for analysis.
*/
$parser = new Parser($lexer->list);
/**
* The errors found by the lexer and the parser.
*/
$errors = ParserError::get(
[
$lexer,
$parser,
]
);
if (empty($sqlQuery)) {
$formattedSql = '';
} elseif (count($errors)) {
$formattedSql = htmlspecialchars($sqlQuery);
} else {
$formattedSql = self::formatSql($sqlQuery, true);
}
$errorMessage .= '<div class="alert alert-danger" role="alert"><h1>' . __('Error') . '</h1>';
// For security reasons, if the MySQL refuses the connection, the query
// is hidden so no details are revealed.
if (! empty($sqlQuery) && ! mb_strstr($sqlQuery, 'connect')) {
// Static analysis errors.
if (! empty($errors)) {
$errorMessage .= '<p><strong>' . __('Static analysis:')
. '</strong></p>';
$errorMessage .= '<p>' . sprintf(
__('%d errors were found during analysis.'),
count($errors)
) . '</p>';
$errorMessage .= '<p><ol>';
$errorMessage .= implode(
ParserError::format(
$errors,
'<li>%2$s (near "%4$s" at position %5$d)</li>'
)
);
$errorMessage .= '</ol></p>';
}
// Display the SQL query and link to MySQL documentation.
$errorMessage .= '<p><strong>' . __('SQL query:') . '</strong>' . self::showCopyToClipboard(
$sqlQuery
) . "\n";
$formattedSqlToLower = mb_strtolower($formattedSql);
// TODO: Show documentation for all statement types.
if (mb_strstr($formattedSqlToLower, 'select')) {
// please show me help to the error on select
$errorMessage .= MySQLDocumentation::show('SELECT');
}
if ($isModifyLink) {
$urlParams = [
'sql_query' => $sqlQuery,
'show_query' => 1,
];
if (strlen($table) > 0) {
$urlParams['db'] = $db;
$urlParams['table'] = $table;
$doEditGoto = '<a href="' . Url::getFromRoute('/table/sql', $urlParams) . '">';
} elseif (strlen($db) > 0) {
$urlParams['db'] = $db;
$doEditGoto = '<a href="' . Url::getFromRoute('/database/sql', $urlParams) . '">';
} else {
$doEditGoto = '<a href="' . Url::getFromRoute('/server/sql', $urlParams) . '">';
}
$errorMessage .= $doEditGoto
. self::getIcon('b_edit', __('Edit'))
. '</a>';
}
$errorMessage .= ' </p>' . "\n"
. '<p>' . "\n"
. $formattedSql . "\n"
. '</p>' . "\n";
}
// Display server's error.
if ($serverMessage !== '') {
$serverMessage = (string) preg_replace("@((\015\012)|(\015)|(\012)){3,}@", "\n\n", $serverMessage);
// Adds a link to MySQL documentation.
$errorMessage .= '<p>' . "\n"
. ' <strong>' . __('MySQL said: ') . '</strong>'
. MySQLDocumentation::show('server-error-reference')
. "\n"
. '</p>' . "\n";
// The error message will be displayed within a CODE segment.
// To preserve original formatting, but allow word-wrapping,
// a couple of replacements are done.
// All non-single blanks and TAB-characters are replaced with their
// HTML-counterpart
$serverMessage = str_replace(
[
' ',
"\t",
],
[
' ',
' ',
],
$serverMessage
);
// Replace line breaks
$serverMessage = nl2br($serverMessage);
$errorMessage .= '<code>' . $serverMessage . '</code><br>';
}
$errorMessage .= '</div>';
$_SESSION['Import_message']['message'] = $errorMessage;
if (! $exit) {
return $errorMessage;
}
/**
* If this is an AJAX request, there is no "Back" link and
* `Response()` is used to send the response.
*/
$response = ResponseRenderer::getInstance();
if ($response->isAjax()) {
$response->setRequestStatus(false);
$response->addJSON('message', $errorMessage);
exit;
}
if (! empty($backUrl)) {
if (mb_strstr($backUrl, '?')) {
$backUrl .= '&no_history=true';
} else {
$backUrl .= '?no_history=true';
}
$_SESSION['Import_message']['go_back_url'] = $backUrl;
$errorMessage .= '<fieldset class="pma-fieldset tblFooters">'
. '[ <a href="' . $backUrl . '">' . __('Back') . '</a> ]'
. '</fieldset>' . "\n\n";
}
exit($errorMessage);
}
/**
* Returns an HTML IMG tag for a particular image from a theme
*
* The image name should match CSS class defined in icons.css.php
*
* @param string $image The name of the file to get
* @param string $alternate Used to set 'alt' and 'title' attributes
* of the image
* @param array $attributes An associative array of other attributes
*
* @return string an html IMG tag
*/
public static function getImage($image, $alternate = '', array $attributes = []): string
{
$alternate = htmlspecialchars($alternate);
if (isset($attributes['class'])) {
$attributes['class'] = 'icon ic_' . $image . ' ' . $attributes['class'];
} else {
$attributes['class'] = 'icon ic_' . $image;
}
// set all other attributes
$attributeString = '';
foreach ($attributes as $key => $value) {
if (in_array($key, ['alt', 'title'])) {
continue;
}
$attributeString .= ' ' . $key . '="' . $value . '"';
}
// override the alt attribute
$alt = $attributes['alt'] ?? $alternate;
// override the title attribute
$title = $attributes['title'] ?? $alternate;
// generate the IMG tag
$template = '<img src="themes/dot.gif" title="%s" alt="%s"%s>';
return sprintf($template, $title, $alt, $attributeString);
}
/**
* Displays a link, or a link with code to trigger POST request.
*
* POST is used in following cases:
*
* - URL is too long
* - URL components are over Suhosin limits
* - There is SQL query in the parameters
*
* @param string $urlPath the URL
* @param array<int|string, mixed>|null $urlParams URL parameters
* @param string $message the link message
* @param string|array<string, string> $tagParams string: js confirmation;
* array: additional tag params (f.e. style="")
* @param string $target target
*
* @return string the results to be echoed or saved in an array
*/
public static function linkOrButton(
$urlPath,
$urlParams,
$message,
$tagParams = [],
$target = '',
bool $respectUrlLengthLimit = true
): string {
$url = $urlPath;
if (is_array($urlParams)) {
$url = $urlPath . Url::getCommon($urlParams, str_contains($urlPath, '?') ? '&' : '?', false);
}
$urlLength = strlen($url);
if (! is_array($tagParams)) {
$tmp = $tagParams;
$tagParams = [];
if (! empty($tmp)) {
$tagParams['onclick'] = 'return Functions.confirmLink(this, \''
. Sanitize::escapeJsString($tmp) . '\')';
}
unset($tmp);
}
if (! empty($target)) {
$tagParams['target'] = $target;
if ($target === '_blank' && str_starts_with($url, 'url.php?')) {
$tagParams['rel'] = 'noopener noreferrer';
}
}
// Suhosin: Check that each query parameter is not above maximum
$inSuhosinLimits = true;
if ($urlLength <= $GLOBALS['cfg']['LinkLengthLimit']) {
$suhosinGetMaxValueLength = ini_get('suhosin.get.max_value_length');
if ($suhosinGetMaxValueLength) {
$queryParts = Util::splitURLQuery($url);
foreach ($queryParts as $queryPair) {
if (! str_contains($queryPair, '=')) {
continue;
}
[, $eachValue] = explode('=', $queryPair);
if (strlen($eachValue) > $suhosinGetMaxValueLength) {
$inSuhosinLimits = false;
break;
}
}
}
}
$tagParamsStrings = [];
$isDataPostFormatSupported = ($urlLength > $GLOBALS['cfg']['LinkLengthLimit'])
|| ! $inSuhosinLimits
// Has as sql_query without a signature, to be accepted it needs
// to be sent using POST
|| (
str_contains($url, 'sql_query=')
&& ! str_contains($url, 'sql_signature=')
)
|| str_contains($url, 'view[as]=');
if ($respectUrlLengthLimit && $isDataPostFormatSupported) {
$parts = explode('?', $url, 2);
/*
* The data-post indicates that client should do POST
* this is handled in js/ajax.js
*/
$tagParamsStrings[] = 'data-post="' . ($parts[1] ?? '') . '"';
$url = $parts[0];
if (array_key_exists('class', $tagParams) && str_contains($tagParams['class'], 'create_view')) {
$url .= '?' . explode('&', $parts[1], 2)[0];
}
} else {
$url = $urlPath;
if (is_array($urlParams)) {
$url = $urlPath . Url::getCommon($urlParams, str_contains($urlPath, '?') ? '&' : '?');
}
}
foreach ($tagParams as $paramName => $paramValue) {
$tagParamsStrings[] = $paramName . '="' . htmlspecialchars($paramValue) . '"';
}
// no whitespace within an <a> else Safari will make it part of the link
return '<a href="' . $url . '" '
. implode(' ', $tagParamsStrings) . '>'
. $message . '</a>';
}
/**
* Prepare navigation for a list
*
* @param int $count number of elements in the list
* @param int $pos current position in the list
* @param array $urlParams url parameters
* @param string $script script name for form target
* @param string $frame target frame
* @param int $maxCount maximum number of elements to display from
* the list
* @param string $name the name for the request parameter
* @param string[] $classes additional classes for the container
*
* @return string the html content
*
* @todo use $pos from $_url_params
*/
public static function getListNavigator(
$count,
$pos,
array $urlParams,
$script,
$frame,
$maxCount,
$name = 'pos',
$classes = []
): string {
// This is often coming from $cfg['MaxTableList'] and
// people sometimes set it to empty string
$maxCount = intval($maxCount);
if ($maxCount <= 0) {
$maxCount = 250;
}
$pageSelector = '';
if ($maxCount < $count) {
$classes[] = 'pageselector';
$pageSelector = Util::pageselector(
$name,
$maxCount,
Util::getPageFromPosition($pos, $maxCount),
(int) ceil($count / $maxCount)
);
}
return (new Template())->render('list_navigator', [
'count' => $count,
'max_count' => $maxCount,
'classes' => $classes,
'frame' => $frame,
'position' => $pos,
'script' => $script,
'url_params' => $urlParams,
'param_name' => $name,
'page_selector' => $pageSelector,
]);
}
/**
* format sql strings
*
* @param string $sqlQuery raw SQL string
* @param bool $truncate truncate the query if it is too long
*
* @return string the formatted sql
*
* @global array $cfg the configuration array
*/
public static function formatSql($sqlQuery, $truncate = false): string
{
global $cfg;
if ($truncate && mb_strlen($sqlQuery) > $cfg['MaxCharactersInDisplayedSQL']) {
$sqlQuery = mb_substr($sqlQuery, 0, $cfg['MaxCharactersInDisplayedSQL']) . '[...]';
}
return '<code class="sql"><pre>' . "\n"
. htmlspecialchars($sqlQuery, ENT_COMPAT) . "\n"
. '</pre></code>';
}
/**
* This function processes the datatypes supported by the DB,
* as specified in Types->getColumns() and returns an HTML snippet that
* creates a drop-down list.
*
* @param string $selected The value to mark as selected in HTML mode
*/
public static function getSupportedDatatypes($selected): string
{
global $dbi;
// NOTE: the SELECT tag is not included in this snippet.
$retval = '';
foreach ($dbi->types->getColumns() as $key => $value) {
if (is_array($value)) {
$retval .= '<optgroup label="' . htmlspecialchars($key) . '">';
foreach ($value as $subvalue) {
if ($subvalue === '-') {
$retval .= '<option disabled="disabled">';
$retval .= $subvalue;
$retval .= '</option>';
continue;
}
$isLengthRestricted = Compatibility::isIntegersSupportLength($subvalue, '2', $dbi);
$retval .= sprintf(
'<option data-length-restricted="%b" %s title="%s">%s</option>',
$isLengthRestricted ? 0 : 1,
$selected === $subvalue ? 'selected="selected"' : '',
$dbi->types->getTypeDescription($subvalue),
$subvalue
);
}
$retval .= '</optgroup>';
continue;
}
$isLengthRestricted = Compatibility::isIntegersSupportLength($value, '2', $dbi);
$retval .= sprintf(
'<option data-length-restricted="%b" %s title="%s">%s</option>',
$isLengthRestricted ? 0 : 1,
$selected === $value ? 'selected="selected"' : '',
$dbi->types->getTypeDescription($value),
$value
);
}
return $retval;
}
}
|