⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.103
Server IP:
45.79.8.107
Server:
Linux localhost 5.15.0-161-generic #171-Ubuntu SMP Sat Oct 11 08:17:01 UTC 2025 x86_64
Server Software:
nginx/1.18.0
PHP Version:
8.1.2-1ubuntu2.22
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
share
/
phpmyadmin
/
libraries
/
classes
/
View File Name :
Config.php
<?php /** * Configuration handling. */ declare(strict_types=1); namespace PhpMyAdmin; use const DIRECTORY_SEPARATOR; use const E_USER_ERROR; use const PHP_OS; use const PHP_URL_PATH; use const PHP_URL_SCHEME; use const PHP_VERSION_ID; use function array_filter; use function array_flip; use function array_intersect_key; use function array_keys; use function array_merge; use function array_replace_recursive; use function array_slice; use function count; use function define; use function defined; use function error_get_last; use function error_reporting; use function explode; use function fclose; use function file_exists; use function filemtime; use function fileperms; use function fopen; use function fread; use function function_exists; use function gd_info; use function implode; use function ini_get; use function intval; use function is_dir; use function is_int; use function is_numeric; use function is_readable; use function is_string; use function is_writable; use function max; use function mb_strstr; use function mb_strtolower; use function md5; use function min; use function mkdir; use function ob_end_clean; use function ob_get_clean; use function ob_start; use function parse_url; use function preg_match; use function realpath; use function rtrim; use function setcookie; use function sprintf; use function str_replace; use function stripos; use function strlen; use function strpos; use function strtolower; use function substr; use function sys_get_temp_dir; use function time; use function trigger_error; use function trim; use function crc32; /** * Configuration class */ class Config { /** @var string default config source */ public $defaultSource = ROOT_PATH . 'libraries/config.default.php'; /** @var array default configuration settings */ public $default = []; /** @var array configuration settings, without user preferences applied */ public $baseSettings = []; /** @var array configuration settings */ public $settings = []; /** @var string config source */ public $source = ''; /** @var int source modification time */ public $sourceMtime = 0; /** @var int */ public $defaultSourceMtime = 0; /** @var int */ public $setMtime = 0; /** @var bool */ public $errorConfigFile = false; /** @var bool */ public $errorConfigDefaultFile = false; /** @var array */ public $defaultServer = []; /** * @var bool whether init is done or not * set this to false to force some initial checks * like checking for required functions */ public $done = false; /** * @param string $source source to read config from */ public function __construct(?string $source = null) { $this->settings = ['is_setup' => false]; // functions need to refresh in case of config file changed goes in // PhpMyAdmin\Config::load() $this->load($source); // other settings, independent from config file, comes in $this->checkSystem(); $this->baseSettings = $this->settings; } /** * sets system and application settings */ public function checkSystem(): void { // All the version handling is now done in the Version class $this->set('PMA_VERSION', Version::VERSION); $this->set('PMA_MAJOR_VERSION', Version::SERIES); $this->checkWebServerOs(); $this->checkWebServer(); $this->checkGd2(); $this->checkClient(); $this->checkUpload(); $this->checkUploadSize(); $this->checkOutputCompression(); } /** * whether to use gzip output compression or not */ public function checkOutputCompression(): void { // If zlib output compression is set in the php configuration file, no // output buffering should be run if (ini_get('zlib.output_compression')) { $this->set('OBGzip', false); } // enable output-buffering (if set to 'auto') if (strtolower((string) $this->get('OBGzip')) !== 'auto') { return; } $this->set('OBGzip', true); } /** * Sets the client platform based on user agent * * @param string $user_agent the user agent */ private function setClientPlatform(string $user_agent): void { if (mb_strstr($user_agent, 'Win')) { $this->set('PMA_USR_OS', 'Win'); } elseif (mb_strstr($user_agent, 'Mac')) { $this->set('PMA_USR_OS', 'Mac'); } elseif (mb_strstr($user_agent, 'Linux')) { $this->set('PMA_USR_OS', 'Linux'); } elseif (mb_strstr($user_agent, 'Unix')) { $this->set('PMA_USR_OS', 'Unix'); } elseif (mb_strstr($user_agent, 'OS/2')) { $this->set('PMA_USR_OS', 'OS/2'); } else { $this->set('PMA_USR_OS', 'Other'); } } /** * Determines platform (OS), browser and version of the user * Based on a phpBuilder article: * * @see http://www.phpbuilder.net/columns/tim20000821.php */ public function checkClient(): void { if (Core::getenv('HTTP_USER_AGENT')) { $HTTP_USER_AGENT = Core::getenv('HTTP_USER_AGENT'); } else { $HTTP_USER_AGENT = ''; } // 1. Platform $this->setClientPlatform($HTTP_USER_AGENT); // 2. browser and version // (must check everything else before Mozilla) $is_mozilla = preg_match( '@Mozilla/([0-9]\.[0-9]{1,2})@', $HTTP_USER_AGENT, $mozilla_version ); if (preg_match( '@Opera(/| )([0-9]\.[0-9]{1,2})@', $HTTP_USER_AGENT, $log_version )) { $this->set('PMA_USR_BROWSER_VER', $log_version[2]); $this->set('PMA_USR_BROWSER_AGENT', 'OPERA'); } elseif (preg_match( '@(MS)?IE ([0-9]{1,2}\.[0-9]{1,2})@', $HTTP_USER_AGENT, $log_version )) { $this->set('PMA_USR_BROWSER_VER', $log_version[2]); $this->set('PMA_USR_BROWSER_AGENT', 'IE'); } elseif (preg_match( '@Trident/(7)\.0@', $HTTP_USER_AGENT, $log_version )) { $this->set('PMA_USR_BROWSER_VER', intval($log_version[1]) + 4); $this->set('PMA_USR_BROWSER_AGENT', 'IE'); } elseif (preg_match( '@OmniWeb/([0-9]{1,3})@', $HTTP_USER_AGENT, $log_version )) { $this->set('PMA_USR_BROWSER_VER', $log_version[1]); $this->set('PMA_USR_BROWSER_AGENT', 'OMNIWEB'); // Konqueror 2.2.2 says Konqueror/2.2.2 // Konqueror 3.0.3 says Konqueror/3 } elseif (preg_match( '@(Konqueror/)(.*)(;)@', $HTTP_USER_AGENT, $log_version )) { $this->set('PMA_USR_BROWSER_VER', $log_version[2]); $this->set('PMA_USR_BROWSER_AGENT', 'KONQUEROR'); // must check Chrome before Safari } elseif ($is_mozilla && preg_match('@Chrome/([0-9.]*)@', $HTTP_USER_AGENT, $log_version) ) { $this->set('PMA_USR_BROWSER_VER', $log_version[1]); $this->set('PMA_USR_BROWSER_AGENT', 'CHROME'); // newer Safari } elseif ($is_mozilla && preg_match('@Version/(.*) Safari@', $HTTP_USER_AGENT, $log_version) ) { $this->set( 'PMA_USR_BROWSER_VER', $log_version[1] ); $this->set('PMA_USR_BROWSER_AGENT', 'SAFARI'); // older Safari } elseif ($is_mozilla && preg_match('@Safari/([0-9]*)@', $HTTP_USER_AGENT, $log_version) ) { $this->set( 'PMA_USR_BROWSER_VER', $mozilla_version[1] . '.' . $log_version[1] ); $this->set('PMA_USR_BROWSER_AGENT', 'SAFARI'); // Firefox } elseif (! mb_strstr($HTTP_USER_AGENT, 'compatible') && preg_match('@Firefox/([\w.]+)@', $HTTP_USER_AGENT, $log_version) ) { $this->set( 'PMA_USR_BROWSER_VER', $log_version[1] ); $this->set('PMA_USR_BROWSER_AGENT', 'FIREFOX'); } elseif (preg_match('@rv:1\.9(.*)Gecko@', $HTTP_USER_AGENT)) { $this->set('PMA_USR_BROWSER_VER', '1.9'); $this->set('PMA_USR_BROWSER_AGENT', 'GECKO'); } elseif ($is_mozilla) { $this->set('PMA_USR_BROWSER_VER', $mozilla_version[1]); $this->set('PMA_USR_BROWSER_AGENT', 'MOZILLA'); } else { $this->set('PMA_USR_BROWSER_VER', 0); $this->set('PMA_USR_BROWSER_AGENT', 'OTHER'); } } /** * Whether GD2 is present */ public function checkGd2(): void { if ($this->get('GD2Available') === 'yes') { $this->set('PMA_IS_GD2', 1); return; } if ($this->get('GD2Available') === 'no') { $this->set('PMA_IS_GD2', 0); return; } if (! function_exists('imagecreatetruecolor')) { $this->set('PMA_IS_GD2', 0); return; } if (function_exists('gd_info')) { $gd_nfo = gd_info(); if (mb_strstr($gd_nfo['GD Version'], '2.')) { $this->set('PMA_IS_GD2', 1); } else { $this->set('PMA_IS_GD2', 0); } } else { $this->set('PMA_IS_GD2', 0); } } /** * Whether the Web server php is running on is IIS */ public function checkWebServer(): void { // some versions return Microsoft-IIS, some Microsoft/IIS // we could use a preg_match() but it's slower if (Core::getenv('SERVER_SOFTWARE') && stripos(Core::getenv('SERVER_SOFTWARE'), 'Microsoft') !== false && stripos(Core::getenv('SERVER_SOFTWARE'), 'IIS') !== false ) { $this->set('PMA_IS_IIS', 1); } else { $this->set('PMA_IS_IIS', 0); } } /** * Whether the os php is running on is windows or not */ public function checkWebServerOs(): void { // Default to Unix or Equiv $this->set('PMA_IS_WINDOWS', false); // If PHP_OS is defined then continue if (! defined('PHP_OS')) { return; } if (stripos(PHP_OS, 'win') !== false && stripos(PHP_OS, 'darwin') === false) { // Is it some version of Windows $this->set('PMA_IS_WINDOWS', true); } elseif (stripos(PHP_OS, 'OS/2') !== false) { // Is it OS/2 (No file permissions like Windows) $this->set('PMA_IS_WINDOWS', true); } } /** * loads default values from default source * * @return bool success */ public function loadDefaults(): bool { global $isConfigLoading; /** @var array<string,mixed> $cfg */ $cfg = []; if (! @file_exists($this->defaultSource)) { $this->errorConfigDefaultFile = true; return false; } $canUseErrorReporting = Util::isErrorReportingAvailable(); $oldErrorReporting = null; if ($canUseErrorReporting) { $oldErrorReporting = error_reporting(0); } ob_start(); $isConfigLoading = true; $eval_result = include $this->defaultSource; $isConfigLoading = false; ob_end_clean(); if ($canUseErrorReporting) { error_reporting($oldErrorReporting); } if ($eval_result === false) { $this->errorConfigDefaultFile = true; return false; } $this->defaultSourceMtime = filemtime($this->defaultSource); $this->defaultServer = $cfg['Servers'][1]; unset($cfg['Servers']); $this->default = $cfg; $this->settings = array_replace_recursive($this->settings, $cfg); $this->errorConfigDefaultFile = false; return true; } /** * loads configuration from $source, usually the config file * should be called on object creation * * @param string $source config file */ public function load(?string $source = null): bool { global $isConfigLoading; $this->loadDefaults(); if ($source !== null) { $this->setSource($source); } if (! $this->checkConfigSource()) { return false; } $cfg = []; /** * Parses the configuration file, we throw away any errors or * output. */ $canUseErrorReporting = Util::isErrorReportingAvailable(); $oldErrorReporting = null; if ($canUseErrorReporting) { $oldErrorReporting = error_reporting(0); } ob_start(); $isConfigLoading = true; $eval_result = include $this->getSource(); $isConfigLoading = false; ob_end_clean(); if ($canUseErrorReporting) { error_reporting($oldErrorReporting); } if ($eval_result === false) { $this->errorConfigFile = true; } else { $this->errorConfigFile = false; $this->sourceMtime = filemtime($this->getSource()); } /** * Ignore keys with / as we do not use these * * These can be confusing for user configuration layer as it * flatten array using / and thus don't see difference between * $cfg['Export/method'] and $cfg['Export']['method'], while rest * of the code uses the setting only in latter form. * * This could be removed once we consistently handle both values * in the functional code as well. * * It could use array_filter(...ARRAY_FILTER_USE_KEY), but it's not * supported on PHP 5.5 and HHVM. */ $matched_keys = array_filter( array_keys($cfg), static function ($key) { return strpos($key, '/') === false; } ); $cfg = array_intersect_key($cfg, array_flip($matched_keys)); $this->settings = array_replace_recursive($this->settings, $cfg); return true; } /** * Sets the connection collation */ private function setConnectionCollation(): void { global $dbi; $collation_connection = $this->get('DefaultConnectionCollation'); if (empty($collation_connection) || $collation_connection == $GLOBALS['collation_connection'] ) { return; } $dbi->setCollation($collation_connection); } /** * Loads user preferences and merges them with current config * must be called after control connection has been established */ public function loadUserPreferences(): void { $userPreferences = new UserPreferences(); // index.php should load these settings, so that phpmyadmin.css.php // will have everything available in session cache $server = $GLOBALS['server'] ?? (! empty($GLOBALS['cfg']['ServerDefault']) ? $GLOBALS['cfg']['ServerDefault'] : 0); $cache_key = 'server_' . $server; if ($server > 0 && ! defined('PMA_MINIMUM_COMMON')) { $config_mtime = max($this->defaultSourceMtime, $this->sourceMtime); // cache user preferences, use database only when needed if (! isset($_SESSION['cache'][$cache_key]['userprefs']) || $_SESSION['cache'][$cache_key]['config_mtime'] < $config_mtime ) { $prefs = $userPreferences->load(); $_SESSION['cache'][$cache_key]['userprefs'] = $userPreferences->apply($prefs['config_data']); $_SESSION['cache'][$cache_key]['userprefs_mtime'] = $prefs['mtime']; $_SESSION['cache'][$cache_key]['userprefs_type'] = $prefs['type']; $_SESSION['cache'][$cache_key]['config_mtime'] = $config_mtime; } } elseif ($server == 0 || ! isset($_SESSION['cache'][$cache_key]['userprefs']) ) { $this->set('user_preferences', false); return; } $config_data = $_SESSION['cache'][$cache_key]['userprefs']; // type is 'db' or 'session' $this->set( 'user_preferences', $_SESSION['cache'][$cache_key]['userprefs_type'] ); $this->set( 'user_preferences_mtime', $_SESSION['cache'][$cache_key]['userprefs_mtime'] ); // load config array $this->settings = array_replace_recursive($this->settings, $config_data); $GLOBALS['cfg'] = array_replace_recursive($GLOBALS['cfg'], $config_data); if (defined('PMA_MINIMUM_COMMON')) { return; } // settings below start really working on next page load, but // changes are made only in index.php so everything is set when // in frames // save theme /** @var ThemeManager $tmanager */ $tmanager = ThemeManager::getInstance(); if ($tmanager->getThemeCookie() || isset($_REQUEST['set_theme'])) { if ((! isset($config_data['ThemeDefault']) && $tmanager->theme->getId() !== 'original') || isset($config_data['ThemeDefault']) && $config_data['ThemeDefault'] != $tmanager->theme->getId() ) { // new theme was set in common.inc.php $this->setUserValue( null, 'ThemeDefault', $tmanager->theme->getId(), 'original' ); } } else { // no cookie - read default from settings if ($tmanager->theme !== null && $this->settings['ThemeDefault'] != $tmanager->theme->getId() && $tmanager->checkTheme($this->settings['ThemeDefault']) ) { $tmanager->setActiveTheme($this->settings['ThemeDefault']); $tmanager->setThemeCookie(); } } // save language if ($this->issetCookie('pma_lang') || isset($_POST['lang'])) { if ((! isset($config_data['lang']) && $GLOBALS['lang'] !== 'en') || isset($config_data['lang']) && $GLOBALS['lang'] != $config_data['lang'] ) { $this->setUserValue(null, 'lang', $GLOBALS['lang'], 'en'); } } else { // read language from settings if (isset($config_data['lang'])) { $language = LanguageManager::getInstance()->getLanguage( $config_data['lang'] ); if ($language !== false) { $language->activate(); $this->setCookie('pma_lang', $language->getCode()); } } } // set connection collation $this->setConnectionCollation(); } /** * Sets config value which is stored in user preferences (if available) * or in a cookie. * * If user preferences are not yet initialized, option is applied to * global config and added to a update queue, which is processed * by {@link loadUserPreferences()} * * @param string|null $cookie_name can be null * @param string $cfg_path configuration path * @param string $new_cfg_value new value * @param string|null $default_value default value * * @return true|Message */ public function setUserValue( ?string $cookie_name, string $cfg_path, $new_cfg_value, $default_value = null ) { $userPreferences = new UserPreferences(); $result = true; // use permanent user preferences if possible $prefs_type = $this->get('user_preferences'); if ($prefs_type) { if ($default_value === null) { $default_value = Core::arrayRead($cfg_path, $this->default); } $result = $userPreferences->persistOption($cfg_path, $new_cfg_value, $default_value); } if ($prefs_type !== 'db' && $cookie_name) { // fall back to cookies if ($default_value === null) { $default_value = Core::arrayRead($cfg_path, $this->settings); } $this->setCookie($cookie_name, $new_cfg_value, $default_value); } Core::arrayWrite($cfg_path, $GLOBALS['cfg'], $new_cfg_value); Core::arrayWrite($cfg_path, $this->settings, $new_cfg_value); return $result; } /** * Reads value stored by {@link setUserValue()} * * @param string $cookie_name cookie name * @param mixed $cfg_value config value * * @return mixed */ public function getUserValue(string $cookie_name, $cfg_value) { $cookie_exists = ! empty($this->getCookie($cookie_name)); $prefs_type = $this->get('user_preferences'); if ($prefs_type === 'db') { // permanent user preferences value exists, remove cookie if ($cookie_exists) { $this->removeCookie($cookie_name); } } elseif ($cookie_exists) { return $this->getCookie($cookie_name); } // return value from $cfg array return $cfg_value; } /** * set source * * @param string $source source */ public function setSource(string $source): void { $this->source = trim($source); } /** * check config source * * @return bool whether source is valid or not */ public function checkConfigSource(): bool { if (! $this->getSource()) { // no configuration file set at all return false; } if (! @file_exists($this->getSource())) { $this->sourceMtime = 0; return false; } if (! @is_readable($this->getSource())) { // manually check if file is readable // might be bug #3059806 Supporting running from CIFS/Samba shares $contents = false; $handle = @fopen($this->getSource(), 'r'); if ($handle !== false) { $contents = @fread($handle, 1); // reading 1 byte is enough to test fclose($handle); } if ($contents === false) { $this->sourceMtime = 0; Core::fatalError( sprintf( function_exists('__') ? __('Existing configuration file (%s) is not readable.') : 'Existing configuration file (%s) is not readable.', $this->getSource() ) ); return false; } } return true; } /** * verifies the permissions on config file (if asked by configuration) * (must be called after config.inc.php has been merged) */ public function checkPermissions(): void { // Check for permissions (on platforms that support it): if (! $this->get('CheckConfigurationPermissions') || ! @file_exists($this->getSource())) { return; } $perms = @fileperms($this->getSource()); if ($perms === false || (! ($perms & 2))) { return; } // This check is normally done after loading configuration $this->checkWebServerOs(); if ($this->get('PMA_IS_WINDOWS') === true) { return; } $this->sourceMtime = 0; Core::fatalError( __( 'Wrong permissions on configuration file, ' . 'should not be world writable!' ) ); } /** * Checks for errors * (must be called after config.inc.php has been merged) */ public function checkErrors(): void { if ($this->errorConfigDefaultFile) { Core::fatalError( sprintf( __('Could not load default configuration from: %1$s'), $this->defaultSource ) ); } if (! $this->errorConfigFile) { return; } $error = '[strong]' . __('Failed to read configuration file!') . '[/strong]' . '[br][br]' . __( 'This usually means there is a syntax error in it, ' . 'please check any errors shown below.' ) . '[br][br]' . '[conferr]'; trigger_error($error, E_USER_ERROR); } /** * returns specific config setting * * @param string $setting config setting * * @return mixed|null value */ public function get(string $setting) { if (isset($this->settings[$setting])) { return $this->settings[$setting]; } return null; } /** * sets configuration variable * * @param string $setting configuration option * @param mixed $value new value for configuration option */ public function set(string $setting, $value): void { if (isset($this->settings[$setting]) && $this->settings[$setting] === $value ) { return; } $this->settings[$setting] = $value; $this->setMtime = time(); } /** * returns source for current config * * @return string config source */ public function getSource(): string { return $this->source; } /** * returns a unique value to force a CSS reload if either the config * or the theme changes * * @return int Summary of unix timestamps, to be unique on theme parameters * change */ public function getThemeUniqueValue(): int { global $PMA_Theme; return crc32( $this->sourceMtime . $this->defaultSourceMtime . $this->get('user_preferences_mtime') . ($PMA_Theme->mtimeInfo ?? 0) . ($PMA_Theme->filesizeInfo ?? 0) ); } /** * checks if upload is enabled */ public function checkUpload(): void { if (! ini_get('file_uploads')) { $this->set('enable_upload', false); return; } $this->set('enable_upload', true); // if set "php_admin_value file_uploads Off" in httpd.conf // ini_get() also returns the string "Off" in this case: if (strtolower((string) ini_get('file_uploads')) !== 'off') { return; } $this->set('enable_upload', false); } /** * Maximum upload size as limited by PHP * Used with permission from Moodle (https://moodle.org/) by Martin Dougiamas * * this section generates $max_upload_size in bytes */ public function checkUploadSize(): void { $fileSize = ini_get('upload_max_filesize'); if (! $fileSize) { $fileSize = '5M'; } $size = Core::getRealSize($fileSize); $postSize = ini_get('post_max_size'); if ($postSize) { $size = min($size, Core::getRealSize($postSize)); } $this->set('max_upload_size', $size); } /** * Checks if protocol is https * * This function checks if the https protocol on the active connection. */ public function isHttps(): bool { if ($this->get('is_https') !== null) { return $this->get('is_https'); } $url = $this->get('PmaAbsoluteUri'); $is_https = false; if (! empty($url) && parse_url($url, PHP_URL_SCHEME) === 'https') { $is_https = true; } elseif (strtolower(Core::getenv('HTTP_SCHEME')) === 'https') { $is_https = true; } elseif (strtolower(Core::getenv('HTTPS')) === 'on') { $is_https = true; } elseif (strtolower(substr(Core::getenv('REQUEST_URI'), 0, 6)) === 'https:') { $is_https = true; } elseif (strtolower(Core::getenv('HTTP_HTTPS_FROM_LB')) === 'on') { // A10 Networks load balancer $is_https = true; } elseif (strtolower(Core::getenv('HTTP_FRONT_END_HTTPS')) === 'on') { $is_https = true; } elseif (strtolower(Core::getenv('HTTP_X_FORWARDED_PROTO')) === 'https') { $is_https = true; } elseif (strtolower(Core::getenv('HTTP_CLOUDFRONT_FORWARDED_PROTO')) === 'https') { // Amazon CloudFront, issue #15621 $is_https = true; } elseif (Util::getProtoFromForwardedHeader(Core::getenv('HTTP_FORWARDED')) === 'https') { // RFC 7239 Forwarded header $is_https = true; } elseif (Core::getenv('SERVER_PORT') == 443) { $is_https = true; } $this->set('is_https', $is_https); return $is_https; } /** * Get phpMyAdmin root path */ public function getRootPath(): string { static $cookie_path = null; if ($cookie_path !== null && ! defined('TESTSUITE')) { return $cookie_path; } $url = $this->get('PmaAbsoluteUri'); if (! empty($url)) { $path = parse_url($url, PHP_URL_PATH); if (! empty($path)) { if (substr($path, -1) !== '/') { return $path . '/'; } return $path; } } $parsedUrlPath = parse_url($GLOBALS['PMA_PHP_SELF'], PHP_URL_PATH); $parts = explode( '/', rtrim(str_replace('\\', '/', $parsedUrlPath), '/') ); /* Remove filename */ if (substr($parts[count($parts) - 1], -4) === '.php') { $parts = array_slice($parts, 0, count($parts) - 1); } /* Remove extra path from javascript calls */ if (defined('PMA_PATH_TO_BASEDIR')) { $parts = array_slice($parts, 0, count($parts) - 1); } $parts[] = ''; return implode('/', $parts); } /** * enables backward compatibility */ public function enableBc(): void { $GLOBALS['cfg'] = $this->settings; $GLOBALS['default_server'] = $this->defaultServer; unset($this->defaultServer); $GLOBALS['is_upload'] = $this->get('enable_upload'); $GLOBALS['max_upload_size'] = $this->get('max_upload_size'); $GLOBALS['is_https'] = $this->get('is_https'); $defines = [ 'PMA_VERSION', 'PMA_MAJOR_VERSION', 'PMA_THEME_VERSION', 'PMA_THEME_GENERATION', 'PMA_IS_WINDOWS', 'PMA_IS_GD2', 'PMA_USR_OS', 'PMA_USR_BROWSER_VER', 'PMA_USR_BROWSER_AGENT', ]; foreach ($defines as $define) { if (defined($define)) { continue; } define($define, $this->get($define)); } } /** * removes cookie * * @param string $cookieName name of cookie to remove * * @return bool result of setcookie() */ public function removeCookie(string $cookieName): bool { $httpCookieName = $this->getCookieName($cookieName); if ($this->issetCookie($cookieName)) { unset($_COOKIE[$httpCookieName]); } if (defined('TESTSUITE')) { return true; } return setcookie( $httpCookieName, '', time() - 3600, $this->getRootPath(), '', $this->isHttps() ); } /** * sets cookie if value is different from current cookie value, * or removes if value is equal to default * * @param string $cookie name of cookie to remove * @param string $value new cookie value * @param string $default default value * @param int $validity validity of cookie in seconds (default is one month) * @param bool $httponly whether cookie is only for HTTP (and not for scripts) * * @return bool result of setcookie() */ public function setCookie( string $cookie, string $value, ?string $default = null, ?int $validity = null, bool $httponly = true ): bool { global $cfg; if (strlen($value) > 0 && $default !== null && $value === $default ) { // default value is used if ($this->issetCookie($cookie)) { // remove cookie return $this->removeCookie($cookie); } return false; } if (strlen($value) === 0 && $this->issetCookie($cookie)) { // remove cookie, value is empty return $this->removeCookie($cookie); } $httpCookieName = $this->getCookieName($cookie); if (! $this->issetCookie($cookie) || $this->getCookie($cookie) !== $value) { // set cookie with new value /* Calculate cookie validity */ if ($validity === null) { /* Valid for one month */ $validity = time() + 2592000; } elseif ($validity == 0) { /* Valid for session */ $validity = 0; } else { $validity = time() + $validity; } if (defined('TESTSUITE')) { $_COOKIE[$httpCookieName] = $value; return true; } if (PHP_VERSION_ID < 70300) { return setcookie( $httpCookieName, $value, $validity, $this->getRootPath() . '; samesite=' . $cfg['CookieSameSite'], '', $this->isHttps(), $httponly ); } $optionalParams = [ 'expires' => $validity, 'path' => $this->getRootPath(), 'domain' => '', 'secure' => $this->isHttps(), 'httponly' => $httponly, 'samesite' => $cfg['CookieSameSite'], ]; return setcookie( $httpCookieName, $value, $optionalParams ); } // cookie has already $value as value return true; } /** * get cookie * * @param string $cookieName The name of the cookie to get * * @return mixed|null result of getCookie() */ public function getCookie(string $cookieName) { if (isset($_COOKIE[$this->getCookieName($cookieName)])) { return $_COOKIE[$this->getCookieName($cookieName)]; } return null; } /** * Get the real cookie name * * @param string $cookieName The name of the cookie */ public function getCookieName(string $cookieName): string { return $cookieName . ( $this->isHttps() ? '_https' : '' ); } /** * isset cookie * * @param string $cookieName The name of the cookie to check * * @return bool result of issetCookie() */ public function issetCookie(string $cookieName): bool { return isset($_COOKIE[$this->getCookieName($cookieName)]); } /** * Error handler to catch fatal errors when loading configuration * file */ public static function fatalErrorHandler(): void { global $isConfigLoading; if (! isset($isConfigLoading) || ! $isConfigLoading) { return; } $error = error_get_last(); if ($error === null) { return; } Core::fatalError( sprintf( 'Failed to load phpMyAdmin configuration (%s:%s): %s', Error::relPath($error['file']), $error['line'], $error['message'] ) ); } /** * Wrapper for footer/header rendering * * @param string $filename File to check and render * @param string $id Div ID */ private static function renderCustom(string $filename, string $id): string { $retval = ''; if (@file_exists($filename)) { $retval .= '<div id="' . $id . '">'; ob_start(); include $filename; $retval .= ob_get_clean(); $retval .= '</div>'; } return $retval; } /** * Renders user configured footer */ public static function renderFooter(): string { return self::renderCustom(CUSTOM_FOOTER_FILE, 'pma_footer'); } /** * Renders user configured footer */ public static function renderHeader(): string { return self::renderCustom(CUSTOM_HEADER_FILE, 'pma_header'); } /** * Returns temporary dir path * * @param string $name Directory name */ public function getTempDir(string $name): ?string { static $temp_dir = []; if (isset($temp_dir[$name]) && ! defined('TESTSUITE')) { return $temp_dir[$name]; } $path = $this->get('TempDir'); if (empty($path)) { $path = null; } else { $path = rtrim($path, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR . $name; if (! @is_dir($path)) { @mkdir($path, 0770, true); } if (! @is_dir($path) || ! @is_writable($path)) { $path = null; } } $temp_dir[$name] = $path; return $path; } /** * Returns temporary directory */ public function getUploadTempDir(): ?string { // First try configured temp dir // Fallback to PHP upload_tmp_dir $dirs = [ $this->getTempDir('upload'), ini_get('upload_tmp_dir'), sys_get_temp_dir(), ]; foreach ($dirs as $dir) { if (! empty($dir) && @is_writable($dir)) { return realpath($dir); } } return null; } /** * Selects server based on request parameters. */ public function selectServer(): int { $request = empty($_REQUEST['server']) ? 0 : $_REQUEST['server']; /** * Lookup server by name * (see FAQ 4.8) */ if (! is_numeric($request)) { foreach ($this->settings['Servers'] as $i => $server) { $verboseToLower = mb_strtolower($server['verbose']); $serverToLower = mb_strtolower($request); if ($server['host'] == $request || $server['verbose'] == $request || $verboseToLower == $serverToLower || md5($verboseToLower) === $serverToLower ) { $request = $i; break; } } if (is_string($request)) { $request = 0; } } /** * If no server is selected, make sure that $this->settings['Server'] is empty (so * that nothing will work), and skip server authentication. * We do NOT exit here, but continue on without logging into any server. * This way, the welcome page will still come up (with no server info) and * present a choice of servers in the case that there are multiple servers * and '$this->settings['ServerDefault'] = 0' is set. */ if (is_numeric($request) && ! empty($request) && ! empty($this->settings['Servers'][$request])) { $server = $request; $this->settings['Server'] = $this->settings['Servers'][$server]; } else { if (! empty($this->settings['Servers'][$this->settings['ServerDefault']])) { $server = $this->settings['ServerDefault']; $this->settings['Server'] = $this->settings['Servers'][$server]; } else { $server = 0; $this->settings['Server'] = []; } } return (int) $server; } /** * Checks whether Servers configuration is valid and possibly apply fixups. */ public function checkServers(): void { // Do we have some server? if (! isset($this->settings['Servers']) || count($this->settings['Servers']) === 0) { // No server => create one with defaults $this->settings['Servers'] = [1 => $this->defaultServer]; } else { // We have server(s) => apply default configuration $new_servers = []; foreach ($this->settings['Servers'] as $server_index => $each_server) { // Detect wrong configuration if (! is_int($server_index) || $server_index < 1) { trigger_error( sprintf(__('Invalid server index: %s'), $server_index), E_USER_ERROR ); } $each_server = array_merge($this->defaultServer, $each_server); // Final solution to bug #582890 // If we are using a socket connection // and there is nothing in the verbose server name // or the host field, then generate a name for the server // in the form of "Server 2", localized of course! if (empty($each_server['host']) && empty($each_server['verbose'])) { $each_server['verbose'] = sprintf(__('Server %d'), $server_index); } $new_servers[$server_index] = $each_server; } $this->settings['Servers'] = $new_servers; } } /** * Return connection parameters for the database server * * @param int $mode Connection mode on of CONNECT_USER, CONNECT_CONTROL * or CONNECT_AUXILIARY. * @param array|null $server Server information like host/port/socket/persistent * * @return array user, host and server settings array */ public static function getConnectionParams(int $mode, ?array $server = null): array { global $cfg; $user = null; $password = null; if ($mode == DatabaseInterface::CONNECT_USER) { $user = $cfg['Server']['user']; $password = $cfg['Server']['password']; $server = $cfg['Server']; } elseif ($mode == DatabaseInterface::CONNECT_CONTROL) { $user = $cfg['Server']['controluser']; $password = $cfg['Server']['controlpass']; $server = []; if (! empty($cfg['Server']['controlhost'])) { $server['host'] = $cfg['Server']['controlhost']; } else { $server['host'] = $cfg['Server']['host']; } // Share the settings if the host is same if ($server['host'] == $cfg['Server']['host']) { $shared = [ 'port', 'socket', 'compress', 'ssl', 'ssl_key', 'ssl_cert', 'ssl_ca', 'ssl_ca_path', 'ssl_ciphers', 'ssl_verify', ]; foreach ($shared as $item) { if (! isset($cfg['Server'][$item])) { continue; } $server[$item] = $cfg['Server'][$item]; } } // Set configured port if (! empty($cfg['Server']['controlport'])) { $server['port'] = $cfg['Server']['controlport']; } // Set any configuration with control_ prefix foreach ($cfg['Server'] as $key => $val) { if (substr($key, 0, 8) !== 'control_') { continue; } $server[substr($key, 8)] = $val; } } else { if ($server === null) { return [ null, null, null, ]; } if (isset($server['user'])) { $user = $server['user']; } if (isset($server['password'])) { $password = $server['password']; } } // Perform sanity checks on some variables $server['port'] = empty($server['port']) ? 0 : (int) $server['port']; if (empty($server['socket'])) { $server['socket'] = null; } if (empty($server['host'])) { $server['host'] = 'localhost'; } if (! isset($server['ssl'])) { $server['ssl'] = false; } if (! isset($server['compress'])) { $server['compress'] = false; } return [ $user, $password, $server, ]; } /** * Get LoginCookieValidity from preferences cache. * * No generic solution for loading preferences from cache as some settings * need to be kept for processing in loadUserPreferences(). * * @see loadUserPreferences() */ public function getLoginCookieValidityFromCache(int $server): void { global $cfg; $cacheKey = 'server_' . $server; if (! isset($_SESSION['cache'][$cacheKey]['userprefs']['LoginCookieValidity'])) { return; } $value = $_SESSION['cache'][$cacheKey]['userprefs']['LoginCookieValidity']; $this->set('LoginCookieValidity', $value); $cfg['LoginCookieValidity'] = $value; } }