Server IP : 85.214.239.14 / Your IP : 3.137.159.163 Web Server : Apache/2.4.62 (Debian) System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.18 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /proc/2/task/2/cwd/var/www/wordpress/phpMyAdmin/libraries/classes/Rte/ |
Upload File : |
<?php /* vim: set expandtab sw=4 ts=4 sts=4: */ /** * Functions for routine management. * * @package PhpMyAdmin */ declare(strict_types=1); namespace PhpMyAdmin\Rte; use PhpMyAdmin\Charsets; use PhpMyAdmin\Charsets\Charset; use PhpMyAdmin\Core; use PhpMyAdmin\DatabaseInterface; use PhpMyAdmin\Message; use PhpMyAdmin\Response; use PhpMyAdmin\SqlParser\Parser; use PhpMyAdmin\SqlParser\Statements\CreateStatement; use PhpMyAdmin\SqlParser\Utils\Routine; use PhpMyAdmin\Template; use PhpMyAdmin\Url; use PhpMyAdmin\Util; /** * PhpMyAdmin\Rte\Routines class * * @package PhpMyAdmin */ class Routines { /** * @var Export */ private $export; /** * @var Footer */ private $footer; /** * @var General */ private $general; /** * @var RteList */ private $rteList; /** * @var Words */ private $words; /** * @var DatabaseInterface */ private $dbi; /** * Routines constructor. * * @param DatabaseInterface $dbi DatabaseInterface object */ public function __construct(DatabaseInterface $dbi) { $this->dbi = $dbi; $this->export = new Export($this->dbi); $this->footer = new Footer($this->dbi); $this->general = new General($this->dbi); $this->rteList = new RteList($this->dbi); $this->words = new Words(); } /** * Sets required globals * * @return void */ public function setGlobals() { global $param_directions, $param_opts_num, $param_sqldataaccess; $param_directions = [ 'IN', 'OUT', 'INOUT', ]; $param_opts_num = [ 'UNSIGNED', 'ZEROFILL', 'UNSIGNED ZEROFILL', ]; $param_sqldataaccess = [ 'NO SQL', 'CONTAINS SQL', 'READS SQL DATA', 'MODIFIES SQL DATA', ]; } /** * Main function for the routines functionality * * @param string $type 'FUNCTION' for functions, * 'PROCEDURE' for procedures, * null for both * * @return void */ public function main($type) { global $db; $this->setGlobals(); /** * Process all requests */ $this->handleEditor(); $this->handleExecute(); $this->export->routines(); /** * Display a list of available routines */ if (! Core::isValid($type, ['FUNCTION', 'PROCEDURE'])) { $type = null; } $items = $this->dbi->getRoutines($db, $type); echo $this->rteList->get('routine', $items); /** * Display the form for adding a new routine, if the user has the privileges. */ echo $this->footer->routines(); /** * Display a warning for users with PHP's old "mysql" extension. */ if (! DatabaseInterface::checkDbExtension('mysqli')) { trigger_error( __( 'You are using PHP\'s deprecated \'mysql\' extension, ' . 'which is not capable of handling multi queries. ' . '[strong]The execution of some stored routines may fail![/strong] ' . 'Please use the improved \'mysqli\' extension to ' . 'avoid any problems.' ), E_USER_WARNING ); } } /** * Handles editor requests for adding or editing an item * * @return void */ public function handleEditor() { global $db, $errors; $errors = $this->handleRequestCreateOrEdit($errors, $db); $response = Response::getInstance(); /** * Display a form used to add/edit a routine, if necessary */ // FIXME: this must be simpler than that if (count($errors) || ( empty($_POST['editor_process_add']) && empty($_POST['editor_process_edit']) && (! empty($_REQUEST['add_item']) || ! empty($_REQUEST['edit_item']) || ! empty($_POST['routine_addparameter']) || ! empty($_POST['routine_removeparameter']) || ! empty($_POST['routine_changetype']))) ) { // Handle requests to add/remove parameters and changing routine type // This is necessary when JS is disabled $operation = ''; if (! empty($_POST['routine_addparameter'])) { $operation = 'add'; } elseif (! empty($_POST['routine_removeparameter'])) { $operation = 'remove'; } elseif (! empty($_POST['routine_changetype'])) { $operation = 'change'; } // Get the data for the form (if any) if (! empty($_REQUEST['add_item'])) { $title = $this->words->get('add'); $routine = $this->getDataFromRequest(); $mode = 'add'; } elseif (! empty($_REQUEST['edit_item'])) { $title = __("Edit routine"); if (! $operation && ! empty($_GET['item_name']) && empty($_POST['editor_process_edit']) ) { $routine = $this->getDataFromName( $_GET['item_name'], $_GET['item_type'] ); if ($routine !== false) { $routine['item_original_name'] = $routine['item_name']; $routine['item_original_type'] = $routine['item_type']; } } else { $routine = $this->getDataFromRequest(); } $mode = 'edit'; } if ($routine !== false) { // Show form $editor = $this->getEditorForm($mode, $operation, $routine); if ($response->isAjax()) { $response->addJSON('message', $editor); $response->addJSON('title', $title); $response->addJSON('paramTemplate', $this->getParameterRow()); $response->addJSON('type', $routine['item_type']); } else { echo "\n\n<h2>$title</h2>\n\n$editor"; } exit; } else { $message = __('Error in processing request:') . ' '; $message .= sprintf( $this->words->get('no_edit'), htmlspecialchars( Util::backquote($_REQUEST['item_name']) ), htmlspecialchars(Util::backquote($db)) ); $message = Message::error($message); if ($response->isAjax()) { $response->setRequestStatus(false); $response->addJSON('message', $message); exit; } else { $message->display(); } } } } /** * Handle request to create or edit a routine * * @param array $errors Errors * @param string $db DB name * * @return array */ public function handleRequestCreateOrEdit(array $errors, $db) { if (empty($_POST['editor_process_add']) && empty($_POST['editor_process_edit']) ) { return $errors; } $sql_query = ''; $routine_query = $this->getQueryFromRequest(); if (! count($errors)) { // Execute the created query if (! empty($_POST['editor_process_edit'])) { $isProcOrFunc = in_array( $_POST['item_original_type'], [ 'PROCEDURE', 'FUNCTION', ] ); if (! $isProcOrFunc) { $errors[] = sprintf( __('Invalid routine type: "%s"'), htmlspecialchars($_POST['item_original_type']) ); } else { // Backup the old routine, in case something goes wrong $create_routine = $this->dbi->getDefinition( $db, $_POST['item_original_type'], $_POST['item_original_name'] ); $privilegesBackup = $this->backupPrivileges(); $drop_routine = "DROP {$_POST['item_original_type']} " . Util::backquote($_POST['item_original_name']) . ";\n"; $result = $this->dbi->tryQuery($drop_routine); if (! $result) { $errors[] = sprintf( __('The following query has failed: "%s"'), htmlspecialchars($drop_routine) ) . '<br>' . __('MySQL said: ') . $this->dbi->getError(); } else { list($newErrors, $message) = $this->create( $routine_query, $create_routine, $privilegesBackup ); if (empty($newErrors)) { $sql_query = $drop_routine . $routine_query; } else { $errors = array_merge($errors, $newErrors); } unset($newErrors); if (null === $message) { unset($message); } } } } else { // 'Add a new routine' mode $result = $this->dbi->tryQuery($routine_query); if (! $result) { $errors[] = sprintf( __('The following query has failed: "%s"'), htmlspecialchars($routine_query) ) . '<br><br>' . __('MySQL said: ') . $this->dbi->getError(); } else { $message = Message::success( __('Routine %1$s has been created.') ); $message->addParam( Util::backquote($_POST['item_name']) ); $sql_query = $routine_query; } } } if (count($errors)) { $message = Message::error( __( 'One or more errors have occurred while' . ' processing your request:' ) ); $message->addHtml('<ul>'); foreach ($errors as $string) { $message->addHtml('<li>' . $string . '</li>'); } $message->addHtml('</ul>'); } $output = Util::getMessage($message, $sql_query); $response = Response::getInstance(); if (! $response->isAjax()) { return $errors; } if (! $message->isSuccess()) { $response->setRequestStatus(false); $response->addJSON('message', $output); exit; } $routines = $this->dbi->getRoutines( $db, $_POST['item_type'], $_POST['item_name'] ); $routine = $routines[0]; $response->addJSON( 'name', htmlspecialchars( mb_strtoupper($_POST['item_name']) ) ); $response->addJSON('new_row', $this->rteList->getRoutineRow($routine)); $response->addJSON('insert', ! empty($routine)); $response->addJSON('message', $output); exit; } /** * Backup the privileges * * @return array */ public function backupPrivileges() { if (! $GLOBALS['proc_priv'] || ! $GLOBALS['is_reload_priv']) { return []; } // Backup the Old Privileges before dropping // if $_POST['item_adjust_privileges'] set if (! isset($_POST['item_adjust_privileges']) || empty($_POST['item_adjust_privileges']) ) { return []; } $privilegesBackupQuery = 'SELECT * FROM ' . Util::backquote( 'mysql' ) . '.' . Util::backquote('procs_priv') . ' where Routine_name = "' . $_POST['item_original_name'] . '" AND Routine_type = "' . $_POST['item_original_type'] . '";'; $privilegesBackup = $this->dbi->fetchResult( $privilegesBackupQuery, 0 ); return $privilegesBackup; } /** * Create the routine * * @param string $routine_query Query to create routine * @param string $create_routine Query to restore routine * @param array $privilegesBackup Privileges backup * * @return array */ public function create( $routine_query, $create_routine, array $privilegesBackup ) { $result = $this->dbi->tryQuery($routine_query); if (! $result) { $errors = []; $errors[] = sprintf( __('The following query has failed: "%s"'), htmlspecialchars($routine_query) ) . '<br>' . __('MySQL said: ') . $this->dbi->getError(); // We dropped the old routine, // but were unable to create the new one // Try to restore the backup query $result = $this->dbi->tryQuery($create_routine); $errors = $this->general->checkResult( $result, __( 'Sorry, we failed to restore' . ' the dropped routine.' ), $create_routine, $errors ); return [ $errors, null, ]; } // Default value $resultAdjust = false; if ($GLOBALS['proc_priv'] && $GLOBALS['is_reload_priv'] ) { // Insert all the previous privileges // but with the new name and the new type foreach ($privilegesBackup as $priv) { $adjustProcPrivilege = 'INSERT INTO ' . Util::backquote('mysql') . '.' . Util::backquote('procs_priv') . ' VALUES("' . $priv[0] . '", "' . $priv[1] . '", "' . $priv[2] . '", "' . $_POST['item_name'] . '", "' . $_POST['item_type'] . '", "' . $priv[5] . '", "' . $priv[6] . '", "' . $priv[7] . '");'; $resultAdjust = $this->dbi->query( $adjustProcPrivilege ); } } $message = $this->flushPrivileges($resultAdjust); return [ [], $message, ]; } /** * Flush privileges and get message * * @param bool $flushPrivileges Flush privileges * * @return Message */ public function flushPrivileges($flushPrivileges) { if ($flushPrivileges) { // Flush the Privileges $flushPrivQuery = 'FLUSH PRIVILEGES;'; $this->dbi->query($flushPrivQuery); $message = Message::success( __( 'Routine %1$s has been modified. Privileges have been adjusted.' ) ); } else { $message = Message::success( __('Routine %1$s has been modified.') ); } $message->addParam( Util::backquote($_POST['item_name']) ); return $message; } /** * This function will generate the values that are required to * complete the editor form. It is especially necessary to handle * the 'Add another parameter', 'Remove last parameter' and * 'Change routine type' functionalities when JS is disabled. * * @return array Data necessary to create the routine editor. */ public function getDataFromRequest() { global $param_directions, $param_sqldataaccess; $retval = []; $indices = [ 'item_name', 'item_original_name', 'item_returnlength', 'item_returnopts_num', 'item_returnopts_text', 'item_definition', 'item_comment', 'item_definer', ]; foreach ($indices as $index) { $retval[$index] = isset($_POST[$index]) ? $_POST[$index] : ''; } $retval['item_type'] = 'PROCEDURE'; $retval['item_type_toggle'] = 'FUNCTION'; if (isset($_REQUEST['item_type']) && $_REQUEST['item_type'] == 'FUNCTION') { $retval['item_type'] = 'FUNCTION'; $retval['item_type_toggle'] = 'PROCEDURE'; } $retval['item_original_type'] = 'PROCEDURE'; if (isset($_POST['item_original_type']) && $_POST['item_original_type'] == 'FUNCTION' ) { $retval['item_original_type'] = 'FUNCTION'; } $retval['item_num_params'] = 0; $retval['item_param_dir'] = []; $retval['item_param_name'] = []; $retval['item_param_type'] = []; $retval['item_param_length'] = []; $retval['item_param_opts_num'] = []; $retval['item_param_opts_text'] = []; if (isset($_POST['item_param_name']) && isset($_POST['item_param_type']) && isset($_POST['item_param_length']) && isset($_POST['item_param_opts_num']) && isset($_POST['item_param_opts_text']) && is_array($_POST['item_param_name']) && is_array($_POST['item_param_type']) && is_array($_POST['item_param_length']) && is_array($_POST['item_param_opts_num']) && is_array($_POST['item_param_opts_text']) ) { if ($_POST['item_type'] == 'PROCEDURE') { $retval['item_param_dir'] = $_POST['item_param_dir']; foreach ($retval['item_param_dir'] as $key => $value) { if (! in_array($value, $param_directions, true)) { $retval['item_param_dir'][$key] = ''; } } } $retval['item_param_name'] = $_POST['item_param_name']; $retval['item_param_type'] = $_POST['item_param_type']; foreach ($retval['item_param_type'] as $key => $value) { if (! in_array($value, Util::getSupportedDatatypes(), true)) { $retval['item_param_type'][$key] = ''; } } $retval['item_param_length'] = $_POST['item_param_length']; $retval['item_param_opts_num'] = $_POST['item_param_opts_num']; $retval['item_param_opts_text'] = $_POST['item_param_opts_text']; $retval['item_num_params'] = max( count($retval['item_param_name']), count($retval['item_param_type']), count($retval['item_param_length']), count($retval['item_param_opts_num']), count($retval['item_param_opts_text']) ); } $retval['item_returntype'] = ''; if (isset($_POST['item_returntype']) && in_array($_POST['item_returntype'], Util::getSupportedDatatypes()) ) { $retval['item_returntype'] = $_POST['item_returntype']; } $retval['item_isdeterministic'] = ''; if (isset($_POST['item_isdeterministic']) && mb_strtolower($_POST['item_isdeterministic']) == 'on' ) { $retval['item_isdeterministic'] = " checked='checked'"; } $retval['item_securitytype_definer'] = ''; $retval['item_securitytype_invoker'] = ''; if (isset($_POST['item_securitytype'])) { if ($_POST['item_securitytype'] === 'DEFINER') { $retval['item_securitytype_definer'] = " selected='selected'"; } elseif ($_POST['item_securitytype'] === 'INVOKER') { $retval['item_securitytype_invoker'] = " selected='selected'"; } } $retval['item_sqldataaccess'] = ''; if (isset($_POST['item_sqldataaccess']) && in_array($_POST['item_sqldataaccess'], $param_sqldataaccess, true) ) { $retval['item_sqldataaccess'] = $_POST['item_sqldataaccess']; } return $retval; } /** * This function will generate the values that are required to complete * the "Edit routine" form given the name of a routine. * * @param string $name The name of the routine. * @param string $type Type of routine (ROUTINE|PROCEDURE) * @param bool $all Whether to return all data or just the info about parameters. * * @return array|bool Data necessary to create the routine editor. */ public function getDataFromName($name, $type, $all = true) { global $db; $retval = []; // Build and execute the query $fields = "SPECIFIC_NAME, ROUTINE_TYPE, DTD_IDENTIFIER, " . "ROUTINE_DEFINITION, IS_DETERMINISTIC, SQL_DATA_ACCESS, " . "ROUTINE_COMMENT, SECURITY_TYPE"; $where = "ROUTINE_SCHEMA " . Util::getCollateForIS() . "=" . "'" . $this->dbi->escapeString($db) . "' " . "AND SPECIFIC_NAME='" . $this->dbi->escapeString($name) . "'" . "AND ROUTINE_TYPE='" . $this->dbi->escapeString($type) . "'"; $query = "SELECT $fields FROM INFORMATION_SCHEMA.ROUTINES WHERE $where;"; $routine = $this->dbi->fetchSingleRow($query, 'ASSOC'); if (! $routine) { return false; } // Get required data $retval['item_name'] = $routine['SPECIFIC_NAME']; $retval['item_type'] = $routine['ROUTINE_TYPE']; $definition = $this->dbi->getDefinition( $db, $routine['ROUTINE_TYPE'], $routine['SPECIFIC_NAME'] ); if ($definition === null) { return false; } $parser = new Parser($definition); /** * @var CreateStatement $stmt */ $stmt = $parser->statements[0]; $params = Routine::getParameters($stmt); $retval['item_num_params'] = $params['num']; $retval['item_param_dir'] = $params['dir']; $retval['item_param_name'] = $params['name']; $retval['item_param_type'] = $params['type']; $retval['item_param_length'] = $params['length']; $retval['item_param_length_arr'] = $params['length_arr']; $retval['item_param_opts_num'] = $params['opts']; $retval['item_param_opts_text'] = $params['opts']; // Get extra data if (! $all) { return $retval; } if ($retval['item_type'] == 'FUNCTION') { $retval['item_type_toggle'] = 'PROCEDURE'; } else { $retval['item_type_toggle'] = 'FUNCTION'; } $retval['item_returntype'] = ''; $retval['item_returnlength'] = ''; $retval['item_returnopts_num'] = ''; $retval['item_returnopts_text'] = ''; if (! empty($routine['DTD_IDENTIFIER'])) { $options = []; foreach ($stmt->return->options->options as $opt) { $options[] = is_string($opt) ? $opt : $opt['value']; } $retval['item_returntype'] = $stmt->return->name; $retval['item_returnlength'] = implode(',', $stmt->return->parameters); $retval['item_returnopts_num'] = implode(' ', $options); $retval['item_returnopts_text'] = implode(' ', $options); } $retval['item_definer'] = $stmt->options->has('DEFINER'); $retval['item_definition'] = $routine['ROUTINE_DEFINITION']; $retval['item_isdeterministic'] = ''; if ($routine['IS_DETERMINISTIC'] == 'YES') { $retval['item_isdeterministic'] = " checked='checked'"; } $retval['item_securitytype_definer'] = ''; $retval['item_securitytype_invoker'] = ''; if ($routine['SECURITY_TYPE'] == 'DEFINER') { $retval['item_securitytype_definer'] = " selected='selected'"; } elseif ($routine['SECURITY_TYPE'] == 'INVOKER') { $retval['item_securitytype_invoker'] = " selected='selected'"; } $retval['item_sqldataaccess'] = $routine['SQL_DATA_ACCESS']; $retval['item_comment'] = $routine['ROUTINE_COMMENT']; return $retval; } /** * Creates one row for the parameter table used in the routine editor. * * @param array $routine Data for the routine returned by * getDataFromRequest() or getDataFromName() * @param mixed $index Either a numeric index of the row being processed * or NULL to create a template row for AJAX request * @param string $class Class used to hide the direction column, if the * row is for a stored function. * * @return string HTML code of one row of parameter table for the editor. */ public function getParameterRow(array $routine = [], $index = null, $class = '') { global $param_directions, $param_opts_num; if ($index === null) { // template row for AJAX request $i = 0; $index = '%s'; $drop_class = ''; $routine = [ 'item_param_dir' => [0 => ''], 'item_param_name' => [0 => ''], 'item_param_type' => [0 => ''], 'item_param_length' => [0 => ''], 'item_param_opts_num' => [0 => ''], 'item_param_opts_text' => [0 => ''], ]; } elseif (! empty($routine)) { // regular row for routine editor $drop_class = ' hide'; $i = $index; } else { // No input data. This shouldn't happen, // but better be safe than sorry. return ''; } $allCharsets = Charsets::getCharsets($this->dbi, $GLOBALS['cfg']['Server']['DisableIS']); $charsets = []; /** @var Charset $charset */ foreach ($allCharsets as $charset) { $charsets[] = [ 'name' => $charset->getName(), 'description' => $charset->getDescription(), 'is_selected' => $charset->getName() === $routine['item_param_opts_text'][$i], ]; } $template = new Template(); return $template->render('rte/routines/parameter_row', [ 'class' => $class, 'index' => $index, 'param_directions' => $param_directions, 'param_opts_num' => $param_opts_num, 'item_param_dir' => $routine['item_param_dir'][$i] ?? '', 'item_param_name' => $routine['item_param_name'][$i] ?? '', 'item_param_length' => $routine['item_param_length'][$i] ?? '', 'item_param_opts_num' => $routine['item_param_opts_num'][$i] ?? '', 'supported_datatypes' => Util::getSupportedDatatypes( true, $routine['item_param_type'][$i] ), 'charsets' => $charsets, 'drop_class' => $drop_class, ]); } /** * Displays a form used to add/edit a routine * * @param string $mode If the editor will be used to edit a routine * or add a new one: 'edit' or 'add'. * @param string $operation If the editor was previously invoked with * JS turned off, this will hold the name of * the current operation * @param array $routine Data for the routine returned by * getDataFromRequest() or getDataFromName() * * @return string HTML code for the editor. */ public function getEditorForm($mode, $operation, array $routine) { global $db, $errors, $param_sqldataaccess, $param_opts_num; $response = Response::getInstance(); // Escape special characters $need_escape = [ 'item_original_name', 'item_name', 'item_returnlength', 'item_definition', 'item_definer', 'item_comment', ]; foreach ($need_escape as $key => $index) { $routine[$index] = htmlentities($routine[$index], ENT_QUOTES, 'UTF-8'); } for ($i = 0; $i < $routine['item_num_params']; $i++) { $routine['item_param_name'][$i] = htmlentities( $routine['item_param_name'][$i], ENT_QUOTES ); $routine['item_param_length'][$i] = htmlentities( $routine['item_param_length'][$i], ENT_QUOTES ); } // Handle some logic first if ($operation == 'change') { if ($routine['item_type'] == 'PROCEDURE') { $routine['item_type'] = 'FUNCTION'; $routine['item_type_toggle'] = 'PROCEDURE'; } else { $routine['item_type'] = 'PROCEDURE'; $routine['item_type_toggle'] = 'FUNCTION'; } } elseif ($operation == 'add' || ($routine['item_num_params'] == 0 && $mode == 'add' && ! $errors) ) { $routine['item_param_dir'][] = ''; $routine['item_param_name'][] = ''; $routine['item_param_type'][] = ''; $routine['item_param_length'][] = ''; $routine['item_param_opts_num'][] = ''; $routine['item_param_opts_text'][] = ''; $routine['item_num_params']++; } elseif ($operation == 'remove') { unset($routine['item_param_dir'][$routine['item_num_params'] - 1]); unset($routine['item_param_name'][$routine['item_num_params'] - 1]); unset($routine['item_param_type'][$routine['item_num_params'] - 1]); unset($routine['item_param_length'][$routine['item_num_params'] - 1]); unset($routine['item_param_opts_num'][$routine['item_num_params'] - 1]); unset($routine['item_param_opts_text'][$routine['item_num_params'] - 1]); $routine['item_num_params']--; } $disableRemoveParam = ''; if (! $routine['item_num_params']) { $disableRemoveParam = " class='isdisableremoveparam_class' disabled=disabled"; } $original_routine = ''; if ($mode == 'edit') { $original_routine = "<input name='item_original_name' " . "type='hidden' " . "value='{$routine['item_original_name']}'>\n" . "<input name='item_original_type' " . "type='hidden' " . "value='{$routine['item_original_type']}'>\n"; } $isfunction_class = ''; $isprocedure_class = ''; $isfunction_select = ''; $isprocedure_select = ''; if ($routine['item_type'] == 'PROCEDURE') { $isfunction_class = ' hide'; $isprocedure_select = " selected='selected'"; } else { $isprocedure_class = ' hide'; $isfunction_select = " selected='selected'"; } // Create the output $retval = ""; $retval .= "<!-- START " . mb_strtoupper($mode) . " ROUTINE FORM -->\n\n"; $retval .= "<form class='rte_form' action='db_routines.php' method='post'>\n"; $retval .= "<input name='{$mode}_item' type='hidden' value='1'>\n"; $retval .= $original_routine; $retval .= Url::getHiddenInputs($db) . "\n"; $retval .= "<fieldset>\n"; $retval .= "<legend>" . __('Details') . "</legend>\n"; $retval .= "<table class='rte_table'>\n"; $retval .= "<tr>\n"; $retval .= " <td>" . __('Routine name') . "</td>\n"; $retval .= " <td><input type='text' name='item_name' maxlength='64'\n"; $retval .= " value='{$routine['item_name']}'></td>\n"; $retval .= "</tr>\n"; $retval .= "<tr>\n"; $retval .= " <td>" . __('Type') . "</td>\n"; $retval .= " <td>\n"; if ($response->isAjax()) { $retval .= " <select name='item_type'>\n" . "<option value='PROCEDURE'$isprocedure_select>PROCEDURE</option>\n" . "<option value='FUNCTION'$isfunction_select>FUNCTION</option>\n" . "</select>\n"; } else { $retval .= "<input name='item_type' type='hidden'" . " value='{$routine['item_type']}'>\n" . "<div class='font_weight_bold center half_width'>\n" . $routine['item_type'] . "\n" . "</div>\n" . "<input type='submit' name='routine_changetype'\n" . " value='" . sprintf(__('Change to %s'), $routine['item_type_toggle']) . "'>\n"; } $retval .= " </td>\n"; $retval .= "</tr>\n"; $retval .= "<tr>\n"; $retval .= " <td>" . __('Parameters') . "</td>\n"; $retval .= " <td>\n"; // parameter handling start $retval .= " <table class='routine_params_table'>\n"; $retval .= " <thead>\n"; $retval .= " <tr>\n"; $retval .= " <td></td>\n"; $retval .= " <th class='routine_direction_cell$isprocedure_class'>" . __('Direction') . "</th>\n"; $retval .= " <th>" . __('Name') . "</th>\n"; $retval .= " <th>" . __('Type') . "</th>\n"; $retval .= " <th>" . __('Length/Values') . "</th>\n"; $retval .= " <th colspan='2'>" . __('Options') . "</th>\n"; $retval .= " <th class='routine_param_remove hide'> </th>\n"; $retval .= " </tr>"; $retval .= " </thead>\n"; $retval .= " <tbody>\n"; for ($i = 0; $i < $routine['item_num_params']; $i++) { // each parameter $retval .= $this->getParameterRow($routine, $i, $isprocedure_class); } $retval .= " </tbody>\n"; $retval .= " </table>"; $retval .= " </td>"; $retval .= "</tr>"; $retval .= "<tr>"; $retval .= " <td> </td>"; $retval .= " <td>"; $retval .= ' <input type="button" class="btn btn-primary"'; $retval .= " name='routine_addparameter'"; $retval .= " value='" . __('Add parameter') . "'>"; $retval .= " <input " . $disableRemoveParam . ""; $retval .= " type='submit' "; $retval .= " name='routine_removeparameter'"; $retval .= " value='" . __('Remove last parameter') . "'>"; $retval .= " </td>"; $retval .= "</tr>"; // parameter handling end $retval .= "<tr class='routine_return_row" . $isfunction_class . "'>"; $retval .= " <td>" . __('Return type') . "</td>"; $retval .= " <td><select name='item_returntype'>"; $retval .= Util::getSupportedDatatypes(true, $routine['item_returntype']); $retval .= " </select></td>"; $retval .= "</tr>"; $retval .= "<tr class='routine_return_row" . $isfunction_class . "'>"; $retval .= " <td>" . __('Return length/values') . "</td>"; $retval .= " <td><input type='text' name='item_returnlength'"; $retval .= " value='" . $routine['item_returnlength'] . "'></td>"; $retval .= " <td class='hide no_len'>---</td>"; $retval .= "</tr>"; $retval .= "<tr class='routine_return_row" . $isfunction_class . "'>"; $retval .= " <td>" . __('Return options') . "</td>"; $retval .= " <td><div>"; $retval .= '<select lang="en" dir="ltr" name="item_returnopts_text">' . "\n"; $retval .= '<option value="">' . __('Charset') . '</option>' . "\n"; $retval .= '<option value=""></option>' . "\n"; $charsets = Charsets::getCharsets($this->dbi, $GLOBALS['cfg']['Server']['DisableIS']); /** @var Charset $charset */ foreach ($charsets as $charset) { $retval .= '<option value="' . $charset->getName() . '" title="' . $charset->getDescription() . '"' . ($routine['item_returnopts_text'] == $charset->getName() ? ' selected' : '') . '>' . $charset->getName() . '</option>' . "\n"; } $retval .= '</select>' . "\n"; $retval .= " </div>"; $retval .= " <div><select name='item_returnopts_num'>"; $retval .= " <option value=''></option>"; foreach ($param_opts_num as $key => $value) { $selected = ""; if (! empty($routine['item_returnopts_num']) && $routine['item_returnopts_num'] == $value ) { $selected = " selected='selected'"; } $retval .= "<option" . $selected . ">" . $value . "</option>"; } $retval .= " </select></div>"; $retval .= " <div class='hide no_opts'>---</div>"; $retval .= "</td>"; $retval .= "</tr>"; $retval .= "<tr>"; $retval .= " <td>" . __('Definition') . "</td>"; $retval .= " <td><textarea name='item_definition' rows='15' cols='40'>"; $retval .= $routine['item_definition']; $retval .= "</textarea></td>"; $retval .= "</tr>"; $retval .= "<tr>"; $retval .= " <td>" . __('Is deterministic') . "</td>"; $retval .= " <td><input type='checkbox' name='item_isdeterministic'" . $routine['item_isdeterministic'] . "></td>"; $retval .= "</tr>"; if (isset($_REQUEST['edit_item']) && ! empty($_REQUEST['edit_item']) ) { $retval .= "<tr>"; $retval .= " <td>" . __('Adjust privileges'); $retval .= Util::showDocu('faq', 'faq6-39'); $retval .= "</td>"; if ($GLOBALS['proc_priv'] && $GLOBALS['is_reload_priv'] ) { $retval .= " <td><input type='checkbox' " . "name='item_adjust_privileges' value='1' checked></td>"; } else { $retval .= " <td><input type='checkbox' " . "name='item_adjust_privileges' value='1' title='" . __( "You do not have sufficient privileges to perform this " . "operation; Please refer to the documentation for more " . "details" ) . "' disabled></td>"; } $retval .= "</tr>"; } $retval .= "<tr>"; $retval .= " <td>" . __('Definer') . "</td>"; $retval .= " <td><input type='text' name='item_definer'"; $retval .= " value='" . $routine['item_definer'] . "'></td>"; $retval .= "</tr>"; $retval .= "<tr>"; $retval .= " <td>" . __('Security type') . "</td>"; $retval .= " <td><select name='item_securitytype'>"; $retval .= " <option value='DEFINER'" . $routine['item_securitytype_definer'] . ">DEFINER</option>"; $retval .= " <option value='INVOKER'" . $routine['item_securitytype_invoker'] . ">INVOKER</option>"; $retval .= " </select></td>"; $retval .= "</tr>"; $retval .= "<tr>"; $retval .= " <td>" . __('SQL data access') . "</td>"; $retval .= " <td><select name='item_sqldataaccess'>"; foreach ($param_sqldataaccess as $key => $value) { $selected = ""; if ($routine['item_sqldataaccess'] == $value) { $selected = " selected='selected'"; } $retval .= " <option" . $selected . ">" . $value . "</option>"; } $retval .= " </select></td>"; $retval .= "</tr>"; $retval .= "<tr>"; $retval .= " <td>" . __('Comment') . "</td>"; $retval .= " <td><input type='text' name='item_comment' maxlength='64'"; $retval .= " value='" . $routine['item_comment'] . "'></td>"; $retval .= "</tr>"; $retval .= "</table>"; $retval .= "</fieldset>"; if ($response->isAjax()) { $retval .= "<input type='hidden' name='editor_process_" . $mode . "'"; $retval .= " value='true'>"; $retval .= "<input type='hidden' name='ajax_request' value='true'>"; } else { $retval .= "<fieldset class='tblFooters'>"; $retval .= " <input type='submit' name='editor_process_" . $mode . "'"; $retval .= " value='" . __('Go') . "'>"; $retval .= "</fieldset>"; } $retval .= "</form>"; $retval .= "<!-- END " . mb_strtoupper($mode) . " ROUTINE FORM -->"; return $retval; } /** * Composes the query necessary to create a routine from an HTTP request. * * @return string The CREATE [ROUTINE | PROCEDURE] query. */ public function getQueryFromRequest() { global $errors, $param_sqldataaccess, $param_directions, $dbi; $_POST['item_type'] = isset($_POST['item_type']) ? $_POST['item_type'] : ''; $query = 'CREATE '; if (! empty($_POST['item_definer'])) { if (mb_strpos($_POST['item_definer'], '@') !== false) { $arr = explode('@', $_POST['item_definer']); $do_backquote = true; if (substr($arr[0], 0, 1) === "`" && substr($arr[0], -1) === "`" ) { $do_backquote = false; } $query .= 'DEFINER=' . Util::backquote($arr[0], $do_backquote); $do_backquote = true; if (substr($arr[1], 0, 1) === "`" && substr($arr[1], -1) === "`" ) { $do_backquote = false; } $query .= '@' . Util::backquote($arr[1], $do_backquote) . ' '; } else { $errors[] = __('The definer must be in the "username@hostname" format!'); } } if ($_POST['item_type'] == 'FUNCTION' || $_POST['item_type'] == 'PROCEDURE' ) { $query .= $_POST['item_type'] . ' '; } else { $errors[] = sprintf( __('Invalid routine type: "%s"'), htmlspecialchars($_POST['item_type']) ); } if (! empty($_POST['item_name'])) { $query .= Util::backquote($_POST['item_name']); } else { $errors[] = __('You must provide a routine name!'); } $params = ''; $warned_about_dir = false; $warned_about_length = false; if (! empty($_POST['item_param_name']) && ! empty($_POST['item_param_type']) && ! empty($_POST['item_param_length']) && is_array($_POST['item_param_name']) && is_array($_POST['item_param_type']) && is_array($_POST['item_param_length']) ) { $item_param_name = $_POST['item_param_name']; $item_param_type = $_POST['item_param_type']; $item_param_length = $_POST['item_param_length']; for ($i = 0, $nb = count($item_param_name); $i < $nb; $i++) { if (! empty($item_param_name[$i]) && ! empty($item_param_type[$i]) ) { if ($_POST['item_type'] == 'PROCEDURE' && ! empty($_POST['item_param_dir'][$i]) && in_array($_POST['item_param_dir'][$i], $param_directions) ) { $params .= $_POST['item_param_dir'][$i] . " " . Util::backquote($item_param_name[$i]) . " " . $item_param_type[$i]; } elseif ($_POST['item_type'] == 'FUNCTION') { $params .= Util::backquote($item_param_name[$i]) . " " . $item_param_type[$i]; } elseif (! $warned_about_dir) { $warned_about_dir = true; $errors[] = sprintf( __('Invalid direction "%s" given for parameter.'), htmlspecialchars($_POST['item_param_dir'][$i]) ); } if ($item_param_length[$i] != '' && ! preg_match( '@^(DATE|TINYBLOB|TINYTEXT|BLOB|TEXT|' . 'MEDIUMBLOB|MEDIUMTEXT|LONGBLOB|LONGTEXT|' . 'SERIAL|BOOLEAN)$@i', $item_param_type[$i] ) ) { $params .= "(" . $item_param_length[$i] . ")"; } elseif ($item_param_length[$i] == '' && preg_match( '@^(ENUM|SET|VARCHAR|VARBINARY)$@i', $item_param_type[$i] ) ) { if (! $warned_about_length) { $warned_about_length = true; $errors[] = __( 'You must provide length/values for routine parameters' . ' of type ENUM, SET, VARCHAR and VARBINARY.' ); } } if (! empty($_POST['item_param_opts_text'][$i])) { if ($dbi->types->getTypeClass($item_param_type[$i]) == 'CHAR') { if (! in_array($item_param_type[$i], ['VARBINARY', 'BINARY'])) { $params .= ' CHARSET ' . mb_strtolower( $_POST['item_param_opts_text'][$i] ); } } } if (! empty($_POST['item_param_opts_num'][$i])) { if ($dbi->types->getTypeClass($item_param_type[$i]) == 'NUMBER') { $params .= ' ' . mb_strtoupper( $_POST['item_param_opts_num'][$i] ); } } if ($i != (count($item_param_name) - 1)) { $params .= ", "; } } else { $errors[] = __( 'You must provide a name and a type for each routine parameter.' ); break; } } } $query .= "(" . $params . ") "; if ($_POST['item_type'] == 'FUNCTION') { $item_returntype = isset($_POST['item_returntype']) ? $_POST['item_returntype'] : null; if (! empty($item_returntype) && in_array( $item_returntype, Util::getSupportedDatatypes() ) ) { $query .= "RETURNS " . $item_returntype; } else { $errors[] = __('You must provide a valid return type for the routine.'); } if (! empty($_POST['item_returnlength']) && ! preg_match( '@^(DATE|DATETIME|TIME|TINYBLOB|TINYTEXT|BLOB|TEXT|' . 'MEDIUMBLOB|MEDIUMTEXT|LONGBLOB|LONGTEXT|SERIAL|BOOLEAN)$@i', $item_returntype ) ) { $query .= "(" . $_POST['item_returnlength'] . ")"; } elseif (empty($_POST['item_returnlength']) && preg_match( '@^(ENUM|SET|VARCHAR|VARBINARY)$@i', $item_returntype ) ) { if (! $warned_about_length) { $errors[] = __( 'You must provide length/values for routine parameters' . ' of type ENUM, SET, VARCHAR and VARBINARY.' ); } } if (! empty($_POST['item_returnopts_text'])) { if ($dbi->types->getTypeClass($item_returntype) == 'CHAR') { $query .= ' CHARSET ' . mb_strtolower($_POST['item_returnopts_text']); } } if (! empty($_POST['item_returnopts_num'])) { if ($dbi->types->getTypeClass($item_returntype) == 'NUMBER') { $query .= ' ' . mb_strtoupper($_POST['item_returnopts_num']); } } $query .= ' '; } if (! empty($_POST['item_comment'])) { $query .= "COMMENT '" . $this->dbi->escapeString($_POST['item_comment']) . "' "; } if (isset($_POST['item_isdeterministic'])) { $query .= 'DETERMINISTIC '; } else { $query .= 'NOT DETERMINISTIC '; } if (! empty($_POST['item_sqldataaccess']) && in_array($_POST['item_sqldataaccess'], $param_sqldataaccess) ) { $query .= $_POST['item_sqldataaccess'] . ' '; } if (! empty($_POST['item_securitytype'])) { if ($_POST['item_securitytype'] == 'DEFINER' || $_POST['item_securitytype'] == 'INVOKER' ) { $query .= 'SQL SECURITY ' . $_POST['item_securitytype'] . ' '; } } if (! empty($_POST['item_definition'])) { $query .= $_POST['item_definition']; } else { $errors[] = __('You must provide a routine definition.'); } return $query; } /** * Handles requests for executing a routine * * @return void */ public function handleExecute() { global $db; $response = Response::getInstance(); /** * Handle all user requests other than the default of listing routines */ if (! empty($_POST['execute_routine']) && ! empty($_POST['item_name'])) { // Build the queries $routine = $this->getDataFromName( $_POST['item_name'], $_POST['item_type'], false ); if ($routine === false) { $message = __('Error in processing request:') . ' '; $message .= sprintf( $this->words->get('not_found'), htmlspecialchars(Util::backquote($_POST['item_name'])), htmlspecialchars(Util::backquote($db)) ); $message = Message::error($message); if ($response->isAjax()) { $response->setRequestStatus(false); $response->addJSON('message', $message); exit; } else { echo $message->getDisplay(); unset($_POST); } } $queries = []; $end_query = []; $args = []; $all_functions = $this->dbi->types->getAllFunctions(); for ($i = 0; $i < $routine['item_num_params']; $i++) { if (isset($_POST['params'][$routine['item_param_name'][$i]])) { $value = $_POST['params'][$routine['item_param_name'][$i]]; if (is_array($value)) { // is SET type $value = implode(',', $value); } $value = $this->dbi->escapeString($value); if (! empty($_POST['funcs'][$routine['item_param_name'][$i]]) && in_array( $_POST['funcs'][$routine['item_param_name'][$i]], $all_functions ) ) { $queries[] = "SET @p$i=" . $_POST['funcs'][$routine['item_param_name'][$i]] . "('$value');\n"; } else { $queries[] = "SET @p$i='$value';\n"; } $args[] = "@p$i"; } else { $args[] = "@p$i"; } if ($routine['item_type'] == 'PROCEDURE') { if ($routine['item_param_dir'][$i] == 'OUT' || $routine['item_param_dir'][$i] == 'INOUT' ) { $end_query[] = "@p$i AS " . Util::backquote($routine['item_param_name'][$i]); } } } if ($routine['item_type'] == 'PROCEDURE') { $queries[] = "CALL " . Util::backquote($routine['item_name']) . "(" . implode(', ', $args) . ");\n"; if (count($end_query)) { $queries[] = "SELECT " . implode(', ', $end_query) . ";\n"; } } else { $queries[] = "SELECT " . Util::backquote($routine['item_name']) . "(" . implode(', ', $args) . ") " . "AS " . Util::backquote($routine['item_name']) . ";\n"; } // Get all the queries as one SQL statement $multiple_query = implode("", $queries); $outcome = true; $affected = 0; // Execute query if (! $this->dbi->tryMultiQuery($multiple_query)) { $outcome = false; } // Generate output if ($outcome) { // Pass the SQL queries through the "pretty printer" $output = Util::formatSql(implode("\n", $queries)); // Display results $output .= "<fieldset><legend>"; $output .= sprintf( __('Execution results of routine %s'), Util::backquote(htmlspecialchars($routine['item_name'])) ); $output .= "</legend>"; $nbResultsetToDisplay = 0; do { $result = $this->dbi->storeResult(); $num_rows = $this->dbi->numRows($result); if (($result !== false) && ($num_rows > 0)) { $output .= "<table><tr>"; foreach ($this->dbi->getFieldsMeta($result) as $field) { $output .= "<th>"; $output .= htmlspecialchars($field->name); $output .= "</th>"; } $output .= "</tr>"; while ($row = $this->dbi->fetchAssoc($result)) { $output .= "<tr>" . $this->browseRow($row) . "</tr>"; } $output .= "</table>"; $nbResultsetToDisplay++; $affected = $num_rows; } if (! $this->dbi->moreResults()) { break; } $output .= "<br>"; $this->dbi->freeResult($result); } while ($outcome = $this->dbi->nextResult()); } if ($outcome) { $output .= "</fieldset>"; $message = __('Your SQL query has been executed successfully.'); if ($routine['item_type'] == 'PROCEDURE') { $message .= '<br>'; // TODO : message need to be modified according to the // output from the routine $message .= sprintf( _ngettext( '%d row affected by the last statement inside the ' . 'procedure.', '%d rows affected by the last statement inside the ' . 'procedure.', $affected ), $affected ); } $message = Message::success($message); if ($nbResultsetToDisplay == 0) { $notice = __( 'MySQL returned an empty result set (i.e. zero rows).' ); $output .= Message::notice($notice)->getDisplay(); } } else { $output = ''; $message = Message::error( sprintf( __('The following query has failed: "%s"'), htmlspecialchars($multiple_query) ) . '<br><br>' . __('MySQL said: ') . $this->dbi->getError() ); } // Print/send output if ($response->isAjax()) { $response->setRequestStatus($message->isSuccess()); $response->addJSON('message', $message->getDisplay() . $output); $response->addJSON('dialog', false); exit; } else { echo $message->getDisplay() , $output; if ($message->isError()) { // At least one query has failed, so shouldn't // execute any more queries, so we quit. exit; } unset($_POST); // Now deliberately fall through to displaying the routines list } return; } elseif (! empty($_GET['execute_dialog']) && ! empty($_GET['item_name'])) { /** * Display the execute form for a routine. */ $routine = $this->getDataFromName( $_GET['item_name'], $_GET['item_type'], true ); if ($routine !== false) { $form = $this->getExecuteForm($routine); if ($response->isAjax()) { $title = __("Execute routine") . " " . Util::backquote( htmlentities($_GET['item_name'], ENT_QUOTES) ); $response->addJSON('message', $form); $response->addJSON('title', $title); $response->addJSON('dialog', true); } else { echo "\n\n<h2>" . __("Execute routine") . "</h2>\n\n"; echo $form; } exit; } elseif ($response->isAjax()) { $message = __('Error in processing request:') . ' '; $message .= sprintf( $this->words->get('not_found'), htmlspecialchars(Util::backquote($_GET['item_name'])), htmlspecialchars(Util::backquote($db)) ); $message = Message::error($message); $response->setRequestStatus(false); $response->addJSON('message', $message); exit; } } } /** * Browse row array * * @param array $row Columns * * @return string */ private function browseRow(array $row) { $output = null; foreach ($row as $value) { if ($value === null) { $value = '<i>NULL</i>'; } else { $value = htmlspecialchars($value); } $output .= "<td>" . $value . "</td>"; } return $output; } /** * Creates the HTML code that shows the routine execution dialog. * * @param array $routine Data for the routine returned by * getDataFromName() * * @return string HTML code for the routine execution dialog. */ public function getExecuteForm(array $routine) { global $db, $cfg; $response = Response::getInstance(); // Escape special characters $routine['item_name'] = htmlentities($routine['item_name'], ENT_QUOTES); for ($i = 0; $i < $routine['item_num_params']; $i++) { $routine['item_param_name'][$i] = htmlentities( $routine['item_param_name'][$i], ENT_QUOTES ); } // Create the output $retval = ""; $retval .= "<!-- START ROUTINE EXECUTE FORM -->\n\n"; $retval .= "<form action='db_routines.php' method='post'\n"; $retval .= " class='rte_form ajax' onsubmit='return false'>\n"; $retval .= "<input type='hidden' name='item_name'\n"; $retval .= " value='{$routine['item_name']}'>\n"; $retval .= "<input type='hidden' name='item_type'\n"; $retval .= " value='{$routine['item_type']}'>\n"; $retval .= Url::getHiddenInputs($db) . "\n"; $retval .= "<fieldset>\n"; if (! $response->isAjax()) { $retval .= "<legend>{$routine['item_name']}</legend>\n"; $retval .= "<table class='rte_table'>\n"; $retval .= "<caption class='tblHeaders'>\n"; $retval .= __('Routine parameters'); $retval .= "</caption>\n"; } else { $retval .= "<legend>" . __('Routine parameters') . "</legend>\n"; $retval .= "<table class='rte_table'>\n"; } $retval .= "<tr>\n"; $retval .= "<th>" . __('Name') . "</th>\n"; $retval .= "<th>" . __('Type') . "</th>\n"; if ($cfg['ShowFunctionFields']) { $retval .= "<th>" . __('Function') . "</th>\n"; } $retval .= "<th>" . __('Value') . "</th>\n"; $retval .= "</tr>\n"; // Get a list of data types that are not yet supported. $no_support_types = Util::unsupportedDatatypes(); for ($i = 0; $i < $routine['item_num_params']; $i++) { // Each parameter if ($routine['item_type'] == 'PROCEDURE' && $routine['item_param_dir'][$i] == 'OUT' ) { continue; } $retval .= "\n<tr>\n"; $retval .= "<td>{$routine['item_param_name'][$i]}</td>\n"; $retval .= "<td>{$routine['item_param_type'][$i]}</td>\n"; if ($cfg['ShowFunctionFields']) { $retval .= "<td>\n"; if (false !== stripos($routine['item_param_type'][$i], 'enum') || false !== stripos($routine['item_param_type'][$i], 'set') || in_array( mb_strtolower($routine['item_param_type'][$i]), $no_support_types ) ) { $retval .= "--\n"; } else { $field = [ 'True_Type' => mb_strtolower( $routine['item_param_type'][$i] ), 'Type' => '', 'Key' => '', 'Field' => '', 'Default' => '', 'first_timestamp' => false, ]; $retval .= "<select name='funcs[" . $routine['item_param_name'][$i] . "]'>"; $retval .= Util::getFunctionsForField($field, false, []); $retval .= "</select>"; } $retval .= "</td>\n"; } // Append a class to date/time fields so that // jQuery can attach a datepicker to them $class = ''; if ($routine['item_param_type'][$i] == 'DATETIME' || $routine['item_param_type'][$i] == 'TIMESTAMP' ) { $class = 'datetimefield'; } elseif ($routine['item_param_type'][$i] == 'DATE') { $class = 'datefield'; } $retval .= "<td class='nowrap'>\n"; if (in_array($routine['item_param_type'][$i], ['ENUM', 'SET'])) { if ($routine['item_param_type'][$i] == 'ENUM') { $input_type = 'radio'; } else { $input_type = 'checkbox'; } foreach ($routine['item_param_length_arr'][$i] as $value) { $value = htmlentities(Util::unQuote($value), ENT_QUOTES); $retval .= "<input name='params[" . $routine['item_param_name'][$i] . "][]' " . "value='" . $value . "' type='" . $input_type . "'>" . $value . "<br>\n"; } } elseif (in_array( mb_strtolower($routine['item_param_type'][$i]), $no_support_types )) { $retval .= "\n"; } else { $retval .= "<input class='$class' type='text' name='params[" . $routine['item_param_name'][$i] . "]'>\n"; } $retval .= "</td>\n"; $retval .= "</tr>\n"; } $retval .= "\n</table>\n"; if (! $response->isAjax()) { $retval .= "</fieldset>\n\n"; $retval .= "<fieldset class='tblFooters'>\n"; $retval .= " <input type='submit' name='execute_routine'\n"; $retval .= " value='" . __('Go') . "'>\n"; $retval .= "</fieldset>\n"; } else { $retval .= "<input type='hidden' name='execute_routine' value='true'>"; $retval .= "<input type='hidden' name='ajax_request' value='true'>"; } $retval .= "</form>\n\n"; $retval .= "<!-- END ROUTINE EXECUTE FORM -->\n\n"; return $retval; } }