| Server IP : 85.214.239.14 / Your IP : 3.145.77.176 Web Server : Apache/2.4.61 (Debian) System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.18 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /var/www/wordpress/phpMyAdmin/libraries/classes/Rte/ |
Upload File : |
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Functions for trigger management.
*
* @package PhpMyAdmin
*/
declare(strict_types=1);
namespace PhpMyAdmin\Rte;
use PhpMyAdmin\DatabaseInterface;
use PhpMyAdmin\Message;
use PhpMyAdmin\Response;
use PhpMyAdmin\Url;
use PhpMyAdmin\Util;
/**
* PhpMyAdmin\Rte\Triggers class
*
* @package PhpMyAdmin
*/
class Triggers
{
/**
* @var Export
*/
private $export;
/**
* @var Footer
*/
private $footer;
/**
* @var General
*/
private $general;
/**
* @var RteList
*/
private $rteList;
/**
* @var Words
*/
private $words;
/**
* @var DatabaseInterface
*/
private $dbi;
/**
* Triggers constructor.
*
* @param DatabaseInterface $dbi DatabaseInterface object
*/
public function __construct(DatabaseInterface $dbi)
{
$this->dbi = $dbi;
$this->export = new Export($this->dbi);
$this->footer = new Footer($this->dbi);
$this->general = new General($this->dbi);
$this->rteList = new RteList($this->dbi);
$this->words = new Words();
}
/**
* Sets required globals
*
* @return void
*/
public function setGlobals()
{
global $action_timings, $event_manipulations;
// Some definitions for triggers
$action_timings = [
'BEFORE',
'AFTER',
];
$event_manipulations = [
'INSERT',
'UPDATE',
'DELETE',
];
}
/**
* Main function for the triggers functionality
*
* @return void
*/
public function main()
{
global $db, $table;
$this->setGlobals();
/**
* Process all requests
*/
$this->handleEditor();
$this->export->triggers();
/**
* Display a list of available triggers
*/
$items = $this->dbi->getTriggers($db, $table);
echo $this->rteList->get('trigger', $items);
/**
* Display a link for adding a new trigger,
* if the user has the necessary privileges
*/
echo $this->footer->triggers();
}
/**
* Handles editor requests for adding or editing an item
*
* @return void
*/
public function handleEditor()
{
global $errors, $db, $table;
if (! empty($_POST['editor_process_add'])
|| ! empty($_POST['editor_process_edit'])
) {
$sql_query = '';
$item_query = $this->getQueryFromRequest();
if (! count($errors)) { // set by PhpMyAdmin\Rte\Routines::getQueryFromRequest()
// Execute the created query
if (! empty($_POST['editor_process_edit'])) {
// Backup the old trigger, in case something goes wrong
$trigger = $this->getDataFromName($_POST['item_original_name']);
$create_item = $trigger['create'];
$drop_item = $trigger['drop'] . ';';
$result = $this->dbi->tryQuery($drop_item);
if (! $result) {
$errors[] = sprintf(
__('The following query has failed: "%s"'),
htmlspecialchars($drop_item)
)
. '<br>'
. __('MySQL said: ') . $this->dbi->getError();
} else {
$result = $this->dbi->tryQuery($item_query);
if (! $result) {
$errors[] = sprintf(
__('The following query has failed: "%s"'),
htmlspecialchars($item_query)
)
. '<br>'
. __('MySQL said: ') . $this->dbi->getError();
// We dropped the old item, but were unable to create the
// new one. Try to restore the backup query.
$result = $this->dbi->tryQuery($create_item);
$errors = $this->general->checkResult(
$result,
__(
'Sorry, we failed to restore the dropped trigger.'
),
$create_item,
$errors
);
} else {
$message = Message::success(
__('Trigger %1$s has been modified.')
);
$message->addParam(
Util::backquote($_POST['item_name'])
);
$sql_query = $drop_item . $item_query;
}
}
} else {
// 'Add a new item' mode
$result = $this->dbi->tryQuery($item_query);
if (! $result) {
$errors[] = sprintf(
__('The following query has failed: "%s"'),
htmlspecialchars($item_query)
)
. '<br><br>'
. __('MySQL said: ') . $this->dbi->getError();
} else {
$message = Message::success(
__('Trigger %1$s has been created.')
);
$message->addParam(
Util::backquote($_POST['item_name'])
);
$sql_query = $item_query;
}
}
}
if (count($errors)) {
$message = Message::error(
'<b>'
. __(
'One or more errors have occurred while processing your request:'
)
. '</b>'
);
$message->addHtml('<ul>');
foreach ($errors as $string) {
$message->addHtml('<li>' . $string . '</li>');
}
$message->addHtml('</ul>');
}
$output = Util::getMessage($message, $sql_query);
$response = Response::getInstance();
if ($response->isAjax()) {
if ($message->isSuccess()) {
$items = $this->dbi->getTriggers($db, $table, '');
$trigger = false;
foreach ($items as $value) {
if ($value['name'] == $_POST['item_name']) {
$trigger = $value;
}
}
$insert = false;
if (empty($table)
|| ($trigger !== false && $table == $trigger['table'])
) {
$insert = true;
$response->addJSON('new_row', $this->rteList->getTriggerRow($trigger));
$response->addJSON(
'name',
htmlspecialchars(
mb_strtoupper(
$_POST['item_name']
)
)
);
}
$response->addJSON('insert', $insert);
$response->addJSON('message', $output);
} else {
$response->addJSON('message', $message);
$response->setRequestStatus(false);
}
exit;
}
}
/**
* Display a form used to add/edit a trigger, if necessary
*/
if (count($errors)
|| (empty($_POST['editor_process_add'])
&& empty($_POST['editor_process_edit'])
&& (! empty($_REQUEST['add_item'])
|| ! empty($_REQUEST['edit_item']))) // FIXME: this must be simpler than that
) {
// Get the data for the form (if any)
if (! empty($_REQUEST['add_item'])) {
$title = $this->words->get('add');
$item = $this->getDataFromRequest();
$mode = 'add';
} elseif (! empty($_REQUEST['edit_item'])) {
$title = __("Edit trigger");
if (! empty($_REQUEST['item_name'])
&& empty($_POST['editor_process_edit'])
) {
$item = $this->getDataFromName($_REQUEST['item_name']);
if ($item !== false) {
$item['item_original_name'] = $item['item_name'];
}
} else {
$item = $this->getDataFromRequest();
}
$mode = 'edit';
}
$this->general->sendEditor('TRI', $mode, $item, $title, $db);
}
}
/**
* This function will generate the values that are required to for the editor
*
* @return array Data necessary to create the editor.
*/
public function getDataFromRequest()
{
$retval = [];
$indices = [
'item_name',
'item_table',
'item_original_name',
'item_action_timing',
'item_event_manipulation',
'item_definition',
'item_definer',
];
foreach ($indices as $index) {
$retval[$index] = isset($_POST[$index]) ? $_POST[$index] : '';
}
return $retval;
}
/**
* This function will generate the values that are required to complete
* the "Edit trigger" form given the name of a trigger.
*
* @param string $name The name of the trigger.
*
* @return array|bool Data necessary to create the editor.
*/
public function getDataFromName($name)
{
global $db, $table;
$temp = [];
$items = $this->dbi->getTriggers($db, $table, '');
foreach ($items as $value) {
if ($value['name'] == $name) {
$temp = $value;
}
}
if (empty($temp)) {
return false;
} else {
$retval = [];
$retval['create'] = $temp['create'];
$retval['drop'] = $temp['drop'];
$retval['item_name'] = $temp['name'];
$retval['item_table'] = $temp['table'];
$retval['item_action_timing'] = $temp['action_timing'];
$retval['item_event_manipulation'] = $temp['event_manipulation'];
$retval['item_definition'] = $temp['definition'];
$retval['item_definer'] = $temp['definer'];
return $retval;
}
}
/**
* Displays a form used to add/edit a trigger
*
* @param string $mode If the editor will be used to edit a trigger
* or add a new one: 'edit' or 'add'.
* @param array $item Data for the trigger returned by getDataFromRequest()
* or getDataFromName()
*
* @return string HTML code for the editor.
*/
public function getEditorForm($mode, array $item)
{
global $db, $table, $event_manipulations, $action_timings;
$modeToUpper = mb_strtoupper($mode);
$response = Response::getInstance();
// Escape special characters
$need_escape = [
'item_original_name',
'item_name',
'item_definition',
'item_definer',
];
foreach ($need_escape as $key => $index) {
$item[$index] = htmlentities($item[$index], ENT_QUOTES, 'UTF-8');
}
$original_data = '';
if ($mode == 'edit') {
$original_data = "<input name='item_original_name' "
. "type='hidden' value='{$item['item_original_name']}'>\n";
}
$query = "SELECT `TABLE_NAME` FROM `INFORMATION_SCHEMA`.`TABLES` ";
$query .= "WHERE `TABLE_SCHEMA`='" . $this->dbi->escapeString($db) . "' ";
$query .= "AND `TABLE_TYPE` IN ('BASE TABLE', 'SYSTEM VERSIONED')";
$tables = $this->dbi->fetchResult($query);
// Create the output
$retval = "";
$retval .= "<!-- START " . $modeToUpper . " TRIGGER FORM -->\n\n";
$retval .= "<form class='rte_form' action='db_triggers.php' method='post'>\n";
$retval .= "<input name='{$mode}_item' type='hidden' value='1'>\n";
$retval .= $original_data;
$retval .= Url::getHiddenInputs($db, $table) . "\n";
$retval .= "<fieldset>\n";
$retval .= "<legend>" . __('Details') . "</legend>\n";
$retval .= "<table class='rte_table'>\n";
$retval .= "<tr>\n";
$retval .= " <td>" . __('Trigger name') . "</td>\n";
$retval .= " <td><input type='text' name='item_name' maxlength='64'\n";
$retval .= " value='{$item['item_name']}'></td>\n";
$retval .= "</tr>\n";
$retval .= "<tr>\n";
$retval .= " <td>" . __('Table') . "</td>\n";
$retval .= " <td>\n";
$retval .= " <select name='item_table'>\n";
foreach ($tables as $key => $value) {
$selected = "";
if ($mode == 'add' && $value == $table) {
$selected = " selected='selected'";
} elseif ($mode == 'edit' && $value == $item['item_table']) {
$selected = " selected='selected'";
}
$retval .= "<option$selected>";
$retval .= htmlspecialchars($value);
$retval .= "</option>\n";
}
$retval .= " </select>\n";
$retval .= " </td>\n";
$retval .= "</tr>\n";
$retval .= "<tr>\n";
$retval .= " <td>" . _pgettext('Trigger action time', 'Time') . "</td>\n";
$retval .= " <td><select name='item_timing'>\n";
foreach ($action_timings as $key => $value) {
$selected = "";
if (! empty($item['item_action_timing'])
&& $item['item_action_timing'] == $value
) {
$selected = " selected='selected'";
}
$retval .= "<option$selected>$value</option>";
}
$retval .= " </select></td>\n";
$retval .= "</tr>\n";
$retval .= "<tr>\n";
$retval .= " <td>" . __('Event') . "</td>\n";
$retval .= " <td><select name='item_event'>\n";
foreach ($event_manipulations as $key => $value) {
$selected = "";
if (! empty($item['item_event_manipulation'])
&& $item['item_event_manipulation'] == $value
) {
$selected = " selected='selected'";
}
$retval .= "<option$selected>$value</option>";
}
$retval .= " </select></td>\n";
$retval .= "</tr>\n";
$retval .= "<tr>\n";
$retval .= " <td>" . __('Definition') . "</td>\n";
$retval .= " <td><textarea name='item_definition' rows='15' cols='40'>";
$retval .= $item['item_definition'];
$retval .= "</textarea></td>\n";
$retval .= "</tr>\n";
$retval .= "<tr>\n";
$retval .= " <td>" . __('Definer') . "</td>\n";
$retval .= " <td><input type='text' name='item_definer'\n";
$retval .= " value='{$item['item_definer']}'></td>\n";
$retval .= "</tr>\n";
$retval .= "</table>\n";
$retval .= "</fieldset>\n";
if ($response->isAjax()) {
$retval .= "<input type='hidden' name='editor_process_{$mode}'\n";
$retval .= " value='true'>\n";
$retval .= "<input type='hidden' name='ajax_request' value='true'>\n";
} else {
$retval .= "<fieldset class='tblFooters'>\n";
$retval .= " <input type='submit' name='editor_process_{$mode}'\n";
$retval .= " value='" . __('Go') . "'>\n";
$retval .= "</fieldset>\n";
}
$retval .= "</form>\n\n";
$retval .= "<!-- END " . $modeToUpper . " TRIGGER FORM -->\n\n";
return $retval;
}
/**
* Composes the query necessary to create a trigger from an HTTP request.
*
* @return string The CREATE TRIGGER query.
*/
public function getQueryFromRequest()
{
global $db, $errors, $action_timings, $event_manipulations;
$query = 'CREATE ';
if (! empty($_POST['item_definer'])) {
if (mb_strpos($_POST['item_definer'], '@') !== false
) {
$arr = explode('@', $_POST['item_definer']);
$query .= 'DEFINER=' . Util::backquote($arr[0]);
$query .= '@' . Util::backquote($arr[1]) . ' ';
} else {
$errors[] = __('The definer must be in the "username@hostname" format!');
}
}
$query .= 'TRIGGER ';
if (! empty($_POST['item_name'])) {
$query .= Util::backquote($_POST['item_name']) . ' ';
} else {
$errors[] = __('You must provide a trigger name!');
}
if (! empty($_POST['item_timing'])
&& in_array($_POST['item_timing'], $action_timings)
) {
$query .= $_POST['item_timing'] . ' ';
} else {
$errors[] = __('You must provide a valid timing for the trigger!');
}
if (! empty($_POST['item_event'])
&& in_array($_POST['item_event'], $event_manipulations)
) {
$query .= $_POST['item_event'] . ' ';
} else {
$errors[] = __('You must provide a valid event for the trigger!');
}
$query .= 'ON ';
if (! empty($_POST['item_table'])
&& in_array($_POST['item_table'], $this->dbi->getTables($db))
) {
$query .= Util::backquote($_POST['item_table']);
} else {
$errors[] = __('You must provide a valid table name!');
}
$query .= ' FOR EACH ROW ';
if (! empty($_POST['item_definition'])) {
$query .= $_POST['item_definition'];
} else {
$errors[] = __('You must provide a trigger definition.');
}
return $query;
}
}