Dre4m Shell
Server IP : 85.214.239.14  /  Your IP : 18.217.116.245
Web Server : Apache/2.4.62 (Debian)
System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64
User : www-data ( 33)
PHP Version : 7.4.18
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : OFF
Directory :  /var/www/wordpress/phpMyAdmin/libraries/classes/Rte/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ HOME SHELL ]     

Current File : /var/www/wordpress/phpMyAdmin/libraries/classes/Rte/RteList.php
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
 * Common functions for generating lists of Routines, Triggers and Events.
 *
 * @package PhpMyAdmin
 */
declare(strict_types=1);

namespace PhpMyAdmin\Rte;

use PhpMyAdmin\DatabaseInterface;
use PhpMyAdmin\Response;
use PhpMyAdmin\SqlParser\Parser;
use PhpMyAdmin\SqlParser\Statements\CreateStatement;
use PhpMyAdmin\SqlParser\Utils\Routine;
use PhpMyAdmin\Template;
use PhpMyAdmin\Url;
use PhpMyAdmin\Util;

/**
 * PhpMyAdmin\Rte\RteList class
 *
 * @package PhpMyAdmin
 */
class RteList
{
    /**
     * @var Words
     */
    private $words;

    /**
     * @var Template
     */
    public $template;

    /**
     * @var DatabaseInterface
     */
    private $dbi;

    /**
     * RteList constructor.
     *
     * @param DatabaseInterface $dbi DatabaseInterface object
     */
    public function __construct(DatabaseInterface $dbi)
    {
        $this->dbi = $dbi;
        $this->words = new Words();
        $this->template = new Template();
    }

    /**
     * Creates a list of items containing the relevant
     * information and some action links.
     *
     * @param string $type  One of ['routine'|'trigger'|'event']
     * @param array  $items An array of items
     *
     * @return string HTML code of the list of items
     */
    public function get($type, array $items)
    {
        global $table;

        /**
         * Conditional classes switch the list on or off
         */
        $class1 = 'hide';
        $class2 = '';
        if (! $items) {
            $class1 = '';
            $class2 = ' hide';
        }
        /**
         * Generate output
         */
        $retval  = "<!-- LIST OF " . $this->words->get('docu') . " START -->\n";
        $retval .= '<form id="rteListForm" class="ajax" action="';
        switch ($type) {
            case 'routine':
                $retval .= 'db_routines.php';
                break;
            case 'trigger':
                if (! empty($table)) {
                    $retval .= 'tbl_triggers.php';
                } else {
                    $retval .= 'db_triggers.php';
                }
                break;
            case 'event':
                $retval .= 'db_events.php';
                break;
            default:
                break;
        }
        $retval .= '">';
        $retval .= Url::getHiddenInputs($GLOBALS['db'], $GLOBALS['table']);
        $retval .= "<fieldset>\n";
        $retval .= "    <legend>\n";
        $retval .= "        " . $this->words->get('title') . "\n";
        $retval .= "        "
            . Util::showMySQLDocu($this->words->get('docu')) . "\n";
        $retval .= "    </legend>\n";
        $retval .= "    <div class='$class1' id='nothing2display'>\n";
        $retval .= "      " . $this->words->get('nothing') . "\n";
        $retval .= "    </div>\n";
        $retval .= "    <table class='data$class2'>\n";
        $retval .= "        <!-- TABLE HEADERS -->\n";
        $retval .= "        <tr>\n";
        // th cells with a colspan need corresponding td cells, according to W3C
        switch ($type) {
            case 'routine':
                $retval .= "            <th></th>\n";
                $retval .= "            <th>" . __('Name') . "</th>\n";
                $retval .= "            <th colspan='4'>" . __('Action') . "</th>\n";
                $retval .= "            <th>" . __('Type') . "</th>\n";
                $retval .= "            <th>" . __('Returns') . "</th>\n";
                $retval .= "        </tr>\n";
                $retval .= "        <tr class='hide'>\n"; // see comment above
                for ($i = 0; $i < 7; $i++) {
                    $retval .= "            <td></td>\n";
                }
                break;
            case 'trigger':
                $retval .= "            <th></th>\n";
                $retval .= "            <th>" . __('Name') . "</th>\n";
                if (empty($table)) {
                    $retval .= "            <th>" . __('Table') . "</th>\n";
                }
                $retval .= "            <th colspan='3'>" . __('Action') . "</th>\n";
                $retval .= "            <th>" . __('Time') . "</th>\n";
                $retval .= "            <th>" . __('Event') . "</th>\n";
                $retval .= "        </tr>\n";
                $retval .= "        <tr class='hide'>\n"; // see comment above
                for ($i = 0; $i < (empty($table) ? 7 : 6); $i++) {
                    $retval .= "            <td></td>\n";
                }
                break;
            case 'event':
                $retval .= "            <th></th>\n";
                $retval .= "            <th>" . __('Name') . "</th>\n";
                $retval .= "            <th>" . __('Status') . "</th>\n";
                $retval .= "            <th colspan='3'>" . __('Action') . "</th>\n";
                $retval .= "            <th>" . __('Type') . "</th>\n";
                $retval .= "        </tr>\n";
                $retval .= "        <tr class='hide'>\n"; // see comment above
                for ($i = 0; $i < 6; $i++) {
                    $retval .= "            <td></td>\n";
                }
                break;
            default:
                break;
        }
        $retval .= "        </tr>\n";
        $retval .= "        <!-- TABLE DATA -->\n";
        $response = Response::getInstance();
        foreach ($items as $item) {
            if ($response->isAjax() && empty($_REQUEST['ajax_page_request'])) {
                $rowclass = 'ajaxInsert hide';
            } else {
                $rowclass = '';
            }
            // Get each row from the correct function
            switch ($type) {
                case 'routine':
                    $retval .= $this->getRoutineRow($item, $rowclass);
                    break;
                case 'trigger':
                    $retval .= $this->getTriggerRow($item, $rowclass);
                    break;
                case 'event':
                    $retval .= $this->getEventRow($item, $rowclass);
                    break;
                default:
                    break;
            }
        }
        $retval .= "    </table>\n";

        if (count($items)) {
            $retval .= '<div class="withSelected">';
            $retval .= $this->template->render('select_all', [
                'pma_theme_image' => $GLOBALS['pmaThemeImage'],
                'text_dir' => $GLOBALS['text_dir'],
                'form_name' => 'rteListForm',
            ]);
            $retval .= Util::getButtonOrImage(
                'submit_mult',
                'mult_submit',
                __('Export'),
                'b_export',
                'export'
            );
            $retval .= Util::getButtonOrImage(
                'submit_mult',
                'mult_submit',
                __('Drop'),
                'b_drop',
                'drop'
            );
            $retval .= '</div>';
        }

        $retval .= "</fieldset>\n";
        $retval .= "</form>\n";
        $retval .= "<!-- LIST OF " . $this->words->get('docu') . " END -->\n";

        return $retval;
    }

    /**
     * Creates the contents for a row in the list of routines
     *
     * @param array  $routine  An array of routine data
     * @param string $rowclass Additional class
     *
     * @return string HTML code of a row for the list of routines
     */
    public function getRoutineRow(array $routine, $rowclass = '')
    {
        global $url_query, $db, $titles;

        $sql_drop = sprintf(
            'DROP %s IF EXISTS %s',
            $routine['type'],
            Util::backquote($routine['name'])
        );
        $type_link = "item_type={$routine['type']}";

        $retval  = "        <tr class='$rowclass'>\n";
        $retval .= "            <td>\n";
        $retval .= '                <input type="checkbox"'
            . ' class="checkall" name="item_name[]"'
            . ' value="' . htmlspecialchars($routine['name']) . '">';
        $retval .= "            </td>\n";
        $retval .= "            <td>\n";
        $retval .= "                <span class='drop_sql hide'>"
            . htmlspecialchars($sql_drop) . "</span>\n";
        $retval .= "                <strong>\n";
        $retval .= "                    "
            . htmlspecialchars($routine['name']) . "\n";
        $retval .= "                </strong>\n";
        $retval .= "            </td>\n";
        $retval .= "            <td>\n";

        // this is for our purpose to decide whether to
        // show the edit link or not, so we need the DEFINER for the routine
        $where = "ROUTINE_SCHEMA " . Util::getCollateForIS() . "="
            . "'" . $this->dbi->escapeString($db) . "' "
            . "AND SPECIFIC_NAME='" . $this->dbi->escapeString($routine['name']) . "'"
            . "AND ROUTINE_TYPE='" . $this->dbi->escapeString($routine['type']) . "'";
        $query = "SELECT `DEFINER` FROM INFORMATION_SCHEMA.ROUTINES WHERE $where;";
        $routine_definer = $this->dbi->fetchValue($query);

        $curr_user = $this->dbi->getCurrentUser();

        // Since editing a procedure involved dropping and recreating, check also for
        // CREATE ROUTINE privilege to avoid lost procedures.
        if ((Util::currentUserHasPrivilege('CREATE ROUTINE', $db)
            && $curr_user == $routine_definer)
            || $this->dbi->isSuperuser()
        ) {
            $retval .= '                <a class="ajax edit_anchor"'
                                             . ' href="db_routines.php'
                                             . $url_query
                                             . '&amp;edit_item=1'
                                             . '&amp;item_name='
                                             . urlencode($routine['name'])
                                             . '&amp;' . $type_link
                                             . '">' . $titles['Edit'] . "</a>\n";
        } else {
            $retval .= "                {$titles['NoEdit']}\n";
        }
        $retval .= "            </td>\n";
        $retval .= "            <td>\n";

        // There is a problem with Util::currentUserHasPrivilege():
        // it does not detect all kinds of privileges, for example
        // a direct privilege on a specific routine. So, at this point,
        // we show the Execute link, hoping that the user has the correct rights.
        // Also, information_schema might be hiding the ROUTINE_DEFINITION
        // but a routine with no input parameters can be nonetheless executed.

        // Check if the routine has any input parameters. If it does,
        // we will show a dialog to get values for these parameters,
        // otherwise we can execute it directly.

        $definition = $this->dbi->getDefinition(
            $db,
            $routine['type'],
            $routine['name']
        );
        if ($definition !== null) {
            $parser = new Parser($definition);

            /**
             * @var CreateStatement $stmt
             */
            $stmt = $parser->statements[0];

            $params = Routine::getParameters($stmt);

            if (Util::currentUserHasPrivilege('EXECUTE', $db)) {
                $execute_action = 'execute_routine';
                for ($i = 0; $i < $params['num']; $i++) {
                    if ($routine['type'] == 'PROCEDURE'
                        && $params['dir'][$i] == 'OUT'
                    ) {
                        continue;
                    }
                    $execute_action = 'execute_dialog';
                    break;
                }
                $query_part = $execute_action . '=1&amp;item_name='
                    . urlencode($routine['name']) . '&amp;' . $type_link;
                $retval .= '                <a class="ajax exec_anchor"'
                                                 . ' href="db_routines.php'
                                                 . $url_query
                                                 . ($execute_action == 'execute_routine'
                                                     ? '" data-post="' . $query_part
                                                     : '&amp;' . $query_part)
                                                 . '">' . $titles['Execute'] . "</a>\n";
            } else {
                $retval .= "                {$titles['NoExecute']}\n";
            }
        }

        $retval .= "            </td>\n";
        $retval .= "            <td>\n";
        if ((Util::currentUserHasPrivilege('CREATE ROUTINE', $db)
            && $curr_user == $routine_definer)
            || $this->dbi->isSuperuser()
        ) {
            $retval .= '                <a class="ajax export_anchor"'
                                             . ' href="db_routines.php'
                                             . $url_query
                                             . '&amp;export_item=1'
                                             . '&amp;item_name='
                                             . urlencode($routine['name'])
                                             . '&amp;' . $type_link
                                             . '">' . $titles['Export'] . "</a>\n";
        } else {
            $retval .= "                {$titles['NoExport']}\n";
        }
        $retval .= "            </td>\n";
        $retval .= "            <td>\n";
        $retval .= Util::linkOrButton(
            'sql.php' . $url_query . '&amp;sql_query=' . urlencode($sql_drop) . '&amp;goto=db_routines.php' . urlencode("?db={$db}"),
            $titles['Drop'],
            ['class' => 'ajax drop_anchor']
        );
        $retval .= "            </td>\n";
        $retval .= "            <td>\n";
        $retval .= "                 {$routine['type']}\n";
        $retval .= "            </td>\n";
        $retval .= "            <td dir=\"ltr\">\n";
        $retval .= "                "
            . htmlspecialchars($routine['returns']) . "\n";
        $retval .= "            </td>\n";
        $retval .= "        </tr>\n";

        return $retval;
    }

    /**
     * Creates the contents for a row in the list of triggers
     *
     * @param array  $trigger  An array of routine data
     * @param string $rowclass Additional class
     *
     * @return string HTML code of a cell for the list of triggers
     */
    public function getTriggerRow(array $trigger, $rowclass = '')
    {
        global $url_query, $db, $table, $titles;

        $retval  = "        <tr class='$rowclass'>\n";
        $retval .= "            <td>\n";
        $retval .= '                <input type="checkbox"'
            . ' class="checkall" name="item_name[]"'
            . ' value="' . htmlspecialchars($trigger['name']) . '">';
        $retval .= "            </td>\n";
        $retval .= "            <td>\n";
        $retval .= "                <span class='drop_sql hide'>"
            . htmlspecialchars($trigger['drop']) . "</span>\n";
        $retval .= "                <strong>\n";
        $retval .= "                    " . htmlspecialchars($trigger['name']) . "\n";
        $retval .= "                </strong>\n";
        $retval .= "            </td>\n";
        if (empty($table)) {
            $retval .= "            <td>\n";
            $retval .= "<a href='db_triggers.php{$url_query}"
                . "&amp;table=" . urlencode($trigger['table']) . "'>"
                . htmlspecialchars($trigger['table']) . "</a>";
            $retval .= "            </td>\n";
        }
        $retval .= "            <td>\n";
        if (Util::currentUserHasPrivilege('TRIGGER', $db, $table)) {
            $retval .= '                <a class="ajax edit_anchor"'
                                             . ' href="db_triggers.php'
                                             . $url_query
                                             . '&amp;edit_item=1'
                                             . '&amp;item_name='
                                             . urlencode($trigger['name'])
                                             . '">' . $titles['Edit'] . "</a>\n";
        } else {
            $retval .= "                {$titles['NoEdit']}\n";
        }
        $retval .= "            </td>\n";
        $retval .= "            <td>\n";
        $retval .= '                    <a class="ajax export_anchor"'
                                             . ' href="db_triggers.php'
                                             . $url_query
                                             . '&amp;export_item=1'
                                             . '&amp;item_name='
                                             . urlencode($trigger['name'])
                                             . '">' . $titles['Export'] . "</a>\n";
        $retval .= "            </td>\n";
        $retval .= "            <td>\n";
        if (Util::currentUserHasPrivilege('TRIGGER', $db)) {
            $retval .= Util::linkOrButton(
                'sql.php' . $url_query . '&amp;sql_query=' . urlencode($trigger['drop']) . '&amp;goto=db_triggers.php' . urlencode("?db={$db}"),
                $titles['Drop'],
                ['class' => 'ajax drop_anchor']
            );
        } else {
            $retval .= "                {$titles['NoDrop']}\n";
        }
        $retval .= "            </td>\n";
        $retval .= "            <td>\n";
        $retval .= "                 {$trigger['action_timing']}\n";
        $retval .= "            </td>\n";
        $retval .= "            <td>\n";
        $retval .= "                 {$trigger['event_manipulation']}\n";
        $retval .= "            </td>\n";
        $retval .= "        </tr>\n";

        return $retval;
    }

    /**
     * Creates the contents for a row in the list of events
     *
     * @param array  $event    An array of routine data
     * @param string $rowclass Additional class
     *
     * @return string HTML code of a cell for the list of events
     */
    public function getEventRow(array $event, $rowclass = '')
    {
        global $url_query, $db, $titles;

        $sql_drop = sprintf(
            'DROP EVENT IF EXISTS %s',
            Util::backquote($event['name'])
        );

        $retval  = "        <tr class='$rowclass'>\n";
        $retval .= "            <td>\n";
        $retval .= '                <input type="checkbox"'
            . ' class="checkall" name="item_name[]"'
            . ' value="' . htmlspecialchars($event['name']) . '">';
        $retval .= "            </td>\n";
        $retval .= "            <td>\n";
        $retval .= "                <span class='drop_sql hide'>"
            . htmlspecialchars($sql_drop) . "</span>\n";
        $retval .= "                <strong>\n";
        $retval .= "                    "
            . htmlspecialchars($event['name']) . "\n";
        $retval .= "                </strong>\n";
        $retval .= "            </td>\n";
        $retval .= "            <td>\n";
        $retval .= "                 {$event['status']}\n";
        $retval .= "            </td>\n";
        $retval .= "            <td>\n";
        if (Util::currentUserHasPrivilege('EVENT', $db)) {
            $retval .= '                <a class="ajax edit_anchor"'
                                             . ' href="db_events.php'
                                             . $url_query
                                             . '&amp;edit_item=1'
                                             . '&amp;item_name='
                                             . urlencode($event['name'])
                                             . '">' . $titles['Edit'] . "</a>\n";
        } else {
            $retval .= "                {$titles['NoEdit']}\n";
        }
        $retval .= "            </td>\n";
        $retval .= "            <td>\n";
        $retval .= '                <a class="ajax export_anchor"'
                                         . ' href="db_events.php'
                                         . $url_query
                                         . '&amp;export_item=1'
                                         . '&amp;item_name='
                                         . urlencode($event['name'])
                                         . '">' . $titles['Export'] . "</a>\n";
        $retval .= "            </td>\n";
        $retval .= "            <td>\n";
        if (Util::currentUserHasPrivilege('EVENT', $db)) {
            $retval .= Util::linkOrButton(
                'sql.php' . $url_query . '&amp;sql_query=' . urlencode($sql_drop) . '&amp;goto=db_events.php' . urlencode("?db={$db}"),
                $titles['Drop'],
                ['class' => 'ajax drop_anchor']
            );
        } else {
            $retval .= "                {$titles['NoDrop']}\n";
        }
        $retval .= "            </td>\n";
        $retval .= "            <td>\n";
        $retval .= "                 {$event['type']}\n";
        $retval .= "            </td>\n";
        $retval .= "        </tr>\n";

        return $retval;
    }
}

Anon7 - 2022
AnonSec Team