/html/ops/phpMyAdmin-3.2.4-all-languages/libraries/tbl_replace_fields.inc.php

https://github.com/jackygrahamez/DrugDiscovery-Home · PHP · 134 lines · 65 code · 14 blank · 55 comment · 24 complexity · 3b0c00e73c09278d836474a7aeca1b69 MD5 · raw file 

    

  1. <?php
    2. 

  2. /* vim: set expandtab sw=4 ts=4 sts=4: */
    3. 

  3. /**
    4. 

  4.  * handle field values (possibly uploaded from a file)
    5. 

  5.  *
    6. 

  6.  * garvin: original if-clause checked, whether input was stored in a possible
    7. 

  7.  * fields_upload_XX var. Now check, if the field is set. If it is empty or a
    8. 

  8.  * malicious file, do not alter fields contents. If an empty or invalid file is
    9. 

  9.  * specified, the binary data gets deleter. Maybe a nice new text-variable is
    10. 

  10.  * appropriate to document this behaviour.
    11. 

  11.  *
    12. 

  12.  * garvin: security cautions! You could trick the form and submit any file the
    13. 

  13.  * webserver has access to for upload to a binary field. Shouldn't be that easy! ;)
    14. 

  14.  *
    15. 

  15.  * garvin: default is to advance to the field-value parsing. Will only be set to
    16. 

  16.  * true when a binary file is uploaded, thus bypassing further manipulation of $val.
    17. 

  17.  *
    18. 

  18.  * note: grab_globals has extracted the fields from _FILES or HTTP_POST_FILES
    19. 

  19.  *
    20. 

  20.  * @version $Id: tbl_replace_fields.inc.php 12245 2009-02-23 08:36:34Z lem9 $
    21. 

  21.  *
    22. 

  22.  * @uses $_REQUEST
    23. 

  23.  * @uses defined()
    24. 

  24.  * @uses define()
    25. 

  25.  * @uses bin2hex()
    26. 

  26.  * @uses strlen()
    27. 

  27.  * @uses md5()
    28. 

  28.  * @uses implode()
    29. 

  29.  * @uses PMA_NO_VARIABLES_IMPORT
    30. 

  30.  * @uses PMA_sqlAddslashes()
    31. 

  31.  * @package phpMyAdmin
    32. 

  32.  */
    33. 

  33. if (! defined('PHPMYADMIN')) {
    34. 

  34.     exit;
    35. 

  35. }
    36. 

  36. 

  37. /**
    38. 

  38.  * do not import request variable into global scope
    39. 

  39.  */
    40. 

  40. if (! defined('PMA_NO_VARIABLES_IMPORT')) {
    41. 

  41.     define('PMA_NO_VARIABLES_IMPORT', true);
    42. 

  42. }
    43. 

  43. /**
    44. 

  44.  * Gets some core libraries
    45. 

  45.  */
    46. 

  46. require_once './libraries/common.inc.php';
    47. 

  47. require_once './libraries/File.class.php';
    48. 

  48. 

  49. $file_to_insert = new PMA_File();
    50. 

  50. $file_to_insert->checkTblChangeForm($key, $rowcount);
    51. 

  51. 

  52. $possibly_uploaded_val = $file_to_insert->getContent();
    53. 

  53. 

  54. if ($file_to_insert->isError()) {
    55. 

  55.     $message .= $file_to_insert->getError();
    56. 

  56. }
    57. 

  57. $file_to_insert->cleanUp();
    58. 

  58. 

  59. if (false !== $possibly_uploaded_val) {
    60. 

  60.     $val = $possibly_uploaded_val;
    61. 

  61. } else {
    62. 

  62. 

  63.     // f i e l d    v a l u e    i n    t h e    f o r m
    64. 

  64. 

  65.     if (isset($me_fields_type[$key])) {
    66. 

  66.         $type = $me_fields_type[$key];
    67. 

  67.     } else {
    68. 

  68.         $type = '';
    69. 

  69.     }
    70. 

  70. 

  71.     // $key contains the md5() of the fieldname
    72. 

  72.     $f = 'field_' . $key;
    73. 

  73. 

  74.     if (0 === strlen($val)) {
    75. 

  75.         // default
    76. 

  76.         $val = "''";
    77. 

  77. 

  78.         switch ($type) {
    79. 

  79.             case 'enum':
    80. 

  80.                 // if we have an enum, then construct the value
    81. 

  81.             case 'set':
    82. 

  82.                 // if we have a set, then construct the value
    83. 

  83.             case 'foreign':
    84. 

  84.                 // if we have a foreign key, then construct the value
    85. 

  85.                 if (! empty($_REQUEST[$f]['multi_edit'][$rowcount])) {
    86. 

  86.                     $val = implode(',', $_REQUEST[$f]['multi_edit'][$rowcount]);
    87. 

  87.                     $val = "'" . PMA_sqlAddslashes($val) . "'";
    88. 

  88.                 }
    89. 

  89.                 break;
    90. 

  90.             case 'protected':
    91. 

  91.                 // here we are in protected mode (asked in the config)
    92. 

  92.                 // so tbl_change has put this special value in the
    93. 

  93.                 // fields array, so we do not change the field value
    94. 

  94.                 // but we can still handle field upload
    95. 

  95. 

  96.                 // garvin: when in UPDATE mode, do not alter field's contents. When in INSERT
    97. 

  97.                 // mode, insert empty field because no values were submitted. If protected
    98. 

  98.                 // blobs where set, insert original fields content.
    99. 

  99.                 if (! empty($prot_row[$me_fields_name[$key]])) {
    100. 

  100.                     $val = '0x' . bin2hex($prot_row[$me_fields_name[$key]]);
    101. 

  101.                 } else {
    102. 

  102.                     $val = '';
    103. 

  103.                 }
    104. 

  104. 

  105.                 break;
    106. 

  106.             default:
    107. 

  107.                 // best way to avoid problems in strict mode (works also in non-strict mode)
    108. 

  108.                 if (isset($me_auto_increment)  && isset($me_auto_increment[$key])) {
    109. 

  109.                     $val = 'NULL';
    110. 

  110.                 }
    111. 

  111.                 break;
    112. 

  112.         }
    113. 

  113.     } elseif ($type == 'bit') {
    114. 

  114.         $val = preg_replace('/[^01]/', '0', $val);
    115. 

  115.         $val = "b'" . PMA_sqlAddslashes($val) . "'";
    116. 

  116.     } elseif (! ($type == 'timestamp' && $val == 'CURRENT_TIMESTAMP')) {
    117. 

  117.         $val = "'" . PMA_sqlAddslashes($val) . "'";
    118. 

  118.     }
    119. 

  119. 

  120.     // Was the Null checkbox checked for this field?
    121. 

  121.     // (if there is a value, we ignore the Null checkbox: this could
    122. 

  122.     // be possible if Javascript is disabled in the browser)
    123. 

  123.     if (isset($me_fields_null[$key])
    124. 

  124.      && $val == "''") {
    125. 

  125.         $val = 'NULL';
    126. 

  126.     }
    127. 

  127. 

  128.     // The Null checkbox was unchecked for this field
    129. 

  129.     if (empty($val) && isset($me_fields_null_prev[$key]) && ! isset($me_fields_null[$key])) {
    130. 

  130.         $val = "''";
    131. 

  131.     }
    132. 

  132. }  // end else (field value in the form)
    133. 

  133. unset($type, $f);
    134. 

  134. ?>
    135.