404

[ Avaa Bypassed ]




Upload:

Command:

botdev@18.218.196.220: ~ $
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
 * Handles Database Search
 *
 * @package PhpMyAdmin
 */
namespace PMA\libraries;

/**
 * Class to handle database search
 *
 * @package PhpMyAdmin
 */
class DbSearch
{
    /**
     * Database name
     *
     * @access private
     * @var string
     */
    private $_db;
    /**
     * Table Names
     *
     * @access private
     * @var array
     */
    private $_tables_names_only;
    /**
     * Type of search
     *
     * @access private
     * @var array
     */
    private $_searchTypes;
    /**
     * Already set search type
     *
     * @access private
     * @var integer
     */
    private $_criteriaSearchType;
    /**
     * Already set search type's description
     *
     * @access private
     * @var string
     */
    private $_searchTypeDescription;
    /**
     * Search string/regexp
     *
     * @access private
     * @var string
     */
    private $_criteriaSearchString;
    /**
     * Criteria Tables to search in
     *
     * @access private
     * @var array
     */
    private $_criteriaTables;
    /**
     * Restrict the search to this column
     *
     * @access private
     * @var string
     */
    private $_criteriaColumnName;

    /**
     * Public Constructor
     *
     * @param string $db Database name
     */
    public function __construct($db)
    {
        $this->_db = $db;
        // Sets criteria parameters
        $this->_setSearchParams();
    }

    /**
     * Sets search parameters
     *
     * @return void
     */
    private function _setSearchParams()
    {
        $this->_tables_names_only = $GLOBALS['dbi']->getTables($this->_db);

        $this->_searchTypes = array(
            '1' => __('at least one of the words'),
            '2' => __('all words'),
            '3' => __('the exact phrase'),
            '4' => __('as regular expression'),
        );

        if (empty($_REQUEST['criteriaSearchType'])
            || ! is_string($_REQUEST['criteriaSearchType'])
            || ! array_key_exists(
                $_REQUEST['criteriaSearchType'],
                $this->_searchTypes
            )
        ) {
            $this->_criteriaSearchType = 1;
            unset($_REQUEST['submit_search']);
        } else {
            $this->_criteriaSearchType = (int) $_REQUEST['criteriaSearchType'];
            $this->_searchTypeDescription
                = $this->_searchTypes[$_REQUEST['criteriaSearchType']];
        }

        if (empty($_REQUEST['criteriaSearchString'])
            || ! is_string($_REQUEST['criteriaSearchString'])
        ) {
            $this->_criteriaSearchString = '';
            unset($_REQUEST['submit_search']);
        } else {
            $this->_criteriaSearchString = $_REQUEST['criteriaSearchString'];
        }

        $this->_criteriaTables = array();
        if (empty($_REQUEST['criteriaTables'])
            || ! is_array($_REQUEST['criteriaTables'])
        ) {
            unset($_REQUEST['submit_search']);
        } else {
            $this->_criteriaTables = array_intersect(
                $_REQUEST['criteriaTables'], $this->_tables_names_only
            );
        }

        if (empty($_REQUEST['criteriaColumnName'])
            || ! is_string($_REQUEST['criteriaColumnName'])
        ) {
            unset($this->_criteriaColumnName);
        } else {
            $this->_criteriaColumnName = $GLOBALS['dbi']->escapeString(
                $_REQUEST['criteriaColumnName']
            );
        }
    }

    /**
     * Builds the SQL search query
     *
     * @param string $table The table name
     *
     * @return array 3 SQL queries (for count, display and delete results)
     *
     * @todo    can we make use of fulltextsearch IN BOOLEAN MODE for this?
     * PMA_backquote
     * DatabaseInterface::freeResult
     * DatabaseInterface::fetchAssoc
     * $GLOBALS['db']
     * explode
     * count
     * strlen
     */
    private function _getSearchSqls($table)
    {
        // Statement types
        $sqlstr_select = 'SELECT';
        $sqlstr_delete = 'DELETE';
        // Table to use
        $sqlstr_from = ' FROM '
            . Util::backquote($GLOBALS['db']) . '.'
            . Util::backquote($table);
        // Gets where clause for the query
        $where_clause = $this->_getWhereClause($table);
        // Builds complete queries
        $sql = array();
        $sql['select_columns'] = $sqlstr_select . ' * ' . $sqlstr_from
            . $where_clause;
        // here, I think we need to still use the COUNT clause, even for
        // VIEWs, anyway we have a WHERE clause that should limit results
        $sql['select_count']  = $sqlstr_select . ' COUNT(*) AS `count`'
            . $sqlstr_from . $where_clause;
        $sql['delete']        = $sqlstr_delete . $sqlstr_from . $where_clause;

        return $sql;
    }

    /**
     * Provides where clause for building SQL query
     *
     * @param string $table The table name
     *
     * @return string The generated where clause
     */
    private function _getWhereClause($table)
    {
        // Columns to select
        $allColumns = $GLOBALS['dbi']->getColumns($GLOBALS['db'], $table);
        $likeClauses = array();
        // Based on search type, decide like/regex & '%'/''
        $like_or_regex   = (($this->_criteriaSearchType == 4) ? 'REGEXP' : 'LIKE');
        $automatic_wildcard   = (($this->_criteriaSearchType < 3) ? '%' : '');
        // For "as regular expression" (search option 4), LIKE won't be used
        // Usage example: If user is searching for a literal $ in a regexp search,
        // he should enter \$ as the value.
        $criteriaSearchStringEscaped = $GLOBALS['dbi']->escapeString(
            $this->_criteriaSearchString
        );
        // Extract search words or pattern
        $search_words = (($this->_criteriaSearchType > 2)
            ? array($criteriaSearchStringEscaped)
            : explode(' ', $criteriaSearchStringEscaped));

        foreach ($search_words as $search_word) {
            // Eliminates empty values
            if (mb_strlen($search_word) === 0) {
                continue;
            }
            $likeClausesPerColumn = array();
            // for each column in the table
            foreach ($allColumns as $column) {
                if (! isset($this->_criteriaColumnName)
                    || mb_strlen($this->_criteriaColumnName) == 0
                    || $column['Field'] == $this->_criteriaColumnName
                ) {
                    $column = 'CONVERT(' . Util::backquote($column['Field'])
                            . ' USING utf8)';
                    $likeClausesPerColumn[] = $column . ' ' . $like_or_regex . ' '
                        . "'"
                        . $automatic_wildcard . $search_word . $automatic_wildcard
                        . "'";
                }
            } // end for
            if (count($likeClausesPerColumn) > 0) {
                $likeClauses[] = implode(' OR ', $likeClausesPerColumn);
            }
        } // end for
        // Use 'OR' if 'at least one word' is to be searched, else use 'AND'
        $implode_str  = ($this->_criteriaSearchType == 1 ? ' OR ' : ' AND ');
        if (empty($likeClauses)) {
            // this could happen when the "inside column" does not exist
            // in any selected tables
            $where_clause = ' WHERE FALSE';
        } else {
            $where_clause = ' WHERE ('
                . implode(') ' . $implode_str . ' (', $likeClauses)
                . ')';
        }
        return $where_clause;
    }

    /**
     * Displays database search results
     *
     * @return string HTML for search results
     */
    public function getSearchResults()
    {
        $html_output = '';
        // Displays search string
        $html_output .= '<br />'
            . '<table class="data">'
            . '<caption class="tblHeaders">'
            . sprintf(
                __('Search results for "<i>%s</i>" %s:'),
                htmlspecialchars($this->_criteriaSearchString),
                $this->_searchTypeDescription
            )
            . '</caption>';

        $num_search_result_total = 0;
        $odd_row = true;
        // For each table selected as search criteria
        foreach ($this->_criteriaTables as $each_table) {
            // Gets the SQL statements
            $newsearchsqls = $this->_getSearchSqls($each_table);
            // Executes the "COUNT" statement
            $res_cnt = intval($GLOBALS['dbi']->fetchValue($newsearchsqls['select_count']));
            $num_search_result_total += $res_cnt;
            // Gets the result row's HTML for a table
            $html_output .= $this->_getResultsRow(
                $each_table, $newsearchsqls, $odd_row, $res_cnt
            );
            $odd_row = ! $odd_row;
        } // end for
        $html_output .= '</table>';
        // Displays total number of matches
        if (count($this->_criteriaTables) > 1) {
            $html_output .= '<p>';
            $html_output .= sprintf(
                _ngettext(
                    '<b>Total:</b> <i>%s</i> match',
                    '<b>Total:</b> <i>%s</i> matches',
                    $num_search_result_total
                ),
                $num_search_result_total
            );
            $html_output .= '</p>';
        }
        return $html_output;
    }

    /**
     * Provides search results row with browse/delete links.
     * (for a table)
     *
     * @param string  $each_table    One of the tables on which search was performed
     * @param array   $newsearchsqls Contains SQL queries
     * @param bool    $odd_row       For displaying contrasting table rows
     * @param integer $res_cnt       Number of results found
     *
     * @return string HTML row
     */
    private function _getResultsRow($each_table, $newsearchsqls, $odd_row, $res_cnt)
    {
        $this_url_params = array(
            'db'    => $GLOBALS['db'],
            'table' => $each_table,
            'goto'  => 'db_sql.php',
            'pos'   => 0,
            'is_js_confirmed' => 0,
        );
        // Start forming search results row
        $html_output = '<tr class="noclick ' . ($odd_row ? 'odd' : 'even') . '">';
        // Displays results count for a table
        $html_output .= '<td>';
        $html_output .= sprintf(
            _ngettext(
                '%1$s match in <strong>%2$s</strong>',
                '%1$s matches in <strong>%2$s</strong>', $res_cnt
            ),
            $res_cnt, htmlspecialchars($each_table)
        );
        $html_output .= '</td>';
        // Displays browse/delete link if result count > 0
        if ($res_cnt > 0) {
            $this_url_params['db'] = htmlspecialchars($GLOBALS['db']);
            $this_url_params['table'] = htmlspecialchars($each_table);
            $browse_result_path = 'sql.php' . PMA_URL_getCommon($this_url_params);
            $html_output .= '<td><a name="browse_search" '
                . ' class="ajax browse_results" href="'
                . $browse_result_path . '" '
                . 'data-browse-sql="'
                . htmlspecialchars($newsearchsqls['select_columns']). '" '
                . 'data-table-name="' . htmlspecialchars($each_table) . '" >'
                . __('Browse') . '</a></td>';

            $delete_result_path = $browse_result_path;
            $html_output .= '<td><a name="delete_search" class="ajax delete_results"'
                . ' href="' . $delete_result_path . '"'
                . ' data-delete-sql="' . htmlspecialchars($newsearchsqls['delete']) . '"'
                . ' data-table-name="' . htmlspecialchars($each_table) . '" >'
                . __('Delete') . '</a></td>';
        } else {
            $html_output .= '<td>&nbsp;</td>'
                . '<td>&nbsp;</td>';
        }// end if else
        $html_output .= '</tr>';
        return $html_output;
    }

    /**
     * Provides the main search form's html
     *
     * @return string HTML for selection form
     */
    public function getSelectionForm()
    {
        $html_output = '<a id="db_search"></a>';
        $html_output .= '<form id="db_search_form"'
            . ' class="ajax lock-page"'
            . ' method="post" action="db_search.php" name="db_search">';
        $html_output .= PMA_URL_getHiddenInputs($GLOBALS['db']);
        $html_output .= '<fieldset>';
        // set legend caption
        $html_output .= '<legend>' . __('Search in database') . '</legend>';
        $html_output .= '<table class="formlayout">';
        // inputbox for search phrase
        $html_output .= '<tr>';
        $html_output .= '<td>' . __('Words or values to search for (wildcard: "%"):')
            . '</td>';
        $html_output .= '<td><input type="text"'
            . ' name="criteriaSearchString" size="60"'
            . ' value="' . htmlspecialchars($this->_criteriaSearchString) . '" />';
        $html_output .= '</td>';
        $html_output .= '</tr>';
        // choices for types of search
        $html_output .= '<tr>';
        $html_output .= '<td class="right vtop">' . __('Find:') . '</td>';
        $html_output .= '<td>';
        $choices = array(
            '1' => __('at least one of the words')
                . Util::showHint(
                    __('Words are separated by a space character (" ").')
                ),
            '2' => __('all words')
                . Util::showHint(
                    __('Words are separated by a space character (" ").')
                ),
            '3' => __('the exact phrase'),
            '4' => __('as regular expression') . ' '
                . Util::showMySQLDocu('Regexp')
        );
        // 4th parameter set to true to add line breaks
        // 5th parameter set to false to avoid htmlspecialchars() escaping
        // in the label since we have some HTML in some labels
        $html_output .= Util::getRadioFields(
            'criteriaSearchType', $choices, $this->_criteriaSearchType, true, false
        );
        $html_output .= '</td></tr>';
        // displays table names as select options
        $html_output .= '<tr>';
        $html_output .= '<td class="right vtop">' . __('Inside tables:') . '</td>';
        $html_output .= '<td rowspan="2">';
        $html_output .= '<select name="criteriaTables[]" size="6"'
            . ' multiple="multiple">';
        foreach ($this->_tables_names_only as $each_table) {
            if (in_array($each_table, $this->_criteriaTables)) {
                $is_selected = ' selected="selected"';
            } else {
                $is_selected = '';
            }
            $html_output .= '<option value="' . htmlspecialchars($each_table) . '"'
                . $is_selected . '>'
                . str_replace(' ', '&nbsp;', htmlspecialchars($each_table))
                . '</option>';
        } // end for
        $html_output .= '</select>';
        $html_output .= '</td></tr>';
        // Displays 'select all' and 'unselect all' links
        $alter_select = '<a href="#" '
            . 'onclick="setSelectOptions(\'db_search\','
            . ' \'criteriaTables[]\', true); return false;">'
            . __('Select all') . '</a> &nbsp;/&nbsp;';
        $alter_select .= '<a href="#" '
            . 'onclick="setSelectOptions(\'db_search\','
            . ' \'criteriaTables[]\', false); return false;">'
            . __('Unselect all') . '</a>';
        $html_output .= '<tr><td class="right vbottom">'
            . $alter_select . '</td></tr>';
        // Inputbox for column name entry
        $html_output .= '<tr>';
        $html_output .= '<td class="right">' . __('Inside column:') . '</td>';
        $html_output .= '<td><input type="text" name="criteriaColumnName" size="60"'
            . 'value="'
            . (! empty($this->_criteriaColumnName)
                ? htmlspecialchars($this->_criteriaColumnName)
                : '')
            . '" /></td>';
        $html_output .= '</tr>';
        $html_output .= '</table>';
        $html_output .= '</fieldset>';
        $html_output .= '<fieldset class="tblFooters">';
        $html_output .= '<input type="submit" name="submit_search" value="'
            . __('Go') . '" id="buttonGo" />';
        $html_output .= '</fieldset>';
        $html_output .= '</form>';
        $html_output .= '<div id="togglesearchformdiv">'
            . '<a id="togglesearchformlink"></a></div>';

        return $html_output;
    }

    /**
     * Provides div tags for browsing search results and sql query form.
     *
     * @return string div tags
     */
    public function getResultDivs()
    {
        $html_output = '<!-- These two table-image and table-link elements display'
            . ' the table name in browse search results  -->';
        $html_output .= '<div id="table-info">';
        $html_output .= '<a class="item" id="table-link" ></a>';
        $html_output .= '</div>';
        // div for browsing results
        $html_output .= '<div id="browse-results">';
        $html_output .= '<!-- this browse-results div is used to load the browse'
            . ' and delete results in the db search -->';
        $html_output .= '</div>';
        $html_output .= '<br class="clearfloat" />';
        $html_output .= '<div id="sqlqueryform">';
        $html_output .= '<!-- this sqlqueryform div is used to load the delete'
            . ' form in the db search -->';
        $html_output .= '</div>';
        $html_output .= '<!--  toggle query box link-->';
        $html_output .= '<a id="togglequerybox"></a>';
        return $html_output;
    }
}

Filemanager

Name Type Size Permission Actions
bfShapeFiles Folder 0755
config Folder 0755
controllers Folder 0755
dbi Folder 0755
di Folder 0755
engines Folder 0755
gis Folder 0755
navigation Folder 0755
plugins Folder 0755
properties Folder 0755
rte Folder 0755
sql-parser Folder 0755
Advisor.php File 15.13 KB 0644
Config.php File 54.7 KB 0644
Console.php File 14.82 KB 0644
DatabaseInterface.php File 95.6 KB 0644
DbList.php File 1.9 KB 0644
DbQbe.php File 68.87 KB 0644
DbSearch.php File 17.21 KB 0644
DisplayResults.php File 206 KB 0644
Error.php File 12.7 KB 0644
ErrorHandler.php File 16.48 KB 0644
File.php File 18.82 KB 0644
Font.php File 4.24 KB 0644
Footer.php File 10.52 KB 0644
Header.php File 25.34 KB 0644
Index.php File 23.79 KB 0644
IndexColumn.php File 4.46 KB 0644
Language.php File 4.27 KB 0644
LanguageManager.php File 20.75 KB 0644
Linter.php File 5.02 KB 0644
ListAbstract.php File 3.15 KB 0644
ListDatabase.php File 4.62 KB 0644
Menu.php File 21.14 KB 0644
Message.php File 18.67 KB 0644
OutputBuffering.php File 3.59 KB 0644
PDF.php File 3.94 KB 0644
Partition.php File 7.26 KB 0644
Psr4Autoloader.php File 4.85 KB 0644
RecentFavoriteTable.php File 11.78 KB 0644
Response.php File 12.61 KB 0644
SavedSearches.php File 11.67 KB 0644
Scripts.php File 7.38 KB 0644
ServerStatusData.php File 15.72 KB 0644
StorageEngine.php File 13.61 KB 0644
SubPartition.php File 3.52 KB 0644
SysInfo.php File 799 B 0644
SysInfoLinux.php File 1.92 KB 0644
SysInfoSunOS.php File 1.86 KB 0644
SysInfoWINNT.php File 3.08 KB 0644
SystemDatabase.php File 3.66 KB 0644
Table.php File 88.12 KB 0644
Template.php File 4.45 KB 0644
Theme.php File 11.34 KB 0644
ThemeManager.php File 12.91 KB 0644
Tracker.php File 30.35 KB 0644
Types.php File 6.08 KB 0644
TypesMySQL.php File 17.26 KB 0644
Util.php File 172.46 KB 0644
VersionInformation.php File 7.87 KB 0644
ZipFile.php File 6.63 KB 0644
advisor.lib.php File 1.6 KB 0644
advisory_rules.txt File 25.94 KB 0644
autoloader.php File 450 B 0644
bookmark.lib.php File 8.5 KB 0644
browse_foreigners.lib.php File 9.83 KB 0644
central_columns.lib.php File 49.38 KB 0644
charset_conversion.lib.php File 3.54 KB 0644
check_user_privileges.lib.php File 10.65 KB 0644
cleanup.lib.php File 1.29 KB 0644
common.inc.php File 34.38 KB 0644
config.default.php File 66.5 KB 0644
config.values.php File 10.17 KB 0644
core.lib.php File 29.94 KB 0644
create_addfield.lib.php File 15.68 KB 0644
database_interface.inc.php File 2.63 KB 0644
db_common.inc.php File 3.12 KB 0644
db_designer.lib.php File 10.4 KB 0644
db_table_exists.lib.php File 3.21 KB 0644
display_change_password.lib.php File 5.45 KB 0644
display_create_table.lib.php File 1.53 KB 0644
display_export.lib.php File 38.11 KB 0644
display_git_revision.lib.php File 3.04 KB 0644
display_import.lib.php File 24.34 KB 0644
display_import_ajax.lib.php File 3.13 KB 0644
display_select_lang.lib.php File 2.36 KB 0644
error.inc.php File 1.21 KB 0644
error_report.lib.php File 10.25 KB 0644
export.lib.php File 35.16 KB 0644
file_listing.lib.php File 2.37 KB 0644
iconv_wrapper.lib.php File 3.88 KB 0644
import.lib.php File 50.64 KB 0644
index.lib.php File 1.37 KB 0644
information_schema_relations.lib.php File 10.95 KB 0644
insert_edit.lib.php File 112.79 KB 0644
ip_allow_deny.lib.php File 9.35 KB 0644
js_escape.lib.php File 4.43 KB 0644
kanji-encoding.lib.php File 4.46 KB 0644
language_stats.inc.php File 1.45 KB 0644
logging.lib.php File 521 B 0644
mime.lib.php File 704 B 0644
mult_submits.inc.php File 10.64 KB 0644
mult_submits.lib.php File 20.44 KB 0644
mysql_charsets.inc.php File 4.09 KB 0644
mysql_charsets.lib.php File 10.47 KB 0644
mysql_relations.lib.php File 5.12 KB 0644
normalization.lib.php File 33.98 KB 0644
opendocument.lib.php File 7.94 KB 0644
operations.lib.php File 73.64 KB 0644
parse_analyze.lib.php File 2.12 KB 0644
plugin_interface.lib.php File 19.69 KB 0644
plugin_interface.lib.php.bak File 19.69 KB 0644
pmd_common.php File 24.2 KB 0644
relation.lib.php File 68.41 KB 0644
relation_cleanup.lib.php File 13.84 KB 0644
replication.inc.php File 8.82 KB 0644
replication_gui.lib.php File 37.45 KB 0644
sanitizing.lib.php File 6.3 KB 0644
select_server.lib.php File 3.4 KB 0644
server_common.inc.php File 1.22 KB 0644
server_common.lib.php File 1.92 KB 0644
server_privileges.lib.php File 179.22 KB 0644
server_status.lib.php File 9.92 KB 0644
server_status_advisor.lib.php File 1.89 KB 0644
server_status_monitor.lib.php File 26.22 KB 0644
server_status_processes.lib.php File 9.57 KB 0644
server_status_queries.lib.php File 4.86 KB 0644
server_status_variables.lib.php File 28.95 KB 0644
server_user_groups.lib.php File 12.8 KB 0644
server_users.lib.php File 1.35 KB 0644
session.inc.php File 5.22 KB 0644
session.lib.php File 735 B 0644
special_schema_links.lib.php File 17.51 KB 0644
sql.lib.php File 77.51 KB 0644
sql.lib.php.bak File 77.51 KB 0644
sql_query_form.lib.php File 15.71 KB 0644
string.lib.php File 800 B 0644
stringMb.lib.php File 1.86 KB 0644
stringNative.lib.php File 6.82 KB 0644
sysinfo.lib.php File 1.34 KB 0644
tbl_columns_definition_form.inc.php File 13.55 KB 0644
tbl_common.inc.php File 1.3 KB 0644
tbl_info.inc.php File 3.54 KB 0644
tbl_partition_definition.inc.php File 5.55 KB 0644
tracking.lib.php File 54.93 KB 0644
transformations.lib.php File 14.63 KB 0644
url_generating.lib.php File 6.77 KB 0644
user_preferences.inc.php File 2.38 KB 0644
user_preferences.lib.php File 8.17 KB 0644
util.lib.php File 749 B 0644
vendor_config.php File 2.49 KB 0644
zip_extension.lib.php File 5.38 KB 0644