[ Avaa Bypassed ]




Upload:

Command:

www-data@3.149.235.7: ~ $
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
 * Manipulation of table data like inserting, replacing and updating
 *
 * Usually called as form action from tbl_change.php to insert or update table rows
 *
 * @todo 'edit_next' tends to not work as expected if used ...
 * at least there is no order by it needs the original query
 * and the row number and than replace the LIMIT clause
 *
 * @package PhpMyAdmin
 */

use PhpMyAdmin\Core;
use PhpMyAdmin\File;
use PhpMyAdmin\InsertEdit;
use PhpMyAdmin\Message;
use PhpMyAdmin\Plugins\IOTransformationsPlugin;
use PhpMyAdmin\Relation;
use PhpMyAdmin\Response;
use PhpMyAdmin\Table;
use PhpMyAdmin\Transformations;
use PhpMyAdmin\Util;

/**
 * Gets some core libraries
 */
require_once 'libraries/common.inc.php';

// Check parameters
Util::checkParameters(array('db', 'table', 'goto'));

$GLOBALS['dbi']->selectDb($GLOBALS['db']);

/**
 * Initializes some variables
 */
$goto_include = false;

$response = Response::getInstance();
$header = $response->getHeader();
$scripts = $header->getScripts();
$scripts->addFile('makegrid.js');
// Needed for generation of Inline Edit anchors
$scripts->addFile('sql.js');
$scripts->addFile('indexes.js');
$scripts->addFile('gis_data_editor.js');

$relation = new Relation();

$insertEdit = new InsertEdit($GLOBALS['dbi']);

// check whether insert row mode, if so include tbl_change.php
$insertEdit->isInsertRow();

$after_insert_actions = array('new_insert', 'same_insert', 'edit_next');
if (isset($_POST['after_insert'])
    && in_array($_POST['after_insert'], $after_insert_actions)
) {
    $url_params['after_insert'] = $_POST['after_insert'];
    if (isset($_POST['where_clause'])) {
        foreach ($_POST['where_clause'] as $one_where_clause) {
            if ($_POST['after_insert'] == 'same_insert') {
                $url_params['where_clause'][] = $one_where_clause;
            } elseif ($_POST['after_insert'] == 'edit_next') {
                $insertEdit->setSessionForEditNext($one_where_clause);
            }
        }
    }
}
//get $goto_include for different cases
$goto_include = $insertEdit->getGotoInclude($goto_include);

// Defines the url to return in case of failure of the query
$err_url = $insertEdit->getErrorUrl($url_params);

/**
 * Prepares the update/insert of a row
 */
list($loop_array, $using_key, $is_insert, $is_insertignore)
    = $insertEdit->getParamsForUpdateOrInsert();

$query = array();
$value_sets = array();
$func_no_param = array(
    'CONNECTION_ID',
    'CURRENT_USER',
    'CURDATE',
    'CURTIME',
    'CURRENT_DATE',
    'CURRENT_TIME',
    'DATABASE',
    'LAST_INSERT_ID',
    'NOW',
    'PI',
    'RAND',
    'SYSDATE',
    'UNIX_TIMESTAMP',
    'USER',
    'UTC_DATE',
    'UTC_TIME',
    'UTC_TIMESTAMP',
    'UUID',
    'UUID_SHORT',
    'VERSION',
);
$func_optional_param = array(
    'RAND',
    'UNIX_TIMESTAMP',
);

$gis_from_text_functions = array(
    'GeomFromText',
    'GeomCollFromText',
    'LineFromText',
    'MLineFromText',
    'PointFromText',
    'MPointFromText',
    'PolyFromText',
    'MPolyFromText',
);

if ($GLOBALS['dbi']->getVersion() >= 50600) {
    $gis_from_text_functions = array(
        'ST_GeomFromText',
        'ST_GeomCollFromText',
        'ST_LineFromText',
        'ST_MLineFromText',
        'ST_PointFromText',
        'ST_MPointFromText',
        'ST_PolyFromText',
        'ST_MPolyFromText',
    );
}

$gis_from_wkb_functions = array(
    'GeomFromWKB',
    'GeomCollFromWKB',
    'LineFromWKB',
    'MLineFromWKB',
    'PointFromWKB',
    'MPointFromWKB',
    'PolyFromWKB',
    'MPolyFromWKB',
);

//if some posted fields need to be transformed.
$mime_map = Transformations::getMIME($GLOBALS['db'], $GLOBALS['table']);
if ($mime_map === false) {
    $mime_map = array();
}

$query_fields = array();
$insert_errors = array();
$row_skipped = false;
$unsaved_values = array();
foreach ($loop_array as $rownumber => $where_clause) {
    // skip fields to be ignored
    if (! $using_key && isset($_POST['insert_ignore_' . $where_clause])) {
        continue;
    }

    // Defines the SET part of the sql query
    $query_values = array();

    // Map multi-edit keys to single-level arrays, dependent on how we got the fields
    $multi_edit_columns
        = isset($_POST['fields']['multi_edit'][$rownumber])
        ? $_POST['fields']['multi_edit'][$rownumber]
        : array();
    $multi_edit_columns_name
        = isset($_POST['fields_name']['multi_edit'][$rownumber])
        ? $_POST['fields_name']['multi_edit'][$rownumber]
        : array();
    $multi_edit_columns_prev
        = isset($_POST['fields_prev']['multi_edit'][$rownumber])
        ? $_POST['fields_prev']['multi_edit'][$rownumber]
        : null;
    $multi_edit_funcs
        = isset($_POST['funcs']['multi_edit'][$rownumber])
        ? $_POST['funcs']['multi_edit'][$rownumber]
        : null;
    $multi_edit_salt
        = isset($_POST['salt']['multi_edit'][$rownumber])
        ? $_POST['salt']['multi_edit'][$rownumber]
        :null;
    $multi_edit_columns_type
        = isset($_POST['fields_type']['multi_edit'][$rownumber])
        ? $_POST['fields_type']['multi_edit'][$rownumber]
        : null;
    $multi_edit_columns_null
        = isset($_POST['fields_null']['multi_edit'][$rownumber])
        ? $_POST['fields_null']['multi_edit'][$rownumber]
        : null;
    $multi_edit_columns_null_prev
        = isset($_POST['fields_null_prev']['multi_edit'][$rownumber])
        ? $_POST['fields_null_prev']['multi_edit'][$rownumber]
        : null;
    $multi_edit_auto_increment
        = isset($_POST['auto_increment']['multi_edit'][$rownumber])
        ? $_POST['auto_increment']['multi_edit'][$rownumber]
        : null;
    $multi_edit_virtual
        = isset($_POST['virtual']['multi_edit'][$rownumber])
        ? $_POST['virtual']['multi_edit'][$rownumber]
        : null;

    // When a select field is nullified, it's not present in $_POST
    // so initialize it; this way, the foreach($multi_edit_columns) will process it
    foreach ($multi_edit_columns_name as $key => $val) {
        if (! isset($multi_edit_columns[$key])) {
            $multi_edit_columns[$key] = '';
        }
    }

    // Iterate in the order of $multi_edit_columns_name,
    // not $multi_edit_columns, to avoid problems
    // when inserting multiple entries
    $insert_fail = false;
    foreach ($multi_edit_columns_name as $key => $column_name) {
        $current_value = $multi_edit_columns[$key];
        // Note: $key is an md5 of the fieldname. The actual fieldname is
        // available in $multi_edit_columns_name[$key]

        $file_to_insert = new File();
        $file_to_insert->checkTblChangeForm($key, $rownumber);

        $possibly_uploaded_val = $file_to_insert->getContent();
        if ($possibly_uploaded_val !== false) {
            $current_value = $possibly_uploaded_val;
        }
        // Apply Input Transformation if defined
        if (!empty($mime_map[$column_name])
            && !empty($mime_map[$column_name]['input_transformation'])
        ) {
            $filename = 'libraries/classes/Plugins/Transformations/'
                . $mime_map[$column_name]['input_transformation'];
            if (is_file($filename)) {
                $classname = Transformations::getClassName($filename);
                if (class_exists($classname)) {
                    /** @var IOTransformationsPlugin $transformation_plugin */
                    $transformation_plugin = new $classname();
                    $transformation_options = Transformations::getOptions(
                        $mime_map[$column_name]['input_transformation_options']
                    );
                    $current_value = $transformation_plugin->applyTransformation(
                        $current_value, $transformation_options
                    );
                    // check if transformation was successful or not
                    // and accordingly set error messages & insert_fail
                    if (method_exists($transformation_plugin, 'isSuccess')
                        && !$transformation_plugin->isSuccess()
                    ) {
                        $insert_fail = true;
                        $row_skipped = true;
                        $insert_errors[] = sprintf(
                            __('Row: %1$s, Column: %2$s, Error: %3$s'),
                            $rownumber, $column_name,
                            $transformation_plugin->getError()
                        );
                    }
                }
            }
        }

        if ($file_to_insert->isError()) {
            $insert_errors[] = $file_to_insert->getError();
        }
        // delete $file_to_insert temporary variable
        $file_to_insert->cleanUp();

        $current_value = $insertEdit->getCurrentValueForDifferentTypes(
            $possibly_uploaded_val, $key, $multi_edit_columns_type,
            $current_value, $multi_edit_auto_increment,
            $rownumber, $multi_edit_columns_name, $multi_edit_columns_null,
            $multi_edit_columns_null_prev, $is_insert,
            $using_key, $where_clause, $table, $multi_edit_funcs
        );

        $current_value_as_an_array = $insertEdit->getCurrentValueAsAnArrayForMultipleEdit(
            $multi_edit_funcs,
            $multi_edit_salt, $gis_from_text_functions, $current_value,
            $gis_from_wkb_functions, $func_optional_param, $func_no_param, $key
        );

        if (! isset($multi_edit_virtual) || ! isset($multi_edit_virtual[$key])) {
            list($query_values, $query_fields)
                = $insertEdit->getQueryValuesForInsertAndUpdateInMultipleEdit(
                    $multi_edit_columns_name, $multi_edit_columns_null,
                    $current_value, $multi_edit_columns_prev, $multi_edit_funcs,
                    $is_insert, $query_values, $query_fields,
                    $current_value_as_an_array, $value_sets, $key,
                    $multi_edit_columns_null_prev
                );
        }
        if (isset($multi_edit_columns_null[$key])) {
            $multi_edit_columns[$key] = null;
        }
    } //end of foreach

    // temporarily store rows not inserted
    // so that they can be populated again.
    if ($insert_fail) {
        $unsaved_values[$rownumber] = $multi_edit_columns;
    }
    if (!$insert_fail && count($query_values) > 0) {
        if ($is_insert) {
            $value_sets[] = implode(', ', $query_values);
        } else {
            // build update query
            $query[] = 'UPDATE ' . Util::backquote($GLOBALS['table'])
                . ' SET ' . implode(', ', $query_values)
                . ' WHERE ' . $where_clause
                . ($_POST['clause_is_unique'] ? '' : ' LIMIT 1');
        }
    }
} // end foreach ($loop_array as $where_clause)
unset(
    $multi_edit_columns_name, $multi_edit_columns_prev, $multi_edit_funcs,
    $multi_edit_columns_type, $multi_edit_columns_null, $func_no_param,
    $multi_edit_auto_increment, $current_value_as_an_array, $key, $current_value,
    $loop_array, $where_clause, $using_key,  $multi_edit_columns_null_prev,
    $insert_fail
);

// Builds the sql query
if ($is_insert && count($value_sets) > 0) {
    $query = $insertEdit->buildSqlQuery($is_insertignore, $query_fields, $value_sets);
} elseif (empty($query) && ! isset($_POST['preview_sql']) && !$row_skipped) {
    // No change -> move back to the calling script
    //
    // Note: logic passes here for inline edit
    $message = Message::success(__('No change'));
    // Avoid infinite recursion
    if ($goto_include == 'tbl_replace.php') {
        $goto_include = 'tbl_change.php';
    }
    $active_page = $goto_include;
    include '' . Core::securePath($goto_include);
    exit;
}
unset($multi_edit_columns, $is_insertignore);

// If there is a request for SQL previewing.
if (isset($_POST['preview_sql'])) {
    Core::previewSQL($query);
}

/**
 * Executes the sql query and get the result, then move back to the calling
 * page
 */
list ($url_params, $total_affected_rows, $last_messages, $warning_messages,
    $error_messages, $return_to_sql_query)
        = $insertEdit->executeSqlQuery($url_params, $query);

if ($is_insert && (count($value_sets) > 0 || $row_skipped)) {
    $message = Message::getMessageForInsertedRows(
        $total_affected_rows
    );
    $unsaved_values = array_values($unsaved_values);
} else {
    $message = Message::getMessageForAffectedRows(
        $total_affected_rows
    );
}
if ($row_skipped) {
    $goto_include = 'tbl_change.php';
    $message->addMessagesString($insert_errors, '<br />');
    $message->isError(true);
}

$message->addMessages($last_messages, '<br />');

if (! empty($warning_messages)) {
    $message->addMessagesString($warning_messages, '<br />');
    $message->isError(true);
}
if (! empty($error_messages)) {
    $message->addMessagesString($error_messages);
    $message->isError(true);
}
unset(
    $error_messages, $warning_messages, $total_affected_rows,
    $last_messages, $last_message, $row_skipped, $insert_errors
);

/**
 * The following section only applies to grid editing.
 * However, verifying isAjax() is not enough to ensure we are coming from
 * grid editing. If we are coming from the Edit or Copy link in Browse mode,
 * ajax_page_request is present in the POST parameters.
 */
if ($response->isAjax() && ! isset($_POST['ajax_page_request'])) {
    /**
     * If we are in grid editing, we need to process the relational and
     * transformed fields, if they were edited. After that, output the correct
     * link/transformed value and exit
     */
    if (isset($_POST['rel_fields_list']) && $_POST['rel_fields_list'] != '') {

        $map = $relation->getForeigners($db, $table, '', 'both');

        $relation_fields = array();
        parse_str($_POST['rel_fields_list'], $relation_fields);

        // loop for each relation cell
        /** @var array $relation_fields */
        foreach ($relation_fields as $cell_index => $curr_rel_field) {
            foreach ($curr_rel_field as $relation_field => $relation_field_value) {
                $where_comparison = "='" . $relation_field_value . "'";
                $dispval = $insertEdit->getDisplayValueForForeignTableColumn(
                    $where_comparison, $map, $relation_field
                );

                $extra_data['relations'][$cell_index]
                    = $insertEdit->getLinkForRelationalDisplayField(
                        $map, $relation_field, $where_comparison,
                        $dispval, $relation_field_value
                    );
            }
        }   // end of loop for each relation cell
    }
    if (isset($_POST['do_transformations'])
        && $_POST['do_transformations'] == true
    ) {
        $edited_values = array();
        parse_str($_POST['transform_fields_list'], $edited_values);

        if (! isset($extra_data)) {
            $extra_data = array();
        }
        $transformation_types = array(
            "input_transformation",
            "transformation"
        );
        foreach ($mime_map as $transformation) {
            $column_name = $transformation['column_name'];
            foreach ($transformation_types as $type) {
                $file = Core::securePath($transformation[$type]);
                $extra_data = $insertEdit->transformEditedValues(
                    $db, $table, $transformation, $edited_values, $file,
                    $column_name, $extra_data, $type
                );
            }
        }   // end of loop for each $mime_map
    }

    // Need to check the inline edited value can be truncated by MySQL
    // without informing while saving
    $column_name = $_POST['fields_name']['multi_edit'][0][0];

    $insertEdit->verifyWhetherValueCanBeTruncatedAndAppendExtraData(
        $db, $table, $column_name, $extra_data
    );

    /**Get the total row count of the table*/
    $_table = new Table($_POST['table'], $_POST['db']);
    $extra_data['row_count'] = $_table->countRecords();

    $extra_data['sql_query'] = Util::getMessage(
        $message,
        $GLOBALS['display_query']
    );

    $response->setRequestStatus($message->isSuccess());
    $response->addJSON('message', $message);
    $response->addJSON($extra_data);
    exit;
}

if (! empty($return_to_sql_query)) {
    $disp_query = $GLOBALS['sql_query'];
    $disp_message = $message;
    unset($message);
    $GLOBALS['sql_query'] = $return_to_sql_query;
}

$scripts->addFile('vendor/jquery/additional-methods.js');
$scripts->addFile('tbl_change.js');

$active_page = $goto_include;

/**
 * If user asked for "and then Insert another new row" we have to remove
 * WHERE clause information so that tbl_change.php does not go back
 * to the current record
 */
if (isset($_POST['after_insert']) && 'new_insert' == $_POST['after_insert']) {
    unset($_POST['where_clause']);
}

/**
 * Load target page.
 */
require '' . Core::securePath($goto_include);
exit;

Filemanager

Name Type Size Permission Actions
doc Folder 0755
js Folder 0755
libraries Folder 0755
locale Folder 0755
sql Folder 0755
templates Folder 0755
themes Folder 0755
ajax.php File 1.52 KB 0644
autoload.php File 43.03 KB 0644
browse_foreigners.php File 1.71 KB 0644
changelog.php File 3.12 KB 0644
chk_rel.php File 856 B 0644
config.sample.inc.php File 4.41 KB 0644
db_central_columns.php File 5.54 KB 0644
db_datadict.php File 5.74 KB 0644
db_designer.php File 7.53 KB 0644
db_events.php File 271 B 0644
db_export.php File 4.52 KB 0644
db_import.php File 899 B 0644
db_multi_table_query.php File 1.01 KB 0644
db_operations.php File 9.63 KB 0644
db_qbe.php File 4.75 KB 0644
db_routines.php File 365 B 0644
db_search.php File 1.95 KB 0644
db_sql.php File 952 B 0644
db_sql_autocomplete.php File 746 B 0644
db_sql_format.php File 485 B 0644
db_structure.php File 1011 B 0644
db_tracking.php File 4.31 KB 0644
db_triggers.php File 273 B 0644
error_report.php File 4.5 KB 0644
export.php File 15.55 KB 0644
favicon.ico File 21.96 KB 0644
gis_data_editor.php File 15.61 KB 0644
import.php File 23.41 KB 0644
import_status.php File 3.38 KB 0644
index.php File 19.78 KB 0644
license.php File 894 B 0644
lint.php File 1.4 KB 0644
logout.php File 311 B 0644
navigation.php File 2.25 KB 0644
normalization.php File 4.05 KB 0644
phpinfo.php File 507 B 0644
phpmyadmin.css.php File 740 B 0644
prefs_forms.php File 2.43 KB 0644
prefs_manage.php File 14.02 KB 0644
prefs_twofactor.php File 1.56 KB 0644
print.css File 1.18 KB 0644
schema_export.php File 653 B 0644
server_binlog.php File 785 B 0644
server_collations.php File 818 B 0644
server_databases.php File 798 B 0644
server_engines.php File 784 B 0644
server_export.php File 1.06 KB 0644
server_import.php File 634 B 0644
server_plugins.php File 784 B 0644
server_privileges.php File 13.85 KB 0644
server_replication.php File 2.38 KB 0644
server_sql.php File 698 B 0644
server_status.php File 897 B 0644
server_status_advisor.php File 862 B 0644
server_status_monitor.php File 2.89 KB 0644
server_status_processes.php File 1.83 KB 0644
server_status_queries.php File 1.39 KB 0644
server_status_variables.php File 1.53 KB 0644
server_user_groups.php File 1.83 KB 0644
server_variables.php File 798 B 0644
show_config_errors.php File 1.06 KB 0644
sql.php File 6.2 KB 0644
tbl_addfield.php File 3.67 KB 0644
tbl_change.php File 6.19 KB 0644
tbl_chart.php File 972 B 0644
tbl_create.php File 3.29 KB 0644
tbl_export.php File 2.37 KB 0644
tbl_find_replace.php File 999 B 0644
tbl_get_field.php File 1.72 KB 0644
tbl_gis_visualization.php File 1.5 KB 0644
tbl_import.php File 684 B 0644
tbl_indexes.php File 1.37 KB 0644
tbl_operations.php File 15.08 KB 0644
tbl_recent_favorite.php File 452 B 0644
tbl_relation.php File 2.32 KB 0644
tbl_replace.php File 16.57 KB 0644
tbl_row_action.php File 4.89 KB 0644
tbl_select.php File 1.1 KB 0644
tbl_sql.php File 1.15 KB 0644
tbl_structure.php File 1.99 KB 0644
tbl_tracking.php File 5.66 KB 0644
tbl_triggers.php File 141 B 0644
tbl_zoom_select.php File 1.02 KB 0644
themes.php File 956 B 0644
transformation_overview.php File 1.87 KB 0644
transformation_wrapper.php File 4.51 KB 0644
url.php File 1.27 KB 0644
user_password.php File 1.89 KB 0644
version_check.php File 1.06 KB 0644
view_create.php File 6.45 KB 0644
view_operations.php File 3.78 KB 0644