| [ Index ] |
|
Code source de phpMyAdmin 2.10.3 |
1 <?php 2 /** 3 * handle field values (possibly uploaded from a file) 4 * 5 * garvin: original if-clause checked, whether input was stored in a possible 6 * fields_upload_XX var. Now check, if the field is set. If it is empty or a 7 * malicious file, do not alter fields contents. If an empty or invalid file is 8 * specified, the binary data gets deleter. Maybe a nice new text-variable is 9 * appropriate to document this behaviour. 10 * 11 * garvin: security cautions! You could trick the form and submit any file the 12 * webserver has access to for upload to a binary field. Shouldn't be that easy! ;) 13 * 14 * garvin: default is to advance to the field-value parsing. Will only be set to 15 * true when a binary file is uploaded, thus bypassing further manipulation of $val. 16 * 17 * note: grab_globals has extracted the fields from _FILES or HTTP_POST_FILES 18 * 19 * @version $Id: tbl_replace_fields.inc.php 10232 2007-03-31 12:18:40Z lem9 $ 20 * vim: expandtab sw=4 ts=4 sts=4: 21 * 22 * @uses $GLOBALS['cfg']['UploadDir'] 23 * @uses $_FILES 24 * @uses $_REQUEST 25 * @uses defined() 26 * @uses define() 27 * @uses is_uploaded_file() 28 * @uses ini_get() 29 * @uses is_dir() 30 * @uses mkdir() 31 * @uses chmod() 32 * @uses is_writable() 33 * @uses is_readable() 34 * @uses move_uploaded_file() 35 * @uses basename() 36 * @uses preg_replace() 37 * @uses bin2hex() 38 * @uses fread() 39 * @uses fopen() 40 * @uses filesize() 41 * @uses unlink() 42 * @uses strlen() 43 * @uses md5() 44 * @uses implode() 45 * @uses PMA_IS_WINDOWS 46 * @uses PMA_NO_VARIABLES_IMPORT 47 * @uses PMA_checkParameters() 48 * @uses PMA_sqlAddslashes() 49 * @uses PMA_userDir() 50 */ 51 52 /** 53 * do not import request variable into global scope 54 */ 55 if (! defined('PMA_NO_VARIABLES_IMPORT')) { 56 define('PMA_NO_VARIABLES_IMPORT', true); 57 } 58 /** 59 * Gets some core libraries 60 */ 61 require_once './libraries/common.lib.php'; 62 63 $valid_file_was_uploaded = false; 64 65 // Check if a multi-edit row was found 66 67 $me_fields_upload = 68 (isset($_FILES['fields_upload_' . $key]['tmp_name']['multi_edit'][$primary_key]) 69 ? $_FILES['fields_upload_' . $key]['tmp_name']['multi_edit'][$primary_key] 70 : (isset($_FILES['fields_upload_' . $key]['tmp_name']) 71 ? $_FILES['fields_upload_' . $key]['tmp_name'] 72 : 'none')); 73 74 $me_fields_uploadlocal = 75 (isset($_REQUEST['fields_uploadlocal_' . $key]['multi_edit']) 76 ? $_REQUEST['fields_uploadlocal_' . $key]['multi_edit'][$primary_key] 77 : (isset($_REQUEST['fields_uploadlocal_' . $key]) 78 ? $_REQUEST['fields_uploadlocal_' . $key] 79 : null)); 80 81 if ($me_fields_upload != 'none') { 82 // garvin: This fields content is a blob-file upload. 83 84 $file_to_insert = false; 85 $unlink = false; 86 87 if (is_uploaded_file($me_fields_upload)) { 88 // whether we insert form uploaded file ... 89 90 $file_to_insert = $me_fields_upload; 91 92 // If we are on a server with open_basedir, we must move the file 93 // before opening it. The FAQ 1.11 explains how to create the "./tmp" 94 // directory - if needed 95 if ('' != ini_get('open_basedir')) { 96 $tmp_subdir = (PMA_IS_WINDOWS ? '.\\tmp\\' : './tmp/'); 97 98 if (! is_dir($tmp_subdir)) { 99 // try to create the tmp directory if not exists 100 if (mkdir($tmp_subdir, 0777)) { 101 chmod($tmp_subdir, 0777); 102 } 103 } 104 105 if (! is_writable($tmp_subdir)) { 106 // if we cannot move the file don't change blob fields 107 $file_to_insert = false; 108 } else { 109 $new_file_to_upload = $tmp_subdir . basename($file_to_insert); 110 111 move_uploaded_file($file_to_insert, $new_file_to_upload); 112 113 $file_to_insert = $new_file_to_upload; 114 $unlink = true; 115 unset($new_file_to_upload); 116 } 117 unset($tmp_subdir); 118 } 119 } elseif (! empty($me_fields_uploadlocal)) { 120 // ... or selected file from $cfg['UploadDir'] 121 122 $file_to_insert = PMA_userDir($GLOBALS['cfg']['UploadDir']) . preg_replace('@\.\.*@', '.', $me_fields_uploadlocal); 123 124 if (! is_readable($file_to_insert)) { 125 $file_to_insert = false; 126 } 127 } 128 // garvin: else: Post-field contains no data. Blob-fields are preserved, see below. ($protected$) 129 130 if ($file_to_insert) { 131 $val = ''; 132 // check if file is not empty 133 if (function_exists('file_get_contents')) { 134 $val = file_get_contents($file_to_insert); 135 } elseif ($file_to_insert_size = filesize($file_to_insert)) { 136 $val = fread(fopen($file_to_insert, 'rb'), $file_to_insert_size); 137 } 138 139 if (! empty($val)) { 140 $val = '0x' . bin2hex($val); 141 $seen_binary = true; 142 $valid_file_was_uploaded = true; 143 } 144 145 if ($unlink == true) { 146 unlink($file_to_insert); 147 } 148 } 149 150 unset($file_to_insert, $file_to_insert_size, $unlink); 151 } 152 153 if (false === $valid_file_was_uploaded) { 154 155 // f i e l d v a l u e i n t h e f o r m 156 157 if (isset($me_fields_type[$key])) { 158 $type = $me_fields_type[$key]; 159 } else { 160 $type = ''; 161 } 162 163 $f = 'field_' . md5($key); 164 165 if (0 === strlen($val)) { 166 // default 167 $val = "''"; 168 169 switch ($type) { 170 case 'enum': 171 // if we have an enum, then construct the value 172 case 'set': 173 // if we have a set, then construct the value 174 case 'foreign': 175 // if we have a foreign key, then construct the value 176 if (! empty($_REQUEST[$f]['multi_edit'][$primary_key])) { 177 $val = implode(',', $_REQUEST[$f]['multi_edit'][$primary_key]); 178 $val = "'" . PMA_sqlAddslashes($val) . "'"; 179 } 180 break; 181 case 'protected': 182 // here we are in protected mode (asked in the config) 183 // so tbl_change has put this special value in the 184 // fields array, so we do not change the field value 185 // but we can still handle field upload 186 187 // garvin: when in UPDATE mode, do not alter field's contents. When in INSERT 188 // mode, insert empty field because no values were submitted. If protected 189 // blobs where set, insert original fields content. 190 if (! empty($prot_row[$key])) { 191 $val = '0x' . bin2hex($prot_row[$key]); 192 $seen_binary = true; 193 } else { 194 $val = ''; 195 } 196 197 break; 198 default: 199 // best way to avoid problems in strict mode (works also in non-strict mode) 200 if (isset($me_auto_increment) && isset($me_auto_increment[$key])) { 201 $val = 'NULL'; 202 } 203 break; 204 } 205 } elseif (! ($type == 'timestamp' && $val == 'CURRENT_TIMESTAMP')) { 206 $val = "'" . PMA_sqlAddslashes($val) . "'"; 207 } 208 209 // Was the Null checkbox checked for this field? 210 // (if there is a value, we ignore the Null checkbox: this could 211 // be possible if Javascript is disabled in the browser) 212 if (isset($me_fields_null[$key]) 213 && $val == "''") { 214 $val = 'NULL'; 215 } 216 217 // The Null checkbox was unchecked for this field 218 if (empty($val) && isset($me_fields_null_prev[$key]) && ! isset($me_fields_null[$key])) { 219 $val = "''"; 220 } 221 } // end else (field value in the form) 222 unset($valid_file_was_uploaded, $me_fields_upload, $me_fields_uploadlocal, $type, $f); 223 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Mon Nov 26 15:18:20 2007 | par Balluche grâce à PHPXref 0.7 |
|
|