| [ Index ] |
|
Code source de phpMyAdmin 2.10.3 |
1 <?php 2 /* $Id: transformations.lib.php 9616 2006-10-26 14:56:57Z nijel $ */ 3 // vim: expandtab sw=4 ts=4 sts=4: 4 5 /** 6 * Set of functions used with the relation and pdf feature 7 */ 8 9 function PMA_transformation_getOptions($string) { 10 $transform_options = array(); 11 12 /* Parse options */ 13 for ($nextToken = strtok($string, ','); $nextToken !== false; $nextToken = strtok(',')) { 14 $trimmed = trim($nextToken); 15 if ($trimmed{0} == '\'' && $trimmed{strlen($trimmed) - 1} == '\'') { 16 $transform_options[] = substr($trimmed, 1, -1); 17 } else { 18 if ($trimmed{0} == '\'') { 19 $trimmed= ltrim($nextToken); 20 while ($nextToken !== false) { 21 $nextToken = strtok(','); 22 $trimmed .= $nextToken; 23 $rtrimmed = rtrim($trimmed); 24 if ($rtrimmed{strlen($rtrimmed) - 1} == '\'') break; 25 } 26 $transform_options[] = substr($rtrimmed, 1, -1); 27 } else { 28 $transform_options[] = $nextToken; 29 } 30 } 31 } 32 33 // strip possible slashes to behave like documentation says 34 $result = array(); 35 foreach ($transform_options as $val) { 36 $result[] = stripslashes($val); 37 } 38 return $result; 39 } 40 41 /** 42 * Gets all available MIME-types 43 * 44 * @return array array[mimetype], array[transformation] 45 * 46 * @access public 47 * 48 * @author Garvin Hicking <me@supergarv.de> 49 */ 50 function PMA_getAvailableMIMEtypes() { 51 $handle = opendir('./libraries/transformations'); 52 53 $stack = array(); 54 $filestack = array(); 55 56 while (($file = readdir($handle)) != false) { 57 $filestack[$file] = $file; 58 } 59 60 closedir($handle); 61 62 if (is_array($filestack)) { 63 @ksort($filestack); 64 foreach ($filestack AS $key => $file) { 65 66 if (preg_match('|^.*__.*\.inc\.php$|', trim($file))) { 67 // File contains transformation functions. 68 $base = explode('__', str_replace('.inc.php', '', $file)); 69 $mimetype = str_replace('_', '/', $base[0]); 70 $stack['mimetype'][$mimetype] = $mimetype; 71 72 $stack['transformation'][] = $mimetype . ': ' . $base[1]; 73 $stack['transformation_file'][] = $file; 74 75 } elseif (preg_match('|^.*\.inc\.php$|', trim($file))) { 76 // File is a plain mimetype, no functions. 77 $base = str_replace('.inc.php', '', $file); 78 79 if ($base != 'global') { 80 $mimetype = str_replace('_', '/', $base); 81 $stack['mimetype'][$mimetype] = $mimetype; 82 $stack['empty_mimetype'][$mimetype] = $mimetype; 83 } 84 } 85 86 } 87 } 88 89 return $stack; 90 } 91 92 /** 93 * Gets the mimetypes for all rows of a table 94 * 95 * @param string the name of the db to check for 96 * @param string the name of the table to check for 97 * @param string whether to include only results having a mimetype set 98 * 99 * @return array [field_name][field_key] = field_value 100 * 101 * @global array the list of relations settings 102 * 103 * @access public 104 * 105 * @author Mike Beck <mikebeck@users.sourceforge.net> / Garvin Hicking <me@supergarv.de> 106 */ 107 function PMA_getMIME($db, $table, $strict = false) { 108 global $cfgRelation; 109 110 $com_qry = 'SELECT column_name, mimetype, transformation, transformation_options FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['column_info']) 111 . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'' 112 . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'' 113 . ' AND (mimetype != \'\'' . (!$strict ? ' OR transformation != \'\' OR transformation_options != \'\'' : '') . ')'; 114 $com_rs = PMA_query_as_cu($com_qry); 115 116 while ($row = @PMA_DBI_fetch_assoc($com_rs)) { 117 $col = $row['column_name']; 118 $mime[$col]['mimetype'] = $row['mimetype']; 119 $mime[$col]['transformation'] = $row['transformation']; 120 $mime[$col]['transformation_options'] = $row['transformation_options']; 121 } // end while 122 PMA_DBI_free_result($com_rs); 123 unset($com_rs); 124 125 if (isset($mime) && is_array($mime)) { 126 return $mime; 127 } else { 128 return FALSE; 129 } 130 } // end of the 'PMA_getMIME()' function 131 132 /** 133 * Set a single mimetype to a certain value. 134 * 135 * @param string the name of the db 136 * @param string the name of the table 137 * @param string the name of the column 138 * @param string the mimetype of the column 139 * @param string the transformation of the column 140 * @param string the transformation options of the column 141 * @param string (optional) force delete, will erase any existing comments for this column 142 * 143 * @return boolean true, if comment-query was made. 144 * 145 * @global array the list of relations settings 146 * 147 * @access public 148 */ 149 function PMA_setMIME($db, $table, $key, $mimetype, $transformation, $transformation_options, $forcedelete = false) { 150 global $cfgRelation; 151 152 $test_qry = 'SELECT mimetype, ' . PMA_backquote('comment') . ' FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['column_info']) 153 . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'' 154 . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'' 155 . ' AND column_name = \'' . PMA_sqlAddslashes($key) . '\''; 156 $test_rs = PMA_query_as_cu($test_qry, TRUE, PMA_DBI_QUERY_STORE); 157 158 if ($test_rs && PMA_DBI_num_rows($test_rs) > 0) { 159 $row = @PMA_DBI_fetch_assoc($test_rs); 160 PMA_DBI_free_result($test_rs); 161 unset($test_rs); 162 163 if (!$forcedelete && (strlen($mimetype) > 0 || strlen($transformation) > 0 || strlen($transformation_options) > 0 || strlen($row['comment']) > 0)) { 164 $upd_query = 'UPDATE ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['column_info']) 165 . ' SET mimetype = \'' . PMA_sqlAddslashes($mimetype) . '\',' 166 . ' transformation = \'' . PMA_sqlAddslashes($transformation) . '\',' 167 . ' transformation_options = \'' . PMA_sqlAddslashes($transformation_options) . '\'' 168 . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'' 169 . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'' 170 . ' AND column_name = \'' . PMA_sqlAddslashes($key) . '\''; 171 } else { 172 $upd_query = 'DELETE FROM ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['column_info']) 173 . ' WHERE db_name = \'' . PMA_sqlAddslashes($db) . '\'' 174 . ' AND table_name = \'' . PMA_sqlAddslashes($table) . '\'' 175 . ' AND column_name = \'' . PMA_sqlAddslashes($key) . '\''; 176 } 177 } elseif (strlen($mimetype) > 0 || strlen($transformation) > 0 || strlen($transformation_options) > 0) { 178 $upd_query = 'INSERT INTO ' . PMA_backquote($GLOBALS['cfgRelation']['db']) . '.' . PMA_backquote($cfgRelation['column_info']) 179 . ' (db_name, table_name, column_name, mimetype, transformation, transformation_options) ' 180 . ' VALUES(' 181 . '\'' . PMA_sqlAddslashes($db) . '\',' 182 . '\'' . PMA_sqlAddslashes($table) . '\',' 183 . '\'' . PMA_sqlAddslashes($key) . '\',' 184 . '\'' . PMA_sqlAddslashes($mimetype) . '\',' 185 . '\'' . PMA_sqlAddslashes($transformation) . '\',' 186 . '\'' . PMA_sqlAddslashes($transformation_options) . '\')'; 187 } 188 189 if (isset($upd_query)){ 190 $upd_rs = PMA_query_as_cu($upd_query); 191 PMA_DBI_free_result($upd_rs); 192 unset($upd_rs); 193 return true; 194 } else { 195 return false; 196 } 197 } // end of 'PMA_setMIME()' function 198 199 /** 200 * Returns the real filename of a configured transformation 201 * 202 * @param string the current filename 203 * 204 * @return string the new filename 205 * 206 * @access public 207 */ 208 function PMA_sanitizeTransformationFile(&$filename) { 209 // garvin: for security, never allow to break out from transformations directory 210 211 $include_file = PMA_securePath($filename); 212 213 // This value can also contain a 'php3' value, in which case we map this filename to our new 'php' variant 214 $testfile = preg_replace('@\.inc\.php3$@', '.inc.php', $include_file); 215 if ($include_file{strlen($include_file)-1} == '3' && file_exists('./libraries/transformations/' . $testfile)) { 216 $include_file = $testfile; 217 $filename = $testfile; // Corrects the referenced variable for further actions on the filename; 218 } 219 220 return $include_file; 221 } // end of 'PMA_sanitizeTransformationFile()' function 222 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Mon Nov 26 15:18:20 2007 | par Balluche grâce à PHPXref 0.7 |
|
|