Sākums Izpētīt Palīdzība
Pierakstīties
hanzhengyi
/
usky-website
1
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Koks: 018c4ec8ef
Atzari Tagi
usky-website
/
web
/
phpMyAdmin
/
libraries
/
classes
/
Controllers
/
Table
/
GetFieldController.php

GetFieldController.php 2.6 KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 
  1. <?php
    2. 

  2. 

  3. declare(strict_types=1);
    4. 

  4. 

  5. namespace PhpMyAdmin\Controllers\Table;
    6. 

  6. 

  7. use PhpMyAdmin\Core;
    8. 

  8. use PhpMyAdmin\DatabaseInterface;
    9. 

  9. use PhpMyAdmin\Html\Generator;
    10. 

  10. use PhpMyAdmin\Mime;
    11. 

  11. use PhpMyAdmin\Response;
    12. 

  12. use PhpMyAdmin\Template;
    13. 

  13. use PhpMyAdmin\Util;
    14. 

  14. use function htmlspecialchars;
    15. 

  15. use function ini_set;
    16. 

  16. use function sprintf;
    17. 

  17. use function strlen;
    18. 

  18. 

  19. /**
    20. 

  20.  * Provides download to a given field defined in parameters.
    21. 

  21.  */
    22. 

  22. class GetFieldController extends AbstractController
    23. 

  23. {
    24. 

  24.     /** @var DatabaseInterface */
    25. 

  25.     private $dbi;
    26. 

  26. 

  27.     /**
    28. 

  28.      * @param Response          $response
    29. 

  29.      * @param string            $db       Database name.
    30. 

  30.      * @param string            $table    Table name.
    31. 

  31.      * @param DatabaseInterface $dbi
    32. 

  32.      */
    33. 

  33.     public function __construct($response, Template $template, $db, $table, $dbi)
    34. 

  34.     {
    35. 

  35.         parent::__construct($response, $template, $db, $table);
    36. 

  36.         $this->dbi = $dbi;
    37. 

  37.     }
    38. 

  38. 

  39.     public function index(): void
    40. 

  40.     {
    41. 

  41.         global $db, $table;
    42. 

  42. 

  43.         $this->response->disable();
    44. 

  44. 

  45.         /* Check parameters */
    46. 

  46.         Util::checkParameters([
    47. 

  47.             'db',
    48. 

  48.             'table',
    49. 

  49.         ]);
    50. 

  50. 

  51.         /* Select database */
    52. 

  52.         if (! $this->dbi->selectDb($db)) {
    53. 

  53.             Generator::mysqlDie(
    54. 

  54.                 sprintf(__('\'%s\' database does not exist.'), htmlspecialchars($db)),
    55. 

  55.                 '',
    56. 

  56.                 false
    57. 

  57.             );
    58. 

  58.         }
    59. 

  59. 

  60.         /* Check if table exists */
    61. 

  61.         if (! $this->dbi->getColumns($db, $table)) {
    62. 

  62.             Generator::mysqlDie(__('Invalid table name'));
    63. 

  63.         }
    64. 

  64. 

  65.         if (! isset($_GET['where_clause'])
    66. 

  66.             || ! isset($_GET['where_clause_sign'])
    67. 

  67.             || ! Core::checkSqlQuerySignature($_GET['where_clause'], $_GET['where_clause_sign'])
    68. 

  68.         ) {
    69. 

  69.             /* l10n: In case a SQL query did not pass a security check  */
    70. 

  70.             Core::fatalError(__('There is an issue with your request.'));
    71. 

  71. 

  72.             return;
    73. 

  73.         }
    74. 

  74. 

  75.         /* Grab data */
    76. 

  76.         $sql = 'SELECT ' . Util::backquote($_GET['transform_key'])
    77. 

  77.             . ' FROM ' . Util::backquote($table)
    78. 

  78.             . ' WHERE ' . $_GET['where_clause'] . ';';
    79. 

  79.         $result = $this->dbi->fetchValue($sql);
    80. 

  80. 

  81.         /* Check return code */
    82. 

  82.         if ($result === false) {
    83. 

  83.             Generator::mysqlDie(
    84. 

  84.                 __('MySQL returned an empty result set (i.e. zero rows).'),
    85. 

  85.                 $sql
    86. 

  86.             );
    87. 

  87.         }
    88. 

  88. 

  89.         /* Avoid corrupting data */
    90. 

  90.         ini_set('url_rewriter.tags', '');
    91. 

  91. 

  92.         Core::downloadHeader(
    93. 

  93.             $table . '-' . $_GET['transform_key'] . '.bin',
    94. 

  94.             Mime::detect($result),
    95. 

  95.             strlen($result)
    96. 

  96.         );
    97. 

  97.         echo $result;
    98. 

  98.     }
    99. 

  99. }
    100.