Current File : //home/tradevaly/public_html/phpmy/libraries/classes/InsertEdit.php |
<?php
/**
* set of functions with the insert/edit features in pma
*/
declare(strict_types=1);
namespace PhpMyAdmin;
use PhpMyAdmin\ConfigStorage\Relation;
use PhpMyAdmin\Dbal\ResultInterface;
use PhpMyAdmin\Html\Generator;
use PhpMyAdmin\Plugins\TransformationsPlugin;
use PhpMyAdmin\Utils\Gis;
use function __;
use function array_fill;
use function array_key_exists;
use function array_keys;
use function array_merge;
use function array_values;
use function bin2hex;
use function class_exists;
use function count;
use function current;
use function date;
use function explode;
use function htmlspecialchars;
use function implode;
use function in_array;
use function is_array;
use function is_file;
use function is_string;
use function max;
use function mb_stripos;
use function mb_strlen;
use function mb_strstr;
use function mb_substr;
use function md5;
use function method_exists;
use function min;
use function password_hash;
use function preg_match;
use function preg_replace;
use function str_contains;
use function str_replace;
use function stripcslashes;
use function stripslashes;
use function strlen;
use function substr;
use function time;
use function trim;
use const ENT_COMPAT;
use const PASSWORD_DEFAULT;
/**
* PhpMyAdmin\InsertEdit class
*/
class InsertEdit
{
/**
* DatabaseInterface instance
*
* @var DatabaseInterface
*/
private $dbi;
/** @var Relation */
private $relation;
/** @var Transformations */
private $transformations;
/** @var FileListing */
private $fileListing;
/** @var Template */
public $template;
/**
* @param DatabaseInterface $dbi DatabaseInterface instance
*/
public function __construct(DatabaseInterface $dbi)
{
$this->dbi = $dbi;
$this->relation = new Relation($this->dbi);
$this->transformations = new Transformations();
$this->fileListing = new FileListing();
$this->template = new Template();
}
/**
* Retrieve form parameters for insert/edit form
*
* @param string $db name of the database
* @param string $table name of the table
* @param array|null $whereClauses where clauses
* @param array $whereClauseArray array of where clauses
* @param string $errorUrl error url
*
* @return array array of insert/edit form parameters
*/
public function getFormParametersForInsertForm(
$db,
$table,
?array $whereClauses,
array $whereClauseArray,
$errorUrl
): array {
$formParams = [
'db' => $db,
'table' => $table,
'goto' => $GLOBALS['goto'],
'err_url' => $errorUrl,
'sql_query' => $_POST['sql_query'] ?? '',
];
if (isset($whereClauses)) {
foreach ($whereClauseArray as $keyId => $whereClause) {
$formParams['where_clause[' . $keyId . ']'] = trim($whereClause);
}
}
if (isset($_POST['clause_is_unique'])) {
$formParams['clause_is_unique'] = $_POST['clause_is_unique'];
}
return $formParams;
}
/**
* Creates array of where clauses
*
* @param array|string|null $whereClause where clause
*
* @return array whereClauseArray array of where clauses
*/
private function getWhereClauseArray($whereClause): array
{
if ($whereClause === null) {
return [];
}
if (is_array($whereClause)) {
return $whereClause;
}
return [0 => $whereClause];
}
/**
* Analysing where clauses array
*
* @param array $whereClauseArray array of where clauses
* @param string $table name of the table
* @param string $db name of the database
*
* @return array $where_clauses, $result, $rows, $found_unique_key
*/
private function analyzeWhereClauses(
array $whereClauseArray,
$table,
$db
): array {
$rows = [];
$result = [];
$whereClauses = [];
$foundUniqueKey = false;
foreach ($whereClauseArray as $keyId => $whereClause) {
$localQuery = 'SELECT * FROM '
. Util::backquote($db) . '.'
. Util::backquote($table)
. ' WHERE ' . $whereClause . ';';
$result[$keyId] = $this->dbi->query($localQuery);
$rows[$keyId] = $result[$keyId]->fetchAssoc();
$whereClauses[$keyId] = str_replace('\\', '\\\\', $whereClause);
$hasUniqueCondition = $this->showEmptyResultMessageOrSetUniqueCondition(
$rows,
$keyId,
$whereClauseArray,
$localQuery,
$result
);
if (! $hasUniqueCondition) {
continue;
}
$foundUniqueKey = true;
}
return [
$whereClauses,
$result,
$rows,
$foundUniqueKey,
];
}
/**
* Show message for empty result or set the unique_condition
*
* @param array $rows MySQL returned rows
* @param string $keyId ID in current key
* @param array $whereClauseArray array of where clauses
* @param string $localQuery query performed
* @param ResultInterface[] $result MySQL result handle
*/
private function showEmptyResultMessageOrSetUniqueCondition(
array $rows,
$keyId,
array $whereClauseArray,
$localQuery,
array $result
): bool {
// No row returned
if (! $rows[$keyId]) {
unset($rows[$keyId], $whereClauseArray[$keyId]);
ResponseRenderer::getInstance()->addHTML(
Generator::getMessage(
__('MySQL returned an empty result set (i.e. zero rows).'),
$localQuery
)
);
/**
* @todo not sure what should be done at this point, but we must not
* exit if we want the message to be displayed
*/
return false;
}
$meta = $this->dbi->getFieldsMeta($result[$keyId]);
[$uniqueCondition] = Util::getUniqueCondition(
count($meta),
$meta,
$rows[$keyId],
true
);
return (bool) $uniqueCondition;
}
/**
* No primary key given, just load first row
*
* @param string $table name of the table
* @param string $db name of the database
*
* @return array containing $result and $rows arrays
*/
private function loadFirstRow($table, $db)
{
$result = $this->dbi->query(
'SELECT * FROM ' . Util::backquote($db)
. '.' . Util::backquote($table) . ' LIMIT 1;'
);
// Can be a string on some old configuration storage settings
$rows = array_fill(0, (int) $GLOBALS['cfg']['InsertRows'], false);
return [
$result,
$rows,
];
}
/**
* Add some url parameters
*
* @param array $urlParams containing $db and $table as url parameters
* @param array $whereClauseArray where clauses array
*
* @return array Add some url parameters to $url_params array and return it
*/
public function urlParamsInEditMode(
array $urlParams,
array $whereClauseArray
): array {
foreach ($whereClauseArray as $whereClause) {
$urlParams['where_clause'] = trim($whereClause);
}
if (! empty($_POST['sql_query'])) {
$urlParams['sql_query'] = $_POST['sql_query'];
}
return $urlParams;
}
/**
* Show type information or function selectors in Insert/Edit
*
* @param string $which function|type
* @param array $urlParams containing url parameters
* @param bool $isShow whether to show the element in $which
*
* @return string an HTML snippet
*/
public function showTypeOrFunction($which, array $urlParams, $isShow): string
{
$params = [];
switch ($which) {
case 'function':
$params['ShowFunctionFields'] = ($isShow ? 0 : 1);
$params['ShowFieldTypesInDataEditView'] = $GLOBALS['cfg']['ShowFieldTypesInDataEditView'];
break;
case 'type':
$params['ShowFieldTypesInDataEditView'] = ($isShow ? 0 : 1);
$params['ShowFunctionFields'] = $GLOBALS['cfg']['ShowFunctionFields'];
break;
}
$params['goto'] = Url::getFromRoute('/sql');
$thisUrlParams = array_merge($urlParams, $params);
if (! $isShow) {
return ' : <a href="' . Url::getFromRoute('/table/change') . '" data-post="'
. Url::getCommon($thisUrlParams, '', false) . '">'
. $this->showTypeOrFunctionLabel($which)
. '</a>';
}
return '<th><a href="' . Url::getFromRoute('/table/change') . '" data-post="'
. Url::getCommon($thisUrlParams, '', false)
. '" title="' . __('Hide') . '">'
. $this->showTypeOrFunctionLabel($which)
. '</a></th>';
}
/**
* Show type information or function selectors labels in Insert/Edit
*
* @param string $which function|type
*
* @return string an HTML snippet
*/
private function showTypeOrFunctionLabel($which): string
{
switch ($which) {
case 'function':
return __('Function');
case 'type':
return __('Type');
}
return '';
}
/**
* Analyze the table column array
*
* @param array $column description of column in given table
* @param array $commentsMap comments for every column that has a comment
* @param bool $timestampSeen whether a timestamp has been seen
*
* @return array description of column in given table
*/
private function analyzeTableColumnsArray(
array $column,
array $commentsMap,
$timestampSeen
) {
$column['Field_md5'] = md5($column['Field']);
// True_Type contains only the type (stops at first bracket)
$column['True_Type'] = preg_replace('@\(.*@s', '', $column['Type']);
$column['len'] = preg_match('@float|double@', $column['Type']) ? 100 : -1;
$column['Field_title'] = $this->getColumnTitle($column, $commentsMap);
$column['is_binary'] = $this->isColumn(
$column,
[
'binary',
'varbinary',
]
);
$column['is_blob'] = $this->isColumn(
$column,
[
'blob',
'tinyblob',
'mediumblob',
'longblob',
]
);
$column['is_char'] = $this->isColumn(
$column,
[
'char',
'varchar',
]
);
[
$column['pma_type'],
$column['wrap'],
$column['first_timestamp'],
] = $this->getEnumSetAndTimestampColumns($column, $timestampSeen);
return $column;
}
/**
* Retrieve the column title
*
* @param array $column description of column in given table
* @param array $commentsMap comments for every column that has a comment
*
* @return string column title
*/
private function getColumnTitle(array $column, array $commentsMap): string
{
if (isset($commentsMap[$column['Field']])) {
return '<span style="border-bottom: 1px dashed black;" title="'
. htmlspecialchars($commentsMap[$column['Field']]) . '">'
. htmlspecialchars($column['Field']) . '</span>';
}
return htmlspecialchars($column['Field']);
}
/**
* check whether the column is of a certain type
* the goal is to ensure that types such as "enum('one','two','binary',..)"
* or "enum('one','two','varbinary',..)" are not categorized as binary
*
* @param array $column description of column in given table
* @param string[] $types the types to verify
*/
public function isColumn(array $column, array $types): bool
{
foreach ($types as $oneType) {
if (mb_stripos($column['Type'], $oneType) === 0) {
return true;
}
}
return false;
}
/**
* Retrieve set, enum, timestamp table columns
*
* @param array $column description of column in given table
* @param bool $timestampSeen whether a timestamp has been seen
*
* @return array $column['pma_type'], $column['wrap'], $column['first_timestamp']
* @psalm-return array{0: mixed, 1: string, 2: bool}
*/
private function getEnumSetAndTimestampColumns(array $column, $timestampSeen)
{
switch ($column['True_Type']) {
case 'set':
return [
'set',
'',
false,
];
case 'enum':
return [
'enum',
'',
false,
];
case 'timestamp':
return [
$column['Type'],
' text-nowrap',
! $timestampSeen, // can only occur once per table
];
default:
return [
$column['Type'],
' text-nowrap',
false,
];
}
}
/**
* Retrieve the nullify code for the null column
*
* @param array $column description of column in given table
* @param array $foreigners keys into foreign fields
* @param array $foreignData data about the foreign keys
*/
private function getNullifyCodeForNullColumn(
array $column,
array $foreigners,
array $foreignData
): string {
$foreigner = $this->relation->searchColumnInForeigners($foreigners, $column['Field']);
if (mb_strstr($column['True_Type'], 'enum')) {
if (mb_strlen((string) $column['Type']) > 20) {
$nullifyCode = '1';
} else {
$nullifyCode = '2';
}
} elseif (mb_strstr($column['True_Type'], 'set')) {
$nullifyCode = '3';
} elseif ($foreigner && $foreignData['foreign_link'] == false) {
// foreign key in a drop-down
$nullifyCode = '4';
} elseif ($foreigner && $foreignData['foreign_link'] == true) {
// foreign key with a browsing icon
$nullifyCode = '6';
} else {
$nullifyCode = '5';
}
return $nullifyCode;
}
/**
* Get HTML textarea for insert form
*
* @param array $column column information
* @param string $backupField hidden input field
* @param string $columnNameAppendix the name attribute
* @param string $onChangeClause onchange clause for fields
* @param int $tabindex tab index
* @param int $tabindexForValue offset for the values tabindex
* @param int $idindex id index
* @param string $textDir text direction
* @param string $specialCharsEncoded replaced char if the string starts
* with a \r\n pair (0x0d0a) add an extra \n
* @param string $dataType the html5 data-* attribute type
* @param bool $readOnly is column read only or not
*
* @return string an html snippet
*/
private function getTextarea(
array $column,
$backupField,
$columnNameAppendix,
$onChangeClause,
$tabindex,
$tabindexForValue,
$idindex,
$textDir,
$specialCharsEncoded,
$dataType,
$readOnly
): string {
$theClass = '';
$textAreaRows = $GLOBALS['cfg']['TextareaRows'];
$textareaCols = $GLOBALS['cfg']['TextareaCols'];
if ($column['is_char']) {
/**
* @todo clarify the meaning of the "textfield" class and explain
* why character columns have the "char" class instead
*/
$theClass = 'char charField';
$textAreaRows = $GLOBALS['cfg']['CharTextareaRows'];
$textareaCols = $GLOBALS['cfg']['CharTextareaCols'];
$extractedColumnspec = Util::extractColumnSpec($column['Type']);
$maxlength = $extractedColumnspec['spec_in_brackets'];
} elseif ($GLOBALS['cfg']['LongtextDoubleTextarea'] && mb_strstr($column['pma_type'], 'longtext')) {
$textAreaRows = $GLOBALS['cfg']['TextareaRows'] * 2;
$textareaCols = $GLOBALS['cfg']['TextareaCols'] * 2;
}
return $backupField . "\n"
. '<textarea name="fields' . $columnNameAppendix . '"'
. ' class="' . $theClass . '"'
. ($readOnly ? ' readonly="readonly"' : '')
. (isset($maxlength) ? ' data-maxlength="' . $maxlength . '"' : '')
. ' rows="' . $textAreaRows . '"'
. ' cols="' . $textareaCols . '"'
. ' dir="' . $textDir . '"'
. ' id="field_' . $idindex . '_3"'
. ($onChangeClause ? ' ' . $onChangeClause : '')
. ' tabindex="' . ($tabindex + $tabindexForValue) . '"'
. ' data-type="' . $dataType . '">'
. $specialCharsEncoded
. '</textarea>';
}
/**
* Get column values
*
* @param string[] $enum_set_values
*
* @return array column values as an associative array
* @psalm-return list<array{html: string, plain: string}>
*/
private function getColumnEnumValues(array $enum_set_values): array
{
$values = [];
foreach ($enum_set_values as $val) {
$values[] = [
'plain' => $val,
'html' => htmlspecialchars($val),
];
}
return $values;
}
/**
* Retrieve column 'set' value and select size
*
* @param array $column description of column in given table
* @param string[] $enum_set_values
*
* @return array $column['values'], $column['select_size']
*/
private function getColumnSetValueAndSelectSize(
array $column,
array $enum_set_values
): array {
if (! isset($column['values'])) {
$column['values'] = [];
foreach ($enum_set_values as $val) {
$column['values'][] = [
'plain' => $val,
'html' => htmlspecialchars($val),
];
}
$column['select_size'] = min(4, count($column['values']));
}
return [
$column['values'],
$column['select_size'],
];
}
/**
* Get HTML input type
*
* @param array $column description of column in given table
* @param string $columnNameAppendix the name attribute
* @param string $specialChars special characters
* @param int $fieldsize html field size
* @param string $onChangeClause onchange clause for fields
* @param int $tabindex tab index
* @param int $tabindexForValue offset for the values tabindex
* @param int $idindex id index
* @param string $dataType the html5 data-* attribute type
* @param bool $readOnly is column read only or not
*
* @return string an html snippet
*/
private function getHtmlInput(
array $column,
$columnNameAppendix,
$specialChars,
$fieldsize,
$onChangeClause,
$tabindex,
$tabindexForValue,
$idindex,
$dataType,
$readOnly
): string {
$theClass = 'textfield';
// verify True_Type which does not contain the parentheses and length
if (! $readOnly) {
if ($column['True_Type'] === 'date') {
$theClass .= ' datefield';
} elseif ($column['True_Type'] === 'time') {
$theClass .= ' timefield';
} elseif ($column['True_Type'] === 'datetime' || $column['True_Type'] === 'timestamp') {
$theClass .= ' datetimefield';
}
}
$inputMinMax = '';
if (in_array($column['True_Type'], $this->dbi->types->getIntegerTypes())) {
$extractedColumnspec = Util::extractColumnSpec($column['Type']);
$isUnsigned = $extractedColumnspec['unsigned'];
$minMaxValues = $this->dbi->types->getIntegerRange($column['True_Type'], ! $isUnsigned);
$inputMinMax = 'min="' . $minMaxValues[0] . '" '
. 'max="' . $minMaxValues[1] . '"';
$dataType = 'INT';
}
// do not use the 'date' or 'time' types here; they have no effect on some
// browsers and create side effects (see bug #4218)
return '<input type="text"'
. ' name="fields' . $columnNameAppendix . '"'
. ' value="' . $specialChars . '" size="' . $fieldsize . '"'
. (isset($column['is_char']) && $column['is_char']
? ' data-maxlength="' . $fieldsize . '"'
: '')
. ($readOnly ? ' readonly="readonly"' : '')
. ($inputMinMax ? ' ' . $inputMinMax : '')
. ' data-type="' . $dataType . '"'
. ' class="' . $theClass . '" ' . $onChangeClause
. ' tabindex="' . ($tabindex + $tabindexForValue) . '"'
. ' id="field_' . $idindex . '_3">';
}
/**
* Get HTML select option for upload
*
* @param string $vkey [multi_edit]['row_id']
* @param string $fieldHashMd5 array index as an MD5 to avoid having special characters
*
* @return string an HTML snippet
*/
private function getSelectOptionForUpload(string $vkey, string $fieldHashMd5): string
{
$files = $this->fileListing->getFileSelectOptions(
Util::userDir((string) ($GLOBALS['cfg']['UploadDir'] ?? ''))
);
if ($files === false) {
return '<span style="color:red">' . __('Error') . '</span><br>' . "\n"
. __('The directory you set for upload work cannot be reached.') . "\n";
}
if ($files === '') {
return '';
}
return "<br>\n"
. '<i>' . __('Or') . '</i> '
. __('web server upload directory:') . '<br>' . "\n"
. '<select size="1" name="fields_uploadlocal'
. $vkey . '[' . $fieldHashMd5 . ']">' . "\n"
. '<option value="" selected="selected"></option>' . "\n"
. $files
. '</select>' . "\n";
}
/**
* Retrieve the maximum upload file size
*
* @param string $pma_type column type
* @param int $biggestMaxFileSize biggest max file size for uploading
*
* @return array an html snippet and $biggest_max_file_size
* @psalm-return array{non-empty-string, int}
*/
private function getMaxUploadSize(string $pma_type, $biggestMaxFileSize): array
{
// find maximum upload size, based on field type
/**
* @todo with functions this is not so easy, as you can basically
* process any data with function like MD5
*/
$maxFieldSizes = [
'tinyblob' => 256,
'blob' => 65536,
'mediumblob' => 16777216,
'longblob' => 4294967296,// yeah, really
];
$thisFieldMaxSize = (int) $GLOBALS['config']->get('max_upload_size'); // from PHP max
if ($thisFieldMaxSize > $maxFieldSizes[$pma_type]) {
$thisFieldMaxSize = $maxFieldSizes[$pma_type];
}
$htmlOutput = Util::getFormattedMaximumUploadSize($thisFieldMaxSize) . "\n";
// do not generate here the MAX_FILE_SIZE, because we should
// put only one in the form to accommodate the biggest field
if ($thisFieldMaxSize > $biggestMaxFileSize) {
$biggestMaxFileSize = $thisFieldMaxSize;
}
return [
$htmlOutput,
$biggestMaxFileSize,
];
}
/**
* Get HTML for the Value column of other datatypes
* (here, "column" is used in the sense of HTML column in HTML table)
*
* @param array $column description of column in given table
* @param string $defaultCharEditing default char editing mode which is stored
* in the config.inc.php script
* @param string $backupField hidden input field
* @param string $columnNameAppendix the name attribute
* @param string $onChangeClause onchange clause for fields
* @param int $tabindex tab index
* @param string $specialChars special characters
* @param int $tabindexForValue offset for the values tabindex
* @param int $idindex id index
* @param string $textDir text direction
* @param string $specialCharsEncoded replaced char if the string starts
* with a \r\n pair (0x0d0a) add an extra \n
* @param string $data data to edit
* @param array $extractedColumnspec associative array containing type,
* spec_in_brackets and possibly
* enum_set_values (another array)
* @param bool $readOnly is column read only or not
*
* @return string an html snippet
*/
private function getValueColumnForOtherDatatypes(
array $column,
$defaultCharEditing,
$backupField,
$columnNameAppendix,
$onChangeClause,
$tabindex,
$specialChars,
$tabindexForValue,
$idindex,
$textDir,
$specialCharsEncoded,
$data,
array $extractedColumnspec,
$readOnly
): string {
// HTML5 data-* attribute data-type
$dataType = $this->dbi->types->getTypeClass($column['True_Type']);
$fieldsize = $this->getColumnSize($column, $extractedColumnspec['spec_in_brackets']);
$htmlOutput = $backupField . "\n";
if ($column['is_char'] && ($GLOBALS['cfg']['CharEditing'] === 'textarea' || str_contains($data, "\n"))) {
$htmlOutput .= "\n";
$GLOBALS['cfg']['CharEditing'] = $defaultCharEditing;
$htmlOutput .= $this->getTextarea(
$column,
$backupField,
$columnNameAppendix,
$onChangeClause,
$tabindex,
$tabindexForValue,
$idindex,
$textDir,
$specialCharsEncoded,
$dataType,
$readOnly
);
} else {
$htmlOutput .= $this->getHtmlInput(
$column,
$columnNameAppendix,
$specialChars,
$fieldsize,
$onChangeClause,
$tabindex,
$tabindexForValue,
$idindex,
$dataType,
$readOnly
);
if (
preg_match('/(VIRTUAL|PERSISTENT|GENERATED)/', $column['Extra'])
&& ! str_contains($column['Extra'], 'DEFAULT_GENERATED')
) {
$htmlOutput .= '<input type="hidden" name="virtual'
. $columnNameAppendix . '" value="1">';
}
if ($column['Extra'] === 'auto_increment') {
$htmlOutput .= '<input type="hidden" name="auto_increment'
. $columnNameAppendix . '" value="1">';
}
if (substr($column['pma_type'], 0, 9) === 'timestamp') {
$htmlOutput .= '<input type="hidden" name="fields_type'
. $columnNameAppendix . '" value="timestamp">';
}
if (substr($column['pma_type'], 0, 4) === 'date') {
$type = substr($column['pma_type'], 0, 8) === 'datetime' ? 'datetime' : 'date';
$htmlOutput .= '<input type="hidden" name="fields_type'
. $columnNameAppendix . '" value="' . $type . '">';
}
if ($column['True_Type'] === 'bit') {
$htmlOutput .= '<input type="hidden" name="fields_type'
. $columnNameAppendix . '" value="bit">';
}
}
return $htmlOutput;
}
/**
* Get the field size
*
* @param array $column description of column in given table
* @param string $specInBrackets text in brackets inside column definition
*
* @return int field size
*/
private function getColumnSize(array $column, string $specInBrackets): int
{
if ($column['is_char']) {
$fieldsize = (int) $specInBrackets;
if ($fieldsize > $GLOBALS['cfg']['MaxSizeForInputField']) {
/**
* This case happens for CHAR or VARCHAR columns which have
* a size larger than the maximum size for input field.
*/
$GLOBALS['cfg']['CharEditing'] = 'textarea';
}
} else {
/**
* This case happens for example for INT or DATE columns;
* in these situations, the value returned in $column['len']
* seems appropriate.
*/
$fieldsize = $column['len'];
}
return min(
max($fieldsize, $GLOBALS['cfg']['MinSizeForInputField']),
$GLOBALS['cfg']['MaxSizeForInputField']
);
}
/**
* get html for continue insertion form
*
* @param string $table name of the table
* @param string $db name of the database
* @param array $whereClauseArray array of where clauses
* @param string $errorUrl error url
*
* @return string an html snippet
*/
public function getContinueInsertionForm(
$table,
$db,
array $whereClauseArray,
$errorUrl
): string {
return $this->template->render('table/insert/continue_insertion_form', [
'db' => $db,
'table' => $table,
'where_clause_array' => $whereClauseArray,
'err_url' => $errorUrl,
'goto' => $GLOBALS['goto'],
'sql_query' => $_POST['sql_query'] ?? null,
'has_where_clause' => isset($_POST['where_clause']),
'insert_rows_default' => $GLOBALS['cfg']['InsertRows'],
]);
}
/**
* @param string[]|string|null $whereClause
*
* @psalm-pure
*/
public static function isWhereClauseNumeric($whereClause): bool
{
if ($whereClause === null) {
return false;
}
if (! is_array($whereClause)) {
$whereClause = [$whereClause];
}
// If we have just numeric primary key, we can also edit next
// we are looking for `table_name`.`field_name` = numeric_value
foreach ($whereClause as $clause) {
// preg_match() returns 1 if there is a match
$isNumeric = preg_match('@^[\s]*`[^`]*`[\.]`[^`]*` = [0-9]+@', $clause) === 1;
if ($isNumeric) {
return true;
}
}
return false;
}
/**
* Get table head and table foot for insert row table
*
* @param array $urlParams url parameters
*
* @return string an html snippet
*/
private function getHeadAndFootOfInsertRowTable(array $urlParams): string
{
$type = '';
$function = '';
if ($GLOBALS['cfg']['ShowFieldTypesInDataEditView']) {
$type = $this->showTypeOrFunction('type', $urlParams, true);
}
if ($GLOBALS['cfg']['ShowFunctionFields']) {
$function = $this->showTypeOrFunction('function', $urlParams, true);
}
$template = new Template();
return $template->render('table/insert/get_head_and_foot_of_insert_row_table', [
'type' => $type,
'function' => $function,
]);
}
/**
* Prepares the field value and retrieve special chars, backup field and data array
*
* @param array $currentRow a row of the table
* @param array $column description of column in given table
* @param array $extractedColumnspec associative array containing type,
* spec_in_brackets and possibly
* enum_set_values (another array)
* @param array $gisDataTypes list of GIS data types
* @param string $columnNameAppendix string to append to column name in input
* @param bool $asIs use the data as is, used in repopulating
*
* @return array $real_null_value, $data, $special_chars, $backup_field,
* $special_chars_encoded
*/
private function getSpecialCharsAndBackupFieldForExistingRow(
array $currentRow,
array $column,
array $extractedColumnspec,
array $gisDataTypes,
$columnNameAppendix,
$asIs
) {
$specialCharsEncoded = '';
$data = null;
$realNullValue = false;
// (we are editing)
if (! isset($currentRow[$column['Field']])) {
$realNullValue = true;
$currentRow[$column['Field']] = '';
$specialChars = '';
$data = $currentRow[$column['Field']];
} elseif ($column['True_Type'] === 'bit') {
$specialChars = $asIs
? $currentRow[$column['Field']]
: Util::printableBitValue(
(int) $currentRow[$column['Field']],
(int) $extractedColumnspec['spec_in_brackets']
);
} elseif (
(substr($column['True_Type'], 0, 9) === 'timestamp'
|| $column['True_Type'] === 'datetime'
|| $column['True_Type'] === 'time')
&& (str_contains($currentRow[$column['Field']], '.'))
) {
$currentRow[$column['Field']] = $asIs
? $currentRow[$column['Field']]
: Util::addMicroseconds($currentRow[$column['Field']]);
$specialChars = htmlspecialchars($currentRow[$column['Field']], ENT_COMPAT);
} elseif (in_array($column['True_Type'], $gisDataTypes)) {
// Convert gis data to Well Know Text format
$currentRow[$column['Field']] = $asIs
? $currentRow[$column['Field']]
: Gis::convertToWellKnownText($currentRow[$column['Field']], true);
$specialChars = htmlspecialchars($currentRow[$column['Field']], ENT_COMPAT);
} else {
// special binary "characters"
if ($column['is_binary'] || ($column['is_blob'] && $GLOBALS['cfg']['ProtectBinary'] !== 'all')) {
$currentRow[$column['Field']] = $asIs
? $currentRow[$column['Field']]
: bin2hex($currentRow[$column['Field']]);
}
$specialChars = htmlspecialchars($currentRow[$column['Field']], ENT_COMPAT);
//We need to duplicate the first \n or otherwise we will lose
//the first newline entered in a VARCHAR or TEXT column
$specialCharsEncoded = Util::duplicateFirstNewline($specialChars);
$data = $currentRow[$column['Field']];
}
//when copying row, it is useful to empty auto-increment column
// to prevent duplicate key error
if (isset($_POST['default_action']) && $_POST['default_action'] === 'insert') {
if ($column['Key'] === 'PRI' && str_contains($column['Extra'], 'auto_increment')) {
$data = $specialCharsEncoded = $specialChars = null;
}
}
// If a timestamp field value is not included in an update
// statement MySQL auto-update it to the current timestamp;
// however, things have changed since MySQL 4.1, so
// it's better to set a fields_prev in this situation
$backupField = '<input type="hidden" name="fields_prev'
. $columnNameAppendix . '" value="'
. htmlspecialchars($currentRow[$column['Field']], ENT_COMPAT) . '">';
return [
$realNullValue,
$specialCharsEncoded,
$specialChars,
$data,
$backupField,
];
}
/**
* display default values
*
* @param array $column description of column in given table
*
* @return array $real_null_value, $data, $special_chars,
* $backup_field, $special_chars_encoded
* @psalm-return array{bool, mixed, string, string, string}
*/
private function getSpecialCharsAndBackupFieldForInsertingMode(
array $column
) {
if (! isset($column['Default'])) {
$column['Default'] = '';
$realNullValue = true;
$data = '';
} else {
$realNullValue = false;
$data = $column['Default'];
}
$trueType = $column['True_Type'];
if ($trueType === 'bit') {
$specialChars = Util::convertBitDefaultValue($column['Default']);
} elseif (substr($trueType, 0, 9) === 'timestamp' || $trueType === 'datetime' || $trueType === 'time') {
$specialChars = Util::addMicroseconds($column['Default']);
} elseif ($trueType === 'binary' || $trueType === 'varbinary') {
$specialChars = bin2hex($column['Default']);
} elseif (substr($trueType, -4) === 'text') {
$textDefault = substr($column['Default'], 1, -1);
$specialChars = stripcslashes($textDefault !== false ? $textDefault : $column['Default']);
} else {
$specialChars = htmlspecialchars($column['Default']);
}
$specialCharsEncoded = Util::duplicateFirstNewline($specialChars);
return [
$realNullValue,
$data,
$specialChars,
'',
$specialCharsEncoded,
];
}
/**
* Prepares the update/insert of a row
*
* @return array $loop_array, $using_key, $is_insert, $is_insertignore
* @psalm-return array{array, bool, bool, bool}
*/
public function getParamsForUpdateOrInsert()
{
if (isset($_POST['where_clause'])) {
// we were editing something => use the WHERE clause
$loopArray = is_array($_POST['where_clause'])
? $_POST['where_clause']
: [$_POST['where_clause']];
$usingKey = true;
$isInsert = isset($_POST['submit_type'])
&& ($_POST['submit_type'] === 'insert'
|| $_POST['submit_type'] === 'showinsert'
|| $_POST['submit_type'] === 'insertignore');
} else {
// new row => use indexes
$loopArray = [];
if (! empty($_POST['fields'])) {
$loopArray = array_keys($_POST['fields']['multi_edit']);
}
$usingKey = false;
$isInsert = true;
}
$isInsertIgnore = isset($_POST['submit_type'])
&& $_POST['submit_type'] === 'insertignore';
return [
$loopArray,
$usingKey,
$isInsert,
$isInsertIgnore,
];
}
/**
* set $_SESSION for edit_next
*
* @param string $oneWhereClause one where clause from where clauses array
*/
public function setSessionForEditNext($oneWhereClause): void
{
$localQuery = 'SELECT * FROM ' . Util::backquote($GLOBALS['db'])
. '.' . Util::backquote($GLOBALS['table']) . ' WHERE '
. str_replace('` =', '` >', $oneWhereClause) . ' LIMIT 1;';
$res = $this->dbi->query($localQuery);
$row = $res->fetchRow();
$meta = $this->dbi->getFieldsMeta($res);
// must find a unique condition based on unique key,
// not a combination of all fields
[$uniqueCondition] = Util::getUniqueCondition(
count($meta),
$meta,
$row,
true
);
if (! $uniqueCondition) {
return;
}
$_SESSION['edit_next'] = $uniqueCondition;
}
/**
* set $goto_include variable for different cases and retrieve like,
* if $GLOBALS['goto'] empty, if $goto_include previously not defined
* and new_insert, same_insert, edit_next
*
* @param string|false $gotoInclude store some script for include, otherwise it is
* boolean false
*/
public function getGotoInclude($gotoInclude): string
{
$validOptions = [
'new_insert',
'same_insert',
'edit_next',
];
if (isset($_POST['after_insert']) && in_array($_POST['after_insert'], $validOptions)) {
return '/table/change';
}
if (! empty($GLOBALS['goto'])) {
if (! preg_match('@^[a-z_]+\.php$@', $GLOBALS['goto'])) {
// this should NOT happen
//$GLOBALS['goto'] = false;
if ($GLOBALS['goto'] === 'index.php?route=/sql') {
$gotoInclude = '/sql';
} else {
$gotoInclude = false;
}
} else {
$gotoInclude = $GLOBALS['goto'];
}
if ($GLOBALS['goto'] === 'index.php?route=/database/sql' && strlen($GLOBALS['table']) > 0) {
$GLOBALS['table'] = '';
}
}
if (! $gotoInclude) {
if (strlen($GLOBALS['table']) === 0) {
$gotoInclude = '/database/sql';
} else {
$gotoInclude = '/table/sql';
}
}
return $gotoInclude;
}
/**
* Defines the url to return in case of failure of the query
*
* @param array $urlParams url parameters
*
* @return string error url for query failure
*/
public function getErrorUrl(array $urlParams)
{
if (isset($_POST['err_url'])) {
return $_POST['err_url'];
}
return Url::getFromRoute('/table/change', $urlParams);
}
/**
* Builds the sql query
*
* @param bool $isInsertIgnore $_POST['submit_type'] === 'insertignore'
* @param array $queryFields column names array
* @param array $valueSets array of query values
*
* @return array of query
* @psalm-return array{string}
*/
public function buildSqlQuery(bool $isInsertIgnore, array $queryFields, array $valueSets)
{
if ($isInsertIgnore) {
$insertCommand = 'INSERT IGNORE ';
} else {
$insertCommand = 'INSERT ';
}
return [
$insertCommand . 'INTO '
. Util::backquote($GLOBALS['table'])
. ' (' . implode(', ', $queryFields) . ') VALUES ('
. implode('), (', $valueSets) . ')',
];
}
/**
* Executes the sql query and get the result, then move back to the calling page
*
* @param array $urlParams url parameters array
* @param array $query built query from buildSqlQuery()
*
* @return array $url_params, $total_affected_rows, $last_messages
* $warning_messages, $error_messages, $return_to_sql_query
*/
public function executeSqlQuery(array $urlParams, array $query)
{
$returnToSqlQuery = '';
if (! empty($GLOBALS['sql_query'])) {
$urlParams['sql_query'] = $GLOBALS['sql_query'];
$returnToSqlQuery = $GLOBALS['sql_query'];
}
$GLOBALS['sql_query'] = implode('; ', $query) . ';';
// to ensure that the query is displayed in case of
// "insert as new row" and then "insert another new row"
$GLOBALS['display_query'] = $GLOBALS['sql_query'];
$totalAffectedRows = 0;
$lastMessages = [];
$warningMessages = [];
$errorMessages = [];
foreach ($query as $singleQuery) {
if (isset($_POST['submit_type']) && $_POST['submit_type'] === 'showinsert') {
$lastMessages[] = Message::notice(__('Showing SQL query'));
continue;
}
if ($GLOBALS['cfg']['IgnoreMultiSubmitErrors']) {
$result = $this->dbi->tryQuery($singleQuery);
} else {
$result = $this->dbi->query($singleQuery);
}
if (! $result) {
$errorMessages[] = $this->dbi->getError();
} else {
$totalAffectedRows += $this->dbi->affectedRows();
$insertId = $this->dbi->insertId();
if ($insertId) {
// insert_id is id of FIRST record inserted in one insert, so if we
// inserted multiple rows, we had to increment this
if ($totalAffectedRows > 0) {
$insertId += $totalAffectedRows - 1;
}
$lastMessage = Message::notice(__('Inserted row id: %1$d'));
$lastMessage->addParam($insertId);
$lastMessages[] = $lastMessage;
}
}
$warningMessages = $this->getWarningMessages();
}
return [
$urlParams,
$totalAffectedRows,
$lastMessages,
$warningMessages,
$errorMessages,
$returnToSqlQuery,
];
}
/**
* get the warning messages array
*
* @return string[]
*/
private function getWarningMessages(): array
{
$warningMessages = [];
foreach ($this->dbi->getWarnings() as $warning) {
$warningMessages[] = htmlspecialchars((string) $warning);
}
return $warningMessages;
}
/**
* Column to display from the foreign table?
*
* @param string $whereComparison string that contain relation field value
* @param array $map all Relations to foreign tables for a given
* table or optionally a given column in a table
* @param string $relationField relation field
*
* @return string display value from the foreign table
*/
public function getDisplayValueForForeignTableColumn(
$whereComparison,
array $map,
$relationField
) {
$foreigner = $this->relation->searchColumnInForeigners($map, $relationField);
if (! is_array($foreigner)) {
return '';
}
$displayField = $this->relation->getDisplayField($foreigner['foreign_db'], $foreigner['foreign_table']);
// Field to display from the foreign table?
if (is_string($displayField) && strlen($displayField) > 0) {
$dispsql = 'SELECT ' . Util::backquote($displayField)
. ' FROM ' . Util::backquote($foreigner['foreign_db'])
. '.' . Util::backquote($foreigner['foreign_table'])
. ' WHERE ' . Util::backquote($foreigner['foreign_field'])
. $whereComparison;
$dispresult = $this->dbi->tryQuery($dispsql);
if ($dispresult && $dispresult->numRows() > 0) {
return (string) $dispresult->fetchValue();
}
}
return '';
}
/**
* Display option in the cell according to user choices
*
* @param array $map all Relations to foreign tables for a given
* table or optionally a given column in a table
* @param string $relationField relation field
* @param string $whereComparison string that contain relation field value
* @param string $dispval display value from the foreign table
* @param string $relationFieldValue relation field value
*
* @return string HTML <a> tag
*/
public function getLinkForRelationalDisplayField(
array $map,
$relationField,
$whereComparison,
$dispval,
$relationFieldValue
): string {
$foreigner = $this->relation->searchColumnInForeigners($map, $relationField);
if (! is_array($foreigner)) {
return '';
}
if ($_SESSION['tmpval']['relational_display'] === 'K') {
// user chose "relational key" in the display options, so
// the title contains the display field
$title = $dispval
? ' title="' . htmlspecialchars($dispval) . '"'
: '';
} else {
$title = ' title="' . htmlspecialchars($relationFieldValue) . '"';
}
$sqlQuery = 'SELECT * FROM '
. Util::backquote($foreigner['foreign_db'])
. '.' . Util::backquote($foreigner['foreign_table'])
. ' WHERE ' . Util::backquote($foreigner['foreign_field'])
. $whereComparison;
$urlParams = [
'db' => $foreigner['foreign_db'],
'table' => $foreigner['foreign_table'],
'pos' => '0',
'sql_signature' => Core::signSqlQuery($sqlQuery),
'sql_query' => $sqlQuery,
];
$output = '<a href="' . Url::getFromRoute('/sql', $urlParams) . '"' . $title . '>';
if ($_SESSION['tmpval']['relational_display'] === 'D') {
// user chose "relational display field" in the
// display options, so show display field in the cell
$output .= htmlspecialchars($dispval);
} else {
// otherwise display data in the cell
$output .= htmlspecialchars($relationFieldValue);
}
$output .= '</a>';
return $output;
}
/**
* Transform edited values
*
* @param string $db db name
* @param string $table table name
* @param array $transformation mimetypes for all columns of a table
* [field_name][field_key]
* @param array $editedValues transform columns list and new values
* @param string $file file containing the transformation plugin
* @param string $columnName column name
* @param array $extraData extra data array
* @param string $type the type of transformation
*
* @return array
*/
public function transformEditedValues(
$db,
$table,
array $transformation,
array &$editedValues,
$file,
$columnName,
array $extraData,
$type
) {
$includeFile = 'libraries/classes/Plugins/Transformations/' . $file;
if (is_file(ROOT_PATH . $includeFile)) {
// $cfg['SaveCellsAtOnce'] = true; JS code sends an array
$whereClause = is_array($_POST['where_clause']) ? $_POST['where_clause'][0] : $_POST['where_clause'];
$urlParams = [
'db' => $db,
'table' => $table,
'where_clause_sign' => Core::signSqlQuery($whereClause),
'where_clause' => $whereClause,
'transform_key' => $columnName,
];
$transformOptions = $this->transformations->getOptions($transformation[$type . '_options'] ?? '');
$transformOptions['wrapper_link'] = Url::getCommon($urlParams);
$transformOptions['wrapper_params'] = $urlParams;
$className = $this->transformations->getClassName($includeFile);
if (class_exists($className)) {
/** @var TransformationsPlugin $transformationPlugin */
$transformationPlugin = new $className();
foreach ($editedValues as $cellIndex => $currCellEditedValues) {
if (! isset($currCellEditedValues[$columnName])) {
continue;
}
$extraData['transformations'][$cellIndex] = $transformationPlugin->applyTransformation(
$currCellEditedValues[$columnName],
$transformOptions
);
$editedValues[$cellIndex][$columnName] = $extraData['transformations'][$cellIndex];
}
}
}
return $extraData;
}
/**
* Get current value in multi edit mode
*
* @param array $multiEditFuncs multiple edit functions array
* @param array $multiEditSalt multiple edit array with encryption salt
* @param array $gisFromTextFunctions array that contains gis from text functions
* @param string $currentValue current value in the column
* @param array $gisFromWkbFunctions initially $val is $multi_edit_columns[$key]
* @param array $funcOptionalParam array('RAND','UNIX_TIMESTAMP')
* @param array $funcNoParam array of set of string
* @param string $key an md5 of the column name
*/
public function getCurrentValueAsAnArrayForMultipleEdit(
$multiEditFuncs,
$multiEditSalt,
$gisFromTextFunctions,
$currentValue,
$gisFromWkbFunctions,
$funcOptionalParam,
$funcNoParam,
$key
): string {
if (empty($multiEditFuncs[$key])) {
return $currentValue;
}
if ($multiEditFuncs[$key] === 'PHP_PASSWORD_HASH') {
/**
* @see https://github.com/vimeo/psalm/issues/3350
*
* @psalm-suppress InvalidArgument
*/
$hash = password_hash($currentValue, PASSWORD_DEFAULT);
return "'" . $hash . "'";
}
if ($multiEditFuncs[$key] === 'UUID') {
/* This way user will know what UUID new row has */
$uuid = (string) $this->dbi->fetchValue('SELECT UUID()');
return "'" . $uuid . "'";
}
if (
in_array($multiEditFuncs[$key], $gisFromTextFunctions)
|| in_array($multiEditFuncs[$key], $gisFromWkbFunctions)
) {
// Remove enclosing apostrophes
$currentValue = mb_substr($currentValue, 1, -1);
// Remove escaping apostrophes
$currentValue = str_replace("''", "'", $currentValue);
// Remove backslash-escaped apostrophes
$currentValue = str_replace("\'", "'", $currentValue);
return $multiEditFuncs[$key] . '(' . $currentValue . ')';
}
if (
! in_array($multiEditFuncs[$key], $funcNoParam)
|| ($currentValue != "''"
&& in_array($multiEditFuncs[$key], $funcOptionalParam))
) {
if (
(isset($multiEditSalt[$key])
&& ($multiEditFuncs[$key] === 'AES_ENCRYPT'
|| $multiEditFuncs[$key] === 'AES_DECRYPT'))
|| (! empty($multiEditSalt[$key])
&& ($multiEditFuncs[$key] === 'DES_ENCRYPT'
|| $multiEditFuncs[$key] === 'DES_DECRYPT'
|| $multiEditFuncs[$key] === 'ENCRYPT'))
) {
return $multiEditFuncs[$key] . '(' . $currentValue . ",'"
. $this->dbi->escapeString($multiEditSalt[$key]) . "')";
}
return $multiEditFuncs[$key] . '(' . $currentValue . ')';
}
return $multiEditFuncs[$key] . '()';
}
/**
* Get query values array and query fields array for insert and update in multi edit
*
* @param array $multiEditColumnsName multiple edit columns name array
* @param array $multiEditColumnsNull multiple edit columns null array
* @param string $currentValue current value in the column in loop
* @param array $multiEditColumnsPrev multiple edit previous columns array
* @param array $multiEditFuncs multiple edit functions array
* @param bool $isInsert boolean value whether insert or not
* @param array $queryValues SET part of the sql query
* @param array $queryFields array of query fields
* @param string $currentValueAsAnArray current value in the column
* as an array
* @param array $valueSets array of valu sets
* @param string $key an md5 of the column name
* @param array $multiEditColumnsNullPrev array of multiple edit columns
* null previous
*
* @return array[] ($query_values, $query_fields)
*/
public function getQueryValuesForInsertAndUpdateInMultipleEdit(
$multiEditColumnsName,
$multiEditColumnsNull,
$currentValue,
$multiEditColumnsPrev,
$multiEditFuncs,
$isInsert,
$queryValues,
$queryFields,
$currentValueAsAnArray,
$valueSets,
$key,
$multiEditColumnsNullPrev
) {
// i n s e r t
if ($isInsert) {
// no need to add column into the valuelist
if (strlen($currentValueAsAnArray) > 0) {
$queryValues[] = $currentValueAsAnArray;
// first inserted row so prepare the list of fields
if (empty($valueSets)) {
$queryFields[] = Util::backquote($multiEditColumnsName[$key]);
}
}
} elseif (! empty($multiEditColumnsNullPrev[$key]) && ! isset($multiEditColumnsNull[$key])) {
// u p d a t e
// field had the null checkbox before the update
// field no longer has the null checkbox
$queryValues[] = Util::backquote($multiEditColumnsName[$key])
. ' = ' . $currentValueAsAnArray;
} elseif (
! (empty($multiEditFuncs[$key])
&& isset($multiEditColumnsPrev[$key])
&& (($currentValue === "'" . $this->dbi->escapeString($multiEditColumnsPrev[$key]) . "'")
|| ($currentValue === '0x' . $multiEditColumnsPrev[$key])))
&& $currentValue
) {
// avoid setting a field to NULL when it's already NULL
// (field had the null checkbox before the update
// field still has the null checkbox)
if (empty($multiEditColumnsNullPrev[$key]) || empty($multiEditColumnsNull[$key])) {
$queryValues[] = Util::backquote($multiEditColumnsName[$key])
. ' = ' . $currentValueAsAnArray;
}
}
return [
$queryValues,
$queryFields,
];
}
/**
* Get the current column value in the form for different data types
*
* @param string|false $possiblyUploadedVal uploaded file content
* @param string $key an md5 of the column name
* @param array|null $multiEditColumnsType array of multi edit column types
* @param string $currentValue current column value in the form
* @param array|null $multiEditAutoIncrement multi edit auto increment
* @param int $rownumber index of where clause array
* @param array $multiEditColumnsName multi edit column names array
* @param array $multiEditColumnsNull multi edit columns null array
* @param array $multiEditColumnsNullPrev multi edit columns previous null
* @param bool $isInsert whether insert or not
* @param bool $usingKey whether editing or new row
* @param string $whereClause where clause
* @param string $table table name
* @param array $multiEditFuncs multiple edit functions array
*
* @return string current column value in the form
*/
public function getCurrentValueForDifferentTypes(
$possiblyUploadedVal,
$key,
?array $multiEditColumnsType,
$currentValue,
?array $multiEditAutoIncrement,
$rownumber,
$multiEditColumnsName,
$multiEditColumnsNull,
$multiEditColumnsNullPrev,
$isInsert,
$usingKey,
$whereClause,
$table,
$multiEditFuncs
): string {
if ($possiblyUploadedVal !== false) {
return $possiblyUploadedVal;
}
if (! empty($multiEditFuncs[$key])) {
return "'" . $this->dbi->escapeString($currentValue) . "'";
}
// c o l u m n v a l u e i n t h e f o r m
$type = $multiEditColumnsType[$key] ?? '';
if ($type !== 'protected' && $type !== 'set' && strlen($currentValue) === 0) {
// best way to avoid problems in strict mode
// (works also in non-strict mode)
$currentValue = "''";
if (isset($multiEditAutoIncrement, $multiEditAutoIncrement[$key])) {
$currentValue = 'NULL';
}
} elseif ($type === 'set') {
$currentValue = "''";
if (! empty($_POST['fields']['multi_edit'][$rownumber][$key])) {
$currentValue = implode(',', $_POST['fields']['multi_edit'][$rownumber][$key]);
$currentValue = "'"
. $this->dbi->escapeString($currentValue) . "'";
}
} elseif ($type === 'protected') {
// Fetch the current values of a row to use in case we have a protected field
if (
$isInsert
&& $usingKey
&& is_array($multiEditColumnsType) && $whereClause
) {
$protectedRow = $this->dbi->fetchSingleRow(
'SELECT * FROM ' . Util::backquote($table)
. ' WHERE ' . $whereClause . ';'
);
}
// here we are in protected mode (asked in the config)
// so tbl_change has put this special value in the
// columns array, so we do not change the column value
// but we can still handle column upload
// when in UPDATE mode, do not alter field's contents. When in INSERT
// mode, insert empty field because no values were submitted.
// If protected blobs where set, insert original fields content.
$currentValue = '';
if (! empty($protectedRow[$multiEditColumnsName[$key]])) {
$currentValue = '0x'
. bin2hex($protectedRow[$multiEditColumnsName[$key]]);
}
} elseif ($type === 'hex') {
if (substr($currentValue, 0, 2) != '0x') {
$currentValue = '0x' . $currentValue;
}
} elseif ($type === 'bit') {
$currentValue = (string) preg_replace('/[^01]/', '0', $currentValue);
$currentValue = "b'" . $this->dbi->escapeString($currentValue) . "'";
} elseif (
! ($type === 'datetime' || $type === 'timestamp' || $type === 'date')
|| ($currentValue !== 'CURRENT_TIMESTAMP'
&& $currentValue !== 'current_timestamp()')
) {
$currentValue = "'" . $this->dbi->escapeString($currentValue)
. "'";
}
// Was the Null checkbox checked for this field?
// (if there is a value, we ignore the Null checkbox: this could
// be possible if Javascript is disabled in the browser)
if (! empty($multiEditColumnsNull[$key]) && ($currentValue == "''" || $currentValue == '')) {
$currentValue = 'NULL';
}
// The Null checkbox was unchecked for this field
if (
empty($currentValue)
&& ! empty($multiEditColumnsNullPrev[$key])
&& ! isset($multiEditColumnsNull[$key])
) {
$currentValue = "''";
}
return $currentValue;
}
/**
* Check whether inline edited value can be truncated or not,
* and add additional parameters for extra_data array if needed
*
* @param string $db Database name
* @param string $table Table name
* @param string $columnName Column name
* @param array $extraData Extra data for ajax response
*/
public function verifyWhetherValueCanBeTruncatedAndAppendExtraData(
$db,
$table,
$columnName,
array &$extraData
): void {
$extraData['isNeedToRecheck'] = false;
$sqlForRealValue = 'SELECT ' . Util::backquote($table) . '.'
. Util::backquote($columnName)
. ' FROM ' . Util::backquote($db) . '.'
. Util::backquote($table)
. ' WHERE ' . $_POST['where_clause'][0];
$result = $this->dbi->tryQuery($sqlForRealValue);
if (! $result) {
return;
}
$fieldsMeta = $this->dbi->getFieldsMeta($result);
$meta = $fieldsMeta[0];
$newValue = $result->fetchValue();
if ($newValue === false) {
return;
}
if ($meta->isTimeType()) {
$newValue = Util::addMicroseconds($newValue);
} elseif ($meta->isBinary()) {
$newValue = '0x' . bin2hex($newValue);
}
$extraData['isNeedToRecheck'] = true;
$extraData['truncatableFieldValue'] = $newValue;
}
/**
* Function to get the columns of a table
*
* @param string $db current db
* @param string $table current table
*
* @return array[]
*/
public function getTableColumns($db, $table)
{
$this->dbi->selectDb($db);
return array_values($this->dbi->getColumns($db, $table, true));
}
/**
* Function to determine Insert/Edit rows
*
* @param string|null $whereClause where clause
* @param string $db current database
* @param string $table current table
*
* @return array
*/
public function determineInsertOrEdit($whereClause, $db, $table): array
{
if (isset($_POST['where_clause'])) {
$whereClause = $_POST['where_clause'];
}
if (isset($_SESSION['edit_next'])) {
$whereClause = $_SESSION['edit_next'];
unset($_SESSION['edit_next']);
$afterInsert = 'edit_next';
}
if (isset($_POST['ShowFunctionFields'])) {
$GLOBALS['cfg']['ShowFunctionFields'] = $_POST['ShowFunctionFields'];
}
if (isset($_POST['ShowFieldTypesInDataEditView'])) {
$GLOBALS['cfg']['ShowFieldTypesInDataEditView'] = $_POST['ShowFieldTypesInDataEditView'];
}
if (isset($_POST['after_insert'])) {
$afterInsert = $_POST['after_insert'];
}
if (isset($whereClause)) {
// we are editing
$insertMode = false;
$whereClauseArray = $this->getWhereClauseArray($whereClause);
[$whereClauses, $result, $rows, $foundUniqueKey] = $this->analyzeWhereClauses(
$whereClauseArray,
$table,
$db
);
} else {
// we are inserting
$insertMode = true;
$whereClause = null;
[$result, $rows] = $this->loadFirstRow($table, $db);
$whereClauses = null;
$whereClauseArray = [];
$foundUniqueKey = false;
}
// Copying a row - fetched data will be inserted as a new row,
// therefore the where clause is needless.
if (isset($_POST['default_action']) && $_POST['default_action'] === 'insert') {
$whereClause = $whereClauses = null;
}
return [
$insertMode,
$whereClause,
$whereClauseArray,
$whereClauses,
$result,
$rows,
$foundUniqueKey,
$afterInsert ?? null,
];
}
/**
* Function to get comments for the table columns
*
* @param string $db current database
* @param string $table current table
*
* @return array comments for columns
*/
public function getCommentsMap($db, $table): array
{
if ($GLOBALS['cfg']['ShowPropertyComments']) {
return $this->relation->getComments($db, $table);
}
return [];
}
/**
* Function to get html for the gis editor div
*/
public function getHtmlForGisEditor(): string
{
return '<div id="gis_editor"></div><div id="popup_background"></div><br>';
}
/**
* Function to get html for the ignore option in insert mode
*
* @param int $rowId row id
* @param bool $checked ignore option is checked or not
*/
public function getHtmlForIgnoreOption($rowId, $checked = true): string
{
return '<input type="checkbox"'
. ($checked ? ' checked="checked"' : '')
. ' name="insert_ignore_' . $rowId . '"'
. ' id="insert_ignore_' . $rowId . '">'
. '<label for="insert_ignore_' . $rowId . '">'
. __('Ignore')
. '</label><br>' . "\n";
}
/**
* Function to get html for the insert edit form header
*
* @param bool $hasBlobField whether has blob field
* @param bool $isUpload whether is upload
*/
public function getHtmlForInsertEditFormHeader($hasBlobField, $isUpload): string
{
$template = new Template();
return $template->render('table/insert/get_html_for_insert_edit_form_header', [
'has_blob_field' => $hasBlobField,
'is_upload' => $isUpload,
]);
}
/**
* Function to get html for each insert/edit column
*
* @param array $column column
* @param int $columnNumber column index in table_columns
* @param array $commentsMap comments map
* @param bool $timestampSeen whether timestamp seen
* @param ResultInterface $currentResult current result
* @param string $chgEvtHandler javascript change event handler
* @param string $jsvkey javascript validation key
* @param string $vkey validation key
* @param bool $insertMode whether insert mode
* @param array $currentRow current row
* @param int $oRows row offset
* @param int $tabindex tab index
* @param int $columnsCnt columns count
* @param bool $isUpload whether upload
* @param array $foreigners foreigners
* @param int $tabindexForValue tab index offset for value
* @param string $table table
* @param string $db database
* @param int $rowId row id
* @param int $biggestMaxFileSize biggest max file size
* @param string $defaultCharEditing default char editing mode which is stored in the config.inc.php script
* @param string $textDir text direction
* @param array $repopulate the data to be repopulated
* @param array $columnMime the mime information of column
* @param string $whereClause the where clause
*
* @return string
*/
private function getHtmlForInsertEditFormColumn(
array $column,
int $columnNumber,
array $commentsMap,
$timestampSeen,
ResultInterface $currentResult,
$chgEvtHandler,
$jsvkey,
$vkey,
$insertMode,
array $currentRow,
$oRows,
&$tabindex,
$columnsCnt,
$isUpload,
array $foreigners,
$tabindexForValue,
$table,
$db,
$rowId,
$biggestMaxFileSize,
$defaultCharEditing,
$textDir,
array $repopulate,
array $columnMime,
$whereClause
) {
$readOnly = false;
if (! isset($column['processed'])) {
$column = $this->analyzeTableColumnsArray($column, $commentsMap, $timestampSeen);
}
$asIs = false;
/** @var string $fieldHashMd5 */
$fieldHashMd5 = $column['Field_md5'];
if ($repopulate && array_key_exists($fieldHashMd5, $currentRow)) {
$currentRow[$column['Field']] = $repopulate[$fieldHashMd5];
$asIs = true;
}
$extractedColumnspec = Util::extractColumnSpec($column['Type']);
if ($column['len'] === -1) {
$column['len'] = $this->dbi->getFieldsMeta($currentResult)[$columnNumber]->length;
// length is unknown for geometry fields,
// make enough space to edit very simple WKTs
if ($column['len'] === -1) {
$column['len'] = 30;
}
}
//Call validation when the form submitted...
$onChangeClause = $chgEvtHandler
. "=\"return verificationsAfterFieldChange('"
. Sanitize::escapeJsString($fieldHashMd5) . "', '"
. Sanitize::escapeJsString($jsvkey) . "','" . $column['pma_type'] . "')\"";
// Use an MD5 as an array index to avoid having special characters
// in the name attribute (see bug #1746964 )
$columnNameAppendix = $vkey . '[' . $fieldHashMd5 . ']';
if ($column['Type'] === 'datetime' && $column['Null'] !== 'YES' && ! isset($column['Default']) && $insertMode) {
$column['Default'] = date('Y-m-d H:i:s', time());
}
// Get a list of GIS data types.
$gisDataTypes = Gis::getDataTypes();
// Prepares the field value
if ($currentRow) {
// (we are editing)
[
$realNullValue,
$specialCharsEncoded,
$specialChars,
$data,
$backupField,
] = $this->getSpecialCharsAndBackupFieldForExistingRow(
$currentRow,
$column,
$extractedColumnspec,
$gisDataTypes,
$columnNameAppendix,
$asIs
);
} else {
// (we are inserting)
// display default values
$tmp = $column;
if (isset($repopulate[$fieldHashMd5])) {
$tmp['Default'] = $repopulate[$fieldHashMd5];
}
[
$realNullValue,
$data,
$specialChars,
$backupField,
$specialCharsEncoded,
] = $this->getSpecialCharsAndBackupFieldForInsertingMode($tmp);
unset($tmp);
}
$idindex = ($oRows * $columnsCnt) + $columnNumber + 1;
$tabindex = $idindex;
// The function column
// -------------------
$foreignData = $this->relation->getForeignData($foreigners, $column['Field'], false, '', '');
$isColumnBinary = $this->isColumnBinary($column, $isUpload);
$functionOptions = '';
if ($GLOBALS['cfg']['ShowFunctionFields']) {
$functionOptions = Generator::getFunctionsForField($column, $insertMode, $foreignData);
}
// nullify code is needed by the js nullify() function to be able to generate calls to nullify() in jQuery
$nullifyCode = $this->getNullifyCodeForNullColumn($column, $foreigners, $foreignData);
// The value column (depends on type)
// ----------------
// See bug #1667887 for the reason why we don't use the maxlength
// HTML attribute
//add data attributes "no of decimals" and "data type"
$noDecimals = 0;
$type = current(explode('(', $column['pma_type']));
if (preg_match('/\(([^()]+)\)/', $column['pma_type'], $match)) {
$match[0] = trim($match[0], '()');
$noDecimals = $match[0];
}
// Check input transformation of column
$transformedHtml = '';
if (! empty($columnMime['input_transformation'])) {
$file = $columnMime['input_transformation'];
$includeFile = 'libraries/classes/Plugins/Transformations/' . $file;
if (is_file(ROOT_PATH . $includeFile)) {
$className = $this->transformations->getClassName($includeFile);
if (class_exists($className)) {
$transformationPlugin = new $className();
$transformationOptions = $this->transformations->getOptions(
$columnMime['input_transformation_options']
);
$urlParams = [
'db' => $db,
'table' => $table,
'transform_key' => $column['Field'],
'where_clause_sign' => Core::signSqlQuery($whereClause),
'where_clause' => $whereClause,
];
$transformationOptions['wrapper_link'] = Url::getCommon($urlParams);
$transformationOptions['wrapper_params'] = $urlParams;
$currentValue = '';
if (isset($currentRow[$column['Field']])) {
$currentValue = $currentRow[$column['Field']];
}
if (method_exists($transformationPlugin, 'getInputHtml')) {
$transformedHtml = $transformationPlugin->getInputHtml(
$column,
$rowId,
$columnNameAppendix,
$transformationOptions,
$currentValue,
$textDir,
$tabindex,
$tabindexForValue,
$idindex
);
}
if (method_exists($transformationPlugin, 'getScripts')) {
$GLOBALS['plugin_scripts'] = array_merge(
$GLOBALS['plugin_scripts'],
$transformationPlugin->getScripts()
);
}
}
}
}
$columnValue = '';
$foreignDropdown = '';
$dataType = '';
$textAreaRows = $GLOBALS['cfg']['TextareaRows'];
$textareaCols = $GLOBALS['cfg']['TextareaCols'];
$maxlength = '';
$enumSelectedValue = '';
$columnSetValues = [];
$setSelectSize = 0;
$isColumnProtectedBlob = false;
$blobValue = '';
$blobValueUnit = '';
$maxUploadSize = 0;
$selectOptionForUpload = '';
$inputFieldHtml = '';
if (empty($transformedHtml)) {
if (is_array($foreignData['disp_row'])) {
$foreignDropdown = $this->relation->foreignDropdown(
$foreignData['disp_row'],
$foreignData['foreign_field'],
$foreignData['foreign_display'],
$data,
$GLOBALS['cfg']['ForeignKeyMaxLimit']
);
}
$dataType = $this->dbi->types->getTypeClass($column['True_Type']);
if ($column['is_char']) {
$textAreaRows = max($GLOBALS['cfg']['CharTextareaRows'], 7);
$textareaCols = $GLOBALS['cfg']['CharTextareaCols'];
$maxlength = $extractedColumnspec['spec_in_brackets'];
} elseif ($GLOBALS['cfg']['LongtextDoubleTextarea'] && mb_strstr($column['pma_type'], 'longtext')) {
$textAreaRows = $GLOBALS['cfg']['TextareaRows'] * 2;
$textareaCols = $GLOBALS['cfg']['TextareaCols'] * 2;
}
if ($column['pma_type'] === 'enum') {
if (! isset($column['values'])) {
$column['values'] = $this->getColumnEnumValues($extractedColumnspec['enum_set_values']);
}
foreach ($column['values'] as $enumValue) {
if (
$data == $enumValue['plain'] || ($data == ''
&& (! isset($_POST['where_clause']) || $column['Null'] !== 'YES')
&& isset($column['Default']) && $enumValue['plain'] == $column['Default'])
) {
$enumSelectedValue = $enumValue['plain'];
break;
}
}
} elseif ($column['pma_type'] === 'set') {
[$columnSetValues, $setSelectSize] = $this->getColumnSetValueAndSelectSize(
$column,
$extractedColumnspec['enum_set_values']
);
} elseif ($column['is_binary'] || $column['is_blob']) {
$isColumnProtectedBlob = ($GLOBALS['cfg']['ProtectBinary'] === 'blob' && $column['is_blob'])
|| ($GLOBALS['cfg']['ProtectBinary'] === 'all')
|| ($GLOBALS['cfg']['ProtectBinary'] === 'noblob' && ! $column['is_blob']);
if ($isColumnProtectedBlob && isset($data)) {
$blobSize = Util::formatByteDown(mb_strlen(stripslashes($data)), 3, 1);
if ($blobSize !== null) {
[$blobValue, $blobValueUnit] = $blobSize;
}
}
if ($isUpload && $column['is_blob']) {
[$maxUploadSize] = $this->getMaxUploadSize($column['pma_type'], $biggestMaxFileSize);
}
if (! empty($GLOBALS['cfg']['UploadDir'])) {
$selectOptionForUpload = $this->getSelectOptionForUpload($vkey, $fieldHashMd5);
}
if (
! $isColumnProtectedBlob
&& ! ($column['is_blob'] || ($column['len'] > $GLOBALS['cfg']['LimitChars']))
) {
$inputFieldHtml = $this->getHtmlInput(
$column,
$columnNameAppendix,
$specialChars,
min(max($column['len'], 4), $GLOBALS['cfg']['LimitChars']),
$onChangeClause,
$tabindex,
$tabindexForValue,
$idindex,
'HEX',
$readOnly
);
}
} else {
$columnValue = $this->getValueColumnForOtherDatatypes(
$column,
$defaultCharEditing,
$backupField,
$columnNameAppendix,
$onChangeClause,
$tabindex,
$specialChars,
$tabindexForValue,
$idindex,
$textDir,
$specialCharsEncoded,
$data,
$extractedColumnspec,
$readOnly
);
}
}
return $this->template->render('table/insert/column_row', [
'db' => $db,
'table' => $table,
'column' => $column,
'row_id' => $rowId,
'show_field_types_in_data_edit_view' => $GLOBALS['cfg']['ShowFieldTypesInDataEditView'],
'show_function_fields' => $GLOBALS['cfg']['ShowFunctionFields'],
'is_column_binary' => $isColumnBinary,
'function_options' => $functionOptions,
'read_only' => $readOnly,
'nullify_code' => $nullifyCode,
'real_null_value' => $realNullValue,
'id_index' => $idindex,
'type' => $type,
'decimals' => $noDecimals,
'special_chars' => $specialChars,
'transformed_value' => $transformedHtml,
'value' => $columnValue,
'is_value_foreign_link' => $foreignData['foreign_link'] === true,
'backup_field' => $backupField,
'data' => $data,
'gis_data_types' => $gisDataTypes,
'foreign_dropdown' => $foreignDropdown,
'data_type' => $dataType,
'textarea_cols' => $textareaCols,
'textarea_rows' => $textAreaRows,
'text_dir' => $textDir,
'max_length' => $maxlength,
'longtext_double_textarea' => $GLOBALS['cfg']['LongtextDoubleTextarea'],
'enum_selected_value' => $enumSelectedValue,
'set_values' => $columnSetValues,
'set_select_size' => $setSelectSize,
'is_column_protected_blob' => $isColumnProtectedBlob,
'blob_value' => $blobValue,
'blob_value_unit' => $blobValueUnit,
'is_upload' => $isUpload,
'max_upload_size' => $maxUploadSize,
'select_option_for_upload' => $selectOptionForUpload,
'limit_chars' => $GLOBALS['cfg']['LimitChars'],
'input_field_html' => $inputFieldHtml,
]);
}
private function isColumnBinary(array $column, bool $isUpload): bool
{
global $cfg;
if (! $cfg['ShowFunctionFields']) {
return false;
}
return ($cfg['ProtectBinary'] === 'blob' && $column['is_blob'] && ! $isUpload)
|| ($cfg['ProtectBinary'] === 'all' && $column['is_binary'])
|| ($cfg['ProtectBinary'] === 'noblob' && $column['is_binary']);
}
/**
* Function to get html for each insert/edit row
*
* @param array $urlParams url parameters
* @param array[] $tableColumns table columns
* @param array $commentsMap comments map
* @param bool $timestampSeen whether timestamp seen
* @param ResultInterface $currentResult current result
* @param string $chgEvtHandler javascript change event handler
* @param string $jsvkey javascript validation key
* @param string $vkey validation key
* @param bool $insertMode whether insert mode
* @param array $currentRow current row
* @param int $oRows row offset
* @param int $tabindex tab index
* @param int $columnsCnt columns count
* @param bool $isUpload whether upload
* @param array $foreigners foreigners
* @param int $tabindexForValue tab index offset for value
* @param string $table table
* @param string $db database
* @param int $rowId row id
* @param int $biggestMaxFileSize biggest max file size
* @param string $textDir text direction
* @param array $repopulate the data to be repopulated
* @param array $whereClauseArray the array of where clauses
*
* @return string
*/
public function getHtmlForInsertEditRow(
array $urlParams,
array $tableColumns,
array $commentsMap,
$timestampSeen,
ResultInterface $currentResult,
$chgEvtHandler,
$jsvkey,
$vkey,
$insertMode,
array $currentRow,
&$oRows,
&$tabindex,
$columnsCnt,
$isUpload,
array $foreigners,
$tabindexForValue,
$table,
$db,
$rowId,
$biggestMaxFileSize,
$textDir,
array $repopulate,
array $whereClauseArray
) {
$htmlOutput = $this->getHeadAndFootOfInsertRowTable($urlParams)
. '<tbody>';
//store the default value for CharEditing
$defaultCharEditing = $GLOBALS['cfg']['CharEditing'];
$mimeMap = $this->transformations->getMime($db, $table);
$whereClause = '';
if (isset($whereClauseArray[$rowId])) {
$whereClause = $whereClauseArray[$rowId];
}
for ($columnNumber = 0; $columnNumber < $columnsCnt; $columnNumber++) {
$tableColumn = $tableColumns[$columnNumber];
$columnMime = [];
if (isset($mimeMap[$tableColumn['Field']])) {
$columnMime = $mimeMap[$tableColumn['Field']];
}
$virtual = [
'VIRTUAL',
'PERSISTENT',
'VIRTUAL GENERATED',
'STORED GENERATED',
];
if (in_array($tableColumn['Extra'], $virtual)) {
continue;
}
$htmlOutput .= $this->getHtmlForInsertEditFormColumn(
$tableColumn,
$columnNumber,
$commentsMap,
$timestampSeen,
$currentResult,
$chgEvtHandler,
$jsvkey,
$vkey,
$insertMode,
$currentRow,
$oRows,
$tabindex,
$columnsCnt,
$isUpload,
$foreigners,
$tabindexForValue,
$table,
$db,
$rowId,
$biggestMaxFileSize,
$defaultCharEditing,
$textDir,
$repopulate,
$columnMime,
$whereClause
);
}
$oRows++;
return $htmlOutput . ' </tbody>'
. '</table></div><br>'
. '<div class="clearfloat"></div>';
}
}