"Fossies" - the Fresh Open Source Software Archive

Member "phpMyAdmin-5.1.0-all-languages/libraries/classes/Controllers/Table/GetFieldController.php" (24 Feb 2021, 2680 Bytes) of package /linux/www/phpMyAdmin-5.1.0-all-languages.zip:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PHP source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file.

    1 <?php
    2 
    3 declare(strict_types=1);
    4 
    5 namespace PhpMyAdmin\Controllers\Table;
    6 
    7 use PhpMyAdmin\Core;
    8 use PhpMyAdmin\DatabaseInterface;
    9 use PhpMyAdmin\Html\Generator;
   10 use PhpMyAdmin\Mime;
   11 use PhpMyAdmin\Response;
   12 use PhpMyAdmin\Template;
   13 use PhpMyAdmin\Util;
   14 use function htmlspecialchars;
   15 use function ini_set;
   16 use function sprintf;
   17 use function strlen;
   18 
   19 /**
   20  * Provides download to a given field defined in parameters.
   21  */
   22 class GetFieldController extends AbstractController
   23 {
   24     /** @var DatabaseInterface */
   25     private $dbi;
   26 
   27     /**
   28      * @param Response          $response
   29      * @param string            $db       Database name.
   30      * @param string            $table    Table name.
   31      * @param DatabaseInterface $dbi
   32      */
   33     public function __construct($response, Template $template, $db, $table, $dbi)
   34     {
   35         parent::__construct($response, $template, $db, $table);
   36         $this->dbi = $dbi;
   37     }
   38 
   39     public function index(): void
   40     {
   41         global $db, $table;
   42 
   43         $this->response->disable();
   44 
   45         /* Check parameters */
   46         Util::checkParameters([
   47             'db',
   48             'table',
   49         ]);
   50 
   51         /* Select database */
   52         if (! $this->dbi->selectDb($db)) {
   53             Generator::mysqlDie(
   54                 sprintf(__('\'%s\' database does not exist.'), htmlspecialchars($db)),
   55                 '',
   56                 false
   57             );
   58         }
   59 
   60         /* Check if table exists */
   61         if (! $this->dbi->getColumns($db, $table)) {
   62             Generator::mysqlDie(__('Invalid table name'));
   63         }
   64 
   65         if (! isset($_GET['where_clause'])
   66             || ! isset($_GET['where_clause_sign'])
   67             || ! Core::checkSqlQuerySignature($_GET['where_clause'], $_GET['where_clause_sign'])
   68         ) {
   69             /* l10n: In case a SQL query did not pass a security check  */
   70             Core::fatalError(__('There is an issue with your request.'));
   71 
   72             return;
   73         }
   74 
   75         /* Grab data */
   76         $sql = 'SELECT ' . Util::backquote($_GET['transform_key'])
   77             . ' FROM ' . Util::backquote($table)
   78             . ' WHERE ' . $_GET['where_clause'] . ';';
   79         $result = $this->dbi->fetchValue($sql);
   80 
   81         /* Check return code */
   82         if ($result === false) {
   83             Generator::mysqlDie(
   84                 __('MySQL returned an empty result set (i.e. zero rows).'),
   85                 $sql
   86             );
   87         }
   88 
   89         /* Avoid corrupting data */
   90         ini_set('url_rewriter.tags', '');
   91 
   92         Core::downloadHeader(
   93             $table . '-' . $_GET['transform_key'] . '.bin',
   94             Mime::detect($result),
   95             strlen($result)
   96         );
   97         echo $result;
   98     }
   99 }