tools_list.php

Go to the documentation of this file.
00001 <?php
00002 
00008 class Tools_List extends oxAdminList
00009 {
00014     protected $_sThisTemplate = 'tools_list.tpl';
00015 
00021     public function performsql()
00022     {
00023         $oAuthUser = oxNew( 'oxuser' );
00024         $oAuthUser->loadAdminUser();
00025         if ( $oAuthUser->oxuser__oxrights->value != "malladmin" ) {
00026             return;
00027         }
00028 
00029         $sUpdateSQL = oxConfig::getParameter("updatesql");
00030         $sUpdateSQLFile = $this->_processFiles();
00031 
00032         if ( $sUpdateSQLFile && strlen( $sUpdateSQLFile)>0) {
00033             if ( isset( $sUpdateSQL) && strlen( $sUpdateSQL))
00034                 $sUpdateSQL .= ";\r\n".$sUpdateSQLFile;
00035             else
00036                 $sUpdateSQL  = $sUpdateSQLFile;
00037         }
00038 
00039         $sUpdateSQL = trim(stripslashes($sUpdateSQL));
00040         $oStr = getStr();
00041         $iLen = $oStr->strlen($sUpdateSQL);
00042         if ( $this->_prepareSQL(trim(stripslashes($sUpdateSQL)), $iLen)) {
00043             $aQueries = $this->aSQLs;
00044             $this->_aViewData["aQueries"] = array();
00045             $aPassedQueries  = array();
00046             $aQAffectedRows  = array();
00047             $aQErrorMessages = array();
00048             $aQErrorNumbers  = array();
00049 
00050             if ( count( $aQueries) > 0) {
00051                 $blStop = false;
00052                 $oDB = oxDb::getDb();
00053                 $iQueriesCounter = 0;
00054                 for ($i=0;$i<count( $aQueries);$i++) {
00055                     $sUpdateSQL = $aQueries[$i];
00056                     $sUpdateSQL = trim( $sUpdateSQL);
00057 
00058                     if ( strlen( $sUpdateSQL)>0) {
00059                         $aPassedQueries[$iQueriesCounter] = nl2br( htmlentities($sUpdateSQL));
00060                         if ( getStr()->strlen( $aPassedQueries[$iQueriesCounter]) > 200)
00061                             $aPassedQueries[$iQueriesCounter] = $oStr->substr( $aPassedQueries[$iQueriesCounter], 0, 200)."...";
00062 
00063                         while ( $sUpdateSQL[ $oStr->strlen( $sUpdateSQL)-1] == ";") {
00064                             $sUpdateSQL = $oStr->substr( $sUpdateSQL, 0, ( $oStr->strlen( $sUpdateSQL)-1));
00065                         }
00066 
00067                         try {
00068                             $oDB->execute( $sUpdateSQL );
00069                         } catch ( Exception $oExcp ) {
00070                             // catching exception ...
00071                             $blStop = true;
00072                         }
00073 
00074                         $aQAffectedRows [$iQueriesCounter] = null;
00075                         $aQErrorMessages[$iQueriesCounter] = null;
00076                         $aQErrorNumbers [$iQueriesCounter] = null;
00077 
00078                         $iErrorNum = $oDB->ErrorNo();
00079                         if ( $iAffectedRows = $oDB->affected_Rows() !== false && $iErrorNum == 0 ) {
00080                             $aQAffectedRows[$iQueriesCounter] =  $iAffectedRows;
00081                         } else {
00082                             $aQErrorMessages[$iQueriesCounter] = htmlentities( $oDB->errorMsg() );
00083                             $aQErrorNumbers[$iQueriesCounter]  = htmlentities( $iErrorNum );
00084                         }
00085                         $iQueriesCounter++;
00086 
00087                         // stopping on first error..
00088                         if ( $blStop ) {
00089                             break;
00090                         }
00091                     }
00092                 }
00093             }
00094             $this->_aViewData["aQueries"]       = $aPassedQueries;
00095             $this->_aViewData["aAffectedRows"]  = $aQAffectedRows;
00096             $this->_aViewData["aErrorMessages"] = $aQErrorMessages;
00097             $this->_aViewData["aErrorNumbers"]  = $aQErrorNumbers;
00098         }
00099         $this->_iDefEdit = 1;
00100     }
00101 
00106     protected function _processFiles()
00107     {
00108         if ( isset( $_FILES['myfile']['name'])) {
00109             // process all files
00110             while (list($key, $value) = each($_FILES['myfile']['name'])) {
00111                 $aSource = $_FILES['myfile']['tmp_name'];
00112                 $sSource = $aSource[$key];
00113                 $aFiletype = explode( "@", $key);
00114                 $key    = $aFiletype[1];
00115                 $sType  = $aFiletype[0];
00116                 $value = strtolower( $value);
00117                 // add type to name
00118                 $aFilename = explode( ".", $value);
00119 
00120                 //hack?
00121 
00122                 $aBadFiles = array("php", "jsp", "cgi", "cmf", "exe");
00123 
00124                 if (in_array($aFilename[1], $aBadFiles))
00125                     die("We don't play this game, go away");
00126 
00127                 //reading SQL dump file
00128                 if ( $sSource) {
00129                     $rHandle   = fopen( $sSource, "r");
00130                     $sContents = fread( $rHandle, filesize ( $sSource));
00131                     fclose( $rHandle);
00132                     //reading only one SQL dump file
00133                     return $sContents;
00134                 }
00135                 return;
00136             }
00137         }
00138         return;
00139     }
00140 
00149     protected function _prepareSQL($sSQL, $iSQLlen)
00150     {
00151         $sChar = "";
00152         $sStrStart = "";
00153         $blString  = false;
00154         $oStr = getStr();
00155 
00156         //removing "mysqldump" application comments
00157         while ( preg_match("/^\-\-.*\n/", $sSQL))
00158             $sSQL = trim(preg_replace("/^\-\-.*\n/", "", $sSQL));
00159         while ( preg_match("/\n\-\-.*\n/", $sSQL))
00160             $sSQL = trim(preg_replace("/\n\-\-.*\n/", "\n", $sSQL));
00161 
00162         for ( $iPos = 0; $iPos < $iSQLlen; ++$iPos) {
00163             $sChar = $sSQL[$iPos];
00164             if ( $blString) {
00165                 while ( true) {
00166                     $iPos = $oStr->strpos( $sSQL, $sStrStart, $iPos);
00167                     //we are at the end of string ?
00168                     if (!$iPos) {
00169                         $this->aSQLs[] = $sSQL;
00170                         return true;
00171                     } elseif ( $sStrStart == '`' || $sSQL[$iPos-1] != '\\') { //found some query separators
00172                         $blString  = false;
00173                         $sStrStart = "";
00174                         break;
00175                     } else {
00176                         $iNext = 2;
00177                         $blBackslash = false;
00178                         while ( $iPos-$iNext > 0 && $sSQL[$iPos-$iNext] == '\\') {
00179                             $blBackslash = !$blBackslash;
00180                             $iNext++;
00181                         }
00182                         if ( $blBackslash) {
00183                             $blString  = false;
00184                             $sStrStart = "";
00185                             break;
00186                         } else
00187                             $iPos++;
00188                     }
00189                 }
00190             } elseif ( $sChar == ";") { // delimiter found, appending query array
00191                 $this->aSQLs[] = $oStr->substr( $sSQL, 0, $iPos);
00192                 $sSQL = ltrim( $oStr->substr( $sSQL, min( $iPos + 1, $iSQLlen)));
00193                 $iSQLlen = $oStr->strlen( $sSQL);
00194                 if ( $iSQLlen)
00195                     $iPos      = -1;
00196                 else
00197                     return true;
00198             } elseif ( ( $sChar == '"') || ( $sChar == '\'') || ( $sChar == '`')) {
00199                 $blString  = true;
00200                 $sStrStart = $sChar;
00201             } elseif ( $sChar == "#" || ( $sChar == ' ' && $iPos > 1 && $sSQL[$iPos-2] . $sSQL[$iPos-1] == '--')) {  // removing # commented query code
00202                 $iCommStart = (( $sSQL[$iPos] == "#") ? $iPos : $iPos-2);
00203                 $iCommEnd = ($oStr->strpos(' ' . $sSQL, "\012", $iPos+2))
00204                            ? $oStr->strpos(' ' . $sSQL, "\012", $iPos+2)
00205                            : $oStr->strpos(' ' . $sSQL, "\015", $iPos+2);
00206                 if ( !$iCommEnd) {
00207                     if ( $iCommStart > 0)
00208                         $this->aSQLs[] = trim($oStr->substr($sSQL, 0, $iCommStart));
00209                     return true;
00210                 } else {
00211                     $sSQL = $oStr->substr($sSQL, 0, $iCommStart).ltrim($oStr->substr($sSQL, $iCommEnd));
00212                     $iSQLlen = $oStr->strlen($sSQL);
00213                     $iPos--;
00214                 }
00215             } elseif ( 32358 < 32270 && ($sChar == '!' && $iPos > 1  && $sSQL[$iPos-2] . $sSQL[$iPos-1] == '/*'))  // removing comments like /**/
00216                 $sSQL[$iPos] = ' ';
00217         }
00218 
00219         if (!empty($sSQL) && ereg("[^[:space:]]+", $sSQL)) {
00220             $this->aSQLs[] = $sSQL;
00221         }
00222         return true;
00223     }
00224 }
Generated on Wed May 13 13:25:50 2009 for OXID eShop CE by  doxygen 1.5.5