OXID eShop CE  4.10.7
 All Classes Namespaces Files Functions Variables Pages
tools_list.php
Go to the documentation of this file.
1 <?php
2 
8 class Tools_List extends oxAdminList
9 {
10 
16  protected $_sThisTemplate = 'tools_list.tpl';
17 
21  public function updateViews()
22  {
23  //preventing edit for anyone except malladmin
24  if (oxRegistry::getSession()->getVariable("malladmin")) {
25  $oMetaData = oxNew('oxDbMetaDataHandler');
26  $this->_aViewData["blViewSuccess"] = $oMetaData->updateViews();
27  }
28  }
29 
33  public function performsql()
34  {
35  $oAuthUser = oxNew('oxuser');
36  $oAuthUser->loadAdminUser();
37  if ($oAuthUser->oxuser__oxrights->value === "malladmin") {
38 
39  $sUpdateSQL = oxRegistry::getConfig()->getRequestParameter("updatesql");
40  $sUpdateSQLFile = $this->_processFiles();
41 
42  if ($sUpdateSQLFile && strlen($sUpdateSQLFile) > 0) {
43  if (isset($sUpdateSQL) && strlen($sUpdateSQL)) {
44  $sUpdateSQL .= ";\r\n" . $sUpdateSQLFile;
45  } else {
46  $sUpdateSQL = $sUpdateSQLFile;
47  }
48  }
49 
50  $sUpdateSQL = trim(stripslashes($sUpdateSQL));
51  $oStr = getStr();
52  $iLen = $oStr->strlen($sUpdateSQL);
53  if ($this->_prepareSQL($sUpdateSQL, $iLen)) {
54  $aQueries = $this->aSQLs;
55  $this->_aViewData["aQueries"] = array();
56  $aPassedQueries = array();
57  $aQAffectedRows = array();
58  $aQErrorMessages = array();
59  $aQErrorNumbers = array();
60 
61  if (count($aQueries) > 0) {
62  $blStop = false;
63  $oDB = oxDb::getDb();
64  $iQueriesCounter = 0;
65  for ($i = 0; $i < count($aQueries); $i++) {
66  $sUpdateSQL = $aQueries[$i];
67  $sUpdateSQL = trim($sUpdateSQL);
68 
69  if ($oStr->strlen($sUpdateSQL) > 0) {
70  $aPassedQueries[$iQueriesCounter] = nl2br(oxStr::getStr()->htmlentities($sUpdateSQL));
71  if ($oStr->strlen($aPassedQueries[$iQueriesCounter]) > 200) {
72  $aPassedQueries[$iQueriesCounter] = $oStr->substr($aPassedQueries[$iQueriesCounter], 0, 200) . "...";
73  }
74 
75  while ($sUpdateSQL[$oStr->strlen($sUpdateSQL) - 1] == ";") {
76  $sUpdateSQL = $oStr->substr($sUpdateSQL, 0, ($oStr->strlen($sUpdateSQL) - 1));
77  }
78 
79  try {
80  $oDB->execute($sUpdateSQL);
81  } catch (Exception $oExcp) {
82  // catching exception ...
83  $blStop = true;
84  }
85 
86  $aQAffectedRows [$iQueriesCounter] = null;
87  $aQErrorMessages[$iQueriesCounter] = null;
88  $aQErrorNumbers [$iQueriesCounter] = null;
89 
90  $iErrorNum = $oDB->ErrorNo();
91  if ($iAffectedRows = $oDB->affected_Rows() !== false && $iErrorNum == 0) {
92  $aQAffectedRows[$iQueriesCounter] = $iAffectedRows;
93  } else {
94  $aQErrorMessages[$iQueriesCounter] = oxStr::getStr()->htmlentities($oDB->errorMsg());
95  $aQErrorNumbers[$iQueriesCounter] = oxStr::getStr()->htmlentities($iErrorNum);
96  }
97  $iQueriesCounter++;
98 
99  // stopping on first error..
100  if ($blStop) {
101  break;
102  }
103  }
104  }
105  }
106  $this->_aViewData["aQueries"] = $aPassedQueries;
107  $this->_aViewData["aAffectedRows"] = $aQAffectedRows;
108  $this->_aViewData["aErrorMessages"] = $aQErrorMessages;
109  $this->_aViewData["aErrorNumbers"] = $aQErrorNumbers;
110  }
111  $this->_iDefEdit = 1;
112  }
113  }
114 
120  protected function _processFiles()
121  {
122  if (isset($_FILES['myfile']['name'])) {
123  // process all files
124  while (list($key, $value) = each($_FILES['myfile']['name'])) {
125  $aSource = $_FILES['myfile']['tmp_name'];
126  $sSource = $aSource[$key];
127  $aFiletype = explode("@", $key);
128  $key = $aFiletype[1];
129  $sType = $aFiletype[0];
130  $value = strtolower($value);
131  // add type to name
132  $aFilename = explode(".", $value);
133 
134  //hack?
135 
136  $aBadFiles = array("php", 'php4', 'php5', "jsp", "cgi", "cmf", "exe");
137 
138  if (in_array($aFilename[1], $aBadFiles)) {
139  oxRegistry::getUtils()->showMessageAndExit("We don't play this game, go away");
140  }
141 
142  //reading SQL dump file
143  if ($sSource) {
144  $rHandle = fopen($sSource, "r");
145  $sContents = fread($rHandle, filesize($sSource));
146  fclose($rHandle);
147 
148  //reading only one SQL dump file
149  return $sContents;
150  }
151 
152  return;
153  }
154  }
155 
156  return;
157  }
158 
167  protected function _prepareSQL($sSQL, $iSQLlen)
168  {
169  $sChar = "";
170  $sStrStart = "";
171  $blString = false;
172  $oStr = getStr();
173 
174  //removing "mysqldump" application comments
175  while ($oStr->preg_match("/^\-\-.*\n/", $sSQL)) {
176  $sSQL = trim($oStr->preg_replace("/^\-\-.*\n/", "", $sSQL));
177  }
178  while ($oStr->preg_match("/\n\-\-.*\n/", $sSQL)) {
179  $sSQL = trim($oStr->preg_replace("/\n\-\-.*\n/", "\n", $sSQL));
180  }
181 
182  for ($iPos = 0; $iPos < $iSQLlen; ++$iPos) {
183  $sChar = $sSQL[$iPos];
184  if ($blString) {
185  while (true) {
186  $iPos = $oStr->strpos($sSQL, $sStrStart, $iPos);
187  //we are at the end of string ?
188  if (!$iPos) {
189  $this->aSQLs[] = $sSQL;
190 
191  return true;
192  } elseif ($sStrStart == '`' || $sSQL[$iPos - 1] != '\\') {
193  //found some query separators
194  $blString = false;
195  $sStrStart = "";
196  break;
197  } else {
198  $iNext = 2;
199  $blBackslash = false;
200  while ($iPos - $iNext > 0 && $sSQL[$iPos - $iNext] == '\\') {
201  $blBackslash = !$blBackslash;
202  $iNext++;
203  }
204  if ($blBackslash) {
205  $blString = false;
206  $sStrStart = "";
207  break;
208  } else {
209  $iPos++;
210  }
211  }
212  }
213  } elseif ($sChar == ";") {
214  // delimiter found, appending query array
215  $this->aSQLs[] = $oStr->substr($sSQL, 0, $iPos);
216  $sSQL = ltrim($oStr->substr($sSQL, min($iPos + 1, $iSQLlen)));
217  $iSQLlen = $oStr->strlen($sSQL);
218  if ($iSQLlen) {
219  $iPos = -1;
220  } else {
221  return true;
222  }
223  } elseif (($sChar == '"') || ($sChar == '\'') || ($sChar == '`')) {
224  $blString = true;
225  $sStrStart = $sChar;
226  } elseif ($sChar == "#" || ($sChar == ' ' && $iPos > 1 && $sSQL[$iPos - 2] . $sSQL[$iPos - 1] == '--')) {
227  // removing # commented query code
228  $iCommStart = (($sSQL[$iPos] == "#") ? $iPos : $iPos - 2);
229  $iCommEnd = ($oStr->strpos(' ' . $sSQL, "\012", $iPos + 2))
230  ? $oStr->strpos(' ' . $sSQL, "\012", $iPos + 2)
231  : $oStr->strpos(' ' . $sSQL, "\015", $iPos + 2);
232  if (!$iCommEnd) {
233  if ($iCommStart > 0) {
234  $this->aSQLs[] = trim($oStr->substr($sSQL, 0, $iCommStart));
235  }
236 
237  return true;
238  } else {
239  $sSQL = $oStr->substr($sSQL, 0, $iCommStart) . ltrim($oStr->substr($sSQL, $iCommEnd));
240  $iSQLlen = $oStr->strlen($sSQL);
241  $iPos--;
242  }
243  } elseif (32358 < 32270 && ($sChar == '!' && $iPos > 1 && $sSQL[$iPos - 2] . $sSQL[$iPos - 1] == '/*')) {
244  // removing comments like /**/
245  $sSQL[$iPos] = ' ';
246  }
247  }
248 
249  if (!empty($sSQL) && $oStr->preg_match("/[^[:space:]]+/", $sSQL)) {
250  $this->aSQLs[] = $sSQL;
251  }
252 
253  return true;
254  }
255 }