OXID eShop CE: admin/tools_list.php Source File

Go to the documentation of this file.
00001 <?php
00002 
00008 class Tools_List extends oxAdminList
00009 {
00015     protected $_sThisTemplate = 'tools_list.tpl';
00016 
00022     public function performsql()
00023     {
00024         $oAuthUser = oxNew( 'oxuser' );
00025         $oAuthUser->loadAdminUser();
00026         if ( $oAuthUser->oxuser__oxrights->value === "malladmin" ) {
00027 
00028             $sUpdateSQL = oxConfig::getParameter("updatesql");
00029             $sUpdateSQLFile = $this->_processFiles();
00030 
00031             if ( $sUpdateSQLFile && strlen( $sUpdateSQLFile ) > 0 ) {
00032                 if ( isset( $sUpdateSQL ) && strlen( $sUpdateSQL ) )
00033                     $sUpdateSQL .= ";\r\n".$sUpdateSQLFile;
00034                 else
00035                     $sUpdateSQL  = $sUpdateSQLFile;
00036             }
00037 
00038             $sUpdateSQL = trim( stripslashes( $sUpdateSQL ) );
00039             $oStr = getStr();
00040             $iLen = $oStr->strlen( $sUpdateSQL );
00041             if ( $this->_prepareSQL( $sUpdateSQL, $iLen ) ) {
00042                 $aQueries = $this->aSQLs;
00043                 $this->_aViewData["aQueries"] = array();
00044                 $aPassedQueries  = array();
00045                 $aQAffectedRows  = array();
00046                 $aQErrorMessages = array();
00047                 $aQErrorNumbers  = array();
00048 
00049                 if ( count( $aQueries ) > 0 ) {
00050                     $blStop = false;
00051                     $oDB = oxDb::getDb();
00052                     $iQueriesCounter = 0;
00053                     for ( $i = 0; $i < count( $aQueries ); $i++ ) {
00054                         $sUpdateSQL = $aQueries[$i];
00055                         $sUpdateSQL = trim( $sUpdateSQL );
00056 
00057                         if ( $oStr->strlen( $sUpdateSQL ) > 0 ) {
00058                             $aPassedQueries[$iQueriesCounter] = nl2br( htmlentities( $sUpdateSQL ) );
00059                             if ( $oStr->strlen( $aPassedQueries[$iQueriesCounter] ) > 200 )
00060                                 $aPassedQueries[$iQueriesCounter] = $oStr->substr( $aPassedQueries[$iQueriesCounter], 0, 200 )."...";
00061 
00062                             while ( $sUpdateSQL[ $oStr->strlen( $sUpdateSQL)-1] == ";") {
00063                                 $sUpdateSQL = $oStr->substr( $sUpdateSQL, 0, ( $oStr->strlen( $sUpdateSQL)-1));
00064                             }
00065 
00066                             try {
00067                                 $oDB->execute( $sUpdateSQL );
00068                             } catch ( Exception $oExcp ) {
00069                                 // catching exception ...
00070                                 $blStop = true;
00071                             }
00072 
00073                             $aQAffectedRows [$iQueriesCounter] = null;
00074                             $aQErrorMessages[$iQueriesCounter] = null;
00075                             $aQErrorNumbers [$iQueriesCounter] = null;
00076 
00077                             $iErrorNum = $oDB->ErrorNo();
00078                             if ( $iAffectedRows = $oDB->affected_Rows() !== false && $iErrorNum == 0 ) {
00079                                 $aQAffectedRows[$iQueriesCounter] =  $iAffectedRows;
00080                             } else {
00081                                 $aQErrorMessages[$iQueriesCounter] = htmlentities( $oDB->errorMsg() );
00082                                 $aQErrorNumbers[$iQueriesCounter]  = htmlentities( $iErrorNum );
00083                             }
00084                             $iQueriesCounter++;
00085 
00086                             // stopping on first error..
00087                             if ( $blStop ) {
00088                                 break;
00089                             }
00090                         }
00091                     }
00092                 }
00093                 $this->_aViewData["aQueries"]       = $aPassedQueries;
00094                 $this->_aViewData["aAffectedRows"]  = $aQAffectedRows;
00095                 $this->_aViewData["aErrorMessages"] = $aQErrorMessages;
00096                 $this->_aViewData["aErrorNumbers"]  = $aQErrorNumbers;
00097             }
00098             $this->_iDefEdit = 1;
00099         }
00100     }
00101 
00107     protected function _processFiles()
00108     {
00109         if ( isset( $_FILES['myfile']['name'] ) ) {
00110             // process all files
00111             while ( list( $key, $value ) = each( $_FILES['myfile']['name'] ) ) {
00112                 $aSource = $_FILES['myfile']['tmp_name'];
00113                 $sSource = $aSource[$key];
00114                 $aFiletype = explode( "@", $key );
00115                 $key    = $aFiletype[1];
00116                 $sType  = $aFiletype[0];
00117                 $value = strtolower( $value );
00118                 // add type to name
00119                 $aFilename = explode( ".", $value );
00120 
00121                 //hack?
00122 
00123                 $aBadFiles = array( "php", "jsp", "cgi", "cmf", "exe" );
00124 
00125                 if ( in_array( $aFilename[1], $aBadFiles ) ) {
00126                     oxUtils::getInstance()->showMessageAndExit( "We don't play this game, go away" );
00127                 }
00128 
00129                 //reading SQL dump file
00130                 if ( $sSource ) {
00131                     $rHandle   = fopen( $sSource, "r");
00132                     $sContents = fread( $rHandle, filesize ( $sSource ) );
00133                     fclose( $rHandle );
00134                     //reading only one SQL dump file
00135                     return $sContents;
00136                 }
00137                 return;
00138             }
00139         }
00140         return;
00141     }
00142 
00151     protected function _prepareSQL( $sSQL, $iSQLlen )
00152     {
00153         $sChar = "";
00154         $sStrStart = "";
00155         $blString  = false;
00156         $oStr = getStr();
00157 
00158         //removing "mysqldump" application comments
00159         while ( $oStr->preg_match( "/^\-\-.*\n/", $sSQL ) )
00160             $sSQL = trim( $oStr->preg_replace( "/^\-\-.*\n/", "", $sSQL ) );
00161         while ( $oStr->preg_match( "/\n\-\-.*\n/", $sSQL ) )
00162             $sSQL = trim( $oStr->preg_replace( "/\n\-\-.*\n/", "\n", $sSQL ) );
00163 
00164         for ( $iPos = 0; $iPos < $iSQLlen; ++$iPos ) {
00165             $sChar = $sSQL[$iPos];
00166             if ( $blString ) {
00167                 while ( true ) {
00168                     $iPos = $oStr->strpos( $sSQL, $sStrStart, $iPos );
00169                     //we are at the end of string ?
00170                     if ( !$iPos ) {
00171                         $this->aSQLs[] = $sSQL;
00172                         return true;
00173                     } elseif ( $sStrStart == '`' || $sSQL[$iPos-1] != '\\' ) {
00174                         //found some query separators
00175                         $blString  = false;
00176                         $sStrStart = "";
00177                         break;
00178                     } else {
00179                         $iNext = 2;
00180                         $blBackslash = false;
00181                         while ( $iPos-$iNext > 0 && $sSQL[$iPos-$iNext] == '\\' ) {
00182                             $blBackslash = !$blBackslash;
00183                             $iNext++;
00184                         }
00185                         if ( $blBackslash ) {
00186                             $blString  = false;
00187                             $sStrStart = "";
00188                             break;
00189                         } else
00190                             $iPos++;
00191                     }
00192                 }
00193             } elseif ( $sChar == ";" ) {
00194                 // delimiter found, appending query array
00195                 $this->aSQLs[] = $oStr->substr( $sSQL, 0, $iPos );
00196                 $sSQL = ltrim( $oStr->substr( $sSQL, min( $iPos + 1, $iSQLlen ) ) );
00197                 $iSQLlen = $oStr->strlen( $sSQL );
00198                 if ( $iSQLlen )
00199                     $iPos      = -1;
00200                 else
00201                     return true;
00202             } elseif ( ( $sChar == '"') || ( $sChar == '\'') || ( $sChar == '`')) {
00203                 $blString  = true;
00204                 $sStrStart = $sChar;
00205             } elseif ( $sChar == "#" || ( $sChar == ' ' && $iPos > 1 && $sSQL[$iPos-2] . $sSQL[$iPos-1] == '--')) {
00206                 // removing # commented query code
00207                 $iCommStart = (( $sSQL[$iPos] == "#") ? $iPos : $iPos-2);
00208                 $iCommEnd = ($oStr->strpos(' ' . $sSQL, "\012", $iPos+2))
00209                            ? $oStr->strpos(' ' . $sSQL, "\012", $iPos+2)
00210                            : $oStr->strpos(' ' . $sSQL, "\015", $iPos+2);
00211                 if ( !$iCommEnd ) {
00212                     if ( $iCommStart > 0 )
00213                         $this->aSQLs[] = trim( $oStr->substr( $sSQL, 0, $iCommStart ) );
00214                     return true;
00215                 } else {
00216                     $sSQL = $oStr->substr( $sSQL, 0, $iCommStart ).ltrim( $oStr->substr( $sSQL, $iCommEnd ) );
00217                     $iSQLlen = $oStr->strlen( $sSQL );
00218                     $iPos--;
00219                 }
00220             } elseif ( 32358 < 32270 && ($sChar == '!' && $iPos > 1  && $sSQL[$iPos-2] . $sSQL[$iPos-1] == '/*'))  // removing comments like /**/
00221                 $sSQL[$iPos] = ' ';
00222         }
00223 
00224         if ( !empty( $sSQL ) && $oStr->preg_match( "/[^[:space:]]+/", $sSQL ) ) {
00225             $this->aSQLs[] = $sSQL;
00226         }
00227         return true;
00228     }
00229 }