tools_list.php

Go to the documentation of this file.
00001 <?php
00002 
00008 class Tools_List extends oxAdminList
00009 {
00015     protected $_sThisTemplate = 'tools_list.tpl';
00016 
00022     public function updateViews()
00023     {
00024         //preventing edit for anyone except malladmin
00025         if ( oxSession::getVar( "malladmin" ) ) {
00026             oxDb::getInstance()->updateViews();
00027             $this->_aViewData["blViewSuccess"]  = true;
00028         }
00029     }
00030     
00036     public function performsql()
00037     {
00038         $oAuthUser = oxNew( 'oxuser' );
00039         $oAuthUser->loadAdminUser();
00040         if ( $oAuthUser->oxuser__oxrights->value === "malladmin" ) {
00041 
00042             $sUpdateSQL = oxConfig::getParameter("updatesql");
00043             $sUpdateSQLFile = $this->_processFiles();
00044 
00045             if ( $sUpdateSQLFile && strlen( $sUpdateSQLFile ) > 0 ) {
00046                 if ( isset( $sUpdateSQL ) && strlen( $sUpdateSQL ) )
00047                     $sUpdateSQL .= ";\r\n".$sUpdateSQLFile;
00048                 else
00049                     $sUpdateSQL  = $sUpdateSQLFile;
00050             }
00051 
00052             $sUpdateSQL = trim( stripslashes( $sUpdateSQL ) );
00053             $oStr = getStr();
00054             $iLen = $oStr->strlen( $sUpdateSQL );
00055             if ( $this->_prepareSQL( $sUpdateSQL, $iLen ) ) {
00056                 $aQueries = $this->aSQLs;
00057                 $this->_aViewData["aQueries"] = array();
00058                 $aPassedQueries  = array();
00059                 $aQAffectedRows  = array();
00060                 $aQErrorMessages = array();
00061                 $aQErrorNumbers  = array();
00062 
00063                 if ( count( $aQueries ) > 0 ) {
00064                     $blStop = false;
00065                     $oDB = oxDb::getDb();
00066                     $iQueriesCounter = 0;
00067                     for ( $i = 0; $i < count( $aQueries ); $i++ ) {
00068                         $sUpdateSQL = $aQueries[$i];
00069                         $sUpdateSQL = trim( $sUpdateSQL );
00070 
00071                         if ( $oStr->strlen( $sUpdateSQL ) > 0 ) {
00072                             $aPassedQueries[$iQueriesCounter] = nl2br( htmlentities( $sUpdateSQL ) );
00073                             if ( $oStr->strlen( $aPassedQueries[$iQueriesCounter] ) > 200 )
00074                                 $aPassedQueries[$iQueriesCounter] = $oStr->substr( $aPassedQueries[$iQueriesCounter], 0, 200 )."...";
00075 
00076                             while ( $sUpdateSQL[ $oStr->strlen( $sUpdateSQL)-1] == ";") {
00077                                 $sUpdateSQL = $oStr->substr( $sUpdateSQL, 0, ( $oStr->strlen( $sUpdateSQL)-1));
00078                             }
00079 
00080                             try {
00081                                 $oDB->execute( $sUpdateSQL );
00082                             } catch ( Exception $oExcp ) {
00083                                 // catching exception ...
00084                                 $blStop = true;
00085                             }
00086 
00087                             $aQAffectedRows [$iQueriesCounter] = null;
00088                             $aQErrorMessages[$iQueriesCounter] = null;
00089                             $aQErrorNumbers [$iQueriesCounter] = null;
00090 
00091                             $iErrorNum = $oDB->ErrorNo();
00092                             if ( $iAffectedRows = $oDB->affected_Rows() !== false && $iErrorNum == 0 ) {
00093                                 $aQAffectedRows[$iQueriesCounter] =  $iAffectedRows;
00094                             } else {
00095                                 $aQErrorMessages[$iQueriesCounter] = htmlentities( $oDB->errorMsg() );
00096                                 $aQErrorNumbers[$iQueriesCounter]  = htmlentities( $iErrorNum );
00097                             }
00098                             $iQueriesCounter++;
00099 
00100                             // stopping on first error..
00101                             if ( $blStop ) {
00102                                 break;
00103                             }
00104                         }
00105                     }
00106                 }
00107                 $this->_aViewData["aQueries"]       = $aPassedQueries;
00108                 $this->_aViewData["aAffectedRows"]  = $aQAffectedRows;
00109                 $this->_aViewData["aErrorMessages"] = $aQErrorMessages;
00110                 $this->_aViewData["aErrorNumbers"]  = $aQErrorNumbers;
00111             }
00112             $this->_iDefEdit = 1;
00113         }
00114     }
00115 
00121     protected function _processFiles()
00122     {
00123         if ( isset( $_FILES['myfile']['name'] ) ) {
00124             // process all files
00125             while ( list( $key, $value ) = each( $_FILES['myfile']['name'] ) ) {
00126                 $aSource = $_FILES['myfile']['tmp_name'];
00127                 $sSource = $aSource[$key];
00128                 $aFiletype = explode( "@", $key );
00129                 $key    = $aFiletype[1];
00130                 $sType  = $aFiletype[0];
00131                 $value = strtolower( $value );
00132                 // add type to name
00133                 $aFilename = explode( ".", $value );
00134 
00135                 //hack?
00136 
00137                 $aBadFiles = array( "php", "jsp", "cgi", "cmf", "exe" );
00138 
00139                 if ( in_array( $aFilename[1], $aBadFiles ) ) {
00140                     oxUtils::getInstance()->showMessageAndExit( "We don't play this game, go away" );
00141                 }
00142 
00143                 //reading SQL dump file
00144                 if ( $sSource ) {
00145                     $rHandle   = fopen( $sSource, "r");
00146                     $sContents = fread( $rHandle, filesize ( $sSource ) );
00147                     fclose( $rHandle );
00148                     //reading only one SQL dump file
00149                     return $sContents;
00150                 }
00151                 return;
00152             }
00153         }
00154         return;
00155     }
00156 
00165     protected function _prepareSQL( $sSQL, $iSQLlen )
00166     {
00167         $sChar = "";
00168         $sStrStart = "";
00169         $blString  = false;
00170         $oStr = getStr();
00171 
00172         //removing "mysqldump" application comments
00173         while ( $oStr->preg_match( "/^\-\-.*\n/", $sSQL ) )
00174             $sSQL = trim( $oStr->preg_replace( "/^\-\-.*\n/", "", $sSQL ) );
00175         while ( $oStr->preg_match( "/\n\-\-.*\n/", $sSQL ) )
00176             $sSQL = trim( $oStr->preg_replace( "/\n\-\-.*\n/", "\n", $sSQL ) );
00177 
00178         for ( $iPos = 0; $iPos < $iSQLlen; ++$iPos ) {
00179             $sChar = $sSQL[$iPos];
00180             if ( $blString ) {
00181                 while ( true ) {
00182                     $iPos = $oStr->strpos( $sSQL, $sStrStart, $iPos );
00183                     //we are at the end of string ?
00184                     if ( !$iPos ) {
00185                         $this->aSQLs[] = $sSQL;
00186                         return true;
00187                     } elseif ( $sStrStart == '`' || $sSQL[$iPos-1] != '\\' ) {
00188                         //found some query separators
00189                         $blString  = false;
00190                         $sStrStart = "";
00191                         break;
00192                     } else {
00193                         $iNext = 2;
00194                         $blBackslash = false;
00195                         while ( $iPos-$iNext > 0 && $sSQL[$iPos-$iNext] == '\\' ) {
00196                             $blBackslash = !$blBackslash;
00197                             $iNext++;
00198                         }
00199                         if ( $blBackslash ) {
00200                             $blString  = false;
00201                             $sStrStart = "";
00202                             break;
00203                         } else
00204                             $iPos++;
00205                     }
00206                 }
00207             } elseif ( $sChar == ";" ) {
00208                 // delimiter found, appending query array
00209                 $this->aSQLs[] = $oStr->substr( $sSQL, 0, $iPos );
00210                 $sSQL = ltrim( $oStr->substr( $sSQL, min( $iPos + 1, $iSQLlen ) ) );
00211                 $iSQLlen = $oStr->strlen( $sSQL );
00212                 if ( $iSQLlen )
00213                     $iPos      = -1;
00214                 else
00215                     return true;
00216             } elseif ( ( $sChar == '"') || ( $sChar == '\'') || ( $sChar == '`')) {
00217                 $blString  = true;
00218                 $sStrStart = $sChar;
00219             } elseif ( $sChar == "#" || ( $sChar == ' ' && $iPos > 1 && $sSQL[$iPos-2] . $sSQL[$iPos-1] == '--')) {
00220                 // removing # commented query code
00221                 $iCommStart = (( $sSQL[$iPos] == "#") ? $iPos : $iPos-2);
00222                 $iCommEnd = ($oStr->strpos(' ' . $sSQL, "\012", $iPos+2))
00223                            ? $oStr->strpos(' ' . $sSQL, "\012", $iPos+2)
00224                            : $oStr->strpos(' ' . $sSQL, "\015", $iPos+2);
00225                 if ( !$iCommEnd ) {
00226                     if ( $iCommStart > 0 )
00227                         $this->aSQLs[] = trim( $oStr->substr( $sSQL, 0, $iCommStart ) );
00228                     return true;
00229                 } else {
00230                     $sSQL = $oStr->substr( $sSQL, 0, $iCommStart ).ltrim( $oStr->substr( $sSQL, $iCommEnd ) );
00231                     $iSQLlen = $oStr->strlen( $sSQL );
00232                     $iPos--;
00233                 }
00234             } elseif ( 32358 < 32270 && ($sChar == '!' && $iPos > 1  && $sSQL[$iPos-2] . $sSQL[$iPos-1] == '/*'))  // removing comments like /**/
00235                 $sSQL[$iPos] = ' ';
00236         }
00237 
00238         if ( !empty( $sSQL ) && $oStr->preg_match( "/[^[:space:]]+/", $sSQL ) ) {
00239             $this->aSQLs[] = $sSQL;
00240         }
00241         return true;
00242     }
00243 }