Go to the documentation of this file.00001 <?php
00002
00008 class Tools_List extends oxAdminList
00009 {
00010
00016 protected $_sThisTemplate = 'tools_list.tpl';
00017
00021 public function updateViews()
00022 {
00023
00024 if (oxRegistry::getSession()->getVariable("malladmin")) {
00025 $oMetaData = oxNew('oxDbMetaDataHandler');
00026 $this->_aViewData["blViewSuccess"] = $oMetaData->updateViews();
00027 }
00028 }
00029
00033 public function performsql()
00034 {
00035 $oAuthUser = oxNew('oxuser');
00036 $oAuthUser->loadAdminUser();
00037 if ($oAuthUser->oxuser__oxrights->value === "malladmin") {
00038
00039 $sUpdateSQL = oxRegistry::getConfig()->getRequestParameter("updatesql");
00040 $sUpdateSQLFile = $this->_processFiles();
00041
00042 if ($sUpdateSQLFile && strlen($sUpdateSQLFile) > 0) {
00043 if (isset($sUpdateSQL) && strlen($sUpdateSQL)) {
00044 $sUpdateSQL .= ";\r\n" . $sUpdateSQLFile;
00045 } else {
00046 $sUpdateSQL = $sUpdateSQLFile;
00047 }
00048 }
00049
00050 $sUpdateSQL = trim(stripslashes($sUpdateSQL));
00051 $oStr = getStr();
00052 $iLen = $oStr->strlen($sUpdateSQL);
00053 if ($this->_prepareSQL($sUpdateSQL, $iLen)) {
00054 $aQueries = $this->aSQLs;
00055 $this->_aViewData["aQueries"] = array();
00056 $aPassedQueries = array();
00057 $aQAffectedRows = array();
00058 $aQErrorMessages = array();
00059 $aQErrorNumbers = array();
00060
00061 if (count($aQueries) > 0) {
00062 $blStop = false;
00063 $oDB = oxDb::getDb();
00064 $iQueriesCounter = 0;
00065 for ($i = 0; $i < count($aQueries); $i++) {
00066 $sUpdateSQL = $aQueries[$i];
00067 $sUpdateSQL = trim($sUpdateSQL);
00068
00069 if ($oStr->strlen($sUpdateSQL) > 0) {
00070 $aPassedQueries[$iQueriesCounter] = nl2br(oxStr::getStr()->htmlentities($sUpdateSQL));
00071 if ($oStr->strlen($aPassedQueries[$iQueriesCounter]) > 200) {
00072 $aPassedQueries[$iQueriesCounter] = $oStr->substr($aPassedQueries[$iQueriesCounter], 0, 200) . "...";
00073 }
00074
00075 while ($sUpdateSQL[$oStr->strlen($sUpdateSQL) - 1] == ";") {
00076 $sUpdateSQL = $oStr->substr($sUpdateSQL, 0, ($oStr->strlen($sUpdateSQL) - 1));
00077 }
00078
00079 try {
00080 $oDB->execute($sUpdateSQL);
00081 } catch (Exception $oExcp) {
00082
00083 $blStop = true;
00084 }
00085
00086 $aQAffectedRows [$iQueriesCounter] = null;
00087 $aQErrorMessages[$iQueriesCounter] = null;
00088 $aQErrorNumbers [$iQueriesCounter] = null;
00089
00090 $iErrorNum = $oDB->ErrorNo();
00091 if ($iAffectedRows = $oDB->affected_Rows() !== false && $iErrorNum == 0) {
00092 $aQAffectedRows[$iQueriesCounter] = $iAffectedRows;
00093 } else {
00094 $aQErrorMessages[$iQueriesCounter] = oxStr::getStr()->htmlentities($oDB->errorMsg());
00095 $aQErrorNumbers[$iQueriesCounter] = oxStr::getStr()->htmlentities($iErrorNum);
00096 }
00097 $iQueriesCounter++;
00098
00099
00100 if ($blStop) {
00101 break;
00102 }
00103 }
00104 }
00105 }
00106 $this->_aViewData["aQueries"] = $aPassedQueries;
00107 $this->_aViewData["aAffectedRows"] = $aQAffectedRows;
00108 $this->_aViewData["aErrorMessages"] = $aQErrorMessages;
00109 $this->_aViewData["aErrorNumbers"] = $aQErrorNumbers;
00110 }
00111 $this->_iDefEdit = 1;
00112 }
00113 }
00114
00120 protected function _processFiles()
00121 {
00122 if (isset($_FILES['myfile']['name'])) {
00123
00124 while (list($key, $value) = each($_FILES['myfile']['name'])) {
00125 $aSource = $_FILES['myfile']['tmp_name'];
00126 $sSource = $aSource[$key];
00127 $aFiletype = explode("@", $key);
00128 $key = $aFiletype[1];
00129 $sType = $aFiletype[0];
00130 $value = strtolower($value);
00131
00132 $aFilename = explode(".", $value);
00133
00134
00135
00136 $aBadFiles = array("php", 'php4', 'php5', "jsp", "cgi", "cmf", "exe");
00137
00138 if (in_array($aFilename[1], $aBadFiles)) {
00139 oxRegistry::getUtils()->showMessageAndExit("We don't play this game, go away");
00140 }
00141
00142
00143 if ($sSource) {
00144 $rHandle = fopen($sSource, "r");
00145 $sContents = fread($rHandle, filesize($sSource));
00146 fclose($rHandle);
00147
00148
00149 return $sContents;
00150 }
00151
00152 return;
00153 }
00154 }
00155
00156 return;
00157 }
00158
00167 protected function _prepareSQL($sSQL, $iSQLlen)
00168 {
00169 $sChar = "";
00170 $sStrStart = "";
00171 $blString = false;
00172 $oStr = getStr();
00173
00174
00175 while ($oStr->preg_match("/^\-\-.*\n/", $sSQL)) {
00176 $sSQL = trim($oStr->preg_replace("/^\-\-.*\n/", "", $sSQL));
00177 }
00178 while ($oStr->preg_match("/\n\-\-.*\n/", $sSQL)) {
00179 $sSQL = trim($oStr->preg_replace("/\n\-\-.*\n/", "\n", $sSQL));
00180 }
00181
00182 for ($iPos = 0; $iPos < $iSQLlen; ++$iPos) {
00183 $sChar = $sSQL[$iPos];
00184 if ($blString) {
00185 while (true) {
00186 $iPos = $oStr->strpos($sSQL, $sStrStart, $iPos);
00187
00188 if (!$iPos) {
00189 $this->aSQLs[] = $sSQL;
00190
00191 return true;
00192 } elseif ($sStrStart == '`' || $sSQL[$iPos - 1] != '\\') {
00193
00194 $blString = false;
00195 $sStrStart = "";
00196 break;
00197 } else {
00198 $iNext = 2;
00199 $blBackslash = false;
00200 while ($iPos - $iNext > 0 && $sSQL[$iPos - $iNext] == '\\') {
00201 $blBackslash = !$blBackslash;
00202 $iNext++;
00203 }
00204 if ($blBackslash) {
00205 $blString = false;
00206 $sStrStart = "";
00207 break;
00208 } else {
00209 $iPos++;
00210 }
00211 }
00212 }
00213 } elseif ($sChar == ";") {
00214
00215 $this->aSQLs[] = $oStr->substr($sSQL, 0, $iPos);
00216 $sSQL = ltrim($oStr->substr($sSQL, min($iPos + 1, $iSQLlen)));
00217 $iSQLlen = $oStr->strlen($sSQL);
00218 if ($iSQLlen) {
00219 $iPos = -1;
00220 } else {
00221 return true;
00222 }
00223 } elseif (($sChar == '"') || ($sChar == '\'') || ($sChar == '`')) {
00224 $blString = true;
00225 $sStrStart = $sChar;
00226 } elseif ($sChar == "#" || ($sChar == ' ' && $iPos > 1 && $sSQL[$iPos - 2] . $sSQL[$iPos - 1] == '--')) {
00227
00228 $iCommStart = (($sSQL[$iPos] == "#") ? $iPos : $iPos - 2);
00229 $iCommEnd = ($oStr->strpos(' ' . $sSQL, "\012", $iPos + 2))
00230 ? $oStr->strpos(' ' . $sSQL, "\012", $iPos + 2)
00231 : $oStr->strpos(' ' . $sSQL, "\015", $iPos + 2);
00232 if (!$iCommEnd) {
00233 if ($iCommStart > 0) {
00234 $this->aSQLs[] = trim($oStr->substr($sSQL, 0, $iCommStart));
00235 }
00236
00237 return true;
00238 } else {
00239 $sSQL = $oStr->substr($sSQL, 0, $iCommStart) . ltrim($oStr->substr($sSQL, $iCommEnd));
00240 $iSQLlen = $oStr->strlen($sSQL);
00241 $iPos--;
00242 }
00243 } elseif (32358 < 32270 && ($sChar == '!' && $iPos > 1 && $sSQL[$iPos - 2] . $sSQL[$iPos - 1] == '/*')) {
00244
00245 $sSQL[$iPos] = ' ';
00246 }
00247 }
00248
00249 if (!empty($sSQL) && $oStr->preg_match("/[^[:space:]]+/", $sSQL)) {
00250 $this->aSQLs[] = $sSQL;
00251 }
00252
00253 return true;
00254 }
00255 }
