003 File Manager
Current Path:
/usr/local/www/sites/shared/phpmyadmin/libraries/classes
usr
/
local
/
www
/
sites
/
shared
/
phpmyadmin
/
libraries
/
classes
/
📁
..
📄
Advisor.php
(17.87 KB)
📄
Bookmark.php
(9.85 KB)
📄
BrowseForeigners.php
(10.7 KB)
📄
CentralColumns.php
(53.12 KB)
📄
Charsets.php
(24.07 KB)
📄
CheckUserPrivileges.php
(11.58 KB)
📁
Config
📄
Config.php
(58.1 KB)
📄
Console.php
(3.58 KB)
📁
Controllers
📄
Core.php
(38.15 KB)
📄
CreateAddField.php
(17.95 KB)
📁
Database
📄
DatabaseInterface.php
(103.63 KB)
📁
Dbi
📁
Di
📁
Display
📄
Encoding.php
(8.25 KB)
📁
Engines
📄
Error.php
(12.93 KB)
📄
ErrorHandler.php
(16.32 KB)
📄
ErrorReport.php
(8.28 KB)
📄
Export.php
(40.32 KB)
📄
File.php
(20.43 KB)
📄
FileListing.php
(2.83 KB)
📄
Font.php
(4.25 KB)
📄
Footer.php
(10.47 KB)
📁
Gis
📄
Header.php
(25.81 KB)
📄
Import.php
(55.59 KB)
📄
Index.php
(24.63 KB)
📄
IndexColumn.php
(4.43 KB)
📄
InsertEdit.php
(129.1 KB)
📄
IpAllowDeny.php
(9.21 KB)
📄
Language.php
(4.3 KB)
📄
LanguageManager.php
(23.17 KB)
📄
Linter.php
(5.1 KB)
📄
ListAbstract.php
(3.15 KB)
📄
ListDatabase.php
(4.22 KB)
📄
Logging.php
(2.56 KB)
📄
Menu.php
(22.34 KB)
📄
Message.php
(19.19 KB)
📄
Mime.php
(891 B)
📄
MultSubmits.php
(23.19 KB)
📁
Navigation
📄
Normalization.php
(38.99 KB)
📄
OpenDocument.php
(8.5 KB)
📄
Operations.php
(79.4 KB)
📄
OutputBuffering.php
(3.63 KB)
📄
ParseAnalyze.php
(2.46 KB)
📄
Partition.php
(7.26 KB)
📄
Pdf.php
(4.07 KB)
📁
Plugins
📄
Plugins.php
(21.42 KB)
📁
Properties
📄
RecentFavoriteTable.php
(12.05 KB)
📄
Relation.php
(75.97 KB)
📄
RelationCleanup.php
(14.7 KB)
📄
Replication.php
(5.37 KB)
📄
ReplicationGui.php
(41.46 KB)
📄
Response.php
(16.31 KB)
📁
Rte
📄
Sanitize.php
(14.15 KB)
📄
SavedSearches.php
(11.95 KB)
📄
Scripts.php
(5.33 KB)
📁
Server
📄
Session.php
(7.68 KB)
📄
Sql.php
(87.62 KB)
📄
SqlQueryForm.php
(17.19 KB)
📄
StorageEngine.php
(13.47 KB)
📄
SubPartition.php
(3.53 KB)
📄
SysInfo.php
(1.54 KB)
📄
SysInfoBase.php
(801 B)
📄
SysInfoLinux.php
(1.96 KB)
📄
SysInfoSunOS.php
(1.87 KB)
📄
SysInfoWINNT.php
(3.1 KB)
📄
SystemDatabase.php
(3.84 KB)
📄
Table.php
(92.48 KB)
📄
Template.php
(3.91 KB)
📄
Theme.php
(10.53 KB)
📄
ThemeManager.php
(10.64 KB)
📄
Tracker.php
(29.43 KB)
📄
Tracking.php
(41.96 KB)
📄
Transformations.php
(16.12 KB)
📁
Twig
📄
TwoFactor.php
(7 KB)
📄
Types.php
(22.75 KB)
📄
Url.php
(8.02 KB)
📄
UserPassword.php
(8.26 KB)
📄
UserPreferences.php
(8.52 KB)
📄
Util.php
(162.41 KB)
📁
Utils
📄
VersionInformation.php
(6.34 KB)
📄
ZipExtension.php
(9.98 KB)
Editing: Sanitize.php
<?php /* vim: set expandtab sw=4 ts=4 sts=4: */ /** * This class includes various sanitization methods that can be called statically * * @package PhpMyAdmin */ namespace PhpMyAdmin; use PhpMyAdmin\Core; use PhpMyAdmin\Util; /** * This class includes various sanitization methods that can be called statically * * @package PhpMyAdmin */ class Sanitize { /** * Checks whether given link is valid * * @param string $url URL to check * @param boolean $http Whether to allow http links * @param boolean $other Whether to allow ftp and mailto links * * @return boolean True if string can be used as link */ public static function checkLink($url, $http=false, $other=false) { $url = strtolower($url); $valid_starts = array( 'https://', './url.php?url=https%3a%2f%2f', './doc/html/', # possible return values from Util::getScriptNameForOption './index.php?', './server_databases.php?', './server_status.php?', './server_variables.php?', './server_privileges.php?', './db_structure.php?', './db_sql.php?', './db_search.php?', './db_operations.php?', './tbl_structure.php?', './tbl_sql.php?', './tbl_select.php?', './tbl_change.php?', './sql.php?', # Hardcoded options in libraries/special_schema_links.inc.php './db_events.php?', './db_routines.php?', './server_privileges.php?', './tbl_structure.php?', ); $is_setup = !is_null($GLOBALS['PMA_Config']) && $GLOBALS['PMA_Config']->get('is_setup'); // Adjust path to setup script location if ($is_setup) { foreach ($valid_starts as $key => $value) { if (substr($value, 0, 2) === './') { $valid_starts[$key] = '.' . $value; } } } if ($other) { $valid_starts[] = 'mailto:'; $valid_starts[] = 'ftp://'; } if ($http) { $valid_starts[] = 'http://'; } if ($is_setup) { $valid_starts[] = '?page=form&'; $valid_starts[] = '?page=servers&'; } foreach ($valid_starts as $val) { if (substr($url, 0, strlen($val)) == $val) { return true; } } return false; } /** * Callback function for replacing [a@link@target] links in bb code. * * @param array $found Array of preg matches * * @return string Replaced string */ public static function replaceBBLink(array $found) { /* Check for valid link */ if (! self::checkLink($found[1])) { return $found[0]; } /* a-z and _ allowed in target */ if (! empty($found[3]) && preg_match('/[^a-z_]+/i', $found[3])) { return $found[0]; } /* Construct target */ $target = ''; if (! empty($found[3])) { $target = ' target="' . $found[3] . '"'; if ($found[3] == '_blank') { $target .= ' rel="noopener noreferrer"'; } } /* Construct url */ if (substr($found[1], 0, 4) == 'http') { $url = Core::linkURL($found[1]); } else { $url = $found[1]; } return '<a href="' . $url . '"' . $target . '>'; } /** * Callback function for replacing [doc@anchor] links in bb code. * * @param array $found Array of preg matches * * @return string Replaced string */ public static function replaceDocLink(array $found) { if (count($found) >= 4) { $page = $found[1]; $anchor = $found[3]; } else { $anchor = $found[1]; if (strncmp('faq', $anchor, 3) == 0) { $page = 'faq'; } elseif (strncmp('cfg', $anchor, 3) == 0) { $page = 'config'; } else { /* Guess */ $page = 'setup'; } } $link = Util::getDocuLink($page, $anchor); return '<a href="' . $link . '" target="documentation">'; } /** * Sanitizes $message, taking into account our special codes * for formatting. * * If you want to include result in element attribute, you should escape it. * * Examples: * * <p><?php echo Sanitize::sanitize($foo); ?></p> * * <a title="<?php echo Sanitize::sanitize($foo, true); ?>">bar</a> * * @param string $message the message * @param boolean $escape whether to escape html in result * @param boolean $safe whether string is safe (can keep < and > chars) * * @return string the sanitized message */ public static function sanitize($message, $escape = false, $safe = false) { if (!$safe) { $message = strtr($message, array('<' => '<', '>' => '>')); } /* Interpret bb code */ $replace_pairs = array( '[em]' => '<em>', '[/em]' => '</em>', '[strong]' => '<strong>', '[/strong]' => '</strong>', '[code]' => '<code>', '[/code]' => '</code>', '[kbd]' => '<kbd>', '[/kbd]' => '</kbd>', '[br]' => '<br />', '[/a]' => '</a>', '[/doc]' => '</a>', '[sup]' => '<sup>', '[/sup]' => '</sup>', // used in common.inc.php: '[conferr]' => '<iframe src="show_config_errors.php"><a href="show_config_errors.php">show_config_errors.php</a></iframe>', // used in libraries/Util.php '[dochelpicon]' => Util::getImage('b_help', __('Documentation')), ); $message = strtr($message, $replace_pairs); /* Match links in bb code ([a@url@target], where @target is options) */ $pattern = '/\[a@([^]"@]*)(@([^]"]*))?\]/'; /* Find and replace all links */ $message = preg_replace_callback($pattern, function($match){ return self::replaceBBLink($match); }, $message); /* Replace documentation links */ $message = preg_replace_callback( '/\[doc@([a-zA-Z0-9_-]+)(@([a-zA-Z0-9_-]*))?\]/', function($match){ return self::replaceDocLink($match); }, $message ); /* Possibly escape result */ if ($escape) { $message = htmlspecialchars($message); } return $message; } /** * Sanitize a filename by removing anything besides legit characters * * Intended usecase: * When using a filename in a Content-Disposition header * the value should not contain ; or " * * When exporting, avoiding generation of an unexpected double-extension file * * @param string $filename The filename * @param boolean $replaceDots Whether to also replace dots * * @return string the sanitized filename * */ public static function sanitizeFilename($filename, $replaceDots = false) { $pattern = '/[^A-Za-z0-9_'; // if we don't have to replace dots if (! $replaceDots) { // then add the dot to the list of legit characters $pattern .= '.'; } $pattern .= '-]/'; $filename = preg_replace($pattern, '_', $filename); return $filename; } /** * Format a string so it can be a string inside JavaScript code inside an * eventhandler (onclick, onchange, on..., ). * This function is used to displays a javascript confirmation box for * "DROP/DELETE/ALTER" queries. * * @param string $a_string the string to format * @param boolean $add_backquotes whether to add backquotes to the string or not * * @return string the formatted string * * @access public */ public static function jsFormat($a_string = '', $add_backquotes = true) { $a_string = htmlspecialchars($a_string); $a_string = self::escapeJsString($a_string); // Needed for inline javascript to prevent some browsers // treating it as a anchor $a_string = str_replace('#', '\\#', $a_string); return $add_backquotes ? Util::backquote($a_string) : $a_string; } // end of the 'jsFormat' function /** * escapes a string to be inserted as string a JavaScript block * enclosed by <![CDATA[ ... ]]> * this requires only to escape ' with \' and end of script block * * We also remove NUL byte as some browsers (namely MSIE) ignore it and * inserting it anywhere inside </script would allow to bypass this check. * * @param string $string the string to be escaped * * @return string the escaped string */ public static function escapeJsString($string) { return preg_replace( '@</script@i', '</\' + \'script', strtr( $string, array( "\000" => '', '\\' => '\\\\', '\'' => '\\\'', '"' => '\"', "\n" => '\n', "\r" => '\r' ) ) ); } /** * Formats a value for javascript code. * * @param string $value String to be formatted. * * @return string formatted value. */ public static function formatJsVal($value) { if (is_bool($value)) { if ($value) { return 'true'; } return 'false'; } if (is_int($value)) { return (int)$value; } return '"' . self::escapeJsString($value) . '"'; } /** * Formats an javascript assignment with proper escaping of a value * and support for assigning array of strings. * * @param string $key Name of value to set * @param mixed $value Value to set, can be either string or array of strings * @param bool $escape Whether to escape value or keep it as it is * (for inclusion of js code) * * @return string Javascript code. */ public static function getJsValue($key, $value, $escape = true) { $result = $key . ' = '; if (!$escape) { $result .= $value; } elseif (is_array($value)) { $result .= '['; foreach ($value as $val) { $result .= self::formatJsVal($val) . ","; } $result .= "];\n"; } else { $result .= self::formatJsVal($value) . ";\n"; } return $result; } /** * Prints an javascript assignment with proper escaping of a value * and support for assigning array of strings. * * @param string $key Name of value to set * @param mixed $value Value to set, can be either string or array of strings * * @return void */ public static function printJsValue($key, $value) { echo self::getJsValue($key, $value); } /** * Formats javascript assignment for form validation api * with proper escaping of a value. * * @param string $key Name of value to set * @param string $value Value to set * @param boolean $addOn Check if $.validator.format is required or not * @param boolean $comma Check if comma is required * * @return string Javascript code. */ public static function getJsValueForFormValidation($key, $value, $addOn, $comma) { $result = $key . ': '; if ($addOn) { $result .= '$.validator.format('; } $result .= self::formatJsVal($value); if ($addOn) { $result .= ')'; } if ($comma) { $result .= ', '; } return $result; } /** * Prints javascript assignment for form validation api * with proper escaping of a value. * * @param string $key Name of value to set * @param string $value Value to set * @param boolean $addOn Check if $.validator.format is required or not * @param boolean $comma Check if comma is required * * @return void */ public static function printJsValueForFormValidation($key, $value, $addOn=false, $comma=true) { echo self::getJsValueForFormValidation($key, $value, $addOn, $comma); } /** * Removes all variables from request except whitelisted ones. * * @param string &$whitelist list of variables to allow * * @return void * @access public */ public static function removeRequestVars(&$whitelist) { // do not check only $_REQUEST because it could have been overwritten // and use type casting because the variables could have become // strings if (! isset($_REQUEST)) { $_REQUEST = array(); } if (! isset($_GET)) { $_GET = array(); } if (! isset($_POST)) { $_POST = array(); } if (! isset($_COOKIE)) { $_COOKIE = array(); } $keys = array_keys( array_merge((array)$_REQUEST, (array)$_GET, (array)$_POST, (array)$_COOKIE) ); foreach ($keys as $key) { if (! in_array($key, $whitelist)) { unset($_REQUEST[$key], $_GET[$key], $_POST[$key]); continue; } // allowed stuff could be compromised so escape it // we require it to be a string if (isset($_REQUEST[$key]) && ! is_string($_REQUEST[$key])) { unset($_REQUEST[$key]); } if (isset($_POST[$key]) && ! is_string($_POST[$key])) { unset($_POST[$key]); } if (isset($_COOKIE[$key]) && ! is_string($_COOKIE[$key])) { unset($_COOKIE[$key]); } if (isset($_GET[$key]) && ! is_string($_GET[$key])) { unset($_GET[$key]); } } } }
Upload File
Create Folder