optometrists

Back Back Up Normal Editor

<?php declare(strict_types=1); namespace PhpMyAdmin\Database; use PhpMyAdmin\DatabaseInterface; use PhpMyAdmin\Html\Generator; use PhpMyAdmin\Message; use PhpMyAdmin\ResponseRenderer; use PhpMyAdmin\Template; use PhpMyAdmin\Util; use function __; use function count; use function explode; use function htmlspecialchars; use function in_array; use function mb_strtoupper; use function sprintf; use function str_contains; use function trim; /** * Functions for trigger management. */ class Triggers { /** @var array<int, string> */ private $time = ['BEFORE', 'AFTER']; /** @var array<int, string> */ private $event = ['INSERT', 'UPDATE', 'DELETE']; /** @var DatabaseInterface */ private $dbi; /** @var Template */ private $template; /** @var ResponseRenderer */ private $response; /** * @param DatabaseInterface $dbi DatabaseInterface instance. * @param Template $template Template instance. * @param ResponseRenderer $response Response instance. */ public function __construct(DatabaseInterface $dbi, Template $template, $response) { $this->dbi = $dbi; $this->template = $template; $this->response = $response; } /** * Main function for the triggers functionality */ public function main(): void { global $db, $table; /** * Process all requests */ $this->handleEditor(); $this->export(); $items = $this->dbi->getTriggers($db, $table); $hasTriggerPrivilege = Util::currentUserHasPrivilege('TRIGGER', $db, $table); $isAjax = $this->response->isAjax() && empty($_REQUEST['ajax_page_request']); $rows = ''; foreach ($items as $item) { $rows .= $this->template->render('database/triggers/row', [ 'db' => $db, 'table' => $table, 'trigger' => $item, 'has_drop_privilege' => $hasTriggerPrivilege, 'has_edit_privilege' => $hasTriggerPrivilege, 'row_class' => $isAjax ? 'ajaxInsert hide' : '', ]); } echo $this->template->render('database/triggers/list', [ 'db' => $db, 'table' => $table, 'items' => $items, 'rows' => $rows, 'has_privilege' => $hasTriggerPrivilege, ]); } /** * Handles editor requests for adding or editing an item */ public function handleEditor(): void { global $db, $errors, $message, $table; if (! empty($_POST['editor_process_add']) || ! empty($_POST['editor_process_edit'])) { $sql_query = ''; $item_query = $this->getQueryFromRequest(); // set by getQueryFromRequest() if (! count($errors)) { // Execute the created query if (! empty($_POST['editor_process_edit'])) { // Backup the old trigger, in case something goes wrong $trigger = $this->getDataFromName($_POST['item_original_name']); $create_item = $trigger['create']; $drop_item = $trigger['drop'] . ';'; $result = $this->dbi->tryQuery($drop_item); if (! $result) { $errors[] = sprintf( __('The following query has failed: "%s"'), htmlspecialchars($drop_item) ) . '<br>' . __('MySQL said: ') . $this->dbi->getError(); } else { $result = $this->dbi->tryQuery($item_query); if (! $result) { $errors[] = sprintf( __('The following query has failed: "%s"'), htmlspecialchars($item_query) ) . '<br>' . __('MySQL said: ') . $this->dbi->getError(); // We dropped the old item, but were unable to create the // new one. Try to restore the backup query. $result = $this->dbi->tryQuery($create_item); if (! $result) { $errors = $this->checkResult($create_item, $errors); } } else { $message = Message::success( __('Trigger %1$s has been modified.') ); $message->addParam( Util::backquote($_POST['item_name']) ); $sql_query = $drop_item . $item_query; } } } else { // 'Add a new item' mode $result = $this->dbi->tryQuery($item_query); if (! $result) { $errors[] = sprintf( __('The following query has failed: "%s"'), htmlspecialchars($item_query) ) . '<br><br>' . __('MySQL said: ') . $this->dbi->getError(); } else { $message = Message::success( __('Trigger %1$s has been created.') ); $message->addParam( Util::backquote($_POST['item_name']) ); $sql_query = $item_query; } } } if (count($errors)) { $message = Message::error( '<b>' . __( 'One or more errors have occurred while processing your request:' ) . '</b>' ); $message->addHtml('<ul>'); foreach ($errors as $string) { $message->addHtml('<li>' . $string . '</li>'); } $message->addHtml('</ul>'); } $output = Generator::getMessage($message, $sql_query); if ($this->response->isAjax()) { if ($message->isSuccess()) { $items = $this->dbi->getTriggers($db, $table, ''); $trigger = false; foreach ($items as $value) { if ($value['name'] != $_POST['item_name']) { continue; } $trigger = $value; } $insert = false; if (empty($table) || ($trigger !== false && $table == $trigger['table'])) { $insert = true; $hasTriggerPrivilege = Util::currentUserHasPrivilege('TRIGGER', $db, $table); $this->response->addJSON( 'new_row', $this->template->render('database/triggers/row', [ 'db' => $db, 'table' => $table, 'trigger' => $trigger, 'has_drop_privilege' => $hasTriggerPrivilege, 'has_edit_privilege' => $hasTriggerPrivilege, 'row_class' => '', ]) ); $this->response->addJSON( 'name', htmlspecialchars( mb_strtoupper( $_POST['item_name'] ) ) ); } $this->response->addJSON('insert', $insert); $this->response->addJSON('message', $output); } else { $this->response->addJSON('message', $message); $this->response->setRequestStatus(false); } $this->response->addJSON('tableType', 'triggers'); exit; } } /** * Display a form used to add/edit a trigger, if necessary */ if ( ! count($errors) && (! empty($_POST['editor_process_add']) || ! empty($_POST['editor_process_edit']) || (empty($_REQUEST['add_item']) && empty($_REQUEST['edit_item']))) // FIXME: this must be simpler than that ) { return; } $mode = ''; $item = null; $title = ''; // Get the data for the form (if any) if (! empty($_REQUEST['add_item'])) { $title = __('Add trigger'); $item = $this->getDataFromRequest(); $mode = 'add'; } elseif (! empty($_REQUEST['edit_item'])) { $title = __('Edit trigger'); if (! empty($_REQUEST['item_name']) && empty($_POST['editor_process_edit'])) { $item = $this->getDataFromName($_REQUEST['item_name']); if ($item !== null) { $item['item_original_name'] = $item['item_name']; } } else { $item = $this->getDataFromRequest(); } $mode = 'edit'; } $this->sendEditor($mode, $item, $title, $db, $table); } /** * This function will generate the values that are required to for the editor * * @return array Data necessary to create the editor. */ public function getDataFromRequest() { $retval = []; $indices = [ 'item_name', 'item_table', 'item_original_name', 'item_action_timing', 'item_event_manipulation', 'item_definition', 'item_definer', ]; foreach ($indices as $index) { $retval[$index] = $_POST[$index] ?? ''; } return $retval; } /** * This function will generate the values that are required to complete * the "Edit trigger" form given the name of a trigger. * * @param string $name The name of the trigger. * * @return array|null Data necessary to create the editor. */ public function getDataFromName($name): ?array { global $db, $table; $temp = []; $items = $this->dbi->getTriggers($db, $table, ''); foreach ($items as $value) { if ($value['name'] != $name) { continue; } $temp = $value; } if (empty($temp)) { return null; } $retval = []; $retval['create'] = $temp['create']; $retval['drop'] = $temp['drop']; $retval['item_name'] = $temp['name']; $retval['item_table'] = $temp['table']; $retval['item_action_timing'] = $temp['action_timing']; $retval['item_event_manipulation'] = $temp['event_manipulation']; $retval['item_definition'] = $temp['definition']; $retval['item_definer'] = $temp['definer']; return $retval; } /** * Displays a form used to add/edit a trigger * * @param string $db * @param string $table * @param string $mode If the editor will be used to edit a trigger or add a new one: 'edit' or 'add'. * @param array $item Data for the trigger returned by getDataFromRequest() or getDataFromName() */ public function getEditorForm($db, $table, $mode, array $item): string { $query = 'SELECT `TABLE_NAME` FROM `INFORMATION_SCHEMA`.`TABLES` '; $query .= 'WHERE `TABLE_SCHEMA`=\'' . $this->dbi->escapeString($db) . '\' '; $query .= 'AND `TABLE_TYPE` IN (\'BASE TABLE\', \'SYSTEM VERSIONED\')'; $tables = $this->dbi->fetchResult($query); return $this->template->render('database/triggers/editor_form', [ 'db' => $db, 'table' => $table, 'is_edit' => $mode === 'edit', 'item' => $item, 'tables' => $tables, 'time' => $this->time, 'events' => $this->event, 'is_ajax' => $this->response->isAjax(), ]); } /** * Composes the query necessary to create a trigger from an HTTP request. * * @return string The CREATE TRIGGER query. */ public function getQueryFromRequest() { global $db, $errors; $query = 'CREATE '; if (! empty($_POST['item_definer'])) { if (str_contains($_POST['item_definer'], '@')) { $arr = explode('@', $_POST['item_definer']); $query .= 'DEFINER=' . Util::backquote($arr[0]); $query .= '@' . Util::backquote($arr[1]) . ' '; } else { $errors[] = __('The definer must be in the "username@hostname" format!'); } } $query .= 'TRIGGER '; if (! empty($_POST['item_name'])) { $query .= Util::backquote($_POST['item_name']) . ' '; } else { $errors[] = __('You must provide a trigger name!'); } if (! empty($_POST['item_timing']) && in_array($_POST['item_timing'], $this->time)) { $query .= $_POST['item_timing'] . ' '; } else { $errors[] = __('You must provide a valid timing for the trigger!'); } if (! empty($_POST['item_event']) && in_array($_POST['item_event'], $this->event)) { $query .= $_POST['item_event'] . ' '; } else { $errors[] = __('You must provide a valid event for the trigger!'); } $query .= 'ON '; if (! empty($_POST['item_table']) && in_array($_POST['item_table'], $this->dbi->getTables($db))) { $query .= Util::backquote($_POST['item_table']); } else { $errors[] = __('You must provide a valid table name!'); } $query .= ' FOR EACH ROW '; if (! empty($_POST['item_definition'])) { $query .= $_POST['item_definition']; } else { $errors[] = __('You must provide a trigger definition.'); } return $query; } /** * @param string $createStatement Query * @param array $errors Errors * * @return array */ private function checkResult($createStatement, array $errors) { // OMG, this is really bad! We dropped the query, // failed to create a new one // and now even the backup query does not execute! // This should not happen, but we better handle // this just in case. $errors[] = __('Sorry, we failed to restore the dropped trigger.') . '<br>' . __('The backed up query was:') . '"' . htmlspecialchars($createStatement) . '"<br>' . __('MySQL said: ') . $this->dbi->getError(); return $errors; } /** * Send editor via ajax or by echoing. * * @param string $mode Editor mode 'add' or 'edit' * @param array|null $item Data necessary to create the editor * @param string $title Title of the editor * @param string $db Database * @param string $table Table */ private function sendEditor($mode, ?array $item, $title, $db, $table): void { if ($item !== null) { $editor = $this->getEditorForm($db, $table, $mode, $item); if ($this->response->isAjax()) { $this->response->addJSON('message', $editor); $this->response->addJSON('title', $title); } else { echo "\n\n<h2>" . $title . "</h2>\n\n" . $editor; unset($_POST); } exit; } $message = __('Error in processing request:') . ' '; $message .= sprintf( __('No trigger with name %1$s found in database %2$s.'), htmlspecialchars(Util::backquote($_REQUEST['item_name'])), htmlspecialchars(Util::backquote($db)) ); $message = Message::error($message); if ($this->response->isAjax()) { $this->response->setRequestStatus(false); $this->response->addJSON('message', $message); exit; } echo $message->getDisplay(); } private function export(): void { global $db, $table; if (empty($_GET['export_item']) || empty($_GET['item_name'])) { return; } $itemName = $_GET['item_name']; $triggers = $this->dbi->getTriggers($db, $table, ''); $exportData = false; foreach ($triggers as $trigger) { if ($trigger['name'] === $itemName) { $exportData = $trigger['create']; break; } } if ($exportData !== false) { $title = sprintf(__('Export of trigger %s'), htmlspecialchars(Util::backquote($itemName))); if ($this->response->isAjax()) { $this->response->addJSON('message', htmlspecialchars(trim($exportData))); $this->response->addJSON('title', $title); exit; } $this->response->addHTML($this->template->render('database/triggers/export', [ 'data' => $exportData, 'item_name' => $itemName, ])); return; } $message = sprintf( __('Error in processing request: No trigger with name %1$s found in database %2$s.'), htmlspecialchars(Util::backquote($itemName)), htmlspecialchars(Util::backquote($db)) ); $message = Message::error($message); if ($this->response->isAjax()) { $this->response->setRequestStatus(false); $this->response->addJSON('message', $message); exit; } $this->response->addHTML($message->getDisplay()); } }