File Manager

Hackfut Security File Manager

Current Path: /mnt/ceph/services/websiteos/phpmyadmin/phpMyAdmin-5.0.4-all-languages

mnt / ceph / services / websiteos / phpmyadmin / phpMyAdmin-5.0.4-all-languages /

📁 ..
📄 CONTRIBUTING.md(2.53 KB)
📄 ChangeLog(32.24 KB)
📄 LICENSE(17.67 KB)
📄 README(1.48 KB)
📄 RELEASE-DATE-5.0.4(29 B)
📄 ajax.php(1.96 KB)
📄 browse_foreigners.php(1.77 KB)
📄 changelog.php(3.04 KB)
📄 chk_rel.php(1.16 KB)
📄 composer.json(3.47 KB)
📄 composer.lock(170.01 KB)
📄 config.inc.php(317 B)
📁 config_template
📄 db_central_columns.php(4.5 KB)
📄 db_datadict.php(730 B)
📄 db_designer.php(7.6 KB)
📄 db_events.php(1.96 KB)
📄 db_export.php(5 KB)
📄 db_import.php(1.08 KB)
📄 db_multi_table_query.php(1.42 KB)
📄 db_operations.php(9.64 KB)
📄 db_qbe.php(5.19 KB)
📄 db_routines.php(2.2 KB)
📄 db_search.php(2.17 KB)
📄 db_sql.php(1.18 KB)
📄 db_sql_autocomplete.php(1.01 KB)
📄 db_sql_format.php(613 B)
📄 db_structure.php(2 KB)
📄 db_tracking.php(3.58 KB)
📄 db_triggers.php(1.96 KB)
📁 doc
📄 error_report.php(4.64 KB)
📁 examples
📄 export.php(16.93 KB)
📄 favicon.ico(21.96 KB)
📄 gis_data_editor.php(3.83 KB)
📄 import.php(24.03 KB)
📄 import_status.php(3.65 KB)
📄 index.php(3.01 KB)
📁 js
📁 libraries
📄 license.php(1021 B)
📄 lint.php(1.52 KB)
📁 locale
📁 login
📄 logout.php(437 B)
📄 navigation.php(2.58 KB)
📄 normalization.php(4.48 KB)
📄 package.json(1.42 KB)
📄 phpinfo.php(633 B)
📄 prefs_forms.php(3.02 KB)
📄 prefs_manage.php(7.29 KB)
📄 prefs_twofactor.php(1.93 KB)
📄 print.css(1.18 KB)
📄 robots.txt(26 B)
📄 schema_export.php(861 B)
📄 server_binlog.php(733 B)
📄 server_collations.php(626 B)
📄 server_databases.php(1.74 KB)
📄 server_engines.php(797 B)
📄 server_export.php(1.22 KB)
📄 server_import.php(833 B)
📄 server_plugins.php(595 B)
📄 server_privileges.php(14.8 KB)
📄 server_replication.php(1.57 KB)
📄 server_sql.php(1.06 KB)
📄 server_status.php(1.01 KB)
📄 server_status_advisor.php(885 B)
📄 server_status_monitor.php(3.22 KB)
📄 server_status_processes.php(1.78 KB)
📄 server_status_queries.php(1.34 KB)
📄 server_status_variables.php(1.31 KB)
📄 server_user_groups.php(2.16 KB)
📄 server_variables.php(1.08 KB)
📄 services.yml(3.09 KB)
📄 services_controllers.yml(8.4 KB)
📁 setup
📄 show_config_errors.php(1.23 KB)
📁 sql
📄 sql.php(6.73 KB)
📄 tbl_addfield.php(4.33 KB)
📄 tbl_change.php(6.86 KB)
📄 tbl_chart.php(1.13 KB)
📄 tbl_create.php(3.92 KB)
📄 tbl_export.php(2.9 KB)
📄 tbl_find_replace.php(1.29 KB)
📄 tbl_get_field.php(2.05 KB)
📄 tbl_gis_visualization.php(1.64 KB)
📄 tbl_import.php(895 B)
📄 tbl_indexes.php(1.23 KB)
📄 tbl_operations.php(15.43 KB)
📄 tbl_recent_favorite.php(590 B)
📄 tbl_relation.php(2.81 KB)
📄 tbl_replace.php(17.51 KB)
📄 tbl_row_action.php(5.48 KB)
📄 tbl_select.php(1.29 KB)
📄 tbl_sql.php(1.23 KB)
📄 tbl_structure.php(2.31 KB)
📄 tbl_tracking.php(5.33 KB)
📄 tbl_triggers.php(265 B)
📄 tbl_zoom_select.php(1.22 KB)
📁 templates
📁 themes
📄 themes.php(894 B)
📄 transformation_overview.php(846 B)
📄 transformation_wrapper.php(5.26 KB)
📄 url.php(1.56 KB)
📄 user_password.php(2.18 KB)
📁 vendor
📄 version_check.php(1.17 KB)
📄 view_create.php(7.02 KB)
📄 view_operations.php(3.45 KB)
📄 yarn.lock(109.31 KB)

Editing: sql.php

<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
 * SQL executor
 *
 * @todo    we must handle the case if sql.php is called directly with a query
 *          that returns 0 rows - to prevent cyclic redirects or includes
 * @package PhpMyAdmin
 */
declare(strict_types=1);

use PhpMyAdmin\CheckUserPrivileges;
use PhpMyAdmin\Config\PageSettings;
use PhpMyAdmin\DatabaseInterface;
use PhpMyAdmin\ParseAnalyze;
use PhpMyAdmin\Response;
use PhpMyAdmin\Sql;
use PhpMyAdmin\Url;
use PhpMyAdmin\Util;
use PhpMyAdmin\Core;

if (! defined('ROOT_PATH')) {
    define('ROOT_PATH', __DIR__ . DIRECTORY_SEPARATOR);
}

global $cfg, $containerBuilder, $pmaThemeImage;

require_once ROOT_PATH . 'libraries/common.inc.php';

/** @var Response $response */
$response = $containerBuilder->get(Response::class);

/** @var DatabaseInterface $dbi */
$dbi = $containerBuilder->get(DatabaseInterface::class);

/** @var CheckUserPrivileges $checkUserPrivileges */
$checkUserPrivileges = $containerBuilder->get('check_user_privileges');
$checkUserPrivileges->getPrivileges();

PageSettings::showGroup('Browse');

$header = $response->getHeader();
$scripts = $header->getScripts();
$scripts->addFile('vendor/jquery/jquery.uitablefilter.js');
$scripts->addFile('table/change.js');
$scripts->addFile('indexes.js');
$scripts->addFile('vendor/stickyfill.min.js');
$scripts->addFile('gis_data_editor.js');
$scripts->addFile('multi_column_sort.js');

/** @var Sql $sql */
$sql = $containerBuilder->get('sql');

/**
 * Set ajax_reload in the response if it was already set
 */
if (isset($ajax_reload) && $ajax_reload['reload'] === true) {
    $response->addJSON('ajax_reload', $ajax_reload);
}

/**
 * Defines the url to return to in case of error in a sql statement
 */
$is_gotofile  = true;
if (empty($goto)) {
    if (empty($table)) {
        $goto = Util::getScriptNameForOption(
            $cfg['DefaultTabDatabase'],
            'database'
        );
    } else {
        $goto = Util::getScriptNameForOption(
            $cfg['DefaultTabTable'],
            'table'
        );
    }
} // end if

if (! isset($err_url)) {
    $err_url = (! empty($back) ? $back : $goto)
        . '?' . Url::getCommon(['db' => $GLOBALS['db']])
        . ((mb_strpos(' ' . $goto, 'db_') != 1
            && strlen($table) > 0)
            ? '&amp;table=' . urlencode($table)
            : ''
        );
} // end if

// Coming from a bookmark dialog
if (isset($_POST['bkm_fields']['bkm_sql_query'])) {
    $sql_query = $_POST['bkm_fields']['bkm_sql_query'];
} elseif (isset($_POST['sql_query'])) {
    $sql_query = $_POST['sql_query'];
} elseif (isset($_GET['sql_query']) && isset($_GET['sql_signature'])) {
    if (Core::checkSqlQuerySignature($_GET['sql_query'], $_GET['sql_signature'])) {
        $sql_query = $_GET['sql_query'];
    }
}

// This one is just to fill $db
if (isset($_POST['bkm_fields']['bkm_database'])) {
    $db = $_POST['bkm_fields']['bkm_database'];
}

// During grid edit, if we have a relational field, show the dropdown for it.
if (isset($_POST['get_relational_values'])
    && $_POST['get_relational_values'] == true
) {
    $sql->getRelationalValues($db, $table);
    // script has exited at this point
}

// Just like above, find possible values for enum fields during grid edit.
if (isset($_POST['get_enum_values']) && $_POST['get_enum_values'] == true) {
    $sql->getEnumOrSetValues($db, $table, "enum");
    // script has exited at this point
}

// Find possible values for set fields during grid edit.
if (isset($_POST['get_set_values']) && $_POST['get_set_values'] == true) {
    $sql->getEnumOrSetValues($db, $table, "set");
    // script has exited at this point
}

if (isset($_GET['get_default_fk_check_value'])
    && $_GET['get_default_fk_check_value'] == true
) {
    $response = Response::getInstance();
    $response->addJSON(
        'default_fk_check_value',
        Util::isForeignKeyCheck()
    );
    exit;
}

/**
 * Check ajax request to set the column order and visibility
 */
if (isset($_POST['set_col_prefs']) && $_POST['set_col_prefs'] == true) {
    $sql->setColumnOrderOrVisibility($table, $db);
    // script has exited at this point
}

// Default to browse if no query set and we have table
// (needed for browsing from DefaultTabTable)
if (empty($sql_query) && strlen($table) > 0 && strlen($db) > 0) {
    $sql_query = $sql->getDefaultSqlQueryForBrowse($db, $table);

// set $goto to what will be displayed if query returns 0 rows
    $goto = '';
} else {
    // Now we can check the parameters
    Util::checkParameters(['sql_query']);
}

/**
 * Parse and analyze the query
 */
list(
    $analyzed_sql_results,
    $db,
    $table_from_sql
) = ParseAnalyze::sqlQuery($sql_query, $db);
// @todo: possibly refactor
extract($analyzed_sql_results);

if ($table != $table_from_sql && ! empty($table_from_sql)) {
    $table = $table_from_sql;
}

/**
 * Check rights in case of DROP DATABASE
 *
 * This test may be bypassed if $is_js_confirmed = 1 (already checked with js)
 * but since a malicious user may pass this variable by url/form, we don't take
 * into account this case.
 */
if ($sql->hasNoRightsToDropDatabase(
    $analyzed_sql_results,
    $cfg['AllowUserDropDatabase'],
    $dbi->isSuperuser()
)) {
    Util::mysqlDie(
        __('"DROP DATABASE" statements are disabled.'),
        '',
        false,
        $err_url
    );
} // end if

/**
 * Need to find the real end of rows?
 */
if (isset($find_real_end) && $find_real_end) {
    $unlim_num_rows = $sql->findRealEndOfRows($db, $table);
}

/**
 * Bookmark add
 */
if (isset($_POST['store_bkm'])) {
    $sql->addBookmark($goto);
    // script has exited at this point
} // end if

/**
 * Sets or modifies the $goto variable if required
 */
if ($goto == 'sql.php') {
    $is_gotofile = false;
    $goto = 'sql.php' . Url::getCommon(
        [
            'db' => $db,
            'table' => $table,
            'sql_query' => $sql_query,
        ]
    );
} // end if

$sql->executeQueryAndSendQueryResponse(
    $analyzed_sql_results, // analyzed_sql_results
    $is_gotofile, // is_gotofile
    $db, // db
    $table, // table
    isset($find_real_end) ? $find_real_end : null, // find_real_end
    isset($import_text) ? $import_text : null, // sql_query_for_bookmark
    isset($extra_data) ? $extra_data : null, // extra_data
    isset($message_to_show) ? $message_to_show : null, // message_to_show
    isset($message) ? $message : null, // message
    isset($sql_data) ? $sql_data : null, // sql_data
    $goto, // goto
    $pmaThemeImage, // pmaThemeImage
    isset($disp_query) ? $display_query : null, // disp_query
    isset($disp_message) ? $disp_message : null, // disp_message
    isset($query_type) ? $query_type : null, // query_type
    $sql_query, // sql_query
    isset($selected) ? $selected : null, // selectedTables
    isset($complete_query) ? $complete_query : null // complete_query
);

Hackfut Security File Manager

Editing: sql.php

Upload File

Create Folder