adminerevo/adminer/include/bootstrap.inc.php

<?php
error_reporting(6135); // errors and warnings

include "../adminer/include/coverage.inc.php";

// disable filter.default
$filter = (!ereg('^(unsafe_raw)?$', ini_get("filter.default")) || ini_get("filter.default_flags"));
if ($filter) {
	foreach (array('_GET', '_POST', '_COOKIE', '_SERVER') as $val) {
		$unsafe = filter_input_array(constant("INPUT$val"), FILTER_UNSAFE_RAW);
		if ($unsafe) {
			$$val = $unsafe;
		}
	}
}

// used only in compiled file
if (isset($_GET["file"])) {
	header("Expires: " . gmdate("D, d M Y H:i:s", time() + 365*24*60*60) . " GMT");
	if ($_GET["file"] == "favicon.ico") {
		header("Content-Type: image/x-icon");
		echo base64_decode("compile_file('../adminer/favicon.ico', 'base64_encode');");
	} elseif ($_GET["file"] == "default.css") {
		header("Content-Type: text/css");
		?>compile_file('../adminer/default.css', 'minify_css');<?php
	} elseif ($_GET["file"] == "functions.js") {
		header("Content-Type: text/javascript");
		?>compile_file('../adminer/functions.js', 'JSMin::minify');compile_file('editing.js', 'JSMin::minify');<?php
	} else {
		header("Content-Type: image/gif");
		switch ($_GET["file"]) {
			case "plus.gif": echo base64_decode("compile_file('../adminer/plus.gif', 'base64_encode');"); break;
			case "cross.gif": echo base64_decode("compile_file('../adminer/cross.gif', 'base64_encode');"); break;
			case "up.gif": echo base64_decode("compile_file('../adminer/up.gif', 'base64_encode');"); break;
			case "down.gif": echo base64_decode("compile_file('../adminer/down.gif', 'base64_encode');"); break;
			case "arrow.gif": echo base64_decode("compile_file('../adminer/arrow.gif', 'base64_encode');"); break;
		}
	}
	exit;
}

if (!isset($_SERVER["REQUEST_URI"])) {
	$_SERVER["REQUEST_URI"] = $_SERVER["ORIG_PATH_INFO"] . (strlen($_SERVER["QUERY_STRING"]) ? "?$_SERVER[QUERY_STRING]" : "");
}

if (!ini_get("session.auto_start")) {
	// use specific session name to get own namespace
	session_name("adminer_sid");
	session_set_cookie_params(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"])); //! use HttpOnly in PHP 5
	session_start();
}

// disable magic quotes to be able to use database escaping function
if (get_magic_quotes_gpc()) {
    $process = array(&$_GET, &$_POST, &$_COOKIE);
    while (list($key, $val) = each($process)) {
        foreach ($val as $k => $v) {
            unset($process[$key][$k]);
            if (is_array($v)) {
                $process[$key][stripslashes($k)] = $v;
                $process[] = &$process[$key][stripslashes($k)];
            } else {
                $process[$key][stripslashes($k)] = ($filter ? $v : stripslashes($v));
            }
        }
    }
    unset($process);
}
set_magic_quotes_runtime(false);
@set_time_limit(0); // @ - can be disabled

define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?' . (strlen($_GET["server"]) ? 'server=' . urlencode($_GET["server"]) . '&' : '') . (strlen($_GET["db"]) ? 'db=' . urlencode($_GET["db"]) . '&' : ''));
$on_actions = array("RESTRICT", "CASCADE", "SET NULL", "NO ACTION"); // used in foreign_keys()

include "../adminer/include/version.inc.php";
include "../adminer/include/functions.inc.php";
include "../adminer/include/lang.inc.php";
include "../adminer/lang/$LANG.inc.php";
include "./include/adminer.inc.php";
$adminer = (function_exists('adminer_object') ? adminer_object() : new Adminer);
include "../adminer/include/design.inc.php";
include "../adminer/include/pdo.inc.php";
include "../adminer/include/mysql.inc.php";
include "../adminer/include/auth.inc.php";
include "./include/connect.inc.php";
include "./include/editing.inc.php";
include "./include/export.inc.php";

$confirm = " onclick=\"return confirm('" . lang('Are you sure?') . "');\"";
$token = $_SESSION["tokens"][$_GET["server"]];
$error = ($_POST
	? ($_POST["token"] == $token ? "" : lang('Invalid CSRF token. Send the form again.'))
	: ($_SERVER["REQUEST_METHOD"] != "POST" ? "" : lang('Too big POST data. Reduce the data or increase the "post_max_size" configuration directive.')) // posted form with no data means that post_max_size exceeded because Adminer always sends token at least
);
Separate bootstrap git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@784 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-03 05:16:39 +00:00			`<?php`
Report user errors git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1016 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-08-25 16:29:59 +00:00			`error_reporting(6135); // errors and warnings`
Separate bootstrap git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@784 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-03 05:16:39 +00:00
Save coverage to database git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@906 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-24 15:50:35 +00:00			`include "../adminer/include/coverage.inc.php";`

Separate bootstrap git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@784 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-03 05:16:39 +00:00			`// disable filter.default`
Filter can return null git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@795 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-03 10:10:40 +00:00			`$filter = (!ereg('^(unsafe_raw)?$', ini_get("filter.default")) \|\| ini_get("filter.default_flags"));`
Separate bootstrap git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@784 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-03 05:16:39 +00:00			`if ($filter) {`
Filter can return null git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@795 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-03 10:10:40 +00:00			`foreach (array('_GET', '_POST', '_COOKIE', '_SERVER') as $val) {`
			`$unsafe = filter_input_array(constant("INPUT$val"), FILTER_UNSAFE_RAW);`
			`if ($unsafe) {`
			`$$val = $unsafe;`
			`}`
			`}`
Separate bootstrap git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@784 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-03 05:16:39 +00:00			`}`

			`// used only in compiled file`
			`if (isset($_GET["file"])) {`
			`header("Expires: " . gmdate("D, d M Y H:i:s", time() + 3652460*60) . " GMT");`
			`if ($_GET["file"] == "favicon.ico") {`
			`header("Content-Type: image/x-icon");`
Join editing.js in compilation git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@815 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-13 21:40:43 +00:00			`echo base64_decode("compile_file('../adminer/favicon.ico', 'base64_encode');");`
Separate bootstrap git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@784 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-03 05:16:39 +00:00			`} elseif ($_GET["file"] == "default.css") {`
			`header("Content-Type: text/css");`
Join editing.js in compilation git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@815 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-13 21:40:43 +00:00			`?>compile_file('../adminer/default.css', 'minify_css');<?php`
Separate bootstrap git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@784 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-03 05:16:39 +00:00			`} elseif ($_GET["file"] == "functions.js") {`
			`header("Content-Type: text/javascript");`
Join editing.js in compilation git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@815 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-13 21:40:43 +00:00			`?>compile_file('../adminer/functions.js', 'JSMin::minify');compile_file('editing.js', 'JSMin::minify');<?php`
Separate bootstrap git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@784 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-03 05:16:39 +00:00			`} else {`
			`header("Content-Type: image/gif");`
			`switch ($_GET["file"]) {`
Join editing.js in compilation git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@815 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-13 21:40:43 +00:00			`case "plus.gif": echo base64_decode("compile_file('../adminer/plus.gif', 'base64_encode');"); break;`
			`case "cross.gif": echo base64_decode("compile_file('../adminer/cross.gif', 'base64_encode');"); break;`
			`case "up.gif": echo base64_decode("compile_file('../adminer/up.gif', 'base64_encode');"); break;`
			`case "down.gif": echo base64_decode("compile_file('../adminer/down.gif', 'base64_encode');"); break;`
			`case "arrow.gif": echo base64_decode("compile_file('../adminer/arrow.gif', 'base64_encode');"); break;`
Separate bootstrap git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@784 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-03 05:16:39 +00:00			`}`
			`}`
			`exit;`
			`}`

Function verify_version doesn't use version parameter Don't preselect first option in foreign key edit Prefill insert by foreign key searches REQUEST_URI is used earlier Change variable $SELF to constant ME Denote required fields in Editor git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@944 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-30 08:12:54 +00:00			`if (!isset($_SERVER["REQUEST_URI"])) {`
			`$_SERVER["REQUEST_URI"] = $_SERVER["ORIG_PATH_INFO"] . (strlen($_SERVER["QUERY_STRING"]) ? "?$_SERVER[QUERY_STRING]" : "");`
			`}`

Separate bootstrap git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@784 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-03 05:16:39 +00:00			`if (!ini_get("session.auto_start")) {`
			`// use specific session name to get own namespace`
			`session_name("adminer_sid");`
			`session_set_cookie_params(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"])); //! use HttpOnly in PHP 5`
			`session_start();`
			`}`

			`// disable magic quotes to be able to use database escaping function`
			`if (get_magic_quotes_gpc()) {`
			`$process = array(&$_GET, &$_POST, &$_COOKIE);`
			`while (list($key, $val) = each($process)) {`
			`foreach ($val as $k => $v) {`
			`unset($process[$key][$k]);`
			`if (is_array($v)) {`
			`$process[$key][stripslashes($k)] = $v;`
			`$process[] = &$process[$key][stripslashes($k)];`
			`} else {`
			`$process[$key][stripslashes($k)] = ($filter ? $v : stripslashes($v));`
			`}`
			`}`
			`}`
			`unset($process);`
			`}`
			`set_magic_quotes_runtime(false);`
Always set time limit (fixes #2844071) git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1006 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-08-25 12:11:12 +00:00			`@set_time_limit(0); // @ - can be disabled`
Editor: User friendly data editor git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@787 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-03 06:26:01 +00:00
Function verify_version doesn't use version parameter Don't preselect first option in foreign key edit Prefill insert by foreign key searches REQUEST_URI is used earlier Change variable $SELF to constant ME Denote required fields in Editor git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@944 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-30 08:12:54 +00:00			`define("ME", preg_replace('~^[^?]/([^?]).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?' . (strlen($_GET["server"]) ? 'server=' . urlencode($_GET["server"]) . '&' : '') . (strlen($_GET["db"]) ? 'db=' . urlencode($_GET["db"]) . '&' : ''));`
E-mail sending Change Adminer class to adminer_ functions.inc.php Unify includes Unify adminer_credentials() Don't use JUSH in Editor Separate identifier and description in breadcrumb Simplify where() git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@800 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-11 19:45:57 +00:00			`$on_actions = array("RESTRICT", "CASCADE", "SET NULL", "NO ACTION"); // used in foreign_keys()`

			`include "../adminer/include/version.inc.php";`
			`include "../adminer/include/functions.inc.php";`
			`include "../adminer/include/lang.inc.php";`
Join translations git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@876 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-22 12:55:54 +00:00			`include "../adminer/lang/$LANG.inc.php";`
E-mail sending Change Adminer class to adminer_ functions.inc.php Unify includes Unify adminer_credentials() Don't use JUSH in Editor Separate identifier and description in breadcrumb Simplify where() git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@800 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-11 19:45:57 +00:00			`include "./include/adminer.inc.php";`
Adminer class git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@913 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-27 11:25:37 +00:00			`$adminer = (function_exists('adminer_object') ? adminer_object() : new Adminer);`
E-mail sending Change Adminer class to adminer_ functions.inc.php Unify includes Unify adminer_credentials() Don't use JUSH in Editor Separate identifier and description in breadcrumb Simplify where() git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@800 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-11 19:45:57 +00:00			`include "../adminer/include/design.inc.php";`
			`include "../adminer/include/pdo.inc.php";`
			`include "../adminer/include/mysql.inc.php";`
Customize login and login form git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@860 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-21 12:19:25 +00:00			`include "../adminer/include/auth.inc.php";`
E-mail sending Change Adminer class to adminer_ functions.inc.php Unify includes Unify adminer_credentials() Don't use JUSH in Editor Separate identifier and description in breadcrumb Simplify where() git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@800 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-11 19:45:57 +00:00			`include "./include/connect.inc.php";`
			`include "./include/editing.inc.php";`
			`include "./include/export.inc.php";`
Centralize common variables git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@842 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-16 14:06:33 +00:00
			`$confirm = " onclick=\"return confirm('" . lang('Are you sure?') . "');\"";`
			`$token = $_SESSION["tokens"][$_GET["server"]];`
			`$error = ($_POST`
Exception to CSRF can be abused in Editor git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@852 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-20 11:59:11 +00:00			`? ($_POST["token"] == $token ? "" : lang('Invalid CSRF token. Send the form again.'))`
Centralize common variables git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@842 7c3ca157-0c34-0410-bff1-cbf682f78f5c 2009-07-16 14:06:33 +00:00			`: ($_SERVER["REQUEST_METHOD"] != "POST" ? "" : lang('Too big POST data. Reduce the data or increase the "post_max_size" configuration directive.')) // posted form with no data means that post_max_size exceeded because Adminer always sends token at least`
			`);`