InsertEdit.php 90 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534
  1. <?php
  2. /**
  3. * set of functions with the insert/edit features in pma
  4. */
  5. declare(strict_types=1);
  6. namespace PhpMyAdmin;
  7. use PhpMyAdmin\ConfigStorage\Relation;
  8. use PhpMyAdmin\Dbal\ResultInterface;
  9. use PhpMyAdmin\Html\Generator;
  10. use PhpMyAdmin\Plugins\TransformationsPlugin;
  11. use PhpMyAdmin\Utils\Gis;
  12. use function __;
  13. use function array_fill;
  14. use function array_key_exists;
  15. use function array_keys;
  16. use function array_merge;
  17. use function array_values;
  18. use function bin2hex;
  19. use function class_exists;
  20. use function count;
  21. use function current;
  22. use function date;
  23. use function explode;
  24. use function htmlspecialchars;
  25. use function implode;
  26. use function in_array;
  27. use function is_array;
  28. use function is_file;
  29. use function is_string;
  30. use function max;
  31. use function mb_stripos;
  32. use function mb_strlen;
  33. use function mb_strstr;
  34. use function md5;
  35. use function method_exists;
  36. use function min;
  37. use function password_hash;
  38. use function preg_match;
  39. use function preg_replace;
  40. use function str_contains;
  41. use function str_replace;
  42. use function stripcslashes;
  43. use function stripslashes;
  44. use function strlen;
  45. use function substr;
  46. use function time;
  47. use function trim;
  48. use const ENT_COMPAT;
  49. use const PASSWORD_DEFAULT;
  50. /**
  51. * PhpMyAdmin\InsertEdit class
  52. */
  53. class InsertEdit
  54. {
  55. /**
  56. * DatabaseInterface instance
  57. *
  58. * @var DatabaseInterface
  59. */
  60. private $dbi;
  61. /** @var Relation */
  62. private $relation;
  63. /** @var Transformations */
  64. private $transformations;
  65. /** @var FileListing */
  66. private $fileListing;
  67. /** @var Template */
  68. public $template;
  69. /**
  70. * @param DatabaseInterface $dbi DatabaseInterface instance
  71. */
  72. public function __construct(DatabaseInterface $dbi)
  73. {
  74. $this->dbi = $dbi;
  75. $this->relation = new Relation($this->dbi);
  76. $this->transformations = new Transformations();
  77. $this->fileListing = new FileListing();
  78. $this->template = new Template();
  79. }
  80. /**
  81. * Retrieve form parameters for insert/edit form
  82. *
  83. * @param string $db name of the database
  84. * @param string $table name of the table
  85. * @param array|null $whereClauses where clauses
  86. * @param array $whereClauseArray array of where clauses
  87. * @param string $errorUrl error url
  88. *
  89. * @return array array of insert/edit form parameters
  90. */
  91. public function getFormParametersForInsertForm(
  92. $db,
  93. $table,
  94. ?array $whereClauses,
  95. array $whereClauseArray,
  96. $errorUrl
  97. ): array {
  98. $formParams = [
  99. 'db' => $db,
  100. 'table' => $table,
  101. 'goto' => $GLOBALS['goto'],
  102. 'err_url' => $errorUrl,
  103. 'sql_query' => $_POST['sql_query'] ?? '',
  104. ];
  105. if ($formParams['sql_query'] === '' && isset($_GET['sql_query'], $_GET['sql_signature'])) {
  106. if (Core::checkSqlQuerySignature($_GET['sql_query'], $_GET['sql_signature'])) {
  107. $formParams['sql_query'] = $_GET['sql_query'];
  108. }
  109. }
  110. if (isset($whereClauses)) {
  111. foreach ($whereClauseArray as $keyId => $whereClause) {
  112. $formParams['where_clause[' . $keyId . ']'] = trim($whereClause);
  113. }
  114. }
  115. if (isset($_POST['clause_is_unique'])) {
  116. $formParams['clause_is_unique'] = $_POST['clause_is_unique'];
  117. } elseif (isset($_GET['clause_is_unique'])) {
  118. $formParams['clause_is_unique'] = $_GET['clause_is_unique'];
  119. }
  120. return $formParams;
  121. }
  122. /**
  123. * Creates array of where clauses
  124. *
  125. * @param array|string|null $whereClause where clause
  126. *
  127. * @return array whereClauseArray array of where clauses
  128. */
  129. private function getWhereClauseArray($whereClause): array
  130. {
  131. if ($whereClause === null) {
  132. return [];
  133. }
  134. if (is_array($whereClause)) {
  135. return $whereClause;
  136. }
  137. return [0 => $whereClause];
  138. }
  139. /**
  140. * Analysing where clauses array
  141. *
  142. * @param array $whereClauseArray array of where clauses
  143. * @param string $table name of the table
  144. * @param string $db name of the database
  145. *
  146. * @return array $where_clauses, $result, $rows, $found_unique_key
  147. */
  148. private function analyzeWhereClauses(
  149. array $whereClauseArray,
  150. $table,
  151. $db
  152. ): array {
  153. $rows = [];
  154. $result = [];
  155. $whereClauses = [];
  156. $foundUniqueKey = false;
  157. foreach ($whereClauseArray as $keyId => $whereClause) {
  158. $localQuery = 'SELECT * FROM '
  159. . Util::backquote($db) . '.'
  160. . Util::backquote($table)
  161. . ' WHERE ' . $whereClause . ';';
  162. $result[$keyId] = $this->dbi->query($localQuery);
  163. $rows[$keyId] = $result[$keyId]->fetchAssoc();
  164. $whereClauses[$keyId] = str_replace('\\', '\\\\', $whereClause);
  165. $hasUniqueCondition = $this->showEmptyResultMessageOrSetUniqueCondition(
  166. $rows,
  167. $keyId,
  168. $whereClauseArray,
  169. $localQuery,
  170. $result
  171. );
  172. if (! $hasUniqueCondition) {
  173. continue;
  174. }
  175. $foundUniqueKey = true;
  176. }
  177. return [
  178. $whereClauses,
  179. $result,
  180. $rows,
  181. $foundUniqueKey,
  182. ];
  183. }
  184. /**
  185. * Show message for empty result or set the unique_condition
  186. *
  187. * @param array $rows MySQL returned rows
  188. * @param string $keyId ID in current key
  189. * @param array $whereClauseArray array of where clauses
  190. * @param string $localQuery query performed
  191. * @param ResultInterface[] $result MySQL result handle
  192. */
  193. private function showEmptyResultMessageOrSetUniqueCondition(
  194. array $rows,
  195. $keyId,
  196. array $whereClauseArray,
  197. $localQuery,
  198. array $result
  199. ): bool {
  200. // No row returned
  201. if (! $rows[$keyId]) {
  202. unset($rows[$keyId], $whereClauseArray[$keyId]);
  203. ResponseRenderer::getInstance()->addHTML(
  204. Generator::getMessage(
  205. __('MySQL returned an empty result set (i.e. zero rows).'),
  206. $localQuery
  207. )
  208. );
  209. /**
  210. * @todo not sure what should be done at this point, but we must not
  211. * exit if we want the message to be displayed
  212. */
  213. return false;
  214. }
  215. $meta = $this->dbi->getFieldsMeta($result[$keyId]);
  216. [$uniqueCondition] = Util::getUniqueCondition(
  217. count($meta),
  218. $meta,
  219. $rows[$keyId],
  220. true
  221. );
  222. return (bool) $uniqueCondition;
  223. }
  224. /**
  225. * No primary key given, just load first row
  226. *
  227. * @param string $table name of the table
  228. * @param string $db name of the database
  229. *
  230. * @return array containing $result and $rows arrays
  231. */
  232. private function loadFirstRow($table, $db)
  233. {
  234. $result = $this->dbi->query(
  235. 'SELECT * FROM ' . Util::backquote($db)
  236. . '.' . Util::backquote($table) . ' LIMIT 1;'
  237. );
  238. // Can be a string on some old configuration storage settings
  239. $rows = array_fill(0, (int) $GLOBALS['cfg']['InsertRows'], false);
  240. return [
  241. $result,
  242. $rows,
  243. ];
  244. }
  245. /**
  246. * Add some url parameters
  247. *
  248. * @param array $urlParams containing $db and $table as url parameters
  249. * @param array $whereClauseArray where clauses array
  250. *
  251. * @return array Add some url parameters to $url_params array and return it
  252. */
  253. public function urlParamsInEditMode(
  254. array $urlParams,
  255. array $whereClauseArray
  256. ): array {
  257. foreach ($whereClauseArray as $whereClause) {
  258. $urlParams['where_clause'] = trim($whereClause);
  259. }
  260. if (! empty($_POST['sql_query'])) {
  261. $urlParams['sql_query'] = $_POST['sql_query'];
  262. }
  263. return $urlParams;
  264. }
  265. /**
  266. * Show type information or function selectors in Insert/Edit
  267. *
  268. * @param string $which function|type
  269. * @param array $urlParams containing url parameters
  270. * @param bool $isShow whether to show the element in $which
  271. *
  272. * @return string an HTML snippet
  273. */
  274. public function showTypeOrFunction($which, array $urlParams, $isShow): string
  275. {
  276. $params = [];
  277. switch ($which) {
  278. case 'function':
  279. $params['ShowFunctionFields'] = ($isShow ? 0 : 1);
  280. $params['ShowFieldTypesInDataEditView'] = $GLOBALS['cfg']['ShowFieldTypesInDataEditView'];
  281. break;
  282. case 'type':
  283. $params['ShowFieldTypesInDataEditView'] = ($isShow ? 0 : 1);
  284. $params['ShowFunctionFields'] = $GLOBALS['cfg']['ShowFunctionFields'];
  285. break;
  286. }
  287. $params['goto'] = Url::getFromRoute('/sql');
  288. $thisUrlParams = array_merge($urlParams, $params);
  289. if (! $isShow) {
  290. return ' : <a href="' . Url::getFromRoute('/table/change') . '" data-post="'
  291. . Url::getCommon($thisUrlParams, '', false) . '">'
  292. . $this->showTypeOrFunctionLabel($which)
  293. . '</a>';
  294. }
  295. return '<th><a href="' . Url::getFromRoute('/table/change') . '" data-post="'
  296. . Url::getCommon($thisUrlParams, '', false)
  297. . '" title="' . __('Hide') . '">'
  298. . $this->showTypeOrFunctionLabel($which)
  299. . '</a></th>';
  300. }
  301. /**
  302. * Show type information or function selectors labels in Insert/Edit
  303. *
  304. * @param string $which function|type
  305. *
  306. * @return string an HTML snippet
  307. */
  308. private function showTypeOrFunctionLabel($which): string
  309. {
  310. switch ($which) {
  311. case 'function':
  312. return __('Function');
  313. case 'type':
  314. return __('Type');
  315. }
  316. return '';
  317. }
  318. /**
  319. * Analyze the table column array
  320. *
  321. * @param array $column description of column in given table
  322. * @param array $commentsMap comments for every column that has a comment
  323. * @param bool $timestampSeen whether a timestamp has been seen
  324. *
  325. * @return array description of column in given table
  326. */
  327. private function analyzeTableColumnsArray(
  328. array $column,
  329. array $commentsMap,
  330. $timestampSeen
  331. ) {
  332. $column['Field_md5'] = md5($column['Field']);
  333. // True_Type contains only the type (stops at first bracket)
  334. $column['True_Type'] = preg_replace('@(\(.*)|(\s/.*)@s', '', $column['Type']);
  335. $column['len'] = preg_match('@float|double@', $column['Type']) ? 100 : -1;
  336. $column['Field_title'] = $this->getColumnTitle($column, $commentsMap);
  337. $column['is_binary'] = $this->isColumn(
  338. $column,
  339. [
  340. 'binary',
  341. 'varbinary',
  342. ]
  343. );
  344. $column['is_blob'] = $this->isColumn(
  345. $column,
  346. [
  347. 'blob',
  348. 'tinyblob',
  349. 'mediumblob',
  350. 'longblob',
  351. ]
  352. );
  353. $column['is_char'] = $this->isColumn(
  354. $column,
  355. [
  356. 'char',
  357. 'varchar',
  358. ]
  359. );
  360. [
  361. $column['pma_type'],
  362. $column['wrap'],
  363. $column['first_timestamp'],
  364. ] = $this->getEnumSetAndTimestampColumns($column, $timestampSeen);
  365. return $column;
  366. }
  367. /**
  368. * Retrieve the column title
  369. *
  370. * @param array $column description of column in given table
  371. * @param array $commentsMap comments for every column that has a comment
  372. *
  373. * @return string column title
  374. */
  375. private function getColumnTitle(array $column, array $commentsMap): string
  376. {
  377. if (isset($commentsMap[$column['Field']])) {
  378. return '<span style="border-bottom: 1px dashed black;" title="'
  379. . htmlspecialchars($commentsMap[$column['Field']]) . '">'
  380. . htmlspecialchars($column['Field']) . '</span>';
  381. }
  382. return htmlspecialchars($column['Field']);
  383. }
  384. /**
  385. * check whether the column is of a certain type
  386. * the goal is to ensure that types such as "enum('one','two','binary',..)"
  387. * or "enum('one','two','varbinary',..)" are not categorized as binary
  388. *
  389. * @param array $column description of column in given table
  390. * @param string[] $types the types to verify
  391. */
  392. public function isColumn(array $column, array $types): bool
  393. {
  394. foreach ($types as $oneType) {
  395. if (mb_stripos($column['Type'], $oneType) === 0) {
  396. return true;
  397. }
  398. }
  399. return false;
  400. }
  401. /**
  402. * Retrieve set, enum, timestamp table columns
  403. *
  404. * @param array $column description of column in given table
  405. * @param bool $timestampSeen whether a timestamp has been seen
  406. *
  407. * @return array $column['pma_type'], $column['wrap'], $column['first_timestamp']
  408. * @psalm-return array{0: mixed, 1: string, 2: bool}
  409. */
  410. private function getEnumSetAndTimestampColumns(array $column, $timestampSeen)
  411. {
  412. switch ($column['True_Type']) {
  413. case 'set':
  414. return [
  415. 'set',
  416. '',
  417. false,
  418. ];
  419. case 'enum':
  420. return [
  421. 'enum',
  422. '',
  423. false,
  424. ];
  425. case 'timestamp':
  426. return [
  427. $column['Type'],
  428. ' text-nowrap',
  429. ! $timestampSeen, // can only occur once per table
  430. ];
  431. default:
  432. return [
  433. $column['Type'],
  434. ' text-nowrap',
  435. false,
  436. ];
  437. }
  438. }
  439. /**
  440. * Retrieve the nullify code for the null column
  441. *
  442. * @param array $column description of column in given table
  443. * @param array $foreigners keys into foreign fields
  444. * @param array $foreignData data about the foreign keys
  445. */
  446. private function getNullifyCodeForNullColumn(
  447. array $column,
  448. array $foreigners,
  449. array $foreignData
  450. ): string {
  451. $foreigner = $this->relation->searchColumnInForeigners($foreigners, $column['Field']);
  452. if (mb_strstr($column['True_Type'], 'enum')) {
  453. if (mb_strlen((string) $column['Type']) > 20) {
  454. $nullifyCode = '1';
  455. } else {
  456. $nullifyCode = '2';
  457. }
  458. } elseif (mb_strstr($column['True_Type'], 'set')) {
  459. $nullifyCode = '3';
  460. } elseif ($foreigner && $foreignData['foreign_link'] == false) {
  461. // foreign key in a drop-down
  462. $nullifyCode = '4';
  463. } elseif ($foreigner && $foreignData['foreign_link'] == true) {
  464. // foreign key with a browsing icon
  465. $nullifyCode = '6';
  466. } else {
  467. $nullifyCode = '5';
  468. }
  469. return $nullifyCode;
  470. }
  471. /**
  472. * Get HTML textarea for insert form
  473. *
  474. * @param array $column column information
  475. * @param string $backupField hidden input field
  476. * @param string $columnNameAppendix the name attribute
  477. * @param string $onChangeClause onchange clause for fields
  478. * @param int $tabindex tab index
  479. * @param int $tabindexForValue offset for the values tabindex
  480. * @param int $idindex id index
  481. * @param string $textDir text direction
  482. * @param string $specialCharsEncoded replaced char if the string starts
  483. * with a \r\n pair (0x0d0a) add an extra \n
  484. * @param string $dataType the html5 data-* attribute type
  485. * @param bool $readOnly is column read only or not
  486. *
  487. * @return string an html snippet
  488. */
  489. private function getTextarea(
  490. array $column,
  491. $backupField,
  492. $columnNameAppendix,
  493. $onChangeClause,
  494. $tabindex,
  495. $tabindexForValue,
  496. $idindex,
  497. $textDir,
  498. $specialCharsEncoded,
  499. $dataType,
  500. $readOnly
  501. ): string {
  502. $theClass = '';
  503. $textAreaRows = $GLOBALS['cfg']['TextareaRows'];
  504. $textareaCols = $GLOBALS['cfg']['TextareaCols'];
  505. if ($column['is_char']) {
  506. /**
  507. * @todo clarify the meaning of the "textfield" class and explain
  508. * why character columns have the "char" class instead
  509. */
  510. $theClass = 'charField';
  511. $textAreaRows = $GLOBALS['cfg']['CharTextareaRows'];
  512. $textareaCols = $GLOBALS['cfg']['CharTextareaCols'];
  513. $extractedColumnspec = Util::extractColumnSpec($column['Type']);
  514. $maxlength = $extractedColumnspec['spec_in_brackets'];
  515. } elseif ($GLOBALS['cfg']['LongtextDoubleTextarea'] && mb_strstr($column['pma_type'], 'longtext')) {
  516. $textAreaRows = $GLOBALS['cfg']['TextareaRows'] * 2;
  517. $textareaCols = $GLOBALS['cfg']['TextareaCols'] * 2;
  518. }
  519. return $backupField . "\n"
  520. . '<textarea name="fields' . $columnNameAppendix . '"'
  521. . ' class="' . $theClass . '"'
  522. . ($readOnly ? ' readonly="readonly"' : '')
  523. . (isset($maxlength) ? ' data-maxlength="' . $maxlength . '"' : '')
  524. . ' rows="' . $textAreaRows . '"'
  525. . ' cols="' . $textareaCols . '"'
  526. . ' dir="' . $textDir . '"'
  527. . ' id="field_' . $idindex . '_3"'
  528. . ($onChangeClause ? ' ' . $onChangeClause : '')
  529. . ' tabindex="' . ($tabindex + $tabindexForValue) . '"'
  530. . ' data-type="' . $dataType . '">'
  531. . $specialCharsEncoded
  532. . '</textarea>';
  533. }
  534. /**
  535. * Get column values
  536. *
  537. * @param string[] $enum_set_values
  538. *
  539. * @return array column values as an associative array
  540. * @psalm-return list<array{html: string, plain: string}>
  541. */
  542. private function getColumnEnumValues(array $enum_set_values): array
  543. {
  544. $values = [];
  545. foreach ($enum_set_values as $val) {
  546. $values[] = [
  547. 'plain' => $val,
  548. 'html' => htmlspecialchars($val),
  549. ];
  550. }
  551. return $values;
  552. }
  553. /**
  554. * Retrieve column 'set' value and select size
  555. *
  556. * @param array $column description of column in given table
  557. * @param string[] $enum_set_values
  558. *
  559. * @return array $column['values'], $column['select_size']
  560. */
  561. private function getColumnSetValueAndSelectSize(
  562. array $column,
  563. array $enum_set_values
  564. ): array {
  565. if (! isset($column['values'])) {
  566. $column['values'] = [];
  567. foreach ($enum_set_values as $val) {
  568. $column['values'][] = [
  569. 'plain' => $val,
  570. 'html' => htmlspecialchars($val),
  571. ];
  572. }
  573. $column['select_size'] = min(4, count($column['values']));
  574. }
  575. return [
  576. $column['values'],
  577. $column['select_size'],
  578. ];
  579. }
  580. /**
  581. * Get HTML input type
  582. *
  583. * @param array $column description of column in given table
  584. * @param string $columnNameAppendix the name attribute
  585. * @param string $specialChars special characters
  586. * @param int $fieldsize html field size
  587. * @param string $onChangeClause onchange clause for fields
  588. * @param int $tabindex tab index
  589. * @param int $tabindexForValue offset for the values tabindex
  590. * @param int $idindex id index
  591. * @param string $dataType the html5 data-* attribute type
  592. * @param bool $readOnly is column read only or not
  593. *
  594. * @return string an html snippet
  595. */
  596. private function getHtmlInput(
  597. array $column,
  598. $columnNameAppendix,
  599. $specialChars,
  600. $fieldsize,
  601. $onChangeClause,
  602. $tabindex,
  603. $tabindexForValue,
  604. $idindex,
  605. $dataType,
  606. $readOnly
  607. ): string {
  608. $theClass = 'textfield';
  609. // verify True_Type which does not contain the parentheses and length
  610. if (! $readOnly) {
  611. if ($column['True_Type'] === 'date') {
  612. $theClass .= ' datefield';
  613. } elseif ($column['True_Type'] === 'time') {
  614. $theClass .= ' timefield';
  615. } elseif ($column['True_Type'] === 'datetime' || $column['True_Type'] === 'timestamp') {
  616. $theClass .= ' datetimefield';
  617. }
  618. }
  619. $inputMinMax = '';
  620. if (in_array($column['True_Type'], $this->dbi->types->getIntegerTypes())) {
  621. $extractedColumnspec = Util::extractColumnSpec($column['Type']);
  622. $isUnsigned = $extractedColumnspec['unsigned'];
  623. $minMaxValues = $this->dbi->types->getIntegerRange($column['True_Type'], ! $isUnsigned);
  624. $inputMinMax = 'min="' . $minMaxValues[0] . '" '
  625. . 'max="' . $minMaxValues[1] . '"';
  626. $dataType = 'INT';
  627. }
  628. // do not use the 'date' or 'time' types here; they have no effect on some
  629. // browsers and create side effects (see bug #4218)
  630. return '<input type="text"'
  631. . ' name="fields' . $columnNameAppendix . '"'
  632. . ' value="' . $specialChars . '" size="' . $fieldsize . '"'
  633. . (isset($column['is_char']) && $column['is_char']
  634. ? ' data-maxlength="' . $fieldsize . '"'
  635. : '')
  636. . ($readOnly ? ' readonly="readonly"' : '')
  637. . ($inputMinMax ? ' ' . $inputMinMax : '')
  638. . ' data-type="' . $dataType . '"'
  639. . ' class="' . $theClass . '" ' . $onChangeClause
  640. . ' tabindex="' . ($tabindex + $tabindexForValue) . '"'
  641. . ' id="field_' . $idindex . '_3">';
  642. }
  643. /**
  644. * Get HTML select option for upload
  645. *
  646. * @param string $vkey [multi_edit]['row_id']
  647. * @param string $fieldHashMd5 array index as an MD5 to avoid having special characters
  648. *
  649. * @return string an HTML snippet
  650. */
  651. private function getSelectOptionForUpload(string $vkey, string $fieldHashMd5): string
  652. {
  653. $files = $this->fileListing->getFileSelectOptions(
  654. Util::userDir((string) ($GLOBALS['cfg']['UploadDir'] ?? ''))
  655. );
  656. if ($files === false) {
  657. return '<span style="color:red">' . __('Error') . '</span><br>' . "\n"
  658. . __('The directory you set for upload work cannot be reached.') . "\n";
  659. }
  660. if ($files === '') {
  661. return '';
  662. }
  663. return "<br>\n"
  664. . '<i>' . __('Or') . '</i> '
  665. . __('web server upload directory:') . '<br>' . "\n"
  666. . '<select size="1" name="fields_uploadlocal'
  667. . $vkey . '[' . $fieldHashMd5 . ']">' . "\n"
  668. . '<option value="" selected="selected"></option>' . "\n"
  669. . $files
  670. . '</select>' . "\n";
  671. }
  672. /**
  673. * Retrieve the maximum upload file size
  674. *
  675. * @param string $pma_type column type
  676. * @param int $biggestMaxFileSize biggest max file size for uploading
  677. *
  678. * @return array an html snippet and $biggest_max_file_size
  679. * @psalm-return array{non-empty-string, int}
  680. */
  681. private function getMaxUploadSize(string $pma_type, $biggestMaxFileSize): array
  682. {
  683. // find maximum upload size, based on field type
  684. /**
  685. * @todo with functions this is not so easy, as you can basically
  686. * process any data with function like MD5
  687. */
  688. $maxFieldSizes = [
  689. 'tinyblob' => 256,
  690. 'blob' => 65536,
  691. 'mediumblob' => 16777216,
  692. 'longblob' => 4294967296,// yeah, really
  693. ];
  694. $thisFieldMaxSize = (int) $GLOBALS['config']->get('max_upload_size'); // from PHP max
  695. if ($thisFieldMaxSize > $maxFieldSizes[$pma_type]) {
  696. $thisFieldMaxSize = $maxFieldSizes[$pma_type];
  697. }
  698. $htmlOutput = Util::getFormattedMaximumUploadSize($thisFieldMaxSize) . "\n";
  699. // do not generate here the MAX_FILE_SIZE, because we should
  700. // put only one in the form to accommodate the biggest field
  701. if ($thisFieldMaxSize > $biggestMaxFileSize) {
  702. $biggestMaxFileSize = $thisFieldMaxSize;
  703. }
  704. return [
  705. $htmlOutput,
  706. $biggestMaxFileSize,
  707. ];
  708. }
  709. /**
  710. * Get HTML for the Value column of other datatypes
  711. * (here, "column" is used in the sense of HTML column in HTML table)
  712. *
  713. * @param array $column description of column in given table
  714. * @param string $defaultCharEditing default char editing mode which is stored
  715. * in the config.inc.php script
  716. * @param string $backupField hidden input field
  717. * @param string $columnNameAppendix the name attribute
  718. * @param string $onChangeClause onchange clause for fields
  719. * @param int $tabindex tab index
  720. * @param string $specialChars special characters
  721. * @param int $tabindexForValue offset for the values tabindex
  722. * @param int $idindex id index
  723. * @param string $textDir text direction
  724. * @param string $specialCharsEncoded replaced char if the string starts
  725. * with a \r\n pair (0x0d0a) add an extra \n
  726. * @param string $data data to edit
  727. * @param array $extractedColumnspec associative array containing type,
  728. * spec_in_brackets and possibly
  729. * enum_set_values (another array)
  730. * @param bool $readOnly is column read only or not
  731. *
  732. * @return string an html snippet
  733. */
  734. private function getValueColumnForOtherDatatypes(
  735. array $column,
  736. $defaultCharEditing,
  737. $backupField,
  738. $columnNameAppendix,
  739. $onChangeClause,
  740. $tabindex,
  741. $specialChars,
  742. $tabindexForValue,
  743. $idindex,
  744. $textDir,
  745. $specialCharsEncoded,
  746. $data,
  747. array $extractedColumnspec,
  748. $readOnly
  749. ): string {
  750. // HTML5 data-* attribute data-type
  751. $dataType = $this->dbi->types->getTypeClass($column['True_Type']);
  752. $fieldsize = $this->getColumnSize($column, $extractedColumnspec['spec_in_brackets']);
  753. $htmlOutput = $backupField . "\n";
  754. if ($column['is_char'] && ($GLOBALS['cfg']['CharEditing'] === 'textarea' || str_contains($data, "\n"))) {
  755. $htmlOutput .= "\n";
  756. $GLOBALS['cfg']['CharEditing'] = $defaultCharEditing;
  757. $htmlOutput .= $this->getTextarea(
  758. $column,
  759. $backupField,
  760. $columnNameAppendix,
  761. $onChangeClause,
  762. $tabindex,
  763. $tabindexForValue,
  764. $idindex,
  765. $textDir,
  766. $specialCharsEncoded,
  767. $dataType,
  768. $readOnly
  769. );
  770. } else {
  771. $htmlOutput .= $this->getHtmlInput(
  772. $column,
  773. $columnNameAppendix,
  774. $specialChars,
  775. $fieldsize,
  776. $onChangeClause,
  777. $tabindex,
  778. $tabindexForValue,
  779. $idindex,
  780. $dataType,
  781. $readOnly
  782. );
  783. if (
  784. preg_match('/(VIRTUAL|PERSISTENT|GENERATED)/', $column['Extra'])
  785. && ! str_contains($column['Extra'], 'DEFAULT_GENERATED')
  786. ) {
  787. $htmlOutput .= '<input type="hidden" name="virtual'
  788. . $columnNameAppendix . '" value="1">';
  789. }
  790. if ($column['Extra'] === 'auto_increment') {
  791. $htmlOutput .= '<input type="hidden" name="auto_increment'
  792. . $columnNameAppendix . '" value="1">';
  793. }
  794. if (substr($column['pma_type'], 0, 9) === 'timestamp') {
  795. $htmlOutput .= '<input type="hidden" name="fields_type'
  796. . $columnNameAppendix . '" value="timestamp">';
  797. }
  798. if (substr($column['pma_type'], 0, 4) === 'date') {
  799. $type = substr($column['pma_type'], 0, 8) === 'datetime' ? 'datetime' : 'date';
  800. $htmlOutput .= '<input type="hidden" name="fields_type'
  801. . $columnNameAppendix . '" value="' . $type . '">';
  802. }
  803. if (in_array($column['True_Type'], ['bit', 'uuid'], true)) {
  804. $htmlOutput .= '<input type="hidden" name="fields_type'
  805. . $columnNameAppendix . '" value="' . $column['True_Type'] . '">';
  806. }
  807. }
  808. return $htmlOutput;
  809. }
  810. /**
  811. * Get the field size
  812. *
  813. * @param array $column description of column in given table
  814. * @param string $specInBrackets text in brackets inside column definition
  815. *
  816. * @return int field size
  817. */
  818. private function getColumnSize(array $column, string $specInBrackets): int
  819. {
  820. if ($column['is_char']) {
  821. $fieldsize = (int) $specInBrackets;
  822. if ($fieldsize > $GLOBALS['cfg']['MaxSizeForInputField']) {
  823. /**
  824. * This case happens for CHAR or VARCHAR columns which have
  825. * a size larger than the maximum size for input field.
  826. */
  827. $GLOBALS['cfg']['CharEditing'] = 'textarea';
  828. }
  829. } else {
  830. /**
  831. * This case happens for example for INT or DATE columns;
  832. * in these situations, the value returned in $column['len']
  833. * seems appropriate.
  834. */
  835. $fieldsize = $column['len'];
  836. }
  837. return min(
  838. max($fieldsize, $GLOBALS['cfg']['MinSizeForInputField']),
  839. $GLOBALS['cfg']['MaxSizeForInputField']
  840. );
  841. }
  842. /**
  843. * get html for continue insertion form
  844. *
  845. * @param string $table name of the table
  846. * @param string $db name of the database
  847. * @param array $whereClauseArray array of where clauses
  848. * @param string $errorUrl error url
  849. *
  850. * @return string an html snippet
  851. */
  852. public function getContinueInsertionForm(
  853. $table,
  854. $db,
  855. array $whereClauseArray,
  856. $errorUrl
  857. ): string {
  858. return $this->template->render('table/insert/continue_insertion_form', [
  859. 'db' => $db,
  860. 'table' => $table,
  861. 'where_clause_array' => $whereClauseArray,
  862. 'err_url' => $errorUrl,
  863. 'goto' => $GLOBALS['goto'],
  864. 'sql_query' => $_POST['sql_query'] ?? null,
  865. 'has_where_clause' => isset($_POST['where_clause']),
  866. 'insert_rows_default' => $GLOBALS['cfg']['InsertRows'],
  867. ]);
  868. }
  869. /**
  870. * @param string[]|string|null $whereClause
  871. *
  872. * @psalm-pure
  873. */
  874. public static function isWhereClauseNumeric($whereClause): bool
  875. {
  876. if ($whereClause === null) {
  877. return false;
  878. }
  879. if (! is_array($whereClause)) {
  880. $whereClause = [$whereClause];
  881. }
  882. // If we have just numeric primary key, we can also edit next
  883. // we are looking for `table_name`.`field_name` = numeric_value
  884. foreach ($whereClause as $clause) {
  885. // preg_match() returns 1 if there is a match
  886. $isNumeric = preg_match('@^[\s]*`[^`]*`[\.]`[^`]*` = [0-9]+@', $clause) === 1;
  887. if ($isNumeric) {
  888. return true;
  889. }
  890. }
  891. return false;
  892. }
  893. /**
  894. * Get table head and table foot for insert row table
  895. *
  896. * @param array $urlParams url parameters
  897. *
  898. * @return string an html snippet
  899. */
  900. private function getHeadAndFootOfInsertRowTable(array $urlParams): string
  901. {
  902. $type = '';
  903. $function = '';
  904. if ($GLOBALS['cfg']['ShowFieldTypesInDataEditView']) {
  905. $type = $this->showTypeOrFunction('type', $urlParams, true);
  906. }
  907. if ($GLOBALS['cfg']['ShowFunctionFields']) {
  908. $function = $this->showTypeOrFunction('function', $urlParams, true);
  909. }
  910. $template = new Template();
  911. return $template->render('table/insert/get_head_and_foot_of_insert_row_table', [
  912. 'type' => $type,
  913. 'function' => $function,
  914. ]);
  915. }
  916. /**
  917. * Prepares the field value and retrieve special chars, backup field and data array
  918. *
  919. * @param array $currentRow a row of the table
  920. * @param array $column description of column in given table
  921. * @param array $extractedColumnspec associative array containing type,
  922. * spec_in_brackets and possibly
  923. * enum_set_values (another array)
  924. * @param array $gisDataTypes list of GIS data types
  925. * @param string $columnNameAppendix string to append to column name in input
  926. * @param bool $asIs use the data as is, used in repopulating
  927. *
  928. * @return array $real_null_value, $data, $special_chars, $backup_field,
  929. * $special_chars_encoded
  930. */
  931. private function getSpecialCharsAndBackupFieldForExistingRow(
  932. array $currentRow,
  933. array $column,
  934. array $extractedColumnspec,
  935. array $gisDataTypes,
  936. $columnNameAppendix,
  937. $asIs
  938. ) {
  939. $specialCharsEncoded = '';
  940. $data = null;
  941. $realNullValue = false;
  942. // (we are editing)
  943. if (! isset($currentRow[$column['Field']])) {
  944. $realNullValue = true;
  945. $currentRow[$column['Field']] = '';
  946. $specialChars = '';
  947. $data = $currentRow[$column['Field']];
  948. } elseif ($column['True_Type'] === 'bit') {
  949. $specialChars = $asIs
  950. ? $currentRow[$column['Field']]
  951. : Util::printableBitValue(
  952. (int) $currentRow[$column['Field']],
  953. (int) $extractedColumnspec['spec_in_brackets']
  954. );
  955. } elseif (
  956. (substr($column['True_Type'], 0, 9) === 'timestamp'
  957. || $column['True_Type'] === 'datetime'
  958. || $column['True_Type'] === 'time')
  959. && (str_contains($currentRow[$column['Field']], '.'))
  960. ) {
  961. $currentRow[$column['Field']] = $asIs
  962. ? $currentRow[$column['Field']]
  963. : Util::addMicroseconds($currentRow[$column['Field']]);
  964. $specialChars = htmlspecialchars($currentRow[$column['Field']], ENT_COMPAT);
  965. } elseif (in_array($column['True_Type'], $gisDataTypes)) {
  966. // Convert gis data to Well Know Text format
  967. $currentRow[$column['Field']] = $asIs
  968. ? $currentRow[$column['Field']]
  969. : Gis::convertToWellKnownText($currentRow[$column['Field']], true);
  970. $specialChars = htmlspecialchars($currentRow[$column['Field']], ENT_COMPAT);
  971. } else {
  972. // special binary "characters"
  973. if ($column['is_binary'] || ($column['is_blob'] && $GLOBALS['cfg']['ProtectBinary'] !== 'all')) {
  974. $currentRow[$column['Field']] = $asIs
  975. ? $currentRow[$column['Field']]
  976. : bin2hex($currentRow[$column['Field']]);
  977. }
  978. $specialChars = htmlspecialchars($currentRow[$column['Field']], ENT_COMPAT);
  979. //We need to duplicate the first \n or otherwise we will lose
  980. //the first newline entered in a VARCHAR or TEXT column
  981. $specialCharsEncoded = Util::duplicateFirstNewline($specialChars);
  982. $data = $currentRow[$column['Field']];
  983. }
  984. /** @var string $defaultAction */
  985. $defaultAction = $_POST['default_action'] ?? $_GET['default_action'] ?? '';
  986. if (
  987. $defaultAction === 'insert'
  988. && $column['Key'] === 'PRI'
  989. && str_contains($column['Extra'], 'auto_increment')
  990. ) {
  991. // When copying row, it is useful to empty auto-increment column to prevent duplicate key error.
  992. $data = $specialCharsEncoded = $specialChars = null;
  993. }
  994. // If a timestamp field value is not included in an update
  995. // statement MySQL auto-update it to the current timestamp;
  996. // however, things have changed since MySQL 4.1, so
  997. // it's better to set a fields_prev in this situation
  998. $backupField = '<input type="hidden" name="fields_prev'
  999. . $columnNameAppendix . '" value="'
  1000. . htmlspecialchars($currentRow[$column['Field']], ENT_COMPAT) . '">';
  1001. return [
  1002. $realNullValue,
  1003. $specialCharsEncoded,
  1004. $specialChars,
  1005. $data,
  1006. $backupField,
  1007. ];
  1008. }
  1009. /**
  1010. * display default values
  1011. *
  1012. * @param array $column description of column in given table
  1013. *
  1014. * @return array $real_null_value, $data, $special_chars,
  1015. * $backup_field, $special_chars_encoded
  1016. * @psalm-return array{bool, mixed, string, string, string}
  1017. */
  1018. private function getSpecialCharsAndBackupFieldForInsertingMode(
  1019. array $column
  1020. ) {
  1021. if (! isset($column['Default'])) {
  1022. $column['Default'] = '';
  1023. $realNullValue = true;
  1024. $data = '';
  1025. } else {
  1026. $realNullValue = false;
  1027. $data = $column['Default'];
  1028. }
  1029. $trueType = $column['True_Type'];
  1030. if ($trueType === 'bit') {
  1031. $specialChars = Util::convertBitDefaultValue($column['Default']);
  1032. } elseif (substr($trueType, 0, 9) === 'timestamp' || $trueType === 'datetime' || $trueType === 'time') {
  1033. $specialChars = Util::addMicroseconds($column['Default']);
  1034. } elseif ($trueType === 'binary' || $trueType === 'varbinary') {
  1035. $specialChars = bin2hex($column['Default']);
  1036. } elseif (substr($trueType, -4) === 'text') {
  1037. $textDefault = (string) substr($column['Default'], 1, -1);
  1038. $specialChars = htmlspecialchars(stripcslashes($textDefault !== '' ? $textDefault : $column['Default']));
  1039. } else {
  1040. $specialChars = htmlspecialchars($column['Default']);
  1041. }
  1042. $specialCharsEncoded = Util::duplicateFirstNewline($specialChars);
  1043. return [
  1044. $realNullValue,
  1045. $data,
  1046. $specialChars,
  1047. '',
  1048. $specialCharsEncoded,
  1049. ];
  1050. }
  1051. /**
  1052. * Prepares the update/insert of a row
  1053. *
  1054. * @return array $loop_array, $using_key, $is_insert, $is_insertignore
  1055. * @psalm-return array{array, bool, bool, bool}
  1056. */
  1057. public function getParamsForUpdateOrInsert()
  1058. {
  1059. if (isset($_POST['where_clause'])) {
  1060. // we were editing something => use the WHERE clause
  1061. $loopArray = is_array($_POST['where_clause'])
  1062. ? $_POST['where_clause']
  1063. : [$_POST['where_clause']];
  1064. $usingKey = true;
  1065. $isInsert = isset($_POST['submit_type'])
  1066. && ($_POST['submit_type'] === 'insert'
  1067. || $_POST['submit_type'] === 'showinsert'
  1068. || $_POST['submit_type'] === 'insertignore');
  1069. } else {
  1070. // new row => use indexes
  1071. $loopArray = [];
  1072. if (! empty($_POST['fields'])) {
  1073. $loopArray = array_keys($_POST['fields']['multi_edit']);
  1074. }
  1075. $usingKey = false;
  1076. $isInsert = true;
  1077. }
  1078. $isInsertIgnore = isset($_POST['submit_type'])
  1079. && $_POST['submit_type'] === 'insertignore';
  1080. return [
  1081. $loopArray,
  1082. $usingKey,
  1083. $isInsert,
  1084. $isInsertIgnore,
  1085. ];
  1086. }
  1087. /**
  1088. * set $_SESSION for edit_next
  1089. *
  1090. * @param string $oneWhereClause one where clause from where clauses array
  1091. */
  1092. public function setSessionForEditNext($oneWhereClause): void
  1093. {
  1094. $localQuery = 'SELECT * FROM ' . Util::backquote($GLOBALS['db'])
  1095. . '.' . Util::backquote($GLOBALS['table']) . ' WHERE '
  1096. . str_replace('` =', '` >', $oneWhereClause) . ' LIMIT 1;';
  1097. $res = $this->dbi->query($localQuery);
  1098. $row = $res->fetchRow();
  1099. $meta = $this->dbi->getFieldsMeta($res);
  1100. // must find a unique condition based on unique key,
  1101. // not a combination of all fields
  1102. [$uniqueCondition] = Util::getUniqueCondition(
  1103. count($meta),
  1104. $meta,
  1105. $row,
  1106. true
  1107. );
  1108. if (! $uniqueCondition) {
  1109. return;
  1110. }
  1111. $_SESSION['edit_next'] = $uniqueCondition;
  1112. }
  1113. /**
  1114. * set $goto_include variable for different cases and retrieve like,
  1115. * if $GLOBALS['goto'] empty, if $goto_include previously not defined
  1116. * and new_insert, same_insert, edit_next
  1117. *
  1118. * @param string|false $gotoInclude store some script for include, otherwise it is
  1119. * boolean false
  1120. */
  1121. public function getGotoInclude($gotoInclude): string
  1122. {
  1123. $validOptions = [
  1124. 'new_insert',
  1125. 'same_insert',
  1126. 'edit_next',
  1127. ];
  1128. if (isset($_POST['after_insert']) && in_array($_POST['after_insert'], $validOptions)) {
  1129. return '/table/change';
  1130. }
  1131. if (! empty($GLOBALS['goto'])) {
  1132. if (! preg_match('@^[a-z_]+\.php$@', $GLOBALS['goto'])) {
  1133. // this should NOT happen
  1134. //$GLOBALS['goto'] = false;
  1135. if (str_contains($GLOBALS['goto'], 'index.php?route=/sql')) {
  1136. $gotoInclude = '/sql';
  1137. } else {
  1138. $gotoInclude = false;
  1139. }
  1140. } else {
  1141. $gotoInclude = $GLOBALS['goto'];
  1142. }
  1143. if ($GLOBALS['goto'] === 'index.php?route=/database/sql' && strlen($GLOBALS['table']) > 0) {
  1144. $GLOBALS['table'] = '';
  1145. }
  1146. }
  1147. if (! $gotoInclude) {
  1148. if (strlen($GLOBALS['table']) === 0) {
  1149. $gotoInclude = '/database/sql';
  1150. } else {
  1151. $gotoInclude = '/table/sql';
  1152. }
  1153. }
  1154. return $gotoInclude;
  1155. }
  1156. /**
  1157. * Defines the url to return in case of failure of the query
  1158. *
  1159. * @param array $urlParams url parameters
  1160. *
  1161. * @return string error url for query failure
  1162. */
  1163. public function getErrorUrl(array $urlParams)
  1164. {
  1165. if (isset($_POST['err_url'])) {
  1166. return $_POST['err_url'];
  1167. }
  1168. return Url::getFromRoute('/table/change', $urlParams);
  1169. }
  1170. /**
  1171. * Builds the sql query
  1172. *
  1173. * @param bool $isInsertIgnore $_POST['submit_type'] === 'insertignore'
  1174. * @param array $queryFields column names array
  1175. * @param array $valueSets array of query values
  1176. *
  1177. * @return array of query
  1178. * @psalm-return array{string}
  1179. */
  1180. public function buildSqlQuery(bool $isInsertIgnore, array $queryFields, array $valueSets)
  1181. {
  1182. if ($isInsertIgnore) {
  1183. $insertCommand = 'INSERT IGNORE ';
  1184. } else {
  1185. $insertCommand = 'INSERT ';
  1186. }
  1187. return [
  1188. $insertCommand . 'INTO '
  1189. . Util::backquote($GLOBALS['table'])
  1190. . ' (' . implode(', ', $queryFields) . ') VALUES ('
  1191. . implode('), (', $valueSets) . ')',
  1192. ];
  1193. }
  1194. /**
  1195. * Executes the sql query and get the result, then move back to the calling page
  1196. *
  1197. * @param array $urlParams url parameters array
  1198. * @param array $query built query from buildSqlQuery()
  1199. *
  1200. * @return array $url_params, $total_affected_rows, $last_messages
  1201. * $warning_messages, $error_messages, $return_to_sql_query
  1202. */
  1203. public function executeSqlQuery(array $urlParams, array $query)
  1204. {
  1205. $returnToSqlQuery = '';
  1206. if (! empty($GLOBALS['sql_query'])) {
  1207. $urlParams['sql_query'] = $GLOBALS['sql_query'];
  1208. $returnToSqlQuery = $GLOBALS['sql_query'];
  1209. }
  1210. $GLOBALS['sql_query'] = implode('; ', $query) . ';';
  1211. // to ensure that the query is displayed in case of
  1212. // "insert as new row" and then "insert another new row"
  1213. $GLOBALS['display_query'] = $GLOBALS['sql_query'];
  1214. $totalAffectedRows = 0;
  1215. $lastMessages = [];
  1216. $warningMessages = [];
  1217. $errorMessages = [];
  1218. foreach ($query as $singleQuery) {
  1219. if (isset($_POST['submit_type']) && $_POST['submit_type'] === 'showinsert') {
  1220. $lastMessages[] = Message::notice(__('Showing SQL query'));
  1221. continue;
  1222. }
  1223. if ($GLOBALS['cfg']['IgnoreMultiSubmitErrors']) {
  1224. $result = $this->dbi->tryQuery($singleQuery);
  1225. } else {
  1226. $result = $this->dbi->query($singleQuery);
  1227. }
  1228. if (! $result) {
  1229. $errorMessages[] = $this->dbi->getError();
  1230. } else {
  1231. $totalAffectedRows += $this->dbi->affectedRows();
  1232. $insertId = $this->dbi->insertId();
  1233. if ($insertId) {
  1234. // insert_id is id of FIRST record inserted in one insert, so if we
  1235. // inserted multiple rows, we had to increment this
  1236. if ($totalAffectedRows > 0) {
  1237. $insertId += $totalAffectedRows - 1;
  1238. }
  1239. $lastMessage = Message::notice(__('Inserted row id: %1$d'));
  1240. $lastMessage->addParam($insertId);
  1241. $lastMessages[] = $lastMessage;
  1242. }
  1243. }
  1244. $warningMessages = $this->getWarningMessages();
  1245. }
  1246. return [
  1247. $urlParams,
  1248. $totalAffectedRows,
  1249. $lastMessages,
  1250. $warningMessages,
  1251. $errorMessages,
  1252. $returnToSqlQuery,
  1253. ];
  1254. }
  1255. /**
  1256. * get the warning messages array
  1257. *
  1258. * @return string[]
  1259. */
  1260. private function getWarningMessages(): array
  1261. {
  1262. $warningMessages = [];
  1263. foreach ($this->dbi->getWarnings() as $warning) {
  1264. $warningMessages[] = htmlspecialchars((string) $warning);
  1265. }
  1266. return $warningMessages;
  1267. }
  1268. /**
  1269. * Column to display from the foreign table?
  1270. *
  1271. * @param string $whereComparison string that contain relation field value
  1272. * @param array $map all Relations to foreign tables for a given
  1273. * table or optionally a given column in a table
  1274. * @param string $relationField relation field
  1275. *
  1276. * @return string display value from the foreign table
  1277. */
  1278. public function getDisplayValueForForeignTableColumn(
  1279. $whereComparison,
  1280. array $map,
  1281. $relationField
  1282. ) {
  1283. $foreigner = $this->relation->searchColumnInForeigners($map, $relationField);
  1284. if (! is_array($foreigner)) {
  1285. return '';
  1286. }
  1287. $displayField = $this->relation->getDisplayField($foreigner['foreign_db'], $foreigner['foreign_table']);
  1288. // Field to display from the foreign table?
  1289. if (is_string($displayField) && strlen($displayField) > 0) {
  1290. $dispsql = 'SELECT ' . Util::backquote($displayField)
  1291. . ' FROM ' . Util::backquote($foreigner['foreign_db'])
  1292. . '.' . Util::backquote($foreigner['foreign_table'])
  1293. . ' WHERE ' . Util::backquote($foreigner['foreign_field'])
  1294. . $whereComparison;
  1295. $dispresult = $this->dbi->tryQuery($dispsql);
  1296. if ($dispresult && $dispresult->numRows() > 0) {
  1297. return (string) $dispresult->fetchValue();
  1298. }
  1299. }
  1300. return '';
  1301. }
  1302. /**
  1303. * Display option in the cell according to user choices
  1304. *
  1305. * @param array $map all Relations to foreign tables for a given
  1306. * table or optionally a given column in a table
  1307. * @param string $relationField relation field
  1308. * @param string $whereComparison string that contain relation field value
  1309. * @param string $dispval display value from the foreign table
  1310. * @param string $relationFieldValue relation field value
  1311. *
  1312. * @return string HTML <a> tag
  1313. */
  1314. public function getLinkForRelationalDisplayField(
  1315. array $map,
  1316. $relationField,
  1317. $whereComparison,
  1318. $dispval,
  1319. $relationFieldValue
  1320. ): string {
  1321. $foreigner = $this->relation->searchColumnInForeigners($map, $relationField);
  1322. if (! is_array($foreigner)) {
  1323. return '';
  1324. }
  1325. if ($_SESSION['tmpval']['relational_display'] === 'K') {
  1326. // user chose "relational key" in the display options, so
  1327. // the title contains the display field
  1328. $title = $dispval
  1329. ? ' title="' . htmlspecialchars($dispval) . '"'
  1330. : '';
  1331. } else {
  1332. $title = ' title="' . htmlspecialchars($relationFieldValue) . '"';
  1333. }
  1334. $sqlQuery = 'SELECT * FROM '
  1335. . Util::backquote($foreigner['foreign_db'])
  1336. . '.' . Util::backquote($foreigner['foreign_table'])
  1337. . ' WHERE ' . Util::backquote($foreigner['foreign_field'])
  1338. . $whereComparison;
  1339. $urlParams = [
  1340. 'db' => $foreigner['foreign_db'],
  1341. 'table' => $foreigner['foreign_table'],
  1342. 'pos' => '0',
  1343. 'sql_signature' => Core::signSqlQuery($sqlQuery),
  1344. 'sql_query' => $sqlQuery,
  1345. ];
  1346. $output = '<a href="' . Url::getFromRoute('/sql', $urlParams) . '"' . $title . '>';
  1347. if ($_SESSION['tmpval']['relational_display'] === 'D') {
  1348. // user chose "relational display field" in the
  1349. // display options, so show display field in the cell
  1350. $output .= htmlspecialchars($dispval);
  1351. } else {
  1352. // otherwise display data in the cell
  1353. $output .= htmlspecialchars($relationFieldValue);
  1354. }
  1355. $output .= '</a>';
  1356. return $output;
  1357. }
  1358. /**
  1359. * Transform edited values
  1360. *
  1361. * @param string $db db name
  1362. * @param string $table table name
  1363. * @param array $transformation mimetypes for all columns of a table
  1364. * [field_name][field_key]
  1365. * @param array $editedValues transform columns list and new values
  1366. * @param string $file file containing the transformation plugin
  1367. * @param string $columnName column name
  1368. * @param array $extraData extra data array
  1369. * @param string $type the type of transformation
  1370. *
  1371. * @return array
  1372. */
  1373. public function transformEditedValues(
  1374. $db,
  1375. $table,
  1376. array $transformation,
  1377. array &$editedValues,
  1378. $file,
  1379. $columnName,
  1380. array $extraData,
  1381. $type
  1382. ) {
  1383. $includeFile = 'libraries/classes/Plugins/Transformations/' . $file;
  1384. if (is_file(ROOT_PATH . $includeFile)) {
  1385. // $cfg['SaveCellsAtOnce'] = true; JS code sends an array
  1386. $whereClause = is_array($_POST['where_clause']) ? $_POST['where_clause'][0] : $_POST['where_clause'];
  1387. $urlParams = [
  1388. 'db' => $db,
  1389. 'table' => $table,
  1390. 'where_clause_sign' => Core::signSqlQuery($whereClause),
  1391. 'where_clause' => $whereClause,
  1392. 'transform_key' => $columnName,
  1393. ];
  1394. $transformOptions = $this->transformations->getOptions($transformation[$type . '_options'] ?? '');
  1395. $transformOptions['wrapper_link'] = Url::getCommon($urlParams);
  1396. $transformOptions['wrapper_params'] = $urlParams;
  1397. $className = $this->transformations->getClassName($includeFile);
  1398. if (class_exists($className)) {
  1399. /** @var TransformationsPlugin $transformationPlugin */
  1400. $transformationPlugin = new $className();
  1401. foreach ($editedValues as $cellIndex => $currCellEditedValues) {
  1402. if (! isset($currCellEditedValues[$columnName])) {
  1403. continue;
  1404. }
  1405. $extraData['transformations'][$cellIndex] = $transformationPlugin->applyTransformation(
  1406. $currCellEditedValues[$columnName],
  1407. $transformOptions
  1408. );
  1409. $editedValues[$cellIndex][$columnName] = $extraData['transformations'][$cellIndex];
  1410. }
  1411. }
  1412. }
  1413. return $extraData;
  1414. }
  1415. /**
  1416. * Get current value in multi edit mode
  1417. *
  1418. * @param array $multiEditFuncs multiple edit functions array
  1419. * @param array $multiEditSalt multiple edit array with encryption salt
  1420. * @param array $gisFromTextFunctions array that contains gis from text functions
  1421. * @param string $currentValue current value in the column
  1422. * @param array $gisFromWkbFunctions initially $val is $multi_edit_columns[$key]
  1423. * @param array $funcOptionalParam array('RAND','UNIX_TIMESTAMP')
  1424. * @param array $funcNoParam array of set of string
  1425. * @param string $key an md5 of the column name
  1426. */
  1427. public function getCurrentValueAsAnArrayForMultipleEdit(
  1428. $multiEditFuncs,
  1429. $multiEditSalt,
  1430. $gisFromTextFunctions,
  1431. $currentValue,
  1432. $gisFromWkbFunctions,
  1433. $funcOptionalParam,
  1434. $funcNoParam,
  1435. $key
  1436. ): string {
  1437. if ($multiEditFuncs[$key] === 'PHP_PASSWORD_HASH') {
  1438. /**
  1439. * @see https://github.com/vimeo/psalm/issues/3350
  1440. *
  1441. * @psalm-suppress InvalidArgument
  1442. */
  1443. $hash = password_hash($currentValue, PASSWORD_DEFAULT);
  1444. return "'" . $this->dbi->escapeString($hash) . "'";
  1445. }
  1446. if ($multiEditFuncs[$key] === 'UUID') {
  1447. /* This way user will know what UUID new row has */
  1448. $uuid = (string) $this->dbi->fetchValue('SELECT UUID()');
  1449. return "'" . $this->dbi->escapeString($uuid) . "'";
  1450. }
  1451. if (
  1452. in_array($multiEditFuncs[$key], $gisFromTextFunctions)
  1453. || in_array($multiEditFuncs[$key], $gisFromWkbFunctions)
  1454. ) {
  1455. preg_match('/^(\'?)(.*?)\1(?:,(\d+))?$/', $currentValue, $matches);
  1456. $escapedParams = "'" . $this->dbi->escapeString($matches[2])
  1457. . (isset($matches[3]) ? "'," . $matches[3] : "'");
  1458. return $multiEditFuncs[$key] . '(' . $escapedParams . ')';
  1459. }
  1460. if (
  1461. ! in_array($multiEditFuncs[$key], $funcNoParam)
  1462. || ($currentValue !== ''
  1463. && in_array($multiEditFuncs[$key], $funcOptionalParam))
  1464. ) {
  1465. if (
  1466. (isset($multiEditSalt[$key])
  1467. && ($multiEditFuncs[$key] === 'AES_ENCRYPT'
  1468. || $multiEditFuncs[$key] === 'AES_DECRYPT'))
  1469. || (! empty($multiEditSalt[$key])
  1470. && ($multiEditFuncs[$key] === 'DES_ENCRYPT'
  1471. || $multiEditFuncs[$key] === 'DES_DECRYPT'
  1472. || $multiEditFuncs[$key] === 'ENCRYPT'))
  1473. ) {
  1474. return $multiEditFuncs[$key] . "('" . $this->dbi->escapeString($currentValue) . "','"
  1475. . $this->dbi->escapeString($multiEditSalt[$key]) . "')";
  1476. }
  1477. return $multiEditFuncs[$key] . "('" . $this->dbi->escapeString($currentValue) . "')";
  1478. }
  1479. return $multiEditFuncs[$key] . '()';
  1480. }
  1481. /**
  1482. * Get query values array and query fields array for insert and update in multi edit
  1483. *
  1484. * @param array $multiEditColumnsName multiple edit columns name array
  1485. * @param array $multiEditColumnsNull multiple edit columns null array
  1486. * @param string $currentValue current value in the column in loop
  1487. * @param array $multiEditColumnsPrev multiple edit previous columns array
  1488. * @param array $multiEditFuncs multiple edit functions array
  1489. * @param bool $isInsert boolean value whether insert or not
  1490. * @param array $queryValues SET part of the sql query
  1491. * @param array $queryFields array of query fields
  1492. * @param string $currentValueAsAnArray current value in the column
  1493. * as an array
  1494. * @param array $valueSets array of valu sets
  1495. * @param string $key an md5 of the column name
  1496. * @param array $multiEditColumnsNullPrev array of multiple edit columns
  1497. * null previous
  1498. *
  1499. * @return array[] ($query_values, $query_fields)
  1500. */
  1501. public function getQueryValuesForInsertAndUpdateInMultipleEdit(
  1502. $multiEditColumnsName,
  1503. $multiEditColumnsNull,
  1504. $currentValue,
  1505. $multiEditColumnsPrev,
  1506. $multiEditFuncs,
  1507. $isInsert,
  1508. $queryValues,
  1509. $queryFields,
  1510. $currentValueAsAnArray,
  1511. $valueSets,
  1512. $key,
  1513. $multiEditColumnsNullPrev
  1514. ) {
  1515. // i n s e r t
  1516. if ($isInsert) {
  1517. // no need to add column into the valuelist
  1518. if (strlen($currentValueAsAnArray) > 0) {
  1519. $queryValues[] = $currentValueAsAnArray;
  1520. // first inserted row so prepare the list of fields
  1521. if (empty($valueSets)) {
  1522. $queryFields[] = Util::backquote($multiEditColumnsName[$key]);
  1523. }
  1524. }
  1525. } elseif (! empty($multiEditColumnsNullPrev[$key]) && ! isset($multiEditColumnsNull[$key])) {
  1526. // u p d a t e
  1527. // field had the null checkbox before the update
  1528. // field no longer has the null checkbox
  1529. $queryValues[] = Util::backquote($multiEditColumnsName[$key])
  1530. . ' = ' . $currentValueAsAnArray;
  1531. } elseif (
  1532. ! (empty($multiEditFuncs[$key])
  1533. && empty($multiEditColumnsNull[$key])
  1534. && isset($multiEditColumnsPrev[$key])
  1535. && $currentValue === $multiEditColumnsPrev[$key])
  1536. && $currentValueAsAnArray !== ''
  1537. ) {
  1538. // avoid setting a field to NULL when it's already NULL
  1539. // (field had the null checkbox before the update
  1540. // field still has the null checkbox)
  1541. if (empty($multiEditColumnsNullPrev[$key]) || empty($multiEditColumnsNull[$key])) {
  1542. $queryValues[] = Util::backquote($multiEditColumnsName[$key])
  1543. . ' = ' . $currentValueAsAnArray;
  1544. }
  1545. }
  1546. return [
  1547. $queryValues,
  1548. $queryFields,
  1549. ];
  1550. }
  1551. /**
  1552. * Get the current column value in the form for different data types
  1553. *
  1554. * @param string|false $possiblyUploadedVal uploaded file content
  1555. * @param string $key an md5 of the column name
  1556. * @param array|null $multiEditColumnsType array of multi edit column types
  1557. * @param string $currentValue current column value in the form
  1558. * @param array|null $multiEditAutoIncrement multi edit auto increment
  1559. * @param int $rownumber index of where clause array
  1560. * @param array $multiEditColumnsName multi edit column names array
  1561. * @param array $multiEditColumnsNull multi edit columns null array
  1562. * @param array $multiEditColumnsNullPrev multi edit columns previous null
  1563. * @param bool $isInsert whether insert or not
  1564. * @param bool $usingKey whether editing or new row
  1565. * @param string $whereClause where clause
  1566. * @param string $table table name
  1567. * @param array $multiEditFuncs multiple edit functions array
  1568. *
  1569. * @return string current column value in the form
  1570. */
  1571. public function getCurrentValueForDifferentTypes(
  1572. $possiblyUploadedVal,
  1573. $key,
  1574. ?array $multiEditColumnsType,
  1575. $currentValue,
  1576. ?array $multiEditAutoIncrement,
  1577. $rownumber,
  1578. $multiEditColumnsName,
  1579. $multiEditColumnsNull,
  1580. $multiEditColumnsNullPrev,
  1581. $isInsert,
  1582. $usingKey,
  1583. $whereClause,
  1584. $table,
  1585. $multiEditFuncs
  1586. ): string {
  1587. if ($possiblyUploadedVal !== false) {
  1588. return $possiblyUploadedVal;
  1589. }
  1590. // c o l u m n v a l u e i n t h e f o r m
  1591. $type = $multiEditColumnsType[$key] ?? '';
  1592. if ($type !== 'protected' && $type !== 'set' && strlen($currentValue) === 0) {
  1593. // best way to avoid problems in strict mode
  1594. // (works also in non-strict mode)
  1595. $currentValue = "''";
  1596. if (isset($multiEditAutoIncrement, $multiEditAutoIncrement[$key])) {
  1597. $currentValue = 'NULL';
  1598. }
  1599. } elseif ($type === 'set') {
  1600. $currentValue = "''";
  1601. if (! empty($_POST['fields']['multi_edit'][$rownumber][$key])) {
  1602. $currentValue = implode(',', $_POST['fields']['multi_edit'][$rownumber][$key]);
  1603. $currentValue = "'"
  1604. . $this->dbi->escapeString($currentValue) . "'";
  1605. }
  1606. } elseif ($type === 'protected') {
  1607. // Fetch the current values of a row to use in case we have a protected field
  1608. if (
  1609. $isInsert
  1610. && $usingKey
  1611. && is_array($multiEditColumnsType) && $whereClause
  1612. ) {
  1613. $protectedRow = $this->dbi->fetchSingleRow(
  1614. 'SELECT * FROM ' . Util::backquote($table)
  1615. . ' WHERE ' . $whereClause . ';'
  1616. );
  1617. }
  1618. // here we are in protected mode (asked in the config)
  1619. // so tbl_change has put this special value in the
  1620. // columns array, so we do not change the column value
  1621. // but we can still handle column upload
  1622. // when in UPDATE mode, do not alter field's contents. When in INSERT
  1623. // mode, insert empty field because no values were submitted.
  1624. // If protected blobs where set, insert original fields content.
  1625. $currentValue = '';
  1626. if (! empty($protectedRow[$multiEditColumnsName[$key]])) {
  1627. $currentValue = '0x'
  1628. . bin2hex($protectedRow[$multiEditColumnsName[$key]]);
  1629. }
  1630. } elseif ($type === 'hex') {
  1631. if (substr($currentValue, 0, 2) != '0x') {
  1632. $currentValue = '0x' . $currentValue;
  1633. }
  1634. } elseif ($type === 'bit') {
  1635. $currentValue = (string) preg_replace('/[^01]/', '0', $currentValue);
  1636. $currentValue = "b'" . $this->dbi->escapeString($currentValue) . "'";
  1637. } elseif (
  1638. ! ($type === 'datetime' || $type === 'timestamp' || $type === 'date')
  1639. || ! preg_match('/^current_timestamp(\([0-6]?\))?$/i', $currentValue)
  1640. ) {
  1641. $currentValue = "'" . $this->dbi->escapeString($currentValue)
  1642. . "'";
  1643. }
  1644. // Was the Null checkbox checked for this field?
  1645. // (if there is a value, we ignore the Null checkbox: this could
  1646. // be possible if Javascript is disabled in the browser)
  1647. if (! empty($multiEditColumnsNull[$key]) && ($currentValue == "''" || $currentValue == '')) {
  1648. $currentValue = 'NULL';
  1649. }
  1650. // The Null checkbox was unchecked for this field
  1651. if (
  1652. empty($currentValue)
  1653. && ! empty($multiEditColumnsNullPrev[$key])
  1654. && ! isset($multiEditColumnsNull[$key])
  1655. ) {
  1656. $currentValue = "''";
  1657. }
  1658. // For uuid type, generate uuid value
  1659. // if empty value but not set null or value is uuid() function
  1660. if (
  1661. $type === 'uuid'
  1662. && ! isset($multiEditColumnsNull[$key])
  1663. && ($currentValue == "''"
  1664. || $currentValue == ''
  1665. || $currentValue === "'uuid()'")
  1666. ) {
  1667. $currentValue = 'uuid()';
  1668. }
  1669. return $currentValue;
  1670. }
  1671. /**
  1672. * Check whether inline edited value can be truncated or not,
  1673. * and add additional parameters for extra_data array if needed
  1674. *
  1675. * @param string $db Database name
  1676. * @param string $table Table name
  1677. * @param string $columnName Column name
  1678. * @param array $extraData Extra data for ajax response
  1679. */
  1680. public function verifyWhetherValueCanBeTruncatedAndAppendExtraData(
  1681. $db,
  1682. $table,
  1683. $columnName,
  1684. array &$extraData
  1685. ): void {
  1686. $extraData['isNeedToRecheck'] = false;
  1687. $sqlForRealValue = 'SELECT ' . Util::backquote($table) . '.'
  1688. . Util::backquote($columnName)
  1689. . ' FROM ' . Util::backquote($db) . '.'
  1690. . Util::backquote($table)
  1691. . ' WHERE ' . $_POST['where_clause'][0];
  1692. $result = $this->dbi->tryQuery($sqlForRealValue);
  1693. if (! $result) {
  1694. return;
  1695. }
  1696. $fieldsMeta = $this->dbi->getFieldsMeta($result);
  1697. $meta = $fieldsMeta[0];
  1698. $newValue = $result->fetchValue();
  1699. if ($newValue === false) {
  1700. return;
  1701. }
  1702. if ($meta->isTimeType()) {
  1703. $newValue = Util::addMicroseconds($newValue);
  1704. } elseif ($meta->isBinary()) {
  1705. $newValue = '0x' . bin2hex($newValue);
  1706. }
  1707. $extraData['isNeedToRecheck'] = true;
  1708. $extraData['truncatableFieldValue'] = $newValue;
  1709. }
  1710. /**
  1711. * Function to get the columns of a table
  1712. *
  1713. * @param string $db current db
  1714. * @param string $table current table
  1715. *
  1716. * @return array[]
  1717. */
  1718. public function getTableColumns($db, $table)
  1719. {
  1720. $this->dbi->selectDb($db);
  1721. return array_values($this->dbi->getColumns($db, $table, true));
  1722. }
  1723. /**
  1724. * Function to determine Insert/Edit rows
  1725. *
  1726. * @param string|null $whereClause where clause
  1727. * @param string $db current database
  1728. * @param string $table current table
  1729. *
  1730. * @return array
  1731. */
  1732. public function determineInsertOrEdit($whereClause, $db, $table): array
  1733. {
  1734. if (isset($_POST['where_clause'])) {
  1735. $whereClause = $_POST['where_clause'];
  1736. }
  1737. if (isset($_SESSION['edit_next'])) {
  1738. $whereClause = $_SESSION['edit_next'];
  1739. unset($_SESSION['edit_next']);
  1740. $afterInsert = 'edit_next';
  1741. }
  1742. if (isset($_POST['ShowFunctionFields'])) {
  1743. $GLOBALS['cfg']['ShowFunctionFields'] = $_POST['ShowFunctionFields'];
  1744. }
  1745. if (isset($_POST['ShowFieldTypesInDataEditView'])) {
  1746. $GLOBALS['cfg']['ShowFieldTypesInDataEditView'] = $_POST['ShowFieldTypesInDataEditView'];
  1747. }
  1748. if (isset($_POST['after_insert'])) {
  1749. $afterInsert = $_POST['after_insert'];
  1750. }
  1751. if (isset($whereClause)) {
  1752. // we are editing
  1753. $insertMode = false;
  1754. $whereClauseArray = $this->getWhereClauseArray($whereClause);
  1755. [$whereClauses, $result, $rows, $foundUniqueKey] = $this->analyzeWhereClauses(
  1756. $whereClauseArray,
  1757. $table,
  1758. $db
  1759. );
  1760. } else {
  1761. // we are inserting
  1762. $insertMode = true;
  1763. $whereClause = null;
  1764. [$result, $rows] = $this->loadFirstRow($table, $db);
  1765. $whereClauses = null;
  1766. $whereClauseArray = [];
  1767. $foundUniqueKey = false;
  1768. }
  1769. /** @var string $defaultAction */
  1770. $defaultAction = $_POST['default_action'] ?? $_GET['default_action'] ?? '';
  1771. if ($defaultAction === 'insert') {
  1772. // Copying a row - fetched data will be inserted as a new row, therefore the where clause is needless.
  1773. $whereClause = $whereClauses = null;
  1774. }
  1775. return [
  1776. $insertMode,
  1777. $whereClause,
  1778. $whereClauseArray,
  1779. $whereClauses,
  1780. $result,
  1781. $rows,
  1782. $foundUniqueKey,
  1783. $afterInsert ?? null,
  1784. ];
  1785. }
  1786. /**
  1787. * Function to get comments for the table columns
  1788. *
  1789. * @param string $db current database
  1790. * @param string $table current table
  1791. *
  1792. * @return array comments for columns
  1793. */
  1794. public function getCommentsMap($db, $table): array
  1795. {
  1796. if ($GLOBALS['cfg']['ShowPropertyComments']) {
  1797. return $this->relation->getComments($db, $table);
  1798. }
  1799. return [];
  1800. }
  1801. /**
  1802. * Function to get html for the gis editor div
  1803. */
  1804. public function getHtmlForGisEditor(): string
  1805. {
  1806. return '<div id="gis_editor"></div><div id="popup_background"></div><br>';
  1807. }
  1808. /**
  1809. * Function to get html for the ignore option in insert mode
  1810. *
  1811. * @param int $rowId row id
  1812. * @param bool $checked ignore option is checked or not
  1813. */
  1814. public function getHtmlForIgnoreOption($rowId, $checked = true): string
  1815. {
  1816. return '<input type="checkbox"'
  1817. . ($checked ? ' checked="checked"' : '')
  1818. . ' name="insert_ignore_' . $rowId . '"'
  1819. . ' id="insert_ignore_' . $rowId . '">'
  1820. . '<label for="insert_ignore_' . $rowId . '">'
  1821. . __('Ignore')
  1822. . '</label><br>' . "\n";
  1823. }
  1824. /**
  1825. * Function to get html for the insert edit form header
  1826. *
  1827. * @param bool $hasBlobField whether has blob field
  1828. * @param bool $isUpload whether is upload
  1829. */
  1830. public function getHtmlForInsertEditFormHeader($hasBlobField, $isUpload): string
  1831. {
  1832. $template = new Template();
  1833. return $template->render('table/insert/get_html_for_insert_edit_form_header', [
  1834. 'has_blob_field' => $hasBlobField,
  1835. 'is_upload' => $isUpload,
  1836. ]);
  1837. }
  1838. /**
  1839. * Function to get html for each insert/edit column
  1840. *
  1841. * @param array $column column
  1842. * @param int $columnNumber column index in table_columns
  1843. * @param array $commentsMap comments map
  1844. * @param bool $timestampSeen whether timestamp seen
  1845. * @param ResultInterface $currentResult current result
  1846. * @param string $chgEvtHandler javascript change event handler
  1847. * @param string $jsvkey javascript validation key
  1848. * @param string $vkey validation key
  1849. * @param bool $insertMode whether insert mode
  1850. * @param array $currentRow current row
  1851. * @param int $oRows row offset
  1852. * @param int $tabindex tab index
  1853. * @param int $columnsCnt columns count
  1854. * @param bool $isUpload whether upload
  1855. * @param array $foreigners foreigners
  1856. * @param int $tabindexForValue tab index offset for value
  1857. * @param string $table table
  1858. * @param string $db database
  1859. * @param int $rowId row id
  1860. * @param int $biggestMaxFileSize biggest max file size
  1861. * @param string $defaultCharEditing default char editing mode which is stored in the config.inc.php script
  1862. * @param string $textDir text direction
  1863. * @param array $repopulate the data to be repopulated
  1864. * @param array $columnMime the mime information of column
  1865. * @param string $whereClause the where clause
  1866. *
  1867. * @return string
  1868. */
  1869. private function getHtmlForInsertEditFormColumn(
  1870. array $column,
  1871. int $columnNumber,
  1872. array $commentsMap,
  1873. $timestampSeen,
  1874. ResultInterface $currentResult,
  1875. $chgEvtHandler,
  1876. $jsvkey,
  1877. $vkey,
  1878. $insertMode,
  1879. array $currentRow,
  1880. $oRows,
  1881. &$tabindex,
  1882. $columnsCnt,
  1883. $isUpload,
  1884. array $foreigners,
  1885. $tabindexForValue,
  1886. $table,
  1887. $db,
  1888. $rowId,
  1889. $biggestMaxFileSize,
  1890. $defaultCharEditing,
  1891. $textDir,
  1892. array $repopulate,
  1893. array $columnMime,
  1894. $whereClause
  1895. ) {
  1896. $readOnly = false;
  1897. if (! isset($column['processed'])) {
  1898. $column = $this->analyzeTableColumnsArray($column, $commentsMap, $timestampSeen);
  1899. }
  1900. $asIs = false;
  1901. /** @var string $fieldHashMd5 */
  1902. $fieldHashMd5 = $column['Field_md5'];
  1903. if ($repopulate && array_key_exists($fieldHashMd5, $currentRow)) {
  1904. $currentRow[$column['Field']] = $repopulate[$fieldHashMd5];
  1905. $asIs = true;
  1906. }
  1907. $extractedColumnspec = Util::extractColumnSpec($column['Type']);
  1908. if ($column['len'] === -1) {
  1909. $column['len'] = $this->dbi->getFieldsMeta($currentResult)[$columnNumber]->length;
  1910. // length is unknown for geometry fields,
  1911. // make enough space to edit very simple WKTs
  1912. if ($column['len'] === -1) {
  1913. $column['len'] = 30;
  1914. }
  1915. }
  1916. //Call validation when the form submitted...
  1917. $onChangeClause = $chgEvtHandler
  1918. . "=\"return verificationsAfterFieldChange('"
  1919. . Sanitize::escapeJsString($fieldHashMd5) . "', '"
  1920. . Sanitize::escapeJsString($jsvkey) . "','" . $column['pma_type'] . "')\"";
  1921. // Use an MD5 as an array index to avoid having special characters
  1922. // in the name attribute (see bug #1746964 )
  1923. $columnNameAppendix = $vkey . '[' . $fieldHashMd5 . ']';
  1924. if ($column['Type'] === 'datetime' && $column['Null'] !== 'YES' && ! isset($column['Default']) && $insertMode) {
  1925. $column['Default'] = date('Y-m-d H:i:s', time());
  1926. }
  1927. // Get a list of GIS data types.
  1928. $gisDataTypes = Gis::getDataTypes();
  1929. // Prepares the field value
  1930. if ($currentRow) {
  1931. // (we are editing)
  1932. [
  1933. $realNullValue,
  1934. $specialCharsEncoded,
  1935. $specialChars,
  1936. $data,
  1937. $backupField,
  1938. ] = $this->getSpecialCharsAndBackupFieldForExistingRow(
  1939. $currentRow,
  1940. $column,
  1941. $extractedColumnspec,
  1942. $gisDataTypes,
  1943. $columnNameAppendix,
  1944. $asIs
  1945. );
  1946. } else {
  1947. // (we are inserting)
  1948. // display default values
  1949. $tmp = $column;
  1950. if (isset($repopulate[$fieldHashMd5])) {
  1951. $tmp['Default'] = $repopulate[$fieldHashMd5];
  1952. }
  1953. [
  1954. $realNullValue,
  1955. $data,
  1956. $specialChars,
  1957. $backupField,
  1958. $specialCharsEncoded,
  1959. ] = $this->getSpecialCharsAndBackupFieldForInsertingMode($tmp);
  1960. unset($tmp);
  1961. }
  1962. $idindex = ($oRows * $columnsCnt) + $columnNumber + 1;
  1963. $tabindex = $idindex;
  1964. // The function column
  1965. // -------------------
  1966. $foreignData = $this->relation->getForeignData($foreigners, $column['Field'], false, '', '');
  1967. $isColumnBinary = $this->isColumnBinary($column, $isUpload);
  1968. $functionOptions = '';
  1969. if ($GLOBALS['cfg']['ShowFunctionFields']) {
  1970. $functionOptions = Generator::getFunctionsForField($column, $insertMode, $foreignData);
  1971. }
  1972. // nullify code is needed by the js nullify() function to be able to generate calls to nullify() in jQuery
  1973. $nullifyCode = $this->getNullifyCodeForNullColumn($column, $foreigners, $foreignData);
  1974. // The value column (depends on type)
  1975. // ----------------
  1976. // See bug #1667887 for the reason why we don't use the maxlength
  1977. // HTML attribute
  1978. //add data attributes "no of decimals" and "data type"
  1979. $noDecimals = 0;
  1980. $type = current(explode('(', $column['pma_type']));
  1981. if (preg_match('/\(([^()]+)\)/', $column['pma_type'], $match)) {
  1982. $match[0] = trim($match[0], '()');
  1983. $noDecimals = $match[0];
  1984. }
  1985. // Check input transformation of column
  1986. $transformedHtml = '';
  1987. if (! empty($columnMime['input_transformation'])) {
  1988. $file = $columnMime['input_transformation'];
  1989. $includeFile = 'libraries/classes/Plugins/Transformations/' . $file;
  1990. if (is_file(ROOT_PATH . $includeFile)) {
  1991. $className = $this->transformations->getClassName($includeFile);
  1992. if (class_exists($className)) {
  1993. $transformationPlugin = new $className();
  1994. $transformationOptions = $this->transformations->getOptions(
  1995. $columnMime['input_transformation_options']
  1996. );
  1997. $urlParams = [
  1998. 'db' => $db,
  1999. 'table' => $table,
  2000. 'transform_key' => $column['Field'],
  2001. 'where_clause_sign' => Core::signSqlQuery($whereClause),
  2002. 'where_clause' => $whereClause,
  2003. ];
  2004. $transformationOptions['wrapper_link'] = Url::getCommon($urlParams);
  2005. $transformationOptions['wrapper_params'] = $urlParams;
  2006. $currentValue = '';
  2007. if (isset($currentRow[$column['Field']])) {
  2008. $currentValue = $currentRow[$column['Field']];
  2009. }
  2010. if (method_exists($transformationPlugin, 'getInputHtml')) {
  2011. $transformedHtml = $transformationPlugin->getInputHtml(
  2012. $column,
  2013. $rowId,
  2014. $columnNameAppendix,
  2015. $transformationOptions,
  2016. $currentValue,
  2017. $textDir,
  2018. $tabindex,
  2019. $tabindexForValue,
  2020. $idindex
  2021. );
  2022. }
  2023. if (method_exists($transformationPlugin, 'getScripts')) {
  2024. $GLOBALS['plugin_scripts'] = array_merge(
  2025. $GLOBALS['plugin_scripts'],
  2026. $transformationPlugin->getScripts()
  2027. );
  2028. }
  2029. }
  2030. }
  2031. }
  2032. $columnValue = '';
  2033. $foreignDropdown = '';
  2034. $dataType = '';
  2035. $textAreaRows = $GLOBALS['cfg']['TextareaRows'];
  2036. $textareaCols = $GLOBALS['cfg']['TextareaCols'];
  2037. $maxlength = '';
  2038. $enumSelectedValue = '';
  2039. $columnSetValues = [];
  2040. $setSelectSize = 0;
  2041. $isColumnProtectedBlob = false;
  2042. $blobValue = '';
  2043. $blobValueUnit = '';
  2044. $maxUploadSize = 0;
  2045. $selectOptionForUpload = '';
  2046. $inputFieldHtml = '';
  2047. if (empty($transformedHtml)) {
  2048. if (is_array($foreignData['disp_row'])) {
  2049. $foreignDropdown = $this->relation->foreignDropdown(
  2050. $foreignData['disp_row'],
  2051. $foreignData['foreign_field'],
  2052. $foreignData['foreign_display'],
  2053. $data,
  2054. $GLOBALS['cfg']['ForeignKeyMaxLimit']
  2055. );
  2056. }
  2057. $dataType = $this->dbi->types->getTypeClass($column['True_Type']);
  2058. if ($column['is_char']) {
  2059. $textAreaRows = max($GLOBALS['cfg']['CharTextareaRows'], 7);
  2060. $textareaCols = $GLOBALS['cfg']['CharTextareaCols'];
  2061. $maxlength = $extractedColumnspec['spec_in_brackets'];
  2062. } elseif ($GLOBALS['cfg']['LongtextDoubleTextarea'] && mb_strstr($column['pma_type'], 'longtext')) {
  2063. $textAreaRows = $GLOBALS['cfg']['TextareaRows'] * 2;
  2064. $textareaCols = $GLOBALS['cfg']['TextareaCols'] * 2;
  2065. }
  2066. if ($column['pma_type'] === 'enum') {
  2067. if (! isset($column['values'])) {
  2068. $column['values'] = $this->getColumnEnumValues($extractedColumnspec['enum_set_values']);
  2069. }
  2070. foreach ($column['values'] as $enumValue) {
  2071. if (
  2072. $data == $enumValue['plain'] || ($data == ''
  2073. && (! isset($_POST['where_clause']) || $column['Null'] !== 'YES')
  2074. && isset($column['Default']) && $enumValue['plain'] == $column['Default'])
  2075. ) {
  2076. $enumSelectedValue = $enumValue['plain'];
  2077. break;
  2078. }
  2079. }
  2080. } elseif ($column['pma_type'] === 'set') {
  2081. [$columnSetValues, $setSelectSize] = $this->getColumnSetValueAndSelectSize(
  2082. $column,
  2083. $extractedColumnspec['enum_set_values']
  2084. );
  2085. } elseif ($column['is_binary'] || $column['is_blob']) {
  2086. $isColumnProtectedBlob = ($GLOBALS['cfg']['ProtectBinary'] === 'blob' && $column['is_blob'])
  2087. || ($GLOBALS['cfg']['ProtectBinary'] === 'all')
  2088. || ($GLOBALS['cfg']['ProtectBinary'] === 'noblob' && ! $column['is_blob']);
  2089. if ($isColumnProtectedBlob && isset($data)) {
  2090. $blobSize = Util::formatByteDown(mb_strlen(stripslashes($data)), 3, 1);
  2091. if ($blobSize !== null) {
  2092. [$blobValue, $blobValueUnit] = $blobSize;
  2093. }
  2094. }
  2095. if ($isUpload && $column['is_blob']) {
  2096. [$maxUploadSize] = $this->getMaxUploadSize($column['True_Type'], $biggestMaxFileSize);
  2097. }
  2098. if (! empty($GLOBALS['cfg']['UploadDir'])) {
  2099. $selectOptionForUpload = $this->getSelectOptionForUpload($vkey, $fieldHashMd5);
  2100. }
  2101. if (
  2102. ! $isColumnProtectedBlob
  2103. && ! ($column['is_blob'] || ($column['len'] > $GLOBALS['cfg']['LimitChars']))
  2104. ) {
  2105. $inputFieldHtml = $this->getHtmlInput(
  2106. $column,
  2107. $columnNameAppendix,
  2108. $specialChars,
  2109. min(max($column['len'] * 2, 4), $GLOBALS['cfg']['LimitChars']),
  2110. $onChangeClause,
  2111. $tabindex,
  2112. $tabindexForValue,
  2113. $idindex,
  2114. 'HEX',
  2115. $readOnly
  2116. );
  2117. }
  2118. } else {
  2119. $columnValue = $this->getValueColumnForOtherDatatypes(
  2120. $column,
  2121. $defaultCharEditing,
  2122. $backupField,
  2123. $columnNameAppendix,
  2124. $onChangeClause,
  2125. $tabindex,
  2126. $specialChars,
  2127. $tabindexForValue,
  2128. $idindex,
  2129. $textDir,
  2130. $specialCharsEncoded,
  2131. $data,
  2132. $extractedColumnspec,
  2133. $readOnly
  2134. );
  2135. }
  2136. }
  2137. return $this->template->render('table/insert/column_row', [
  2138. 'db' => $db,
  2139. 'table' => $table,
  2140. 'column' => $column,
  2141. 'row_id' => $rowId,
  2142. 'show_field_types_in_data_edit_view' => $GLOBALS['cfg']['ShowFieldTypesInDataEditView'],
  2143. 'show_function_fields' => $GLOBALS['cfg']['ShowFunctionFields'],
  2144. 'is_column_binary' => $isColumnBinary,
  2145. 'function_options' => $functionOptions,
  2146. 'read_only' => $readOnly,
  2147. 'nullify_code' => $nullifyCode,
  2148. 'real_null_value' => $realNullValue,
  2149. 'id_index' => $idindex,
  2150. 'type' => $type,
  2151. 'decimals' => $noDecimals,
  2152. 'special_chars' => $specialChars,
  2153. 'transformed_value' => $transformedHtml,
  2154. 'value' => $columnValue,
  2155. 'is_value_foreign_link' => $foreignData['foreign_link'] === true,
  2156. 'backup_field' => $backupField,
  2157. 'data' => $data,
  2158. 'gis_data_types' => $gisDataTypes,
  2159. 'foreign_dropdown' => $foreignDropdown,
  2160. 'data_type' => $dataType,
  2161. 'textarea_cols' => $textareaCols,
  2162. 'textarea_rows' => $textAreaRows,
  2163. 'text_dir' => $textDir,
  2164. 'max_length' => $maxlength,
  2165. 'longtext_double_textarea' => $GLOBALS['cfg']['LongtextDoubleTextarea'],
  2166. 'enum_selected_value' => $enumSelectedValue,
  2167. 'set_values' => $columnSetValues,
  2168. 'set_select_size' => $setSelectSize,
  2169. 'is_column_protected_blob' => $isColumnProtectedBlob,
  2170. 'blob_value' => $blobValue,
  2171. 'blob_value_unit' => $blobValueUnit,
  2172. 'is_upload' => $isUpload,
  2173. 'max_upload_size' => $maxUploadSize,
  2174. 'select_option_for_upload' => $selectOptionForUpload,
  2175. 'limit_chars' => $GLOBALS['cfg']['LimitChars'],
  2176. 'input_field_html' => $inputFieldHtml,
  2177. 'tab_index' => $tabindex,
  2178. 'tab_index_for_value' => $tabindexForValue,
  2179. ]);
  2180. }
  2181. private function isColumnBinary(array $column, bool $isUpload): bool
  2182. {
  2183. global $cfg;
  2184. if (! $cfg['ShowFunctionFields']) {
  2185. return false;
  2186. }
  2187. return ($cfg['ProtectBinary'] === 'blob' && $column['is_blob'] && ! $isUpload)
  2188. || ($cfg['ProtectBinary'] === 'all' && $column['is_binary'])
  2189. || ($cfg['ProtectBinary'] === 'noblob' && $column['is_binary']);
  2190. }
  2191. /**
  2192. * Function to get html for each insert/edit row
  2193. *
  2194. * @param array $urlParams url parameters
  2195. * @param array[] $tableColumns table columns
  2196. * @param array $commentsMap comments map
  2197. * @param bool $timestampSeen whether timestamp seen
  2198. * @param ResultInterface $currentResult current result
  2199. * @param string $chgEvtHandler javascript change event handler
  2200. * @param string $jsvkey javascript validation key
  2201. * @param string $vkey validation key
  2202. * @param bool $insertMode whether insert mode
  2203. * @param array $currentRow current row
  2204. * @param int $oRows row offset
  2205. * @param int $tabindex tab index
  2206. * @param int $columnsCnt columns count
  2207. * @param bool $isUpload whether upload
  2208. * @param array $foreigners foreigners
  2209. * @param int $tabindexForValue tab index offset for value
  2210. * @param string $table table
  2211. * @param string $db database
  2212. * @param int $rowId row id
  2213. * @param int $biggestMaxFileSize biggest max file size
  2214. * @param string $textDir text direction
  2215. * @param array $repopulate the data to be repopulated
  2216. * @param array $whereClauseArray the array of where clauses
  2217. *
  2218. * @return string
  2219. */
  2220. public function getHtmlForInsertEditRow(
  2221. array $urlParams,
  2222. array $tableColumns,
  2223. array $commentsMap,
  2224. $timestampSeen,
  2225. ResultInterface $currentResult,
  2226. $chgEvtHandler,
  2227. $jsvkey,
  2228. $vkey,
  2229. $insertMode,
  2230. array $currentRow,
  2231. &$oRows,
  2232. &$tabindex,
  2233. $columnsCnt,
  2234. $isUpload,
  2235. array $foreigners,
  2236. $tabindexForValue,
  2237. $table,
  2238. $db,
  2239. $rowId,
  2240. $biggestMaxFileSize,
  2241. $textDir,
  2242. array $repopulate,
  2243. array $whereClauseArray
  2244. ) {
  2245. $htmlOutput = $this->getHeadAndFootOfInsertRowTable($urlParams)
  2246. . '<tbody>';
  2247. //store the default value for CharEditing
  2248. $defaultCharEditing = $GLOBALS['cfg']['CharEditing'];
  2249. $mimeMap = $this->transformations->getMime($db, $table);
  2250. $whereClause = '';
  2251. if (isset($whereClauseArray[$rowId])) {
  2252. $whereClause = $whereClauseArray[$rowId];
  2253. }
  2254. for ($columnNumber = 0; $columnNumber < $columnsCnt; $columnNumber++) {
  2255. $tableColumn = $tableColumns[$columnNumber];
  2256. $columnMime = [];
  2257. if (isset($mimeMap[$tableColumn['Field']])) {
  2258. $columnMime = $mimeMap[$tableColumn['Field']];
  2259. }
  2260. $virtual = [
  2261. 'VIRTUAL',
  2262. 'PERSISTENT',
  2263. 'VIRTUAL GENERATED',
  2264. 'STORED GENERATED',
  2265. ];
  2266. if (in_array($tableColumn['Extra'], $virtual)) {
  2267. continue;
  2268. }
  2269. $htmlOutput .= $this->getHtmlForInsertEditFormColumn(
  2270. $tableColumn,
  2271. $columnNumber,
  2272. $commentsMap,
  2273. $timestampSeen,
  2274. $currentResult,
  2275. $chgEvtHandler,
  2276. $jsvkey,
  2277. $vkey,
  2278. $insertMode,
  2279. $currentRow,
  2280. $oRows,
  2281. $tabindex,
  2282. $columnsCnt,
  2283. $isUpload,
  2284. $foreigners,
  2285. $tabindexForValue,
  2286. $table,
  2287. $db,
  2288. $rowId,
  2289. $biggestMaxFileSize,
  2290. $defaultCharEditing,
  2291. $textDir,
  2292. $repopulate,
  2293. $columnMime,
  2294. $whereClause
  2295. );
  2296. }
  2297. $oRows++;
  2298. return $htmlOutput . ' </tbody>'
  2299. . '</table></div><br>'
  2300. . '<div class="clearfloat"></div>';
  2301. }
  2302. }