Overview

Packages

  • Auth
    • Ads
    • Ldap
    • Xoops
  • Autotasks
  • Config
    • Category
    • Item
    • Option
  • Core
    • Filesystem
    • Filters
    • Logger
    • Mail
    • Message
    • Password
    • Security
    • StopSpammer
    • Template
    • Textsanitizer
    • VersionChecker
  • Data
    • Avatar
    • Comment
  • Database
    • Connection
    • Criteria
    • Legacy
    • MySQL
    • PDO
    • Updater
  • Feeds
    • RSS
  • File
  • Form
    • Base
    • Elements
  • ICMS
    • IPF
      • View
  • Image
    • Category
  • Ipf
    • Category
    • Controller
    • Export
    • form
    • Keyhighlighter
    • Member
    • Object
    • Permission
    • richfile
    • Tree
    • urllink
    • View
  • kernel
    • Set
  • Member
    • Group
    • GroupMembership
    • GroupPermission
    • User
  • Messaging
  • Module
  • None
  • Notification
  • Page
  • Plugins
    • Editor
  • Preload
    • Libraries
  • Privmessage
  • Session
  • SmartObject
  • View
    • Block
    • Breadcrumb
    • PageNav
    • PrinterFriendly
    • Template
    • Templates
    • Theme
    • Tree

Classes

  • icms_auth_Ads
  • icms_auth_Factory
  • icms_auth_Ldap
  • icms_auth_Object
  • icms_auth_Provisionning
  • icms_auth_Xoops
  • icms_Autoloader
  • icms_config_category_Handler
  • icms_config_category_Object
  • icms_config_Handler
  • icms_config_Item_Handler
  • icms_config_Item_Object
  • icms_config_option_Handler
  • icms_config_option_Object
  • icms_core_DataFilter
  • icms_core_Debug
  • icms_core_Filesystem
  • icms_core_HTMLFilter
  • icms_core_Logger
  • icms_core_Message
  • icms_core_Object
  • icms_core_ObjectHandler
  • icms_core_OnlineHandler
  • icms_core_Password
  • icms_core_Security
  • icms_core_Session
  • icms_core_StopSpammer
  • icms_core_Textsanitizer
  • icms_core_Versionchecker
  • icms_data_avatar_Handler
  • icms_data_avatar_Object
  • icms_data_comment_Handler
  • icms_data_comment_Object
  • icms_data_comment_Renderer
  • icms_data_file_Handler
  • icms_data_file_Object
  • icms_data_notification_Handler
  • icms_data_notification_Object
  • icms_data_page_Handler
  • icms_data_page_Object
  • icms_data_privmessage_Handler
  • icms_data_privmessage_Object
  • icms_data_urllink_Handler
  • icms_data_urllink_Object
  • icms_db_Connection
  • icms_db_criteria_Compo
  • icms_db_criteria_Element
  • icms_db_criteria_Item
  • icms_db_Factory
  • icms_db_legacy_Database
  • icms_db_legacy_Factory
  • icms_db_legacy_mysql_Database
  • icms_db_legacy_mysql_Proxy
  • icms_db_legacy_mysql_Safe
  • icms_db_legacy_mysql_Utility
  • icms_db_legacy_PdoDatabase
  • icms_db_legacy_updater_Handler
  • icms_db_legacy_updater_Table
  • icms_db_mysql_Connection
  • icms_db_mysql_Utility
  • icms_Event
  • icms_feeds_Rss
  • icms_feeds_Simplerss
  • icms_file_DownloadHandler
  • icms_file_MediaUploadHandler
  • icms_file_TarDownloader
  • icms_file_TarFileHandler
  • icms_file_ZipDownloader
  • icms_file_ZipFileHandler
  • icms_form_Base
  • icms_form_Element
  • icms_form_elements_Button
  • icms_form_elements_Captcha
  • icms_form_elements_captcha_Image
  • icms_form_elements_captcha_ImageHandler
  • icms_form_elements_captcha_Object
  • icms_form_elements_captcha_Text
  • icms_form_elements_Checkbox
  • icms_form_elements_Colorpicker
  • icms_form_elements_Date
  • icms_form_elements_Datetime
  • icms_form_elements_Dhtmltextarea
  • icms_form_elements_Editor
  • icms_form_elements_File
  • icms_form_elements_Groupperm
  • icms_form_elements_Hidden
  • icms_form_elements_Hiddentoken
  • icms_form_elements_Label
  • icms_form_elements_Password
  • icms_form_elements_Radio
  • icms_form_elements_Radioyn
  • icms_form_elements_Select
  • icms_form_elements_select_Country
  • icms_form_elements_select_Editor
  • icms_form_elements_select_Group
  • icms_form_elements_select_Image
  • icms_form_elements_select_Lang
  • icms_form_elements_select_Matchoption
  • icms_form_elements_select_Theme
  • icms_form_elements_select_Timezone
  • icms_form_elements_select_User
  • icms_form_elements_Text
  • icms_form_elements_Textarea
  • icms_form_elements_Tray
  • icms_form_Groupperm
  • icms_form_Simple
  • icms_form_Table
  • icms_form_Theme
  • icms_image_category_Handler
  • icms_image_category_Object
  • icms_image_Handler
  • icms_image_Object
  • icms_image_set_Handler
  • icms_image_set_Object
  • icms_ipf_About
  • icms_ipf_category_Handler
  • icms_ipf_category_Object
  • icms_ipf_Controller
  • icms_ipf_export_Handler
  • icms_ipf_export_Renderer
  • icms_ipf_form_Base
  • icms_ipf_form_elements_Autocomplete
  • icms_ipf_form_elements_Blockoptions
  • icms_ipf_form_elements_Checkbox
  • icms_ipf_form_elements_Date
  • icms_ipf_form_elements_Datetime
  • icms_ipf_form_elements_File
  • icms_ipf_form_elements_Fileupload
  • icms_ipf_form_elements_Image
  • icms_ipf_form_elements_Imageupload
  • icms_ipf_form_elements_Language
  • icms_ipf_form_elements_Page
  • icms_ipf_form_elements_Parentcategory
  • icms_ipf_form_elements_Passwordtray
  • icms_ipf_form_elements_Radio
  • icms_ipf_form_elements_Richfile
  • icms_ipf_form_elements_Section
  • icms_ipf_form_elements_Select
  • icms_ipf_form_elements_Selectmulti
  • icms_ipf_form_elements_Signature
  • icms_ipf_form_elements_Source
  • icms_ipf_form_elements_Text
  • icms_ipf_form_elements_Time
  • icms_ipf_form_elements_Upload
  • icms_ipf_form_elements_Urllink
  • icms_ipf_form_elements_User
  • icms_ipf_form_elements_Yesno
  • icms_ipf_form_Secure
  • icms_ipf_Handler
  • icms_ipf_Highlighter
  • icms_ipf_member_Handler
  • icms_ipf_Metagen
  • icms_ipf_Object
  • icms_ipf_permission_Handler
  • icms_ipf_registry_Handler
  • icms_ipf_seo_Object
  • icms_ipf_Tree
  • icms_ipf_view_Column
  • icms_ipf_view_Row
  • icms_ipf_view_Single
  • icms_ipf_view_Table
  • icms_ipf_view_Tree
  • icms_member_group_Handler
  • icms_member_group_membership_Handler
  • icms_member_group_membership_Object
  • icms_member_group_Object
  • icms_member_groupperm_Handler
  • icms_member_groupperm_Object
  • icms_member_Handler
  • icms_member_user_Handler
  • icms_member_user_Object
  • icms_messaging_EmailHandler
  • icms_messaging_Handler
  • icms_module_Handler
  • icms_module_Object
  • icms_plugins_EditorHandler
  • icms_plugins_Handler
  • icms_plugins_Object
  • icms_preload_Handler
  • icms_preload_Item
  • icms_preload_LibrariesHandler
  • icms_sys_autotasks_System
  • icms_Utils
  • icms_view_block_Handler
  • icms_view_block_Object
  • icms_view_block_position_Handler
  • icms_view_block_position_Object
  • icms_view_Breadcrumb
  • icms_view_PageBuilder
  • icms_view_PageNav
  • icms_view_Printerfriendly
  • icms_view_template_file_Handler
  • icms_view_template_file_Object
  • icms_view_template_set_Handler
  • icms_view_template_set_Object
  • icms_view_theme_Factory
  • icms_view_theme_Object
  • icms_view_Tpl
  • icms_view_Tree

Interfaces

  • icms_db_IConnection
  • icms_db_IUtility
  • icms_db_legacy_IDatabase
  • icms_sys_autotasks_ISystem
  • Overview
  • Package
  • Class
  1:   2:   3:   4:   5:   6:   7:   8:   9:  10:  11:  12:  13:  14:  15:  16:  17:  18:  19:  20:  21:  22:  23:  24:  25:  26:  27:  28:  29:  30:  31:  32:  33:  34:  35:  36:  37:  38:  39:  40:  41:  42:  43:  44:  45:  46:  47:  48:  49:  50:  51:  52:  53:  54:  55:  56:  57:  58:  59:  60:  61:  62:  63:  64:  65:  66:  67:  68:  69:  70:  71:  72:  73:  74:  75:  76:  77:  78:  79:  80:  81:  82:  83:  84:  85:  86:  87:  88:  89:  90:  91:  92:  93:  94:  95:  96:  97:  98:  99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231: 232: 233: 234: 235: 236: 237: 238: 239: 240: 241: 242: 243: 244: 245: 246: 247: 248: 249: 250: 251: 252: 253: 254: 255: 256: 257: 258: 259: 260: 261: 262: 263: 264: 265: 266: 267: 268: 269: 270: 271: 272: 273: 274: 275: 276: 277: 278: 279: 280: 281: 282: 283: 284: 285: 286: 287: 288: 289: 290: 291: 292: 293: 294: 295: 296: 297: 298: 299: 300: 301: 302: 303: 304: 305: 306: 307: 308: 309: 310: 311: 312: 313: 314: 315: 316: 317: 318: 319: 320: 321: 322: 323: 324: 325: 
<?php
//  ------------------------------------------------------------------------ //
//                XOOPS - PHP Content Management System                      //
//                    Copyright (c) 2000 XOOPS.org                           //
//                       <http://www.xoops.org/>                             //
//  ------------------------------------------------------------------------ //
//  This program is free software; you can redistribute it and/or modify     //
//  it under the terms of the GNU General Public License as published by     //
//  the Free Software Foundation; either version 2 of the License, or        //
//  (at your option) any later version.                                      //
//                                                                           //
//  You may not change or alter any portion of this comment or credits       //
//  of supporting developers from this source code or any supporting         //
//  source code which is considered copyrighted (c) material of the          //
//  original comment or credit authors.                                      //
//                                                                           //
//  This program is distributed in the hope that it will be useful,          //
//  but WITHOUT ANY WARRANTY; without even the implied warranty of           //
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            //
//  GNU General Public License for more details.                             //
//                                                                           //
//  You should have received a copy of the GNU General Public License        //
//  along with this program; if not, write to the Free Software              //
//  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA //
//  ------------------------------------------------------------------------ //
// Author: Kazumi Ono (AKA onokazu)                                          //
// URL: http://www.myweb.ne.jp/, http://www.xoops.org/, http://jp.xoops.org/ //
// Project: The XOOPS Project                                                //
// ------------------------------------------------------------------------- //
/**
 * Legacy MySQL utilities
 *
 * @copyright   http://www.impresscms.org/ The ImpressCMS Project
 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU General Public License (GPL)
 *
 * @category    ICMS
 * @package     Database
 * @subpackage  Legacy
 *
 * @version     SVN: $Id: Utility.php 12403 2014-01-26 21:35:08Z skenow $
 */

/**
 * Provide some utility methods for databases
 *
 * @category    ICMS
 * @package     Database
 * @subpackage  Legacy
 * @author      Kazumi Ono  <onokazu@xoops.org>
 * @copyright   copyright (c) 2000-2007 XOOPS.org
 */
class icms_db_legacy_mysql_Utility implements icms_db_IUtility {

    /**
     * Creates a new utility object
     */
    public function __construct(){
    }

    /**
     * Function from phpMyAdmin (http://phpwizard.net/projects/phpMyAdmin/)
     *
     * Removes comment and splits large sql files into individual queries
     *
     * Last revision: September 23, 2001 - gandon
     *
     * @param   array    the split sql commands
     * @param   string   the sql commands
     * @return  boolean  always true
     */
    static public function splitMySqlFile(&$ret, $sql) {
        $sql               = trim($sql);
        $sql_len           = strlen($sql);
        $char              = '';
        $string_start      = '';
        $in_string         = FALSE;

        for ($i = 0; $i < $sql_len; ++$i) {
            $char = $sql[$i];

            // We are in a string, check for not escaped end of
            // strings except for backquotes that can't be escaped
            if ($in_string) {
                for (;;) {
                    $i = strpos($sql, $string_start, $i);
                    // No end of string found -> add the current
                    // substring to the returned array
                    if (!$i) {
                        $ret[] = $sql;
                        return TRUE;
                    } elseif ($string_start == '`' || $sql[$i-1] != '\\') {
                        // Backquotes or no backslashes before
                        // quotes: it's indeed the end of the
                        // string -> exit the loop
                        $string_start      = '';
                        $in_string         = FALSE;
                        break;
                    } else {
                        // one or more Backslashes before the presumed
                        // end of string...
                        // first checks for escaped backslashes
                        $j                     = 2;
                        $escaped_backslash     = FALSE;
                        while ($i-$j > 0 && $sql[$i-$j] == '\\') {
                            $escaped_backslash = !$escaped_backslash;
                            $j++;
                        }
                        // ... if escaped backslashes: it's really the
                        // end of the string -> exit the loop
                        if ($escaped_backslash) {
                            $string_start  = '';
                            $in_string     = FALSE;
                            break;
                        } else {
                            $i++;
                        }
                    }
                }
            } elseif ($char == ';') {
                // We are not in a string, first check for delimiter...
                // if delimiter found, add the parsed part to the returned array
                $ret[]    = substr($sql, 0, $i);
                $sql      = ltrim(substr($sql, min($i + 1, $sql_len)));
                $sql_len  = strlen($sql);
                if ($sql_len) {
                    $i      = -1;
                } else {
                    // The submited statement(s) end(s) here
                    return TRUE;
                }
            } elseif (($char == '"') || ($char == '\'') || ($char == '`')) {
                // ... then check for start of a string,...
                $in_string    = TRUE;
                $string_start = $char;
            } elseif ($char == '#' || ($char == ' ' && $i > 1 && $sql[$i-2] . $sql[$i-1] == '--')) {
                // for start of a comment (and remove this comment if found)...
                // starting position of the comment depends on the comment type
                $start_of_comment = (($sql[$i] == '#') ? $i : $i-2);
                // if no "\n" exits in the remaining string, checks for "\r"
                // (Mac eol style)
                $end_of_comment   = (strpos(' ' . $sql, "\012", $i+2))
                    ? strpos(' ' . $sql, "\012", $i+2)
                    : strpos(' ' . $sql, "\015", $i+2);
                if (!$end_of_comment) {
                    // no eol found after '#', add the parsed part to the returned
                    // array and exit
                    // RMV fix for comments at end of file
                    $last = trim(substr($sql, 0, $i-1));
                    if (!empty($last)) {
                        $ret[] = $last;
                    }
                    return TRUE;
                } else {
                    $sql     = substr($sql, 0, $start_of_comment) . ltrim(substr($sql, $end_of_comment));
                    $sql_len = strlen($sql);
                    $i--;
                }
            }
        }

        // add any rest to the returned array
        if (!empty($sql) && trim($sql) != '') {
            $ret[] = $sql;
        }
        return TRUE;
    }

    /**
     * Function from phpMyAdmin (http://phpwizard.net/projects/phpMyAdmin/)
     *
     * Removes comment and splits large sql files into individual queries
     *
     * Last revision: September 23, 2001 - gandon
     *
     * @param   array    the split sql commands
     * @param   string   the sql commands
     * @return  boolean  always true
     */
    static public function splitSqlFile(&$ret, $sql) {
        $sql               = trim($sql);
        $sql_len           = strlen($sql);
        $char              = '';
        $string_start      = '';
        $in_string         = FALSE;

        for ($i = 0; $i < $sql_len; ++$i) {
            $char = $sql[$i];

            // We are in a string, check for not escaped end of
            // strings except for backquotes that can't be escaped
            if ($in_string) {
                for (;;) {
                    $i         = strpos($sql, $string_start, $i);
                    // No end of string found -> add the current
                    // substring to the returned array
                    if (!$i) {
                        $ret[] = $sql;
                        return TRUE;
                    } elseif ($string_start == '`' || $sql[$i-1] != '\\') {
                        // Backquotes or no backslashes before
                        // quotes: it's indeed the end of the
                        // string -> exit the loop
                        $string_start      = '';
                        $in_string         = FALSE;
                        break;
                    } else {
                        // one or more Backslashes before the presumed
                        // end of string...
                        // first checks for escaped backslashes
                        $j                     = 2;
                        $escaped_backslash     = FALSE;
                        while ($i-$j > 0 && $sql[$i-$j] == '\\') {
                            $escaped_backslash = !$escaped_backslash;
                            $j++;
                        }
                        // ... if escaped backslashes: it's really the
                        // end of the string -> exit the loop
                        if ($escaped_backslash) {
                            $string_start  = '';
                            $in_string     = FALSE;
                            break;
                        } else {
                            // ... else loop
                            $i++;
                        }
                    }
                }
            } elseif ($char == ';') {
                // We are not in a string, first check for delimiter...
                // if delimiter found, add the parsed part to the returned array
                $ret[]    = substr($sql, 0, $i);
                $sql      = ltrim(substr($sql, min($i + 1, $sql_len)));
                $sql_len  = strlen($sql);
                if ($sql_len) {
                    $i      = -1;
                } else {
                    // The submited statement(s) end(s) here
                    return TRUE;
                }
            } elseif (($char == '"') || ($char == '\'') || ($char == '`')) {
                // ... then check for start of a string,...
                $in_string    = TRUE;
                $string_start = $char;
            } elseif ($char == '#' || ($char == ' ' && $i > 1 && $sql[$i-2] . $sql[$i-1] == '--')) {
                // for start of a comment (and remove this comment if found)...
                // starting position of the comment depends on the comment type
                $start_of_comment = (($sql[$i] == '#') ? $i : $i-2);
                // if no "\n" exits in the remaining string, checks for "\r"
                // (Mac eol style)
                $end_of_comment   = (strpos(' ' . $sql, "\012", $i+2))
                    ? strpos(' ' . $sql, "\012", $i+2)
                    : strpos(' ' . $sql, "\015", $i+2);
                if (!$end_of_comment) {
                    // no eol found after '#', add the parsed part to the returned
                    // array and exit
                    // RMV fix for comments at end of file
                    $last = trim(substr($sql, 0, $i-1));
                    if (!empty($last)) {
                        $ret[] = $last;
                    }
                    return TRUE;
                } else {
                    $sql     = substr($sql, 0, $start_of_comment) . ltrim(substr($sql, $end_of_comment));
                    $sql_len = strlen($sql);
                    $i--;
                }
            }
        }

        // add any rest to the returned array
        if (!empty($sql) && trim($sql) != '') {
            $ret[] = $sql;
        }
        return TRUE;
    }

    /**
     * add a prefix.'_' to all tablenames in a query
     *
     * @param   string  $query  valid SQL query string
     * @param   string  $prefix prefix to add to all table names
     * @return  mixed   FALSE on failure
     */
    static public function prefixQuery($query, $prefix) {
        $pattern = "/^(INSERT INTO|CREATE TABLE|ALTER TABLE|UPDATE)(\s)+([`]?)([^`\s]+)\\3(\s)+/siU";
        $pattern2 = "/^(DROP TABLE)(\s)+([`]?)([^`\s]+)\\3(\s)?$/siU";
        if (preg_match($pattern, $query, $matches) || preg_match($pattern2, $query, $matches)) {
            $replace = "\\1 " . $prefix . "_\\4\\5";
            $matches[0] = preg_replace($pattern, $replace, $query);
            return $matches;
        }
        return FALSE;
    }

    /**
     * Determine if the SQL string is safe
     *
     * @see ProtectorMySQLDatabase::checkSql()
     *
     * @param string $sql
     * @return bool
     */
    static public function checkSQL($sql) {
        /* use Protector's db layer to prevent SQLi
         * Make sure Protector is loaded
         */
        if (defined('XOOPS_DB_ALTERNATIVE') && class_exists(XOOPS_DB_ALTERNATIVE)) {
            $class = XOOPS_DB_ALTERNATIVE;
            $protectorDB = new $class();
            $sql4check = substr($sql, 7) ;
            foreach ($protectorDB->doubtful_needles as $needle) {
                if (stristr($sql4check, $needle)) {
                    $protectorDB->checkSql($sql) ; // if this finds an injection attempt, it exits
                    break;
                }
            }
        }
        
        /* Protector preload is not loaded, so we cannot check.
         * Or, the checks have succeeded and there are no detected injections
         * Return true */
        return true;
    }
}
API documentation generated by ApiGen