bug #2961609 Potential information disclosure at login page
[phpmyadmin/dkf.git] / index.php
blobef0f8304a83e3f31a948cfa1fc73ff0ec73fd89d
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * forms frameset
6 * @version $Id$
7 * @uses $GLOBALS['strNoFrames']
8 * @uses $GLOBALS['cfg']['QueryHistoryDB']
9 * @uses $GLOBALS['cfg']['Server']['user']
10 * @uses $GLOBALS['cfg']['DefaultTabServer'] as src for the mainframe
11 * @uses $GLOBALS['cfg']['DefaultTabDatabase'] as src for the mainframe
12 * @uses $GLOBALS['cfg']['NaviWidth'] for navi frame width
13 * @uses $GLOBALS['collation_connection'] from $_REQUEST (grab_globals.lib.php)
14 * or common.inc.php
15 * @uses $GLOBALS['available_languages'] from common.inc.php (select_lang.lib.php)
16 * @uses $GLOBALS['db']
17 * @uses $GLOBALS['charset']
18 * @uses $GLOBALS['lang']
19 * @uses $GLOBALS['text_dir']
20 * @uses $_ENV['HTTP_HOST']
21 * @uses PMA_getRelationsParam()
22 * @uses PMA_purgeHistory()
23 * @uses PMA_generate_common_url()
24 * @uses PMA_VERSION
25 * @uses session_write_close()
26 * @uses time()
27 * @uses PMA_getenv()
28 * @uses header() to send charset
29 * @package phpMyAdmin
32 /**
33 * Gets core libraries and defines some variables
35 require_once './libraries/common.inc.php';
37 /**
38 * Includes the ThemeManager if it hasn't been included yet
40 require_once './libraries/relation.lib.php';
42 // free the session file, for the other frames to be loaded
43 session_write_close();
45 // Gets the host name
46 if (empty($HTTP_HOST)) {
47 if (PMA_getenv('HTTP_HOST')) {
48 $HTTP_HOST = PMA_getenv('HTTP_HOST');
49 } else {
50 $HTTP_HOST = '';
55 // purge querywindow history
56 $cfgRelation = PMA_getRelationsParam();
57 if ($GLOBALS['cfg']['QueryHistoryDB'] && $cfgRelation['historywork']) {
58 PMA_purgeHistory($GLOBALS['cfg']['Server']['user']);
60 unset($cfgRelation);
63 /**
64 * pass variables to child pages
66 $drops = array('lang', 'server', 'convcharset', 'collation_connection',
67 'db', 'table');
69 foreach ($drops as $each_drop) {
70 if (array_key_exists($each_drop, $_GET)) {
71 unset($_GET[$each_drop]);
74 unset($drops, $each_drop);
76 if (! strlen($GLOBALS['db'])) {
77 $main_target = $GLOBALS['cfg']['DefaultTabServer'];
78 } elseif (! strlen($GLOBALS['table'])) {
79 $_GET['db'] = $GLOBALS['db'];
80 $main_target = $GLOBALS['cfg']['DefaultTabDatabase'];
81 } else {
82 $_GET['db'] = $GLOBALS['db'];
83 $_GET['table'] = $GLOBALS['table'];
84 $main_target = $GLOBALS['cfg']['DefaultTabTable'];
87 $url_query = PMA_generate_common_url($_GET);
89 if (isset($GLOBALS['target']) && is_string($GLOBALS['target']) && !empty($GLOBALS['target']) && in_array($GLOBALS['target'], $goto_whitelist)) {
90 $main_target = $GLOBALS['target'];
93 $main_target .= $url_query;
95 $lang_iso_code = $GLOBALS['available_languages'][$GLOBALS['lang']][2];
98 // start output
99 header('Content-Type: text/html; charset=' . $GLOBALS['charset']);
101 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN"
102 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
103 <html xmlns="http://www.w3.org/1999/xhtml"
104 xml:lang="<?php echo $lang_iso_code; ?>"
105 lang="<?php echo $lang_iso_code; ?>"
106 dir="<?php echo $GLOBALS['text_dir']; ?>">
107 <head>
108 <link rel="icon" href="./favicon.ico" type="image/x-icon" />
109 <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
110 <title>phpMyAdmin <?php echo PMA_VERSION; ?> -
111 <?php echo htmlspecialchars($HTTP_HOST); ?></title>
112 <meta http-equiv="Content-Type"
113 content="text/html; charset=<?php echo $GLOBALS['charset']; ?>" />
114 <meta name="robots" content="noindex,nofollow" />
115 <script type="text/javascript">
116 // <![CDATA[
117 // definitions used in common.js
118 var common_query = '<?php echo PMA_escapeJsString(PMA_generate_common_url('', '', '&'));?>';
119 var opendb_url = '<?php echo PMA_escapeJsString($GLOBALS['cfg']['DefaultTabDatabase']); ?>';
120 var safari_browser = <?php echo PMA_USR_BROWSER_AGENT == 'SAFARI' ? 'true' : 'false' ?>;
121 var querywindow_height = <?php echo PMA_escapeJsString($GLOBALS['cfg']['QueryWindowHeight']); ?>;
122 var querywindow_width = <?php echo PMA_escapeJsString($GLOBALS['cfg']['QueryWindowWidth']); ?>;
123 var collation_connection = '<?php echo PMA_escapeJsString($GLOBALS['collation_connection']); ?>';
124 var lang = '<?php echo PMA_escapeJsString($GLOBALS['lang']); ?>';
125 var server = '<?php echo PMA_escapeJsString($GLOBALS['server']); ?>';
126 var table = '<?php echo PMA_escapeJsString($GLOBALS['table']); ?>';
127 var db = '<?php echo PMA_escapeJsString($GLOBALS['db']); ?>';
128 var token = '<?php echo PMA_escapeJsString($_SESSION[' PMA_token ']); ?>';
129 var text_dir = '<?php echo PMA_escapeJsString($GLOBALS['text_dir']); ?>';
130 var pma_absolute_uri = '<?php echo PMA_escapeJsString($GLOBALS['cfg']['PmaAbsoluteUri']); ?>';
131 var pma_text_default_tab = '<?php echo PMA_escapeJsString(PMA_getTitleForTarget($GLOBALS['cfg']['DefaultTabTable'])); ?>';
132 var pma_text_left_default_tab = '<?php echo PMA_escapeJsString(PMA_getTitleForTarget($GLOBALS['cfg']['LeftDefaultTabTable'])); ?>';
134 // for content and navigation frames
136 var frame_content = 0;
137 var frame_navigation = 0;
138 function getFrames() {
139 <?php if ($GLOBALS['text_dir'] === 'ltr') { ?>
140 frame_content = window.frames[1];
141 frame_navigation = window.frames[0];
142 <?php } else { ?>
143 frame_content = window.frames[0];
144 frame_navigation = window.frames[1];
145 <?php } ?>
147 var onloadCnt = 0;
148 var onLoadHandler = window.onload;
149 window.onload = function() {
150 if (onloadCnt == 0) {
151 if (typeof(onLoadHandler) == "function") {
152 onLoadHandler();
154 if (typeof(getFrames) != 'undefined' && typeof(getFrames) == 'function') {
155 getFrames();
157 onloadCnt++;
160 // ]]>
161 </script>
162 <script src="./js/common.js" type="text/javascript"></script>
163 </head>
164 <frameset cols="<?php
165 if ($GLOBALS['text_dir'] === 'rtl') {
166 echo '*,';
168 echo $GLOBALS['cfg']['NaviWidth'];
169 if ($GLOBALS['text_dir'] === 'ltr') {
170 echo ',*';
172 ?>" rows="*" id="mainFrameset">
173 <?php if ($GLOBALS['text_dir'] === 'ltr') { ?>
174 <frame frameborder="0" id="frame_navigation"
175 src="navigation.php<?php echo $url_query; ?>"
176 name="frame_navigation" />
177 <?php } ?>
178 <frame frameborder="0" id="frame_content"
179 src="<?php echo $main_target; ?>"
180 name="frame_content" />
181 <?php if ($GLOBALS['text_dir'] === 'rtl') { ?>
182 <frame frameborder="0" id="frame_navigation"
183 src="navigation.php<?php echo $url_query; ?>"
184 name="frame_navigation" />
185 <?php } ?>
186 <noframes>
187 <body>
188 <p><?php echo $GLOBALS['strNoFrames']; ?></p>
189 </body>
190 </noframes>
191 </frameset>
192 </html>