bug #2961609 Potential information disclosure at login page
[phpmyadmin/dkf.git] / tbl_create.php
blob0390c03c0eec983c0836874574ee407ab51de0df
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * @uses $cfg['DefaultTabDatabase']
5 * @uses $GLOBALS['table']
6 * @uses $GLOBALS['db']
7 * @uses $strTableEmpty
8 * @uses $strTableAlreadyExists
9 * @uses $strTable
10 * @uses $strTableHasBeenCreated
11 * @uses PMA_Table::generateFieldSpec()
12 * @uses PMA_checkParameters()
13 * @uses PMA_generateCharsetQueryPart()
14 * @uses PMA_sqlAddslashes()
15 * @uses PMA_DBI_try_query()
16 * @uses PMA_getRelationsParam()
17 * @uses PMA_setMIME()
18 * @uses PMA_mysqlDie()
19 * @uses PMA_generate_common_url()
20 * @uses PMA_DBI_get_columns()
21 * @uses PMA_DBI_select_db()
22 * @uses PMA_backquote()
23 * @uses $_REQUEST['do_save_data']
24 * @uses $_REQUEST['submit_num_fields']
25 * @uses $_REQUEST['orig_num_fields']
26 * @uses $_REQUEST['added_fields']
27 * @uses $_REQUEST['num_fields']
28 * @uses preg_replace()
29 * @uses count()
30 * @uses is_array()
31 * @uses strlen()
32 * @uses sprintf()
33 * @uses htmlspecialchars()
34 * @version $Id$
35 * @package phpMyAdmin
38 /**
39 * Get some core libraries
41 require_once './libraries/common.inc.php';
42 require_once './libraries/Table.class.php';
44 $GLOBALS['js_include'][] = 'functions.js';
46 require_once './libraries/header.inc.php';
48 // Check parameters
49 // @todo PMA_checkParameters does not check db and table proper with strlen()
50 PMA_checkParameters(array('db', 'table'));
52 /**
53 * Defines the url to return to in case of error in a sql statement
55 if (! strlen($table)) {
56 // No table name
57 PMA_mysqlDie($strTableEmpty, '', '',
58 'db_structure.php?' . PMA_generate_common_url($db));
59 } elseif (PMA_DBI_get_columns($db, $table)) {
60 // table exists already
61 PMA_mysqlDie(sprintf($strTableAlreadyExists, htmlspecialchars($table)), '',
62 '', 'db_structure.php?' . PMA_generate_common_url($db));
65 $err_url = 'tbl_create.php?' . PMA_generate_common_url($db, $table);
67 // check number of fields to be created
68 if (isset($_REQUEST['submit_num_fields'])) {
69 $regenerate = true; // for libraries/tbl_properties.inc.php
70 $num_fields = $_REQUEST['orig_num_fields'] + $_REQUEST['added_fields'];
71 } elseif (isset($_REQUEST['num_fields']) && intval($_REQUEST['num_fields']) > 0) {
72 $num_fields = (int) $_REQUEST['num_fields'];
73 } else {
74 $num_fields = 2;
77 /**
78 * Selects the database to work with
80 PMA_DBI_select_db($db);
82 /**
83 * The form used to define the structure of the table has been submitted
85 if (isset($_REQUEST['do_save_data'])) {
86 $sql_query = '';
88 // Transforms the radio button field_key into 3 arrays
89 $field_cnt = count($_REQUEST['field_name']);
90 for ($i = 0; $i < $field_cnt; ++$i) {
91 if (isset($_REQUEST['field_key'][$i])) {
92 if ($_REQUEST['field_key'][$i] == 'primary_' . $i) {
93 $field_primary[] = $i;
95 if ($_REQUEST['field_key'][$i] == 'index_' . $i) {
96 $field_index[] = $i;
98 if ($_REQUEST['field_key'][$i] == 'unique_' . $i) {
99 $field_unique[] = $i;
101 } // end if
102 } // end for
104 // Builds the fields creation statements
105 for ($i = 0; $i < $field_cnt; $i++) {
106 // '0' is also empty for php :-(
107 if (empty($_REQUEST['field_name'][$i]) && $_REQUEST['field_name'][$i] != '0') {
108 continue;
111 $query = PMA_Table::generateFieldSpec(
112 $_REQUEST['field_name'][$i],
113 $_REQUEST['field_type'][$i],
114 $_REQUEST['field_length'][$i],
115 $_REQUEST['field_attribute'][$i],
116 isset($_REQUEST['field_collation'][$i])
117 ? $_REQUEST['field_collation'][$i]
118 : '',
119 isset($_REQUEST['field_null'][$i])
120 ? $_REQUEST['field_null'][$i]
121 : 'NOT NULL',
122 $_REQUEST['field_default_type'][$i],
123 $_REQUEST['field_default_value'][$i],
124 isset($_REQUEST['field_extra'][$i])
125 ? $_REQUEST['field_extra'][$i]
126 : false,
127 isset($_REQUEST['field_comments'][$i])
128 ? $_REQUEST['field_comments'][$i]
129 : '',
130 $field_primary,
131 $i);
133 $query .= ', ';
134 $sql_query .= $query;
135 } // end for
136 unset($field_cnt, $query);
137 $sql_query = preg_replace('@, $@', '', $sql_query);
139 // Builds the primary keys statements
140 $primary = '';
141 $primary_cnt = (isset($field_primary) ? count($field_primary) : 0);
142 for ($i = 0; $i < $primary_cnt; $i++) {
143 $j = $field_primary[$i];
144 if (isset($_REQUEST['field_name'][$j]) && strlen($_REQUEST['field_name'][$j])) {
145 $primary .= PMA_backquote($_REQUEST['field_name'][$j]) . ', ';
147 } // end for
148 unset($primary_cnt);
149 $primary = preg_replace('@, $@', '', $primary);
150 if (strlen($primary)) {
151 $sql_query .= ', PRIMARY KEY (' . $primary . ')';
153 unset($primary);
155 // Builds the indexes statements
156 $index = '';
157 $index_cnt = (isset($field_index) ? count($field_index) : 0);
158 for ($i = 0;$i < $index_cnt; $i++) {
159 $j = $field_index[$i];
160 if (isset($_REQUEST['field_name'][$j]) && strlen($_REQUEST['field_name'][$j])) {
161 $index .= PMA_backquote($_REQUEST['field_name'][$j]) . ', ';
163 } // end for
164 unset($index_cnt);
165 $index = preg_replace('@, $@', '', $index);
166 if (strlen($index)) {
167 $sql_query .= ', INDEX (' . $index . ')';
169 unset($index);
171 // Builds the uniques statements
172 $unique = '';
173 $unique_cnt = (isset($field_unique) ? count($field_unique) : 0);
174 for ($i = 0; $i < $unique_cnt; $i++) {
175 $j = $field_unique[$i];
176 if (isset($_REQUEST['field_name'][$j]) && strlen($_REQUEST['field_name'][$j])) {
177 $unique .= PMA_backquote($_REQUEST['field_name'][$j]) . ', ';
179 } // end for
180 unset($unique_cnt);
181 $unique = preg_replace('@, $@', '', $unique);
182 if (strlen($unique)) {
183 $sql_query .= ', UNIQUE (' . $unique . ')';
185 unset($unique);
187 // Builds the FULLTEXT statements
188 $fulltext = '';
189 $fulltext_cnt = (isset($field_fulltext) ? count($field_fulltext) : 0);
190 for ($i = 0; $i < $fulltext_cnt; $i++) {
191 $j = $field_fulltext[$i];
192 if (isset($_REQUEST['field_name'][$j]) && strlen($_REQUEST['field_name'][$j])) {
193 $fulltext .= PMA_backquote($_REQUEST['field_name'][$j]) . ', ';
195 } // end for
197 $fulltext = preg_replace('@, $@', '', $fulltext);
198 if (strlen($fulltext)) {
199 $sql_query .= ', FULLTEXT (' . $fulltext . ')';
201 unset($fulltext);
203 // Builds the 'create table' statement
204 $sql_query = 'CREATE TABLE ' . PMA_backquote($db) . '.' . PMA_backquote($table)
205 . ' (' . $sql_query . ')';
207 // Adds table type, character set, comments and partition definition
208 if (!empty($_REQUEST['tbl_type']) && ($_REQUEST['tbl_type'] != 'Default')) {
209 $sql_query .= ' ENGINE = ' . $_REQUEST['tbl_type'];
211 if (!empty($_REQUEST['tbl_collation'])) {
212 $sql_query .= PMA_generateCharsetQueryPart($_REQUEST['tbl_collation']);
214 if (!empty($_REQUEST['comment'])) {
215 $sql_query .= ' COMMENT = \'' . PMA_sqlAddslashes($_REQUEST['comment']) . '\'';
217 if (!empty($_REQUEST['partition_definition'])) {
218 $sql_query .= ' ' . PMA_sqlAddslashes($_REQUEST['partition_definition']);
220 $sql_query .= ';';
222 // Executes the query
223 $result = PMA_DBI_try_query($sql_query);
225 if ($result) {
227 // garvin: If comments were sent, enable relation stuff
228 require_once './libraries/relation.lib.php';
229 require_once './libraries/transformations.lib.php';
231 // garvin: Update comment table for mime types [MIME]
232 if (isset($_REQUEST['field_mimetype'])
233 && is_array($_REQUEST['field_mimetype'])
234 && $cfg['BrowseMIME']) {
235 foreach ($_REQUEST['field_mimetype'] as $fieldindex => $mimetype) {
236 if (isset($_REQUEST['field_name'][$fieldindex])
237 && strlen($_REQUEST['field_name'][$fieldindex])) {
238 PMA_setMIME($db, $table, $_REQUEST['field_name'][$fieldindex], $mimetype,
239 $_REQUEST['field_transformation'][$fieldindex],
240 $_REQUEST['field_transformation_options'][$fieldindex]);
245 $message = PMA_Message::success('strTableHasBeenCreated');
246 $message->addParam(PMA_backquote($db) . '.' . PMA_backquote($table));
248 $display_query = $sql_query;
249 $sql_query = '';
251 // read table info on this newly created table, in case
252 // the next page is Structure
253 $reread_info = true;
254 require './libraries/tbl_info.inc.php';
256 // do not switch to sql.php - as there is no row to be displayed on a new table
257 if ($cfg['DefaultTabTable'] === 'sql.php') {
258 require './tbl_structure.php';
259 } else {
260 require './' . $cfg['DefaultTabTable'];
262 exit;
263 } else {
264 PMA_mysqlDie('', '', '', $err_url, false);
265 // garvin: An error happened while inserting/updating a table definition.
266 // to prevent total loss of that data, we embed the form once again.
267 // The variable $regenerate will be used to restore data in libraries/tbl_properties.inc.php
268 $num_fields = $_REQUEST['orig_num_fields'];
269 $regenerate = true;
271 } // end do create table
274 * Displays the form used to define the structure of the table
276 $action = 'tbl_create.php';
277 require './libraries/tbl_properties.inc.php';
278 // Displays the footer
279 require_once './libraries/footer.inc.php';