__ __ __ __ _____ _ _ _____ _ _ _ | \/ | \ \ / / | __ \ (_) | | / ____| | | | | | \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | | | |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | | | | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | | |_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1 if you need WebShell for Seo everyday contact me on Telegram Telegram Address : @jackleetFor_More_Tools:
<?php
/**
* This class includes various sanitization methods that can be called statically
*/
declare(strict_types=1);
namespace PhpMyAdmin;
use PhpMyAdmin\Html\MySQLDocumentation;
use function __;
use function array_keys;
use function array_merge;
use function count;
use function htmlspecialchars;
use function in_array;
use function is_array;
use function is_bool;
use function is_int;
use function is_string;
use function preg_match;
use function preg_replace;
use function preg_replace_callback;
use function str_replace;
use function str_starts_with;
use function strlen;
use function strtolower;
use function strtr;
use function substr;
/**
* This class includes various sanitization methods that can be called statically
*/
class Sanitize
{
/**
* Checks whether given link is valid
*
* @param string $url URL to check
* @param bool $http Whether to allow http links
* @param bool $other Whether to allow ftp and mailto links
*/
public static function checkLink($url, $http = false, $other = false): bool
{
$url = strtolower($url);
$valid_starts = [
'https://',
'./url.php?url=https%3a%2f%2f',
'./doc/html/',
'./index.php?',
];
$is_setup = self::isSetup();
// Adjust path to setup script location
if ($is_setup) {
foreach ($valid_starts as $key => $value) {
if (substr($value, 0, 2) !== './') {
continue;
}
$valid_starts[$key] = '.' . $value;
}
}
if ($other) {
$valid_starts[] = 'mailto:';
$valid_starts[] = 'ftp://';
}
if ($http) {
$valid_starts[] = 'http://';
}
if ($is_setup) {
$valid_starts[] = '?page=form&';
$valid_starts[] = '?page=servers&';
}
foreach ($valid_starts as $val) {
if (substr($url, 0, strlen($val)) == $val) {
return true;
}
}
return false;
}
/**
* Check if we are currently on a setup folder page
*/
public static function isSetup(): bool
{
return $GLOBALS['config'] !== null && $GLOBALS['config']->get('is_setup');
}
/**
* Callback function for replacing [a@link@target] links in bb code.
*
* @param array $found Array of preg matches
*
* @return string Replaced string
*/
public static function replaceBBLink(array $found)
{
/* Check for valid link */
if (! self::checkLink($found[1])) {
return $found[0];
}
/* a-z and _ allowed in target */
if (! empty($found[3]) && preg_match('/[^a-z_]+/i', $found[3])) {
return $found[0];
}
/* Construct target */
$target = '';
if (! empty($found[3])) {
$target = ' target="' . $found[3] . '"';
if ($found[3] === '_blank') {
$target .= ' rel="noopener noreferrer"';
}
}
/* Construct url */
if (substr($found[1], 0, 4) === 'http') {
$url = Core::linkURL($found[1]);
} else {
$url = $found[1];
}
return '<a href="' . $url . '"' . $target . '>';
}
/**
* Callback function for replacing [doc@anchor] links in bb code.
*
* @param string[] $found Array of preg matches
*/
public static function replaceDocLink(array $found): string
{
if (count($found) >= 4) {
/* doc@page@anchor pattern */
$page = $found[1];
$anchor = $found[3];
} else {
/* doc@anchor pattern */
$anchor = $found[1];
if (str_starts_with($anchor, 'faq')) {
$page = 'faq';
} elseif (str_starts_with($anchor, 'cfg')) {
$page = 'config';
} else {
/* Guess */
$page = 'setup';
}
}
$link = MySQLDocumentation::getDocumentationLink($page, $anchor, self::isSetup() ? '../' : './');
return '<a href="' . $link . '" target="documentation">';
}
/**
* Sanitizes $message, taking into account our special codes
* for formatting.
*
* If you want to include result in element attribute, you should escape it.
*
* Examples:
*
* <p><?php echo Sanitize::sanitizeMessage($foo); ?></p>
*
* <a title="<?php echo Sanitize::sanitizeMessage($foo, true); ?>">bar</a>
*
* @param string $message the message
* @param bool $escape whether to escape html in result
* @param bool $safe whether string is safe (can keep < and > chars)
*/
public static function sanitizeMessage(string $message, $escape = false, $safe = false): string
{
if (! $safe) {
$message = strtr($message, ['<' => '<', '>' => '>']);
}
/* Interpret bb code */
$replace_pairs = [
'[em]' => '<em>',
'[/em]' => '</em>',
'[strong]' => '<strong>',
'[/strong]' => '</strong>',
'[code]' => '<code>',
'[/code]' => '</code>',
'[kbd]' => '<kbd>',
'[/kbd]' => '</kbd>',
'[br]' => '<br>',
'[/a]' => '</a>',
'[/doc]' => '</a>',
'[sup]' => '<sup>',
'[/sup]' => '</sup>',
'[conferr]' => '<iframe src="show_config_errors.php"><a href='
. '"show_config_errors.php">show_config_errors.php</a></iframe>',
// used in libraries/Util.php
'[dochelpicon]' => Html\Generator::getImage('b_help', __('Documentation')),
];
$message = strtr($message, $replace_pairs);
/* Match links in bb code ([a@url@target], where @target is options) */
$pattern = '/\[a@([^]"@]*)(@([^]"]*))?\]/';
/* Find and replace all links */
$message = (string) preg_replace_callback($pattern, static function (array $match) {
return self::replaceBBLink($match);
}, $message);
/* Replace documentation links */
$message = (string) preg_replace_callback(
'/\[doc@([a-zA-Z0-9_-]+)(@([a-zA-Z0-9_-]*))?\]/',
/** @param string[] $match */
static function (array $match): string {
return self::replaceDocLink($match);
},
$message
);
/* Possibly escape result */
if ($escape) {
$message = htmlspecialchars($message);
}
return $message;
}
/**
* Sanitize a filename by removing anything besides legit characters
*
* Intended usecase:
* When using a filename in a Content-Disposition header
* the value should not contain ; or "
*
* When exporting, avoiding generation of an unexpected double-extension file
*
* @param string $filename The filename
* @param bool $replaceDots Whether to also replace dots
*
* @return string the sanitized filename
*/
public static function sanitizeFilename($filename, $replaceDots = false)
{
$pattern = '/[^A-Za-z0-9_';
// if we don't have to replace dots
if (! $replaceDots) {
// then add the dot to the list of legit characters
$pattern .= '.';
}
$pattern .= '-]/';
$filename = preg_replace($pattern, '_', $filename);
return $filename;
}
/**
* Format a string so it can be a string inside JavaScript code inside an
* eventhandler (onclick, onchange, on..., ).
* This function is used to displays a javascript confirmation box for
* "DROP/DELETE/ALTER" queries.
*
* @param string $a_string the string to format
* @param bool $add_backquotes whether to add backquotes to the string or not
*
* @return string the formatted string
*/
public static function jsFormat($a_string = '', $add_backquotes = true)
{
$a_string = htmlspecialchars((string) $a_string);
$a_string = self::escapeJsString($a_string);
// Needed for inline javascript to prevent some browsers
// treating it as a anchor
$a_string = str_replace('#', '\\#', $a_string);
return $add_backquotes
? Util::backquote($a_string)
: $a_string;
}
/**
* escapes a string to be inserted as string a JavaScript block
* enclosed by <![CDATA[ ... ]]>
* this requires only to escape ' with \' and end of script block
*
* We also remove NUL byte as some browsers (namely MSIE) ignore it and
* inserting it anywhere inside </script would allow to bypass this check.
*
* @param string $string the string to be escaped
*
* @return string the escaped string
*/
public static function escapeJsString($string)
{
return preg_replace(
'@</script@i',
'</\' + \'script',
strtr(
(string) $string,
[
"\000" => '',
'\\' => '\\\\',
'\'' => '\\\'',
'"' => '\"',
"\n" => '\n',
"\r" => '\r',
]
)
);
}
/**
* Formats a value for javascript code.
*
* @param string|bool|int $value String to be formatted.
*
* @return int|string formatted value.
*/
public static function formatJsVal($value)
{
if (is_bool($value)) {
if ($value) {
return 'true';
}
return 'false';
}
if (is_int($value)) {
return $value;
}
return '"' . self::escapeJsString($value) . '"';
}
/**
* Formats an javascript assignment with proper escaping of a value
* and support for assigning array of strings.
*
* @param string $key Name of value to set
* @param mixed $value Value to set, can be either string or array of strings
* @param bool $escape Whether to escape value or keep it as it is
* (for inclusion of js code)
*
* @return string Javascript code.
*/
public static function getJsValue($key, $value, $escape = true)
{
$result = $key . ' = ';
if (! $escape) {
$result .= $value;
} elseif (is_array($value)) {
$result .= '[';
foreach ($value as $val) {
$result .= self::formatJsVal($val) . ',';
}
$result .= "];\n";
} else {
$result .= self::formatJsVal($value) . ";\n";
}
return $result;
}
/**
* Removes all variables from request except allowed ones.
*
* @param string[] $allowList list of variables to allow
*/
public static function removeRequestVars(&$allowList): void
{
// do not check only $_REQUEST because it could have been overwritten
// and use type casting because the variables could have become
// strings
$keys = array_keys(
array_merge((array) $_REQUEST, (array) $_GET, (array) $_POST, (array) $_COOKIE)
);
foreach ($keys as $key) {
if (! in_array($key, $allowList)) {
unset($_REQUEST[$key], $_GET[$key], $_POST[$key]);
continue;
}
// allowed stuff could be compromised so escape it
// we require it to be a string
if (isset($_REQUEST[$key]) && ! is_string($_REQUEST[$key])) {
unset($_REQUEST[$key]);
}
if (isset($_POST[$key]) && ! is_string($_POST[$key])) {
unset($_POST[$key]);
}
if (isset($_COOKIE[$key]) && ! is_string($_COOKIE[$key])) {
unset($_COOKIE[$key]);
}
if (! isset($_GET[$key]) || is_string($_GET[$key])) {
continue;
}
unset($_GET[$key]);
}
}
}
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| Charsets | Folder | 0755 |
|
|
| Command | Folder | 0755 |
|
|
| Config | Folder | 0755 |
|
|
| ConfigStorage | Folder | 0755 |
|
|
| Controllers | Folder | 0755 |
|
|
| Crypto | Folder | 0755 |
|
|
| Database | Folder | 0755 |
|
|
| Dbal | Folder | 0755 |
|
|
| Display | Folder | 0755 |
|
|
| Engines | Folder | 0755 |
|
|
| Exceptions | Folder | 0755 |
|
|
| Export | Folder | 0755 |
|
|
| Gis | Folder | 0755 |
|
|
| Html | Folder | 0755 |
|
|
| Http | Folder | 0755 |
|
|
| Image | Folder | 0755 |
|
|
| Import | Folder | 0755 |
|
|
| Navigation | Folder | 0755 |
|
|
| Partitioning | Folder | 0755 |
|
|
| Plugins | Folder | 0755 |
|
|
| Properties | Folder | 0755 |
|
|
| Providers | Folder | 0755 |
|
|
| Query | Folder | 0755 |
|
|
| Server | Folder | 0755 |
|
|
| Setup | Folder | 0755 |
|
|
| Table | Folder | 0755 |
|
|
| Twig | Folder | 0755 |
|
|
| Utils | Folder | 0755 |
|
|
| WebAuthn | Folder | 0755 |
|
|
| Advisor.php | File | 12.32 KB | 0644 |
|
| Bookmark.php | File | 9.19 KB | 0644 |
|
| BrowseForeigners.php | File | 10.63 KB | 0644 |
|
| Cache.php | File | 1.5 KB | 0644 |
|
| Charsets.php | File | 6.82 KB | 0644 |
|
| CheckUserPrivileges.php | File | 11.3 KB | 0644 |
|
| Common.php | File | 19.4 KB | 0644 |
|
| Config.php | File | 41.65 KB | 0644 |
|
| Console.php | File | 3.25 KB | 0644 |
|
| Core.php | File | 28.91 KB | 0644 |
|
| CreateAddField.php | File | 15.83 KB | 0644 |
|
| DatabaseInterface.php | File | 71.73 KB | 0644 |
|
| DbTableExists.php | File | 2.86 KB | 0644 |
|
| Encoding.php | File | 8.41 KB | 0644 |
|
| Error.php | File | 13.63 KB | 0644 |
|
| ErrorHandler.php | File | 18.31 KB | 0644 |
|
| ErrorReport.php | File | 8.99 KB | 0644 |
|
| Export.php | File | 45.7 KB | 0644 |
|
| FieldMetadata.php | File | 11.11 KB | 0644 |
|
| File.php | File | 19.75 KB | 0644 |
|
| FileListing.php | File | 2.88 KB | 0644 |
|
| FlashMessages.php | File | 1.22 KB | 0644 |
|
| Font.php | File | 5.58 KB | 0644 |
|
| Footer.php | File | 8.06 KB | 0644 |
|
| Git.php | File | 18 KB | 0644 |
|
| Header.php | File | 20 KB | 0644 |
|
| Import.php | File | 48.72 KB | 0644 |
|
| Index.php | File | 14.83 KB | 0644 |
|
| IndexColumn.php | File | 4.75 KB | 0644 |
|
| InsertEdit.php | File | 89.05 KB | 0644 |
|
| InternalRelations.php | File | 17.31 KB | 0644 |
|
| IpAllowDeny.php | File | 9.13 KB | 0644 |
|
| Language.php | File | 4.47 KB | 0644 |
|
| LanguageManager.php | File | 22.74 KB | 0644 |
|
| Linter.php | File | 4.99 KB | 0644 |
|
| ListAbstract.php | File | 1.67 KB | 0644 |
|
| ListDatabase.php | File | 4.11 KB | 0644 |
|
| Logging.php | File | 2.69 KB | 0644 |
|
| Menu.php | File | 20.4 KB | 0644 |
|
| Message.php | File | 18.68 KB | 0644 |
|
| Mime.php | File | 927 B | 0644 |
|
| Normalization.php | File | 41.53 KB | 0644 |
|
| OpenDocument.php | File | 8.62 KB | 0644 |
|
| Operations.php | File | 35.11 KB | 0644 |
|
| OutputBuffering.php | File | 4.1 KB | 0644 |
|
| ParseAnalyze.php | File | 2.34 KB | 0644 |
|
| Pdf.php | File | 4.17 KB | 0644 |
|
| Plugins.php | File | 21.83 KB | 0644 |
|
| Profiling.php | File | 2.16 KB | 0644 |
|
| RecentFavoriteTable.php | File | 11.44 KB | 0644 |
|
| Replication.php | File | 4.81 KB | 0644 |
|
| ReplicationGui.php | File | 21.24 KB | 0644 |
|
| ReplicationInfo.php | File | 4.79 KB | 0644 |
|
| ResponseRenderer.php | File | 13.5 KB | 0644 |
|
| Routing.php | File | 6.55 KB | 0644 |
|
| Sanitize.php | File | 11.98 KB | 0644 |
|
| SavedSearches.php | File | 11.33 KB | 0644 |
|
| Scripts.php | File | 3.74 KB | 0644 |
|
| Session.php | File | 8.16 KB | 0644 |
|
| Sql.php | File | 64.01 KB | 0644 |
|
| SqlQueryForm.php | File | 6.74 KB | 0644 |
|
| StorageEngine.php | File | 15.71 KB | 0644 |
|
| SystemDatabase.php | File | 3.98 KB | 0644 |
|
| Table.php | File | 90.33 KB | 0644 |
|
| Template.php | File | 4.5 KB | 0644 |
|
| Theme.php | File | 7.32 KB | 0644 |
|
| ThemeManager.php | File | 7 KB | 0644 |
|
| Tracker.php | File | 30.34 KB | 0644 |
|
| Tracking.php | File | 36.11 KB | 0644 |
|
| Transformations.php | File | 16.31 KB | 0644 |
|
| TwoFactor.php | File | 7.5 KB | 0644 |
|
| Types.php | File | 25.85 KB | 0644 |
|
| Url.php | File | 10.61 KB | 0644 |
|
| UrlRedirector.php | File | 1.74 KB | 0644 |
|
| UserPassword.php | File | 6.86 KB | 0644 |
|
| UserPreferences.php | File | 10.49 KB | 0644 |
|
| Util.php | File | 86.45 KB | 0644 |
|
| Version.php | File | 556 B | 0644 |
|
| VersionInformation.php | File | 7.3 KB | 0644 |
|
| ZipExtension.php | File | 10.33 KB | 0644 |
|