Mr.X

<?php
/**
 * Static methods for URL/hidden inputs generating
 */

declare(strict_types=1);

namespace PhpMyAdmin;

use PhpMyAdmin\Crypto\Crypto;

use function base64_decode;
use function base64_encode;
use function htmlentities;
use function htmlspecialchars;
use function http_build_query;
use function in_array;
use function ini_get;
use function is_array;
use function json_encode;
use function str_contains;
use function strlen;
use function strtr;

/**
 * Static methods for URL/hidden inputs generating
 */
class Url
{
    /**
     * Generates text with hidden inputs.
     *
     * @see Url::getCommon()
     *
     * @param string|array $db     optional database name
     *                             (can also be an array of parameters)
     * @param string       $table  optional table name
     * @param int          $indent indenting level
     * @param string|array $skip   do not generate a hidden field for this parameter
     *                             (can be an array of strings)
     *
     * @return string   string with input fields
     */
    public static function getHiddenInputs(
        $db = '',
        $table = '',
        $indent = 0,
        $skip = []
    ) {
        global $config;

        if (is_array($db)) {
            $params =& $db;
        } else {
            $params = [];
            if (strlen((string) $db) > 0) {
                $params['db'] = $db;
            }

            if (strlen((string) $table) > 0) {
                $params['table'] = $table;
            }
        }

        if (! empty($GLOBALS['server']) && $GLOBALS['server'] != $GLOBALS['cfg']['ServerDefault']) {
            $params['server'] = $GLOBALS['server'];
        }

        if (empty($config->getCookie('pma_lang')) && ! empty($GLOBALS['lang'])) {
            $params['lang'] = $GLOBALS['lang'];
        }

        if (! is_array($skip)) {
            if (isset($params[$skip])) {
                unset($params[$skip]);
            }
        } else {
            foreach ($skip as $skipping) {
                if (! isset($params[$skipping])) {
                    continue;
                }

                unset($params[$skipping]);
            }
        }

        return self::getHiddenFields($params);
    }

    /**
     * create hidden form fields from array with name => value
     *
     * <code>
     * $values = array(
     *     'aaa' => aaa,
     *     'bbb' => array(
     *          'bbb_0',
     *          'bbb_1',
     *     ),
     *     'ccc' => array(
     *          'a' => 'ccc_a',
     *          'b' => 'ccc_b',
     *     ),
     * );
     * echo Url::getHiddenFields($values);
     *
     * // produces:
     * <input type="hidden" name="aaa" Value="aaa">
     * <input type="hidden" name="bbb[0]" Value="bbb_0">
     * <input type="hidden" name="bbb[1]" Value="bbb_1">
     * <input type="hidden" name="ccc[a]" Value="ccc_a">
     * <input type="hidden" name="ccc[b]" Value="ccc_b">
     * </code>
     *
     * @param array  $values   hidden values
     * @param string $pre      prefix
     * @param bool   $is_token if token already added in hidden input field
     *
     * @return string form fields of type hidden
     */
    public static function getHiddenFields(array $values, $pre = '', $is_token = false)
    {
        $fields = '';

        /* Always include token in plain forms */
        if ($is_token === false && isset($_SESSION[' PMA_token '])) {
            $values['token'] = $_SESSION[' PMA_token '];
        }

        foreach ($values as $name => $value) {
            if (! empty($pre)) {
                $name = $pre . '[' . $name . ']';
            }

            if (is_array($value)) {
                $fields .= self::getHiddenFields($value, $name, true);
            } else {
                // do not generate an ending "\n" because
                // Url::getHiddenInputs() is sometimes called
                // from a JS document.write()
                $fields .= '<input type="hidden" name="' . htmlspecialchars((string) $name)
                    . '" value="' . htmlspecialchars((string) $value) . '">';
            }
        }

        return $fields;
    }

    /**
     * Generates text with URL parameters.
     *
     * <code>
     * $params['myparam'] = 'myvalue';
     * $params['db']      = 'mysql';
     * $params['table']   = 'rights';
     * // note the missing ?
     * echo 'script.php' . Url::getCommon($params);
     * // produces with cookies enabled:
     * // script.php?myparam=myvalue&db=mysql&table=rights
     * // with cookies disabled:
     * // script.php?server=1&lang=en&myparam=myvalue&db=mysql
     * // &table=rights
     *
     * // note the missing ?
     * echo 'script.php' . Url::getCommon();
     * // produces with cookies enabled:
     * // script.php
     * // with cookies disabled:
     * // script.php?server=1&lang=en
     * </code>
     *
     * @param array<string,int|string|bool> $params  optional, Contains an associative array with url params
     * @param string                        $divider optional character to use instead of '?'
     * @param bool                          $encrypt whether to encrypt URL params
     *
     * @return string   string with URL parameters
     */
    public static function getCommon(array $params = [], $divider = '?', $encrypt = true)
    {
        return self::getCommonRaw($params, $divider, $encrypt);
    }

    /**
     * Generates text with URL parameters.
     *
     * <code>
     * $params['myparam'] = 'myvalue';
     * $params['db']      = 'mysql';
     * $params['table']   = 'rights';
     * // note the missing ?
     * echo 'script.php' . Url::getCommon($params);
     * // produces with cookies enabled:
     * // script.php?myparam=myvalue&db=mysql&table=rights
     * // with cookies disabled:
     * // script.php?server=1&lang=en&myparam=myvalue&db=mysql
     * // &table=rights
     *
     * // note the missing ?
     * echo 'script.php' . Url::getCommon();
     * // produces with cookies enabled:
     * // script.php
     * // with cookies disabled:
     * // script.php?server=1&lang=en
     * </code>
     *
     * @param array<string|int,int|string|bool> $params  optional, Contains an associative array with url params
     * @param string                            $divider optional character to use instead of '?'
     * @param bool                              $encrypt whether to encrypt URL params
     *
     * @return string   string with URL parameters
     */
    public static function getCommonRaw(array $params = [], $divider = '?', $encrypt = true)
    {
        global $config;

        // avoid overwriting when creating navigation panel links to servers
        if (
            isset($GLOBALS['server'])
            && $GLOBALS['server'] != $GLOBALS['cfg']['ServerDefault']
            && ! isset($params['server'])
            && ! $config->get('is_setup')
        ) {
            $params['server'] = $GLOBALS['server'];
        }

        // Can be null when the user is missing an extension.
        if ($config !== null && empty($config->getCookie('pma_lang')) && ! empty($GLOBALS['lang'])) {
            $params['lang'] = $GLOBALS['lang'];
        }

        $query = self::buildHttpQuery($params, $encrypt);

        if (($divider !== '?' && $divider !== '&') || strlen($query) > 0) {
            return $divider . $query;
        }

        return '';
    }

    /**
     * @param array<int|string, mixed> $params
     * @param bool                     $encrypt whether to encrypt URL params
     *
     * @return string
     */
    public static function buildHttpQuery($params, $encrypt = true)
    {
        global $config;

        $separator = self::getArgSeparator();

        if (! $encrypt || ! $config->get('URLQueryEncryption')) {
            return http_build_query($params, '', $separator);
        }

        $data = $params;
        $keys = [
            'db',
            'table',
            'field',
            'sql_query',
            'sql_signature',
            'where_clause',
            'goto',
            'back',
            'message_to_show',
            'username',
            'hostname',
            'dbname',
            'tablename',
            'checkprivsdb',
            'checkprivstable',
        ];
        $paramsToEncrypt = [];
        foreach ($params as $paramKey => $paramValue) {
            if (! in_array($paramKey, $keys)) {
                continue;
            }

            $paramsToEncrypt[$paramKey] = $paramValue;
            unset($data[$paramKey]);
        }

        if ($paramsToEncrypt !== []) {
            $data['eq'] = self::encryptQuery((string) json_encode($paramsToEncrypt));
        }

        return http_build_query($data, '', $separator);
    }

    public static function encryptQuery(string $query): string
    {
        $crypto = new Crypto();

        return strtr(base64_encode($crypto->encrypt($query)), '+/', '-_');
    }

    public static function decryptQuery(string $query): ?string
    {
        $crypto = new Crypto();

        return $crypto->decrypt(base64_decode(strtr($query, '-_', '+/')));
    }

    /**
     * Returns url separator
     *
     * extracted from arg_separator.input as set in php.ini
     * we do not use arg_separator.output to avoid problems with & and &
     *
     * @param string $encode whether to encode separator or not,
     *                       currently 'none' or 'html'
     *
     * @return string  character used for separating url parts usually ; or &
     */
    public static function getArgSeparator($encode = 'none')
    {
        static $separator = null;
        static $html_separator = null;

        if ($separator === null) {
            // use separators defined by php, but prefer ';'
            // as recommended by W3C
            // (see https://www.w3.org/TR/1999/REC-html401-19991224/appendix
            // /notes.html#h-B.2.2)
            $arg_separator = (string) ini_get('arg_separator.input');
            if (str_contains($arg_separator, ';')) {
                $separator = ';';
            } elseif (strlen($arg_separator) > 0) {
                $separator = $arg_separator[0];
            } else {
                $separator = '&';
            }

            $html_separator = htmlentities($separator);
        }

        switch ($encode) {
            case 'html':
                return $html_separator;

            case 'text':
            case 'none':
            default:
                return $separator;
        }
    }

    /**
     * @param string $route                Route to use
     * @param array  $additionalParameters Additional URL parameters
     */
    public static function getFromRoute(string $route, array $additionalParameters = []): string
    {
        return 'index.php?route=' . $route . self::getCommon($additionalParameters, '&');
    }
}

Name	Type	Size	Permission
Charsets	Folder		0755
Command	Folder		0755
Config	Folder		0755
ConfigStorage	Folder		0755
Controllers	Folder		0755
Crypto	Folder		0755
Database	Folder		0755
Dbal	Folder		0755
Display	Folder		0755
Engines	Folder		0755
Exceptions	Folder		0755
Export	Folder		0755
Gis	Folder		0755
Html	Folder		0755
Http	Folder		0755
Image	Folder		0755
Import	Folder		0755
Navigation	Folder		0755
Partitioning	Folder		0755
Plugins	Folder		0755
Properties	Folder		0755
Providers	Folder		0755
Query	Folder		0755
Server	Folder		0755
Setup	Folder		0755
Table	Folder		0755
Twig	Folder		0755
Utils	Folder		0755
WebAuthn	Folder		0755
Advisor.php	File	12.32 KB	0644
Bookmark.php	File	9.19 KB	0644
BrowseForeigners.php	File	10.63 KB	0644
Cache.php	File	1.5 KB	0644
Charsets.php	File	6.82 KB	0644
CheckUserPrivileges.php	File	11.3 KB	0644
Common.php	File	19.4 KB	0644
Config.php	File	41.65 KB	0644
Console.php	File	3.25 KB	0644
Core.php	File	28.91 KB	0644
CreateAddField.php	File	15.83 KB	0644
DatabaseInterface.php	File	71.73 KB	0644
DbTableExists.php	File	2.86 KB	0644
Encoding.php	File	8.41 KB	0644
Error.php	File	13.63 KB	0644
ErrorHandler.php	File	18.31 KB	0644
ErrorReport.php	File	8.99 KB	0644
Export.php	File	45.7 KB	0644
FieldMetadata.php	File	11.11 KB	0644
File.php	File	19.75 KB	0644
FileListing.php	File	2.88 KB	0644
FlashMessages.php	File	1.22 KB	0644
Font.php	File	5.58 KB	0644
Footer.php	File	8.06 KB	0644
Git.php	File	18 KB	0644
Header.php	File	20 KB	0644
Import.php	File	48.72 KB	0644
Index.php	File	14.83 KB	0644
IndexColumn.php	File	4.75 KB	0644
InsertEdit.php	File	89.05 KB	0644
InternalRelations.php	File	17.31 KB	0644
IpAllowDeny.php	File	9.13 KB	0644
Language.php	File	4.47 KB	0644
LanguageManager.php	File	22.74 KB	0644
Linter.php	File	4.99 KB	0644
ListAbstract.php	File	1.67 KB	0644
ListDatabase.php	File	4.11 KB	0644
Logging.php	File	2.69 KB	0644
Menu.php	File	20.4 KB	0644
Message.php	File	18.68 KB	0644
Mime.php	File	927 B	0644
Normalization.php	File	41.53 KB	0644
OpenDocument.php	File	8.62 KB	0644
Operations.php	File	35.11 KB	0644
OutputBuffering.php	File	4.1 KB	0644
ParseAnalyze.php	File	2.34 KB	0644
Pdf.php	File	4.17 KB	0644
Plugins.php	File	21.83 KB	0644
Profiling.php	File	2.16 KB	0644
RecentFavoriteTable.php	File	11.44 KB	0644
Replication.php	File	4.81 KB	0644
ReplicationGui.php	File	21.24 KB	0644
ReplicationInfo.php	File	4.79 KB	0644
ResponseRenderer.php	File	13.5 KB	0644
Routing.php	File	6.55 KB	0644
Sanitize.php	File	11.98 KB	0644
SavedSearches.php	File	11.33 KB	0644
Scripts.php	File	3.74 KB	0644
Session.php	File	8.16 KB	0644
Sql.php	File	64.01 KB	0644
SqlQueryForm.php	File	6.74 KB	0644
StorageEngine.php	File	15.71 KB	0644
SystemDatabase.php	File	3.98 KB	0644
Table.php	File	90.33 KB	0644
Template.php	File	4.5 KB	0644
Theme.php	File	7.32 KB	0644
ThemeManager.php	File	7 KB	0644
Tracker.php	File	30.34 KB	0644
Tracking.php	File	36.11 KB	0644
Transformations.php	File	16.31 KB	0644
TwoFactor.php	File	7.5 KB	0644
Types.php	File	25.85 KB	0644
Url.php	File	10.61 KB	0644
UrlRedirector.php	File	1.74 KB	0644
UserPassword.php	File	6.86 KB	0644
UserPreferences.php	File	10.49 KB	0644
Util.php	File	86.45 KB	0644
Version.php	File	556 B	0644
VersionInformation.php	File	7.3 KB	0644
ZipExtension.php	File	10.33 KB	0644

Upload:

Command:

Filemanager

Server Info

System Info

User Info