Home Explore Help
Sign In
TC
/
TeaBag
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: c8380b18d9
Branches Tags
TeaBag
/
run
/
phpapps
/
phpmyadmin
/
file_echo.php

file_echo.php 2.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. <?php
    2. 

  2. /* vim: set expandtab sw=4 ts=4 sts=4: */
    3. 

  3. /**
    4. 

  4.  * "Echo" service to allow force downloading of exported charts (png or svg)
    5. 

  5.  * and server status monitor settings
    6. 

  6.  *
    7. 

  7.  * @package PhpMyAdmin
    8. 

  8.  */
    9. 

  9. 

  10. define('PMA_MINIMUM_COMMON', true);
    11. 

  11. require_once 'libraries/common.inc.php';
    12. 

  12. 

  13. /* For chart exporting */
    14. 

  14. if (isset($_REQUEST['filename']) && isset($_REQUEST['image'])) {
    15. 

  15.     $allowed = array(
    16. 

  16.         'image/png'     => 'png',
    17. 

  17.         'image/svg+xml' => 'svg',
    18. 

  18.     );
    19. 

  19. 

  20.     /* Check whether MIME type is allowed */
    21. 

  21.     if (! isset($allowed[$_REQUEST['type']])) {
    22. 

  22.         PMA_fatalError(__('Invalid export type'));
    23. 

  23.     }
    24. 

  24. 

  25.     /*
    26. 

  26.      * Check file name to match mime type and not contain new lines
    27. 

  27.      * to prevent response splitting.
    28. 

  28.      */
    29. 

  29.     $extension = $allowed[$_REQUEST['type']];
    30. 

  30.     $valid_match = '/^[^\n\r]*\.' . $extension . '$/';
    31. 

  31.     if (! preg_match($valid_match, $_REQUEST['filename'])) {
    32. 

  32.         if (! preg_match('/^[^\n\r]*$/', $_REQUEST['filename'])) {
    33. 

  33.             /* Filename is unsafe, discard it */
    34. 

  34.             $filename = 'download.' . $extension;
    35. 

  35.         } else {
    36. 

  36.             /* Add extension */
    37. 

  37.             $filename = $_REQUEST['filename'] . '.' . $extension;
    38. 

  38.         }
    39. 

  39.     } else {
    40. 

  40.         /* Filename from request should be safe here */
    41. 

  41.         $filename = $_REQUEST['filename'];
    42. 

  42.     }
    43. 

  43. 

  44.     /* Decode data */
    45. 

  45.     if ($extension != 'svg') {
    46. 

  46.         $data = substr($_REQUEST['image'], strpos($_REQUEST['image'], ',') + 1);
    47. 

  47.         $data = base64_decode($data);
    48. 

  48.     } else {
    49. 

  49.         $data = $_REQUEST['image'];
    50. 

  50.     }
    51. 

  51. 

  52.     /* Send download header */
    53. 

  53.     PMA_downloadHeader($filename, $_REQUEST['type'], strlen($data));
    54. 

  54. 

  55.     /* Send data */
    56. 

  56.     echo $data;
    57. 

  57. 

  58. } else if (isset($_REQUEST['monitorconfig'])) {
    59. 

  59.     /* For monitor chart config export */
    60. 

  60.     PMA_downloadHeader('monitor.cfg', 'application/force-download');
    61. 

  61.     echo urldecode($_REQUEST['monitorconfig']);
    62. 

  62. 

  63. } else if (isset($_REQUEST['import'])) {
    64. 

  64.     /* For monitor chart config import */
    65. 

  65.     header('Content-type: text/plain');
    66. 

  66.     if (!file_exists($_FILES['file']['tmp_name'])) {
    67. 

  67.         exit();
    68. 

  68.     }
    69. 

  69.     echo file_get_contents($_FILES['file']['tmp_name']);
    70. 

  70. }
    71. 

  71. ?>
    72.