Skip to content

Commit

Permalink
Remove transformation plugin includes
Browse files Browse the repository at this point in the history 
Tranformation plugins should be loaded by the autoloader.

Fixes phpmyadmin/phpmyadmin-security#245

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>
  • Loading branch information
@MauricioFauth
MauricioFauth committed Nov 27, 2018
1 parent aba8007 commit 6a1ba61
Show file tree
Hide file tree
Showing 5 changed files with 152 additions and 96 deletions.
37 changes: 19 additions & 18 deletions libraries/classes/Display/Results.php
View file
Expand Up @@ -2893,28 +2893,29 @@ private function _getRowValues(

if (@file_exists($include_file)) {

include_once $include_file;
$class_name = Transformations::getClassName($include_file);
// todo add $plugin_manager
$plugin_manager = null;
$transformation_plugin = new $class_name(
$plugin_manager
);
if (class_exists($class_name)) {
// todo add $plugin_manager
$plugin_manager = null;
$transformation_plugin = new $class_name(
$plugin_manager
);

$transform_options = Transformations::getOptions(
isset(
$mime_map[$orgFullColName]
$transform_options = Transformations::getOptions(
isset(
$mime_map[$orgFullColName]
['transformation_options']
)
? $mime_map[$orgFullColName]
['transformation_options']
)
? $mime_map[$orgFullColName]
['transformation_options']
: ''
);
: ''
);

$meta->mimetype = str_replace(
'_', '/',
$mime_map[$orgFullColName]['mimetype']
);
$meta->mimetype = str_replace(
'_', '/',
$mime_map[$orgFullColName]['mimetype']
);
}

} // end if file_exists
} // end if transformation is set
Expand Down
98 changes: 50 additions & 48 deletions libraries/classes/InsertEdit.php
View file
Expand Up @@ -2478,7 +2478,6 @@ public function transformEditedValues(
) {
$include_file = 'libraries/classes/Plugins/Transformations/' . $file;
if (is_file($include_file)) {
include_once $include_file;
$_url_params = array(
'db' => $db,
'table' => $table,
Expand All @@ -2492,20 +2491,22 @@ public function transformEditedValues(
);
$transform_options['wrapper_link'] = Url::getCommon($_url_params);
$class_name = Transformations::getClassName($include_file);
/** @var TransformationsPlugin $transformation_plugin */
$transformation_plugin = new $class_name();

foreach ($edited_values as $cell_index => $curr_cell_edited_values) {
if (isset($curr_cell_edited_values[$column_name])) {
$edited_values[$cell_index][$column_name]
= $extra_data['transformations'][$cell_index]
= $transformation_plugin->applyTransformation(
$curr_cell_edited_values[$column_name],
$transform_options,
''
);
}
} // end of loop for each transformation cell
if (class_exists($class_name)) {
/** @var TransformationsPlugin $transformation_plugin */
$transformation_plugin = new $class_name();

foreach ($edited_values as $cell_index => $curr_cell_edited_values) {
if (isset($curr_cell_edited_values[$column_name])) {
$edited_values[$cell_index][$column_name]
= $extra_data['transformations'][$cell_index]
= $transformation_plugin->applyTransformation(
$curr_cell_edited_values[$column_name],
$transform_options,
''
);
}
} // end of loop for each transformation cell
}
}
return $extra_data;
}
Expand Down Expand Up @@ -3268,42 +3269,43 @@ private function getHtmlForInsertEditFormColumn(
$file = $column_mime['input_transformation'];
$include_file = 'libraries/classes/Plugins/Transformations/' . $file;
if (is_file($include_file)) {
include_once $include_file;
$class_name = Transformations::getClassName($include_file);
$transformation_plugin = new $class_name();
$transformation_options = Transformations::getOptions(
$column_mime['input_transformation_options']
);
$_url_params = array(
'db' => $db,
'table' => $table,
'transform_key' => $column['Field'],
'where_clause' => $where_clause
);
$transformation_options['wrapper_link']
= Url::getCommon($_url_params);
$current_value = '';
if (isset($current_row[$column['Field']])) {
$current_value = $current_row[$column['Field']];
}
if (method_exists($transformation_plugin, 'getInputHtml')) {
$transformed_html = $transformation_plugin->getInputHtml(
$column,
$row_id,
$column_name_appendix,
$transformation_options,
$current_value,
$text_dir,
$tabindex,
$tabindex_for_value,
$idindex
if (class_exists($class_name)) {
$transformation_plugin = new $class_name();
$transformation_options = Transformations::getOptions(
$column_mime['input_transformation_options']
);
}
if (method_exists($transformation_plugin, 'getScripts')) {
$GLOBALS['plugin_scripts'] = array_merge(
$GLOBALS['plugin_scripts'],
$transformation_plugin->getScripts()
$_url_params = array(
'db' => $db,
'table' => $table,
'transform_key' => $column['Field'],
'where_clause' => $where_clause
);
$transformation_options['wrapper_link']
= Url::getCommon($_url_params);
$current_value = '';
if (isset($current_row[$column['Field']])) {
$current_value = $current_row[$column['Field']];
}
if (method_exists($transformation_plugin, 'getInputHtml')) {
$transformed_html = $transformation_plugin->getInputHtml(
$column,
$row_id,
$column_name_appendix,
$transformation_options,
$current_value,
$text_dir,
$tabindex,
$tabindex_for_value,
$idindex
);
}
if (method_exists($transformation_plugin, 'getScripts')) {
$GLOBALS['plugin_scripts'] = array_merge(
$GLOBALS['plugin_scripts'],
$transformation_plugin->getScripts()
);
}
}
}
}
Expand Down
22 changes: 12 additions & 10 deletions libraries/classes/Transformations.php
View file
Expand Up @@ -181,33 +181,35 @@ public static function getClassName($filename)
*
* @param string $file transformation file
*
* @return String the description of the transformation
* @return string the description of the transformation
*/
public static function getDescription($file)
{
$include_file = 'libraries/classes/Plugins/Transformations/' . $file;
/* @var $class_name PhpMyAdmin\Plugins\TransformationsInterface */
/* @var $class_name \PhpMyAdmin\Plugins\TransformationsInterface */
$class_name = self::getClassName($include_file);
// include and instantiate the class
include_once $include_file;
return $class_name::getInfo();
if (class_exists($class_name)) {
return $class_name::getInfo();
}
return '';
}

/**
* Returns the name of the transformation
*
* @param string $file transformation file
*
* @return String the name of the transformation
* @return string the name of the transformation
*/
public static function getName($file)
{
$include_file = 'libraries/classes/Plugins/Transformations/' . $file;
/* @var $class_name PhpMyAdmin\Plugins\TransformationsInterface */
/* @var $class_name \PhpMyAdmin\Plugins\TransformationsInterface */
$class_name = self::getClassName($include_file);
// include and instantiate the class
include_once $include_file;
return $class_name::getName();
if (class_exists($class_name)) {
return $class_name::getName();
}
return '';
}

/**
Expand Down
41 changes: 21 additions & 20 deletions tbl_replace.php
View file
Expand Up @@ -224,28 +224,29 @@
$filename = 'libraries/classes/Plugins/Transformations/'
. $mime_map[$column_name]['input_transformation'];
if (is_file($filename)) {
include_once $filename;
$classname = Transformations::getClassName($filename);
/** @var IOTransformationsPlugin $transformation_plugin */
$transformation_plugin = new $classname();
$transformation_options = Transformations::getOptions(
$mime_map[$column_name]['input_transformation_options']
);
$current_value = $transformation_plugin->applyTransformation(
$current_value, $transformation_options
);
// check if transformation was successful or not
// and accordingly set error messages & insert_fail
if (method_exists($transformation_plugin, 'isSuccess')
&& !$transformation_plugin->isSuccess()
) {
$insert_fail = true;
$row_skipped = true;
$insert_errors[] = sprintf(
__('Row: %1$s, Column: %2$s, Error: %3$s'),
$rownumber, $column_name,
$transformation_plugin->getError()
if (class_exists($classname)) {
/** @var IOTransformationsPlugin $transformation_plugin */
$transformation_plugin = new $classname();
$transformation_options = Transformations::getOptions(
$mime_map[$column_name]['input_transformation_options']
);
$current_value = $transformation_plugin->applyTransformation(
$current_value, $transformation_options
);
// check if transformation was successful or not
// and accordingly set error messages & insert_fail
if (method_exists($transformation_plugin, 'isSuccess')
&& !$transformation_plugin->isSuccess()
) {
$insert_fail = true;
$row_skipped = true;
$insert_errors[] = sprintf(
__('Row: %1$s, Column: %2$s, Error: %3$s'),
$rownumber, $column_name,
$transformation_plugin->getError()
);
}
}
}
}
Expand Down
50 changes: 50 additions & 0 deletions test/classes/TransformationsTest.php
View file
Expand Up @@ -287,4 +287,54 @@ public function fixupData()
),
);
}

/**
* Test for getDescription
*
* @param string $file transformation file
* @param string $expectedDescription expected description
*
* @dataProvider providerGetDescription
*/
public function testGetDescription($file, $expectedDescription)
{
$this->assertEquals($expectedDescription, Transformations::getDescription($file));
}

/**
* @return array
*/
public function providerGetDescription()
{
return [
['../../../../test', ''],
['Input/Text_Plain_SqlEditor', 'Syntax highlighted CodeMirror editor for SQL.'],
['Output/Text_Plain_Sql', 'Formats text as SQL query with syntax highlighting.']
];
}

/**
* Test for getName
*
* @param string $file transformation file
* @param string $expectedName expected name
*
* @dataProvider providerGetName
*/
public function testGetName($file, $expectedName)
{
$this->assertEquals($expectedName, Transformations::getName($file));
}

/**
* @return array
*/
public function providerGetName()
{
return [
['../../../../test', ''],
['Input/Text_Plain_SqlEditor', 'SQL'],
['Output/Text_Plain_Sql', 'SQL']
];
}
}

0 comments on commit 6a1ba61

Please sign in to comment.