settings = ['is_setup' => false]; // functions need to refresh in case of config file changed goes in // PhpMyAdmin\Config::load() $this->load($source); // other settings, independent from config file, comes in $this->checkSystem(); $this->baseSettings = $this->settings; } /** * sets system and application settings */ public function checkSystem(): void { $this->checkWebServerOs(); $this->checkWebServer(); $this->checkGd2(); $this->checkClient(); $this->checkUpload(); $this->checkUploadSize(); $this->checkOutputCompression(); } /** * whether to use gzip output compression or not */ public function checkOutputCompression(): void { // If zlib output compression is set in the php configuration file, no // output buffering should be run if (ini_get('zlib.output_compression')) { $this->set('OBGzip', false); } // enable output-buffering (if set to 'auto') if (strtolower((string) $this->get('OBGzip')) !== 'auto') { return; } $this->set('OBGzip', true); } /** * Sets the client platform based on user agent * * @param string $user_agent the user agent */ private function setClientPlatform(string $user_agent): void { if (mb_strstr($user_agent, 'Win')) { $this->set('PMA_USR_OS', 'Win'); } elseif (mb_strstr($user_agent, 'Mac')) { $this->set('PMA_USR_OS', 'Mac'); } elseif (mb_strstr($user_agent, 'Linux')) { $this->set('PMA_USR_OS', 'Linux'); } elseif (mb_strstr($user_agent, 'Unix')) { $this->set('PMA_USR_OS', 'Unix'); } elseif (mb_strstr($user_agent, 'OS/2')) { $this->set('PMA_USR_OS', 'OS/2'); } else { $this->set('PMA_USR_OS', 'Other'); } } /** * Determines platform (OS), browser and version of the user * Based on a phpBuilder article: * * @see http://www.phpbuilder.net/columns/tim20000821.php */ public function checkClient(): void { $HTTP_USER_AGENT = ''; if (Core::getenv('HTTP_USER_AGENT')) { $HTTP_USER_AGENT = Core::getenv('HTTP_USER_AGENT'); } // 1. Platform $this->setClientPlatform($HTTP_USER_AGENT); // 2. browser and version // (must check everything else before Mozilla) $is_mozilla = preg_match('@Mozilla/([0-9]\.[0-9]{1,2})@', $HTTP_USER_AGENT, $mozilla_version); if (preg_match('@Opera(/| )([0-9]\.[0-9]{1,2})@', $HTTP_USER_AGENT, $log_version)) { $this->set('PMA_USR_BROWSER_VER', $log_version[2]); $this->set('PMA_USR_BROWSER_AGENT', 'OPERA'); } elseif (preg_match('@(MS)?IE ([0-9]{1,2}\.[0-9]{1,2})@', $HTTP_USER_AGENT, $log_version)) { $this->set('PMA_USR_BROWSER_VER', $log_version[2]); $this->set('PMA_USR_BROWSER_AGENT', 'IE'); } elseif (preg_match('@Trident/(7)\.0@', $HTTP_USER_AGENT, $log_version)) { $this->set('PMA_USR_BROWSER_VER', intval($log_version[1]) + 4); $this->set('PMA_USR_BROWSER_AGENT', 'IE'); } elseif (preg_match('@OmniWeb/([0-9]{1,3})@', $HTTP_USER_AGENT, $log_version)) { $this->set('PMA_USR_BROWSER_VER', $log_version[1]); $this->set('PMA_USR_BROWSER_AGENT', 'OMNIWEB'); // Konqueror 2.2.2 says Konqueror/2.2.2 // Konqueror 3.0.3 says Konqueror/3 } elseif (preg_match('@(Konqueror/)(.*)(;)@', $HTTP_USER_AGENT, $log_version)) { $this->set('PMA_USR_BROWSER_VER', $log_version[2]); $this->set('PMA_USR_BROWSER_AGENT', 'KONQUEROR'); // must check Chrome before Safari } elseif ($is_mozilla && preg_match('@Chrome/([0-9.]*)@', $HTTP_USER_AGENT, $log_version)) { $this->set('PMA_USR_BROWSER_VER', $log_version[1]); $this->set('PMA_USR_BROWSER_AGENT', 'CHROME'); // newer Safari } elseif ($is_mozilla && preg_match('@Version/(.*) Safari@', $HTTP_USER_AGENT, $log_version)) { $this->set('PMA_USR_BROWSER_VER', $log_version[1]); $this->set('PMA_USR_BROWSER_AGENT', 'SAFARI'); // older Safari } elseif ($is_mozilla && preg_match('@Safari/([0-9]*)@', $HTTP_USER_AGENT, $log_version)) { $this->set('PMA_USR_BROWSER_VER', $mozilla_version[1] . '.' . $log_version[1]); $this->set('PMA_USR_BROWSER_AGENT', 'SAFARI'); // Firefox } elseif ( ! mb_strstr($HTTP_USER_AGENT, 'compatible') && preg_match('@Firefox/([\w.]+)@', $HTTP_USER_AGENT, $log_version) ) { $this->set('PMA_USR_BROWSER_VER', $log_version[1]); $this->set('PMA_USR_BROWSER_AGENT', 'FIREFOX'); } elseif (preg_match('@rv:1\.9(.*)Gecko@', $HTTP_USER_AGENT)) { $this->set('PMA_USR_BROWSER_VER', '1.9'); $this->set('PMA_USR_BROWSER_AGENT', 'GECKO'); } elseif ($is_mozilla) { $this->set('PMA_USR_BROWSER_VER', $mozilla_version[1]); $this->set('PMA_USR_BROWSER_AGENT', 'MOZILLA'); } else { $this->set('PMA_USR_BROWSER_VER', 0); $this->set('PMA_USR_BROWSER_AGENT', 'OTHER'); } } /** * Whether GD2 is present */ public function checkGd2(): void { if ($this->get('GD2Available') === 'yes') { $this->set('PMA_IS_GD2', 1); return; } if ($this->get('GD2Available') === 'no') { $this->set('PMA_IS_GD2', 0); return; } if (! function_exists('imagecreatetruecolor')) { $this->set('PMA_IS_GD2', 0); return; } if (function_exists('gd_info')) { $gd_nfo = gd_info(); if (mb_strstr($gd_nfo['GD Version'], '2.')) { $this->set('PMA_IS_GD2', 1); return; } } $this->set('PMA_IS_GD2', 0); } /** * Whether the Web server php is running on is IIS */ public function checkWebServer(): void { // some versions return Microsoft-IIS, some Microsoft/IIS // we could use a preg_match() but it's slower if ( Core::getenv('SERVER_SOFTWARE') && stripos(Core::getenv('SERVER_SOFTWARE'), 'Microsoft') !== false && stripos(Core::getenv('SERVER_SOFTWARE'), 'IIS') !== false ) { $this->set('PMA_IS_IIS', 1); return; } $this->set('PMA_IS_IIS', 0); } /** * Whether the os php is running on is windows or not */ public function checkWebServerOs(): void { // Default to Unix or Equiv $this->set('PMA_IS_WINDOWS', false); // If PHP_OS is defined then continue if (! defined('PHP_OS')) { return; } if (stripos(PHP_OS, 'win') !== false && stripos(PHP_OS, 'darwin') === false) { // Is it some version of Windows $this->set('PMA_IS_WINDOWS', true); } elseif (stripos(PHP_OS, 'OS/2') !== false) { // Is it OS/2 (No file permissions like Windows) $this->set('PMA_IS_WINDOWS', true); } } /** * loads default values from default source */ public function loadDefaults(): void { $settings = new Settings([]); $cfg = $settings->toArray(); // phpcs:ignore Squiz.NamingConventions.ValidVariableName.MemberNotCamelCaps $this->defaultServer = get_object_vars($settings->Servers[1]); unset($cfg['Servers']); $this->default = $cfg; $this->settings = array_replace_recursive($this->settings, $cfg); } /** * loads configuration from $source, usually the config file * should be called on object creation * * @param string $source config file */ public function load(?string $source = null): bool { global $isConfigLoading; $this->loadDefaults(); if ($source !== null) { $this->setSource($source); } if (! $this->checkConfigSource()) { return false; } $cfg = []; /** * Parses the configuration file, we throw away any errors or * output. */ $canUseErrorReporting = Util::isErrorReportingAvailable(); $oldErrorReporting = null; if ($canUseErrorReporting) { $oldErrorReporting = error_reporting(0); } ob_start(); $isConfigLoading = true; /** @psalm-suppress UnresolvableInclude */ $eval_result = include $this->getSource(); $isConfigLoading = false; ob_end_clean(); if ($canUseErrorReporting) { error_reporting($oldErrorReporting); } if ($eval_result === false) { $this->errorConfigFile = true; } else { $this->errorConfigFile = false; $this->sourceMtime = (int) filemtime($this->getSource()); } /** * Ignore keys with / as we do not use these * * These can be confusing for user configuration layer as it * flatten array using / and thus don't see difference between * $cfg['Export/method'] and $cfg['Export']['method'], while rest * of the code uses the setting only in latter form. * * This could be removed once we consistently handle both values * in the functional code as well. */ $cfg = array_filter( $cfg, static function (string $key): bool { return ! str_contains($key, '/'); }, ARRAY_FILTER_USE_KEY ); $this->settings = array_replace_recursive($this->settings, $cfg); return true; } /** * Sets the connection collation */ private function setConnectionCollation(): void { global $dbi; $collation_connection = $this->get('DefaultConnectionCollation'); if (empty($collation_connection) || $collation_connection == $GLOBALS['collation_connection']) { return; } $dbi->setCollation($collation_connection); } /** * Loads user preferences and merges them with current config * must be called after control connection has been established */ public function loadUserPreferences(): void { global $isMinimumCommon; // index.php should load these settings, so that phpmyadmin.css.php // will have everything available in session cache $server = $GLOBALS['server'] ?? (! empty($GLOBALS['cfg']['ServerDefault']) ? $GLOBALS['cfg']['ServerDefault'] : 0); $cache_key = 'server_' . $server; if ($server > 0 && ! isset($isMinimumCommon)) { // cache user preferences, use database only when needed if ( ! isset($_SESSION['cache'][$cache_key]['userprefs']) || $_SESSION['cache'][$cache_key]['config_mtime'] < $this->sourceMtime ) { $userPreferences = new UserPreferences(); $prefs = $userPreferences->load(); $_SESSION['cache'][$cache_key]['userprefs'] = $userPreferences->apply($prefs['config_data']); $_SESSION['cache'][$cache_key]['userprefs_mtime'] = $prefs['mtime']; $_SESSION['cache'][$cache_key]['userprefs_type'] = $prefs['type']; $_SESSION['cache'][$cache_key]['config_mtime'] = $this->sourceMtime; } } elseif ($server == 0 || ! isset($_SESSION['cache'][$cache_key]['userprefs'])) { $this->set('user_preferences', false); return; } $config_data = $_SESSION['cache'][$cache_key]['userprefs']; // type is 'db' or 'session' $this->set('user_preferences', $_SESSION['cache'][$cache_key]['userprefs_type']); $this->set('user_preferences_mtime', $_SESSION['cache'][$cache_key]['userprefs_mtime']); // load config array $this->settings = array_replace_recursive($this->settings, $config_data); $GLOBALS['cfg'] = array_replace_recursive($GLOBALS['cfg'], $config_data); if (isset($isMinimumCommon)) { return; } // settings below start really working on next page load, but // changes are made only in index.php so everything is set when // in frames // save theme $tmanager = ThemeManager::getInstance(); if ($tmanager->getThemeCookie() || isset($_REQUEST['set_theme'])) { if ( (! isset($config_data['ThemeDefault']) && $tmanager->theme->getId() !== 'original') || isset($config_data['ThemeDefault']) && $config_data['ThemeDefault'] != $tmanager->theme->getId() ) { $this->setUserValue( null, 'ThemeDefault', $tmanager->theme->getId(), 'original' ); } } else { // no cookie - read default from settings if ( $tmanager->theme !== null && $this->settings['ThemeDefault'] != $tmanager->theme->getId() && $tmanager->checkTheme($this->settings['ThemeDefault']) ) { $tmanager->setActiveTheme($this->settings['ThemeDefault']); $tmanager->setThemeCookie(); } } // save language if ($this->issetCookie('pma_lang') || isset($_POST['lang'])) { if ( (! isset($config_data['lang']) && $GLOBALS['lang'] !== 'en') || isset($config_data['lang']) && $GLOBALS['lang'] != $config_data['lang'] ) { $this->setUserValue(null, 'lang', $GLOBALS['lang'], 'en'); } } else { // read language from settings if (isset($config_data['lang'])) { $language = LanguageManager::getInstance()->getLanguage($config_data['lang']); if ($language !== false) { $language->activate(); $this->setCookie('pma_lang', $language->getCode()); } } } // set connection collation $this->setConnectionCollation(); } /** * Sets config value which is stored in user preferences (if available) * or in a cookie. * * If user preferences are not yet initialized, option is applied to * global config and added to a update queue, which is processed * by {@link loadUserPreferences()} * * @param string|null $cookie_name can be null * @param string $cfg_path configuration path * @param string $new_cfg_value new value * @param string|null $default_value default value * * @return true|Message */ public function setUserValue( ?string $cookie_name, string $cfg_path, $new_cfg_value, $default_value = null ) { $userPreferences = new UserPreferences(); $result = true; // use permanent user preferences if possible $prefs_type = $this->get('user_preferences'); if ($prefs_type) { if ($default_value === null) { $default_value = Core::arrayRead($cfg_path, $this->default); } $result = $userPreferences->persistOption($cfg_path, $new_cfg_value, $default_value); } if ($prefs_type !== 'db' && $cookie_name) { // fall back to cookies if ($default_value === null) { $default_value = Core::arrayRead($cfg_path, $this->settings); } $this->setCookie($cookie_name, $new_cfg_value, $default_value); } Core::arrayWrite($cfg_path, $GLOBALS['cfg'], $new_cfg_value); Core::arrayWrite($cfg_path, $this->settings, $new_cfg_value); return $result; } /** * Reads value stored by {@link setUserValue()} * * @param string $cookie_name cookie name * @param mixed $cfg_value config value * * @return mixed */ public function getUserValue(string $cookie_name, $cfg_value) { $cookie_exists = ! empty($this->getCookie($cookie_name)); $prefs_type = $this->get('user_preferences'); if ($prefs_type === 'db') { // permanent user preferences value exists, remove cookie if ($cookie_exists) { $this->removeCookie($cookie_name); } } elseif ($cookie_exists) { return $this->getCookie($cookie_name); } // return value from $cfg array return $cfg_value; } /** * set source * * @param string $source source */ public function setSource(string $source): void { $this->source = trim($source); } /** * check config source */ public function checkConfigSource(): bool { if (! $this->getSource()) { // no configuration file set at all return false; } if (! @file_exists($this->getSource())) { $this->sourceMtime = 0; return false; } if (! @is_readable($this->getSource())) { // manually check if file is readable // might be bug #3059806 Supporting running from CIFS/Samba shares $contents = false; $handle = @fopen($this->getSource(), 'r'); if ($handle !== false) { $contents = @fread($handle, 1); // reading 1 byte is enough to test fclose($handle); } if ($contents === false) { $this->sourceMtime = 0; Core::fatalError( sprintf( function_exists('__') ? __('Existing configuration file (%s) is not readable.') : 'Existing configuration file (%s) is not readable.', $this->getSource() ) ); return false; } } return true; } /** * verifies the permissions on config file (if asked by configuration) * (must be called after config.inc.php has been merged) */ public function checkPermissions(): void { // Check for permissions (on platforms that support it): if (! $this->get('CheckConfigurationPermissions') || ! @file_exists($this->getSource())) { return; } $perms = @fileperms($this->getSource()); if ($perms === false || (! ($perms & 2))) { return; } // This check is normally done after loading configuration $this->checkWebServerOs(); if ($this->get('PMA_IS_WINDOWS') === true) { return; } $this->sourceMtime = 0; Core::fatalError( __( 'Wrong permissions on configuration file, should not be world writable!' ) ); } /** * Checks for errors * (must be called after config.inc.php has been merged) */ public function checkErrors(): void { if (! $this->errorConfigFile) { return; } $error = '[strong]' . __('Failed to read configuration file!') . '[/strong]' . '[br][br]' . __('This usually means there is a syntax error in it, please check any errors shown below.') . '[br][br]' . '[conferr]'; trigger_error($error, E_USER_ERROR); } /** * returns specific config setting * * @param string $setting config setting * * @return mixed|null value */ public function get(string $setting) { if (isset($this->settings[$setting])) { return $this->settings[$setting]; } return null; } /** * sets configuration variable * * @param string $setting configuration option * @param mixed $value new value for configuration option */ public function set(string $setting, $value): void { if (isset($this->settings[$setting]) && $this->settings[$setting] === $value) { return; } $this->settings[$setting] = $value; $this->setMtime = time(); } /** * returns source for current config * * @return string config source */ public function getSource(): string { return $this->source; } /** * checks if upload is enabled */ public function checkUpload(): void { if (! ini_get('file_uploads')) { $this->set('enable_upload', false); return; } $this->set('enable_upload', true); // if set "php_admin_value file_uploads Off" in httpd.conf // ini_get() also returns the string "Off" in this case: if (strtolower((string) ini_get('file_uploads')) !== 'off') { return; } $this->set('enable_upload', false); } /** * Maximum upload size as limited by PHP * Used with permission from Moodle (https://moodle.org/) by Martin Dougiamas * * this section generates max_upload_size in bytes */ public function checkUploadSize(): void { $fileSize = ini_get('upload_max_filesize'); if (! $fileSize) { $fileSize = '5M'; } $size = Core::getRealSize($fileSize); $postSize = ini_get('post_max_size'); if ($postSize) { $size = min($size, Core::getRealSize($postSize)); } $this->set('max_upload_size', $size); } /** * Checks if protocol is https * * This function checks if the https protocol on the active connection. */ public function isHttps(): bool { if ($this->get('is_https') !== null) { return (bool) $this->get('is_https'); } $url = $this->get('PmaAbsoluteUri'); $is_https = false; if (! empty($url) && parse_url($url, PHP_URL_SCHEME) === 'https') { $is_https = true; } elseif (strtolower(Core::getenv('HTTP_SCHEME')) === 'https') { $is_https = true; } elseif (strtolower(Core::getenv('HTTPS')) === 'on') { $is_https = true; } elseif (strtolower(substr(Core::getenv('REQUEST_URI'), 0, 6)) === 'https:') { $is_https = true; } elseif (strtolower(Core::getenv('HTTP_HTTPS_FROM_LB')) === 'on') { // A10 Networks load balancer $is_https = true; } elseif (strtolower(Core::getenv('HTTP_FRONT_END_HTTPS')) === 'on') { $is_https = true; } elseif (strtolower(Core::getenv('HTTP_X_FORWARDED_PROTO')) === 'https') { $is_https = true; } elseif (strtolower(Core::getenv('HTTP_CLOUDFRONT_FORWARDED_PROTO')) === 'https') { // Amazon CloudFront, issue #15621 $is_https = true; } elseif (Util::getProtoFromForwardedHeader(Core::getenv('HTTP_FORWARDED')) === 'https') { // RFC 7239 Forwarded header $is_https = true; } elseif (Core::getenv('SERVER_PORT') == 443) { $is_https = true; } $this->set('is_https', $is_https); return $is_https; } /** * Get phpMyAdmin root path * * @staticvar string|null $cookie_path */ public function getRootPath(): string { static $cookie_path = null; if ($cookie_path !== null && ! defined('TESTSUITE')) { return $cookie_path; } $url = $this->get('PmaAbsoluteUri'); if (! empty($url)) { $path = parse_url($url, PHP_URL_PATH); if (! empty($path)) { if (substr($path, -1) !== '/') { return $path . '/'; } return $path; } } $parsedUrlPath = parse_url($GLOBALS['PMA_PHP_SELF'], PHP_URL_PATH); $parts = explode( '/', rtrim(str_replace('\\', '/', $parsedUrlPath), '/') ); /* Remove filename */ if (substr($parts[count($parts) - 1], -4) === '.php') { $parts = array_slice($parts, 0, count($parts) - 1); } /* Remove extra path from javascript calls */ if (defined('PMA_PATH_TO_BASEDIR')) { $parts = array_slice($parts, 0, count($parts) - 1); } $parts[] = ''; return implode('/', $parts); } /** * removes cookie * * @param string $cookieName name of cookie to remove */ public function removeCookie(string $cookieName): bool { $httpCookieName = $this->getCookieName($cookieName); if ($this->issetCookie($cookieName)) { unset($_COOKIE[$httpCookieName]); } if (defined('TESTSUITE')) { return true; } return setcookie( $httpCookieName, '', time() - 3600, $this->getRootPath(), '', $this->isHttps() ); } /** * sets cookie if value is different from current cookie value, * or removes if value is equal to default * * @param string $cookie name of cookie to remove * @param string $value new cookie value * @param string $default default value * @param int $validity validity of cookie in seconds (default is one month) * @param bool $httponly whether cookie is only for HTTP (and not for scripts) */ public function setCookie( string $cookie, string $value, ?string $default = null, ?int $validity = null, bool $httponly = true ): bool { if (strlen($value) > 0 && $default !== null && $value === $default) { // default value is used if ($this->issetCookie($cookie)) { // remove cookie return $this->removeCookie($cookie); } return false; } if (strlen($value) === 0 && $this->issetCookie($cookie)) { // remove cookie, value is empty return $this->removeCookie($cookie); } $httpCookieName = $this->getCookieName($cookie); if (! $this->issetCookie($cookie) || $this->getCookie($cookie) !== $value) { // set cookie with new value /* Calculate cookie validity */ if ($validity === null) { /* Valid for one month */ $validity = time() + 2592000; } elseif ($validity == 0) { /* Valid for session */ $validity = 0; } else { $validity = time() + $validity; } if (defined('TESTSUITE')) { $_COOKIE[$httpCookieName] = $value; return true; } /** @psalm-var 'Lax'|'Strict'|'None' $cookieSameSite */ $cookieSameSite = $this->get('CookieSameSite'); if (PHP_VERSION_ID < 70300) { return setcookie( $httpCookieName, $value, $validity, $this->getRootPath() . '; SameSite=' . $cookieSameSite, '', $this->isHttps(), $httponly ); } $optionalParams = [ 'expires' => $validity, 'path' => $this->getRootPath(), 'domain' => '', 'secure' => $this->isHttps(), 'httponly' => $httponly, 'samesite' => $cookieSameSite, ]; return setcookie($httpCookieName, $value, $optionalParams); } // cookie has already $value as value return true; } /** * get cookie * * @param string $cookieName The name of the cookie to get * * @return mixed|null result of getCookie() */ public function getCookie(string $cookieName) { if (isset($_COOKIE[$this->getCookieName($cookieName)])) { return $_COOKIE[$this->getCookieName($cookieName)]; } return null; } /** * Get the real cookie name * * @param string $cookieName The name of the cookie */ public function getCookieName(string $cookieName): string { return $cookieName . ( $this->isHttps() ? '_https' : '' ); } /** * isset cookie * * @param string $cookieName The name of the cookie to check */ public function issetCookie(string $cookieName): bool { return isset($_COOKIE[$this->getCookieName($cookieName)]); } /** * Error handler to catch fatal errors when loading configuration * file */ public static function fatalErrorHandler(): void { global $isConfigLoading; if (! isset($isConfigLoading) || ! $isConfigLoading) { return; } $error = error_get_last(); if ($error === null) { return; } Core::fatalError( sprintf( 'Failed to load phpMyAdmin configuration (%s:%s): %s', Error::relPath($error['file']), $error['line'], $error['message'] ) ); } /** * Wrapper for footer/header rendering * * @param string $filename File to check and render * @param string $id Div ID */ private static function renderCustom(string $filename, string $id): string { $retval = ''; if (@file_exists($filename)) { $retval .= '