class Core

Core class

Properties

static $goto_whitelist the whitelist for goto parameter

Methods

static mixed
ifSetOr(mixed $var, mixed $default = null, mixed $type = 'similar')

checks given $var and returns it if valid, or $default of not valid given $var is also checked for type being 'similar' as $default or against any other type if $type is provided

static bool
isValid(mixed $var, mixed $type = 'length', mixed $compare = null)

checks given $var against $type or $compare

static string
securePath(string $path)

Removes insecure parts in a path; used before include() or require() when a part of the path comes from an insecure source like a cookie or form.

static void
fatalError(string $error_message, string|array $message_args = null)

displays the given error message on phpMyAdmin error page in foreign language, ends script execution and closes session

static string
getPHPDocLink(string $target)

Returns a link to the PHP documentation

static void
warnMissingExtension(string $extension, bool $fatal = false, string $extra = '')

Warn or fail on missing extension.

static int
getTableCount(string $db)

returns count of tables in given db

static int
getRealSize(string|int $size = 0)

Converts numbers like 10M into bytes Used with permission from Moodle (https://moodle.org) by Martin Dougiamas (renamed with PMA prefix to avoid double definition when embedded in Moodle)

static bool
checkPageValidity(string $page, array $whitelist = [], boolean $include = false)

Checks given $page against given $whitelist and returns true if valid it optionally ignores query parameters in $page (script.php?ignored)

static string
getenv(string $var_name)

tries to find the value for the given environment variable name

static void
sendHeaderLocation(string $uri, bool $use_refresh = false)

Send HTTP header, taking IIS limits into account (600 seems ok)

static void
headerJSON()

Outputs application/json headers. This includes no caching.

static void
noCacheHeader()

Outputs headers to prevent caching in browser (and on the way).

static void
downloadHeader(string $filename, string $mimetype, int $length = 0, bool $no_cache = true)

Sends header indicating file download.

static mixed
arrayRead(string $path, array $array, mixed $default = null)

Returns value of an element in $array given by $path.

static void
arrayWrite(string $path, array $array, mixed $value)

Stores value in an array

static void
arrayRemove(string $path, array $array)

Removes value from an array

static string
linkURL(string $url)

Returns link to (possibly) external site using defined redirector.

static bool
isAllowedDomain(string $url)

Checks whether domain of URL is whitelisted domain or not.

static string
mimeDefaultFunction(string $buffer)

Replace some html-unfriendly stuff

static void
previewSQL(array|string $query_data)

Displays SQL query before executing.

static bool
emptyRecursive(mixed $value)

recursively check if variable is empty

static void
setPostAsGlobal(array $post_patterns)

Creates some globals from $_POST variables matching a pattern

static void
setGlobalDbOrTable(string $param)

Creates some globals from $_REQUEST

static void
cleanupPathInfo()

PATH_INFO could be compromised if set, so remove it from PHP_SELF and provide a clean PHP_SELF here

static void
checkExtensions()

Checks that required PHP extensions are there.

static string|bool
getIp()

Gets the "true" IP address of the current user

static string
sanitizeMySQLHost(string $name)

Sanitizes MySQL hostname

static string
sanitizeMySQLUser(string $name)

Sanitizes MySQL username

static mixed
safeUnserialize(string $data)

Safe unserializer wrapper

static void
configure()

Applies changes to PHP configuration.

static void
checkConfiguration()

Check whether PHP configuration matches our needs.

static void
checkRequest()

Checks request and fails with fatal error if something problematic is found

static string
signSqlQuery(string $sqlQuery)

Sign the sql query using hmac using the session token

static bool
checkSqlQuerySignature(string $sqlQuery, string $signature)

Check that the sql query has a valid hmac signature

Details

at line 60
static mixed ifSetOr(mixed $var, mixed $default = null, mixed $type = 'similar')

checks given $var and returns it if valid, or $default of not valid given $var is also checked for type being 'similar' as $default or against any other type if $type is provided

// $_REQUEST['db'] not set echo Core::ifSetOr($_REQUEST['db'], ''); // '' // $_POST['sql_query'] not set echo Core::ifSetOr($_POST['sql_query']); // null // $cfg['EnableFoo'] not set echo Core::ifSetOr($cfg['EnableFoo'], false, 'boolean'); // false echo Core::ifSetOr($cfg['EnableFoo']); // null // $cfg['EnableFoo'] set to 1 echo Core::ifSetOr($cfg['EnableFoo'], false, 'boolean'); // false echo Core::ifSetOr($cfg['EnableFoo'], false, 'similar'); // 1 echo Core::ifSetOr($cfg['EnableFoo'], false); // 1 // $cfg['EnableFoo'] set to true echo Core::ifSetOr($cfg['EnableFoo'], false, 'boolean'); // true

Parameters

mixed $var param to check
mixed $default default value
mixed $type var type or array of values to check against $var

Return Value

mixed $var or $default

See also

at line 111
static bool isValid(mixed $var, mixed $type = 'length', mixed $compare = null)

checks given $var against $type or $compare

$type can be: - false : no type checking - 'scalar' : whether type of $var is integer, float, string or boolean - 'numeric' : whether type of $var is any number representation - 'length' : whether type of $var is scalar with a string length > 0 - 'similar' : whether type of $var is similar to type of $compare - 'equal' : whether type of $var is identical to type of $compare - 'identical' : whether $var is identical to $compare, not only the type! - or any other valid PHP variable type

// $_REQUEST['doit'] = true; Core::isValid($_REQUEST['doit'], 'identical', 'true'); // false // $_REQUEST['doit'] = 'true'; Core::isValid($_REQUEST['doit'], 'identical', 'true'); // true

NOTE: call-by-reference is used to not get NOTICE on undefined vars, but the var is not altered inside this function, also after checking a var this var exists nut is not set, example: // $var is not set isset($var); // false functionCallByReference($var); // false isset($var); // true functionCallByReference($var); // true

to avoid this we set this var to null if not isset

Parameters

mixed $var variable to check
mixed $type var type or array of valid values to check against $var
mixed $compare var to compare with $var

Return Value

bool whether valid or not

See also

at line 199
static string securePath(string $path)

Removes insecure parts in a path; used before include() or require() when a part of the path comes from an insecure source like a cookie or form.

Parameters

string $path The path to check

Return Value

string The secured path

at line 216
static void fatalError(string $error_message, string|array $message_args = null)

displays the given error message on phpMyAdmin error page in foreign language, ends script execution and closes session

loads language file if not loaded already

Parameters

string $error_message the error message or named error message
string|array $message_args arguments applied to $error_message

Return Value

void

Returns a link to the PHP documentation

Parameters

string $target anchor in documentation

Return Value

string the URL

at line 303
static void warnMissingExtension(string $extension, bool $fatal = false, string $extra = '')

Warn or fail on missing extension.

Parameters

string $extension Extension name
bool $fatal Whether the error is fatal.
string $extra Extra string to append to message.

Return Value

void

at line 346
static int getTableCount(string $db)

returns count of tables in given db

Parameters

string $db database to count tables for

Return Value

int count of tables in $db

at line 373
static int getRealSize(string|int $size = 0)

Converts numbers like 10M into bytes Used with permission from Moodle (https://moodle.org) by Martin Dougiamas (renamed with PMA prefix to avoid double definition when embedded in Moodle)

Parameters

string|int $size size (Default = 0)

Return Value

int

at line 407
static bool checkPageValidity(string $page, array $whitelist = [], boolean $include = false)

Checks given $page against given $whitelist and returns true if valid it optionally ignores query parameters in $page (script.php?ignored)

Parameters

string $page page to check
array $whitelist whitelist to check page against
boolean $include whether the page is going to be included

Return Value

bool whether $page is valid or not (in $whitelist or not)

at line 455
static string getenv(string $var_name)

tries to find the value for the given environment variable name

searches in $_SERVER, $_ENV then tries getenv() and apache_getenv() in this order

Parameters

string $var_name variable name

Return Value

string value of $var or empty string

at line 486
static void sendHeaderLocation(string $uri, bool $use_refresh = false)

Send HTTP header, taking IIS limits into account (600 seems ok)

Parameters

string $uri the header to send
bool $use_refresh whether to use Refresh: header when running on IIS

Return Value

void

at line 529
static void headerJSON()

Outputs application/json headers. This includes no caching.

Return Value

void

at line 549
static void noCacheHeader()

Outputs headers to prevent caching in browser (and on the way).

Return Value

void

at line 581
static void downloadHeader(string $filename, string $mimetype, int $length = 0, bool $no_cache = true)

Sends header indicating file download.

Parameters

string $filename Filename to include in headers if empty, none Content-Disposition header will be sent.
string $mimetype MIME type to include in headers.
int $length Length of content (optional)
bool $no_cache Whether to include no-caching headers.

Return Value

void

at line 621
static mixed arrayRead(string $path, array $array, mixed $default = null)

Returns value of an element in $array given by $path.

$path is a string describing position of an element in an associative array, eg. Servers/1/host refers to $array[Servers][1][host]

Parameters

string $path path in the array
array $array the array
mixed $default default value

Return Value

mixed array element or $default

at line 643
static void arrayWrite(string $path, array $array, mixed $value)

Stores value in an array

Parameters

string $path path in the array
array $array the array
mixed $value value to store

Return Value

void

at line 665
static void arrayRemove(string $path, array $array)

Removes value from an array

Parameters

string $path path in the array
array $array the array

Return Value

void

at line 706
static string linkURL(string $url)

Returns link to (possibly) external site using defined redirector.

Parameters

string $url URL where to go.

Return Value

string URL for a link.

at line 739
static bool isAllowedDomain(string $url)

Checks whether domain of URL is whitelisted domain or not.

Use only for URLs of external sites.

Parameters

string $url URL of external site.

Return Value

bool True: if domain of $url is allowed domain, False: otherwise.

at line 795
static string mimeDefaultFunction(string $buffer)

Replace some html-unfriendly stuff

Parameters

string $buffer String to process

Return Value

string Escaped and cleaned up text suitable for html

at line 809
static void previewSQL(array|string $query_data)

Displays SQL query before executing.

Parameters

array|string $query_data Array containing queries or query itself

Return Value

void

at line 834
static bool emptyRecursive(mixed $value)

recursively check if variable is empty

Parameters

mixed $value the variable

Return Value

bool true if empty

at line 857
static void setPostAsGlobal(array $post_patterns)

Creates some globals from $_POST variables matching a pattern

Parameters

array $post_patterns The patterns to search for

Return Value

void

at line 875
static void setGlobalDbOrTable(string $param)

Creates some globals from $_REQUEST

Parameters

string $param db|table

Return Value

void

at line 891
static void cleanupPathInfo()

PATH_INFO could be compromised if set, so remove it from PHP_SELF and provide a clean PHP_SELF here

Return Value

void

at line 939
static void checkExtensions()

Checks that required PHP extensions are there.

Return Value

void

at line 984
static string|bool getIp()

Gets the "true" IP address of the current user

Return Value

string|bool the ip of the user

at line 1029
static string sanitizeMySQLHost(string $name)

Sanitizes MySQL hostname

  • strips p: prefix(es)

Parameters

string $name User given hostname

Return Value

string

at line 1047
static string sanitizeMySQLUser(string $name)

Sanitizes MySQL username

  • strips part behind null byte

Parameters

string $name User given username

Return Value

string

at line 1065
static mixed safeUnserialize(string $data)

Safe unserializer wrapper

It does not unserialize data containing objects

Parameters

string $data Data to unserialize

Return Value

mixed

at line 1148
static void configure()

Applies changes to PHP configuration.

Return Value

void

at line 1176
static void checkConfiguration()

Check whether PHP configuration matches our needs.

Return Value

void

at line 1214
static void checkRequest()

Checks request and fails with fatal error if something problematic is found

Return Value

void

at line 1234
static string signSqlQuery(string $sqlQuery)

Sign the sql query using hmac using the session token

Parameters

string $sqlQuery The sql query

Return Value

string

at line 1248
static bool checkSqlQuerySignature(string $sqlQuery, string $signature)

Check that the sql query has a valid hmac signature

Parameters

string $sqlQuery The sql query
string $signature The Signature to check

Return Value

bool