* // $_REQUEST['db'] not set
     * echo Core::ifSetOr($_REQUEST['db'], ''); // ''
     * // $_POST['sql_query'] not set
     * echo Core::ifSetOr($_POST['sql_query']); // null
     * // $cfg['EnableFoo'] not set
     * echo Core::ifSetOr($cfg['EnableFoo'], false, 'boolean'); // false
     * echo Core::ifSetOr($cfg['EnableFoo']); // null
     * // $cfg['EnableFoo'] set to 1
     * echo Core::ifSetOr($cfg['EnableFoo'], false, 'boolean'); // false
     * echo Core::ifSetOr($cfg['EnableFoo'], false, 'similar'); // 1
     * echo Core::ifSetOr($cfg['EnableFoo'], false); // 1
     * // $cfg['EnableFoo'] set to true
     * echo Core::ifSetOr($cfg['EnableFoo'], false, 'boolean'); // true
     * 
     *
     * @see self::isValid()
     *
     * @param mixed $var     param to check
     * @param mixed $default default value
     * @param mixed $type    var type or array of values to check against $var
     *
     * @return mixed $var or $default
     */
    public static function ifSetOr(&$var, $default = null, $type = 'similar')
    {
        if (! self::isValid($var, $type, $default)) {
            return $default;
        }
        return $var;
    }
    /**
     * checks given $var against $type or $compare
     *
     * $type can be:
     * - false       : no type checking
     * - 'scalar'    : whether type of $var is integer, float, string or boolean
     * - 'numeric'   : whether type of $var is any number representation
     * - 'length'    : whether type of $var is scalar with a string length > 0
     * - 'similar'   : whether type of $var is similar to type of $compare
     * - 'equal'     : whether type of $var is identical to type of $compare
     * - 'identical' : whether $var is identical to $compare, not only the type!
     * - or any other valid PHP variable type
     *
     * 
     * // $_REQUEST['doit'] = true;
     * Core::isValid($_REQUEST['doit'], 'identical', 'true'); // false
     * // $_REQUEST['doit'] = 'true';
     * Core::isValid($_REQUEST['doit'], 'identical', 'true'); // true
     * 
     *
     * NOTE: call-by-reference is used to not get NOTICE on undefined vars,
     * but the var is not altered inside this function, also after checking a var
     * this var exists nut is not set, example:
     * 
     * // $var is not set
     * isset($var); // false
     * functionCallByReference($var); // false
     * isset($var); // true
     * functionCallByReference($var); // true
     * 
     *
     * to avoid this we set this var to null if not isset
     *
     * @see https://www.php.net/gettype
     *
     * @param mixed $var     variable to check
     * @param mixed $type    var type or array of valid values to check against $var
     * @param mixed $compare var to compare with $var
     *
     * @return bool whether valid or not
     *
     * @todo add some more var types like hex, bin, ...?
     */
    public static function isValid(&$var, $type = 'length', $compare = null): bool
    {
        if (! isset($var)) {
            // var is not even set
            return false;
        }
        if ($type === false) {
            // no vartype requested
            return true;
        }
        if (is_array($type)) {
            return in_array($var, $type);
        }
        // allow some aliases of var types
        $type = strtolower($type);
        switch ($type) {
            case 'identic':
                $type = 'identical';
                break;
            case 'len':
                $type = 'length';
                break;
            case 'bool':
                $type = 'boolean';
                break;
            case 'float':
                $type = 'double';
                break;
            case 'int':
                $type = 'integer';
                break;
            case 'null':
                $type = 'NULL';
                break;
        }
        if ($type === 'identical') {
            return $var === $compare;
        }
        // whether we should check against given $compare
        if ($type === 'similar') {
            switch (gettype($compare)) {
                case 'string':
                case 'boolean':
                    $type = 'scalar';
                    break;
                case 'integer':
                case 'double':
                    $type = 'numeric';
                    break;
                default:
                    $type = gettype($compare);
            }
        } elseif ($type === 'equal') {
            $type = gettype($compare);
        }
        // do the check
        if ($type === 'length' || $type === 'scalar') {
            $is_scalar = is_scalar($var);
            if ($is_scalar && $type === 'length') {
                return strlen((string) $var) > 0;
            }
            return $is_scalar;
        }
        if ($type === 'numeric') {
            return is_numeric($var);
        }
        return gettype($var) === $type;
    }
    /**
     * Removes insecure parts in a path; used before include() or
     * require() when a part of the path comes from an insecure source
     * like a cookie or form.
     *
     * @param string $path The path to check
     */
    public static function securePath(string $path): string
    {
        // change .. to .
        return (string) preg_replace('@\.\.*@', '.', $path);
    }
    /**
     * displays the given error message on phpMyAdmin error page in foreign language,
     * ends script execution and closes session
     *
     * loads language file if not loaded already
     *
     * @param string       $error_message the error message or named error message
     * @param string|array $message_args  arguments applied to $error_message
     */
    public static function fatalError(
        string $error_message,
        $message_args = null
    ): void {
        global $dbi;
        /* Use format string if applicable */
        if (is_string($message_args)) {
            $error_message = sprintf($error_message, $message_args);
        } elseif (is_array($message_args)) {
            $error_message = vsprintf($error_message, $message_args);
        }
        /*
         * Avoid using Response class as config does not have to be loaded yet
         * (this can happen on early fatal error)
         */
        if (isset($dbi, $GLOBALS['PMA_Config']) && $dbi !== null
            && $GLOBALS['PMA_Config']->get('is_setup') === false
            && Response::getInstance()->isAjax()
        ) {
            $response = Response::getInstance();
            $response->setRequestStatus(false);
            $response->addJSON('message', Message::error($error_message));
        } elseif (! empty($_REQUEST['ajax_request'])) {
            // Generate JSON manually
            self::headerJSON();
            echo json_encode(
                [
                    'success' => false,
                    'message' => Message::error($error_message)->getDisplay(),
                ]
            );
        } else {
            $error_message = strtr($error_message, ['
' => '[br]']);
            $template = new Template();
            echo $template->render('error/generic', [
                'lang' => $GLOBALS['lang'] ?? 'en',
                'dir' => $GLOBALS['text_dir'] ?? 'ltr',
                'error_message' => Sanitize::sanitizeMessage($error_message),
            ]);
        }
        if (! defined('TESTSUITE')) {
            exit;
        }
    }
    /**
     * Returns a link to the PHP documentation
     *
     * @param string $target anchor in documentation
     *
     * @return string  the URL
     *
     * @access public
     */
    public static function getPHPDocLink(string $target): string
    {
        /* List of PHP documentation translations */
        $php_doc_languages = [
            'pt_BR',
            'zh',
            'fr',
            'de',
            'it',
            'ja',
            'ro',
            'ru',
            'es',
            'tr',
        ];
        $lang = 'en';
        if (isset($GLOBALS['lang']) && in_array($GLOBALS['lang'], $php_doc_languages)) {
            $lang = $GLOBALS['lang'];
        }
        return self::linkURL('https://www.php.net/manual/' . $lang . '/' . $target);
    }
    /**
     * Warn or fail on missing extension.
     *
     * @param string $extension Extension name
     * @param bool   $fatal     Whether the error is fatal.
     * @param string $extra     Extra string to append to message.
     */
    public static function warnMissingExtension(
        string $extension,
        bool $fatal = false,
        string $extra = ''
    ): void {
        /** @var ErrorHandler $error_handler */
        global $error_handler;
        /* Gettext does not have to be loaded yet here */
        if (function_exists('__')) {
            $message = __(
                'The %s extension is missing. Please check your PHP configuration.'
            );
        } else {
            $message
                = 'The %s extension is missing. Please check your PHP configuration.';
        }
        $doclink = self::getPHPDocLink('book.' . $extension . '.php');
        $message = sprintf(
            $message,
            '[a@' . $doclink . '@Documentation][em]' . $extension . '[/em][/a]'
        );
        if ($extra != '') {
            $message .= ' ' . $extra;
        }
        if ($fatal) {
            self::fatalError($message);
            return;
        }
        $error_handler->addError(
            $message,
            E_USER_WARNING,
            '',
            0,
            false
        );
    }
    /**
     * returns count of tables in given db
     *
     * @param string $db database to count tables for
     *
     * @return int count of tables in $db
     */
    public static function getTableCount(string $db): int
    {
        global $dbi;
        $tables = $dbi->tryQuery(
            'SHOW TABLES FROM ' . Util::backquote($db) . ';',
            DatabaseInterface::CONNECT_USER,
            DatabaseInterface::QUERY_STORE
        );
        if ($tables) {
            $num_tables = $dbi->numRows($tables);
            $dbi->freeResult($tables);
        } else {
            $num_tables = 0;
        }
        return $num_tables;
    }
    /**
     * Converts numbers like 10M into bytes
     * Used with permission from Moodle (https://moodle.org) by Martin Dougiamas
     * (renamed with PMA prefix to avoid double definition when embedded
     * in Moodle)
     *
     * @param string|int $size size (Default = 0)
     */
    public static function getRealSize($size = 0): int
    {
        if (! $size) {
            return 0;
        }
        $binaryprefixes = [
            'T' => 1099511627776,
            't' => 1099511627776,
            'G' =>    1073741824,
            'g' =>    1073741824,
            'M' =>       1048576,
            'm' =>       1048576,
            'K' =>          1024,
            'k' =>          1024,
        ];
        if (preg_match('/^([0-9]+)([KMGT])/i', (string) $size, $matches)) {
            return (int) ($matches[1] * $binaryprefixes[$matches[2]]);
        }
        return (int) $size;
    }
    /**
     * Checks given $page against given $allowList and returns true if valid
     * it optionally ignores query parameters in $page (script.php?ignored)
     *
     * @param string $page      page to check
     * @param array  $allowList allow list to check page against
     * @param bool   $include   whether the page is going to be included
     *
     * @return bool whether $page is valid or not (in $allowList or not)
     */
    public static function checkPageValidity(&$page, array $allowList = [], $include = false): bool
    {
        if (empty($allowList)) {
            $allowList = ['index.php'];
        }
        if (empty($page)) {
            return false;
        }
        if (in_array($page, $allowList)) {
            return true;
        }
        if ($include) {
            return false;
        }
        $_page = mb_substr(
            $page,
            0,
            (int) mb_strpos($page . '?', '?')
        );
        if (in_array($_page, $allowList)) {
            return true;
        }
        $_page = urldecode($page);
        $_page = mb_substr(
            $_page,
            0,
            (int) mb_strpos($_page . '?', '?')
        );
        return in_array($_page, $allowList);
    }
    /**
     * tries to find the value for the given environment variable name
     *
     * searches in $_SERVER, $_ENV then tries getenv() and apache_getenv()
     * in this order
     *
     * @param string $var_name variable name
     *
     * @return string  value of $var or empty string
     */
    public static function getenv(string $var_name): string
    {
        if (isset($_SERVER[$var_name])) {
            return (string) $_SERVER[$var_name];
        }
        if (isset($_ENV[$var_name])) {
            return (string) $_ENV[$var_name];
        }
        if (getenv($var_name)) {
            return (string) getenv($var_name);
        }
        if (function_exists('apache_getenv')
            && apache_getenv($var_name, true)
        ) {
            return (string) apache_getenv($var_name, true);
        }
        return '';
    }
    /**
     * Send HTTP header, taking IIS limits into account (600 seems ok)
     *
     * @param string $uri         the header to send
     * @param bool   $use_refresh whether to use Refresh: header when running on IIS
     */
    public static function sendHeaderLocation(string $uri, bool $use_refresh = false): void
    {
        if ($GLOBALS['PMA_Config']->get('PMA_IS_IIS') && mb_strlen($uri) > 600) {
            Response::getInstance()->disable();
            $template = new Template();
            echo $template->render('header_location', ['uri' => $uri]);
            return;
        }
        /*
         * Avoid relative path redirect problems in case user entered URL
         * like /phpmyadmin/index.php/ which some web servers happily accept.
         */
        if ($uri[0] === '.') {
            $uri = $GLOBALS['PMA_Config']->getRootPath() . substr($uri, 2);
        }
        $response = Response::getInstance();
        session_write_close();
        if ($response->headersSent()) {
            trigger_error(
                'Core::sendHeaderLocation called when headers are already sent!',
                E_USER_ERROR
            );
        }
        // bug #1523784: IE6 does not like 'Refresh: 0', it
        // results in a blank page
        // but we need it when coming from the cookie login panel)
        if ($GLOBALS['PMA_Config']->get('PMA_IS_IIS') && $use_refresh) {
            $response->header('Refresh: 0; ' . $uri);
        } else {
            $response->header('Location: ' . $uri);
        }
    }
    /**
     * Outputs application/json headers. This includes no caching.
     */
    public static function headerJSON(): void
    {
        if (defined('TESTSUITE')) {
            return;
        }
        // No caching
        self::noCacheHeader();
        // MIME type
        header('Content-Type: application/json; charset=UTF-8');
        // Disable content sniffing in browser
        // This is needed in case we include HTML in JSON, browser might assume it's
        // html to display
        header('X-Content-Type-Options: nosniff');
    }
    /**
     * Outputs headers to prevent caching in browser (and on the way).
     */
    public static function noCacheHeader(): void
    {
        if (defined('TESTSUITE')) {
            return;
        }
        // rfc2616 - Section 14.21
        header('Expires: ' . gmdate(DATE_RFC1123));
        // HTTP/1.1
        header(
            'Cache-Control: no-store, no-cache, must-revalidate,'
            . '  pre-check=0, post-check=0, max-age=0'
        );
        header('Pragma: no-cache'); // HTTP/1.0
        // test case: exporting a database into a .gz file with Safari
        // would produce files not having the current time
        // (added this header for Safari but should not harm other browsers)
        header('Last-Modified: ' . gmdate(DATE_RFC1123));
    }
    /**
     * Sends header indicating file download.
     *
     * @param string $filename Filename to include in headers if empty,
     *                         none Content-Disposition header will be sent.
     * @param string $mimetype MIME type to include in headers.
     * @param int    $length   Length of content (optional)
     * @param bool   $no_cache Whether to include no-caching headers.
     */
    public static function downloadHeader(
        string $filename,
        string $mimetype,
        int $length = 0,
        bool $no_cache = true
    ): void {
        if ($no_cache) {
            self::noCacheHeader();
        }
        /* Replace all possibly dangerous chars in filename */
        $filename = Sanitize::sanitizeFilename($filename);
        if (! empty($filename)) {
            header('Content-Description: File Transfer');
            header('Content-Disposition: attachment; filename="' . $filename . '"');
        }
        header('Content-Type: ' . $mimetype);
        // inform the server that compression has been done,
        // to avoid a double compression (for example with Apache + mod_deflate)
        $notChromeOrLessThan43 = PMA_USR_BROWSER_AGENT != 'CHROME' // see bug #4942
            || (PMA_USR_BROWSER_AGENT == 'CHROME' && PMA_USR_BROWSER_VER < 43);
        if (strpos($mimetype, 'gzip') !== false && $notChromeOrLessThan43) {
            header('Content-Encoding: gzip');
        }
        header('Content-Transfer-Encoding: binary');
        if ($length <= 0) {
            return;
        }
        header('Content-Length: ' . $length);
    }
    /**
     * Returns value of an element in $array given by $path.
     * $path is a string describing position of an element in an associative array,
     * eg. Servers/1/host refers to $array[Servers][1][host]
     *
     * @param string $path    path in the array
     * @param array  $array   the array
     * @param mixed  $default default value
     *
     * @return array|mixed|null array element or $default
     */
    public static function arrayRead(string $path, array $array, $default = null)
    {
        $keys = explode('/', $path);
        $value =& $array;
        foreach ($keys as $key) {
            if (! isset($value[$key])) {
                return $default;
            }
            $value =& $value[$key];
        }
        return $value;
    }
    /**
     * Stores value in an array
     *
     * @param string $path  path in the array
     * @param array  $array the array
     * @param mixed  $value value to store
     */
    public static function arrayWrite(string $path, array &$array, $value): void
    {
        $keys = explode('/', $path);
        $last_key = array_pop($keys);
        $a =& $array;
        foreach ($keys as $key) {
            if (! isset($a[$key])) {
                $a[$key] = [];
            }
            $a =& $a[$key];
        }
        $a[$last_key] = $value;
    }
    /**
     * Removes value from an array
     *
     * @param string $path  path in the array
     * @param array  $array the array
     */
    public static function arrayRemove(string $path, array &$array): void
    {
        $keys = explode('/', $path);
        $keys_last = array_pop($keys);
        $path = [];
        $depth = 0;
        $path[0] =& $array;
        $found = true;
        // go as deep as required or possible
        foreach ($keys as $key) {
            if (! isset($path[$depth][$key])) {
                $found = false;
                break;
            }
            $depth++;
            $path[$depth] =& $path[$depth - 1][$key];
        }
        // if element found, remove it
        if ($found) {
            unset($path[$depth][$keys_last]);
            $depth--;
        }
        // remove empty nested arrays
        for (; $depth >= 0; $depth--) {
            if (isset($path[$depth + 1]) && count($path[$depth + 1]) !== 0) {
                break;
            }
            unset($path[$depth][$keys[$depth]]);
        }
    }
    /**
     * Returns link to (possibly) external site using defined redirector.
     *
     * @param string $url URL where to go.
     *
     * @return string URL for a link.
     */
    public static function linkURL(string $url): string
    {
        if (! preg_match('#^https?://#', $url)) {
            return $url;
        }
        $params = [];
        $params['url'] = $url;
        $url = Url::getCommon($params);
        //strip off token and such sensitive information. Just keep url.
        $arr = parse_url($url);
        if (! is_array($arr)) {
            $arr = [];
        }
        parse_str($arr['query'] ?? '', $vars);
        $query = http_build_query(['url' => $vars['url']]);
        if ($GLOBALS['PMA_Config'] !== null && $GLOBALS['PMA_Config']->get('is_setup')) {
            $url = '../url.php?' . $query;
        } else {
            $url = './url.php?' . $query;
        }
        return $url;
    }
    /**
     * Checks whether domain of URL is an allowed domain or not.
     * Use only for URLs of external sites.
     *
     * @param string $url URL of external site.
     *
     * @return bool True: if domain of $url is allowed domain,
     * False: otherwise.
     */
    public static function isAllowedDomain(string $url): bool
    {
        $arr = parse_url($url);
        if (! is_array($arr)) {
            $arr = [];
        }
        // We need host to be set
        if (! isset($arr['host']) || strlen($arr['host']) == 0) {
            return false;
        }
        // We do not want these to be present
        $blocked = [
            'user',
            'pass',
            'port',
        ];
        foreach ($blocked as $part) {
            if (isset($arr[$part]) && strlen((string) $arr[$part]) != 0) {
                return false;
            }
        }
        $domain = $arr['host'];
        $domainAllowList = [
            /* Include current domain */
            $_SERVER['SERVER_NAME'],
            /* phpMyAdmin domains */
            'wiki.phpmyadmin.net',
            'www.phpmyadmin.net',
            'phpmyadmin.net',
            'demo.phpmyadmin.net',
            'docs.phpmyadmin.net',
            /* mysql.com domains */
            'dev.mysql.com',
            'bugs.mysql.com',
            /* mariadb domains */
            'mariadb.org',
            'mariadb.com',
            /* php.net domains */
            'php.net',
            'www.php.net',
            /* Github domains*/
            'github.com',
            'www.github.com',
            /* Percona domains */
            'www.percona.com',
            /* Following are doubtful ones. */
            'mysqldatabaseadministration.blogspot.com',
        ];
        return in_array($domain, $domainAllowList);
    }
    /**
     * Replace some html-unfriendly stuff
     *
     * @param string $buffer String to process
     *
     * @return string Escaped and cleaned up text suitable for html
     */
    public static function mimeDefaultFunction(string $buffer): string
    {
        $buffer = htmlspecialchars($buffer);
        $buffer = str_replace('  ', '  ', $buffer);
        return (string) preg_replace("@((\015\012)|(\015)|(\012))@", '
' . "\n", $buffer);
    }
    /**
     * Displays SQL query before executing.
     *
     * @param array|string $query_data Array containing queries or query itself
     */
    public static function previewSQL($query_data): void
    {
        $retval = '