338 lines
		
	
	
		
			9.8 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
			
		
		
	
	
			338 lines
		
	
	
		
			9.8 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
| <?php
 | |
| /**
 | |
|  * Handles Database Search
 | |
|  */
 | |
| 
 | |
| declare(strict_types=1);
 | |
| 
 | |
| namespace PhpMyAdmin\Database;
 | |
| 
 | |
| use PhpMyAdmin\DatabaseInterface;
 | |
| use PhpMyAdmin\Template;
 | |
| use PhpMyAdmin\Util;
 | |
| use function array_intersect;
 | |
| use function array_key_exists;
 | |
| use function count;
 | |
| use function explode;
 | |
| use function htmlspecialchars;
 | |
| use function implode;
 | |
| use function intval;
 | |
| use function is_array;
 | |
| use function is_string;
 | |
| use function strlen;
 | |
| 
 | |
| /**
 | |
|  * Class to handle database search
 | |
|  */
 | |
| class Search
 | |
| {
 | |
|     /**
 | |
|      * Database name
 | |
|      *
 | |
|      * @access private
 | |
|      * @var string
 | |
|      */
 | |
|     private $db;
 | |
| 
 | |
|     /**
 | |
|      * Table Names
 | |
|      *
 | |
|      * @access private
 | |
|      * @var array
 | |
|      */
 | |
|     private $tablesNamesOnly;
 | |
| 
 | |
|     /**
 | |
|      * Type of search
 | |
|      *
 | |
|      * @access private
 | |
|      * @var array
 | |
|      */
 | |
|     private $searchTypes;
 | |
| 
 | |
|     /**
 | |
|      * Already set search type
 | |
|      *
 | |
|      * @access private
 | |
|      * @var int
 | |
|      */
 | |
|     private $criteriaSearchType;
 | |
| 
 | |
|     /**
 | |
|      * Already set search type's description
 | |
|      *
 | |
|      * @access private
 | |
|      * @var string
 | |
|      */
 | |
|     private $searchTypeDescription;
 | |
| 
 | |
|     /**
 | |
|      * Search string/regexp
 | |
|      *
 | |
|      * @access private
 | |
|      * @var string
 | |
|      */
 | |
|     private $criteriaSearchString;
 | |
| 
 | |
|     /**
 | |
|      * Criteria Tables to search in
 | |
|      *
 | |
|      * @access private
 | |
|      * @var array
 | |
|      */
 | |
|     private $criteriaTables;
 | |
| 
 | |
|     /**
 | |
|      * Restrict the search to this column
 | |
|      *
 | |
|      * @access private
 | |
|      * @var string
 | |
|      */
 | |
|     private $criteriaColumnName;
 | |
| 
 | |
|     /** @var DatabaseInterface */
 | |
|     private $dbi;
 | |
| 
 | |
|     /** @var Template */
 | |
|     public $template;
 | |
| 
 | |
|     /**
 | |
|      * @param DatabaseInterface $dbi      DatabaseInterface object
 | |
|      * @param string            $db       Database name
 | |
|      * @param Template          $template Template object
 | |
|      */
 | |
|     public function __construct(DatabaseInterface $dbi, $db, Template $template)
 | |
|     {
 | |
|         $this->db = $db;
 | |
|         $this->dbi = $dbi;
 | |
|         $this->searchTypes = [
 | |
|             '1' => __('at least one of the words'),
 | |
|             '2' => __('all of the words'),
 | |
|             '3' => __('the exact phrase as substring'),
 | |
|             '4' => __('the exact phrase as whole field'),
 | |
|             '5' => __('as regular expression'),
 | |
|         ];
 | |
|         $this->template = $template;
 | |
|         // Sets criteria parameters
 | |
|         $this->setSearchParams();
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Sets search parameters
 | |
|      *
 | |
|      * @return void
 | |
|      */
 | |
|     private function setSearchParams()
 | |
|     {
 | |
|         $this->tablesNamesOnly = $this->dbi->getTables($this->db);
 | |
| 
 | |
|         if (empty($_POST['criteriaSearchType'])
 | |
|             || ! is_string($_POST['criteriaSearchType'])
 | |
|             || ! array_key_exists(
 | |
|                 $_POST['criteriaSearchType'],
 | |
|                 $this->searchTypes
 | |
|             )
 | |
|         ) {
 | |
|             $this->criteriaSearchType = 1;
 | |
|             unset($_POST['submit_search']);
 | |
|         } else {
 | |
|             $this->criteriaSearchType = (int) $_POST['criteriaSearchType'];
 | |
|             $this->searchTypeDescription
 | |
|                 = $this->searchTypes[$_POST['criteriaSearchType']];
 | |
|         }
 | |
| 
 | |
|         if (empty($_POST['criteriaSearchString'])
 | |
|             || ! is_string($_POST['criteriaSearchString'])
 | |
|         ) {
 | |
|             $this->criteriaSearchString = '';
 | |
|             unset($_POST['submit_search']);
 | |
|         } else {
 | |
|             $this->criteriaSearchString = $_POST['criteriaSearchString'];
 | |
|         }
 | |
| 
 | |
|         $this->criteriaTables = [];
 | |
|         if (empty($_POST['criteriaTables'])
 | |
|             || ! is_array($_POST['criteriaTables'])
 | |
|         ) {
 | |
|             unset($_POST['submit_search']);
 | |
|         } else {
 | |
|             $this->criteriaTables = array_intersect(
 | |
|                 $_POST['criteriaTables'],
 | |
|                 $this->tablesNamesOnly
 | |
|             );
 | |
|         }
 | |
| 
 | |
|         if (empty($_POST['criteriaColumnName'])
 | |
|             || ! is_string($_POST['criteriaColumnName'])
 | |
|         ) {
 | |
|             unset($this->criteriaColumnName);
 | |
|         } else {
 | |
|             $this->criteriaColumnName = $this->dbi->escapeString(
 | |
|                 $_POST['criteriaColumnName']
 | |
|             );
 | |
|         }
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Builds the SQL search query
 | |
|      *
 | |
|      * @param string $table The table name
 | |
|      *
 | |
|      * @return array 3 SQL queries (for count, display and delete results)
 | |
|      *
 | |
|      * @todo    can we make use of fulltextsearch IN BOOLEAN MODE for this?
 | |
|      * PMA_backquote
 | |
|      * DatabaseInterface::freeResult
 | |
|      * DatabaseInterface::fetchAssoc
 | |
|      * $GLOBALS['db']
 | |
|      * explode
 | |
|      * count
 | |
|      * strlen
 | |
|      */
 | |
|     private function getSearchSqls($table)
 | |
|     {
 | |
|         // Statement types
 | |
|         $sqlstr_select = 'SELECT';
 | |
|         $sqlstr_delete = 'DELETE';
 | |
|         // Table to use
 | |
|         $sqlstr_from = ' FROM '
 | |
|             . Util::backquote($GLOBALS['db']) . '.'
 | |
|             . Util::backquote($table);
 | |
|         // Gets where clause for the query
 | |
|         $where_clause = $this->getWhereClause($table);
 | |
|         // Builds complete queries
 | |
|         $sql = [];
 | |
|         $sql['select_columns'] = $sqlstr_select . ' * ' . $sqlstr_from
 | |
|             . $where_clause;
 | |
|         // here, I think we need to still use the COUNT clause, even for
 | |
|         // VIEWs, anyway we have a WHERE clause that should limit results
 | |
|         $sql['select_count']  = $sqlstr_select . ' COUNT(*) AS `count`'
 | |
|             . $sqlstr_from . $where_clause;
 | |
|         $sql['delete']        = $sqlstr_delete . $sqlstr_from . $where_clause;
 | |
| 
 | |
|         return $sql;
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Provides where clause for building SQL query
 | |
|      *
 | |
|      * @param string $table The table name
 | |
|      *
 | |
|      * @return string The generated where clause
 | |
|      */
 | |
|     private function getWhereClause($table)
 | |
|     {
 | |
|         // Columns to select
 | |
|         $allColumns = $this->dbi->getColumns($GLOBALS['db'], $table);
 | |
|         $likeClauses = [];
 | |
|         // Based on search type, decide like/regex & '%'/''
 | |
|         $like_or_regex   = ($this->criteriaSearchType == 5 ? 'REGEXP' : 'LIKE');
 | |
|         $automatic_wildcard   = ($this->criteriaSearchType < 4 ? '%' : '');
 | |
|         // For "as regular expression" (search option 5), LIKE won't be used
 | |
|         // Usage example: If user is searching for a literal $ in a regexp search,
 | |
|         // they should enter \$ as the value.
 | |
|         $criteriaSearchStringEscaped = $this->dbi->escapeString(
 | |
|             $this->criteriaSearchString
 | |
|         );
 | |
|         // Extract search words or pattern
 | |
|         $search_words = $this->criteriaSearchType > 2
 | |
|             ? [$criteriaSearchStringEscaped]
 | |
|             : explode(' ', $criteriaSearchStringEscaped);
 | |
| 
 | |
|         foreach ($search_words as $search_word) {
 | |
|             // Eliminates empty values
 | |
|             if (strlen($search_word) === 0) {
 | |
|                 continue;
 | |
|             }
 | |
|             $likeClausesPerColumn = [];
 | |
|             // for each column in the table
 | |
|             foreach ($allColumns as $column) {
 | |
|                 if (isset($this->criteriaColumnName)
 | |
|                     && strlen($this->criteriaColumnName) !== 0
 | |
|                     && $column['Field'] != $this->criteriaColumnName
 | |
|                 ) {
 | |
|                     continue;
 | |
|                 }
 | |
| 
 | |
|                 $column = 'CONVERT(' . Util::backquote($column['Field'])
 | |
|                         . ' USING utf8)';
 | |
|                 $likeClausesPerColumn[] = $column . ' ' . $like_or_regex . ' '
 | |
|                     . "'"
 | |
|                     . $automatic_wildcard . $search_word . $automatic_wildcard
 | |
|                     . "'";
 | |
|             }
 | |
|             if (count($likeClausesPerColumn) <= 0) {
 | |
|                 continue;
 | |
|             }
 | |
| 
 | |
|             $likeClauses[] = implode(' OR ', $likeClausesPerColumn);
 | |
|         }
 | |
|         // Use 'OR' if 'at least one word' is to be searched, else use 'AND'
 | |
|         $implode_str  = ($this->criteriaSearchType == 1 ? ' OR ' : ' AND ');
 | |
|         if (empty($likeClauses)) {
 | |
|             // this could happen when the "inside column" does not exist
 | |
|             // in any selected tables
 | |
|             $where_clause = ' WHERE FALSE';
 | |
|         } else {
 | |
|             $where_clause = ' WHERE ('
 | |
|                 . implode(') ' . $implode_str . ' (', $likeClauses)
 | |
|                 . ')';
 | |
|         }
 | |
| 
 | |
|         return $where_clause;
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Displays database search results
 | |
|      *
 | |
|      * @return string HTML for search results
 | |
|      */
 | |
|     public function getSearchResults()
 | |
|     {
 | |
|         $resultTotal = 0;
 | |
|         $rows = [];
 | |
|         // For each table selected as search criteria
 | |
|         foreach ($this->criteriaTables as $eachTable) {
 | |
|             // Gets the SQL statements
 | |
|             $newSearchSqls = $this->getSearchSqls($eachTable);
 | |
|             // Executes the "COUNT" statement
 | |
|             $resultCount = intval($this->dbi->fetchValue(
 | |
|                 $newSearchSqls['select_count']
 | |
|             ));
 | |
|             $resultTotal += $resultCount;
 | |
|             // Gets the result row's HTML for a table
 | |
|             $rows[] = [
 | |
|                 'table' => htmlspecialchars($eachTable),
 | |
|                 'new_search_sqls' => $newSearchSqls,
 | |
|                 'result_count' => $resultCount,
 | |
|             ];
 | |
|         }
 | |
| 
 | |
|         return $this->template->render('database/search/results', [
 | |
|             'db' => $this->db,
 | |
|             'rows' => $rows,
 | |
|             'result_total' => $resultTotal,
 | |
|             'criteria_tables' => $this->criteriaTables,
 | |
|             'criteria_search_string' => htmlspecialchars($this->criteriaSearchString),
 | |
|             'search_type_description' => $this->searchTypeDescription,
 | |
|         ]);
 | |
|     }
 | |
| 
 | |
|     /**
 | |
|      * Provides the main search form's html
 | |
|      *
 | |
|      * @return string HTML for selection form
 | |
|      */
 | |
|     public function getMainHtml()
 | |
|     {
 | |
|         return $this->template->render('database/search/main', [
 | |
|             'db' => $this->db,
 | |
|             'criteria_search_string' => $this->criteriaSearchString,
 | |
|             'criteria_search_type' => $this->criteriaSearchType,
 | |
|             'criteria_tables' => $this->criteriaTables,
 | |
|             'tables_names_only' => $this->tablesNamesOnly,
 | |
|             'criteria_column_name' => $this->criteriaColumnName ?? null,
 | |
|         ]);
 | |
|     }
 | |
| }
 |