1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
<?php
/**
* This file contains the plugin to allow importing from a MySQL database
* but instead of saving data to that database it will write it instead to
* a static XML file. The load function will echo out the contents of the
* file.
*
* When saving/loading the script will only accept alphanumeric w/ underscore
* filenames between 1 and 100 characters (yes, its arbitrary, change it if
* you don't like it :p).
*
* No validation is performed on the XML data saved to file. A malicious user
* could potentially upload a HUGE file so be aware of this when you configure
* your server. No user authentication is included.
*
* Please note that this is not all my work. Large portions of it have been
* copied from the php-mysql and php-file plugins.
*
* @author 'Kabal458' <Kabal458@gmail.com>
* @since 10-July-2009
*/
// Define these constants for importing from your MySQL database. MySQL
// usually stores your metadata inside the `information_schema` database
// on the `TABLES` table
define('HOST', 'localhost');
define('USER', 'root');
define('PASS', 'password');
define('DB', 'information_schema');
// This constant is the regular expression used to validate the filename
define('FILENAME_REGEX', '^[A-Za-z0-9_]{1,100}$');
// Pull the action variable from the GET and validate it
$action = isset($_GET['action']) ? $_GET['action'] : '';
if(!in_array($action, array('list','save','load','import'))) {
header('HTTP/1.0 501 Not Implemented');
exit;
}
// Save and Load actions must have the 'keyword' GET variable to work,
// I've used a regular expression to keep filenames simple and valid
// so that they don't do anything unintended.
if($action == 'save' || $action == 'load') {
if(!isset($_GET['keyword']) || !ereg(FILENAME_REGEX, $_GET['keyword'])) {
header('HTTP/1.0 400 Bad Request');
exit;
}
}
// The import action requires the database variable to be set
if($action == 'import' && !isset($_GET['database'])) {
header('HTTP/1.0 400 Bad Request');
exit;
}
// Based on the action variable return appropriate data
switch($action) {
case 'list':
// List all files in the data directory
foreach (glob('data/*') as $file)
echo basename($file)."\n";
break;
case 'save':
// Open the file for writing
$f = fopen('data/'.$_GET['keyword'], 'w');
// Read in the contents of the XML file from input
$data = file_get_contents('php://input');
if (get_magic_quotes_gpc() || get_magic_quotes_runtime()) {
$data = stripslashes($data);
}
// Write the data to the file and close the file
fwrite($f, $data);
fclose($f);
// Write the response HTTP code
header('HTTP/1.0 201 Created');
break;
case 'load':
$keyword = 'data/' . $_GET['keyword'];
if (!file_exists($keyword)) {
header('HTTP/1.0 404 Not Found');
} else {
header('Content-type: text/xml');
echo file_get_contents($keyword);
}
break;
case 'import':
// The import command may take some time, so make sure that PHP won't timeout
set_time_limit(0);
// I've included the mysql_import function from the php_mysql plugin as its
// own file for future compatibility and to take so much code out of this one
// file.
require_once 'mysql_import.php';
// Connect to the MySQL Database, short circuiting ensures that this code will
// execute without error
if (!mysql_connect(HOST,USER,PASS) || !mysql_select_db(DB)) {
header("HTTP/1.0 503 Service Unavailable");
exit;
}
header("Content-type: text/xml");
echo import();
break;
}
?>
|
