WordPress.org

Plugin Directory

Changeset 325514


Ignore:
Timestamp:
12/22/10 21:38:33 (3 years ago)
Author:
MrWiblog
Message:

1.1: Added the ability to run custom queries, and export the results. Also added nonce security (thanks to Julio from Boiteaweb.fr). Added Plugin Register.

Location:
database-browser/trunk
Files:
1 added
2 edited

Legend:

Unmodified
Added
Removed
  • database-browser/trunk/database-browser.php

    r319861 r325514  
    55Description: Easily browse the data in your database, and download in CSV, XML and JSON format 
    66Author: Chris Taylor 
    7 Version: 1.0 
     7Version: 1.1 
    88Author URI: http://www.stillbreathing.co.uk/ 
    99*/ 
     10 
     11// include the Plugin_Register class 
     12require_once( WP_PLUGIN_DIR . "/database-browser/plugin-register.class.php" ); 
     13// create a new instance of the Plugin_Register class 
     14$register = new Plugin_Register(); 
     15$register->file = __FILE__; 
     16$register->slug = "databasebrowser"; 
     17$register->name = "Database Browser"; 
     18$register->version = "1.1"; 
     19$register->developer = "Chris Taylor"; 
     20$register->homepage = "http://www.stillbreathing.co.uk"; 
     21$register->Plugin_Register(); 
    1022 
    1123if( !class_exists( 'DatabaseBrowser' ) ) { 
     
    1426     
    1527        // set some properties 
    16         var $version = "1.0"; 
     28        var $version = "1.1"; 
    1729        var $tables = array(); 
    1830        var $table = null; 
     
    2739        function DatabaseBrowser() { 
    2840         
    29             if ( isset( $_POST["table"] ) && $_POST["table"] != "" ) { 
    30                 header( "Location: tools.php?page=databasebrowser&table=" . $_POST["table"] ); 
    31             } 
    32          
    3341            require_once( WP_PLUGIN_DIR . "/database-browser/pagination.class.php" ); 
    3442            $this->formURL = remove_query_arg( "p" ); 
     
    4149        // when the WordPress admin is initialised 
    4250        function on_admin_init() { 
     51         
     52            // if requesting a table, redirect 
     53            if ( wp_verify_nonce( @$_POST["_wpnonce"], "table" ) && isset( $_POST["table"] ) && $_POST["table"] != "" ) { 
     54                header( "Location: tools.php?page=databasebrowser&table=" . $_POST["table"] . "&_wpnonce=" . wp_create_nonce( "table" ) ); 
     55            } 
     56         
    4357            // get the requested table name 
    4458            $this->table = @$_GET["table"]; 
    4559             
    4660            // if exporting, do the export 
    47             if ( $this->table != "" && @$_GET["export"] != "" ) { 
     61            if ( wp_verify_nonce( @$_GET["_wpnonce"], "export" ) && $this->table != "" && @$_GET["export"] != "" ) { 
    4862                $this->export(); 
    4963            } 
     
    8599             
    86100            // if a table has been chosen, load the data 
    87             if ( $this->table != "" ) { 
     101            if ( wp_verify_nonce( @$_GET["_wpnonce"], "table" ) && $this->table != "" ) { 
    88102             
    89103                $limit = 100; 
    90104                $paginator = new Paginator( $limit ); 
    91105 
    92                 // load the table 
    93                 $this->loadTable( $paginator->findStart(), $limit ); 
     106                // if a query has been given 
     107                if ( isset( $_POST["query"] ) ) { 
     108                    $tablename = "Custom query"; 
     109                    $this->runQuery( $_POST["query"] ); 
     110                } else { 
     111                    // load the table 
     112                    $this->loadTable( $paginator->findStart(), $limit ); 
     113                    $tablename = $this->table; 
     114                } 
    94115             
    95116                echo ' 
    96                 <h2>' . sprintf( __( "Table: %s", "databasebrowser" ), $this->table ) . '</h2> 
     117                <h2>' . sprintf( __( "Table: %s", "databasebrowser" ), $tablename ) . '</h2> 
    97118                '; 
    98119                 
     
    106127                } 
    107128                 
     129                // if a query has not been given 
     130                if ( !isset( $_POST["query"] ) ) { 
    108131                echo ' 
    109132                <form action="' . $this->formURL . '" method="post"> 
     
    114137                    <textarea name="orderby" cols="30" rows="6" style="width:100%;height:4em" class="hider" id="orderby">' . @stripslashes( $_POST["orderby"] ) . '</textarea> 
    115138                </p> 
    116                 <p><button type="submit" class="button">' . __( "Run where and order by clauses", "databasebrowser" ) . '</button></p> 
     139                <p><button type="submit" class="button">' . __( "Run where and order by clauses", "databasebrowser" ) . '</button> 
     140                ' . wp_nonce_field( "query" ) . '</p> 
    117141                </form> 
    118142                '; 
     143                } 
    119144             
    120145                // no data found 
     
    165190                </select> 
    166191                <input type="submit" class="button-primary" value="' . __( "Select table", "databasebrowser" ) . '" /> 
     192                ' . wp_nonce_field( "table" ) . ' 
    167193            </p> 
    168194            </form> 
     
    172198             
    173199                echo ' 
     200                <form action="tools.php?page=databasebrowser&amp;table=' . $this->table . '" method="post"> 
    174201                <h4 id="queryheader">' . __( "Query performed:", "databasebrowser" ) . '</h4> 
    175                 <p class="hider" id="query"><textarea name="query" cols="30" rows="6" style="width:100%;height:4em">' . $this->query . '</textarea></p> 
     202                <div class="hider" id="query"> 
     203                    <p><textarea name="query" cols="30" rows="10" style="width:100%;height:10em">' . $this->query . '</textarea></p> 
     204                    <p><input type="submit" class="button" value="' . __( "Run query", "databasebrowser" ) . '" /> 
     205                    ' . wp_nonce_field( "query" ) . '</p> 
     206                </div> 
     207                </form> 
    176208                '; 
    177209             
     
    237269        } 
    238270         
     271        // run a custom query 
     272        function runQuery( $query ) { 
     273            global $wpdb; 
     274            $query = mysql_real_escape_string( stripslashes( $query ) ); 
     275            $query = preg_replace('/SELECT/', 'SELECT SQL_CALC_FOUND_ROWS', $query, 1); 
     276            $this->query = $query; 
     277            session_start(); 
     278            $_SESSION["custom_query"] = $query; 
     279            $this->rows = $wpdb->get_results( $query, ARRAY_A ); 
     280            $this->error = mysql_error( $wpdb->dbh ); 
     281            $this->rowcount = $wpdb->get_var( "SELECT FOUND_ROWS();" ); 
     282            if ( count( $this->rows ) > 0 ) { 
     283                foreach ( $this->rows[0] as $key => $value ){ 
     284                    $this->columns[]->Field = $key; 
     285                } 
     286            } 
     287        } 
     288         
    239289        // ===================================================================================================================== 
    240290        // Export 
    241291         
    242292        function exportLinks() { 
    243              
     293 
    244294            echo ' 
    245295            <div id="exportlinks"> 
    246296                <ul> 
    247                     <li><a href="tools.php?page=databasebrowser&amp;table=' . $this->table . '&amp;export=XML" class="button">XML</a></li> 
    248                     <li><a href="tools.php?page=databasebrowser&amp;table=' . $this->table . '&amp;export=HTML" class="button">HTML</a></li> 
    249                     <li><a href="tools.php?page=databasebrowser&amp;table=' . $this->table . '&amp;export=CSV" class="button">CSV</a></li> 
    250                     <li><a href="tools.php?page=databasebrowser&amp;table=' . $this->table . '&amp;export=JSON" class="button">JSON</a></li> 
     297                    <li><a href="' . wp_nonce_url( 'tools.php?page=databasebrowser&amp;table=' . $this->table . '&amp;export=XML', 'export' ) . '" class="button">XML</a></li> 
     298                    <li><a href="' . wp_nonce_url( 'tools.php?page=databasebrowser&amp;table=' . $this->table . '&amp;export=HTML', 'export' ) . '" class="button">HTML</a></li> 
     299                    <li><a href="' . wp_nonce_url( 'tools.php?page=databasebrowser&amp;table=' . $this->table . '&amp;export=CV', 'export' ) . '" class="button">CSV</a></li> 
     300                    <li><a href="' . wp_nonce_url( 'tools.php?page=databasebrowser&amp;table=' . $this->table . '&amp;export=JSON', 'export' ) . '" class="button">JSON</a></li> 
    251301                </ul> 
    252302            </div> 
     
    257307        function export() { 
    258308             
    259             // load the table with all rows 
    260             $this->loadTable( null, null ); 
     309            // if a query has been set 
     310            if ( isset( $_SESSION["custom_query"] ) && trim( $_SESSION["custom_query"] ) != "" ) { 
     311                $this->runQuery( $_SESSION["custom_query"] ); 
     312            } else { 
     313                // load the table with all rows 
     314                $this->loadTable( null, null ); 
     315            } 
    261316             
    262317            $format = strtolower( $_GET["export"] ); 
  • database-browser/trunk/readme.txt

    r319866 r325514  
    55Requires at least: 3.0.1 
    66Tested up to: 3.0.2 
    7 Stable tag: 1.0 
     7Stable tag: 1.1 
    88 
    99Easily query and browse tables in your database, and download in XML, JSON, CSV and HTML format 
     
    2424= Can I delete my data? = 
    2525 
    26 Yes, it is possible to delete or modify data using the 'Where' and 'Order by' boxes. Be careful. 
     26Yes, it is possible to delete or modify data using the custom query, 'Where' and 'Order by' boxes. Be careful. 
    2727 
    2828= Who can export the data? = 
     
    3636== Upgrade notice == 
    3737 
    38 Version 1.0 is the initial version. 
     38Version 1.1 includes security additions which will help protect against hacking. 
    3939 
    4040== Changelog == 
     41 
     42= 1.1 (2010/12/22) = 
     43 
     44Added the ability to run custom queries, and export the results. Also added nonce security (thanks to Julio from Boiteaweb.fr). Added Plugin Register. 
    4145 
    4246= 1.0 (2010/12/06) = 
Note: See TracChangeset for help on using the changeset viewer.