当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0155415

漏洞标题:天天团购备份信息泄露导致数据库连接涉及众多用户账号密码

相关厂商:杭州神话

漏洞作者: 路人甲

提交时间:2015-11-24 10:23

修复时间:2015-11-29 10:24

公开时间:2015-11-29 10:24

漏洞类型:敏感信息泄露

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-11-24: 细节已通知厂商并且等待厂商处理中
2015-11-29: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

据说杭州的厂商都有小礼物哦?

详细说明:

0x01:github信息泄露

https://github.com/kinglion/tttuangou/blob/ba6b53612c949fa7437778b8ced80c5609f7e23f/dbfenxbackup.php


点到为止,因此只连接数据库证明数据泄露:

2.png


代码好像太多,在下面贴着,能不能显示,麻烦管理处理下!

漏洞证明:

翻越上级目录,可查看整站程序以及下载。
在当前页面dbfenxbackup.php获取信息如下:
<code><?php
//Copyright © 2013-2020 深圳市木浪科技有限公司. All Rights Reserved.,2013/09/13
error_reporting(0);
date_default_timezone_set('Asia/Shanghai');
define('MAX_ONE_FILE_SIZE',10000000);
define('MAX_ONCE_ZIP_SIZE',20000000);
$g_tasks = array() ;
$g_current_progress_file = '';
$g_finished = false;
$g_exec_complete = false;
$g_timeout_seconds = 15+time();
$g_log_file = 'dbfen.log';
$debug = FALSE;
//请修改为你网站或手机后台服务对应的参数
$db_info['db_host'] = 'db316.72dns.net';
$db_info['db_port'] = '3306';
$db_info['db_name'] = 'db_tl0754com';
$db_info['db_user'] = 'tl0754com';
$db_info['db_passwd'] = 'rlbc7o';
$backup_info['tmpDir'] = '';
$backup_info['folders'] = array('/');
$backup_info['encrypt_key'] = 'uod6zsmsvyx4Pp8n';
//以下由多备份自动生成的,不能修改
$backup_type = intval($_POST['bt']);
$task_id = intval($_POST['tid']);
$user_id = intval($_POST['uid']);
$app_key = $_POST['apk'];
$app_secret = $_POST['aps'];
$dbfen_key = $_POST['dk'];
$action_type = $_POST['at'];
$dbfen_ip = '';
if( isset($_SERVER['HTTP_X_FORWARDED_FOR']) ){
$dbfen_ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}else if( isset($_SERVER['HTTP_CLIENT_IP']) ){
$dbfen_ip=$_SERVER['HTTP_CLIENT_IP'];
}else{
$dbfen_ip=$_SERVER['REMOTE_ADDR'];
}
$backup_info['backup_type'] = $backup_type;
$backup_info['action_type'] = $action_type;
$backup_info['app_key'] = '312246c286796d1e7cab530670ab30ed';
$backup_info['app_secret'] = 'CBl2uNkfBYYQDW52q0Z6ta73i7McUuIW';
$backup_info['dbfen_key'] = 'DBFEN@KEYoAjR9RkKzKNyzra5uc0ws39vzprzzbme';
$backup_info['dbfen_ip'] = array('webmgr'=>'115.28.36.60','db'=>'113.108.221.222','fs'=>'');
$backup_info['task_id'] = $task_id;
$backup_info['user_id'] = $user_id;
$tmp_path = md5($backup_info['encrypt_key'] . $backup_info['app_key'] . $backup_info['app_secret']); $tmp_path = md5($tmp_path); define( 'PCLZIP_TEMPORARY_DIR', $tmp_path . '/ziptmp/' ); if (!class_exists('ZipArchive') OR !extension_loaded('zip') ) { if (!defined('PCLZIP_READ_BLOCK_SIZE')) { define( 'PCLZIP_READ_BLOCK_SIZE', 2048 ); } if (!defined('PCLZIP_SEPARATOR')) { define( 'PCLZIP_SEPARATOR', ',' ); } if (!defined('PCLZIP_ERROR_EXTERNAL')) { define( 'PCLZIP_ERROR_EXTERNAL', 0 ); } if (!defined('PCLZIP_TEMPORARY_DIR')) { define( 'PCLZIP_TEMPORARY_DIR', '' ); } if (!defined('PCLZIP_TEMPORARY_FILE_RATIO')) { define( 'PCLZIP_TEMPORARY_FILE_RATIO', 0.47 ); } define( 'PCLZIP_OPT_ADD_PATH', 77002 ); define( 'PCLZIP_OPT_REMOVE_PATH', 77003 ); define( 'PCLZIP_OPT_REMOVE_ALL_PATH', 77004 ); define( 'PCLZIP_OPT_NO_COMPRESSION', 77007 ); define( 'PCLZIP_OPT_COMMENT', 77012 ); define( 'PCLZIP_OPT_ADD_COMMENT', 77013 ); define( 'PCLZIP_OPT_PREPEND_COMMENT', 77014 ); define( 'PCLZIP_OPT_TEMP_FILE_THRESHOLD', 77020 ); define( 'PCLZIP_OPT_TEMP_FILE_ON', 77021 ); define( 'PCLZIP_OPT_TEMP_FILE_OFF', 77022 ); define( 'PCLZIP_ATT_FILE_NAME', 79001 ); define( 'PCLZIP_ATT_FILE_NEW_SHORT_NAME', 79002 ); define( 'PCLZIP_ATT_FILE_NEW_FULL_NAME', 79003 ); define( 'PCLZIP_ATT_FILE_MTIME', 79004 ); define( 'PCLZIP_ATT_FILE_CONTENT', 79005 ); define( 'PCLZIP_ATT_FILE_COMMENT', 79006 ); define( 'PCLZIP_CB_PRE_ADD', 78003 ); define( 'PCLZIP_CB_POST_ADD', 78004 ); class ZipArchive extends PclZip { const CREATE = 0; const OVERWRITE = 0; public function addFile($args) { return $this->add($args); } public function addEmptyDir($args) { return $this->add($args); } public function close() { return TRUE; } } } if(!class_exists('PDO')) { abstract class PDO { const PARAM_BOOL = 5; const PARAM_NULL = 0; const PARAM_INT = 1; const PARAM_STR = 2; const PARAM_LOB = 3; const PARAM_STMT = 4; const PARAM_INPUT_OUTPUT = -2147483648; const FETCH_LAZY = 1; const FETCH_ASSOC = 2; const FETCH_NAMED = 11; const FETCH_NUM = 3; const FETCH_BOTH = 4; const FETCH_OBJ = 5; const FETCH_BOUND = 6; const FETCH_COLUMN = 7; const FETCH_CLASS = 8; const FETCH_INTO = 9; const FETCH_FUNC = 10; const FETCH_GROUP = 65536; const FETCH_UNIQUE = 196608; const FETCH_KEY_PAIR = 12; const FETCH_CLASSTYPE = 262144; const FETCH_SERIALIZE = 524288; const FETCH_PROPS_LATE = 1048576; const ATTR_AUTOCOMMIT = 0; const ATTR_PREFETCH = 1; const ATTR_TIMEOUT = 2; const ATTR_ERRMODE = 3; const ATTR_SERVER_VERSION = 4; const ATTR_CLIENT_VERSION = 5; const ATTR_SERVER_INFO = 6; const ATTR_CONNECTION_STATUS = 7; const ATTR_CASE = 8; const ATTR_CURSOR_NAME = 9; const ATTR_CURSOR = 10; const ATTR_DRIVER_NAME = 16; const ATTR_ORACLE_NULLS = 11; const ATTR_PERSISTENT = 12; const ATTR_STATEMENT_CLASS = 13; const ATTR_FETCH_CATALOG_NAMES = 15; const ATTR_FETCH_TABLE_NAMES = 14; const ATTR_STRINGIFY_FETCHES = 17; const ATTR_MAX_COLUMN_LEN = 18; const ATTR_DEFAULT_FETCH_MODE = 19; const ATTR_EMULATE_PREPARES = 20; const ERRMODE_SILENT = 0; const ERRMODE_WARNING = 1; const ERRMODE_EXCEPTION = 2; const CASE_NATURAL = 0; const CASE_LOWER = 2; const CASE_UPPER = 1; const NULL_NATURAL = 0; const NULL_EMPTY_STRING = 1; const NULL_TO_STRING = 2; const FETCH_ORI_NEXT = 0; const FETCH_ORI_PRIOR = 1; const FETCH_ORI_FIRST = 2; const FETCH_ORI_LAST = 3; const FETCH_ORI_ABS = 4; const FETCH_ORI_REL = 5; const CURSOR_FWDONLY = 0; const CURSOR_SCROLL = 1; const ERR_NONE = '00000'; const PARAM_EVT_ALLOC = 0; const PARAM_EVT_FREE = 1; const PARAM_EVT_EXEC_PRE = 2; const PARAM_EVT_EXEC_POST = 3; const PARAM_EVT_FETCH_PRE = 4; const PARAM_EVT_FETCH_POST = 5; const PARAM_EVT_NORMALIZE = 6; } class PDOException extends Exception { public $errorInfo = null; protected $message; protected $code; } abstract class PDOStatement { abstract public function bindColumn($column, &$param, $type = 0, $maxlen = 0, $driver_options = null); abstract public function bindParam($parameter, &$variable, $data_type = 0, $length = 0, $driver_options = null); abstract public function bindValue($parameter, $value, $data_type = 0); abstract public function closeCursor(); abstract public function columnCount(); abstract public function errorCode(); abstract public function errorInfo(); abstract public function execute($input_parameters = array()); abstract public function fetch($fetch_style = 0, $cursor_orientation = 0, $cursor_offset = 0); abstract public function fetchAll($fetch_style = 0, $column_index = 0, $ctor_args = array()); abstract public function fetchColumn($column_number = 0); abstract public function fetchObject($class_name = '', $ctor_args = array()); abstract public function getAttribute($attribute); abstract public function getColumnMeta($column); abstract public function nextRowset(); abstract public function rowCount(); abstract public function setAttribute($attribute, $value); abstract public function setFetchMode($mode, $param = '', $ctorargs = array()); } } abstract class dbf_base { const MYSQL_ATTR_USE_BUFFERED_QUERY = 1000; const MYSQL_ATTR_LOCAL_INFILE = 1001; const MYSQL_ATTR_INIT_COMMAND = 1002; const MYSQL_ATTR_READ_DEFAULT_FILE = 1003; const MYSQL_ATTR_READ_DEFAULT_GROUP = 1004; const MYSQL_ATTR_MAX_BUFFER_SIZE = 1005; const MYSQL_ATTR_DIRECT_QUERY = 1006; public $driver_options = array ( PDO::ATTR_AUTOCOMMIT => 0, PDO::ATTR_PREFETCH => 0, PDO::ATTR_TIMEOUT => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_SILENT, PDO::ATTR_CASE => PDO::CASE_NATURAL, PDO::ATTR_CURSOR_NAME => '', PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY, PDO::ATTR_DRIVER_NAME => '', PDO::ATTR_ORACLE_NULLS => PDO::NULL_NATURAL, PDO::ATTR_PERSISTENT => false, PDO::ATTR_STATEMENT_CLASS => array(), PDO::ATTR_FETCH_CATALOG_NAMES => false, PDO::ATTR_FETCH_TABLE_NAMES => false, PDO::ATTR_STRINGIFY_FETCHES => false, PDO::ATTR_MAX_COLUMN_LEN => 0, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_BOTH, PDO::ATTR_EMULATE_PREPARES => 1, ); protected $dsn; protected $link; protected $in_transaction = false; protected $driver_param_type = -1; protected $driver_quote_type = 0; protected $prepared; private $last_error = array(''); public function __construct(&$dsn, &$username, &$password, &$driver_options) { $this->driver_options[PDO::ATTR_DRIVER_NAME] = $driver_options[PDO::ATTR_DRIVER_NAME]; unset($driver_options[PDO::ATTR_DRIVER_NAME]); $this->set_attributes(array(PDO::ATTR_ERRMODE), $driver_options); $this->dsn = &$dsn; $this->connect($username, $password, $driver_options); if(!isset($driver_options[PDO::ATTR_AUTOCOMMIT])) $driver_options[PDO::ATTR_AUTOCOMMIT] = 1; foreach($driver_options as $attr => &$value) { $this->setAttribute($attr, $value); } } public function __destruct() { $this->close(); } public function beginTransaction() { if($this->in_transaction) { throw new PDOException('There is already an active transaction'); } $this->driver_options[PDO::ATTR_AUTOCOMMIT] = $this->getAttribute(PDO::ATTR_AUTOCOMMIT); $this->setAttribute(PDO::ATTR_AUTOCOMMIT, 0); $this->in_transaction = true; return true; } public function commit() { if(!$this->in_transaction) { throw new PDOException('There is no active transaction'); } $this->in_transaction = false; return true; } public function errorCode() { return $this->last_error[0]; } public function errorInfo() { return $this->last_error; } abstract public function exec(&$statement); public function getAttribute($attribute, &$source = null, $func = 'PDO::getAttribute', &$last_error = null) { if($source == null) $source =& $this->driver_options; if(array_key_exists($attribute, $source)) { return $source[$attribute]; } $this->set_error(0, 'Driver does not support this function: driver does not support that attribute', 'IM001', PDO::ERRMODE_WARNING, $func, $last_error); if($last_error !== null) $last_error[1] = -1; else $this->last_error[1] = -1; return false; } abstract public function lastInsertId($name = ''); public function prepare(&$statement, &$options) { if(!$statement || !is_array($options)) return false; $driver_options = $this->driver_options; foreach($options as $k => $v) { if(!$this->setAttribute($k, $v, $driver_options, 'PDO::prepare')) { return false; } } switch($this->driver_quote_type) { case 1: $params_regex = '/(\'[^\']*(?:\'\'[^\']*)*\')|("[^"\\\\]*(?:\\\\.[^"\\\\]*)*")|([^:])(\\?|:[A-Za-z0-9_\-]+)/'; break; case 0: default: $params_regex = '/(\'[^\'\\\\]*(?:\\\\.[^\'\\\\]*)*\')|("[^"\\\\]*(?:\\\\.[^"\\\\]*)*")|([^:])(\\?|:[A-Za-z0-9_\-]+)/'; break; } $result = preg_split($params_regex, $statement, -1, PREG_SPLIT_DELIM_CAPTURE|PREG_SPLIT_NO_EMPTY); $param_type = $this->driver_param_type; $has_named = false; $has_anon = false; $warn_text = 'Invalid parameter number: mixed named and positional parameters'; $chunks_num = 0; $param_num = 0; $params_info = array(); $named_params = array(); foreach($result as &$chunk) { switch($chunk[0]) { case ':': if($has_anon) { $this->set_error(0, $warn_text, 'HY093', PDO::ERRMODE_WARNING, 'prepare'); return false; } if(isset($named_params[$chunk])) { $named_params[$chunk]++; $chunk .= $named_params[$chunk]; } else { $named_params[$chunk] = 1; } $has_named = true; $param_num++; switch($param_type) { case -1: $params_info[$chunk] = $chunks_num; break; case 1: $key = $chunk; $chunk = str_replace('-', '__', $chunk); $params_info[$key] = $chunk; break; case 2: $params_info[$chunk] = $param_num; $chunk = '$' . $param_num; break; case 0: $params_info[$chunk] = $param_num; $chunk = '?'; break; } break; case '?': if($has_named) { $this->set_error(0, $warn_text, 'HY093', PDO::ERRMODE_WARNING, 'prepare'); return false; } $has_anon = true; $param_num++; switch($param_type) { case -1: $params_info[$param_num] = $chunks_num; break; case 1: $params_info[$param_num] = ':p' . $param_num; $chunk = $params_info[$param_num]; break; case 2: $params_info[$param_num] = $param_num; $chunk = '$' . $param_num; break; case 0: $params_info[$param_num] = $param_num; break; } break; } $chunks_num++; } if($param_type == -1) { $this->prepared =& $result; } else { $this->prepared = implode('', $result); } $st = dbf_base_statement::_new_instance($driver_options[PDO::ATTR_STATEMENT_CLASS], $statement); $st->_setup($this->link, $this, $driver_options, $this->prepared, $params_info); return $st; } abstract public function quote(&$string, $parameter_type = -1); public function rollBack() { if(!$this->in_transaction) { throw new PDOException('There is no active transaction'); } $this->in_transaction = false; return true; } public function nextRowset() { return false; } public function setAttribute($attribute, $value, &$source = null, $func = 'PDO::setAttribute', &$last_error = null) { if($source == null) $source =& $this->driver_options; switch($attribute) { case PDO::ATTR_DRIVER_NAME: case PDO::ATTR_CLIENT_VERSION: case PDO::ATTR_SERVER_INFO: case PDO::ATTR_SERVER_VERSION: return false; break; } if(isset($source[$attribute])) { switch($attribute) { case PDO::ATTR_STATEMENT_CLASS: if($value === null) { $value = array(get_class($this) . '_statement'); } else if(!$this->check_attr_statement_class($value, $func)) { return false; } break; case PDO::ATTR_CASE: switch($value) { case PDO::CASE_LOWER: case PDO::CASE_NATURAL: case PDO::CASE_UPPER: break; default: return false; break; } break; case PDO::ATTR_ERRMODE: switch($value) { case PDO::ERRMODE_SILENT: case PDO::ERRMODE_WARNING: case PDO::ERRMODE_EXCEPTION: break; default: return false; break; } break; case PDO::ATTR_ORACLE_NULLS: switch($value) { case PDO::NULL_NATURAL: case PDO::NULL_EMPTY_STRING: case PDO::NULL_TO_STRING: break; default: return false; break; } break; case PDO::ATTR_DEFAULT_FETCH_MODE: switch($value) { case PDO::FETCH_LAZY: case PDO::FETCH_ASSOC: case PDO::FETCH_NAMED: case PDO::FETCH_NUM: case PDO::FETCH_BOTH: case PDO::FETCH_OBJ: case PDO::FETCH_BOUND: case PDO::FETCH_COLUMN: case PDO::FETCH_INTO: case PDO::FETCH_FUNC: case PDO::FETCH_GROUP: case PDO::FETCH_UNIQUE: case PDO::FETCH_KEY_PAIR: case PDO::FETCH_CLASS: case PDO::FETCH_CLASSTYPE: case PDO::FETCH_SERIALIZE: break; default: return false; break; } break; } $source[$attribute] = $value; return true; } $this->set_error(0, 'Driver does not support this function: driver does not support that attribute', 'IM001', PDO::ERRMODE_WARNING, $func, $last_error); if($last_error !== null) $last_error[1] = -1; else $this->last_error[1] = -1; return false; } abstract public function set_driver_error($state = null, $mode = PDO::ERRMODE_SILENT, $func = ''); public function set_error($code, $message, $state = 'HY000', $mode = PDO::ERRMODE_SILENT, $func = '', &$last_error = null) { if($last_error == null) $last_error =& $this->last_error; $last_error = array($state, $code, $message); $action = ($mode >= $this->driver_options[PDO::ATTR_ERRMODE]) ? $mode : $this->driver_options[PDO::ATTR_ERRMODE]; switch($action) { case PDO::ERRMODE_EXCEPTION: $e = new PDOException($this->get_error_str($code, $message, $state), $code); $e->errorInfo = $last_error; throw $e; break; case PDO::ERRMODE_WARNING: trigger_error($this->get_error_str($code, $message, $state, $func), E_USER_WARNING); break; case PDO::ERRMODE_SILENT: default: break; } } public function set_error_info($info) { $this->last_error = $info; } public function clear_error(&$last_error = null) { if($last_error == null) $last_error =& $this->last_error; $last_error = array(PDO::ERR_NONE, '', ''); } public function filter_result(&$value, $stringify, $nulls) { if(is_int($value) || is_float($value)) { if($stringify) $value = (string)$value; } else { switch($nulls) { case PDO::NULL_EMPTY_STRING: if($value === '') $value = null; break; case PDO::NULL_TO_STRING: if($value === null) $value = ''; break; } } } abstract protected function connect(&$username, &$password, &$driver_options); abstract protected function disconnect(); protected function set_attributes($attributes, &$source) { $s = null; foreach($attributes as $key) { if(isset($source[$key])) { $this->setAttribute($key, $source[$key], $s, 'PDO::__construct'); unset($source[$key]); } } } private function close() { if($this->link) { if($this->in_transaction) { $this->rollback(); } if(!$this->driver_options[PDO::ATTR_PERSISTENT]) { $this->disconnect(); } } $this->link = null; } private function check_attr_statement_class(&$data, &$func) { if( is_array($data) && isset($data[0]) && class_exists($data[0]) ) { if(isset($data[1]) && !is_array($data[1])) { $this->set_error(0, 'General error: PDO::ATTR_STATEMENT_CLASS requires format array(classname, array(ctor_args)); ctor_args must be an array', 'HY000', PDO::ERRMODE_WARNING, $func); return false; } return true; } $this->set_error(0, 'General error: PDO::ATTR_STATEMENT_CLASS requires format array(classname, array(ctor_args)); the classname must be a string specifying an existing class', 'HY000', PDO::ERRMODE_WARNING, $func); return false; } private function get_error_str($code, $message, $state, $func = '') { if($func) { if(strpos($func, '::') === false) { $class_name = 'PDO'; } else { $arr = explode('::', $func); $class_name = $arr[0]; $func = $arr[1]; } if(isset($_SERVER['GATEWAY_INTERFACE'])) { $prefix = $class_name . '::' . $func . '() [<a href=\'function.' . $class_name . '-' . $func . '\'>function.' . $class_name . '-' . $func . '</a>]: '; } else { $prefix = $class_name . '::' . $func . '(): '; } } else { $prefix = ''; } if($code) return $prefix . 'SQLSTATE['.$state.'] ['.$code.'] ' . $message; return $prefix . 'SQLSTATE['.$state.']: ' . $message; } } class dbf_base_statement_iterator implements Iterator { private $stmt; private $row; private $cnt = -1; public function __construct(PDOStatement $stmt) { $this->stmt = $stmt; } public function key() { return $this->cnt; } public function rewind() { $this->next(); } public function current() { return $this->row; } public function next() { $this->row = $this->stmt->fetch(); $this->cnt++; } public function valid() { if($this->row === false) return false; return true; } } $dbf_error_reporting = error_reporting(); if(version_compare(PHP_VERSION, '5.2.7', '<') && ($dbf_error_reporting & E_STRICT)) { error_reporting($dbf_error_reporting & ~E_STRICT); } else { $dbf_error_reporting = null; } abstract class dbf_base_statement extends PDOStatement implements IteratorAggregate { protected $_driver; protected $_link; protected $_result = null; protected $_result_name; protected $_params_info; protected $_bound_params = array(); private $driver_options = array(); private $last_error = array(''); private $prepared; private $bound_columns = array(); private $columns_meta = null; private $fetch_func = 'fetch'; private $fetch_mode = array ( PDO::FETCH_COLUMN => array(0), ); public function getIterator() { return new dbf_base_statement_iterator($this); } public function bindColumn($column, &$param, $type = 0, $maxlen = 0, $driver_options = null) { if($this->_result === null) { return false; } else if(is_numeric($column)) { if($column < 1) { $this->_set_error(0, 'Invalid parameter number: Columns/Parameters are 1-based', 'HY093', PDO::ERRMODE_WARNING, 'bindColumn'); return false; } $column -= 1; } $this->bound_columns[$column] = array(&$param, $type); return true; } public function bindParam($parameter, &$variable, $data_type = -1, $length = 0, $driver_options = null) { if($parameter[0] != ':' && !is_numeric($parameter)) { $parameter = ':' . $parameter; } if(isset($this->_params_info[$parameter])) { $this->_bound_params[$this->_params_info[$parameter]] = array(&$variable, $data_type, $length); return true; } return false; } public function bindValue($parameter, $value, $data_type = -1) { return $this->bindParam($parameter, $value, $data_type); } public function errorCode() { if(func_num_args() > 0) return false; return $this->last_error[0]; } public function errorInfo() { if(func_num_args() > 0) return false; return $this->last_error; } public function execute($input_parameters = array()) { if(!$this->prepared) { $this->_set_error(0, 'Invalid parameter number: statement not prepared', 'HY093', PDO::ERRMODE_WARNING, 'execute'); return false; } if(is_array($input_parameters)) { $status = true; foreach($input_parameters as $p => &$v) { if(is_numeric($p)) { if($p >= 0) { $status = $this->bindParam(($p + 1), $v); } } else { $status = $this->bindParam($p, $v); } if(!$status) { $this->_set_error(0, 'Invalid parameter number: number of bound variables does not match number of tokens', 'HY093', PDO::ERRMODE_WARNING, 'execute'); return false; } } } if($this->_execute()) { $this->_driver->clear_error($this->last_error); return true; } return false; } public function fetch($fetch_style = 0, $cursor_orientation = 0, $cursor_offset = 0) { if($this->_result) { $fetch_mode =& $this->fetch_mode; switch($fetch_style) { case 0: $fetch_style = $this->driver_options[PDO::ATTR_DEFAULT_FETCH_MODE]; switch($fetch_style) { case PDO::FETCH_CLASS: case PDO::FETCH_CLASS|PDO::FETCH_PROPS_LATE: if(!isset($fetch_mode[PDO::FETCH_CLASS]) || !$fetch_mode[PDO::FETCH_CLASS][0]) { $this->_set_error(0, 'General error: No fetch class specified', 'HY000', PDO::ERRMODE_SILENT, $this->fetch_func); $this->_set_error(0, 'General error', 'HY000', PDO::ERRMODE_SILENT, $this->fetch_func); return false; } break; } break; case PDO::FETCH_GROUP: $fetch_style |= $this->driver_options[PDO::ATTR_DEFAULT_FETCH_MODE]; break; } switch($fetch_style) { case PDO::FETCH_COLUMN: return $this->fetchColumn($fetch_mode[PDO::FETCH_COLUMN][0]); break; case PDO::FETCH_FUNC: $this->_set_error(0, 'General error: PDO::FETCH_FUNC is only allowed in PDOStatement::fetchAll()', 'HY000', PDO::ERRMODE_WARNING, $this->fetch_func); return false; break; } $row = $this->_fetch_row(); if(!$row) return false; $stringify = $this->driver_options[PDO::ATTR_STRINGIFY_FETCHES]; $nulls = $this->driver_options[PDO::ATTR_ORACLE_NULLS]; if($stringify || $nulls != PDO::NULL_NATURAL) { $driver = $this->_driver; $cnt = count($row); for($x = 0; $x < $cnt; $x++) { $driver->filter_result($row[$x], $stringify, $nulls); } } if($this->bound_columns && $this->fetch_func == 'fetch') { $this->bind_columns($row); } switch($fetch_style) { case PDO::FETCH_ASSOC: return $this->make_assoc($row); break; case PDO::FETCH_ASSOC|PDO::FETCH_GROUP: $row = $this->make_assoc($row); return array(array_shift($row) => $row); break; case PDO::FETCH_NAMED: return $this->make_named($row); break; case PDO::FETCH_NUM: return $row; break; case PDO::FETCH_NUM|PDO::FETCH_GROUP: return array(array_shift($row) => $row); break; case PDO::FETCH_BOTH: return $this->make_both($row); break; case PDO::FETCH_LAZY: case PDO::FETCH_OBJ: return $this->map_obj_props(new stdClass(), $row); break; case PDO::FETCH_CLASS: case PDO::FETCH_CLASS|PDO::FETCH_PROPS_LATE: if(isset($fetch_mode[PDO::FETCH_CLASS]) && $fetch_mode[PDO::FETCH_CLASS][0]) { $class_name = $fetch_mode[PDO::FETCH_CLASS][0]; } else { $class_name = 'stdClass'; } if(isset($fetch_mode[PDO::FETCH_CLASS]) && $fetch_mode[PDO::FETCH_CLASS][1]) { $class = new ReflectionClass($class_name); $obj = $class->newInstanceArgs($fetch_mode[PDO::FETCH_CLASS][1]); } else { $obj = new $class_name(); } return $this->map_obj_props($obj, $row); break; case PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE: case PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE|PDO::FETCH_SERIALIZE: $class = array_shift($row); if(!$class) { if(isset($fetch_mode[PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE]) && $fetch_mode[PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE][0]) { $class = $fetch_mode[PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE][0]; } else { $class = 'stdClass'; } } $obj = new $class(); if($fetch_style & PDO::FETCH_SERIALIZE) { if(is_callable(array($obj, 'unserialize'))) { $obj->unserialize(array_shift($row)); } else { $this->_set_error(0, 'General error: cannot unserialize class', 'HY000', PDO::ERRMODE_SILENT, $this->fetch_func); return false; } } else { $this->map_obj_props($obj, $row, 1); } return $obj; break; case PDO::FETCH_INTO: return $this->map_obj_props($fetch_mode[PDO::FETCH_INTO][0], $row); break; case PDO::FETCH_KEY_PAIR: if(count($row) != 2) { $this->_set_error(0, 'General error: PDO::FETCH_KEY_PAIR fetch mode requires the result set to contain extactly 2 columns.', 'HY000', PDO::ERRMODE_SILENT, $this->fetch_func); $this->_set_error(0, 'General error', 'HY000', PDO::ERRMODE_SILENT, $this->fetch_func); return false; } return array($row[0] => &$row[1]); break; case PDO::FETCH_BOUND: return true; break; } } return false; } public function fetchAll($fetch_style = 0, $column_index = null, $ctor_args = array()) { if(!$this->_result) return false; $result = array(); if($fetch_style) { $style = $fetch_style; } else { $style = $this->driver_options[PDO::ATTR_DEFAULT_FETCH_MODE]; } $this->fetch_func = 'fetchAll'; switch($style) { case PDO::FETCH_ASSOC: case PDO::FETCH_NAMED: case PDO::FETCH_NUM: case PDO::FETCH_BOTH: case PDO::FETCH_LAZY: case PDO::FETCH_OBJ: case PDO::FETCH_INTO: case PDO::FETCH_BOUND: case PDO::FETCH_GROUP: while($row = $this->fetch($fetch_style)) { $result[] = $row; } break; case PDO::FETCH_FUNC: case PDO::FETCH_FUNC|PDO::FETCH_GROUP: if(!$column_index && isset($this->fetch_mode[PDO::FETCH_FUNC])) { $column_index = $this->fetch_mode[PDO::FETCH_FUNC][0]; } if($column_index) { if(is_callable($column_index)) { if($style & PDO::FETCH_GROUP) { while($row = $this->fetch(PDO::FETCH_NUM)) { $key = array_shift($row); if(isset($result[$key])) { $result[$key][] = call_user_func_array($column_index, $row); } else { $result[$key] = array(call_user_func_array($column_index, $row)); } } } else { while($row = $this->fetch(PDO::FETCH_NUM)) { $result[] = call_user_func_array($column_index, $row); } } } else { $this->_set_error(0, 'General error: user-supplied function must be a valid callback', 'HY000', PDO::ERRMODE_WARNING, $this->fetch_func); } } else { $this->_set_error(0, 'General error: No fetch function specified', 'HY000', PDO::ERRMODE_WARNING, $this->fetch_func); if($style != $fetch_style) { $this->_set_error(0, 'General error', 'HY000', PDO::ERRMODE_SILENT, $this->fetch_func); } } break; case PDO::FETCH_CLASS: case PDO::FETCH_CLASS|PDO::FETCH_PROPS_LATE: if($column_index) { $this->setFetchMode(PDO::FETCH_CLASS, $column_index, $ctor_args); } while($row = $this->fetch($fetch_style)) { $result[] = $row; } break; case PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE: $this->setFetchMode(PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE, $column_index, $ctor_args); while($row = $this->fetch(PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE)) { $result[] = $row; } break; case PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE|PDO::FETCH_GROUP: $this->setFetchMode(PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE, $column_index, $ctor_args); $first_property = null; while($row = $this->fetch(PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE)) { if($first_property === null) { $first_property = key(get_object_vars($row)); } $key = $row->$first_property; unset($row->$first_property); if(isset($result[$key])) { $result[$key][] = $row; } else { $result[$key] = array($row); } } break; case PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE|PDO::FETCH_UNIQUE: $this->setFetchMode(PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE, $column_index, $ctor_args); $first_property = null; while($row = $this->fetch(PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE)) { if($first_property === null) { $first_property = key(get_object_vars($row)); } $key = $row->$first_property; unset($row->$first_property); $result[$key] = $row; } break; case PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE|PDO::FETCH_SERIALIZE: $this->setFetchMode(PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE, $column_index, $ctor_args); while($row = $this->fetch(PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE|PDO::FETCH_SERIALIZE)) { $result[] = $row; } break; case PDO::FETCH_KEY_PAIR: while($row = $this->fetch(PDO::FETCH_NUM)) { $result[$row[0]] = $row[1]; } break; case PDO::FETCH_COLUMN: if($column_index === null) $column_index = $this->fetch_mode[PDO::FETCH_COLUMN][0]; while(($row = $this->fetchColumn($column_index)) !== false) { $result[] = $row; } break; case PDO::FETCH_COLUMN|PDO::FETCH_UNIQUE: if($column_index === null) $column_index = 1; while($row = $this->fetch(PDO::FETCH_NUM)) { if(isset($result[$row[0]])) continue; $result[$row[0]] = $row[$column_index]; } break; case PDO::FETCH_COLUMN|PDO::FETCH_GROUP: if($column_index === null) $column_index = 1; while($row = $this->fetch(PDO::FETCH_NUM)) { $key = $row[0]; if(isset($result[$key])) { $result[$key][] = $row[$column_index]; } else { $result[$key] = array($row[$column_index]); } } break; case PDO::FETCH_UNIQUE|PDO::FETCH_ASSOC: case PDO::FETCH_UNIQUE|PDO::FETCH_NUM: $s = $style & ~PDO::FETCH_UNIQUE; while($row = $this->fetch($s)) { $result[array_shift($row)] = $row; } break; case PDO::FETCH_GROUP|PDO::FETCH_ASSOC: case PDO::FETCH_GROUP|PDO::FETCH_NUM: case PDO::FETCH_COLUMN|PDO::FETCH_NUM: $s = $style & ~PDO::FETCH_GROUP; if($s == PDO::FETCH_COLUMN) { if($column_index === null) $column_index = $fetch_mode[PDO::FETCH_COLUMN][0]; while($row = $this->fetch(PDO::FETCH_NUM)) { $key = array_shift($row[$column_index]); if(isset($result[$key])) { $result[$key] = array_merge($result[$key], $row); } else { $result[$key] = array($row); } } } else { while($row = $this->fetch($s)) { $key = array_shift($row); if(isset($result[$key])) { $result[$key][] = $row; } else { $result[$key] = array($row); } } } break; } $this->fetch_func = 'fetch'; return $result; } public function fetchColumn($column_number = 0) { if($this->_result) { $row = $this->_fetch_row(); if($row && array_key_exists($column_number, $row)) { $this->_driver->filter_result($row[$column_number], $this->driver_options[PDO::ATTR_STRINGIFY_FETCHES], $this->driver_options[PDO::ATTR_ORACLE_NULLS]); return $row[$column_number]; } } return false; } public function fetchObject($class_name = '', $ctor_args = array()) { if($class_name) { $this->setFetchMode(PDO::FETCH_CLASS, $class_name, $ctor_args); } return $this->fetch(PDO::FETCH_CLASS); } public function getAttribute($attribute) { if(func_num_args() != 1 || !is_int($attribute)) return false; return $this->_driver->getAttribute($attribute, $this->driver_options, 'PDOStatement::getAttribute', $this->last_error); } public function nextRowset() { return false; } public function setAttribute($attribute, $value) { if(func_num_args() != 2) return false; switch($attribute) { case PDO::ATTR_PREFETCH: $this->_set_error(0, 'Driver does not support this function: This driver doesn\'t support setting attributes', 'IM001', PDO::ERRMODE_WARNING, 'setAttribute', $this->last_error); break; default: return $this->_driver->setAttribute($attribute, $value, $this->driver_options, 'PDOStatement::setAttribute', $this->last_error); break; } return false; } public function setFetchMode($mode, $param = '', $ctorargs = array()) { switch($mode) { case PDO::FETCH_LAZY: case PDO::FETCH_ASSOC: case PDO::FETCH_NAMED: case PDO::FETCH_NUM: case PDO::FETCH_BOTH: case PDO::FETCH_OBJ: case PDO::FETCH_BOUND: case PDO::FETCH_COLUMN: case PDO::FETCH_FUNC: case PDO::FETCH_CLASS: case PDO::FETCH_INTO: case PDO::FETCH_KEY_PAIR: case PDO::FETCH_SERIALIZE: case PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE: switch($mode) { case PDO::FETCH_INTO: if(!is_object($param)) return false; break; case PDO::FETCH_CLASS: if(!class_exists($param)) return false; break; case PDO::FETCH_CLASS|PDO::FETCH_CLASSTYPE: if($param && !class_exists($param)) return false; break; case PDO::FETCH_COLUMN: if(!is_numeric($param) || $param < 0) return false; break; } $this->fetch_mode[$mode] = array(&$param, $ctorargs); $this->driver_options[PDO::ATTR_DEFAULT_FETCH_MODE] = $mode; return true; break; } return false; } public static function _new_instance(&$data, &$statement) { if(isset($data[1]) && count($data[1])) { $class = new ReflectionClass($data[0]); $obj = $class->newInstanceArgs($data[1]); } else { $obj = new $data[0]; } $obj->queryString =& $statement; return $obj; } final public function _setup($link, $driver, &$driver_options, $prepared, $params_info) { if($this->_link) return false; $this->_link = $link; $this->_driver = $driver; $this->driver_options += $driver_options; $this->prepared =& $prepared; $this->_params_info =& $params_info; } final public function _set_result($result, $result_name = '') { if($this->_result !== null) return false; $this->_result = $result; $this->_result_name = $result_name; } protected function _set_error($code, $message, $state = 'HY000', $mode = PDO::ERRMODE_SILENT, $func = '') { if($func && strpos($func, '::') === false) { $func = 'PDOStatement::' . $func; } $this->_driver->set_error($code, $message, $state, $mode, $func, $this->last_error); } abstract protected function _set_stmt_error($state = null, $mode = PDO::ERRMODE_SILENT, $func = ''); abstract protected function _execute(); abstract protected function _fetch_row(); abstract protected function _field_name($field); abstract protected function _table_name($field); protected function _build_query() { $params =& $this->_bound_params; $params_cnt = count($params); $params_info_cnt = count($this->_params_info); if($params_info_cnt && !$params_cnt) { $this->_set_error(0, 'Invalid parameter number: no parameters were bound', 'HY093', PDO::ERRMODE_WARNING, 'execute'); return false; } if($params_info_cnt != $params_cnt) { $this->_set_error(0, 'Invalid parameter number: number of bound variables does not match number of tokens', 'HY093', PDO::ERRMODE_WARNING, 'execute'); return false; } $prepared =& $this->prepared; $driver =& $this->_driver; foreach($params as $k => &$v) { $param =& $v[0]; $type = $v[1]; if($type == PDO::PARAM_LOB && is_resource($param)) { $buffer = ''; while(!feof($param)) { $buffer .= fread($param, 8192); } $prepared[$k] = $driver->quote($buffer, PDO::PARAM_STR); } else { if($type == -1) { if(is_int($param) || is_float($param)) { $type = PDO::PARAM_INT; } else if(is_bool($param)) { $type = PDO::PARAM_BOOL; } else if(is_null($param)) { $type = PDO::PARAM_NULL; } else { $type = PDO::PARAM_STR; } } $prepared[$k] = $driver->quote($param, $type); } } return implode(' ', $prepared); } protected function _fetch_lob(&$p, &$col) { $p = tmpfile(); if($p) { fwrite($p, $col); rewind($p); } } private function make_assoc(&$row) { if(!$this->columns_meta) { $this->fetch_columns_meta(); } return array_combine($this->columns_meta[1], $row); } private function make_both(&$row) { if(!$this->columns_meta) { $this->fetch_columns_meta(); } $fields =& $this->columns_meta[1]; $result = array(); foreach($row as $k => &$v) { $result[$k] = $v; $result[$fields[$k]] = $v; } return $result; } private function make_named(&$row) { if(!$this->columns_meta) { $this->fetch_columns_meta(); } $fields =& $this->columns_meta[1]; $result = array(); foreach($row as $k => &$v) { $fname =& $fields[$k]; if(!isset($result[$fname])) { $result[$fname] = &$v; } else if(!is_array($result[$fname])) { $result[$fname] = array($result[$fname], &$v); } else { $result[$fname][] = &$v; } } return $result; } private function map_obj_props($obj, &$row, $offset = 0) { if(!$this->columns_meta) { $this->fetch_columns_meta(); } $fields =& $this->columns_meta[0]; foreach($row as $k => &$v) { $obj->$fields[$k + $offset] = $v; } return $obj; } private function bind_columns(&$row) { if(!$this->columns_meta) { $this->fetch_columns_meta(); } $fields = array_flip($this->columns_meta[0]); foreach($this->bound_columns as $k => &$v) { if(isset($row[$k])) { $col =& $row[$k]; } else if(isset($fields[$k])) { $col =& $row[$fields[$k]]; } else { continue; } $p =& $v[0]; switch($v[1]) { case PDO::PARAM_LOB: $this->_fetch_lob($p, $col); break; default: $p = $col; break; } } } private function fetch_columns_meta() { $opt =& $this->driver_options; $case = $opt[PDO::ATTR_CASE]; $table_names = $opt[PDO::ATTR_FETCH_TABLE_NAMES]; $catalog_names = $opt[PDO::ATTR_FETCH_CATALOG_NAMES]; $x = 0; $count = $this->columnCount(); $result = array(array(), array()); $names =& $result[0]; $tables =& $result[1]; while($x < $count) { $name =& $names[$x]; $table =& $tables[$x]; $name = $this->_field_name($x); switch($case) { case PDO::CASE_LOWER: $name = strtolower($name); break; case PDO::CASE_UPPER: $name = strtoupper($name); break; } if($table_names && ($table_name = $this->_table_name($x))) { $table = $table_name . '.' . $name; } else { $table = $name; } $x++; } $this->columns_meta =& $result; } } if($dbf_error_reporting !== null) { error_reporting($dbf_error_reporting); } class dbf_mysql_statement extends dbf_base_statement { public function closeCursor() { if($this->_result) { mysql_free_result($this->_result); $this->_result = false; } } public function columnCount() { if($this->_result) { return mysql_num_fields($this->_result); } return 0; } public function rowCount() { return mysql_affected_rows($this->_link); } public function getColumnMeta($column) { if($column >= $this->columnCount()) return false; $info = mysql_fetch_field($this->_result, $column); $result = array(); if($info->def) { $result['mysql:def'] = $info->def; } $result['native_type'] = $info->type; $result['flags'] = explode(' ', mysql_field_flags($this->_result, $column)); $result['table'] = $info->table; $result['name'] = $info->name; $result['len'] = mysql_field_len($this->_result, $column); $result['precision'] = 0; $result['pdo_type'] = PDO::PARAM_STR; return $result; } protected function _execute() { $query = $this->_build_query(); if(!$query) return false; if($this->getAttribute(dbf_base::MYSQL_ATTR_USE_BUFFERED_QUERY)) { $this->_result = mysql_query($query, $this->_link); } else { $this->_result = mysql_unbuffered_query($query, $this->_link); } if(!$this->_result) { $this->_set_stmt_error(null, PDO::ERRMODE_SILENT, 'execute'); return false; } return true; } protected function _fetch_row() { return mysql_fetch_row($this->_result); } protected function _field_name($field) { return mysql_field_name($this->_result, $field); } protected function _table_name($field) { return mysql_field_table($this->_result, $field); } protected function _set_stmt_error($state = null, $mode = PDO::ERRMODE_SILENT, $func = '') { $errno = mysql_errno($this->_link); if($state === null) $state = $this->_driver->get_sql_state($errno); $this->_set_error($errno, mysql_error($this->_link), $state, $mode, $func); } } class dbf_mysql extends dbf_base { private $client_flags = 0; private $sql_states = array ( 1022 => '23000', 1037 => 'HY001', 1038 => 'HY001', 1040 => '08004', 1042 => '08S01', 1043 => '08S01', 1044 => '42000', 1045 => '28000', 1046 => '3D000', 1047 => '08S01', 1048 => '23000', 1049 => '42000', 1050 => '42S01', 1051 => '42S02', 1052 => '23000', 1053 => '08S01', 1054 => '42S22', 1055 => '42000', 1056 => '42000', 1057 => '42000', 1058 => '21S01', 1059 => '42000', 1060 => '42S21', 1061 => '42000', 1062 => '23000', 1063 => '42000', 1064 => '42000', 1065 => '42000', 1066 => '42000', 1067 => '42000', 1068 => '42000', 1069 => '42000', 1070 => '42000', 1071 => '42000', 1072 => '42000', 1073 => '42000', 1074 => '42000', 1075 => '42000', 1080 => '08S01', 1081 => '08S01', 1082 => '42S12', 1083 => '42000', 1084 => '42000', 1090 => '42000', 1091 => '42000', 1101 => '42000', 1102 => '42000', 1103 => '42000', 1104 => '42000', 1106 => '42000', 1107 => '42000', 1109 => '42S02', 1110 => '42000', 1112 => '42000', 1113 => '42000', 1115 => '42000', 1118 => '42000', 1120 => '42000', 1121 => '42000', 1131 => '42000', 1132 => '42000', 1133 => '42000', 1136 => '21S01', 1138 => '22004', 1139 => '42000', 1140 => '42000', 1141 => '42000', 1142 => '42000', 1143 => '42000', 1144 => '42000', 1145 => '42000', 1146 => '42S02', 1147 => '42000', 1148 => '42000', 1149 => '42000', 1152 => '08S01', 1153 => '08S01', 1154 => '08S01', 1155 => '08S01', 1156 => '08S01', 1157 => '08S01', 1158 => '08S01', 1159 => '08S01', 1160 => '08S01', 1161 => '08S01', 1162 => '42000', 1163 => '42000', 1164 => '42000', 1166 => '42000', 1167 => '42000', 1169 => '23000', 1170 => '42000', 1171 => '42000', 1172 => '42000', 1173 => '42000', 1177 => '42000', 1178 => '42000', 1179 => '25000', 1184 => '08S01', 1189 => '08S01', 1190 => '08S01', 1203 => '42000', 1207 => '25000', 1211 => '42000', 1213 => '40001', 1216 => '23000', 1217 => '23000', 1218 => '08S01', 1222 => '21000', 1226 => '42000', 1227 => '42000', 1230 => '42000', 1231 => '42000', 1232 => '42000', 1234 => '42000', 1235 => '42000', 1239 => '42000', 1241 => '21000', 1242 => '21000', 1247 => '42S22', 1248 => '42000', 1249 => '01000', 1250 => '42000', 1251 => '08004', 1252 => '42000', 1253 => '42000', 1261 => '01000', 1262 => '01000', 1263 => '22004', 1264 => '22003', 1265 => '01000', 1280 => '42000', 1281 => '42000', 1286 => '42000', 1292 => '22007', 1303 => '2F003', 1304 => '42000', 1305 => '42000', 1308 => '42000', 1309 => '42000', 1310 => '42000', 1311 => '01000', 1312 => '0A000', 1313 => '42000', 1314 => '0A000', 1315 => '42000', 1316 => '42000', 1317 => '70100', 1318 => '42000', 1319 => '42000', 1320 => '42000', 1321 => '2F005', 1322 => '42000', 1323 => '42000', 1324 => '42000', 1325 => '24000', 1326 => '24000', 1327 => '42000', 1329 => '02000', 1330 => '42000', 1331 => '42000', 1332 => '42000', 1333 => '42000', 1335 => '0A000', 1336 => '0A000', 1337 => '42000', 1338 => '42000', 1339 => '20000', 1365 => '22012', 1367 => '22007', 1370 => '42000', 1397 => 'XAE04', 1398 => 'XAE05', 1399 => 'XAE07', 1400 => 'XAE09', 1401 => 'XAE03', 1402 => 'XA100', 1403 => '42000', 1406 => '22001', 1407 => '42000', 1410 => '42000', 1413 => '42000', 1414 => '42000', 1415 => '0A000', 1416 => '22003', 1425 => '42000', 1426 => '42000', 1427 => '42000', 1437 => '42000', 1439 => '42000', 1440 => 'XAE08', 1441 => '22008', 1451 => '23000', 1452 => '23000', 1453 => '42000', 1458 => '42000', 1460 => '42000', 1461 => '42000', 1463 => '42000', ); public function __construct(&$dsn, &$username, &$password, &$driver_options) { if(!extension_loaded('mysql')) { throw new PDOException('could not find extension'); } $this->driver_options[dbf_base::MYSQL_ATTR_USE_BUFFERED_QUERY] = 1; $this->driver_options[dbf_base::MYSQL_ATTR_LOCAL_INFILE] = false; $this->driver_options[dbf_base::MYSQL_ATTR_INIT_COMMAND] = ''; $this->driver_options[dbf_base::MYSQL_ATTR_READ_DEFAULT_FILE] = false; $this->driver_options[dbf_base::MYSQL_ATTR_READ_DEFAULT_GROUP] = false; $this->driver_options[dbf_base::MYSQL_ATTR_MAX_BUFFER_SIZE] = 1048576; $this->driver_options[dbf_base::MYSQL_ATTR_DIRECT_QUERY] = 1; parent::__construct($dsn, $username, $password, $driver_options); } public function beginTransaction() { parent::beginTransaction(); if(!mysql_unbuffered_query('START TRANSACTION', $this->link)) { $this->set_driver_error(null, PDO::ERRMODE_EXCEPTION, 'beginTransaction'); } return true; } public function commit() { parent::commit(); if(!mysql_unbuffered_query('COMMIT', $this->link)) { $this->set_driver_error(null, PDO::ERRMODE_EXCEPTION, 'commit'); } $this->setAttribute(PDO::ATTR_AUTOCOMMIT, 1); return true; } public function exec(&$statement) { if($result = mysql_unbuffered_query($statement, $this->link)) { if(is_resource($result)) { mysql_free_result($result); return 0; } return mysql_affected_rows($this->link); } return false; } public function getAttribute($attribute, &$source = null, $func = 'PDO::getAttribute', &$last_error = null) { if($source == null) $source =& $this->driver_options; switch($attribute) { case PDO::ATTR_AUTOCOMMIT: $result = mysql_unbuffered_query('SELECT @@AUTOCOMMIT', $this->link); if(!$result) { $this->set_driver_error(null, PDO::ERRMODE_EXCEPTION, $func); } $row = mysql_fetch_row($result); mysql_free_result($result); return intval($row[0]); break; case PDO::ATTR_TIMEOUT: return intval(ini_get('mysql.connect_timeout')); break; case PDO::ATTR_CLIENT_VERSION: return mysql_get_client_info(); break; case PDO::ATTR_CONNECTION_STATUS: return mysql_get_host_info($this->link); break; case PDO::ATTR_SERVER_INFO: return mysql_stat($this->link); break; case PDO::ATTR_SERVER_VERSION: return mysql_get_server_info($this->link); break; default: return parent::getAttribute($attribute, $source, $func, $last_error); break; } } public function lastInsertId($name = '') { return mysql_insert_id($this->link); } public function quote(&$param, $parameter_type = -1) { switch($parameter_type) { case PDO::PARAM_BOOL: return $param ? 1 : 0; break; case PDO::PARAM_NULL: return 'NULL'; break; case PDO::PARAM_INT: return is_null($param) ? 'NULL' : (is_int($param) ? $param : (float)$param); break; default: return is_null($param) ? 'NULL' : '\'' . mysql_real_escape_string($param, $this->link) . '\''; break; } } public function rollBack() { parent::rollback(); if(!mysql_unbuffered_query('ROLLBACK', $this->link)) { $this->set_driver_error(null, PDO::ERRMODE_EXCEPTION, 'rollBack'); } $this->setAttribute(PDO::ATTR_AUTOCOMMIT, $this->driver_options[PDO::ATTR_AUTOCOMMIT]); return true; } public function setAttribute($attribute, $value, &$source = null, $func = 'PDO::setAttribute', &$last_error = null) { if($source == null) $source =& $this->driver_options; switch($attribute) { case PDO::ATTR_AUTOCOMMIT: $value = $value ? 1 : 0; if(!mysql_unbuffered_query('SET AUTOCOMMIT = ' . $value, $this->link)) { $this->set_driver_error(null, PDO::ERRMODE_EXCEPTION, $func); } return true; break; case PDO::ATTR_TIMEOUT: $value = intval($value); if($value > 1 && @ini_set('mysql.connect_timeout', $value)) { return true; } break; case dbf_base::MYSQL_ATTR_LOCAL_INFILE: $value = $value ? true : false; $source[dbf_base::MYSQL_ATTR_LOCAL_INFILE] = $value; if($value && !($this->client_flags & 128)) { $this->client_flags |= 128; } else if(!$value && ($this->client_flags & 128)) { $this->client_flags &= ~128; } return true; break; case dbf_base::MYSQL_ATTR_INIT_COMMAND: if($value) { $source[dbf_base::MYSQL_ATTR_INIT_COMMAND] = $value; return true; } break; default: return parent::setAttribute($attribute, $value, $source, $func, $last_error); break; } return false; } public function set_driver_error($state = null, $mode = PDO::ERRMODE_SILENT, $func = '') { $errno = mysql_errno($this->link); if($state === null) $state = $this->get_sql_state($errno); $this->set_error($errno, mysql_error($this->link), $state, $mode, $func); } public function get_sql_state($id) { if(isset($this->sql_states[$id])) { return $this->sql_states[$id]; } return 'HY000'; } protected function connect(&$username, &$password, &$driver_options) { $this->set_attributes(array ( PDO::ATTR_TIMEOUT, dbf_base::MYSQL_ATTR_LOCAL_INFILE, dbf_base::MYSQL_ATTR_INIT_COMMAND, ), $driver_options); $host = isset($this->dsn['host']) ? $this->dsn['host'] : 'localhost'; $dbname = isset($this->dsn['dbname']) ? $this->dsn['dbname'] : ''; $port = isset($this->dsn['port']) ? intval($this->dsn['port']) : 0; $socket = isset($this->dsn['unix_socket']) ? intval($this->dsn['unix_socket']) : ''; if($socket) { $host .= ':' . $socket; } else if($port) { $host .= ':' . $port; } if(isset($driver_options[PDO::ATTR_PERSISTENT]) && $driver_options[PDO::ATTR_PERSISTENT]) { $this->link = @mysql_pconnect($host, $username, $password, $this->client_flags); } else { $this->link = @mysql_connect($host, $username, $password, true, $this->client_flags); } if(!$this->link) { $errno = mysql_errno(); $state = $this->get_sql_state($errno); $this->set_error($errno, mysql_error(), $state, PDO::ERRMODE_EXCEPTION, '__construct'); } if($dbname) { if(!@mysql_select_db($dbname, $this->link)) { $this->set_driver_error(null, PDO::ERRMODE_EXCEPTION, '__construct'); } } if(isset($this->dsn['charset'])) { if(!mysql_set_charset($this->dsn['charset'], $this->link)) { $this->set_driver_error(null, PDO::ERRMODE_EXCEPTION, '__construct'); } } if($this->driver_options[dbf_base::MYSQL_ATTR_INIT_COMMAND]) { if(!mysql_unbuffered_query($this->driver_options[dbf_base::MYSQL_ATTR_INIT_COMMAND], $this->link)) { $this->set_driver_error(null, PDO::ERRMODE_EXCEPTION, '__construct'); } } } protected function disconnect() { mysql_close($this->link); } } class DBF_PDO extends PDO { private $path; private $driver; private $driver_name; public function __construct($dsn, $username = '', $password = '', $driver_options = array()) { if(!is_array($driver_options)) $driver_options = array(); $driver_dsn =& $this->parse_dsn($dsn); if($this->driver_name == 'uri') { $driver_dsn = $this->get_uri_dsn(key($driver_dsn)); } $this->init_driver($driver_dsn, $username, $password, $driver_options); } public function beginTransaction() { return $this->driver->beginTransaction(); } public function commit() { return $this->driver->commit(); } public function errorCode() { if(func_num_args() > 0) return false; return $this->driver->errorCode(); } public function errorInfo() { if(func_num_args() > 0) return false; return $this->driver->errorInfo(); } public function exec($statement) { if(!$statement || func_num_args() != 1) return false; $driver = $this->driver; $result = $driver->exec($statement); if($result !== false) { $driver->clear_error(); } else { $driver->set_driver_error(null, PDO::ERRMODE_SILENT, 'exec'); } return $result; } public function getAttribute($attribute) { if(func_num_args() != 1 || !is_int($attribute)) return false; return $this->driver->getAttribute($attribute); } public function lastInsertId($name = '') { if(!is_string($name) || func_num_args() > 1) return false; $result = $this->driver->lastInsertId($name); $driver = $this->driver; if($result !== false) { $driver->filter_result($result, $driver->driver_options[PDO::ATTR_STRINGIFY_FETCHES], $driver->driver_options[PDO::ATTR_ORACLE_NULLS]); } return $result; } public function prepare($statement, $driver_options = array()) { return $this->driver->prepare($statement, $driver_options); } public function query($statement, $mode = 0, $param = '', $ctorargs = array()) { $st = $this->prepare($statement); if(!$st) return false; try { if(!$st->execute()) { $this->driver->set_error_info($st->errorInfo()); return false; } } catch(PDOException $e) { $this->driver->set_error_info($st->errorInfo()); throw $e; } if(!$mode) return $st; if(!$st->setFetchMode($mode, $param, $ctorargs)) return false; return $st; } public function quote($string, $parameter_type = -1) { if(!func_num_args() || is_array($string) || is_object($string)) return false; return $this->driver->quote($string, $parameter_type); } public function rollBack() { return $this->driver->rollback(); } public function setAttribute($attribute, $value) { if(func_num_args() != 2) return false; return $this->driver->setAttribute($attribute, $value); } private function get_uri_dsn($driver_dsn) { $uri_data =& $this->parse_uri($driver_dsn); switch($uri_data[0]) { case 'file': if(false === ($dsn = file_get_contents($uri_data[1]))) { throw new PDOException('invalid data source name'); } return $this->parse_dsn($dsn); break; default: throw new PDOException('invalid data source name'); break; } } private function &parse_dsn(&$dsn) { $pos = strpos($dsn, ':'); if($pos === false) throw new PDOException('invalid data source name'); $this->driver_name = strtolower(trim(substr($dsn, 0, $pos))); if(!$this->driver_name) throw new PDOException('could not find driver'); $driver_dsn = array(); $d_dsn = trim(substr($dsn, $pos + 1)); if($d_dsn) { $arr = explode(';', $d_dsn); foreach($arr as &$pair) { $kv = explode('=', $pair); $driver_dsn[strtolower(trim($kv[0]))] = isset($kv[1]) ? trim($kv[1]) : ''; } } return $driver_dsn; } private function &parse_uri($dsn) { $pos = strpos($dsn, ':'); if($pos === false) throw new PDOException('invalid data source name'); $data = array(strtolower(trim(substr($dsn, 0, $pos)))); $data[] = trim(substr($dsn, $pos + 1)); return $data; } private function init_driver(&$dsn, &$username, &$password, &$driver_options) { if(isset($dsn['extension']) && $dsn['extension']) { $driver = strtolower($dsn['extension']); } else { if(extension_loaded('mysql')) { $driver = 'mysql'; } } $driver_options[PDO::ATTR_DRIVER_NAME] = $this->driver_name; if(!isset($driver_options[PDO::ATTR_STATEMENT_CLASS])) { $driver_options[PDO::ATTR_STATEMENT_CLASS] = array('dbf_' . $driver . '_statement'); } $class = 'dbf_' . $driver; $this->driver = new $class($dsn, $username, $password, $driver_options); } } try { if( $dbfen_key != $backup_info['dbfen_key'] ) { logger('dbfen_key not match post="'.$dbfen_key.'", but backup_info="'.$backup_info['dbfen_key'] . '"', 'DEBUG'); die('bad req.0,exit!ip:'.$dbfen_ip.'|'.json_encode($backup_info['dbfen_ip'])); } if( $app_key != $backup_info['app_key'] ) { logger('app_key not match post="'.$app_key.'", but backup_info="'.$backup_info['app_key'] . '"', 'DEBUG'); die('bad req.1,exit!ip:'.$dbfen_ip.'|'.json_encode($backup_info['dbfen_ip'])); } if( $app_secret != $backup_info['app_secret'] ) { logger('app_secret not match post="'.$app_secret.'", but backup_info="'.$backup_info['app_secret'] . '"', 'DEBUG'); die('bad req.2,exit!ip:'.$dbfen_ip.'|'.json_encode($backup_info['dbfen_ip'])); } if( !in_array( $backup_type,array(0,1,2) ) || !in_array( $action_type,array(1,2,3,4,5,6,7) ) ) { logger('action_type not match post="'.$action_type.'", but backup_info="'.$backup_info['action_type'] . '"', 'DEBUG'); die('bad req.4,exit!'.$backup_type.'|'.$action_type); } $DBFenXBackup = new DBFenXBackup($backup_info,$db_info ); $DBFenXBackup->execute_v2(); exit(); } catch( Exception $e ) { print $e->getMessage(); exit(); } function in_limit_ips ($dbfen_ip,$limit_ips) { if( !is_array($limit_ips) ) { return false; } foreach( $limit_ips as $v) { if( strstr($dbfen_ip,$v) ) return true; } return false; } function exit_handler() { global $g_tasks; global $g_current_progress_file; global $g_finished; if( $g_exec_complete === true || $g_finished === true) { return ; } if( is_array( $g_tasks ) ) { try { if( $g_tasks[$g_current_progress_file]['ze']['close'] != 1 ) { if( is_resource($g_tasks[$g_current_progress_file]['ze']['fd']) ) $g_tasks[$g_current_progress_file]['ze']['fd']->close(); } if( $g_tasks[$g_current_progress_file]['enc']['close'] != 1 ) { if( is_resource($g_tasks[$g_current_progress_file]['enc']['fd']) ) { fclose($g_tasks[$g_current_progress_file]['enc']['fd']); } } echo json_encode(array('code'=>1,'from'=>1,'info'=>array())); } catch( Exception $ex) { echo json_encode(array('code'=>2,'from'=>1,'info'=>array(),'msg'=>$ex->getMessage())); } } else { echo json_encode(array('code'=>3,'from'=>1,'info'=>array(),'msg'=>'')); } } function logger($msg, $loglevel = 'INFO') { global $debug; global $g_log_file ; if (!$debug && $loglevel != 'INFO') return; $data = debug_backtrace(); $data = array_pop($data); $msg = "{$data['function']} ${loglevel}:\t{$msg}"; $msg = date('Y-m-d H:i:s',time()) . " {$msg}\n"; try{ file_put_contents($g_log_file,$msg, FILE_APPEND); } catch( Exception $ex) { } } Class DBFenXBackup { private $db_info =array(); private $backup_info =array(); private $fs_bgf = 'dbfen_fs_btg.dat'; private $fs_bgf_d = 'dbfen_fs_btg_detail.dat'; private $db_bgf = 'dbfen_db_btg.dat'; private $db_bgf_d = 'dbfen_db_btg_detail.dat'; private $tmp_db_gzip_file = 'dbfen-db-1.sql'; private $tmp_folder_zip_file = 'dbfen-folder-1.zip'; private $db_tb_ffl = 'dbfen_db_tb_fn.dat'; private $db_egf = 'dbfen_db_egf.dat'; private $db_iv = 'dbfen_db_iv.dat'; public $log_file = 'dbfen.log'; private $fs_dirs_scl = 'dbfen_fs_dirs.dat'; private $fs_egf = 'dbfen_fs_egf.dat'; private $fs_iv = 'dbfen_fs_iv.dat'; private $db_zip_progress_file = 'dbfen_db_zip_prg.dat'; private $fs_file_list_file = 'dbfen_fs_fl.dat'; private $fs_zip_progress_file = 'dbfen_fs_zip_prg.dat'; private $fs_tmp_file_list_file = 'dbfen_fs_tmp_fl.dat'; private $exec_complete = false; private $abnormal_exit_flag_file = 'abnormal_exit_flag_file'; public $version = '2.1'; public function __construct( $backup_info = array(),$db_info = array() ) { global $g_exec_complete; $this->db_info['db_host'] = trim($db_info['db_host']); $this->db_info['db_port'] = trim($db_info['db_port']); $this->db_info['db_name'] = trim($db_info['db_name']); $this->db_info['db_user'] = trim($db_info['db_user']); $this->db_info['db_passwd'] = trim($db_info['db_passwd']); $this->backup_info['backup_type'] = $backup_info['backup_type']; $this->backup_info['encrypt_key'] = $backup_info['encrypt_key']; $this->backup_info['app_key'] = $backup_info['app_key']; $this->backup_info['app_secret'] = $backup_info['app_secret']; $this->backup_info['dbfen_key'] = $backup_info['dbfen_key']; $this->backup_info['dbfen_ip'] = $backup_info['dbfen_ip']; $this->backup_info['tmpDir'] = $backup_info['tmpDir']; $this->backup_info['user_id'] = $backup_info['user_id']; $this->backup_info['task_id'] = $backup_info['task_id']; $this->backup_info['action_type'] = $backup_info['action_type']; if ( $backup_info['folders'][0] == '/' ) { $this->backup_info['folders'] = array($_SERVER['DOCUMENT_ROOT']); } else { $this->backup_info['folders'] = $backup_info['folders']; } $g_exec_complete = false; } private function preconfig() { global $g_log_file; global $tmp_path; if ( empty($this->backup_info['tmpDir']) || $this->backup_info['tmpDir'] == '' || !file_exists( $this->backup_info['tmpDir'] ) ) { $ret = true;

修复方案:

我是来找礼物的!

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-11-29 10:24

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无


漏洞评价:

评价