Issues in DB_utility.php (develop) - Issues in develop - ci-bonfire/Sprint - Measure and Improve Code Quality continuously with Scrutinizer

Issues (423)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

system/database/DB_utility.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * CodeIgniter
 *
 * An open source application development framework for PHP
 *
 * This content is released under the MIT License (MIT)
 *
 * Copyright (c) 2014 - 2015, British Columbia Institute of Technology
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 *
 * @package	CodeIgniter
 * @author	EllisLab Dev Team
 * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
 * @copyright	Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
 * @license	http://opensource.org/licenses/MIT	MIT License
 * @link	http://codeigniter.com
 * @since	Version 1.0.0
 * @filesource
 */
defined('BASEPATH') OR exit('No direct script access allowed');

/**
 * Database Utility Class
 *
 * @category	Database
 * @author		EllisLab Dev Team
 * @link		http://codeigniter.com/user_guide/database/
 */
abstract class CI_DB_utility {

	/**
	 * Database object
	 *
	 * @var	object
	 */
	protected $db;

	// --------------------------------------------------------------------

	/**
	 * List databases statement
	 *
	 * @var	string
	 */
	protected $_list_databases		= FALSE;

	/**
	 * OPTIMIZE TABLE statement
	 *
	 * @var	string
	 */
	protected $_optimize_table	= FALSE;

	/**
	 * REPAIR TABLE statement
	 *
	 * @var	string
	 */
	protected $_repair_table	= FALSE;

	// --------------------------------------------------------------------

	/**
	 * Class constructor
	 *
	 * @param	object	&$db	Database object
	 * @return	void
	 */
	public function __construct(&$db)
	{
		$this->db =& $db;
		log_message('info', 'Database Utility Class Initialized');
	}

	// --------------------------------------------------------------------

	/**
	 * List databases
	 *
	 * @return	array
	 */
	public function list_databases()
	{
		// Is there a cached result?
		if (isset($this->db->data_cache['db_names']))
		{
			return $this->db->data_cache['db_names'];
		}
		elseif ($this->_list_databases === FALSE)
		{
			return ($this->db->db_debug) ? $this->db->display_error('db_unsupported_feature') : FALSE;
		}

		$this->db->data_cache['db_names'] = array();

		$query = $this->db->query($this->_list_databases);
		if ($query === FALSE)
		{
			return $this->db->data_cache['db_names'];
		}

		for ($i = 0, $query = $query->result_array(), $c = count($query); $i < $c; $i++)
		{
			$this->db->data_cache['db_names'][] = current($query[$i]);
		}

		return $this->db->data_cache['db_names'];
	}

	// --------------------------------------------------------------------

	/**
	 * Determine if a particular database exists
	 *
	 * @param	string	$database_name
	 * @return	bool
	 */
	public function database_exists($database_name)
	{
		return in_array($database_name, $this->list_databases());
	}

	// --------------------------------------------------------------------

	/**
	 * Optimize Table
	 *
	 * @param	string	$table_name
	 * @return	mixed
	 */
	public function optimize_table($table_name)
	{
		if ($this->_optimize_table === FALSE)
		{
			return ($this->db->db_debug) ? $this->db->display_error('db_unsupported_feature') : FALSE;
		}

		$query = $this->db->query(sprintf($this->_optimize_table, $this->db->escape_identifiers($table_name)));
		if ($query !== FALSE)
		{
			$query = $query->result_array();
			return current($query);
		}

		return FALSE;
	}

	// --------------------------------------------------------------------

	/**
	 * Optimize Database
	 *
	 * @return	mixed
	 */
	public function optimize_database()
	{
		if ($this->_optimize_table === FALSE)
		{
			return ($this->db->db_debug) ? $this->db->display_error('db_unsupported_feature') : FALSE;
		}

		$result = array();
		foreach ($this->db->list_tables() as $table_name)
		{
			$res = $this->db->query(sprintf($this->_optimize_table, $this->db->escape_identifiers($table_name)));
			if (is_bool($res))
			{
				return $res;
			}

			// Build the result array...
			$res = $res->result_array();
			$res = current($res);
			$key = str_replace($this->db->database.'.', '', current($res));
			$keys = array_keys($res);
			unset($res[$keys[0]]);

			$result[$key] = $res;
		}

		return $result;
	}

	// --------------------------------------------------------------------

	/**
	 * Repair Table
	 *
	 * @param	string	$table_name
	 * @return	mixed
	 */
	public function repair_table($table_name)
	{
		if ($this->_repair_table === FALSE)
		{
			return ($this->db->db_debug) ? $this->db->display_error('db_unsupported_feature') : FALSE;
		}

		$query = $this->db->query(sprintf($this->_repair_table, $this->db->escape_identifiers($table_name)));
		if (is_bool($query))
		{
			return $query;
		}

		$query = $query->result_array();
		return current($query);
	}

	// --------------------------------------------------------------------

	/**
	 * Generate CSV from a query result object
	 *
	 * @param	object	$query		Query result object
	 * @param	string	$delim		Delimiter (default: ,)
	 * @param	string	$newline	Newline character (default: \n)
	 * @param	string	$enclosure	Enclosure (default: ")
	 * @return	string
	 */
	public function csv_from_result($query, $delim = ',', $newline = "\n", $enclosure = '"')
	{
		if ( ! is_object($query) OR ! method_exists($query, 'list_fields'))
		{
			show_error('You must submit a valid result object');
		}

		$out = '';
		// First generate the headings from the table column names
		foreach ($query->list_fields() as $name)
		{
			$out .= $enclosure.str_replace($enclosure, $enclosure.$enclosure, $name).$enclosure.$delim;
		}

		$out = substr($out, 0, -strlen($delim)).$newline;

		// Next blast through the result array and build out the rows
		while ($row = $query->unbuffered_row('array'))
		{
			$line = array();
			foreach ($row as $item)
			{
				$line[] = $enclosure.str_replace($enclosure, $enclosure.$enclosure, $item).$enclosure;
			}
			$out .= implode($delim, $line).$newline;
		}

		return $out;
	}

	// --------------------------------------------------------------------

	/**
	 * Generate XML data from a query result object
	 *
	 * @param	object	$query	Query result object
	 * @param	array	$params	Any preferences
	 * @return	string
	 */
	public function xml_from_result($query, $params = array())
	{
		if ( ! is_object($query) OR ! method_exists($query, 'list_fields'))
		{
			show_error('You must submit a valid result object');
		}

		// Set our default values
		foreach (array('root' => 'root', 'element' => 'element', 'newline' => "\n", 'tab' => "\t") as $key => $val)
		{
			if ( ! isset($params[$key]))
			{
				$params[$key] = $val;
			}
		}

		// Create variables for convenience
		extract($params);

		// Load the xml helper
		get_instance()->load->helper('xml');

		// Generate the result
		$xml = '<'.$root.'>'.$newline;
		while ($row = $query->unbuffered_row())
		{
			$xml .= $tab.'<'.$element.'>'.$newline;
			foreach ($row as $key => $val)
			{
				$xml .= $tab.$tab.'<'.$key.'>'.xml_convert($val).'</'.$key.'>'.$newline;
			}
			$xml .= $tab.'</'.$element.'>'.$newline;
		}

		return $xml.'</'.$root.'>'.$newline;
	}

	// --------------------------------------------------------------------

	/**
	 * Database Backup
	 *
	 * @param	array	$params
	 * @return	string
	 */
	public function backup($params = array())
	{
		// If the parameters have not been submitted as an
		// array then we know that it is simply the table
		// name, which is a valid short cut.
		if (is_string($params))
		{
			$params = array('tables' => $params);
		}

		// Set up our default preferences
		$prefs = array(
			'tables'		=> array(),
			'ignore'		=> array(),
			'filename'		=> '',
			'format'		=> 'gzip', // gzip, zip, txt
			'add_drop'		=> TRUE,
			'add_insert'		=> TRUE,
			'newline'		=> "\n",
			'foreign_key_checks'	=> TRUE
		);

		// Did the user submit any preferences? If so set them....
		if (count($params) > 0)
		{
			foreach ($prefs as $key => $val)
			{
				if (isset($params[$key]))
				{
					$prefs[$key] = $params[$key];
				}
			}
		}

		// Are we backing up a complete database or individual tables?
		// If no table names were submitted we'll fetch the entire table list
		if (count($prefs['tables']) === 0)
		{
			$prefs['tables'] = $this->db->list_tables();
		}

		// Validate the format
		if ( ! in_array($prefs['format'], array('gzip', 'zip', 'txt'), TRUE))
		{
			$prefs['format'] = 'txt';
		}

		// Is the encoder supported? If not, we'll either issue an
		// error or use plain text depending on the debug settings
		if (($prefs['format'] === 'gzip' && ! function_exists('gzencode'))
			OR ($prefs['format'] === 'zip' && ! function_exists('gzcompress')))
		{
			if ($this->db->db_debug)
			{
				return $this->db->display_error('db_unsupported_compression');
			}

			$prefs['format'] = 'txt';
		}

		// Was a Zip file requested?
		if ($prefs['format'] === 'zip')
		{
			// Set the filename if not provided (only needed with Zip files)
			if ($prefs['filename'] === '')
			{
				$prefs['filename'] = (count($prefs['tables']) === 1 ? $prefs['tables'] : $this->db->database)
							.date('Y-m-d_H-i', time()).'.sql';
			}
			else
			{
				// If they included the .zip file extension we'll remove it
				if (preg_match('|.+?\.zip$|', $prefs['filename']))
				{
					$prefs['filename'] = str_replace('.zip', '', $prefs['filename']);
				}

				// Tack on the ".sql" file extension if needed
				if ( ! preg_match('|.+?\.sql$|', $prefs['filename']))
				{
					$prefs['filename'] .= '.sql';
				}
			}

			// Load the Zip class and output it
			$CI =& get_instance();
			$CI->load->library('zip');
			$CI->zip->add_data($prefs['filename'], $this->_backup($prefs));
			return $CI->zip->get_zip();
		}
		elseif ($prefs['format'] === 'txt') // Was a text file requested?
		{
			return $this->_backup($prefs);
		}
		elseif ($prefs['format'] === 'gzip') // Was a Gzip file requested?
		{
			return gzencode($this->_backup($prefs));
		}

		return;
	}

}


GitHub Access Token became invalid

Issues (423)

Security Analysis not enabled

system/database/DB_utility.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
		0 ignored issues – show Coding Style Compatibility introduced 2016-02-16 16:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 47 and the first side effect is on line 38. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2		/**
3		* CodeIgniter
4		*
5		* An open source application development framework for PHP
6		*
7		* This content is released under the MIT License (MIT)
8		*
9		* Copyright (c) 2014 - 2015, British Columbia Institute of Technology
10		*
11		* Permission is hereby granted, free of charge, to any person obtaining a copy
12		* of this software and associated documentation files (the "Software"), to deal
13		* in the Software without restriction, including without limitation the rights
14		* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
15		* copies of the Software, and to permit persons to whom the Software is
16		* furnished to do so, subject to the following conditions:
17		*
18		* The above copyright notice and this permission notice shall be included in
19		* all copies or substantial portions of the Software.
20		*
21		* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
22		* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
23		* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
24		* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
25		* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
26		* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27		* THE SOFTWARE.
28		*
29		* @package CodeIgniter
30		* @author EllisLab Dev Team
31		* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
32		* @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
33		* @license http://opensource.org/licenses/MIT MIT License
34		* @link http://codeigniter.com
35		* @since Version 1.0.0
36		* @filesource
37		*/
38		defined('BASEPATH') OR exit('No direct script access allowed');
39
40		/**
41		* Database Utility Class
42		*
43		* @category Database
44		* @author EllisLab Dev Team
45		* @link http://codeigniter.com/user_guide/database/
46		*/
47		abstract class CI_DB_utility {
48
49		/**
50		* Database object
51		*
52		* @var object
53		*/
54		protected $db;
55
56		// --------------------------------------------------------------------
57
58		/**
59		* List databases statement
60		*
61		* @var string
62		*/
63		protected $_list_databases = FALSE;
64
65		/**
66		* OPTIMIZE TABLE statement
67		*
68		* @var string
69		*/
70		protected $_optimize_table = FALSE;
71
72		/**
73		* REPAIR TABLE statement
74		*
75		* @var string
76		*/
77		protected $_repair_table = FALSE;
78
79		// --------------------------------------------------------------------
80
81		/**
82		* Class constructor
83		*
84		* @param object &$db Database object
85		* @return void
86		*/
87		public function __construct(&$db)
88		{
89		$this->db =& $db;
90		log_message('info', 'Database Utility Class Initialized');
91		}
92
93		// --------------------------------------------------------------------
94
95		/**
96		* List databases
97		*
98		* @return array
99		*/
100		public function list_databases()
101		{
102		// Is there a cached result?
103		if (isset($this->db->data_cache['db_names']))
104		{
105		return $this->db->data_cache['db_names'];
106		}
107		elseif ($this->_list_databases === FALSE)
108		{
109		return ($this->db->db_debug) ? $this->db->display_error('db_unsupported_feature') : FALSE;
110		}
111
112		$this->db->data_cache['db_names'] = array();
113
114		$query = $this->db->query($this->_list_databases);
115		if ($query === FALSE)
116		{
117		return $this->db->data_cache['db_names'];
118		}
119
120		for ($i = 0, $query = $query->result_array(), $c = count($query); $i < $c; $i++)
121		{
122		$this->db->data_cache['db_names'][] = current($query[$i]);
123		}
124
125		return $this->db->data_cache['db_names'];
126		}
127
128		// --------------------------------------------------------------------
129
130		/**
131		* Determine if a particular database exists
132		*
133		* @param string $database_name
134		* @return bool
135		*/
136		public function database_exists($database_name)
137		{
138		return in_array($database_name, $this->list_databases());
139		}
140
141		// --------------------------------------------------------------------
142
143		/**
144		* Optimize Table
145		*
146		* @param string $table_name
147		* @return mixed
148		*/
149	View Code Duplication	public function optimize_table($table_name)
150		{
151		if ($this->_optimize_table === FALSE)
152		{
153		return ($this->db->db_debug) ? $this->db->display_error('db_unsupported_feature') : FALSE;
154		}
155
156		$query = $this->db->query(sprintf($this->_optimize_table, $this->db->escape_identifiers($table_name)));
157		if ($query !== FALSE)
158		{
159		$query = $query->result_array();
160		return current($query);
161		}
162
163		return FALSE;
164		}
165
166		// --------------------------------------------------------------------
167
168		/**
169		* Optimize Database
170		*
171		* @return mixed
172		*/
173		public function optimize_database()
174		{
175		if ($this->_optimize_table === FALSE)
176		{
177		return ($this->db->db_debug) ? $this->db->display_error('db_unsupported_feature') : FALSE;
178		}
179
180		$result = array();
181		foreach ($this->db->list_tables() as $table_name)
182		{
183		$res = $this->db->query(sprintf($this->_optimize_table, $this->db->escape_identifiers($table_name)));
184		if (is_bool($res))
185		{
186		return $res;
187		}
188
189		// Build the result array...
190		$res = $res->result_array();
191		$res = current($res);
192		$key = str_replace($this->db->database.'.', '', current($res));
193		$keys = array_keys($res);
194		unset($res[$keys[0]]);
195
196		$result[$key] = $res;
197		}
198
199		return $result;
200		}
201
202		// --------------------------------------------------------------------
203
204		/**
205		* Repair Table
206		*
207		* @param string $table_name
208		* @return mixed
209		*/
210	View Code Duplication	public function repair_table($table_name)
211		{
212		if ($this->_repair_table === FALSE)
213		{
214		return ($this->db->db_debug) ? $this->db->display_error('db_unsupported_feature') : FALSE;
215		}
216
217		$query = $this->db->query(sprintf($this->_repair_table, $this->db->escape_identifiers($table_name)));
218		if (is_bool($query))
219		{
220		return $query;
221		}
222
223		$query = $query->result_array();
224		return current($query);
225		}
226
227		// --------------------------------------------------------------------
228
229		/**
230		* Generate CSV from a query result object
231		*
232		* @param object $query Query result object
233		* @param string $delim Delimiter (default: ,)
234		* @param string $newline Newline character (default: \n)
235		* @param string $enclosure Enclosure (default: ")
236		* @return string
237		*/
238		public function csv_from_result($query, $delim = ',', $newline = "\n", $enclosure = '"')
239		{
240		if ( ! is_object($query) OR ! method_exists($query, 'list_fields'))
241		{
242		show_error('You must submit a valid result object');
243		}
244
245		$out = '';
246		// First generate the headings from the table column names
247		foreach ($query->list_fields() as $name)
248		{
249		$out .= $enclosure.str_replace($enclosure, $enclosure.$enclosure, $name).$enclosure.$delim;
250		}
251
252		$out = substr($out, 0, -strlen($delim)).$newline;
253
254		// Next blast through the result array and build out the rows
255		while ($row = $query->unbuffered_row('array'))
256		{
257		$line = array();
258		foreach ($row as $item)
259		{
260		$line[] = $enclosure.str_replace($enclosure, $enclosure.$enclosure, $item).$enclosure;
261		}
262		$out .= implode($delim, $line).$newline;
263		}
264
265		return $out;
266		}
267
268		// --------------------------------------------------------------------
269
270		/**
271		* Generate XML data from a query result object
272		*
273		* @param object $query Query result object
274		* @param array $params Any preferences
275		* @return string
276		*/
277		public function xml_from_result($query, $params = array())
278		{
279		if ( ! is_object($query) OR ! method_exists($query, 'list_fields'))
280		{
281		show_error('You must submit a valid result object');
282		}
283
284		// Set our default values
285		foreach (array('root' => 'root', 'element' => 'element', 'newline' => "\n", 'tab' => "\t") as $key => $val)
286		{
287		if ( ! isset($params[$key]))
288		{
289		$params[$key] = $val;
290		}
291		}
292
293		// Create variables for convenience
294		extract($params);
295
296		// Load the xml helper
297		get_instance()->load->helper('xml');
298
299		// Generate the result
300		$xml = '<'.$root.'>'.$newline;
301		while ($row = $query->unbuffered_row())
302		{
303		$xml .= $tab.'<'.$element.'>'.$newline;
304		foreach ($row as $key => $val)
305		{
306		$xml .= $tab.$tab.'<'.$key.'>'.xml_convert($val).'</'.$key.'>'.$newline;
307		}
308		$xml .= $tab.'</'.$element.'>'.$newline;
309		}
310
311		return $xml.'</'.$root.'>'.$newline;
312		}
313
314		// --------------------------------------------------------------------
315
316		/**
317		* Database Backup
318		*
319		* @param array $params
320		* @return string
321		*/
322		public function backup($params = array())
323		{
324		// If the parameters have not been submitted as an
325		// array then we know that it is simply the table
326		// name, which is a valid short cut.
327		if (is_string($params))
328		{
329		$params = array('tables' => $params);
330		}
331
332		// Set up our default preferences
333		$prefs = array(
334		'tables' => array(),
335		'ignore' => array(),
336		'filename' => '',
337		'format' => 'gzip', // gzip, zip, txt
338		'add_drop' => TRUE,
339		'add_insert' => TRUE,
340		'newline' => "\n",
341		'foreign_key_checks' => TRUE
342		);
343
344		// Did the user submit any preferences? If so set them....
345		if (count($params) > 0)
346		{
347		foreach ($prefs as $key => $val)
348		{
349		if (isset($params[$key]))
350		{
351		$prefs[$key] = $params[$key];
352		}
353		}
354		}
355
356		// Are we backing up a complete database or individual tables?
357		// If no table names were submitted we'll fetch the entire table list
358		if (count($prefs['tables']) === 0)
359		{
360		$prefs['tables'] = $this->db->list_tables();
361		}
362
363		// Validate the format
364		if ( ! in_array($prefs['format'], array('gzip', 'zip', 'txt'), TRUE))
365		{
366		$prefs['format'] = 'txt';
367		}
368
369		// Is the encoder supported? If not, we'll either issue an
370		// error or use plain text depending on the debug settings
371		if (($prefs['format'] === 'gzip' && ! function_exists('gzencode'))
372		OR ($prefs['format'] === 'zip' && ! function_exists('gzcompress')))
373		{
374		if ($this->db->db_debug)
375		{
376		return $this->db->display_error('db_unsupported_compression');
377		}
378
379		$prefs['format'] = 'txt';
380		}
381
382		// Was a Zip file requested?
383		if ($prefs['format'] === 'zip')
384		{
385		// Set the filename if not provided (only needed with Zip files)
386		if ($prefs['filename'] === '')
387		{
388		$prefs['filename'] = (count($prefs['tables']) === 1 ? $prefs['tables'] : $this->db->database)
389		.date('Y-m-d_H-i', time()).'.sql';
390		}
391		else
392		{
393		// If they included the .zip file extension we'll remove it
394		if (preg_match('\|.+?\.zip$\|', $prefs['filename']))
395		{
396		$prefs['filename'] = str_replace('.zip', '', $prefs['filename']);
397		}
398
399		// Tack on the ".sql" file extension if needed
400		if ( ! preg_match('\|.+?\.sql$\|', $prefs['filename']))
401		{
402		$prefs['filename'] .= '.sql';
403		}
404		}
405
406		// Load the Zip class and output it
407		$CI =& get_instance();
408		$CI->load->library('zip');
409		$CI->zip->add_data($prefs['filename'], $this->_backup($prefs));
410		return $CI->zip->get_zip();
411		}
412		elseif ($prefs['format'] === 'txt') // Was a text file requested?
413		{
414		return $this->_backup($prefs);
415		}
416		elseif ($prefs['format'] === 'gzip') // Was a Gzip file requested?
417		{
418		return gzencode($this->_backup($prefs));
419		}
420
421		return;
422		}
423
424		}
425

ci-bonfire / Sprint

GitHub Access Token became invalid

Issues (423)

Security Analysis not enabled

system/database/DB_utility.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like