dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
workaround for any current or future exploit of the $GLOBALS overwrite vulnerability
[lhc/web/wiklou.git] / profileinfo.php
1 <!--
2 Show profiling data.
3
4 Copyright 2005 Kate Turner.
5
6 Permission is hereby granted, free of charge, to any person obtaining a copy
7 of this software and associated documentation files (the "Software"), to deal
8 in the Software without restriction, including without limitation the rights
9 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 copies of the Software, and to permit persons to whom the Software is
11 furnished to do so, subject to the following conditions:
12
13 The above copyright notice and this permission notice shall be included in
14 all copies or substantial portions of the Software.
15
16 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 SOFTWARE.
23
24 $Id$
25 -->
26 <html>
27 <head>
28 <title>Profiling data</title>
29 <style type="text/css">
30 th {
31 text-align: left;
32 border-bottom: solid 1px black;
33 }
34
35 th, td {
36 padding-left: 0.5em;
37 padding-right: 0.5em;
38 }
39
40 td.time, td.count {
41 text-align: right;
42 }
43 </style>
44 </head>
45 <body>
46 <?php
47
48 $wgDBadminuser = $wgDBadminpassword = $wgDBserver = $wgDBname = $wgEnableProfileInfo = false;
49
50 define("MEDIAWIKI", 1);
51 if ( isset( $_REQUEST['GLOBALS'] ) ) {
52 print $GLOBALS;
53 die( '<a href="http://www.hardened-php.net/index.76.html">$GLOBALS overwrite vulnerability</a>');
54 }
55
56 require_once("./includes/Defines.php");
57 require_once("./LocalSettings.php");
58 require_once("./AdminSettings.php");
59
60 if (!$wgEnableProfileInfo)
61 die("disabled");
62
63 foreach (array("wgDBadminuser", "wgDBadminpassword", "wgDBserver", "wgDBname") as $var)
64 if ($$var === false)
65 die("AdminSettings.php not correct");
66
67 $expand = array();
68 if (isset($_REQUEST['expand']))
69 foreach(explode(",", $_REQUEST['expand']) as $f)
70 $expand[$f] = true;
71
72 class profile_point {
73 var $name;
74 var $count;
75 var $time;
76 var $children;
77
78 function profile_point($name, $count, $time) {
79 $this->name = $name;
80 $this->count = $count;
81 $this->time = $time;
82 $this->children = array();
83 }
84
85 function add_child($child) {
86 $this->children[] = $child;
87 }
88
89 function display($indent = 0.0) {
90 global $expand;
91 usort($this->children, "compare_point");
92
93 $extet = '';
94 if (isset($expand[$this->name()]))
95 $ex = true;
96 else $ex = false;
97 if (!$ex) {
98 if (count($this->children)) {
99 $url = makeurl(false, false, $expand + array($this->name() => true));
100 $extet = " <a href=\"$url\">[+]</a>";
101 } else $extet = '';
102 } else {
103 $e = array();
104 foreach ($expand as $name => $ep)
105 if ($name != $this->name())
106 $e += array($name => $ep);
107
108 $extet = " <a href=\"" . makeurl(false, false, $e) . "\">[&ndash;]</a>";
109 }
110 ?>
111 <tr>
112 <td class="time"><tt><?php echo $this->fmttime() ?></tt></td>
113 <td class="count"><?php echo $this->count() ?></td>
114 <td class="name" style="padding-left: <?php echo $indent ?>em">
115 <?php echo htmlspecialchars($this->name()) . $extet ?>
116 </td>
117 </tr>
118 <?php
119 if ($ex)
120 foreach ($this->children as $child)
121 $child->display($indent + 2);
122 }
123
124 function name() {
125 return $this->name;
126 }
127
128 function count() {
129 return $this->count;
130 }
131
132 function time() {
133 return $this->time;
134 }
135
136 function fmttime() {
137 return sprintf("%5.02f", $this->time);
138 }
139 };
140
141 function compare_point($a, $b) {
142 global $sort;
143 switch ($sort) {
144 case "name":
145 return strcmp($a->name(), $b->name());
146 case "time":
147 return $a->time() > $b->time() ? -1 : 1;
148 case "count":
149 return $a->count() > $b->count() ? -1 : 1;
150 }
151 }
152
153 $sorts = array("time", "count", "name");
154 $sort = 'time';
155 if (isset($_REQUEST['sort']) && in_array($_REQUEST['sort'], $sorts))
156 $sort = $_REQUEST['sort'];
157
158 $dbh = mysql_connect($wgDBserver, $wgDBadminuser, $wgDBadminpassword)
159 or die("mysql server failed: " . mysql_error());
160 mysql_select_db($wgDBname, $dbh) or die(mysql_error($dbh));
161 $res = mysql_query("
162 SELECT pf_count, pf_time, pf_name
163 FROM profiling
164 ORDER BY pf_name ASC
165 ", $dbh) or die("query failed: " . mysql_error());
166
167 if (isset($_REQUEST['filter']))
168 $filter = $_REQUEST['filter'];
169 else $filter = '';
170
171 ?>
172 <form method="profiling.php">
173 <p>
174 <input type="text" name="filter" value="<?php echo htmlspecialchars($filter)?>"/>
175 <input type="hidden" name="sort" value="<?php echo htmlspecialchars($sort)?>"/>
176 <input type="hidden" name="expand" value="<?php echo htmlspecialchars(implode(",", array_keys($expand)))?>"/>
177 <input type="submit" value="Filter" />
178 </p>
179 </form>
180
181 <table cellspacing="0">
182 <tr id="top">
183 <th><a href="<?php echo makeurl(false, "time") ?>">Time</a></th>
184 <th><a href="<?php echo makeurl(false, "count") ?>">Count</a></th>
185 <th><a href="<?php echo makeurl(false, "name") ?>">Name</a></th>
186 </tr>
187 <?php
188 $totaltime = 0.0;
189
190 function makeurl($_filter = false, $_sort = false, $_expand = false) {
191 global $filter, $sort, $expand;
192
193 if ($_expand === false)
194 $_expand = $expand;
195
196 $nfilter = $_filter ? $_filter : $filter;
197 $nsort = $_sort ? $_sort : $sort;
198 $exp = urlencode(implode(',', array_keys($_expand)));
199 return "?filter=$nfilter&amp;sort=$nsort&amp;expand=$exp";
200 }
201
202 $points = array();
203 $queries = array();
204 $sqltotal = 0.0;
205
206 $last = false;
207 while (($o = mysql_fetch_object($res)) !== false) {
208 $next = new profile_point($o->pf_name, $o->pf_count, $o->pf_time);
209 $totaltime += $next->time();
210 if ($last !== false) {
211 if (preg_match("/^".preg_quote($last->name(), "/")."/", $next->name())) {
212 $last->add_child($next);
213 continue;
214 }
215 }
216 $last = $next;
217 if (preg_match("/^query: /", $next->name())) {
218 $sqltotal += $next->time();
219 $queries[] = $next;
220 } else {
221 $points[] = $next;
222 }
223 }
224
225 $s = new profile_point("SQL Queries", 0, $sqltotal);
226 foreach ($queries as $q)
227 $s->add_child($q);
228 $points[] = $s;
229
230 usort($points, "compare_point");
231
232 foreach ($points as $point) {
233 if (strlen($filter) && !strstr($point->name(), $filter))
234 continue;
235
236 $point->display();
237 }
238 ?>
239 </table>
240
241 <p>Total time: <tt><?php printf("%5.02f", $totaltime) ?></p>
242 <?php
243
244 mysql_free_result($res);
245 mysql_close($dbh);
246
247 ?>
248 </body>
249 </html>
Wiklou, le Wiki du Wiklou