1000) {
    die(__('possible exploit'));
}
/**
 * Check for numeric keys
 * (if register_globals is on, numeric key can be found in $GLOBALS)
 */
foreach ($GLOBALS as $key => $dummy) {
    if (is_numeric($key)) {
        die(__('numeric key detected'));
    }
}
unset($dummy);
/**
 * PATH_INFO could be compromised if set, so remove it from PHP_SELF
 * and provide a clean PHP_SELF here
 */
$PMA_PHP_SELF = PMA_getenv('PHP_SELF');
$_PATH_INFO = PMA_getenv('PATH_INFO');
if (! empty($_PATH_INFO) && ! empty($PMA_PHP_SELF)) {
    $path_info_pos = strrpos($PMA_PHP_SELF, $_PATH_INFO);
    if ($path_info_pos + strlen($_PATH_INFO) === strlen($PMA_PHP_SELF)) {
        $PMA_PHP_SELF = substr($PMA_PHP_SELF, 0, $path_info_pos);
    }
}
$PMA_PHP_SELF = htmlspecialchars($PMA_PHP_SELF);
/**
 * just to be sure there was no import (registering) before here
 * we empty the global space (but avoid unsetting $variables_list
 * and $key in the foreach (), we still need them!)
 */
$variables_whitelist = array (
    'GLOBALS',
    '_SERVER',
    '_GET',
    '_POST',
    '_REQUEST',
    '_FILES',
    '_ENV',
    '_COOKIE',
    '_SESSION',
    'error_handler',
    'PMA_PHP_SELF',
    'variables_whitelist',
    'key'
);
foreach (get_defined_vars() as $key => $value) {
    if (! in_array($key, $variables_whitelist)) {
        unset($$key);
    }
}
unset($key, $value, $variables_whitelist);
/**
 * Subforms - some functions need to be called by form, cause of the limited URL
 * length, but if this functions inside another form you cannot just open a new
 * form - so phpMyAdmin uses 'arrays' inside this form
 *
 * 
 * 
 * 
 *
 * so we now check if a subform is submitted
 */
$__redirect = null;
if (isset($_POST['usesubform'])) {
    // if a subform is present and should be used
    // the rest of the form is deprecated
    $subform_id = key($_POST['usesubform']);
    $subform    = $_POST['subform'][$subform_id];
    $_POST      = $subform;
    $_REQUEST   = $subform;
    /**
     * some subforms need another page than the main form, so we will just
     * include this page at the end of this script - we use $__redirect to
     * track this
     */
    if (isset($_POST['redirect'])
      && $_POST['redirect'] != basename($PMA_PHP_SELF)) {
        $__redirect = $_POST['redirect'];
        unset($_POST['redirect']);
    }
    unset($subform_id, $subform);
} else {
    // Note: here we overwrite $_REQUEST so that it does not contain cookies,
    // because another application for the same domain could have set
    // a cookie (with a compatible path) that overrides a variable
    // we expect from GET or POST.
    // We'll refer to cookies explicitly with the $_COOKIE syntax.
    $_REQUEST = array_merge($_GET, $_POST);
}
// end check if a subform is submitted
/**
 * This setting was removed in PHP 5.4. But at this point PMA_PHP_INT_VERSION
 * is not yet defined so we use another way to find out the PHP version.
 */
if (version_compare(phpversion(), '5.4', 'lt')) {
    // remove quotes added by PHP
    if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
        PMA_arrayWalkRecursive($_GET, 'stripslashes', true);
        PMA_arrayWalkRecursive($_POST, 'stripslashes', true);
        PMA_arrayWalkRecursive($_COOKIE, 'stripslashes', true);
        PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true);
    }
}
/**
 * include deprecated grab_globals only if required
 */
if (empty($__redirect) && !defined('PMA_NO_VARIABLES_IMPORT')) {
    include './libraries/grab_globals.lib.php';
}
/**
 * check timezone setting
 * this could produce an E_STRICT - but only once,
 * if not done here it will produce E_STRICT on every date/time function
 *
 * @todo need to decide how we should handle this (without @)
 */
date_default_timezone_set(@date_default_timezone_get());
/******************************************************************************/
/* parsing configuration file                         LABEL_parsing_config_file      */
/**
 * We really need this one!
 */
if (! function_exists('preg_replace')) {
    PMA_warnMissingExtension('pcre', true);
}
/**
 * @global PMA_Config $GLOBALS['PMA_Config']
 * force reading of config file, because we removed sensitive values
 * in the previous iteration
 */
$GLOBALS['PMA_Config'] = new PMA_Config(CONFIG_FILE);
if (!defined('PMA_MINIMUM_COMMON')) {
    $GLOBALS['PMA_Config']->checkPmaAbsoluteUri();
}
/**
 * BC - enable backward compatibility
 * exports all configuration settings into $GLOBALS ($GLOBALS['cfg'])
 */
$GLOBALS['PMA_Config']->enableBc();
/**
 * clean cookies on upgrade
 * when changing something related to PMA cookies, increment the cookie version
 */
$pma_cookie_version = 4;
if (isset($_COOKIE)
 && (isset($_COOKIE['pmaCookieVer'])
  && $_COOKIE['pmaCookieVer'] < $pma_cookie_version)) {
    // delete all cookies
    foreach ($_COOKIE as $cookie_name => $tmp) {
        $GLOBALS['PMA_Config']->removeCookie($cookie_name);
    }
    $_COOKIE = array();
    $GLOBALS['PMA_Config']->setCookie('pmaCookieVer', $pma_cookie_version);
}
/**
 * check HTTPS connection
 */
if ($GLOBALS['PMA_Config']->get('ForceSSL')
    && ! $GLOBALS['PMA_Config']->get('is_https')
) {
    // grab current URL
    $url = $GLOBALS['PMA_Config']->get('PmaAbsoluteUri');
    // Parse current URL
    $parsed = parse_url($url);
    // In case parsing has failed do stupid string replacement
    if ($parsed === false) {
        // Replace http protocol
        $url = preg_replace('@^http:@', 'https:', $url);
    } else {
        if($GLOBALS['PMA_Config']->get('SSLPort')) {
            $port_number = $GLOBALS['PMA_Config']->get('SSLPort');
        } else {
            $port_number = 443;
        }
        $url = 'https://' . $parsed['host'] . ':' . $port_number . '/' . $parsed['path'];
    }
    // Actually redirect
    PMA_sendHeaderLocation($url . PMA_generate_common_url($_GET, 'text'));
    // delete the current session, otherwise we get problems (see bug #2397877)
    $GLOBALS['PMA_Config']->removeCookie($GLOBALS['session_name']);
    exit;
}
/**
 * include session handling after the globals, to prevent overwriting
 */
require './libraries/session.inc.php';
/**
 * init some variables LABEL_variables_init
 */
/**
 * holds parameters to be passed to next page
 * @global array $GLOBALS['url_params']
 */
$GLOBALS['url_params'] = array();
/**
 * the whitelist for $GLOBALS['goto']
 * @global array $goto_whitelist
 */
$goto_whitelist = array(
    //'browse_foreigners.php',
    //'calendar.php',
    //'changelog.php',
    //'chk_rel.php',
    'db_create.php',
    'db_datadict.php',
    'db_sql.php',
    'db_events.php',
    'db_export.php',
    'db_importdocsql.php',
    'db_qbe.php',
    'db_structure.php',
    'db_import.php',
    'db_operations.php',
    'db_printview.php',
    'db_search.php',
    'db_routines.php',
    //'Documentation.html',
    'export.php',
    'import.php',
    //'index.php',
    //'navigation.php',
    //'license.php',
    'main.php',
    'pdf_pages.php',
    'pdf_schema.php',
    //'phpinfo.php',
    'querywindow.php',
    //'readme.php',
    'server_binlog.php',
    'server_collations.php',
    'server_databases.php',
    'server_engines.php',
    'server_export.php',
    'server_import.php',
    'server_privileges.php',
    'server_processlist.php',
    'server_sql.php',
    'server_status.php',
    'server_variables.php',
    'sql.php',
    'tbl_addfield.php',
    'tbl_alter.php',
    'tbl_change.php',
    'tbl_create.php',
    'tbl_import.php',
    'tbl_indexes.php',
    'tbl_move_copy.php',
    'tbl_printview.php',
    'tbl_sql.php',
    'tbl_export.php',
    'tbl_operations.php',
    'tbl_structure.php',
    'tbl_relation.php',
    'tbl_replace.php',
    'tbl_row_action.php',
    'tbl_select.php',
    'tbl_zoom_select.php',
    //'themes.php',
    'transformation_overview.php',
    'transformation_wrapper.php',
    'user_password.php',
);
/**
 * check $__redirect against whitelist
 */
if (! PMA_checkPageValidity($__redirect, $goto_whitelist)) {
    $__redirect = null;
}
/**
 * holds page that should be displayed
 * @global string $GLOBALS['goto']
 */
$GLOBALS['goto'] = '';
// Security fix: disallow accessing serious server files via "?goto="
if (PMA_checkPageValidity($_REQUEST['goto'], $goto_whitelist)) {
    $GLOBALS['goto'] = $_REQUEST['goto'];
    $GLOBALS['url_params']['goto'] = $_REQUEST['goto'];
} else {
    unset($_REQUEST['goto'], $_GET['goto'], $_POST['goto'], $_COOKIE['goto']);
}
/**
 * returning page
 * @global string $GLOBALS['back']
 */
if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) {
    $GLOBALS['back'] = $_REQUEST['back'];
} else {
    unset($_REQUEST['back'], $_GET['back'], $_POST['back'], $_COOKIE['back']);
}
/**
 * Check whether user supplied token is valid, if not remove any possibly
 * dangerous stuff from request.
 *
 * remember that some objects in the session with session_start and __wakeup()
 * could access this variables before we reach this point
 * f.e. PMA_Config: fontsize
 *
 * @todo variables should be handled by their respective owners (objects)
 * f.e. lang, server, collation_connection in PMA_Config
 */
if (! PMA_isValid($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) {
    /**
     *  List of parameters which are allowed from unsafe source
     */
    $allow_list = array(
        /* needed for direct access, see FAQ 1.34
         * also, server needed for cookie login screen (multi-server)
         */
        'server', 'db', 'table', 'target', 'lang',
        /* Session ID */
        'phpMyAdmin',
        /* Cookie preferences */
        'pma_lang', 'pma_collation_connection',
        /* Possible login form */
        'pma_servername', 'pma_username', 'pma_password',
        /* for playing blobstreamable media */
        'media_type', 'custom_type', 'bs_reference',
        /* for changing BLOB repository file MIME type */
        'bs_db', 'bs_table', 'bs_ref', 'bs_new_mime_type',
    );
    /**
     * Require cleanup functions
     */
    include './libraries/cleanup.lib.php';
    /**
     * Do actual cleanup
     */
    PMA_remove_request_vars($allow_list);
}
/**
 * current selected database
 * @global string $GLOBALS['db']
 */
$GLOBALS['db'] = '';
if (PMA_isValid($_REQUEST['db'])) {
    // can we strip tags from this?
    // only \ and / is not allowed in db names for MySQL
    $GLOBALS['db'] = $_REQUEST['db'];
    $GLOBALS['url_params']['db'] = $GLOBALS['db'];
}
/**
 * current selected table
 * @global string $GLOBALS['table']
 */
$GLOBALS['table'] = '';
if (PMA_isValid($_REQUEST['table'])) {
    // can we strip tags from this?
    // only \ and / is not allowed in table names for MySQL
    $GLOBALS['table'] = $_REQUEST['table'];
    $GLOBALS['url_params']['table'] = $GLOBALS['table'];
}
/**
 * Store currently selected recent table.
 * Affect $GLOBALS['db'] and $GLOBALS['table']
 */
if (PMA_isValid($_REQUEST['selected_recent_table'])) {
    $recent_table = json_decode($_REQUEST['selected_recent_table'], true);
    $GLOBALS['db'] = $recent_table['db'];
    $GLOBALS['url_params']['db'] = $GLOBALS['db'];
    $GLOBALS['table'] = $recent_table['table'];
    $GLOBALS['url_params']['table'] = $GLOBALS['table'];
}
/**
 * SQL query to be executed
 * @global string $GLOBALS['sql_query']
 */
$GLOBALS['sql_query'] = '';
if (PMA_isValid($_REQUEST['sql_query'])) {
    $GLOBALS['sql_query'] = $_REQUEST['sql_query'];
}
/**
 * avoid problems in phpmyadmin.css.php in some cases
 * @global string $js_frame
 */
$_REQUEST['js_frame'] = PMA_ifSetOr($_REQUEST['js_frame'], '');
//$_REQUEST['set_theme'] // checked later in this file LABEL_theme_setup
//$_REQUEST['server']; // checked later in this file
//$_REQUEST['lang'];   // checked by LABEL_loading_language_file
/**
 * holds name of JavaScript files to be included in HTML header
 * @global array $js_include
 */
$GLOBALS['js_include'] = array();
$GLOBALS['js_include'][] = 'jquery/jquery-1.6.2.js';
$GLOBALS['js_include'][] = 'jquery/jquery-ui-1.8.16.custom.js';
$GLOBALS['js_include'][] = 'update-location.js';
/**
 * holds an array of javascript code snippets to be included in the HTML header
 * Can be used with PMA_AddJSCode() to pass on js variables to the browser.
 * @global array $js_script
 */
$GLOBALS['js_script'] = array();
/**
 * Add common jQuery functions script here if necessary.
 */
/**
 * JavaScript events that will be registered
 * @global array $js_events
 */
$GLOBALS['js_events'] = array();
/**
 * footnotes to be displayed ot the page bottom
 * @global array $footnotes
 */
$GLOBALS['footnotes'] = array();
/******************************************************************************/
/* loading language file                       LABEL_loading_language_file    */
/**
 * lang detection is done here
 */
require './libraries/select_lang.lib.php';
/**
 * check for errors occurred while loading configuration
 * this check is done here after loading language files to present errors in locale
 */
$GLOBALS['PMA_Config']->checkPermissions();
if ($GLOBALS['PMA_Config']->error_config_file) {
    $error = '