Replace $_POST with ServerRequest object in Table\OperationsController

Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>

2 files changed, 51 insertions, 49 deletions

diff --git a/libraries/classes/Controllers/Table/OperationsController.php b/libraries/classes/Controllers/Table/OperationsController.php
index e0cf459d11..10d83dd87d 100644
--- a/libraries/classes/Controllers/Table/OperationsController.php
+++ b/libraries/classes/Controllers/Table/OperationsController.php
@@ -27,6 +27,8 @@ use PhpMyAdmin\Util;
 use function __;
 use function count;
 use function implode;
+use function is_array;
+use function is_string;
 use function mb_strstr;
 use function mb_strtolower;
 use function mb_strtoupper;
@@ -161,7 +163,7 @@ class OperationsController extends AbstractController
         /**
          * If the table has to be moved to some other database
          */
-        if (isset($_POST['submit_move']) || isset($_POST['submit_copy'])) {
+        if ($request->hasBodyParam('submit_move') || $request->hasBodyParam('submit_copy')) {
             $message = $this->operations->moveOrCopyTable($GLOBALS['db'], $GLOBALS['table']);
 
             if (! $this->response->isAjax()) {
@@ -171,8 +173,10 @@ class OperationsController extends AbstractController
             $this->response->addJSON('message', $message);
 
             if ($message->isSuccess()) {
-                if (isset($_POST['submit_move'], $_POST['target_db'])) {
-                    $GLOBALS['db'] = $_POST['target_db'];// Used in Header::getJsParams()
+                /** @var mixed $targetDbParam */
+                $targetDbParam = $request->getParsedBodyParam('target_db');
+                if ($request->hasBodyParam('submit_move') && is_string($targetDbParam)) {
+                    $GLOBALS['db'] = $targetDbParam; // Used in Header::getJsParams()
                 }
 
                 $this->response->addJSON('db', $GLOBALS['db']);
@@ -188,27 +192,31 @@ class OperationsController extends AbstractController
         /**
          * Updates table comment, type and options if required
          */
-        if (isset($_POST['submitoptions'])) {
+        if ($request->hasBodyParam('submitoptions')) {
             $_message = '';
             $GLOBALS['warning_messages'] = [];
 
-            if (isset($_POST['new_name'])) {
+            /** @var mixed $newName */
+            $newName = $request->getParsedBodyParam('new_name');
+            if (is_string($newName)) {
                 // lower_case_table_names=1 `DB` becomes `db`
                 if ($GLOBALS['lowerCaseNames']) {
-                    $_POST['new_name'] = mb_strtolower($_POST['new_name']);
+                    $newName = mb_strtolower($newName);
                 }
 
                 // Get original names before rename operation
                 $oldTable = $pma_table->getName();
                 $oldDb = $pma_table->getDbName();
 
-                if ($pma_table->rename($_POST['new_name'])) {
-                    if (isset($_POST['adjust_privileges']) && ! empty($_POST['adjust_privileges'])) {
+                if ($pma_table->rename($newName)) {
+                    if ($request->getParsedBodyParam('adjust_privileges')) {
+                        /** @var mixed $dbParam */
+                        $dbParam = $request->getParsedBodyParam('db');
                         $this->operations->adjustPrivilegesRenameOrMoveTable(
                             $oldDb,
                             $oldTable,
-                            $_POST['db'],
-                            $_POST['new_name']
+                            is_string($dbParam) ? $dbParam : '',
+                            $newName
                         );
                     }
 
@@ -226,11 +234,13 @@ class OperationsController extends AbstractController
                 }
             }
 
+            /** @var mixed $newTableStorageEngine */
+            $newTableStorageEngine = $request->getParsedBodyParam('new_tbl_storage_engine');
             if (
-                ! empty($_POST['new_tbl_storage_engine'])
-                && mb_strtoupper($_POST['new_tbl_storage_engine']) !== $GLOBALS['tbl_storage_engine']
+                is_string($newTableStorageEngine) && $newTableStorageEngine !== ''
+                && mb_strtoupper($newTableStorageEngine) !== $GLOBALS['tbl_storage_engine']
             ) {
-                $GLOBALS['new_tbl_storage_engine'] = mb_strtoupper($_POST['new_tbl_storage_engine']);
+                $GLOBALS['new_tbl_storage_engine'] = mb_strtoupper($newTableStorageEngine);
 
                 if ($pma_table->isEngine('ARIA')) {
                     $GLOBALS['create_options']['transactional'] = ($GLOBALS['create_options']['transactional'] ?? '')
@@ -267,15 +277,20 @@ class OperationsController extends AbstractController
                 $GLOBALS['warning_messages'] = $this->operations->getWarningMessagesArray();
             }
 
-            if (! empty($_POST['tbl_collation']) && ! empty($_POST['change_all_collations'])) {
+            /** @var mixed $tableCollationParam */
+            $tableCollationParam = $request->getParsedBodyParam('tbl_collation');
+            if (
+                is_string($tableCollationParam) && $tableCollationParam !== ''
+                && $request->getParsedBodyParam('change_all_collations')
+            ) {
                 $this->operations->changeAllColumnsCollation(
                     $GLOBALS['db'],
                     $GLOBALS['table'],
-                    $_POST['tbl_collation']
+                    $tableCollationParam
                 );
             }
 
-            if (isset($_POST['tbl_collation']) && empty($_POST['tbl_collation'])) {
+            if ($tableCollationParam !== null && (! is_string($tableCollationParam) || $tableCollationParam === '')) {
                 if ($this->response->isAjax()) {
                     $this->response->setRequestStatus(false);
                     $this->response->addJSON(
@@ -288,26 +303,38 @@ class OperationsController extends AbstractController
             }
         }
 
+        /** @var mixed $orderField */
+        $orderField = $request->getParsedBodyParam('order_field');
+
         /**
          * Reordering the table has been requested by the user
          */
-        if (isset($_POST['submitorderby']) && ! empty($_POST['order_field'])) {
+        if ($request->hasBodyParam('submitorderby') && is_string($orderField) && $orderField !== '') {
+            /** @var mixed $orderOrder */
+            $orderOrder = $request->getParsedBodyParam('order_order');
             $GLOBALS['sql_query'] = QueryGenerator::getQueryForReorderingTable(
                 $GLOBALS['table'],
-                urldecode($_POST['order_field']),
-                $_POST['order_order'] ?? null
+                urldecode($orderField),
+                is_string($orderOrder) ? $orderOrder : ''
             );
             $GLOBALS['result'] = $this->dbi->query($GLOBALS['sql_query']);
         }
 
+        /** @var mixed $partitionOperation */
+        $partitionOperation = $request->getParsedBodyParam('partition_operation');
+
         /**
          * A partition operation has been requested by the user
          */
-        if (isset($_POST['submit_partition']) && ! empty($_POST['partition_operation'])) {
+        if (
+            $request->hasBodyParam('submit_partition') && is_string($partitionOperation) && $partitionOperation !== ''
+        ) {
+            /** @var mixed $partitionNames */
+            $partitionNames = $request->getParsedBodyParam('partition_name');
             $GLOBALS['sql_query'] = QueryGenerator::getQueryForPartitioningTable(
                 $GLOBALS['table'],
-                $_POST['partition_operation'],
-                $_POST['partition_name']
+                $partitionOperation,
+                is_array($partitionNames) ? $partitionNames : []
             );
             $GLOBALS['result'] = $this->dbi->query($GLOBALS['sql_query']);
         }
diff --git a/psalm-baseline.xml b/psalm-baseline.xml
index 6fc90734b9..832def3006 100644
--- a/psalm-baseline.xml
+++ b/psalm-baseline.xml
@@ -3571,9 +3571,6 @@
     </PossiblyInvalidOperand>
   </file>
   <file src="libraries/classes/Controllers/Table/OperationsController.php">
-    <InvalidArgument occurrences="1">
-      <code>$_POST['partition_name']</code>
-    </InvalidArgument>
     <MixedArgument occurrences="7">
       <code>$GLOBALS['create_options']['pack_keys']</code>
       <code>$GLOBALS['create_options']['page_checksum'] ?? ''</code>
@@ -3583,8 +3580,9 @@
       <code>$_message</code>
       <code>$_message</code>
     </MixedArgument>
-    <MixedArgumentTypeCoercion occurrences="1">
+    <MixedArgumentTypeCoercion occurrences="2">
       <code>$GLOBALS['table_alters']</code>
+      <code>is_array($partitionNames) ? $partitionNames : []</code>
     </MixedArgumentTypeCoercion>
     <MixedArrayAccess occurrences="1">
       <code>$GLOBALS['showtable']['Row_format']</code>
@@ -3622,29 +3620,6 @@
     <MixedMethodCall occurrences="1">
       <code>getList</code>
     </MixedMethodCall>
-    <PossiblyInvalidArgument occurrences="10">
-      <code>$_POST['db']</code>
-      <code>$_POST['new_name']</code>
-      <code>$_POST['new_name']</code>
-      <code>$_POST['new_name']</code>
-      <code>$_POST['new_tbl_storage_engine']</code>
-      <code>$_POST['new_tbl_storage_engine']</code>
-      <code>$_POST['order_field']</code>
-      <code>$_POST['order_order'] ?? null</code>
-      <code>$_POST['partition_operation']</code>
-      <code>$_POST['tbl_collation']</code>
-    </PossiblyInvalidArgument>
-    <PossiblyInvalidCast occurrences="9">
-      <code>$_POST['db']</code>
-      <code>$_POST['new_name']</code>
-      <code>$_POST['new_name']</code>
-      <code>$_POST['new_name']</code>
-      <code>$_POST['new_tbl_storage_engine']</code>
-      <code>$_POST['new_tbl_storage_engine']</code>
-      <code>$_POST['order_field']</code>
-      <code>$_POST['partition_operation']</code>
-      <code>$_POST['tbl_collation']</code>
-    </PossiblyInvalidCast>
   </file>
   <file src="libraries/classes/Controllers/Table/Partition/AnalyzeController.php">
     <MixedArgument occurrences="1">