diff options
author | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2022-11-09 08:05:21 +0300 |
---|---|---|
committer | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2022-11-09 08:11:16 +0300 |
commit | a0e4afff04f52e31b351fe30efa7c003f23962fc (patch) | |
tree | dab520656b817c2ec86080875bdf113a9a1aae31 | |
parent | 1be99c9e3104bb458498405b134429096939ea44 (diff) |
Replace $_POST with ServerRequest object in Table\OperationsController
Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
-rw-r--r-- | libraries/classes/Controllers/Table/OperationsController.php | 71 | ||||
-rw-r--r-- | psalm-baseline.xml | 29 |
2 files changed, 51 insertions, 49 deletions
diff --git a/libraries/classes/Controllers/Table/OperationsController.php b/libraries/classes/Controllers/Table/OperationsController.php index e0cf459d11..10d83dd87d 100644 --- a/libraries/classes/Controllers/Table/OperationsController.php +++ b/libraries/classes/Controllers/Table/OperationsController.php @@ -27,6 +27,8 @@ use PhpMyAdmin\Util; use function __; use function count; use function implode; +use function is_array; +use function is_string; use function mb_strstr; use function mb_strtolower; use function mb_strtoupper; @@ -161,7 +163,7 @@ class OperationsController extends AbstractController /** * If the table has to be moved to some other database */ - if (isset($_POST['submit_move']) || isset($_POST['submit_copy'])) { + if ($request->hasBodyParam('submit_move') || $request->hasBodyParam('submit_copy')) { $message = $this->operations->moveOrCopyTable($GLOBALS['db'], $GLOBALS['table']); if (! $this->response->isAjax()) { @@ -171,8 +173,10 @@ class OperationsController extends AbstractController $this->response->addJSON('message', $message); if ($message->isSuccess()) { - if (isset($_POST['submit_move'], $_POST['target_db'])) { - $GLOBALS['db'] = $_POST['target_db'];// Used in Header::getJsParams() + /** @var mixed $targetDbParam */ + $targetDbParam = $request->getParsedBodyParam('target_db'); + if ($request->hasBodyParam('submit_move') && is_string($targetDbParam)) { + $GLOBALS['db'] = $targetDbParam; // Used in Header::getJsParams() } $this->response->addJSON('db', $GLOBALS['db']); @@ -188,27 +192,31 @@ class OperationsController extends AbstractController /** * Updates table comment, type and options if required */ - if (isset($_POST['submitoptions'])) { + if ($request->hasBodyParam('submitoptions')) { $_message = ''; $GLOBALS['warning_messages'] = []; - if (isset($_POST['new_name'])) { + /** @var mixed $newName */ + $newName = $request->getParsedBodyParam('new_name'); + if (is_string($newName)) { // lower_case_table_names=1 `DB` becomes `db` if ($GLOBALS['lowerCaseNames']) { - $_POST['new_name'] = mb_strtolower($_POST['new_name']); + $newName = mb_strtolower($newName); } // Get original names before rename operation $oldTable = $pma_table->getName(); $oldDb = $pma_table->getDbName(); - if ($pma_table->rename($_POST['new_name'])) { - if (isset($_POST['adjust_privileges']) && ! empty($_POST['adjust_privileges'])) { + if ($pma_table->rename($newName)) { + if ($request->getParsedBodyParam('adjust_privileges')) { + /** @var mixed $dbParam */ + $dbParam = $request->getParsedBodyParam('db'); $this->operations->adjustPrivilegesRenameOrMoveTable( $oldDb, $oldTable, - $_POST['db'], - $_POST['new_name'] + is_string($dbParam) ? $dbParam : '', + $newName ); } @@ -226,11 +234,13 @@ class OperationsController extends AbstractController } } + /** @var mixed $newTableStorageEngine */ + $newTableStorageEngine = $request->getParsedBodyParam('new_tbl_storage_engine'); if ( - ! empty($_POST['new_tbl_storage_engine']) - && mb_strtoupper($_POST['new_tbl_storage_engine']) !== $GLOBALS['tbl_storage_engine'] + is_string($newTableStorageEngine) && $newTableStorageEngine !== '' + && mb_strtoupper($newTableStorageEngine) !== $GLOBALS['tbl_storage_engine'] ) { - $GLOBALS['new_tbl_storage_engine'] = mb_strtoupper($_POST['new_tbl_storage_engine']); + $GLOBALS['new_tbl_storage_engine'] = mb_strtoupper($newTableStorageEngine); if ($pma_table->isEngine('ARIA')) { $GLOBALS['create_options']['transactional'] = ($GLOBALS['create_options']['transactional'] ?? '') @@ -267,15 +277,20 @@ class OperationsController extends AbstractController $GLOBALS['warning_messages'] = $this->operations->getWarningMessagesArray(); } - if (! empty($_POST['tbl_collation']) && ! empty($_POST['change_all_collations'])) { + /** @var mixed $tableCollationParam */ + $tableCollationParam = $request->getParsedBodyParam('tbl_collation'); + if ( + is_string($tableCollationParam) && $tableCollationParam !== '' + && $request->getParsedBodyParam('change_all_collations') + ) { $this->operations->changeAllColumnsCollation( $GLOBALS['db'], $GLOBALS['table'], - $_POST['tbl_collation'] + $tableCollationParam ); } - if (isset($_POST['tbl_collation']) && empty($_POST['tbl_collation'])) { + if ($tableCollationParam !== null && (! is_string($tableCollationParam) || $tableCollationParam === '')) { if ($this->response->isAjax()) { $this->response->setRequestStatus(false); $this->response->addJSON( @@ -288,26 +303,38 @@ class OperationsController extends AbstractController } } + /** @var mixed $orderField */ + $orderField = $request->getParsedBodyParam('order_field'); + /** * Reordering the table has been requested by the user */ - if (isset($_POST['submitorderby']) && ! empty($_POST['order_field'])) { + if ($request->hasBodyParam('submitorderby') && is_string($orderField) && $orderField !== '') { + /** @var mixed $orderOrder */ + $orderOrder = $request->getParsedBodyParam('order_order'); $GLOBALS['sql_query'] = QueryGenerator::getQueryForReorderingTable( $GLOBALS['table'], - urldecode($_POST['order_field']), - $_POST['order_order'] ?? null + urldecode($orderField), + is_string($orderOrder) ? $orderOrder : '' ); $GLOBALS['result'] = $this->dbi->query($GLOBALS['sql_query']); } + /** @var mixed $partitionOperation */ + $partitionOperation = $request->getParsedBodyParam('partition_operation'); + /** * A partition operation has been requested by the user */ - if (isset($_POST['submit_partition']) && ! empty($_POST['partition_operation'])) { + if ( + $request->hasBodyParam('submit_partition') && is_string($partitionOperation) && $partitionOperation !== '' + ) { + /** @var mixed $partitionNames */ + $partitionNames = $request->getParsedBodyParam('partition_name'); $GLOBALS['sql_query'] = QueryGenerator::getQueryForPartitioningTable( $GLOBALS['table'], - $_POST['partition_operation'], - $_POST['partition_name'] + $partitionOperation, + is_array($partitionNames) ? $partitionNames : [] ); $GLOBALS['result'] = $this->dbi->query($GLOBALS['sql_query']); } diff --git a/psalm-baseline.xml b/psalm-baseline.xml index 6fc90734b9..832def3006 100644 --- a/psalm-baseline.xml +++ b/psalm-baseline.xml @@ -3571,9 +3571,6 @@ </PossiblyInvalidOperand> </file> <file src="libraries/classes/Controllers/Table/OperationsController.php"> - <InvalidArgument occurrences="1"> - <code>$_POST['partition_name']</code> - </InvalidArgument> <MixedArgument occurrences="7"> <code>$GLOBALS['create_options']['pack_keys']</code> <code>$GLOBALS['create_options']['page_checksum'] ?? ''</code> @@ -3583,8 +3580,9 @@ <code>$_message</code> <code>$_message</code> </MixedArgument> - <MixedArgumentTypeCoercion occurrences="1"> + <MixedArgumentTypeCoercion occurrences="2"> <code>$GLOBALS['table_alters']</code> + <code>is_array($partitionNames) ? $partitionNames : []</code> </MixedArgumentTypeCoercion> <MixedArrayAccess occurrences="1"> <code>$GLOBALS['showtable']['Row_format']</code> @@ -3622,29 +3620,6 @@ <MixedMethodCall occurrences="1"> <code>getList</code> </MixedMethodCall> - <PossiblyInvalidArgument occurrences="10"> - <code>$_POST['db']</code> - <code>$_POST['new_name']</code> - <code>$_POST['new_name']</code> - <code>$_POST['new_name']</code> - <code>$_POST['new_tbl_storage_engine']</code> - <code>$_POST['new_tbl_storage_engine']</code> - <code>$_POST['order_field']</code> - <code>$_POST['order_order'] ?? null</code> - <code>$_POST['partition_operation']</code> - <code>$_POST['tbl_collation']</code> - </PossiblyInvalidArgument> - <PossiblyInvalidCast occurrences="9"> - <code>$_POST['db']</code> - <code>$_POST['new_name']</code> - <code>$_POST['new_name']</code> - <code>$_POST['new_name']</code> - <code>$_POST['new_tbl_storage_engine']</code> - <code>$_POST['new_tbl_storage_engine']</code> - <code>$_POST['order_field']</code> - <code>$_POST['partition_operation']</code> - <code>$_POST['tbl_collation']</code> - </PossiblyInvalidCast> </file> <file src="libraries/classes/Controllers/Table/Partition/AnalyzeController.php"> <MixedArgument occurrences="1"> |