Refactor Export::processExportSchema() to use DatabaseName object

Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>

4 files changed, 15 insertions, 39 deletions

diff --git a/libraries/classes/Controllers/SchemaExportController.php b/libraries/classes/Controllers/SchemaExportController.php
index 7a9d26b726..3a935fe7f2 100644
--- a/libraries/classes/Controllers/SchemaExportController.php
+++ b/libraries/classes/Controllers/SchemaExportController.php
@@ -4,6 +4,7 @@ declare(strict_types=1);
 
 namespace PhpMyAdmin\Controllers;
 
+use PhpMyAdmin\Dbal\DatabaseName;
 use PhpMyAdmin\Export;
 use PhpMyAdmin\Html\MySQLDocumentation;
 use PhpMyAdmin\Http\ServerRequest;
@@ -12,6 +13,7 @@ use PhpMyAdmin\ResponseRenderer;
 use RuntimeException;
 
 use function __;
+use function is_string;
 
 /**
  * Schema export handler
@@ -32,8 +34,11 @@ class SchemaExportController
 
     public function __invoke(ServerRequest $request): void
     {
-        if (! $request->hasBodyParam('export_type')) {
-            $errorMessage = __('Missing parameter:') . ' export_type'
+        $db = DatabaseName::tryFromValue($request->getParsedBodyParam('db'));
+        /** @var mixed $exportType */
+        $exportType = $request->getParsedBodyParam('export_type');
+        if ($db === null || ! is_string($exportType) || $exportType === '') {
+            $errorMessage = __('Missing parameter:') . ($db === null ? ' db' : ' export_type')
                 . MySQLDocumentation::showDocumentation('faq', 'faqmissingparameters', true)
                 . '[br]';
             $this->response->setRequestStatus(false);
@@ -43,11 +48,10 @@ class SchemaExportController
         }
 
         /**
-         * Include the appropriate Schema Class depending on $export_type
-         * default is PDF
+         * Include the appropriate Schema Class depending on $exportType, default is PDF.
          */
         try {
-            $this->export->processExportSchema($request->getParsedBodyParam('export_type'));
+            $this->export->processExportSchema($db, $exportType);
         } catch (RuntimeException $exception) {
             $this->response->setRequestStatus(false);
             $this->response->addHTML(Message::error($exception->getMessage())->getDisplay());
diff --git a/libraries/classes/Export.php b/libraries/classes/Export.php
index 166ced3026..ed1418fd3f 100644
--- a/libraries/classes/Export.php
+++ b/libraries/classes/Export.php
@@ -1240,22 +1240,19 @@ class Export
      * get all the export options and verify
      * call and include the appropriate Schema Class depending on $export_type
      *
-     * @param string|null $exportType format of the export
+     * @param non-empty-string $exportType format of the export
      */
-    public function processExportSchema(?string $exportType): void
+    public function processExportSchema(DatabaseName $db, string $exportType): void
     {
         /**
          * default is PDF, otherwise validate it's only letters a-z
          */
-        if (! isset($exportType) || ! preg_match('/^[a-zA-Z]+$/', $exportType)) {
+        if (! preg_match('/^[a-zA-Z]+$/', $exportType)) {
             $exportType = 'pdf';
         }
 
-        // sanitize this parameter which will be used below in a file inclusion
-        $exportType = Core::securePath($exportType);
-
         // get the specific plugin
-        /** @var SchemaPlugin $exportPlugin */
+        /** @var SchemaPlugin|null $exportPlugin */
         $exportPlugin = Plugins::getPlugin('schema', $exportType);
 
         // Check schema export type
@@ -1263,8 +1260,8 @@ class Export
             throw new RuntimeException(__('Bad type!'));
         }
 
-        $this->dbi->selectDb($_POST['db']);
-        $exportPlugin->exportSchema($_POST['db']);
+        $this->dbi->selectDb($db);
+        $exportPlugin->exportSchema($db->getName());
     }
 
     private function getHTMLForRefreshButton(string $exportType): string
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
index c743ec8820..6eacfd4fa9 100644
--- a/phpstan-baseline.neon
+++ b/phpstan-baseline.neon
@@ -1391,11 +1391,6 @@ parameters:
 			path: libraries/classes/Controllers/Preferences/ManageController.php
 
 		-
-			message: "#^Parameter \\#1 \\$exportType of method PhpMyAdmin\\\\Export\\:\\:processExportSchema\\(\\) expects string\\|null, mixed given\\.$#"
-			count: 1
-			path: libraries/classes/Controllers/SchemaExportController.php
-
-		-
 			message: "#^Cannot cast mixed to int\\.$#"
 			count: 1
 			path: libraries/classes/Controllers/Server/BinlogController.php
@@ -3516,11 +3511,6 @@ parameters:
 			path: libraries/classes/Export.php
 
 		-
-			message: "#^Strict comparison using \\=\\=\\= between PhpMyAdmin\\\\Plugins\\\\SchemaPlugin and null will always evaluate to false\\.$#"
-			count: 1
-			path: libraries/classes/Export.php
-
-		-
 			message: "#^Method PhpMyAdmin\\\\Export\\\\Options\\:\\:getDatabasesForSelectOptions\\(\\) return type has no value type specified in iterable type array\\.$#"
 			count: 1
 			path: libraries/classes/Export/Options.php
diff --git a/psalm-baseline.xml b/psalm-baseline.xml
index 26c795e106..18e939868a 100644
--- a/psalm-baseline.xml
+++ b/psalm-baseline.xml
@@ -2577,11 +2577,6 @@
       <code>$_POST['2fa_configure']</code>
     </PossiblyInvalidCast>
   </file>
-  <file src="libraries/classes/Controllers/SchemaExportController.php">
-    <MixedArgument occurrences="1">
-      <code>$request-&gt;getParsedBodyParam('export_type')</code>
-    </MixedArgument>
-  </file>
   <file src="libraries/classes/Controllers/Server/BinlogController.php">
     <MixedArgument occurrences="2">
       <code>$log</code>
@@ -6598,9 +6593,6 @@
     </PossiblyUndefinedArrayOffset>
   </file>
   <file src="libraries/classes/Export.php">
-    <DocblockTypeContradiction occurrences="1">
-      <code>$exportPlugin === null</code>
-    </DocblockTypeContradiction>
     <InvalidReturnStatement occurrences="1">
       <code>$memoryLimit</code>
     </InvalidReturnStatement>
@@ -6676,13 +6668,6 @@
       <code>$tmpSelect</code>
       <code>$view</code>
     </MixedOperand>
-    <PossiblyInvalidArgument occurrences="2">
-      <code>$_POST['db']</code>
-      <code>$_POST['db']</code>
-    </PossiblyInvalidArgument>
-    <PossiblyInvalidCast occurrences="1">
-      <code>$_POST['db']</code>
-    </PossiblyInvalidCast>
     <PossiblyNullArgument occurrences="1">
       <code>$GLOBALS['file_handle']</code>
     </PossiblyNullArgument>