diff options
| author | Maurício Meneghini Fauth <mauriciofauth@gmail.com> | 2018-07-14 23:24:25 +0300 |
|---|---|---|
| committer | Maurício Meneghini Fauth <mauriciofauth@gmail.com> | 2018-11-11 01:48:58 +0300 |
| commit | ad7f7fd80192bd9f7f22f4d8d9a8818dd69f3e0c (patch) | |
| tree | 3614547bf667b62fcbfb365fe7322e17c6539122 /db_tracking.php | |
| parent | 77ea7024bfa75659dea20dacb225f0d48414fd02 (diff) | |
Retrieve parameters from $_POST in tracking pages
Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>
Diffstat (limited to 'db_tracking.php')
| -rw-r--r-- | db_tracking.php | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/db_tracking.php b/db_tracking.php index 0c8724d60a..49e4048025 100644 --- a/db_tracking.php +++ b/db_tracking.php @@ -30,6 +30,8 @@ $scripts->addFile('db_tracking.js'); */ require 'libraries/db_common.inc.php'; $url_query .= '&goto=tbl_tracking.php&back=db_tracking.php'; +$url_params['goto'] = 'tbl_tracking.php'; +$url_params['back'] = 'db_tracking.php'; // Get the database structure $sub_part = '_structure'; @@ -46,47 +48,45 @@ list( $pos ) = Util::getDbInfo($db, isset($sub_part) ? $sub_part : ''); -// Work to do? -// (here, do not use $_REQUEST['db] as it can be crafted) -if (isset($_REQUEST['delete_tracking']) && isset($_REQUEST['table'])) { +if (isset($_POST['delete_tracking']) && isset($_POST['table'])) { - Tracker::deleteTracking($GLOBALS['db'], $_REQUEST['table']); + Tracker::deleteTracking($GLOBALS['db'], $_POST['table']); Message::success( __('Tracking data deleted successfully.') )->display(); -} elseif (isset($_REQUEST['submit_create_version'])) { +} elseif (isset($_POST['submit_create_version'])) { - Tracking::createTrackingForMultipleTables($_REQUEST['selected']); + Tracking::createTrackingForMultipleTables($_POST['selected']); Message::success( sprintf( __( 'Version %1$s was created for selected tables,' . ' tracking is active for them.' ), - htmlspecialchars($_REQUEST['version']) + htmlspecialchars($_POST['version']) ) )->display(); -} elseif (isset($_REQUEST['submit_mult'])) { +} elseif (isset($_POST['submit_mult'])) { - if (! empty($_REQUEST['selected_tbl'])) { - if ($_REQUEST['submit_mult'] == 'delete_tracking') { + if (! empty($_POST['selected_tbl'])) { + if ($_POST['submit_mult'] == 'delete_tracking') { - foreach ($_REQUEST['selected_tbl'] as $table) { + foreach ($_POST['selected_tbl'] as $table) { Tracker::deleteTracking($GLOBALS['db'], $table); } Message::success( __('Tracking data deleted successfully.') )->display(); - } elseif ($_REQUEST['submit_mult'] == 'track') { + } elseif ($_POST['submit_mult'] == 'track') { echo Tracking::getHtmlForDataDefinitionAndManipulationStatements( 'db_tracking.php' . $url_query, 0, $GLOBALS['db'], - $_REQUEST['selected_tbl'] + $_POST['selected_tbl'] ); exit; } @@ -98,7 +98,7 @@ if (isset($_REQUEST['delete_tracking']) && isset($_REQUEST['table'])) { } // Get tracked data about the database -$data = Tracker::getTrackedData($_REQUEST['db'], '', '1'); +$data = Tracker::getTrackedData($GLOBALS['db'], '', '1'); // No tables present and no log exist if ($num_tables == 0 && count($data['ddlog']) == 0) { @@ -118,7 +118,7 @@ $cfgRelation = $relation->getRelationsParam(); $all_tables_query = ' SELECT table_name, MAX(version) as version FROM ' . Util::backquote($cfgRelation['db']) . '.' . Util::backquote($cfgRelation['tracking']) . - ' WHERE db_name = \'' . $GLOBALS['dbi']->escapeString($_REQUEST['db']) . + ' WHERE db_name = \'' . $GLOBALS['dbi']->escapeString($GLOBALS['db']) . '\' ' . ' GROUP BY table_name' . ' ORDER BY table_name ASC'; |