diff options
author | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2022-01-11 00:39:23 +0300 |
---|---|---|
committer | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2022-01-11 00:39:23 +0300 |
commit | 02e8588404ad50ed5cc123c46bb118b199258252 (patch) | |
tree | c827f9c35ff4677b4a60becf51901b55f45c051c /libraries/classes/Html | |
parent | b1f94de32df310b01f0c89332e481e683e10af6d (diff) | |
parent | ae11d5260b4bde42100c8696218a2bfd11a2d740 (diff) |
Merge branch 'QA_4_9-security' into QA_5_1-security
Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
Diffstat (limited to 'libraries/classes/Html')
-rw-r--r-- | libraries/classes/Html/Generator.php | 47 |
1 files changed, 32 insertions, 15 deletions
diff --git a/libraries/classes/Html/Generator.php b/libraries/classes/Html/Generator.php index 78757c096a..01b2e0de00 100644 --- a/libraries/classes/Html/Generator.php +++ b/libraries/classes/Html/Generator.php @@ -653,7 +653,8 @@ class Generator $explain_params['sql_query'] = 'EXPLAIN ' . $sql_query; $explain_link = ' [ ' . self::linkOrButton( - Url::getFromRoute('/import', $explain_params), + Url::getFromRoute('/import'), + $explain_params, __('Explain SQL') ) . ' ]'; } elseif (preg_match( @@ -664,7 +665,8 @@ class Generator = mb_substr($sql_query, 8); $explain_link = ' [ ' . self::linkOrButton( - Url::getFromRoute('/import', $explain_params), + Url::getFromRoute('/import'), + $explain_params, __('Skip Explain SQL') ) . ']'; $url = 'https://mariadb.org/explain_analyzer/analyze/' @@ -673,6 +675,7 @@ class Generator $explain_link .= ' [' . self::linkOrButton( htmlspecialchars('url.php?url=' . urlencode($url)), + null, sprintf(__('Analyze Explain at %s'), 'mariadb.org'), [], '_blank', @@ -689,9 +692,8 @@ class Generator if (! empty($cfg['SQLQuery']['Edit']) && empty($GLOBALS['show_as_php']) ) { - $edit_link .= Url::getCommon($url_params, '&'); $edit_link = ' [ ' - . self::linkOrButton($edit_link, __('Edit')) + . self::linkOrButton($edit_link, $url_params, __('Edit')) . ' ]'; } else { $edit_link = ''; @@ -703,14 +705,16 @@ class Generator if (! empty($GLOBALS['show_as_php'])) { $php_link = ' [ ' . self::linkOrButton( - Url::getFromRoute('/import', $url_params), + Url::getFromRoute('/import'), + $url_params, __('Without PHP code') ) . ' ]'; $php_link .= ' [ ' . self::linkOrButton( - Url::getFromRoute('/import', $url_params), + Url::getFromRoute('/import'), + $url_params, __('Submit query') ) . ' ]'; @@ -719,7 +723,8 @@ class Generator $php_params['show_as_php'] = 1; $php_link = ' [ ' . self::linkOrButton( - Url::getFromRoute('/import', $php_params), + Url::getFromRoute('/import'), + $php_params, __('Create PHP code') ) . ' ]'; @@ -733,9 +738,9 @@ class Generator && ! isset($GLOBALS['show_as_php']) // 'Submit query' does the same && preg_match('@^(SELECT|SHOW)[[:space:]]+@i', $sql_query) ) { - $refresh_link = Url::getFromRoute('/sql', $url_params); + $refresh_link = Url::getFromRoute('/sql'); $refresh_link = ' [ ' - . self::linkOrButton($refresh_link, __('Refresh')) . ' ]'; + . self::linkOrButton($refresh_link, $url_params, __('Refresh')) . ' ]'; } else { $refresh_link = ''; } @@ -770,6 +775,7 @@ class Generator $inline_edit_link = ' [ ' . self::linkOrButton( '#', + null, _pgettext('Inline edit query', 'Edit inline'), ['class' => 'inline_edit_sql'] ) @@ -1089,21 +1095,27 @@ class Generator * - URL components are over Suhosin limits * - There is SQL query in the parameters * - * @param string $url the URL - * @param string $message the link message - * @param mixed $tag_params string: js confirmation; array: additional tag - * params (f.e. style="") - * @param string $target target + * @param string $urlPath the URL + * @param array|null $urlParams URL parameters + * @param string $message the link message + * @param mixed $tag_params string: js confirmation; array: additional tag params (f.e. style="") + * @param string $target target * * @return string the results to be echoed or saved in an array */ public static function linkOrButton( - $url, + $urlPath, + $urlParams, $message, $tag_params = [], $target = '', bool $respectUrlLengthLimit = true ): string { + $url = $urlPath; + if (is_array($urlParams)) { + $url = $urlPath . Url::getCommon($urlParams, '?', false); + } + $url_length = strlen($url); if (! is_array($tag_params)) { @@ -1165,6 +1177,11 @@ class Generator ) { $url .= '?' . explode('&', $parts[1], 2)[0]; } + } else { + $url = $urlPath; + if (is_array($urlParams)) { + $url = $urlPath . Url::getCommon($urlParams); + } } foreach ($tag_params as $par_name => $par_value) { |