diff options
| author | Madhura Jayaratne <madhura.cj@gmail.com> | 2018-07-22 11:45:00 +0300 |
|---|---|---|
| committer | MaurĂcio Meneghini Fauth <mauriciofauth@gmail.com> | 2018-11-11 01:48:58 +0300 |
| commit | 35d87e607227c4ea0d1613ad39c5bca75b726fca (patch) | |
| tree | 700ec95cf63cc5a2f7638bbd8b59c971bed1e8c8 /server_privileges.php | |
| parent | 2a749337bf9e1319f5d0bc62aae3f79f8f9080d0 (diff) | |
Retrieve parameters from $_POST in user/Privileges pages
Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
Diffstat (limited to 'server_privileges.php')
| -rw-r--r-- | server_privileges.php | 61 |
1 files changed, 30 insertions, 31 deletions
diff --git a/server_privileges.php b/server_privileges.php index 025000877f..2d5bf64427 100644 --- a/server_privileges.php +++ b/server_privileges.php @@ -37,8 +37,8 @@ $scripts = $header->getScripts(); $scripts->addFile('server_privileges.js'); $scripts->addFile('vendor/zxcvbn.js'); -if ((isset($_REQUEST['viewing_mode']) - && $_REQUEST['viewing_mode'] == 'server') +if ((isset($_GET['viewing_mode']) + && $_GET['viewing_mode'] == 'server') && $GLOBALS['cfgRelation']['menuswork'] ) { $response->addHTML('<div>'); @@ -156,8 +156,8 @@ if (! $GLOBALS['is_grantuser'] && !$GLOBALS['is_createuser']) { * Checks if the user is using "Change Login Information / Copy User" dialog * only to update the password */ -if (isset($_REQUEST['change_copy']) && $username == $_REQUEST['old_username'] - && $hostname == $_REQUEST['old_hostname'] +if (isset($_POST['change_copy']) && $username == $_POST['old_username'] + && $hostname == $_POST['old_hostname'] ) { $response->addHTML( Message::error( @@ -202,7 +202,7 @@ if (isset($ret_message)) { /** * Changes / copies a user, part III */ -if (isset($_REQUEST['change_copy'])) { +if (isset($_POST['change_copy'])) { $queries = Privileges::getDbSpecificPrivsQueriesForChangeOrCopyUser( $queries, $username, $hostname ); @@ -247,17 +247,17 @@ if (! empty($_POST['update_privs'])) { /** * Assign users to user groups */ -if (! empty($_REQUEST['changeUserGroup']) && $cfgRelation['menuswork'] +if (! empty($_POST['changeUserGroup']) && $cfgRelation['menuswork'] && $GLOBALS['dbi']->isSuperuser() && $GLOBALS['is_createuser'] ) { - Privileges::setUserGroup($username, $_REQUEST['userGroup']); + Privileges::setUserGroup($username, $_POST['userGroup']); $message = Message::success(); } /** * Revokes Privileges */ -if (isset($_REQUEST['revokeall'])) { +if (isset($_POST['revokeall'])) { list ($message, $sql_query) = Privileges::getMessageAndSqlQueryForPrivilegesRevoke( (isset($dbname) ? $dbname : ''), (isset($tablename) @@ -272,7 +272,7 @@ if (isset($_REQUEST['revokeall'])) { /** * Updates the password */ -if (isset($_REQUEST['change_pw'])) { +if (isset($_POST['change_pw'])) { $message = Privileges::updatePassword( $err_url, $username, $hostname ); @@ -282,11 +282,11 @@ if (isset($_REQUEST['change_pw'])) { * Deletes users * (Changes / copies a user, part IV) */ -if (isset($_REQUEST['delete']) - || (isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4) +if (isset($_POST['delete']) + || (isset($_POST['change_copy']) && $_POST['mode'] < 4) ) { $queries = Privileges::getDataForDeleteUsers($queries); - if (empty($_REQUEST['change_copy'])) { + if (empty($_POST['change_copy'])) { list($sql_query, $message) = Privileges::deleteUser($queries); } } @@ -294,7 +294,7 @@ if (isset($_REQUEST['delete']) /** * Changes / copies a user, part V */ -if (isset($_REQUEST['change_copy'])) { +if (isset($_POST['change_copy'])) { $queries = Privileges::getDataForQueries($queries, $queries_for_display); $message = Message::success(); $sql_query = join("\n", $queries); @@ -315,14 +315,13 @@ if (isset($message_ret)) { */ if ($response->isAjax() && empty($_REQUEST['ajax_page_request']) - && ! isset($_REQUEST['export']) - && (! isset($_REQUEST['submit_mult']) || $_REQUEST['submit_mult'] != 'export') - && ((! isset($_REQUEST['initial']) || $_REQUEST['initial'] === null - || $_REQUEST['initial'] === '') - || (isset($_REQUEST['delete']) && $_REQUEST['delete'] === __('Go'))) - && ! isset($_REQUEST['showall']) - && ! isset($_REQUEST['edit_user_group_dialog']) - && ! isset($_REQUEST['db_specific']) + && ! isset($_GET['export']) + && (! isset($_POST['submit_mult']) || $_POST['submit_mult'] != 'export') + && ((! isset($_GET['initial']) || $_GET['initial'] === null + || $_GET['initial'] === '') + || (isset($_POST['delete']) && $_POST['delete'] === __('Go'))) + && ! isset($_GET['showall']) + && ! isset($_GET['edit_user_group_dialog']) ) { $extra_data = Privileges::getExtraDataForAjaxBehavior( (isset($password) ? $password : ''), @@ -342,8 +341,8 @@ if ($response->isAjax() /** * Displays the links */ -if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') { - $GLOBALS['db'] = $_REQUEST['db'] = $_REQUEST['checkprivsdb']; +if (isset($_GET['viewing_mode']) && $_GET['viewing_mode'] == 'db') { + $GLOBALS['db'] = $_REQUEST['db'] = $_GET['checkprivsdb']; $url_query .= '&goto=db_operations.php'; @@ -384,8 +383,8 @@ $response->addHTML( ); // export user definition -if (isset($_REQUEST['export']) - || (isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export') +if (isset($_GET['export']) + || (isset($_POST['submit_mult']) && $_POST['submit_mult'] == 'export') ) { list($title, $export) = Privileges::getListForExportUserDefinition( isset($username) ? $username : null, @@ -403,23 +402,23 @@ if (isset($_REQUEST['export']) } } -if (isset($_REQUEST['adduser'])) { +if (isset($_GET['adduser'])) { // Add user $response->addHTML( Privileges::getHtmlForAddUser((isset($dbname) ? $dbname : '')) ); -} elseif (isset($_REQUEST['checkprivsdb'])) { - if (isset($_REQUEST['checkprivstable'])) { +} elseif (isset($_GET['checkprivsdb'])) { + if (isset($_GET['checkprivstable'])) { // check the privileges for a particular table. $response->addHTML( Privileges::getHtmlForSpecificTablePrivileges( - $_REQUEST['checkprivsdb'], $_REQUEST['checkprivstable'] + $_GET['checkprivsdb'], $_GET['checkprivstable'] ) ); } else { // check the privileges for a particular database. $response->addHTML( - Privileges::getHtmlForSpecificDbPrivileges($_REQUEST['checkprivsdb']) + Privileges::getHtmlForSpecificDbPrivileges($_GET['checkprivsdb']) ); } } else { @@ -464,7 +463,7 @@ if (isset($_REQUEST['adduser'])) { } } -if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server') +if ((isset($_GET['viewing_mode']) && $_GET['viewing_mode'] == 'server') && $GLOBALS['cfgRelation']['menuswork'] ) { $response->addHTML('</div>'); |