diff options
author | Sebastian Mendel <cybot_tm@users.sourceforge.net> | 2007-09-27 11:38:35 +0400 |
---|---|---|
committer | Sebastian Mendel <cybot_tm@users.sourceforge.net> | 2007-09-27 11:38:35 +0400 |
commit | 7ccb38b66aa67db895b24dfca1df1007ef7cc812 (patch) | |
tree | ce5a017df31c85083dff256c1ac70f6ea6bb8fd7 /tbl_row_action.php | |
parent | e0b45f38e89088f1151c236340e2b841b673c299 (diff) |
superglobalized;
do not urldecode;
Diffstat (limited to 'tbl_row_action.php')
-rw-r--r-- | tbl_row_action.php | 72 |
1 files changed, 46 insertions, 26 deletions
diff --git a/tbl_row_action.php b/tbl_row_action.php index 584121412e..50626f105c 100644 --- a/tbl_row_action.php +++ b/tbl_row_action.php @@ -1,10 +1,19 @@ <?php /* vim: set expandtab sw=4 ts=4 sts=4: */ /** + * handle row specifc actions like edit, delete, export * * @version $Id$ */ + +/** + * do not globalize/import request variables + * can only be enabled if all included files are switched superglobals too + * but leave this here to show that this file is 'superglobalized' +define('PMA_NO_VARIABLES_IMPORT', true); + */ + /** * */ @@ -14,29 +23,28 @@ require_once './libraries/mysql_charsets.lib.php'; /** * No rows were selected => show again the query and tell that user. */ -if ((!isset($rows_to_delete) || !is_array($rows_to_delete)) && !isset($mult_btn)) { +if (! PMA_isValid($_REQUEST['rows_to_delete'], 'array') + && ! isset($_REQUEST['mult_btn'])) { $disp_message = $strNoRowsSelected; $disp_query = ''; require './sql.php'; require_once './libraries/footer.inc.php'; } -/** - * Drop multiple rows if required - */ - +if (isset($_REQUEST['submit_mult'])) { + $submit_mult = $_REQUEST['submit_mult']; // workaround for IE problem: -if (isset($submit_mult_delete_x)) { +} elseif (isset($_REQUEST['submit_mult_delete_x'])) { $submit_mult = 'row_delete'; -} elseif (isset($submit_mult_change_x)) { +} elseif (isset($_REQUEST['submit_mult_change_x'])) { $submit_mult = 'row_edit'; -} elseif (isset($submit_mult_export_x)) { +} elseif (isset($_REQUEST['submit_mult_export_x'])) { $submit_mult = 'row_export'; } -// garvin: If the 'Ask for confirmation' button was pressed, this can only come from 'delete' mode, -// so we set it straight away. -if (isset($mult_btn)) { +// garvin: If the 'Ask for confirmation' button was pressed, this can only come +// from 'delete' mode, so we set it straight away. +if (isset($_REQUEST['mult_btn'])) { $submit_mult = 'row_delete'; } @@ -75,12 +83,18 @@ require_once './libraries/header.inc.php'; if (!empty($submit_mult)) { switch($submit_mult) { case 'row_edit': + // garvin: As we got the fields to be edited from the 'rows_to_delete' + // checkbox, we use the index of it as the + // indicating primary key. Then we built the array which is used for + // the tbl_change.php script. + /** + * urldecode should not be needed here $primary_key = array(); - // garvin: As we got the fields to be edited from the 'rows_to_delete' checkbox, we use the index of it as the - // indicating primary key. Then we built the array which is used for the tbl_change.php script. - foreach ($rows_to_delete AS $i_primary_key => $del_query) { + foreach ($_REQUEST['rows_to_delete'] as $i_primary_key => $del_query) { $primary_key[] = urldecode($i_primary_key); } + */ + $primary_key = array_keys($_REQUEST['rows_to_delete']); $active_page = 'tbl_change.php'; include './tbl_change.php'; @@ -90,13 +104,19 @@ if (!empty($submit_mult)) { // Needed to allow SQL export $single_table = TRUE; - $primary_key = array(); //$sql_query = urldecode($sql_query); - // garvin: As we got the fields to be edited from the 'rows_to_delete' checkbox, we use the index of it as the - // indicating primary key. Then we built the array which is used for the tbl_change.php script. - foreach ($rows_to_delete AS $i_primary_key => $del_query) { + // garvin: As we got the fields to be edited from the 'rows_to_delete' + // checkbox, we use the index of it as the + // indicating primary key. Then we built the array which is used for + // the tbl_change.php script. + /** + * urldecode should not be needed here + $primary_key = array(); + foreach ($_REQUEST['rows_to_delete'] as $i_primary_key => $del_query) { $primary_key[] = urldecode($i_primary_key); } + */ + $primary_key = array_keys($_REQUEST['rows_to_delete']); $active_page = 'tbl_export.php'; include './tbl_export.php'; @@ -105,21 +125,22 @@ if (!empty($submit_mult)) { case 'row_delete': default: $action = 'tbl_row_action.php'; - $err_url = 'tbl_row_action.php?' . PMA_generate_common_url($db, $table); - if (! isset($mult_btn)) { + $err_url = 'tbl_row_action.php' . PMA_generate_common_url($GLOBALS['url_params']); + if (! isset($_REQUEST['mult_btn'])) { $original_sql_query = $sql_query; $original_url_query = $url_query; } require './libraries/mult_submits.inc.php'; - $url_query = PMA_generate_common_url($db, $table) - . '&goto=tbl_sql.php'; + $_url_params = $GLOBALS['url_params']; + $_url_params['goto'] = 'tbl_sql.php'; + $url_query = PMA_generate_common_url($_url_params); /** * Show result of multi submit operation */ // sql_query is not set when user does not confirm multi-delete - if ((!empty($submit_mult) || isset($mult_btn)) && ! empty($sql_query)) { + if ((!empty($submit_mult) || isset($_REQUEST['mult_btn'])) && ! empty($sql_query)) { $disp_message = $strSuccess; $disp_query = $sql_query; } @@ -134,8 +155,7 @@ if (!empty($submit_mult)) { // this is because sql.php could call tbl_structure // which would think it needs to call mult_submits.inc.php: - unset($submit_mult); - unset($mult_btn); + unset($submit_mult, $_REQUEST['mult_btn']); $active_page = 'sql.php'; require './sql.php'; @@ -144,7 +164,7 @@ if (!empty($submit_mult)) { * Displays the footer */ require_once './libraries/footer.inc.php'; - break; + break; } } ?> |