Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/phpmyadmin/phpmyadmin.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--libraries/classes/Footer.php16
-rw-r--r--libraries/classes/Server/Privileges.php134
-rw-r--r--server_privileges.php61
-rw-r--r--test/classes/Server/PrivilegesTest.php64
4 files changed, 139 insertions, 136 deletions
diff --git a/libraries/classes/Footer.php b/libraries/classes/Footer.php
index a664e3b49e..7ef6a63d57 100644
--- a/libraries/classes/Footer.php
+++ b/libraries/classes/Footer.php
@@ -161,28 +161,28 @@ class Footer
'target' => $target
);
// needed for server privileges tabs
- if (isset($_REQUEST['viewing_mode'])
- && in_array($_REQUEST['viewing_mode'], array('server', 'db', 'table'))
+ if (isset($_GET['viewing_mode'])
+ && in_array($_GET['viewing_mode'], array('server', 'db', 'table'))
) {
- $params['viewing_mode'] = $_REQUEST['viewing_mode'];
+ $params['viewing_mode'] = $_GET['viewing_mode'];
}
/*
* @todo coming from server_privileges.php, here $db is not set,
* add the following condition below when that is fixed
- * && $_REQUEST['checkprivsdb'] == $db
+ * && $_GET['checkprivsdb'] == $db
*/
- if (isset($_REQUEST['checkprivsdb'])
+ if (isset($_GET['checkprivsdb'])
) {
- $params['checkprivsdb'] = $_REQUEST['checkprivsdb'];
+ $params['checkprivsdb'] = $_GET['checkprivsdb'];
}
/*
* @todo coming from server_privileges.php, here $table is not set,
* add the following condition below when that is fixed
* && $_REQUEST['checkprivstable'] == $table
*/
- if (isset($_REQUEST['checkprivstable'])
+ if (isset($_GET['checkprivstable'])
) {
- $params['checkprivstable'] = $_REQUEST['checkprivstable'];
+ $params['checkprivstable'] = $_GET['checkprivstable'];
}
if (isset($_REQUEST['single_table'])
&& in_array($_REQUEST['single_table'], array(true, false))
diff --git a/libraries/classes/Server/Privileges.php b/libraries/classes/Server/Privileges.php
index 55f72f171a..705318ab67 100644
--- a/libraries/classes/Server/Privileges.php
+++ b/libraries/classes/Server/Privileges.php
@@ -36,7 +36,7 @@ class Privileges
public static function getHtmlForUserGroupDialog($username, $is_menuswork)
{
$html = '';
- if (! empty($_REQUEST['edit_user_group_dialog']) && $is_menuswork) {
+ if (! empty($_GET['edit_user_group_dialog']) && $is_menuswork) {
$dialog = self::getHtmlToChooseUserGroup($username);
$response = Response::getInstance();
if ($response->isAjax()) {
@@ -1868,7 +1868,7 @@ class Privileges
// similar logic in user_password.php
$message = '';
- if (empty($_REQUEST['nopass'])
+ if (empty($_POST['nopass'])
&& isset($_POST['pma_pw'])
&& isset($_POST['pma_pw2'])
) {
@@ -1885,8 +1885,8 @@ class Privileges
$serverType = Util::getServerType();
$serverVersion = $GLOBALS['dbi']->getVersion();
$authentication_plugin
- = (isset($_REQUEST['authentication_plugin'])
- ? $_REQUEST['authentication_plugin']
+ = (isset($_POST['authentication_plugin'])
+ ? $_POST['authentication_plugin']
: self::getCurrentAuthenticationPlugin(
'change',
$username,
@@ -2146,7 +2146,7 @@ class Privileges
}
/**
- * Get HTML for addUsersForm, This function call if isset($_REQUEST['adduser'])
+ * Get HTML for addUsersForm, This function call if isset($_GET['adduser'])
*
* @param string $dbname database name
*
@@ -2825,9 +2825,13 @@ class Privileges
break;
}
- $html .= ' href="server_privileges.php'
- . Url::getCommon($params)
- . '">';
+ $html .= ' href="server_privileges.php';
+ if ($linktype == 'revoke') {
+ $html .= '" data-post="' . Url::getCommon($params, '');
+ } else {
+ $html .= Url::getCommon($params);
+ }
+ $html .= '">';
switch($linktype) {
case 'edit':
@@ -2949,7 +2953,7 @@ class Privileges
$extra_data['sql_query'] = Util::getMessage(null, $sql_query);
}
- if (isset($_REQUEST['change_copy'])) {
+ if (isset($_POST['change_copy'])) {
/**
* generate html on the fly for the new user that was just created.
*/
@@ -2961,7 +2965,7 @@ class Privileges
. '' . htmlspecialchars($hostname) . '" />'
. '</td>' . "\n"
. '<td><label for="checkbox_sel_users_">'
- . (empty($_REQUEST['username'])
+ . (empty($_POST['username'])
? '<span style="color: #FF0000">' . __('Any') . '</span>'
: htmlspecialchars($username) ) . '</label></td>' . "\n"
. '<td>' . htmlspecialchars($hostname) . '</td>' . "\n";
@@ -3050,9 +3054,9 @@ class Privileges
$extra_data['new_privileges'] = $new_privileges;
}
- if (isset($_REQUEST['validate_username'])) {
+ if (isset($_GET['validate_username'])) {
$sql_query = "SELECT * FROM `mysql`.`user` WHERE `User` = '"
- . $_REQUEST['username'] . "';";
+ . $_GET['username'] . "';";
$res = $GLOBALS['dbi']->query($sql_query);
$row = $GLOBALS['dbi']->fetchRow($res);
if (empty($row)) {
@@ -3362,7 +3366,7 @@ class Privileges
$foundRows = array();
$privileges = array();
- foreach ($db_rights as $row) {
+ foreach ($db_rights as $row) {error_log(print_r($row, true));
$onePrivilege = array();
$paramTableName = '';
@@ -3776,7 +3780,7 @@ class Privileges
->render(
array(
'array_initials' => $array_initials,
- 'initial' => isset($_REQUEST['initial']) ? $_REQUEST['initial'] : null,
+ 'initial' => isset($_GET['initial']) ? $_GET['initial'] : null,
)
);
@@ -3847,7 +3851,7 @@ class Privileges
if (empty($queries)) {
$message = Message::error(__('No users selected for deleting!'));
} else {
- if ($_REQUEST['mode'] == 3) {
+ if ($_POST['mode'] == 3) {
$queries[] = '# ' . __('Reloading the privileges') . ' …';
$queries[] = 'FLUSH PRIVILEGES;';
}
@@ -3958,11 +3962,11 @@ class Privileges
$queries = null;
$password = null;
- if (isset($_REQUEST['change_copy'])) {
+ if (isset($_POST['change_copy'])) {
$user_host_condition = ' WHERE `User` = '
- . "'" . $GLOBALS['dbi']->escapeString($_REQUEST['old_username']) . "'"
+ . "'" . $GLOBALS['dbi']->escapeString($_POST['old_username']) . "'"
. ' AND `Host` = '
- . "'" . $GLOBALS['dbi']->escapeString($_REQUEST['old_hostname']) . "';";
+ . "'" . $GLOBALS['dbi']->escapeString($_POST['old_hostname']) . "';";
$row = $GLOBALS['dbi']->fetchSingleRow(
'SELECT * FROM `mysql`.`user` ' . $user_host_condition
);
@@ -3971,7 +3975,7 @@ class Privileges
$response->addHTML(
Message::notice(__('No user found.'))->getDisplay()
);
- unset($_REQUEST['change_copy']);
+ unset($_POST['change_copy']);
} else {
extract($row, EXTR_OVERWRITE);
foreach ($row as $key => $value) {
@@ -4029,12 +4033,12 @@ class Privileges
*/
public static function getDataForDeleteUsers($queries)
{
- if (isset($_REQUEST['change_copy'])) {
+ if (isset($_POST['change_copy'])) {
$selected_usr = array(
- $_REQUEST['old_username'] . '&amp;#27;' . $_REQUEST['old_hostname']
+ $_POST['old_username'] . '&amp;#27;' . $_POST['old_hostname']
);
} else {
- $selected_usr = $_REQUEST['selected_usr'];
+ $selected_usr = $_POST['selected_usr'];
$queries = array();
}
@@ -4056,7 +4060,7 @@ class Privileges
. '\'@\'' . $GLOBALS['dbi']->escapeString($this_host) . '\';';
RelationCleanup::user($this_user);
- if (isset($_REQUEST['drop_users_db'])) {
+ if (isset($_POST['drop_users_db'])) {
$queries[] = 'DROP DATABASE IF EXISTS '
. Util::backquote($this_user) . ';';
$GLOBALS['reload'] = true;
@@ -4073,7 +4077,7 @@ class Privileges
public static function updateMessageForReload()
{
$message = null;
- if (isset($_REQUEST['flush_privileges'])) {
+ if (isset($_GET['flush_privileges'])) {
$sql_query = 'FLUSH PRIVILEGES;';
$GLOBALS['dbi']->query($sql_query);
$message = Message::success(
@@ -4081,7 +4085,7 @@ class Privileges
);
}
- if (isset($_REQUEST['validate_username'])) {
+ if (isset($_GET['validate_username'])) {
$message = Message::success();
}
@@ -4135,7 +4139,7 @@ class Privileges
$queries_for_display = null;
$sql_query = null;
- if (!isset($_REQUEST['adduser_submit']) && !isset($_REQUEST['change_copy'])) {
+ if (!isset($_POST['adduser_submit']) && !isset($_POST['change_copy'])) {
return array(
$message, $queries, $queries_for_display, $sql_query, $_add_user_error
);
@@ -4170,7 +4174,7 @@ class Privileges
if ($GLOBALS['dbi']->fetchValue($sql) == 1) {
$message = Message::error(__('The user %s already exists!'));
$message->addParam('[em]\'' . $username . '\'@\'' . $hostname . '\'[/em]');
- $_REQUEST['adduser'] = true;
+ $_GET['adduser'] = true;
$_add_user_error = true;
return array(
@@ -4189,7 +4193,7 @@ class Privileges
$username, $hostname, (isset($password) ? $password : '')
);
- if (empty($_REQUEST['change_copy'])) {
+ if (empty($_POST['change_copy'])) {
$_error = false;
if (isset($create_user_real)) {
@@ -4197,10 +4201,10 @@ class Privileges
$_error = true;
}
if (isset($password_set_real) && !empty($password_set_real)
- && isset($_REQUEST['authentication_plugin'])
+ && isset($_POST['authentication_plugin'])
) {
self::setProperPasswordHashing(
- $_REQUEST['authentication_plugin']
+ $_POST['authentication_plugin']
);
if ($GLOBALS['dbi']->tryQuery($password_set_real)) {
$sql_query .= $password_set_show;
@@ -4217,8 +4221,8 @@ class Privileges
$hostname,
isset($dbname) ? $dbname : null
);
- if (!empty($_REQUEST['userGroup']) && $is_menuwork) {
- self::setUserGroup($GLOBALS['username'], $_REQUEST['userGroup']);
+ if (!empty($_POST['userGroup']) && $is_menuwork) {
+ self::setUserGroup($GLOBALS['username'], $_POST['userGroup']);
}
return array(
@@ -4232,8 +4236,8 @@ class Privileges
// Copy the user group while copying a user
$old_usergroup =
- isset($_REQUEST['old_usergroup']) ? $_REQUEST['old_usergroup'] : null;
- self::setUserGroup($_REQUEST['username'], $old_usergroup);
+ isset($_POST['old_usergroup']) ? $_POST['old_usergroup'] : null;
+ self::setUserGroup($_POST['username'], $old_usergroup);
if (isset($create_user_real)) {
$queries[] = $create_user_real;
@@ -4241,10 +4245,10 @@ class Privileges
$queries[] = $real_sql_query;
if (isset($password_set_real) && ! empty($password_set_real)
- && isset($_REQUEST['authentication_plugin'])
+ && isset($_POST['authentication_plugin'])
) {
self::setProperPasswordHashing(
- $_REQUEST['authentication_plugin']
+ $_POST['authentication_plugin']
);
$queries[] = $password_set_real;
@@ -4313,25 +4317,25 @@ class Privileges
/**
* Checks if a dropdown box has been used for selecting a database / table
*/
- if (Core::isValid($_REQUEST['pred_tablename'])) {
- $tablename = $_REQUEST['pred_tablename'];
+ if (Core::isValid($_POST['pred_tablename'])) {
+ $tablename = $_POST['pred_tablename'];
} elseif (Core::isValid($_REQUEST['tablename'])) {
$tablename = $_REQUEST['tablename'];
} else {
unset($tablename);
}
- if (Core::isValid($_REQUEST['pred_routinename'])) {
- $routinename = $_REQUEST['pred_routinename'];
+ if (Core::isValid($_POST['pred_routinename'])) {
+ $routinename = $_POST['pred_routinename'];
} elseif (Core::isValid($_REQUEST['routinename'])) {
$routinename = $_REQUEST['routinename'];
} else {
unset($routinename);
}
- if (isset($_REQUEST['pred_dbname'])) {
+ if (isset($_POST['pred_dbname'])) {
$is_valid_pred_dbname = true;
- foreach ($_REQUEST['pred_dbname'] as $key => $db_name) {
+ foreach ($_POST['pred_dbname'] as $key => $db_name) {
if (! Core::isValid($db_name)) {
$is_valid_pred_dbname = false;
break;
@@ -4356,7 +4360,7 @@ class Privileges
}
if (isset($is_valid_pred_dbname) && $is_valid_pred_dbname) {
- $dbname = $_REQUEST['pred_dbname'];
+ $dbname = $_POST['pred_dbname'];
// If dbname contains only one database.
if (count($dbname) == 1) {
$dbname = $dbname[0];
@@ -4425,14 +4429,14 @@ class Privileges
{
$export = '<textarea class="export" cols="60" rows="15">';
- if (isset($_REQUEST['selected_usr'])) {
+ if (isset($_POST['selected_usr'])) {
// export privileges for selected users
$title = __('Privileges');
//For removing duplicate entries of users
- $_REQUEST['selected_usr'] = array_unique($_REQUEST['selected_usr']);
+ $_POST['selected_usr'] = array_unique($_POST['selected_usr']);
- foreach ($_REQUEST['selected_usr'] as $export_user) {
+ foreach ($_POST['selected_usr'] as $export_user) {
$export_username = mb_substr(
$export_user, 0, mb_strpos($export_user, '&')
);
@@ -4631,8 +4635,8 @@ class Privileges
" IF(`" . $password_column . "` = _latin1 '', 'N', 'Y') AS 'Password'" .
' FROM `mysql`.`user`';
- $sql_query .= (isset($_REQUEST['initial'])
- ? self::rangeOfUsers($_REQUEST['initial'])
+ $sql_query .= (isset($_GET['initial'])
+ ? self::rangeOfUsers($_GET['initial'])
: '');
$sql_query .= ' ORDER BY `User` ASC, `Host` ASC;';
@@ -4712,8 +4716,8 @@ class Privileges
* Display the user overview
* (if less than 50 users, display them immediately)
*/
- if (isset($_REQUEST['initial'])
- || isset($_REQUEST['showall'])
+ if (isset($_GET['initial'])
+ || isset($_GET['showall'])
|| $GLOBALS['dbi']->numRows($res) < 50
) {
$html_output .= self::getUsersOverview(
@@ -4895,9 +4899,9 @@ class Privileges
'SELECT `Column_name`, `Column_priv`'
. ' FROM `mysql`.`columns_priv`'
. ' WHERE `User`'
- . ' = \'' . $GLOBALS['dbi']->escapeString($_REQUEST['old_username']) . "'"
+ . ' = \'' . $GLOBALS['dbi']->escapeString($_POST['old_username']) . "'"
. ' AND `Host`'
- . ' = \'' . $GLOBALS['dbi']->escapeString($_REQUEST['old_username']) . '\''
+ . ' = \'' . $GLOBALS['dbi']->escapeString($_POST['old_username']) . '\''
. ' AND `Db`'
. ' = \'' . $GLOBALS['dbi']->escapeString($row['Db']) . "'"
. ' AND `Table_name`'
@@ -4971,9 +4975,9 @@ class Privileges
array $queries, $username, $hostname
) {
$user_host_condition = ' WHERE `User`'
- . ' = \'' . $GLOBALS['dbi']->escapeString($_REQUEST['old_username']) . "'"
+ . ' = \'' . $GLOBALS['dbi']->escapeString($_POST['old_username']) . "'"
. ' AND `Host`'
- . ' = \'' . $GLOBALS['dbi']->escapeString($_REQUEST['old_hostname']) . '\';';
+ . ' = \'' . $GLOBALS['dbi']->escapeString($_POST['old_hostname']) . '\';';
$res = $GLOBALS['dbi']->query(
'SELECT * FROM `mysql`.`db`' . $user_host_condition
@@ -5014,14 +5018,14 @@ class Privileges
if ($_error || (!empty($real_sql_query)
&& !$GLOBALS['dbi']->tryQuery($real_sql_query))
) {
- $_REQUEST['createdb-1'] = $_REQUEST['createdb-2']
- = $_REQUEST['createdb-3'] = null;
+ $_POST['createdb-1'] = $_POST['createdb-2']
+ = $_POST['createdb-3'] = null;
$message = Message::rawError($GLOBALS['dbi']->getError());
} else {
$message = Message::success(__('You have added a new user.'));
}
- if (isset($_REQUEST['createdb-1'])) {
+ if (isset($_POST['createdb-1'])) {
// Create database with same name and grant all privileges
$q = 'CREATE DATABASE IF NOT EXISTS '
. Util::backquote(
@@ -5052,7 +5056,7 @@ class Privileges
}
}
- if (isset($_REQUEST['createdb-2'])) {
+ if (isset($_POST['createdb-2'])) {
// Grant all privileges on wildcard name (username\_%)
$q = 'GRANT ALL PRIVILEGES ON '
. Util::backquote(
@@ -5068,7 +5072,7 @@ class Privileges
}
}
- if (isset($_REQUEST['createdb-3'])) {
+ if (isset($_POST['createdb-3'])) {
// Grant all privileges on the specified database to the new user
$q = 'GRANT ALL PRIVILEGES ON '
. Util::backquote(
@@ -5166,21 +5170,21 @@ class Privileges
// is supported by MySQL 5.5.7+
if (($serverType == 'MySQL' || $serverType == 'Percona Server')
&& $serverVersion >= 50507
- && isset($_REQUEST['authentication_plugin'])
+ && isset($_POST['authentication_plugin'])
) {
$create_user_stmt .= ' IDENTIFIED WITH '
- . $_REQUEST['authentication_plugin'];
+ . $_POST['authentication_plugin'];
}
// 'IDENTIFIED VIA auth_plugin'
// is supported by MariaDB 5.2+
if ($serverType == 'MariaDB'
&& $serverVersion >= 50200
- && isset($_REQUEST['authentication_plugin'])
+ && isset($_POST['authentication_plugin'])
&& ! $isMariaDBPwdPluginActive
) {
$create_user_stmt .= ' IDENTIFIED VIA '
- . $_REQUEST['authentication_plugin'];
+ . $_POST['authentication_plugin'];
}
$create_user_real = $create_user_show = $create_user_stmt;
@@ -5202,9 +5206,9 @@ class Privileges
$real_sql_query = $sql_query = $sql_query_stmt;
// Set the proper hashing method
- if (isset($_REQUEST['authentication_plugin'])) {
+ if (isset($_POST['authentication_plugin'])) {
self::setProperPasswordHashing(
- $_REQUEST['authentication_plugin']
+ $_POST['authentication_plugin']
);
}
diff --git a/server_privileges.php b/server_privileges.php
index 025000877f..2d5bf64427 100644
--- a/server_privileges.php
+++ b/server_privileges.php
@@ -37,8 +37,8 @@ $scripts = $header->getScripts();
$scripts->addFile('server_privileges.js');
$scripts->addFile('vendor/zxcvbn.js');
-if ((isset($_REQUEST['viewing_mode'])
- && $_REQUEST['viewing_mode'] == 'server')
+if ((isset($_GET['viewing_mode'])
+ && $_GET['viewing_mode'] == 'server')
&& $GLOBALS['cfgRelation']['menuswork']
) {
$response->addHTML('<div>');
@@ -156,8 +156,8 @@ if (! $GLOBALS['is_grantuser'] && !$GLOBALS['is_createuser']) {
* Checks if the user is using "Change Login Information / Copy User" dialog
* only to update the password
*/
-if (isset($_REQUEST['change_copy']) && $username == $_REQUEST['old_username']
- && $hostname == $_REQUEST['old_hostname']
+if (isset($_POST['change_copy']) && $username == $_POST['old_username']
+ && $hostname == $_POST['old_hostname']
) {
$response->addHTML(
Message::error(
@@ -202,7 +202,7 @@ if (isset($ret_message)) {
/**
* Changes / copies a user, part III
*/
-if (isset($_REQUEST['change_copy'])) {
+if (isset($_POST['change_copy'])) {
$queries = Privileges::getDbSpecificPrivsQueriesForChangeOrCopyUser(
$queries, $username, $hostname
);
@@ -247,17 +247,17 @@ if (! empty($_POST['update_privs'])) {
/**
* Assign users to user groups
*/
-if (! empty($_REQUEST['changeUserGroup']) && $cfgRelation['menuswork']
+if (! empty($_POST['changeUserGroup']) && $cfgRelation['menuswork']
&& $GLOBALS['dbi']->isSuperuser() && $GLOBALS['is_createuser']
) {
- Privileges::setUserGroup($username, $_REQUEST['userGroup']);
+ Privileges::setUserGroup($username, $_POST['userGroup']);
$message = Message::success();
}
/**
* Revokes Privileges
*/
-if (isset($_REQUEST['revokeall'])) {
+if (isset($_POST['revokeall'])) {
list ($message, $sql_query) = Privileges::getMessageAndSqlQueryForPrivilegesRevoke(
(isset($dbname) ? $dbname : ''),
(isset($tablename)
@@ -272,7 +272,7 @@ if (isset($_REQUEST['revokeall'])) {
/**
* Updates the password
*/
-if (isset($_REQUEST['change_pw'])) {
+if (isset($_POST['change_pw'])) {
$message = Privileges::updatePassword(
$err_url, $username, $hostname
);
@@ -282,11 +282,11 @@ if (isset($_REQUEST['change_pw'])) {
* Deletes users
* (Changes / copies a user, part IV)
*/
-if (isset($_REQUEST['delete'])
- || (isset($_REQUEST['change_copy']) && $_REQUEST['mode'] < 4)
+if (isset($_POST['delete'])
+ || (isset($_POST['change_copy']) && $_POST['mode'] < 4)
) {
$queries = Privileges::getDataForDeleteUsers($queries);
- if (empty($_REQUEST['change_copy'])) {
+ if (empty($_POST['change_copy'])) {
list($sql_query, $message) = Privileges::deleteUser($queries);
}
}
@@ -294,7 +294,7 @@ if (isset($_REQUEST['delete'])
/**
* Changes / copies a user, part V
*/
-if (isset($_REQUEST['change_copy'])) {
+if (isset($_POST['change_copy'])) {
$queries = Privileges::getDataForQueries($queries, $queries_for_display);
$message = Message::success();
$sql_query = join("\n", $queries);
@@ -315,14 +315,13 @@ if (isset($message_ret)) {
*/
if ($response->isAjax()
&& empty($_REQUEST['ajax_page_request'])
- && ! isset($_REQUEST['export'])
- && (! isset($_REQUEST['submit_mult']) || $_REQUEST['submit_mult'] != 'export')
- && ((! isset($_REQUEST['initial']) || $_REQUEST['initial'] === null
- || $_REQUEST['initial'] === '')
- || (isset($_REQUEST['delete']) && $_REQUEST['delete'] === __('Go')))
- && ! isset($_REQUEST['showall'])
- && ! isset($_REQUEST['edit_user_group_dialog'])
- && ! isset($_REQUEST['db_specific'])
+ && ! isset($_GET['export'])
+ && (! isset($_POST['submit_mult']) || $_POST['submit_mult'] != 'export')
+ && ((! isset($_GET['initial']) || $_GET['initial'] === null
+ || $_GET['initial'] === '')
+ || (isset($_POST['delete']) && $_POST['delete'] === __('Go')))
+ && ! isset($_GET['showall'])
+ && ! isset($_GET['edit_user_group_dialog'])
) {
$extra_data = Privileges::getExtraDataForAjaxBehavior(
(isset($password) ? $password : ''),
@@ -342,8 +341,8 @@ if ($response->isAjax()
/**
* Displays the links
*/
-if (isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'db') {
- $GLOBALS['db'] = $_REQUEST['db'] = $_REQUEST['checkprivsdb'];
+if (isset($_GET['viewing_mode']) && $_GET['viewing_mode'] == 'db') {
+ $GLOBALS['db'] = $_REQUEST['db'] = $_GET['checkprivsdb'];
$url_query .= '&amp;goto=db_operations.php';
@@ -384,8 +383,8 @@ $response->addHTML(
);
// export user definition
-if (isset($_REQUEST['export'])
- || (isset($_REQUEST['submit_mult']) && $_REQUEST['submit_mult'] == 'export')
+if (isset($_GET['export'])
+ || (isset($_POST['submit_mult']) && $_POST['submit_mult'] == 'export')
) {
list($title, $export) = Privileges::getListForExportUserDefinition(
isset($username) ? $username : null,
@@ -403,23 +402,23 @@ if (isset($_REQUEST['export'])
}
}
-if (isset($_REQUEST['adduser'])) {
+if (isset($_GET['adduser'])) {
// Add user
$response->addHTML(
Privileges::getHtmlForAddUser((isset($dbname) ? $dbname : ''))
);
-} elseif (isset($_REQUEST['checkprivsdb'])) {
- if (isset($_REQUEST['checkprivstable'])) {
+} elseif (isset($_GET['checkprivsdb'])) {
+ if (isset($_GET['checkprivstable'])) {
// check the privileges for a particular table.
$response->addHTML(
Privileges::getHtmlForSpecificTablePrivileges(
- $_REQUEST['checkprivsdb'], $_REQUEST['checkprivstable']
+ $_GET['checkprivsdb'], $_GET['checkprivstable']
)
);
} else {
// check the privileges for a particular database.
$response->addHTML(
- Privileges::getHtmlForSpecificDbPrivileges($_REQUEST['checkprivsdb'])
+ Privileges::getHtmlForSpecificDbPrivileges($_GET['checkprivsdb'])
);
}
} else {
@@ -464,7 +463,7 @@ if (isset($_REQUEST['adduser'])) {
}
}
-if ((isset($_REQUEST['viewing_mode']) && $_REQUEST['viewing_mode'] == 'server')
+if ((isset($_GET['viewing_mode']) && $_GET['viewing_mode'] == 'server')
&& $GLOBALS['cfgRelation']['menuswork']
) {
$response->addHTML('</div>');
diff --git a/test/classes/Server/PrivilegesTest.php b/test/classes/Server/PrivilegesTest.php
index 65f123e5fe..bb5e0593de 100644
--- a/test/classes/Server/PrivilegesTest.php
+++ b/test/classes/Server/PrivilegesTest.php
@@ -38,7 +38,7 @@ class PrivilegesTest extends TestCase
//$_REQUEST
$_REQUEST['log'] = "index1";
$_REQUEST['pos'] = 3;
- $_REQUEST['initial'] = null;
+ $_GET['initial'] = null;
//$GLOBALS
$GLOBALS['lang'] = 'en';
@@ -173,8 +173,8 @@ class PrivilegesTest extends TestCase
);
//pre variable have been defined
- $_REQUEST['pred_tablename'] = "PMA_pred__tablename";
- $_REQUEST['pred_dbname'] = array("PMA_pred_dbname");
+ $_POST['pred_tablename'] = "PMA_pred__tablename";
+ $_POST['pred_dbname'] = array("PMA_pred_dbname");
list(
,, $dbname, $tablename, $routinename,
$db_and_table, $dbname_is_wildcard
@@ -507,7 +507,7 @@ class PrivilegesTest extends TestCase
{
$username = "pma_username";
$is_menuswork = true;
- $_REQUEST['edit_user_group_dialog'] = "edit_user_group_dialog";
+ $_GET['edit_user_group_dialog'] = "edit_user_group_dialog";
/* Assertion 1 */
//Privileges::getHtmlForUserGroupDialog
@@ -746,7 +746,7 @@ class PrivilegesTest extends TestCase
*/
public function testPMAGetDataForChangeOrCopyUser()
{
- //$_REQUEST['change_copy'] not set
+ //$_POST['change_copy'] not set
list($queries, $password) = Privileges::getDataForChangeOrCopyUser();
$this->assertEquals(
null,
@@ -757,10 +757,10 @@ class PrivilegesTest extends TestCase
$queries
);
- //$_REQUEST['change_copy'] is set
- $_REQUEST['change_copy'] = true;
- $_REQUEST['old_username'] = 'PMA_old_username';
- $_REQUEST['old_hostname'] = 'PMA_old_hostname';
+ //$_POST['change_copy'] is set
+ $_POST['change_copy'] = true;
+ $_POST['old_username'] = 'PMA_old_username';
+ $_POST['old_hostname'] = 'PMA_old_hostname';
list($queries, $password) = Privileges::getDataForChangeOrCopyUser();
$this->assertEquals(
'pma_password',
@@ -770,7 +770,7 @@ class PrivilegesTest extends TestCase
array(),
$queries
);
- unset($_REQUEST['change_copy']);
+ unset($_POST['change_copy']);
}
@@ -824,13 +824,13 @@ class PrivilegesTest extends TestCase
$dbname = 'pma_dbname';
$username = 'pma_username';
$hostname = 'pma_hostname';
- $_REQUEST['adduser_submit'] = true;
+ $_POST['adduser_submit'] = true;
$_POST['pred_username'] = 'any';
$_POST['pred_hostname'] = 'localhost';
$_POST['pred_password'] = 'keep';
- $_REQUEST['createdb-3'] = true;
- $_REQUEST['userGroup'] = "username";
- $_REQUEST['authentication_plugin'] = 'mysql_native_password';
+ $_POST['createdb-3'] = true;
+ $_POST['userGroup'] = "username";
+ $_POST['authentication_plugin'] = 'mysql_native_password';
list(
$ret_message,,, $sql_query,
@@ -871,13 +871,13 @@ class PrivilegesTest extends TestCase
$dbname = 'pma_dbname';
$username = 'pma_username';
$hostname = 'pma_hostname';
- $_REQUEST['adduser_submit'] = true;
+ $_POST['adduser_submit'] = true;
$_POST['pred_username'] = 'any';
$_POST['pred_hostname'] = 'localhost';
$_POST['pred_password'] = 'keep';
- $_REQUEST['createdb-3'] = true;
- $_REQUEST['userGroup'] = "username";
- $_REQUEST['authentication_plugin'] = 'mysql_native_password';
+ $_POST['createdb-3'] = true;
+ $_POST['userGroup'] = "username";
+ $_POST['authentication_plugin'] = 'mysql_native_password';
list(
$ret_message,,, $sql_query,
@@ -918,7 +918,7 @@ class PrivilegesTest extends TestCase
$hostname = 'pma_hostname';
$err_url = "error.php";
$_POST['pma_pw'] = 'pma_pw';
- $_REQUEST['authentication_plugin'] = 'mysql_native_password';
+ $_POST['authentication_plugin'] = 'mysql_native_password';
$message = Privileges::updatePassword(
$err_url, $username, $hostname
@@ -942,10 +942,10 @@ class PrivilegesTest extends TestCase
$username = 'pma_username';
$hostname = 'pma_hostname';
$tablename = 'pma_tablename';
- $_REQUEST['adduser_submit'] = true;
+ $_POST['adduser_submit'] = true;
$_POST['pred_username'] = 'any';
$_POST['pred_hostname'] = 'localhost';
- $_REQUEST['createdb-3'] = true;
+ $_POST['createdb-3'] = true;
$_POST['Grant_priv'] = 'Y';
$_POST['max_questions'] = 1000;
list ($message, $sql_query)
@@ -977,10 +977,10 @@ class PrivilegesTest extends TestCase
$username = 'pma_username';
$hostname = 'pma_hostname';
$tablename = 'pma_tablename';
- $_REQUEST['adduser_submit'] = true;
+ $_POST['adduser_submit'] = true;
$_POST['pred_username'] = 'any';
$_POST['pred_hostname'] = 'localhost';
- $_REQUEST['createdb-3'] = true;
+ $_POST['createdb-3'] = true;
$_POST['Grant_priv'] = 'Y';
$_POST['max_questions'] = 1000;
list($sql_query, $message) = Privileges::updatePrivileges(
@@ -1152,7 +1152,7 @@ class PrivilegesTest extends TestCase
$hostname = "PMA_hostname";
$password = "pma_password";
$_POST['pred_password'] = 'keep';
- $_REQUEST['authentication_plugin'] = 'mysql_native_password';
+ $_POST['authentication_plugin'] = 'mysql_native_password';
$dbname = "PMA_db";
list($create_user_real, $create_user_show, $real_sql_query, $sql_query)
@@ -1788,9 +1788,9 @@ class PrivilegesTest extends TestCase
$username = "pma_username";
$hostname = "pma_hostname";
$GLOBALS['dbname'] = "pma_dbname";
- $_REQUEST['adduser_submit'] = "adduser_submit";
- $_REQUEST['change_copy'] = "change_copy";
- $_REQUEST['validate_username'] = "validate_username";
+ $_POST['adduser_submit'] = "adduser_submit";
+ $_POST['change_copy'] = "change_copy";
+ $_GET['validate_username'] = "validate_username";
$_REQUEST['username'] = "username";
$_POST['update_privs'] = "update_privs";
@@ -2158,9 +2158,9 @@ class PrivilegesTest extends TestCase
*/
public function testPMAGetDataForDeleteUsers()
{
- $_REQUEST['change_copy'] = "change_copy";
- $_REQUEST['old_hostname'] = "old_hostname";
- $_REQUEST['old_username'] = "old_username";
+ $_POST['change_copy'] = "change_copy";
+ $_POST['old_hostname'] = "old_hostname";
+ $_POST['old_username'] = "old_username";
$_SESSION['relation'][1] = array(
'PMA_VERSION' => PMA_VERSION,
'bookmarkwork' => false,
@@ -2607,7 +2607,7 @@ class PrivilegesTest extends TestCase
);
// Test case 2 : all successful queries
- $_REQUEST['mode'] = 3;
+ $_POST['mode'] = 3;
$queries = array('foo');
$actual = Privileges::deleteUser($queries);
$this->assertArrayHasKey(0, $actual);
@@ -2622,7 +2622,7 @@ class PrivilegesTest extends TestCase
);
// Test case 3 : failing queries
- $_REQUEST['mode'] = 1;
+ $_POST['mode'] = 1;
$queries = array('bar');
$actual = Privileges::deleteUser($queries);
$this->assertArrayHasKey(0, $actual);
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-07 12:52:28 +0300