diff options
| -rw-r--r-- | libraries/classes/Controllers/Database/OperationsController.php | 50 | ||||
| -rw-r--r-- | libraries/classes/Operations.php | 71 | ||||
| -rw-r--r-- | psalm-baseline.xml | 31 |
3 files changed, 70 insertions, 82 deletions
diff --git a/libraries/classes/Controllers/Database/OperationsController.php b/libraries/classes/Controllers/Database/OperationsController.php index 93ed7f380f..822c3c54f7 100644 --- a/libraries/classes/Controllers/Database/OperationsController.php +++ b/libraries/classes/Controllers/Database/OperationsController.php @@ -23,6 +23,7 @@ use PhpMyAdmin\Util; use function __; use function count; +use function is_string; use function mb_strtolower; use function strlen; @@ -103,22 +104,25 @@ class OperationsController extends AbstractController $GLOBALS['move'] = false; } - if (! isset($_POST['newname']) || strlen($_POST['newname']) === 0) { + /** @var mixed|null $newDatabaseName */ + $newDatabaseName = $request->getParsedBodyParam('newname'); + if (! is_string($newDatabaseName) || $newDatabaseName === '') { $GLOBALS['message'] = Message::error(__('The database name is empty!')); + $newDatabaseName = null; } else { // lower_case_table_names=1 `DB` becomes `db` if ($this->dbi->getLowerCaseNames() === '1') { - $_POST['newname'] = mb_strtolower($_POST['newname']); + $newDatabaseName = mb_strtolower($newDatabaseName); } - if ($_POST['newname'] === $_REQUEST['db']) { + if ($newDatabaseName === $_REQUEST['db']) { $GLOBALS['message'] = Message::error( __('Cannot copy database to the same name. Change the name and try again.') ); } else { $_error = false; if ($GLOBALS['move'] || ! empty($_POST['create_database_before_copying'])) { - $this->operations->createDbBeforeCopy(); + $this->operations->createDbBeforeCopy($newDatabaseName); } // here I don't use DELIMITER because it's not part of the @@ -127,7 +131,7 @@ class OperationsController extends AbstractController // to avoid selecting alternatively the current and new db // we would need to modify the CREATE definitions to qualify // the db name - $this->operations->runProcedureAndFunctionDefinitions($GLOBALS['db']); + $this->operations->runProcedureAndFunctionDefinitions($GLOBALS['db'], $newDatabaseName); // go back to current db, just in case $this->dbi->selectDb($GLOBALS['db']); @@ -144,26 +148,36 @@ class OperationsController extends AbstractController $GLOBALS['views'] = $this->operations->getViewsAndCreateSqlViewStandIn( $GLOBALS['tables_full'], $GLOBALS['export_sql_plugin'], - $GLOBALS['db'] + $GLOBALS['db'], + $newDatabaseName ); // copy tables $GLOBALS['sqlConstratints'] = $this->operations->copyTables( $GLOBALS['tables_full'], $GLOBALS['move'], - $GLOBALS['db'] + $GLOBALS['db'], + $newDatabaseName ); // handle the views if (! $_error) { - $this->operations->handleTheViews($GLOBALS['views'], $GLOBALS['move'], $GLOBALS['db']); + $this->operations->handleTheViews( + $GLOBALS['views'], + $GLOBALS['move'], + $GLOBALS['db'], + $newDatabaseName + ); } unset($GLOBALS['views']); // now that all tables exist, create all the accumulated constraints if (! $_error && count($GLOBALS['sqlConstratints']) > 0) { - $this->operations->createAllAccumulatedConstraints($GLOBALS['sqlConstratints']); + $this->operations->createAllAccumulatedConstraints( + $GLOBALS['sqlConstratints'], + $newDatabaseName + ); } unset($GLOBALS['sqlConstratints']); @@ -172,18 +186,18 @@ class OperationsController extends AbstractController // here DELIMITER is not used because it's not part of the // language; each statement is sent one by one - $this->operations->runEventDefinitionsForDb($GLOBALS['db']); + $this->operations->runEventDefinitionsForDb($GLOBALS['db'], $newDatabaseName); } // go back to current db, just in case $this->dbi->selectDb($GLOBALS['db']); // Duplicate the bookmarks for this db (done once for each db) - $this->operations->duplicateBookmarks($_error, $GLOBALS['db']); + $this->operations->duplicateBookmarks($_error, $GLOBALS['db'], $newDatabaseName); if (! $_error && $GLOBALS['move']) { if (isset($_POST['adjust_privileges']) && ! empty($_POST['adjust_privileges'])) { - $this->operations->adjustPrivilegesMoveDb($GLOBALS['db'], $_POST['newname']); + $this->operations->adjustPrivilegesMoveDb($GLOBALS['db'], $newDatabaseName); } /** @@ -201,17 +215,17 @@ class OperationsController extends AbstractController __('Database %1$s has been renamed to %2$s.') ); $GLOBALS['message']->addParam($GLOBALS['db']); - $GLOBALS['message']->addParam($_POST['newname']); + $GLOBALS['message']->addParam($newDatabaseName); } elseif (! $_error) { if (isset($_POST['adjust_privileges']) && ! empty($_POST['adjust_privileges'])) { - $this->operations->adjustPrivilegesCopyDb($GLOBALS['db'], $_POST['newname']); + $this->operations->adjustPrivilegesCopyDb($GLOBALS['db'], $newDatabaseName); } $GLOBALS['message'] = Message::success( __('Database %1$s has been copied to %2$s.') ); $GLOBALS['message']->addParam($GLOBALS['db']); - $GLOBALS['message']->addParam($_POST['newname']); + $GLOBALS['message']->addParam($newDatabaseName); } else { $GLOBALS['message'] = Message::error(); } @@ -220,11 +234,11 @@ class OperationsController extends AbstractController /* Change database to be used */ if (! $_error && $GLOBALS['move']) { - $GLOBALS['db'] = $_POST['newname']; + $GLOBALS['db'] = $newDatabaseName; } elseif (! $_error) { if (isset($_POST['switch_to_new']) && $_POST['switch_to_new'] === 'true') { $_SESSION['pma_switch_to_new'] = true; - $GLOBALS['db'] = $_POST['newname']; + $GLOBALS['db'] = $newDatabaseName; } else { $_SESSION['pma_switch_to_new'] = false; } @@ -239,7 +253,7 @@ class OperationsController extends AbstractController if ($this->response->isAjax()) { $this->response->setRequestStatus($GLOBALS['message']->isSuccess()); $this->response->addJSON('message', $GLOBALS['message']); - $this->response->addJSON('newname', $_POST['newname']); + $this->response->addJSON('newname', $newDatabaseName); $this->response->addJSON( 'sql_query', Generator::getMessage('', $GLOBALS['sql_query']) diff --git a/libraries/classes/Operations.php b/libraries/classes/Operations.php index 18a8572387..679b313cf5 100644 --- a/libraries/classes/Operations.php +++ b/libraries/classes/Operations.php @@ -55,7 +55,7 @@ class Operations * * @param string $db database name */ - public function runProcedureAndFunctionDefinitions($db): void + public function runProcedureAndFunctionDefinitions($db, string $newDatabaseName): void { $procedure_names = Routines::getProcedureNames($this->dbi, $db); if ($procedure_names) { @@ -68,7 +68,7 @@ class Operations // collect for later display $GLOBALS['sql_query'] .= "\n" . $tmp_query; - $this->dbi->selectDb($_POST['newname']); + $this->dbi->selectDb($newDatabaseName); $this->dbi->query($tmp_query); } } @@ -87,7 +87,7 @@ class Operations // collect for later display $GLOBALS['sql_query'] .= "\n" . $tmp_query; - $this->dbi->selectDb($_POST['newname']); + $this->dbi->selectDb($newDatabaseName); $this->dbi->query($tmp_query); } } @@ -95,10 +95,10 @@ class Operations /** * Create database before copy */ - public function createDbBeforeCopy(): void + public function createDbBeforeCopy(string $newDatabaseName): void { $local_query = 'CREATE DATABASE IF NOT EXISTS ' - . Util::backquote($_POST['newname']); + . Util::backquote($newDatabaseName); if (isset($_POST['db_collation'])) { $local_query .= ' DEFAULT' . Util::getCharsetQueryPart($_POST['db_collation'] ?? ''); @@ -136,7 +136,8 @@ class Operations public function getViewsAndCreateSqlViewStandIn( array $tables_full, $export_sql_plugin, - $db + $db, + string $newDatabaseName ) { $views = []; foreach (array_keys($tables_full) as $each_table) { @@ -150,7 +151,7 @@ class Operations // If view exists, and 'add drop view' is selected: Drop it! if ($_POST['what'] !== 'nocopy' && isset($_POST['drop_if_exists']) && $_POST['drop_if_exists'] === 'true') { $drop_query = 'DROP VIEW IF EXISTS ' - . Util::backquote($_POST['newname']) . '.' + . Util::backquote($newDatabaseName) . '.' . Util::backquote($each_table); $this->dbi->query($drop_query); @@ -160,7 +161,7 @@ class Operations $views[] = $each_table; // Create stand-in definition to resolve view dependencies $sql_view_standin = $export_sql_plugin->getTableDefStandIn($db, $each_table, "\n"); - $this->dbi->selectDb($_POST['newname']); + $this->dbi->selectDb($newDatabaseName); $this->dbi->query($sql_view_standin); $GLOBALS['sql_query'] .= "\n" . $sql_view_standin; } @@ -177,7 +178,7 @@ class Operations * * @return array SQL queries for the constraints */ - public function copyTables(array $tables_full, $move, $db) + public function copyTables(array $tables_full, $move, $db, string $newDatabaseName) { $sqlContraints = []; foreach (array_keys($tables_full) as $each_table) { @@ -214,7 +215,7 @@ class Operations ! Table::moveCopy( $db, $each_table, - $_POST['newname'], + $newDatabaseName, $each_table, ($this_what ?? 'data'), $move, @@ -228,7 +229,7 @@ class Operations // apply the triggers to the destination db+table if ($triggers) { - $this->dbi->selectDb($_POST['newname']); + $this->dbi->selectDb($newDatabaseName); foreach ($triggers as $trigger) { $this->dbi->query($trigger['create']); $GLOBALS['sql_query'] .= "\n" . $trigger['create'] . ';'; @@ -256,7 +257,7 @@ class Operations * * @param string $db database name */ - public function runEventDefinitionsForDb($db): void + public function runEventDefinitionsForDb($db, string $newDatabaseName): void { $event_names = $this->dbi->fetchResult( 'SELECT EVENT_NAME FROM information_schema.EVENTS WHERE EVENT_SCHEMA= \'' @@ -271,7 +272,7 @@ class Operations $tmp_query = Events::getDefinition($this->dbi, $db, $event_name); // collect for later display $GLOBALS['sql_query'] .= "\n" . $tmp_query; - $this->dbi->selectDb($_POST['newname']); + $this->dbi->selectDb($newDatabaseName); $this->dbi->query($tmp_query); } } @@ -283,14 +284,14 @@ class Operations * @param bool $move whether database name is empty or not * @param string $db database name */ - public function handleTheViews(array $views, $move, $db): void + public function handleTheViews(array $views, $move, $db, string $newDatabaseName): void { // Add DROP IF EXIST to CREATE VIEW query, to remove stand-in VIEW that was created earlier. foreach ($views as $view) { $copying_succeeded = Table::moveCopy( $db, $view, - $_POST['newname'], + $newDatabaseName, $view, 'structure', $move, @@ -307,10 +308,9 @@ class Operations /** * Adjust the privileges after Renaming the db * - * @param string $oldDb Database name before renaming - * @param string $newname New Database name requested + * @param string $oldDb Database name before renaming */ - public function adjustPrivilegesMoveDb($oldDb, $newname): void + public function adjustPrivilegesMoveDb($oldDb, string $newDatabaseName): void { if ( ! $GLOBALS['db_priv'] || ! $GLOBALS['table_priv'] @@ -321,30 +321,30 @@ class Operations } $this->dbi->selectDb('mysql'); - $newname = str_replace('_', '\_', $newname); + $newDatabaseName = str_replace('_', '\_', $newDatabaseName); $oldDb = str_replace('_', '\_', $oldDb); // For Db specific privileges $query_db_specific = 'UPDATE ' . Util::backquote('db') - . 'SET Db = \'' . $this->dbi->escapeString($newname) + . 'SET Db = \'' . $this->dbi->escapeString($newDatabaseName) . '\' where Db = \'' . $this->dbi->escapeString($oldDb) . '\';'; $this->dbi->query($query_db_specific); // For table specific privileges $query_table_specific = 'UPDATE ' . Util::backquote('tables_priv') - . 'SET Db = \'' . $this->dbi->escapeString($newname) + . 'SET Db = \'' . $this->dbi->escapeString($newDatabaseName) . '\' where Db = \'' . $this->dbi->escapeString($oldDb) . '\';'; $this->dbi->query($query_table_specific); // For column specific privileges $query_col_specific = 'UPDATE ' . Util::backquote('columns_priv') - . 'SET Db = \'' . $this->dbi->escapeString($newname) + . 'SET Db = \'' . $this->dbi->escapeString($newDatabaseName) . '\' where Db = \'' . $this->dbi->escapeString($oldDb) . '\';'; $this->dbi->query($query_col_specific); // For procedures specific privileges $query_proc_specific = 'UPDATE ' . Util::backquote('procs_priv') - . 'SET Db = \'' . $this->dbi->escapeString($newname) + . 'SET Db = \'' . $this->dbi->escapeString($newDatabaseName) . '\' where Db = \'' . $this->dbi->escapeString($oldDb) . '\';'; $this->dbi->query($query_proc_specific); @@ -356,10 +356,9 @@ class Operations /** * Adjust the privileges after Copying the db * - * @param string $oldDb Database name before copying - * @param string $newname New Database name requested + * @param string $oldDb Database name before copying */ - public function adjustPrivilegesCopyDb($oldDb, $newname): void + public function adjustPrivilegesCopyDb($oldDb, string $newDatabaseName): void { if ( ! $GLOBALS['db_priv'] || ! $GLOBALS['table_priv'] @@ -370,7 +369,7 @@ class Operations } $this->dbi->selectDb('mysql'); - $newname = str_replace('_', '\_', $newname); + $newDatabaseName = str_replace('_', '\_', $newDatabaseName); $oldDb = str_replace('_', '\_', $oldDb); $query_db_specific_old = 'SELECT * FROM ' @@ -381,7 +380,7 @@ class Operations foreach ($old_privs_db as $old_priv) { $newDb_db_privs_query = 'INSERT INTO ' . Util::backquote('db') - . ' VALUES("' . $old_priv[0] . '", "' . $newname . '"'; + . ' VALUES("' . $old_priv[0] . '", "' . $newDatabaseName . '"'; $privCount = count($old_priv); for ($i = 2; $i < $privCount; $i++) { $newDb_db_privs_query .= ', "' . $old_priv[$i] . '"'; @@ -402,7 +401,7 @@ class Operations foreach ($old_privs_table as $old_priv) { $newDb_table_privs_query = 'INSERT INTO ' . Util::backquote( 'tables_priv' - ) . ' VALUES("' . $old_priv[0] . '", "' . $newname . '", "' + ) . ' VALUES("' . $old_priv[0] . '", "' . $newDatabaseName . '", "' . $old_priv[2] . '", "' . $old_priv[3] . '", "' . $old_priv[4] . '", "' . $old_priv[5] . '", "' . $old_priv[6] . '", "' . $old_priv[7] . '");'; @@ -420,7 +419,7 @@ class Operations foreach ($old_privs_col as $old_priv) { $newDb_col_privs_query = 'INSERT INTO ' . Util::backquote( 'columns_priv' - ) . ' VALUES("' . $old_priv[0] . '", "' . $newname . '", "' + ) . ' VALUES("' . $old_priv[0] . '", "' . $newDatabaseName . '", "' . $old_priv[2] . '", "' . $old_priv[3] . '", "' . $old_priv[4] . '", "' . $old_priv[5] . '", "' . $old_priv[6] . '");'; @@ -437,7 +436,7 @@ class Operations foreach ($old_privs_proc as $old_priv) { $newDb_proc_privs_query = 'INSERT INTO ' . Util::backquote( 'procs_priv' - ) . ' VALUES("' . $old_priv[0] . '", "' . $newname . '", "' + ) . ' VALUES("' . $old_priv[0] . '", "' . $newDatabaseName . '", "' . $old_priv[2] . '", "' . $old_priv[3] . '", "' . $old_priv[4] . '", "' . $old_priv[5] . '", "' . $old_priv[6] . '", "' . $old_priv[7] . '");'; @@ -455,9 +454,9 @@ class Operations * * @param array $sqlConstratints array of sql constraints for the database */ - public function createAllAccumulatedConstraints(array $sqlConstratints): void + public function createAllAccumulatedConstraints(array $sqlConstratints, string $newDatabaseName): void { - $this->dbi->selectDb($_POST['newname']); + $this->dbi->selectDb($newDatabaseName); foreach ($sqlConstratints as $one_query) { $this->dbi->query($one_query); // and prepare to display them @@ -471,9 +470,9 @@ class Operations * @param bool $_error whether table rename/copy or not * @param string $db database name */ - public function duplicateBookmarks($_error, $db): void + public function duplicateBookmarks($_error, $db, string $newDatabaseName): void { - if ($_error || $db == $_POST['newname']) { + if ($_error || $db === $newDatabaseName) { return; } @@ -483,7 +482,7 @@ class Operations 'query', ]; $where_fields = ['dbase' => $db]; - $new_fields = ['dbase' => $_POST['newname']]; + $new_fields = ['dbase' => $newDatabaseName]; Table::duplicateInfo('bookmarkwork', 'bookmark', $get_fields, $where_fields, $new_fields); } diff --git a/psalm-baseline.xml b/psalm-baseline.xml index 17521d4cbd..57065882e3 100644 --- a/psalm-baseline.xml +++ b/psalm-baseline.xml @@ -1254,25 +1254,10 @@ <code>$GLOBALS['cfg']['AllowUserDropDatabase']</code> <code>$GLOBALS['cfg']['PmaNoRelation_DisableWarning']</code> </InvalidArrayOffset> - <MixedArgument occurrences="10"> - <code>$GLOBALS['db']</code> - <code>$GLOBALS['db']</code> - <code>$GLOBALS['db']</code> - <code>$GLOBALS['db']</code> - <code>$GLOBALS['db']</code> + <MixedArgument occurrences="1"> <code>$_POST['comment']</code> - <code>$_POST['newname']</code> - <code>$_POST['newname']</code> - <code>$_POST['newname']</code> - <code>$_POST['newname']</code> </MixedArgument> - <MixedArgumentTypeCoercion occurrences="2"> - <code>['db' => $GLOBALS['db']]</code> - <code>['db' => $GLOBALS['db']]</code> - </MixedArgumentTypeCoercion> - <MixedAssignment occurrences="20"> - <code>$GLOBALS['db']</code> - <code>$GLOBALS['db']</code> + <MixedAssignment occurrences="18"> <code>$GLOBALS['db_collation']</code> <code>$GLOBALS['errorUrl']</code> <code>$GLOBALS['export_sql_plugin']</code> @@ -8658,20 +8643,10 @@ </InvalidReturnType> </file> <file src="libraries/classes/Operations.php"> - <MixedArgument occurrences="33"> + <MixedArgument occurrences="23"> <code>$_POST['comment']</code> <code>$_POST['db_collation'] ?? ''</code> <code>$_POST['new_auto_increment']</code> - <code>$_POST['newname']</code> - <code>$_POST['newname']</code> - <code>$_POST['newname']</code> - <code>$_POST['newname']</code> - <code>$_POST['newname']</code> - <code>$_POST['newname']</code> - <code>$_POST['newname']</code> - <code>$_POST['newname']</code> - <code>$_POST['newname']</code> - <code>$_POST['newname']</code> <code>$_POST['prev_comment']</code> <code>$_POST['tbl_collation'] ?? ''</code> <code>$_POST['what']</code> |