diff options
Diffstat (limited to 'libraries/classes/Controllers/Table/OperationsController.php')
-rw-r--r-- | libraries/classes/Controllers/Table/OperationsController.php | 71 |
1 files changed, 49 insertions, 22 deletions
diff --git a/libraries/classes/Controllers/Table/OperationsController.php b/libraries/classes/Controllers/Table/OperationsController.php index e0cf459d11..10d83dd87d 100644 --- a/libraries/classes/Controllers/Table/OperationsController.php +++ b/libraries/classes/Controllers/Table/OperationsController.php @@ -27,6 +27,8 @@ use PhpMyAdmin\Util; use function __; use function count; use function implode; +use function is_array; +use function is_string; use function mb_strstr; use function mb_strtolower; use function mb_strtoupper; @@ -161,7 +163,7 @@ class OperationsController extends AbstractController /** * If the table has to be moved to some other database */ - if (isset($_POST['submit_move']) || isset($_POST['submit_copy'])) { + if ($request->hasBodyParam('submit_move') || $request->hasBodyParam('submit_copy')) { $message = $this->operations->moveOrCopyTable($GLOBALS['db'], $GLOBALS['table']); if (! $this->response->isAjax()) { @@ -171,8 +173,10 @@ class OperationsController extends AbstractController $this->response->addJSON('message', $message); if ($message->isSuccess()) { - if (isset($_POST['submit_move'], $_POST['target_db'])) { - $GLOBALS['db'] = $_POST['target_db'];// Used in Header::getJsParams() + /** @var mixed $targetDbParam */ + $targetDbParam = $request->getParsedBodyParam('target_db'); + if ($request->hasBodyParam('submit_move') && is_string($targetDbParam)) { + $GLOBALS['db'] = $targetDbParam; // Used in Header::getJsParams() } $this->response->addJSON('db', $GLOBALS['db']); @@ -188,27 +192,31 @@ class OperationsController extends AbstractController /** * Updates table comment, type and options if required */ - if (isset($_POST['submitoptions'])) { + if ($request->hasBodyParam('submitoptions')) { $_message = ''; $GLOBALS['warning_messages'] = []; - if (isset($_POST['new_name'])) { + /** @var mixed $newName */ + $newName = $request->getParsedBodyParam('new_name'); + if (is_string($newName)) { // lower_case_table_names=1 `DB` becomes `db` if ($GLOBALS['lowerCaseNames']) { - $_POST['new_name'] = mb_strtolower($_POST['new_name']); + $newName = mb_strtolower($newName); } // Get original names before rename operation $oldTable = $pma_table->getName(); $oldDb = $pma_table->getDbName(); - if ($pma_table->rename($_POST['new_name'])) { - if (isset($_POST['adjust_privileges']) && ! empty($_POST['adjust_privileges'])) { + if ($pma_table->rename($newName)) { + if ($request->getParsedBodyParam('adjust_privileges')) { + /** @var mixed $dbParam */ + $dbParam = $request->getParsedBodyParam('db'); $this->operations->adjustPrivilegesRenameOrMoveTable( $oldDb, $oldTable, - $_POST['db'], - $_POST['new_name'] + is_string($dbParam) ? $dbParam : '', + $newName ); } @@ -226,11 +234,13 @@ class OperationsController extends AbstractController } } + /** @var mixed $newTableStorageEngine */ + $newTableStorageEngine = $request->getParsedBodyParam('new_tbl_storage_engine'); if ( - ! empty($_POST['new_tbl_storage_engine']) - && mb_strtoupper($_POST['new_tbl_storage_engine']) !== $GLOBALS['tbl_storage_engine'] + is_string($newTableStorageEngine) && $newTableStorageEngine !== '' + && mb_strtoupper($newTableStorageEngine) !== $GLOBALS['tbl_storage_engine'] ) { - $GLOBALS['new_tbl_storage_engine'] = mb_strtoupper($_POST['new_tbl_storage_engine']); + $GLOBALS['new_tbl_storage_engine'] = mb_strtoupper($newTableStorageEngine); if ($pma_table->isEngine('ARIA')) { $GLOBALS['create_options']['transactional'] = ($GLOBALS['create_options']['transactional'] ?? '') @@ -267,15 +277,20 @@ class OperationsController extends AbstractController $GLOBALS['warning_messages'] = $this->operations->getWarningMessagesArray(); } - if (! empty($_POST['tbl_collation']) && ! empty($_POST['change_all_collations'])) { + /** @var mixed $tableCollationParam */ + $tableCollationParam = $request->getParsedBodyParam('tbl_collation'); + if ( + is_string($tableCollationParam) && $tableCollationParam !== '' + && $request->getParsedBodyParam('change_all_collations') + ) { $this->operations->changeAllColumnsCollation( $GLOBALS['db'], $GLOBALS['table'], - $_POST['tbl_collation'] + $tableCollationParam ); } - if (isset($_POST['tbl_collation']) && empty($_POST['tbl_collation'])) { + if ($tableCollationParam !== null && (! is_string($tableCollationParam) || $tableCollationParam === '')) { if ($this->response->isAjax()) { $this->response->setRequestStatus(false); $this->response->addJSON( @@ -288,26 +303,38 @@ class OperationsController extends AbstractController } } + /** @var mixed $orderField */ + $orderField = $request->getParsedBodyParam('order_field'); + /** * Reordering the table has been requested by the user */ - if (isset($_POST['submitorderby']) && ! empty($_POST['order_field'])) { + if ($request->hasBodyParam('submitorderby') && is_string($orderField) && $orderField !== '') { + /** @var mixed $orderOrder */ + $orderOrder = $request->getParsedBodyParam('order_order'); $GLOBALS['sql_query'] = QueryGenerator::getQueryForReorderingTable( $GLOBALS['table'], - urldecode($_POST['order_field']), - $_POST['order_order'] ?? null + urldecode($orderField), + is_string($orderOrder) ? $orderOrder : '' ); $GLOBALS['result'] = $this->dbi->query($GLOBALS['sql_query']); } + /** @var mixed $partitionOperation */ + $partitionOperation = $request->getParsedBodyParam('partition_operation'); + /** * A partition operation has been requested by the user */ - if (isset($_POST['submit_partition']) && ! empty($_POST['partition_operation'])) { + if ( + $request->hasBodyParam('submit_partition') && is_string($partitionOperation) && $partitionOperation !== '' + ) { + /** @var mixed $partitionNames */ + $partitionNames = $request->getParsedBodyParam('partition_name'); $GLOBALS['sql_query'] = QueryGenerator::getQueryForPartitioningTable( $GLOBALS['table'], - $_POST['partition_operation'], - $_POST['partition_name'] + $partitionOperation, + is_array($partitionNames) ? $partitionNames : [] ); $GLOBALS['result'] = $this->dbi->query($GLOBALS['sql_query']); } |