From a0e4afff04f52e31b351fe30efa7c003f23962fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maur=C3=ADcio=20Meneghini=20Fauth?= Date: Wed, 9 Nov 2022 02:05:21 -0300 Subject: Replace $_POST with ServerRequest object in Table\OperationsController MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: MaurĂ­cio Meneghini Fauth --- .../Controllers/Table/OperationsController.php | 71 +++++++++++++++------- psalm-baseline.xml | 29 +-------- 2 files changed, 51 insertions(+), 49 deletions(-) diff --git a/libraries/classes/Controllers/Table/OperationsController.php b/libraries/classes/Controllers/Table/OperationsController.php index e0cf459d11..10d83dd87d 100644 --- a/libraries/classes/Controllers/Table/OperationsController.php +++ b/libraries/classes/Controllers/Table/OperationsController.php @@ -27,6 +27,8 @@ use PhpMyAdmin\Util; use function __; use function count; use function implode; +use function is_array; +use function is_string; use function mb_strstr; use function mb_strtolower; use function mb_strtoupper; @@ -161,7 +163,7 @@ class OperationsController extends AbstractController /** * If the table has to be moved to some other database */ - if (isset($_POST['submit_move']) || isset($_POST['submit_copy'])) { + if ($request->hasBodyParam('submit_move') || $request->hasBodyParam('submit_copy')) { $message = $this->operations->moveOrCopyTable($GLOBALS['db'], $GLOBALS['table']); if (! $this->response->isAjax()) { @@ -171,8 +173,10 @@ class OperationsController extends AbstractController $this->response->addJSON('message', $message); if ($message->isSuccess()) { - if (isset($_POST['submit_move'], $_POST['target_db'])) { - $GLOBALS['db'] = $_POST['target_db'];// Used in Header::getJsParams() + /** @var mixed $targetDbParam */ + $targetDbParam = $request->getParsedBodyParam('target_db'); + if ($request->hasBodyParam('submit_move') && is_string($targetDbParam)) { + $GLOBALS['db'] = $targetDbParam; // Used in Header::getJsParams() } $this->response->addJSON('db', $GLOBALS['db']); @@ -188,27 +192,31 @@ class OperationsController extends AbstractController /** * Updates table comment, type and options if required */ - if (isset($_POST['submitoptions'])) { + if ($request->hasBodyParam('submitoptions')) { $_message = ''; $GLOBALS['warning_messages'] = []; - if (isset($_POST['new_name'])) { + /** @var mixed $newName */ + $newName = $request->getParsedBodyParam('new_name'); + if (is_string($newName)) { // lower_case_table_names=1 `DB` becomes `db` if ($GLOBALS['lowerCaseNames']) { - $_POST['new_name'] = mb_strtolower($_POST['new_name']); + $newName = mb_strtolower($newName); } // Get original names before rename operation $oldTable = $pma_table->getName(); $oldDb = $pma_table->getDbName(); - if ($pma_table->rename($_POST['new_name'])) { - if (isset($_POST['adjust_privileges']) && ! empty($_POST['adjust_privileges'])) { + if ($pma_table->rename($newName)) { + if ($request->getParsedBodyParam('adjust_privileges')) { + /** @var mixed $dbParam */ + $dbParam = $request->getParsedBodyParam('db'); $this->operations->adjustPrivilegesRenameOrMoveTable( $oldDb, $oldTable, - $_POST['db'], - $_POST['new_name'] + is_string($dbParam) ? $dbParam : '', + $newName ); } @@ -226,11 +234,13 @@ class OperationsController extends AbstractController } } + /** @var mixed $newTableStorageEngine */ + $newTableStorageEngine = $request->getParsedBodyParam('new_tbl_storage_engine'); if ( - ! empty($_POST['new_tbl_storage_engine']) - && mb_strtoupper($_POST['new_tbl_storage_engine']) !== $GLOBALS['tbl_storage_engine'] + is_string($newTableStorageEngine) && $newTableStorageEngine !== '' + && mb_strtoupper($newTableStorageEngine) !== $GLOBALS['tbl_storage_engine'] ) { - $GLOBALS['new_tbl_storage_engine'] = mb_strtoupper($_POST['new_tbl_storage_engine']); + $GLOBALS['new_tbl_storage_engine'] = mb_strtoupper($newTableStorageEngine); if ($pma_table->isEngine('ARIA')) { $GLOBALS['create_options']['transactional'] = ($GLOBALS['create_options']['transactional'] ?? '') @@ -267,15 +277,20 @@ class OperationsController extends AbstractController $GLOBALS['warning_messages'] = $this->operations->getWarningMessagesArray(); } - if (! empty($_POST['tbl_collation']) && ! empty($_POST['change_all_collations'])) { + /** @var mixed $tableCollationParam */ + $tableCollationParam = $request->getParsedBodyParam('tbl_collation'); + if ( + is_string($tableCollationParam) && $tableCollationParam !== '' + && $request->getParsedBodyParam('change_all_collations') + ) { $this->operations->changeAllColumnsCollation( $GLOBALS['db'], $GLOBALS['table'], - $_POST['tbl_collation'] + $tableCollationParam ); } - if (isset($_POST['tbl_collation']) && empty($_POST['tbl_collation'])) { + if ($tableCollationParam !== null && (! is_string($tableCollationParam) || $tableCollationParam === '')) { if ($this->response->isAjax()) { $this->response->setRequestStatus(false); $this->response->addJSON( @@ -288,26 +303,38 @@ class OperationsController extends AbstractController } } + /** @var mixed $orderField */ + $orderField = $request->getParsedBodyParam('order_field'); + /** * Reordering the table has been requested by the user */ - if (isset($_POST['submitorderby']) && ! empty($_POST['order_field'])) { + if ($request->hasBodyParam('submitorderby') && is_string($orderField) && $orderField !== '') { + /** @var mixed $orderOrder */ + $orderOrder = $request->getParsedBodyParam('order_order'); $GLOBALS['sql_query'] = QueryGenerator::getQueryForReorderingTable( $GLOBALS['table'], - urldecode($_POST['order_field']), - $_POST['order_order'] ?? null + urldecode($orderField), + is_string($orderOrder) ? $orderOrder : '' ); $GLOBALS['result'] = $this->dbi->query($GLOBALS['sql_query']); } + /** @var mixed $partitionOperation */ + $partitionOperation = $request->getParsedBodyParam('partition_operation'); + /** * A partition operation has been requested by the user */ - if (isset($_POST['submit_partition']) && ! empty($_POST['partition_operation'])) { + if ( + $request->hasBodyParam('submit_partition') && is_string($partitionOperation) && $partitionOperation !== '' + ) { + /** @var mixed $partitionNames */ + $partitionNames = $request->getParsedBodyParam('partition_name'); $GLOBALS['sql_query'] = QueryGenerator::getQueryForPartitioningTable( $GLOBALS['table'], - $_POST['partition_operation'], - $_POST['partition_name'] + $partitionOperation, + is_array($partitionNames) ? $partitionNames : [] ); $GLOBALS['result'] = $this->dbi->query($GLOBALS['sql_query']); } diff --git a/psalm-baseline.xml b/psalm-baseline.xml index 6fc90734b9..832def3006 100644 --- a/psalm-baseline.xml +++ b/psalm-baseline.xml @@ -3571,9 +3571,6 @@ - - $_POST['partition_name'] - $GLOBALS['create_options']['pack_keys'] $GLOBALS['create_options']['page_checksum'] ?? '' @@ -3583,8 +3580,9 @@ $_message $_message - + $GLOBALS['table_alters'] + is_array($partitionNames) ? $partitionNames : [] $GLOBALS['showtable']['Row_format'] @@ -3622,29 +3620,6 @@ getList - - $_POST['db'] - $_POST['new_name'] - $_POST['new_name'] - $_POST['new_name'] - $_POST['new_tbl_storage_engine'] - $_POST['new_tbl_storage_engine'] - $_POST['order_field'] - $_POST['order_order'] ?? null - $_POST['partition_operation'] - $_POST['tbl_collation'] - - - $_POST['db'] - $_POST['new_name'] - $_POST['new_name'] - $_POST['new_name'] - $_POST['new_tbl_storage_engine'] - $_POST['new_tbl_storage_engine'] - $_POST['order_field'] - $_POST['partition_operation'] - $_POST['tbl_collation'] - -- cgit v1.2.3