Skip to content
Permalink
Browse files

Retrieve parameters from $_POST in db_search.php

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>
  • Loading branch information...
mauriciofauth committed Nov 3, 2018
1 parent 30543ad commit 0be9a53fcfd4131c8737f717371570402b292361
Showing with 20 additions and 20 deletions.
  1. +1 −1 db_search.php
  2. +17 −17 libraries/classes/Database/Search.php
  3. +2 −2 test/classes/Database/SearchTest.php
@@ -54,7 +54,7 @@
}
// Main search form has been submitted, get results
if (isset($_REQUEST['submit_search'])) {
if (isset($_POST['submit_search'])) {
$response->addHTML($db_search->getSearchResults());
}
@@ -109,48 +109,48 @@ private function setSearchParams()
{
$this->tablesNamesOnly = $GLOBALS['dbi']->getTables($this->db);
if (empty($_REQUEST['criteriaSearchType'])
|| ! is_string($_REQUEST['criteriaSearchType'])
if (empty($_POST['criteriaSearchType'])
|| ! is_string($_POST['criteriaSearchType'])
|| ! array_key_exists(
$_REQUEST['criteriaSearchType'],
$_POST['criteriaSearchType'],
$this->searchTypes
)
) {
$this->criteriaSearchType = 1;
unset($_REQUEST['submit_search']);
unset($_POST['submit_search']);
} else {
$this->criteriaSearchType = (int) $_REQUEST['criteriaSearchType'];
$this->criteriaSearchType = (int) $_POST['criteriaSearchType'];
$this->searchTypeDescription
= $this->searchTypes[$_REQUEST['criteriaSearchType']];
= $this->searchTypes[$_POST['criteriaSearchType']];
}
if (empty($_REQUEST['criteriaSearchString'])
|| ! is_string($_REQUEST['criteriaSearchString'])
if (empty($_POST['criteriaSearchString'])
|| ! is_string($_POST['criteriaSearchString'])
) {
$this->criteriaSearchString = '';
unset($_REQUEST['submit_search']);
unset($_POST['submit_search']);
} else {
$this->criteriaSearchString = $_REQUEST['criteriaSearchString'];
$this->criteriaSearchString = $_POST['criteriaSearchString'];
}
$this->criteriaTables = array();
if (empty($_REQUEST['criteriaTables'])
|| ! is_array($_REQUEST['criteriaTables'])
if (empty($_POST['criteriaTables'])
|| ! is_array($_POST['criteriaTables'])
) {
unset($_REQUEST['submit_search']);
unset($_POST['submit_search']);
} else {
$this->criteriaTables = array_intersect(
$_REQUEST['criteriaTables'], $this->tablesNamesOnly
$_POST['criteriaTables'], $this->tablesNamesOnly
);
}
if (empty($_REQUEST['criteriaColumnName'])
|| ! is_string($_REQUEST['criteriaColumnName'])
if (empty($_POST['criteriaColumnName'])
|| ! is_string($_POST['criteriaColumnName'])
) {
unset($this->criteriaColumnName);
} else {
$this->criteriaColumnName = $GLOBALS['dbi']->escapeString(
$_REQUEST['criteriaColumnName']
$_POST['criteriaColumnName']
);
}
}
@@ -91,8 +91,8 @@ private function callProtectedFunction($name, $params)
*/
public function testGetWhereClause($type, $expected)
{
$_REQUEST['criteriaSearchType'] = $type;
$_REQUEST['criteriaSearchString'] = 'search string';
$_POST['criteriaSearchType'] = $type;
$_POST['criteriaSearchString'] = 'search string';
$this->object = new Search('pma_test');
$this->assertEquals(

0 comments on commit 0be9a53

Please sign in to comment.
You can’t perform that action at this time.