Retrieve parameters from $_POST in insert/edit pages

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

libraries/classes/InsertEdit.php

@@ -79,8 +79,8 @@ public function getFormParametersForInsertForm(
                 $_form_params['where_clause[' . $key_id . ']'] = trim($where_clause);
             }
         }
-        if (isset($_REQUEST['clause_is_unique'])) {
-            $_form_params['clause_is_unique'] = $_REQUEST['clause_is_unique'];
+        if (isset($_POST['clause_is_unique'])) {
+            $_form_params['clause_is_unique'] = $_POST['clause_is_unique'];
         }
         return $_form_params;
     }
@@ -280,13 +280,13 @@ public function showTypeOrFunction($which, array $url_params, $is_show)
         $this_url_params = array_merge($url_params, $params);
 
         if (! $is_show) {
-            return ' : <a href="tbl_change.php'
-                . Url::getCommon($this_url_params) . '">'
+            return ' : <a href="tbl_change.php" data-post="'
+                . Url::getCommon($this_url_params, '') . '">'
                 . $this->showTypeOrFunctionLabel($which)
                 . '</a>';
         }
-        return '<th><a href="tbl_change.php'
-            . Url::getCommon($this_url_params)
+        return '<th><a href="tbl_change.php" data-post="'
+            . Url::getCommon($this_url_params, '')
             . '" title="' . __('Hide') . '">'
             . $this->showTypeOrFunctionLabel($which)
             . '</a></th>';
@@ -1120,7 +1120,7 @@ private function getDropDownDependingOnLength(
             $html_output .= '<option value="' . $enum_value['html'] . '"';
             if ($data == $enum_value['plain']
                 || ($data == ''
-                && (! isset($_REQUEST['where_clause']) || $column['Null'] != 'YES')
+                && (! isset($_POST['where_clause']) || $column['Null'] != 'YES')
                 && isset($column['Default'])
                 && $enum_value['plain'] == $column['Default'])
             ) {
@@ -1176,7 +1176,7 @@ private function getRadioButtonDependingOnLength(
                 . ' ' . $onChangeClause;
             if ($data == $enum_value['plain']
                 || ($data == ''
-                && (! isset($_REQUEST['where_clause']) || $column['Null'] != 'YES')
+                && (! isset($_POST['where_clause']) || $column['Null'] != 'YES')
                 && isset($column['Default'])
                 && $enum_value['plain'] == $column['Default'])
             ) {
@@ -1737,7 +1737,7 @@ public function getContinueInsertionForm(
             'err_url' => $err_url,
             'goto' => $GLOBALS['goto'],
             'sql_query' => isset($_POST['sql_query']) ? $_POST['sql_query'] : null,
-            'has_where_clause' => isset($_REQUEST['where_clause']),
+            'has_where_clause' => isset($_POST['where_clause']),
             'insert_rows_default' => $GLOBALS['cfg']['InsertRows'],
         ]);
     }
@@ -2019,8 +2019,8 @@ private function getSpecialCharsAndBackupFieldForExistingRow(
 
         //when copying row, it is useful to empty auto-increment column
         // to prevent duplicate key error
-        if (isset($_REQUEST['default_action'])
-            && $_REQUEST['default_action'] === 'insert'
+        if (isset($_POST['default_action'])
+            && $_POST['default_action'] === 'insert'
         ) {
             if ($column['Key'] === 'PRI'
                 && mb_strpos($column['Extra'], 'auto_increment') !== false
@@ -2099,29 +2099,29 @@ private function getSpecialCharsAndBackupFieldForInsertingMode(
      */
     public function getParamsForUpdateOrInsert()
     {
-        if (isset($_REQUEST['where_clause'])) {
+        if (isset($_POST['where_clause'])) {
             // we were editing something => use the WHERE clause
-            $loop_array = is_array($_REQUEST['where_clause'])
-                ? $_REQUEST['where_clause']
-                : array($_REQUEST['where_clause']);
+            $loop_array = is_array($_POST['where_clause'])
+                ? $_POST['where_clause']
+                : array($_POST['where_clause']);
             $using_key  = true;
-            $is_insert  = isset($_REQUEST['submit_type'])
-                          && ($_REQUEST['submit_type'] == 'insert'
-                          || $_REQUEST['submit_type'] == 'showinsert'
-                          || $_REQUEST['submit_type'] == 'insertignore');
+            $is_insert  = isset($_POST['submit_type'])
+                          && ($_POST['submit_type'] == 'insert'
+                          || $_POST['submit_type'] == 'showinsert'
+                          || $_POST['submit_type'] == 'insertignore');
         } else {
             // new row => use indexes
             $loop_array = array();
-            if (! empty($_REQUEST['fields'])) {
-                foreach ($_REQUEST['fields']['multi_edit'] as $key => $dummy) {
+            if (! empty($_POST['fields'])) {
+                foreach ($_POST['fields']['multi_edit'] as $key => $dummy) {
                     $loop_array[] = $key;
                 }
             }
             $using_key  = false;
             $is_insert  = true;
         }
-        $is_insertignore  = isset($_REQUEST['submit_type'])
-            && $_REQUEST['submit_type'] == 'insertignore';
+        $is_insertignore  = isset($_POST['submit_type'])
+            && $_POST['submit_type'] == 'insertignore';
         return array($loop_array, $using_key, $is_insert, $is_insertignore);
     }
 
@@ -2133,11 +2133,11 @@ public function getParamsForUpdateOrInsert()
      */
     public function isInsertRow()
     {
-        if (isset($_REQUEST['insert_rows'])
-            && is_numeric($_REQUEST['insert_rows'])
-            && $_REQUEST['insert_rows'] != $GLOBALS['cfg']['InsertRows']
+        if (isset($_POST['insert_rows'])
+            && is_numeric($_POST['insert_rows'])
+            && $_POST['insert_rows'] != $GLOBALS['cfg']['InsertRows']
         ) {
-            $GLOBALS['cfg']['InsertRows'] = $_REQUEST['insert_rows'];
+            $GLOBALS['cfg']['InsertRows'] = $_POST['insert_rows'];
             $response = Response::getInstance();
             $header = $response->getHeader();
             $scripts = $header->getScripts();
@@ -2197,8 +2197,8 @@ public function setSessionForEditNext($one_where_clause)
     public function getGotoInclude($goto_include)
     {
         $valid_options = array('new_insert', 'same_insert', 'edit_next');
-        if (isset($_REQUEST['after_insert'])
-            && in_array($_REQUEST['after_insert'], $valid_options)
+        if (isset($_POST['after_insert'])
+            && in_array($_POST['after_insert'], $valid_options)
         ) {
             $goto_include = 'tbl_change.php';
         } elseif (! empty($GLOBALS['goto'])) {
@@ -2232,8 +2232,8 @@ public function getGotoInclude($goto_include)
      */
     public function getErrorUrl(array $url_params)
     {
-        if (isset($_REQUEST['err_url'])) {
-            return $_REQUEST['err_url'];
+        if (isset($_POST['err_url'])) {
+            return $_POST['err_url'];
         }
 
         return 'tbl_change.php' . Url::getCommon($url_params);
@@ -2242,7 +2242,7 @@ public function getErrorUrl(array $url_params)
     /**
      * Builds the sql query
      *
-     * @param boolean $is_insertignore $_REQUEST['submit_type'] == 'insertignore'
+     * @param boolean $is_insertignore $_POST['submit_type'] == 'insertignore'
      * @param array   $query_fields    column names array
      * @param array   $value_sets      array of query values
      *
@@ -2292,7 +2292,7 @@ public function executeSqlQuery(array $url_params, array $query)
         $error_messages = array();
 
         foreach ($query as $single_query) {
-            if ($_REQUEST['submit_type'] == 'showinsert') {
+            if ($_POST['submit_type'] == 'showinsert') {
                 $last_messages[] = Message::notice(__('Showing SQL query'));
                 continue;
             }
@@ -2482,7 +2482,7 @@ public function transformEditedValues(
             $_url_params = array(
                 'db'            => $db,
                 'table'         => $table,
-                'where_clause'  => $_REQUEST['where_clause'],
+                'where_clause'  => $_POST['where_clause'],
                 'transform_key' => $column_name
             );
             $transform_options = Transformations::getOptions(
@@ -2719,10 +2719,10 @@ public function getCurrentValueForDifferentTypes(
                     $current_value = "''";
                 }
             } elseif ($type == 'set') {
-                if (! empty($_REQUEST['fields']['multi_edit'][$rownumber][$key])) {
+                if (! empty($_POST['fields']['multi_edit'][$rownumber][$key])) {
                     $current_value = implode(
                         ',',
-                        $_REQUEST['fields']['multi_edit'][$rownumber][$key]
+                        $_POST['fields']['multi_edit'][$rownumber][$key]
                     );
                     $current_value = "'"
                         . $this->dbi->escapeString($current_value) . "'";
@@ -2803,7 +2803,7 @@ public function verifyWhetherValueCanBeTruncatedAndAppendExtraData(
             . Util::backquote($column_name)
             . ' FROM ' . Util::backquote($db) . '.'
             . Util::backquote($table)
-            . ' WHERE ' . $_REQUEST['where_clause'][0];
+            . ' WHERE ' . $_POST['where_clause'][0];
 
         $result = $this->dbi->tryQuery($sql_for_real_value);
         $fields_meta = $this->dbi->getFieldsMeta($result);
@@ -2849,23 +2849,23 @@ public function getTableColumns($db, $table)
      */
     public function determineInsertOrEdit($where_clause, $db, $table)
     {
-        if (isset($_REQUEST['where_clause'])) {
-            $where_clause = $_REQUEST['where_clause'];
+        if (isset($_POST['where_clause'])) {
+            $where_clause = $_POST['where_clause'];
         }
         if (isset($_SESSION['edit_next'])) {
             $where_clause = $_SESSION['edit_next'];
             unset($_SESSION['edit_next']);
             $after_insert = 'edit_next';
         }
-        if (isset($_REQUEST['ShowFunctionFields'])) {
-            $GLOBALS['cfg']['ShowFunctionFields'] = $_REQUEST['ShowFunctionFields'];
+        if (isset($_POST['ShowFunctionFields'])) {
+            $GLOBALS['cfg']['ShowFunctionFields'] = $_POST['ShowFunctionFields'];
         }
-        if (isset($_REQUEST['ShowFieldTypesInDataEditView'])) {
+        if (isset($_POST['ShowFieldTypesInDataEditView'])) {
             $GLOBALS['cfg']['ShowFieldTypesInDataEditView']
-                = $_REQUEST['ShowFieldTypesInDataEditView'];
+                = $_POST['ShowFieldTypesInDataEditView'];
         }
-        if (isset($_REQUEST['after_insert'])) {
-            $after_insert = $_REQUEST['after_insert'];
+        if (isset($_POST['after_insert'])) {
+            $after_insert = $_POST['after_insert'];
         }
 
         if (isset($where_clause)) {
@@ -2890,8 +2890,8 @@ public function determineInsertOrEdit($where_clause, $db, $table)
 
         // Copying a row - fetched data will be inserted as a new row,
         // therefore the where clause is needless.
-        if (isset($_REQUEST['default_action'])
-            && $_REQUEST['default_action'] === 'insert'
+        if (isset($_POST['default_action'])
+            && $_POST['default_action'] === 'insert'
         ) {
             $where_clause = $where_clauses = null;
         }