From 42561e689613e6712920bada4e2f957a96252f97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maur=C3=ADcio=20Meneghini=20Fauth?= Date: Mon, 16 Jul 2018 12:05:41 -0300 Subject: [PATCH] Retrieve parameters from $_POST in view create/edit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: MaurĂ­cio Meneghini Fauth --- view_create.php | 61 ++++++++++++++++++++++++------------------------- 1 file changed, 30 insertions(+), 31 deletions(-) diff --git a/view_create.php b/view_create.php index 0a25ced57cba..d0e9b381bb56 100644 --- a/view_create.php +++ b/view_create.php @@ -9,7 +9,6 @@ */ use PhpMyAdmin\Core; -use PhpMyAdmin\Url; use PhpMyAdmin\Response; use PhpMyAdmin\Template; @@ -41,8 +40,8 @@ ); // View name is a compulsory field -if (isset($_REQUEST['view']['name']) - && empty($_REQUEST['view']['name']) +if (isset($_POST['view']['name']) + && empty($_POST['view']['name']) ) { $message = PhpMyAdmin\Message::error(__('View name can not be empty!')); $response->addJSON( @@ -53,61 +52,61 @@ exit; } -if (isset($_REQUEST['createview']) || isset($_REQUEST['alterview'])) { +if (isset($_POST['createview']) || isset($_POST['alterview'])) { /** * Creates the view */ $sep = "\r\n"; - if (isset($_REQUEST['createview'])) { + if (isset($_POST['createview'])) { $sql_query = 'CREATE'; - if (isset($_REQUEST['view']['or_replace'])) { + if (isset($_POST['view']['or_replace'])) { $sql_query .= ' OR REPLACE'; } } else { $sql_query = 'ALTER'; } - if (Core::isValid($_REQUEST['view']['algorithm'], $view_algorithm_options)) { - $sql_query .= $sep . ' ALGORITHM = ' . $_REQUEST['view']['algorithm']; + if (Core::isValid($_POST['view']['algorithm'], $view_algorithm_options)) { + $sql_query .= $sep . ' ALGORITHM = ' . $_POST['view']['algorithm']; } - if (! empty($_REQUEST['view']['definer'])) { - if (strpos($_REQUEST['view']['definer'], '@') === false) { + if (! empty($_POST['view']['definer'])) { + if (strpos($_POST['view']['definer'], '@') === false) { $sql_query .= $sep . 'DEFINER=' - . PhpMyAdmin\Util::backquote($_REQUEST['view']['definer']); + . PhpMyAdmin\Util::backquote($_POST['view']['definer']); } else { - $arr = explode('@', $_REQUEST['view']['definer']); + $arr = explode('@', $_POST['view']['definer']); $sql_query .= $sep . 'DEFINER=' . PhpMyAdmin\Util::backquote($arr[0]); $sql_query .= '@' . PhpMyAdmin\Util::backquote($arr[1]) . ' '; } } - if (isset($_REQUEST['view']['sql_security'])) { - if (in_array($_REQUEST['view']['sql_security'], $view_security_options)) { + if (isset($_POST['view']['sql_security'])) { + if (in_array($_POST['view']['sql_security'], $view_security_options)) { $sql_query .= $sep . ' SQL SECURITY ' - . $_REQUEST['view']['sql_security']; + . $_POST['view']['sql_security']; } } $sql_query .= $sep . ' VIEW ' - . PhpMyAdmin\Util::backquote($_REQUEST['view']['name']); + . PhpMyAdmin\Util::backquote($_POST['view']['name']); - if (! empty($_REQUEST['view']['column_names'])) { - $sql_query .= $sep . ' (' . $_REQUEST['view']['column_names'] . ')'; + if (! empty($_POST['view']['column_names'])) { + $sql_query .= $sep . ' (' . $_POST['view']['column_names'] . ')'; } - $sql_query .= $sep . ' AS ' . $_REQUEST['view']['as']; + $sql_query .= $sep . ' AS ' . $_POST['view']['as']; - if (isset($_REQUEST['view']['with'])) { - if (in_array($_REQUEST['view']['with'], $view_with_options)) { - $sql_query .= $sep . ' WITH ' . $_REQUEST['view']['with'] + if (isset($_POST['view']['with'])) { + if (in_array($_POST['view']['with'], $view_with_options)) { + $sql_query .= $sep . ' WITH ' . $_POST['view']['with'] . ' CHECK OPTION'; } } if (!$GLOBALS['dbi']->tryQuery($sql_query)) { - if (! isset($_REQUEST['ajax_dialog'])) { + if (! isset($_POST['ajax_dialog'])) { $message = PhpMyAdmin\Message::rawError($GLOBALS['dbi']->getError()); return; } @@ -125,12 +124,12 @@ // If different column names defined for VIEW $view_columns = array(); - if (isset($_REQUEST['view']['column_names'])) { - $view_columns = explode(',', $_REQUEST['view']['column_names']); + if (isset($_POST['view']['column_names'])) { + $view_columns = explode(',', $_POST['view']['column_names']); } $column_map = $GLOBALS['dbi']->getColumnMapFromSql( - $_REQUEST['view']['as'], $view_columns + $_POST['view']['as'], $view_columns ); $systemDb = $GLOBALS['dbi']->getSystemDatabase(); @@ -143,7 +142,7 @@ // SQL for store new transformation details of VIEW $new_transformations_sql = $systemDb->getNewTransformationDataSql( $pma_transformation_data, $column_map, - $_REQUEST['view']['name'], $GLOBALS['db'] + $_POST['view']['name'], $GLOBALS['db'] ); // Store new transformations @@ -154,7 +153,7 @@ } unset($pma_transformation_data); - if (! isset($_REQUEST['ajax_dialog'])) { + if (! isset($_POST['ajax_dialog'])) { $message = PhpMyAdmin\Message::success(); include 'tbl_structure.php'; } else { @@ -186,15 +185,15 @@ 'with' => '', ); -if (Core::isValid($_REQUEST['view'], 'array')) { - $view = array_merge($view, $_REQUEST['view']); +if (Core::isValid($_POST['view'], 'array')) { + $view = array_merge($view, $_POST['view']); } $url_params['db'] = $GLOBALS['db']; $url_params['reload'] = 1; echo Template::get('view_create')->render([ - 'ajax_dialog' => isset($_REQUEST['ajax_dialog']), + 'ajax_dialog' => isset($_POST['ajax_dialog']), 'text_dir' => $text_dir, 'url_params' => $url_params, 'view' => $view,