Skip to content

Commit

Permalink
Retrieve parameters from $_POST in view create/edit
Browse files Browse the repository at this point in the history 
Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>
  • Loading branch information
@MauricioFauth
MauricioFauth committed Nov 10, 2018
1 parent d0eede7 commit 42561e6
Showing 1 changed file with 30 additions and 31 deletions.
61 changes: 30 additions & 31 deletions view_create.php
View file
Expand Up @@ -9,7 +9,6 @@
*/

use PhpMyAdmin\Core;
use PhpMyAdmin\Url;
use PhpMyAdmin\Response;
use PhpMyAdmin\Template;

Expand Down Expand Up @@ -41,8 +40,8 @@
);

// View name is a compulsory field
if (isset($_REQUEST['view']['name'])
&& empty($_REQUEST['view']['name'])
if (isset($_POST['view']['name'])
&& empty($_POST['view']['name'])
) {
$message = PhpMyAdmin\Message::error(__('View name can not be empty!'));
$response->addJSON(
Expand All @@ -53,61 +52,61 @@
exit;
}

if (isset($_REQUEST['createview']) || isset($_REQUEST['alterview'])) {
if (isset($_POST['createview']) || isset($_POST['alterview'])) {
/**
* Creates the view
*/
$sep = "\r\n";

if (isset($_REQUEST['createview'])) {
if (isset($_POST['createview'])) {
$sql_query = 'CREATE';
if (isset($_REQUEST['view']['or_replace'])) {
if (isset($_POST['view']['or_replace'])) {
$sql_query .= ' OR REPLACE';
}
} else {
$sql_query = 'ALTER';
}

if (Core::isValid($_REQUEST['view']['algorithm'], $view_algorithm_options)) {
$sql_query .= $sep . ' ALGORITHM = ' . $_REQUEST['view']['algorithm'];
if (Core::isValid($_POST['view']['algorithm'], $view_algorithm_options)) {
$sql_query .= $sep . ' ALGORITHM = ' . $_POST['view']['algorithm'];
}

if (! empty($_REQUEST['view']['definer'])) {
if (strpos($_REQUEST['view']['definer'], '@') === false) {
if (! empty($_POST['view']['definer'])) {
if (strpos($_POST['view']['definer'], '@') === false) {
$sql_query .= $sep . 'DEFINER='
. PhpMyAdmin\Util::backquote($_REQUEST['view']['definer']);
. PhpMyAdmin\Util::backquote($_POST['view']['definer']);
} else {
$arr = explode('@', $_REQUEST['view']['definer']);
$arr = explode('@', $_POST['view']['definer']);
$sql_query .= $sep . 'DEFINER=' . PhpMyAdmin\Util::backquote($arr[0]);
$sql_query .= '@' . PhpMyAdmin\Util::backquote($arr[1]) . ' ';
}
}

if (isset($_REQUEST['view']['sql_security'])) {
if (in_array($_REQUEST['view']['sql_security'], $view_security_options)) {
if (isset($_POST['view']['sql_security'])) {
if (in_array($_POST['view']['sql_security'], $view_security_options)) {
$sql_query .= $sep . ' SQL SECURITY '
. $_REQUEST['view']['sql_security'];
. $_POST['view']['sql_security'];
}
}

$sql_query .= $sep . ' VIEW '
. PhpMyAdmin\Util::backquote($_REQUEST['view']['name']);
. PhpMyAdmin\Util::backquote($_POST['view']['name']);

if (! empty($_REQUEST['view']['column_names'])) {
$sql_query .= $sep . ' (' . $_REQUEST['view']['column_names'] . ')';
if (! empty($_POST['view']['column_names'])) {
$sql_query .= $sep . ' (' . $_POST['view']['column_names'] . ')';
}

$sql_query .= $sep . ' AS ' . $_REQUEST['view']['as'];
$sql_query .= $sep . ' AS ' . $_POST['view']['as'];

if (isset($_REQUEST['view']['with'])) {
if (in_array($_REQUEST['view']['with'], $view_with_options)) {
$sql_query .= $sep . ' WITH ' . $_REQUEST['view']['with']
if (isset($_POST['view']['with'])) {
if (in_array($_POST['view']['with'], $view_with_options)) {
$sql_query .= $sep . ' WITH ' . $_POST['view']['with']
. ' CHECK OPTION';
}
}

if (!$GLOBALS['dbi']->tryQuery($sql_query)) {
if (! isset($_REQUEST['ajax_dialog'])) {
if (! isset($_POST['ajax_dialog'])) {
$message = PhpMyAdmin\Message::rawError($GLOBALS['dbi']->getError());
return;
}
Expand All @@ -125,12 +124,12 @@

// If different column names defined for VIEW
$view_columns = array();
if (isset($_REQUEST['view']['column_names'])) {
$view_columns = explode(',', $_REQUEST['view']['column_names']);
if (isset($_POST['view']['column_names'])) {
$view_columns = explode(',', $_POST['view']['column_names']);
}

$column_map = $GLOBALS['dbi']->getColumnMapFromSql(
$_REQUEST['view']['as'], $view_columns
$_POST['view']['as'], $view_columns
);

$systemDb = $GLOBALS['dbi']->getSystemDatabase();
Expand All @@ -143,7 +142,7 @@
// SQL for store new transformation details of VIEW
$new_transformations_sql = $systemDb->getNewTransformationDataSql(
$pma_transformation_data, $column_map,
$_REQUEST['view']['name'], $GLOBALS['db']
$_POST['view']['name'], $GLOBALS['db']
);

// Store new transformations
Expand All @@ -154,7 +153,7 @@
}
unset($pma_transformation_data);

if (! isset($_REQUEST['ajax_dialog'])) {
if (! isset($_POST['ajax_dialog'])) {
$message = PhpMyAdmin\Message::success();
include 'tbl_structure.php';
} else {
Expand Down Expand Up @@ -186,15 +185,15 @@
'with' => '',
);

if (Core::isValid($_REQUEST['view'], 'array')) {
$view = array_merge($view, $_REQUEST['view']);
if (Core::isValid($_POST['view'], 'array')) {
$view = array_merge($view, $_POST['view']);
}

$url_params['db'] = $GLOBALS['db'];
$url_params['reload'] = 1;

echo Template::get('view_create')->render([
'ajax_dialog' => isset($_REQUEST['ajax_dialog']),
'ajax_dialog' => isset($_POST['ajax_dialog']),
'text_dir' => $text_dir,
'url_params' => $url_params,
'view' => $view,
Expand Down

0 comments on commit 42561e6

Please sign in to comment.