Skip to content
Permalink
Browse files

Retrieve parameters from $_POST in sql pages

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>
  • Loading branch information...
mauriciofauth committed Aug 23, 2018
1 parent b4e1862 commit 5109c1787e111a87521db94c93d4cb2c46cc29f4
Showing with 42 additions and 42 deletions.
  1. +2 −2 db_sql.php
  2. +6 −6 libraries/classes/Display/Results.php
  3. +25 −25 libraries/classes/Sql.php
  4. +7 −7 sql.php
  5. +2 −2 tbl_sql.php
@@ -39,8 +39,8 @@
$response->addHTML(
SqlQueryForm::getHtml(
true, false,
isset($_REQUEST['delimiter'])
? htmlspecialchars($_REQUEST['delimiter'])
isset($_POST['delimiter'])
? htmlspecialchars($_POST['delimiter'])
: ';'
)
);
@@ -3939,13 +3939,13 @@ public function setConfigParamsForDisplayTable()
}
// as this is a form value, the type is always string so we cannot
// use Core::isValid($_REQUEST['session_max_rows'], 'integer')
if (Core::isValid($_REQUEST['session_max_rows'], 'numeric')) {
$query['max_rows'] = (int)$_REQUEST['session_max_rows'];
unset($_REQUEST['session_max_rows']);
} elseif ($_REQUEST['session_max_rows'] == self::ALL_ROWS) {
// use Core::isValid($_POST['session_max_rows'], 'integer')
if (Core::isValid($_POST['session_max_rows'], 'numeric')) {
$query['max_rows'] = (int)$_POST['session_max_rows'];
unset($_POST['session_max_rows']);
} elseif ($_POST['session_max_rows'] == self::ALL_ROWS) {
$query['max_rows'] = self::ALL_ROWS;
unset($_REQUEST['session_max_rows']);
unset($_POST['session_max_rows']);
} elseif (empty($query['max_rows'])) {
$query['max_rows'] = intval($GLOBALS['cfg']['MaxRows']);
}
@@ -219,7 +219,7 @@ private function getHtmlForRelationalColumnDropdown($db, $table, $column, $curr_
);
$dropdown = '<span class="curr_value">'
. htmlspecialchars($_REQUEST['curr_value'])
. htmlspecialchars($_POST['curr_value'])
. '</span>'
. '<a href="browse_foreigners.php'
. Url::getCommon($_url_params) . '"'
@@ -471,9 +471,9 @@ private function getHtmlForSetColumn($db, $table, $column, $curr_value)
$values = $this->getValuesForColumn($db, $table, $column);
$dropdown = '';
$full_values =
isset($_REQUEST['get_full_values']) ? $_REQUEST['get_full_values'] : false;
isset($_POST['get_full_values']) ? $_POST['get_full_values'] : false;
$where_clause =
isset($_REQUEST['where_clause']) ? $_REQUEST['where_clause'] : null;
isset($_POST['where_clause']) ? $_POST['where_clause'] : null;
// If the $curr_value was truncated, we should
// fetch the correct full values from the table
@@ -744,7 +744,7 @@ public function hasNoRightsToDropDatabase(array $analyzed_sql_results,
*/
private function setColumnProperty($pmatable, $request_index)
{
$property_value = array_map('intval', explode(',', $_REQUEST[$request_index]));
$property_value = array_map('intval', explode(',', $_POST[$request_index]));
switch($request_index) {
case 'col_order':
$property_to_set = Table::PROP_COLUMN_ORDER;
@@ -758,7 +758,7 @@ private function setColumnProperty($pmatable, $request_index)
$retval = $pmatable->setUiProp(
$property_to_set,
$property_value,
$_REQUEST['table_create_time']
$_POST['table_create_time']
);
if (gettype($retval) != 'boolean') {
$response = Response::getInstance();
@@ -784,12 +784,12 @@ public function setColumnOrderOrVisibility($table, $db)
$retval = false;
// set column order
if (isset($_REQUEST['col_order'])) {
if (isset($_POST['col_order'])) {
$retval = $this->setColumnProperty($pmatable, 'col_order');
}
// set column visibility
if ($retval === true && isset($_REQUEST['col_visib'])) {
if ($retval === true && isset($_POST['col_visib'])) {
$retval = $this->setColumnProperty($pmatable, 'col_visib');
}
@@ -866,14 +866,14 @@ public function findRealEndOfRows($db, $table)
*/
public function getRelationalValues($db, $table)
{
$column = $_REQUEST['column'];
$column = $_POST['column'];
if ($_SESSION['tmpval']['relational_display'] == 'D'
&& isset($_REQUEST['relation_key_or_display_column'])
&& $_REQUEST['relation_key_or_display_column']
&& isset($_POST['relation_key_or_display_column'])
&& $_POST['relation_key_or_display_column']
) {
$curr_value = $_REQUEST['relation_key_or_display_column'];
$curr_value = $_POST['relation_key_or_display_column'];
} else {
$curr_value = $_REQUEST['curr_value'];
$curr_value = $_POST['curr_value'];
}
$dropdown = $this->getHtmlForRelationalColumnDropdown(
$db, $table, $column, $curr_value
@@ -894,8 +894,8 @@ public function getRelationalValues($db, $table)
*/
public function getEnumOrSetValues($db, $table, $columnType)
{
$column = $_REQUEST['column'];
$curr_value = $_REQUEST['curr_value'];
$column = $_POST['column'];
$curr_value = $_POST['curr_value'];
$response = Response::getInstance();
if ($columnType == "enum") {
$dropdown = $this->getHtmlForEnumColumnDropdown(
@@ -1309,11 +1309,11 @@ private function executeTheQuery(array $analyzed_sql_results, $full_sql_query, $
$this->cleanupRelations(
isset($db) ? $db : '',
isset($table) ? $table : '',
isset($_REQUEST['dropped_column']) ? $_REQUEST['dropped_column'] : null,
isset($_REQUEST['purge']) ? $_REQUEST['purge'] : null
isset($_POST['dropped_column']) ? $_POST['dropped_column'] : null,
isset($_POST['purge']) ? $_POST['purge'] : null
);
if (isset($_REQUEST['dropped_column'])
if (isset($_POST['dropped_column'])
&& strlen($db) > 0
&& strlen($table) > 0
) {
@@ -1429,7 +1429,7 @@ private function getMessageForNoRowsReturned($message_to_show,
}
// In case of ROLLBACK, notify the user.
if (isset($_REQUEST['rollback_query'])) {
if (isset($_POST['rollback_query'])) {
$message->addText(__('[ROLLBACK occurred.]'));
}
@@ -1639,9 +1639,9 @@ private function getHtmlForSqlQueryResultsTable($displayResultsObject,
$editable, $unlim_num_rows, $num_rows, $showtable, $result,
array $analyzed_sql_results, $is_limited_display = false
) {
$printview = isset($_REQUEST['printview']) && $_REQUEST['printview'] == '1' ? '1' : null;
$printview = isset($_POST['printview']) && $_POST['printview'] == '1' ? '1' : null;
$table_html = '';
$browse_dist = ! empty($_REQUEST['is_browse_distinct']);
$browse_dist = ! empty($_POST['is_browse_distinct']);
if ($analyzed_sql_results['is_procedure']) {
@@ -1887,7 +1887,7 @@ private function getQueryResponseForResultsReturned($result, array $analyzed_sql
) {
// If we are retrieving the full value of a truncated field or the original
// value of a transformed field, show it here
if (isset($_REQUEST['grid_edit']) && $_REQUEST['grid_edit'] == true) {
if (isset($_POST['grid_edit']) && $_POST['grid_edit'] == true) {
$this->sendResponseForGridEdit($result);
// script has exited at this point
}
@@ -1965,7 +1965,7 @@ private function getQueryResponseForResultsReturned($result, array $analyzed_sql
);
}
if (isset($_REQUEST['printview']) && $_REQUEST['printview'] == '1') {
if (isset($_POST['printview']) && $_POST['printview'] == '1') {
$displayParts = array(
'edit_lnk' => $displayResultsObject::NO_EDIT_OR_DELETE,
'del_lnk' => $displayResultsObject::NO_EDIT_OR_DELETE,
@@ -1977,7 +1977,7 @@ private function getQueryResponseForResultsReturned($result, array $analyzed_sql
);
}
if (isset($_REQUEST['table_maintenance'])) {
if (isset($_POST['table_maintenance'])) {
$scripts->addFile('makegrid.js');
$scripts->addFile('sql.js');
$table_maintenance_html = '';
@@ -1999,7 +1999,7 @@ private function getQueryResponseForResultsReturned($result, array $analyzed_sql
}
}
if (!isset($_REQUEST['printview']) || $_REQUEST['printview'] != '1') {
if (!isset($_POST['printview']) || $_POST['printview'] != '1') {
$scripts->addFile('makegrid.js');
$scripts->addFile('sql.js');
unset($GLOBALS['message']);
@@ -2177,7 +2177,7 @@ public function executeQueryAndGetQueryResponse(array $analyzed_sql_results,
if (! empty($analyzed_sql_results)
&& $this->isRememberSortingOrder($analyzed_sql_results)
&& empty($analyzed_sql_results['union'])
&& ! isset($_REQUEST['sort_by_key'])
&& ! isset($_POST['sort_by_key'])
) {
if (! isset($_SESSION['sql_from_query_box'])) {
$this->handleSortOrder($db, $table, $analyzed_sql_results, $sql_query);
14 sql.php
@@ -79,28 +79,28 @@
}
// During grid edit, if we have a relational field, show the dropdown for it.
if (isset($_REQUEST['get_relational_values'])
&& $_REQUEST['get_relational_values'] == true
if (isset($_POST['get_relational_values'])
&& $_POST['get_relational_values'] == true
) {
$sql->getRelationalValues($db, $table);
// script has exited at this point
}
// Just like above, find possible values for enum fields during grid edit.
if (isset($_REQUEST['get_enum_values']) && $_REQUEST['get_enum_values'] == true) {
if (isset($_POST['get_enum_values']) && $_POST['get_enum_values'] == true) {
$sql->getEnumOrSetValues($db, $table, "enum");
// script has exited at this point
}
// Find possible values for set fields during grid edit.
if (isset($_REQUEST['get_set_values']) && $_REQUEST['get_set_values'] == true) {
if (isset($_POST['get_set_values']) && $_POST['get_set_values'] == true) {
$sql->getEnumOrSetValues($db, $table, "set");
// script has exited at this point
}
if (isset($_REQUEST['get_default_fk_check_value'])
&& $_REQUEST['get_default_fk_check_value'] == true
if (isset($_GET['get_default_fk_check_value'])
&& $_GET['get_default_fk_check_value'] == true
) {
$response = Response::getInstance();
$response->addJSON(
@@ -112,7 +112,7 @@
/**
* Check ajax request to set the column order and visibility
*/
if (isset($_REQUEST['set_col_prefs']) && $_REQUEST['set_col_prefs'] == true) {
if (isset($_POST['set_col_prefs']) && $_POST['set_col_prefs'] == true) {
$sql->setColumnOrderOrVisibility($table, $db);
// script has exited at this point
}
@@ -41,8 +41,8 @@
$response->addHTML(
SqlQueryForm::getHtml(
true, false,
isset($_REQUEST['delimiter'])
? htmlspecialchars($_REQUEST['delimiter'])
isset($_POST['delimiter'])
? htmlspecialchars($_POST['delimiter'])
: ';'
)
);

0 comments on commit 5109c17

Please sign in to comment.
You can’t perform that action at this time.