Skip to content
Permalink
Browse files

Retrieve parameters from $_POST in database QBE

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>
  • Loading branch information...
mauriciofauth committed Jul 20, 2018
1 parent 9219b28 commit 6c03ebad38a64ac1c53f9bae9e9c2d5e0d556bfd
Showing with 62 additions and 62 deletions.
  1. +18 −18 db_qbe.php
  2. +44 −44 libraries/classes/Database/Qbe.php
@@ -37,36 +37,36 @@
//Get saved search list.
$savedSearch = new SavedSearches($GLOBALS);
$savedSearch->setUsername($GLOBALS['cfg']['Server']['user'])
->setDbname($_REQUEST['db']);
->setDbname($GLOBALS['db']);
if (!empty($_REQUEST['searchId'])) {
$savedSearch->setId($_REQUEST['searchId']);
if (!empty($_POST['searchId'])) {
$savedSearch->setId($_POST['searchId']);
}
//Action field is sent.
if (isset($_REQUEST['action'])) {
$savedSearch->setSearchName($_REQUEST['searchName']);
if ('create' === $_REQUEST['action']) {
if (isset($_POST['action'])) {
$savedSearch->setSearchName($_POST['searchName']);
if ('create' === $_POST['action']) {
$saveResult = $savedSearch->setId(null)
->setCriterias($_REQUEST)
->setCriterias($_POST)
->save();
} elseif ('update' === $_REQUEST['action']) {
$saveResult = $savedSearch->setCriterias($_REQUEST)
} elseif ('update' === $_POST['action']) {
$saveResult = $savedSearch->setCriterias($_POST)
->save();
} elseif ('delete' === $_REQUEST['action']) {
} elseif ('delete' === $_POST['action']) {
$deleteResult = $savedSearch->delete();
//After deletion, reset search.
$savedSearch = new SavedSearches($GLOBALS);
$savedSearch->setUsername($GLOBALS['cfg']['Server']['user'])
->setDbname($_REQUEST['db']);
$_REQUEST = array();
} elseif ('load' === $_REQUEST['action']) {
if (empty($_REQUEST['searchId'])) {
->setDbname($GLOBALS['db']);
$_POST = array();
} elseif ('load' === $_POST['action']) {
if (empty($_POST['searchId'])) {
//when not loading a search, reset the object.
$savedSearch = new SavedSearches($GLOBALS);
$savedSearch->setUsername($GLOBALS['cfg']['Server']['user'])
->setDbname($_REQUEST['db']);
$_REQUEST = array();
->setDbname($GLOBALS['db']);
$_POST = array();
} else {
$loadResult = $savedSearch->load();
}
@@ -82,7 +82,7 @@
* A query has been submitted -> (maybe) execute it
*/
$message_to_display = false;
if (isset($_REQUEST['submit_sql']) && ! empty($sql_query)) {
if (isset($_POST['submit_sql']) && ! empty($sql_query)) {
if (! preg_match('@^SELECT@i', $sql_query)) {
$message_to_display = true;
} else {
@@ -91,7 +91,7 @@
$sql->executeQueryAndSendQueryResponse(
null, // analyzed_sql_results
false, // is_gotofile
$_REQUEST['db'], // db
$_POST['db'], // db
null, // table
false, // find_real_end
null, // sql_query_for_bookmark
@@ -254,7 +254,7 @@ private function _loadCriterias()
}
$criterias = $this->_currentSearch->getCriterias();
$_REQUEST = $criterias + $_REQUEST;
$_POST = $criterias + $_POST;
return $this;
}
@@ -279,34 +279,34 @@ private function _setSearchParams()
$criteriaColumnCount = $this->_initializeCriteriasCount();
$this->_criteriaColumnInsert = Core::ifSetOr(
$_REQUEST['criteriaColumnInsert'],
$_POST['criteriaColumnInsert'],
null,
'array'
);
$this->_criteriaColumnDelete = Core::ifSetOr(
$_REQUEST['criteriaColumnDelete'],
$_POST['criteriaColumnDelete'],
null,
'array'
);
$this->_prev_criteria = isset($_REQUEST['prev_criteria'])
? $_REQUEST['prev_criteria']
$this->_prev_criteria = isset($_POST['prev_criteria'])
? $_POST['prev_criteria']
: array();
$this->_criteria = isset($_REQUEST['criteria'])
? $_REQUEST['criteria']
$this->_criteria = isset($_POST['criteria'])
? $_POST['criteria']
: array_fill(0, $criteriaColumnCount, '');
$this->_criteriaRowInsert = isset($_REQUEST['criteriaRowInsert'])
? $_REQUEST['criteriaRowInsert']
$this->_criteriaRowInsert = isset($_POST['criteriaRowInsert'])
? $_POST['criteriaRowInsert']
: array_fill(0, $criteriaColumnCount, '');
$this->_criteriaRowDelete = isset($_REQUEST['criteriaRowDelete'])
? $_REQUEST['criteriaRowDelete']
$this->_criteriaRowDelete = isset($_POST['criteriaRowDelete'])
? $_POST['criteriaRowDelete']
: array_fill(0, $criteriaColumnCount, '');
$this->_criteriaAndOrRow = isset($_REQUEST['criteriaAndOrRow'])
? $_REQUEST['criteriaAndOrRow']
$this->_criteriaAndOrRow = isset($_POST['criteriaAndOrRow'])
? $_POST['criteriaAndOrRow']
: array_fill(0, $criteriaColumnCount, '');
$this->_criteriaAndOrColumn = isset($_REQUEST['criteriaAndOrColumn'])
? $_REQUEST['criteriaAndOrColumn']
$this->_criteriaAndOrColumn = isset($_POST['criteriaAndOrColumn'])
? $_POST['criteriaAndOrColumn']
: array_fill(0, $criteriaColumnCount, '');
// sets minimum width
$this->_form_column_width = 12;
@@ -326,8 +326,8 @@ private function _setSearchParams()
private function _setCriteriaTablesAndColumns()
{
// The tables list sent by a previously submitted form
if (Core::isValid($_REQUEST['TableList'], 'array')) {
foreach ($_REQUEST['TableList'] as $each_table) {
if (Core::isValid($_POST['TableList'], 'array')) {
foreach ($_POST['TableList'] as $each_table) {
$this->_criteriaTables[$each_table] = ' selected="selected"';
}
} // end if
@@ -346,7 +346,7 @@ private function _setCriteriaTablesAndColumns()
$columns = $GLOBALS['dbi']->getColumns($this->_db, $table);
if (empty($this->_criteriaTables[$table])
&& ! empty($_REQUEST['TableList'])
&& ! empty($_POST['TableList'])
) {
$this->_criteriaTables[$table] = '';
} else {
@@ -475,10 +475,10 @@ private function _getColumnNamesRow()
continue;
}
$selected = '';
if (isset($_REQUEST['criteriaColumn'][$column_index])) {
$selected = $_REQUEST['criteriaColumn'][$column_index];
if (isset($_POST['criteriaColumn'][$column_index])) {
$selected = $_POST['criteriaColumn'][$column_index];
$this->_formColumns[$new_column_count]
= $_REQUEST['criteriaColumn'][$column_index];
= $_POST['criteriaColumn'][$column_index];
}
$html_output .= $this->_showColumnSelectCell(
$new_column_count,
@@ -526,10 +526,10 @@ private function _getColumnAliasRow()
}
$tmp_alias = '';
if (! empty($_REQUEST['criteriaAlias'][$colInd])) {
if (! empty($_POST['criteriaAlias'][$colInd])) {
$tmp_alias
= $this->_formAliases[$new_column_count]
= $_REQUEST['criteriaAlias'][$colInd];
= $_POST['criteriaAlias'][$colInd];
}// end if
$html_output .= '<td class="center">';
@@ -575,21 +575,21 @@ private function _getSortRow()
}
// If they have chosen all fields using the * selector,
// then sorting is not available, Fix for Bug #570698
if (isset($_REQUEST['criteriaSort'][$colInd])
&& isset($_REQUEST['criteriaColumn'][$colInd])
&& mb_substr($_REQUEST['criteriaColumn'][$colInd], -2) == '.*'
if (isset($_POST['criteriaSort'][$colInd])
&& isset($_POST['criteriaColumn'][$colInd])
&& mb_substr($_POST['criteriaColumn'][$colInd], -2) == '.*'
) {
$_REQUEST['criteriaSort'][$colInd] = '';
$_POST['criteriaSort'][$colInd] = '';
} //end if
$selected = '';
if (isset($_REQUEST['criteriaSort'][$colInd])) {
if (isset($_POST['criteriaSort'][$colInd])) {
$this->_formSorts[$new_column_count]
= $_REQUEST['criteriaSort'][$colInd];
= $_POST['criteriaSort'][$colInd];
if ($_REQUEST['criteriaSort'][$colInd] == 'ASC') {
if ($_POST['criteriaSort'][$colInd] == 'ASC') {
$selected = 'ASC';
} elseif ($_REQUEST['criteriaSort'][$colInd] == 'DESC') {
} elseif ($_POST['criteriaSort'][$colInd] == 'DESC') {
$selected = 'DESC';
}
} else {
@@ -639,10 +639,10 @@ private function _getSortOrder()
}
$sortOrder = null;
if (! empty($_REQUEST['criteriaSortOrder'][$colInd])) {
if (! empty($_POST['criteriaSortOrder'][$colInd])) {
$sortOrder
= $this->_formSortOrders[$new_column_count]
= $_REQUEST['criteriaSortOrder'][$colInd];
= $_POST['criteriaSortOrder'][$colInd];
}
$html_output .= $this->_getSortOrderSelectCell(
@@ -685,10 +685,10 @@ private function _getShowRow()
) {
continue;
}
if (isset($_REQUEST['criteriaShow'][$column_index])) {
if (isset($_POST['criteriaShow'][$column_index])) {
$checked_options = ' checked="checked"';
$this->_formShows[$new_column_count]
= $_REQUEST['criteriaShow'][$column_index];
= $_POST['criteriaShow'][$column_index];
} else {
$checked_options = '';
}
@@ -1007,8 +1007,8 @@ private function _getInputboxRow($new_row_index)
continue;
}
$or = 'Or' . $new_row_index;
if (! empty($_REQUEST[$or]) && isset($_REQUEST[$or][$column_index])) {
$tmp_or = $_REQUEST[$or][$column_index];
if (! empty($_POST[$or]) && isset($_POST[$or][$column_index])) {
$tmp_or = $_POST[$or][$column_index];
} else {
$tmp_or = '';
}
@@ -1177,7 +1177,7 @@ private function _getWhereClause()
$column_index++
) {
if (! empty($this->_formColumns[$column_index])
&& ! empty($_REQUEST['Or' . $row_index][$column_index])
&& ! empty($_POST['Or' . $row_index][$column_index])
&& $column_index
) {
$qry_orwhere .= ' '
@@ -1187,11 +1187,11 @@ private function _getWhereClause()
. ' ';
}
if (! empty($this->_formColumns[$column_index])
&& ! empty($_REQUEST['Or' . $row_index][$column_index])
&& ! empty($_POST['Or' . $row_index][$column_index])
) {
$qry_orwhere .= '(' . $this->_formColumns[$column_index]
. ' '
. $_REQUEST['Or' . $row_index][$column_index]
. $_POST['Or' . $row_index][$column_index]
. ')';
$last_orwhere = $column_index;
$criteria_cnt++;
@@ -1901,12 +1901,12 @@ private function _initializeCriteriasCount()
{
// sets column count
$criteriaColumnCount = Core::ifSetOr(
$_REQUEST['criteriaColumnCount'],
$_POST['criteriaColumnCount'],
3,
'numeric'
);
$criteriaColumnAdd = Core::ifSetOr(
$_REQUEST['criteriaColumnAdd'],
$_POST['criteriaColumnAdd'],
0,
'numeric'
);
@@ -1916,8 +1916,8 @@ private function _initializeCriteriasCount()
);
// sets row count
$rows = Core::ifSetOr($_REQUEST['rows'], 0, 'numeric');
$criteriaRowAdd = Core::ifSetOr($_REQUEST['criteriaRowAdd'], 0, 'numeric');
$rows = Core::ifSetOr($_POST['rows'], 0, 'numeric');
$criteriaRowAdd = Core::ifSetOr($_POST['criteriaRowAdd'], 0, 'numeric');
$this->_criteria_row_count = min(
100,
max($rows + $criteriaRowAdd, 0)

0 comments on commit 6c03eba

Please sign in to comment.
You can’t perform that action at this time.