Skip to content
Permalink
Browse files

Retrieve parameters from $_POST in tracking pages

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>
  • Loading branch information...
mauriciofauth committed Jul 14, 2018
1 parent 77ea702 commit ad7f7fd80192bd9f7f22f4d8d9a8818dd69f3e0c
@@ -30,6 +30,8 @@
*/
require 'libraries/db_common.inc.php';
$url_query .= '&amp;goto=tbl_tracking.php&amp;back=db_tracking.php';
$url_params['goto'] = 'tbl_tracking.php';
$url_params['back'] = 'db_tracking.php';
// Get the database structure
$sub_part = '_structure';
@@ -46,47 +48,45 @@
$pos
) = Util::getDbInfo($db, isset($sub_part) ? $sub_part : '');
// Work to do?
// (here, do not use $_REQUEST['db] as it can be crafted)
if (isset($_REQUEST['delete_tracking']) && isset($_REQUEST['table'])) {
if (isset($_POST['delete_tracking']) && isset($_POST['table'])) {
Tracker::deleteTracking($GLOBALS['db'], $_REQUEST['table']);
Tracker::deleteTracking($GLOBALS['db'], $_POST['table']);
Message::success(
__('Tracking data deleted successfully.')
)->display();
} elseif (isset($_REQUEST['submit_create_version'])) {
} elseif (isset($_POST['submit_create_version'])) {
Tracking::createTrackingForMultipleTables($_REQUEST['selected']);
Tracking::createTrackingForMultipleTables($_POST['selected']);
Message::success(
sprintf(
__(
'Version %1$s was created for selected tables,'
. ' tracking is active for them.'
),
htmlspecialchars($_REQUEST['version'])
htmlspecialchars($_POST['version'])
)
)->display();
} elseif (isset($_REQUEST['submit_mult'])) {
} elseif (isset($_POST['submit_mult'])) {
if (! empty($_REQUEST['selected_tbl'])) {
if ($_REQUEST['submit_mult'] == 'delete_tracking') {
if (! empty($_POST['selected_tbl'])) {
if ($_POST['submit_mult'] == 'delete_tracking') {
foreach ($_REQUEST['selected_tbl'] as $table) {
foreach ($_POST['selected_tbl'] as $table) {
Tracker::deleteTracking($GLOBALS['db'], $table);
}
Message::success(
__('Tracking data deleted successfully.')
)->display();
} elseif ($_REQUEST['submit_mult'] == 'track') {
} elseif ($_POST['submit_mult'] == 'track') {
echo Tracking::getHtmlForDataDefinitionAndManipulationStatements(
'db_tracking.php' . $url_query,
0,
$GLOBALS['db'],
$_REQUEST['selected_tbl']
$_POST['selected_tbl']
);
exit;
}
@@ -98,7 +98,7 @@
}
// Get tracked data about the database
$data = Tracker::getTrackedData($_REQUEST['db'], '', '1');
$data = Tracker::getTrackedData($GLOBALS['db'], '', '1');
// No tables present and no log exist
if ($num_tables == 0 && count($data['ddlog']) == 0) {
@@ -118,7 +118,7 @@
$all_tables_query = ' SELECT table_name, MAX(version) as version FROM ' .
Util::backquote($cfgRelation['db']) . '.' .
Util::backquote($cfgRelation['tracking']) .
' WHERE db_name = \'' . $GLOBALS['dbi']->escapeString($_REQUEST['db']) .
' WHERE db_name = \'' . $GLOBALS['dbi']->escapeString($GLOBALS['db']) .
'\' ' .
' GROUP BY table_name' .
' ORDER BY table_name ASC';
@@ -84,10 +84,9 @@ AJAX.registerOnload('db_tracking.js', function () {
$anchor.PMA_confirm(question, $anchor.attr('href'), function (url) {
PMA_ajaxShowMessage(PMA_messages.strDeletingTrackingData);
AJAX.source = $anchor;
var params = {
'ajax_page_request': true,
'ajax_request': true
};
var argSep = PMA_commonParams.get('arg_separator');
var params = getJSConfirmCommonParam(this, $anchor.getPostData());
params += argSep + 'ajax_page_request=1';
$.post(url, params, AJAX.responseHandler);
});
});
@@ -80,10 +80,9 @@ AJAX.registerOnload('tbl_tracking.js', function () {
$anchor.PMA_confirm(question, $anchor.attr('href'), function (url) {
PMA_ajaxShowMessage();
AJAX.source = $anchor;
var params = {
'ajax_page_request': true,
'ajax_request': true
};
var argSep = PMA_commonParams.get('arg_separator');
var params = getJSConfirmCommonParam(this, $anchor.getPostData());
params += argSep + 'ajax_page_request=1';
$.post(url, params, AJAX.responseHandler);
});
});
@@ -98,10 +97,9 @@ AJAX.registerOnload('tbl_tracking.js', function () {
$anchor.PMA_confirm(question, $anchor.attr('href'), function (url) {
PMA_ajaxShowMessage();
AJAX.source = $anchor;
var params = {
'ajax_page_request': true,
'ajax_request': true
};
var argSep = PMA_commonParams.get('arg_separator');
var params = getJSConfirmCommonParam(this, $anchor.getPostData());
params += argSep + 'ajax_page_request=1';
$.post(url, params, AJAX.responseHandler);
});
});

0 comments on commit ad7f7fd

Please sign in to comment.
You can’t perform that action at this time.