diff --git a/db_tracking.php b/db_tracking.php index 0c8724d60a77..49e4048025c2 100644 --- a/db_tracking.php +++ b/db_tracking.php @@ -30,6 +30,8 @@ */ require 'libraries/db_common.inc.php'; $url_query .= '&goto=tbl_tracking.php&back=db_tracking.php'; +$url_params['goto'] = 'tbl_tracking.php'; +$url_params['back'] = 'db_tracking.php'; // Get the database structure $sub_part = '_structure'; @@ -46,47 +48,45 @@ $pos ) = Util::getDbInfo($db, isset($sub_part) ? $sub_part : ''); -// Work to do? -// (here, do not use $_REQUEST['db] as it can be crafted) -if (isset($_REQUEST['delete_tracking']) && isset($_REQUEST['table'])) { +if (isset($_POST['delete_tracking']) && isset($_POST['table'])) { - Tracker::deleteTracking($GLOBALS['db'], $_REQUEST['table']); + Tracker::deleteTracking($GLOBALS['db'], $_POST['table']); Message::success( __('Tracking data deleted successfully.') )->display(); -} elseif (isset($_REQUEST['submit_create_version'])) { +} elseif (isset($_POST['submit_create_version'])) { - Tracking::createTrackingForMultipleTables($_REQUEST['selected']); + Tracking::createTrackingForMultipleTables($_POST['selected']); Message::success( sprintf( __( 'Version %1$s was created for selected tables,' . ' tracking is active for them.' ), - htmlspecialchars($_REQUEST['version']) + htmlspecialchars($_POST['version']) ) )->display(); -} elseif (isset($_REQUEST['submit_mult'])) { +} elseif (isset($_POST['submit_mult'])) { - if (! empty($_REQUEST['selected_tbl'])) { - if ($_REQUEST['submit_mult'] == 'delete_tracking') { + if (! empty($_POST['selected_tbl'])) { + if ($_POST['submit_mult'] == 'delete_tracking') { - foreach ($_REQUEST['selected_tbl'] as $table) { + foreach ($_POST['selected_tbl'] as $table) { Tracker::deleteTracking($GLOBALS['db'], $table); } Message::success( __('Tracking data deleted successfully.') )->display(); - } elseif ($_REQUEST['submit_mult'] == 'track') { + } elseif ($_POST['submit_mult'] == 'track') { echo Tracking::getHtmlForDataDefinitionAndManipulationStatements( 'db_tracking.php' . $url_query, 0, $GLOBALS['db'], - $_REQUEST['selected_tbl'] + $_POST['selected_tbl'] ); exit; } @@ -98,7 +98,7 @@ } // Get tracked data about the database -$data = Tracker::getTrackedData($_REQUEST['db'], '', '1'); +$data = Tracker::getTrackedData($GLOBALS['db'], '', '1'); // No tables present and no log exist if ($num_tables == 0 && count($data['ddlog']) == 0) { @@ -118,7 +118,7 @@ $all_tables_query = ' SELECT table_name, MAX(version) as version FROM ' . Util::backquote($cfgRelation['db']) . '.' . Util::backquote($cfgRelation['tracking']) . - ' WHERE db_name = \'' . $GLOBALS['dbi']->escapeString($_REQUEST['db']) . + ' WHERE db_name = \'' . $GLOBALS['dbi']->escapeString($GLOBALS['db']) . '\' ' . ' GROUP BY table_name' . ' ORDER BY table_name ASC'; diff --git a/js/db_tracking.js b/js/db_tracking.js index 36b8ae3e2ed0..ce2febab9c35 100644 --- a/js/db_tracking.js +++ b/js/db_tracking.js @@ -84,10 +84,9 @@ AJAX.registerOnload('db_tracking.js', function () { $anchor.PMA_confirm(question, $anchor.attr('href'), function (url) { PMA_ajaxShowMessage(PMA_messages.strDeletingTrackingData); AJAX.source = $anchor; - var params = { - 'ajax_page_request': true, - 'ajax_request': true - }; + var argSep = PMA_commonParams.get('arg_separator'); + var params = getJSConfirmCommonParam(this, $anchor.getPostData()); + params += argSep + 'ajax_page_request=1'; $.post(url, params, AJAX.responseHandler); }); }); diff --git a/js/tbl_tracking.js b/js/tbl_tracking.js index 9415f37a668a..cd08957302b6 100644 --- a/js/tbl_tracking.js +++ b/js/tbl_tracking.js @@ -80,10 +80,9 @@ AJAX.registerOnload('tbl_tracking.js', function () { $anchor.PMA_confirm(question, $anchor.attr('href'), function (url) { PMA_ajaxShowMessage(); AJAX.source = $anchor; - var params = { - 'ajax_page_request': true, - 'ajax_request': true - }; + var argSep = PMA_commonParams.get('arg_separator'); + var params = getJSConfirmCommonParam(this, $anchor.getPostData()); + params += argSep + 'ajax_page_request=1'; $.post(url, params, AJAX.responseHandler); }); }); @@ -98,10 +97,9 @@ AJAX.registerOnload('tbl_tracking.js', function () { $anchor.PMA_confirm(question, $anchor.attr('href'), function (url) { PMA_ajaxShowMessage(); AJAX.source = $anchor; - var params = { - 'ajax_page_request': true, - 'ajax_request': true - }; + var argSep = PMA_commonParams.get('arg_separator'); + var params = getJSConfirmCommonParam(this, $anchor.getPostData()); + params += argSep + 'ajax_page_request=1'; $.post(url, params, AJAX.responseHandler); }); }); diff --git a/libraries/classes/Tracking.php b/libraries/classes/Tracking.php index f3cbced58bb7..d4ff875d82a7 100644 --- a/libraries/classes/Tracking.php +++ b/libraries/classes/Tracking.php @@ -122,10 +122,10 @@ public static function getListOfVersionsOfTable() $sql_query = " SELECT * FROM " . Util::backquote($cfgRelation['db']) . "." . Util::backquote($cfgRelation['tracking']) . - " WHERE db_name = '" . $GLOBALS['dbi']->escapeString($_REQUEST['db']) . + " WHERE db_name = '" . $GLOBALS['dbi']->escapeString($GLOBALS['db']) . "' " . " AND table_name = '" . - $GLOBALS['dbi']->escapeString($_REQUEST['table']) . "' " . + $GLOBALS['dbi']->escapeString($GLOBALS['table']) . "' " . " ORDER BY version DESC "; return $relation->queryAsControlUser($sql_query); @@ -179,9 +179,6 @@ public static function getHtmlForTableVersionDetails( $tracking_active = false; } } - $delete_link = 'tbl_tracking.php' . $url_query . '&version=' - . htmlspecialchars($version['version']) - . '&submit_delete_version=true'; $checkbox_id = 'selected_versions_' . htmlspecialchars($version['version']); $html .= '