Skip to content
Permalink
Browse files

Retrieve parameters from $_POST in export

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>
  • Loading branch information...
mauriciofauth committed Aug 11, 2018
1 parent 259cbc6 commit c1cdaac2f465dd6b9e17f9f35fd46861ad703a6d
Showing with 88 additions and 88 deletions.
  1. +12 −12 db_export.php
  2. +19 −19 export.php
  3. +36 −36 libraries/classes/Display/Export.php
  4. +21 −21 libraries/classes/Export.php
@@ -56,8 +56,8 @@
} // end if
$multi_values = '<div class="export_table_list_container">';
if (isset($_GET['structure_or_data_forced'])) {
$force_val = htmlspecialchars($_GET['structure_or_data_forced']);
if (isset($_POST['structure_or_data_forced'])) {
$force_val = htmlspecialchars($_POST['structure_or_data_forced']);
} else {
$force_val = 0;
}
@@ -84,19 +84,19 @@
$table_select = $_POST['selected_tbl'];
}
// Check if the selected tables are defined in $_GET
// Check if the selected tables are defined in $_POST
// (from clicking Back button on export.php)
foreach (array('table_select', 'table_structure', 'table_data') as $one_key) {
if (isset($_GET[$one_key])) {
$_GET[$one_key] = urldecode($_GET[$one_key]);
$_GET[$one_key] = explode(",", $_GET[$one_key]);
if (isset($_POST[$one_key])) {
$_POST[$one_key] = urldecode($_POST[$one_key]);
$_POST[$one_key] = explode(",", $_POST[$one_key]);
}
}
foreach ($tables as $each_table) {
if (isset($_GET['table_select']) && is_array($_GET['table_select'])) {
if (isset($_POST['table_select']) && is_array($_POST['table_select'])) {
$is_checked = Export::getCheckedClause(
$each_table['Name'], $_GET['table_select']
$each_table['Name'], $_POST['table_select']
);
} elseif (isset($table_select)) {
$is_checked = Export::getCheckedClause(
@@ -105,16 +105,16 @@
} else {
$is_checked = ' checked="checked"';
}
if (isset($_GET['table_structure']) && is_array($_GET['table_structure'])) {
if (isset($_POST['table_structure']) && is_array($_POST['table_structure'])) {
$structure_checked = Export::getCheckedClause(
$each_table['Name'], $_GET['table_structure']
$each_table['Name'], $_POST['table_structure']
);
} else {
$structure_checked = $is_checked;
}
if (isset($_GET['table_data']) && is_array($_GET['table_data'])) {
if (isset($_POST['table_data']) && is_array($_POST['table_data'])) {
$data_checked = Export::getCheckedClause(
$each_table['Name'], $_GET['table_data']
$each_table['Name'], $_POST['table_data']
);
} else {
$data_checked = $is_checked;
@@ -227,39 +227,39 @@
$separate_files = '';
// Is it a quick or custom export?
if (isset($_REQUEST['quick_or_custom'])
&& $_REQUEST['quick_or_custom'] == 'quick'
if (isset($_POST['quick_or_custom'])
&& $_POST['quick_or_custom'] == 'quick'
) {
$quick_export = true;
} else {
$quick_export = false;
}
if ($_REQUEST['output_format'] == 'astext') {
if ($_POST['output_format'] == 'astext') {
$asfile = false;
} else {
$asfile = true;
if (isset($_REQUEST['as_separate_files'])
&& ! empty($_REQUEST['as_separate_files'])
if (isset($_POST['as_separate_files'])
&& ! empty($_POST['as_separate_files'])
) {
if (isset($_REQUEST['compression'])
&& ! empty($_REQUEST['compression'])
&& $_REQUEST['compression'] == 'zip'
if (isset($_POST['compression'])
&& ! empty($_POST['compression'])
&& $_POST['compression'] == 'zip'
) {
$separate_files = $_REQUEST['as_separate_files'];
$separate_files = $_POST['as_separate_files'];
}
}
if (in_array($_REQUEST['compression'], $compression_methods)) {
$compression = $_REQUEST['compression'];
if (in_array($_POST['compression'], $compression_methods)) {
$compression = $_POST['compression'];
$buffer_needed = true;
}
if (($quick_export && ! empty($_REQUEST['quick_export_onserver']))
|| (! $quick_export && ! empty($_REQUEST['onserver']))
if (($quick_export && ! empty($_POST['quick_export_onserver']))
|| (! $quick_export && ! empty($_POST['onserver']))
) {
if ($quick_export) {
$onserver = $_REQUEST['quick_export_onserver'];
$onserver = $_POST['quick_export_onserver'];
} else {
$onserver = $_REQUEST['onserver'];
$onserver = $_POST['onserver'];
}
// Will we save dump on server?
$save_on_server = ! empty($cfg['SaveDir']) && $onserver;
@@ -297,9 +297,9 @@
) {
$aliases = \PhpMyAdmin\SqlParser\Utils\Misc::getAliases($parser->statements[0], $db);
}
if (!empty($_REQUEST['aliases'])) {
$aliases = Export::mergeAliases($aliases, $_REQUEST['aliases']);
$_SESSION['tmpval']['aliases'] = $_REQUEST['aliases'];
if (!empty($_POST['aliases'])) {
$aliases = Export::mergeAliases($aliases, $_POST['aliases']);
$_SESSION['tmpval']['aliases'] = $_POST['aliases'];
}
/**
@@ -446,7 +446,7 @@
if (!isset($table_data) || !is_array($table_data)) {
$table_data = array();
}
if (!empty($_REQUEST['structure_or_data_forced'])) {
if (!empty($_POST['structure_or_data_forced'])) {
$table_structure = $tables;
$table_data = $tables;
}
@@ -62,11 +62,11 @@ private function checkboxCheck($str)
*/
public function getHtmlForSelectOptions($tmpSelect = '')
{
// Check if the selected databases are defined in $_GET
// Check if the selected databases are defined in $_POST
// (from clicking Back button on export.php)
if (isset($_GET['db_select'])) {
$_GET['db_select'] = urldecode($_GET['db_select']);
$_GET['db_select'] = explode(",", $_GET['db_select']);
if (isset($_POST['db_select'])) {
$_POST['db_select'] = urldecode($_POST['db_select']);
$_POST['db_select'] = explode(",", $_POST['db_select']);
}
$databases = [];
@@ -75,8 +75,8 @@ public function getHtmlForSelectOptions($tmpSelect = '')
continue;
}
$isSelected = false;
if (isset($_GET['db_select'])) {
if (in_array($currentDb, $_GET['db_select'])) {
if (isset($_POST['db_select'])) {
if (in_array($currentDb, $_POST['db_select'])) {
$isSelected = true;
}
} elseif (!empty($tmpSelect)) {
@@ -121,14 +121,14 @@ public function getHtmlForHiddenInputs(
global $cfg;
// If the export method was not set, the default is quick
if (isset($_GET['export_method'])) {
$cfg['Export']['method'] = $_GET['export_method'];
if (isset($_POST['export_method'])) {
$cfg['Export']['method'] = $_POST['export_method'];
} elseif (! isset($cfg['Export']['method'])) {
$cfg['Export']['method'] = 'quick';
}
if (empty($sqlQuery) && isset($_GET['sql_query'])) {
$sqlQuery = $_GET['sql_query'];
if (empty($sqlQuery) && isset($_POST['sql_query'])) {
$sqlQuery = $_POST['sql_query'];
}
return Template::get('display/export/hidden_inputs')->render([
@@ -138,7 +138,7 @@ public function getHtmlForHiddenInputs(
'export_method' => $cfg['Export']['method'],
'single_table' => $singleTable,
'sql_query' => $sqlQuery,
'template_id' => isset($_GET['template_id']) ? $_GET['template_id'] : '',
'template_id' => isset($_POST['template_id']) ? $_POST['template_id'] : '',
]);
}
@@ -176,7 +176,7 @@ private function getOptionsForTemplates($exportType)
return Template::get('display/export/template_options')->render([
'templates' => $templates,
'selected_template' => !empty($_GET['template_id']) ? $_GET['template_id'] : null,
'selected_template' => !empty($_POST['template_id']) ? $_POST['template_id'] : null,
]);
}
@@ -188,8 +188,8 @@ private function getOptionsForTemplates($exportType)
private function getHtmlForOptionsMethod()
{
global $cfg;
if (isset($_GET['quick_or_custom'])) {
$exportMethod = $_GET['quick_or_custom'];
if (isset($_POST['quick_or_custom'])) {
$exportMethod = $_POST['quick_or_custom'];
} else {
$exportMethod = $cfg['Export']['method'];
}
@@ -264,9 +264,9 @@ private function getHtmlForOptionsRows($db, $table, $unlimNumRows)
$numberOfRows = $tableObject->countRecords();
return Template::get('display/export/options_rows')->render([
'allrows' => isset($_GET['allrows']) ? $_GET['allrows'] : null,
'limit_to' => isset($_GET['limit_to']) ? $_GET['limit_to'] : null,
'limit_from' => isset($_GET['limit_from']) ? $_GET['limit_from'] : null,
'allrows' => isset($_POST['allrows']) ? $_POST['allrows'] : null,
'limit_to' => isset($_POST['limit_to']) ? $_POST['limit_to'] : null,
'limit_from' => isset($_POST['limit_from']) ? $_POST['limit_from'] : null,
'unlim_num_rows' => $unlimNumRows,
'number_of_rows' => $numberOfRows,
]);
@@ -357,8 +357,8 @@ private function getHtmlForOptionsOutputFormat($exportType)
);
$msg->addParamHtml('</a>');
if (isset($_GET['filename_template'])) {
$filenameTemplate = $_GET['filename_template'];
if (isset($_POST['filename_template'])) {
$filenameTemplate = $_POST['filename_template'];
} else {
if ($exportType == 'database') {
$filenameTemplate = $GLOBALS['PMA_Config']->getUserValue(
@@ -408,8 +408,8 @@ private function getHtmlForOptionsOutputCharset()
private function getHtmlForOptionsOutputCompression()
{
global $cfg;
if (isset($_GET['compression'])) {
$selectedCompression = $_GET['compression'];
if (isset($_POST['compression'])) {
$selectedCompression = $_POST['compression'];
} elseif (isset($cfg['Export']['compression'])) {
$selectedCompression = $cfg['Export']['compression'];
} else {
@@ -442,7 +442,7 @@ private function getHtmlForOptionsOutputCompression()
private function getHtmlForOptionsOutputRadio()
{
return Template::get('display/export/options_output_radio')->render([
'has_repopulate' => isset($_GET['repopulate']),
'has_repopulate' => isset($_POST['repopulate']),
'export_asfile' => $GLOBALS['cfg']['Export']['asfile'],
]);
}
@@ -505,8 +505,8 @@ private function getHtmlForOptionsOutput($exportType)
'export_type' => $exportType,
'is_checked_lock_tables' => $isCheckedLockTables,
'is_checked_asfile' => $isCheckedAsfile,
'repopulate' => isset($_GET['repopulate']),
'lock_tables' => isset($_GET['lock_tables']),
'repopulate' => isset($_POST['repopulate']),
'lock_tables' => isset($_POST['lock_tables']),
'save_dir' => isset($cfg['SaveDir']) ? $cfg['SaveDir'] : null,
'is_encoding_supported' => Encoding::isSupported(),
'options_output_save_dir' => $optionsOutputSaveDir,
@@ -658,8 +658,8 @@ public function getDisplay(
) {
$cfgRelation = $this->relation->getRelationsParam();
if (isset($_REQUEST['single_table'])) {
$GLOBALS['single_table'] = $_REQUEST['single_table'];
if (isset($_POST['single_table'])) {
$GLOBALS['single_table'] = $_POST['single_table'];
}
/* Scan for plugins */
@@ -731,8 +731,8 @@ public function getDisplay(
*/
public function handleTemplateActions(array $cfgRelation)
{
if (isset($_REQUEST['templateId'])) {
$id = $GLOBALS['dbi']->escapeString($_REQUEST['templateId']);
if (isset($_POST['templateId'])) {
$id = $GLOBALS['dbi']->escapeString($_POST['templateId']);
} else {
$id = '';
}
@@ -741,16 +741,16 @@ public function handleTemplateActions(array $cfgRelation)
. Util::backquote($cfgRelation['export_templates']);
$user = $GLOBALS['dbi']->escapeString($GLOBALS['cfg']['Server']['user']);
switch ($_REQUEST['templateAction']) {
switch ($_POST['templateAction']) {
case 'create':
$query = "INSERT INTO " . $templateTable . "("
. " `username`, `export_type`,"
. " `template_name`, `template_data`"
. ") VALUES ("
. "'" . $user . "', "
. "'" . $GLOBALS['dbi']->escapeString($_REQUEST['exportType'])
. "', '" . $GLOBALS['dbi']->escapeString($_REQUEST['templateName'])
. "', '" . $GLOBALS['dbi']->escapeString($_REQUEST['templateData'])
. "'" . $GLOBALS['dbi']->escapeString($_POST['exportType'])
. "', '" . $GLOBALS['dbi']->escapeString($_POST['templateName'])
. "', '" . $GLOBALS['dbi']->escapeString($_POST['templateData'])
. "');";
break;
case 'load':
@@ -759,7 +759,7 @@ public function handleTemplateActions(array $cfgRelation)
break;
case 'update':
$query = "UPDATE " . $templateTable . " SET `template_data` = "
. "'" . $GLOBALS['dbi']->escapeString($_REQUEST['templateData']) . "'"
. "'" . $GLOBALS['dbi']->escapeString($_POST['templateData']) . "'"
. " WHERE `id` = " . $id . " AND `username` = '" . $user . "'";
break;
case 'delete':
@@ -782,12 +782,12 @@ public function handleTemplateActions(array $cfgRelation)
}
$response->setRequestStatus(true);
if ('create' == $_REQUEST['templateAction']) {
if ('create' == $_POST['templateAction']) {
$response->addJSON(
'data',
$this->getOptionsForTemplates($_REQUEST['exportType'])
$this->getOptionsForTemplates($_POST['exportType'])
);
} elseif ('load' == $_REQUEST['templateAction']) {
} elseif ('load' == $_POST['templateAction']) {
$data = null;
while ($row = $GLOBALS['dbi']->fetchAssoc(
$result, DatabaseInterface::CONNECT_CONTROL

0 comments on commit c1cdaac

Please sign in to comment.
You can’t perform that action at this time.