Skip to content
Permalink
Browse files

Retrieve parameters from $_POST in triggers

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
  • Loading branch information...
madhuracj authored and mauriciofauth committed Jul 16, 2018
1 parent faced0a commit d0eede7c566d97f92b5fda1560fa07b583ffc0a4
Showing with 38 additions and 38 deletions.
  1. +28 −28 libraries/classes/Rte/Triggers.php
  2. +10 −10 test/classes/Rte/TriggersTest.php
@@ -77,18 +77,18 @@ public static function handleEditor()
{
global $_REQUEST, $_POST, $errors, $db, $table;
if (! empty($_REQUEST['editor_process_add'])
|| ! empty($_REQUEST['editor_process_edit'])
if (! empty($_POST['editor_process_add'])
|| ! empty($_POST['editor_process_edit'])
) {
$sql_query = '';
$item_query = self::getQueryFromRequest();
if (! count($errors)) { // set by PhpMyAdmin\Rte\Routines::getQueryFromRequest()
// Execute the created query
if (! empty($_REQUEST['editor_process_edit'])) {
if (! empty($_POST['editor_process_edit'])) {
// Backup the old trigger, in case something goes wrong
$trigger = self::getDataFromName($_REQUEST['item_original_name']);
$trigger = self::getDataFromName($_POST['item_original_name']);
$create_item = $trigger['create'];
$drop_item = $trigger['drop'] . ';';
$result = $GLOBALS['dbi']->tryQuery($drop_item);
@@ -125,7 +125,7 @@ public static function handleEditor()
__('Trigger %1$s has been modified.')
);
$message->addParam(
Util::backquote($_REQUEST['item_name'])
Util::backquote($_POST['item_name'])
);
$sql_query = $drop_item . $item_query;
}
@@ -145,7 +145,7 @@ public static function handleEditor()
__('Trigger %1$s has been created.')
);
$message->addParam(
Util::backquote($_REQUEST['item_name'])
Util::backquote($_POST['item_name'])
);
$sql_query = $item_query;
}
@@ -174,7 +174,7 @@ public static function handleEditor()
$items = $GLOBALS['dbi']->getTriggers($db, $table, '');
$trigger = false;
foreach ($items as $value) {
if ($value['name'] == $_REQUEST['item_name']) {
if ($value['name'] == $_POST['item_name']) {
$trigger = $value;
}
}
@@ -188,7 +188,7 @@ public static function handleEditor()
'name',
htmlspecialchars(
mb_strtoupper(
$_REQUEST['item_name']
$_POST['item_name']
)
)
);
@@ -207,8 +207,8 @@ public static function handleEditor()
* Display a form used to add/edit a trigger, if necessary
*/
if (count($errors)
|| (empty($_REQUEST['editor_process_add'])
&& empty($_REQUEST['editor_process_edit'])
|| (empty($_POST['editor_process_add'])
&& empty($_POST['editor_process_edit'])
&& (! empty($_REQUEST['add_item'])
|| ! empty($_REQUEST['edit_item']))) // FIXME: this must be simpler than that
) {
@@ -220,7 +220,7 @@ public static function handleEditor()
} elseif (! empty($_REQUEST['edit_item'])) {
$title = __("Edit trigger");
if (! empty($_REQUEST['item_name'])
&& empty($_REQUEST['editor_process_edit'])
&& empty($_POST['editor_process_edit'])
) {
$item = self::getDataFromName($_REQUEST['item_name']);
if ($item !== false) {
@@ -251,7 +251,7 @@ public static function getDataFromRequest()
'item_definition',
'item_definer');
foreach ($indices as $index) {
$retval[$index] = isset($_REQUEST[$index]) ? $_REQUEST[$index] : '';
$retval[$index] = isset($_POST[$index]) ? $_POST[$index] : '';
}
return $retval;
} // end self::getDataFromRequest()
@@ -428,47 +428,47 @@ public static function getQueryFromRequest()
global $_REQUEST, $db, $errors, $action_timings, $event_manipulations;
$query = 'CREATE ';
if (! empty($_REQUEST['item_definer'])) {
if (mb_strpos($_REQUEST['item_definer'], '@') !== false
if (! empty($_POST['item_definer'])) {
if (mb_strpos($_POST['item_definer'], '@') !== false
) {
$arr = explode('@', $_REQUEST['item_definer']);
$arr = explode('@', $_POST['item_definer']);
$query .= 'DEFINER=' . Util::backquote($arr[0]);
$query .= '@' . Util::backquote($arr[1]) . ' ';
} else {
$errors[] = __('The definer must be in the "username@hostname" format!');
}
}
$query .= 'TRIGGER ';
if (! empty($_REQUEST['item_name'])) {
$query .= Util::backquote($_REQUEST['item_name']) . ' ';
if (! empty($_POST['item_name'])) {
$query .= Util::backquote($_POST['item_name']) . ' ';
} else {
$errors[] = __('You must provide a trigger name!');
}
if (! empty($_REQUEST['item_timing'])
&& in_array($_REQUEST['item_timing'], $action_timings)
if (! empty($_POST['item_timing'])
&& in_array($_POST['item_timing'], $action_timings)
) {
$query .= $_REQUEST['item_timing'] . ' ';
$query .= $_POST['item_timing'] . ' ';
} else {
$errors[] = __('You must provide a valid timing for the trigger!');
}
if (! empty($_REQUEST['item_event'])
&& in_array($_REQUEST['item_event'], $event_manipulations)
if (! empty($_POST['item_event'])
&& in_array($_POST['item_event'], $event_manipulations)
) {
$query .= $_REQUEST['item_event'] . ' ';
$query .= $_POST['item_event'] . ' ';
} else {
$errors[] = __('You must provide a valid event for the trigger!');
}
$query .= 'ON ';
if (! empty($_REQUEST['item_table'])
&& in_array($_REQUEST['item_table'], $GLOBALS['dbi']->getTables($db))
if (! empty($_POST['item_table'])
&& in_array($_POST['item_table'], $GLOBALS['dbi']->getTables($db))
) {
$query .= Util::backquote($_REQUEST['item_table']);
$query .= Util::backquote($_POST['item_table']);
} else {
$errors[] = __('You must provide a valid table name!');
}
$query .= ' FOR EACH ROW ';
if (! empty($_REQUEST['item_definition'])) {
$query .= $_REQUEST['item_definition'];
if (! empty($_POST['item_definition'])) {
$query .= $_POST['item_definition'];
} else {
$errors[] = __('You must provide a trigger definition.');
}
@@ -54,12 +54,12 @@ protected function setUp()
*/
public function testGetDataFromRequestEmpty($in, $out)
{
global $_REQUEST;
global $_POST;
unset($_REQUEST);
unset($_POST);
foreach ($in as $key => $value) {
if ($value !== '') {
$_REQUEST[$key] = $value;
$_POST[$key] = $value;
}
}
$this->assertEquals($out, Triggers::getDataFromRequest());
@@ -334,17 +334,17 @@ public function providerGetEditorFormAjax()
public function testGetQueryFromRequest(
$definer, $name, $timing, $event, $table, $definition, $query, $num_err
) {
global $_REQUEST, $errors;
global $_POST, $errors;
$errors = array();
Triggers::setGlobals();
$_REQUEST['item_definer'] = $definer;
$_REQUEST['item_name'] = $name;
$_REQUEST['item_timing'] = $timing;
$_REQUEST['item_event'] = $event;
$_REQUEST['item_table'] = $table;
$_REQUEST['item_definition'] = $definition;
$_POST['item_definer'] = $definer;
$_POST['item_name'] = $name;
$_POST['item_timing'] = $timing;
$_POST['item_event'] = $event;
$_POST['item_table'] = $table;
$_POST['item_definition'] = $definition;
$GLOBALS['server'] = 1;
$this->assertEquals($query, Triggers::getQueryFromRequest());

0 comments on commit d0eede7

Please sign in to comment.
You can’t perform that action at this time.