Skip to content
Permalink
Browse files

Retrieve parameters from $_POST in server variables

  • Loading branch information...
madhuracj committed Dec 4, 2018
1 parent d98b402 commit e7f1e2697acace0d05356a943174cefeae1cf11e
Showing with 14 additions and 14 deletions.
  1. +14 −14 libraries/classes/Controllers/Server/ServerVariablesController.php
@@ -48,16 +48,16 @@ public function indexAction()
{
$response = Response::getInstance();
if ($response->isAjax()
&& isset($_REQUEST['type'])
&& $_REQUEST['type'] === 'getval'
&& isset($_GET['type'])
&& $_GET['type'] === 'getval'
) {
$this->getValueAction();
return;
}
if ($response->isAjax()
&& isset($_REQUEST['type'])
&& $_REQUEST['type'] === 'setval'
&& isset($_POST['type'])
&& $_POST['type'] === 'setval'
) {
$this->setValueAction();
return;
@@ -140,12 +140,12 @@ public function getValueAction()
// when server is running in ANSI_QUOTES sql_mode
$varValue = $this->dbi->fetchSingleRow(
'SHOW GLOBAL VARIABLES WHERE Variable_name=\''
. $GLOBALS['dbi']->escapeString($_REQUEST['varName']) . '\';',
. $GLOBALS['dbi']->escapeString($_GET['varName']) . '\';',
'NUM'
);
if (isset($this->variable_doc_links[$_REQUEST['varName']][3])
&& $this->variable_doc_links[$_REQUEST['varName']][3] == 'byte'
if (isset($this->variable_doc_links[$_GET['varName']][3])
&& $this->variable_doc_links[$_GET['varName']][3] == 'byte'
) {
$this->response->addJSON(
'message',
@@ -168,11 +168,11 @@ public function getValueAction()
*/
public function setValueAction()
{
$value = $_REQUEST['varValue'];
$value = $_POST['varValue'];
$matches = array();
if (isset($this->variable_doc_links[$_REQUEST['varName']][3])
&& $this->variable_doc_links[$_REQUEST['varName']][3] == 'byte'
if (isset($this->variable_doc_links[$_POST['varName']][3])
&& $this->variable_doc_links[$_POST['varName']][3] == 'byte'
&& preg_match(
'/^\s*(\d+(\.\d+)?)\s*(mb|kb|mib|kib|gb|gib)\s*$/i',
$value,
@@ -199,19 +199,19 @@ public function setValueAction()
$value="'" . $value . "'";
}
if (! preg_match("/[^a-zA-Z0-9_]+/", $_REQUEST['varName'])
if (! preg_match("/[^a-zA-Z0-9_]+/", $_POST['varName'])
&& $this->dbi->query(
'SET GLOBAL ' . $_REQUEST['varName'] . ' = ' . $value
'SET GLOBAL ' . $_POST['varName'] . ' = ' . $value
)
) {
// Some values are rounded down etc.
$varValue = $this->dbi->fetchSingleRow(
'SHOW GLOBAL VARIABLES WHERE Variable_name="'
. $GLOBALS['dbi']->escapeString($_REQUEST['varName'])
. $GLOBALS['dbi']->escapeString($_POST['varName'])
. '";', 'NUM'
);
list($formattedValue, $isHtmlFormatted) = $this->_formatVariable(
$_REQUEST['varName'], $varValue[1]
$_POST['varName'], $varValue[1]
);
if ($isHtmlFormatted == false) {

0 comments on commit e7f1e26

Please sign in to comment.
You can’t perform that action at this time.