diff --git a/libraries/classes/Server/Privileges.php b/libraries/classes/Server/Privileges.php
index 0c5aba5bef20..c64f31c757a8 100644
--- a/libraries/classes/Server/Privileges.php
+++ b/libraries/classes/Server/Privileges.php
@@ -21,6 +21,8 @@
use PhpMyAdmin\Util;
use function __;
+use function array_filter;
+use function array_keys;
use function array_map;
use function array_merge;
use function array_unique;
@@ -30,7 +32,6 @@
use function implode;
use function in_array;
use function is_array;
-use function is_scalar;
use function is_string;
use function json_decode;
use function ksort;
@@ -2770,6 +2771,7 @@ public function setProperPasswordHashing($authPlugin): void
* Update DB information: DB, Table, isWildcard
*
* @return array
+ * @psalm-return array{?string, ?string, array|string|null, ?string, ?string, array|string, bool}
*/
public function getDataForDBInfo()
{
@@ -2778,7 +2780,6 @@ public function getDataForDBInfo()
$dbname = null;
$tablename = null;
$routinename = null;
- $returnDb = null;
if (isset($_REQUEST['username'])) {
$username = (string) $_REQUEST['username'];
@@ -2793,115 +2794,87 @@ public function getDataForDBInfo()
*/
if (
isset($_POST['pred_tablename'])
- && is_scalar($_POST['pred_tablename'])
- && strlen((string) $_POST['pred_tablename']) > 0
+ && is_string($_POST['pred_tablename'])
+ && $_POST['pred_tablename'] !== ''
) {
- $tablename = (string) $_POST['pred_tablename'];
+ $tablename = $_POST['pred_tablename'];
} elseif (
isset($_REQUEST['tablename'])
- && is_scalar($_REQUEST['tablename'])
- && strlen((string) $_REQUEST['tablename']) > 0
+ && is_string($_REQUEST['tablename'])
+ && $_REQUEST['tablename'] !== ''
) {
- $tablename = (string) $_REQUEST['tablename'];
- } else {
- unset($tablename);
+ $tablename = $_REQUEST['tablename'];
}
if (
isset($_POST['pred_routinename'])
- && is_scalar($_POST['pred_routinename'])
- && strlen((string) $_POST['pred_routinename']) > 0
+ && is_string($_POST['pred_routinename'])
+ && $_POST['pred_routinename'] !== ''
) {
- $routinename = (string) $_POST['pred_routinename'];
+ $routinename = $_POST['pred_routinename'];
} elseif (
isset($_REQUEST['routinename'])
- && is_scalar($_REQUEST['routinename'])
- && strlen((string) $_REQUEST['routinename']) > 0
+ && is_string($_REQUEST['routinename'])
+ && $_REQUEST['routinename'] !== ''
) {
- $routinename = (string) $_REQUEST['routinename'];
- } else {
- unset($routinename);
+ $routinename = $_REQUEST['routinename'];
}
- if (isset($_POST['pred_dbname'])) {
- $isValidPredDbname = true;
- foreach ($_POST['pred_dbname'] as $key => $dbName) {
- if (! isset($dbName) || ! is_scalar($dbName) || strlen((string) $dbName) === 0) {
- $isValidPredDbname = false;
- break;
+ if (isset($_POST['pred_dbname']) && is_array($_POST['pred_dbname'])) {
+ // Accept only array of non-empty strings
+ if ($_POST['pred_dbname'] === array_filter($_POST['pred_dbname'])) {
+ $dbname = $_POST['pred_dbname'];
+ // If dbname contains only one database.
+ if (count($dbname) === 1) {
+ $dbname = (string) $dbname[0];
}
}
}
- if (isset($_REQUEST['dbname'])) {
- $isValidDbname = true;
+ if ($dbname === null && isset($_REQUEST['dbname'])) {
if (is_array($_REQUEST['dbname'])) {
- foreach ($_REQUEST['dbname'] as $key => $dbName) {
- if (! isset($dbName) || ! is_scalar($dbName) || strlen((string) $dbName) === 0) {
- $isValidDbname = false;
- break;
- }
- }
- } else {
- if (
- ! isset($_REQUEST['dbname'])
- || ! is_scalar($_REQUEST['dbname'])
- || strlen((string) $_REQUEST['dbname']) === 0
- ) {
- $isValidDbname = false;
+ // Accept only array of non-empty strings
+ if ($_REQUEST['dbname'] === array_filter($_REQUEST['dbname'])) {
+ $dbname = $_REQUEST['dbname'];
}
+ } elseif (
+ is_string($_REQUEST['dbname'])
+ && $_REQUEST['dbname'] !== ''
+ ) {
+ $dbname = $_REQUEST['dbname'];
}
}
- if (isset($isValidPredDbname) && $isValidPredDbname) {
- $dbname = $_POST['pred_dbname'];
- // If dbname contains only one database.
- if (count($dbname) === 1) {
- $dbname = $dbname[0];
- }
- } elseif (isset($isValidDbname) && $isValidDbname) {
- $dbname = (string) $_REQUEST['dbname'];
+ $dbAndTable = '*.*';
+ if ($dbname === null) {
+ $tablename = null;
} else {
- unset($dbname, $tablename);
- }
-
- if (isset($dbname)) {
if (is_array($dbname)) {
$dbAndTable = $dbname;
- $returnDb = $dbname;
- foreach ($dbAndTable as $key => $dbName) {
- $dbAndTable[$key] .= '.';
+ foreach (array_keys($dbAndTable) as $key) {
+ $dbAndTable[$key] .= '.*';
}
} else {
$unescapedDb = Util::unescapeMysqlWildcards($dbname);
$dbAndTable = Util::backquote($unescapedDb) . '.';
- $returnDb = $dbname;
- }
- if (isset($tablename) && ! is_array($dbAndTable)) {
- $dbAndTable .= Util::backquote($tablename);
- } else {
- if (is_array($dbAndTable)) {
- foreach ($dbAndTable as $key => $dbName) {
- $dbAndTable[$key] .= '*';
- }
+ if ($tablename !== null) {
+ $dbAndTable .= Util::backquote($tablename);
} else {
$dbAndTable .= '*';
}
}
- } else {
- $dbAndTable = '*.*';
}
// check if given $dbname is a wildcard or not
- $databaseNameIsWildcard = ! is_array($dbname ?? '') && preg_match('/(?
-
+
$_GET['checkprivsdb']
$_GET['checkprivsdb']
$_POST['userGroup']
$db
$db
$db_name ?? ''
- $dbname
- $dbname
- $dbname
- $dbname ?? ''
- $dbname ?? ''
- $dbname ?? ''
- $dbname ?? ''
- $dbname ?? null
- $dbname_is_wildcard
- $hostname
- $hostname
- $hostname
- $hostname ?? ''
- $hostname ?? ''
- $hostname ?? ''
- $hostname ?? ''
- $hostname ?? ''
- $hostname ?? ''
- $hostname ?? null
$password ?? ''
$password ?? null
$queries
$queries
$queries
$queries_for_display
- $routinename
- $routinename
$sql_query
$sql_query ?? ''
$table
- $tablename ?? ''
- $tablename ?? ($routinename ?? '')
- $tablename ?? ($routinename ?? '')
- $tablename ?? ($routinename ?? '')
$text_dir
$url_dbname ?? ''
$url_dbname ?? ''
- $username
- $username
- $username
- $username
- $username
- $username
- $username ?? ''
- $username ?? ''
- $username ?? ''
- $username ?? ''
- $username ?? null
$queries
@@ -2557,14 +2521,19 @@
$export
$title
-
+
$dbname
+ $dbname
+ $dbname ?? ''
+ $dbname ?? ''
-
+
$dbname
-
-
$dbname
+ $dbname ?? ''
+ $dbname ?? ''
+
+
$hostname
$hostname
$hostname
@@ -13127,7 +13096,7 @@
$result
$result
-
+
$GLOBALS['dbname']
$_GET['initial']
$_GET['initial']
@@ -13167,9 +13136,6 @@
$dbRightsResult
$dbRightsResult
$dbRightsRow['Db']
- $dbname
- $dbname
- $dbname ?? ''
$eachUser
$exportUser
$exportUser
@@ -13267,7 +13233,7 @@
$tmpPrivs2['Update']
uksort($arrayInitials, 'strnatcasecmp')
-
+
$account['Host']
$columns[$row1[0]]
$currentGrant[0]
@@ -13282,7 +13248,6 @@
$currentGrant[1]
$currentGrant[2]
$currentGrant[2]
- $dbname[0]
$grant[0]
$grant[0]
$grant[0]
@@ -13352,7 +13317,7 @@
$specificPrivileges[$grant[0]]
$specificPrivileges[$grant[0]]
-
+
$GLOBALS[$key]
$account
$authenticationPlugin
@@ -13364,14 +13329,8 @@
$currentUser
$currentUserName
$databases[]
- $dbName
- $dbName
- $dbName
- $dbName
$dbRightsResult
$dbRightsResult
- $dbname
- $dbname
$eachUser
$exportUser
$extraData['db_wildcard_privs']
@@ -13382,7 +13341,6 @@
$host
$hostnameLength
$initials
- $key
$name
$name
$name
@@ -13427,7 +13385,6 @@
$result
$result
$result
- $returnDb
$right
$routine
$routine
@@ -13457,7 +13414,7 @@
string
string
-
+
$_POST['authentication_plugin']
$_POST['authentication_plugin']
$_POST['old_hostname']
@@ -13474,7 +13431,6 @@
$currentGrant[2]
$currentGrant[2]
$dbAndTable[$key]
- $dbAndTable[$key]
$oneGrant
$origValue
$privilege['Host']
@@ -13508,12 +13464,10 @@
$dbname
$result
-
- $_REQUEST['dbname']
+
$dbname
-
- $dbname
+
$oldUserGroup
$row1['Type']
$row1['Type']
@@ -13534,10 +13488,6 @@
$alterUserQuery
$alterUserQuery
-
- $_POST['pred_dbname']
- $_REQUEST['dbname']
-
(bool) ! $this->dbi->fetchValue($sql)
(string) $privs
@@ -13548,14 +13498,6 @@
$userGroup
-
- $dbName
- $dbName
-
-
- $key
- $key
-