Extract goto and back setup from common.inc.php

Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
phpmyadmin · Jul 4, 2020 · f67aacd · f67aacd
1 parent 41622c7
commit f67aacd
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 32 deletions.
diff --git a/libraries/classes/Core.php b/libraries/classes/Core.php
@@ -10,7 +10,7 @@
 namespace PhpMyAdmin;
 
 use PhpMyAdmin\Display\Error as DisplayError;
-use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\ContainerInterface;
 use const DATE_RFC1123;
 use const E_USER_ERROR;
 use const E_USER_WARNING;
@@ -913,7 +913,7 @@ public static function setPostAsGlobal(array $post_patterns): void
         }
     }
 
-    public static function setDatabaseAndTableFromRequest(ContainerBuilder $containerBuilder): void
+    public static function setDatabaseAndTableFromRequest(ContainerInterface $containerBuilder): void
     {
         global $db, $table, $url_params;
 
@@ -1347,4 +1347,32 @@ public static function checkTokenRequestParam(): void
         $allowList = ['ajax_request'];
         Sanitize::removeRequestVars($allowList);
     }
+
+    public static function setGotoAndBackGlobals(ContainerInterface $container, Config $config): void
+    {
+        global $goto, $back, $url_params;
+
+        // Holds page that should be displayed.
+        $goto = '';
+        $container->setParameter('goto', $goto);
+
+        if (isset($_REQUEST['goto']) && self::checkPageValidity($_REQUEST['goto'])) {
+            $goto = $_REQUEST['goto'];
+            $url_params['goto'] = $goto;
+            $container->setParameter('goto', $goto);
+            $container->setParameter('url_params', $url_params);
+        } else {
+            $config->removeCookie('goto');
+            unset($_REQUEST['goto'], $_GET['goto'], $_POST['goto']);
+        }
+
+        if (isset($_REQUEST['back']) && self::checkPageValidity($_REQUEST['back'])) {
+            // Returning page.
+            $back = $_REQUEST['back'];
+            $container->setParameter('back', $back);
+        } else {
+            $config->removeCookie('back');
+            unset($_REQUEST['back'], $_GET['back'], $_POST['back']);
+        }
+    }
 }
diff --git a/libraries/common.inc.php b/libraries/common.inc.php
@@ -165,36 +165,7 @@
 $url_params = [];
 $containerBuilder->setParameter('url_params', $url_params);
 
-/**
- * holds page that should be displayed
- *
- * @global string $goto
- */
-$goto = '';
-$containerBuilder->setParameter('goto', $goto);
-// Security fix: disallow accessing serious server files via "?goto="
-if (isset($_REQUEST['goto']) && Core::checkPageValidity($_REQUEST['goto'])) {
-    $goto = $_REQUEST['goto'];
-    $url_params['goto'] = $goto;
-    $containerBuilder->setParameter('goto', $goto);
-    $containerBuilder->setParameter('url_params', $url_params);
-} else {
-    $PMA_Config->removeCookie('goto');
-    unset($_REQUEST['goto'], $_GET['goto'], $_POST['goto']);
-}
-
-/**
- * returning page
- *
- * @global string $back
- */
-if (isset($_REQUEST['back']) && Core::checkPageValidity($_REQUEST['back'])) {
-    $back = $_REQUEST['back'];
-    $containerBuilder->setParameter('back', $back);
-} else {
-    $PMA_Config->removeCookie('back');
-    unset($_REQUEST['back'], $_GET['back'], $_POST['back']);
-}
+Core::setGotoAndBackGlobals($containerBuilder, $PMA_Config);
 
 Core::checkTokenRequestParam();