Merge pull request #18294 from ru-asdx/refactor-17769-p1

MauricioFauth · web-flow · commit 012a9cc9d24d · 2023-04-12T15:51:53.000-03:00
Ref #17769 - Replace superglobals with serverrequest in controllers
diff --git a/libraries/classes/Controllers/Database/ImportController.php b/libraries/classes/Controllers/Database/ImportController.php
@@ -77,7 +77,9 @@ public function __invoke(ServerRequest $request): void
         $idKey = $_SESSION[$GLOBALS['SESSION_KEY']]['handler']::getIdKey();
         $hiddenInputs = [$idKey => $uploadId, 'import_type' => 'database', 'db' => $GLOBALS['db']];
 
-        $default = isset($_GET['format']) ? (string) $_GET['format'] : Plugins::getDefault('Import', 'format');
+        $default = $request->hasQueryParam('format')
+            ? (string) $request->getQueryParam('format')
+            : Plugins::getDefault('Import', 'format');
         $choice = Plugins::getChoice($importList, $default);
         $options = Plugins::getOptions('Import', $importList);
         $skipQueriesDefault = Plugins::getDefault('Import', 'skip_queries');
diff --git a/libraries/classes/Controllers/Server/ImportController.php b/libraries/classes/Controllers/Server/ImportController.php
@@ -73,7 +73,9 @@ public function __invoke(ServerRequest $request): void
         $idKey = $_SESSION[$GLOBALS['SESSION_KEY']]['handler']::getIdKey();
         $hiddenInputs = [$idKey => $uploadId, 'import_type' => 'server'];
 
-        $default = isset($_GET['format']) ? (string) $_GET['format'] : Plugins::getDefault('Import', 'format');
+        $default = $request->hasQueryParam('format')
+            ? (string) $request->getQueryParam('format')
+            : Plugins::getDefault('Import', 'format');
         $choice = Plugins::getChoice($importList, $default);
         $options = Plugins::getOptions('Import', $importList);
         $skipQueriesDefault = Plugins::getDefault('Import', 'skip_queries');
diff --git a/libraries/classes/Controllers/Server/UserGroupsFormController.php b/libraries/classes/Controllers/Server/UserGroupsFormController.php
@@ -17,7 +17,6 @@
 
 use function __;
 use function sprintf;
-use function strlen;
 
 final class UserGroupsFormController extends AbstractController
 {
@@ -34,16 +33,17 @@ public function __invoke(ServerRequest $request): void
     {
         $this->response->setAjax(true);
 
-        if (! isset($_GET['username']) || strlen((string) $_GET['username']) === 0) {
+        /** @var string $username */
+        $username = $request->getQueryParam('username', '');
+
+        if ($username === '') {
             $this->response->setRequestStatus(false);
             $this->response->setHttpResponseCode(400);
             $this->response->addJSON('message', __('Missing parameter:') . ' username');
 
             return;
         }
 
-        $username = $_GET['username'];
-
         $checkUserPrivileges = new CheckUserPrivileges($this->dbi);
         $checkUserPrivileges->getPrivileges();
 
diff --git a/libraries/classes/Controllers/Sql/SqlController.php b/libraries/classes/Controllers/Sql/SqlController.php
@@ -112,9 +112,10 @@ public function __invoke(ServerRequest $request): void
             $GLOBALS['sql_query'] = $bkmFields['bkm_sql_query'];
         } elseif ($sqlQuery !== null) {
             $GLOBALS['sql_query'] = $sqlQuery;
-        } elseif (isset($_GET['sql_query'], $_GET['sql_signature'])) {
-            if (Core::checkSqlQuerySignature($_GET['sql_query'], $_GET['sql_signature'])) {
-                $GLOBALS['sql_query'] = $_GET['sql_query'];
+        } elseif ($request->hasQueryParam('sql_query') && $request->hasQueryParam('sql_signature')) {
+            $sqlQuery = $request->getQueryParam('sql_query');
+            if (Core::checkSqlQuerySignature($sqlQuery, $request->getQueryParam('sql_signature'))) {
+                $GLOBALS['sql_query'] = $sqlQuery;
             }
         }
 
diff --git a/libraries/classes/Controllers/Table/ChangeController.php b/libraries/classes/Controllers/Table/ChangeController.php
@@ -75,9 +75,10 @@ public function __invoke(ServerRequest $request): void
 
         DbTableExists::check($GLOBALS['db'], $GLOBALS['table']);
 
-        if (isset($_GET['where_clause'], $_GET['where_clause_signature'])) {
-            if (Core::checkSqlQuerySignature($_GET['where_clause'], $_GET['where_clause_signature'])) {
-                $GLOBALS['where_clause'] = $_GET['where_clause'];
+        if ($request->hasQueryParam('where_clause') && $request->hasQueryParam('where_clause_signature')) {
+            $whereClause = $request->getQueryParam('where_clause');
+            if (Core::checkSqlQuerySignature($whereClause, $request->getQueryParam('where_clause_signature'))) {
+                $GLOBALS['where_clause'] = $whereClause;
             }
         }
 
diff --git a/libraries/classes/Controllers/Table/ExportController.php b/libraries/classes/Controllers/Table/ExportController.php
@@ -92,7 +92,7 @@ public function __invoke(ServerRequest $request): void
             $GLOBALS['unlim_num_rows'] = 0;
         }
 
-        $GLOBALS['single_table'] = $_POST['single_table'] ?? $_GET['single_table'] ?? $GLOBALS['single_table'] ?? null;
+        $GLOBALS['single_table'] = $request->getParam('single_table') ?? $GLOBALS['single_table'] ?? null;
 
         $exportList = Plugins::getExport('table', isset($GLOBALS['single_table']));
 
@@ -105,8 +105,8 @@ public function __invoke(ServerRequest $request): void
         }
 
         $exportType = 'table';
-        $isReturnBackFromRawExport = isset($_POST['export_type']) && $_POST['export_type'] === 'raw';
-        if (isset($_POST['raw_query']) || $isReturnBackFromRawExport) {
+        $isReturnBackFromRawExport = $request->getParsedBodyParam('export_type') === 'raw';
+        if ($request->hasBodyParam('raw_query') || $isReturnBackFromRawExport) {
             $exportType = 'raw';
         }
 
diff --git a/libraries/classes/Controllers/Table/ImportController.php b/libraries/classes/Controllers/Table/ImportController.php
@@ -89,7 +89,9 @@ public function __invoke(ServerRequest $request): void
             'table' => $GLOBALS['table'],
         ];
 
-        $default = isset($_GET['format']) ? (string) $_GET['format'] : Plugins::getDefault('Import', 'format');
+        $default = $request->hasQueryParam('format')
+            ? (string) $request->getQueryParam('format')
+            : Plugins::getDefault('Import', 'format');
         $choice = Plugins::getChoice($importList, $default);
         $options = Plugins::getOptions('Import', $importList);
         $skipQueriesDefault = Plugins::getDefault('Import', 'skip_queries');
diff --git a/libraries/classes/Controllers/Table/SqlController.php b/libraries/classes/Controllers/Table/SqlController.php
@@ -55,15 +55,14 @@ public function __invoke(ServerRequest $request): void
          */
         $GLOBALS['goto'] = Url::getFromRoute('/table/sql');
         $GLOBALS['back'] = Url::getFromRoute('/table/sql');
+        $delimiter = $request->getParsedBodyParam('delimiter', ';');
 
         $this->response->addHTML($this->sqlQueryForm->getHtml(
             $GLOBALS['db'],
             $GLOBALS['table'],
-            $_GET['sql_query'] ?? true,
+            $request->getQueryParam('sql_query', true),
             false,
-            isset($_POST['delimiter'])
-                ? htmlspecialchars($_POST['delimiter'])
-                : ';',
+            htmlspecialchars($delimiter),
         ));
     }
 }
diff --git a/libraries/classes/Controllers/View/CreateController.php b/libraries/classes/Controllers/View/CreateController.php
@@ -121,18 +121,20 @@ public function __invoke(ServerRequest $request): void
         ];
 
         // Used to prefill the fields when editing a view
-        if (isset($_GET['db'], $_GET['table'])) {
+        if ($request->hasQueryParam('db') && $request->hasQueryParam('table')) {
+            $db = $request->getQueryParam('db');
+            $table = $request->getQueryParam('table');
             $item = $this->dbi->fetchSingleRow(
                 sprintf(
                     'SELECT `VIEW_DEFINITION`, `CHECK_OPTION`, `DEFINER`, `SECURITY_TYPE`
                         FROM `INFORMATION_SCHEMA`.`VIEWS`
                         WHERE TABLE_SCHEMA=%s
                         AND TABLE_NAME=%s;',
-                    $this->dbi->quoteString($_GET['db']),
-                    $this->dbi->quoteString($_GET['table']),
+                    $this->dbi->quoteString($db),
+                    $this->dbi->quoteString($table),
                 ),
             );
-            $createView = $this->dbi->getTable($_GET['db'], $_GET['table'])
+            $createView = $this->dbi->getTable($db, $table)
                 ->showCreate();
 
             // CREATE ALGORITHM=<ALGORITHM> DE...
@@ -141,7 +143,7 @@ public function __invoke(ServerRequest $request): void
             $viewData['operation'] = 'alter';
             $viewData['definer'] = $item['DEFINER'];
             $viewData['sql_security'] = $item['SECURITY_TYPE'];
-            $viewData['name'] = $_GET['table'];
+            $viewData['name'] = $table;
             $viewData['as'] = $item['VIEW_DEFINITION'];
             $viewData['with'] = $item['CHECK_OPTION'];
             $viewData['algorithm'] = $item['ALGORITHM'];
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
@@ -1035,6 +1035,11 @@ parameters:
 			count: 1
 			path: libraries/classes/Controllers/Database/DesignerController.php
 
+		-
+			message: "#^Cannot cast mixed to string\\.$#"
+			count: 1
+			path: libraries/classes/Controllers/Database/ImportController.php
+
 		-
 			message: "#^Parameter \\#1 \\$sqlQuery of static method PhpMyAdmin\\\\Database\\\\MultiTableQuery\\:\\:displayResults\\(\\) expects string, mixed given\\.$#"
 			count: 1
@@ -1810,6 +1815,11 @@ parameters:
 			count: 1
 			path: libraries/classes/Controllers/Server/DatabasesController.php
 
+		-
+			message: "#^Cannot cast mixed to string\\.$#"
+			count: 1
+			path: libraries/classes/Controllers/Server/ImportController.php
+
 		-
 			message: "#^Method PhpMyAdmin\\\\Controllers\\\\Server\\\\PrivilegesController\\:\\:getExportPageTitle\\(\\) has parameter \\$selectedUsers with no value type specified in iterable type array\\.$#"
 			count: 1
@@ -2075,11 +2085,31 @@ parameters:
 			count: 1
 			path: libraries/classes/Controllers/Sql/SetValuesController.php
 
+		-
+			message: "#^Parameter \\#1 \\$sqlQuery of static method PhpMyAdmin\\\\Core\\:\\:checkSqlQuerySignature\\(\\) expects string, mixed given\\.$#"
+			count: 1
+			path: libraries/classes/Controllers/Sql/SqlController.php
+
+		-
+			message: "#^Parameter \\#2 \\$signature of static method PhpMyAdmin\\\\Core\\:\\:checkSqlQuerySignature\\(\\) expects string, mixed given\\.$#"
+			count: 1
+			path: libraries/classes/Controllers/Sql/SqlController.php
+
 		-
 			message: "#^Parameter \\#1 \\$target of static method PhpMyAdmin\\\\Util\\:\\:getScriptNameForOption\\(\\) expects string, mixed given\\.$#"
 			count: 1
 			path: libraries/classes/Controllers/Table/AddFieldController.php
 
+		-
+			message: "#^Parameter \\#1 \\$sqlQuery of static method PhpMyAdmin\\\\Core\\:\\:checkSqlQuerySignature\\(\\) expects string, mixed given\\.$#"
+			count: 1
+			path: libraries/classes/Controllers/Table/ChangeController.php
+
+		-
+			message: "#^Parameter \\#2 \\$signature of static method PhpMyAdmin\\\\Core\\:\\:checkSqlQuerySignature\\(\\) expects string, mixed given\\.$#"
+			count: 1
+			path: libraries/classes/Controllers/Table/ChangeController.php
+
 		-
 			message: "#^Parameter \\#2 \\$offset of class PhpMyAdmin\\\\SqlParser\\\\Components\\\\Limit constructor expects int, \\(float\\|int\\) given\\.$#"
 			count: 1
@@ -2130,6 +2160,11 @@ parameters:
 			count: 1
 			path: libraries/classes/Controllers/Table/GetFieldController.php
 
+		-
+			message: "#^Cannot cast mixed to string\\.$#"
+			count: 1
+			path: libraries/classes/Controllers/Table/ImportController.php
+
 		-
 			message: "#^Parameter \\#1 \\$value of function count expects array\\|Countable, mixed given\\.$#"
 			count: 1
@@ -2275,6 +2310,16 @@ parameters:
 			count: 1
 			path: libraries/classes/Controllers/Table/SearchController.php
 
+		-
+			message: "#^Parameter \\#1 \\$string of function htmlspecialchars expects string, mixed given\\.$#"
+			count: 1
+			path: libraries/classes/Controllers/Table/SqlController.php
+
+		-
+			message: "#^Parameter \\#3 \\$query of method PhpMyAdmin\\\\SqlQueryForm\\:\\:getHtml\\(\\) expects bool\\|string, mixed given\\.$#"
+			count: 1
+			path: libraries/classes/Controllers/Table/SqlController.php
+
 		-
 			message: "#^Parameter \\#1 \\$selected of method PhpMyAdmin\\\\Controllers\\\\Table\\\\Structure\\\\ChangeController\\:\\:displayHtmlForColumnChange\\(\\) expects array\\<string\\>, array\\<int, mixed\\> given\\.$#"
 			count: 1
@@ -2610,11 +2655,26 @@ parameters:
 			count: 1
 			path: libraries/classes/Controllers/View/CreateController.php
 
+		-
+			message: "#^Parameter \\#1 \\$dbName of method PhpMyAdmin\\\\DatabaseInterface\\:\\:getTable\\(\\) expects string, mixed given\\.$#"
+			count: 1
+			path: libraries/classes/Controllers/View/CreateController.php
+
+		-
+			message: "#^Parameter \\#1 \\$str of method PhpMyAdmin\\\\DatabaseInterface\\:\\:quoteString\\(\\) expects string, mixed given\\.$#"
+			count: 2
+			path: libraries/classes/Controllers/View/CreateController.php
+
 		-
 			message: "#^Parameter \\#2 \\$string of function explode expects string, mixed given\\.$#"
 			count: 1
 			path: libraries/classes/Controllers/View/CreateController.php
 
+		-
+			message: "#^Parameter \\#2 \\$tableName of method PhpMyAdmin\\\\DatabaseInterface\\:\\:getTable\\(\\) expects string, mixed given\\.$#"
+			count: 1
+			path: libraries/classes/Controllers/View/CreateController.php
+
 		-
 			message: "#^Property PhpMyAdmin\\\\SqlParser\\\\Statements\\\\CreateStatement\\:\\:\\$body \\(array\\<PhpMyAdmin\\\\SqlParser\\\\Token\\>\\|string\\) in isset\\(\\) is not nullable\\.$#"
 			count: 1
diff --git a/psalm-baseline.xml b/psalm-baseline.xml
diff --git a/test/classes/Controllers/Table/SqlControllerTest.php b/test/classes/Controllers/Table/SqlControllerTest.php

Original file line number	Diff line number	Diff line change
`@@ -112,9 +112,10 @@ public function __invoke(ServerRequest $request): void`
`112`	`112`	`$GLOBALS['sql_query'] = $bkmFields['bkm_sql_query'];`
`113`	`113`	`} elseif ($sqlQuery !== null) {`
`114`	`114`	`$GLOBALS['sql_query'] = $sqlQuery;`
`115`		`- } elseif (isset($_GET['sql_query'], $_GET['sql_signature'])) {`
`116`		`- if (Core::checkSqlQuerySignature($_GET['sql_query'], $_GET['sql_signature'])) {`
`117`		`- $GLOBALS['sql_query'] = $_GET['sql_query'];`
	`115`	`+ } elseif ($request->hasQueryParam('sql_query') && $request->hasQueryParam('sql_signature')) {`
	`116`	`+ $sqlQuery = $request->getQueryParam('sql_query');`
	`117`	`+ if (Core::checkSqlQuerySignature($sqlQuery, $request->getQueryParam('sql_signature'))) {`
	`118`	`+ $GLOBALS['sql_query'] = $sqlQuery;`
`118`	`119`	`}`
`119`	`120`	`}`
`120`	`121`
Original file line number	Diff line number	Diff line change
`@@ -75,9 +75,10 @@ public function __invoke(ServerRequest $request): void`
`75`	`75`
`76`	`76`	`DbTableExists::check($GLOBALS['db'], $GLOBALS['table']);`
`77`	`77`
`78`		`- if (isset($_GET['where_clause'], $_GET['where_clause_signature'])) {`
`79`		`- if (Core::checkSqlQuerySignature($_GET['where_clause'], $_GET['where_clause_signature'])) {`
`80`		`- $GLOBALS['where_clause'] = $_GET['where_clause'];`
	`78`	`+ if ($request->hasQueryParam('where_clause') && $request->hasQueryParam('where_clause_signature')) {`
	`79`	`+ $whereClause = $request->getQueryParam('where_clause');`
	`80`	`+ if (Core::checkSqlQuerySignature($whereClause, $request->getQueryParam('where_clause_signature'))) {`
	`81`	`+ $GLOBALS['where_clause'] = $whereClause;`
`81`	`82`	`}`
`82`	`83`	`}`
`83`	`84`
Original file line number	Diff line number	Diff line change
`@@ -92,7 +92,7 @@ public function __invoke(ServerRequest $request): void`
`92`	`92`	`$GLOBALS['unlim_num_rows'] = 0;`
`93`	`93`	`}`
`94`	`94`
`95`		`- $GLOBALS['single_table'] = $_POST['single_table'] ?? $_GET['single_table'] ?? $GLOBALS['single_table'] ?? null;`
	`95`	`+ $GLOBALS['single_table'] = $request->getParam('single_table') ?? $GLOBALS['single_table'] ?? null;`
`96`	`96`
`97`	`97`	`$exportList = Plugins::getExport('table', isset($GLOBALS['single_table']));`
`98`	`98`
`@@ -105,8 +105,8 @@ public function __invoke(ServerRequest $request): void`
`105`	`105`	`}`
`106`	`106`
`107`	`107`	`$exportType = 'table';`
`108`		`- $isReturnBackFromRawExport = isset($_POST['export_type']) && $_POST['export_type'] === 'raw';`
`109`		`- if (isset($_POST['raw_query']) \|\| $isReturnBackFromRawExport) {`
	`108`	`+ $isReturnBackFromRawExport = $request->getParsedBodyParam('export_type') === 'raw';`
	`109`	`+ if ($request->hasBodyParam('raw_query') \|\| $isReturnBackFromRawExport) {`
`110`	`110`	`$exportType = 'raw';`
`111`	`111`	`}`
`112`	`112`