Ref #17769 - Replace superglobals with ServerRequest in Import & Export Controllers (#17949)

ru-asdx · web-flow · commit 3794031ebcfc · 2022-12-14T12:04:38.000-03:00
* Replace superglobals with ServerRequest in Import &amp; Export Controllers

Signed-off-by: Evgeny Skorlov &lt;eugene@skorlov.name&gt;

* small fixes

Signed-off-by: Evgeny Skorlov &lt;eugene@skorlov.name&gt;

* fixes

Signed-off-by: Evgeny Skorlov &lt;eugene@skorlov.name&gt;

Signed-off-by: Evgeny Skorlov &lt;eugene@skorlov.name&gt;
diff --git a/libraries/classes/Controllers/Export/TablesController.php b/libraries/classes/Controllers/Export/TablesController.php
@@ -25,7 +25,7 @@ public function __construct(ResponseRenderer $response, Template $template, Expo
 
     public function __invoke(ServerRequest $request): void
     {
-        if (empty($_POST['selected_tbl'])) {
+        if (! $request->hasBodyParam('selected_tbl')) {
             $this->response->setRequestStatus(false);
             $this->response->addJSON('message', __('No table selected.'));
 
diff --git a/libraries/classes/Controllers/Import/ImportController.php b/libraries/classes/Controllers/Import/ImportController.php
@@ -109,16 +109,16 @@ public function __invoke(ServerRequest $request): void
         $GLOBALS['reload'] = $GLOBALS['reload'] ?? null;
         $GLOBALS['charset_connection'] = $GLOBALS['charset_connection'] ?? null;
 
-        $GLOBALS['charset_of_file'] = $_POST['charset_of_file'] ?? null;
-        $GLOBALS['format'] = $_POST['format'] ?? '';
-        $GLOBALS['import_type'] = $_POST['import_type'] ?? null;
-        $GLOBALS['is_js_confirmed'] = $_POST['is_js_confirmed'] ?? null;
-        $GLOBALS['MAX_FILE_SIZE'] = $_POST['MAX_FILE_SIZE'] ?? null;
-        $GLOBALS['message_to_show'] = $_POST['message_to_show'] ?? null;
-        $GLOBALS['noplugin'] = $_POST['noplugin'] ?? null;
-        $GLOBALS['skip_queries'] = $_POST['skip_queries'] ?? null;
-        $GLOBALS['local_import_file'] = $_POST['local_import_file'] ?? null;
-        $GLOBALS['show_as_php'] = $_POST['show_as_php'] ?? null;
+        $GLOBALS['charset_of_file'] = $request->getParsedBodyParam('charset_of_file');
+        $GLOBALS['format'] = $request->getParsedBodyParam('format', '');
+        $GLOBALS['import_type'] = $request->getParsedBodyParam('import_type');
+        $GLOBALS['is_js_confirmed'] = $request->getParsedBodyParam('is_js_confirmed');
+        $GLOBALS['MAX_FILE_SIZE'] = $request->getParsedBodyParam('MAX_FILE_SIZE');
+        $GLOBALS['message_to_show'] = $request->getParsedBodyParam('message_to_show');
+        $GLOBALS['noplugin'] = $request->getParsedBodyParam('noplugin');
+        $GLOBALS['skip_queries'] = $request->getParsedBodyParam('skip_queries');
+        $GLOBALS['local_import_file'] = $request->getParsedBodyParam('local_import_file');
+        $GLOBALS['show_as_php'] = $request->getParsedBodyParam('show_as_php');
 
         // reset import messages for ajax request
         $_SESSION['Import_message']['message'] = null;
@@ -138,9 +138,9 @@ public function __invoke(ServerRequest $request): void
         // (eg. non import, but query box/window run)
         if (! empty($GLOBALS['sql_query'])) {
             // apply values for parameters
-            if (! empty($_POST['parameterized']) && ! empty($_POST['parameters']) && is_array($_POST['parameters'])) {
-                /** @var array<string, string> $parameters */
-                $parameters = $_POST['parameters'];
+            /** @var array<string, string> $parameters */
+            $parameters = $request->getParsedBodyParam('parameters');
+            if ($request->hasBodyParam('parameterized') && is_array($parameters)) {
                 foreach ($parameters as $parameter => $replacementValue) {
                     if (! is_numeric($replacementValue)) {
                         $replacementValue = $this->dbi->quoteString($replacementValue);
@@ -169,7 +169,7 @@ public function __invoke(ServerRequest $request): void
             $_SESSION['sql_from_query_box'] = true;
 
             // If there is a request to ROLLBACK when finished.
-            if (isset($_POST['rollback_query'])) {
+            if ($request->hasBodyParam('rollback_query')) {
                 $this->import->handleRollbackRequest($GLOBALS['import_text']);
             }
 
@@ -204,15 +204,17 @@ public function __invoke(ServerRequest $request): void
             $GLOBALS['import_type'] = 'queryfile';
             $GLOBALS['format'] = 'sql';
             unset($GLOBALS['sql_file']);
-        } elseif (! empty($_POST['id_bookmark'])) {
+        } elseif ($request->hasBodyParam('id_bookmark')) {
             // run bookmark
             $GLOBALS['import_type'] = 'query';
             $GLOBALS['format'] = 'sql';
         }
 
         // If we didn't get any parameters, either user called this directly, or
         // upload limit has been reached, let's assume the second possibility.
-        if ($_POST == [] && $_GET == []) {
+        $getParams = $request->getQueryParams();
+        $postParams = $request->getParsedBody();
+        if ($postParams === [] && $getParams === []) {
             $GLOBALS['message'] = Message::error(
                 __(
                     'You probably tried to upload a file that is too large. Please refer ' .
@@ -233,8 +235,9 @@ public function __invoke(ServerRequest $request): void
         }
 
         // Add console message id to response output
-        if (isset($_POST['console_message_id'])) {
-            $this->response->addJSON('console_message_id', $_POST['console_message_id']);
+        $console_message_id = $request->getParsedBodyParam('console_message_id');
+        if ($console_message_id !== null) {
+            $this->response->addJSON('console_message_id', $console_message_id);
         }
 
         /**
@@ -301,7 +304,7 @@ public function __invoke(ServerRequest $request): void
         }
 
         $GLOBALS['timestamp'] = time();
-        if (isset($_POST['allow_interrupt'])) {
+        if ($request->hasBodyParam('allow_interrupt')) {
             $GLOBALS['maximum_time'] = ini_get('max_execution_time');
         } else {
             $GLOBALS['maximum_time'] = 0;
@@ -326,24 +329,26 @@ public function __invoke(ServerRequest $request): void
         $GLOBALS['result'] = false;
 
         // Bookmark Support: get a query back from bookmark if required
-        if (! empty($_POST['id_bookmark'])) {
-            $id_bookmark = (int) $_POST['id_bookmark'];
-            switch ($_POST['action_bookmark']) {
+        $id_bookmark = (int) $request->getParsedBodyParam('id_bookmark');
+        $action_bookmark = (int) $request->getParsedBodyParam('action_bookmark');
+        if ($id_bookmark !== 0) {
+            switch ($action_bookmark) {
                 case 0: // bookmarked query that have to be run
                     $bookmark = Bookmark::get(
                         $this->dbi,
                         $GLOBALS['cfg']['Server']['user'],
                         DatabaseName::fromValue($GLOBALS['db']),
                         $id_bookmark,
                         'id',
-                        isset($_POST['action_bookmark_all'])
+                        $request->hasBodyParam('action_bookmark_all')
                     );
                     if (! $bookmark instanceof Bookmark) {
                         break;
                     }
 
-                    if (! empty($_POST['bookmark_variable'])) {
-                        $GLOBALS['import_text'] = $bookmark->applyVariables($_POST['bookmark_variable']);
+                    $bookmark_variables = $request->getParsedBodyParam('bookmark_variable');
+                    if (is_array($bookmark_variables)) {
+                        $GLOBALS['import_text'] = $bookmark->applyVariables($bookmark_variables);
                     } else {
                         $GLOBALS['import_text'] = $bookmark->getQuery();
                     }
@@ -377,7 +382,7 @@ public function __invoke(ServerRequest $request): void
                         $this->response->setRequestStatus($GLOBALS['message']->isSuccess());
                         $this->response->addJSON('message', $GLOBALS['message']);
                         $this->response->addJSON('sql_query', $GLOBALS['import_text']);
-                        $this->response->addJSON('action_bookmark', $_POST['action_bookmark']);
+                        $this->response->addJSON('action_bookmark', $action_bookmark);
 
                         return;
                     } else {
@@ -403,7 +408,7 @@ public function __invoke(ServerRequest $request): void
                         );
                         $this->response->setRequestStatus($GLOBALS['message']->isSuccess());
                         $this->response->addJSON('message', $GLOBALS['message']);
-                        $this->response->addJSON('action_bookmark', $_POST['action_bookmark']);
+                        $this->response->addJSON('action_bookmark', $action_bookmark);
                         $this->response->addJSON('id_bookmark', $id_bookmark);
 
                         return;
@@ -550,8 +555,8 @@ public function __invoke(ServerRequest $request): void
         }
 
         // Something to skip? (because timeout has passed)
-        if (! $GLOBALS['error'] && isset($_POST['skip'])) {
-            $original_skip = $skip = intval($_POST['skip']);
+        if (! $GLOBALS['error'] && $request->hasBodyParam('skip')) {
+            $original_skip = $skip = intval($request->getParsedBodyParam('skip'));
             while ($skip > 0 && ! $GLOBALS['finished']) {
                 $this->import->getNextChunk(
                     $importHandle ?? null,
@@ -611,11 +616,11 @@ public function __invoke(ServerRequest $request): void
         }
 
         // Show correct message
-        if (! empty($id_bookmark) && $_POST['action_bookmark'] == 2) {
+        if ($id_bookmark !== 0 && $action_bookmark === 2) {
             $GLOBALS['message'] = Message::success(__('The bookmark has been deleted.'));
             $GLOBALS['display_query'] = $GLOBALS['import_text'];
             $GLOBALS['error'] = false; // unset error marker, it was used just to skip processing
-        } elseif (! empty($id_bookmark) && $_POST['action_bookmark'] == 1) {
+        } elseif ($id_bookmark !== 0 && $action_bookmark === 1) {
             $GLOBALS['message'] = Message::notice(__('Showing bookmark'));
         } elseif ($GLOBALS['finished'] && ! $GLOBALS['error']) {
             // Do not display the query with message, we do it separately
@@ -773,16 +778,16 @@ public function __invoke(ServerRequest $request): void
             // sql_query_for_bookmark is not included in Sql::executeQueryAndGetQueryResponse
             // since only one bookmark has to be added for all the queries submitted through
             // the SQL tab
-            if (! empty($_POST['bkm_label']) && ! empty($GLOBALS['import_text'])) {
+            if (! empty($request->getParsedBodyParam('bkm_label')) && ! empty($GLOBALS['import_text'])) {
                 $relation = new Relation($this->dbi);
 
                 $this->sql->storeTheQueryAsBookmark(
                     $relation->getRelationParameters()->bookmarkFeature,
                     $GLOBALS['db'],
                     $GLOBALS['cfg']['Server']['user'],
-                    $_POST['sql_query'],
-                    $_POST['bkm_label'],
-                    isset($_POST['bkm_replace'])
+                    $request->getParsedBodyParam('sql_query'),
+                    $request->getParsedBodyParam('bkm_label'),
+                    $request->hasBodyParam('bkm_replace')
                 );
             }
 
@@ -794,16 +799,16 @@ public function __invoke(ServerRequest $request): void
 
         if ($GLOBALS['result']) {
             // Save a Bookmark with more than one queries (if Bookmark label given).
-            if (! empty($_POST['bkm_label']) && ! empty($GLOBALS['import_text'])) {
+            if (! empty($request->getParsedBodyParam('bkm_label')) && ! empty($GLOBALS['import_text'])) {
                 $relation = new Relation($this->dbi);
 
                 $this->sql->storeTheQueryAsBookmark(
                     $relation->getRelationParameters()->bookmarkFeature,
                     $GLOBALS['db'],
                     $GLOBALS['cfg']['Server']['user'],
-                    $_POST['sql_query'],
-                    $_POST['bkm_label'],
-                    isset($_POST['bkm_replace'])
+                    $request->getParsedBodyParam('sql_query'),
+                    $request->getParsedBodyParam('bkm_label'),
+                    $request->hasBodyParam('bkm_replace')
                 );
             }
 
@@ -823,7 +828,7 @@ public function __invoke(ServerRequest $request): void
         }
 
         // If there is request for ROLLBACK in the end.
-        if (! isset($_POST['rollback_query'])) {
+        if (! $request->hasBodyParam('rollback_query')) {
             return;
         }
 
diff --git a/libraries/classes/Controllers/Import/SimulateDmlController.php b/libraries/classes/Controllers/Import/SimulateDmlController.php
@@ -38,7 +38,7 @@ public function __invoke(ServerRequest $request): void
         $error = '';
         $errorMsg = __('Only single-table UPDATE and DELETE queries can be simulated.');
         /** @var string $sqlDelimiter */
-        $sqlDelimiter = $_POST['sql_delimiter'];
+        $sqlDelimiter = $request->getParsedBodyParam('sql_delimiter', '');
         $sqlData = [];
         /** @var string[] $queries */
         $queries = explode($sqlDelimiter, $GLOBALS['sql_query']);
diff --git a/libraries/classes/Controllers/Import/StatusController.php b/libraries/classes/Controllers/Import/StatusController.php
@@ -46,7 +46,7 @@ public function __invoke(ServerRequest $request): void
         ] = Ajax::uploadProgressSetup();
 
         // $_GET["message"] is used for asking for an import message
-        if (isset($_GET['message']) && $_GET['message']) {
+        if ($request->hasQueryParam('message')) {
             // AJAX requests can't be cached!
             foreach (Core::getNoCacheHeaders() as $name => $value) {
                 header(sprintf('%s: %s', $name, $value));
@@ -84,7 +84,7 @@ public function __invoke(ServerRequest $request): void
                 ]);
             }
         } else {
-            Ajax::status($_GET['id']);
+            Ajax::status($request->getQueryParam('id'));
         }
     }
 }
diff --git a/test/classes/Controllers/Import/ImportControllerTest.php b/test/classes/Controllers/Import/ImportControllerTest.php
@@ -43,16 +43,20 @@ public function testIndexParametrized(): void
         parent::loadResponseIntoContainerBuilder();
 
         // Some params where not added as they where not required for this test
-        $_POST['db'] = 'pma_test';
-        $_POST['table'] = 'table1';
-        $GLOBALS['db'] = $_POST['db'];
-        $GLOBALS['table'] = $_POST['table'];
-        $_POST['parameterized'] = 'on';
-        $_POST['parameters'] = [':nomEta' => 'Saint-Louis - Châteaulin', ':1' => '4'];
-        $_POST['sql_query'] = 'SELECT A.*' . "\n"
+        $GLOBALS['db'] = 'pma_test';
+        $GLOBALS['table'] = 'table1';
+        $GLOBALS['sql_query'] = 'SELECT A.*' . "\n"
             . 'FROM table1 A' . "\n"
             . 'WHERE A.nomEtablissement = :nomEta AND foo = :1 AND `:a` IS NULL';
-        $GLOBALS['sql_query'] = $_POST['sql_query'];
+
+        $request = $this->createStub(ServerRequest::class);
+        $request->method('getParsedBodyParam')->willReturnMap([
+            ['db', null, $GLOBALS['db']],
+            ['table', null, $GLOBALS['table']],
+            ['parameterized', null, 'on'],
+            ['parameters', null, [':nomEta' => 'Saint-Louis - Châteaulin', ':1' => '4']],
+            ['sql_query', null, $GLOBALS['sql_query']],
+        ]);
 
         $this->dummyDbi->addResult(
             'SELECT A.* FROM table1 A WHERE A.nomEtablissement = \'Saint-Louis - Châteaulin\''
@@ -74,7 +78,7 @@ public function testIndexParametrized(): void
         $importController = $GLOBALS['containerBuilder']->get(ImportController::class);
         $this->dummyDbi->addSelectDb('pma_test');
         $this->dummyDbi->addSelectDb('pma_test');
-        $importController($this->createStub(ServerRequest::class));
+        $importController($request);
         $this->dummyDbi->assertAllSelectsConsumed();
         $this->assertResponseWasSuccessfull();
 

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ public function __construct(ResponseRenderer $response, Template $template, Expo`
`25`	`25`
`26`	`26`	`public function __invoke(ServerRequest $request): void`
`27`	`27`	`{`
`28`		`- if (empty($_POST['selected_tbl'])) {`
	`28`	`+ if (! $request->hasBodyParam('selected_tbl')) {`
`29`	`29`	`$this->response->setRequestStatus(false);`
`30`	`30`	`$this->response->addJSON('message', __('No table selected.'));`
`31`	`31`
Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ public function __invoke(ServerRequest $request): void`
`46`	`46`	`] = Ajax::uploadProgressSetup();`
`47`	`47`
`48`	`48`	`// $_GET["message"] is used for asking for an import message`
`49`		`- if (isset($_GET['message']) && $_GET['message']) {`
	`49`	`+ if ($request->hasQueryParam('message')) {`
`50`	`50`	`// AJAX requests can't be cached!`
`51`	`51`	`foreach (Core::getNoCacheHeaders() as $name => $value) {`
`52`	`52`	`header(sprintf('%s: %s', $name, $value));`
`@@ -84,7 +84,7 @@ public function __invoke(ServerRequest $request): void`
`84`	`84`	`]);`
`85`	`85`	`}`
`86`	`86`	`} else {`
`87`		`- Ajax::status($_GET['id']);`
	`87`	`+ Ajax::status($request->getQueryParam('id'));`
`88`	`88`	`}`
`89`	`89`	`}`
`90`	`90`	`}`