Skip to content

Commit a0e4aff

Browse files
MauricioFauthMauricioFauth
committed
Replace $_POST with ServerRequest object in Table\OperationsController
Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
1 parent 1be99c9 commit a0e4aff

File tree

2 files changed

+51
-49
lines changed

2 files changed

+51
-49
lines changed

libraries/classes/Controllers/Table/OperationsController.php

Lines changed: 49 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,8 @@
2727
use function __;
2828
use function count;
2929
use function implode;
30+
use function is_array;
31+
use function is_string;
3032
use function mb_strstr;
3133
use function mb_strtolower;
3234
use function mb_strtoupper;
@@ -161,7 +163,7 @@ public function __invoke(ServerRequest $request): void
161163
/**
162164
* If the table has to be moved to some other database
163165
*/
164-
if (isset($_POST['submit_move']) || isset($_POST['submit_copy'])) {
166+
if ($request->hasBodyParam('submit_move') || $request->hasBodyParam('submit_copy')) {
165167
$message = $this->operations->moveOrCopyTable($GLOBALS['db'], $GLOBALS['table']);
166168

167169
if (! $this->response->isAjax()) {
@@ -171,8 +173,10 @@ public function __invoke(ServerRequest $request): void
171173
$this->response->addJSON('message', $message);
172174

173175
if ($message->isSuccess()) {
174-
if (isset($_POST['submit_move'], $_POST['target_db'])) {
175-
$GLOBALS['db'] = $_POST['target_db'];// Used in Header::getJsParams()
176+
/** @var mixed $targetDbParam */
177+
$targetDbParam = $request->getParsedBodyParam('target_db');
178+
if ($request->hasBodyParam('submit_move') && is_string($targetDbParam)) {
179+
$GLOBALS['db'] = $targetDbParam; // Used in Header::getJsParams()
176180
}
177181

178182
$this->response->addJSON('db', $GLOBALS['db']);
@@ -188,27 +192,31 @@ public function __invoke(ServerRequest $request): void
188192
/**
189193
* Updates table comment, type and options if required
190194
*/
191-
if (isset($_POST['submitoptions'])) {
195+
if ($request->hasBodyParam('submitoptions')) {
192196
$_message = '';
193197
$GLOBALS['warning_messages'] = [];
194198

195-
if (isset($_POST['new_name'])) {
199+
/** @var mixed $newName */
200+
$newName = $request->getParsedBodyParam('new_name');
201+
if (is_string($newName)) {
196202
// lower_case_table_names=1 `DB` becomes `db`
197203
if ($GLOBALS['lowerCaseNames']) {
198-
$_POST['new_name'] = mb_strtolower($_POST['new_name']);
204+
$newName = mb_strtolower($newName);
199205
}
200206

201207
// Get original names before rename operation
202208
$oldTable = $pma_table->getName();
203209
$oldDb = $pma_table->getDbName();
204210

205-
if ($pma_table->rename($_POST['new_name'])) {
206-
if (isset($_POST['adjust_privileges']) && ! empty($_POST['adjust_privileges'])) {
211+
if ($pma_table->rename($newName)) {
212+
if ($request->getParsedBodyParam('adjust_privileges')) {
213+
/** @var mixed $dbParam */
214+
$dbParam = $request->getParsedBodyParam('db');
207215
$this->operations->adjustPrivilegesRenameOrMoveTable(
208216
$oldDb,
209217
$oldTable,
210-
$_POST['db'],
211-
$_POST['new_name']
218+
is_string($dbParam) ? $dbParam : '',
219+
$newName
212220
);
213221
}
214222

@@ -226,11 +234,13 @@ public function __invoke(ServerRequest $request): void
226234
}
227235
}
228236

237+
/** @var mixed $newTableStorageEngine */
238+
$newTableStorageEngine = $request->getParsedBodyParam('new_tbl_storage_engine');
229239
if (
230-
! empty($_POST['new_tbl_storage_engine'])
231-
&& mb_strtoupper($_POST['new_tbl_storage_engine']) !== $GLOBALS['tbl_storage_engine']
240+
is_string($newTableStorageEngine) && $newTableStorageEngine !== ''
241+
&& mb_strtoupper($newTableStorageEngine) !== $GLOBALS['tbl_storage_engine']
232242
) {
233-
$GLOBALS['new_tbl_storage_engine'] = mb_strtoupper($_POST['new_tbl_storage_engine']);
243+
$GLOBALS['new_tbl_storage_engine'] = mb_strtoupper($newTableStorageEngine);
234244

235245
if ($pma_table->isEngine('ARIA')) {
236246
$GLOBALS['create_options']['transactional'] = ($GLOBALS['create_options']['transactional'] ?? '')
@@ -267,15 +277,20 @@ public function __invoke(ServerRequest $request): void
267277
$GLOBALS['warning_messages'] = $this->operations->getWarningMessagesArray();
268278
}
269279

270-
if (! empty($_POST['tbl_collation']) && ! empty($_POST['change_all_collations'])) {
280+
/** @var mixed $tableCollationParam */
281+
$tableCollationParam = $request->getParsedBodyParam('tbl_collation');
282+
if (
283+
is_string($tableCollationParam) && $tableCollationParam !== ''
284+
&& $request->getParsedBodyParam('change_all_collations')
285+
) {
271286
$this->operations->changeAllColumnsCollation(
272287
$GLOBALS['db'],
273288
$GLOBALS['table'],
274-
$_POST['tbl_collation']
289+
$tableCollationParam
275290
);
276291
}
277292

278-
if (isset($_POST['tbl_collation']) && empty($_POST['tbl_collation'])) {
293+
if ($tableCollationParam !== null && (! is_string($tableCollationParam) || $tableCollationParam === '')) {
279294
if ($this->response->isAjax()) {
280295
$this->response->setRequestStatus(false);
281296
$this->response->addJSON(
@@ -288,26 +303,38 @@ public function __invoke(ServerRequest $request): void
288303
}
289304
}
290305

306+
/** @var mixed $orderField */
307+
$orderField = $request->getParsedBodyParam('order_field');
308+
291309
/**
292310
* Reordering the table has been requested by the user
293311
*/
294-
if (isset($_POST['submitorderby']) && ! empty($_POST['order_field'])) {
312+
if ($request->hasBodyParam('submitorderby') && is_string($orderField) && $orderField !== '') {
313+
/** @var mixed $orderOrder */
314+
$orderOrder = $request->getParsedBodyParam('order_order');
295315
$GLOBALS['sql_query'] = QueryGenerator::getQueryForReorderingTable(
296316
$GLOBALS['table'],
297-
urldecode($_POST['order_field']),
298-
$_POST['order_order'] ?? null
317+
urldecode($orderField),
318+
is_string($orderOrder) ? $orderOrder : ''
299319
);
300320
$GLOBALS['result'] = $this->dbi->query($GLOBALS['sql_query']);
301321
}
302322

323+
/** @var mixed $partitionOperation */
324+
$partitionOperation = $request->getParsedBodyParam('partition_operation');
325+
303326
/**
304327
* A partition operation has been requested by the user
305328
*/
306-
if (isset($_POST['submit_partition']) && ! empty($_POST['partition_operation'])) {
329+
if (
330+
$request->hasBodyParam('submit_partition') && is_string($partitionOperation) && $partitionOperation !== ''
331+
) {
332+
/** @var mixed $partitionNames */
333+
$partitionNames = $request->getParsedBodyParam('partition_name');
307334
$GLOBALS['sql_query'] = QueryGenerator::getQueryForPartitioningTable(
308335
$GLOBALS['table'],
309-
$_POST['partition_operation'],
310-
$_POST['partition_name']
336+
$partitionOperation,
337+
is_array($partitionNames) ? $partitionNames : []
311338
);
312339
$GLOBALS['result'] = $this->dbi->query($GLOBALS['sql_query']);
313340
}

psalm-baseline.xml

Lines changed: 2 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -3571,9 +3571,6 @@
35713571
</PossiblyInvalidOperand>
35723572
</file>
35733573
<file src="libraries/classes/Controllers/Table/OperationsController.php">
3574-
<InvalidArgument occurrences="1">
3575-
<code>$_POST['partition_name']</code>
3576-
</InvalidArgument>
35773574
<MixedArgument occurrences="7">
35783575
<code>$GLOBALS['create_options']['pack_keys']</code>
35793576
<code>$GLOBALS['create_options']['page_checksum'] ?? ''</code>
@@ -3583,8 +3580,9 @@
35833580
<code>$_message</code>
35843581
<code>$_message</code>
35853582
</MixedArgument>
3586-
<MixedArgumentTypeCoercion occurrences="1">
3583+
<MixedArgumentTypeCoercion occurrences="2">
35873584
<code>$GLOBALS['table_alters']</code>
3585+
<code>is_array($partitionNames) ? $partitionNames : []</code>
35883586
</MixedArgumentTypeCoercion>
35893587
<MixedArrayAccess occurrences="1">
35903588
<code>$GLOBALS['showtable']['Row_format']</code>
@@ -3622,29 +3620,6 @@
36223620
<MixedMethodCall occurrences="1">
36233621
<code>getList</code>
36243622
</MixedMethodCall>
3625-
<PossiblyInvalidArgument occurrences="10">
3626-
<code>$_POST['db']</code>
3627-
<code>$_POST['new_name']</code>
3628-
<code>$_POST['new_name']</code>
3629-
<code>$_POST['new_name']</code>
3630-
<code>$_POST['new_tbl_storage_engine']</code>
3631-
<code>$_POST['new_tbl_storage_engine']</code>
3632-
<code>$_POST['order_field']</code>
3633-
<code>$_POST['order_order'] ?? null</code>
3634-
<code>$_POST['partition_operation']</code>
3635-
<code>$_POST['tbl_collation']</code>
3636-
</PossiblyInvalidArgument>
3637-
<PossiblyInvalidCast occurrences="9">
3638-
<code>$_POST['db']</code>
3639-
<code>$_POST['new_name']</code>
3640-
<code>$_POST['new_name']</code>
3641-
<code>$_POST['new_name']</code>
3642-
<code>$_POST['new_tbl_storage_engine']</code>
3643-
<code>$_POST['new_tbl_storage_engine']</code>
3644-
<code>$_POST['order_field']</code>
3645-
<code>$_POST['partition_operation']</code>
3646-
<code>$_POST['tbl_collation']</code>
3647-
</PossiblyInvalidCast>
36483623
</file>
36493624
<file src="libraries/classes/Controllers/Table/Partition/AnalyzeController.php">
36503625
<MixedArgument occurrences="1">

0 commit comments

Comments
 (0)