Skip to content

Commit c4a5440

Browse files
MauricioFauthMauricioFauth
committed
Refactor ConfigStorage\RelationCleanup::column()
- Replaces escapeString() with quoteString() Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
1 parent 06733a8 commit c4a5440

3 files changed

Lines changed: 79 additions & 92 deletions

File tree

libraries/classes/ConfigStorage/RelationCleanup.php

Lines changed: 47 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@
77
use PhpMyAdmin\DatabaseInterface;
88
use PhpMyAdmin\Util;
99

10+
use function sprintf;
11+
1012
/**
1113
* Set of functions used for cleaning up phpMyAdmin tables
1214
*/
@@ -30,59 +32,60 @@ public function __construct(public $dbi, Relation $relation)
3032
* @param string $table table name
3133
* @param string $column column name
3234
*/
33-
public function column($db, $table, $column): void
35+
public function column(string $db, string $table, string $column): void
3436
{
3537
$relationParameters = $this->relation->getRelationParameters();
36-
37-
if ($relationParameters->columnCommentsFeature !== null) {
38-
$remove_query = 'DELETE FROM '
39-
. Util::backquote($relationParameters->columnCommentsFeature->database)
40-
. '.' . Util::backquote($relationParameters->columnCommentsFeature->columnInfo)
41-
. ' WHERE db_name = \'' . $this->dbi->escapeString($db) . '\''
42-
. ' AND table_name = \'' . $this->dbi->escapeString($table)
43-
. '\''
44-
. ' AND column_name = \'' . $this->dbi->escapeString($column)
45-
. '\'';
46-
$this->dbi->queryAsControlUser($remove_query);
38+
$columnCommentsFeature = $relationParameters->columnCommentsFeature;
39+
$displayFeature = $relationParameters->displayFeature;
40+
$relationFeature = $relationParameters->relationFeature;
41+
42+
if ($columnCommentsFeature !== null) {
43+
$statement = sprintf(
44+
'DELETE FROM %s.%s WHERE db_name = %s AND table_name = %s AND column_name = %s',
45+
Util::backquote($columnCommentsFeature->database),
46+
Util::backquote($columnCommentsFeature->columnInfo),
47+
$this->dbi->quoteString($db),
48+
$this->dbi->quoteString($table),
49+
$this->dbi->quoteString($column),
50+
);
51+
$this->dbi->queryAsControlUser($statement);
4752
}
4853

49-
if ($relationParameters->displayFeature !== null) {
50-
$remove_query = 'DELETE FROM '
51-
. Util::backquote($relationParameters->displayFeature->database)
52-
. '.' . Util::backquote($relationParameters->displayFeature->tableInfo)
53-
. ' WHERE db_name = \'' . $this->dbi->escapeString($db) . '\''
54-
. ' AND table_name = \'' . $this->dbi->escapeString($table)
55-
. '\''
56-
. ' AND display_field = \'' . $this->dbi->escapeString($column)
57-
. '\'';
58-
$this->dbi->queryAsControlUser($remove_query);
54+
if ($displayFeature !== null) {
55+
$statement = sprintf(
56+
'DELETE FROM %s.%s WHERE db_name = %s AND table_name = %s AND display_field = %s',
57+
Util::backquote($displayFeature->database),
58+
Util::backquote($displayFeature->tableInfo),
59+
$this->dbi->quoteString($db),
60+
$this->dbi->quoteString($table),
61+
$this->dbi->quoteString($column),
62+
);
63+
$this->dbi->queryAsControlUser($statement);
5964
}
6065

61-
if ($relationParameters->relationFeature === null) {
66+
if ($relationFeature === null) {
6267
return;
6368
}
6469

65-
$remove_query = 'DELETE FROM '
66-
. Util::backquote($relationParameters->relationFeature->database)
67-
. '.' . Util::backquote($relationParameters->relationFeature->relation)
68-
. ' WHERE master_db = \'' . $this->dbi->escapeString($db)
69-
. '\''
70-
. ' AND master_table = \'' . $this->dbi->escapeString($table)
71-
. '\''
72-
. ' AND master_field = \'' . $this->dbi->escapeString($column)
73-
. '\'';
74-
$this->dbi->queryAsControlUser($remove_query);
75-
76-
$remove_query = 'DELETE FROM '
77-
. Util::backquote($relationParameters->relationFeature->database)
78-
. '.' . Util::backquote($relationParameters->relationFeature->relation)
79-
. ' WHERE foreign_db = \'' . $this->dbi->escapeString($db)
80-
. '\''
81-
. ' AND foreign_table = \'' . $this->dbi->escapeString($table)
82-
. '\''
83-
. ' AND foreign_field = \'' . $this->dbi->escapeString($column)
84-
. '\'';
85-
$this->dbi->queryAsControlUser($remove_query);
70+
$statement = sprintf(
71+
'DELETE FROM %s.%s WHERE master_db = %s AND master_table = %s AND master_field = %s',
72+
Util::backquote($relationFeature->database),
73+
Util::backquote($relationFeature->relation),
74+
$this->dbi->quoteString($db),
75+
$this->dbi->quoteString($table),
76+
$this->dbi->quoteString($column),
77+
);
78+
$this->dbi->queryAsControlUser($statement);
79+
80+
$statement = sprintf(
81+
'DELETE FROM %s.%s WHERE foreign_db = %s AND foreign_table = %s AND foreign_field = %s',
82+
Util::backquote($relationFeature->database),
83+
Util::backquote($relationFeature->relation),
84+
$this->dbi->quoteString($db),
85+
$this->dbi->quoteString($table),
86+
$this->dbi->quoteString($column),
87+
);
88+
$this->dbi->queryAsControlUser($statement);
8689
}
8790

8891
/**

psalm-baseline.xml

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1416,18 +1416,6 @@
14161416
<code>escapeString</code>
14171417
<code>escapeString</code>
14181418
<code>escapeString</code>
1419-
<code>escapeString</code>
1420-
<code>escapeString</code>
1421-
<code>escapeString</code>
1422-
<code>escapeString</code>
1423-
<code>escapeString</code>
1424-
<code>escapeString</code>
1425-
<code>escapeString</code>
1426-
<code>escapeString</code>
1427-
<code>escapeString</code>
1428-
<code>escapeString</code>
1429-
<code>escapeString</code>
1430-
<code>escapeString</code>
14311419
</DeprecatedMethod>
14321420
</file>
14331421
<file src="libraries/classes/ConfigStorage/UserGroups.php">
@@ -4147,7 +4135,6 @@
41474135
</file>
41484136
<file src="libraries/classes/Controllers/Table/DropColumnController.php">
41494137
<MixedArgument>
4150-
<code>$field</code>
41514138
<code>$field</code>
41524139
<code><![CDATA[$message->getMessage()]]></code>
41534140
</MixedArgument>
@@ -16250,7 +16237,6 @@
1625016237
<code>withConsecutive</code>
1625116238
<code>withConsecutive</code>
1625216239
<code>withConsecutive</code>
16253-
<code>withConsecutive</code>
1625416240
</DeprecatedMethod>
1625516241
</file>
1625616242
<file src="test/classes/ConfigStorage/RelationTest.php">

test/classes/ConfigStorage/RelationCleanupTest.php

Lines changed: 32 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
use PhpMyAdmin\ConfigStorage\RelationCleanup;
99
use PhpMyAdmin\ConfigStorage\RelationParameters;
1010
use PhpMyAdmin\DatabaseInterface;
11+
use PhpMyAdmin\Dbal\ResultInterface;
1112
use PhpMyAdmin\Tests\AbstractTestCase;
1213

1314
/**
@@ -25,8 +26,8 @@ public function testColumnWithoutRelations(): void
2526

2627
public function testColumnWithRelations(): void
2728
{
28-
$_SESSION['relation'] = [];
29-
$_SESSION['relation'][$GLOBALS['server']] = RelationParameters::fromArray([
29+
$relation = $this->createStub(Relation::class);
30+
$relation->method('getRelationParameters')->willReturn(RelationParameters::fromArray([
3031
'user' => 'user',
3132
'db' => 'pmadb',
3233
'commwork' => true,
@@ -35,39 +36,36 @@ public function testColumnWithRelations(): void
3536
'relation' => 'relation',
3637
'table_info' => 'table_info',
3738
'column_info' => 'column_info',
38-
])->toArray();
39-
40-
$dbi = $this->createPartialMock(DatabaseInterface::class, ['queryAsControlUser']);
41-
$dbi->expects($this->exactly(4))
42-
->method('queryAsControlUser')
43-
->withConsecutive(
44-
[
45-
$this->equalTo(
46-
"DELETE FROM `pmadb`.`column_info` WHERE db_name = 'database' AND"
47-
. " table_name = 'table' AND column_name = 'column'"
48-
),
49-
],
50-
[
51-
$this->equalTo(
52-
"DELETE FROM `pmadb`.`table_info` WHERE db_name = 'database' AND"
53-
. " table_name = 'table' AND display_field = 'column'"
54-
),
55-
],
56-
[
57-
$this->equalTo(
58-
"DELETE FROM `pmadb`.`relation` WHERE master_db = 'database' AND"
59-
. " master_table = 'table' AND master_field = 'column'"
60-
),
61-
],
62-
[
63-
$this->equalTo(
64-
"DELETE FROM `pmadb`.`relation` WHERE foreign_db = 'database' AND"
65-
. " foreign_table = 'table' AND foreign_field = 'column'"
66-
),
67-
]
68-
);
39+
]));
6940

70-
(new RelationCleanup($dbi, new Relation($dbi)))->column('database', 'table', 'column');
41+
$dbi = $this->createMock(DatabaseInterface::class);
42+
$dbi->expects($this->any())->method('quoteString')
43+
->will($this->returnCallback(static fn (string $string): string => "'" . $string . "'"));
44+
$result = $this->createStub(ResultInterface::class);
45+
$dbi->expects($this->exactly(4))->method('queryAsControlUser')->willReturnMap([
46+
[
47+
"DELETE FROM `pmadb`.`column_info` WHERE db_name = 'database' AND"
48+
. " table_name = 'table' AND column_name = 'column'",
49+
$result,
50+
],
51+
[
52+
"DELETE FROM `pmadb`.`table_info` WHERE db_name = 'database' AND"
53+
. " table_name = 'table' AND display_field = 'column'",
54+
$result,
55+
],
56+
[
57+
"DELETE FROM `pmadb`.`relation` WHERE master_db = 'database' AND"
58+
. " master_table = 'table' AND master_field = 'column'",
59+
$result,
60+
],
61+
[
62+
"DELETE FROM `pmadb`.`relation` WHERE foreign_db = 'database' AND"
63+
. " foreign_table = 'table' AND foreign_field = 'column'",
64+
$result,
65+
],
66+
]);
67+
68+
(new RelationCleanup($dbi, $relation))->column('database', 'table', 'column');
7169
}
7270

7371
public function testTableWithoutRelations(): void

0 commit comments

Comments
 (0)