Merge pull request #18636 from MauricioFauth/route-variables

MauricioFauth · web-flow · commit d2a52029c97c · 2023-08-18T22:06:29.000-03:00
Pass route variables as a ServerRequest attribute
diff --git a/libraries/classes/Controllers/Server/ShowEngineController.php b/libraries/classes/Controllers/Server/ShowEngineController.php
@@ -12,45 +12,57 @@
 use PhpMyAdmin\Template;
 use PhpMyAdmin\Url;
 
+use function is_array;
+use function is_string;
+
 /**
  * Displays details about a given Storage Engine.
  */
 final class ShowEngineController extends AbstractController
 {
+    private string $engine = '';
+    private string $page = '';
+
     public function __construct(ResponseRenderer $response, Template $template, private DatabaseInterface $dbi)
     {
         parent::__construct($response, $template);
     }
 
-    /**
-     * @param array $params
-     * @psalm-param array{engine: string, page?: string} $params
-     */
-    public function __invoke(ServerRequest $request, array $params): void
+    public function __invoke(ServerRequest $request): void
     {
+        $this->setEngineAndPageProperties($request->getAttribute('routeVars'));
+
         $GLOBALS['errorUrl'] = Url::getFromRoute('/');
 
         if ($this->dbi->isSuperUser()) {
             $this->dbi->selectDb('mysql');
         }
 
-        $page = $params['page'] ?? '';
-
         $engine = [];
-        if (StorageEngine::isValid($params['engine'])) {
-            $storageEngine = StorageEngine::getEngine($params['engine']);
+        if (StorageEngine::isValid($this->engine)) {
+            $storageEngine = StorageEngine::getEngine($this->engine);
             $engine = [
-                'engine' => $params['engine'],
+                'engine' => $this->engine,
                 'title' => $storageEngine->getTitle(),
                 'help_page' => $storageEngine->getMysqlHelpPage(),
                 'comment' => $storageEngine->getComment(),
                 'info_pages' => $storageEngine->getInfoPages(),
                 'support' => $storageEngine->getSupportInformationMessage(),
                 'variables' => $storageEngine->getHtmlVariables(),
-                'page' => ! empty($page) ? $storageEngine->getPage($page) : '',
+                'page' => $this->page !== '' ? $storageEngine->getPage($this->page) : '',
             ];
         }
 
-        $this->render('server/engines/show', ['engine' => $engine, 'page' => $page]);
+        $this->render('server/engines/show', ['engine' => $engine, 'page' => $this->page]);
+    }
+
+    private function setEngineAndPageProperties(mixed $routeVars): void
+    {
+        if (! is_array($routeVars)) {
+            return;
+        }
+
+        $this->engine = isset($routeVars['engine']) && is_string($routeVars['engine']) ? $routeVars['engine'] : '';
+        $this->page = isset($routeVars['page']) && is_string($routeVars['page']) ? $routeVars['page'] : '';
     }
 }
diff --git a/libraries/classes/Controllers/Server/Status/Processes/KillController.php b/libraries/classes/Controllers/Server/Status/Processes/KillController.php
@@ -13,6 +13,8 @@
 use PhpMyAdmin\Template;
 
 use function __;
+use function is_array;
+use function is_numeric;
 
 final class KillController extends AbstractController
 {
@@ -25,15 +27,14 @@ public function __construct(
         parent::__construct($response, $template, $data);
     }
 
-    /** @param mixed[] $params Request parameters */
-    public function __invoke(ServerRequest $request, array $params): void
+    public function __invoke(ServerRequest $request): void
     {
         if (! $request->isAjax()) {
             return;
         }
 
-        $kill = (int) $params['id'];
-        $query = $this->dbi->getKillQuery($kill);
+        $processId = $this->getProcessId($request->getAttribute('routeVars'));
+        $query = $this->dbi->getKillQuery($processId);
 
         if ($this->dbi->tryQuery($query)) {
             $message = Message::success(
@@ -49,8 +50,17 @@ public function __invoke(ServerRequest $request, array $params): void
             $this->response->setRequestStatus(false);
         }
 
-        $message->addParam($kill);
+        $message->addParam($processId);
 
         $this->response->addJSON(['message' => $message]);
     }
+
+    private function getProcessId(mixed $routeVars): int
+    {
+        if (is_array($routeVars) && isset($routeVars['id']) && is_numeric($routeVars['id'])) {
+            return (int) $routeVars['id'];
+        }
+
+        return 0;
+    }
 }
diff --git a/libraries/classes/Controllers/Server/Variables/GetVariableController.php b/libraries/classes/Controllers/Server/Variables/GetVariableController.php
@@ -13,6 +13,8 @@
 use PhpMyAdmin\Util;
 
 use function implode;
+use function is_array;
+use function is_string;
 
 final class GetVariableController extends AbstractController
 {
@@ -21,24 +23,25 @@ public function __construct(ResponseRenderer $response, Template $template, priv
         parent::__construct($response, $template);
     }
 
-    /** @param mixed[] $params Request parameters */
-    public function __invoke(ServerRequest $request, array $params): void
+    public function __invoke(ServerRequest $request): void
     {
         if (! $request->isAjax()) {
             return;
         }
 
+        $name = $this->getName($request->getAttribute('routeVars'));
+
         // Send with correct charset
         $this->response->addHeader('Content-Type', 'text/html; charset=UTF-8');
         $varValue = $this->dbi->fetchSingleRow(
             'SHOW GLOBAL VARIABLES WHERE Variable_name='
-            . $this->dbi->quoteString($params['name']) . ';',
+            . $this->dbi->quoteString($name) . ';',
             DatabaseInterface::FETCH_NUM,
         );
 
         $json = ['message' => $varValue[1]];
 
-        $variableType = ServerVariablesProvider::getImplementation()->getVariableType($params['name']);
+        $variableType = ServerVariablesProvider::getImplementation()->getVariableType($name);
 
         if ($variableType === 'byte') {
             /** @var string[] $bytes */
@@ -48,4 +51,13 @@ public function __invoke(ServerRequest $request, array $params): void
 
         $this->response->addJSON($json);
     }
+
+    private function getName(mixed $routeVars): string
+    {
+        if (is_array($routeVars) && isset($routeVars['name']) && is_string($routeVars['name'])) {
+            return $routeVars['name'];
+        }
+
+        return '';
+    }
 }
diff --git a/libraries/classes/Controllers/Server/Variables/SetVariableController.php b/libraries/classes/Controllers/Server/Variables/SetVariableController.php
@@ -15,7 +15,9 @@
 use function __;
 use function htmlspecialchars;
 use function implode;
+use function is_array;
 use function is_numeric;
+use function is_string;
 use function mb_strtolower;
 use function preg_match;
 use function trim;
@@ -29,17 +31,15 @@ public function __construct(ResponseRenderer $response, Template $template, priv
 
     /**
      * Handle the AJAX request for setting value for a single variable
-     *
-     * @param mixed[] $vars Request parameters
      */
-    public function __invoke(ServerRequest $request, array $vars): void
+    public function __invoke(ServerRequest $request): void
     {
         if (! $request->isAjax()) {
             return;
         }
 
         $value = (string) $request->getParsedBodyParam('varValue');
-        $variableName = (string) $vars['name'];
+        $variableName = $this->getName($request->getAttribute('routeVars'));
         $matches = [];
         $variableType = ServerVariablesProvider::getImplementation()->getVariableType($variableName);
 
@@ -118,4 +118,13 @@ private function formatVariable(string $name, int|string $value): array
 
         return [$formattedValue, $isHtmlFormatted];
     }
+
+    private function getName(mixed $routeVars): string
+    {
+        if (is_array($routeVars) && isset($routeVars['name']) && is_string($routeVars['name'])) {
+            return $routeVars['name'];
+        }
+
+        return '';
+    }
 }
diff --git a/libraries/classes/Routing/Routing.php b/libraries/classes/Routing/Routing.php
@@ -162,13 +162,11 @@ public static function callControllerForRoute(
 
         /** @psalm-var class-string $controllerName */
         $controllerName = $routeInfo[1];
-        /** @var array<string, string> $vars */
-        $vars = $routeInfo[2];
 
-        /** @psalm-var callable(ServerRequest=, array<string, string>=): (Response|null) $controller */
+        /** @psalm-var callable(ServerRequest): (Response|null) $controller */
         $controller = $container->get($controllerName);
 
-        return $controller($request, $vars);
+        return $controller($request->withAttribute('routeVars', $routeInfo[2]));
     }
 
     /** @psalm-assert-if-true array[] $dispatchData */
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
@@ -5865,11 +5865,6 @@ parameters:
 			count: 1
 			path: libraries/classes/Controllers/Server/ReplicationController.php
 
-		-
-			message: "#^Construct empty\\(\\) is not allowed\\. Use more strict comparison\\.$#"
-			count: 1
-			path: libraries/classes/Controllers/Server/ShowEngineController.php
-
 		-
 			message: "#^Parameter \\#1 \\$requiredData of method PhpMyAdmin\\\\Server\\\\Status\\\\Monitor\\:\\:getJsonForChartingData\\(\\) expects string, mixed given\\.$#"
 			count: 1
@@ -5905,11 +5900,6 @@ parameters:
 			count: 2
 			path: libraries/classes/Controllers/Server/Status/Monitor/SlowLogController.php
 
-		-
-			message: "#^Cannot cast mixed to int\\.$#"
-			count: 1
-			path: libraries/classes/Controllers/Server/Status/Processes/KillController.php
-
 		-
 			message: "#^Only booleans are allowed in an if condition, PhpMyAdmin\\\\Dbal\\\\ResultInterface\\|false given\\.$#"
 			count: 1
@@ -6025,24 +6015,14 @@ parameters:
 			count: 2
 			path: libraries/classes/Controllers/Server/Variables/GetVariableController.php
 
-		-
-			message: "#^Parameter \\#1 \\$name of method PhpMyAdmin\\\\Providers\\\\ServerVariables\\\\ServerVariablesProviderInterface\\:\\:getVariableType\\(\\) expects string, mixed given\\.$#"
-			count: 1
-			path: libraries/classes/Controllers/Server/Variables/GetVariableController.php
-
-		-
-			message: "#^Parameter \\#1 \\$str of method PhpMyAdmin\\\\DatabaseInterface\\:\\:quoteString\\(\\) expects string, mixed given\\.$#"
-			count: 1
-			path: libraries/classes/Controllers/Server/Variables/GetVariableController.php
-
 		-
 			message: "#^Parameter \\#1 \\$value of static method PhpMyAdmin\\\\Util\\:\\:formatByteDown\\(\\) expects float\\|int\\|string\\|null, mixed given\\.$#"
 			count: 1
 			path: libraries/classes/Controllers/Server/Variables/GetVariableController.php
 
 		-
 			message: "#^Cannot cast mixed to string\\.$#"
-			count: 2
+			count: 1
 			path: libraries/classes/Controllers/Server/Variables/SetVariableController.php
 
 		-
diff --git a/psalm-baseline.xml b/psalm-baseline.xml
@@ -2701,11 +2701,6 @@
       <code>__construct</code>
     </PossiblyUnusedMethod>
   </file>
-  <file src="libraries/classes/Controllers/Server/ShowEngineController.php">
-    <UnusedParam>
-      <code>$request</code>
-    </UnusedParam>
-  </file>
   <file src="libraries/classes/Controllers/Server/SqlController.php">
     <InvalidArrayOffset>
       <code><![CDATA[$GLOBALS['errorUrl']]]></code>
@@ -2921,8 +2916,6 @@
   </file>
   <file src="libraries/classes/Controllers/Server/Variables/GetVariableController.php">
     <MixedArgument>
-      <code><![CDATA[$params['name']]]></code>
-      <code><![CDATA[$params['name']]]></code>
       <code>$varValue[1]</code>
     </MixedArgument>
     <PossiblyNullArrayAccess>
diff --git a/test/classes/Controllers/Server/ShowEngineControllerTest.php b/test/classes/Controllers/Server/ShowEngineControllerTest.php
@@ -7,7 +7,7 @@
 use PhpMyAdmin\Controllers\Server\ShowEngineController;
 use PhpMyAdmin\DatabaseInterface;
 use PhpMyAdmin\Html\MySQLDocumentation;
-use PhpMyAdmin\Http\ServerRequest;
+use PhpMyAdmin\Http\Factory\ServerRequestFactory;
 use PhpMyAdmin\StorageEngine;
 use PhpMyAdmin\Template;
 use PhpMyAdmin\Tests\AbstractTestCase;
@@ -48,13 +48,11 @@ public function testShowEngine(): void
         $GLOBALS['cfg']['Server']['DisableIS'] = false;
 
         $response = new ResponseRenderer();
-        $request = $this->createMock(ServerRequest::class);
         $this->dummyDbi->addSelectDb('mysql');
+        $request = ServerRequestFactory::create()->createServerRequest('GET', 'http://example.com/')
+            ->withAttribute('routeVars', ['engine' => 'Pbxt', 'page' => 'page']);
 
-        (new ShowEngineController($response, new Template(), DatabaseInterface::getInstance()))($request, [
-            'engine' => 'Pbxt',
-            'page' => 'page',
-        ]);
+        (new ShowEngineController($response, new Template(), DatabaseInterface::getInstance()))($request);
 
         $this->dummyDbi->assertAllSelectsConsumed();
         $actual = $response->getHTMLResult();

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,8 @@`
`13`	`13`	`use PhpMyAdmin\Template;`
`14`	`14`
`15`	`15`	`use function __;`
	`16`	`+use function is_array;`
	`17`	`+use function is_numeric;`
`16`	`18`
`17`	`19`	`final class KillController extends AbstractController`
`18`	`20`	`{`
`@@ -25,15 +27,14 @@ public function __construct(`
`25`	`27`	`parent::__construct($response, $template, $data);`
`26`	`28`	`}`
`27`	`29`
`28`		`- /** @param mixed[] $params Request parameters */`
`29`		`- public function __invoke(ServerRequest $request, array $params): void`
	`30`	`+ public function __invoke(ServerRequest $request): void`
`30`	`31`	`{`
`31`	`32`	`if (! $request->isAjax()) {`
`32`	`33`	`return;`
`33`	`34`	`}`
`34`	`35`
`35`		`- $kill = (int) $params['id'];`
`36`		`- $query = $this->dbi->getKillQuery($kill);`
	`36`	`+ $processId = $this->getProcessId($request->getAttribute('routeVars'));`
	`37`	`+ $query = $this->dbi->getKillQuery($processId);`
`37`	`38`
`38`	`39`	`if ($this->dbi->tryQuery($query)) {`
`39`	`40`	`$message = Message::success(`
`@@ -49,8 +50,17 @@ public function __invoke(ServerRequest $request, array $params): void`
`49`	`50`	`$this->response->setRequestStatus(false);`
`50`	`51`	`}`
`51`	`52`
`52`		`- $message->addParam($kill);`
	`53`	`+ $message->addParam($processId);`
`53`	`54`
`54`	`55`	`$this->response->addJSON(['message' => $message]);`
`55`	`56`	`}`
	`57`	`+`
	`58`	`+ private function getProcessId(mixed $routeVars): int`
	`59`	`+ {`
	`60`	`+ if (is_array($routeVars) && isset($routeVars['id']) && is_numeric($routeVars['id'])) {`
	`61`	`+ return (int) $routeVars['id'];`
	`62`	`+ }`
	`63`	`+`
	`64`	`+ return 0;`
	`65`	`+ }`
`56`	`66`	`}`