From 7ccb38b66aa67db895b24dfca1df1007ef7cc812 Mon Sep 17 00:00:00 2001 From: Sebastian Mendel Date: Thu, 27 Sep 2007 07:38:35 +0000 Subject: [PATCH] superglobalized; do not urldecode; --- tbl_row_action.php | 72 +++++++++++++++++++++++++++++----------------- 1 file changed, 46 insertions(+), 26 deletions(-) diff --git a/tbl_row_action.php b/tbl_row_action.php index 584121412..50626f105 100644 --- a/tbl_row_action.php +++ b/tbl_row_action.php @@ -1,10 +1,19 @@ show again the query and tell that user. */ -if ((!isset($rows_to_delete) || !is_array($rows_to_delete)) && !isset($mult_btn)) { +if (! PMA_isValid($_REQUEST['rows_to_delete'], 'array') + && ! isset($_REQUEST['mult_btn'])) { $disp_message = $strNoRowsSelected; $disp_query = ''; require './sql.php'; require_once './libraries/footer.inc.php'; } -/** - * Drop multiple rows if required - */ - +if (isset($_REQUEST['submit_mult'])) { + $submit_mult = $_REQUEST['submit_mult']; // workaround for IE problem: -if (isset($submit_mult_delete_x)) { +} elseif (isset($_REQUEST['submit_mult_delete_x'])) { $submit_mult = 'row_delete'; -} elseif (isset($submit_mult_change_x)) { +} elseif (isset($_REQUEST['submit_mult_change_x'])) { $submit_mult = 'row_edit'; -} elseif (isset($submit_mult_export_x)) { +} elseif (isset($_REQUEST['submit_mult_export_x'])) { $submit_mult = 'row_export'; } -// garvin: If the 'Ask for confirmation' button was pressed, this can only come from 'delete' mode, -// so we set it straight away. -if (isset($mult_btn)) { +// garvin: If the 'Ask for confirmation' button was pressed, this can only come +// from 'delete' mode, so we set it straight away. +if (isset($_REQUEST['mult_btn'])) { $submit_mult = 'row_delete'; } @@ -75,12 +83,18 @@ require_once './libraries/header.inc.php'; if (!empty($submit_mult)) { switch($submit_mult) { case 'row_edit': + // garvin: As we got the fields to be edited from the 'rows_to_delete' + // checkbox, we use the index of it as the + // indicating primary key. Then we built the array which is used for + // the tbl_change.php script. + /** + * urldecode should not be needed here $primary_key = array(); - // garvin: As we got the fields to be edited from the 'rows_to_delete' checkbox, we use the index of it as the - // indicating primary key. Then we built the array which is used for the tbl_change.php script. - foreach ($rows_to_delete AS $i_primary_key => $del_query) { + foreach ($_REQUEST['rows_to_delete'] as $i_primary_key => $del_query) { $primary_key[] = urldecode($i_primary_key); } + */ + $primary_key = array_keys($_REQUEST['rows_to_delete']); $active_page = 'tbl_change.php'; include './tbl_change.php'; @@ -90,13 +104,19 @@ if (!empty($submit_mult)) { // Needed to allow SQL export $single_table = TRUE; - $primary_key = array(); //$sql_query = urldecode($sql_query); - // garvin: As we got the fields to be edited from the 'rows_to_delete' checkbox, we use the index of it as the - // indicating primary key. Then we built the array which is used for the tbl_change.php script. - foreach ($rows_to_delete AS $i_primary_key => $del_query) { + // garvin: As we got the fields to be edited from the 'rows_to_delete' + // checkbox, we use the index of it as the + // indicating primary key. Then we built the array which is used for + // the tbl_change.php script. + /** + * urldecode should not be needed here + $primary_key = array(); + foreach ($_REQUEST['rows_to_delete'] as $i_primary_key => $del_query) { $primary_key[] = urldecode($i_primary_key); } + */ + $primary_key = array_keys($_REQUEST['rows_to_delete']); $active_page = 'tbl_export.php'; include './tbl_export.php'; @@ -105,21 +125,22 @@ if (!empty($submit_mult)) { case 'row_delete': default: $action = 'tbl_row_action.php'; - $err_url = 'tbl_row_action.php?' . PMA_generate_common_url($db, $table); - if (! isset($mult_btn)) { + $err_url = 'tbl_row_action.php' . PMA_generate_common_url($GLOBALS['url_params']); + if (! isset($_REQUEST['mult_btn'])) { $original_sql_query = $sql_query; $original_url_query = $url_query; } require './libraries/mult_submits.inc.php'; - $url_query = PMA_generate_common_url($db, $table) - . '&goto=tbl_sql.php'; + $_url_params = $GLOBALS['url_params']; + $_url_params['goto'] = 'tbl_sql.php'; + $url_query = PMA_generate_common_url($_url_params); /** * Show result of multi submit operation */ // sql_query is not set when user does not confirm multi-delete - if ((!empty($submit_mult) || isset($mult_btn)) && ! empty($sql_query)) { + if ((!empty($submit_mult) || isset($_REQUEST['mult_btn'])) && ! empty($sql_query)) { $disp_message = $strSuccess; $disp_query = $sql_query; } @@ -134,8 +155,7 @@ if (!empty($submit_mult)) { // this is because sql.php could call tbl_structure // which would think it needs to call mult_submits.inc.php: - unset($submit_mult); - unset($mult_btn); + unset($submit_mult, $_REQUEST['mult_btn']); $active_page = 'sql.php'; require './sql.php'; @@ -144,7 +164,7 @@ if (!empty($submit_mult)) { * Displays the footer */ require_once './libraries/footer.inc.php'; - break; + break; } } ?>