superglobalized;
do not urldecode;
This commit is contained in:
Sebastian Mendel
@@ -1,10 +1,19 @@
|
||||
<?php
|
||||
/* vim: set expandtab sw=4 ts=4 sts=4: */
|
||||
/**
|
||||
* handle row specifc actions like edit, delete, export
|
||||
*
|
||||
* @version $Id$
|
||||
*/
|
||||
|
||||
|
||||
/**
|
||||
* do not globalize/import request variables
|
||||
* can only be enabled if all included files are switched superglobals too
|
||||
* but leave this here to show that this file is 'superglobalized'
|
||||
define('PMA_NO_VARIABLES_IMPORT', true);
|
||||
*/
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
@@ -14,29 +23,28 @@ require_once './libraries/mysql_charsets.lib.php';
|
||||
/**
|
||||
* No rows were selected => show again the query and tell that user.
|
||||
*/
|
||||
if ((!isset($rows_to_delete) || !is_array($rows_to_delete)) && !isset($mult_btn)) {
|
||||
if (! PMA_isValid($_REQUEST['rows_to_delete'], 'array')
|
||||
&& ! isset($_REQUEST['mult_btn'])) {
|
||||
$disp_message = $strNoRowsSelected;
|
||||
$disp_query = '';
|
||||
require './sql.php';
|
||||
require_once './libraries/footer.inc.php';
|
||||
}
|
||||
|
||||
/**
|
||||
* Drop multiple rows if required
|
||||
*/
|
||||
|
||||
if (isset($_REQUEST['submit_mult'])) {
|
||||
$submit_mult = $_REQUEST['submit_mult'];
|
||||
// workaround for IE problem:
|
||||
if (isset($submit_mult_delete_x)) {
|
||||
} elseif (isset($_REQUEST['submit_mult_delete_x'])) {
|
||||
$submit_mult = 'row_delete';
|
||||
} elseif (isset($submit_mult_change_x)) {
|
||||
} elseif (isset($_REQUEST['submit_mult_change_x'])) {
|
||||
$submit_mult = 'row_edit';
|
||||
} elseif (isset($submit_mult_export_x)) {
|
||||
} elseif (isset($_REQUEST['submit_mult_export_x'])) {
|
||||
$submit_mult = 'row_export';
|
||||
}
|
||||
|
||||
// garvin: If the 'Ask for confirmation' button was pressed, this can only come from 'delete' mode,
|
||||
// so we set it straight away.
|
||||
if (isset($mult_btn)) {
|
||||
// garvin: If the 'Ask for confirmation' button was pressed, this can only come
|
||||
// from 'delete' mode, so we set it straight away.
|
||||
if (isset($_REQUEST['mult_btn'])) {
|
||||
$submit_mult = 'row_delete';
|
||||
}
|
||||
|
||||
@@ -75,12 +83,18 @@ require_once './libraries/header.inc.php';
|
||||
if (!empty($submit_mult)) {
|
||||
switch($submit_mult) {
|
||||
case 'row_edit':
|
||||
// garvin: As we got the fields to be edited from the 'rows_to_delete'
|
||||
// checkbox, we use the index of it as the
|
||||
// indicating primary key. Then we built the array which is used for
|
||||
// the tbl_change.php script.
|
||||
/**
|
||||
* urldecode should not be needed here
|
||||
$primary_key = array();
|
||||
// garvin: As we got the fields to be edited from the 'rows_to_delete' checkbox, we use the index of it as the
|
||||
// indicating primary key. Then we built the array which is used for the tbl_change.php script.
|
||||
foreach ($rows_to_delete AS $i_primary_key => $del_query) {
|
||||
foreach ($_REQUEST['rows_to_delete'] as $i_primary_key => $del_query) {
|
||||
$primary_key[] = urldecode($i_primary_key);
|
||||
}
|
||||
*/
|
||||
$primary_key = array_keys($_REQUEST['rows_to_delete']);
|
||||
|
||||
$active_page = 'tbl_change.php';
|
||||
include './tbl_change.php';
|
||||
@@ -90,13 +104,19 @@ if (!empty($submit_mult)) {
|
||||
// Needed to allow SQL export
|
||||
$single_table = TRUE;
|
||||
|
||||
$primary_key = array();
|
||||
//$sql_query = urldecode($sql_query);
|
||||
// garvin: As we got the fields to be edited from the 'rows_to_delete' checkbox, we use the index of it as the
|
||||
// indicating primary key. Then we built the array which is used for the tbl_change.php script.
|
||||
foreach ($rows_to_delete AS $i_primary_key => $del_query) {
|
||||
// garvin: As we got the fields to be edited from the 'rows_to_delete'
|
||||
// checkbox, we use the index of it as the
|
||||
// indicating primary key. Then we built the array which is used for
|
||||
// the tbl_change.php script.
|
||||
/**
|
||||
* urldecode should not be needed here
|
||||
$primary_key = array();
|
||||
foreach ($_REQUEST['rows_to_delete'] as $i_primary_key => $del_query) {
|
||||
$primary_key[] = urldecode($i_primary_key);
|
||||
}
|
||||
*/
|
||||
$primary_key = array_keys($_REQUEST['rows_to_delete']);
|
||||
|
||||
$active_page = 'tbl_export.php';
|
||||
include './tbl_export.php';
|
||||
@@ -105,21 +125,22 @@ if (!empty($submit_mult)) {
|
||||
case 'row_delete':
|
||||
default:
|
||||
$action = 'tbl_row_action.php';
|
||||
$err_url = 'tbl_row_action.php?' . PMA_generate_common_url($db, $table);
|
||||
if (! isset($mult_btn)) {
|
||||
$err_url = 'tbl_row_action.php' . PMA_generate_common_url($GLOBALS['url_params']);
|
||||
if (! isset($_REQUEST['mult_btn'])) {
|
||||
$original_sql_query = $sql_query;
|
||||
$original_url_query = $url_query;
|
||||
}
|
||||
require './libraries/mult_submits.inc.php';
|
||||
$url_query = PMA_generate_common_url($db, $table)
|
||||
. '&goto=tbl_sql.php';
|
||||
$_url_params = $GLOBALS['url_params'];
|
||||
$_url_params['goto'] = 'tbl_sql.php';
|
||||
$url_query = PMA_generate_common_url($_url_params);
|
||||
|
||||
|
||||
/**
|
||||
* Show result of multi submit operation
|
||||
*/
|
||||
// sql_query is not set when user does not confirm multi-delete
|
||||
if ((!empty($submit_mult) || isset($mult_btn)) && ! empty($sql_query)) {
|
||||
if ((!empty($submit_mult) || isset($_REQUEST['mult_btn'])) && ! empty($sql_query)) {
|
||||
$disp_message = $strSuccess;
|
||||
$disp_query = $sql_query;
|
||||
}
|
||||
@@ -134,8 +155,7 @@ if (!empty($submit_mult)) {
|
||||
|
||||
// this is because sql.php could call tbl_structure
|
||||
// which would think it needs to call mult_submits.inc.php:
|
||||
unset($submit_mult);
|
||||
unset($mult_btn);
|
||||
unset($submit_mult, $_REQUEST['mult_btn']);
|
||||
|
||||
$active_page = 'sql.php';
|
||||
require './sql.php';
|
||||
|
||||
Reference in New Issue
Block a user