3 declare(strict_types
=1);
5 namespace PhpMyAdmin\Controllers\Table
;
7 use PhpMyAdmin\ConfigStorage\Relation
;
8 use PhpMyAdmin\Controllers\AbstractController
;
9 use PhpMyAdmin\Controllers\Database\SqlController
as DatabaseSqlController
;
10 use PhpMyAdmin\Controllers\Sql\SqlController
;
11 use PhpMyAdmin\Controllers\Table\SqlController
as TableSqlController
;
13 use PhpMyAdmin\DatabaseInterface
;
15 use PhpMyAdmin\Html\Generator
;
16 use PhpMyAdmin\InsertEdit
;
17 use PhpMyAdmin\Message
;
18 use PhpMyAdmin\Plugins\IOTransformationsPlugin
;
19 use PhpMyAdmin\ResponseRenderer
;
21 use PhpMyAdmin\Template
;
22 use PhpMyAdmin\Transformations
;
26 use function array_keys
;
27 use function array_values
;
28 use function class_exists
;
31 use function in_array
;
33 use function is_numeric
;
34 use function method_exists
;
35 use function parse_str
;
39 * Manipulation of table data like inserting, replacing and updating.
41 final class ReplaceController
extends AbstractController
43 /** @var InsertEdit */
46 /** @var Transformations */
47 private $transformations;
52 /** @var DatabaseInterface */
55 public function __construct(
56 ResponseRenderer
$response,
58 InsertEdit
$insertEdit,
59 Transformations
$transformations,
61 DatabaseInterface
$dbi
63 parent
::__construct($response, $template);
64 $this->insertEdit
= $insertEdit;
65 $this->transformations
= $transformations;
66 $this->relation
= $relation;
70 public function __invoke(): void
72 Util
::checkParameters(['db', 'table', 'goto']);
74 $this->dbi
->selectDb($GLOBALS['db']);
77 * Initializes some variables
79 $GLOBALS['goto_include'] = false;
81 $this->addScriptFiles([
83 'vendor/stickyfill.min.js',
89 $insertRows = $_POST['insert_rows'] ??
null;
90 if (is_numeric($insertRows) && $insertRows != $GLOBALS['cfg']['InsertRows']) {
91 // check whether insert row mode, if so include /table/change
92 $this->addScriptFiles([
93 'vendor/jquery/additional-methods.js',
96 $GLOBALS['cfg']['InsertRows'] = $_POST['insert_rows'];
97 /** @var ChangeController $controller */
98 $controller = $GLOBALS['containerBuilder']->get(ChangeController
::class);
104 $after_insert_actions = [
109 if (isset($_POST['after_insert']) && in_array($_POST['after_insert'], $after_insert_actions)) {
110 $GLOBALS['urlParams']['after_insert'] = $_POST['after_insert'];
111 if (isset($_POST['where_clause'])) {
112 foreach ($_POST['where_clause'] as $one_where_clause) {
113 if ($_POST['after_insert'] === 'same_insert') {
114 $GLOBALS['urlParams']['where_clause'][] = $one_where_clause;
115 } elseif ($_POST['after_insert'] === 'edit_next') {
116 $this->insertEdit
->setSessionForEditNext($one_where_clause);
122 //get $goto_include for different cases
123 $GLOBALS['goto_include'] = $this->insertEdit
->getGotoInclude($GLOBALS['goto_include']);
125 // Defines the url to return in case of failure of the query
126 $GLOBALS['errorUrl'] = $this->insertEdit
->getErrorUrl($GLOBALS['urlParams']);
129 * Prepares the update/insert of a row
132 $GLOBALS['loop_array'],
133 $GLOBALS['using_key'],
134 $GLOBALS['is_insert'],
135 $GLOBALS['is_insertignore'],
136 ] = $this->insertEdit
->getParamsForUpdateOrInsert();
138 $GLOBALS['query'] = [];
139 $GLOBALS['value_sets'] = [];
140 $GLOBALS['func_no_param'] = [
162 $GLOBALS['func_optional_param'] = [
167 $GLOBALS['gis_from_text_functions'] = [
177 $GLOBALS['gis_from_wkb_functions'] = [
187 if ($this->dbi
->getVersion() >= 50600) {
188 $GLOBALS['gis_from_text_functions'] = [
190 'ST_GeomCollFromText',
198 $GLOBALS['gis_from_wkb_functions'] = [
200 'ST_GeomCollFromWKB',
210 $GLOBALS['mime_map'] = $this->transformations
->getMime($GLOBALS['db'], $GLOBALS['table']);
211 if ($GLOBALS['mime_map'] === null) {
212 $GLOBALS['mime_map'] = [];
215 $GLOBALS['query_fields'] = [];
216 $GLOBALS['insert_errors'] = [];
217 $GLOBALS['row_skipped'] = false;
218 $GLOBALS['unsaved_values'] = [];
219 foreach ($GLOBALS['loop_array'] as $rownumber => $where_clause) {
220 // skip fields to be ignored
221 if (! $GLOBALS['using_key'] && isset($_POST['insert_ignore_' . $where_clause])) {
225 // Defines the SET part of the sql query
226 $GLOBALS['query_values'] = [];
228 // Map multi-edit keys to single-level arrays, dependent on how we got the fields
229 $multi_edit_columns = $_POST['fields']['multi_edit'][$rownumber] ??
[];
230 $multi_edit_columns_name = $_POST['fields_name']['multi_edit'][$rownumber] ??
[];
231 $multi_edit_columns_prev = $_POST['fields_prev']['multi_edit'][$rownumber] ??
null;
232 $multi_edit_funcs = $_POST['funcs']['multi_edit'][$rownumber] ??
null;
233 $multi_edit_salt = $_POST['salt']['multi_edit'][$rownumber] ??
null;
234 $multi_edit_columns_type = $_POST['fields_type']['multi_edit'][$rownumber] ??
null;
235 $multi_edit_columns_null = $_POST['fields_null']['multi_edit'][$rownumber] ??
null;
236 $multi_edit_columns_null_prev = $_POST['fields_null_prev']['multi_edit'][$rownumber] ??
null;
237 $multi_edit_auto_increment = $_POST['auto_increment']['multi_edit'][$rownumber] ??
null;
238 $multi_edit_virtual = $_POST['virtual']['multi_edit'][$rownumber] ??
null;
240 // When a select field is nullified, it's not present in $_POST
241 // so initialize it; this way, the foreach($multi_edit_columns) will process it
242 foreach (array_keys($multi_edit_columns_name) as $key) {
243 if (isset($multi_edit_columns[$key])) {
247 $multi_edit_columns[$key] = '';
250 // Iterate in the order of $multi_edit_columns_name,
251 // not $multi_edit_columns, to avoid problems
252 // when inserting multiple entries
253 $insert_fail = false;
254 foreach ($multi_edit_columns_name as $key => $column_name) {
255 $current_value = $multi_edit_columns[$key];
256 // Note: $key is an md5 of the fieldname. The actual fieldname is
257 // available in $multi_edit_columns_name[$key]
259 $file_to_insert = new File();
260 $file_to_insert->checkTblChangeForm((string) $key, (string) $rownumber);
262 $possibly_uploaded_val = $file_to_insert->getContent();
263 if ($possibly_uploaded_val !== false) {
264 $current_value = $possibly_uploaded_val;
267 // Apply Input Transformation if defined
269 ! empty($GLOBALS['mime_map'][$column_name])
270 && ! empty($GLOBALS['mime_map'][$column_name]['input_transformation'])
272 $filename = 'libraries/classes/Plugins/Transformations/'
273 . $GLOBALS['mime_map'][$column_name]['input_transformation'];
274 if (is_file(ROOT_PATH
. $filename)) {
275 $classname = $this->transformations
->getClassName($filename);
276 if (class_exists($classname)) {
277 /** @var IOTransformationsPlugin $transformation_plugin */
278 $transformation_plugin = new $classname();
279 $transformation_options = $this->transformations
->getOptions(
280 $GLOBALS['mime_map'][$column_name]['input_transformation_options']
282 $current_value = $transformation_plugin->applyTransformation(
284 $transformation_options
286 // check if transformation was successful or not
287 // and accordingly set error messages & insert_fail
289 method_exists($transformation_plugin, 'isSuccess')
290 && ! $transformation_plugin->isSuccess()
293 $GLOBALS['row_skipped'] = true;
294 $GLOBALS['insert_errors'][] = sprintf(
295 __('Row: %1$s, Column: %2$s, Error: %3$s'),
298 $transformation_plugin->getError()
305 if ($file_to_insert->isError()) {
306 $GLOBALS['insert_errors'][] = $file_to_insert->getError();
309 // delete $file_to_insert temporary variable
310 $file_to_insert->cleanUp();
312 $current_value = $this->insertEdit
->getCurrentValueForDifferentTypes(
313 $possibly_uploaded_val,
315 $multi_edit_columns_type,
317 $multi_edit_auto_increment,
319 $multi_edit_columns_name,
320 $multi_edit_columns_null,
321 $multi_edit_columns_null_prev,
322 $GLOBALS['is_insert'],
323 $GLOBALS['using_key'],
329 $current_value_as_an_array = $this->insertEdit
->getCurrentValueAsAnArrayForMultipleEdit(
332 $GLOBALS['gis_from_text_functions'],
334 $GLOBALS['gis_from_wkb_functions'],
335 $GLOBALS['func_optional_param'],
336 $GLOBALS['func_no_param'],
340 if (! isset($multi_edit_virtual, $multi_edit_virtual[$key])) {
342 $GLOBALS['query_values'],
343 $GLOBALS['query_fields'],
344 ] = $this->insertEdit
->getQueryValuesForInsertAndUpdateInMultipleEdit(
345 $multi_edit_columns_name,
346 $multi_edit_columns_null,
348 $multi_edit_columns_prev,
350 $GLOBALS['is_insert'],
351 $GLOBALS['query_values'],
352 $GLOBALS['query_fields'],
353 $current_value_as_an_array,
354 $GLOBALS['value_sets'],
356 $multi_edit_columns_null_prev
360 if (! isset($multi_edit_columns_null[$key])) {
364 $multi_edit_columns[$key] = null;
367 // temporarily store rows not inserted
368 // so that they can be populated again.
370 $GLOBALS['unsaved_values'][$rownumber] = $multi_edit_columns;
373 if ($insert_fail ||
count($GLOBALS['query_values']) <= 0) {
377 if ($GLOBALS['is_insert']) {
378 $GLOBALS['value_sets'][] = implode(', ', $GLOBALS['query_values']);
380 // build update query
381 $clauseIsUnique = $_POST['clause_is_unique'] ??
'';// Should contain 0 or 1
382 $GLOBALS['query'][] = 'UPDATE ' . Util
::backquote($GLOBALS['table'])
383 . ' SET ' . implode(', ', $GLOBALS['query_values'])
384 . ' WHERE ' . $where_clause
385 . ($clauseIsUnique ?
'' : ' LIMIT 1');
390 $multi_edit_columns_name,
391 $multi_edit_columns_prev,
393 $multi_edit_columns_type,
394 $multi_edit_columns_null,
395 $GLOBALS['func_no_param'],
396 $multi_edit_auto_increment,
397 $current_value_as_an_array,
400 $GLOBALS['loop_array'],
402 $GLOBALS['using_key'],
403 $multi_edit_columns_null_prev,
407 // Builds the sql query
408 if ($GLOBALS['is_insert'] && count($GLOBALS['value_sets']) > 0) {
409 $GLOBALS['query'] = $this->insertEdit
->buildSqlQuery(
410 $GLOBALS['is_insertignore'],
411 $GLOBALS['query_fields'],
412 $GLOBALS['value_sets']
414 } elseif (empty($GLOBALS['query']) && ! isset($_POST['preview_sql']) && ! $GLOBALS['row_skipped']) {
415 // No change -> move back to the calling script
417 // Note: logic passes here for inline edit
418 $GLOBALS['message'] = Message
::success(__('No change'));
419 // Avoid infinite recursion
420 if ($GLOBALS['goto_include'] === '/table/replace') {
421 $GLOBALS['goto_include'] = '/table/change';
424 $GLOBALS['active_page'] = $GLOBALS['goto_include'];
426 if ($GLOBALS['goto_include'] === '/sql') {
427 /** @var SqlController $controller */
428 $controller = $GLOBALS['containerBuilder']->get(SqlController
::class);
434 if ($GLOBALS['goto_include'] === '/database/sql') {
435 /** @var DatabaseSqlController $controller */
436 $controller = $GLOBALS['containerBuilder']->get(DatabaseSqlController
::class);
442 if ($GLOBALS['goto_include'] === '/table/change') {
443 /** @var ChangeController $controller */
444 $controller = $GLOBALS['containerBuilder']->get(ChangeController
::class);
450 if ($GLOBALS['goto_include'] === '/table/sql') {
451 /** @var TableSqlController $controller */
452 $controller = $GLOBALS['containerBuilder']->get(TableSqlController
::class);
458 /** @psalm-suppress UnresolvableInclude */
459 include ROOT_PATH
. Core
::securePath($GLOBALS['goto_include']);
464 unset($multi_edit_columns, $GLOBALS['is_insertignore']);
466 // If there is a request for SQL previewing.
467 if (isset($_POST['preview_sql'])) {
468 Core
::previewSQL($GLOBALS['query']);
474 * Executes the sql query and get the result, then move back to the calling
478 $GLOBALS['urlParams'],
479 $GLOBALS['total_affected_rows'],
480 $GLOBALS['last_messages'],
481 $GLOBALS['warning_messages'],
482 $GLOBALS['error_messages'],
483 $GLOBALS['return_to_sql_query'],
484 ] = $this->insertEdit
->executeSqlQuery($GLOBALS['urlParams'], $GLOBALS['query']);
486 if ($GLOBALS['is_insert'] && (count($GLOBALS['value_sets']) > 0 ||
$GLOBALS['row_skipped'])) {
487 $GLOBALS['message'] = Message
::getMessageForInsertedRows($GLOBALS['total_affected_rows']);
488 $GLOBALS['unsaved_values'] = array_values($GLOBALS['unsaved_values']);
490 $GLOBALS['message'] = Message
::getMessageForAffectedRows($GLOBALS['total_affected_rows']);
493 if ($GLOBALS['row_skipped']) {
494 $GLOBALS['goto_include'] = '/table/change';
495 $GLOBALS['message']->addMessagesString($GLOBALS['insert_errors'], '<br>');
496 $GLOBALS['message']->isError(true);
499 $GLOBALS['message']->addMessages($GLOBALS['last_messages'], '<br>');
501 if (! empty($GLOBALS['warning_messages'])) {
502 $GLOBALS['message']->addMessagesString($GLOBALS['warning_messages'], '<br>');
503 $GLOBALS['message']->isError(true);
506 if (! empty($GLOBALS['error_messages'])) {
507 $GLOBALS['message']->addMessagesString($GLOBALS['error_messages']);
508 $GLOBALS['message']->isError(true);
512 $GLOBALS['error_messages'],
513 $GLOBALS['warning_messages'],
514 $GLOBALS['total_affected_rows'],
515 $GLOBALS['last_messages'],
516 $GLOBALS['row_skipped'],
517 $GLOBALS['insert_errors']
521 * The following section only applies to grid editing.
522 * However, verifying isAjax() is not enough to ensure we are coming from
523 * grid editing. If we are coming from the Edit or Copy link in Browse mode,
524 * ajax_page_request is present in the POST parameters.
526 if ($this->response
->isAjax() && ! isset($_POST['ajax_page_request'])) {
528 * If we are in grid editing, we need to process the relational and
529 * transformed fields, if they were edited. After that, output the correct
530 * link/transformed value and exit
532 if (isset($_POST['rel_fields_list']) && $_POST['rel_fields_list'] != '') {
533 $map = $this->relation
->getForeigners($GLOBALS['db'], $GLOBALS['table'], '', 'both');
535 /** @var array<int,array> $relation_fields */
536 $relation_fields = [];
537 parse_str($_POST['rel_fields_list'], $relation_fields);
539 // loop for each relation cell
540 foreach ($relation_fields as $cell_index => $curr_rel_field) {
541 foreach ($curr_rel_field as $relation_field => $relation_field_value) {
542 $where_comparison = "='" . $relation_field_value . "'";
543 $dispval = $this->insertEdit
->getDisplayValueForForeignTableColumn(
549 $extra_data['relations'][$cell_index] = $this->insertEdit
->getLinkForRelationalDisplayField(
554 $relation_field_value
560 if (isset($_POST['do_transformations']) && $_POST['do_transformations'] == true) {
562 parse_str($_POST['transform_fields_list'], $edited_values);
564 if (! isset($extra_data)) {
568 $transformation_types = [
569 'input_transformation',
572 foreach ($GLOBALS['mime_map'] as $transformation) {
573 $column_name = $transformation['column_name'];
574 foreach ($transformation_types as $type) {
575 $file = Core
::securePath($transformation[$type]);
576 $extra_data = $this->insertEdit
->transformEditedValues(
590 // Need to check the inline edited value can be truncated by MySQL
591 // without informing while saving
592 $column_name = $_POST['fields_name']['multi_edit'][0][0];
594 $this->insertEdit
->verifyWhetherValueCanBeTruncatedAndAppendExtraData(
601 /**Get the total row count of the table*/
602 $_table = new Table($_POST['table'], $_POST['db']);
603 $extra_data['row_count'] = $_table->countRecords();
605 $extra_data['sql_query'] = Generator
::getMessage($GLOBALS['message'], $GLOBALS['display_query']);
607 $this->response
->setRequestStatus($GLOBALS['message']->isSuccess());
608 $this->response
->addJSON('message', $GLOBALS['message']);
609 $this->response
->addJSON($extra_data);
614 if (! empty($GLOBALS['return_to_sql_query'])) {
615 $GLOBALS['disp_query'] = $GLOBALS['sql_query'];
616 $GLOBALS['disp_message'] = $GLOBALS['message'];
617 unset($GLOBALS['message']);
618 $GLOBALS['sql_query'] = $GLOBALS['return_to_sql_query'];
621 $this->addScriptFiles(['vendor/jquery/additional-methods.js', 'table/change.js']);
623 $GLOBALS['active_page'] = $GLOBALS['goto_include'];
626 * If user asked for "and then Insert another new row" we have to remove
627 * WHERE clause information so that /table/change does not go back
628 * to the current record
630 if (isset($_POST['after_insert']) && $_POST['after_insert'] === 'new_insert') {
631 unset($_POST['where_clause']);
634 if ($GLOBALS['goto_include'] === '/sql') {
635 /** @var SqlController $controller */
636 $controller = $GLOBALS['containerBuilder']->get(SqlController
::class);
642 if ($GLOBALS['goto_include'] === '/database/sql') {
643 /** @var DatabaseSqlController $controller */
644 $controller = $GLOBALS['containerBuilder']->get(DatabaseSqlController
::class);
650 if ($GLOBALS['goto_include'] === '/table/change') {
651 /** @var ChangeController $controller */
652 $controller = $GLOBALS['containerBuilder']->get(ChangeController
::class);
658 if ($GLOBALS['goto_include'] === '/table/sql') {
659 /** @var TableSqlController $controller */
660 $controller = $GLOBALS['containerBuilder']->get(TableSqlController
::class);
669 /** @psalm-suppress UnresolvableInclude */
670 require ROOT_PATH
. Core
::securePath($GLOBALS['goto_include']);