search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Replace `global` keyword with `$GLOBALS`
[phpmyadmin.git] / libraries / classes / Controllers / Table / ReplaceController.php
blob07f0fed2023bdbefee5beb5f4a50bea96b24fca5
1 <?php
2
3 declare(strict_types=1);
4
5 namespace PhpMyAdmin\Controllers\Table;
6
7 use PhpMyAdmin\ConfigStorage\Relation;
8 use PhpMyAdmin\Controllers\AbstractController;
9 use PhpMyAdmin\Controllers\Database\SqlController as DatabaseSqlController;
10 use PhpMyAdmin\Controllers\Sql\SqlController;
11 use PhpMyAdmin\Controllers\Table\SqlController as TableSqlController;
12 use PhpMyAdmin\Core;
13 use PhpMyAdmin\DatabaseInterface;
14 use PhpMyAdmin\File;
15 use PhpMyAdmin\Html\Generator;
16 use PhpMyAdmin\InsertEdit;
17 use PhpMyAdmin\Message;
18 use PhpMyAdmin\Plugins\IOTransformationsPlugin;
19 use PhpMyAdmin\ResponseRenderer;
20 use PhpMyAdmin\Table;
21 use PhpMyAdmin\Template;
22 use PhpMyAdmin\Transformations;
23 use PhpMyAdmin\Util;
24
25 use function __;
26 use function array_keys;
27 use function array_values;
28 use function class_exists;
29 use function count;
30 use function implode;
31 use function in_array;
32 use function is_file;
33 use function is_numeric;
34 use function method_exists;
35 use function parse_str;
36 use function sprintf;
37
38 /**
39 * Manipulation of table data like inserting, replacing and updating.
40 */
41 final class ReplaceController extends AbstractController
42 {
43 /** @var InsertEdit */
44 private $insertEdit;
45
46 /** @var Transformations */
47 private $transformations;
48
49 /** @var Relation */
50 private $relation;
51
52 /** @var DatabaseInterface */
53 private $dbi;
54
55 public function __construct(
56 ResponseRenderer $response,
57 Template $template,
58 InsertEdit $insertEdit,
59 Transformations $transformations,
60 Relation $relation,
61 DatabaseInterface $dbi
62 ) {
63 parent::__construct($response, $template);
64 $this->insertEdit = $insertEdit;
65 $this->transformations = $transformations;
66 $this->relation = $relation;
67 $this->dbi = $dbi;
68 }
69
70 public function __invoke(): void
71 {
72 Util::checkParameters(['db', 'table', 'goto']);
73
74 $this->dbi->selectDb($GLOBALS['db']);
75
76 /**
77 * Initializes some variables
78 */
79 $GLOBALS['goto_include'] = false;
80
81 $this->addScriptFiles([
82 'makegrid.js',
83 'vendor/stickyfill.min.js',
84 'sql.js',
85 'indexes.js',
86 'gis_data_editor.js',
87 ]);
88
89 $insertRows = $_POST['insert_rows'] ?? null;
90 if (is_numeric($insertRows) && $insertRows != $GLOBALS['cfg']['InsertRows']) {
91 // check whether insert row mode, if so include /table/change
92 $this->addScriptFiles([
93 'vendor/jquery/additional-methods.js',
94 'table/change.js',
95 ]);
96 $GLOBALS['cfg']['InsertRows'] = $_POST['insert_rows'];
97 /** @var ChangeController $controller */
98 $controller = $GLOBALS['containerBuilder']->get(ChangeController::class);
99 $controller();
100
101 return;
102 }
103
104 $after_insert_actions = [
105 'new_insert',
106 'same_insert',
107 'edit_next',
108 ];
109 if (isset($_POST['after_insert']) && in_array($_POST['after_insert'], $after_insert_actions)) {
110 $GLOBALS['urlParams']['after_insert'] = $_POST['after_insert'];
111 if (isset($_POST['where_clause'])) {
112 foreach ($_POST['where_clause'] as $one_where_clause) {
113 if ($_POST['after_insert'] === 'same_insert') {
114 $GLOBALS['urlParams']['where_clause'][] = $one_where_clause;
115 } elseif ($_POST['after_insert'] === 'edit_next') {
116 $this->insertEdit->setSessionForEditNext($one_where_clause);
117 }
118 }
119 }
120 }
121
122 //get $goto_include for different cases
123 $GLOBALS['goto_include'] = $this->insertEdit->getGotoInclude($GLOBALS['goto_include']);
124
125 // Defines the url to return in case of failure of the query
126 $GLOBALS['errorUrl'] = $this->insertEdit->getErrorUrl($GLOBALS['urlParams']);
127
128 /**
129 * Prepares the update/insert of a row
130 */
131 [
132 $GLOBALS['loop_array'],
133 $GLOBALS['using_key'],
134 $GLOBALS['is_insert'],
135 $GLOBALS['is_insertignore'],
136 ] = $this->insertEdit->getParamsForUpdateOrInsert();
137
138 $GLOBALS['query'] = [];
139 $GLOBALS['value_sets'] = [];
140 $GLOBALS['func_no_param'] = [
141 'CONNECTION_ID',
142 'CURRENT_USER',
143 'CURDATE',
144 'CURTIME',
145 'CURRENT_DATE',
146 'CURRENT_TIME',
147 'DATABASE',
148 'LAST_INSERT_ID',
149 'NOW',
150 'PI',
151 'RAND',
152 'SYSDATE',
153 'UNIX_TIMESTAMP',
154 'USER',
155 'UTC_DATE',
156 'UTC_TIME',
157 'UTC_TIMESTAMP',
158 'UUID',
159 'UUID_SHORT',
160 'VERSION',
161 ];
162 $GLOBALS['func_optional_param'] = [
163 'RAND',
164 'UNIX_TIMESTAMP',
165 ];
166
167 $GLOBALS['gis_from_text_functions'] = [
168 'GeomFromText',
169 'GeomCollFromText',
170 'LineFromText',
171 'MLineFromText',
172 'PointFromText',
173 'MPointFromText',
174 'PolyFromText',
175 'MPolyFromText',
176 ];
177 $GLOBALS['gis_from_wkb_functions'] = [
178 'GeomFromWKB',
179 'GeomCollFromWKB',
180 'LineFromWKB',
181 'MLineFromWKB',
182 'PointFromWKB',
183 'MPointFromWKB',
184 'PolyFromWKB',
185 'MPolyFromWKB',
186 ];
187 if ($this->dbi->getVersion() >= 50600) {
188 $GLOBALS['gis_from_text_functions'] = [
189 'ST_GeomFromText',
190 'ST_GeomCollFromText',
191 'ST_LineFromText',
192 'ST_MLineFromText',
193 'ST_PointFromText',
194 'ST_MPointFromText',
195 'ST_PolyFromText',
196 'ST_MPolyFromText',
197 ];
198 $GLOBALS['gis_from_wkb_functions'] = [
199 'ST_GeomFromWKB',
200 'ST_GeomCollFromWKB',
201 'ST_LineFromWKB',
202 'ST_MLineFromWKB',
203 'ST_PointFromWKB',
204 'ST_MPointFromWKB',
205 'ST_PolyFromWKB',
206 'ST_MPolyFromWKB',
207 ];
208 }
209
210 $GLOBALS['mime_map'] = $this->transformations->getMime($GLOBALS['db'], $GLOBALS['table']);
211 if ($GLOBALS['mime_map'] === null) {
212 $GLOBALS['mime_map'] = [];
213 }
214
215 $GLOBALS['query_fields'] = [];
216 $GLOBALS['insert_errors'] = [];
217 $GLOBALS['row_skipped'] = false;
218 $GLOBALS['unsaved_values'] = [];
219 foreach ($GLOBALS['loop_array'] as $rownumber => $where_clause) {
220 // skip fields to be ignored
221 if (! $GLOBALS['using_key'] && isset($_POST['insert_ignore_' . $where_clause])) {
222 continue;
223 }
224
225 // Defines the SET part of the sql query
226 $GLOBALS['query_values'] = [];
227
228 // Map multi-edit keys to single-level arrays, dependent on how we got the fields
229 $multi_edit_columns = $_POST['fields']['multi_edit'][$rownumber] ?? [];
230 $multi_edit_columns_name = $_POST['fields_name']['multi_edit'][$rownumber] ?? [];
231 $multi_edit_columns_prev = $_POST['fields_prev']['multi_edit'][$rownumber] ?? null;
232 $multi_edit_funcs = $_POST['funcs']['multi_edit'][$rownumber] ?? null;
233 $multi_edit_salt = $_POST['salt']['multi_edit'][$rownumber] ?? null;
234 $multi_edit_columns_type = $_POST['fields_type']['multi_edit'][$rownumber] ?? null;
235 $multi_edit_columns_null = $_POST['fields_null']['multi_edit'][$rownumber] ?? null;
236 $multi_edit_columns_null_prev = $_POST['fields_null_prev']['multi_edit'][$rownumber] ?? null;
237 $multi_edit_auto_increment = $_POST['auto_increment']['multi_edit'][$rownumber] ?? null;
238 $multi_edit_virtual = $_POST['virtual']['multi_edit'][$rownumber] ?? null;
239
240 // When a select field is nullified, it's not present in $_POST
241 // so initialize it; this way, the foreach($multi_edit_columns) will process it
242 foreach (array_keys($multi_edit_columns_name) as $key) {
243 if (isset($multi_edit_columns[$key])) {
244 continue;
245 }
246
247 $multi_edit_columns[$key] = '';
248 }
249
250 // Iterate in the order of $multi_edit_columns_name,
251 // not $multi_edit_columns, to avoid problems
252 // when inserting multiple entries
253 $insert_fail = false;
254 foreach ($multi_edit_columns_name as $key => $column_name) {
255 $current_value = $multi_edit_columns[$key];
256 // Note: $key is an md5 of the fieldname. The actual fieldname is
257 // available in $multi_edit_columns_name[$key]
258
259 $file_to_insert = new File();
260 $file_to_insert->checkTblChangeForm((string) $key, (string) $rownumber);
261
262 $possibly_uploaded_val = $file_to_insert->getContent();
263 if ($possibly_uploaded_val !== false) {
264 $current_value = $possibly_uploaded_val;
265 }
266
267 // Apply Input Transformation if defined
268 if (
269 ! empty($GLOBALS['mime_map'][$column_name])
270 && ! empty($GLOBALS['mime_map'][$column_name]['input_transformation'])
271 ) {
272 $filename = 'libraries/classes/Plugins/Transformations/'
273 . $GLOBALS['mime_map'][$column_name]['input_transformation'];
274 if (is_file(ROOT_PATH . $filename)) {
275 $classname = $this->transformations->getClassName($filename);
276 if (class_exists($classname)) {
277 /** @var IOTransformationsPlugin $transformation_plugin */
278 $transformation_plugin = new $classname();
279 $transformation_options = $this->transformations->getOptions(
280 $GLOBALS['mime_map'][$column_name]['input_transformation_options']
281 );
282 $current_value = $transformation_plugin->applyTransformation(
283 $current_value,
284 $transformation_options
285 );
286 // check if transformation was successful or not
287 // and accordingly set error messages & insert_fail
288 if (
289 method_exists($transformation_plugin, 'isSuccess')
290 && ! $transformation_plugin->isSuccess()
291 ) {
292 $insert_fail = true;
293 $GLOBALS['row_skipped'] = true;
294 $GLOBALS['insert_errors'][] = sprintf(
295 __('Row: %1$s, Column: %2$s, Error: %3$s'),
296 $rownumber,
297 $column_name,
298 $transformation_plugin->getError()
299 );
300 }
301 }
302 }
303 }
304
305 if ($file_to_insert->isError()) {
306 $GLOBALS['insert_errors'][] = $file_to_insert->getError();
307 }
308
309 // delete $file_to_insert temporary variable
310 $file_to_insert->cleanUp();
311
312 $current_value = $this->insertEdit->getCurrentValueForDifferentTypes(
313 $possibly_uploaded_val,
314 $key,
315 $multi_edit_columns_type,
316 $current_value,
317 $multi_edit_auto_increment,
318 $rownumber,
319 $multi_edit_columns_name,
320 $multi_edit_columns_null,
321 $multi_edit_columns_null_prev,
322 $GLOBALS['is_insert'],
323 $GLOBALS['using_key'],
324 $where_clause,
325 $GLOBALS['table'],
326 $multi_edit_funcs
327 );
328
329 $current_value_as_an_array = $this->insertEdit->getCurrentValueAsAnArrayForMultipleEdit(
330 $multi_edit_funcs,
331 $multi_edit_salt,
332 $GLOBALS['gis_from_text_functions'],
333 $current_value,
334 $GLOBALS['gis_from_wkb_functions'],
335 $GLOBALS['func_optional_param'],
336 $GLOBALS['func_no_param'],
337 $key
338 );
339
340 if (! isset($multi_edit_virtual, $multi_edit_virtual[$key])) {
341 [
342 $GLOBALS['query_values'],
343 $GLOBALS['query_fields'],
344 ] = $this->insertEdit->getQueryValuesForInsertAndUpdateInMultipleEdit(
345 $multi_edit_columns_name,
346 $multi_edit_columns_null,
347 $current_value,
348 $multi_edit_columns_prev,
349 $multi_edit_funcs,
350 $GLOBALS['is_insert'],
351 $GLOBALS['query_values'],
352 $GLOBALS['query_fields'],
353 $current_value_as_an_array,
354 $GLOBALS['value_sets'],
355 $key,
356 $multi_edit_columns_null_prev
357 );
358 }
359
360 if (! isset($multi_edit_columns_null[$key])) {
361 continue;
362 }
363
364 $multi_edit_columns[$key] = null;
365 }
366
367 // temporarily store rows not inserted
368 // so that they can be populated again.
369 if ($insert_fail) {
370 $GLOBALS['unsaved_values'][$rownumber] = $multi_edit_columns;
371 }
372
373 if ($insert_fail || count($GLOBALS['query_values']) <= 0) {
374 continue;
375 }
376
377 if ($GLOBALS['is_insert']) {
378 $GLOBALS['value_sets'][] = implode(', ', $GLOBALS['query_values']);
379 } else {
380 // build update query
381 $clauseIsUnique = $_POST['clause_is_unique'] ?? '';// Should contain 0 or 1
382 $GLOBALS['query'][] = 'UPDATE ' . Util::backquote($GLOBALS['table'])
383 . ' SET ' . implode(', ', $GLOBALS['query_values'])
384 . ' WHERE ' . $where_clause
385 . ($clauseIsUnique ? '' : ' LIMIT 1');
386 }
387 }
388
389 unset(
390 $multi_edit_columns_name,
391 $multi_edit_columns_prev,
392 $multi_edit_funcs,
393 $multi_edit_columns_type,
394 $multi_edit_columns_null,
395 $GLOBALS['func_no_param'],
396 $multi_edit_auto_increment,
397 $current_value_as_an_array,
398 $key,
399 $current_value,
400 $GLOBALS['loop_array'],
401 $where_clause,
402 $GLOBALS['using_key'],
403 $multi_edit_columns_null_prev,
404 $insert_fail
405 );
406
407 // Builds the sql query
408 if ($GLOBALS['is_insert'] && count($GLOBALS['value_sets']) > 0) {
409 $GLOBALS['query'] = $this->insertEdit->buildSqlQuery(
410 $GLOBALS['is_insertignore'],
411 $GLOBALS['query_fields'],
412 $GLOBALS['value_sets']
413 );
414 } elseif (empty($GLOBALS['query']) && ! isset($_POST['preview_sql']) && ! $GLOBALS['row_skipped']) {
415 // No change -> move back to the calling script
416 //
417 // Note: logic passes here for inline edit
418 $GLOBALS['message'] = Message::success(__('No change'));
419 // Avoid infinite recursion
420 if ($GLOBALS['goto_include'] === '/table/replace') {
421 $GLOBALS['goto_include'] = '/table/change';
422 }
423
424 $GLOBALS['active_page'] = $GLOBALS['goto_include'];
425
426 if ($GLOBALS['goto_include'] === '/sql') {
427 /** @var SqlController $controller */
428 $controller = $GLOBALS['containerBuilder']->get(SqlController::class);
429 $controller();
430
431 return;
432 }
433
434 if ($GLOBALS['goto_include'] === '/database/sql') {
435 /** @var DatabaseSqlController $controller */
436 $controller = $GLOBALS['containerBuilder']->get(DatabaseSqlController::class);
437 $controller();
438
439 return;
440 }
441
442 if ($GLOBALS['goto_include'] === '/table/change') {
443 /** @var ChangeController $controller */
444 $controller = $GLOBALS['containerBuilder']->get(ChangeController::class);
445 $controller();
446
447 return;
448 }
449
450 if ($GLOBALS['goto_include'] === '/table/sql') {
451 /** @var TableSqlController $controller */
452 $controller = $GLOBALS['containerBuilder']->get(TableSqlController::class);
453 $controller();
454
455 return;
456 }
457
458 /** @psalm-suppress UnresolvableInclude */
459 include ROOT_PATH . Core::securePath($GLOBALS['goto_include']);
460
461 return;
462 }
463
464 unset($multi_edit_columns, $GLOBALS['is_insertignore']);
465
466 // If there is a request for SQL previewing.
467 if (isset($_POST['preview_sql'])) {
468 Core::previewSQL($GLOBALS['query']);
469
470 return;
471 }
472
473 /**
474 * Executes the sql query and get the result, then move back to the calling
475 * page
476 */
477 [
478 $GLOBALS['urlParams'],
479 $GLOBALS['total_affected_rows'],
480 $GLOBALS['last_messages'],
481 $GLOBALS['warning_messages'],
482 $GLOBALS['error_messages'],
483 $GLOBALS['return_to_sql_query'],
484 ] = $this->insertEdit->executeSqlQuery($GLOBALS['urlParams'], $GLOBALS['query']);
485
486 if ($GLOBALS['is_insert'] && (count($GLOBALS['value_sets']) > 0 || $GLOBALS['row_skipped'])) {
487 $GLOBALS['message'] = Message::getMessageForInsertedRows($GLOBALS['total_affected_rows']);
488 $GLOBALS['unsaved_values'] = array_values($GLOBALS['unsaved_values']);
489 } else {
490 $GLOBALS['message'] = Message::getMessageForAffectedRows($GLOBALS['total_affected_rows']);
491 }
492
493 if ($GLOBALS['row_skipped']) {
494 $GLOBALS['goto_include'] = '/table/change';
495 $GLOBALS['message']->addMessagesString($GLOBALS['insert_errors'], '<br>');
496 $GLOBALS['message']->isError(true);
497 }
498
499 $GLOBALS['message']->addMessages($GLOBALS['last_messages'], '<br>');
500
501 if (! empty($GLOBALS['warning_messages'])) {
502 $GLOBALS['message']->addMessagesString($GLOBALS['warning_messages'], '<br>');
503 $GLOBALS['message']->isError(true);
504 }
505
506 if (! empty($GLOBALS['error_messages'])) {
507 $GLOBALS['message']->addMessagesString($GLOBALS['error_messages']);
508 $GLOBALS['message']->isError(true);
509 }
510
511 unset(
512 $GLOBALS['error_messages'],
513 $GLOBALS['warning_messages'],
514 $GLOBALS['total_affected_rows'],
515 $GLOBALS['last_messages'],
516 $GLOBALS['row_skipped'],
517 $GLOBALS['insert_errors']
518 );
519
520 /**
521 * The following section only applies to grid editing.
522 * However, verifying isAjax() is not enough to ensure we are coming from
523 * grid editing. If we are coming from the Edit or Copy link in Browse mode,
524 * ajax_page_request is present in the POST parameters.
525 */
526 if ($this->response->isAjax() && ! isset($_POST['ajax_page_request'])) {
527 /**
528 * If we are in grid editing, we need to process the relational and
529 * transformed fields, if they were edited. After that, output the correct
530 * link/transformed value and exit
531 */
532 if (isset($_POST['rel_fields_list']) && $_POST['rel_fields_list'] != '') {
533 $map = $this->relation->getForeigners($GLOBALS['db'], $GLOBALS['table'], '', 'both');
534
535 /** @var array<int,array> $relation_fields */
536 $relation_fields = [];
537 parse_str($_POST['rel_fields_list'], $relation_fields);
538
539 // loop for each relation cell
540 foreach ($relation_fields as $cell_index => $curr_rel_field) {
541 foreach ($curr_rel_field as $relation_field => $relation_field_value) {
542 $where_comparison = "='" . $relation_field_value . "'";
543 $dispval = $this->insertEdit->getDisplayValueForForeignTableColumn(
544 $where_comparison,
545 $map,
546 $relation_field
547 );
548
549 $extra_data['relations'][$cell_index] = $this->insertEdit->getLinkForRelationalDisplayField(
550 $map,
551 $relation_field,
552 $where_comparison,
553 $dispval,
554 $relation_field_value
555 );
556 }
557 }
558 }
559
560 if (isset($_POST['do_transformations']) && $_POST['do_transformations'] == true) {
561 $edited_values = [];
562 parse_str($_POST['transform_fields_list'], $edited_values);
563
564 if (! isset($extra_data)) {
565 $extra_data = [];
566 }
567
568 $transformation_types = [
569 'input_transformation',
570 'transformation',
571 ];
572 foreach ($GLOBALS['mime_map'] as $transformation) {
573 $column_name = $transformation['column_name'];
574 foreach ($transformation_types as $type) {
575 $file = Core::securePath($transformation[$type]);
576 $extra_data = $this->insertEdit->transformEditedValues(
577 $GLOBALS['db'],
578 $GLOBALS['table'],
579 $transformation,
580 $edited_values,
581 $file,
582 $column_name,
583 $extra_data,
584 $type
585 );
586 }
587 }
588 }
589
590 // Need to check the inline edited value can be truncated by MySQL
591 // without informing while saving
592 $column_name = $_POST['fields_name']['multi_edit'][0][0];
593
594 $this->insertEdit->verifyWhetherValueCanBeTruncatedAndAppendExtraData(
595 $GLOBALS['db'],
596 $GLOBALS['table'],
597 $column_name,
598 $extra_data
599 );
600
601 /**Get the total row count of the table*/
602 $_table = new Table($_POST['table'], $_POST['db']);
603 $extra_data['row_count'] = $_table->countRecords();
604
605 $extra_data['sql_query'] = Generator::getMessage($GLOBALS['message'], $GLOBALS['display_query']);
606
607 $this->response->setRequestStatus($GLOBALS['message']->isSuccess());
608 $this->response->addJSON('message', $GLOBALS['message']);
609 $this->response->addJSON($extra_data);
610
611 return;
612 }
613
614 if (! empty($GLOBALS['return_to_sql_query'])) {
615 $GLOBALS['disp_query'] = $GLOBALS['sql_query'];
616 $GLOBALS['disp_message'] = $GLOBALS['message'];
617 unset($GLOBALS['message']);
618 $GLOBALS['sql_query'] = $GLOBALS['return_to_sql_query'];
619 }
620
621 $this->addScriptFiles(['vendor/jquery/additional-methods.js', 'table/change.js']);
622
623 $GLOBALS['active_page'] = $GLOBALS['goto_include'];
624
625 /**
626 * If user asked for "and then Insert another new row" we have to remove
627 * WHERE clause information so that /table/change does not go back
628 * to the current record
629 */
630 if (isset($_POST['after_insert']) && $_POST['after_insert'] === 'new_insert') {
631 unset($_POST['where_clause']);
632 }
633
634 if ($GLOBALS['goto_include'] === '/sql') {
635 /** @var SqlController $controller */
636 $controller = $GLOBALS['containerBuilder']->get(SqlController::class);
637 $controller();
638
639 return;
640 }
641
642 if ($GLOBALS['goto_include'] === '/database/sql') {
643 /** @var DatabaseSqlController $controller */
644 $controller = $GLOBALS['containerBuilder']->get(DatabaseSqlController::class);
645 $controller();
646
647 return;
648 }
649
650 if ($GLOBALS['goto_include'] === '/table/change') {
651 /** @var ChangeController $controller */
652 $controller = $GLOBALS['containerBuilder']->get(ChangeController::class);
653 $controller();
654
655 return;
656 }
657
658 if ($GLOBALS['goto_include'] === '/table/sql') {
659 /** @var TableSqlController $controller */
660 $controller = $GLOBALS['containerBuilder']->get(TableSqlController::class);
661 $controller();
662
663 return;
664 }
665
666 /**
667 * Load target page.
668 */
669 /** @psalm-suppress UnresolvableInclude */
670 require ROOT_PATH . Core::securePath($GLOBALS['goto_include']);
671 }
672 }
phpMyAdmin