Issues in SqleditController.php - New Issues - Inspection of "Merge pull request #104 from HuasoFoundries/analys..." - HuasoFoundries/phpPgAdmin6 - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 442876...4ec1bc )

by Felipe

created 2018-03-09 23:17 UTC

src/controllers/SqleditController.php (4 issues)

Labels

Severity

<?php


/*
 * PHPPgAdmin v6.0.0-beta.30
 */

namespace PHPPgAdmin\Controller;

/**
 * Base controller class.
 */
class SqleditController extends BaseController
{
    public $controller_name = 'SqleditController';
    public $query           = '';
    public $subject         = '';
    public $start_time;
    public $duration;

    /**
     * Default method to render the controller according to the action parameter.
     */
    public function render()
    {
        $lang = $this->lang;


        $action = $this->action;

        switch ($action) {
            case 'find':
                $title     = $this->lang['strfind'];
                $body_text = $this->doFind();

                break;
            case 'sql':
            default:
                $title     = $this->lang['strsql'];
                $body_text = $this->doDefault();

                break;
        }

        $this->setWindowName('sqledit');

        $this->scripts = '<script type="text/javascript">window.inPopUp=true;</script>';

        $this->printHeader($title, $this->scripts, true, 'header_sqledit.twig');
        $this->printBody(true, 'sql_edit');
        echo $body_text;

        $this->printFooter(true, 'footer_sqledit.twig');
    }

    /**
     * Allow execution of arbitrary SQL statements on a database.
     */
    public function doDefault()
    {
        $lang = $this->lang;
        $data = $this->misc->getDatabaseAccessor();

        if (!isset($_SESSION['sqlquery'])) {
            $_SESSION['sqlquery'] = '';
        }

        if (!isset($_REQUEST['search_path'])) {
            $_REQUEST['search_path'] = implode(',', $data->getSearchPath());
        }
        $search_path = htmlspecialchars($_REQUEST['search_path']);
        $sqlquery    = htmlspecialchars($_SESSION['sqlquery']);

        $default_html = $this->printTabs($this->misc->getNavTabs('popup'), 'sql', false);

        $default_html .= '<form action="' . \SUBFOLDER . '/src/views/sql" method="post" enctype="multipart/form-data" class="sqlform" id="sqlform" target="detail">';
        $default_html .= "\n";
        $default_html .= $this->_printConnection('sql');

        $default_html .= "\n";

        $default_html .= ' <div class="searchpath">';
        $default_html .= '<label>';
        $default_html .= $this->misc->printHelp($lang['strsearchpath'], 'pg.schema.search_path', false);

        $default_html .= ': <input type="text" name="search_path" size="45" value="' . $search_path . '" />';
        $default_html .= "</label>\n";

        $default_html .= "</div>\n";

        $default_html .= '<div id="queryedition" style="padding:1%;width:98%;float:left;">';
        $default_html .= "\n";
        $default_html .= '<textarea style="width:98%;" rows="10" cols="50" name="query" id="query" resizable="true">' . $sqlquery . '</textarea>';
        $default_html .= "\n";
        $default_html .= "</div>\n";

        $default_html .= '<div class="sqledit_bottom_inputs" >';

        if (ini_get('file_uploads')) {
            // Don't show upload option if max size of uploads is zero
            $max_size = $this->misc->inisizeToBytes(ini_get('upload_max_filesize'));
            if (is_double($max_size) && $max_size > 0) {
                $default_html .= '<p class="upload_sql_script">';
                $default_html .= '<input type="hidden" name="MAX_FILE_SIZE" value="' . $max_size . '" />';
                $default_html .= "\n";
                $default_html .= '<label for="script">' . $lang['struploadscript'] . '</label>';
                $default_html .= '&nbsp;&nbsp; <input class="btn btn-small"  id="script" name="script" type="file" /></p>';
                $default_html .= "</p>\n";
            }
        }

        // Check that file uploads are enabled
        $checked = (isset($_REQUEST['paginate']) ? ' checked="checked"' : '');

        $default_html .= '<p><input type="submit" class="btn btn-small" name="execute" accesskey="r" value="' . $lang['strexecute'] . '" />';
        $default_html .= "\n";

        $default_html .= '<input type="reset" class="btn btn-small"  accesskey="q" value="' . $lang['strreset'] . '" /></p>';
        $default_html .= "\n";

        $default_html .= '<p>';
        $default_html .= '<label for="paginate">';
        $default_html .= '<input type="checkbox" id="paginate" name="paginate"' . $checked . ' />&nbsp;' . $lang['strpaginate'] . '&nbsp;';
        $default_html .= "</label>\n";
        $default_html .= "</p>\n";

        $default_html .= "</div>\n";
        $default_html .= '</form>';
        $default_html .= "\n";

        // Default focus
        //$this->setFocus('forms[0].query');
        return $default_html;
    }

    /**
     * Private function to display server and list of databases.
     *
     * @param mixed $action

     */
    public function _printConnection($action)
    {
        $lang = $this->lang;

        $data = $this->misc->getDatabaseAccessor();

        // The javascript action on the select box reloads the
        // popup whenever the server or database is changed.
        // This ensures that the correct page encoding is used.
        $onchange = "onchange=\"location.href='" . \SUBFOLDER . '/sqledit/' .
        urlencode($action) . "?server=' + encodeURI(server.options[server.selectedIndex].value) + '&amp;database=' + encodeURI(database.options[database.selectedIndex].value) + ";

        // The exact URL to reload to is different between SQL and Find mode, however.
        if ('find' == $action) {
            $onchange .= "'&amp;term=' + encodeURI(term.value) + '&amp;filter=' + encodeURI(filter.value) + '&amp;'\"";
        } else {
            $onchange .= "'&amp;query=' + encodeURI(query.value) + '&amp;search_path=' + encodeURI(search_path.value) + (paginate.checked ? '&amp;paginate=on' : '')  + '&amp;'\"";
        }

        return $this->misc->printConnection($onchange, false);
    }

    /**
     * Searches for a named database object.
     */
    public function doFind()
    {
        $lang = $this->lang;
        $data = $this->misc->getDatabaseAccessor();

        if (!isset($_REQUEST['term'])) {
            $_REQUEST['term'] = '';
        }

        if (!isset($_REQUEST['filter'])) {
            $_REQUEST['filter'] = '';
        }

        $default_html = $this->printTabs($this->misc->getNavTabs('popup'), 'find', false);

        $default_html .= "<form action=\"database.php\" method=\"post\" target=\"detail\">\n";
        $default_html .= $this->_printConnection('find');
        $default_html .= '<p><input class="focusme" name="term" value="' . htmlspecialchars($_REQUEST['term']) . "\" size=\"32\" maxlength=\"{$data->_maxNameLen}\" />\n";

        // Output list of filters.  This is complex due to all the 'has' and 'conf' feature possibilities
        $default_html .= "<select name=\"filter\">\n";
        $default_html .= "\t<option value=\"\"" . ('' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strallobjects']}</option>\n";
        $default_html .= "\t<option value=\"SCHEMA\"" . ('SCHEMA' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strschemas']}</option>\n";
        $default_html .= "\t<option value=\"TABLE\"" . ('TABLE' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strtables']}</option>\n";
        $default_html .= "\t<option value=\"VIEW\"" . ('VIEW' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strviews']}</option>\n";
        $default_html .= "\t<option value=\"SEQUENCE\"" . ('SEQUENCE' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strsequences']}</option>\n";
        $default_html .= "\t<option value=\"COLUMN\"" . ('COLUMN' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strcolumns']}</option>\n";
        $default_html .= "\t<option value=\"RULE\"" . ('RULE' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strrules']}</option>\n";
        $default_html .= "\t<option value=\"INDEX\"" . ('INDEX' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strindexes']}</option>\n";
        $default_html .= "\t<option value=\"TRIGGER\"" . ('TRIGGER' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strtriggers']}</option>\n";
        $default_html .= "\t<option value=\"CONSTRAINT\"" . ('CONSTRAINT' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strconstraints']}</option>\n";
        $default_html .= "\t<option value=\"FUNCTION\"" . ('FUNCTION' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strfunctions']}</option>\n";
        $default_html .= "\t<option value=\"DOMAIN\"" . ('DOMAIN' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strdomains']}</option>\n";
        if ($this->conf['show_advanced']) {
            $default_html .= "\t<option value=\"AGGREGATE\"" . ('AGGREGATE' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['straggregates']}</option>\n";
            $default_html .= "\t<option value=\"TYPE\"" . ('TYPE' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strtypes']}</option>\n";
            $default_html .= "\t<option value=\"OPERATOR\"" . ('OPERATOR' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['stroperators']}</option>\n";
            $default_html .= "\t<option value=\"OPCLASS\"" . ('OPCLASS' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['stropclasses']}</option>\n";
            $default_html .= "\t<option value=\"CONVERSION\"" . ('CONVERSION' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strconversions']}</option>\n";
            $default_html .= "\t<option value=\"LANGUAGE\"" . ('LANGUAGE' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strlanguages']}</option>\n";
        }
        $default_html .= "</select>\n";

        $default_html .= "<input type=\"submit\" value=\"{$lang['strfind']}\" />\n";
        $default_html .= "<input type=\"hidden\" name=\"action\" value=\"find\" /></p>\n";
        $default_html .= "</form>\n";

        // Default focus
        $this->setFocus('forms[0].term');

        return $default_html;
    }
}


1			<?php
2
			0 ignored issues – show Coding Style introduced 2018-02-15 15:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this You must use "/**" style comments for a file comment Loading history...
3			/*
4			* PHPPgAdmin v6.0.0-beta.30
5			*/
6
7			namespace PHPPgAdmin\Controller;
8
9			/**
10			* Base controller class.
11			*/
12			class SqleditController extends BaseController
13			{
14			public $controller_name = 'SqleditController';
15			public $query = '';
16			public $subject = '';
17			public $start_time;
18			public $duration;
19
20			/**
21			* Default method to render the controller according to the action parameter.
22			*/
23			public function render()
24			{
25			$lang = $this->lang;
			0 ignored issues – show Unused Code introduced 2018-02-15 19:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$lang` is dead and can be removed. Loading history...
26
27			$action = $this->action;
28
29			switch ($action) {
30			case 'find':
31			$title = $this->lang['strfind'];
32			$body_text = $this->doFind();
33
34			break;
35			case 'sql':
36			default:
37			$title = $this->lang['strsql'];
38			$body_text = $this->doDefault();
39
40			break;
41			}
42
43			$this->setWindowName('sqledit');
44
45			$this->scripts = '<script type="text/javascript">window.inPopUp=true;</script>';
46
47			$this->printHeader($title, $this->scripts, true, 'header_sqledit.twig');
48			$this->printBody(true, 'sql_edit');
49			echo $body_text;
50
51			$this->printFooter(true, 'footer_sqledit.twig');
52			}
53
54			/**
55			* Allow execution of arbitrary SQL statements on a database.
56			*/
57			public function doDefault()
58			{
59			$lang = $this->lang;
60			$data = $this->misc->getDatabaseAccessor();
61
62			if (!isset($_SESSION['sqlquery'])) {
63			$_SESSION['sqlquery'] = '';
64			}
65
66			if (!isset($_REQUEST['search_path'])) {
67			$_REQUEST['search_path'] = implode(',', $data->getSearchPath());
68			}
69			$search_path = htmlspecialchars($_REQUEST['search_path']);
70			$sqlquery = htmlspecialchars($_SESSION['sqlquery']);
71
72			$default_html = $this->printTabs($this->misc->getNavTabs('popup'), 'sql', false);
73
74			$default_html .= '<form action="' . \SUBFOLDER . '/src/views/sql" method="post" enctype="multipart/form-data" class="sqlform" id="sqlform" target="detail">';
75			$default_html .= "\n";
76			$default_html .= $this->_printConnection('sql');
77
78			$default_html .= "\n";
79
80			$default_html .= ' <div class="searchpath">';
81			$default_html .= '<label>';
82			$default_html .= $this->misc->printHelp($lang['strsearchpath'], 'pg.schema.search_path', false);
83
84			$default_html .= ': <input type="text" name="search_path" size="45" value="' . $search_path . '" />';
85			$default_html .= "</label>\n";
86
87			$default_html .= "</div>\n";
88
89			$default_html .= '<div id="queryedition" style="padding:1%;width:98%;float:left;">';
90			$default_html .= "\n";
91			$default_html .= '<textarea style="width:98%;" rows="10" cols="50" name="query" id="query" resizable="true">' . $sqlquery . '</textarea>';
92			$default_html .= "\n";
93			$default_html .= "</div>\n";
94
95			$default_html .= '<div class="sqledit_bottom_inputs" >';
96
97			if (ini_get('file_uploads')) {
98			// Don't show upload option if max size of uploads is zero
99			$max_size = $this->misc->inisizeToBytes(ini_get('upload_max_filesize'));
100			if (is_double($max_size) && $max_size > 0) {
101			$default_html .= '<p class="upload_sql_script">';
102			$default_html .= '<input type="hidden" name="MAX_FILE_SIZE" value="' . $max_size . '" />';
103			$default_html .= "\n";
104			$default_html .= '<label for="script">' . $lang['struploadscript'] . '</label>';
105			$default_html .= '   <input class="btn btn-small" id="script" name="script" type="file" /></p>';
106			$default_html .= "</p>\n";
107			}
108			}
109
110			// Check that file uploads are enabled
111			$checked = (isset($_REQUEST['paginate']) ? ' checked="checked"' : '');
112
113			$default_html .= '<p><input type="submit" class="btn btn-small" name="execute" accesskey="r" value="' . $lang['strexecute'] . '" />';
114			$default_html .= "\n";
115
116			$default_html .= '<input type="reset" class="btn btn-small" accesskey="q" value="' . $lang['strreset'] . '" /></p>';
117			$default_html .= "\n";
118
119			$default_html .= '<p>';
120			$default_html .= '<label for="paginate">';
121			$default_html .= '<input type="checkbox" id="paginate" name="paginate"' . $checked . ' /> ' . $lang['strpaginate'] . ' ';
122			$default_html .= "</label>\n";
123			$default_html .= "</p>\n";
124
125			$default_html .= "</div>\n";
126			$default_html .= '</form>';
127			$default_html .= "\n";
128
129			// Default focus
130			//$this->setFocus('forms[0].query');
131			return $default_html;
132			}
133
134			/**
135			* Private function to display server and list of databases.
136			*
137			* @param mixed $action
			1 ignored issue – show Coding Style introduced 2018-02-15 19:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this Missing parameter comment Loading history...
138			*/
139			public function _printConnection($action)
140			{
141			$lang = $this->lang;
			0 ignored issues – show Unused Code introduced 2018-02-15 15:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$lang` is dead and can be removed. Loading history...
142			$data = $this->misc->getDatabaseAccessor();
143
144			// The javascript action on the select box reloads the
145			// popup whenever the server or database is changed.
146			// This ensures that the correct page encoding is used.
147			$onchange = "onchange=\"location.href='" . \SUBFOLDER . '/sqledit/' .
148			urlencode($action) . "?server=' + encodeURI(server.options[server.selectedIndex].value) + '&database=' + encodeURI(database.options[database.selectedIndex].value) + ";
149
150			// The exact URL to reload to is different between SQL and Find mode, however.
151			if ('find' == $action) {
152			$onchange .= "'&term=' + encodeURI(term.value) + '&filter=' + encodeURI(filter.value) + '&'\"";
153			} else {
154			$onchange .= "'&query=' + encodeURI(query.value) + '&search_path=' + encodeURI(search_path.value) + (paginate.checked ? '&paginate=on' : '') + '&'\"";
155			}
156
157			return $this->misc->printConnection($onchange, false);
158			}
159
160			/**
161			* Searches for a named database object.
162			*/
163			public function doFind()
164			{
165			$lang = $this->lang;
166			$data = $this->misc->getDatabaseAccessor();
167
168			if (!isset($_REQUEST['term'])) {
169			$_REQUEST['term'] = '';
170			}
171
172			if (!isset($_REQUEST['filter'])) {
173			$_REQUEST['filter'] = '';
174			}
175
176			$default_html = $this->printTabs($this->misc->getNavTabs('popup'), 'find', false);
177
178			$default_html .= "<form action=\"database.php\" method=\"post\" target=\"detail\">\n";
179			$default_html .= $this->_printConnection('find');
180			$default_html .= '<p><input class="focusme" name="term" value="' . htmlspecialchars($_REQUEST['term']) . "\" size=\"32\" maxlength=\"{$data->_maxNameLen}\" />\n";
181
182			// Output list of filters. This is complex due to all the 'has' and 'conf' feature possibilities
183			$default_html .= "<select name=\"filter\">\n";
184			$default_html .= "\t<option value=\"\"" . ('' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strallobjects']}</option>\n";
185			$default_html .= "\t<option value=\"SCHEMA\"" . ('SCHEMA' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strschemas']}</option>\n";
186			$default_html .= "\t<option value=\"TABLE\"" . ('TABLE' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strtables']}</option>\n";
187			$default_html .= "\t<option value=\"VIEW\"" . ('VIEW' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strviews']}</option>\n";
188			$default_html .= "\t<option value=\"SEQUENCE\"" . ('SEQUENCE' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strsequences']}</option>\n";
189			$default_html .= "\t<option value=\"COLUMN\"" . ('COLUMN' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strcolumns']}</option>\n";
190			$default_html .= "\t<option value=\"RULE\"" . ('RULE' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strrules']}</option>\n";
191			$default_html .= "\t<option value=\"INDEX\"" . ('INDEX' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strindexes']}</option>\n";
192			$default_html .= "\t<option value=\"TRIGGER\"" . ('TRIGGER' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strtriggers']}</option>\n";
193			$default_html .= "\t<option value=\"CONSTRAINT\"" . ('CONSTRAINT' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strconstraints']}</option>\n";
194			$default_html .= "\t<option value=\"FUNCTION\"" . ('FUNCTION' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strfunctions']}</option>\n";
195			$default_html .= "\t<option value=\"DOMAIN\"" . ('DOMAIN' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strdomains']}</option>\n";
196			if ($this->conf['show_advanced']) {
197			$default_html .= "\t<option value=\"AGGREGATE\"" . ('AGGREGATE' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['straggregates']}</option>\n";
198			$default_html .= "\t<option value=\"TYPE\"" . ('TYPE' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strtypes']}</option>\n";
199			$default_html .= "\t<option value=\"OPERATOR\"" . ('OPERATOR' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['stroperators']}</option>\n";
200			$default_html .= "\t<option value=\"OPCLASS\"" . ('OPCLASS' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['stropclasses']}</option>\n";
201			$default_html .= "\t<option value=\"CONVERSION\"" . ('CONVERSION' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strconversions']}</option>\n";
202			$default_html .= "\t<option value=\"LANGUAGE\"" . ('LANGUAGE' == $_REQUEST['filter'] ? ' selected="selected" ' : '') . ">{$lang['strlanguages']}</option>\n";
203			}
204			$default_html .= "</select>\n";
205
206			$default_html .= "<input type=\"submit\" value=\"{$lang['strfind']}\" />\n";
207			$default_html .= "<input type=\"hidden\" name=\"action\" value=\"find\" /></p>\n";
208			$default_html .= "</form>\n";
209
210			// Default focus
211			$this->setFocus('forms[0].term');
212
213			return $default_html;
214			}
215			}
216

HuasoFoundries / phpPgAdmin6

Push — master ( 442876...4ec1bc )

src/controllers/SqleditController.php (4 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like