From: Jehan-Guillaume (ioguix) de Rorthais Date: Thu, 29 Dec 2011 19:10:15 +0000 (+0100) Subject: Fix bug #3429633 '"Back" link from "Browse" leads to error' X-Git-Tag: REL_5-0-4~10 X-Git-Url: http://git.postgresql.org/gitweb/static/gitweb.js?a=commitdiff_plain;h=18ae4fb7e1ff62da9cc98d9237431db72107033f;p=phppgadmin.git Fix bug #3429633 '"Back" link from "Browse" leads to error' The old design did not allow to escaped things properly without breaking the return URL. Moreover, it raised some bug as well when the return URL was too long, hitting the GET max length limit. This patch remove the old architecture and introduce the new "return" GET parameter that only holds the name of the section we want to go back. --- diff --git a/classes/Misc.php b/classes/Misc.php index 96101977..d90b7b63 100644 --- a/classes/Misc.php +++ b/classes/Misc.php @@ -49,6 +49,166 @@ return htmlentities($href); } + function getHREFSubject($subject) { + + $vars = array(); + + switch($subject) { + case 'root': + return 'redirect.php?subject=root'; + break; + case 'server': + $vars = array ( + 'server' => $_REQUEST['server'], + 'subject' => 'server' + ); + break; + case 'report': + return 'reports.php?'. http_build_query(array( + 'server' => $_REQUEST['server'], + 'subject' => 'report', + 'report' => $_REQUEST['report'] + ), '', '&'); + break; + case 'role': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'role', + 'action' => 'properties', + 'rolename' => $_REQUEST['rolename'] + ); + break; + case 'database': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'database', + 'database' => $_REQUEST['database'], + ); + break; + case 'schema': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'schema', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'] + ); + break; + case 'slony_cluster': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'slony_cluster', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'slony_cluster' => $_REQUEST['slony_cluster'] + ); + break; + case 'table': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'table', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'table' => $_REQUEST['table'] + ); + break; + case 'selectrows': + return 'tables.php?'. http_build_query(array( + 'server' => $_REQUEST['server'], + 'subject' => 'table', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'table' => $_REQUEST['table'], + 'action' => 'confselectrows' + ), '', '&'); + break; + case 'view': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'view', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'view' => $_REQUEST['view'] + ); + break; + case 'fulltext': + case 'ftscfg': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'fulltext', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'action' => 'viewconfig', + 'ftscfg' => $_REQUEST['ftscfg'] + ); + break; + case 'function': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'function', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'function' => $_REQUEST['function'], + 'function_oid' => $_REQUEST['function_oid'] + ); + break; + case 'aggregate': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'aggregate', + 'action' => 'properties', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'aggrname' => $_REQUEST['aggrname'], + 'aggrtype' => $_REQUEST['aggrtype'] + ); + break; + case 'slony_node': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'slony_cluster', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'no_id' => $_REQUEST['no_id'], + 'no_name' => $_REQUEST['no_name'] + ); + break; + case 'slony_set': + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'slony_set', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'slony_set_id' => $_REQUEST['slony_set'], + 'slony_set' => $_REQUEST['slony_set'] + ); + break; + case 'column': + if (isset($_REQUEST['table'])) + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'column', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'table' => $_REQUEST['table'], + 'column' => $_REQUEST['column'] + ); + else + $vars = array( + 'server' => $_REQUEST['server'], + 'subject' => 'column', + 'database' => $_REQUEST['database'], + 'schema' => $_REQUEST['schema'], + 'view' => $_REQUEST['view'], + 'column' => $_REQUEST['column'] + ); + break; + default: + return false; + } + + return 'redirect.php?'. http_build_query($vars, '', '&'); + } + /** * Sets the form tracking variable */ @@ -1192,7 +1352,7 @@ $crumblink = "printVal($crumb['url'], 'nbsp') . '"'; + $crumblink .= " href=\"{$crumb['url']}\""; if (isset($crumb['title'])) $crumblink .= " title=\"{$crumb['title']}\""; @@ -1241,12 +1401,11 @@ if ($subject == 'root') $done = true; if (!$done) { - $vars = 'server='.urlencode($_REQUEST['server']).'&'; $server_info = $this->getServerInfo(); $trail['server'] = array( 'title' => $lang['strserver'], 'text' => $server_info['desc'], - 'url' => "redirect.php?subject=server&{$vars}", + 'url' => $this->getHREFSubject('server'), 'help' => 'pg.server', 'icon' => 'Server' ); @@ -1254,30 +1413,27 @@ if ($subject == 'server') $done = true; if (isset($_REQUEST['report']) && !$done) { - $vars .= 'report='.urlencode($_REQUEST['report']).'&'; $trail['report'] = array( 'title' => $lang['strreport'], 'text' => $_REQUEST['report'], - 'url' => "reports.php?subject=report&{$vars}", + 'url' => $this->getHREFSubject('report'), 'icon' => 'Report' ); } if (isset($_REQUEST['database']) && !$done) { - $vars .= 'database='.urlencode($_REQUEST['database']).'&'; $trail['database'] = array( 'title' => $lang['strdatabase'], 'text' => $_REQUEST['database'], - 'url' => "redirect.php?subject=database&{$vars}", + 'url' => $this->getHREFSubject('database'), 'help' => 'pg.database', 'icon' => 'Database' ); } elseif (isset($_REQUEST['rolename']) && !$done) { - $vars .= "subject=role&action=properties&rolename=".urlencode($_REQUEST['rolename']); $trail['role'] = array( 'title' => $lang['strrole'], 'text' => $_REQUEST['rolename'], - 'url' => "redirect.php?{$vars}", + 'url' => $this->getHREFSubject('role'), 'help' => 'pg.role', 'icon' => 'Roles' ); @@ -1285,11 +1441,10 @@ if ($subject == 'database' || $subject == 'role' || $subject == 'report') $done = true; if (isset($_REQUEST['schema']) && !$done) { - $vars .= 'schema='.urlencode($_REQUEST['schema']).'&'; $trail['schema'] = array( 'title' => $lang['strschema'], 'text' => $_REQUEST['schema'], - 'url' => "redirect.php?subject=schema&{$vars}", + 'url' => $this->getHREFSubject('schema'), 'help' => 'pg.schema', 'icon' => 'Schema' ); @@ -1297,11 +1452,10 @@ if ($subject == 'schema') $done = true; if (isset($_REQUEST['slony_cluster']) && !$done) { - $vars .= 'slony_cluster='.urlencode($_REQUEST['slony_cluster']).'&'; $trail['slony_cluster'] = array( 'title' => 'Slony Cluster', 'text' => $_REQUEST['slony_cluster'], - 'url' => "redirect.php?subject=slony_cluster&{$vars}", + 'url' => $this->getHREFSubject('slony_cluster'), 'help' => 'sl.cluster', 'icon' => 'Cluster' ); @@ -1309,29 +1463,26 @@ if ($subject == 'slony_cluster') $done = true; if (isset($_REQUEST['table']) && !$done) { - $vars .= "table=".urlencode($_REQUEST['table']); $trail['table'] = array( 'title' => $lang['strtable'], 'text' => $_REQUEST['table'], - 'url' => "redirect.php?subject=table&{$vars}", + 'url' => $this->getHREFSubject('table'), 'help' => 'pg.table', 'icon' => 'Table' ); } elseif (isset($_REQUEST['view']) && !$done) { - $vars .= "view=".urlencode($_REQUEST['view']); $trail['view'] = array( 'title' => $lang['strview'], 'text' => $_REQUEST['view'], - 'url' => "redirect.php?subject=view&{$vars}", + 'url' => $this->getHREFSubject('view'), 'help' => 'pg.view', 'icon' => 'View' ); } elseif (isset($_REQUEST['ftscfg']) && !$done) { - $vars .= "action=viewconfig&ftscfg=".urlencode($_REQUEST['ftscfg']); $trail['ftscfg'] = array( 'title' => $lang['strftsconfig'], 'text' => $_REQUEST['ftscfg'], - 'url' => "fulltext.php?{$vars}", + 'url' => $this->getHREFSubject('ftscfg'), 'help' => 'pg.ftscfg.example', 'icon' => 'Fts' ); @@ -1341,55 +1492,45 @@ if (!$done && !is_null($subject)) { switch ($subject) { case 'function': - $vars .= "{$subject}_oid=".urlencode($_REQUEST[$subject.'_oid']).'&'; - $vars .= "subject={$subject}&{$subject}=".urlencode($_REQUEST[$subject]); $trail[$subject] = array( 'title' => $lang['str'.$subject], 'text' => $_REQUEST[$subject], - 'url' => "redirect.php?{$vars}", + 'url' => $this->getHREFSubject('function'), 'help' => 'pg.function', 'icon' => 'Function' ); break; case 'aggregate': - $vars .= "subject=aggregate&action=properties&aggrname=".urlencode($_REQUEST['aggrname']); - $vars .= "&aggrtype=".urlencode($_REQUEST['aggrtype']); $trail[$subject] = array( 'title' => $lang['straggregate'], 'text' => $_REQUEST['aggrname'], - 'url' => "redirect.php?{$vars}", + 'url' => $this->getHREFSubject('aggregate'), 'help' => 'pg.aggregate', 'icon' => 'Aggregate' ); break; case 'slony_node': - $vars .= 'no_id='.urlencode($_REQUEST['no_id']).'&no_name='.urlencode($_REQUEST['no_name']); $trail[$subject] = array( 'title' => 'Slony Node', 'text' => $_REQUEST['no_name'], - 'url' => "redirect.php?{$vars}", 'help' => 'sl.'.$subject, 'icon' => 'Node' ); break; case 'slony_set': - $vars .= "{$subject}_id=".urlencode($_REQUEST[$subject]).'&'; - $vars .= "subject={$subject}&{$subject}=".urlencode($_REQUEST[$subject]); $trail[$subject] = array( 'title' => $lang['str'.$subject], 'text' => $_REQUEST[$subject], - 'url' => "redirect.php?{$vars}", 'help' => 'sl.'.$subject, 'icon' => 'AvailableReplicationSet' ); break; case 'column': - $vars .= "&column=". urlencode($_REQUEST['column']) ."&subject=column"; $trail['column'] = array ( 'title' => $lang['strcolumn'], 'text' => $_REQUEST['column'], 'icon' => 'Column', - 'url' => "redirect.php?{$vars}" + 'url' => $this->getHREFSubject('column') ); break; default: diff --git a/colproperties.php b/colproperties.php index 9aa7f729..c16ae900 100644 --- a/colproperties.php +++ b/colproperties.php @@ -240,30 +240,27 @@ $query_url = urlencode("SELECT \"{$f_attname}\", count(*) AS \"count\" FROM \"{$f_schema}\".\"{$f_table}\" GROUP BY \"{$f_attname}\" ORDER BY \"{$f_attname}\"") ; if ($isTable) { - $return_url = urlencode("colproperties.php?{$misc->href}&table=". urlencode($tableName) - ."&column=". urlencode($_REQUEST['column'])); - /* Browse link */ /* FIXME browsing a col should somehow be a action so we don't * send an ugly SQL in the URL */ echo "\t
  • href}&subject=column&table=", urlencode($_REQUEST['table']), "&column=", urlencode($_REQUEST['column']), - "&return_url={$return_url}&return_desc=", urlencode($lang['strback']), + "&return=column", "&query={$query_url}\">{$lang['strbrowse']}
    • \n"; /* Edit link */ echo "\t
  • href}&table=", urlencode($tableName), "&column=", urlencode($_REQUEST['column']) . "\">{$lang['stralter']}
    • \n"; - echo "\t
  • href}&table=", urlencode($tableName), - "&column=" . urlencode($_REQUEST['column']) . "\">{$lang['strdrop']}
    • \n"; + echo "\t
  • href}&table=", urlencode($tableName), + "&column=" . urlencode($_REQUEST['column']) . "\">{$lang['strdrop']}
    • \n"; } else { - $return_url = urlencode("colproperties.php?{$misc->href}&view=". urlencode($tableName) - ."&column=". urlencode($_REQUEST['column'])); /* Browse link */ - echo "\t
  • href}&subject=column&column=", - urlencode($_REQUEST['column']), "&return_url={$return_url}&return_desc=", urlencode($lang['strback']), + echo "\t
  • href}&subject=column&view=", + urlencode($_REQUEST['view']), + "&column=", urlencode($_REQUEST['column']), + "&return=column", "&query={$query_url}\">{$lang['strbrowse']}
    • \n"; } diff --git a/display.php b/display.php index b7a31ced..41bcfab0 100644 --- a/display.php +++ b/display.php @@ -5,8 +5,7 @@ * tables, reports, arbitrary queries, etc. to avoid code duplication. * @param $query The SQL SELECT string to execute * @param $count The same SQL query, but only retrieves the count of the rows (AS total) - * @param $return_url The return URL - * @param $return_desc The return link name + * @param $return The return section * @param $page The current page * * $Id: display.php,v 1.68 2008/04/14 12:44:27 ioguix Exp $ @@ -143,10 +142,8 @@ echo "\n"; if (isset($_REQUEST['count'])) echo "\n"; - if (isset($_REQUEST['return_url'])) - echo "\n"; - if (isset($_REQUEST['return_desc'])) - echo "\n"; + if (isset($_REQUEST['return'])) + echo "\n"; echo "\n"; echo "\n"; echo "\n"; @@ -206,10 +203,8 @@ echo "\n"; if (isset($_REQUEST['count'])) echo "\n"; - if (isset($_REQUEST['return_url'])) - echo "\n"; - if (isset($_REQUEST['return_desc'])) - echo "\n"; + if (isset($_REQUEST['return'])) + echo "\n"; echo "\n"; echo "\n"; echo "\n"; @@ -243,16 +238,7 @@ $constraints = $data->getConstraintsWithFields($_REQUEST['table']); if ($constraints->recordCount() > 0) { - /* build the common parts of the url for the FK */ - $fk_return_url = "{$misc->href}&subject=table&table=". urlencode($_REQUEST['table']); - if (isset($_REQUEST['page'])) $fk_return_url .= "&page=" . urlencode($_REQUEST['page']); - if (isset($_REQUEST['query'])) $fk_return_url .= "&query=" . urlencode($_REQUEST['query']); - if (isset($_REQUEST['search_path'])) $fk_return_url .= "&search_path=" . urlencode($_REQUEST['search_path']); - - /* yes, we double urlencode fk_return_url so parameters here don't - * overwrite real one when included in the final url */ - $fkey_information['common_url'] = $misc->getHREF('schema') .'&subject=table&return_url=display.php?' - . urlencode($fk_return_url) .'&return_desc='. urlencode($lang['strback']); + $fkey_information['common_url'] = $misc->getHREF('schema') .'&subject=table'; /* build the FK constraints data structure */ while (!$constraints->EOF) { @@ -492,8 +478,7 @@ if (isset($_REQUEST['query'])) $gets .= "&query=" . urlencode($_REQUEST['query']); if (isset($_REQUEST['report'])) $gets .= "&report=" . urlencode($_REQUEST['report']); if (isset($_REQUEST['count'])) $gets .= "&count=" . urlencode($_REQUEST['count']); - if (isset($_REQUEST['return_url'])) $gets .= "&return_url=" . urlencode($_REQUEST['return_url']); - if (isset($_REQUEST['return_desc'])) $gets .= "&return_desc=" . urlencode($_REQUEST['return_desc']); + if (isset($_REQUEST['return'])) $gets .= "&return=" . urlencode($_REQUEST['return']); if (isset($_REQUEST['search_path'])) $gets .= "&search_path=" . urlencode($_REQUEST['search_path']); if (isset($_REQUEST['table'])) $gets .= "&table=" . urlencode($_REQUEST['table']); @@ -577,8 +562,12 @@ echo "