Remove support for target URL param for FAQ 1.34

Use the route parameter instead. https://docs.phpmyadmin.net/en/latest/faq.html#faq1-34 Signed-off-by: Maurício Meneghini Fauth <[email protected]>
LordRobinCbz · Aug 26, 2019 · 4077c61 · 4077c61
1 parent 7de7069
commit 4077c61
Show file tree

Hide file tree

Showing 6 changed files with 46 additions and 97 deletions.
diff --git a/doc/faq.rst b/doc/faq.rst
@@ -493,6 +493,11 @@ forget to change directory name inside of it):
 
 .. seealso:: :ref:`faq4_8`
 
+.. versionchanged:: 5.1.0
+
+    Support for using the ``target`` parameter was removed in phpMyAdmin 5.1.0.
+    Use the ``route`` parameter instead.
+
 .. _faq1_35:
 
 1.35 Can I use HTTP authentication with Apache CGI?

diff --git a/index.php b/index.php
@@ -8,7 +8,6 @@
 declare(strict_types=1);
 
 use FastRoute\Dispatcher;
-use PhpMyAdmin\Core;
 use PhpMyAdmin\Message;
 
 use function FastRoute\simpleDispatcher;
@@ -17,69 +16,38 @@
     define('ROOT_PATH', __DIR__ . DIRECTORY_SEPARATOR);
 }
 
+global $route;
+
 require_once ROOT_PATH . 'libraries/common.inc.php';
 
-$route = $_GET['route'] ?? $_POST['route'] ?? null;
+/** @var string $route */
+$route = $_GET['route'] ?? $_POST['route'] ?? '/';
 
 /**
  * See FAQ 1.34.
  * @see https://docs.phpmyadmin.net/en/latest/faq.html#faq1-34
  */
-if ($route === null && isset($_GET['db']) && mb_strlen($_GET['db']) !== 0) {
+if (($route === '/' || $route === '') && isset($_GET['db']) && mb_strlen($_GET['db']) !== 0) {
     $route = '/database/structure';
     if (isset($_GET['table']) && mb_strlen($_GET['table']) !== 0) {
         $route = '/sql';
     }
 }
 
-if ($route !== null) {
-    $routes = require ROOT_PATH . 'libraries/routes.php';
-    $dispatcher = simpleDispatcher($routes);
-    $routeInfo = $dispatcher->dispatch(
-        $_SERVER['REQUEST_METHOD'],
-        rawurldecode($route)
-    );
-    if ($routeInfo[0] === Dispatcher::NOT_FOUND) {
-        Message::error(sprintf(
-            __('Error 404! The page %s was not found.'),
-            '<code>' . ($route) . '</code>'
-        ))->display();
-        exit;
-    } elseif ($routeInfo[0] === Dispatcher::METHOD_NOT_ALLOWED) {
-        Message::error(__('Error 405! Request method not allowed.'))->display();
-        exit;
-    } elseif ($routeInfo[0] === Dispatcher::FOUND) {
-        $handler = $routeInfo[1];
-        $handler($routeInfo[2]);
-        exit;
-    }
-}
-
-/**
- * pass variables to child pages
- */
-$drops = [
-    'lang',
-    'server',
-    'collation_connection',
-    'db',
-    'table',
-];
-foreach ($drops as $each_drop) {
-    if (array_key_exists($each_drop, $_GET)) {
-        unset($_GET[$each_drop]);
-    }
-}
-unset($drops, $each_drop);
-
-// If we have a valid target, let's load that script instead
-if (! empty($_REQUEST['target'])
-    && is_string($_REQUEST['target'])
-    && 0 !== strpos($_REQUEST['target'], "index")
-    && Core::checkPageValidity($_REQUEST['target'], [], true)
-) {
-    include ROOT_PATH . $_REQUEST['target'];
-    exit;
+$routes = require ROOT_PATH . 'libraries/routes.php';
+$dispatcher = simpleDispatcher($routes);
+$routeInfo = $dispatcher->dispatch(
+    $_SERVER['REQUEST_METHOD'],
+    rawurldecode($route)
+);
+if ($routeInfo[0] === Dispatcher::NOT_FOUND) {
+    Message::error(sprintf(
+        __('Error 404! The page %s was not found.'),
+        '<code>' . ($route) . '</code>'
+    ))->display();
+} elseif ($routeInfo[0] === Dispatcher::METHOD_NOT_ALLOWED) {
+    Message::error(__('Error 405! Request method not allowed.'))->display();
+} elseif ($routeInfo[0] === Dispatcher::FOUND) {
+    $handler = $routeInfo[1];
+    $handler($routeInfo[2]);
 }
-
-require_once ROOT_PATH . 'libraries/entry_points/home.php';
diff --git a/libraries/classes/Footer.php b/libraries/classes/Footer.php
@@ -155,20 +155,19 @@ public function getDebugMessage(): string
      */
     public function getSelfUrl(): string
     {
+        global $route, $db, $table, $server;
+
         $params = [];
-        if (isset($_GET['route']) || isset($_POST['route'])) {
-            $params['route'] = $_GET['route'] ?? $_POST['route'];
-        }
-        if (isset($GLOBALS['db']) && strlen($GLOBALS['db']) > 0) {
-            $params['db'] = $GLOBALS['db'];
+        if (isset($route)) {
+            $params['route'] = $route;
         }
-        if (isset($GLOBALS['table']) && strlen($GLOBALS['table']) > 0) {
-            $params['table'] = $GLOBALS['table'];
+        if (isset($db) && strlen($db) > 0) {
+            $params['db'] = $db;
         }
-        $params['server'] = $GLOBALS['server'];
-        if (isset($_REQUEST['target']) && strlen($_REQUEST['target']) > 0) {
-            $params['target'] = $_REQUEST['target'];
+        if (isset($table) && strlen($table) > 0) {
+            $params['table'] = $table;
         }
+        $params['server'] = $server;
 
         // needed for server privileges tabs
         if (isset($_GET['viewing_mode'])

diff --git a/libraries/classes/Plugins/Auth/AuthenticationCookie.php b/libraries/classes/Plugins/Auth/AuthenticationCookie.php
@@ -25,16 +25,6 @@
 use phpseclib\Crypt\Random;
 use ReCaptcha;
 
-/**
- * Remember where to redirect the user
- * in case of an expired session.
- */
-if (! empty($_REQUEST['target'])) {
-    $GLOBALS['target'] = $_REQUEST['target'];
-} elseif (Core::getenv('SCRIPT_NAME')) {
-    $GLOBALS['target'] = basename(Core::getenv('SCRIPT_NAME'));
-}
-
 /**
  * Handles the cookie authentication method
  *
@@ -84,7 +74,7 @@ public function setUseOpenSSL($use)
      */
     public function showLoginForm()
     {
-        global $conn_error;
+        global $conn_error, $route;
 
         $response = Response::getInstance();
 
@@ -170,8 +160,8 @@ public function showLoginForm()
         }
 
         $_form_params = [];
-        if (! empty($GLOBALS['target'])) {
-            $_form_params['target'] = $GLOBALS['target'];
+        if (isset($route)) {
+            $_form_params['route'] = $route;
         }
         if (strlen($GLOBALS['db'])) {
             $_form_params['db'] = $GLOBALS['db'];
@@ -450,9 +440,10 @@ public function storeCredentials()
      */
     public function rememberCredentials()
     {
+        global $route;
+
         // Name and password cookies need to be refreshed each time
         // Duration = one month for username
-
         $this->storeUsernameCookie($this->user);
 
         // Duration = as configured
@@ -461,23 +452,18 @@ public function rememberCredentials()
         if (! isset($_POST['change_pw'])) {
             $this->storePasswordCookie($this->password);
         }
-        // URL where to go:
-        $redirect_url = './index.php';
 
         // any parameters to pass?
         $url_params = [];
+        if (isset($route)) {
+            $url_params['route'] = $route;
+        }
         if (strlen($GLOBALS['db']) > 0) {
             $url_params['db'] = $GLOBALS['db'];
         }
         if (strlen($GLOBALS['table']) > 0) {
             $url_params['table'] = $GLOBALS['table'];
         }
-        // any target to pass?
-        if (! empty($GLOBALS['target'])
-            && $GLOBALS['target'] != 'index.php'
-        ) {
-            $url_params['target'] = $GLOBALS['target'];
-        }
 
         // user logged in successfully after session expiration
         if (isset($_REQUEST['session_timedout'])) {
@@ -514,7 +500,7 @@ public function rememberCredentials()
                 ->disable();
 
             Core::sendHeaderLocation(
-                $redirect_url . Url::getCommonRaw($url_params),
+                './index.php' . Url::getCommonRaw($url_params),
                 true
             );
             if (! defined('TESTSUITE')) {

diff --git a/test/classes/FooterTest.php b/test/classes/FooterTest.php
@@ -150,16 +150,14 @@ public function testRemoveRecursion()
      */
     public function testGetSelfLink()
     {
-
         $GLOBALS['cfg']['TabsMode'] = 'text';
         $GLOBALS['cfg']['ServerDefault'] = 1;
         $GLOBALS['db'] = 'db';
         $GLOBALS['table'] = 'table';
-        $_REQUEST['target'] = 'target';
 
         $this->assertEquals(
             '<div id="selflink" class="print_ignore"><a href="index.php?db=db&amp;'
-            . 'table=table&amp;server=1&amp;target=target&amp;lang=en'
+            . 'table=table&amp;server=1&amp;lang=en'
             . '" title="Open new phpMyAdmin window" '
             . 'target="_blank" rel="noopener noreferrer">Open new phpMyAdmin window</a></div>',
             $this->_callPrivateFunction(
@@ -204,8 +202,7 @@ public function testGetSelfLinkWithImage()
      */
     public function testGetSelfLinkWithRoute()
     {
-        $_GET['route'] = '/test';
-
+        $GLOBALS['route'] = '/test';
         $GLOBALS['cfg']['TabsMode'] = 'text';
         $GLOBALS['cfg']['ServerDefault'] = 1;
 

diff --git a/test/classes/Plugins/Auth/AuthenticationCookieTest.php b/test/classes/Plugins/Auth/AuthenticationCookieTest.php
@@ -198,7 +198,6 @@ public function testAuthError()
         $GLOBALS['cfg']['AllowArbitraryServer'] = true;
         $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = '';
         $GLOBALS['cfg']['CaptchaLoginPublicKey'] = '';
-        $GLOBALS['target'] = 'testTarget';
         $GLOBALS['db'] = 'testDb';
         $GLOBALS['table'] = 'testTable';
         $GLOBALS['cfg']['Servers'] = [1, 2];
@@ -251,11 +250,6 @@ public function testAuthError()
             $result
         );
 
-        $this->assertStringContainsString(
-            '<input type="hidden" name="target" value="testTarget">',
-            $result
-        );
-
         $this->assertStringContainsString(
             '<input type="hidden" name="db" value="testDb">',
             $result